diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md deleted file mode 100644 index 956aa34a1f..0000000000 --- a/devices/hololens/TOC.md +++ /dev/null @@ -1,77 +0,0 @@ -# [Microsoft HoloLens](index.md) - -# Get started with HoloLens 2 -## [HoloLens 2 hardware](hololens2-hardware.md) -## [Get your HoloLens 2 ready to use](hololens2-setup.md) -## [Set up your HoloLens 2](hololens2-start.md) -## [HoloLens 2 fit and comfort FAQ](hololens2-fit-comfort-faq.md) -## [HoloLens 2 cleaning FAQ](hololens2-maintenance.md) -## [Supported languages for HoloLens 2](hololens2-language-support.md) -## [Getting around HoloLens 2](hololens2-basic-usage.md) - -# Get started with HoloLens (1st gen) -## [HoloLens (1st gen) hardware](hololens1-hardware.md) -## [Get your HoloLens (1st gen) ready to use](hololens1-setup.md) -## [Set up your HoloLens (1st gen)](hololens1-start.md) -## [HoloLens (1st gen) fit and comfort FAQ](hololens1-fit-comfort-faq.md) -## [Install localized version of HoloLens (1st gen)](hololens1-install-localized.md) -## [Getting around HoloLens (1st gen)](hololens1-basic-usage.md) -## [HoloLens (1st Gen) release notes](hololens1-release-notes.md) - -# Deploy HoloLens and mixed reality apps in commercial environments -## [Commercial features](hololens-commercial-features.md) -## [Deploy HoloLens in a commercial environment](hololens-requirements.md) -## [Determine what licenses you need](hololens-licenses-requirements.md) -## [Configure your network for HoloLens](hololens-commercial-infrastructure.md) -## [Unlock Windows Holographic for Business features](hololens1-upgrade-enterprise.md) -## [Use a provisioning package to configure HoloLens](hololens-provisioning.md) -## [Enroll HoloLens in MDM](hololens-enroll-mdm.md) -## [Manage HoloLens updates](hololens-updates.md) -## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) - -# Navigate the Windows Holographic environment -## [Use the Start menu and mixed reality home](holographic-home.md) -## [Use your voice to operate HoloLens](hololens-cortana.md) -## [Find, open, and save files](holographic-data.md) -## [Create mixed reality photos and videos](holographic-photos-and-videos.md) - -# Manage users and access -## [Manage user identity and sign-in for HoloLens](hololens-identity.md) -## [Share your HoloLens with multiple people](hololens-multiple-users.md) -## [Set up HoloLens as a kiosk](hololens-kiosk.md) - -# Holographic applications -## [Find, install, and uninstall applications](holographic-store-apps.md) -## [Manage custom apps for HoloLens](holographic-custom-apps.md) - -# Accessories and connectivity -## [Connect to Bluetooth and USB-C devices](hololens-connect-devices.md) -## [Use the HoloLens (1st gen) clicker](hololens1-clicker.md) -## [Connect to a network](hololens-network.md) -## [Manage connection endpoints for HoloLens](hololens-offline.md) - -# Hologram optics and placement in space -## [Improve visual quality and comfort](hololens-calibration.md) -## [Environment considerations for HoloLens](hololens-environment-considerations.md) -## [Map physical spaces with HoloLens](hololens-spaces.md) - -# Update, troubleshoot, or recover HoloLens -## [Update HoloLens](hololens-update-hololens.md) -## [Restart, reset, or recover HoloLens 2](hololens-recovery.md) -## [Restart, reset, or recover HoloLens (1st gen) ](hololens1-recovery.md) -## [Troubleshoot HoloLens issues](hololens-troubleshooting.md) -## [Collect diagnostic information from HoloLens devices](hololens-diagnostic-logs.md) -## [Known issues for HoloLens](hololens-known-issues.md) -## [Frequently asked questions](hololens-faq.md) -## [Frequently asked security questions](hololens-faq-security.md) -## [Status of the HoloLens services](hololens-status.md) -## [Get support](https://support.microsoft.com/supportforbusiness/productselection?sapid=e9391227-fa6d-927b-0fff-f96288631b8f) - -# Resources -## [Use 3D Viewer on HoloLens (1st gen)](holographic-3d-viewer-beta.md) -## [Windows Autopilot for HoloLens 2 evaluation guide](hololens2-autopilot.md) - -# [HoloLens 2 release notes](hololens-release-notes.md) -# [Give us feedback](hololens-feedback.md) -# [Insider preview for Microsoft HoloLens](hololens-insider.md) -# [Change history for Microsoft HoloLens documentation](change-history-hololens.md) diff --git a/devices/hololens/breadcrumb/toc.yml b/devices/hololens/breadcrumb/toc.yml deleted file mode 100644 index 2ac60b3585..0000000000 --- a/devices/hololens/breadcrumb/toc.yml +++ /dev/null @@ -1,7 +0,0 @@ -- name: Docs - tocHref: / - topicHref: / - items: - - name: Hololens - tocHref: /hololens - topicHref: /hololens/index \ No newline at end of file diff --git a/devices/hololens/change-history-hololens.md b/devices/hololens/change-history-hololens.md deleted file mode 100644 index f4655eaebf..0000000000 --- a/devices/hololens/change-history-hololens.md +++ /dev/null @@ -1,96 +0,0 @@ ---- -title: Change history for Microsoft HoloLens documentation -ms.reviewer: -manager: laurawi -description: This topic lists new and updated topics for HoloLens. -keywords: change history -ms.prod: hololens -ms.mktglfcycl: manage -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.localizationpriority: medium ---- - -# Change history for Microsoft HoloLens documentation - -This topic lists new and updated topics in the [Microsoft HoloLens documentation](index.md). - -## Windows 10 Holographic, version 2004 - -The topics in this library have been updated for Windows 10 Holographic, version 2004. - -## HoloLens 2 - -The topics in this library have been updated for HoloLens 2 and Windows 10 Holographic, version 1903. - -## April 2019 - -New or changed topic | Description ---- | --- -[Restore HoloLens 2 using Advanced Recovery Companion](hololens-recovery.md) | New - -## November 2018 - -New or changed topic | Description ---- | --- -[How HoloLens stores data for spaces](hololens-spaces.md) | New - -## Windows 10 Holographic for Business, version 1809 - -The topics in this library have been updated for Windows 10 Holographic for Business, version 1809. - - -## October 2018 - -New or changed topic | Description ---- | --- -[Preview new mixed reality apps for HoloLens](hololens-public-preview-apps.md) | Removed, and redirected to [Mixed reality apps](https://docs.microsoft.com/dynamics365/#pivot=mixed-reality-apps) -[Microsoft Remote Assist app](hololens-microsoft-remote-assist-app.md) | Removed, and redirected to [Overview of Dynamics 365 Remote Assist](https://docs.microsoft.com/dynamics365/mixed-reality/remote-assist/) -[Microsoft Dynamics 365 Layout app](hololens-microsoft-dynamics-365-layout-app.md) | Removed, and redirected to [Overview of Dynamics 365 Layout](https://docs.microsoft.com/dynamics365/mixed-reality/layout/) -[Insider preview for Microsoft HoloLens](hololens-insider.md) | Added instructions for opting out of Insider builds. - - -## July 2018 - -New or changed topic | Description ---- | --- -Insider preview for Microsoft HoloLens | New (topic retired on release of Windows 10, version 1809) - - -## May 2018 - -New or changed topic | Description ---- | --- -[Preview new mixed reality apps for HoloLens](hololens-public-preview-apps.md) | New -[Microsoft Remote Assist app](hololens-microsoft-remote-assist-app.md) | New -[Microsoft Layout app](hololens-microsoft-layout-app.md) | New -[Set up HoloLens in kiosk mode](hololens-kiosk.md) | Added instructions for setting up a guest account for kiosk mode. - -## Windows 10 Holographic for Business, version 1803 - -The topics in this library have been updated for Windows 10 Holographic for Business, version 1803. The following new topics have been added: - -- [What's new in Microsoft HoloLens](hololens-whats-new.md) -- [Manage updates to HoloLens](hololens-updates.md) -- [Share HoloLens with multiple people](hololens-multiple-users.md) - - -## February 2018 - -New or changed topic | Description ---- | --- -[Unlock Windows Holographic for Business features](hololens1-upgrade-enterprise.md) | Replaced the instructions for upgrading to Windows Holographic for Business using Microsoft Intune with a link to the new Intune topic. - -## December 2017 - -New or changed topic | Description ---- | --- -[Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) | New - -## January 2017 - -| New or changed topic | Description | -| --- | --- | -| All topics | Changed all references from **Windows Holographic Enterprise** to **Windows Holographic for Business** | diff --git a/devices/hololens/holographic-3d-viewer-beta.md b/devices/hololens/holographic-3d-viewer-beta.md deleted file mode 100644 index dd46dd8371..0000000000 --- a/devices/hololens/holographic-3d-viewer-beta.md +++ /dev/null @@ -1,205 +0,0 @@ ---- -title: Using 3D Viewer on HoloLens (1st gen) -description: Describes the types of files and features that 3D Viewer on HoloLens (1st gen) supports, and how to use and troubleshoot the app. -ms.prod: hololens -ms.sitesec: library -author: Teresa-Motiv -ms.author: v-tea -ms.topic: article -ms.localizationpriority: high -ms.date: 10/30/2019 -ms.reviewer: scooley -audience: ITPro -manager: jarrettr -appliesto: -- HoloLens (1st gen) ---- - -# Using 3D Viewer on HoloLens (1st gen) - -3D Viewer lets you view 3D models on HoloLens (1st gen). You can open and view *supported* .fbx files from Microsoft Edge, OneDrive, and other apps. - ->[!NOTE] ->This article applies to the immersive Unity **3D Viewer** app, which supports .fbx files and is only available on HoloLens (1st gen). The pre-installed **3D Viewer** app on HoloLens 2 supports opening custom .glb 3D models in the mixed reality home (see [Asset requirements overview](https://docs.microsoft.com/windows/mixed-reality/creating-3d-models-for-use-in-the-windows-mixed-reality-home#asset-requirements-overview) for more details. - -If you're having trouble opening a 3D model in 3D Viewer, or certain features of your 3D model are unsupported, see [Supported content specifications](#supported-content-specifications). - -To build or optimize 3D models for use with 3D Viewer, see [Optimizing 3D models for 3D Viewer](#optimizing-3d-models-for-3d-viewer). - -There are two ways to open a 3D model on HoloLens. See [Viewing FBX files on HoloLens](#viewing-fbx-files-on-hololens) to learn more. - -If you're having trouble after reading these topics, see [Troubleshooting](#troubleshooting). - -## Supported content specifications - -### File format - -- FBX format -- Maximum FBX release 2015.1.0 - -### File size - -- Minimum 5 KB -- Maximum 500 MB - -### Geometry - -- Polygonal models only. No subdivision surfaces or NURBs -- Right-handed coordinate system -- Shear in transformation matrices is not supported - -### Textures - -- Texture maps must be embedded in the FBX file -- Supported image formats - - JPEG and PNG images - - BMP images (24-bit RGB true-color) - - TGA images (24-bit RGB and 32-bit RGBQ true-color) -- Maximum texture resolution of 2048x2048 -- Maximum of one diffuse map, one normal map, and one reflection cube map per mesh -- Alpha channel in diffuse textures causes pixels to be discarded if below 50% - -### Animation - -- Scale/rotation/translation animation on individual objects -- Skeletal (rigged) animation with skinning - - Maximum of 4 influences per vertex - -### Materials - -- Lambert and Phong materials are supported, with adjustable parameters -- Supported material properties for Lambert - - Main Texture (RGB + Alpha Test) - - Diffuse Color (RGB) - - Ambient Color (RGB) -- Supported material properties for Phong - - Main Texture (RGB + Alpha Test) - - Diffuse Color (RGB) - - Ambient Color (RGB) - - Specular Color (RGB) - - Shininess - - Reflectivity -- Custom materials are not supported -- Maximum of one material per mesh -- Maximum of one material layer -- Maximum of 8 materials per file - -### File and model limitations - -There are hard limits on the size of files, as well as the number of models, vertices, and meshes that can be open simultaneously in 3D Viewer: - -- 500 MB maximum file size per model -- Vertices: 600,000 combined on all open models -- Meshes: 1,600 combined on all open models -- Maximum of 40 models open at one time - -## Optimizing 3D models for 3D Viewer - -### Special considerations - -- Avoid black materials or black areas in texture maps. Holograms are made of light, thus HoloLens renders black (the absence of light) as transparent. -- Before exporting to FBX from your creation tool, ensure all geometry is visible and unlocked and no layers that contain geometry are turned off or templated. Visibility is not respected. -- Avoid very large translation offsets between nodes (for example, 100,000 units). This can cause the model to jitter while being moved/scaled/rotated. - -### Performance optimization - -Keep performance in mind while authoring content and validate in the 3D Viewer app on HoloLens during the authoring process for best results. 3D Viewer renders content real-time and performance is subject to HoloLens hardware capabilities. - -There are many variables in a 3D model that can impact performance. 3D Viewer will show a warning on load if there are more than 150,000 vertices or more than 400 meshes. Animations can have an impact on the performance of other open models. There are also hard limits on the total number models, vertices, and meshes that can be open simultaneously in 3D Viewer (see [File and model limitations](#file-and-model-limitations)). - -If the 3D model isn't running well due to model complexity, consider: - -- Reducing polygon count -- Reducing number of bones in rigged animation -- Avoiding self-occlusion - -Double-sided rendering is supported in 3D Viewer, although it is turned off by default for performance reasons. This can be turned on via the **Double Sided** button on the **Details** page. For best performance, avoid the need for double-sided rendering in your content. - -### Validating your 3D model - -Validate your model by opening it in 3D Viewer on HoloLens. Select the **Details** button to view your model's characteristics and warnings of unsupported content (if present). - -### Rendering 3D models with true-to-life dimensions - -By default, 3D Viewer displays 3D models at a comfortable size and position relative to the user. However, if rendering a 3D model with true-to-life measurements is important (for example, when evaluating furniture models in a room), the content creator can set a flag within the file's metadata to prevent resizing of that model by both the application and the user. - -To prevent scaling of the model, add a Boolean custom attribute to any object in the scene named Microsoft_DisableScale and set it to true. 3D Viewer will then respect the FbxSystemUnit information baked into the FBX file. Scale in 3D Viewer is 1 meter per FBX unit. - -## Viewing FBX files on HoloLens - -### Open an FBX file from Microsoft Edge - -FBX files can be opened directly from a website using Microsoft Edge on HoloLens. - -1. In Microsoft Edge, navigate to the webpage containing the FBX file you want to view. -1. Select the file to download it. -1. When the download is complete, select the **Open** button in Microsoft Edge to open the file in 3D Viewer. - -The downloaded file can be accessed and opened again later by using Downloads in Microsoft Edge. To save a 3D model and ensure continued access, download the file on your PC and save it to your OneDrive account. The file can then be opened from the OneDrive app on HoloLens. - -> [!NOTE] -> Some websites with downloadable FBX models provide them in compressed ZIP format. 3D Viewer cannot open ZIP files directly. Instead, use your PC to extract the FBX file and save it to your OneDrive account. The file can then be opened from the OneDrive app on HoloLens. - -### Open an FBX file from OneDrive - -FBX files can be opened from OneDrive by using the OneDrive app on HoloLens. Be sure you've installed OneDrive using Microsoft Store app on HoloLens and that you've already uploaded the FBX file to OneDrive on your PC. - -Once in OneDrive, FBX files can be opened on HoloLens using 3D Viewer in one of two ways: - -- Launch OneDrive on HoloLens and select the FBX file to open it in 3D Viewer. -- Launch 3D Viewer, air tap to show the toolbar, and select **Open File**. OneDrive will launch, allowing you to select an FBX file. - -## Troubleshooting - -### I see a warning when I open a 3D model - -You will see a warning if you attempt to open a 3D model that contains features that are not supported by 3D Viewer, or if the model is too complex and performance may be affected. 3D Viewer will still load the 3D model, but performance or visual fidelity may be compromised. - -For more info, see [Supported content specifications](#supported-content-specifications) and [Optimizing 3D models for 3D Viewer](#optimizing-3d-models-for-3d-viewer). - -### I see a warning and the 3D model doesn't load - -You will see an error message when 3D Viewer cannot load a 3D model due to complexity or file size, or if the FBX file is corrupt or invalid. You will also see an error message if you have reached the limit on the total number of models, vertices, or meshes that can be open simultaneously. - -For more info, see [Supported content specifications](#supported-content-specifications) and [File and model limitations](#file-and-model-limitations). - -If you feel your model meets the supported content specifications and has not exceeded the file or model limitations, you may send your FBX file to the 3D Viewer team at holoapps@microsoft.com. We are not able to respond personally, but having examples of files that do not load properly will help our team improve on future versions of the app. - -### My 3D model loads, but does not appear as expected - -If your 3D model does not look as expected in 3D Viewer, air tap to show the toolbar, then select **Details**. Aspects of the file which are not supported by 3D Viewer will be highlighted as warnings. - -The most common issue you might see is missing textures, likely because they are not embedded in the FBX file. In this case, the model will appear white. This issue can be addressed in the creation process by exporting from your creation tool to FBX with the embed textures option selected. - -For more info, see [Supported content specifications](#supported-content-specifications) and [Optimizing 3D models for 3D Viewer](#optimizing-3d-models-for-3d-viewer). - -### I experience performance drops while viewing my 3D model - -Performance when loading and viewing a 3D model can be affected by the complexity of the model, number of models open simultaneously, or number of models with active animations. - -For more info, see [Optimizing 3D models for 3D Viewer](#optimizing-3d-models-for-3d-viewer) and [File and model limitations](#file-and-model-limitations). - -### When I open an FBX file on HoloLens, it doesn't open in 3D Viewer - -3D Viewer is automatically associated with the .fbx file extension when it is installed. - -If you try to open an FBX file and see a dialog box that directs you to Microsoft Store, you do not currently have an app associated with the .fbx file extension on HoloLens. - -Verify that 3D Viewer is installed. If it is not installed, download it from Microsoft Store on HoloLens. - -If 3D Viewer is already installed, launch 3D Viewer, then try opening the file again. If the issue persists, uninstall and reinstall 3D Viewer. This will re-associate the .fbx file extension with 3D Viewer. - -If attempting to open an FBX file opens an app other than 3D Viewer, that app was likely installed after 3D Viewer and has taken over association with the .fbx file extension. If you prefer 3D Viewer to be associated with the .fbx file extension, uninstall and reinstall 3D Viewer. - -### The Open File button in 3D Viewer doesn't launch an app - -The **Open File** button will open the app associated with the file picker function on HoloLens. If OneDrive is installed, the **Open File** button should launch OneDrive. However, if there is currently no app associated with the file picker function installed on HoloLens, you will be directed to Microsoft Store. - -If the **Open File** button launches an app other than OneDrive, that app was likely installed after OneDrive and has taken over association with the file picker function. If you prefer OneDrive to launch when selecting the **Open File** button in 3D Viewer, uninstall and reinstall OneDrive. - -If the **Open File** button is not active, it's possible that you have reached the limit of models that can be open in 3D Viewer at one time. If you have 40 models open in 3D Viewer, you will need to close some before you will be able to open additional models. - -## Additional resources - -- [Support forums](http://forums.hololens.com/categories/3d-viewer-beta) -- [Third-party notices](https://www.microsoft.com/{lang-locale}/legal/products) diff --git a/devices/hololens/holographic-custom-apps.md b/devices/hololens/holographic-custom-apps.md deleted file mode 100644 index 3cc01691d6..0000000000 --- a/devices/hololens/holographic-custom-apps.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: Manage custom apps for HoloLens -description: Side load custom apps on HoloLens. Learn more about installing, and uninstalling holographic apps. -ms.assetid: 6bd124c4-731c-4bcc-86c7-23f9b67ff616 -ms.date: 07/01/2019 -manager: v-miegge -keywords: hololens, sideload, side load, side-load, store, uwp, app, install -ms.prod: hololens -ms.sitesec: library -author: mattzmsft -ms.author: mazeller -ms.topic: article -ms.localizationpriority: medium -ms.custom: -- CI 111456 -- CSSTroubleshooting -appliesto: -- HoloLens (1st gen) -- HoloLens 2 ---- - -# Manage custom apps for HoloLens - -HoloLens supports many existing applications from the Microsoft Store, as well as new apps built specifically for HoloLens. This article focuses on custom holographic applications. - -For more information about store apps, see [Manage apps with the store](holographic-store-apps.md). - -## Install custom apps - -You can install your own applications on HoloLens either by using the Device Portal or by deploying the apps from Visual Studio. - -### Installing an application package with the Device Portal - -1. Establish a connection from [Device Portal](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal) to the target HoloLens. -1. In the left navigation, navigate to the **Apps** page . -1. Under **App Package** browse to the .appx file that is associated with your application. - > [!IMPORTANT] - > Make sure to reference any associated dependency and certificate files. - -1. Select **Go**. - ![Install app form in Windows Device Portal on Microsoft HoloLens](images/deviceportal-appmanager.jpg) - -### Deploying from Microsoft Visual Studio 2015 - -1. Open your app's Visual Studio solution (.sln file). -1. Open the project's **Properties**. -1. Select the following build configuration: **Master/x86/Remote Machine**. -1. When you select **Remote Machine**: - - Make sure the address points to the Wi-Fi IP address of your HoloLens. - - Set authentication to **Universal (Unencrypted Protocol)**. -1. Build your solution. -1. To deploy the app from your development PC to your HoloLens, select **Remote Machine**. If you already have an existing build on the HoloLens, select **Yes** to install this newer version. - - ![Remote Machine deployment for apps to Microsoft HoloLens in Visual Studio](images/vs2015-remotedeployment.jpg) -1. The application will install and auto launch on your HoloLens. - -After you've installed an app, you'll find it in the **All apps** list​ (**Start** > **All apps**). diff --git a/devices/hololens/holographic-data.md b/devices/hololens/holographic-data.md deleted file mode 100644 index 1f28c4fac9..0000000000 --- a/devices/hololens/holographic-data.md +++ /dev/null @@ -1,100 +0,0 @@ ---- -title: Find and save files on HoloLens -description: Use File Explorer on HoloLens to view and manage files on your device -keywords: how-to, file picker, files, photos, videos, pictures, OneDrive, storage, file explorer -ms.assetid: 77d2e357-f65f-43c8-b62f-6cd9bf37070a -author: mattzmsft -ms.author: mazeller -manager: v-miegge -ms.reviewer: jarrettrenshaw -ms.date: 12/30/2019 -keywords: hololens -ms.prod: hololens -ms.sitesec: library -ms.topic: article -audience: ITPro -ms.localizationpriority: medium -appliesto: -- HoloLens (1st gen) -- HoloLens 2 ---- - -# Find, open, and save files on HoloLens - -Files you create on HoloLens, including photos and videos, are saved directly to your HoloLens device. View and manage them in the same way you would manage files on Windows 10: - -- Using the File Explorer app to access local folders. -- Within an app's storage. -- In a special folder (such as the video or music library). -- Using a storage service that includes an app and file picker (such as OneDrive). -- Using a desktop PC connected to your HoloLens by using a USB cable, using MTP (Media Transfer Protocol) support. - -## View files on HoloLens using File Explorer - -> Applies to all HoloLens 2 devices and HoloLens (1st gen) as of the [Windows 10 April 2018 Update (RS4) for HoloLens](https://docs.microsoft.com/windows/mixed-reality/release-notes-april-2018). - -Use File Explorer on HoloLens to view and manage files on your device, including 3D objects, documents, and pictures. Go to **Start** > **All apps** > **File Explorer** to get started. - -> [!TIP] -> If there are no files listed in File Explorer, select **This Device** in the top left pane. - -If you don’t see any files in File Explorer, the "Recent" filter may be active (clock icon is highlighted in left pane). To fix this, select the **This Device** document icon in the left pane (beneath the clock icon), or open the menu and select **This Device**. - -## Find and view your photos and videos - -[Mixed reality capture](holographic-photos-and-videos.md) lets you take mixed reality photos and videos on HoloLens. These photos and videos are saved to the device's Camera Roll folder. - -You can access photos and videos taken with HoloLens by: - -- accessing the Camera Roll directly through the [Photos app](holographic-photos-and-videos.md). -- uploading photos and videos to cloud storage by syncing your photos and videos to OneDrive. -- using the Mixed Reality Capture page of the [Windows Device Portal](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal#mixed-reality-capture). - -### Photos app - -The Photos app is one of the default apps on the **Start** menu, and comes built-in with HoloLens. Learn more about [using the Photos app to view content](holographic-photos-and-videos.md). - -You can also install the [OneDrive app](https://www.microsoft.com/p/onedrive/9wzdncrfj1p3) from the Microsoft Store to sync photos to other devices. - -### OneDrive app - -[OneDrive](https://onedrive.live.com/) lets you access, manage, and share your photos and videos with any device and with any user. To access the photos and videos captured on HoloLens, download the [OneDrive app](https://www.microsoft.com/p/onedrive/9wzdncrfj1p3) from the Microsoft Store on your HoloLens. Once downloaded, open the OneDrive app and select **Settings** > **Camera upload**, and turn on **Camera upload**. - -### Connect to a PC - -If your HoloLens is running the [Windows 10 April 2018 update](https://docs.microsoft.com/windows/mixed-reality/release-notes-april-2018) or later, you can connect your HoloLens to a Windows 10 PC by using a USB cable to browse photos and videos on the device by using MTP (media transfer protocol). You'll need to make sure the device is unlocked to browse files if you have a PIN or password set up on your device. - -If you have enabled the [Windows Device Portal](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal), you can use it to browse, retrieve, and manage the photos and videos stored on your device. - -## Access files within an app - -If an application saves files on your device, you can use that application to access them. - -### Requesting files from another app - -An application can request to save a file or open a file from another app by using [file pickers](https://docs.microsoft.com/windows/mixed-reality/app-model#file-pickers). - -### Known folders - -HoloLens supports a number of [known folders](https://docs.microsoft.com/windows/mixed-reality/app-model#known-folders) that apps can request permission to access. - -## View HoloLens files on your PC - -Similar to other mobile devices, connect HoloLens to your desktop PC using MTP (Media Transfer Protocol) and open File Explorer on the PC to access your HoloLens libraries for easy transfer. - -To see your HoloLens files in File Explorer on your PC: - -1. Sign in to HoloLens, then plug it into the PC using the USB cable that came with the HoloLens. - -1. Select **Open Device to view files with File Explorer**, or open File Explorer on the PC and navigate to the device. - -To see info about your HoloLens, right-click the device name in File Explorer on your PC, then select **Properties**. - -> [!NOTE] -> HoloLens (1st gen) does not support connecting to external hard drives or SD cards. - -## Sync to the cloud - -To sync photos and other files from your HoloLens to the cloud, install and set up OneDrive on HoloLens. To get OneDrive, search for it in the Microsoft Store on your HoloLens. - -HoloLens doesn't back up app files and data, so it's a good idea to save your important stuff to OneDrive. That way, if you reset your device or uninstall an app, your info will be backed up. diff --git a/devices/hololens/holographic-home.md b/devices/hololens/holographic-home.md deleted file mode 100644 index 8cbbe10268..0000000000 --- a/devices/hololens/holographic-home.md +++ /dev/null @@ -1,87 +0,0 @@ ---- -title: Use the Start menu and mixed reality home -description: Navigate the mixed reality home in Windows Holographic. -ms.assetid: 742bc126-7996-4f3a-abb2-cf345dff730c -ms.date: 08/07/2019 -keywords: hololens -ms.prod: hololens -ms.sitesec: library -author: scooley -ms.author: scooley -ms.topic: article -ms.localizationpriority: high -appliesto: -- HoloLens (1st gen) -- HoloLens 2 ---- - -# Use the Start menu and mixed reality home - -Just like the Windows PC experience starts with the desktop, Windows Holographic starts with mixed reality home. Using the Start menu you can open and place app windows, immersive app launchers, and 3D content in mixed reality home, and their placement in your physical space will be remembered. - -## Use the Start menu - -The Start menu on HoloLens is where you'll open apps, see important status info, and access tools like the camera. - -Wherever you are in HoloLens, you can always open the Start menu by using **Start gesture**. On HoloLens (1st gen) the Start gesture is [bloom](https://support.microsoft.com/help/12644/hololens-use-gestures). On HoloLens 2, the [Start gesture](hololens2-basic-usage.md#start-gesture) is to tap the Start icon that appears on your wrist. You can also open the Start menu using your voice by saying "Go to Start". - -> [!TIP] -> When the Start menu is open, use the Start gesture to close it, or look at the Start menu and say "Close". - -At the top of the Start menu, you'll see status indicators for Wi-Fi, battery, volume, and a clock. On HoloLens 2 there is also a listening indicator that shows whether the device is speech enabled and is listening for voice commands. At the bottom you'll find the **Photo** and **Video** buttons which allow you to take photos and video recordings. There is also a **Connect** button that allows you to project what you see to another device using Miracast. - -### Find apps on Start menu - -The Start menu has a **Pinned apps** list and an **All apps** list. - -- The **Pinned apps** list shows apps that have been pinned. You can add and remove apps from the **Pinned apps** list using the context menu that appears when you **select and hold** on an app tile. - -- The **All apps** list shows all apps that are installed on the device. Select the **All apps** button on the right side of the **Start** menu to get to the list. - -On both app lists, use the **Page up** and **Page down** buttons on the right side of the Start menu to page through all the apps in the list. Both app lists will automatically open to the page that was last used during a device session. - -> [!TIP] -> On HoloLens 2, you can directly scroll the app lists using your index finger. Just touch the list with your finger tip and drag upwards or downwards. - -### Open apps from Start menu - -To open an app from the Start menu, simply **select** an **app tile**. You can also say the name of an app to open it. - -When you open an app from the Start menu, one of the following will happen, depending on how the app is designed: - -- An **app window** is placed. The app is then loaded in the window and you can use it like a touch screen. -- A **3D app launcher** for an immersive app is placed. You need to then **select** the launcher to open the immersive app. -- An app window is placed which acts as a **launcher** for an immersive app. The immersive app will proceed to launch automatically. - -App windows and app launchers placed in mixed reality home will stay around until you decide to remove them. They give you a convenient shortcut in the world to use those app windows or to launch immersive apps without having to open them again from the Start menu. - -> [!NOTE] ->Like on a phone, system resources is managed automatically on HoloLens. For example, when you open a new immersive app, all other running apps will immediately become inactive. There is no need to remove app windows and launchers in mixed reality home to free up system resources. - -## Using apps on HoloLens - -Apps on HoloLens can use app window view or immersive view. With app window view the app simply shows its content inside a window. With immersive view an app takes you away from mixed realty home where it can then display its content in the physical environment all around you. Apps can also choose to use both views. - -### Use app windows - -On HoloLens (1st gen) app windows are placed and used in mixed reality home, where you can [move, resize, and rotate](hololens1-basic-usage.md#move-resize-and-rotate-apps) them as you like. In addition to using app windows with gaze and gesture, you can also use them with Bluetooth connected mouse and keyboard. - -On HoloLens 2, in addition to using app windows in mixed reality home, you can also use one app window at a time inside an immersive app. You can also put an app window into **Follow me** mode where it will stay in front of you as you walk around. When you open an app window while inside an immersive app, it will open in **Follow me** mode automatically. You can [move, resize, and rotate](hololens2-basic-usage.md#move-resize-and-rotate-holograms) app windows directly using your hands in both mixed reality home and inside an immersive app. - -> [!NOTE] -> -> - Up to three app windows can be active in mixed reality home at a time. You can open more, but only three will remain active. -> - When an app window is not active, it will show content that looks darkened compared to an active window. Some will simply show the app icon instead of any content. To activate an inactive window simply **select** it. -> - Each open app can have one active window at a time, except Microsoft Edge, which can have up to three. - -### Close apps - -To close an app that uses an app window, simply close the app window with the **Close** button on the title bar. You can also look at the window and say "Close". - -To exit an app that uses immersive view, use the Start gesture to bring up the **Start menu**, then select the **Mixed reality home** button. - -If an immersive app is in a broken state and you need to restart it, you can make sure the app is first completely shut down by closing its launcher in mixed reality home, then launching it from the Start menu. - -## Related info - -[Find, Install, and Uninstall applications from the Microsoft Store](holographic-store-apps.md) diff --git a/devices/hololens/holographic-photos-and-videos.md b/devices/hololens/holographic-photos-and-videos.md deleted file mode 100644 index 11255c8961..0000000000 --- a/devices/hololens/holographic-photos-and-videos.md +++ /dev/null @@ -1,154 +0,0 @@ ---- -title: Capture and manage mixed reality photos and videos -description: Learn how to capture, view, and share mixed reality photos and videos, using HoloLens. -keywords: hololens, photo, video, capture, mrc, mixed reality capture, photos, camera, stream, livestream, demo -ms.assetid: 1b636ec3-6186-4fbb-81b2-71155aef0593 -ms.prod: hololens -ms.sitesec: library -author: mattzmsft -ms.author: mazeller -ms.topic: article -audience: ITPro -ms.localizationpriority: medium -ms.date: 10/28/2019 -manager: jarrettr -appliesto: -- HoloLens (1st gen) -- HoloLens 2 ---- - -# Create mixed reality photos and videos - -HoloLens gives users the experience of mixing the real world with the digital world. Mixed reality capture (MRC) lets you capture that experience as a photo or video, or share what you see with others in real-time. - -Mixed reality capture uses a first-person point of view so other people can see holograms as you see them. For a third-person point of view, use [spectator view](https://docs.microsoft.com/windows/mixed-reality/spectator-view). Spectator view is especially useful for demos. - -While it's fun to share videos amongst friends and colleagues, videos can also help teach other people to use an app or to communicate problems with apps and experiences. - -> [!NOTE] -> If you can't launch mixed reality capture experiences and your HoloLens is a work device, check with your system administrator. Access to the camera can be restricted through company policy. - -## Capture a mixed reality photo - -There are several ways to take a photo of mixed reality on HoloLens; you can use hardware buttons, voice, or the Start menu. - -### Hardware buttons to take photos - -To take a quick photo of your current view, press the volume up and volume down buttons at the same time. This is a bit like the HoloLens version of a screenshot or print screen. - -- [Button locations on HoloLens 2](hololens2-hardware.md) -- [Button locations on HoloLens (1st gen)](hololens1-hardware.md#hololens-components) - -> [!NOTE] -> Holding the **volume up** and **volume down** buttons for three seconds will start recording a video rather than taking a photo. To stop recording, tap both **volume up** and **volume down** buttons simultaneously. - -### Voice commands to take photos - -On HoloLens 2, version 2004 (and later), say: "Take a picture." - -On HoloLens (1st gen) or HoloLens 2, version 1903, say: "Hey Cortana, take a picture." - -### Start menu to take photos - -Use the Start gesture to go to **Start**, then select the **camera** icon. - -Point your head in the direction of what you want to capture, then [air tap](hololens2-basic-usage.md#touch-holograms-near-you) to take a photo. You can continue to air tap and capture additional photos. Any photos you capture will be saved to your device. - -Use the Start gesture again to end photo capture. - -## Capture a mixed reality video - -There are several ways to record a video of mixed reality on HoloLens; you can use hardware buttons, voice, or the Start menu. - -### Hardware buttons to record videos - -The quickest way to record a video is to press and hold the **volume up** and **volume down** buttons simultaneously until a three-second countdown begins. To stop recording, tap both buttons simultaneously. - -> [!NOTE] -> Quickly pressing the **volume up** and **volume down** buttons at the same time will take a photo rather than recording a video. - -### Voice to record videos - -On HoloLens 2, version 2004 (and later), say: "Start recording." To stop recording, say "Stop recording." - -On HoloLens (1st gen) or HoloLens 2, version 1903, say: "Hey Cortana, start recording." To stop recording, say "Hey Cortana, stop recording." - -### Start menu to record videos - -Use the Start gesture to go to **Start**, then select the **video** icon. Point your head in the direction of what you want to capture, then [air tap](hololens2-basic-usage.md#touch-holograms-near-you) to start recording. There will be a three second countdown and your recording will begin. - -To stop recording, use the Start gesture and select the highlighted **video** icon. The video will be saved to your device. - -> [!NOTE] -> **Applies to HoloLens (1st gen) only** -> The [Windows 10 October 2018 Update](https://docs.microsoft.com/windows/mixed-reality/release-notes-october-2018) changes how the Start gesture and Windows button behave on HoloLens (1st gen). Before the update, the Start gesture or Windows button would stop a video recording. After the update, however, the Start gesture or Windows button opens the **Start** menu (or the **quick actions menu** if you are in an immersive app), from which you can select the highlighted **video** icon to stop recording. - -## Share what you see in real-time - -You can share what you see in HoloLens with friends and colleagues in real-time. There are a few methods available: - -1. Connecting to a Miracast-enabled device or adapter to watch on a TV. -1. Using [Windows Device Portal](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal) to watch on a PC -1. Using the [Microsoft HoloLens companion app](https://www.microsoft.com/store/productId/9NBLGGH4QWNX) to watch on a PC. -1. Deploying the [Microsoft Dynamics 365 Remote Assist](https://dynamics.microsoft.com/en-us/mixed-reality/remote-assist) app, which enables front-line workers to stream what they see to a remote expert. The remote expert can then guide the front-line worker verbally or by annotating in their world. - -> [!NOTE] -> Sharing what you see via Windows Device Portal or Microsoft HoloLens companion app requires your HoloLens to be in [Developer mode](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal#setting-up-hololens-to-use-windows-device-portal). - -### Stream video with Miracast - -Use the Start gesture to go to **Start**, then select the **connect** icon. From the picker that appears, select the Miracast-enabled device or adapter to which you want to connect. - -To stop sharing, use the Start gesture and select the highlighted **connect** icon. Because you were streaming, nothing will be saved to your device. - -> [!NOTE] -> Miracast support was enabled on HoloLens (1st gen) beginning with the [Windows 10 October 2018 Update](https://docs.microsoft.com/windows/mixed-reality/release-notes-october-2018). - -### Real time video with Windows Device Portal - -Because sharing via Windows Device Portal requires Developer mode to be enabled on HoloLens, follow the instructions in our developer documentation to [set up Developer mode and navigate Windows Device Portal](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal). - -### Microsoft HoloLens companion app - -Because sharing via the Microsoft HoloLens companion app requires Developer mode to be enabled on HoloLens, follow the instructions in our developer documentation to [set up Developer mode](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal). Then, download the [Microsoft HoloLens companion app](https://www.microsoft.com/store/productId/9NBLGGH4QWNX) and follow the instructions within the app to connect to your HoloLens. - -Once the app is set up with your HoloLens, select the **Live stream** option from the app's main menu. - -## View your mixed reality photos and videos - -Mixed reality photos and videos are saved to the device's "Camera Roll". You can browse the contents of this folder on your HoloLens with the File Explorer app (navigate to Pictures > Camera Roll). - -You can also view your mixed reality photos and videos in the Photos app, which is pre-installed on HoloLens. To pin a photo in your world, select it in the Photos app and choose **Place in mixed world**. You can move the photo around your world after it's been placed. - -To view and/or save your mixed reality photos and videos on a PC connected to HoloLens, you can use [Windows Device Portal](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal#mixed-reality-capture) or your [PC's File Explorer via MTP](https://docs.microsoft.com/windows/mixed-reality/release-notes-april-2018#new-features-for-hololens). - -## Share your mixed reality photos and videos - -After capturing a mixed reality photo or video, a preview will appear. Select the **share** icon above the preview to bring up the share assistant. From there, you can select the end point to which you'd like to share that photo or video. - -You can also share mixed reality photos and videos from OneDrive, by automatically uploading your mixed reality photos and videos. Open the OneDrive app on HoloLens and sign in with a personal [Microsoft account](https://account.microsoft.com) if you haven't already. Select the **settings** icon and choose **Camera upload**. Turn Camera upload on. Your mixed reality photos and videos will now be uploaded to OneDrive each time you launch the app on HoloLens. - -> [!NOTE] -> You can only enable camera upload in OneDrive if you’re signed into OneDrive with a personal Microsoft account. If you set up HoloLens with a work or school account, you can add a personal Microsoft account in the OneDrive app to enable this feature. - -## Limitations of mixed reality capture - -- While using mixed reality capture, the framerate of HoloLens will be halved to 30 Hz. -- Videos have a maximum length of five minutes. -- The resolution of photos and videos may be reduced if the photo/video camera is already in use by another application, while live streaming, or when system resources are low. - -## Default file format and resolution - -### Default photo format and resolution - -| Device | Format | Extension | Resolution | -|----------|----------|----------|----------| -| HoloLens 2 | [JPEG](https://en.wikipedia.org/wiki/JPEG) | .jpg | 3904x2196px | -| HoloLens (1st gen) | [JPEG](https://en.wikipedia.org/wiki/JPEG) | .jpg | 1408x792px | - -### Recorded video format and resolution - -| Device | Format | Extension | Resolution | Speed | Audio | -|----------|----------|----------|----------|----------|----------| -| HoloLens 2 | [MPEG-4](https://en.wikipedia.org/wiki/MPEG-4) | .mp4 | 1920x1080px | 30fps | 48kHz Stereo | -| HoloLens (1st gen) | [MPEG-4](https://en.wikipedia.org/wiki/MPEG-4) | .mp4 | 1216x684px | 24fps | 48kHz Stereo | diff --git a/devices/hololens/holographic-store-apps.md b/devices/hololens/holographic-store-apps.md deleted file mode 100644 index f993afcb7f..0000000000 --- a/devices/hololens/holographic-store-apps.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: Find, install, and uninstall applications -description: The Microsoft Store is your source for apps and games that work with HoloLens. Learn more about finding, installing, and uninstalling holographic apps. -ms.assetid: cbe9aa3a-884f-4a92-bf54-8d4917bc3435 -ms.reviewer: v-miegge -ms.date: 08/30/2019 -manager: jarrettr -keywords: hololens, store, uwp, app, install -ms.prod: hololens -ms.sitesec: library -author: mattzmsft -ms.author: mazeller -ms.topic: article -ms.localizationpriority: high -appliesto: -- HoloLens (1st gen) -- HoloLens 2 ---- - -# Find, install, and uninstall applications from the Microsoft Store - -The Microsoft Store is your go-to source for apps and games that work with HoloLens. When you go to the Store on your HoloLens, any apps you see there will run on it. - -Apps on HoloLens use either 2D view or holographic view. Apps that use 2D view look like windows and can be positioned all around you. Apps that use holographic view surround you and become the only app you see. - -HoloLens supports many existing applications from the Microsoft Store, as well as new apps built specifically for HoloLens. This article focuses on holographic applications from the Microsoft Store. - -To learn more about installing and running custom apps, read [Custom holographic applications](holographic-custom-apps.md). - -## Find apps - -Open the Microsoft Store from the **Start** menu. Then browse for apps and games. You can use Cortana to search by saying "Hey, Cortana" and then saying your search terms. - -## Install apps - -To download apps, you'll need to be signed in with a Microsoft account. Some apps are free and can be downloaded right away. Apps that require a purchase require you to be signed in to the Store with your Microsoft account and have a valid payment method. -> [!NOTE] -> The account you use on Microsoft Store does not have to be the same as the account you are signed in with. If you are using a Work or School account on your HoloLens then you'll need to sign in with your personal account in the Store App to make a purchase. - -To set up a payment method, go to [account.microsoft.com](https://account.microsoft.com/) and select **Payment & billing** > **Payment options** > **Add a payment option**. - -1. To open the [**Start** menu](holographic-home.md), perform a [Start gesture](https://docs.microsoft.com/hololens/hololens2-basic-usage#start-gesture) or [bloom](hololens1-basic-usage.md) gesture on HoloLens 1. -1. Select the Store app. Once the Store app opens: - 1. Use the search bar to look for any desired applications. - 1. Select essential apps or apps made specifically for HoloLens from one of the curated categories. - 1. On the top right of the Store app, select the **...** button and then select **My Library** to view any previously purchased apps. -1. Select **Get** or **Install** on the application's page (a purchase may be required). - -## Uninstall apps - -There are two ways to uninstall applications. You can uninstall applications through the Microsoft Store or Start menu. - -### Uninstall from the Start menu - -On the **Start** menu or in the **All apps** list, browse to the app. Air tap and hold until the menu appears, then select **Uninstall**. - -### Uninstall from the Microsoft Store - -Open the Microsoft Store from the **Start** menu, and then browse for the application you'd like to uninstall. On the Store page, each application that you have installed has an **Uninstall** button. diff --git a/devices/hololens/hololens-FAQ.md b/devices/hololens/hololens-FAQ.md deleted file mode 100644 index 0c2a033d11..0000000000 --- a/devices/hololens/hololens-FAQ.md +++ /dev/null @@ -1,293 +0,0 @@ ---- -title: Frequently asked questions about HoloLens devices and holograms -description: Do you have a quick question about HoloLens or interacting with holograms? This article provides a quick answer and more resources. -keywords: hololens, faq, known issue, help -ms.prod: hololens -ms.sitesec: library -author: Teresa-Motiv -ms.author: v-tea -ms.topic: article -audience: ITPro -ms.localizationpriority: medium -ms.date: 02/27/2020 -ms.reviewer: -ms.custom: -- CI 114606 -- CSSTroubleshooting -manager: jarrettr -appliesto: -- HoloLens (1st gen) -- HoloLens 2 ---- - -# Frequently asked questions about HoloLens devices and holograms - -This article answers some questions that you may have about how to use HoloLens, including how to place holograms, work with spaces, and more. - -Any time that you have problems, make sure that HoloLens is [charged up](https://support.microsoft.com/help/12627/hololens-charge-your-hololens). Try [restarting it](hololens-restart-recover.md) to see whether that fixes things. And please use the Feedback app to send us information about the issue. You'll find the Feedback app on the [**Start** menu](holographic-home.md). - -For tips about hwo to wear your HoloLens, see [HoloLens (1st gen) fit and comfort frequently asked questions](hololens1-fit-comfort-faq.md). - -This article addresses the following questions and issues: - - -- [My holograms don't look right or are moving around](#my-holograms-dont-look-right-or-are-moving-around) -- [I see a message that says "Finding your space"](#i-see-a-message-that-says-finding-your-space) -- [I'm not seeing the holograms that I expect to see in my space](#im-not-seeing-the-holograms-that-i-expect-to-see-in-my-space) -- [I can't place holograms where I want to](#i-cant-place-holograms-where-i-want-to) -- [Holograms disappear or are encased in other holograms or objects](#holograms-disappear-or-are-encased-in-other-holograms-or-objects) -- [I can see holograms that are on the other side of a wall](#i-can-see-holograms-that-are-on-the-other-side-of-a-wall) -- [When I place a hologram on a wall, the hologram seems to float](#when-i-place-a-hologram-on-a-wall-the-hologram-seems-to-float) -- [Apps appear too close to me when I'm trying to move them](#apps-appear-too-close-to-me-when-im-trying-to-move-them) -- [I'm getting a low disk space error](#im-getting-a-low-disk-space-error) -- [HoloLens doesn't respond to my gestures](#hololens-doesnt-respond-to-my-gestures) -- [HoloLens doesn't respond to my voice](#hololens-doesnt-respond-to-my-voice) -- [I'm having problems pairing or using a Bluetooth device](#im-having-problems-pairing-or-using-a-bluetooth-device) -- [HoloLens Settings lists devices as available, but the devices don't work](#hololens-settings-lists-devices-as-available-but-the-devices-dont-work) -- [I'm having problems using the HoloLens clicker](#im-having-problems-using-the-hololens-clicker) -- [I can't connect to Wi-Fi](#i-cant-connect-to-wi-fi) -- [My HoloLens isn't running well, is unresponsive, or won't start](#my-hololens-isnt-running-well-is-unresponsive-or-wont-start) -- [I can't sign in to a HoloLens device because it was previously set up for someone else](#i-cant-sign-in-to-a-hololens-device-because-it-was-previously-set-up-for-someone-else) -- [Questions about managing HoloLens devices](#questions-about-managing-hololens-devices) -- [Questions about securing HoloLens devices](#questions-about-securing-hololens-devices) -- [How do I delete all spaces?](#how-do-i-delete-all-spaces) -- [I cannot find or use the keyboard to type in the HoloLens 2 Emulator](#i-cannot-find-or-use-the-keyboard-to-type-in-the-hololens-2-emulator) - -## My holograms don't look right or are moving around - -If your holograms don't look right (for example, they're jittery or shaky, or you see black patches on top of them), try one of these fixes: - -- [Clean your device visor](hololens1-hardware.md#care-and-cleaning) and make sure nothing is blocking the sensors. -- Make sure that you're in a well-lit room that does not have a lot of direct sunlight. -- Try walking around and gazing at your surroundings so that HoloLens can scan them more completely. -- If you've placed a lot of holograms, try removing some. - -If you're still having problems, trying running the Calibration app. This app calibrates your HoloLens just for you to help keep your holograms looking their best. To do this, go to **Settings** > **System** > **Utilities**. Under **Calibration**, select **Open Calibration**. - -[Back to list](#list) - -## I see a message that says "Finding your space" - -When HoloLens is learning or loading a space, you may see a brief message that says "Finding your space." If this message displays for more than a few seconds, you'll see another message under the Start menu that says "Still looking for your space." - -These messages mean that HoloLens is having trouble mapping your space. When this happens, you can open apps, but you can't place holograms in your environment. - -If you see these messages often, try one or more of the following fixes: - -- Make sure that you're in a well-lit room that does not have a lot of direct sunlight. -- Make sure that your device visor is clean. [Learn how to clean your visor](hololens1-hardware.md#care-and-cleaning). -- Make sure that you have a strong Wi-Fi signal. If you enter a new environment that has no Wi-Fi or a weak Wi-Fi signal, HoloLens won't be able find your space. Check your Wi-Fi connection by going to **Settings** > **Network & Internet** > **Wi-Fi**. -- Try moving more slowly. - -[Back to list](#list) - -## I'm not seeing the holograms that I expect to see in my space - -If you don't see the holograms that you placed, or if you're seeing some that you don't expect, try one or more of the following fixes: - -- Turn on some lights. HoloLens works best in a well-lit space. -- Remove holograms that you don't need by going to **Settings** > **System** > **Holograms** > **Remove nearby holograms**. Or, if needed, select **Remove all holograms**. - - > [!NOTE] - > If the layout or lighting in your space changes significantly, your device might have trouble identifying your space and showing your holograms. - -[Back to list](#list) - -## I can't place holograms where I want to - -Here are some things to try if you're having trouble placing holograms: - -- Stand between one and three meters from where you're trying to place the hologram. -- Don't place holograms on black or reflective surfaces. -- Make sure that you're in a well-lit room that does not have a lot of direct sunlight. -- Walk around the rooms so HoloLens can rescan your surroundings. To see what's already been scanned, air tap to reveal the mapping mesh graphic. - -[Back to list](#list) - -## Holograms disappear or are encased in other holograms or objects - -If you get too close to a hologram, it will temporarily disappear—to restore the hologram, just move away from it. Also, if you've placed several holograms close together, some may disappear. Try removing a few. - -Holograms can also be blocked or encased by other holograms or by objects such as walls. If this happens, try one of the following fixes: - -- If the hologram is encased in another hologram, move the encased hologram to another location. To do this, select **Adjust**, then tap and hold to position it. -- If the hologram is encased in a wall, select **Adjust**, then walk toward the wall until the hologram appears. Tap and hold, then pull the hologram forward and out of the wall. -- If you can't move the hologram by using gestures, use your voice to remove it. Gaze at the hologram, then say "Remove." Then reopen the hologram and place it in a new location. - -[Back to list](#list) - -## I can see holograms that are on the other side of a wall - -If you're very close to a wall, or if HoloLens hasn't scanned the wall yet, you can see holograms that are in the next room. To scan the wall, stand between one and three meters from the wall and gaze at it. - -A black or reflective object (for example, a black couch or a stainless steel refrigerator) near the wall may cause problems when HoloLens tries to scan the wall. If there is such an object, scan the other side of the wall. - -[Back to list](#list) - -## When I place a hologram on a wall, the hologram seems to float - -A hologram that you place on a wall typically appears to be an inch or so away from the wall. If it appears to be farther away, try one or more of the following fixes: - -- When you place a hologram on a wall, stand between one and three meters from the wall and face the wall straight on. -- Air tap the wall to reveal the mapping mesh graphic. Make sure that the mesh aligns with the wall. If it doesn't, remove the hologram, rescan the wall, and then try again. -- If the issue persists, run the Calibration app. You'll find it in **Settings** > **System** > **Utilities**. - -[Back to list](#list) - -## Apps appear too close to me when I'm trying to move them - -Try walking around and looking at the area where you're placing the app so that HoloLens scans the area from different angles. [Cleaning your device visor](hololens1-hardware.md#care-and-cleaning) may also help. - -[Back to list](#list) - -## I'm getting a low disk space error - -Free up some storage space by doing one or more of the following: - -- Remove some of the holograms that you've placed, or remove some saved data from within apps. [How do I find my data?](holographic-data.md) -- Delete some pictures and videos in the Photos app. -- Uninstall some apps from your HoloLens. In the **All apps** list, tap and hold the app you want to uninstall, then select **Uninstall**. (Uninstalling the app also deletes any data that the app stores on the device.) - -[Back to list](#list) - -## HoloLens doesn't respond to my gestures - -To make sure that HoloLens can see your gestures, keep your hand in the gesture frame. The gesture frame extends a couple of feet on either side of you. HoloLens can also best see your hand when you hold it about 18 inches in front of your body (though you don't have to be precise about this). When HoloLens can see your hand, the cursor changes from a dot to a ring. Learn more about [using gestures in HoloLens 2](hololens2-basic-usage.md) or [using gestures in HoloLens (1st gen)](hololens1-basic-usage.md). - -[Back to list](#list) - -## HoloLens doesn't respond to my voice - -HoloLens (1st gen) and HoloLens 2 have built-in speech recognition, and also support Cortana (online speech recognition). - -### Built-in voice commands do not work - -On HoloLens (1st gen), built-in speech recognition is not configurable. It is always turned on. On HoloLens 2, you can choose whether to turn on both speech recognition and Cortana during device setup. - -If your HoloLens 2 is not responding to your voice, make sure Speech recognition is turned on. Go to **Start** > **Settings** > **Privacy** > **Speech** and turn on **Speech recognition**. - -### Cortana or Dictation doesn't work - -If Cortana or Dictation isn't responding to your voice, make sure online speech recognition is turned on. Go to **Start** > **Settings** > **Privacy** > **Speech** and verify the **Online speech recognition** settings. - -If Cortana is still not responding, do one of the following to verify that Cortana itself is turned on: - -- In **All apps**, select **Cortana** > select **Menu** > **Notebook** > **Settings** to make changes. -- On HoloLens 2, select the **Speech settings** button or say "Speech settings." - -To learn more about what you can say, see [Use your voice with HoloLens](hololens-cortana.md). - -[Back to list](#list) - -## I'm having problems pairing or using a Bluetooth device - -If you're having problems [pairing a Bluetooth device](hololens-connect-devices.md), try the following: - -- Go to **Settings** > **Devices**, and make sure that Bluetooth is turned on. If it is, turn it off and on again. -- Make sure that your Bluetooth device is fully charged or has fresh batteries. -- If you still can't connect, [restart the HoloLens](hololens-recovery.md). - -[Back to list](#list) - -## HoloLens Settings lists devices as available, but the devices don't work - -HoloLens doesn't support Bluetooth audio profiles. Bluetooth audio devices, such as speakers and headsets, may appear as available in HoloLens settings, but they aren't supported. - -If you're having trouble using a Bluetooth device, make sure that it's a supported device. Supported devices include the following: - -- English-language QWERTY Bluetooth keyboards (you can use these anywhere that you use the holographic keyboard). -- Bluetooth mice. -- The [HoloLens clicker](hololens1-clicker.md). - -You can pair other Bluetooth HID and GATT devices together with your HoloLens. However, you may have to install corresponding companion apps from Microsoft Store to actually use the devices. - -[Back to list](#list) - -## I'm having problems using the HoloLens clicker - -Use the [clicker](hololens1-clicker.md) to select, scroll, move, and resize holograms. Individial apps may support additional clicker gestures. - -If you're having trouble using the clicker, make sure that it's charged and paired with your HoloLens. If the battery is low, the indicator light blinks amber. To verify that the clicker is paired, go to **Settings** > **Devices** and see if it shows up there. For more information, see [Pair the clicker](hololens-connect-devices.md#hololens-1st-gen-pair-the-clicker). - -If the clicker is charged and paired and you're still having problems, reset it by holding down the main button and the pairing button for 15 seconds. Then pair the clicker with your HoloLens again. - -If resetting the clicker doesn't help, see [Restart or recover the HoloLens clicker](hololens1-clicker.md#restart-or-recover-the-clicker). - -[Back to list](#list) - -## I can't connect to Wi-Fi - -Here are some things to try if you can't connect your HoloLens to a Wi-Fi network: - -- Make sure that Wi-Fi is turned on. To check, use the Start gesture, then select **Settings** > **Network & Internet** > **Wi-Fi**. If Wi-Fi is on, try turning it off and then on again. -- Move closer to the router or access point. -- Restart your Wi-Fi router, then [restart HoloLens](hololens-recovery.md). Try connecting again. -- If none of these things work, check to make sure that your router is using the latest firmware. You can find this information on the manufacturer website. - -[Back to list](#list) - -## My HoloLens isn't running well, is unresponsive, or won't start - -If your device isn't performing properly, see [Restart, reset, or recover HoloLens](hololens-recovery.md). - -[Back to list](#list) - -## I can't sign in to a HoloLens device because it was previously set up for someone else - -If your device was previously set up for someone else, either for a client or for a former employee, and you don't have their password to unlock the device, you can do one of the following: - -- For a device that is enrolled in Intune mobile device management (MDM), you can use Intune to remotely [wipe](https://docs.microsoft.com/intune/remote-actions/devices-wipe) the device. The device then re-flashes itself. - > [!IMPORTANT] - > When you wipe the device, make sure to leave **Retain enrollment state and user account** unchecked. -- For a non-MDM device, you can [put the device into **Flashing Mode** and use Advanced Recovery Companion](hololens-recovery.md#clean-reflash-the-device) to recover the device. - -[Back to list](#list) - -## Questions about managing HoloLens devices - -### Can I use System Center Configuration Manager (SCCM) to manage HoloLens devices? - -No. You have to use an MDM system to manage HoloLens devices. - -### Can I use Active Directory Domain Services (AD DS) to manage HoloLens user accounts? - -No. You have to use Azure Active Directory (AAD) to manage user accounts for HoloLens devices. - -### Is HoloLens capable of Automated Data Capture Systems (ADCS) auto-enrollment? - -No. - -### Can HoloLens participate in Integrated Windows Authentication? - -No. - -### Does HoloLens support branding? - -No. However, you can work around this issue by using one of the following approaches: - -- Create a custom app, and then [enable Kiosk mode](hololens-kiosk.md). The custom app can have branding, and can launch other apps (such as Remote Assist). -- Change all of the user profile pictures in AAD to your company logo. However, this may not be desirable for all scenarios. - -### What logging capabilities do HoloLens (1st gen) and HoloLens 2 offer? - -Logging is limited to traces that can be captured in development or troubleshooting scenarios, or telemetry that the devices send to Microsoft servers. - -[Back to list](#list) - -## Questions about securing HoloLens devices - -See [frequently asked questions about securing HoloLens devices](hololens-faq-security.md). - -[Back to list](#list) - -## How do I delete all spaces? - -*Coming soon* - -[Back to list](#list) - -## I cannot find or use the keyboard to type in the HoloLens 2 Emulator - -*Coming soon* - -[Back to list](#list) diff --git a/devices/hololens/hololens-calibration.md b/devices/hololens/hololens-calibration.md deleted file mode 100644 index 230e8c5c55..0000000000 --- a/devices/hololens/hololens-calibration.md +++ /dev/null @@ -1,156 +0,0 @@ ---- -title: Improve visual quality and comfort -description: Calibrating your IPD (interpupillary distance) can improve the quality of your visuals. Both HoloLens and Windows Mixed Reality immersive headsets offer ways to customize IPD. -author: Teresa-Motiv -ms.author: xerxesb -ms.date: 9/13/2019 -ms.topic: article -keywords: calibration, comfort, visuals, quality, ipd -ms.prod: hololens -ms.sitesec: library -author: Teresa-Motiv -ms.localizationpriority: high -ms.reviewer: -manager: jarrettr -appliesto: -- HoloLens (1st gen) -- HoloLens 2 ---- - -# Improve visual quality and comfort - -HoloLens 2 and HoloLens (1st gen) both work better when they're calibrated to your unique eyes. - -While both devices need to calibrate for the best hologram viewing experience, they use different calibration technologies and techniques. Jump to [HoloLens 2 calibration](#calibrating-your-hololens-2) or [HoloLens (1st gen) calibration](#calibrating-your-hololens-1st-gen). - -## Calibrating your HoloLens 2 - -HoloLens 2 uses eye-tracking technology to improve your experience seeing and interacting with the virtual environment. Calibrating the HoloLens 2 ensures that it can accurately track your eyes (and the eyes of anyone else who uses the device). It also helps with user comfort, hologram alignment, and hand tracking. After calibration, holograms will appear correctly even as the visor shifts on your head. - -HoloLens 2 prompts a user to calibrate the device under the following circumstances: - -- The user is using the device for the first time -- The user previously opted out of the calibration process -- The calibration process did not succeed the last time the user used the device -- The user has deleted their calibration profiles -- The device is taken off and put back on and any of the above circumstances apply - - -![Calibration prompt](./images/07-et-adjust-for-your-eyes.png) - -During this process, you'll look at a set of targets (gems). It's fine if you blink during calibration, but try to stay focused on the gems instead of other objects in the room. This allows HoloLens to learn about your eye position to render your holographic world. - -![Calibration prompt](./images/07-et-hold-head-still.png) - -![Calibration prompt](./images/08-et-gems.png) - -![Calibration prompt](./images/09-et-adjusting.png) - -If calibration was successful, you'll see a success screen. If not, read more about diagnosing calibration failures [here](#troubleshooting-hololens-2-calibration). - -![Calibration prompt](./images/10-et-success.png) - -### Calibration when sharing a device or session - -Multiple users can share a HoloLens 2 device, without a need for each person to go through device setup. When a new user puts the device on their head for the first time, HoloLens 2 automatically prompts the user to calibrate visuals. When a user that has previously calibrated visuals puts the device on their head, the display seamlessly adjusts for quality and a comfortable viewing experience. - -### Manually starting the calibration process - -1. Use the start gesture to open the [**Start** menu](hololens2-basic-usage.md#start-gesture). -1. If the Settings app isn't pinned to **Start**, select **All Apps**. -1. Select **Settings**, and then select **System** > **Calibration** > **Eye Calibration** > **Run eye calibration**. - - ![The Settings app, showing the Run eye calibration option](./images/C-Settings.Calibration.png) - -### Troubleshooting HoloLens 2 calibration - -Calibration should work for most people, but there are cases where calibration fails. - -Some potential reasons for calibration failure include: - -- Getting distracted and not following the calibration targets -- Dirty or scratched device visor or device visor not positioned properly -- Dirty or scratched glasses -- Certain types of contact lenses and glasses (colored contact lenses, some toric contact lenses, IR blocking glasses, some high prescription glasses, sunglasses, or similar) -- More-pronounced makeup and some eyelash extensions -- Hair or thick eyeglass frames if they are blocking the device from seeing your eyes -- Certain eye physiology, eye conditions or eye surgery such as narrow eyes, long eyelashes, amblyopia, nystagmus, some cases of LASIK or other eye surgeries - -If calibration is unsuccessful try: - -- Cleaning your device visor -- Cleaning your glasses -- Pushing your device visor as close to your eyes as possible -- Moving objects in your visor out of the way (such as hair) -- Turning on a light in your room or moving out of direct sunlight - -If you followed all guidelines and calibration is still failing, you can disable the calibration prompt in Settings. Please also let us know by filing feedback in [Feedback Hub](hololens-feedback.md). - -Note that setting IPD is not applicable for Hololens 2, since eye positions are computed by the system. - -### Calibration data and security - -Calibration information is stored locally on the device and is not associated with any account information. There is no record of who has used the device without calibration. This mean new users will get prompted to calibrate visuals when they use the device for the first time, as well as users who opted out of calibration previously or if calibration was unsuccessful. - -The device can locally store up to 50 calibration profiles. After this number is reached, the device automatically deletes the oldest unused profile. - -Calibration information can always be deleted from the device in **Settings** > **Privacy** > **Eye tracker**. - -### Disable calibration - -You can also disable the calibration prompt by following these steps: - -1. Select **Settings** > **System** > **Calibration**. -1. Turn off **When a new person uses this HoloLens, automatically ask to run eye calibration**. - -> [!IMPORTANT] -> This setting may adversely affect hologram rendering quality and comfort. When you turn off this setting, features that depend on eye tracking (such as text scrolling) no longer work in immersive applications. - -### HoloLens 2 eye-tracking technology - -The device uses its eye-tracking technology to improve display quality, and to ensure that all holograms are positioned accurately and comfortable to view in 3D. Because it uses the eyes as landmarks, the device can adjust itself for every user and tune its visuals as the headset shifts slightly throughout use. All adjustments happen on the fly without a need for manual tuning. -> [!NOTE] -> Setting the IPD is not applicable for Hololens 2, since eye positions are computed by the system. - -HoloLens applications use eye tracking to track where you are looking in real time. This is the main capability developers can leverage to enable a whole new level of context, human understanding and interactions within the Holographic experience. Developers don’t need to do anything to leverage this capability. - -## Calibrating your HoloLens (1st gen) - -HoloLens (1st gen) adjusts hologram display according to the your [interpupillary distance](https://en.wikipedia.org/wiki/Interpupillary_distance) (IPD). If the IPD is not accurate, holograms may appear unstable or at an incorrect distance. You can improve the quality of your visuals by calibrating the device to your interpupillary distance (IPD). - -When you set up your Hololens (1st gen) device, it prompts to calibrate your visuals after Cortana introduces herself. It's recommended that you complete the calibration step during this setup phase. However you can skip it by waiting until Cortana prompts you and then saying "Skip." - -During the calibration process, HoloLens asks you to align your finger with a series of six targets per eye. HoloLens uses this process to set the IPD correctly for your eyes. - -![IPD finger-alignment screen at second step](./images/ipd-finger-alignment-300px.jpg) - -### Manually start the calibration process - -If you need to update the calibration or if a new user needs to adjust it, you can manually run the Calibration app at any time. The Calibration app is installed by default. You can access it by using eihter the **Start** menu or the Settings app. - -To use the **Start** menu to run the Calibration app, follow these steps: - -1. Use the [bloom](hololens1-basic-usage.md) gesture to open the **Start** menu. -1. To view all apps, select **+**. -1. Select **Calibration**. - -![Accessing the calibration app from the shell](./images/calibration-shell.png) - -![The calibration app displayed as a Live Cube after being launched](./images/calibration-livecube-200px.png) - -To use the Settings app to run the Calibration app, follow these steps: - -1. Use the [bloom](hololens1-basic-usage.md) gesture to open the **Start** menu. -1. If **Settings** isn't pinned to **Start**, select **+** to view all apps. -1. Select **Settings**. -1. Select **System** > **Utilities** > **Open Calibration**. - -![Launching the calibration app from the settings app](./images/calibration-settings-500px.jpg) - -## Immersive headsets - -Some immersive headsets provide the ability to customize the IPD setting. To change the IPD for your headset, open the Settings app and select **Mixed reality** > **Headset display**, and then move the slider control. You’ll see the changes in real time in your headset. If you know your IPD, maybe from a visit to the optometrist, you can enter it directly as well. - -You can also adjust this setting on your PC by selecting **Settings** > **Mixed reality** > **Headset display**. - -If your headset does not support IPD customization, this setting will be disabled. diff --git a/devices/hololens/hololens-commercial-features.md b/devices/hololens/hololens-commercial-features.md deleted file mode 100644 index f53558ec75..0000000000 --- a/devices/hololens/hololens-commercial-features.md +++ /dev/null @@ -1,81 +0,0 @@ ---- -title: Commercial features -description: The Microsoft HoloLens Commercial Suite includes features that make it easier for businesses to manage HoloLens devices. HoloLens 2 devices are equipped with commercial features by default. -keywords: HoloLens, commercial, features, mdm, mobile device management, kiosk mode -author: scooley -ms.author: scooley -ms.date: 08/26/2019 -ms.custom: -- CI 111456 -- CSSTroubleshooting -ms.topic: article -audience: ITPro -ms.prod: hololens -ms.sitesec: library -ms.localizationpriority: high -ms.reviewer: -manager: jarrettr -appliesto: -- HoloLens (1st gen) -- HoloLens 2 ---- - -# Commercial features - -HoloLens includes features that make it easier for businesses to manage HoloLens devices. - -Every HoloLens 2 device has commercial features available. - -HoloLens (1st gen) came with two licensing options, the developer license and a commercial license. To unlock HoloLens's commercial capabilities, upgrade from the developer license to a commercial license. To purchase the Microsoft HoloLens Commercial Suite, contact your local Microsoft account manager. - ->[!VIDEO https://www.youtube.com/embed/tNd0e2CiAkE] - -## Key commercial features - -- **Kiosk mode.** You can use HoloLens in demo or showcase experiences by using kiosk mode, to limit which apps can run. - - ![Using kiosk mode, HoloLens launches directly into the app of your choice.](images/201608-kioskmode-400px.png) - -- **Mobile Device Management (MDM) for HoloLens.** Your IT department can manage multiple HoloLens devices simultaneously by using solutions such as Microsoft Intune. You can manage settings, select apps to install, and set security configurations that are tailored to your organization's needs. - - ![Mobile Device Management on HoloLens provides enterprise-grade device management across multiple devices.](images/201608-enterprisemanagement-400px.png) - -- **Windows Update for Business.** Windows Update for Business provides controlled operating system updates to devices and support for the long-term servicing channel. -- **Data security.** BitLocker data encryption is enabled on HoloLens to provide the same level of security protection as any other Windows device. -- **Work access.** Anyone in your organization can remotely connect to the corporate network through virtual private network (VPN) on a HoloLens. HoloLens can also access Wi-Fi networks that require credentials. -- **Microsoft Store for Business.** Your IT department can also set up an enterprise private store, containing only your company's apps for your specific HoloLens usage. Securely distribute your enterprise software to selected group of enterprise users. - -## Feature comparison between editions - -|Features |HoloLens Development Edition |HoloLens Commercial Suite |HoloLens 2 | -|---|:---:|:---:|:---:| -|Device Encryption (BitLocker) | |✔️ |✔️ | -|Virtual Private Network (VPN) | |✔️ |✔️ | -|[Kiosk mode](hololens-kiosk.md) | |✔️ |✔️ | -|**Management and deployment** | | | | -|Mobile Device Management (MDM) | |✔️ |✔️ | -|Ability to block unenrollment | |✔️ |✔️ | -|Cert-based corporate Wi-Fi access | |✔️ |✔️ | -|Microsoft Store (Consumer) |Consumer |Filter by using MDM |Filter by using MDM | -|[Business Store Portal](https://docs.microsoft.com/microsoft-store/working-with-line-of-business-apps) | |✔️ |✔️ | -|**Security and identity** | | | | -|Sign in by using Azure Active Directory (AAD) account |✔️ |✔️ |✔️ | -|Sign in by using Microsoft Account (MSA) |✔️ |✔️ |✔️ | -|Next Generation Credentials with PIN unlock |✔️ |✔️ |✔️ | -|[Secure boot](https://docs.microsoft.com/windows-hardware/design/device-experiences/oem-secure-boot) |✔️ |✔️ |✔️ | -|**Servicing and support** | | | | -|Automatic system updates as they arrive |✔️ |✔️ |✔️ | -|[Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb) | |✔️ |✔️ | -|Long-Term Servicing Channel (LTSC) | |✔️ |✔️ | - -## Enabling commercial features - -Your organization's IT admin can set up commercial features such as Microsoft Store for Business, kiosk mode, and enterprise Wi-Fi access. The [Microsoft HoloLens](index.md) documentation provides step-by-step instructions for enrolling devices and installing apps from Microsoft Store for Business. - -## See also - -- [Microsoft HoloLens](index.md) -- [Kiosk mode](hololens-kiosk.md) -- [CSPs supported in HoloLens devices](/windows/client-management/mdm/configuration-service-provider-reference#csps-supported-in-hololens-devices) -- [Microsoft Store For Business and line of business applications](https://blogs.technet.microsoft.com/sbucci/2016/04/13/windows-store-for-business-and-line-of-business-applications/) -- [Working with line-of-business apps](/microsoft-store/working-with-line-of-business-apps) diff --git a/devices/hololens/hololens-commercial-infrastructure.md b/devices/hololens/hololens-commercial-infrastructure.md deleted file mode 100644 index ddeb2b11b2..0000000000 --- a/devices/hololens/hololens-commercial-infrastructure.md +++ /dev/null @@ -1,190 +0,0 @@ ---- -title: Infrastructure Guidelines for HoloLens -description: -ms.prod: hololens -ms.sitesec: library -author: pawinfie -ms.author: pawinfie -audience: ITPro -ms.topic: article -ms.localizationpriority: high -ms.date: 1/23/2020 -ms.reviewer: -audience: ITPro -manager: bradke -appliesto: -- HoloLens (1st gen) -- HoloLens 2 ---- - -# Configure Your Network for HoloLens - -This portion of the document will require the following people: - -1. Network Admin with permissions to make changes to the proxy/firewall -2. Azure Active Directory Admin -3. Mobile Device Manager Admin - -## Infrastructure Requirements - -HoloLens is, at its core, a Windows mobile device integrated with Azure. It works best in commercial environments with wireless network availability (wi-fi) and access to Microsoft services. - -Critical cloud services include: - -- Azure active directory (AAD) -- Windows Update (WU) - -Commercial customers will need enterprise mobility management (EMM) or mobile device management (MDM) infrastructure to manage HoloLens devices at scale. This guide uses [Microsoft Intune](https://www.microsoft.com/enterprise-mobility-security/microsoft-intune) as an example, though any provider with full support for Microsoft Policy can support HoloLens. Ask your mobile device management provider if they support HoloLens 2. - -HoloLens does support a limited set of cloud disconnected experiences. - -### Wireless network EAP support - -- PEAP-MS-CHAPv2 -- PEAP-TLS -- TLS -- TTLS-CHAP -- TTLS-CHAPv2 -- TTLS-MS-CHAPv2 -- TTLS-PAP -- TTLS-TLS - -### HoloLens Specific Network Requirements - -Make sure that [this list](hololens-offline.md) of endpoints are allowed on your network firewall. This will enable HoloLens to function properly. - -### Remote Assist Specific Network Requirements - -1. The recommended bandwidth for optimal performance of Remote Assist is 1.5Mbps. Detailed network requirements and additional information can be found [here](https://docs.microsoft.com/MicrosoftTeams/prepare-network). -**(Please note, if you don't network have network speeds of at least 1.5Mbps, Remote Assist will still work. However, quality may suffer).** -1. Make sure that these ports and URLs are allowed on your network firewall. This will enable Microsoft Teams to function. The latest list can be found [here](https://docs.microsoft.com/office365/enterprise/urls-and-ip-address-ranges#skype-for-business-online-and-microsoft-teams). - -### Guides Specific Network Requirements - -Guides only require network access to download and use the app. - -## Azure Active Directory Guidance - -> [!NOTE] -> This step is only necessary if your company plans on managing the HoloLens. - -1. Ensure that you have an Azure AD License. -Please [HoloLens Licenses Requirements](hololens-licenses-requirements.md) for additional information. - -1. If you plan on using Auto Enrollment, you will have to [Configure Azure AD enrollment.](https://docs.microsoft.com/intune/deploy-use/.set-up-windows-device-management-with-microsoft-intune#azure-active-directory-enrollment) - -1. Ensure that your company's users are in Azure Active Directory (Azure AD). -Instructions for adding users can be found [here](https://docs.microsoft.com/azure/active-directory/fundamentals/add-users-azure-active-directory). - -1. We suggest that users who need similar licenses are added to the same group. - 1. [Create a Group](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal) - 1. [Add users to groups](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-groups-members-azure-portal) - -1. Ensure that your company's users (or group of users) are assigned the necessary licenses. -Directions for assigning licenses can be found [here](https://docs.microsoft.com/azure/active-directory/fundamentals/license-users-groups). - -1. Only do this step if users are expected to enroll their HoloLens/Mobile device into you (There are three options) -These steps ensure that your company's users (or a group of users) can add devices. - 1. **Option 1:** Give all users permission to join devices to Azure AD. -**Sign in to the Azure portal as an administrator** > **Azure Active Directory** > **Devices** > **Device Settings** > -**Set Users may join devices to Azure AD to *All*** - - 1. **Option 2:** Give selected users/groups permission to join devices to Azure AD -**Sign in to the Azure portal as an administrator** > **Azure Active Directory** > **Devices** > **Device Settings** > -**Set Users may join devices to Azure AD to *Selected*** -![Image that shows Configuration of Azure AD Joined Devices](images/azure-ad-image.png) - - 1. **Option 3:** You can block all users from joining their devices to the domain. This means that all devices will need to be manually enrolled. - -## Mobile Device Manager Guidance - -### Ongoing device management - -> [!NOTE] -> This step is only necessary if your company plans to manage the HoloLens. - -Ongoing device management will depend on your mobile device management infrastructure. Most have the same general functionality but the user interface may vary widely. - -1. [CSPs (Configuration Service Providers)](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#csps-supported-in-hololens-devices) allows you to create and deploy management settings for the devices on your network. A list of CSPs for HoloLens can be found [here](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#csps-supported-in-hololens-devices). - -1. [Compliance policies](https://docs.microsoft.com/intune/device-compliance-get-started) are rules and settings that devices must meet to be compliant in your corporate infrastructure. Use these policies with Conditional Access to block access to company resources for devices that are non-compliant. For example, you can create a policy that requires Bitlocker be enabled. - -1. [Create Compliance Policy](https://docs.microsoft.com/intune/protect/compliance-policy-create-windows). - -1. Conditional Access allows/denies mobile devices and mobile applications from accessing company resources. Two documents you may find helpful are [Plan your CA Deployment](https://docs.microsoft.com/azure/active-directory/conditional-access/plan-conditional-access) and [Best Practices](https://docs.microsoft.com/azure/active-directory/conditional-access/best-practices). - -1. [This article](https://docs.microsoft.com/intune/fundamentals/windows-holographic-for-business) talks about Intune's management tools for HoloLens. - -1. [Create a device profile](https://docs.microsoft.com/intune/configuration/device-profile-create) - -### Manage updates - -Intune includes a feature called Update rings for Windows 10 devices, including HoloLens 2 and HoloLens v1 (with Holographic for Business). Update rings include a group of settings that determine how and when updates are installed. - -For example, you can create a maintenance window to install updates, or choose to restart after updates are installed. You can also choose to pause updates indefinitely until you're ready to update. - -Read more about [configuring update rings with Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure). - -### Application management - -Manage HoloLens applications through: - -1. Microsoft Store - The Microsoft Store is the best way to distribute and consume applications on HoloLens. There is a great set of core HoloLens applications already available in the store or you can [publish your own](https://docs.microsoft.com/windows/uwp/publish/). - All applications in the store are available publicly to everyone, but if it isn't acceptable, checkout the Microsoft Store for Business. - -1. [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/) - Microsoft Store for Business and Education is a custom store for your corporate environment. It lets you use the Microsoft Store built into Windows 10 and HoloLens to find, acquire, distribute, and manage apps for your organization. It also lets you deploy apps that are specific to your commercial environment but not to the world. - -1. Application deployment and management via Intune or another mobile device management solution - Most mobile device management solutions, including Intune, provide a way to deploy line of business applications directly to a set of enrolled devices. See this article for [Intune app install](https://docs.microsoft.com/intune/apps-deploy). - -1. _not recommended_ Device Portal - Applications can also be installed on HoloLens directly using the Windows Device Portal. This isn't recommended since Developer Mode has to be enabled to use the device portal. - -Read more about [installing apps on HoloLens](https://docs.microsoft.com/hololens/hololens-install-apps). - -### Certificates - -You can distribute certificates through your MDM provider. If your company requires certificates, Intune supports PKCS, PFX, and SCEP. It is important to understand which certificate is right for your company. Please visit [here](https://docs.microsoft.com/intune/protect/certificates-configure) to determine which cert is best for you. If you plan to use certificates for HoloLens Authentication, PFX or SCEP may be right for you. - -Steps for SCEP can be found [here](https://docs.microsoft.com/intune/protect/certificates-profile-scep). - -### How to Upgrade to Holographics for Business Commercial Suite - -> [!NOTE] -> Windows Holographics for Business (commercial suite) is only intended for HoloLens 1st gen devices. The profile will not be applied to HoloLens 2 devices. - -Directions for upgrading to the commercial suite can be found [here](https://docs.microsoft.com/intune/configuration/holographic-upgrade). - -### How to Configure Kiosk Mode Using Microsoft Intune - -1. Sync Microsoft Store to Intune ([Here](https://docs.microsoft.com/intune/apps/windows-store-for-business)). - -1. Check your app settings - 1. Log into your Microsoft Store Business account - 1. **Manage > Products and Services > Apps and Software > Select the app you want to sync > Private Store Availability > Select "Everyone" or "Specific Groups"** - >[!NOTE] - >If you don't see the app you want, you will have to "get" the app by searching the store for your app. **Click the "Search" bar in the upper right-hand corner > type in the name of the app > click on the app > select "Get"**. - 1. If you do not see your apps in **Intune > Client Apps > Apps** , you may have to [sync your apps](https://docs.microsoft.com/intune/apps/windows-store-for-business#synchronize-apps) again. - -1. [Create a device profile for Kiosk mode](https://docs.microsoft.com/intune/configuration/kiosk-settings#create-the-profile) - -> [!NOTE] -> You can configure different users to have different Kiosk Mode experiences by using "Azure AD" as the "User logon type". However, this option is only available in Multi-App kiosk mode. Multi-App kiosk mode will work with only one app as well as multiple apps. - -![Image that shows Configuration of Kiosk Mode in Intune](images/aad-kioskmode.png) - -For other MDM services, check your provider's documentation for instructions. If you need to use a custom setting and full XML configuration to set up a kiosk in your MDM service, additional directions can be found [here](hololens-kiosk.md#use-microsoft-intune-or-other-mdm-to-set-up-a-single-app-or-multi-app-kiosk) - -## Certificates and Authentication - -Certificates can be deployed via you MDM (see "certificates" in the [MDM Section](hololens-commercial-infrastructure.md#mobile-device-manager-guidance)). Certificates can also be deployed to the HoloLens through package provisioning. Please see [HoloLens Provisioning](hololens-provisioning.md) for additional information. - -### Additional Intune Quick Links - -1. [Create Profiles:](https://docs.microsoft.com/intune/configuration/device-profile-create) Profiles allow you to add and configure settings that will be pushed to the devices in your organization. - -## Next (Optional) Step: [Configure HoloLens using a provisioning package](hololens-provisioning.md) - -## Next Step: [Enroll your device](hololens-enroll-mdm.md) diff --git a/devices/hololens/hololens-connect-devices.md b/devices/hololens/hololens-connect-devices.md deleted file mode 100644 index f75a5599df..0000000000 --- a/devices/hololens/hololens-connect-devices.md +++ /dev/null @@ -1,91 +0,0 @@ ---- -title: Connect to Bluetooth and USB-C devices -description: This guide walks through connecting to Bluetooth and USB-C devices and accessories. -ms.assetid: 01af0848-3b36-4c13-b797-f38ad3977e30 -ms.prod: hololens -ms.sitesec: library -author: Teresa-Motiv -ms.author: v-tea -ms.topic: article -ms.localizationpriority: high -ms.date: 03/11/2020 -manager: jarrettr -appliesto: -- HoloLens (1st gen) -- HoloLens 2 ---- - -# Connect to Bluetooth and USB-C devices - -## Pair Bluetooth devices - -HoloLens 2 supports the following classes of Bluetooth devices: - -- Mouse -- Keyboard -- Bluetooth audio output (A2DP) devices - -HoloLens (1st gen) supports the following classes of Bluetooth devices: - -- Mouse -- Keyboard -- HoloLens (1st gen) clicker - -> [!NOTE] -> Other types of Bluetooth devices, such as speakers, headsets, smartphones, and game pads, may be listed as available in HoloLens settings. However, these devices aren't supported on HoloLens (1st gen). For more information, see [HoloLens Settings lists devices as available, but the devices don't work](hololens-FAQ.md#hololens-settings-lists-devices-as-available-but-the-devices-dont-work). - -### Pair a Bluetooth keyboard or mouse - -1. Turn on your keyboard or mouse, and make it discoverable. To learn how to make the device discoverable, look for information on the device (or its documentation) or visit the manufacturer's website. - -1. Use the bloom gesture (HoloLens (1st gen)) or the start gesture (HoloLens 2) to go to **Start**, and then select **Settings**. -1. Select **Devices**, and make sure that Bluetooth is on. -1. When you see the device name, select **Pair**, and then follow the instructions. - -### HoloLens (1st gen): Pair the clicker - -1. Use the bloom gesture to go to **Start**, and then select **Settings**. - -1. Select **Devices**, and make sure that Bluetooth is on. - -1. Use the tip of a pen to press and hold the clicker pairing button until the clicker status light blinks white. Make sure to hold down the button until the light starts blinking. - - The pairing button is on the underside of the clicker, next to the finger loop. - - ![The pairing button is beside the finger loop](images/use-hololens-clicker-1.png) - -1. On the pairing screen, select **Clicker** > **Pair**. - -## HoloLens 2: Connect USB-C devices - -HoloLens 2 supports the following classes of USB-C devices: - -- Mass storage devices (such as thumb drives) -- Ethernet adapters (including ethernet plus charging) -- USB-C-to-3.5mm digital audio adapters -- USB-C digital audio headsets (including headset adapters plus charging) -- Wired mouse -- Wired keyboard -- Combination PD hubs (USB A plus PD charging) - -> [!NOTE] -> Some mobile devices with USB-C connections present themselves to the HoloLens as ethernet adaptors, and therefore could be used in a tethering configuration, starting with Windows Holographic, version 2004. USB LTE modems that require a separate driver, and/or application installed for configuration are not supported - -## Connect to Miracast - -To use Miracast, follow these steps: - -1. Do one of the following: - - - Open the **Start** menu, and select the display icon. - - Say "Connect" while you gaze at the **Start** menu. - -1. On the list of devices that appears, select an available device. -1. Complete the pairing to begin projecting. - -## Disable Bluetooth - -This procedure turns off the RF components of the Bluetooth radio and disables all Bluetooth functionality on Microsoft HoloLens. - -1. Use the bloom gesture (HoloLens (1st gen)) or the start gesture (HoloLens 2) to go to **Start**, and then select **Settings** > **Devices**. -1. Move the slider switch for **Bluetooth** to the **Off** position. diff --git a/devices/hololens/hololens-cortana.md b/devices/hololens/hololens-cortana.md deleted file mode 100644 index ec869cc67d..0000000000 --- a/devices/hololens/hololens-cortana.md +++ /dev/null @@ -1,140 +0,0 @@ ---- -title: Use your voice to operate HoloLens -description: Cortana can help you do all kinds of things on your HoloLens -ms.assetid: fd96fb0e-6759-4dbe-be1f-58bedad66fed -ms.date: 03/10/2020 -keywords: hololens -ms.prod: hololens -ms.sitesec: library -author: Teresa-Motiv -audience: ITPro -ms.author: v-tea -ms.topic: article -manager: jarrettr -ms.localizationpriority: high -appliesto: -- HoloLens (1st gen) -- HoloLens 2 ---- - -# Use your voice to operate HoloLens - -You can use your voice to do almost anything on HoloLens, such as taking a quick photo or opening an app. Many voice commands are built into HoloLens, while others are available through Cortana. - -This article teaches you how to control HoloLens and your holographic world with your voice and with Cortana. - -> [!NOTE] -> Speech is only supported in [some languages](hololens2-language-support.md). The speech language is based on the Windows display language, not the keyboard language. -> -> You can verify the Windows display language by selecting **Settings** > **Time and Language** > **Language**. - -## Built-in voice commands - -Get around HoloLens faster with these basic commands. In order to use these, you need to enable Speech during the first run of the device or in **Settings** > **Privacy** > **Speech**. You can always check whether speech is enabled by looking at the status at the top of the Start menu. For the best speech recognition results, HoloLens 2 uses the Microsoft cloud-based services. However, you can use Settings to disable this feature. To do this, in Settings, turn off **Online speech recognition**. After you change this setting, HoloLens 2 will only process voice data locally to recognize commands and dictation, and Cortana will not be available. - -### General speech commands - -Use these commands throughout Windows Mixed Reality to get around faster. Some commands use the gaze cursor, which you bring up by saying "select." - -> [!NOTE] -> Hand rays are not supported on HoloLens (1st Gen). - -| Say this | To do this | -| - | - | -| "Select" | Say "select" to bring up the gaze cursor. Then, turn your head to position the cursor on the thing you want to select, and say "select" again. | -|Open the Start menu | "Go to Start" | -|Close the Start menu | "Close" | -|Leave an immersive app | Say "Go to Start" to bring up the quick actions menu, then say "Mixed reality home." | -|Hide and show hand ray | "Hide hand ray" / "Show hand ray" | -|See available speech commands | "What can I say?" | - -Starting with version 19041.x of HoloLens 2, you can also use these commands: - -| Say this | To do this | -| - | - | -| "Restart device" | Bring up a dialogue to confirm you want to restart the device. You can say "yes" to restart. | -| "Shutdown device" | Bring up a dialogue to confirm you want to turn off the device. You can say "yes" to confirm. | -| "Brightness up/down" | Increase or decrease the display brightness by 10%. | -| "Volume up/down" | Increase or decrease the volume by 10%. | -| "What's my IP address" | Bring up a dialogue displaying your device's current IP address on the local network. | -| "Take a picture" | Capture a mixed reality photo of what you are currently seeing. | -| "Take a video" | Start recording a mixed reality video. | -| "Stop recording" | Stops the current mixed reality video recording if one is in progress. | - -### Hologram commands - -To use these commands, gaze at a 3D object, hologram, or app window. - -| Say this | To do this | -| - | - | -| "Bigger" | Make it bigger | -| "Smaller" | Make it smaller | -| "Face me" | Turn it to face you | -| "Move this" | Move it (follow your gaze) | -| "Close" | Close it | -| "Follow me" / "Stop following" | Make it follow you as you move around | - -### See it, say it - -Many buttons and other elements on HoloLens also respond to your voice—for example, **Follow me** and **Close** on the app bar, or the **Back** button in Edge. To find out if a button is voice-enabled, rest your **gaze cursor**,**touch cursor** or one **hand ray** on it for a moment. If the button is voice-enabled, you'll see a voice tip. - -### Dictation mode - -Tired of typing? Switch to dictation mode any time that the holographic keyboard is active. To get started, select the microphone button or say "Start dictating." To stop dictating, select the button again or say "Stop dictating." To delete what you just dictated, say "Delete that." - -> [!NOTE] -> To use dictation mode, you have to have an internet connection. - -HoloLens dictation uses explicit punctuation, meaning that you say the name of the punctuation you want to use. For instance, you might say "Hey **comma** what are you up to **question mark**." - -Here are the punctuation keywords that you can use: - -- Period, comma, question mark, exclamation point/exclamation mark -- New line/new paragraph -- Semicolon, colon -- Open quote(s), close quote(s) -- Hashtag, smiley/smiley face, frowny, winky -- Dollar, percent - -Sometimes it's helpful to spell out things like email addresses. For instance, to dictate example@outlook.com, you'd say "E X A M P L E at outlook dot com." - -## Do more with Cortana - -Cortana can help you do all kinds of things on your HoloLens, but depending on which version of Windows Holographic you're using, the capablities may be different. You can learn more about the updated capabilites of the latest version of Cortana [here](https://blogs.windows.com/windowsexperience/2020/02/28/cortana-in-the-upcoming-windows-10-release-focused-on-your-productivity-with-enhanced-security-and-privacy/). - -![Hey Cortana!](images/cortana-on-hololens.png) - -Here are some things you can try saying (remember to say "Hey Cortana" first). - -**Hey, Cortana**... - -- What can I say? -- Launch <*app name*>. -- What time is it? -- Show me the latest NBA scores. -- Tell me a joke. - -If you're using *version 18362.x or earlier*, you can also use these commands: - -**Hey, Cortana**... - -- Increase the volume. -- Decrease the brightness. -- Shut down. -- Restart. -- Go to sleep. -- Mute. -- Move <*app name*> here (gaze at the spot that you want the app to move to). -- Go to Start. -- Take a picture. -- Start recording. (Starts recording a video.) -- Stop recording. (Stops recording a video.) -- How much battery do I have left? - -Some Cortana features that you're used to from Windows on your PC or phone (for example, reminders and notifications) aren't supported in Microsoft HoloLens, and the Cortana experience may vary from one region to another. - -### Turn Cortana off - -Cortana is on the first time you use HoloLens when you enable speech. You can turn her off in Cortana's settings. In the **All apps** list, select **Cortana** > **Settings**. Then turn off Cortana can give you suggestions, ideas, reminders, alerts, and more. - -If Cortana isn't responding to "Hey Cortana," check that speech is enabled on Start and go to Cortana's settings and check to make sure she's on. diff --git a/devices/hololens/hololens-diagnostic-logs.md b/devices/hololens/hololens-diagnostic-logs.md deleted file mode 100644 index 0423539b62..0000000000 --- a/devices/hololens/hololens-diagnostic-logs.md +++ /dev/null @@ -1,114 +0,0 @@ ---- -title: Collect and use diagnostic information from HoloLens devices -description: -author: Teresa-Motiv -ms.author: v-tea -ms.date: 03/23/2020 -ms.prod: hololens -ms.mktglfcycl: manage -ms.sitesec: library -ms.topic: article -ms.custom: -- CI 115131 -- CSSTroubleshooting -audience: ITPro -ms.localizationpriority: medium -keywords: -manager: jarrettr -appliesto: -- HoloLens (1st gen) -- HoloLens 2 ---- - -# Collect and use diagnostic information from HoloLens devices - -HoloLens users and administrators can choose from among four different methods to collect diagnostic information from HoloLens: - -- Feedback Hub app -- DiagnosticLog CSP -- Settings app - -> [!IMPORTANT] -> Device diagnostic logs contain personally identifiable information (PII), such as about what processes or applications the user starts during typical operations. When multiple users share a HoloLens device (for example, users sign in to the same device by using different Microsoft Azure Active Directory (AAD) accounts) the diagnostic logs may contain PII information that applies to multiple users. For more information, see [Microsoft Privacy statement](https://privacy.microsoft.com/privacystatement). - -The following table compares the three collection methods. The method names link to more detailed information in the sections that follow the table. - -|Method |Prerequisites |Data locations |Data access and use |Data retention | -| --- | --- | --- | --- | --- | -|[Feedback Hub](#feedback-hub) |Network and internet connection

Feedback Hub app

Permission to upload files to the Microsoft cloud |Microsoft cloud

HoloLens device (optional) |User requests assistance, agrees to the terms of use, and uploads the data

Microsoft employees view the data, as consistent with the terms of use |Data in the cloud is retained for the period that is defined by Next Generation Privacy (NGP). Then the data is deleted automatically.

Data on the device can be deleted at any time by a user who has **Device owner** or **Admin** permissions. | -|[Settings Troubleshooter](#settings-troubleshooter) |Settings app |HoloLens device

Connected computer (optional) |The user stores the data, and only the user accesses the data (unless the user specifically shares the data with another user). |The data is retained until the user deletes it.* | -|[DiagnosticLog CSP](#diagnosticlog-csp) |Network connection

MDM environment that supports the DiagnosticLog CSP |Administrator configures storage locations |In the managed environment, the user implicitly consents to administrator access to the data.

Administrator configures access roles and permissions. | Administrator configures retention policy. | - - -- End-user is responsible for sharing the logs responsibly with someone else. These files are primarily useful when contacting customer service and support. - -## Feedback Hub - -A HoloLens user can use the Microsoft Feedback Hub desktop app to send diagnostic information to Microsoft Support. For details and complete instructions, see [Give us feedback](hololens-feedback.md). - -> [!NOTE] -> **Commercial or enterprise users:** If you use the Feedback Hub app to report a problem that relates to MDM, provisioning, or any other device management aspect, change the app category to **Enterprise Management** > **Device category**. - -### Prerequisites - -- The device is connected to a network. -- The Feedback Hub app is available on the user's desktop computer, and the user can upload files to the Microsoft cloud. - -### Data locations, access, and retention - -By agreeing to the terms-of-use of the Feedback Hub, the user explicitly consents to the storage and usage of the data (as defined by that agreement). - -The Feedback Hub provides two places for the user to store diagnostic information: - -- **The Microsoft cloud**. Data that the user uploads by using the Feedback Hub app is stored for the number of days that is consistent with Next Generation Privacy (NGP) requirements. Microsoft employees can use an NGP-compliant viewer to access the information during this period. - > [!NOTE] - > These requirements apply to data in all Feedback Hub categories. - -- **The HoloLens device**. While filing a report in Feedback Hub, the user can select **Save a local copy of diagnostics and attachments created when giving feedback**. If the user selects this option, the Feedback Hub stores a copy of the diagnostic information on the HoloLens device. This information remains accessible to the user (or anyone that uses that account to sign in to HoloLens). To delete this information, a user must have **Device owner** or **Admin** permissions on the device. A user who has the appropriate permissions can sign in to the Feedback Hub, select **Settings** > **View diagnostics logs**, and delete the information. - -## Settings Troubleshooter - -A HoloLens user can use the Settings app on the device to troubleshoot problems and collect diagnostic information. To do this, follow these steps: - -1. Open the Settings app and select **Update & Security** > **Troubleshoot** page. -1. Select the appropriate area, and select **Start**. -1. Reproduce the issue. -1. After you reproduce the issue, return to Settings and then select **Stop**. - -### Prerequisites - -- The Settings app is installed on the device and is available to the user. - -### Data locations, access, and retention - -Because the user starts the data collection, the user implicitly consents to the storage of the diagnostic information. Only the user, or anyone with whom that the user shares the data, can access the data. - -The diagnostic information is stored on the device. If the device is connected to the user's computer, the information also resides on the computer in the following file: - -> This PC\\\<*HoloLens device name*>\\Internal Storage\\Documents\\Trace\<*ddmmyyhhmmss*>.etl - -> [!NOTE] -> In this file path and name, \<*HoloLens device name*> represents the name of the HoloLens device, and \<*ddmmyyhhmmss*> represents the date and time that the file was created. - -The diagnostic information remains in these locations until the user deletes it. - -## DiagnosticLog CSP - -In a Mobile Device Management (MDM) environment, the IT administrator can use the the [DiagnosticLog configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/diagnosticlog-csp) to configure diagnostic settings on enrolled HoloLens devices. The IT administrator can configure these settings to collect logs from enrolled devices. - -### Prerequisites - -- The device is connected to a network. -- The device is enrolled in an MDM environment that supports the DiagnosticLog CSP. - -### Data locations, access, and retention - -Because the device is part of the managed environment, the user implicitly consents to administrative access to diagnostic information. - -The IT administrator uses the DiagnosticLog CSP to configure the data storage, retention, and access policies, including the policies that govern the following: - -- The cloud infrastructure that stores the diagnostic information. -- The retention period for the diagnostic information. -- Permissions that control access to the diagnostic information. - - diff --git a/devices/hololens/hololens-encryption.md b/devices/hololens/hololens-encryption.md deleted file mode 100644 index 6b2cfb74bc..0000000000 --- a/devices/hololens/hololens-encryption.md +++ /dev/null @@ -1,99 +0,0 @@ ---- -title: Enable Bitlocker encryption for HoloLens (HoloLens) -description: Enable Bitlocker device encryption to protect files stored on the HoloLens -ms.prod: hololens -ms.mktglfcycl: manage -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.localizationpriority: medium -ms.date: 01/26/2019 -ms.reviewer: -manager: laurawi -appliesto: -- HoloLens (1st gen) ---- - -# Enable encryption for HoloLens - -HoloLens (1st gen) and HoloLens 2 both support device encryption using BitLocker, however, BitLocker is always enabled on HoloLens 2. - -This article will help you enable and manage BitLocker on HoloLens (1st gen). - -On HoloLens (1st gen) you can enable BitLocker device encryption manually or using mobile device management (MDM). Follow these instructions to enable [BitLocker device encryption](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) to protect files and information stored on the HoloLens. Device encryption helps protect your data using the AES-CBC 128 encryption method, which is equivalent to [EncryptionMethodByDriveType method 3](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp#encryptionmethodbydrivetype) in the BitLocker configuration service provider (CSP). Personnel who have the correct encryption key (such as a password) can decrypt it or perform a data recovery. - -## Enable device encryption using MDM - -You can use your Mobile Device Management (MDM) provider to apply a policy that requires device encryption. The policy to use is the [Security/RequireDeviceEncryption setting](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-security#security-requiredeviceencryption) in the Policy CSP. - -[See instructions for enabling device encryption using Microsoft Intune.](https://docs.microsoft.com/intune/compliance-policy-create-windows#windows-holographic-for-business) - -For other MDM tools, see your MDM provider's documentation for instructions. If your MDM provider requires custom URI for device encryption, use the following configuration: - -- **Name**: a name of your choice -- **Description**: optional -- **OMA-URI**: `./Vendor/MSFT/Policy/Config/Security/RequireDeviceEncryption` -- **Data type**: integer -- **Value**: `1` - -## Enable device encryption using a provisioning package - -Provisioning packages are files created by the Windows Configuration Designer tool that apply a specified configuration to a device. - -### Create a provisioning package that upgrades the Windows Holographic edition and enables encryption - -1. [Create a provisioning package for HoloLens.](hololens-provisioning.md) -1. Go to **Runtime settings** > **Policies** > **Security**, and select **RequireDeviceEncryption**. - - ![Require device encryption setting configured to yes](images/device-encryption.png) - -1. Find the XML license file that was provided when you purchased the Commercial Suite. - -1. Browse to and select the XML license file that was provided when you purchased the Commercial Suite. - > [!NOTE] - > You can configure [additional settings in the provisioning package](hololens-provisioning.md). - -1. On the **File** menu, click **Save**. - -1. Read the warning explaining that project files may contain sensitive information and click **OK**. - - > [!IMPORTANT] - > When you build a provisioning package, you may include sensitive information in the project files and provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when no longer needed. - -1. On the **Export** menu, click **Provisioning package**. -1. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next**. -1. Set a value for **Package Version**. - - > [!TIP] - > You can make changes to existing packages and change the version number to update previously applied packages. - -1. On the **Select security details for the provisioning package**, click **Next**. -1. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location. - - Optionally, you can click Browse to change the default output location. - -1. Click **Next**. -1. Click **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status. -1. When the build completes, click **Finish**. - -### Apply the provisioning package to HoloLens - -1. Connect the device via USB to a PC and start the device, but do not continue past the **fit** page of the initial setup experience (the first page with the blue box). -1. Briefly press and release the **Volume Down** and **Power** buttons simultaneously. -1. HoloLens will show up as a device in File Explorer on the PC. -1. In File Explorer, drag and drop the provisioning package (.ppkg) onto the device storage. -1. Briefly press and release the **Volume Down** and **Power** buttons simultaneously again while on the **fit** page. -1. The device will ask you if you trust the package and would like to apply it. Confirm that you trust the package. -1. You will see whether the package was applied successfully or not. If it failed, you can fix your package and try again. If it succeeded, proceed with device setup. - -> [!NOTE] -> If the device was purchased before August 2016, you will need to sign into the device with a Microsoft account, get the latest OS update, and then reset the OS in order to apply the provisioning package. - -## Verify device encryption - -Encryption is silent on HoloLens. To verify the device encryption status: - -- On HoloLens, go to **Settings** > **System** > **About**. **BitLocker** is **enabled** if the device is encrypted. - - ![About screen showing BitLocker enabled](images/about-encryption.png) diff --git a/devices/hololens/hololens-enroll-mdm.md b/devices/hololens/hololens-enroll-mdm.md deleted file mode 100644 index 9eb5eea890..0000000000 --- a/devices/hololens/hololens-enroll-mdm.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: Enroll HoloLens in MDM -description: Enroll HoloLens in mobile device management (MDM) for easier management of multiple devices. -ms.prod: hololens -ms.sitesec: library -ms.assetid: 2a9b3fca-8370-44ec-8b57-fb98b8d317b0 -author: scooley -ms.author: scooley -ms.topic: article -ms.localizationpriority: medium -ms.date: 07/15/2019 -ms.reviewer: -manager: laurawi -appliesto: -- HoloLens (1st gen) -- HoloLens 2 ---- - -# Enroll HoloLens in MDM - -You can manage multiple Microsoft HoloLens devices simultaneously using solutions like [Microsoft Intune](https://docs.microsoft.com/intune/windows-holographic-for-business). You will be able to manage settings, select apps to install and set security configurations tailored to your organization's need. See [Manage devices running Windows Holographic with Microsoft Intune](https://docs.microsoft.com/intune/windows-holographic-for-business), the [configuration service providers (CSPs) that are supported in Windows Holographic](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/configuration-service-provider-reference#hololens), and the [policies supported by Windows Holographic for Business](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#hololenspolicies). - -> [!NOTE] -> Mobile device management (MDM), including the VPN, Bitlocker, and kiosk mode features, is only available when you [upgrade to Windows Holographic for Business](hololens1-upgrade-enterprise.md). - -## Requirements - - Your organization will need to have Mobile Device Management (MDM) set up in order to manage HoloLens devices. Your MDM provider can be Microsoft Intune or a 3rd party provider that uses Microsoft MDM APIs. - -## Auto-enrollment in MDM - -If your organization uses Azure Active Directory (Azure AD) and an MDM solution that accepts an AAD token for authentication (currently, only supported in Microsoft Intune and AirWatch), your IT admin can configure Azure AD to automatically allow MDM enrollment after the user signs in with their Azure AD account. [Learn how to configure Azure AD enrollment.](https://docs.microsoft.com/mem/intune/enrollment/windows-enroll#enable-windows-10-automatic-enrollment) - -When auto-enrollment is enabled, no additional manual enrollment is needed. When the user signs in with an Azure AD account, the device is enrolled in MDM after completing the first-run experience. - -## Enroll through Settings app - - When the device is not enrolled in MDM during the first-run experience, the user can manually enroll the device with the organization's MDM server using the Settings app. - -1. Go to **Settings** > **Accounts** > **Work access**. -1. Select **Enroll into device management** and enter your organizational account. You will be redirected to your organization's sign in page. -1. Upon successful authentication to the MDM server, a success message is shown. - -Your device is now enrolled with your MDM server. The Settings app will now reflect that the device is enrolled in device management. - -## Unenroll HoloLens from Intune - -You cannot [unenroll](https://docs.microsoft.com/intune-user-help/unenroll-your-device-from-intune-windows) HoloLens from Intune remotely. If the administrator unenrolls the device using MDM, the device will age out of the Intune dashboard. diff --git a/devices/hololens/hololens-environment-considerations.md b/devices/hololens/hololens-environment-considerations.md deleted file mode 100644 index bdd500b298..0000000000 --- a/devices/hololens/hololens-environment-considerations.md +++ /dev/null @@ -1,121 +0,0 @@ ---- -title: Environment considerations for HoloLens -description: Get the best possible experience using HoloLens when you optimize the device for your eyes and environment. Many different environmental factors are fused together to enable tracking, but as a Mixed Reality developer, there are several factors you can keep in mind to tune a space for better holograms. -keywords: holographic frame, field of view, fov, calibration, spaces, environment, how-to -author: dorreneb -ms.author: dobrown -manager: jarrettr -ms.date: 8/29/2019 -ms.prod: hololens -ms.topic: article -audience: ITPro -ms.localizationpriority: high -appliesto: -- HoloLens (1st gen) -- HoloLens 2 ---- - -# Environment considerations for HoloLens - -HoloLens blends the holographic with the "real" world, placing holograms in your surroundings. A holographic app window "hangs" on the wall, a holographic ballerina spins on the tabletop, bunny ears sit on top of your unwitting friend’s head. When you’re using an immersive game or app, the holographic world will spread to fill your surroundings but you’ll still be able to see and move around the space. - -The holograms you place will stay where you’ve put them, even if you turn off your device. - -## Setting up an environment - -HoloLens devices know how to place stable and accurate holograms by *tracking* users in a space. Without proper tracking, the device does not understand the environment or the user within it so holograms can appear in the wrong places, not appear in the same spot every time, or not appear at all. The data used to track users is represented in the *spatial map*. - -Tracking performance is heavily influenced by the environment the user is in, and tuning an environment to induce stable and consistent tracking is an art rather than a science. Many different environmental factors are fused together to enable tracking, but as a Mixed Reality developer, there are several factors you can keep in mind to tune a space for better tracking. - -### Lighting - -Windows Mixed Reality uses visual light to track the user's location. When an environment is too bright, the cameras can get saturated, and nothing is seen. If the environment is too dark, the cameras cannot pick up enough information, and nothing is seen. Lighting should be even and sufficiently bright that a human can see without effort, but not so bright that the light is painful to look at. - -Areas where there are points of bright light in an overall dim area are also problematic, as the camera has to adjust when moving in and out of bright spaces. This can cause the device to "get lost" and think that the change in light equates to a change in location. Stable light levels in an area will lead to better tracking. - -Any outdoor lighting can also cause instability in the tracker, as the sun may vary considerably over time. For example, tracking in the same space in the summer vs. winter can produce drastically different results, as the secondhand light outside may be higher at different times of year. - -If you have a luxmeter, a steady 500-1000 lux is a good place to start. - -#### Types of lighting - -Different types of light in a space can also influence tracking. Light bulbs pulse with the AC electricity running through it - if the AC frequency is 50Hz, then the light pulses at 50Hz. For a human, this pulsing is not noticed. However, HoloLens' 30fps camera sees these changes - some frames will be well-lit, some will be poorly lit, and some will be over-exposed as the camera tries to compensate for light pulses. - -In the USA, electricity frequency standard is 60Hz, so light bulb pulses are harmonized with HoloLens' framerate - 60Hz pulses align with HoloLens' 30 FPS framerate. However, many countries have an AC frequency standard of 50Hz, which means some HoloLens frames will be taken during pulses, and others will not. In particular, fluorescent lighting in Europe has been known to cause issues. - -There are a few things you can try to resolve flickering issues. Temperature, bulb age, and warm-up cycles are common causes of fluorescent flickering and replacing bulbs may help. Tightening bulbs and making sure current draws are constant can also help. - -### Items in a space - -HoloLens uses unique environmental landmarks, also known as *features*, to locate itself in a space. - -A device can almost never track in a feature-poor area, as the device has no way of knowing where in space it is. Adding features to the walls of a space is usually a good way to improve tracking. Posters, symbols taped to a wall, plants, unique objects, or other similar items all help. A messy desk is a good example of an environment that leads to good tracking - there are a lot of different features in a single area. - -Additionally, use unique features in the same space. The same poster repeated multiple times over a wall, for example, will cause device confusion as the HoloLens won't know which of the repetitive posters it is looking at. One common way of adding unique features is to use lines of masking tape to create unique, non-repetitive patterns along the walls and floor of a space. - -A good question to ask yourself is: if you saw just a small amount of the scene, could you uniquely locate yourself in the space? If not, it's likely the device will have problems tracking as well. - -#### Wormholes - -If you have two areas or regions that look the same, the tracker may think they are the same. This results in the device tricking itself into thinking it is somewhere else. We call these types of repetitive areas *wormholes*. - -To prevent wormholes, try to prevent identical areas in the same space. Identical areas can sometimes include factory stations, windows on a building, server racks, or work stations. Labelling areas or adding unique features to each similar-looking areas can help mitigate wormholes. - -### Movement in a space - -If your environment is constantly shifting and changing, the device has no stable features to locate against. - -The more moving objects that are in a space, including people, the easier it is to lose tracking. Moving conveyor belts, items in different states of construction, and lots of people in a space have all been known to cause tracking issues. - -The HoloLens can quickly adapt to these changes, but only when that area is clearly visible to the device. Areas that are not seen as frequently may lag behind reality, which can cause errors in the spatial map. For example, a user scans a friend and then turns around while the friend leaves the room. A 'ghost' representation of the friend will persist in the spatial mapping data until the user re-scans the now empty space. - -### Proximity of the user to items in the space - -Similarly to how humans cannot focus well on objects close to the eyes, HoloLens struggles when objects are close to it's cameras. If an object is too close to be seen with both cameras, or if an object is blocking one camera, the device will have far more issues with tracking against the object. - -The cameras can see no closer than 15cm from an object. - -### Surfaces in a space - -Strongly reflective surfaces will likely look different depending on the angle, which affects tracking. Think of a brand new car - when you move around it, light reflects and you see different objects in the surface as you move. To the tracker, the different objects reflected in the surface represent a changing environment, and the device loses tracking. - -Less shiny objects are easier to track against. - -### Wi-Fi fingerprint considerations - -As long as Wi-Fi is enabled, map data will be correlated with a Wi-Fi fingerprint, even when not connected to an actual WiFi network/router. Without Wi-Fi info, the space and holograms may be slightly slower to recognize. If the Wi-Fi signals change significantly, the device may think it is in a different space altogether. - -Network identification (such as SSID or MAC address) is not sent to Microsoft, and all Wi-Fi references are kept local on the HoloLens. - -## Mapping new spaces - -When you enter a new space (or load an existing one), you’ll see a mesh graphic spreading over the space. This means your device is mapping your surroundings. While a HoloLens will learn a space over time, there are tips and tricks to map spaces. - -## Environment management - -There are two settings which enable users to “clean up” holograms and cause HoloLens to “forget" a space. They exist in **Holograms and environments** in the settings app, with the second setting also appearing under **Privacy** in the settings app. - -1. **Delete nearby holograms**. When you select this setting, HoloLens will erase all anchored holograms and all stored map data for the “current space” where the device is located. A new map section would be created and stored in the database for that location once holograms are again placed in that same space. - -1. **Delete all holograms**.By selecting this setting, HoloLens will erase ALL map data and anchored holograms in the entire databases of spaces. No holograms will be rediscovered and any holograms need to be newly placed to again store map sections in the database. - -## Hologram quality - -Holograms can be placed throughout your environment—high, low, and all around you—but you’ll see them through a [holographic frame](https://docs.microsoft.com/windows/mixed-reality/holographic-frame) that sits in front of your eyes. To get the best view, make sure to adjust your device so you can see the entire frame. And don’t hesitate to walk around your environment and explore! - -For your [holograms](https://docs.microsoft.com/windows/mixed-reality/hologram) to look crisp, clear, and stable, your HoloLens needs to be calibrated just for you. When you first set up your HoloLens, you’ll be guided through this process. Later on, if holograms don’t look right or you’re seeing a lot of errors, you can make adjustments. - -If you are having trouble mapping spaces, try deleting nearby holograms and remapping the space. - -### Calibration - -If your holograms look jittery or shaky, or if you’re having trouble placing holograms, the first thing to try is the [Calibration app](hololens-calibration.md). This app can also help if you’re experiencing any discomfort while using your HoloLens. - -To get to the Calibration app, go to **Settings** > **System** > **Utilities**. Select **Open Calibration** and follow the instructions. - -If someone else is going to be using your HoloLens, they should run the Calibration app first so the device is set up properly for them. - -## See also - -- [Spatial mapping design](https://docs.microsoft.com/windows/mixed-reality/spatial-mapping) -- [Holograms](https://docs.microsoft.com/windows/mixed-reality/hologram) diff --git a/devices/hololens/hololens-faq-security.md b/devices/hololens/hololens-faq-security.md deleted file mode 100644 index 770410499f..0000000000 --- a/devices/hololens/hololens-faq-security.md +++ /dev/null @@ -1,125 +0,0 @@ ---- -title: Frequently Asked Security Questions -description: security questions frequently asked about the hololens -ms.assetid: bd55ecd1-697a-4b09-8274-48d1499fcb0b -author: pawinfie -ms.author: pawinfie -ms.date: 02/19/2020 -keywords: hololens, Windows Mixed Reality, security -ms.prod: hololens -ms.sitesec: library -ms.topic: article -audience: ITPro -ms.localizationpriority: high -ms.custom: -- CI 111456 -- CSSTroubleshooting -manager: bradke -appliesto: -- HoloLens 1 (1st gen) -- HoloLens 2 ---- - -# Frequently asked questions about HoloLens security - -## HoloLens (1st gen) Security Questions - -1. **What type of wireless is used?** - 1. 802.11ac and Bluetooth 4.1 LE -1. **What type of architecture is incorporated? For example: point to point, mesh or something else?** - 1. Wi-Fi can be used in infrastructure mode to communicate with other wireless access points. - 1. Bluetooth can be used to talk peer to peer between multiple HoloLens if the customers application supports it or to other Bluetooth devices. -1. **What is FCC ID?** - 1. C3K1688 -1. **What frequency range and channels does the device operate on and is it configurable?** - 1. Wi-Fi: The frequency range is not user configurable and depends on the country of use. In the US Wi-Fi uses both 2.4 GHz (1-11) channels and 5 GHz (36-64, 100-165) channels. - 1. Bluetooth: Bluetooth uses the standard 2.4-2.48 GHz range. -1. **Can the device allow or block specific frequencies?** - 1. This is not controllable by the user/device -1. **What is the power level for both transmit and receive? Is it adjustable? What is the range of operation?** - 1. Our emissions testing standards can be found [here](https://fccid.io/C3K1688). Range of operation is highly dependent on the access point and environment - but is roughly equivalent to other high-quality phones, tablets, or PCs. -1. **What is the duty cycle/lifetime for normal operation?** - 1. 2-3hrs of active use and up to 2 weeks of standby time - 1. Battery lifetime is unavailable. -1. **What is transmit and receive behavior when a tool is not in range?** - 1. HoloLens transmit/receive follows the standard Wi-Fi/Bluetooth pattern. At the edge of its range, you'll probably notice input getting choppy until it fully disconnects, but after you get back in range it should quickly reconnect. -1. **What is deployment density per square foot?** - 1. This is dependent on your network infrastructure. -1. **Can device use the infrastructure as a client?** - 1. Yes -1. **What protocol is used?** - 1. HoloLens does not use any proprietary protocols -1. **OS update frequency – What is the frequency of OS updates for the HL? Is there a set schedule? Does Microsoft release security patches as needed, etc.** - 1. Microsoft does provide OS updates to HoloLens exactly the same way it is done for Windows 10. There are normally two major updates per year, one in spring, one in fall. As HoloLens is a Windows device, the update concept is the same as with any other Windows device. Microsoft releases Security patches as needed and follows the same concept as done on any other Windows device. -1. **OS hardening – What options are there to harden the OS? Can we remove or shutdown unnecessary apps or services?** - 1. HoloLens behaves like a smartphone. It is comparable to other modern Windows devices. HoloLens can be managed by either Microsoft Intune or other Modern Device Management Solutions, like MobileIron, Airwatch, or Soti. There are Policies you can set in these Management Systems to put Security policies on the device and in order to harden the device. There is also the option in deleting any unnecessary applications if wanted. -1. **How will software applications be managed and updated? What control do we have to define what apps are loaded and app update process for apps that are living in the Microsoft store?** - 1. HoloLens gets software applications only through the Windows store. Only Appx Application Packages can be installed, which are developed for the Use of HoloLens. You can see this in the Microsoft Store with a little logo next to the application which shows the HoloLens device. Any control that you have over the management of Store applications also applies to HoloLens. You can use the concept of the official store or the store for business. Apps can either be side-loaded (manual process to load an app on a Windows device) or can be managed through an MDM so that apps are automatically pulled from the store when needed. -1. **What is the frequency of updates to apps in the store for HoloLens?** - 1. As we follow the same concept of the Microsoft Store and pull apps from there, the update cycle is determined by the developer of the Application. All management options that you have to control the update mechanism in the store apply to HoloLens as well. -1. **Is there a secure boot capability for the HoloLens?** - 1. Yes -1. **Is there an ability to disable or disconnect peripheral support from the device?** - 1. Yes -1. **Is there an ability to control or disable the use of ports on the device?** - 1. The HoloLens only contains 2 ports (one for headphones and one for charging or connecting to PCs). There is not ability to disable the port due to functionality and recovery reasons. -1. **Antivirus, end point detection, IPS, app control allow list – Any ability to run antivirus, end point detection, IPS, app control allow list, etc.** - 1. Windows Holographic for Business (commercial suite) does support Windows Defender Smart Screen. If an antivirus company were to create and publish their app to the Universal Windows Platform, it could be downloaded on HoloLens. At present, no companies have done this for HoloLens. - 1. Allowing apps is possible by using the Microsoft Enterprise Store, where you can choose only what specific apps can be downloaded. Also, through MDM you can lock what specific apps can be run or even seen on the device. -1. **Can we quarantine the device from prod network until we update the device if it has been offline for an extended period of time? Ex. Device has been sitting in a drawer not powered up for a period (6 months) and has not received any updates, patches, etc. When it tries to come on the network can we flag it and say you must update on another network prior to being complaint to join the network.** - 1. This is something that can be managed on the infrastructure level by either an MDM or an on-prem server. The device can be flagged as not compliant if it does not meet a specified Update version. -1. **Does Microsoft include any back doors or access to services that allows Microsoft to connect to the device for screen sharing or remote support at will?** - 1. No -1. **When a PKI cert is being generated for trusted communication, we want the cert to be generated on the device so that we know it's only on that device, unique to that device, and can't be exported or used to impersonate the device. Is this true on HoloLens? If not is there a potential mitigation?** - 1. CSR for SCEP is generated on the device itself. Intune and the on premise SCEP connector help secure the requests themselves by adding and verifying a challenge string that's sent to the client. - 1. Since HoloLens (1st Gen and 2nd Gen) have a TPM module, these certs would be stored in the TPM module, and are unable to be extracted. Additionally, even if it could be extracted, the challenge strings couldn't be verified on a different device, rendering the certs/key unusable on different devices. - -## HoloLens 2nd Gen Security Questions - -1. **What type of wireless is used?** - 1. 802.11ac and Bluetooth 5.0 -1. **What type of architecture is incorporated? For example: point to point, mesh or something else?** - 1. Wi-Fi can be used in infrastructure mode to communicate with other wireless access points. - 1. Bluetooth can be used to talk peer to peer between multiple HoloLens if the customers application supports it or to other Bluetooth devices. -1. **What is FCC ID?** - 1. C3K1855 -1. **What frequency range and channels does the device operate on and is it configurable?** - 1. Wi-Fi: The frequency range is not user configurable and depends on the country of use. In the US Wi-Fi uses both 2.4 GHz (1-11) channels and 5 GHz (36-64, 100-165) channels. -1. **Can the device allow or block specific frequencies?** - 1. This is not controllable by the user/device -1. **What is the power level for both transmit and receive? Is it adjustable? What is the range of operation?** - 1. Wireless power levels depend on the channel of operation. Devices are calibrated to perform at the highest power levels allowed based on the region's regulatory rules. -1. **What is the duty cycle/lifetime for normal operation?** - 1. *Currently unavailable.* -1. **What is transmit and receive behavior when a tool is not in range?** - 1. HoloLens transmit/receive follows the standard Wi-Fi/Bluetooth pattern. At the edge of its range, you'll probably notice input getting choppy until it fully disconnects, but after you get back in range it should quickly reconnect. -1. **What is deployment density per square foot?** - 1. This is dependent on your network infrastructure. -1. **Can device use the infrastructure as a client?** - 1. Yes -1. **What protocol is used?** - 1. HoloLens does not use any proprietary protocols -1. **OS update frequency – What is the frequency of OS updates for the HL? Is there a set schedule? Does Microsoft release security patches as needed, etc.** - 1. Microsoft does provide OS updates to HoloLens exactly the same way it is done for Windows 10. There are normally two major updates per year, one in spring, one in fall. As HoloLens is a Windows device, the update concept is the same as with any other Windows device. Microsoft releases Security patches as needed and follows the same concept as done on any other Windows device. -1. **OS hardening – What options are there to harden the OS? Can we remove or shutdown unnecessary apps or services?** - 1. HoloLens behaves like a smartphone. It is comparable to other modern Windows devices. HoloLens can be managed by either Microsoft Intune or other Modern Device Management Solutions, like MobileIron, Airwatch, or Soti. There are Policies you can set in these Management Systems to put Security policies on the device and in order to harden the device. There is also the option in deleting any unnecessary applications if wanted. -1. **How will software applications be managed and updated? What control do we have to define what apps are loaded and app update process for apps that are living in the Microsoft store?** - 1. HoloLens gets software applications only through the Windows store. Only Appx Application Packages can be installed, which are developed for the Use of HoloLens. You can see this in the Microsoft Store with a little logo next to the application which shows the HoloLens device. Any control that you have over the management of Store applications also applies to HoloLens. You can use the concept of the official store or the store for business. Apps can either be side-loaded (manual process to load an app on a Windows device) or can be managed through an MDM so that apps are automatically pulled from the store when needed. -1. **What is the frequency of updates to apps in the store for HoloLens?** - 1. As we follow the same concept of the Microsoft Store and pull apps from there, the update cycle is determined by the developer of the Application. All management options that you have to control the update mechanism in the store apply to HoloLens as well. -1. **Is there a secure boot capability for the HoloLens?** - 1. Yes -1. **Is there an ability to disable or disconnect peripheral support from the device?** - 1. Yes -1. **Is there an ability to control or disable the use of ports on the device?** - 1. The HoloLens only contains 2 ports (one for headphones and one for charging or connecting to PCs). There is not ability to disable the port due to functionality and recovery reasons. -1. **Antivirus, end point detection, IPS, app control allow – Any ability to run antivirus, end point detection, IPS, app control allow, etc.** - 1. HoloLens 2nd Gen supports Windows Defender Smart Screen. If an antivirus company were to create and publish their app to the Universal Windows Platform, it could be downloaded on HoloLens. At present, no companies have done this for HoloLens. - 1. Allowing apps is possible by using the Microsoft Enterprise Store, where you can choose only what specific apps can be downloaded. Also, through MDM you can lock what specific apps can be run or even seen on the device. -1. **Can we quarantine the device from prod network until we update the device if it has been offline for an extended period of time? Ex. Device has been sitting in a drawer not powered up for a period (6 months) and has not received any updates, patches, etc. When it tries to come on the network can we flag it and say you must update on another network prior to being complaint to join the network.** - 1. This is something that can be managed on the infrastructure level by either an MDM or an on-prem server. The device can be flagged as not compliant if it does not meet a specified Update version. -1. **Does Microsoft include any back doors or access to services that allows Microsoft to connect to the device for screen sharing or remote support at will?** - 1. No -1. **When a PKI cert is being generated for trusted communication, we want the cert to be generated on the device so that we know it's only on that device, unique to that device, and can't be exported or used to impersonate the device. Is this true on HoloLens? If not is there a potential mitigation?** - 1. CSR for SCEP is generated on the device itself. Intune and the on premise SCEP connector help secure the requests themselves by adding and verifying a challenge string that's sent to the client. - 1. Since HoloLens (1st Gen and 2nd Gen) have a TPM module, these certs would be stored in the TPM module, and are unable to be extracted. Additionally, even if it could be extracted, the challenge strings couldn't be verified on a different device, rendering the certs/key unusable on different devices. diff --git a/devices/hololens/hololens-feedback.md b/devices/hololens/hololens-feedback.md deleted file mode 100644 index 7fb8c4838e..0000000000 --- a/devices/hololens/hololens-feedback.md +++ /dev/null @@ -1,84 +0,0 @@ ---- -title: Give us feedback -description: Create actionable feedback for HoloLens and Windows Mixed Reality developers by using the Feedback Hub. -ms.assetid: b9b24c72-ff86-44a9-b30d-dd76c49479a9 -author: mattzmsft -ms.author: mazeller -ms.date: 05/14/2020 -ms.custom: -- CI 116157 -- CSSTroubleshooting -audience: ITPro -ms.prod: hololens -ms.topic: article -keywords: feedback, bug, issue, error, troubleshoot, help -manager: jarrettr -ms.localizationpriority: medium -appliesto: -- HoloLens (1st gen) -- HoloLens 2 ---- - -# Feedback for HoloLens - -Use the Feedback Hub to tell us which features you love, which features you could do without, and how something could be better. The engineering team uses the same mechanism internally to track and fix bugs, so please use Feedback Hub to report any bugs that you see. We are listening! - -Feedback Hub is an excellent way to alert the engineering team to bugs and to make sure that future updates are healthier and more consistently free of bugs. However, Feedback Hub does not provide a response. If you need immediate help, please file feedback, take note of the summary that you provided for your feedback, and then follow up with [HoloLens support](https://support.microsoft.com/supportforbusiness/productselection?sapid=e9391227-fa6d-927b-0fff-f96288631b8f). - -> [!NOTE] -> -> - Make sure you that you have the current version of Feedback Hub. To do this, select **Start** > **Microsoft Store**, and then select the ellipses (**...**). Then, select **Downloads and updates** > **Get updates**. -> -> - To provide the best possible data for fixing issues, we highly recommended that you set your device telemetry to **Full**. You can set this value during the Out-of-Box-Experience (OOBE), or by using the Settings app. To do this by using Settings, select **Start** > **Settings** > **Privacy** > **App Diagnostics** > **On**. - -## Use the Feedback Hub - -1. Use the **Start** gesture to open the **Start** menu, and then select **Feedback Hub**. The app opens in your environment. - - ![Feedback app on HoloLens Start menu](./images/hololens2-feedbackhub-tile.png) - > [!NOTE] - > If you don't see **Feedback Hub**, select **All Apps** to see the complete list of apps on the device. - -1. To see whether someone else has given similar feedback, enter a few keywords about the topic in the **Feedback** search box. -1. If you find similar feedback, select it, add any additional information that you have in the **Write a comment** box, and then select **Upvote**. -1. If you don't find any similar feedback, select **Add new feedback**. - - ![Add new feedback](./images/hololens-feedback-1.png) - -1. In **Summarize your feedback**, enter a short summary of your feedback. Then add details in the **Explain in more detail** box. The more details that you provide, such as how to reproduce this problem and the effect that it has, the more useful your feedback is. When you're finished, select **Next**. - -1. Select a topic from **Choose a category**, and then select a subcategory from **Select a subcategory**. The following table describes the categories that are available in the Windows Holographic category. - - > [!NOTE] - > **Commercial customers**: To report a bug that is related to MDM, provisioning, or any other device management aspect, select the **Enterprise Management** category, and the **Device** subcategory. - - |Category |Description | - | --- | --- | - |Eye tracking |Feedback about eye tracking, iris sign-in, or calibration. | - |Hologram accuracy, stability, and reliability |Feedback about how holograms appear in space. | - |Launching, placing, adjusting, and exiting apps |Feedback about starting or stopping 2D or 3D apps. | - |Miracast |Feedback about Miracast. | - |Spaces and persistence |Feedback about how HoloLens recognizes spaces and retains holograms in space. | - |Start menu and all apps list |Feedback about the **Start** menu and the all apps list. | - |Surface mapping |Feedback about surface mapping. | - |Taking pictures and videos |Feedback about mixed reality captures. | - |Video hologram playback |Feedback about video hologram playback. | - |All other issues |All other issues. | - -1. You may be prompted to search for similar feedback. If your problem resembles feedback from other users, select that feedback. Otherwise, select **New feedback** and then select **Next**. - -1. If you are prompted, select the best description of the problem. - -1. Attach any relevant data to your feedback, or reproduce the problem. You can select any of the following options: - - - **Attach a screenshot**. Select this option to attach a screenshot that illustrates the situation that you're describing. - - **Attach a file**. Select this option to attach data files. If you have files that are relevant to your problem or that could help us to reproduce your problem, attach them. - - **Recreate my problem**. Select this option if you can reproduce the problem yourself. After you select **Recreate my problem**, follow these steps: - - 1. Select **Include data about** and make sure that the most relevant types of data are listed. In most cases, the default selections are based on the category and subcategory that you selected for your feedback. - 1. Select **Start Recording**. - - 1. Reproduce your problem. Don’t worry if this means that you have to enter an immersive app. You will return to the feedback page when you're done. - 1. Select **Stop recording**. After recording stops, you can see the data that is attached to your feedback for the engineering team. - -1. Make sure that you have an active internet connection so that we can receive your feedback. Select **Submit**, and you’re done. diff --git a/devices/hololens/hololens-identity.md b/devices/hololens/hololens-identity.md deleted file mode 100644 index e37c3e14ec..0000000000 --- a/devices/hololens/hololens-identity.md +++ /dev/null @@ -1,120 +0,0 @@ ---- -title: Manage user identity and sign-in for HoloLens -description: Manage user identity, security, and sign-in for HoloLens. -keywords: HoloLens, user, account, aad, adfs, microsoft account, msa, credentials, reference -ms.assetid: 728cfff2-81ce-4eb8-9aaa-0a3c3304660e -author: scooley -ms.author: scooley -ms.date: 1/6/2020 -ms.prod: hololens -ms.custom: -- CI 111456 -- CSSTroubleshooting -ms.topic: article -ms.sitesec: library -ms.topic: article -ms.localizationpriority: medium -audience: ITPro -manager: jarrettr -appliesto: -- HoloLens (1st gen) -- HoloLens 2 ---- - -# Manage user identity and sign-in for HoloLens - -> [!NOTE] -> This article is a technical reference for IT Pros and tech enthusiasts. If you're looking for HoloLens set up instructions, read "[Setting up your HoloLens (1st gen)](hololens1-start.md)" or "[Setting up your HoloLens 2](hololens2-start.md)". - -Like other Windows devices, HoloLens always operates under a user context. There is always a user identity. HoloLens treats identity in almost the same manner as other Windows 10 devices do. This article is a deep-dive reference for identity on HoloLens, and focuses on how HoloLens differs from other Windows 10 devices. - -HoloLens supports several kinds of user identities. You can use one or more user accounts to sign in. Here's an overview of the identity types and authentication options on HoloLens: - -| Identity type | Accounts per device | Authentication options | -| --- | --- | --- | -| [Azure Active Directory (AAD)](https://docs.microsoft.com/azure/active-directory/) | 64 | | -| [Microsoft Account (MSA)](https://docs.microsoft.com/windows/security/identity-protection/access-control/microsoft-accounts) | 1 | | -| [Local account](https://docs.microsoft.com/windows/security/identity-protection/access-control/local-accounts) | 1 | Password | - -Cloud-connected accounts (AAD and MSA) offer more features because they can use Azure services. - -## Setting up users - -The most common way to set up a new user is during the HoloLens out-of-box experience (OOBE). During setup, HoloLens prompts for a user to sign in by using the account that they want to use on the device. This account can be a consumer Microsoft account or an enterprise account that has been configured in Azure. See Setting up your [HoloLens (1st gen)](hololens1-start.md) or [HoloLens 2](hololens2-start.md). - -Like Windows on other devices, signing in during setup creates a user profile on the device. The user profile stores apps and data. The same account also provides Single Sign-on for apps such as Edge or Skype by using the Windows Account Manager APIs. - -If you use an enterprise or organizational account to sign in to HoloLens, HoloLens enrolls in the organization's IT infrastructure. This enrollment allows your IT Admin to configure Mobile Device Management (MDM) to send group policies to your HoloLens. - -By default, as for other Windows 10 devices, you'll have to sign in again when HoloLens restarts or resumes from standby. You can use the Settings app to change this behavior, or the behavior can be controlled by group policy. - -### Linked accounts - -As in the Desktop version of Windows, you can link additional web account credentials to your HoloLens account. Such linking makes it easier to access resources across or within apps (such as the Store) or to combine access to personal and work resources. After you connect an account to the device, you can grant permission to use the device to apps so that you don't have to sign in to each app individually. - -Linking accounts does not separate the user data created on the device, such as images or downloads. - -### Setting up multi-user support (AAD only) - -> [!NOTE] -> **HoloLens (1st gen)** began supporting multiple AAD users in the [Windows 10 April 2018 Update](https://docs.microsoft.com/windows/mixed-reality/release-notes-april-2018) as part of [Windows Holographic for Business](hololens-upgrade-enterprise.md). - -HoloLens supports multiple users from the same AAD tenant. To use this feature, you must use an account that belongs to your organization to set up the device. Subsequently, other users from the same tenant can sign in to the device from the sign-in screen or by tapping the user tile on the Start panel. Only one user can be signed in at a time. When a user signs in, HoloLens signs out the previous user. - -All users can use the apps installed on the device. However, each user has their own app data and preferences. Removing an app from the device removes it for all users. - -## Removing users - -You can remove a user from the device by going to **Settings** > **Accounts** > **Other people**. This action also reclaims space by removing all of that user's app data from the device. - -## Using single sign-on within an app - -As an app developer, you can take advantage of linked identities on HoloLens by using the [Windows Account Manager APIs](https://docs.microsoft.com/uwp/api/Windows.Security.Authentication.Web.Core), just as you would on other Windows devices. Some code samples for these APIs are available [here](https://go.microsoft.com/fwlink/p/?LinkId=620621). - -Any account interrupts that might occur, such as requesting user consent for account information, two-factor authentication, and so forth, must be handled when the app requests an authentication token. - -If your app requires a specific account type that hasn't been linked previously, your app can ask the system to prompt the user to add one. This request triggers the account settings pane to launch as a modal child of your app. For 2D apps, this window renders directly over the center of your app. For Unity apps, this request briefly takes the user out of your holographic app to render the child window. For information about customizing the commands and actions on this pane, see [WebAccountCommand Class](https://docs.microsoft.com/uwp/api/Windows.UI.ApplicationSettings.WebAccountCommand). - -## Enterprise and other authentication - -If your app uses other types of authentication, such as NTLM, Basic, or Kerberos, you can use [Windows Credential UI](https://docs.microsoft.com/uwp/api/Windows.Security.Credentials.UI) to collect, process, and store the user's credentials. The user experience for collecting these credentials is very similar to other cloud-driven account interrupts, and appears as a child app on top of your 2D app or briefly suspends a Unity app to show the UI. - -## Deprecated APIs - -One way in which developing for HoloLens differs from developing for Desktop is that the [OnlineIDAuthenticator](https://docs.microsoft.com/uwp/api/Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator) API is not fully supported. Although the API returns a token if the primary account is in good-standing, interrupts such as those described in this article do not display any UI for the user and fail to correctly authenticate the account. - -## Frequently asked questions - -### Is Windows Hello for Business supported on HoloLens (1st Gen)? - -Windows Hello for Business (which supports using a PIN to sign in) is supported for HoloLens (1st Gen). To allow Windows Hello for Business PIN sign-in on HoloLens: - -1. The HoloLens device must be [managed by MDM](hololens-enroll-mdm.md). -1. You must enable Windows Hello for Business for the device. ([See instructions for Microsoft Intune.](https://docs.microsoft.com/intune/windows-hello)) -1. On HoloLens, the user can then use **Settings** > **Sign-in Options** > **Add PIN** to set up a PIN. - -> [!NOTE] -> Users who sign in by using a Microsoft account can also set up a PIN in **Settings** > **Sign-in Options** > **Add PIN**. This PIN is associated with [Windows Hello](https://support.microsoft.com/help/17215/windows-10-what-is-hello), rather than [Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-overview). - -### How is Iris biometric authentication implemented on HoloLens 2? - -HoloLens 2 supports Iris authentication. Iris is based on Windows Hello technology and is supported for use by both Azure Active Directory and Microsoft Accounts. Iris is implemented the same way as other Windows Hello technologies, and achieves biometrics security FAR of 1/100K. - -You can learn more about biometric requirements and specifications for Windows Hello [here](https://docs.microsoft.com/windows-hardware/design/device-experiences/windows-hello-biometric-requirements). Learn more about [Windows Hello](https://docs.microsoft.com/windows-hardware/design/device-experiences/windows-hello) and [Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-identity-verification). - -### How does the type of account affect sign-in behavior? - -If you apply policies for sign-in, the policy is always respected. If no policy for sign-in is applied, these are the default behaviors for each account type: - -- **Azure AD**: asks for authentication by default, and configurable by **Settings** to no longer ask for authentication. -- **Microsoft account**: lock behavior is different allowing automatic unlock, however sign in authentication is still required on reboot. -- **Local account**: always asks for authentication in the form of a password, not configurable in **Settings** - -> [!NOTE] -> Inactivity timers are currently not supported, which means that the **AllowIdleReturnWithoutPassword** policy is only respected when the device goes into StandBy. - -## Additional resources - -Read much more about user identity protection and authentication on [the Windows 10 security and identity documentation](https://docs.microsoft.com/windows/security/identity-protection/). - -Learn more about setting up hybrid identity infrastructure thorough the [Azure Hybrid identity documentation](https://docs.microsoft.com/azure/active-directory/hybrid/). diff --git a/devices/hololens/hololens-insider.md b/devices/hololens/hololens-insider.md deleted file mode 100644 index 5bc9b7a304..0000000000 --- a/devices/hololens/hololens-insider.md +++ /dev/null @@ -1,76 +0,0 @@ ---- -title: Insider preview for Microsoft HoloLens -description: It's simple to get started with Insider builds and to provide valuable feedback for our next major operating system update for HoloLens. -ms.prod: hololens -ms.sitesec: library -author: scooley -ms.author: scooley -ms.topic: article -ms.custom: -- CI 111456 -- CSSTroubleshooting -ms.localizationpriority: medium -audience: ITPro -ms.date: 4/21/2020 -ms.reviewer: -manager: laurawi -appliesto: -- HoloLens 2 ---- - -# Insider preview for Microsoft HoloLens - -Welcome to the latest Insider Preview builds for HoloLens! It's simple to get started and provide valuable feedback for our next major operating system update for HoloLens. - -## Start receiving Insider builds - -On a HoloLens 2 device go to **Settings** -> **Update & Security** -> **Windows Insider Program** and select **Get started**. Link the account you used to register as a Windows Insider. - -Then, select **Active development of Windows**, choose whether you'd like to receive **Fast** or **Slow** builds, and review the program terms. - -Select **Confirm -> Restart Now** to finish up. After your device has rebooted, go to **Settings -> Update & Security -> Check for updates** to get the latest build. - -## Stop receiving Insider builds - -If you no longer want to receive Insider builds of Windows Holographic, you can opt out when your HoloLens is running a production build, or you can [recover your device](hololens-recovery.md) using the Advanced Recovery Companion to recover your device to a non-Insider version of Windows Holographic. - -> [!CAUTION] -> There is a known issue in which users who un-enroll from Insider Preview builds after manually reinstalling a fresh preview build would experience a blue screen. Afterwards they must manually recover their device. For full details on if you would be impacted or not, please view more on this [Known Issue](https://docs.microsoft.com/hololens/hololens-known-issues?source=docs#blue-screen-is-shown-after-unenrolling-from-insider-preview-builds-on-a-device-reflashed-with-a-insider-build). - -To verify that your HoloLens is running a production build: - -1. Go to **Settings > System > About**, and find the build number. -1. [See the release notes for production build numbers.](hololens-release-notes.md) - -To opt out of Insider builds: - -1. On a HoloLens running a production build, go to **Settings > Update & Security > Windows Insider Program**, and select **Stop Insider builds**. -1. Follow the instructions to opt out your device. - - - -## Provide feedback and report issues - -Please use [the Feedback Hub app](hololens-feedback.md) on your HoloLens to provide feedback and report issues. Using Feedback Hub ensures that all necessary diagnostics information is included to help our engineers quickly debug and resolve the problem. Issues with the Chinese and Japanese version of HoloLens should be reported the same way. - -> [!NOTE] -> Be sure to accept the prompt that asks whether you'd like Feedback Hub to access your Documents folder (select **Yes** when prompted). - -## Note for developers - -You are welcome and encouraged to try developing your applications using Insider builds of HoloLens. Check out the [HoloLens Developer Documentation](https://developer.microsoft.com/windows/mixed-reality/development) to get started. Those same instructions work with Insider builds of HoloLens. You can use the same builds of Unity and Visual Studio that you're already using for HoloLens development. - - -## Windows Insider Release Notes - -As of our [Windows Holographic May 2020 Update](hololens-release-notes.md) release all of our release preview feautres are now generally avalible! Make sure to [update your HoloLens](hololens-update-hololens.md) to get all the latest features. - -We'll be updating this page again with new features again as we release them to Windows Insider builds. - -### FFU download and flash directions -To test with a flight signed ffu, you first have to flight unlock your device prior to flashing the flight signed ffu. -1. On PC - 1. Download ffu to your PC from: [https://aka.ms/hololenspreviewdownload](https://aka.ms/hololenspreviewdownload) - 1. Install ARC (Advanced Recovery Companion) from the Microsoft Store: [https://www.microsoft.com/store/productId/9P74Z35SFRS8](https://www.microsoft.com/store/productId/9P74Z35SFRS8) -1. On HoloLens - Flight Unlock: Open **Settings** > **Update & Security** > **Windows Insider Program** then sign up, reboot device -1. Flash FFU - Now you can flash the flight signed FFU using ARC diff --git a/devices/hololens/hololens-kiosk.md b/devices/hololens/hololens-kiosk.md deleted file mode 100644 index 1bbd7ddefd..0000000000 --- a/devices/hololens/hololens-kiosk.md +++ /dev/null @@ -1,476 +0,0 @@ ---- -title: Set up HoloLens as a kiosk -description: Use a kiosk configuration to lock down the apps on HoloLens. -ms.prod: hololens -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.localizationpriority: medium -ms.date: 04/27/2020 -ms.custom: -- CI 115262 -- CI 111456 -- CSSTroubleshooting -ms.reviewer: -manager: laurawi -appliesto: -- HoloLens (1st gen) -- HoloLens 2 ---- - -# Set up HoloLens as a kiosk - -You can configure a HoloLens device to function as a fixed-purpose device, also called a *kiosk*, by configuring the device to run in kiosk mode. Kiosk mode limits the applications (or users) that are available on the device. Kiosk mode is a convenient feature that you can use to dedicate a HoloLens device to business apps, or to use the HoloLens device in an app demo. - -This article provides information about aspects of kiosk configuration that are specific to HoloLens devices. For general information about the different types of Windows-based kiosks and how to configure them, see [Configure kiosks and digital signs on Windows desktop editions](https://docs.microsoft.com/windows/configuration/kiosk-methods). - -> [!IMPORTANT] -> Kiosk mode determines which apps are available when a user signs in to the device. However, kiosk mode is not a security method. It does not stop an "allowed" app from opening another app that is not allowed. In order to block apps or processes from opening, use [Windows Defender Application Control (WDAC) CSP](https://docs.microsoft.com/windows/client-management/mdm/applicationcontrol-csp) to create appropriate policies. - -You can use kiosk mode in either a single-app or a multi-app configuration, and you can use one of three processes to set up and deploy the kiosk configuration. - -> [!IMPORTANT] -> Deleting the multi-app configuration removes the user lockdown profiles that the assigned access feature created. However, it does not revert all the policy changes. To revert these policies, you have to reset the device to the factory settings. - -## Plan the kiosk deployment - -### Kiosk mode requirements - -You can configure any HoloLens 2 device to use kiosk mode. - -To configure a HoloLens (1st gen) device to use kiosk mode, you must first make sure that the device runs Windows 10, version 1803, or a later version. If you have used the Windows Device Recovery Tool to recover your HoloLens (1st gen) device to its default build, or if you have installed the most recent updates, your device is ready to configure. - -> [!IMPORTANT] -> To help protect devices that run in kiosk mode, consider adding device management policies that turn off features such as USB connectivity. Additionally, check your update ring settings to make sure that automatic updates do not occur during business hours. - -### Decide between a single-app kiosk or a multi-app kiosk - -A single-app kiosk starts the specified app when the user signs in to the device. The Start menu is disabled, as is Cortana. A HoloLens 2 device does not respond to the [Start](hololens2-basic-usage.md#start-gesture) gesture. A HoloLens (1st gen) device does not respond to the [bloom](hololens1-basic-usage.md) gesture. Because only one app can run, the user cannot place other apps. - -A multi-app kiosk displays the Start menu when the user signs in to the device. The kiosk configuration determines which apps are available on the Start menu. You can use a multi-app kiosk to provide an easy-to-understand experience for users by presenting to them only the things that they have to use, and removing the things they don't need to use. - -The following table lists the feature capabilities in the different kiosk modes. - -|   |Start menu |Quick Actions menu |Camera and video |Miracast |Cortana |Built-in voice commands | -| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | -|Single-app kiosk |Disabled |Disabled |Disabled |Disabled |Disabled |Enabled1 | -|Multi-app kiosk |Enabled |Enabled2 |Available2 |Available2 |Available2, 3 |Enabled1 | - -> 1 Voice commands that relate to disabled features do not function. -> 2 For more information about how to configure these features, see [Select kiosk apps](#plan-kiosk-apps). -> 3 Even if Cortana is disabled, the built-in voice commands are enabled. - -The following table lists the user support features of the different kiosk modes. - -|   |Supported user types | Automatic sign-in | Multiple access levels | -| --- | --- | --- | --- | -|Single-app kiosk |Managed Service Account (MSA) in Azure Active Directory (AAD) or local account |Yes |No | -|Multi-app kiosk |AAD account |No |Yes | - -For examples of how to use these capabilities, see the following table. - -|Use a single-app kiosk for: |Use a multi-app kiosk for: | -| --- | --- | -|A device that runs only a Dynamics 365 Guide for new employees. |A device that runs both Guides and Remote Assistance for a range of employees. | -|A device that runs only a custom app. |A device that functions as a kiosk for most users (running only a custom app), but functions as a standard device for a specific group of users. | - -### Plan kiosk apps - -For general information about how to choose kiosk apps, see [Guidelines for choosing an app for assigned access (kiosk mode)](https://docs.microsoft.com/windows/configuration/guidelines-for-assigned-access-app). - -If you use the Windows Device Portal to configure a single-app kiosk, you select the app during the setup process. - -If you use a Mobile Device Management (MDM) system or a provisioning package to configure kiosk mode, you use the [AssignedAccess Configuration Service Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) to specify applications. The CSP uses [Application User Model IDs (AUMIDs)](https://docs.microsoft.com/windows/configuration/find-the-application-user-model-id-of-an-installed-app) to identify applications. The following table lists the AUMIDs of some in-box applications that you can use in a multi-app kiosk. - -> [!CAUTION] -> You cannot select the Shell app as a kiosk app. Addition, we recommend that you do **not** select Microsoft Edge, Microsoft Store, or File Explorer as a kiosk app. - - - -|App Name |AUMID | -| --- | --- | -|3D Viewer |Microsoft.Microsoft3DViewer\_8wekyb3d8bbwe\!Microsoft.Microsoft3DViewer | -|Calendar |microsoft.windowscommunicationsapps\_8wekyb3d8bbwe\!microsoft.windowslive.calendar | -|Camera1, 2 |HoloCamera\_cw5n1h2txyewy\!HoloCamera | -|Cortana3 |Microsoft.549981C3F5F10\_8wekyb3d8bbwe\!App | -|Device Picker |HoloDevicesFlow\_cw5n1h2txyewy\!HoloDevicesFlow | -|Dynamics 365 Guides |Microsoft.Dynamics365.Guides\_8wekyb3d8bbwe\!MicrosoftGuides | -|Dynamics 365 Remote Assist |Microsoft.MicrosoftRemoteAssist\_8wekyb3d8bbwe\!Microsoft.RemoteAssist | -|Feedback Hub |Microsoft.WindowsFeedbackHub\_8wekyb3d8bbwe\!App | -|File Explorer |c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy!App | -|Mail |microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail | -|Microsoft Store |Microsoft.WindowsStore_8wekyb3d8bbwe!App | -|Miracast4 |  | -|Movies & TV |Microsoft.ZuneVideo\_8wekyb3d8bbwe\!Microsoft.ZuneVideo | -|OneDrive |microsoft.microsoftskydrive\_8wekyb3d8bbwe\!App | -|Photos |Microsoft.Windows.Photos\_8wekyb3d8bbwe\!App | -|Settings |HolographicSystemSettings\_cw5n1h2txyewy\!App | -|Tips |Microsoft.HoloLensTips\_8wekyb3d8bbwe\!HoloLensTips | - -> 1 To enable photo or video capture, you have to enable the Camera app as a kiosk app. -> 2 When you enable the Camera app, be aware of the following conditions: -> - The Quick Actions menu includes the Photo and Video buttons. -> - You should also enable an app (such as Photos, Mail, or OneDrive) that can interact with or retrieve pictures. -> -> 3 Even if you do not enable Cortana as a kiosk app, built-in voice commands are enabled. However, commands that are related to disabled features have no effect. -> 4 You cannot enable Miracast directly. To enable Miracast as a kiosk app, enable the Camera app and the Device Picker app. - -### Plan user and device groups - -In an MDM environment, you use groups to manage device configurations and user access. - -The kiosk configuration profile includes the **User logon type** setting. **User logon type** identifies the user (or group that contains the users) who can use the app or apps that you add. If a user signs in by using an account that is not included in the configuration profile, that user cannot use apps on the kiosk. - -> [!NOTE] -> The **User logon type** of a single-app kiosk specifies a single user account. This is the user context under which the kiosk runs. The **User logon type** of a multi-app kiosk can specify one or more user accounts or groups that can use the kiosk. - -Before you can deploy the kiosk configuration to a device, you have to *assign* the kiosk configuration profile to a group that contains the device or a user who can sign in to the device. This setting produces behavior such as the following. - -- If the device is a member of the assigned group, the kiosk configuration deploys to the device the first time that any user signs in on the device. -- If the device is not a member of the assigned group, but a user who is a member of that group signs in, the kiosk configuration deploys to the device at that time. - -For a full discussion of the effects of assigning configuration profiles in Intune, see [Assign user and device profiles in Microsoft Intune](https://docs.microsoft.com/intune/configuration/device-profile-assign). - -> [!NOTE] -> The following examples describe multi-app kiosks. Single-app kiosks behave in a similar manner, but only one user account gets the kiosk experience. - -**Example 1** - -You use a single group (Group 1) for both devices and users. One device and users A, B, and C are members of this group. You configure the kiosk configuration profile as follows: - -- **User logon type**: Group 1 -- **Assigned group**: Group 1 - -Regardless of which user signs on to the device first (and goes through the Out-of-Box Experience, or OOBE), the kiosk configuration deploys to the device. Users A, B, and C can all sign in to the device and get the kiosk experience. - -**Example 2** - -You contract out devices to two different vendors who need different kiosk experiences. Both vendors have users, and you want all the users to have access to kiosks from both their own vendor and the other vendor. You configure groups as follows: - -- Device Group 1: - - Device 1 (Vendor 1) - - Device 2 (Vendor 1) - -- Device Group 2: - - Device 3 (Vendor 2) - - Device 4 (Vendor 2) - -- User Group: - - User A (Vendor 1) - - User B (Vendor 2) - -You create two kiosk configuration profiles that have the following settings: - -- Kiosk Profile 1: - - **User logon type**: User Group - - **Assigned group**: Device Group 1 - -- Kiosk Profile 2: - - **User logon type**: User Group - - **Assigned group**: Device Group 2 - -These configurations produce the following results: - -- When any user signs in to Device 1 or Device 2, Intune deploys Kiosk Profile 1 to that device. -- When any user signs in to Device 3 or Device 4, Intune deploys Kiosk Profile 2 to that device. -- User A and user B can sign in to any of the four devices. If they sign in to Device 1 or Device 2, they see the Vendor 1 kiosk experience. If they sign in to Device 3 or Device 4, they see the Vendor 2 kiosk experience. - -#### Profile conflicts - -If two or more kiosk configuration profiles target the same device, they conflict. In the case of Intune-managed devices, Intune does not apply any of the conflicting profiles. - -Other kinds of profiles and policies, such as device restrictions that are not related to the kiosk configuration profile, do not conflict with the kiosk configuration profile. - -### Select a deployment method - -You can select one of the following methods to deploy kiosk configurations: - -- [Microsoft Intune or other mobile device management (MDM) service](#use-microsoft-intune-or-other-mdm-to-set-up-a-single-app-or-multi-app-kiosk) - -- [Provisioning package](#use-a-provisioning-package-to-set-up-a-single-app-or-multi-app-kiosk) - -- [Windows Device Portal](#use-the-windows-device-portal-to-set-up-a-single-app-kiosk) - - > [!NOTE] - > Because this method requires that Developer Mode be enabled on the device, we recommend that you use it only for demonstrations. - -The following table lists the capabilities and benefits of each of the deployment methods. - -|   |Deploy by using Windows Device Portal |Deploy by using a provisioning package |Deploy by using MDM | -| --------------------------- | ------------- | -------------------- | ---- | -|Deploy single-app kiosks | Yes | Yes | Yes | -|Deploy multi-app kiosks | No | Yes | Yes | -|Deploy to local devices only | Yes | Yes | No | -|Deploy by using Developer Mode |Required | Not required | Not required | -|Deploy by using Azure Active Directory (AAD) | Not required | Not required | Required | -|Deploy automatically | No | No | Yes | -|Deployment speed | Fastest | Fast | Slow | -|Deploy at scale | Not recommended | Not recommended | Recommended | - -## Use Microsoft Intune or other MDM to set up a single-app or multi-app kiosk - -To set up kiosk mode by using Microsoft Intune or another MDM system, follow these steps. - -1. [Prepare to enroll the devices](#mdmenroll). -1. [Create a kiosk configuration profile](#mdmprofile). -1. Configure the kiosk. - - [Configure the settings for a single-app kiosk](#mdmconfigsingle). - - [Configure the settings for a multi-app kiosk](#mdmconfigmulti). -1. [Assign the kiosk configuration profile to a group](#mdmassign). -1. Deploy the devices. - - [Deploy a single-app kiosk](#mdmsingledeploy). - - [Deploy a multi-app kiosk](#mdmmultideploy). - -### MDM, step 1 – Prepare to enroll the devices - -You can configure your MDM system to enroll HoloLens devices automatically when the user first signs in, or have users enroll devices manually. The devices also have to be joined to your Azure AD domain, and assigned to the appropriate groups. - -For more information about how to enroll the devices, see [Enroll HoloLens in MDM](hololens-enroll-mdm.md) and [Intune enrollment methods for Windows devices](https://docs.microsoft.com/mem/intune/enrollment/windows-enrollment-methods). - -### MDM, step 2 – Create a kiosk configuration profile - -1. Open the [Azure](https://portal.azure.com/) portal and sign in to your Intune administrator account. -1. Select **Microsoft Intune** > **Device configuration - Profiles** > **Create profile**. -1. Enter a profile name. -1. Select **Platform** > **Windows 10 and later**, and then select **Profile type** >**Device restrictions**. -1. Select **Configure** > **Kiosk**, and then select one of the following: - - To create a single-app kiosk, select **Kiosk Mode** > **Single-app kiosk**. - - To create a multi-app kiosk, select **Kiosk Mode** > **Multi-app kiosk**. -1. To start configuring the kiosk, select **Add**. - -Your next steps differ depending on the type of kiosk that you want. For more information, select one of the following options: - -- [Single-app kiosk](#mdmconfigsingle) -- [Multi-app kiosk](#mdmconfigmulti) - -For more information about how to create a kiosk configuration profile, see [Windows 10 and Windows Holographic for Business device settings to run as a dedicated kiosk using Intune](https://docs.microsoft.com/intune/configuration/kiosk-settings). - -### MDM, step 3 (single-app) – Configure the settings for a single-app kiosk - -This section summarizes the settings that a single-app kiosk requires. For more details, see the following articles: - -- For information about how to configure a kiosk configuration profile in Intune, see [How to Configure Kiosk Mode Using Microsoft Intune](hololens-commercial-infrastructure.md#how-to-configure-kiosk-mode-using-microsoft-intune). -- For more information about the available settings for single-app kiosks in Intune, see [Single full-screen app kiosks](https://docs.microsoft.com/intune/configuration/kiosk-settings-holographic#single-full-screen-app-kiosks) -- For other MDM services, check your provider's documentation for instructions. If you have to use a custom XML configuration to set up a kiosk in your MDM service, [create an XML file that defines the kiosk configuration](#ppkioskconfig). - -1. Select **User logon type** > **Local user account**, and then enter the user name of the local (device) account or Microsoft Account (MSA) that can sign in to the kiosk. - > [!NOTE] - > **Autologon** user account types aren't supported on Windows Holographic for Business. -1. Select **Application type** > **Store app**, and then select an app from the list. - -Your next step is to [assign](#mdmassign) the profile to a group. - -### MDM, step 3 (multi-app) – Configure the settings for a multi-app kiosk - -This section summarizes the settings that a multi-app kiosk requires. For more detailed information, see the following articles: - -- For information about how to configure a kiosk configuration profile in Intune, see [How to Configure Kiosk Mode Using Microsoft Intune](hololens-commercial-infrastructure.md#how-to-configure-kiosk-mode-using-microsoft-intune). -- For more information about the available settings for multi-app kiosks in Intune, see [Multi-app kiosks](https://docs.microsoft.com/mem/intune/configuration/kiosk-settings-holographic#multi-app-kiosks) -- For other MDM services, check your provider's documentation for instructions. If you need to use a custom XML configuration to set up a kiosk in your MDM service, [create an XML file that defines the kiosk configuration](#ppkioskconfig). If you use an XML file, make sure to include the [Start layout](#start-layout-for-hololens). -- You can optionally use a custom Start layout with Intune or other MDM services. For more information, see [Start layout file for MDM (Intune and others)](#start-layout-file-for-mdm-intune-and-others). - -1. Select **Target Windows 10 in S mode devices** > **No**. - >[!NOTE] - > S mode isn't supported on Windows Holographic for Business. -1. Select **User logon type** > **Azure AD user or group** or **User logon type** > **HoloLens visitor**, and then add one or more user groups or accounts. - - Only users who belong to the groups or accounts that you specify in **User logon type** can use the kiosk experience. - -1. Select one or more apps by using the following options: - - To add an uploaded line-of-business app, select **Add store app** and then select the app that you want. - - To add an app by specifying its AUMID, select **Add by AUMID** and then enter the AUMID of the app. [See the list of available AUMIDs](#aumids) - -Your next step is to [assign](#mdmassign) the profile to a group. - -### MDM, step 4 – Assign the kiosk configuration profile to a group - -Use the **Assignments** page of the kiosk configuration profile to set where you want the kiosk configuration to deploy. In the simplest case, you assign the kiosk configuration profile to a group that will contain the HoloLens device when the device enrolls in MDM. - -### MDM, step 5 (single-app) – Deploy a single-app kiosk - -When you use an MDM system, you can enroll the device in MDM during OOBE. After OOBE finishes, signing in to the device is easy. - -During OOBE, follow these steps: - -1. Sign in by using the account that you specified in the kiosk configuration profile. -1. Enroll the device. Make sure that the device is added to the group that the kiosk configuration profile is assigned to. -1. Wait for OOBE to finish, for the store app to download and install, and for policies to be applied. Then restart the device. - -The next time you sign in to the device, the kiosk app should automatically start. - -If you don't see your kiosk configuration at this point, [check the assignment status](https://docs.microsoft.com/intune/configuration/device-profile-monitor). - -### MDM, step 5 (multi-app) – Deploy a multi-app kiosk - -When you use an MDM system, you can join the device to your Azure AD tenant and enroll the device in MDM during OOBE. If appropriate, provide the enrollment information to the users so that they have it available during the OOBE process. - -> [!NOTE] -> If you have assigned the kiosk configuration profile to a group that contains users, make sure that one of those user accounts is the first account to sign in to the device. - -During OOBE, follow these steps: - -1. Sign in by using the account that belongs to the **User logon type** group. -1. Enroll the device. -1. Wait for any apps that are part of the kiosk configuration profile to download and install. Also, wait for policies to be applied. -1. After OOBE finishes, you can install additional apps from the Microsoft store or by sideloading. [Required apps](https://docs.microsoft.com/mem/intune/apps/apps-deploy#assign-an-app) for the group that the device belongs to install automatically. -1. After the installation finishes, restart the device. - -The next time you sign in to the device by using an account that belongs to the **User logon type**, the kiosk app should automatically launch. - -If you don't see your kiosk configuration at this point, [check the assignment status](https://docs.microsoft.com/intune/configuration/device-profile-monitor). - -## Use a provisioning package to set up a single-app or multi-app kiosk - -To set up kiosk mode by using a provisioning package, follow these steps. - -1. [Create an XML file that defines the kiosk configuration.](#ppkioskconfig), including a [Start layout](#start-layout-for-hololens). -2. [Add the XML file to a provisioning package.](#ppconfigadd) -3. [Apply the provisioning package to HoloLens.](#ppapply) - -### Provisioning package, step 1 – Create a kiosk configuration XML file - -Follow [the general instructions to create a kiosk configuration XML file for Windows desktop](https://docs.microsoft.com/windows/configuration/lock-down-windows-10-to-specific-apps#create-xml-file), except for the following: - -- Do not include Classic Windows applications (Win32). HoloLens does not support these applications. -- Use the [placeholder Start layout XML](#start-layout-for-hololens) for HoloLens. -- Optional: Add guest access to the kiosk configuration - -#### Optional: Add guest access to the kiosk configuration - -In the [**Configs** section of the XML file](https://docs.microsoft.com/windows/configuration/lock-down-windows-10-to-specific-apps#configs), you can configure a special group named **Visitor** to allow guests to use the kiosk. When the kiosk is configured to support the **Visitor** special group, a "**Guest**" option is added to the sign-in page. The **Guest** account does not require a password, and any data that is associated with the account is deleted when the account signs out. - -To enable the **Guest** account, add the following snippet to your kiosk configuration XML: - -```xml - - - - - - -``` - -#### Placeholder Start layout for HoloLens - -If you use a [provisioning package](##use-a-provisioning-package-to-set-up-a-single-app-or-multi-app-kiosk) to configure a multi-app kiosk, the procedure requires a Start layout. Start layout customization isn't supported in Windows Holographic for Business. Therefore, you'll have to use a placeholder Start layout. - -> [!NOTE] -> Because a single-app kiosk starts the kiosk app when a user signs in, it does not use a Start menu and does not have to have a Start layout. - -> [!NOTE] -> If you use [MDM](#use-microsoft-intune-or-other-mdm-to-set-up-a-single-app-or-multi-app-kiosk) to set up a multi-app kiosk, you can optionally use a Start layout. For more information, see [Placeholder Start layout file for MDM (Intune and others)](#start-layout-file-for-mdm-intune-and-others). - -For the Start layout, add the following **StartLayout** section to the kiosk provisioning XML file: - -```xml - - - - - - - - - - - - - - - ]]> - - -``` - -#### Placeholder Start layout file for MDM (Intune and others) - -Save the following sample as an XML file. You can use this file when you configure the multi-app kiosk in Microsoft Intune (or in another MDM service that provides a kiosk profile). - -> [!NOTE] -> If you have to use a custom setting and full XML configuration to set up a kiosk in your MDM service, use the [Start layout instructions for a provisioning package](#start-layout-for-hololens). - -```xml - - - - - - - - - -``` - -### Prov. package, step 2 – Add the kiosk configuration XML file to a provisioning package - -1. Open [Windows Configuration Designer](https://www.microsoft.com/store/apps/9nblggh4tx22). -1. Select **Advanced provisioning**, enter a name for your project, and then select **Next**. -1. Select **Windows 10 Holographic**, and then select **Next**. -1. Select **Finish**. The workspace for your package opens. -1. Select **Runtime settings** > **AssignedAccess** > **MultiAppAssignedAccessSettings**. -1. In the center pane, select **Browse** to locate and select the kiosk configuration XML file that you created. - - ![Screenshot of the MultiAppAssignedAccessSettings field in Windows Configuration Designer](./images/multiappassignedaccesssettings.png) - -1. **Optional**. (If you want to apply the provisioning package after the initial setup of the device, and there is an admin user already available on the kiosk device, skip this step.) Select **Runtime settings** > **Accounts** > **Users**, and then create a user account. Provide a user name and password, and then select **UserGroup** > **Administrators**. - - By using this account, you can view the provisioning status and logs. -1. **Optional**. (If you already have a non-admin account on the kiosk device, skip this step.) Select **Runtime settings** > **Accounts** > **Users**, and then create a local user account. Make sure that the user name is the same as for the account that you specify in the configuration XML. Select **UserGroup** > **Standard Users**. -1. Select **File** > **Save**. -1. Select **Export** > **Provisioning package**, and then select **Owner** > **IT Admin**. This sets the precedence of this provisioning package higher than provisioning packages that are applied to this device from other sources. -1. Select **Next**. -1. On the **Provisioning package security** page, select a security option. - > [!IMPORTANT] - > If you select **Enable package signing**, you also have to select a valid certificate to use for signing the package. To do this, select **Browse** and select the certificate that you want to use to sign the package. - - > [!CAUTION] - > Do not select **Enable package encryption**. On HoloLens devices, this setting causes provisioning to fail. -1. Select **Next**. -1. Specify the output location where you want the provisioning package to go when it's built. By default, Windows Configuration Designer uses the project folder as the output location. If you want to change the output location, select **Browse**. When you are finished, select **Next**. -1. Select **Build** to start building the package. The provisioning package doesn't take long to build. The build page displays the project information, and the progress bar indicates the build status. - -### Provisioning package, step 3 – Apply the provisioning package to HoloLens - -The "Configure HoloLens by using a provisioning package" article provides detailed instructions to apply the provisioning package under the following circumstances: - -- You can initially [apply a provisioning package to HoloLens during setup](hololens-provisioning.md#apply-a-provisioning-package-to-hololens-during-setup). - -- You can also [apply a provisioning package to HoloLens after setup](hololens-provisioning.md#4-apply-a-provisioning-package-to-hololens-after-setup). - -## Use the Windows Device Portal to set up a single-app kiosk - -To set up kiosk mode by using the Windows Device Portal, follow these steps. - -> [!IMPORTANT] -> Kiosk mode is available only if the device has [Windows Holographic for Business](hololens1-upgrade-enterprise.md) installed. - -1. [Set up the HoloLens device to use the Windows Device Portal](https://developer.microsoft.com/windows/mixed-reality/using_the_windows_device_portal#setting_up_hololens_to_use_windows_device_portal). The Device Portal is a web server on your HoloLens that you can connect to from a web browser on your PC. - - > [!CAUTION] - > When you set up HoloLens to use the Device Portal, you have to enable Developer Mode on the device. Developer Mode on a device that has Windows Holographic for Business enables you to side-load apps. However, this setting creates a risk that a user can install apps that have not been certified by the Microsoft Store. Administrators can block the ability to enable Developer Mode by using the **ApplicationManagement/AllowDeveloper Unlock** setting in the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider). [Learn more about Developer Mode.](https://docs.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode) - -1. On a computer, connect to the HoloLens by using [Wi-Fi](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal#connecting_over_wi-fi) or [USB](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal#connecting_over_usb). - -1. Do one of the following: - - If you are connecting to the Windows Device Portal for the first time, [create a user name and password](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal#creating_a_username_and_password) - - Enter the user name and password that you previously set up. - - > [!TIP] - > If you see a certificate error in the browser, follow [these troubleshooting steps](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal#security_certificate). - -1. In the Windows Device Portal, select **Kiosk Mode**. - -1. Select **Enable Kiosk Mode**, select an app to run when the device starts, and then select **Save**. - - ![Kiosk Mode](images/kiosk.png) -1. Restart HoloLens. If you still have your Device Portal page open, you can select **Restart** at the top of the page. - -## More information - -Watch how to configure a kiosk by using a provisioning package. -> [!VIDEO https://www.microsoft.com/videoplayer/embed/fa125d0f-77e4-4f64-b03e-d634a4926884?autoplay=false] diff --git a/devices/hololens/hololens-known-issues.md b/devices/hololens/hololens-known-issues.md deleted file mode 100644 index de39da5999..0000000000 --- a/devices/hololens/hololens-known-issues.md +++ /dev/null @@ -1,198 +0,0 @@ ---- -title: Known issues for HoloLens -description: This is the list of known issues that may affect HoloLens developers. -keywords: troubleshoot, known issue, help -author: mattzmsft -ms.author: mazeller -ms.date: 4/20/2020 -ms.topic: article -ms.custom: -- CI 111456 -- CSSTroubleshooting -HoloLens and holograms: Frequently asked questions -manager: jarrettr -ms.prod: hololens -appliesto: -- HoloLens (1st Gen) -- HoloLens 2 ---- - -# Known issues for HoloLens - -This is the current list of known issues for HoloLens devices. Check here first if you are seeing an odd behavior. This list will be kept updated as new issues are discovered or reported, or as issues are addressed in future HoloLens software updates. - ->[!NOTE] -> - If you discover an issue that is not blocking you please report it on your HoloLens device via [Feedback Hub](hololens-feedback.md). -> - If the issue you are facing is blocking you, in addtion to filing feedback, please [file a support request](https://aka.ms/hlsupport). - -- [Known issues for all HoloLens generations](#known-issues-for-all-hololens-generations) -- [Known issues for HoloLens 2 devices](#known-issues-for-hololens-2-devices) -- [Known issues for HoloLens (1st Gen)](#known-issues-for-hololens-1st-gen) -- [Known issues for HoloLens emulator](#known-issues-for-hololens-emulator) - -## Known issues for all HoloLens generations - -### Unity - -- See [Install the tools](https://docs.microsoft.com/windows/mixed-reality/install-the-tools) for the most up-to-date version of Unity recommended for HoloLens development. -- Known issues with the Unity HoloLens Technical Preview are documented in the [HoloLens Unity forums](https://forum.unity3d.com/threads/known-issues.394627/). - -### Windows Device Portal - -- The Live Preview feature in Mixed Reality capture may exhibit several seconds of latency. -- On the Virtual Input page, the Gesture and Scroll controls under the Virtual Gestures section are not functional. Using them will have no effect. The virtual keyboard on the same page works correctly. -- After enabling Developer Mode in Settings, it may take a few seconds before the switch to turn on the Device Portal is enabled. - -## Known issues for HoloLens 2 devices - -### Blue screen is shown after unenrolling from Insider preview builds on a device reflashed with a Insider build - -This is an issue affecting that affects users who are were on an Insider preview build, reflashed their HoloLens 2 with a new insider preview build, and then unenrolled from the Insider program. - -This does not affect: -- Users who are not enrolled in Windows Insider -- Insiders: - - If a device has been enrolled since Insider builds were version 18362.x - - If they flashed a Insider signed 19041.x build AND stay enrolled in the Insider program - -Work-around: -- Avoid the issue - - Flash a non-insider build. One of the regular monthly updates. - - Stay on Insider Preview -- Reflash the device - 1. Put the [HoloLens 2 into flashing mode](https://review.docs.microsoft.com/hololens/hololens-recovery?branch=master#hololens-2) manually by fully powering down while not connect. Then while holding Volume up, tap the Power button. - 1. Connect to the PC and open Advanced Recovery Companion. - 1. Flash the HoloLens 2 to the default build. - -## Known issues for HoloLens (1st Gen) - -### Unable to connect and deploy to HoloLens through Visual Studio - -> [!NOTE] -> Last Update: 8/8 @ 5:11PM - Visual Studio has released VS 2019 Version 16.2 which includes a fix to this issue. We recommend updating to this newest version to avoid experiencing this error. - -Visual Studio has released VS 2019 Version 16.2 which includes a fix to this issue. We recommend updating to this newest version to avoid experiencing this error. - -Issue root-cause: Users who used Visual Studio 2015 or early releases of Visual Studio 2017 to deploy and debug applications on their HoloLens and then subsequently used the latest versions of Visual Studio 2017 or Visual Studio 2019 with the same HoloLens will be affected. The newer releases of Visual Studio deploy a new version of a component, but files from the older version are left over on the device, causing the newer version to fail. This causes the following error message: DEP0100: Please ensure that target device has developer mode enabled. Could not obtain a developer license on \ due to error 80004005. - -#### Workaround - -Our team is currently working on a fix. In the meantime, you can use the following steps to work around the issue and help unblock deployment and debugging: - -1. Open Visual Studio -1. Select **File** > **New** > **Project**. -1. Select **Visual C#** > **Windows Desktop** > **Console App (.NET Framework)**. -1. Give the project a name (such as "HoloLensDeploymentFix") and make sure the Framework is set to at least .NET Framework 4.5, then Select **OK**. -1. Right-click on the **References** node in Solution Explorer and add the following references (select to the **Browse** section and select **Browse**): - - ```CMD - C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86\Microsoft.Tools.Deploy.dll - C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86\Microsoft.Tools.Connectivity.dll - C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86\SirepInterop.dll - ``` - - > [!NOTE] - > If you don't have 10.0.18362.0 installed, use the most recent version that you have. - -1. Right-click on the project in Solution Explorer and select **Add** > **Existing Item**. -1. Browse to C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86 and change the filter to **All Files (\*.\*)**. -1. Select both SirepClient.dll and SshClient.dll, and Select **Add**. -1. Locate and select both files in Solution Explorer (they should be at the bottom of the list of files) and change **Copy to Output Directory** in the **Properties** window to **Copy always**. -1. At the top of the file, add the following to the existing list of `using` statements: - - ```CMD - using Microsoft.Tools.Deploy; - using System.Net; - ``` - -1. Inside of `static void Main(...)`, add the following code: - - ```PowerShell - RemoteDeployClient client = RemoteDeployClient.CreateRemoteDeployClient(); - client.Connect(new ConnectionOptions() - { - Credentials = new NetworkCredential("DevToolsUser", string.Empty), - IPAddress = IPAddress.Parse(args[0]) - }); - client.RemoteDevice.DeleteFile(@"C:\Data\Users\DefaultAccount\AppData\Local\DevelopmentFiles\VSRemoteTools\x86\CoreCLR\mscorlib.ni.dll"); - ``` - -1. Select **Build** > **Build Solution**. -1. Open a Command Prompt Window and cd to the folder that contains the compiled .exe file (for example, C:\MyProjects\HoloLensDeploymentFix\bin\Debug) -1. Run the executable and provide the device's IP address as a command-line argument. (If connected using USB, you can use 127.0.0.1, otherwise use the device's Wi-Fi IP address.) For example, "HoloLensDeploymentFix 127.0.0.1" - -1. After the tool has exited without any messages (this should only take a few seconds), you will now be able to deploy and debug from Visual Studio 2017 or newer. Continued use of the tool is not necessary. - -We will provide further updates as they become available. - -### Issues launching the Microsoft Store and apps on HoloLens - -> [!NOTE] -> Last Update: 4/2 @ 10 AM - Issue resolved. - -You may experience issues when trying to launch the Microsoft Store and apps on HoloLens. We've determined that the issue occurs when background app updates deploy a newer version of framework packages in specific sequences while one or more of their dependent apps are still running. In this case, an automatic app update delivered a new version of the .NET Native Framework (version 10.0.25531 to 10.0.27413) caused the apps that are running to not correctly update for all running apps consuming the prior version of the framework. The flow for framework update is as follows: - -1. The new framework package is downloaded from the store and installed -1. All apps using the older framework are 'updated' to use the newer version - -If step 2 is interrupted before completion then any apps for which the newer framework wasn't registered will fail to launch from the start menu. We believe any app on HoloLens could be affected by this issue. - -Some users have reported that closing hung apps and launching other apps such as Feedback Hub, 3D Viewer or Photos resolves the issue for them—however, this does not work 100% of the time. - -We have root caused that this issue was not caused the update itself, but a bug in the OS that resulted in the .NET Native framework update being handled incorrectly. We are pleased to announce that we have identified a fix and have released an update (OS version 17763.380) containing the fix. - -To see if your device can take the update, please: - -1. Go to the Settings app and open **Update & Security**. -1. Select **Check for Updates**. -1. If update to 17763.380 is available, please update to this build to receive the fix for the App Hang bug -1. Upon updating to this version of the OS, the Apps should work as expected. - -Additionally, as we do with every HoloLens OS release, we have posted the FFU image to the [Microsoft Download Center](https://aka.ms/hololensdownload/10.0.17763.380). - -If you would not like to take the update, we have released a new version of the Microsoft Store UWP app as of 3/29. After you have the updated version of the Store: - -1. Open the Store and confirm that it loads. -1. Use the bloom gesture to open the menu. -1. Attempt to open previously broken apps. -1. If it still cannot be launched, tap and hold the icon of the broken app and select uninstall. -1. Resinstall these apps from the store. - -If your device is still unable to load apps, you can sideload a version of the .NET Native Framework and Runtime through the download center by following these steps: - -1. Please download [this zip file](https://download.microsoft.com/download/8/5/C/85C23745-794C-419D-B8D7-115FBCCD6DA7/netfx_1.7.zip) from the Microsoft Download Center. Unzipping will produce two files. Microsoft.NET.Native.Runtime.1.7.appx and Microsoft.NET.Native.Framework.1.7.appx -1. Please verify that your device is dev unlocked. If you haven't done that before the instructions to do that are [here](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal). -1. You then want to get into the Windows Device Portal. Our recommendation is to do this over USB and you would do that by typing http://127.0.0.1:10080 into your browser. -1. After you have the Windows Device Portal up we need you to "side load" the two files that you downloaded. To do that you need to go down the left side bar until you get to the **Apps** section and select **Apps**. -1. You will then see a screen that is similar to the below. You want to go to the section that says **Install App** and browse to where you unzipped those two APPX files. You can only do one at a time, so after you select the first one, then click on "Go" under the Deploy section. Then do this for the second APPX file. - - ![Windows Device Portal to Install Side-Loaded app](images/20190322-DevicePortal.png) -1. At this point we believe your applications should start working again and that you can also get to the Store. -1. In some cases, it is necessary run the additional step of launching the 3D Viewer app before affected apps will launch. - -We appreciate your patience as we have gone through the process to get this issue resolved, and we look forward to continued working with our community to create successful Mixed Reality experiences. - -### Device Update - -- 30 seconds after a new update, the shell may disappear one time. Please perform the **bloom** gesture to resume your session. - -### Visual Studio - -- See [Install the tools](https://docs.microsoft.com/windows/mixed-reality/install-the-tools) for the most up-to-date version of Visual Studio that is recommended for HoloLens development. -- When deploying an app from Visual Studio to your HoloLens, you may see the error: **The requested operation cannot be performed on a file with a user-mapped section open. (Exception from HRESULT: 0x800704C8)**. If this happens, try again and your deployment will generally succeed. - -### API - -- If the application sets the [focus point](https://docs.microsoft.com/windows/mixed-reality/focus-point-in-unity) behind the user or the normal to camera.forward, holograms will not appear in Mixed Reality Capture photos or videos. Until this bug is fixed in Windows, if applications actively set the [focus point](https://docs.microsoft.com/windows/mixed-reality/focus-point-in-unity) they should ensure the plane normal is set opposite camera-forward (for example, normal = -camera.forward). - -### Xbox Wireless Controller - -- Xbox Wireless Controller S must be updated before it can be used with HoloLens. Ensure you are [up to date](https://support.xbox.com/xbox-one/accessories/update-controller-for-stereo-headset-adapter) before attempting to pair your controller with a HoloLens. -- If you reboot your HoloLens while the Xbox Wireless Controller is connected, the controller will not automatically reconnect to HoloLens. The Guide button light will flash slowly until the controller powers off after 3 minutes. To reconnect your controller immediately, power off the controller by holding the Guide button until the light turns off. When you power your controller on again, it will reconnect to HoloLens. -- If your HoloLens enters standby while the Xbox Wireless Controller is connected, any input on the controller will wake the HoloLens. You can prevent this by powering off your controller when you are done using it. - -## Known issues for HoloLens emulator - -- Not all apps in the Microsoft Store are compatible with the emulator. For example, Young Conker and Fragments are not playable on the emulator. -- You cannot use the PC webcam in the Emulator. -- The Live Preview feature of the Windows Device Portal does not work with the emulator. You can still capture Mixed Reality videos and images. diff --git a/devices/hololens/hololens-licenses-requirements.md b/devices/hololens/hololens-licenses-requirements.md deleted file mode 100644 index ef727bfc77..0000000000 --- a/devices/hololens/hololens-licenses-requirements.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: Licenses for Mixed Reality Deployment -description: -ms.prod: hololens -ms.sitesec: library -author: pawinfie -ms.author: pawinfie -audience: ITPro -ms.topic: article -ms.localizationpriority: high -ms.date: 1/23/2020 -ms.reviewer: -audience: ITPro -manager: bradke -appliesto: -- HoloLens (1st gen) -- HoloLens 2 ---- - -# Determine what licenses you need - -## Mobile Device Management (MDM) Licenses Guidance - -If you plan on managing your HoloLens devices, you will need Azure AD and an MDM. Active Director (AD) cannot be used to manage HoloLens devices. -If you plan on using an MDM other than Intune, an [Azure Active Directory Licenses](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis) is required. -If you plan on using Intune as your MDM, [here](https://docs.microsoft.com/intune/fundamentals/licenses) are a list of suites that includes Intune licenses. **Please note that Azure AD is included in the majority of these suites.** - -## Identify the licenses needed for your scenario and products - -### HoloLens Licenses Requirements - -You may need to upgrade your HoloLens 1st Gen Device to Windows Holographic for Business. (See [HoloLens commercial features](holoLens-commercial-features.md#feature-comparison-between-editions) to determine if you need to upgrade). - - If so, you will need to do the following: - -- Acquire a HoloLens Enterprise license XML file -- Apply the XML file to the HoloLens. You can do this through a [Provisioning package](hololens-provisioning.md) or through your [Mobile Device Manager](https://docs.microsoft.com/intune/configuration/holographic-upgrade) - -### Remote Assist License Requirements - -Make sure you have the required licensing and device. Updated licensing and product requirements can be found [here](https://docs.microsoft.com/dynamics365/mixed-reality/remote-assist/requirements). - -1. [Remote Assist License](https://docs.microsoft.com/dynamics365/mixed-reality/remote-assist/buy-and-deploy-remote-assist) -1. [Teams Freemium/Teams](https://products.office.com/microsoft-teams/free) -1. [Azure Active Directory (Azure AD) License](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis) - -If you plan on implementing **[this cross-tenant scenario](https://docs.microsoft.com/dynamics365/mixed-reality/remote-assist/cross-tenant-overview#scenario-2-leasing-services-to-other-tenants)**, you may need an Information Barriers license. Please see [this article](https://docs.microsoft.com/dynamics365/mixed-reality/remote-assist/cross-tenant-licensing-implementation#step-1-determine-if-information-barriers-are-necessary) to determine if an Information Barrier License is required. - -### Guides License Requirements - -Updated licensing and device requirements can be found [here](https://docs.microsoft.com/dynamics365/mixed-reality/guides/requirements). - -1. [Azure Active Directory (Azure AD) License](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis) -1. [Power BI](https://powerbi.microsoft.com/desktop/) -1. [Guides](https://docs.microsoft.com/dynamics365/mixed-reality/guides/setup) - -### Scenario 1: Kiosk Mode - -1. If you are **not** planning to manage your device and you are planning to use a local account or an MSA as the login identity, you will not need any additional licenses. Kiosk mode can be accomplished using a provisioning packages. -1. If you are planning to use an MDM to implement Kiosk mode, you will need an [Azure Active Directory (Azure AD) License](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis). - -Additional information regarding kiosk mode will be covered in [Configuring your Network for HoloLens](hololens-commercial-infrastructure.md#how-to-configure-kiosk-mode-using-microsoft-intune). - -## Next Step: [Configure your network for HoloLens](hololens-commercial-infrastructure.md) \ No newline at end of file diff --git a/devices/hololens/hololens-multiple-users.md b/devices/hololens/hololens-multiple-users.md deleted file mode 100644 index 67860a5dd0..0000000000 --- a/devices/hololens/hololens-multiple-users.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -title: Share your HoloLens with multiple people -description: You can configure HoloLens to be shared by multiple Azure Active Directory accounts, or by multiple users that use a single account. -ms.prod: hololens -ms.sitesec: library -author: scooley -ms.author: scooley -ms.topic: article -ms.localizationpriority: medium -ms.date: 09/16/2019 -ms.reviewer: -manager: laurawi -appliesto: -- HoloLens (1st gen) -- HoloLens 2 ---- - -# Share your HoloLens with multiple people - -It's common to share one HoloLens with many people or to have many people share a set of HoloLens devices. This article describes the different ways in which you can share a device. - -## Share with multiple people, each using their own account - -**Prerequisite**: The HoloLens device must be running Windows 10, version 1803 or later. HoloLens (1st gen) also need to be [upgraded to Windows Holographic for Business](hololens-upgrade-enterprise.md). - -When they use their own Azure Active Directory (Azure AD) accounts, multiple users can each keep their own user settings and user data on the device. - -To make sure that multiple people can use their own accounts on your HoloLens, follow these steps to configure it: - -1. Make sure the the device is running Windows 10, version 1803 or later. - > [!IMPORTANT] - > If you are using a HoloLens (1st gen) device, [upgrade the device to Windows Holographic for Business](hololens1-upgrade-enterprise.md). -1. When you set up the device, select **My work or school owns it** and sign in by using an Azure AD account. -1. After you finish setup, make sure that the account settings (**Settings** > **Accounts**) includes **Other users**. - -To use HoloLens, each user follows these steps: - -1. If another user has been using the device, do one of the following: - - Press the power button once to go to standby, and then press the power button again to return to the lock screen - - HoloLens 2 users may select the user tile from the Start menu to sign out the current user. - -1. Use your Azure AD account credentials to sign in to the device. - If this is the first time that you have used the device, you have to [calibrate](hololens-calibration.md) HoloLens to your own eyes. - -To see a list of the device users or to remove a user from the device, go to **Settings** > **Accounts** > **Other users**. - -## Share with multiple people, all using the same account - -Multiple users can also share a HoloLens device while using a single user account. - -**On HoloLens 2**, when a new user puts the device on their head for the first time (while keeping the same account signed in), the device prompts the new user to quickly calibrate and personalize the viewing experience. The device can store the calibration information so that in the future, the device can automatically optimize the quality and comfort of each user's viewing experience. The users do not need to calibrate the device again. - -**On HoloLens (1st gen)** users sharing an account will need to ask to recalibrate in the Settings app. Read more about [calibration](hololens-calibration.md). diff --git a/devices/hololens/hololens-network.md b/devices/hololens/hololens-network.md deleted file mode 100644 index bd9286a91e..0000000000 --- a/devices/hololens/hololens-network.md +++ /dev/null @@ -1,98 +0,0 @@ ---- -title: Connect to a network -description: Instructions on how to connect to internet with HoloLens and how to identify the device's IP address. -ms.assetid: 0895606e-96c0-491e-8b1c-52e56b00365d -author: mattzmsft -ms.author: mazeller -keywords: HoloLens, wifi, wireless, internet, ip, ip address -ms.prod: hololens -ms.sitesec: library -ms.localizationpriority: high -ms.reviewer: -manager: jarrettr -appliesto: -- HoloLens (1st gen) -- HoloLens 2 ---- - -# Connect to a network - -To do most things on your HoloLens, you have to be connected to a network. This guide will help you: - -- Connect to a network using Wi-Fi or (for HoloLens 2 only) Ethernet over USB-C -- Disable and re-enable Wi-Fi - -Read more about [using HoloLens offline](hololens-offline.md). - -## Connecting for the first time - -The first time you use your HoloLens, you'll be guided through connecting to a Wi-Fi network. If you have trouble connecting to Wi-Fi during setup, make sure that your network is either an open, password-protected network or a captive portal network. Make sure that the network doesn't require you to use a certificate to connect. After setup, you can connect to other types of Wi-Fi networks. - -## Connecting to Wi-Fi after setup - -1. Select **Start** > **Settings**. - - *HoloLens (1st gen) only*: Use your gaze to position the Settings app, then air tap to place it, or say "Place." -1. Select **Network & Internet** > **Wi-Fi**. If you don't see your network, scroll down the list. -1. Select a network, then select **Connect**. -1. If you are prompted for a network password type it and then select **Next**. - -## Connecting to Wi-Fi on HoloLens (1st gen) - -HoloLens contains a 802.11ac-capable, 2x2 Wi-Fi radio. Connecting HoloLens to a Wi-Fi network is similar to connecting a Windows 10 Desktop or Mobile device to a Wi-Fi network. - -![HoloLens Wi-Fi settings](./images/wifi-hololens-600px.jpg) - -1. Open the **Start** menu. -1. Select the Settings app from **Start** or from the **All Apps** list on the right of the **Start** menu. The Settings app will be auto-placed in front of you. -1. Select **Network & Internet**. -1. Make sure Wi-Fi is turned on. -1. Select a Wi-Fi network from the list. -1. If needed, type in the Wi-Fi network password. - -You can also confirm you are connected to a Wi-Fi network by checking the Wi-Fi status in the **Start** menu: - -1. Open the **Start** menu. -1. Look at the top left of the **Start** menu for Wi-Fi status. The state of Wi-Fi and the SSID of the connected network will be shown. - -## Troubleshooting your connection to Wi-Fi - -If you experience problems connecting to Wi-Fi, see [I can't connect to Wi-Fi](./hololens-faq.md#i-cant-connect-to-wi-fi). - -When you sign into an enterprise or organizational account on the device, it may also apply Mobile Device Management (MDM) policy, if the policy is configured by your IT administrator. - -## Disabling Wi-Fi on HoloLens (1st gen) - -### Using the Settings app on HoloLens - -1. Open the **Start** menu. -1. Select the **Settings** app from **Start** or from the **All Apps** list on the right of the **Start** menu. The **Settings** app will be auto-placed in front of you. -1. Select **Network & Internet**. -1. Select the Wi-Fi slider switch to move it to the **Off** position. This will turn off the RF components of the Wi-Fi radio and disable all Wi-Fi functionality on HoloLens. - - > [!WARNING] - > When the Wi-Fi radio is disabled, HoloLens will not be able to automatically load your [spaces](hololens-spaces.md). - -1. Move the slider switch to the **On** position to turn on the Wi-Fi radio and restore Wi-Fi functionality on Microsoft HoloLens. The selected Wi-Fi radio state (**On** or **Off**) will persist across reboots. - -## Identifying the IP Address of your HoloLens on the Wi-Fi network - -### By using the Settings app - -1. Open the **Start** menu. -1. Select the **Settings** app from **Start** or from the **All Apps** list on the right of the **Start** menu. The **Settings** app will be auto-placed in front of you. -1. Select **Network & Internet**. -1. Scroll down to beneath the list of available Wi-Fi networks and select **Hardware properties**. - - ![Hardware properties in Wi-Fi settings](./images/wifi-hololens-hwdetails.jpg) - - The IP address appears next to **IPv4 address**. - -### By using Cortana - -Say "Hey Cortana, What's my IP address?" and Cortana will display and read out your IP address. - -### By using Windows Device Portal - -1. In a web browser on your PC, open the [device portal](/windows/mixed-reality/using-the-windows-device-portal.md#networking). -1. Navigate to the **Networking** section. - This section displays your IP address and other network information. By using this method, you can copy and paste of the IP address on your development PC. diff --git a/devices/hololens/hololens-offline.md b/devices/hololens/hololens-offline.md deleted file mode 100644 index e16ee7df6f..0000000000 --- a/devices/hololens/hololens-offline.md +++ /dev/null @@ -1,163 +0,0 @@ ---- -title: Manage connection endpoints for HoloLens -description: To set up HoloLens, you'll need to connect to a Wi-Fi network -keywords: hololens, offline, OOBE -audience: ITPro -ms.date: 07/01/2019 -ms.assetid: b86f603c-d25f-409b-b055-4bbc6edcd301 -author: Teresa-Motiv -ms.author: v-tea -ms.custom: -- CI 111456 -- CSSTroubleshooting -manager: jarrettr -ms.topic: article -ms.prod: hololens -ms.sitesec: library -ms.localizationpriority: high -appliesto: -- HoloLens (1st gen) -- HoloLens 2 ---- - -# Manage connection endpoints for HoloLens - -Some HoloLens components, apps, and related services transfer data to Microsoft network endpoints. This article lists different endpoints and URLs that need to be allowed in your network configuration (e.g. proxy or firewall) for those components to be functional. - -## Near-offline setup - -HoloLens supports a limited set of offline experiences for customers who have network environment restrictions. However, HoloLens needs network connection to go through initial device set up and the following URLs have to be enabled: - -| Purpose | URL | -|------|------| -| IDPS | https://sdx.microsoft.com/frx/idps | -| [NCSI](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-ncsi) | http://www.msftconnecttest.com/connecttest.txt | -| AADv9 | https://login.microsoftonline.com/WebApp/CloudDomainJoin/9 | -| AADv10 | https://login.microsoftonline.com/WebApp/CloudDomainJoin/10 | -| AAD Pin | https://account.live.com/aadngc?uiflavor=win10&showSuccess=1 | -| MSA | https://login.live.com/ppsecure/inlineconnect.srf?id=80600 | -| MSA Pin | https://account.live.com/msangc?fl=enroll | - -## Endpoint configuration - -In addition to the list above, to take full advantage of HoloLens functionality, the following endpoints need to be enabled in your network configuration. - - -| Purpose | URL | -|------|------| -| Azure | wd-prod-fe.cloudapp.azure.com | | | -| | ris-prod-atm.trafficmanager.net | | | | -| | validation-v2.sls.trafficmanager.net | | | | -| Azure AD Multi-Factor Authentication | https://secure.aadcdn.microsoftonline-p.com | | | | -| Intune and MDM Configurations | activation-v2.sls.microsoft.com/* | | | | -| | cdn.onenote.net | | | | -| | client.wns.windows.com | | | | -| | crl.microsoft.com/pki/crl/* | | | | -| | ctldl.windowsupdate.com | | | | -| | *displaycatalog.mp.microsoft.com | | | | -| | dm3p.wns.windows.com | | | | -| | *microsoft.com/pkiops/* | | | | -| | ocsp.digicert.com/* | | | | -| | r.manage.microsoft.com | | | | -| | tile-service.weather.microsoft.com | | | | -| | settings-win.data.microsoft.com | | | | -| Certificates | activation-v2.sls.microsoft.com/* | | | | -| | crl.microsoft.com/pki/crl/* | | | | -| | ocsp.digicert.com/* | | | | -| | https://www.microsoft.com/pkiops/* | | | | -| Cortana and Search | store-images.*microsoft.com | | | | -| | www.bing.com/client | | | | -| | www.bing.com | | | | -| | www.bing.com/proactive | | | | -| | www.bing.com/threshold/xls.aspx | | | | -| | exo-ring.msedge.net | | | | -| | fp.msedge.net | | | | -| | fp-vp.azureedge.net | | | | -| | odinvzc.azureedge.net | | | | -| | spo-ring.msedge.net | | | | -| Device Authentication | login.live.com* | | | | -| Device metadata | dmd.metaservices.microsoft.com | | | | -| Location | inference.location.live.net | | | | -| | location-inference-westus.cloudapp.net | | | | -| Diagnostic Data | v10.events.data.microsoft.com | | | | -| | v10.vortex-win.data.microsoft.com/collect/v1 | | | | -| | https://www.microsoft.com | | | | -| | co4.telecommand.telemetry.microsoft.com | | | | -| | cs11.wpc.v0cdn.net | | | | -| | cs1137.wpc.gammacdn.net | | | | -| | modern.watson.data.microsoft.com* | | | | -| | watson.telemetry.microsoft.com | | | | -| Licensing | licensing.mp.microsoft.com | | | | -| Microsoft Account | login.msa.akadns6.net | | | | -| | us.configsvc1.live.com.akadns.net | | | | -| Microsoft Edge | iecvlist.microsoft.com | | | | -| Microsoft forward link redirection service (FWLink) | go.microsoft.com | | | | -| Microsoft Store | *.wns.windows.com | | | | -| | storecatalogrevocation.storequality.microsoft.com | | | | -| | img-prod-cms-rt-microsoft-com* | | | | -| | store-images.microsoft.com | | | | -| | .md.mp.microsoft.com | | | -| | *displaycatalog.mp.microsoft.com | | | | -| | pti.store.microsoft.com | | | | -| | storeedgefd.dsx.mp.microsoft.com | | | | -| | markets.books.microsoft.com | | | | -| | share.microsoft.com | | | | -| Network Connection Status Indicator (NCSI) | www.msftconnecttest.com* | | | | -| Office | *.c-msedge.net | | | | -| | *.e-msedge.net | | | | -| | *.s-msedge.net | | | | -| | nexusrules.officeapps.live.com | | | | -| | ocos-office365-s2s.msedge.net | | | | -| | officeclient.microsoft.com | | | | -| | outlook.office365.com | | | | -| | client-office365-tas.msedge.net | | | | -| | https://www.office.com | | | | -| | onecollector.cloudapp.aria | | | | -| | v10.events.data.microsoft.com/onecollector/1.0/ | | | | -| | self.events.data.microsoft.com | | | | -| | to-do.microsoft.com | | | | -| OneDrive | g.live.com/1rewlive5skydrive/* | | | | -| | msagfx.live.com | | | | -| | oneclient.sfx.ms | | | | -| Photos App | evoke-windowsservices-tas.msedge.net | | | | -| Settings | cy2.settings.data.microsoft.com.akadns.net | | | | -| | settings.data.microsoft.com | | | | -| | settings-win.data.microsoft.com | | | | -| Windows Defender | wdcp.microsoft.com | | | | -| | definitionupdates.microsoft.com | | | | -| | go.microsoft.com | | | | -| | *smartscreen.microsoft.com | | | | -| | smartscreen-sn3p.smartscreen.microsoft.com | | | | -| | unitedstates.smartscreen-prod.microsoft.com | | | | -| Windows Spotlight | *.search.msn.com | | | | -| | arc.msn.com | | | | -| | g.msn.com* | | | | -| | query.prod.cms.rt.microsoft.com | | | | -| | ris.api.iris.microsoft.com | | | | -| Windows Update | *.prod.do.dsp.mp.microsoft.com | | | | -| | cs9.wac.phicdn.net | | | | -| | emdl.ws.microsoft.com | | | | -| | *.dl.delivery.mp.microsoft.com | | | | -| | *.windowsupdate.com | | | | -| | *.delivery.mp.microsoft.com | | | | -| | *.update.microsoft.com | | | | - - - -## References - -> [!NOTE] -> If you are deploying D365 Remote Assist, you will have to enable the endpoints on this [list](https://docs.microsoft.com/office365/enterprise/urls-and-ip-address-ranges#skype-for-business-online-and-microsoft-teams) -- [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/privacy/configure-windows-diagnostic-data-in-your-organization) -- [Manage connection endpoints for Windows 10 Enterprise, version 1903](https://docs.microsoft.com/windows/privacy/manage-windows-1903-endpoints) -- [Manage connections from Windows 10 operating system components to Microsoft services](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services) -- [Manage connections from Windows 10 operating system components to Microsoft services using Microsoft Intune MDM Server](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm) -- [Intune network configuration requirements and bandwidth](https://docs.microsoft.com/intune/fundamentals/network-bandwidth-use#network-communication-requirements) -- [Network endpoints for Microsoft Intune](https://docs.microsoft.com/intune/fundamentals/intune-endpoints) -- [Office 365 URLs and IP address ranges](https://docs.microsoft.com/office365/enterprise/urls-and-ip-address-ranges) -- [Prerequisites for Azure AD Connect](https://docs.microsoft.com/azure/active-directory/hybrid/how-to-connect-install-prerequisites) - - -## HoloLens limitations - -After your HoloLens is set up, you can use it without a Wi-Fi connection, but apps that use Internet connections will have limited capabilities when you use HoloLens offline. diff --git a/devices/hololens/hololens-provisioning.md b/devices/hololens/hololens-provisioning.md deleted file mode 100644 index 197084ced1..0000000000 --- a/devices/hololens/hololens-provisioning.md +++ /dev/null @@ -1,208 +0,0 @@ ---- -title: Configure HoloLens by using a provisioning package (HoloLens) - -description: Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging. -ms.prod: hololens -ms.sitesec: library -ms.custom: -- CI 111456 -- CSSTroubleshooting -author: dansimp -ms.author: dansimp -ms.topic: article -ms.custom: -- CI 115190 -- CSSTroubleshooting -ms.localizationpriority: medium -ms.date: 03/10/2020 -ms.reviewer: Teresa-Motiv -manager: laurawi -appliesto: -- HoloLens (1st gen) -- HoloLens 2 ---- - -# Configure HoloLens by using a provisioning package - -[Windows provisioning](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-packages) makes it easy for IT administrators to configure end-user devices without imaging. Windows Configuration Designer is a tool for configuring images and runtime settings which are then built into provisioning packages. - -Some of the HoloLens configurations that you can apply in a provisioning package include the following: - -- Upgrade to Windows Holographic for Business [here](hololens1-upgrade-enterprise.md) -- Set up a local account -- Set up a Wi-Fi connection -- Apply certificates to the device -- Enable Developer Mode -- Configure Kiosk mode (Detailed instructions for configuring kiosk mode can be found [here](hololens-kiosk.md#use-a-provisioning-package-to-set-up-a-single-app-or-multi-app-kiosk). - -## Provisioning package HoloLens wizard - -The HoloLens wizard helps you configure the following settings in a provisioning package: - -- Upgrade to the enterprise edition - - > [!NOTE] - > This should only be used for HoloLens 1st gen devices. Settings in a provisioning package are only be applied if the provisioning package includes an edition upgrade license to Windows Holographic for Business or if [the device has already been upgraded to Windows Holographic for Business](hololens1-upgrade-enterprise.md). - -- Configure the HoloLens first experience (OOBE) -- Configure the Wi-Fi network -- Enroll the device in Azure Active Directory, or create a local account -- Add certificates -- Enable Developer Mode -- Configure kiosk mode. (Detailed instructions for configuring kiosk mode can be found [here](hololens-kiosk.md##use-a-provisioning-package-to-set-up-a-single-app-or-multi-app-kiosk)). - -> [!WARNING] -> You must run Windows Configuration Designer on Windows 10 to configure Azure Active Directory enrollment using any of the wizards. - -Provisioning packages can include management instructions and policies, custom network connections and policies, and more. - -> [!TIP] -> Use the desktop wizard to create a package with the common settings, then switch to the advanced editor to add other settings, apps, policies, etc. - -## Steps for creating provisioning packages - -1. **Option 1:** [From Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22). This includes HoloLens 2 capabilities. -2. **Option 2:** [From the Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). If you install Windows Configuration Designer from the Windows ADK, select **Configuration Designer** from the **Select the features you want to install** dialog box. This option does not include HoloLens 2 capabilities. - -> [!NOTE] -> If you know you will be using an offline PC that needs access to Windows Configuration Designer please follow the offline app install [here](https://docs.microsoft.com/hololens/hololens-recovery#downloading-arc-without-using-the-app-store) for Advanced Recovery Companion but making Windows Confiugration Desinger your selection instead. - -### 2. Create the provisioning package - -Use the Windows Configuration Designer tool to create a provisioning package. - -1. Open Windows Configuration Designer (by default, %windir%\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe). - -2. Select **Provision HoloLens devices**. - - ![ICD start options](images/icd-create-options-1703.png) - -3. Name your project and select **Finish**. - -4. Read the instructions on the **Getting started** page and select **Next**. The pages for desktop provisioning walk you through the following steps. - -> [!IMPORTANT] -> When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed. - -### Configure settings - - - - - - - - -
step oneset up device

Browse to and select the enterprise license file to upgrade the HoloLens edition.

You can also toggle Yes or No to hide parts of the first experience.

To set up the device without the need to connect to a Wi-Fi network, toggle Skip Wi-Fi setup to On.

Select a region and timezone in which the device will be used. 		Select enterprise licence file and configure OOBE
step two set up network

In this section, you can enter the details of the Wi-Fi wireless network that the device should automatically connect to. To do this, select On, enter the SSID, the network type (Open or WPA2-Personal), and (if WPA2-Personal) the password for the wireless network.		Enter network SSID and type
step three account management

You can enroll the device in Azure Active Directory, or create a local account on the device

Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, set up Azure AD join in your organization. The maximum number of devices per user setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 30 days from the date you get the token). Select Get bulk token. In the Let's get you signed in window, enter an account that has permissions to join a device to Azure AD, and then the password. Select Accept to give Windows Configuration Designer the necessary permissions.

To create a local account, select that option and enter a user name and password.

Important:
(For Windows 10, version 1607 only) If you create a local account in the provisioning package, you must change the password using the Settings app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in. 		join Azure AD or create a local account
step four add certificates

To provision the device with a certificate, click Add a certificate. Enter a name for the certificate, and then browse to and select the certificate to be used.		add a certificate
step five Developer Setup

Toggle Yes or No to enable Developer Mode on the HoloLens. Learn more about Developer Mode.		Enable Developer Mode
step six finish

Do not set a password to protect your provisioning package. If the provisioning package is protected by a password, provisioning the HoloLens device will fail.		Protect your package
- -After you're done, select **Create**. It only takes a few seconds. When the package is built, the location where the package is stored is displayed as a hyperlink at the bottom of the page. - -### 3. Create a provisioning package for HoloLens by using advanced provisioning - -> [!NOTE] -> A provisioning package that you create in **Advanced provisioning** does not need to include an edition upgrade license to Windows Holographic for Business to succesfully apply to a HoloLens (1st gen). [See more on Windows Holographic for Business for HoloLens (1st gen)](hololens1-upgrade-enterprise.md). - -1. On the Windows Configuration Designer start page, select **Advanced provisioning**. -2. In the **Enter project details** window, specify a name for your project and the location for your project. Optionally, enter a brief description to describe your project. - -3. Select **Next**. - -4. In the **Choose which settings to view and configure** window, select **Windows 10 Holographic**, and then select **Next**. - -5. Select **Finish**. - -6. Expand **Runtime settings** and customize the package by using any of the settings [described later in this article](#what-you-can-configure). - - > [!IMPORTANT] - > (For Windows 10, version 1607 only) If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in. If the user account is locked out, you must [perform a full device recovery](https://developer.microsoft.com/windows/mixed-reality/reset_or_recover_your_hololens#perform_a_full_device_recovery). - -7. Select **File** > **Save**. - -8. Read the warning that project files may contain sensitive information, and select **OK**. - - > [!IMPORTANT] - > When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed. - -9. Select **Export** > **Provisioning package**. - -10. Change **Owner** to **IT Admin**. This sets the precedence of this provisioning package higher than provisioning packages applied to this device from other sources. Select **Next**. - -11. Set a value for **Package Version**. - - > [!TIP] - > You can make changes to existing packages and change the version number to update previously applied packages. - -12. On the **Select security details for the provisioning package**, select **Next**. - - > [!WARNING] - > If you encrypt the provisioning package, provisioning the HoloLens device will fail. - -13. Select **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows Configuration Designer uses the project folder as the output location. - - Optionally, you can select **Browse** to change the default output location. - -14. Select **Next**. - -15. Select **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status. - -16. When the build completes, select **Finish**. - - - -## Apply a provisioning package to HoloLens during setup - -1. Use the USB cable to connect the device to a PC, and then start the device. Do not continue past the **First interactable moment** page of OOBE. - - On HoloLens (1st gen), this page contains a blue box. - - On HoloLens 2, this page contains the hummingbird. - -2. Briefly press and release the **Volume Down** and **Power** buttons simultaneously. - -3. HoloLens shows up as a device in File Explorer on the PC. - -4. In File Explorer, drag and drop the provisioning package (.ppkg) onto the device storage. - -5. Briefly press and release the **Volume Down** and **Power** buttons simultaneously again while on the **fit** page. - -6. The device asks you if you trust the package and would like to apply it. Confirm that you trust the package. - -7. You will see whether the package was applied successfully or not. If it failed, you can fix your package and try again. If it succeeded, proceed with OOBE. - -> [!NOTE] -> If the device was purchased before August 2016, you will need to sign in to the device by using a Microsoft account, get the latest operating system update, and then reset the operating system in order to apply the provisioning package. - -### 4. Apply a provisioning package to HoloLens after setup - -> [!NOTE] -> These steps apply only toWindows 10, version 1809. - -On your PC, follow these steps: -1. Create a provisioning package as described at [Create a provisioning package for HoloLens using the HoloLens wizard](hololens-provisioning.md). -2. Connect the HoloLens device to a PC by using a USB cable. HoloLens shows up as a device in File Explorer on the PC. -3. Drag and drop the provisioning package to the Documents folder on the HoloLens. - -On your HoloLens, follow these steps: -1. Go to **Settings** > **Accounts** > **Access work or school**. -2. In **Related Settings**, select **Add or remove a provisioning package**. -3. On the next page, select **Add a package** to launch the file picker and select your provisioning package. If the folder is empty, make sure you select **This Device** and select **Documents**. - -After your package has been applied, it shows up in the list of **Installed packages**. To view the package details or to remove the package from the device, select the listed package. - -## What you can configure - -Provisioning packages make use of configuration service providers (CSPs). If you're not familiar with CSPs, see [Introduction to configuration service providers (CSPs) for IT pros](https://docs.microsoft.com/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers). - -In Windows Configuration Designer, when you create a provisioning package for Windows Holographic, the settings in **Available customizations** are based on [CSPs that are supported in Windows Holographic](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#csps-supported-in-hololens-devices). The following table describes settings that you might want to configure for HoloLens. - -![Common runtime settings for HoloLens](images/icd-settings.png) - -| Setting | Description | -| --- | --- | -| **Certificates** | Deploy a certificate to HoloLens. | -| **ConnectivityProfiles** | Deploy a Wi-Fi profile to HoloLens. | -| **EditionUpgrade** | [Upgrade to Windows Holographic for Business.](hololens1-upgrade-enterprise.md) | -| **Policies** | Allow or prevent developer mode on HoloLens. [Policies supported by Windows Holographic for Business](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#hololenspolicies) | - -> [!NOTE] -> HoloLens does not currently support installing apps (**UniversalAppInstall**) by using a provisioning package. - -## Next Step: [Enroll your device](hololens-enroll-mdm.md) diff --git a/devices/hololens/hololens-recovery.md b/devices/hololens/hololens-recovery.md deleted file mode 100644 index d8dd0ceb11..0000000000 --- a/devices/hololens/hololens-recovery.md +++ /dev/null @@ -1,145 +0,0 @@ ---- -title: Restart, reset, or recover HoloLens -ms.reviewer: Both basic and advanced instructions for rebooting or resetting your HoloLens. -description: How to use Advanced Recovery Companion to flash an image to HoloLens 2. -keywords: how-to, reboot, reset, recover, hard reset, soft reset, power cycle, HoloLens, shut down, arc, advanced recovery companion -ms.prod: hololens -ms.sitesec: library -author: mattzmsft -ms.author: mazeller -ms.date: 04/27/2020 -ms.custom: -- CI 111456 -- CSSTroubleshooting -ms.topic: article -ms.localizationpriority: high -manager: jarrettr -appliesto: -- HoloLens (1st gen) -- HoloLens 2 ---- - -# Reset and Recovery for HoloLens 2 - -## Charging the device - -Before starting any troubleshooting procedure, if possible, ensure that your device is charged at least between 20% and 40%. - -Please ensure you are using the charger and the USB Type-C cables that come with the HoloLens2 device. In case they are not available ensure the charger available can support at least 15W of power. - -> [!NOTE] -> If possible, do not use a PC to charge the device over USB as this will provide a very slow charge. - -If the device is correctly booted and running there are three different ways of checking the charge of your battery. - -1. From the main menu of the HoloLens Device UI. -2. Using the LED close to the power button (for 40% you should see at least two solid LEDS). -3. On your Host PC open File Explorer window and look for your HoloLens 2 device on left side under “This PC”. - - a. Right click on the name of the device and select properties. A dialog will appear showing the battery level for your device. - -![HoloLens 2 ResetRecovery](images/ResetRecovery2.png) - -If the device cannot be booted to the Startup Menu, please take note of the LEDs and enumeration on the host PC and follow the troubleshooting guide (https://docs.microsoft.com/hololens/hololens-troubleshooting). In case the state of the device does not fall in any of the states listed in the troubleshooting guide, execute the **hard reset procedure** without reconnecting the device to your host PC, but connect it instead to the power supply. Wait for at least one hour for the device to charge. - -## Reset the device - -Under certain circumstances the customer may be required to manually reset the device without using the SW UI. - -### Standard procedure -1. Disconnect the device from the power supply or the host PC by unplugging the Type-C cable. - -2. Press and hold the **power button** for 15 seconds. All LEDs should be off. - -3. Wait 2-3 seconds and Short press the **power button**, the LEDs close to the power button will light up and the device will start to boot. - -4. Connect the device to the host PC, open Device Manager (for Windows 10 press the **“Windows” key** and then the **“x” key** and click on “Device Manager”) and make sure the device enumerates correctly as Microsoft HoloLens as shown in the pictures below: - -![HoloLens 2 MicrosoftHoloLensRecovery](images/MicrosoftHoloLensRecovery.png) - -### Hard-reset procedure - -If the standard reset procedure does not work, you can use the hard-reset procedure. - -1. Disconnect the device from the power supply or the host PC by unplugging the Type-C cable. - -2. Hold **volume down + power button** for 15 seconds. - -3. The device will automatically reboot. - -4. Connect the device to the host PC, open Device Manager (for Windows 10 press the **“Windows” key** and then the **“x” key** and click on “Device Manager”) and make sure the device enumerates correctly as Microsoft HoloLens as shown in the pictures below. - -![HoloLens 2 MicrosoftHoloLensRecovery](images/MicrosoftHoloLens_DeviceManager.png) - -## Clean reflash the device - -In extraordinary situations you may be required to clean flash the device. There are two ways to reflash a HoloLens2 device. For all reflashing procedures you will be required to [install the Advanced Recovery Companion app from the Windows Store](https://www.microsoft.com/store/productId/9P74Z35SFRS8). If you reset your device, all your personal data, apps, and settings will be erased, including TPM reset. - -Advanced Recovery Companion is currently set to download the feature release build for [Windows Holographic 2004](hololens-release-notes.md#windows-holographic-version-2004), if you would like to download the latest HoloLens 2 FFU to flash your device via Advanced Recovery Companion then you may download it from [here](https://aka.ms/hololens2download). This is kept up-to-date and will match the latest generally available build. - -Before starting the flashing procedure make sure the app is installed and running on your Windows 10 PC and ready to detect the device. - -![HoloLens 2 Clean Reflash](images/ARC1.png) - -### Normal procedure - -1. While the HoloLens device is running, connect it to your Windows 10 PC where you previously launched the Advanced Recovery Companion App. - -2. The device will automatically be detected and the Advanced Recovery Companion App UI will update as follows: - -![HoloLens 2 Clean Reflash](images/ARC2.png) - -3. Select the HoloLens2 device in the Advanced Recovery Companion App UI and follow the instructions to complete the flashing. - -### Manual procedure - -If the device does not boot correctly you may need to put the HoloLens 2 device in Recovery mode. - -1. Disconnect the device from the power supply or the host PC by unplugging the Type-C cable. - -2. Press and hold the **power button** for 15 seconds. All LEDs should turn off. - -3. While pressing the **volume up button**, press and release the **power button** to boot the device. Wait 15 seconds before releasing the volume up button. Out of the 5 LEDs on the device, only the middle LED will light up. - -4. Connect the device to the host PC, open Device Manager (for Windows 10 press the **“Windows” key** and then the **“x” key** and click on “Device Manager”) and make sure the device enumerates correctly as Microsoft HoloLens as shown in the image below. - -![HoloLens 2 MicrosoftHoloLensRecovery](images/MicrosoftHoloLensRecovery.png) - -5. The device will be automatically detected, and the Advanced Recovery Companion app UI will update as follows: - -![HoloLens 2 Clean Reflash](images/ARC2.png) - -6. Select the HoloLens 2 device in the Advanced Recovery Companion app UI and follow the instructions to complete the flashing. - -## Downloading ARC without using the app store - -If an IT environment prevents the use of the Windows Store app or limits access to the retail store, IT administrators can make this app available through other ‘offline’ deployment paths. - -- This process may also be used for other apps, as seen in step 2. This guide will focus on Advanced Recovery Companion, but my be modified for other offline apps. - -This deployment path can be enabled with the following steps: -1. Go to the [Store For Business website](https://businessstore.microsoft.com) and sign-in with an Azure AD identity. -1. Go to **Manage – Settings**, and turn on **Show offline apps** under **Shopping experience** as described at https://businessstore.microsoft.com/manage/settings/shop -1. Go to **shop for my group** and search for the [Advanced Recovery Companion](https://businessstore.microsoft.com/store/details/advanced-recovery-companion/9P74Z35SFRS8) app. -1. Change the **License Type** box to offline and click **Manage**. -1. Under Download the package for offline use click the second blue **“Download”** button . Ensure the file extension is .appxbundle. -1. At this stage, if the Desktop PC has Internet access, simply double click and install. -1. The IT administrator can also distribute this app through System Center Configuration Manager (SCCM) or Intune. -1. If the target PC has no Internet connectivity, some additional steps are needed: - 1. Select the unencoded license and click **“Generate license”** and under **“Required Frameworks”** click **“Download.”** - 1. PCs without internet access will need to use DISM to apply the package with the dependency and license. In an administrator command prompt, type: - - ```console - C:\WINDOWS\system32>dism /online /Add-ProvisionedAppxPackage /PackagePath:"C:\ARCoffline\Microsoft.AdvancedRecoveryCompanion_1.19050.1301.0_neutral_~_8wekyb3d8bbwe.appxbundle" /DependencyPackagePath:"C:\ARCoffline\Microsoft.VCLibs.140.00.UWPDesktop_14.0.27629.0_x86__8wekyb3d8bbwe.appx" /LicensePath:"C:\ARCoffline\Microsoft.AdvancedRecoveryCompanion_8wekyb3d8bbwe_f72ce112-dd2e-d771-8827-9cbcbf89f8b5.xml" /Region:all - ``` -> [!NOTE] -> The version number in this code example may not match the currently avalible version. You may have also choosen a different download location than in the example given. Please make sure to make any changes as needed. - -> [!TIP] -> When planning to use Advanced Recovery Companion to install an ffu offline it may be useful to download your flashing image to be availible, here is the [current image for HoloLens 2](https://aka.ms/hololens2download). - -Other resources: -- https://docs.microsoft.com/microsoft-store/distribute-offline-apps -- https://docs.microsoft.com/windows-hardware/manufacture/desktop/dism-app-package--appx-or-appxbundle--servicing-command-line-options - - diff --git a/devices/hololens/hololens-release-notes.md b/devices/hololens/hololens-release-notes.md deleted file mode 100644 index fcdcb7b372..0000000000 --- a/devices/hololens/hololens-release-notes.md +++ /dev/null @@ -1,287 +0,0 @@ ---- -title: HoloLens 2 release notes -description: Learn about updates in each new HoloLens release. -author: scooley -ms.author: scooley -manager: laurawi -ms.prod: hololens -ms.sitesec: library -ms.topic: article -ms.localizationpriority: medium -ms.date: 06/9/2020 -ms.custom: -- CI 111456 -- CSSTroubleshooting -audience: ITPro -appliesto: -- HoloLens 2 - ---- - -# HoloLens 2 release notes - -To ensure you have a productive experience with your HoloLens devices, we continue to release feature, bug and security updates. In this page you can learn about what’s new on HoloLens each month. If you would like to download the latest HoloLens 2 FFU to flash your device via [Advanced Recovery Companion](hololens-recovery.md#clean-reflash-the-device) then you may download it from [here](https://aka.ms/hololens2download). This is kept up-to-date and will match the latest generally available build. - -HoloLens Emulator Release Notes can be found [here](https://docs.microsoft.com/windows/mixed-reality/hololens-emulator-archive). - -## Windows Holographic, version 2004 - June 2020 Update -- Build 19041.1106 - -Improvements and fixes in the update: - -- Custom MRC recorders have new default values for certain properties if they aren't specified. - - On the MRC Video Effect: - - PreferredHologramPerspective (1 PhotoVideoCamera) - - GlobalOpacityCoefficient (0.9 (HoloLens) 1.0 (Immersive headset)) - - On the MRC Audio Effect: - - LoopbackGain (the current "App Audio Gain" value on the Mixed Reality Capture page in Windows Device Portal) - - MicrophoneGain (the current "Mic Audio Gain" value on the Mixed Reality Capture page in Windows Device Portal) -- This update contains a bug fix that improves audio quality in Mixed Reality Capture scenarios. Specifically, it should eliminate any audio glitching in the recording when the Start Menu is displayed. -- Improved hologram stability in recorded videos. -- Resolves an issue where mixed reality capture couldn't record video after device is left in standby state for multiple days. -- The HolographicSpace.UserPresence API is generally disabled for Unity applications to avoid an issue which causes some apps to pause when the visor is flipped up, even if the setting to run in the background is enabled. The API is now enabled for Unity versions 2018.4.18 and higher, and 2019.3.4 and higher. -- When accessing Device Portal over a WiFi connection, a web browser might prevent access to due to an invalid certificate, reporting an error such as "ERR_SSL_PROTOCOL_ERROR," even if the device certificate has previously been trusted. In this case, you would be unable to progress to Device Portal as options to ignore security warnings are not available. This update resolves the issue. If the device certificate was previously downloaded and trusted on a PC to remove browser security warnings and the SSL error has been encountered, the new certificate will need to be downloaded and trusted to address browser security warnings. -- Enabled ability to create a runtime provisioning package which can install an app using MSIX packages. -- New setting that users can find under Settings > System > Holograms, that allows users to automatically remove all holograms from the mixed reality home when the device shuts down. -- Fixed an issue that caused HoloLens apps that change their pixel format to render black in the HoloLens emulator. -- Fixed bug that caused a crash during Iris Login. -- Fixes an issue around repeated store downloads for already current apps. -- Fixed a bug to preventing immersive apps from launching Edge multiple times. -- Fixes an issue around launches of the Photos app in initial boots after updating from the 1903 release. -- Improved performance and reliability. - -## Windows Holographic, version 1903 - June 2020 Update -- Build 18362.1064 - -Improvements and fixes in the update: - -- Custom MRC recorders have new default values for certain properties if they aren't specified. - - On the MRC Video Effect: - - PreferredHologramPerspective (1 PhotoVideoCamera) - - GlobalOpacityCoefficient (0.9 (HoloLens) 1.0 (Immersive headset)) - - On the MRC Audio Effect: - - LoopbackGain (the current "App Audio Gain" value on the Mixed Reality Capture page in Windows Device Portal) - - MicrophoneGain (the current "Mic Audio Gain" value on the Mixed Reality Capture page in Windows Device Portal) -- The HolographicSpace.UserPresence API is generally disabled for Unity applications to avoid an issue which causes some apps to pause when the visor is flipped up, even if the setting to run in the background is enabled. The API is now enabled for Unity versions 2018.4.18 and higher, and 2019.3.4 and higher. -- Fixed an issue that caused HoloLens apps that change their pixel format to render black in the HoloLens emulator. -- Fixes an issue around launches of the Photos app in initial boots after updating from the 1903 release. - -## Windows Holographic, version 2004 -Build - 19041.1103 - -We are excited to announce our May 2020 major software update for HoloLens 2, **Windows Holographic, version 2004**. This release includes a host of exciting new capabilities, such as support for Windows Autopilot, app dark mode, USB Ethernet support for 5G/LTE hotspots, and much more. To update to the latest release, open the **Settings app**, go to **Update & Security**, then select the **Check for Updates** button. - -| Feature | Description | -|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------| -| Windows Autopilot | Pre-configure and seamlessly set up new devices for production, with Windows AutoPilot | -| FIDO 2 support | Support for FIDO2 Security Keys to enable fast and secure authentication for shared devices | -| Improved provisioning | Seamlessly apply a provisioning package from a USB drive to your HoloLens | -| Application install status | Check install status for apps have been pushed to HoloLens 2 via MDM, in the Settings app | -| Configuration Service Providers (CSPs) | Added new Configuration Service Providers (CSPs) enhancing admin control capabilities. | -| USB 5G/LTE support | Expanded USB Ethernet capability enables support for 5G/LTE | -| Dark App Mode | Dark App Mode for apps that support both dark and light modes, improving the viewing experience | -| Voice Commands | Support for additional system voice commands to control HoloLens, hands-free | -| Hand Tracking improvements | Hand Tracking improvements make buttons and 2D slate interactions more accurate | -| Quality improvements and fixes | Various system performance and reliability improvements across the platform | - -### Support for Windows Autopilot - -Windows Autopilot for HoloLens 2 lets the device sales channel pre-enroll HoloLens into your Intune tenant. When devices arrive, they’re ready to self-deploy as shared devices under your tenant. To take advantage of self-deployment, devices will need to connect to a network during the first screen in setup using either a USB-C to ethernet dongle or USB-C to LTE dongle. - -When a user starts the Autopilot self-deploying process, the process completes the following steps: - -1. Join the device to Azure Active Directory (Azure AD). -1. Use Azure AD to enroll the device in Microsoft Intune (or another MDM service). -1. Download the device-targeted policies, certificates, and networking profiles. -1. Provision the device. -1. Present the sign-in screen to the user. - -Learn more from the [Windows Autopilot for HoloLens 2 evaluation guide](https://docs.microsoft.com/hololens/hololens2-autopilot). - -**Contact your Account Manager to join the AutoPilot preview now. Autopilot-ready devices will begin shipping soon.** - -### FIDO2 Security Key support - -Many of you share a HoloLens device with lots of people in a work or school environment. Whether devices are shared between students in a classroom or they're checked out from a device locker, it's important to be able to change users quickly and easily without typing long usernames and passwords. - -FIDO lets anyone in your organization (AAD tenant) seamlessly sign into HoloLens without entering a username or password. - -FIDO2 security keys are an unphishable standards-based passwordless authentication method that can come in any form factor. Fast Identity Online (FIDO) is an open standard for passwordless authentication. FIDO allows users and organizations to leverage the standard to sign-in to their resources without a username or password using an external security key or a platform key built into a device. - -Read the [passwordless security docs](https://docs.microsoft.com/azure/active-directory/authentication/howto-authentication-passwordless-security-key) to get started. - -### Improved MDM enrollment via provisioning package - -Provisioning packages let you set HoloLens configuration through a config file rather than going through the HoloLens out of box experience. Previously, provisioning packages had to be copied onto HoloLens' internal memory, now they can be on a USB drive so they're easier to re-use on multiple HoloLens and so more people can provision HoloLens in parallel. In addition, provisioning packages support a new field to enroll in device management so there is no manual set up post-provisioning. - -1. To try it out, download the latest version of the Windows Configuration Designer from the Windows store onto your PC. -1. Select **Provision HoloLens Devices** > Select **Provision HoloLens 2 devices** -1. Build your configuration profile and, when you're done, copy all files created to a USB-C storage device. -1. Plug it into any freshly flashed HoloLens and press **Volume down + Power** to apply your provisioning package. - -### Line of Business application install status - -MDM app deployment and management for Line of Business (LOB) apps is critical for our customers. Admins and users need to be able to view app install status, for auditing and diagnosis purposes. In this release we are adding more details in **Settings > Accounts > Access work or school > Click on your account > Info.** - -### Additional CSPs and Policies - -A [configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference?redirectedfrom=MSDN) is an interface to read, set, modify, or delete configuration settings on a device. In this release, we are adding support for more policies, increasing the control administrators have over deployed HoloLens devices. For the list of CSPs supported by HoloLens, visit this [link](https://docs.microsoft.com/windows/client-management/mdm/networkqospolicy-csp). New in this release: - -**Policy CSP** - -The Policy configuration service provider enables the enterprise to configure policies on Windows devices. In this release, we are adding new policies for HoloLens, listed below. You can learn more about supported policies [here](https://docs.microsoft.com/windows/client-management/mdm/policies-supported-by-hololens2). - -- LetAppsAccessCamera_ForceAllowTheseApps -- LetAppsAccessCamera_ForceDenyTheseApps -- LetAppsAccessCamera_UserInControlOfTheseApps -- LetAppsAccessGazeInput -- LetAppsAccessGazeInput_ForceAllowTheseApps -- LetAppsAccessGazeInput_ForceDenyTheseApps -- LetAppsAccessGazeInput_UserInControlOfTheseApps -- LetAppsAccessMicrophone_ForceAllowTheseApps -- LetAppsAccessMicrophone_ForceDenyTheseApps -- LetAppsAccessMicrophone_UserInControlOfTheseApps -- AllowWiFi - -**NetworkQoSPolicy CSP** -The NetworkQoSPolicy configuration service provider creates network Quality of Service (QoS) policies. A QoS policy performs a set of actions on network traffic based on a set of matching conditions. You can learn more about this policy [here](https://docs.microsoft.com/windows/client-management/mdm/networkqospolicy-csp). - -### Expanded USB Ethernet support for 5G/LTE tethered devices - -Support has been added to enable certain mobile broadband devices, such as 5G/LTE phones and WiFi hotpots when tethered to the HoloLens 2 via USB. These devices will be displayed in network settings as another ethernet connection. Mobile broadband devices that require an external driver are not supported. This enables high bandwidth connections in scenarios where WiFi is not available, and WiFi tethering isn’t performant enough. You can learn more about supported USB devices [here](https://docs.microsoft.com/hololens/hololens-connect-devices). - -### Hand Tracking Improvements - -Hand tracking has received several improvements in this release. - -- **Pointing pose stability:** The system will now resist bending the index finger when it becomes occluded by the palm. This improves accuracy when pushing buttons, typing, scrolling content, and more! -- **Reduced accidental AirTaps:** We’ve improved detection of the AirTap gesture. Now there are fewer accidental activations in several common cases, such as dropping your hands to your side. -- **User switch reliability:** The system is now faster and more reliable at updating the hand size when sharing a device back and forth. -- **Reduced hand stealing:** We’ve improved handling of cases where there are more than 2 hands in view of the sensors. If multiple people are working close together, there is now a much lower chance that the tracked hand will jump from the user to the hand of someone else in the scene. -- **System reliability:** Fixed an issue that would cause hand tracking to stop working for a period if the device is under high load. - -### Dark mode - -Many Windows apps now support both dark and light modes, and HoloLens 2 customers can choose the default mode for apps that support both. Once updated, the default app mode will be "dark," but can be changed easily. Navigate to Settings > System > Colors to find "Choose your default app mode." Here are some of the in-box apps that support Dark mode: - -- Settings -- Microsoft Store -- Mail -- Calendar -- File Explorer -- Feedback Hub -- OneDrive -- Photos -- 3D Viewer -- Movies & TV - -![Dark mode windows tiled](images/DarkMode.jpg) - -### System voice commands - -You can now quickly access and use commands with your voice while using any app on the device. If you're running your system with a different language, please try the appropriate commands in that language. For more details on the commands and how to use them, see our documentation [here](https://docs.microsoft.com/hololens/hololens-cortana). - -### Cortana updates - -The updated app integrates with Microsoft 365, currently in English (United States) only, to help you get more done across your devices. On HoloLens 2, Cortana will no longer support certain device-specific commands like adjusting the volume or restarting the device, which are now supported with the new system voice commands mentioned above. Learn more about the new Cortana app and its direction on our blog [here](https://blogs.windows.com/windowsexperience/2020/02/28/cortana-in-the-upcoming-windows-10-release-focused-on-your-productivity-with-enhanced-security-and-privacy/). - -### Quality improvements and fixes - -Improvements and Fixes also in the update: -- The update introduces an active display calibration system. This improves the stability and alignment of holograms, which helps them stay in place when moving your head side-to-side. -- Fixed a bug where Wi-Fi streaming to HoloLens gets disrupted periodically. If an application indicates that it needs low latency streaming this fix is can be accomplished by calling [this function](https://docs.microsoft.com/windows/win32/api/socketapi/nf-socketapi-setsocketmediastreamingmode). -- Fixed an issue where the device could hang during streaming in research mode. -- Fixed bug where in some cases the right user would not be displayed on sign-in screen when resuming session. -- Fixed an issue where users could not export MDM logs through settings. -- Fixed an issue where the accuracy of eye tracking immediately following out-of-box-setup could be lower than specification. -- Fixed an issue where eye tracking subsystem would fail to initialize and/or perform calibration under certain conditions. -- Fixed an issue where eye calibration would be prompted for an already calibrated user. -- Fixed an issue where a driver would crash during eye calibration. -- Fixed an issue where repeated power button presses can cause a 60 second system time-out and shell crash. -- Improved stability for depth buffers. -- Added ‘Share’ button in Feedback Hub so users can more easily share feedback. -- Fixed a bug where RoboRaid did not install correctly. - -### Known issues - -- We are investigating an issue surrounding the use of the zh-CN system language that prevents the voice commands for taking a mixed reality capture or displaying the device IP address from working. -- We're investigating an issue that requires you to launch the Cortana app after booting the device in order to use the "Hey Cortana" voice activation, and if you updated from a 18362 build, you may see a second app tile for the previous version of the Cortana app in Start that no longer works. - -## Windows Holographic, version 1903 - May 2020 Update -- Build 18362.1061 - -This monthly quality update does not contain any changes of note because the team has been focused on providing you with the highest quality Feature Update now available in the Windows Holographic, version 2004 May Update detailed above. Please take this opportunity to move to the latest feature update to get a ton of exciting new changes. - -## Windows Holographic, version 1903 - April 2020 Update -- Build 18362.1059 - -**Dark mode for supported apps** - -Many Windows apps support both dark and light modes, and soon HoloLens 2 customers can choose the default mode for apps that support both color schemes! Based on overwhelmingly positive customer feedback, with this update we are setting the default app mode to "dark," but you can easily change this setting at any time. -Navigate to **Settings > System > Colors** to find **"Choose your default app mode."** - -Here are some of the in-box apps that support dark mode: -- Settings -- Microsoft Store -- Mail -- Calendar -- File Explorer -- Feedback Hub -- OneDrive -- Photos -- 3D Viewer -- Movies & TV - -**Improvements and fixes also in the update:** -- Ensure shell overlays are included in mixed reality captures. -- Unreal developers are now able to use the 3D View page in Device Portal to test and debug their applications. -- Improve hologram stability in mixed reality capture when the HolographicDepthReprojectionMethod DepthReprojection algorithm is used. -- Fixed WinRT IStreamSocketListener API Class Not Registered error on 32-bit ARM app. - -## Windows Holographic, version 1903 - March 2020 Update -- Build 18362.1056 - -Improvements and fixes in the update: - -- Improve hologram stability in mixed reality capture when the HolographicDepthReprojectionMethod AutoPlanar algorithm is used. -- Ensures the coordinate system attached to a depth MF sample is consistent with public documentation. -- Developers productivity improvement by enabling customers to paste large amount of text through device portal. - -## Windows Holographic, version 1903 - February 2020 Update -- Build 18362.1053 - -Improvements and fixes in the update: - -- Temporarily disabled the HolographicSpace.UserPresence API for Unity applications to avoid an issue which causes some apps to pause when the visor is flipped up, even if the setting to run in the background is enabled. -- Fixed a random HUP crash cased by hand tracking, in which user will notice an UI freeze then back to shell after several seconds. -- We made an improvement in hand tracking so that while poking using index finger, the upper part of that finger will be less likely to curl unexpectedly. -- Improved reliability of head tracking, spatial mapping, and other runtimes. - -## Windows Holographic, version 1903 - January 2020 Update -- Build 18362.1043 - -Improvement in the update: - -- Stability improvements for exclusive apps when working with the HoloLens 2 emulator. - -## Windows Holographic, version 1903 - December 2019 Update -- Build 18362.1042 - -Improvements and fixes in the update: - -- Introduces LSR (Last Stage Reproduction) fixes. Improves visual rendering of holograms to appear more stable and crisp by more accurately accounting for their depth. This will be more noticeable if apps do not set the depth of holograms correctly, after this update. -- Fixes stability of exclusive apps and navigation between exclusive apps. -- Resolves an issue where Mixed Reality Capture couldn't record video after device is left in standby state for multiple days. -- Improves hologram stability. - -## Windows Holographic, version 1903 - November 2019 Update -- Build 18362.1039 - -Improvements and fixes in the update: - -- Fixes for **"Select"** voice commands during initial set-up for en-CA and en-AU. -- Improvements in visual quality of objects placed far away in latest Unity and MRTK versions. -- Fixes addressing issues with holographic applications being stuck in a paused state on launch until the pins panel is brought up and dismissed again. -- OpenXR runtime conformance fixes and improvements for HoloLens 2 and the emulator. - - diff --git a/devices/hololens/hololens-requirements.md b/devices/hololens/hololens-requirements.md deleted file mode 100644 index a175ddd5eb..0000000000 --- a/devices/hololens/hololens-requirements.md +++ /dev/null @@ -1,118 +0,0 @@ ---- -title: Set up HoloLens in a commercial environment -description: Learn more about deploying and managing HoloLens in enterprise environments. -ms.prod: hololens -ms.sitesec: library -ms.assetid: 88bf50aa-0bac-4142-afa4-20b37c013001 -author: scooley -ms.author: scooley -audience: ITPro -ms.topic: article -ms.localizationpriority: medium -ms.date: 07/15/2019 ---- - -# Deploy HoloLens in a commercial environment - -You can deploy and configure HoloLens at scale in a commercial setting. This article provides instructions for deploying HoloLens devices in a commercial environment. This guide assumes basic familiarity with HoloLens. Follow the [get started guide](hololens1-setup.md) to set up HoloLens for the first time. - -This document also assumes that the HoloLens has been evaluated by security teams as safe to use on the corporate network. Frequently asked security questions can be found [here](hololens-faq-security.md) - -## Overview of Deployment Steps - -1. [Determine what features you need](hololens-requirements.md#step-1-determine-what-you-need) -1. [Determine what licenses you need](hololens-licenses-requirements.md) -1. [Configure your network for HoloLens](hololens-commercial-infrastructure.md). - 1. This section includes bandwidth requirements, URL, and ports that need to be allowed on your firewall; Azure AD guidance; Mobile Device Management (MDM) Guidance; app deployment/management guidance; and certificate guidance. -1. (Optional) [Configure HoloLens using a provisioning package](hololens-provisioning.md) -1. [Enroll Device](hololens-enroll-mdm.md) -1. [Set up ring based updates for HoloLens](hololens-updates.md) -1. [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) - -## Step 1. Determine what you need - -Before deploying the HoloLens in your environment, it is important to first determine what features, apps, and type of identities are needed. It is also important to ensure that your security team has approved of the use of the HoloLens on the company's network. Please see [Frequently ask security questions](hololens-faq-security.md) for additional security information. - -### Type of Identity - -Determine the type of identity that will be used to sign into the device. - -1. **Local Accounts:** This account is local to the device (like a local admin account on a windows PC). This will allow only 1 user to log into the device. -2. **MSA:** This is a personal account (like outlook, hotmail, gmail, yahoo, etc.) This will allow only 1 user to log into the device. -3. **Azure Active Directory (Azure AD) accounts:** This is an account created in Azure AD. This grants your corporation the ability to manage the HoloLens device. This will allow multiple users to log into the HoloLens 1st Gen Commercial Suite/the HoloLens 2 device. - -For more detailed information about identity types, please visit our [HoloLens Identity](hololens-identity.md) article. - -### Type of Features - -Your feature requirements will determine which HoloLens you need. One popular feature that we see deployed in customer environments frequently is Kiosk Mode. A list of HoloLens key features, and the editions of HoloLens that support them, can be found [here](hololens-commercial-features.md). - -**What is Kiosk Mode?** - -Kiosk mode is a way to restrict the apps that a user has access to. This means that users will only be allowed to access certain apps. - -**What Kiosk Mode do I require?** - -There are two types of Kiosk Modes: Single app and multi-app. Single app kiosk mode allows user to only access one app while multi-app kiosk mode allows users to access multiple, specified apps. To determine which kiosk mode is right for your corporation, the following two questions need to be answered: - -1. **Do different users require different experiences/restrictions?** Consider the following example: User A is a field service engineer who only needs access to Remote Assist. User B is a trainee who only needs access to Guides. - 1. If yes, you will require the following: - 1. Azure AD Accounts as the method of signing into the device. - 1. **Multi-app** kiosk mode. - 1. If no, continue to question two -1. **Do you require a multi-app experience?** - 1. If yes, **Multi-app** kiosk is mode is needed - 1. If your answer to question 1 and 2 are both no, **single-app** kiosk mode can be used - -**How to Configure Kiosk Mode:** - -There are two main ways ([provisioning packages](hololens-kiosk.md#use-a-provisioning-package-to-set-up-a-single-app-or-multi-app-kiosk) and [MDM](hololens-kiosk.md#use-microsoft-intune-or-other-mdm-to-set-up-a-single-app-or-multi-app-kiosk)) to deploy kiosk mode for HoloLens. These options will be discussed later in the document; however, you can use the links above to jump to the respective sections in this doc. - -### Apps and App Specific Scenarios - -The majority of the steps found in this document will also apply to the following apps: - -| App | App Specific Scenarios | -| --- | --- | -| Remote Assist | [Cross Tenant Communication](https://docs.microsoft.com/dynamics365/mixed-reality/remote-assist/cross-tenant-overview)| -| Guides | *Coming Soon* | -|Custom Apps | *Coming Soon* | - -### Determine your enrollment method - -1. Bulk enrollment with a security token in a provisioning package. - Pros: this is the most automated approach\ - Cons: takes initial server-side setup -1. Auto-enroll on user sign in. - Pros: easiest approach - Cons: users will need to complete set up after the provisioning package has been applied -1. _not recommended_ - Manually enroll post-setup. - Pros: possible to enroll after set up - Cons: most manual approach and devices aren't centrally manageable until they're manually enrolled. - - More information can be found [here](hololens-enroll-mdm.md) - -### Determine if you need to create a provisioning package - -There are two methods to configure a HoloLens device (Provisioning packages and MDMs). We suggest using your MDM to configure you HoloLens device. However, there are some scenarios where using a provisioning package is the better choice: - -1. You want to configure the HoloLens to skip the Out of Box Experience (OOBE) -1. You are having trouble deploying certificate in a complex network. The majority of the time you can deploy certificates using MDM (even in complex environments). However, some scenarios require certificates to be deployed through the provisioning package. - -Some of the HoloLens configurations you can apply in a provisioning package: - -- Apply certificates to the device -- Set up a Wi-Fi connection -- Pre-configure out of box questions like language and locale -- (HoloLens 2) bulk enroll in mobile device management -- (HoloLens v1) Apply key to enable Windows Holographic for Business - -If you decide to use provisioning packages, follow [this guide](hololens-provisioning.md). - -## Next Step: [Determine what licenses you need](hololens-licenses-requirements.md) - -## Get support - -Get support through the Microsoft support site. - -[File a support request](https://support.microsoft.com/supportforbusiness/productselection?sapid=e9391227-fa6d-927b-0fff-f96288631b8f) diff --git a/devices/hololens/hololens-spaces.md b/devices/hololens/hololens-spaces.md deleted file mode 100644 index 485e56773e..0000000000 --- a/devices/hololens/hololens-spaces.md +++ /dev/null @@ -1,117 +0,0 @@ ---- -title: Map physical spaces with HoloLens -description: HoloLens learns what a space looks like over time. Users can facilitate this process by moving the HoloLens in certain ways through the space. -ms.assetid: bd55ecd1-697a-4b09-8274-48d1499fcb0b -author: dorreneb -ms.author: dobrown -ms.custom: -- CI 111456 -- CSSTroubleshooting -ms.date: 09/16/2019 -keywords: hololens, Windows Mixed Reality, design, spatial mapping, HoloLens, surface reconstruction, mesh, head tracking, mapping -ms.prod: hololens -ms.sitesec: library -ms.topic: article -ms.localizationpriority: high -appliesto: -- HoloLens 1 (1st gen) -- HoloLens 2 ---- - -# Map physical spaces with HoloLens - -HoloLens blends holograms with your physical world. To do that, HoloLens has to learn about the physical world around you and remember where you place holograms within that space. - -Over time, the HoloLens builds up a *spatial map* of the environment that it has seen. HoloLens updates the map as the environment changes. As long as you are logged in and the device is turned on, HoloLens creates and updates your spatial maps. If you hold or wear the device with the cameras pointed at a space, the HoloLens tries to map the area. While the HoloLens learns a space naturally over time, there are ways in which you can help HoloLens map your space more quickly and efficiently. - -> [!NOTE] -> If your HoloLens can't map your space or is out of calibration, HoloLens may enter Limited mode. In Limited mode, you won't be able to place holograms in your surroundings. - -This article explains how HoloLens maps spaces, how to improve spatial mapping, and how to manage the spatial data that HoloLens collects. - -## Choosing and setting up and your space - -Features in your environment can make it difficult for the HoloLens to interpret a space. Light levels, materials in the space, the layout of objects, and more can all affect how HoloLens maps an area. - -HoloLens works best in certain kinds of environments. To produce the best spatial map, choose a room that has adequate light and plenty of space. Avoid dark spaces and rooms that have a lot of dark, shiny, or translucent surfaces (for instance, mirrors or gauzy curtains). - -HoloLens is optimized for indoor use. Spatial mapping also works best when Wi-Fi is turned on, although it doesn't have to be connected to a network. HoloLens can obtain Wi-Fi access points even if it is not connected or authenticated. HoloLens functionality does not change whether the access points are internet-connected or intranet/local only. - -Only use HoloLens in safe places with no tripping hazards. [More on safety](https://support.microsoft.com/help/4023454/safety-information). - -## Mapping your space - -Now you're ready to start mapping your spare. When HoloLens starts mapping your surroundings, you'll see a mesh graphic spreading over the space. In mixed reality home, you can trigger the map to show by selecting on a mapped surface. - -Here are guidelines for building a great spatial map. - -### Understand the scenarios for the area - -It is important to spend the most time where you will be using the HoloLens, so that the map is relevant and complete. For example, if a user scenario for HoloLens involves moving from Point A to Point B, walk that path two to three times, looking in all directions as you move. - -### Walk slowly around the space - -If you walk too quickly around the area, it's likely that the HoloLens will miss mapping areas. Walk slowly around the space, stopping every 5-8 feet to look around at your surroundings. - -Smooth movements also help the HoloLens map more efficiently. - -### Look in all directions - -Looking around as you map the space gives the HoloLens more data on where points are relative to each other. - -If you don't look up, for example, the HoloLens may not know where the ceiling in a room is. - -Don't forget to look down at the floor as you map the space. - -### Cover key areas multiple times - -Moving through an area multiple times will help pick up features you may have missed on the first walkthrough. To build an ideal map, try traversing an area two to three times. - -If possible, while repeating these movements, spend time walking through an area in one direction, then turn around and walk back the way you came. - -### Take your time mapping the area - -It can take between 15 and 20 minutes for the HoloLens to fully map and adjust itself to its surroundings. If you have a space in which you plan to use a HoloLens frequently, taking that time up front to map the space can prevent issues later on. - -## Possible errors in the spatial map - -Errors in spatial mapping data fall into a few categories: - -- *Holes*: Real-world surfaces are missing from the spatial mapping data. -- *Hallucinations*: Surfaces exist in the spatial mapping data that do not exist in the real world. -- *Wormholes*: HoloLens 'loses' part of the spatial map by thinking it is in a different part of the map than it actually is. -- *Bias*: Surfaces in the spatial mapping data are imperfectly aligned with real-world surfaces, either pushed in or pulled out. - -If you see any of these errors please use the [FeedbackHub](hololens-feedback.md) to send feedback. - -## Security and storage for spatial data - -Windows 10 version 1803 update for Microsoft HoloLens and later stores mapping data in a local (on-device) database. - -HoloLens users cannot directly access the map database, even when the device is plugged into a PC or when using the File Explorer app. When BitLocker is enabled on HoloLens, the stored map data is also encrypted along with the entire volume. - -### Remove map data and known spaces from HoloLens - -There are two options for deleting map data in **Settings > System > Holograms**: - -- To delete nearby holograms, select **Remove nearby holograms**. This command clears the map data and anchored holograms for the current space. If you continue to use the device in the same space, it creates and stores a brand new map section to replace the deleted information. - - > [!NOTE] - > "Nearby" holograms are holograms that are anchored within the same map section in the current space. - - For example, you can use this option to clear work-related map data without affecting any home-related map data. - -- To delete all holograms, select **Remove all holograms**. This command clears all map data that is stored on the device as well as all anchored holograms. You will need to explicitly place any holograms. You will not be able to rediscover the previously-placed holograms. - -> [!NOTE] -> After you remove nearby or all holograms, HoloLens immediately starts scanning and mapping the current space. - -### Wi-Fi data in spatial maps - -HoloLens stores Wi-Fi characteristics to help correlate hologram locations and map sections that are stored within the HoloLens database of known spaces. Information about Wi-Fi characteristics is not accessible to users, and not sent to Microsoft using the cloud or using telemetry. - -As long as Wi-Fi is enabled, HoloLens correlates map data with nearby Wi-Fi access points. There is no difference in behavior whether a network is connected or just detected nearby. If Wi-Fi is disabled, HoloLens still searches the space. However, HoloLens has to search more of the map data within the spaces database, and may need more time to find holograms. Without the Wi-Fi info, the HoloLens has to compare active scans to all hologram anchors and map sections that are stored on the device in order to locate the correct portion of the map. - -## Related topics - -- [Spatial mapping design](https://docs.microsoft.com/windows/mixed-reality/spatial-mapping-design) diff --git a/devices/hololens/hololens-status.md b/devices/hololens/hololens-status.md deleted file mode 100644 index a1209dd3c8..0000000000 --- a/devices/hololens/hololens-status.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -title: Status of the HoloLens services -description: Shows the status of HoloLens online services. -author: Teresa-Motiv -ms.author: v-tea -ms.reviewer: luoreill -manager: jarrettr -audience: Admin -ms.custom: -- CI 111456 -- CSSTroubleshooting -ms.topic: article -ms.prod: hololens -ms.localizationpriority: high -ms.sitesec: library ---- - -# Status of the HoloLens services - -✔️ **All services are active** - -**Key** ✔️ Good, ⓘ Information, ⚠ Warning, ❌ Critical - -Area|HoloLens (1st gen)|HoloLens 2 -----|:----:|:----: -[Azure services](https://status.azure.com/status)|✔️|✔️ -[Store app](https://www.microsoft.com/store/collections/hlgettingstarted/hololens)|✔️|✔️ -[Apps](https://www.microsoft.com/hololens/apps)|✔️|✔️ -[MDM](https://docs.microsoft.com/hololens/hololens-enroll-mdm)|✔️|✔️ - -## Notes and related topics - -[Frequently asked questions about using Skype for HoloLens](https://support.skype.com/faq/FA34641/frequently-asked-questions-about-using-skype-for-hololens) - -For more details about the status of the myriad Azure Services that can connect to HoloLens, see [Azure status](https://azure.microsoft.com/status/). - -For more details about current known issues, see [HoloLens known issues](hololens-known-issues.md). - -Follow HoloLens on [Twitter](https://twitter.com/HoloLens) and subscribe on [Reddit](https://www.reddit.com/r/HoloLens/). diff --git a/devices/hololens/hololens-troubleshooting.md b/devices/hololens/hololens-troubleshooting.md deleted file mode 100644 index d0bd894a3e..0000000000 --- a/devices/hololens/hololens-troubleshooting.md +++ /dev/null @@ -1,97 +0,0 @@ ---- -title: Troubleshoot HoloLens issues -description: Solutions for common HoloLens issues. -author: mattzmsft -ms.author: mazeller -ms.date: 12/02/2019 -ms.prod: hololens -ms.topic: article -ms.custom: CSSTroubleshooting -audience: ITPro -ms.localizationpriority: medium -keywords: issues, bug, troubleshoot, fix, help, support, HoloLens -manager: jarrettr -ms.custom: -- CI 111456 -- CSSTroubleshooting -appliesto: -- HoloLens (1st gen) -- HoloLens 2 ---- - -# Troubleshoot HoloLens issues - -This article describes how to resolve several common HoloLens issues. - -## My HoloLens is unresponsive or won't start - -If your HoloLens won't start: - -- If the LEDs next to the power button don't light up, or only one LED briefly blinks, you may need to [charge your HoloLens.](hololens-recovery.md#charging-the-device) -- If the LEDs light up when you press the power button but you can't see anything on the displays, [preform a hard reset of the device](hololens-recovery.md#hard-reset-procedure). - -If your HoloLens becomes frozen or unresponsive: - -- Turn off your HoloLens by pressing the power button until all five of the LEDs turn themselves off, or for 15 seconds if the LEDs are unresponsive. To start your HoloLens, press the power button again. - -If these steps don't work, you can try [recovering your HoloLens 2 device](hololens-recovery.md) or [HoloLens (1st gen) device.](hololens1-recovery.md) - -## Holograms don't look good - -If your holograms are unstable, jumpy, or don't look right, try: - -- Cleaning your device visor and sensor bar on the front of your HoloLens. -- Increasing the light in your room. -- Walking around and looking at your surroundings so that HoloLens can scan them more completely. -- Calibrating your HoloLens for your eyes. Go to **Settings** > **System** > **Utilities**. Under **Calibration**, select **Open Calibration**. - -## HoloLens doesn't respond to gestures - -To make sure that HoloLens can see your gestures. Keep your hand in the gesture frame - when HoloLens can see your hand, the cursor changes from a dot to a ring. - -Learn more about using gestures on [HoloLens (1st gen)](hololens1-basic-usage.md#use-hololens-with-your-hands) or [HoloLens 2](hololens2-basic-usage.md#the-hand-tracking-frame). - -If your environment is too dark, HoloLens might not see your hand, so make sure that there's enough light. - -If your visor has fingerprints or smudges, use the microfiber cleaning cloth that came with the HoloLens to clean your visor gently. - -## HoloLens doesn't respond to my voice commands - -If Cortana isn't responding to your voice commands, make sure Cortana is turned on. On the All apps list, select **Cortana** > **Menu** > **Notebook** > **Settings** to make changes. To learn more about what you can say, see [Use your voice with HoloLens](hololens-cortana.md). - -## I can't place holograms or see holograms that I previously placed - -If HoloLens can't map or load your space, it enters Limited mode and you won't be able to place holograms or see holograms that you've placed. Here are some things to try: - -- Make sure that there's enough light in your environment so HoloLens can see and map the space. -- Make sure that you're connected to a Wi-Fi network. If you're not connected to Wi-Fi, HoloLens can't identify and load a known space. -- If you need to create a new space, connect to Wi-Fi, then restart your HoloLens. -- To see if the correct space is active, or to manually load a space, go to **Settings** > **System** > **Spaces**. -- If the correct space is loaded and you're still having problems, the space may be corrupt. To fix this issue, select the space, then select **Remove**. After you remove the space, HoloLens starts to map your surroundings and create a new space. - -## My HoloLens can't tell what space I'm in - -If your HoloLens can't identify and load the space you're in automatically, check the following factors: - -- Make sure that you're connected to Wi-Fi -- Make sure that there's plenty of light in the room -- Make sure that there haven't been any major changes to the surroundings. - -You can also load a space manually or manage your spaces by going to **Settings** > **System** > **Spaces**. - -## I'm getting a "low disk space" error - -You'll need to free up some storage space by doing one or more of the following: - -- Delete some unused spaces. Go to **Settings** > **System** > **Spaces**, select a space that you no longer need, and then select **Remove**. -- Remove some of the holograms that you've placed. -- Delete some pictures and videos from the Photos app. -- Uninstall some apps from your HoloLens. In the **All apps** list, tap and hold the app you want to uninstall, and then select **Uninstall**. - -## My HoloLens can't create a new space - -The most likely problem is that you're running low on storage space. Try one of the [previous tips](#im-getting-a-low-disk-space-error) to free up some disk space. - -## The HoloLens emulator isn't working - -Information about the HoloLens emulator is located in our developer documentation. Read more about [troubleshooting the HoloLens emulator](https://docs.microsoft.com/windows/mixed-reality/using-the-hololens-emulator#troubleshooting). diff --git a/devices/hololens/hololens-update-hololens.md b/devices/hololens/hololens-update-hololens.md deleted file mode 100644 index 14d8993c95..0000000000 --- a/devices/hololens/hololens-update-hololens.md +++ /dev/null @@ -1,92 +0,0 @@ ---- -title: Update HoloLens -description: Check your HoloLens' build number, update, and roll back updates. -keywords: how-to, update, roll back, HoloLens, check build, build number -ms.prod: hololens -ms.sitesec: library -author: scooley -ms.author: scooley -ms.topic: article -ms.localizationpriority: medium -ms.date: 11/27/2019 -audience: ITPro -ms.reviewer: -manager: jarrettr -appliesto: -- HoloLens (1st gen) -- HoloLens 2 ---- - -# Update HoloLens - -HoloLens uses Windows Update, just like other Windows 10 devices. Your HoloLens will automatically download and install system updates whenever it is plugged-in to power and connected to the Internet, even when it is in standby. - -This article will walk through HoloLens tools for: - -- viewing your current operating system version (build number) -- checking for updates -- manually updating HoloLens -- rolling back to an older update - -## Check your operating system version (build number) - -You can verify the system version number, (build number) by opening the Settings app and selecting **System** > **About**. - -## Check for updates and manually update - -You can check for updates any time in settings. To see available updates and check for new updates: - -1. Open the **Settings** app. -1. Navigate to **Update & Security** > **Windows Update**. -1. Select **Check for updates**. - -If an update is available, it will start downloading the new version. After the download is complete, select the **Restart Now** button to trigger the installation. If your device is below 40% and not plugged in, restarting will not start installing the update. - -While your HoloLens is installing the update, it will display spinning gears and a progress indicator. Do not turn off your HoloLens during this time. It will restart automatically once it has completed the installation. - -HoloLens applies one update at a time. If your HoloLens is more than one version behind the latest you may need to run through the update process multiple times to get it fully up to date. - -## Go back to a previous version - HoloLens 2 - -In some cases, you might want to go back to a previous version of the HoloLens software. You can do this by using the Advanced Recovery Companion to reset your HoloLens to the earlier version. - -> [!NOTE] -> Going back to an earlier version deletes your personal files and settings. - -To go back to a previous version of HoloLens 2, follow these steps: - -1. Make sure that you don't have any phones or Windows devices plugged in to your PC. -1. On your PC, download the [Advanced Recovery Companion](https://www.microsoft.com/p/advanced-recovery-companion/9p74z35sfrs8?activetab=pivot:overviewtab) from the Microsoft Store. -1. Download the [most recent HoloLens 2 release](https://aka.ms/hololens2download). -1. When you have finished these downloads, open **File explorer** > **Downloads**. Right-click the zipped folder that you just downloaded, and select **Extract all** > **Extract** to unzip it. -1. Connect your HoloLens to your PC using a USB-A to USB-C cable. (Even if you've been using other cables to connect your HoloLens, this one works best.) -1. The Advanced Recovery Companion automatically detects your HoloLens. Select the **Microsoft HoloLens** tile. -1. On the next screen, select **Manual package selection** and then select the installation file contained in the folder that you unzipped in step 4. (Look for a file with the .ffu extension.) -1. Select **Install software**, and follow the instructions. - -## Go back to a previous version - HoloLens (1st Gen) - -In some cases, you might want to go back to a previous version of the HoloLens software. You can do this by using the Windows Device Recovery Tool to reset your HoloLens to the earlier version. - -> [!NOTE] -> Going back to an earlier version deletes your personal files and settings. - -To go back to a previous version of HoloLens 1, follow these steps: - -1. Make sure that you don't have any phones or Windows devices plugged in to your PC. -1. On your PC, download the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379). -1. Download the [HoloLens Anniversary Update recovery package](https://aka.ms/hololensrecovery). -1. When the downloads finish, open **File explorer** > **Downloads**. Right-click the zipped folder you just downloaded, and select **Extract all** > **Extract** to unzip it. -1. Connect your HoloLens to your PC using the micro-USB cable that it came with. (Even if you've been using other cables to connect your HoloLens, this one works best.) -1. The WDRT will automatically detect your HoloLens. Select the **Microsoft HoloLens** tile. -1. On the next screen, select **Manual package selection** and choose the installation file contained in the folder you unzipped in step 4. (Look for a file with the .ffu extension.) -1. Select **Install software**, and follow the instructions. - -> [!NOTE] -> If the WDRT doesn't detect your HoloLens, try restarting your PC. If that doesn't work, select **My device was not detected**, select **Microsoft HoloLens**, and then follow the instructions. - -## Windows Insider Program on HoloLens - -Want to see the latest features in HoloLens? If so, join the Windows Insider Program; you'll get access to preview builds of HoloLens software updates before they're available to the general public. - -[Get Windows Insider preview for Microsoft HoloLens](hololens-insider.md). diff --git a/devices/hololens/hololens-updates.md b/devices/hololens/hololens-updates.md deleted file mode 100644 index 2b4e28a971..0000000000 --- a/devices/hololens/hololens-updates.md +++ /dev/null @@ -1,216 +0,0 @@ ---- -title: Manage HoloLens updates -description: Administrators can use mobile device management to manage updates to HoloLens devices. -ms.prod: hololens -ms.sitesec: library -author: Teresa-Motiv -ms.author: v-tea -audience: ITPro -ms.topic: article -ms.localizationpriority: high -ms.date: 03/24/2020 -ms.reviewer: jarrettr -manager: jarrettr -ms.custom: -- CI 115825 -- CI 111456 -- CSSTroubleshooting -appliesto: -- HoloLens (1st gen) -- HoloLens 2 ---- - -# Manage HoloLens updates - -HoloLens uses Windows Update in the same manner as other Windows 10 devices. When an update is available, it is automatically downloaded and installed the next time that your device is plugged in and connected to the internet. This article describes how to manage updates in an enterprise or other managed environment. For information about managing updates to individual HoloLens devices, see [Update HoloLens](hololens-update-hololens.md). - -## Manage updates automatically - -Windows Holographic for Business can use [Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb) to manage updates. All HoloLens 2 devices can use Windows Holographic for Business. Make sure that they use Windows Holographic for Business build 10.0.18362.1042 or a later build. If you have HoloLens (1st gen) devices, you have to [upgrade them to Windows Holographic for Business](hololens1-upgrade-enterprise.md) to manage their updates. - -Windows Update for Business connects HoloLens devices directly to the Windows Update service. By using Windows Update for Business, you can control multiple aspects of the update process—that is, which devices get which updates at what time. For example, you can roll out updates to a subset of devices for testing, then roll out updates to the remaining devices at a later date. Or, you can define different update schedules for different types of updates. - -> [!NOTE] -> For HoloLens devices, you can automatically manage feature updates (released twice a year) and quality updates (released monthly or as required, including critical security updates). For more information about update types, see [Types of updates managed by Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb#types-of-updates-managed-by-windows-update-for-business). - -You can configure Windows Update for Business settings for HoloLens by using policies in a Mobile Device Management (MDM) solution such as Microsoft Intune. - -For a detailed discussion about how to use Intune to configure Windows Update for Business, see [Manage Windows 10 software updates in Intune](https://docs.microsoft.com/intune/protect/windows-update-for-business-configure). - -> [!IMPORTANT] -> Intune provides two policy types for managing updates: *Windows 10 update ring* and *Windows 10 feature updates*. The Windows 10 feature update policy type is in public preview at this time and is not supported for HoloLens. -> -> You can use Windows 10 update ring policies to manage HoloLens 2 updates. - -### Configure update policies for HoloLens 2 or HoloLens (1st gen) - -This section describes the policies that you can use to manage updates for either HoloLens 2 or HoloLens (1st gen). For information about additional functionality that is available for HoloLens 2, see [Plan and configure update rollouts for HoloLens 2](#plan-and-configure-update-rollouts-for-hololens-2). - -The [Policy configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update) defines the policies that configure Windows Update for Business. - -> [!NOTE] -> For details about specific policies that are supported by specific editions of HoloLens, see [Policies supported by HoloLens devices](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#policies-supported-by-hololens-devices). - -#### Configure automatic checks for updates - -You can use the **Update/AllowAutoUpdate** policy to manage automatic update behavior, such as scanning, downloading, and installing updates. - -This policy supports the following values: - -- **0** - Notify the user when there is an update that is ready to download that applies to the device. -- **1** - Automatically install the update, and then notify the user to schedule a device restart. -- **2** - Automatically install the update, and then restart the device. This is the recommended value, and it is the default value for this policy. - -- **3** - Automatically install the update, and then restart at a specified time. Specify the installation day and time. If no day and time are specified, the default is daily at 3 A.M. - -- **4** - Automatically install the update, and then restart the device. This option also sets the Settings page to read-only. - -- **5** - Turn off automatic updates. - -For more details about the available settings for this policy, see [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate). - -> [!NOTE] -> In Microsoft Intune, you can use **Automatic Update Behavior** to change this policy. For more information, see [Manage software updates in Microsoft Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure). - -#### Configure an update schedule - -To configure how and when updates are applied, use the following policies: - -- [Update/ScheduledInstallDay](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallday). - - Values: **0**–**7** (0 = every day, 1 = Sunday, 7 = Saturday) - - Default value: **0** (every day) -- [Update/ScheduledInstallTime](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstalltime). - - Values: 0–23 (0 = midnight, 23 = 11 P.M.) - - Default value: 3 P.M. - -#### For devices that run Windows 10, version 1607 only - -You can use the following update policies to configure devices to get updates from the Windows Server Update Service (WSUS), instead of Windows Update: - -- [Update/AllowUpdateService](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowupdateservice) -- [Update/RequireUpdateApproval](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-requireupdateapproval) -- [Update/UpdateServiceUrl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-updateserviceurl) - -### Plan and configure update rollouts for HoloLens 2 - -HoloLens 2 supports more update automation features than HoloLens (1st gen). this is especially true if you use Microsoft Intune to manage Windows Update for Business policy. These features make it easier for you to plan and implement update rollouts across your organization. - -#### Plan the update strategy - -Windows Updates for Business supports deferral policies. After Microsoft releases an update, you can use a deferral policy to define how long to wait before installing that update on devices. By associating subsets of your devices (referred to as *update rings*) with different deferral policies, you can coordinate an update rollout strategy for your organization. - -For example, consider an organization that has 1,000 devices and has to update them in five ways. The organization can create five update rings, as shown in the following table. - -|Group |Number of devices |Deferral (days) | -| ---| :---: | :---: | -|Grp 1 (IT staff) |5 |0 | -|Grp 2 (early adopters) |50 |60 | -|Grp 3 (main 1) |250 |120 | -|Grp 4 (main 2) |300 |150 | -|Grp 5 (main 3) |395 |180 | - -Here's how the rollout progresses over time to the entire organization. - -![Timeline for deploying updates](./images/hololens-updates-timeline.png) - -#### Configure an update deferral policy - -A deferral policy specifies the number of days between the date that an update becomes available and the date that the update is offered to a device. - -You can configure different deferrals for feature updates and quality updates. The following table lists the specific policies to use for each type, as well as the maximum deferral for each. - -|Category |Policy |Maximum deferral | -| --- | --- | --- | -|Feature updates |DeferFeatureUpdatesPeriodInDays |365 days | -|Quality updates |DeferQualityUpdatesPeriodInDays |30 days | - -#### Examples: Using Intune to manage updates - -**Example 1: Create and assign an update ring** - -For a more detailed version of this example, see [Create and assign update rings](https://docs.microsoft.com/mem/intune/protect/windows-update-for-business-configure#create-and-assign-update-rings). - -1. Sign in to the [Microsoft Endpoint Manager Admin Center](https://go.microsoft.com/fwlink/?linkid=2109431), and navigate to your Intune profiles. -1. Select **Software Updates** > **Windows 10 update rings** > **Create**. -1. Under **Basics**, specify a name and a description (optional), and then select **Next**. -1. Under **Update ring settings**, for **Servicing channel**, select **Semi-Annual Channel**, and then change **Feature update deferral period** to **120**. Then, select **Next**. -1. Under **Assignments**, select **+ Select groups to include**, and then assign the update ring to one or more groups. Use **+ Select groups to exclude** to fine-tune the assignments. Then, select **Next**. -1. Under **Review + create**, review the settings. When you're ready to save the update ring configuration, select **Create**. - -The list of update rings now includes the new Windows 10 update ring. - -**Example 2: Pause an update ring** - -If you encounter a problem when you deploy a feature or quality update, you can pause the update for 35 days (starting from a specified date). This pause prevents other devices from installing the update until you resolve or mitigate the issue. If you pause a feature update, quality updates are still offered to devices to make sure that they stay secure. After the specified time has passed, the pause automatically expires. At that point, the update process resumes. - -To pause an update ring in Intune, follow these steps: - -1. On the overview page for the update ring, select **Pause**. -1. Select the type of update (**Feature** or **Quality**) to pause, and then select **OK**. - -When an update type is paused, the Overview pane for that ring displays how many days remain before that update type resumes. - -While the update ring is paused, you can select either of the following options: - -- To extend the pause period for an update type for 35 days, select **Extend**. -- To restore updates for that ring to active operation, select **Resume**. You can pause the update ring again if it is necessary. - -> [!NOTE] -> The **Uninstall** operation for update rings is not supported for HoloLens 2 devices. - -## Manually check for updates - -Although HoloLens periodically checks for system updates so that you don't have to, there may be circumstances in which you want to manually check. - -To manually check for updates, go to **Settings** > **Update & Security** > **Check for updates**. If the Settings app indicates that your device is up to date, you have all the updates that are currently available. - -## Manually revert an update - -In some cases, you might want to go back to a previous version of the HoloLens software. The process for doing this depends on whether you are using HoloLens 2 or HoloLens (1st gen). - -### Go back to a previous version (HoloLens 2) - -You can roll back updates and return to a previous version of HoloLens 2 by using the Advanced Recovery Companion to reset your HoloLens to the earlier version. - -> [!NOTE] -> Reverting to an earlier version deletes your personal files and settings. - -To go back to a previous version of HoloLens 2, follow these steps: - -1. Make sure that you don't have any phones or Windows devices plugged in to your computer. -1. On your computer, download the [Advanced Recovery Companion](https://www.microsoft.com/p/advanced-recovery-companion/9p74z35sfrs8?activetab=pivot:overviewtab) from the Microsoft Store. -1. Download the [most recent HoloLens 2 release](https://aka.ms/hololens2download). -1. When you have finished these downloads, open **File explorer** > **Downloads**, right-click the compressed (zipped) folder that you just downloaded, and then select **Extract all** > **Extract** to expand the file. -1. Use a USB-A to USB-C cable to connect your HoloLens device to your computer. Even if you've been using other cables to connect your HoloLens, this kind of cable works best. -1. The Advanced Recovery Companion automatically detects your HoloLens device. Select the **Microsoft HoloLens** tile. -1. On the next screen, select **Manual package selection**, and then open the folder that you previously expanded. -1. Select the installation file (the file that has an .ffu extension). -1. Select **Install software**, and then follow the instructions. - -### Go back to a previous version (HoloLens (1st gen)) - -You can roll back updates and return to a previous version of HoloLens (1st gen) by using the Windows Device Recovery Tool to reset your HoloLens to the earlier version. - -> [!NOTE] -> Reverting to an earlier version deletes your personal files and settings. - -To go back to a previous version of HoloLens (1st gen), follow these steps: - -1. Make sure that you don't have any phones or Windows devices plugged in to your computer. -1. On your computer, download the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379). -1. Download the [HoloLens Anniversary Update recovery package](https://aka.ms/hololensrecovery). -1. After the downloads finish, open **File explorer** > **Downloads**, right-click the compressed (zipped) folder that you just downloaded, and then select **Extract all** > **Extract** to expand the file. -1. Use the micro-USB cable that was provided together with your HoloLens device to connect your HoloLens device to your computer. Even if you've been using other cables to connect your HoloLens device, this one works best. -1. The WDRT automatically detects your HoloLens device. Select the **Microsoft HoloLens** tile. -1. On the next screen, select **Manual package selection**, and then open the folder that you previously expanded. -1. Select the installation file (the file that has an .ffu extension). -1. Select **Install software**, and then follow the instructions. - -> [!NOTE] -> If the WDRT doesn't detect your HoloLens device, try restarting your computer. If that doesn't work, select **My device was not detected**, select **Microsoft HoloLens**, and then follow the instructions. - -## Related articles - -- [Deploy updates using Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb) -- [Assign devices to servicing channels for Windows 10 updates](https://docs.microsoft.com/windows/deployment/update/waas-servicing-channels-windows-10-updates) -- [Manage Windows 10 software updates in Intune](https://docs.microsoft.com/mem/intune/protect/windows-update-for-business-configure) diff --git a/devices/hololens/hololens1-basic-usage.md b/devices/hololens/hololens1-basic-usage.md deleted file mode 100644 index 282eaada0a..0000000000 --- a/devices/hololens/hololens1-basic-usage.md +++ /dev/null @@ -1,138 +0,0 @@ ---- -title: Getting around HoloLens (1st gen) -description: A brief tour of the HoloLens (1st gen) interface -ms.assetid: 064f7eb0-190e-4643-abeb-ed3b09312042 -ms.date: 9/16/2019 -ms.reviewer: jarrettr -manager: jarrettr -keywords: hololens -ms.prod: hololens -ms.sitesec: library -author: v-miegge -ms.author: v-miegge -ms.topic: article -ms.localizationpriority: high -appliesto: -- HoloLens (1st gen) ---- - -# Getting around HoloLens (1st gen) - -Ready to step into the world of holograms? Here's some information to get started. - -This guide provides an intro to mixed reality, gestures for interacting with holograms, and an intro to Windows Holographic. - -## Discover mixed reality - -On HoloLens, holograms blend with your physical environment to look and sound like they're part of your world. Even when holograms are all around you, you can still see your surroundings, move freely, and interact with other people and objects. We call this experience "mixed reality." - -The holographic frame positions your holograms where your eyes are most sensitive to detail, and the see-through lenses leave your peripheral vision unobscured. With spatial sound, you can pinpoint a hologram even if it’s behind you. And because HoloLens learns and understands your environment, you can place holograms on and around real objects—and so can your apps and games. So a character in a game might sit down on your sofa, or [space robots could bust out of your walls](https://www.microsoft.com/store/apps/9nblggh5fv3j). - -## Use HoloLens with your hands - -Getting around HoloLens is a lot like using your smart phone. You can use your hands to manipulate holographic windows, menus, and buttons. Instead of pointing, clicking, or tapping, you'll use your gaze, your [voice](hololens-cortana.md), and gestures to select apps and holograms and to get around HoloLens. - -When you know these basic interactions, getting around on HoloLens will be a snap. - -We'll walk you through the basics the first time you use your HoloLens. You'll also find a gesture tutorial on your **Start** menu—look for the Learn Gestures app. - -### The hand-tracking frame - -HoloLens has sensors that can see a few feet to either side of you. When you use your hands, you'll need to keep them inside that frame, or HoloLens won't see them. As you move around, the frame moves with you. - -![Image that shows the HoloLens hand-tracking frame](./images/hololens-2-gesture-frame.png) - -### Open the Start menu with bloom - -To open the **Start** menu: - -1. Hold your hand in front of you so it's in the gesture frame. -1. Bloom: bring all of your fingers together then open your hand. - ![Animation that shows the bloom gesture](./images/hololens-bloom.gif) - -### Select holograms with gaze and air tap - -To select an app or other hologram, air tap it while looking directly at the hologram you're selecting. To do this, follow these steps: - -1. Gaze at the hologram you want to select. -1. Point your index finger straight up toward the ceiling. -1. Air tap: lower your finger, then quickly raise it. - ![Air-tap gesture animation](./images/hololens-air-tap.gif) - -### Select a hologram by using your voice - -1. The gaze cursor is a dot that you move around by moving your head. You can use it to target voice commands with precision. -1. Gaze at the hologram that you want to select. -1. To select the hologram, say "Select." - -## Holograms and apps - -Now it's time to put gestures to the test! - -You'll find your installed apps in the [Start menu](holographic-home.md) and there are more apps for HoloLens (1st gen) in the Microsoft Store. - -Open the **Start** menu and select an app! - -Using apps on HoloLens is a little different from on a PC: Some apps use a 2D view and look like other Windows applications. Other apps (immersive apps) use a 3D view and when you launch them, they become the only app you see. - -When you place an app window or app launcher, it will stay put until you remove it. You can move or resize these holograms in your mixed reality home at any time. - -## Move, resize, and rotate apps - -Moving and resizing apps on HoloLens works a bit differently than it does on a PC. Instead of dragging the app, you'll use your gaze, along with a [gesture](https://support.microsoft.com/help/12644/hololens-use-gestures) or the [clicker](hololens1-clicker.md). You can also rotate an app window in 3D space. - -> [!TIP] -> Rearrange apps using your voice - gaze at an app and say "Face me," "Bigger," or "Smaller." Or have Cortana move an app for you: say "Hey Cortana, move \**app name\** here." - -### Move an app - -Gaze at the app (at the title bar of an app window), and then do one of the following. - -- Tap and hold to select the app. Move your hand to position the app, and raise your finger to place it. -- Select **Adjust**, tap and hold, and move your hand to position the app. Raise your finger to place it, then select **Done**. -- Select **Adjust**, click and hold the clicker, and move your hand to position the app. Release the clicker, then select **Done**. - -> [!TIP] -> If you drop apps when you move them, make sure to keep your hand in the gesture frame by following it with your gaze. - -### Resize an app - -Gaze at the app, and then do one of the following. - -- Gaze at a corner or edge of an app window, and tap and hold. Move your hand to change the app's size, and raise your finger when you're done. -- Select **Adjust**. Gaze at one of the blue squares at the corners of the app, tap and hold, then move your hand to resize the app. Raise your finger to release it, then select **Done**. -- Select **Adjust**. Gaze at one of the blue squares at the corners of the app, click and hold the clicker, then move your hand to resize the app. Release the clicker, then select **Done**. - -> [!TIP] -> In Adjust mode, you can move or resize any hologram. - -### Rotate an app - -Gaze at the app, and tap and hold with both hands to select it. Rotate the app by keeping one hand steady and moving your other hand around it. When you're done, raise both index fingers. - -### Scroll content in an app window - -Gaze at the content of the app window. Tap and hold and then move your hand slightly upwards or downwards to scroll the content. - -## Meet the HoloLens (1st gen) Clicker - -The [HoloLens (1st Gen) clicker](hololens1-clicker.md) gives you another way to interact with holograms. [Pair it](hololens-connect-devices.md) with your HoloLens and then use it along with your gaze to select, scroll, and more. - -## Next steps - -Congratulations! you're ready to use HoloLens (1st gen). - -Now you can configure your HoloLens (1st gen) to meet your specific needs. - -[Connect bluetooth devices like mouse and keyboard](hololens-connect-devices.md) - -[Learn more about Voice and Cortana](hololens-cortana.md) - -### Help! I don't see my holograms - -If you don’t see holograms that you’ve placed while using HoloLens, here are some things to try: - -- Make sure that you’re looking in the right area—remember, holograms stay where you left them! -- Make sure that you're in a well-lit room without a lot of direct sunlight. -- Wait. When HoloLens has trouble recognizing your space, previously placed holograms can take up to a minute to reappear. -- If issue persists, you may want to clear out your Holograms storage data in **Settings** > **System** > **Holograms**, then place holograms in mixed reality home again. diff --git a/devices/hololens/hololens1-clicker.md b/devices/hololens/hololens1-clicker.md deleted file mode 100644 index 9da6a40ba5..0000000000 --- a/devices/hololens/hololens1-clicker.md +++ /dev/null @@ -1,97 +0,0 @@ ---- -title: Use the HoloLens clicker -description: This article outlines how to use the HoloLens clicker, including clicker pairing, charging, and recovery. -ms.assetid: 7d4a30fd-cf1d-4c9a-8eb1-1968ccecbe59 -ms.date: 09/16/2019 -manager: jarrettr -keywords: hololens -ms.prod: hololens -ms.sitesec: library -author: v-miegge -ms.author: v-miegge -ms.topic: article -ms.localizationpriority: high -appliesto: -- HoloLens (1st gen) ---- - -# Use the HoloLens (1st gen) clicker - -The clicker was designed specifically for HoloLens (1st gen) and gives you another way to interact with holograms. It comes with HoloLens (1st gen), in a separate box. - -Use it in place of hand gestures to select, scroll, move, and resize apps. - -## Clicker hardware and pairing - -The HoloLens (1st gen) clicker has a finger loop to make it easier to hold, and an indicator light. - -![The HoloLens Clicker](images/use-hololens-clicker-1.png) - -### Clicker indicator lights - -Here's what the lights on the clicker mean. - -- **Blinking white**. The clicker is in pairing mode. -- **Fast-blinking white**. Pairing was successful. -- **Solid white**. The clicker is charging. -- **Blinking amber**. The battery is low. -- **Solid amber**. The clicker ran into an error and you'll need to restart it. While pressing the pairing button, click and hold for 15 seconds. - -### Pair the clicker with your HoloLens (1st gen) - -1. Use the bloom gesture to go to **Start**, then select **Settings** > **Devices** and verify that Bluetooth is on. -1. On the clicker, press and hold the pairing button until the status light blinks white. -1. On the pairing screen, select **Clicker** > **Pair**. - -### Charge the clicker - -When the clicker battery is low, the battery indicator will blink amber. Plug the Micro USB cable into a USB power supply to charge the device. - -## Use the clicker with HoloLens (1st gen) - -### Hold the clicker - -To put on the clicker, slide the loop over your ring or middle finger so that the Micro USB port faces toward your wrist. Rest your thumb in the indentation. - -![How to hold the Clicker](images/use-hololens-clicker-2.png) - -### Clicker gestures - -Clicker gestures are small wrist rotations, not the larger movements used for HoloLens hand gestures. And HoloLens recognizes your gestures and clicks even if the clicker is outside the [gesture frame](hololens1-basic-usage.md), so you can hold the clicker in the position that's most comfortable for you​. - -- **Select**. To select a hologram, button, or other element, gaze at it, then click. - -- **Click and hold**. Click and hold your thumb down on the button to do some of the same things you would with tap and hold, such as move or resize a hologram. - -- **Scroll**. On the app bar, select **Scroll Tool**. Click and hold, then rotate the clicker up, down, left, or right. To scroll faster, move your hand farther from the center of the scroll tool. - -- **Zoom**. On the app bar, select **Zoom Tool**. Click and hold, then rotate the clicker up to zoom in, or down to zoom out. - -> [!TIP] -> To zoom in or out when using Microsoft Edge, gaze at a page and double-click. - -## Restart or recover the clicker - -Here are some things to try if the HoloLens clicker is unresponsive or isn’t working well. - -### Restart the clicker - -Use the tip of a pen to press and hold the pairing button. At the same time, click and hold the clicker for 15 seconds. If the clicker was already paired with your HoloLens, it will stay paired after it restarts. - -If the clicker won't turn on or restart, try charging it by using the HoloLens charger. If the battery is very low, it might take a few minutes for the white indicator light to turn on. - -### Re-pair the clicker - -Select **Settings** > **Devices** and select the clicker. Select **Remove**, wait a few seconds, then pair the clicker again. - -### Recover the clicker - -If restarting and re-pairing the clicker don’t fix the problem, the Windows Device Recovery Tool can help you recover it. The recovery process may take some time, and it will install the latest version of the clicker software. To use the tool, you’ll need a computer running Windows 10 or later that has at least 4 GB of free storage space. - -To recover the clicker: - -1. Download and install the [Windows Device Recovery Tool](https://dev.azure.com/ContentIdea/ContentIdea/_queries/query/8a004dbe-73f8-4a32-94bc-368fc2f2a895/) on your computer. -1. Connect the clicker to your computer by using the Micro USB cable that came with your HoloLens. -1. Run the Windows Device Recovery Tool and follow the instructions. - -If the clicker isn’t automatically detected, select **My device was not detected** and follow the instructions to put your device into recovery mode. diff --git a/devices/hololens/hololens1-fit-comfort-faq.md b/devices/hololens/hololens1-fit-comfort-faq.md deleted file mode 100644 index d76375918c..0000000000 --- a/devices/hololens/hololens1-fit-comfort-faq.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: HoloLens (1st gen) fit and comfort frequently asked questions -description: Answers to frequently asked questions about how to fit your HoloLens (1st gen). -ms.prod: hololens -ms.sitesec: library -author: Teresa-Motiv -ms.author: v-tea -ms.topic: article -ms.localizationpriority: high -ms.date: 10/09/2019 -ms.reviewer: jarrettr -audience: ITPro -manager: jarrettr -appliesto: -- HoloLens (1st gen) ---- - -# HoloLens (1st gen) fit and comfort frequently asked questions - -Here are some tips on how to stay comfortable and have the best experience using your HoloLens. - -For step-by-step instructions and a video about putting on and adjusting your device, see [Get your HoloLens (1st gen) ready to use](hololens1-setup.md). - -> [!NOTE] -> The fit and comfort tips in this topic are meant only as general guidance—they don't replace any laws or regulations, or your good judgment when using HoloLens. Stay safe, and have fun! - -Here are some tips on how to stay comfortable and have the best experience using your HoloLens. - -## I'm experiencing discomfort when I use my device. What should I do? - -If you experience discomfort, take a break until you feel better. Try sitting in a well-lit room and relaxing for a bit. The next time your use your HoloLens, try using it for a shorter period of time at first. - -For more information, see [Health and safety on HoloLens](https://go.microsoft.com/fwlink/p/?LinkId=746661). - -## I can't see the whole holographic frame, or my holograms are cut off - -To see the top edge of the holographic frame, move the device so it sits higher on your head, or angle the headband up slightly in front. To see the bottom edge, move the device to sit lower on your head, or angle the headband down slightly in front. If the left or right edge of the view frame isn't visible, make sure the HoloLens visor is centered on your forehead. - -## I need to look up or down to see holograms - -Try adjusting the position of your device visor so the holographic frame matches your natural gaze. Here's how: - -- **If you need to look up to see holograms**. First, shift the back of the headband a bit higher on your head. Then use one hand to hold the headband in place and the other to gently rotate the visor so you have a good view of the holographic frame. -- **If you need to look down to see holograms**. First, shift the back of the headband a bit lower on your head. Then place your thumbs under the device arms and your index fingers on top of the headband, and gently squeeze with your thumbs to rotate the visor so you have a good view of the holographic frame. - -## The device slides down when I'm using it, or I need to make the headband too tight to keep it secure - -The overhead strap can help keep your HoloLens secure on your head, particularly if you're moving around a lot. The strap may also let you loosen the headband a bit. [Learn how to use it](hololens1-setup.md#adjust-fit). - -You can also experiment with the positioning of the headband—depending on your head size and shape, you may need to slide it up or down to reposition it on your forehead. - -## My HoloLens feels heavy on my nose - -If your HoloLens is adjusted correctly, the nose pad should rest lightly on your nose. If it feels heavy on your nose, try rotating the visor up or adjusting the angle of the headband. You can also slide the device visor out—grasp the device arms just behind the visor and pull forward gently. - -## How can I adjust HoloLens to fit with my glasses? - -The device visor can slide in and out to accommodate eyewear. Grasp the device arms just behind the visor and pull forward gently to adjust it. - -## My arm gets tired when I use gestures. What can I do? - -When using gestures, there's no need to extend your arm out far from your body. Keep it closer to your side, where it's more comfortable and will get less tired. [Learn more about gestures](hololens1-basic-usage.md#use-hololens-with-your-hands). - -And be sure to try out [voice commands](hololens-cortana.md) and the [HoloLens clicker](hololens1-clicker.md). diff --git a/devices/hololens/hololens1-hardware.md b/devices/hololens/hololens1-hardware.md deleted file mode 100644 index 285f44dd6a..0000000000 --- a/devices/hololens/hololens1-hardware.md +++ /dev/null @@ -1,166 +0,0 @@ ---- -title: HoloLens (1st gen) hardware -description: An outline of the components that make up Microsoft HoloLens (1st gen), the world's first fully untethered holographic computer running Windows. -ms.assetid: 527d494e-2ab6-46ca-bd5a-bfc6b43cc833 -ms.date: 09/16/2019 -keywords: hololens -ms.prod: hololens -ms.sitesec: library -author: mattzmsft -ms.author: mazeller -ms.topic: article -manager: jarrettr -ms.localizationpriority: medium -appliesto: -- HoloLens (1st gen) ---- - -# HoloLens (1st gen) hardware - -![Microsoft HoloLens (1st gen)](images/see-through-400px.jpg) - -Microsoft HoloLens (1st gen) is the world's first fully untethered holographic computer. HoloLens redefines personal computing through holographic experiences to empower you in new ways. HoloLens blends cutting-edge optics and sensors to deliver 3D holograms pinned to the real world around you. - -## HoloLens components - -![Image that shows the contents of the box](images/hololens-box-contents.png) - -Your HoloLens includes the following features: - -- **Visor**. Contains the HoloLens sensors and displays. You can rotate the visor up while you are wearing the HoloLens. -- **Headband**. To put the HoloLens on, use the adjustment wheel to expand the headband. With the HoloLens in place, tighten the adjustment wheel until the headband is comfortable. -- **Brightness buttons**. When you're wearing the HoloLens, the brightness buttons are on the left side of the device. -- **Volume buttons**. When you're wearing the HoloLens, the volume buttons are on the right side of the device. -- **Device arms**. When you pick up, put on, or take off your HoloLens, always grasp or hold it by the device arms. - -## In the box - -> [!VIDEO https://www.microsoft.com/videoplayer/embed/c7ceb904-9d5f-4194-9e10-e8a949dbad7d] - -The HoloLens box contains the following items: - -- **Nose pads**. Select a nose pad that fits the shape of your nose and accommodates your eyewear. -- **Overhead strap**. When you're wearing the HoloLens while you move around, use the overhead strap to help keep the device in place. Additionally, if you're wearing the HoloLens for extended periods, using the overhead strap may make the device more comfortable to wear. -- **Micro USB cable**. Use the micro-USB cable to connect your HoloLens to the power supply for charging, or use it to connect your HoloLens to your computer. -- **Power supply**. Plugs into a power outlet. -- **Microfiber cloth**. Use the cloth to clean your HoloLens visor. - ->[!TIP] ->The [clicker](hololens1-clicker.md) ships with HoloLens (1st Gen), in a separate box. - -### Power Supply details - -The power supply and the USB cable that come with the device are the best supported mechanism for charging. The power supply is an 18W charger. It supplies 9V at 2A. - -Charging rate and speed may vary depending on the environment in which the device is running. - -In order to maintain/advance Internal Battery Charge Percentage while the device is on, it must be connected minimum to a 15W charger. - -## Device specifications - -### Display - -![HoloLens has see-through holographic lenses](images/displays-400px.jpg) - -| | | -| - | - | -| Optics | See-through holographic lenses (waveguides) | -| Holographic resolution | 2 HD 16:9 light engines producing 2.3M total light points | -| Holographic density | \>2.5k radiants (light points per radian) | -| Eye-based rendering | Automatic pupillary distance calibration | - -### Sensors - -![HoloLens has sensors for understanding its environment and user actions](images/sensor-bar-400px.jpg) - -- 1 inertial measurement unit (IMU) -- 4 environment understanding cameras -- 1 depth camera -- 1 2MP photo / HD video camera -- Mixed reality capture -- 4 microphones -- 1 ambient light sensor - -### Input, output, and connectivity - -- Built-in speakers -- Audio 3.5mm jack -- Volume up/down -- Brightness up/down -- Power button -- Battery status LEDs -- Wi-Fi 802.11ac -- Micro USB 2.0 -- Bluetooth 4.1 LE - -### Power - -- Battery Life -- 2-3 hours of active use -- Up to 2 weeks of standby time -- Fully functional when charging -- Passively cooled (no fans) - -### Processors - -![The motherboard for Microsoft HoloLens](images/motherboard-400px.jpg) - -- Intel 32-bit architecture with TPM 2.0 support -- Custom-built Microsoft Holographic Processing Unit (HPU 1.0) - -### Memory - -- 64 GB Flash -- 2 GB RAM - -### Fit - -| | | -| - | - | -| Sizing | Single size with adjustable band. Fits over glasses | -| Weight | 579 grams | - -## Device capabilities - -Using the following to understand user actions: - -- Gaze tracking -- Gesture input -- Voice support - -Using the following to understand the environment: - -- Spatial sound - -## Pre-installed software - -- Windows 10 -- Windows Store -- Holograms -- Microsoft Edge -- Photos -- Settings -- Windows Feedback -- Calibration -- Learn Gestures - -## Device certifications - -### Safety - -HoloLens has been tested and found to conform to the basic impact protection requirements of ANSI Z87.1, CSA Z94.3 and EN 166. - -## Care and cleaning - -Handle your HoloLens carefully. To lift, carry, and adjust your HoloLens, use the device arms—not the overhead strap. To keep the visor free of dust and fingerprints and avoid touching it. Repeated cleaning could damage the visor, so try to keep your device clean. - -Don't use any cleaners or solvents on your HoloLens, and don't submerge it in water or apply water directly to it. - -To clean the visor, remove any dust using a camel or goat hair lens brush or a bulb-style lens blower. Lightly moisten the microfiber cloth with a small amount of distilled water, then use it to wipe the visor gently in a circular motion. - -To clean the rest of the device, including the headband and device arms, use a lint-free cloth moistened with mild soap and water. Let your HoloLens dry completely before using it again. - -![Image that shows how to clean the visor](images/hololens-cleaning-visor.png) - -> [!div class="nextstepaction"] -> [Set up and start your HoloLens (1st gen)](hololens1-setup.md) diff --git a/devices/hololens/hololens1-install-localized.md b/devices/hololens/hololens1-install-localized.md deleted file mode 100644 index 52e4862bbe..0000000000 --- a/devices/hololens/hololens1-install-localized.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -title: Install localized versions of HoloLens -description: Learn how to install the Chinese or Japanese versions of HoloLens -ms.prod: hololens -ms.mktglfcycl: manage -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.localizationpriority: high -ms.date: 9/16/2019 -ms.reviewer: -manager: jarrettr -appliesto: -- HoloLens (1st gen) ---- - -# Install localized versions of HoloLens (1st gen) - -In order to switch to the Chinese or Japanese version of HoloLens, you’ll need to use the Windows Device Recovery Tool (WDRT) to download the build for the language on a PC and then install it on your HoloLens. - -> [!IMPORTANT] -> Using WDRT to install the Chinese or Japanese builds of HoloLens deletes existing data, such as personal files and settings, from your HoloLens. - -1. On your PC, download and install [the Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379). -1. Download the package for the language you want to your PC: [Simplified Chinese](https://aka.ms/hololensdownload-ch) or [Japanese](https://aka.ms/hololensdownload-jp). -1. When the download finishes, select **File Explorer** > **Downloads**. Right-click the zipped folder that you just downloaded, and select **Extract all** > **Extract** to unzip it. -1. Connect your HoloLens to your PC using the micro-USB cable that it shipped with. (Even if you've been using other cables to connect your HoloLens, this one works best.) -1. After the tool automatically detects your HoloLens, select the Microsoft HoloLens tile. -1. On the next screen, select **Manual package selection** and select the installation file that resides in the folder that you unzipped in step 4. (Look for a file that has the extension “.ffu”.) -1. Select **Install software** and follow the instructions. -1. After the build installs, HoloLens setup automatically starts. Put on the device and follow the setup directions. - -When you’re done with setup, go to **Settings** > **Update & Security** > **Windows Insider Program**, and check that you’re configured to receive the latest preview builds. Like the English preview builds, the Windows Insider Program keeps the Chinese and Japanese versions of HoloLens up-to-date with the latest preview builds. - -> [!NOTE] -> -> - You can’t use the Settings app to change the system language between English, Japanese, and Chinese. Flashing a new build is the only supported way to change the device system language. -> - While you can use the on-screen Pinyin keyboard to enter Simplified Chinese or Japanese text, using a Bluetooth hardware keyboard to type Simplified Chinese or Japanese text is not supported at this time. However, on Chinese or Japanese HoloLens, you can continue to use a Bluetooth keyboard to type in English (to toggle a hardware keyboard to type in English, press the ~ key). diff --git a/devices/hololens/hololens1-recovery.md b/devices/hololens/hololens1-recovery.md deleted file mode 100644 index dafeebe18e..0000000000 --- a/devices/hololens/hololens1-recovery.md +++ /dev/null @@ -1,127 +0,0 @@ ---- -title: Restart, reset, or recover HoloLens 1 -ms.reviewer: Both basic and advanced instructions for rebooting or resetting your HoloLens. -description: How to use Windows Device Recovery Tool to flash an image to HoloLens 1st Gen. -keywords: how-to, reboot, reset, recover, hard reset, soft reset, power cycle, HoloLens, shut down, wdrt, windows device recovery tool -ms.prod: hololens -ms.sitesec: library -author: evmill -ms.author: v-evmill -ms.date: 06/01/2020 -ms.custom: -- CI 111456 -- CSSTroubleshooting -ms.topic: article -ms.localizationpriority: high -manager: yannisle -appliesto: -- HoloLens (1st gen) ---- - -# Restart, reset, or recover HoloLens 1st Gen - -If you're experiencing problems with your HoloLens you may want to try a restart, reset, or even re-flash with device recovery. - -Here are some things to try if your HoloLens isn't running well. This article will guide you through the recommended recovery steps in succession. - -If you are looking to recover a HoloLens 2, please view the page for [Recovering a HoloLens 2](https://docs.microsoft.com/hololens/hololens-recovery), as there are differences in the processes. - -This article focuses on the HoloLens device and software, if your holograms don't look right, [this article](hololens-environment-considerations.md) talks about environmental factors that improve hologram quality. - -## Restart - -### Perform a safe restart by using Cortana - -The safest way to restart the HoloLens is by using Cortana. This is generally an easy first-step when experiencing an issue with HoloLens. - -> [!NOTE] -> Cortana is not avalible on all devices. -> Cortana is avalible to all HoloLens (1st Gen) devices. -> Cortana is avalible on HoloLens 2 devices on a build prior to the Windows Holograpic, Version 2004 update. - -1. Put on your device -1. Make sure it's powered on, a user is logged in, and the device is not waiting for a password to unlock it. -1. Say "Hey Cortana, reboot" or "Hey Cortana, restart." -1. When she acknowledges she will ask you for confirmation. Wait a second for a sound to play after she has finished her question, indicating she is listening to you and then say "Yes." -1. The device will now restart. - -### Perform a safe restart by using the power button - -If you still can't restart your device, you can try to restart it by using the power button: - -1. Press and hold the power button for five seconds. - 1. After one second, you will see all five LEDs illuminate, then slowly turn off from right to left. - 1. After five seconds, all LEDs will be off, indicating the shutdown command was issued successfully. - 1. Note that it's important to stop pressing the button immediately after all the LEDs have turned off. -1. Wait one minute for the shutdown to cleanly succeed. Note that the shutdown may still be in progress even if the displays are turned off. -1. Power on the device again by pressing and holding the power button for one second. - -### Perform a safe restart by using Windows Device Portal - -> [!NOTE] -> To do this, HoloLens has to be configured as a developer device. -> Read more about [Windows Device Portal](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal). - -If the previous procedure doesn't work, you can try to restart the device by using [Windows Device Portal](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal). In the upper right corner, there is an option to restart or shut down the device. - -### Perform an unsafe forced restart - -If none of the previous methods are able to successfully restart your device, you can force a restart. This method is equivalent to pulling the battery from the HoloLens. It is a dangerous operation which may leave your device in a corrupt state. If that happens, you'll have to flash your HoloLens. - -> [!WARNING] -> This is a potentially harmful method and should only be used in the event none of the above methods work. - -1. Press and hold the power button for at least 10 seconds. - - It's okay to hold the button for longer than 10 seconds. - - It's safe to ignore any LED activity. -1. Release the button and wait for two or three seconds. -1. Power on the device again by pressing and holding the power button for one second. -If you're still having problems, press the power button for 4 seconds, until all of the battery indicators fade out and the screen stops displaying holograms. Wait 1 minute, then press the power button again to turn on the device. - -## Reset to factory settings - -> [!NOTE] -> The battery needs at least 40 percent charge to reset. - -If your HoloLens is still experiencing issues after restarting, try resetting it to factory state. Resetting your HoloLens keeps the version of the Windows Holographic software that's installed on it and returns everything else to factory settings. - -If you reset your device, all your personal data, apps, and settings will be erased, including TPM reset. Resetting will only install the latest installed version of Windows Holographic and you will have to redo all the initialization steps (calibrate, connect to Wi-Fi, create a user account, download apps, and so forth). - -1. Launch the Settings app, and then select **Update** > **Reset**. -1. Select the **Reset device** option and read the confirmation message. -1. If you agree to reset your device, the device will restart and display a set of spinning gears with a progress bar. -1. Wait about 30 minutes for this process to complete. -1. The reset will complete and the device will restart into the out-of-the-box experience. - -## Re-install the operating system - -If the device is still having a problem after rebooting and resetting, you can use a recovery tool on your computer to reinstall the HoloLens' operating system and firmware. - -All of the data HoloLens needs to reset is packaged in a Full Flash Update (ffu). This is similar to an iso, wim, or vhd. [Learn about FFU image file formats.](https://docs.microsoft.com/windows-hardware/manufacture/desktop/wim-vs-ffu-image-file-formats) - -If necessary, you can install a completely new operating system on your HoloLens (1st gen) with the Windows Device Recovery Tool. - -Before you use this tool, determine if restarting or resetting your HoloLens fixes the problem. The recovery process may take some time. When you're done, the latest version of the Windows Holographic software approved for your HoloLens will be installed. - -To use the tool, you'll need a computer running Windows 10 or later, with at least 4 GB of free storage space. Please note that you can't run this tool on a virtual machine. - -### Recover your HoloLens: - -1. Download and install the [Windows Device Recovery Tool](https://support.microsoft.com/help/12379/windows-10-mobile-device-recovery-tool-faq) on your computer. -1. Connect the HoloLens (1st gen) to your computer using the Micro USB cable that came with your HoloLens. -1. Run the Windows Device Recovery Tool and follow the instructions. - -If the HoloLens (1st gen) isn't automatically detected, select **My device was not detected** and follow the instructions to put your device into recovery mode. - -### Manual Flashing Mode: - -In the event that your device is not being detected please use the following method to manually place it into flashing mode. - -1. Unplug the device from all power sources. -1. If the device is on please hold down the power button until it is completely off. -1. Hold the **Volume Up** button, and breifly tap the **Power button**. -1. The device should boot and then display only the middle LED light. -1. Plug the device into your PC. -1. Launch Windows Device Recovery Tool. -1. You will need to select *My device was not detected**, and then select **HoloLens**. -1. Follow the instructions to recover your device. diff --git a/devices/hololens/hololens1-release-notes.md b/devices/hololens/hololens1-release-notes.md deleted file mode 100644 index 4002d4b7ea..0000000000 --- a/devices/hololens/hololens1-release-notes.md +++ /dev/null @@ -1,84 +0,0 @@ ---- -title: HoloLens 1st (Gen) release notes -description: Learn about updates in each new HoloLens release. -author: evmill -ms.author: v-evmill -manager: yannisle -ms.prod: hololens -ms.sitesec: library -ms.topic: article -ms.localizationpriority: medium -ms.date: 05/12/2020 -ms.custom: -- CI 111456 -- CSSTroubleshooting -audience: ITPro -appliesto: -- HoloLens 1 - ---- - -# HoloLens 1st (Gen) release notes - -### Windows 10 Holographic, version 1809 - -> **Applies to:** Hololens (1st gen) - -| Feature | Details | -|---|---| -| **Quick actions menu** | When you're in an app, the Bloom gesture will now open a Quick actions menu to give you quick access to commonly used system features without having to leave the app.
See [Set up HoloLens in kiosk mode](hololens-kiosk.md) for information about the Quick actions menu in kiosk mode.

| -| **Stop video capture from the Start or quick actions menu** | If you start video capture from the Start menu or quick actions menu, you'll be able to stop recording from the same place. (Don't forget, you can always do this with voice commands too.) | -| **Project to a Miracast-enabled device** | Project your HoloLens content to a nearby Surface device or TV/Monitor if using Microsoft Display adapter. On **Start**, select **Connect**, and then select the device you want to project to. **Note:** You can deploy HoloLens to use Miracast projection without enabling developer mode. | -| **New notifications** | View and respond to notification toasts on HoloLens, just like you do on a PC. Gaze to respond to or dismiss them (or if you're in an immersive experience, use the bloom gesture). | -| **HoloLens overlays**
(file picker, keyboard, dialogs, etc.) | You'll now see overlays such as the keyboard, dialogs, file picker, etc. when using immersive apps. | -| **Visual feedback overlay UI for volume change** | When you use the volume up/down buttons on your HoloLens you'll see a visual display of the volume level. | -| **New UI for device boot** | A loading indicator was added during the boot process to provide visual feedback that the system is loading. Reboot your device to see the new loading indicator—it's between the "Hello" message and the Windows boot logo. | -| **Nearby sharing** | Addition of the Windows Nearby Sharing experience, allowing you to share a capture with a nearby Windows device. When you capture a photo or video on HoloLens (or use the share button from an app such as Microsoft Edge), select a nearby Windows device to share with. | -| **Share from Microsoft Edge** | Share button is now available on Microsoft Edge windows on HoloLens. In Microsoft Edge, select **Share**. Use the HoloLens share picker to share web content. | - -#### For international customers - -| Feature | Details | -| --- | --- | -| Localized Chinese and Japanese builds | Use HoloLens with localized user interface for Simplified Chinese or Japanese, including localized Pinyin keyboard, dictation, and voice commands.
[Learn how to install the Chinese and Japanese versions of HoloLens.](hololens1-install-localized.md) | -| Speech Synthesis (TTS) | Speech synthesis feature now supports Chinese, Japanese, and English. | - -#### For administrators - -| Feature | Details | -|---|----| -| [Enable post-setup provisioning](hololens-provisioning.md) | You can now apply a runtime provisioning package at any time using **Settings**. | -| Assigned access with Azure AD groups | You can now use Azure AD groups for configuration of Windows assigned access to set up single or multi-app kiosk configuration. | -| PIN sign-in on profile switch from sign-in screen | PIN sign-in is now available for **Other User**. | -| Sign in with Web Credential Provider using password | You can now select the Globe sign-in option to launch web sign-in with your password. From the sign-in screen, select **Sign-In options** and select the Globe option to launch web sign-in. Enter your user name if needed, then your password.
**Note:** You can choose to bypass any PIN/Smartcard options when prompted during web sign-in. | -| Read device hardware info through MDM so devices can be tracked by serial number | IT administrators can see and track HoloLens by device serial number in their MDM console. Refer to your MDM documentation for feature availability and instructions. | -| Set HoloLens device name through MDM (rename) | IT administrators can see and rename HoloLens devices in their MDM console. Refer to your MDM documentation for feature availability and instructions. | - -### Windows 10, version 1803 for Microsoft HoloLens - -> **Applies to:** Hololens (1st gen) - -Windows 10, version 1803, is the first feature update to Windows Holographic for Business since its release in Windows 10, version 1607. This update introduces the following changes: - -- Previously, you could only verify that upgrade license for Commercial Suite had been applied to your HoloLens device by checking to see if VPN was an available option on the device. Now, **Settings** > **System** will display **Windows Holographic for Business** after the upgrade license is applied. [Learn how to unlock Windows Holographic for Business features](hololens1-upgrade-enterprise.md). - -- You can view the operating system build number in device properties in the File Explorer app and in the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379/windows-10-mobile-device-recovery-tool-faq). -- Provisioning a HoloLens device is now easier with the new **Provision HoloLens devices** wizard in the Windows Configuration Designer tool. In the wizard, you can configure the setup experience and network connections, set developer mode, and obtain bulk Azure AD tokens. [Learn how to use the simple provisioning wizard for HoloLens](hololens-provisioning.md#provisioning-package-hololens-wizard). - -- When you create a local account in a provisioning package, the password no longer expires every 42 days. - -- You can [configure HoloLens as a single-app or multi-app kiosk](hololens-kiosk.md). Multi-app kiosk mode lets you set up a HoloLens to only run the apps that you specify, and prevents users from making changes. - -- Media Transfer Protocol (MTP) is enabled so that you can connect the HoloLens device to a PC by USB and transfer files between HoloLens and the PC. You can also use the File Explorer app to move and delete files from within HoloLens. - -- Previously, after you signed in to the device with an Azure Active Directory (Azure AD) account, you then had to **Add work access** in **Settings** to get access to corporate resources. Now, you sign in with an Azure AD account and enrollment happens automatically. - -- Before you sign in, you can choose the network icon below the password field to choose a different Wi-Fi network to connect to. You can also connect to a guest network, such as at a hotel, conference center, or business. - -- You can now easily [share HoloLens with multiple people](hololens-multiple-users.md) using Azure AD accounts. - -- When setup or sign-in fails, choose the new **Collect info** option to get diagnostic logs for troubleshooting. - -- Individual users can sync their corporate email without enrolling their device in mobile device management (MDM). You can use the device with a Microsoft Account, download and install the Mail app, and add an email account directly. - -- You can check the MDM sync status for a device in **Settings** > **Accounts** > **Access Work or School** > **Info**. In the **Device sync status** section, you can start a sync, see areas managed by MDM, and create and export an advanced diagnostics report. diff --git a/devices/hololens/hololens1-setup.md b/devices/hololens/hololens1-setup.md deleted file mode 100644 index cbbc2315b7..0000000000 --- a/devices/hololens/hololens1-setup.md +++ /dev/null @@ -1,106 +0,0 @@ ---- -title: Prepare a new HoloLens -description: This guide walks through first time set up. -ms.prod: hololens -ms.sitesec: library -author: JesseMcCulloch -ms.author: jemccull -ms.topic: article -ms.localizationpriority: high -ms.date: 8/12/2019 -ms.reviewer: -manager: jarrettr -appliesto: -- Hololens (1st gen) ---- - -# Get your HoloLens (1st gen) ready to use - -Follow along to set up a HoloLens (1st gen) for the first time. - -## Charge your HoloLens (1st gen) - -To charge your HoloLens, connect the power supply to the charging port by using the included Micro USB cable. Then plug the power supply into a power outlet. When the device is charging, the battery indicator will light up in a wave pattern. - -![Image that shows how to attach the Micro USB cable to the HoloLens](./images/hololens-charging.png) - -When your HoloLens is on, the battery indicator shows the battery level in increments. When only one of the five lights is on, the battery level is below 20 percent. If the battery level is critically low and you try to turn on the device, one light will blink briefly, then go out. - -> [!TIP] -> To get an estimate of your current battery level, say "Hey Cortana, how much battery do I have left?" - -The power supply and USB cable that come with the device are the best way to charge your HoloLens (1st gen). The power supply provides 18W of power (9V 2A). - -Charging rate and speed may vary depending on the environment in which the device is running. - -## Adjust fit - -> [!VIDEO https://www.microsoft.com/videoplayer/embed/be3cb527-f2f1-4f85-b4f7-a34fbaba980d] - -| | | -|:--- |:--- | -|1. Rotate the headband up to about 20-30 degrees.|![Step one, rotate the headband](./images/FitGuideStep1.png)| -|2. Push the headband back. Do not pull it back, or manipulate the band behind the hinge, because over time this can break the band.|![Step two, push the headband back](./images/FitGuideStep2.png)| -|3. Turn the adjustment wheel to extend the headband all the way out. |![Step three, use the adjustment wheel to extend the headband](./images/FitGuideStep3.png)| -|4. Hold the device by the device arms, and place it on your head. Make sure that the headband sits at the top of your forehead, and then tighten the adjustment wheel.|![Step four, put on the device and adjust the headband](./images/FitGuideStep4.png)| -|5. Slide the visor back, and then check the fit of the device. The headband should sit at the top of the forehead, just below your hairline, with the speakers above your ears. The lenses should be centered over your eyes.|![Step five, slide the visor back and check the fit](./images/FitGuideSetep5.png)| - -## Turn on your HoloLens - -Use the power button to turn HoloLens on and off or to put it in standby mode. - -![Image that shows the HoloLens power button](./images/hololens-power.png) - -If your device doesn't respond or won't start, see [Restart, reset, or recover HoloLens](hololens-restart-recover.md). - -When your HoloLens is off or in standby, turn it on by pressing the power button for one second. If it doesn't turn on, plug it in and charge it for at least 30 minutes. - -> [!TIP] -> To restart HoloLens, say "Hey Cortana, reboot the device." - -### Put HoloLens in standby - -To put your HoloLens in standby while it's turned on, press the power button once. The battery indicators blink off. To wake it from standby, press the power button again. - -HoloLens automatically goes into standby after 3 minutes of inactivity. When it's in standby, it automatically shuts down after 4 hours, or after the battery level drops by 10 percent. - -### Shut down HoloLens - -To shut down (turn off) HoloLens, hold the power button down for four seconds. The battery indicators turn off one by one and the device shuts down. - -HoloLens automatically shuts down when the battery level drops to one percent, even if it's plugged in. After you've recharged the battery to three percent, you'll be able to turn HoloLens on again. - -## Adjust volume and brightness - -The brightness and volume buttons are on top of the device arms—volume to your right and brightness to your left. - -![Image that shows the HoloLens buttons](./images/hololens-buttons.jpg) - -## HoloLens indicator lights - -![Image that shows the HoloLens indicator lights](./images/hololens-lights.png) - -Not sure what the indicator lights on your HoloLens mean? Here's some help. - -|When the lights do this |It means | -| - | - | -|Scroll from the center outward. |HoloLens is starting up. | -|Stay lit (all or some). |HoloLens is on and ready to use. Battery life is shown in 20 percent increments. | -|Scroll, then light up, then scroll. |HoloLens is on and charging. Battery life is shown in 20 percent increments. | -|Turn off one by one. |HoloLens is shutting down. | -|Turn off all at once. |HoloLens is going into standby. | -|All light up, then one blinks briefly, then all turn off. |Battery is critically low. HoloLens needs to charge. | -|All scroll, then one blinks, then all scroll. |Battery is critically low. HoloLens is charging. | - -## Safety and comfort - -### Use in safe surroundings - -Use your HoloLens in a safe space that’s free of obstructions and tripping hazards. Don’t use it when you need a clear field of view and your full attention, such as while you’re operating a vehicle or doing other potentially hazardous activities. - -### Stay comfortable - -Keep your first few sessions with HoloLens brief and be sure to take breaks. If you experience discomfort, stop and rest until you feel better. This might include temporary feelings of nausea, motion sickness, dizziness, disorientation, headache, fatigue, eye strain, or dry eyes. - -> [!div class="nextstepaction"] -> [Start and configure your HoloLens (1st gen)](hololens1-start.md) diff --git a/devices/hololens/hololens1-start.md b/devices/hololens/hololens1-start.md deleted file mode 100644 index 8cb970020a..0000000000 --- a/devices/hololens/hololens1-start.md +++ /dev/null @@ -1,75 +0,0 @@ ---- -title: Set up HoloLens (1st gen) -description: This guide walks through first time set up. You'll need a Wi-Fi network and either a Microsoft (MSA) or Azure Active Directory (Azure AD) account. -ms.assetid: 0136188e-1305-43be-906e-151d70292e87 -ms.prod: hololens -author: Teresa-Motiv -ms.author: v-tea -ms.topic: article -ms.date: 8/12/2019 -manager: jarrettr -ms.topic: article -ms.localizationpriority: high -appliesto: -- HoloLens (1st gen) ---- - -# Set up your HoloLens (1st gen) - -The first time you turn on your HoloLens, you'll be guided through calibrating your device, setting up your device, and signing in. This article walks through the HoloLens (1st gen) first start and setup experience. - -In the next section, you'll learn how to work with HoloLens and interact with holograms. To skip ahead to that article, see [Get started with HoloLens (1st gen)](hololens1-basic-usage.md). - -## Before you start - -Before you get started, make sure you have the following available: - -**A Wi-Fi connection**. You'll need to connect your HoloLens to a Wi-Fi network to set it up. The first time you connect, you'll need an open or password-protected network that doesn't require navigating to a website or using certificates to connect. [Learn more about the websites that HoloLens uses](hololens-offline.md). - -**A Microsoft account or a work account**. You'll also need to use a Microsoft account (or a work account, if your organization owns the device) to sign in to HoloLens. If you don't have a Microsoft account, go to [account.microsoft.com](https://account.microsoft.com) and set one up for free. - -**A safe, well-lit space with no tripping hazards**. [Health and safety info](https://go.microsoft.com/fwlink/p/?LinkId=746661). - -**The optional comfort accessories** that came with your HoloLens, to help you get the most comfortable fit. [More on fit and comfort](https://support.microsoft.com/help/12632/hololens-fit-your-hololens). - -> [!NOTE] -> -> - The first time that you use your HoloLens, [Cortana](hololens-cortana.md) is already on and ready to guide you (though she won't be able to respond to your questions until after you set up your device). You can turn Cortana off at any time in Cortana's settings. -> - In order to switch to the Chinese or Japanese version of HoloLens, you’ll need to download the build for the language on a PC and then install it on your HoloLens. For more information, see [Install localized versions of HoloLens (1st gen)](hololens1-install-localized.md). - -## Start your Hololens and set up Windows - -The first time you start your HoloLens, your first task is to set up Windows Holographic on your device. - -1. Connect to the internet (HoloLens guides you to select Wi-Fi network). - -1. Sign in to your user account. Choose between **My work or school owns it** and **I own it**. - - When you choose **My work or school owns it**, you sign in by using an Azure AD account. If your organization uses Azure AD Premium and has configured automatic MDM enrollment, HoloLens automatically enrolls in MDM. If your organization does not use Azure AD Premium, automatic MDM enrollment isn't available, so you will need to [manually enroll HoloLens in device management](hololens-enroll-mdm.md#enroll-through-settings-app). To sign in to your device the first time by using a work or school account, follow these steps: - 1. Enter your organizational account information. - 1. Accept the privacy statement. - 1. Sign in by using your Azure AD credentials. This may redirect to your organization's sign-in page. - 1. Continue setting up the device. - - When you choose **I own it**, you sign in by using a Microsoft account. After setup is complete, you can [manually enroll HoloLens in device management](hololens-enroll-mdm.md#enroll-through-settings-app). - 1. Enter your Microsoft account information. - 1. Enter your password. If your Microsoft account requires [two-step verification (2FA)](https://blogs.technet.microsoft.com/microsoft_blog/2013/04/17/microsoft-account-gets-more-secure/), complete the verification process. - -1. The device sets your time zone based on information that it obtains from the Wi-Fi network. - -## Calibration - -After Cortana introduces herself, the next setup step is calibration. For the best HoloLens experience, you should complete the calibration process during setup. - -HoloLens (1st gen) uses the distance between your pupils (IPD or [interpupillary distance](https://en.wikipedia.org/wiki/Interpupillary_distance)) to make holograms clear and easy to interact with. If the IPD is not correct, holograms may appear to be unstable or at an incorrect distance. - -During calibration, HoloLens asks you to align your finger with a series of six targets per eye. HoloLens uses this process to set the correct IPD for your eyes. If the calibration needs to be updated or adjusted for a new user, the new user can run the Calibration app outside of setup. - -![IPD finger-alignment screen at second step](./images/ipd-finger-alignment-300px.jpg) - -*IPD finger-alignment screen at second step* - -Congratulations! Setup is complete and you can begin using HoloLens. - -## Next steps - -> [!div class="nextstepaction"] -> [Get started with HoloLens (1st gen)](hololens1-basic-usage.md) diff --git a/devices/hololens/hololens1-upgrade-enterprise.md b/devices/hololens/hololens1-upgrade-enterprise.md deleted file mode 100644 index 6a2e45d571..0000000000 --- a/devices/hololens/hololens1-upgrade-enterprise.md +++ /dev/null @@ -1,94 +0,0 @@ ---- -title: Unlock Windows Holographic for Business features -description: When you upgrade to Windows Holographic for Business, HoloLens provides extra features that are designed for business. -ms.prod: hololens -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.localizationpriority: medium -ms.date: 9/16/2019 -ms.reviewer: -manager: jarrettr -appliesto: -- HoloLens (1st gen) ---- - -# Unlock Windows Holographic for Business features - -> [!IMPORTANT] -> This page only applies to HoloLens 1st Gen. - -Microsoft HoloLens is available in the *Development Edition*, which runs Windows Holographic (an edition of Windows 10 that is designed for HoloLens), and in the [Commercial Suite](hololens-commercial-features.md), which provides extra features designed for business. - -When you purchase the Commercial Suite, you receive a license that upgrades Windows Holographic to Windows Holographic for Business. You can apply this license to the device either by using the organization's [mobile device management (MDM) provider](#edition-upgrade-by-using-mdm) or a [provisioning package](#edition-upgrade-by-using-a-provisioning-package). - -> [!TIP] -> In Windows 10, version 1803, you can check that the HoloLens has been upgraded to the business edition by selecting **Settings** > **System**. - -## Edition upgrade by using MDM - -The enterprise license can be applied by any MDM provider that supports the [WindowsLicensing configuration service provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/dn904983.aspx). The latest version of the Microsoft MDM API will support WindowsLicensing CSP. - -For step-by-step instructions for upgrading HoloLens by using Microsoft Intune, see [Upgrade devices running Windows Holographic to Windows Holographic for Business](https://docs.microsoft.com/intune/holographic-upgrade). - - On other MDM providers, the specific steps for setting up and deploying the policy might vary. - -## Edition upgrade by using a provisioning package - -Provisioning packages are files created by the Windows Configuration Designer tool that apply a specified configuration to a device. - -### Create a provisioning package that upgrades the Windows Holographic edition - -1. [Create a provisioning package for HoloLens.](hololens-provisioning.md) -1. Go to **Runtime settings** > **EditionUpgrade**, and select **EditionUpgradeWithLicense**. - - ![Upgrade edition with license setting selected](images/icd1.png) - -1. Find the XML license file that was provided when you purchased the Commercial Suite. - - > [!NOTE] - > You can configure [additional settings in the provisioning package](hololens-provisioning.md). - -1. On the **File** menu, select **Save**. - -1. Read the warning that project files may contain sensitive information and click **OK**. - - > [!IMPORTANT] - > When you build a provisioning package, you may include sensitive information in the project files and provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when no longer needed. - -1. On the **Export** menu, select **Provisioning package**. - -1. Change **Owner** to **IT Admin**, which sets the precedence of this provisioning package to be higher than others applied to this device from different sources, and then select **Next**. - -1. Set a value for **Package Version**. - - > [!TIP] - > You can make changes to existing packages and change the version number to update previously applied packages. - -1. On **Select security details for the provisioning package**, select **Next**. - -1. Select **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location. - - Optionally, you can select **Browse** to change the default output location. - -1. Select **Next**. - -1. Select **Build** to start building the package. The build page displays the project information, and the progress bar indicates the build status. - -1. When the build completes, select **Finish**. - -### Apply the provisioning package to HoloLens - -1. Using the USB cable, connect the device to a PC. Start the device, but do not continue past the **fit** page of the initial setup experience (the first page with the blue box). On the PC, HoloLens shows up as a device in File Explorer. - - > [!NOTE] - > If the HoloLens device is running Windows 10, version 1607 or earlier, open File Explorer by briefly pressing and releasing the **Volume Down** and **Power** buttons simultaneously on the device. - -1. In File Explorer, drag and drop the provisioning package (.ppkg) onto the device storage. - -1. While HoloLens is still on the **fit** page, briefly press and release the **Volume Down** and **Power** buttons simultaneously again. - -1. HoloLens asks you if you trust the package and would like to apply it. Confirm that you trust the package. - -1. You will see whether the package was applied successfully or not. If it was not applied successfully, you can fix your package and try again. If successful, proceed with device setup. diff --git a/devices/hololens/hololens2-autopilot.md b/devices/hololens/hololens2-autopilot.md deleted file mode 100644 index d92aee8369..0000000000 --- a/devices/hololens/hololens2-autopilot.md +++ /dev/null @@ -1,230 +0,0 @@ ---- -title: Windows Autopilot for HoloLens 2 evaluation guide -description: -author: Teresa-Motiv -ms.author: v-tea -ms.date: 4/10/2020 -ms.prod: hololens -ms.topic: article -ms.custom: -- CI 116283 -- CSSTroubleshooting -audience: ITPro -ms.localizationpriority: high -keywords: autopilot -manager: jarrettr -appliesto: -- HoloLens 2 ---- - -# Windows Autopilot for HoloLens 2 evaluation guide - -When you set up HoloLens 2 devices for the Windows Autopilot program, your users can follow a simple process to provision the devices from the cloud. - -This Autopilot program supports Autopilot self-deploying mode to provision HoloLens 2 devices as shared devices under your tenant. Self-deploying mode leverages the device's preinstalled OEM image and drivers during the provisioning process. A user can provision the device without putting the device on and going through the Out-of-the-box Experience (OOBE). - -![The Autopilot self-deploying process configures shared devices in "headless" mode by using a network connection.](./images/hololens-ap-intro.png) - -When a user starts the Autopilot self-deploying process, the process completes the following steps: - -1. Join the device to Azure Active Directory (Azure AD). - > [!NOTE] - > Autopilot for HoloLens does not support Active Directory join or Hybrid Azure AD join. -1. Use Azure AD to enroll the device in Microsoft Intune (or another MDM service). -1. Download the device-targeted policies, user-targeted apps, certificates, and networking profiles. -1. Provision the device. -1. Present the sign-in screen to the user. - -## Windows Autopilot for HoloLens 2: Get started - -The following steps summarize the process of setting up your environment for the Windows Autopilot for HoloLens 2. The rest of this section provides the details of these steps. - -1. Make sure that you meet the requirements for Windows Autopilot for HoloLens. -1. Enroll in the Windows Autopilot for HoloLens 2 program. -1. Verify that your tenant is flighted (enrolled to participate in the program). -1. Register devices in Windows Autopilot. -1. Create a device group. -1. Create a deployment profile. -1. Verify the ESP configuration. -1. Configure a custom configuration profile for HoloLens devices (known issue). -1. Verify the profile status of the HoloLens devices. - -### 1. Make sure that you meet the requirements for Windows Autopilot for HoloLens -For the latest information about how to participate in the program, review [Windows Insider Release Notes](hololens-insider.md#windows-insider-release-notes). - -Review the following sections of the Windows Autopilot requirements article: - -- [Network requirements](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot-requirements#networking-requirements) -- [Licensing requirements](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot-requirements#licensing-requirements) -- [Configuration requirements](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot-requirements#configuration-requirements) -> [!IMPORTANT] -> Unlike other Windows Autopilot programs, Windows Autopilot for HoloLens 2 has specific operating system requirements. - -Review the "[Requirements](https://docs.microsoft.com/windows/deployment/windows-autopilot/self-deploying#requirements)" section of the Windows Autopilot Self-Deploying mode article. Your environment has to meet these requirements as well as the standard Windows Autopilot requirements. - -> [!NOTE] -> You do not have to review the "Step by step" and "Validation" sections of the article. The procedures later in this article provide corresponding steps that are specific to HoloLens. - -> [!IMPORTANT] -> For information about how to register devices and configure profiles, see [4. Register devices in Windows Autopilot](#4-register-devices-in-windows-autopilot) and [6. Create a deployment profile](#6-create-a-deployment-profile) in this article. These sections provide steps that are specific to HoloLens. - -Before you start the OOBE and provisioning process, make sure that the HoloLens devices meet the following requirements: - -- The devices are not already members of Azure AD, and are not enrolled in Intune (or another MDM system). The Autopilot self-deploying process completes these steps. To make sure that all the device-related information is cleaned up, check the **Devices** pages in both Azure AD and Intune. -- Every device can connect to the internet. You can use "USB C to Ethernet" adapters for wired internet connectivity or "USB C to Wifi" adapters for wireless internet connectivity. -- Every device can connect to a computer by using a USB-C cable, and that computer has [Advanced Recovery Companion (ARC)](https://www.microsoft.com/p/advanced-recovery-companion/9p74z35sfrs8?rtc=1&activetab=pivot:overviewtab) installed -- Every device has the latest Windows update: Windows 10, version 19041.1002.200107-0909 or a later version. - -To configure and manage the Autopilot self-deploying mode profiles, make sure that you have access to [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com). - -### 2. Enroll in the Windows Autopilot for HoloLens 2 program - -To participate in the program, you have to use a tenant that is flighted for HoloLens. To do this, go to [Windows Autopilot for HoloLens Private Preview request](https://aka.ms/APHoloLensTAP) or use the following QR code to submit a request. - -![Autopilot QR code](./images/hololens-ap-qrcode.png) - -In this request, provide the following information: - -- Tenant domain -- Tenant ID -- Number of HoloLens 2 devices that are participating in this evaluation -- Number of HoloLens 2 devices that you plan to deploy by using Autopilot self-deploying mode - -### 3. Verify that your tenant is flighted - -To verify that your tenant is flighted for the Autopilot program after you submit your request, follow these steps: - -1. Sign in to [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com). -1. Select **Devices** > **Windows** > **Windows enrollment** > **Windows Autopilot deployment profiles** > **Create profile**. - - ![Create profile dropdown includes a HoloLens item.](./images/hololens-ap-enrollment-profiles.png) - You should see a list that includes **HoloLens**. If this option is not present, use one of the [Feedback](#feedback) options to contact us. - -### 4. Register devices in Windows Autopilot - -To register a HoloLens device in the Windows Autopilot program, you have to obtain the hardware hash of the device (also known as the hardware ID). The device can record its hardware hash in a CSV file during the OOBE process, or later when a device owner starts the diagnostic log collection process (described in the following procedure). Typically, the device owner is the first user to sign in to the device. - -**Retrieve a device hardware hash** - -1. Start the HoloLens 2 device. -1. On the device, press the Power and Volume Down buttons at the same time and then release them. The device collects diagnostic logs and the hardware hash, and stores them in a set of .zip files. -1. Use a USB-C cable to connect the device to a computer. -1. On the computer, open File Explorer. Open **This PC\\\<*HoloLens device name*>\\Internal Storage\\Documents**, and locate the AutopilotDiagnostics.zip file. - - > [!NOTE] - > The .zip file may not immediately be available. If the file is not ready yet you may see a HoloLensDiagnostics.temp file in the Documents folder. To update the list of files, refresh the window. - -1. Extract the contents of the AutopilotDiagnostics.zip file. -1. In the extracted files, locate the CSV file that has a file name prefix of "DeviceHash." Copy that file to a drive on the computer where you can access it later. - > [!IMPORTANT] - > The data in the CSV file should use the following header and line format: - > ``` - > Device Serial Number,Windows Product ID,Hardware Hash,Group Tag,Assigned User ,,,, - >``` - -**Register the device in Windows Autopilot** - -1. In Microsoft Endpoint Manager Admin Center, select **Devices** > **Windows** > **Windows enrollment**, and then select **Devices** > **Import** under **Windows Autopilot Deployment Program**. - -1. Under **Add Windows Autopilot devices**, select the DeviceHash CSV file, select **Open**, and then select **Import**. - - ![Use the Import command to import the hardware hash.](./images/hololens-ap-hash-import.png) -1. After the import finishes, select **Devices** > **Windows** > **Windows enrollment** > **Devices** > **Sync**. The process might take a few minutes to complete, depending on how many devices are being synchronized. To see the registered device, select **Refresh**. - - ![Use the Sync and Refresh commands to view the device list.](./images/hololens-ap-devices-sync.png) - -### 5. Create a device group - -1. In Microsoft Endpoint Manager admin center, select **Groups** > **New group**. -1. For **Group type**, select **Security**, and then enter a group name and description. -1. For **Membership type**, select either **Assigned** or **Dynamic Device**. -1. Do one of the following: - - - If you selected **Assigned** for **Membership type** in the previous step, select **Members**, and then add Autopilot devices to the group. Autopilot devices that aren't yet enrolled are listed by using the device serial number as the device name. - - If you selected **Dynamic Devices** for **Membership type** in the previous step, select **Dynamic device members**, and then enter code in **Advanced rule** that resembles the following: - - If you want to create a group that includes all of your Autopilot devices, type: `(device.devicePhysicalIDs -any _ -contains "[ZTDId]")` - - Intune's group tag field maps to the **OrderID** attribute on Azure AD devices. If you want to create a group that includes all of your Autopilot devices that have a specific group tag (the Azure AD device OrderID), you must type: `(device.devicePhysicalIds -any _ -eq "[OrderID]:179887111881")` - - If you want to create a group that includes all your Autopilot devices that have a specific Purchase Order ID, type: `(device.devicePhysicalIds -any _ -eq "[PurchaseOrderId]:76222342342")` - - > [!NOTE] - > These rules target attributes that are unique to Autopilot devices. -1. Select **Save**, and then select **Create**. - -### 6. Create a deployment profile - -1. In Microsoft Endpoint Manager admin center, select **Devices** > **Windows** > **Windows enrollment** > **Windows Autopilot deployment profiles** > **Create profile** > **HoloLens**. -1. Enter a profile name and description, and then select **Next**. - - ![Add a profile name and description](./images/hololens-ap-profile-name.png) -1. On the **Out-of-box experience (OOBE)** page, most of the settings are pre-configured to streamline OOBE for this evaluation. Optionally, you can configure the following settings: - - - **Language (Region)**: Select the language for OOBE. We recommend that you select a language from the list of [supported languages for HoloLens 2](hololens2-language-support.md). - - **Automatically configure keyboard**: To make sure that the keyboard matches the selected language, select **Yes**. - - **Apply device name template**: To automatically set the device name during OOBE, select **Yes** and then enter the template phrase and placeholders in **Enter a name** For example, enter a prefix and `%RAND:4%`—a placeholder for a four-digit random number. - > [!NOTE] - > If you use a device name template, the OOBE process restarts the device one additional time after it applies the device name and before it joins the device to Azure AD. This restart enables the new name to take effect. - - ![Configure OOBE settings](./images/hololens-ap-profile-oobe.png) -1. After you configure the settings, select **Next**. -1. On the **Scope tags** page, optionally add the scope tags that you want to apply to this profile. For more information about scope tags, see [Use role-based access control and scope tags for distributed IT](https://docs.microsoft.com/mem/intune/fundamentals/scope-tags.md). When finished, select **Next**. -1. On the **Assignments** page, select **Selected groups** for **Assign to**. -1. Under **SELECTED GROUPS**, select **+ Select groups to include**. -1. In the **Select groups to include** list, select the device group that you created for the Autopilot HoloLens devices, and then select **Next**. - - If you want to exclude any groups, select **Select groups to exclude**, and select the groups that you want to exclude. - - ![Assigning a device group to the profile.](./images/hololens-ap-profile-assign-devicegroup.png) -1. On the **Review + Create** page, review the settings and then select **Create** to create the profile. - - ![Review + create](./images/hololens-ap-profile-summ.png) - -### 7. Verify the ESP configuration - -The Enrollment Status Page (ESP) displays the status of the complete device configuration process that runs when an MDM managed user signs into a device for the first time. Make sure that your ESP configuration resembles the following, and verify that the assignments are correct. - -![ESP configuration](./images/hololens-ap-profile-settings.png) - -### 8. Verify the profile status of the HoloLens devices - -1. In Microsoft Endpoint Manager Admin Center, select **Devices** > **Windows** > **Windows enrollment** > **Devices**. -1. Verify that the HoloLens devices are listed, and that their profile status is **Assigned**. - > [!NOTE] - > It may take a few minutes for the profile to be assigned to the device. - - ![Device and profile assignments.](./images/hololens-ap-devices-assignments.png) - -## Windows Autopilot for HoloLens 2 User Experience - -Your HoloLens users can follow these steps to provision HoloLens devices. - -1. Use the USB-C cable to connect the HoloLens device to a computer that has Advanced Recovery Companion (ARC) installed and has the appropriate Windows update downloaded. -1. Use ARC to flash the appropriate version of Windows on to the device. -1. Connect the device to the network, and then restart the device. - > [!IMPORTANT] - > You must connect the device to the network before the Out-of-the-Box-Experience (OOBE) starts. The device determines whether it is provisioning as an Autopilot device while on the first OOBE screen. If the device cannot connect to the network, or if you choose not to provision the device as an Autopilot device, you cannot change to Autopilot provisioning at a later time. Instead, you would have to start this procedure over in order to provision the device as an Autopilot device. - - The device should automatically start OOBE. Do not interact with OOBE. Instead sit, back and relax! Let HoloLens 2 detect network connectivity and allow it complete OOBE automatically. The device may restart during OOBE. The OOBE screens should resemble the following. - - ![OOBE step 1](./images/hololens-ap-uex-1.png) - ![OOBE step 2](./images/hololens-ap-uex-2.png) - ![OOBE step 3](./images/hololens-ap-uex-3.png) - ![OOBE step 4](./images/hololens-ap-uex-4.png) - -At the end of OOBE, you can sign in to the device by using your user name and password. - - ![OOBE step 5](./images/hololens-ap-uex-5.png) - -## Known Issues - -- You cannot install applications that use the device security context. - -## Feedback - -To provide feedback or report issues, use one of the following methods: - -- Use the Feedback Hub app. You can find this app on a HoloLens-connected computer. In Feedback Hub, select the **Enterprise Management** > **Device** category. - - When you provide feedback or report an issue, provide a detailed description. If applicable, include screenshots and logs. -- Send an email message to [hlappreview@microsoft.com](mailto:hlappreview@microsoft.com). For the email subject, enter **\<*Tenant*> Autopilot for HoloLens 2 evaluation feedback** (where \<*Tenant*> is the name of your Intune tenant). - - Provide a detailed description in your message. However, unless Support personnel specifically request it, do not include data such as screenshots or logs. Such data might include private or personally identifiable information (PII). diff --git a/devices/hololens/hololens2-basic-usage.md b/devices/hololens/hololens2-basic-usage.md deleted file mode 100644 index 59426de18e..0000000000 --- a/devices/hololens/hololens2-basic-usage.md +++ /dev/null @@ -1,192 +0,0 @@ ---- -title: Getting around HoloLens 2 -description: A guide to using HoloLens 2 with your hands -ms.assetid: 5f791a5c-bdb2-4c5d-bf46-4a198de68f21 -ms.date: 9/17/2019 -keywords: hololens -ms.prod: hololens -ms.sitesec: library -author: scooley -ms.author: scooley -ms.topic: article -ms.localizationpriority: high -appliesto: -- HoloLens 2 ---- - -# Getting around HoloLens 2 - -Ready to explore the world of holograms? - -This guide provides an intro to: - -- Interacting with mixed reality -- Using your hands and voice for interacting with holograms on HoloLens 2 -- Navigating Windows 10 on HoloLens (Windows Holographic) - -## Discover mixed reality - -On HoloLens, holograms blend the digital world with your physical environment to look and sound like they're part of your world. Even when holograms are all around you, you can always see your surroundings, move freely, and interact with people and objects. We call this experience "mixed reality". - -The holographic frame positions your holograms where your eyes are most sensitive to detail and the see-through lenses leave your peripheral vision clear. With spatial sound, you can pinpoint a hologram by listening, even if it’s behind you. And, because HoloLens understands your physical environment, you can place holograms on and around real objects such as tables and walls. - -Getting around HoloLens is a lot like using your smart phone. You can use your hands to touch and manipulate holographic windows, menus, and buttons. - -Once you know these basic interactions, getting around on HoloLens will be a snap. - -> [!TIP] -> If you have a HoloLens near you right now, the **Tips** app provides literal hands-on tutorials for hand interactions on HoloLens. -> Use the start gesture to go to **Start** or say "Go to Start" and select **Tips**. - -## The hand-tracking frame - -HoloLens has sensors that can see a few feet to either side of you. When you use your hands, you'll need to keep them inside that frame, or HoloLens won't see them. However, the frame moves with you as you move around. - -![Image that shows the HoloLens hand-tracking frame](./images/hololens-2-gesture-frame.png) - -## Touch holograms near you - -When a hologram is near you, bring your hand close to it and a white ring should appear on the tip of your index finger. This is the **touch cursor** which helps you touch and interact with holograms with precision. To **select** something, simply **tap** it with the touch cursor. **Scroll** content by **swiping** on the surface of the content with your finger, just like you're using a touch screen. - -To **grab** a hologram near you, pinch your **thumb** and **index finger** together on the hologram and hold. To let go, release your fingers. Use this **grab gesture** to move, resize, and rotate 3D objects and app windows in mixed reality home. - -To bring up a **context menu**, like the ones you'll find on an app tile in the Start menu, **tap and hold** like you do on a touch screen. - -## Use hand ray for holograms out of reach - -> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE3ZOum] - -When there are no holograms near your hands, the **touch cursor** will hide automatically and **hand rays** will appear from the palm of your hands. Hand rays allow you to interact with holograms from a distance. - -> [!TIP] -> If you find hand rays distracting, you can hide them by saying “Hide hand rays”. To make them reappear, say "Show hand rays." - -### Select using air tap - -To select something using **hand ray**, follow these steps: - -1. Use a hand ray from your palm to target the item. You don't need to raise your entire arm, you can keep your elbow low and comfortable. -1. Point your index finger straight up toward the ceiling. -1. To perform the **air tap** gesture, pinch your thumb and index finger together and then quickly release them. - - ![Air-tap gesture animation](./images/hololens-air-tap.gif) - -### Grab using air tap and hold - -> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE3Wxnh] - -To grab a hologram or scroll app window content using **hand ray**, start with an **air tap**, but keep your fingers together instead of releasing them. - -Use **air tap and hold** to perform the following actions with hand ray: - -- **Scroll**. To scroll app window content, air tap and hold on the content and then move your hand ray up and down or side to side. -- **Grab**. To grab an app window or hologram, target the app title bar or hologram with your hand ray and then air tap and hold. -- **Open context menus**. To open context menus, air tap and hold with your hand ray. - -## Start gesture - -> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE3Wxng] - -The Start gesture opens the **Start menu**. To perform the Start gesture, hold out your hand with your palm facing you. You’ll see a **Start icon** appear over your inner wrist. Tap this icon using your other hand. The Start menu will open **where you’re looking**. - -> [!TIP] -> -> - You can use the Start gesture as long as your hands are inside the hand-tracking frame. You do not need to be looking down at the Start icon. Keep your elbow low and comfortable, and look in the direction where you want the Start menu to open. -> - If the Start menu didn't open at the position you want, simply move your head around to reposition it. -> - If you have trouble reading the smaller text on the Start menu, step closer to it after it opens. -> - If your hand is slightly off to the side of the frame, you may still be able to view the Start menu by tapping your inner wrist, even if you don't see the icon. - -![Image that shows the Start icon and the Start gesture](./images/hololens-2-start-gesture.png) - -To **close** the Start menu, do the Start gesture when the Start menu is open. You can also look at the Start menu and say "Close". - -### One-handed Start gesture - -> [!IMPORTANT] -> For the one-handed Start gesture to work: -> -> 1. You must update to the November 2019 update (build 18363.1039) or later. -> 1. Your eyes must be calibrated on the device so that eye tracking functions correctly. If you do not see orbiting dots around the Start icon when you look at it, your eyes are not [calibrated](https://docs.microsoft.com/hololens/hololens-calibration#calibrating-your-hololens-2) on the device. - -You can also perform the Start gesture with only one hand. To do this, hold out your hand with your palm facing you and look at the **Start icon** on your inner wrist. **While keeping your eye on the icon**, pinch your thumb and index finger together. - -![Image that shows the Start icon and the one-handed start gesture](./images/hololens-2-start-alternative.png) - -## Start menu, mixed reality home, and apps - -Ready to put all these hand interactions to the test?! - -You'll find your installed apps in the [Start menu](holographic-home.md) and you can find additional apps for HoloLens in the [Microsoft Store](holographic-store-apps.md). - -Just as Windows PC always starts its experience at the desktop, HoloLens always starts in **mixed reality home** when turned on. Using the Start menu, you can open and place app windows, as well as app launchers and 3D content in mixed reality home. Their placements in your physical space will be remembered by HoloLens. - -Open the **Start menu**, then select the **Settings** app tile. An app window will open in front of you. - -Settings is an example of a HoloLens app that uses a 2D **app window**. It's very similar to a Windows application on PC. - -Now you can open the **Start menu** again and select the **Tips** app tile. A 3D **app launcher** for the app will appear in front of you. To open the app, you need to select the **play** button on the launcher. - -Tips is an example of an **immersive app**. An immersive app takes you away from mixed reality home when it runs and becomes the only app you see. To exit, you need to bring up the Start menu and select the **mixed reality home** button at the bottom. - -[Go here to learn more](holographic-home.md) about Start menu and mixed reality home, including info on how to use and manage apps on HoloLens 2. - -## Move, resize, and rotate holograms - -In mixed reality home you can move, resize, and rotate app windows and 3D objects using your hands, hand ray and voice commands. - -### Moving holograms - -Move a hologram or app by following these steps: - -1. Grab the hologram by pinching your index finger and thumb on the hologram or face your hand down and then close your fist over it. Grab a 3D hologram anywhere inside its blue bounding box. For an app window, grab its title bar. -1. Without letting go, move your hand to position the hologram. When moving an app window this way, the app window automatically turns to face you as it moves, making it easier to use at its new position. -1. Release your fingers to place it. - -### Resizing holograms - -> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE3ZYIb] - -Grab and use the **resize handles** that appear on the corners of 3D holograms and app windows to resize them. - -For an app window, when resized this way the window content correspondingly increases in size and becomes easier to read. - -If you want to resize an app window so that **more content** appears in the window, use the resize handles located on the sides and bottom edges of the app window. - -There are two ways to resize a hologram that's further away from you. You can either grab two corners of the hologram, or use the resize controls. - -### Rotating holograms - -For 3D holograms, grab and use the rotate handles that appear on the vertical edges of the bounding box. - -For app windows, moving an app window will cause it to automatically rotate and face you. - -You can also grab a 3D hologram or app window with **both hands** (or hand ray) at once and then: - -- Move your hands closer together or further apart to resize the hologram. -- Move your hands closer and further away from your body to rotate the hologram. - -### Follow me, stop following - -Holograms and app windows stay where you placed them in the world. That's not always convenient if you need to move around and you want an application to stay visible. To ask an app to start or stop following you, select **Follow me** in the top right corner of the app window (next to the **Close** button). An app window that is following you will also follow you into, an out of, an immersive app. - -## Use HoloLens with your voice - -You can use your voice to do most of the same things you do with hands on HoloLens, like taking a quick photo or opening an app. - -| To do this | Say this | -| - | - | -| Open the Start menu | "Go to Start" | -| Select | Say "select" to bring up the gaze cursor. Then, turn your head to position the cursor on the thing you want to select, and say “select” again. | -| See available speech commands | "What can I say?" | - - [See more voice commands and ways to use speech with HoloLens](hololens-cortana.md) - -## Next steps - -Congratulations! You're ready to use HoloLens 2! - -Now you can configure your HoloLens 2 to meet your specific needs. Other things you may want to try include: - -- [Connecting bluetooth devices like a mouse and keyboard](hololens-connect-devices.md) -- [Installing apps from the store](holographic-store-apps.md) -- [Sharing your HoloLens with other people](hololens-multiple-users.md) diff --git a/devices/hololens/hololens2-fit-comfort-faq.md b/devices/hololens/hololens2-fit-comfort-faq.md deleted file mode 100644 index e97e03f502..0000000000 --- a/devices/hololens/hololens2-fit-comfort-faq.md +++ /dev/null @@ -1,69 +0,0 @@ ---- -title: HoloLens 2 fit and comfort FAQ -description: Answers to frequently asked questions about how to fit your HoloLens 2. -ms.prod: hololens -ms.sitesec: library -author: Teresa-Motiv -ms.author: v-tea -ms.topic: article -audience: ItPro -ms.localizationpriority: high -ms.date: 11/07/2019 -ms.reviewer: jarrettr -manager: jarrettr -appliesto: -- HoloLens 2 ---- - -# HoloLens 2 fit and comfort frequently asked questions - -Here are some tips on how to stay comfortable and have the best experience using your HoloLens. - -For step-by-step instructions and a video about putting on and adjusting your device, see [Get your HoloLens 2 ready to use](hololens2-setup.md). - -> [!NOTE] -> The fit and comfort tips in this topic are meant only as general guidance—they don't replace any laws or regulations, or your good judgment when using HoloLens. Stay safe, and have fun! - -Here are some tips on how to stay comfortable and have the best experience using your HoloLens. - -## I'm experiencing discomfort when I use my device. What should I do? - -If you experience discomfort, take a break until you feel better. Try sitting in a well-lit room and relaxing for a bit. The next time your use your HoloLens, try using it for a shorter period of time at first. - -For more information, see [Health and safety on HoloLens](https://go.microsoft.com/fwlink/p/?LinkId=746661). - -## I can't see the whole holographic frame, or my holograms are cut off - -To see the top edge of the holographic frame, move the device so it sits higher on your head, or angle the headband up slightly in front. To see the bottom edge, move the device to sit lower on your head, or angle the headband down slightly in front. If the left or right edge of the view frame isn't visible, make sure the HoloLens visor is centered on your forehead. - -## I need to look up or down to see holograms - -Try adjusting the position of your device visor so the holographic frame matches your natural gaze. Here's how: - -- **If you need to look up to see holograms**. First, shift the back of the headband a bit higher on your head. Then use one hand to hold the headband in place and the other to gently rotate the visor so you have a good view of the holographic frame. -- **If you need to look down to see holograms**. First, shift the back of the headband a bit lower on your head. Then place your thumbs under the device arms and your index fingers on top of the headband, and gently squeeze with your thumbs to rotate the visor so you have a good view of the holographic frame. - -## Hologram image color or brightness does not look right - -For HoloLens 2, take the following steps to ensure the highest visual quality of holograms presented in displays: - -- **Increase brightness of the display.** Holograms look best when the display is at its brightest level. -- **Bring visor closer to your eyes.** Swing the visor down to the closest position to your eyes. -- **Shift visor down.** Try moving the brow pad on your forehead down, which will result in the visor moving down closer to your nose. -- **Run eye calibration.** The display uses your IPD and eye gaze to optimize images on the display. If you don't run eye calibration, the image quality may be made worse. - -## The device slides down when I'm using it, or I need to make the headband too tight to keep it secure - -The overhead strap can help keep your HoloLens secure on your head, particularly if you're moving around a lot. The strap may also let you loosen the headband a bit. [Learn how to use it](hololens2-setup.md#adjust-fit). - -You can also experiment with the positioning of the headband—depending on your head size and shape, you may need to slide it up or down to reposition it on your forehead. - -## How can I adjust HoloLens to fit with my glasses? - -To accommodate eyewear, you can tilt the visor. - -## My arm gets tired when I use gestures. What can I do? - -When using gestures, there's no need to extend your arm out far from your body. Keep it closer to your side, where it's more comfortable and will get less tired. You can also use hand rays to interact with holograms without raising your arms [Learn more about gestures and hand rays](hololens2-basic-usage.md#the-hand-tracking-frame). - -And be sure to try out [voice commands](hololens-cortana.md). diff --git a/devices/hololens/hololens2-hardware.md b/devices/hololens/hololens2-hardware.md deleted file mode 100644 index 048dd790da..0000000000 --- a/devices/hololens/hololens2-hardware.md +++ /dev/null @@ -1,145 +0,0 @@ ---- -title: HoloLens 2 hardware -description: An outline of the components that make up Microsoft HoloLens 2, the latest evolution of Microsoft's fully untethered holographic computer running Windows 10. -ms.assetid: 651d0430-bfbc-4685-a4fd-db7c33ce9325 -ms.date: 9/17/2019 -keywords: hololens -ms.prod: hololens -ms.sitesec: library -author: scooley -ms.author: scooley -ms.topic: article -ms.localizationpriority: high -appliesto: -- HoloLens 2 ---- - -# HoloLens 2 hardware - -![HoloLens 2 side view](images/hololens2-exploded-medium.png) - -Microsoft HoloLens 2 is an untethered holographic computer. It refines the holographic computing journey started by HoloLens (1st gen) to provide a more comfortable and immersive experience paired with more options for collaborating in mixed reality. - -## HoloLens components - -- **Visor**. Contains the HoloLens sensors and displays. You can rotate the visor up while wearing the HoloLens. -- **Headband**. To put the HoloLens on, use the adjustment wheel to expand the headband. With the HoloLens in place, tighten the adjustment wheel by turning to the right, until the headband is comfortable. -- **Brightness buttons**. When wearing the HoloLens, the brightness buttons are on the left side of the device. -- **Volume buttons**. When wearing the HoloLens, the volume buttons are on the right side of the device. - -## In the box - -- **Brow pad**. You can remove and replace the brow pad, as needed. -- **Overhead strap**. When you're wearing the HoloLens while moving around, use the overhead strap to help keep the device in place. When wearing the HoloLens for extended periods, the overhead strap may make the device more comfortable to wear. -- **USB-C cable**. Use the USB-C cable to connect your HoloLens to the power supply for charging, or to connect your HoloLens to your computer. -- **Power supply**. Plugs into a power outlet. -- **Microfiber cloth**. Use to clean your HoloLens visor. - -### Power Supply details - -The power supply and the USB cable that come with the device are the best supported mechanism for charging. The power supply is an 18W charger. It's supplies 9V at 2A. - -Charging rate and speed may vary depending on the environment in which the device is running. - -In order to maintain/advance Internal Battery Charge Percentage while the device is on, it must be connected minimum to a 15W charger. - -## Device specifications - -### Display - -| | | -| - | - | -| Optics | See-through holographic lenses (waveguides) | -| Holographic resolution | 2k 3:2 light engines | -| Holographic density | >2.5k radiants (light points per radian) | -| Eye-based rendering | Display optimization for 3D eye position | - -### Sensors - -| | | -| - | - | -| Head tracking | 4 visible light cameras | -| Eye tracking | 2 Infrared (IR) cameras | -| Depth | 1-MP Time-of-Flight depth sensor | -| Inertial measurement unit (IMU) | Accelerometer, gyroscope, magnetometer | -| Camera | 8-MP stills, 1080p30 video | - -### Audio and speech - -| | | -| - | - | -| Microphone array | 5 channels | -| Speakers | Built-in spatial sound | - -### Compute and connectivity - -| | | -| - | - | -| System on chip | Qualcomm Snapdragon 850 Compute Platform [details](https://www.qualcomm.com/products/snapdragon-850-mobile-compute-platform) | -| Holographic processing unit | Second-generation custom-built holographic processing unit | -| Memory | 4-GB LPDDR4x system DRAM | -| Storage | 64-GB UFS 2.1 | -| WiFi | 802.11ac 2x2 | -| Bluetooth | 5.0 | -| USB | USB Type-C | - -### Power - -| | | -| - | - | -| Battery Life | 2-3 hours of active use. Up to 2 weeks of standby time. | -| Battery technology | [Lithium batteries](https://www.microsoft.com/download/details.aspx?id=43388) | -| Charging behavior | Fully functional when charging | -| Cooling type | Passively cooled (no fans) | -| Power draw | In order to maintain/advance Internal Battery Charge Percentage while the device is on, it must be connected minimum to a 15W charger. | - -### Fit - -| | | -| - | - | -| Sizing | Single size with adjustable band. Fits over eyeglasses | -| Weight | 566 grams | - -## Device capabilities - -### Human understanding - -| | | -| - | - | -| Hand tracking | Two-handed fully articulated model, direct manipulation | -| Eye tracking | Real-time tracking | -| Voice | Command and control on-device; Cortana natural language with internet connectivity | - -### Environment understanding - -| | | -| - | - | -| Six Degrees of Freedom (6DoF) tracking | World-scale positional tracking | -| Spatial mapping | Real-time environment mesh | -| Mixed reality capture | Mixed hologram and physical environment photos and videos | - -## Pre-installed software - -- Windows Holographic Operating System -- Microsoft Edge -- Dynamics 365 Remote Assist -- Dynamics 365 Guides -- 3D Viewer -- OneDrive for Business -- HoloLens Tips -- Cortana - -## Device certifications - -### Safety - -[Product Safety](https://support.microsoft.com/en-us/help/4023454/safety-information) -Eye safety: HoloLens 2 has been tested and conforms to the basic impact protection requirements of ANSI Z87.1, CSA Z94.3 and EN 166. - -### Regulatory Information -[HoloLens Regulatory](https://support.microsoft.com/en-us/help/13761/hololens-regulatory-information) - -## Next step - -> [!div class="nextstepaction"] -> [Set up and start your HoloLens 2](hololens2-setup.md) diff --git a/devices/hololens/hololens2-language-support.md b/devices/hololens/hololens2-language-support.md deleted file mode 100644 index e97e9dd065..0000000000 --- a/devices/hololens/hololens2-language-support.md +++ /dev/null @@ -1,77 +0,0 @@ ---- -title: Supported languages for HoloLens 2 -description: -ms.prod: hololens -ms.sitesec: library -author: Teresa-Motiv -ms.author: v-tea -ms.topic: article -ms.localizationpriority: medium -ms.custom: -- CI 115225 -- CSSTroubleshooting -keywords: localize, language support, display language, keyboard language, IME, keyboard layout -ms.date: 03/12/2020 -audience: ITPro -ms.reviewer: jarrettr -manager: jarrettr -appliesto: -- HoloLens 2 ---- - -# Supported languages for HoloLens 2 - -HoloLens 2 is localized into the following languages. The localization features include speech commands and dictation, keyboard layouts, and OCR recognition within apps. - -- Chinese Simplified (China) -- English (Australia) -- English (Canada) -- English (Great Britain) -- English (United States) -- French (Canada) -- French (France) -- German (Germany) -- Italian (Italy) -- Japanese (Japan) -- Spanish (Spain) - -HoloLens 2 also supports the following languages. However, this support does not include speech commands or dictation features. - -- Chinese Traditional (Taiwan and Hong Kong) -- Dutch (Netherlands) -- Korean (Korea) - -Some features of HoloLens 2 use the Windows display language. The Windows display language affects the following settings for Windows and for apps that support localization: - -- The user interface text language. -- The speech language. -- The default layout of the on-screen keyboard. - -## Change the language or keyboard layout - -The setup process configures your HoloLens for a specific region and language. You can change this configuration by using the **Time & language** section of **Settings**. - -> [!NOTE] -> Your speech and dictation language depends on (and is the same as) the Windows display language. - -### To change the Windows display language - -1. Open the **Start** menu, and then select **Settings** > **Time and language** > **Language**. -2. Select **Windows display language**, and then select a language. - -If the supported language that you're looking for is not in the menu, follow these steps: - -1. Under **Preferred languages**, select **Add a language**. -2. Locate and add the language. -3. Select the **Windows display language** menu again, and then select the language that you added in the previous step. - -### To change the keyboard layout - -To add or remove a keyboard layout, open the **Start** menu, and then select **Settings** > **Time & language** > **Keyboard**. - -If your HoloLens has more than one keyboard layout, use the **Layout** key to switch between them. The **Layout** key is in the lower right corner of the on-screen keyboard. - -> [!NOTE] -> The on-screen keyboard can use Input Method Editor (IME) to enter characters in languages such as Chinese. However, HoloLens does not support external Bluetooth keyboards that use IME. -> -> While you use IME together with the on-screen keyboard, you can continue to use a Bluetooth keyboard to type in English. To switch between keyboards, press the tilde character button (**~**). diff --git a/devices/hololens/hololens2-maintenance.md b/devices/hololens/hololens2-maintenance.md deleted file mode 100644 index 88617eea68..0000000000 --- a/devices/hololens/hololens2-maintenance.md +++ /dev/null @@ -1,84 +0,0 @@ ---- -title: HoloLens 2 cleaning FAQ -description: -author: Teresa-Motiv -ms.author: v-tea -ms.date: 4/14/2020 -ms.prod: hololens -ms.topic: article -ms.custom: -- CI 115560 -- CSSTroubleshooting -audience: ITPro -ms.localizationpriority: medium -keywords: -manager: jarrettr -appliesto: -- HoloLens 2 ---- - -# HoloLens 2 cleaning FAQ - -> [!IMPORTANT] -> Microsoft cannot make a determination of the effectiveness of any given disinfectant product in fighting pathogens such as COVID-19. Please refer to your local public health authority's guidance about how to stay safe from potential infection. - -## What are the general cleaning instructions for HoloLens 2 devices? - -**To clean the device** - -1. Remove any dust by using a dry, lint-free microfiber cloth to gently wipe the surface of the device. -1. Lightly moisten the cloth by using medical "70%" isopropyl alcohol, and then use the moistened cloth to gently wipe the surface of the device. - - ![Image that shows how to clean the visor](images/hololens-cleaning-visor.png) - -1. Let the device dry completely. - -**To clean the brow pad** - -1. Use water and a mild, antibiotic soap to moisten a cloth, and then use the moistened cloth to wipe the brow pad. -1. Let the brow pad dry completely. - -## Can I use any lens cleaner for cleaning the HoloLens visor? - -No. Lens cleaners can be abrasive to the coatings on the visor. To clean the visor, follow these steps: - -1. Remove any dust by using a dry lint-free microfiber cloth to gently wipe the visor. -1. Lightly moisten a cloth by using medical "70%" isopropyl alcohol, and then gently wipe the visor. -1. Let the visor dry completely. - -## Can I use disinfecting wipes to clean the device? - -Yes, if the wipes do not contain bleach. You can use non-bleach disinfecting wipes to [gently wipe the HoloLens surfaces](#what-are-the-general-cleaning-instructions-for-hololens-2-devices). - -> [!CAUTION] -> Avoid using disinfecting wipes that contains bleach to clean the HoloLens surfaces. It is acceptable to use bleach wipes in critical situations, when nothing else is available. However, bleach may damage the HoloLens visor or other surfaces. - -## Can I use alcohol to clean the device? - -Yes. You can use a solution of "70%" isopropyl alcohol and water to clean the hard surfaces of the device, including the visor. Lightly moisten the cloth by using a mix of isopropyl alcohol and water, and then gently wipe the surface of the device - -## Is the brow pad replaceable? - -Yes. The brow pad is magnetically attached to the device. To detach it, pull it gently away from the headband. To replace it, snap it back into place. - -![Remove or replace the brow pad](images/hololens2-remove-browpad.png) - -## How can I clean the brow pad? - -To clean the brow pad, wipe it by using a cloth that's moistened by using water and a mild antibiotic soap. Let the brow pad dry completely before you use it again. - -## Can I use ultraviolet (UV) light to sanitize the device? - -UV-C germicidal irradiation has not been tested on HoloLens 2. - -> [!CAUTION] -> High levels of UV-A and UV-B exposure can degrade the display quality of the device and damage the visor coating. Over-exposure to UV-A and UV-B radiation has the following effects, in order of the duration and intensity of exposure: -> -> 1. The brow pad and device closures become discolored. -> 1. Defects appear in the anti-reflective (AR) coating on the visor and on the sensor windows. -> 1. Defects appear in the base materials of the visor and on the sensor windows. -> 1. SRG performance degrades. - -## Is the rear pad replaceable? - -No. diff --git a/devices/hololens/hololens2-setup.md b/devices/hololens/hololens2-setup.md deleted file mode 100644 index 15327915f5..0000000000 --- a/devices/hololens/hololens2-setup.md +++ /dev/null @@ -1,120 +0,0 @@ ---- -title: Prepare a new HoloLens 2 -description: This guide walks through first time set up and hardware guide. -keywords: hololens, lights, fit, comfort, parts -ms.assetid: 02692dcf-aa22-4d1e-bd00-f89f51048e32 -ms.date: 9/17/2019 -keywords: hololens -ms.prod: hololens -ms.sitesec: library -author: scooley -ms.author: scooley -ms.topic: article -ms.localizationpriority: high -appliesto: -- HoloLens 2 ---- - -# Get your HoloLens 2 ready to use - -The procedures below will help you set up a HoloLens 2 for the first time. - -## Charge your HoloLens - -Connect the power supply to the charging port by using the USB-C cable (included). Plug the power supply into a power outlet. The power supply and USB-C-to-C cable that come with the device are the best way to charge your HoloLens 2. The charger supplies 18W of power (9V at 2A). - -Charging rate and speed may vary depending on the environment in which the device is running. - -- When the device is charging, the battery indicator lights up to indicate the current level of charge. The last light will fade in and out to indicate active charging. -- When your HoloLens is on, the battery indicator displays the battery level in increments. -- When only one of the five lights is on, the battery level is below 20 percent. -- If the battery level is critically low and you try to turn on the device, one light will blink briefly, then go out. - -## Adjust fit - -Place the HoloLens 2 on your head. If you wear eyeglasses, leave them on. The brow pad should sit comfortably on your forehead and the back band should sit in the middle-back of your head. - -If necessary, extend the headband by turning the adjustment wheel, and then loosen the overhead strap. - -![HoloLens 2 fit and adjustments](images/hololens2-fit.png) - -### Attach and detach the overhead strap - -The overhead strap isn't required, but it can make wearing HoloLens 2 more comfortable during long periods of use. - -To detach the front of the overhead strap, unhook the strap and slide it through the retractable loop on the brow pad. To reattach it, pull out the loop and slide the strap back through. - -To detach the back of the overhead strap, press the button below each connection tab and pull gently. To reattach it, push the connection tabs back into the slots until they click. - -![attach or remove the HoloLens 2 head strap](images/hololens2-headstrap.png) - -## Turn on the HoloLens 2 - -To turn on your HoloLens 2, press the Power button. The LED lights below the Power button display the battery level. - -> [!NOTE] -> To power on HoloLens 2 for the very first time, after unboxing, press and hold the power button for at least 4 seconds to turn it on. Next time you power on HoloLens 2, it’ll start after a short power button press. - -### Power button actions for different power transitions - -| To do this | Perform this action | The HoloLens 2 will do this | -| - | - | - | -| To turn on | Single button press. | All five lights turn on, then change to indicate the battery level. After four seconds, a sound plays. | -| To sleep | Single button press. | All five lights turn on, then fade off one at a time. After the lights turn off, a sound plays and the screen displays "Goodbye." | -| To wake from sleep | Single button press. | All five lights turn on, then change to indicate the battery level. A sound immediately plays. | -| To turn off | Press and hold for 5s. | All five lights turn on, then fade off one at a time. After the lights turn off, a sound plays and the screen displays "Goodbye." | -| To force the Hololens to restart if it is unresponsive | Press and hold for 10s. | All five lights turn on, then fade off one at a time. After the lights turn off. | - -## HoloLens behavior reference - -Not sure what the indicator lights on your HoloLens mean? Want to know how HoloLens should behave while charging? Here's some help! - -### Charging behavior - -| State of the Device | Action | HoloLens 2 will do this | -| - | - | - | -| OFF | Plug in USB Cable | Device transitions to ON with indicator lights showing battery level and device starts charging. -| ON | Remove USB Cable | Device stops charging -| ON | Plug in USB Cable | Device starts charging -| SLEEP | Plug in USB Cable | Device starts charging -| SLEEP | Remove USB Cable | Device stops charging -| ON with USB cable plugged in | Turn off Device | Device transitions to ON with indicator lights showing battery level and device will start charging | - -### Lights that indicate the battery level - -| Number of lights | Battery level | -| - | - | -| Four solid lights, one light fading in and out | Between 100% and 81% (fully charged) | -| Three solid lights, one light fading in and out | Between 80% and 61% | -| Two solid lights, one light fading in and out | Between 60% and 41% | -| One solid light, one light fading in and out | Between 40% and 21% | -| One light fading in and out | Between 20% and 5% or lower (critical battery) | - -### Sleep Behavior - -| State of the Device | Action | HoloLens 2 will do this | -| - | - | - | -| ON | Single Power button press | Device transitions to SLEEP and turns off all indicator lights | -| ON | No movement for 3 minutes | Device transition to SLEEP and turns off all indicator lights | -| SLEEP | Single Power button Press | Device transitions to ON and turns on indicator lights | - -### Lights to indicate problems - -| When you do this | The lights do this | It means this | -| - | - | - | -| You press the Power button. | One light flashes five times, then turns off. | The HoloLens battery is critically low. Charge your HoloLens. | -| You press the Power button. | All five lights flash five times, then turn off. | HoloLens cannot start correctly and is in an error state. [Reinstall the operating system](hololens-recovery.md) to recover your device. | -| You press the Power button. | The 1st, 3rd, and 5th lights flash together continually. | HoloLens may have a hardware failure. To be sure, [reinstall the OS](hololens-recovery.md), and try again. After reinstalling the OS, if the light-flash pattern persists, contact [support](https://support.microsoft.com/en-us/supportforbusiness/productselection?sapid=3ec35c62-022f-466b-3a1e-dbbb7b9a55fb). | - -## Safety and comfort - -### Use HoloLens in safe surroundings - -Use your HoloLens in a safe space, free of obstructions and tripping hazards. Don’t use it when you need a clear field of view or can't commit your full attention, such as while you’re operating a vehicle or doing other potentially hazardous activities. - -### Stay comfortable - -Keep your first few sessions with HoloLens brief and be sure to take breaks. If you experience discomfort, stop and rest until you feel better. This might include temporary feelings of nausea, motion sickness, dizziness, disorientation, headache, fatigue, eye strain, or dry eyes. - -> [!div class="nextstepaction"] -> [Start and configure your HoloLens 2](hololens2-start.md) diff --git a/devices/hololens/hololens2-start.md b/devices/hololens/hololens2-start.md deleted file mode 100644 index 78d3697f03..0000000000 --- a/devices/hololens/hololens2-start.md +++ /dev/null @@ -1,93 +0,0 @@ ---- -title: Set up your HoloLens 2 -description: This guide walks through first time set up. You'll need a Wi-Fi network and either a Microsoft (MSA) or Azure Active Directory (AAD) account. -ms.assetid: 507305f4-e85a-47c5-a055-a3400ae8a10e -ms.date: 9/17/2019 -keywords: hololens -ms.prod: hololens -ms.sitesec: library -author: scooley -ms.author: scooley -ms.topic: article -ms.localizationpriority: high -appliesto: -- HoloLens 2 ---- - -# Set up your HoloLens 2 - -The first time you turn on your HoloLens, you'll be guided through setting up your device, signing in with a user account, and calibrating the HoloLens to your eyes. This section walks through the HoloLens 2 initial setup experience. - -In the next section, you'll learn how to work with HoloLens and interact with holograms. To skip ahead to that article, see [Get started with HoloLens 2](hololens2-basic-usage.md). - -## Before you start - -Before you get started, make sure you have the following available: - -**A network connection**. You'll need to connect your HoloLens to a network to set it up. With HoloLens 2, you can connect with Wi-Fi or by using ethernet (you'll need a USB-C-to-Ethernet adapter). The first time you connect, you'll need an open or password-protected network that doesn't require navigating to a website or using certificates to connect. [Learn more about the websites that HoloLens uses](hololens-offline.md). - -**A Microsoft account**. You'll also need to sign in to HoloLens with a Microsoft account (or with your work account, if your organization owns the device). If you don't have a Microsoft account, go to [account.microsoft.com](https://account.microsoft.com) and set one up for free. - -**A safe, well-lit space with no tripping hazards**. [Health and safety info](https://go.microsoft.com/fwlink/p/?LinkId=746661). - -**The optional comfort accessories** that came with your HoloLens, to help you get the most comfortable fit. [More on fit and comfort](hololens2-setup.md#adjust-fit). - -## Set up Windows - -The first time you start your HoloLens 2, your first task is to set up Windows Holographic. When you start your HoloLens, you will hear music and see a Windows logo. - -![First screen during first boot](images/01-magic-moment.png) - -HoloLens 2 will walk you through the following steps: - -1. Select your language. - ![Select language](images/04-language.png) - -1. Select your region. - ![Select region](images/05-region.png) - -1. Calibrate HoloLens to your eyes. If you choose to skip calibration, you'll be prompted the next time you log in. - - To calibrate, you'll look at a set of targets (referred to as gems). It's fine if you blink or close your eyes during calibration, but try not to stare at other objects in the room or physical space. HoloLens uses this process to learn about your eye position so that it can better render your holographic world. After calibration, holograms will appear correctly even as the visor shifts on your head. - - Calibration information is stored locally on the device and is not associated with any account information. For more information, see [Calibration data and security](hololens-calibration.md#calibration-data-and-security). - - ![Calibration selection screen](images/06-et-corners.png) - -1. Connect to the internet (select Wi-Fi or your ethernet connection). - HoloLens sets your time zone automatically based on information obtained from the Wi-Fi network. After setup finishes, you can change the time zone by using the Settings app. - - ![Connect to Wi-Fi](images/11-network.png) -> [!NOTE] -> If you progress past the Wi-Fi step and later need to switch to a different network while still in setup, you can press the **Volume Down** and **Power** buttons simultaneously to return to this step if you are running an OS version from October 2019 or later. For earlier versions, you may need to [reset the device](hololens-recovery.md) or restart it in a location where the Wi-Fi network is not available to prevent it from automatically connecting. -> -> Also note that during HoloLens Setup, there is a credential timeout of two minutes. The username/password needs to be entered within two minutes otherwise the username field will be automatically cleared. - -1. Sign in to your user account. You'll choose between **My work or school owns it** and **I own it**. - - When you choose **My work or school owns it**, you sign in with an Azure AD account. If your organization uses Azure AD Premium and has configured automatic MDM enrollment, HoloLens automatically enrolls in MDM. If your organization does not use Azure AD Premium, automatic MDM enrollment isn't available. In that case, you need to [manually enroll HoloLens in device management](hololens-enroll-mdm.md#enroll-through-settings-app). - 1. Enter your organizational account information. - 1. Accept the privacy statement and the end user license agreement. - 1. Sign in by using your Azure AD credentials. This may redirect to your organization's sign-in page. - 1. Continue setting up the device. - - When you choose **I own it**, you sign in with a Microsoft account. After setup is complete, you can [manually enroll HoloLens in device management](hololens-enroll-mdm.md#enroll-through-settings-app). - 1. Enter your Microsoft account information. - 2. Enter your password. If your Microsoft account requires [two-step verification (2FA)](https://blogs.technet.microsoft.com/microsoft_blog/2013/04/17/microsoft-account-gets-more-secure/), complete the verification process. - - ![Set user](images/13-device-owner.png) - -1. Select whether to enable speech on HoloLens 2, and whether to send diagnostic telemetry. - ![Enable Cortana](images/22-do-more-with-voice.png) - -1. Select your telemetry level. If you can, please enable Full telemetry. This information really helps the HoloLens engineering team. - ![Telemetry level](images/24-telemetry.png) - -1. Learn how to use the start gesture on HoloLens 2. - ![Learn how to use the start gesture, image 1](images/26-01-startmenu-learning.png) - ![Learn how to use the start gesture, image 2](images/26-02-startmenu-learning.png) - -Congratulations! Setup is complete and you're ready to use HoloLens! - -## Next steps - -> [!div class="nextstepaction"] -> [Get started with HoloLens 2](hololens2-basic-usage.md) diff --git a/devices/hololens/images/01-magic-moment.png b/devices/hololens/images/01-magic-moment.png deleted file mode 100644 index 0d55443b55..0000000000 Binary files a/devices/hololens/images/01-magic-moment.png and /dev/null differ diff --git a/devices/hololens/images/02-00-magic-moment.png b/devices/hololens/images/02-00-magic-moment.png deleted file mode 100644 index ae76fb70ea..0000000000 Binary files a/devices/hololens/images/02-00-magic-moment.png and /dev/null differ diff --git a/devices/hololens/images/02-01-magic-moment-bird-intro.png b/devices/hololens/images/02-01-magic-moment-bird-intro.png deleted file mode 100644 index ae76fb70ea..0000000000 Binary files a/devices/hololens/images/02-01-magic-moment-bird-intro.png and /dev/null differ diff --git a/devices/hololens/images/02-02-bird-palm.png b/devices/hololens/images/02-02-bird-palm.png deleted file mode 100644 index fda1f3dcdd..0000000000 Binary files a/devices/hololens/images/02-02-bird-palm.png and /dev/null differ diff --git a/devices/hololens/images/02-03-bird-button.png b/devices/hololens/images/02-03-bird-button.png deleted file mode 100644 index 749a1ab6fc..0000000000 Binary files a/devices/hololens/images/02-03-bird-button.png and /dev/null differ diff --git a/devices/hololens/images/04-language.png b/devices/hololens/images/04-language.png deleted file mode 100644 index 1106322c29..0000000000 Binary files a/devices/hololens/images/04-language.png and /dev/null differ diff --git a/devices/hololens/images/05-region.png b/devices/hololens/images/05-region.png deleted file mode 100644 index f350298813..0000000000 Binary files a/devices/hololens/images/05-region.png and /dev/null differ diff --git a/devices/hololens/images/06-et-corners.png b/devices/hololens/images/06-et-corners.png deleted file mode 100644 index af48472f60..0000000000 Binary files a/devices/hololens/images/06-et-corners.png and /dev/null differ diff --git a/devices/hololens/images/07-et-adjust-for-your-eyes.png b/devices/hololens/images/07-et-adjust-for-your-eyes.png deleted file mode 100644 index e127ba9a9d..0000000000 Binary files a/devices/hololens/images/07-et-adjust-for-your-eyes.png and /dev/null differ diff --git a/devices/hololens/images/07-et-hold-head-still.png b/devices/hololens/images/07-et-hold-head-still.png deleted file mode 100644 index a4952767bf..0000000000 Binary files a/devices/hololens/images/07-et-hold-head-still.png and /dev/null differ diff --git a/devices/hololens/images/08-et-gems.png b/devices/hololens/images/08-et-gems.png deleted file mode 100644 index 8eaba193f0..0000000000 Binary files a/devices/hololens/images/08-et-gems.png and /dev/null differ diff --git a/devices/hololens/images/09-et-adjusting.png b/devices/hololens/images/09-et-adjusting.png deleted file mode 100644 index 038dcab588..0000000000 Binary files a/devices/hololens/images/09-et-adjusting.png and /dev/null differ diff --git a/devices/hololens/images/10-et-failure1.png b/devices/hololens/images/10-et-failure1.png deleted file mode 100644 index 249abff7f6..0000000000 Binary files a/devices/hololens/images/10-et-failure1.png and /dev/null differ diff --git a/devices/hololens/images/10-et-failure2.png b/devices/hololens/images/10-et-failure2.png deleted file mode 100644 index f4b2f34334..0000000000 Binary files a/devices/hololens/images/10-et-failure2.png and /dev/null differ diff --git a/devices/hololens/images/10-et-success.png b/devices/hololens/images/10-et-success.png deleted file mode 100644 index c74c89056e..0000000000 Binary files a/devices/hololens/images/10-et-success.png and /dev/null differ diff --git a/devices/hololens/images/11-network.png b/devices/hololens/images/11-network.png deleted file mode 100644 index 1fc3884721..0000000000 Binary files a/devices/hololens/images/11-network.png and /dev/null differ diff --git a/devices/hololens/images/12-agreement.png b/devices/hololens/images/12-agreement.png deleted file mode 100644 index 96695c1888..0000000000 Binary files a/devices/hololens/images/12-agreement.png and /dev/null differ diff --git a/devices/hololens/images/13-device-owner.png b/devices/hololens/images/13-device-owner.png deleted file mode 100644 index fe66cd5386..0000000000 Binary files a/devices/hololens/images/13-device-owner.png and /dev/null differ diff --git a/devices/hololens/images/14-sign-in-msa.png b/devices/hololens/images/14-sign-in-msa.png deleted file mode 100644 index c0e3aa4d9e..0000000000 Binary files a/devices/hololens/images/14-sign-in-msa.png and /dev/null differ diff --git a/devices/hololens/images/15-iris-enrollment.png b/devices/hololens/images/15-iris-enrollment.png deleted file mode 100644 index 6bda392726..0000000000 Binary files a/devices/hololens/images/15-iris-enrollment.png and /dev/null differ diff --git a/devices/hololens/images/16-iris-hold-head-still.png b/devices/hololens/images/16-iris-hold-head-still.png deleted file mode 100644 index 09205015c0..0000000000 Binary files a/devices/hololens/images/16-iris-hold-head-still.png and /dev/null differ diff --git a/devices/hololens/images/17-iris-dots.png b/devices/hololens/images/17-iris-dots.png deleted file mode 100644 index 2ac6119b89..0000000000 Binary files a/devices/hololens/images/17-iris-dots.png and /dev/null differ diff --git a/devices/hololens/images/18-iris-enrollment-done.png b/devices/hololens/images/18-iris-enrollment-done.png deleted file mode 100644 index 6405ab8581..0000000000 Binary files a/devices/hololens/images/18-iris-enrollment-done.png and /dev/null differ diff --git a/devices/hololens/images/19-pin-create.png b/devices/hololens/images/19-pin-create.png deleted file mode 100644 index fd0c1ee5e8..0000000000 Binary files a/devices/hololens/images/19-pin-create.png and /dev/null differ diff --git a/devices/hololens/images/20-pin-setup.png b/devices/hololens/images/20-pin-setup.png deleted file mode 100644 index 752fc54e5c..0000000000 Binary files a/devices/hololens/images/20-pin-setup.png and /dev/null differ diff --git a/devices/hololens/images/201608-enterprisemanagement-400px.png b/devices/hololens/images/201608-enterprisemanagement-400px.png deleted file mode 100644 index 11c204f0f6..0000000000 Binary files a/devices/hololens/images/201608-enterprisemanagement-400px.png and /dev/null differ diff --git a/devices/hololens/images/201608-kioskmode-400px.png b/devices/hololens/images/201608-kioskmode-400px.png deleted file mode 100644 index 8d21453b8f..0000000000 Binary files a/devices/hololens/images/201608-kioskmode-400px.png and /dev/null differ diff --git a/devices/hololens/images/20190322-DevicePortal.png b/devices/hololens/images/20190322-DevicePortal.png deleted file mode 100644 index 7fdd2e34b3..0000000000 Binary files a/devices/hololens/images/20190322-DevicePortal.png and /dev/null differ diff --git a/devices/hololens/images/22-do-more-with-voice.png b/devices/hololens/images/22-do-more-with-voice.png deleted file mode 100644 index 2bf874c80d..0000000000 Binary files a/devices/hololens/images/22-do-more-with-voice.png and /dev/null differ diff --git a/devices/hololens/images/23-do-more-with-voice-learn.png b/devices/hololens/images/23-do-more-with-voice-learn.png deleted file mode 100644 index b805befc49..0000000000 Binary files a/devices/hololens/images/23-do-more-with-voice-learn.png and /dev/null differ diff --git a/devices/hololens/images/24-telemetry.png b/devices/hololens/images/24-telemetry.png deleted file mode 100644 index 004d1d5dff..0000000000 Binary files a/devices/hololens/images/24-telemetry.png and /dev/null differ diff --git a/devices/hololens/images/25-telemetry-info.png b/devices/hololens/images/25-telemetry-info.png deleted file mode 100644 index 4c4075a68f..0000000000 Binary files a/devices/hololens/images/25-telemetry-info.png and /dev/null differ diff --git a/devices/hololens/images/26-01-startmenu-learning.png b/devices/hololens/images/26-01-startmenu-learning.png deleted file mode 100644 index e24da1b854..0000000000 Binary files a/devices/hololens/images/26-01-startmenu-learning.png and /dev/null differ diff --git a/devices/hololens/images/26-02-startmenu-learning.png b/devices/hololens/images/26-02-startmenu-learning.png deleted file mode 100644 index 1a81a79178..0000000000 Binary files a/devices/hololens/images/26-02-startmenu-learning.png and /dev/null differ diff --git a/devices/hololens/images/26-03-startmenu-learning.png b/devices/hololens/images/26-03-startmenu-learning.png deleted file mode 100644 index 55d59d18f5..0000000000 Binary files a/devices/hololens/images/26-03-startmenu-learning.png and /dev/null differ diff --git a/devices/hololens/images/26-04-startmenu-learning.png b/devices/hololens/images/26-04-startmenu-learning.png deleted file mode 100644 index b7d62f5650..0000000000 Binary files a/devices/hololens/images/26-04-startmenu-learning.png and /dev/null differ diff --git a/devices/hololens/images/ARC1.png b/devices/hololens/images/ARC1.png deleted file mode 100644 index d4e8369b86..0000000000 Binary files a/devices/hololens/images/ARC1.png and /dev/null differ diff --git a/devices/hololens/images/ARC2.png b/devices/hololens/images/ARC2.png deleted file mode 100644 index 2a8331d864..0000000000 Binary files a/devices/hololens/images/ARC2.png and /dev/null differ diff --git a/devices/hololens/images/B-Calibration-4-Gem.png b/devices/hololens/images/B-Calibration-4-Gem.png deleted file mode 100644 index fbfd95cb32..0000000000 Binary files a/devices/hololens/images/B-Calibration-4-Gem.png and /dev/null differ diff --git a/devices/hololens/images/C-Settings.Calibration.png b/devices/hololens/images/C-Settings.Calibration.png deleted file mode 100644 index d27f3d754c..0000000000 Binary files a/devices/hololens/images/C-Settings.Calibration.png and /dev/null differ diff --git a/devices/hololens/images/D-CheckThisOut-Prompt.png b/devices/hololens/images/D-CheckThisOut-Prompt.png deleted file mode 100644 index a81a75a153..0000000000 Binary files a/devices/hololens/images/D-CheckThisOut-Prompt.png and /dev/null differ diff --git a/devices/hololens/images/DarkMode.jpg b/devices/hololens/images/DarkMode.jpg deleted file mode 100644 index f2cd7c4510..0000000000 Binary files a/devices/hololens/images/DarkMode.jpg and /dev/null differ diff --git a/devices/hololens/images/FitGuideSetep5.png b/devices/hololens/images/FitGuideSetep5.png deleted file mode 100644 index 9529fe69b0..0000000000 Binary files a/devices/hololens/images/FitGuideSetep5.png and /dev/null differ diff --git a/devices/hololens/images/FitGuideStep1.png b/devices/hololens/images/FitGuideStep1.png deleted file mode 100644 index 846ef9fc0b..0000000000 Binary files a/devices/hololens/images/FitGuideStep1.png and /dev/null differ diff --git a/devices/hololens/images/FitGuideStep2.png b/devices/hololens/images/FitGuideStep2.png deleted file mode 100644 index 6ac59ff43b..0000000000 Binary files a/devices/hololens/images/FitGuideStep2.png and /dev/null differ diff --git a/devices/hololens/images/FitGuideStep3.png b/devices/hololens/images/FitGuideStep3.png deleted file mode 100644 index e255da8f15..0000000000 Binary files a/devices/hololens/images/FitGuideStep3.png and /dev/null differ diff --git a/devices/hololens/images/FitGuideStep4.png b/devices/hololens/images/FitGuideStep4.png deleted file mode 100644 index 77e99f3d55..0000000000 Binary files a/devices/hololens/images/FitGuideStep4.png and /dev/null differ diff --git a/devices/hololens/images/HoloLens2_AppBarFollowing.gif b/devices/hololens/images/HoloLens2_AppBarFollowing.gif deleted file mode 100644 index 84d7f2589e..0000000000 Binary files a/devices/hololens/images/HoloLens2_AppBarFollowing.gif and /dev/null differ diff --git a/devices/hololens/images/HoloLens2_BoundingBox.gif b/devices/hololens/images/HoloLens2_BoundingBox.gif deleted file mode 100644 index 451bcae997..0000000000 Binary files a/devices/hololens/images/HoloLens2_BoundingBox.gif and /dev/null differ diff --git a/devices/hololens/images/HoloLens2_BoundingBox_Rotate.gif b/devices/hololens/images/HoloLens2_BoundingBox_Rotate.gif deleted file mode 100644 index 43a764a954..0000000000 Binary files a/devices/hololens/images/HoloLens2_BoundingBox_Rotate.gif and /dev/null differ diff --git a/devices/hololens/images/HoloLens2_Loader.gif b/devices/hololens/images/HoloLens2_Loader.gif deleted file mode 100644 index 81d8232494..0000000000 Binary files a/devices/hololens/images/HoloLens2_Loader.gif and /dev/null differ diff --git a/devices/hololens/images/HoloLens2_Proximity.gif b/devices/hololens/images/HoloLens2_Proximity.gif deleted file mode 100644 index f39f326ea7..0000000000 Binary files a/devices/hololens/images/HoloLens2_Proximity.gif and /dev/null differ diff --git a/devices/hololens/images/MicrosoftHoloLensRecovery.png b/devices/hololens/images/MicrosoftHoloLensRecovery.png deleted file mode 100644 index b162b881d8..0000000000 Binary files a/devices/hololens/images/MicrosoftHoloLensRecovery.png and /dev/null differ diff --git a/devices/hololens/images/MicrosoftHoloLens_DeviceManager.png b/devices/hololens/images/MicrosoftHoloLens_DeviceManager.png deleted file mode 100644 index ca2bd894a1..0000000000 Binary files a/devices/hololens/images/MicrosoftHoloLens_DeviceManager.png and /dev/null differ diff --git a/devices/hololens/images/ResetRecovery1.png b/devices/hololens/images/ResetRecovery1.png deleted file mode 100644 index 859d5c8778..0000000000 Binary files a/devices/hololens/images/ResetRecovery1.png and /dev/null differ diff --git a/devices/hololens/images/ResetRecovery2.png b/devices/hololens/images/ResetRecovery2.png deleted file mode 100644 index 3660b7fab1..0000000000 Binary files a/devices/hololens/images/ResetRecovery2.png and /dev/null differ diff --git a/devices/hololens/images/aad-kioskmode.PNG b/devices/hololens/images/aad-kioskmode.PNG deleted file mode 100644 index c058f25241..0000000000 Binary files a/devices/hololens/images/aad-kioskmode.PNG and /dev/null differ diff --git a/devices/hololens/images/about-encryption.png b/devices/hololens/images/about-encryption.png deleted file mode 100644 index 348e493503..0000000000 Binary files a/devices/hololens/images/about-encryption.png and /dev/null differ diff --git a/devices/hololens/images/account-management-details.png b/devices/hololens/images/account-management-details.png deleted file mode 100644 index 20816830a4..0000000000 Binary files a/devices/hololens/images/account-management-details.png and /dev/null differ diff --git a/devices/hololens/images/account-management.PNG b/devices/hololens/images/account-management.PNG deleted file mode 100644 index da53cb74b8..0000000000 Binary files a/devices/hololens/images/account-management.PNG and /dev/null differ diff --git a/devices/hololens/images/add-certificates-details.PNG b/devices/hololens/images/add-certificates-details.PNG deleted file mode 100644 index 966a826a46..0000000000 Binary files a/devices/hololens/images/add-certificates-details.PNG and /dev/null differ diff --git a/devices/hololens/images/add-certificates.PNG b/devices/hololens/images/add-certificates.PNG deleted file mode 100644 index 7a16dffd26..0000000000 Binary files a/devices/hololens/images/add-certificates.PNG and /dev/null differ diff --git a/devices/hololens/images/addnewfeedback-500px.jpg b/devices/hololens/images/addnewfeedback-500px.jpg deleted file mode 100644 index 8948dd2dae..0000000000 Binary files a/devices/hololens/images/addnewfeedback-500px.jpg and /dev/null differ diff --git a/devices/hololens/images/adk-install.png b/devices/hololens/images/adk-install.png deleted file mode 100644 index c087d3bae5..0000000000 Binary files a/devices/hololens/images/adk-install.png and /dev/null differ diff --git a/devices/hololens/images/apps.png b/devices/hololens/images/apps.png deleted file mode 100644 index 4e00aa96fc..0000000000 Binary files a/devices/hololens/images/apps.png and /dev/null differ diff --git a/devices/hololens/images/azure-ad-image.PNG b/devices/hololens/images/azure-ad-image.PNG deleted file mode 100644 index e0215265f6..0000000000 Binary files a/devices/hololens/images/azure-ad-image.PNG and /dev/null differ diff --git a/devices/hololens/images/backicon.png b/devices/hololens/images/backicon.png deleted file mode 100644 index 3007e448b1..0000000000 Binary files a/devices/hololens/images/backicon.png and /dev/null differ diff --git a/devices/hololens/images/calibration-livecube-200px.png b/devices/hololens/images/calibration-livecube-200px.png deleted file mode 100644 index 44b0142e40..0000000000 Binary files a/devices/hololens/images/calibration-livecube-200px.png and /dev/null differ diff --git a/devices/hololens/images/calibration-settings-500px.jpg b/devices/hololens/images/calibration-settings-500px.jpg deleted file mode 100644 index 0419f0307f..0000000000 Binary files a/devices/hololens/images/calibration-settings-500px.jpg and /dev/null differ diff --git a/devices/hololens/images/calibration-shell.png b/devices/hololens/images/calibration-shell.png deleted file mode 100644 index f833452cc5..0000000000 Binary files a/devices/hololens/images/calibration-shell.png and /dev/null differ diff --git a/devices/hololens/images/check_blu.png b/devices/hololens/images/check_blu.png deleted file mode 100644 index d5c703760f..0000000000 Binary files a/devices/hololens/images/check_blu.png and /dev/null differ diff --git a/devices/hololens/images/check_grn.png b/devices/hololens/images/check_grn.png deleted file mode 100644 index f9f04cd6bd..0000000000 Binary files a/devices/hololens/images/check_grn.png and /dev/null differ diff --git a/devices/hololens/images/checklistbox.gif b/devices/hololens/images/checklistbox.gif deleted file mode 100644 index cbcf4a4f11..0000000000 Binary files a/devices/hololens/images/checklistbox.gif and /dev/null differ diff --git a/devices/hololens/images/checklistdone.png b/devices/hololens/images/checklistdone.png deleted file mode 100644 index 7e53f74d0e..0000000000 Binary files a/devices/hololens/images/checklistdone.png and /dev/null differ diff --git a/devices/hololens/images/checkmark.png b/devices/hololens/images/checkmark.png deleted file mode 100644 index f9f04cd6bd..0000000000 Binary files a/devices/hololens/images/checkmark.png and /dev/null differ diff --git a/devices/hololens/images/cortana-on-hololens.png b/devices/hololens/images/cortana-on-hololens.png deleted file mode 100644 index 6205d3d2fd..0000000000 Binary files a/devices/hololens/images/cortana-on-hololens.png and /dev/null differ diff --git a/devices/hololens/images/crossmark.png b/devices/hololens/images/crossmark.png deleted file mode 100644 index 69432ff71c..0000000000 Binary files a/devices/hololens/images/crossmark.png and /dev/null differ diff --git a/devices/hololens/images/developer-setup-details.png b/devices/hololens/images/developer-setup-details.png deleted file mode 100644 index d445bf5759..0000000000 Binary files a/devices/hololens/images/developer-setup-details.png and /dev/null differ diff --git a/devices/hololens/images/developer-setup.png b/devices/hololens/images/developer-setup.png deleted file mode 100644 index a7e49873b0..0000000000 Binary files a/devices/hololens/images/developer-setup.png and /dev/null differ diff --git a/devices/hololens/images/device-encryption.PNG b/devices/hololens/images/device-encryption.PNG deleted file mode 100644 index 651429dfe0..0000000000 Binary files a/devices/hololens/images/device-encryption.PNG and /dev/null differ diff --git a/devices/hololens/images/deviceportal-appmanager.jpg b/devices/hololens/images/deviceportal-appmanager.jpg deleted file mode 100644 index 68576fcfc7..0000000000 Binary files a/devices/hololens/images/deviceportal-appmanager.jpg and /dev/null differ diff --git a/devices/hololens/images/displays-400px.jpg b/devices/hololens/images/displays-400px.jpg deleted file mode 100644 index 0ed5558bdc..0000000000 Binary files a/devices/hololens/images/displays-400px.jpg and /dev/null differ diff --git a/devices/hololens/images/doneicon.png b/devices/hololens/images/doneicon.png deleted file mode 100644 index d80389f35b..0000000000 Binary files a/devices/hololens/images/doneicon.png and /dev/null differ diff --git a/devices/hololens/images/encrypt-assign.png b/devices/hololens/images/encrypt-assign.png deleted file mode 100644 index f5b0c85a3c..0000000000 Binary files a/devices/hololens/images/encrypt-assign.png and /dev/null differ diff --git a/devices/hololens/images/encrypt-create-profile.png b/devices/hololens/images/encrypt-create-profile.png deleted file mode 100644 index b0f06ef40f..0000000000 Binary files a/devices/hololens/images/encrypt-create-profile.png and /dev/null differ diff --git a/devices/hololens/images/encrypt-custom.png b/devices/hololens/images/encrypt-custom.png deleted file mode 100644 index b3635e9ee4..0000000000 Binary files a/devices/hololens/images/encrypt-custom.png and /dev/null differ diff --git a/devices/hololens/images/encrypt-oma-uri.png b/devices/hololens/images/encrypt-oma-uri.png deleted file mode 100644 index e2754b7db4..0000000000 Binary files a/devices/hololens/images/encrypt-oma-uri.png and /dev/null differ diff --git a/devices/hololens/images/feedback1-600px.png b/devices/hololens/images/feedback1-600px.png deleted file mode 100644 index ba7cec37da..0000000000 Binary files a/devices/hololens/images/feedback1-600px.png and /dev/null differ diff --git a/devices/hololens/images/feedback2-600px.png b/devices/hololens/images/feedback2-600px.png deleted file mode 100644 index 89d44622a6..0000000000 Binary files a/devices/hololens/images/feedback2-600px.png and /dev/null differ diff --git a/devices/hololens/images/feedback3-600px.png b/devices/hololens/images/feedback3-600px.png deleted file mode 100644 index 0431687b55..0000000000 Binary files a/devices/hololens/images/feedback3-600px.png and /dev/null differ diff --git a/devices/hololens/images/feedback4-600px.png b/devices/hololens/images/feedback4-600px.png deleted file mode 100644 index 35594f2ca8..0000000000 Binary files a/devices/hololens/images/feedback4-600px.png and /dev/null differ diff --git a/devices/hololens/images/feedback5-600px.png b/devices/hololens/images/feedback5-600px.png deleted file mode 100644 index 967987d6ae..0000000000 Binary files a/devices/hololens/images/feedback5-600px.png and /dev/null differ diff --git a/devices/hololens/images/feedback6-600px.png b/devices/hololens/images/feedback6-600px.png deleted file mode 100644 index 431a4da9da..0000000000 Binary files a/devices/hololens/images/feedback6-600px.png and /dev/null differ diff --git a/devices/hololens/images/finish-details.png b/devices/hololens/images/finish-details.png deleted file mode 100644 index ff3f53e5c8..0000000000 Binary files a/devices/hololens/images/finish-details.png and /dev/null differ diff --git a/devices/hololens/images/finish.PNG b/devices/hololens/images/finish.PNG deleted file mode 100644 index 975caba764..0000000000 Binary files a/devices/hololens/images/finish.PNG and /dev/null differ diff --git a/devices/hololens/images/five.png b/devices/hololens/images/five.png deleted file mode 100644 index 961f0e15b7..0000000000 Binary files a/devices/hololens/images/five.png and /dev/null differ diff --git a/devices/hololens/images/four.png b/devices/hololens/images/four.png deleted file mode 100644 index 0fef213b37..0000000000 Binary files a/devices/hololens/images/four.png and /dev/null differ diff --git a/devices/hololens/images/hololens-2-air-tap.gif b/devices/hololens/images/hololens-2-air-tap.gif deleted file mode 100644 index 9139718cdb..0000000000 Binary files a/devices/hololens/images/hololens-2-air-tap.gif and /dev/null differ diff --git a/devices/hololens/images/hololens-2-button-sleep.png b/devices/hololens/images/hololens-2-button-sleep.png deleted file mode 100644 index 29f75da34f..0000000000 Binary files a/devices/hololens/images/hololens-2-button-sleep.png and /dev/null differ diff --git a/devices/hololens/images/hololens-2-button-turn-off.png b/devices/hololens/images/hololens-2-button-turn-off.png deleted file mode 100644 index 8e3f4a2c72..0000000000 Binary files a/devices/hololens/images/hololens-2-button-turn-off.png and /dev/null differ diff --git a/devices/hololens/images/hololens-2-button-turn-on.png b/devices/hololens/images/hololens-2-button-turn-on.png deleted file mode 100644 index 25ce3fcc58..0000000000 Binary files a/devices/hololens/images/hololens-2-button-turn-on.png and /dev/null differ diff --git a/devices/hololens/images/hololens-2-button-wake.png b/devices/hololens/images/hololens-2-button-wake.png deleted file mode 100644 index 135b1e3a04..0000000000 Binary files a/devices/hololens/images/hololens-2-button-wake.png and /dev/null differ diff --git a/devices/hololens/images/hololens-2-gesture-frame.png b/devices/hololens/images/hololens-2-gesture-frame.png deleted file mode 100644 index cc1a9f667d..0000000000 Binary files a/devices/hololens/images/hololens-2-gesture-frame.png and /dev/null differ diff --git a/devices/hololens/images/hololens-2-screenshot-with-callouts.png b/devices/hololens/images/hololens-2-screenshot-with-callouts.png deleted file mode 100644 index 769310e749..0000000000 Binary files a/devices/hololens/images/hololens-2-screenshot-with-callouts.png and /dev/null differ diff --git a/devices/hololens/images/hololens-2-start-alternative.png b/devices/hololens/images/hololens-2-start-alternative.png deleted file mode 100644 index 763cd8600e..0000000000 Binary files a/devices/hololens/images/hololens-2-start-alternative.png and /dev/null differ diff --git a/devices/hololens/images/hololens-2-start-gesture.png b/devices/hololens/images/hololens-2-start-gesture.png deleted file mode 100644 index 109c6235bb..0000000000 Binary files a/devices/hololens/images/hololens-2-start-gesture.png and /dev/null differ diff --git a/devices/hololens/images/hololens-air-tap.gif b/devices/hololens/images/hololens-air-tap.gif deleted file mode 100644 index 9139718cdb..0000000000 Binary files a/devices/hololens/images/hololens-air-tap.gif and /dev/null differ diff --git a/devices/hololens/images/hololens-ap-devices-assignments.png b/devices/hololens/images/hololens-ap-devices-assignments.png deleted file mode 100644 index f99eaa367d..0000000000 Binary files a/devices/hololens/images/hololens-ap-devices-assignments.png and /dev/null differ diff --git a/devices/hololens/images/hololens-ap-devices-sync.png b/devices/hololens/images/hololens-ap-devices-sync.png deleted file mode 100644 index fe970f7983..0000000000 Binary files a/devices/hololens/images/hololens-ap-devices-sync.png and /dev/null differ diff --git a/devices/hololens/images/hololens-ap-enrollment-profiles.png b/devices/hololens/images/hololens-ap-enrollment-profiles.png deleted file mode 100644 index 1e3e8dfaa4..0000000000 Binary files a/devices/hololens/images/hololens-ap-enrollment-profiles.png and /dev/null differ diff --git a/devices/hololens/images/hololens-ap-hash-import.png b/devices/hololens/images/hololens-ap-hash-import.png deleted file mode 100644 index 078e73d78c..0000000000 Binary files a/devices/hololens/images/hololens-ap-hash-import.png and /dev/null differ diff --git a/devices/hololens/images/hololens-ap-intro.png b/devices/hololens/images/hololens-ap-intro.png deleted file mode 100644 index 8095114167..0000000000 Binary files a/devices/hololens/images/hololens-ap-intro.png and /dev/null differ diff --git a/devices/hololens/images/hololens-ap-profile-assign-devicegroup.png b/devices/hololens/images/hololens-ap-profile-assign-devicegroup.png deleted file mode 100644 index 9e6dc92a3c..0000000000 Binary files a/devices/hololens/images/hololens-ap-profile-assign-devicegroup.png and /dev/null differ diff --git a/devices/hololens/images/hololens-ap-profile-name.png b/devices/hololens/images/hololens-ap-profile-name.png deleted file mode 100644 index a427b437b8..0000000000 Binary files a/devices/hololens/images/hololens-ap-profile-name.png and /dev/null differ diff --git a/devices/hololens/images/hololens-ap-profile-oobe.png b/devices/hololens/images/hololens-ap-profile-oobe.png deleted file mode 100644 index e14226d7ad..0000000000 Binary files a/devices/hololens/images/hololens-ap-profile-oobe.png and /dev/null differ diff --git a/devices/hololens/images/hololens-ap-profile-settings-oma.png b/devices/hololens/images/hololens-ap-profile-settings-oma.png deleted file mode 100644 index 7528f55292..0000000000 Binary files a/devices/hololens/images/hololens-ap-profile-settings-oma.png and /dev/null differ diff --git a/devices/hololens/images/hololens-ap-profile-settings.png b/devices/hololens/images/hololens-ap-profile-settings.png deleted file mode 100644 index 5753814e1b..0000000000 Binary files a/devices/hololens/images/hololens-ap-profile-settings.png and /dev/null differ diff --git a/devices/hololens/images/hololens-ap-profile-summ.png b/devices/hololens/images/hololens-ap-profile-summ.png deleted file mode 100644 index 4fb955bbdf..0000000000 Binary files a/devices/hololens/images/hololens-ap-profile-summ.png and /dev/null differ diff --git a/devices/hololens/images/hololens-ap-qrcode.png b/devices/hololens/images/hololens-ap-qrcode.png deleted file mode 100644 index c5296e3e91..0000000000 Binary files a/devices/hololens/images/hololens-ap-qrcode.png and /dev/null differ diff --git a/devices/hololens/images/hololens-ap-uex-1.png b/devices/hololens/images/hololens-ap-uex-1.png deleted file mode 100644 index f89faa366a..0000000000 Binary files a/devices/hololens/images/hololens-ap-uex-1.png and /dev/null differ diff --git a/devices/hololens/images/hololens-ap-uex-2.png b/devices/hololens/images/hololens-ap-uex-2.png deleted file mode 100644 index 5bf1beb3f0..0000000000 Binary files a/devices/hololens/images/hololens-ap-uex-2.png and /dev/null differ diff --git a/devices/hololens/images/hololens-ap-uex-3.png b/devices/hololens/images/hololens-ap-uex-3.png deleted file mode 100644 index 59a7362269..0000000000 Binary files a/devices/hololens/images/hololens-ap-uex-3.png and /dev/null differ diff --git a/devices/hololens/images/hololens-ap-uex-4.png b/devices/hololens/images/hololens-ap-uex-4.png deleted file mode 100644 index f17557b5c4..0000000000 Binary files a/devices/hololens/images/hololens-ap-uex-4.png and /dev/null differ diff --git a/devices/hololens/images/hololens-ap-uex-5.png b/devices/hololens/images/hololens-ap-uex-5.png deleted file mode 100644 index 0bd23da48e..0000000000 Binary files a/devices/hololens/images/hololens-ap-uex-5.png and /dev/null differ diff --git a/devices/hololens/images/hololens-bloom.gif b/devices/hololens/images/hololens-bloom.gif deleted file mode 100644 index db7d8378e5..0000000000 Binary files a/devices/hololens/images/hololens-bloom.gif and /dev/null differ diff --git a/devices/hololens/images/hololens-box-contents.png b/devices/hololens/images/hololens-box-contents.png deleted file mode 100644 index 51b4b5e163..0000000000 Binary files a/devices/hololens/images/hololens-box-contents.png and /dev/null differ diff --git a/devices/hololens/images/hololens-buttons.jpg b/devices/hololens/images/hololens-buttons.jpg deleted file mode 100644 index 868487b0bf..0000000000 Binary files a/devices/hololens/images/hololens-buttons.jpg and /dev/null differ diff --git a/devices/hololens/images/hololens-charging.png b/devices/hololens/images/hololens-charging.png deleted file mode 100644 index a5dd4d7dcd..0000000000 Binary files a/devices/hololens/images/hololens-charging.png and /dev/null differ diff --git a/devices/hololens/images/hololens-cleaning-visor.png b/devices/hololens/images/hololens-cleaning-visor.png deleted file mode 100644 index 68f990d43b..0000000000 Binary files a/devices/hololens/images/hololens-cleaning-visor.png and /dev/null differ diff --git a/devices/hololens/images/hololens-clicker-500px.jpg b/devices/hololens/images/hololens-clicker-500px.jpg deleted file mode 100644 index 4dd7d954f4..0000000000 Binary files a/devices/hololens/images/hololens-clicker-500px.jpg and /dev/null differ diff --git a/devices/hololens/images/hololens-darkmode-tiled-picture.jpg b/devices/hololens/images/hololens-darkmode-tiled-picture.jpg deleted file mode 100644 index bfa3ee78af..0000000000 Binary files a/devices/hololens/images/hololens-darkmode-tiled-picture.jpg and /dev/null differ diff --git a/devices/hololens/images/hololens-feedback-1.png b/devices/hololens/images/hololens-feedback-1.png deleted file mode 100644 index 6433befe3c..0000000000 Binary files a/devices/hololens/images/hololens-feedback-1.png and /dev/null differ diff --git a/devices/hololens/images/hololens-frame.png b/devices/hololens/images/hololens-frame.png deleted file mode 100644 index 5789f1b8c8..0000000000 Binary files a/devices/hololens/images/hololens-frame.png and /dev/null differ diff --git a/devices/hololens/images/hololens-gaze.png b/devices/hololens/images/hololens-gaze.png deleted file mode 100644 index d21ffef0b2..0000000000 Binary files a/devices/hololens/images/hololens-gaze.png and /dev/null differ diff --git a/devices/hololens/images/hololens-lights.png b/devices/hololens/images/hololens-lights.png deleted file mode 100644 index f3a19b84a3..0000000000 Binary files a/devices/hololens/images/hololens-lights.png and /dev/null differ diff --git a/devices/hololens/images/hololens-power.png b/devices/hololens/images/hololens-power.png deleted file mode 100644 index 80c3e7c215..0000000000 Binary files a/devices/hololens/images/hololens-power.png and /dev/null differ diff --git a/devices/hololens/images/hololens-start-feedback.png b/devices/hololens/images/hololens-start-feedback.png deleted file mode 100644 index 0b4639843d..0000000000 Binary files a/devices/hololens/images/hololens-start-feedback.png and /dev/null differ diff --git a/devices/hololens/images/hololens-updates-timeline.png b/devices/hololens/images/hololens-updates-timeline.png deleted file mode 100644 index 4b1e986948..0000000000 Binary files a/devices/hololens/images/hololens-updates-timeline.png and /dev/null differ diff --git a/devices/hololens/images/hololens-vector-white.png b/devices/hololens/images/hololens-vector-white.png deleted file mode 100644 index 583a307449..0000000000 Binary files a/devices/hololens/images/hololens-vector-white.png and /dev/null differ diff --git a/devices/hololens/images/hololens.png b/devices/hololens/images/hololens.png deleted file mode 100644 index ce54ae4281..0000000000 Binary files a/devices/hololens/images/hololens.png and /dev/null differ diff --git a/devices/hololens/images/hololens2-exploded-large.png b/devices/hololens/images/hololens2-exploded-large.png deleted file mode 100644 index fc639a0f62..0000000000 Binary files a/devices/hololens/images/hololens2-exploded-large.png and /dev/null differ diff --git a/devices/hololens/images/hololens2-exploded-medium.png b/devices/hololens/images/hololens2-exploded-medium.png deleted file mode 100644 index 3e1fbea7de..0000000000 Binary files a/devices/hololens/images/hololens2-exploded-medium.png and /dev/null differ diff --git a/devices/hololens/images/hololens2-feedbackhub-tile.png b/devices/hololens/images/hololens2-feedbackhub-tile.png deleted file mode 100644 index 692baddd55..0000000000 Binary files a/devices/hololens/images/hololens2-feedbackhub-tile.png and /dev/null differ diff --git a/devices/hololens/images/hololens2-fit.png b/devices/hololens/images/hololens2-fit.png deleted file mode 100644 index dacaf4cbd7..0000000000 Binary files a/devices/hololens/images/hololens2-fit.png and /dev/null differ diff --git a/devices/hololens/images/hololens2-headstrap.png b/devices/hololens/images/hololens2-headstrap.png deleted file mode 100644 index 805637214b..0000000000 Binary files a/devices/hololens/images/hololens2-headstrap.png and /dev/null differ diff --git a/devices/hololens/images/hololens2-lift-visor.png b/devices/hololens/images/hololens2-lift-visor.png deleted file mode 100644 index 4d83f2c730..0000000000 Binary files a/devices/hololens/images/hololens2-lift-visor.png and /dev/null differ diff --git a/devices/hololens/images/hololens2-remove-browpad.png b/devices/hololens/images/hololens2-remove-browpad.png deleted file mode 100644 index 619f14e4fd..0000000000 Binary files a/devices/hololens/images/hololens2-remove-browpad.png and /dev/null differ diff --git a/devices/hololens/images/hololens2-side-render-medium.png b/devices/hololens/images/hololens2-side-render-medium.png deleted file mode 100644 index d4650c05e2..0000000000 Binary files a/devices/hololens/images/hololens2-side-render-medium.png and /dev/null differ diff --git a/devices/hololens/images/hololens2-side-render-small.png b/devices/hololens/images/hololens2-side-render-small.png deleted file mode 100644 index a1a612e05a..0000000000 Binary files a/devices/hololens/images/hololens2-side-render-small.png and /dev/null differ diff --git a/devices/hololens/images/hololens2-side-render-xs.png b/devices/hololens/images/hololens2-side-render-xs.png deleted file mode 100644 index 08d5f966cd..0000000000 Binary files a/devices/hololens/images/hololens2-side-render-xs.png and /dev/null differ diff --git a/devices/hololens/images/hololens2-side-render.png b/devices/hololens/images/hololens2-side-render.png deleted file mode 100644 index 143fb8fc50..0000000000 Binary files a/devices/hololens/images/hololens2-side-render.png and /dev/null differ diff --git a/devices/hololens/images/icd-create-options-1703.PNG b/devices/hololens/images/icd-create-options-1703.PNG deleted file mode 100644 index 007e740683..0000000000 Binary files a/devices/hololens/images/icd-create-options-1703.PNG and /dev/null differ diff --git a/devices/hololens/images/icd-export-menu.png b/devices/hololens/images/icd-export-menu.png deleted file mode 100644 index 20bd5258eb..0000000000 Binary files a/devices/hololens/images/icd-export-menu.png and /dev/null differ diff --git a/devices/hololens/images/icd-install.PNG b/devices/hololens/images/icd-install.PNG deleted file mode 100644 index a0c80683ff..0000000000 Binary files a/devices/hololens/images/icd-install.PNG and /dev/null differ diff --git a/devices/hololens/images/icd-settings.png b/devices/hololens/images/icd-settings.png deleted file mode 100644 index 111b7f38c7..0000000000 Binary files a/devices/hololens/images/icd-settings.png and /dev/null differ diff --git a/devices/hololens/images/icd-simple-edit.png b/devices/hololens/images/icd-simple-edit.png deleted file mode 100644 index 421159ac17..0000000000 Binary files a/devices/hololens/images/icd-simple-edit.png and /dev/null differ diff --git a/devices/hololens/images/icd1.PNG b/devices/hololens/images/icd1.PNG deleted file mode 100644 index 25f905d4fe..0000000000 Binary files a/devices/hololens/images/icd1.PNG and /dev/null differ diff --git a/devices/hololens/images/intune1.PNG b/devices/hololens/images/intune1.PNG deleted file mode 100644 index c87c58d36a..0000000000 Binary files a/devices/hololens/images/intune1.PNG and /dev/null differ diff --git a/devices/hololens/images/intune2.PNG b/devices/hololens/images/intune2.PNG deleted file mode 100644 index 61ca386c3c..0000000000 Binary files a/devices/hololens/images/intune2.PNG and /dev/null differ diff --git a/devices/hololens/images/intune3.png b/devices/hololens/images/intune3.png deleted file mode 100644 index 39a812a1a7..0000000000 Binary files a/devices/hololens/images/intune3.png and /dev/null differ diff --git a/devices/hololens/images/ipd-finger-alignment-300px.jpg b/devices/hololens/images/ipd-finger-alignment-300px.jpg deleted file mode 100644 index 7a4c929867..0000000000 Binary files a/devices/hololens/images/ipd-finger-alignment-300px.jpg and /dev/null differ diff --git a/devices/hololens/images/keyboard.png b/devices/hololens/images/keyboard.png deleted file mode 100644 index 6962567b83..0000000000 Binary files a/devices/hololens/images/keyboard.png and /dev/null differ diff --git a/devices/hololens/images/kiosk.png b/devices/hololens/images/kiosk.png deleted file mode 100644 index 9cc771c779..0000000000 Binary files a/devices/hololens/images/kiosk.png and /dev/null differ diff --git a/devices/hololens/images/launchicon.png b/devices/hololens/images/launchicon.png deleted file mode 100644 index d469c68a2c..0000000000 Binary files a/devices/hololens/images/launchicon.png and /dev/null differ diff --git a/devices/hololens/images/mdm-enrollment-error.png b/devices/hololens/images/mdm-enrollment-error.png deleted file mode 100644 index 77b695d1cf..0000000000 Binary files a/devices/hololens/images/mdm-enrollment-error.png and /dev/null differ diff --git a/devices/hololens/images/minimenu.png b/devices/hololens/images/minimenu.png deleted file mode 100644 index 7aa0018011..0000000000 Binary files a/devices/hololens/images/minimenu.png and /dev/null differ diff --git a/devices/hololens/images/motherboard-400px.jpg b/devices/hololens/images/motherboard-400px.jpg deleted file mode 100644 index 5a2a085477..0000000000 Binary files a/devices/hololens/images/motherboard-400px.jpg and /dev/null differ diff --git a/devices/hololens/images/multiappassignedaccesssettings.png b/devices/hololens/images/multiappassignedaccesssettings.png deleted file mode 100644 index 86e2e0a451..0000000000 Binary files a/devices/hololens/images/multiappassignedaccesssettings.png and /dev/null differ diff --git a/devices/hololens/images/one.png b/devices/hololens/images/one.png deleted file mode 100644 index 7766e7d470..0000000000 Binary files a/devices/hololens/images/one.png and /dev/null differ diff --git a/devices/hololens/images/provision-hololens-devices.png b/devices/hololens/images/provision-hololens-devices.png deleted file mode 100644 index c5ece7102f..0000000000 Binary files a/devices/hololens/images/provision-hololens-devices.png and /dev/null differ diff --git a/devices/hololens/images/recover-clicker-1.png b/devices/hololens/images/recover-clicker-1.png deleted file mode 100644 index ad54e6ee09..0000000000 Binary files a/devices/hololens/images/recover-clicker-1.png and /dev/null differ diff --git a/devices/hololens/images/recover-clicker-2.png b/devices/hololens/images/recover-clicker-2.png deleted file mode 100644 index d7a9d6fd0d..0000000000 Binary files a/devices/hololens/images/recover-clicker-2.png and /dev/null differ diff --git a/devices/hololens/images/searchfeedback-500px.jpg b/devices/hololens/images/searchfeedback-500px.jpg deleted file mode 100644 index 952e29a6ec..0000000000 Binary files a/devices/hololens/images/searchfeedback-500px.jpg and /dev/null differ diff --git a/devices/hololens/images/see-through-400px.jpg b/devices/hololens/images/see-through-400px.jpg deleted file mode 100644 index d9fba1c9e0..0000000000 Binary files a/devices/hololens/images/see-through-400px.jpg and /dev/null differ diff --git a/devices/hololens/images/sensor-bar-400px.jpg b/devices/hololens/images/sensor-bar-400px.jpg deleted file mode 100644 index bf0b8f7f21..0000000000 Binary files a/devices/hololens/images/sensor-bar-400px.jpg and /dev/null differ diff --git a/devices/hololens/images/set-up-device-details.PNG b/devices/hololens/images/set-up-device-details.PNG deleted file mode 100644 index 7325e06e86..0000000000 Binary files a/devices/hololens/images/set-up-device-details.PNG and /dev/null differ diff --git a/devices/hololens/images/set-up-device.PNG b/devices/hololens/images/set-up-device.PNG deleted file mode 100644 index 577117a26a..0000000000 Binary files a/devices/hololens/images/set-up-device.PNG and /dev/null differ diff --git a/devices/hololens/images/set-up-network-details-desktop.PNG b/devices/hololens/images/set-up-network-details-desktop.PNG deleted file mode 100644 index 83911ccbd0..0000000000 Binary files a/devices/hololens/images/set-up-network-details-desktop.PNG and /dev/null differ diff --git a/devices/hololens/images/set-up-network.PNG b/devices/hololens/images/set-up-network.PNG deleted file mode 100644 index 19fd3ff7bb..0000000000 Binary files a/devices/hololens/images/set-up-network.PNG and /dev/null differ diff --git a/devices/hololens/images/seven.png b/devices/hololens/images/seven.png deleted file mode 100644 index 285a92df0b..0000000000 Binary files a/devices/hololens/images/seven.png and /dev/null differ diff --git a/devices/hololens/images/six.png b/devices/hololens/images/six.png deleted file mode 100644 index e8906332ec..0000000000 Binary files a/devices/hololens/images/six.png and /dev/null differ diff --git a/devices/hololens/images/startmenu.jpg b/devices/hololens/images/startmenu.jpg deleted file mode 100644 index b685db51ee..0000000000 Binary files a/devices/hololens/images/startmenu.jpg and /dev/null differ diff --git a/devices/hololens/images/three.png b/devices/hololens/images/three.png deleted file mode 100644 index 887fa270d7..0000000000 Binary files a/devices/hololens/images/three.png and /dev/null differ diff --git a/devices/hololens/images/two.png b/devices/hololens/images/two.png deleted file mode 100644 index b8c2d52eaf..0000000000 Binary files a/devices/hololens/images/two.png and /dev/null differ diff --git a/devices/hololens/images/upvotefeedback-500px.jpg b/devices/hololens/images/upvotefeedback-500px.jpg deleted file mode 100644 index f1eda89efa..0000000000 Binary files a/devices/hololens/images/upvotefeedback-500px.jpg and /dev/null differ diff --git a/devices/hololens/images/use-hololens-clicker-1.png b/devices/hololens/images/use-hololens-clicker-1.png deleted file mode 100644 index ad54e6ee09..0000000000 Binary files a/devices/hololens/images/use-hololens-clicker-1.png and /dev/null differ diff --git a/devices/hololens/images/use-hololens-clicker-2.png b/devices/hololens/images/use-hololens-clicker-2.png deleted file mode 100644 index d7a9d6fd0d..0000000000 Binary files a/devices/hololens/images/use-hololens-clicker-2.png and /dev/null differ diff --git a/devices/hololens/images/uwp-dependencies.PNG b/devices/hololens/images/uwp-dependencies.PNG deleted file mode 100644 index 4e2563169f..0000000000 Binary files a/devices/hololens/images/uwp-dependencies.PNG and /dev/null differ diff --git a/devices/hololens/images/uwp-license.PNG b/devices/hololens/images/uwp-license.PNG deleted file mode 100644 index ccb5cf7cf4..0000000000 Binary files a/devices/hololens/images/uwp-license.PNG and /dev/null differ diff --git a/devices/hololens/images/vs2015-remotedeployment.jpg b/devices/hololens/images/vs2015-remotedeployment.jpg deleted file mode 100644 index a7d6b43dc3..0000000000 Binary files a/devices/hololens/images/vs2015-remotedeployment.jpg and /dev/null differ diff --git a/devices/hololens/images/wifi-hololens-600px.jpg b/devices/hololens/images/wifi-hololens-600px.jpg deleted file mode 100644 index eb6930a29f..0000000000 Binary files a/devices/hololens/images/wifi-hololens-600px.jpg and /dev/null differ diff --git a/devices/hololens/images/wifi-hololens-hwdetails.jpg b/devices/hololens/images/wifi-hololens-hwdetails.jpg deleted file mode 100644 index e4b45047cf..0000000000 Binary files a/devices/hololens/images/wifi-hololens-hwdetails.jpg and /dev/null differ diff --git a/devices/hololens/images/windows-device-portal-home-page.png b/devices/hololens/images/windows-device-portal-home-page.png deleted file mode 100644 index 55e4b0eaad..0000000000 Binary files a/devices/hololens/images/windows-device-portal-home-page.png and /dev/null differ diff --git a/devices/hololens/images/wizard-steps.png b/devices/hololens/images/wizard-steps.png deleted file mode 100644 index d97bae9a05..0000000000 Binary files a/devices/hololens/images/wizard-steps.png and /dev/null differ diff --git a/devices/hololens/images/wsfb-private.png b/devices/hololens/images/wsfb-private.png deleted file mode 100644 index 35ce83829b..0000000000 Binary files a/devices/hololens/images/wsfb-private.png and /dev/null differ diff --git a/devices/hololens/index.md b/devices/hololens/index.md deleted file mode 100644 index 91a487f9a0..0000000000 --- a/devices/hololens/index.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Microsoft HoloLens -description: Landing page for Microsoft HoloLens. -ms.prod: hololens -ms.sitesec: library -ms.assetid: 0947f5b3-8f0f-42f0-aa27-6d2cad51d040 -author: scooley -ms.author: scooley -ms.topic: article -ms.localizationpriority: medium -ms.date: 10/14/2019 -audience: ITPro -ms.custom: -- CI 111456 -- CSSTroubleshooting -appliesto: -- HoloLens (1st gen) -- HoloLens 2 - ---- - -# Microsoft HoloLens - - - - - -
-

Microsoft HoloLens is the first fully self-contained holographic computer running Windows 10.

- -

Now, with the introduction of HoloLens 2, every device provides commercial ready management enhanced by the reliability, security, and scalability of cloud and AI services from Microsoft.

- -

To learn more about HoloLens 2 for developers, check out the mixed reality developer documentation.

- -

To buy HoloLens, check out HoloLens pricing and sales on microsoft.com/HoloLens.

-		HoloLens 2 side view
- -## Guides in this section - -| Guide | Description | -| --- | --- | -| [Get started with HoloLens 2](hololens2-setup.md) | Set up HoloLens 2 for the first time. | -| [Get started with HoloLens (1st gen)](hololens1-setup.md) | Set up HoloLens (1st gen) for the first time. | -| [Get started with HoloLens in a commercial or classroom environment](hololens-requirements.md) | Plan for a multi-device HoloLens deployment and create a strategy for ongoing device management.
This section is tailored to IT professionals managing devices with existing device management infrastructure. | - -## Quick reference by topic - -| Topic | Description | -| --- | --- | -| [What's new in HoloLens](hololens-whats-new.md) | Discover new features in the latest updates via HoloLens release notes. | -| [Install and manage applications on HoloLens](hololens-install-apps.md) | Install and manage important applications on HoloLens at scale. | -| [HoloLens update management](hololens-updates.md) | Use mobile device management (MDM) policies to configure settings for updates. | -| [HoloLens user management](hololens-multiple-users.md) | Multiple users can share a HoloLens device by using their Azure Active Directory accounts. | -| [HoloLens application access management](hololens-kiosk.md) | Manage application access for different user groups. | -| [Recover and troubleshoot HoloLens issues](https://support.microsoft.com/products/hololens) | Learn how to gather logs from HoloLens, recover a misbehaving device, or reset HoloLens when necessary. | -| [Contact Support](https://support.microsoft.com/supportforbusiness/productselection?sapid=e9391227-fa6d-927b-0fff-f96288631b8f) | Create a new support request for the business support team. | -| [More support options](https://support.microsoft.com/products/hololens) | Connect with Microsoft support resources for HoloLens in the enterprise. | - -## Related resources - -* [Documentation for Holographic app development](https://developer.microsoft.com/windows/mixed-reality/development) -* [HoloLens release notes](https://docs.microsoft.com/hololens/hololens-release-notes) diff --git a/devices/surface-hub/General-Data-Privacy-Regulation-and-Surface-Hub.md b/devices/surface-hub/General-Data-Privacy-Regulation-and-Surface-Hub.md deleted file mode 100644 index e499178078..0000000000 --- a/devices/surface-hub/General-Data-Privacy-Regulation-and-Surface-Hub.md +++ /dev/null @@ -1,25 +0,0 @@ ---- -title: General Data Privacy Regulation and Surface Hub -description: Informs users who are subject to EU data protection laws of their options regarding how to delete or restrict diagnostic data produced by Surface Hub. -ms.assetid: 087713CF-631D-477B-9CC6-EFF939DE0186 -keywords: GDPR -ms.prod: surface-hub -ms.sitesec: library -author: Teresa-MOTIV -ms.author: v-tea -ms.topic: article -ms.localizationpriority: medium ---- - -# General Data Privacy Regulation and Surface Hub - -In May 2018, a European privacy law, the General Data Protection Regulation (GDPR), took effect. The GDPR imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents. - -Surface Hub customers concerned about privacy under the new GDPR regulations can manage their device privacy with the following options that are provided by Microsoft: - -* **Option 1:** Surface Hub devices in regions enforcing GDPR regulations will install KB4284830 when publicly available to automatically reduce diagnostic data emission to basic. Customers opting to provide a higher level of diagnostic data can use the Surface Hub Settings application or Mobile Device Management to override the default basic setting. - -* **Option 2:** Surface Hub customers who want to remove any existing diagnostic data can download the **Surface Hub Delete Diagnostic Data** application from the Microsoft Store. This app will allow customers to request deletion of associated diagnostic data directly from their Surface Hub device. - -Microsoft has extensive expertise in protecting data, championing privacy, and complying with complex regulations, and currently complies with both EU-U.S. Privacy Shield and EU Model Clauses. We believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights. We want to help you focus on your core business while efficiently preparing for the GDPR. - diff --git a/devices/surface-hub/TOC.md b/devices/surface-hub/TOC.md deleted file mode 100644 index 867063cc0c..0000000000 --- a/devices/surface-hub/TOC.md +++ /dev/null @@ -1,133 +0,0 @@ -# [Microsoft Surface Hub](index.yml) - -# Surface Hub 2S - -## Overview -### [What's new in Surface Hub 2S for IT admins](surface-hub-2s-whats-new.md) -### [Surface Hub 2S tech specs](surface-hub-2s-techspecs.md) -### [Operating system essentials (Surface Hub)](differences-between-surface-hub-and-windows-10-enterprise.md) -### [Adjust Surface Hub 2S brightness, volume, and input](surface-hub-2s-onscreen-display.md) -### [Use Microsoft Whiteboard on a Surface Hub](https://support.office.com/article/use-microsoft-whiteboard-on-a-surface-hub-5c594985-129d-43f9-ace5-7dee96f7621d) - -## Plan -### [Surface Hub 2S Site Readiness Guide](surface-hub-2s-site-readiness-guide.md) -#### [Site planning for Surface Hub 2S](surface-hub-2s-site-planning.md) -#### [Surface Hub 2S quick start](surface-hub-2s-quick-start.md) -#### [Install and mount Surface Hub 2S](surface-hub-2s-install-mount.md) -#### [Customize wall mount of Surface Hub 2S](surface-hub-2s-custom-install.md) -#### [Setup worksheet](setup-worksheet-surface-hub.md) -#### [Surface Hub 2S ports and keypad overview](surface-hub-2s-port-keypad-overview.md) -#### [Connect devices to Surface Hub 2S](surface-hub-2s-connect.md) -### [Prepare your environment for Microsoft Surface Hub 2S](surface-hub-2s-prepare-environment.md) -### [Configure Easy Authentication for Surface Hub 2S](surface-hub-2s-phone-authenticate.md) - -## Deploy -### [Surface Hub 2S adoption and training](surface-hub-2s-adoption-kit.md) -### [Surface Hub 2S adoption videos](surface-hub-2s-adoption-videos.md) - -### [First time setup for Surface Hub 2S](surface-hub-2s-setup.md) -### [Connect devices to Surface Hub 2S](surface-hub-2s-connect.md) -### [Surface Hub 2S deployment checklist](surface-hub-2s-deploy-checklist.md) -### [Create Surface Hub 2S device account](surface-hub-2s-account.md) -### [Create provisioning packages for Surface Hub 2S](surface-hub-2s-deploy.md) -### [Deploy apps to Surface Hub 2S using Intune](surface-hub-2s-deploy-apps-intune.md) -### [Create Surface Hub 2S on-premises accounts with PowerShell](surface-hub-2s-onprem-powershell.md) -### [Surface Hub Teams app](hub-teams-app.md) - -## Manage -### [Manage Surface Hub 2S with Microsoft Intune](surface-hub-2s-manage-intune.md) -### [Local management for Surface Hub 2S settings](local-management-surface-hub-settings.md) -### [Manage device account password rotation](surface-hub-2s-manage-passwords.md) -### [Manage Windows updates](manage-windows-updates-for-surface-hub.md) -### [Miracast on existing wireless network or LAN](miracast-over-infrastructure.md) -### [Save your BitLocker key](save-bitlocker-key-surface-hub.md) -### [Microsoft Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) -### [Applying ActiveSync policies to device accounts](apply-activesync-policies-for-surface-hub-device-accounts.md) -### [Update pen firmware on Surface Hub 2S](surface-hub-2s-pen-firmware.md) - -## Secure -### [Surface Hub security overview](surface-hub-security.md) -### [Secure and manage Surface Hub 2S with SEMM and UEFI](surface-hub-2s-secure-with-uefi-semm.md) -### [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md) - -## Troubleshoot -### [Recover and reset Surface Hub 2S](surface-hub-2s-recover-reset.md) -### [Troubleshoot Miracast on Surface Hub](miracast-troubleshooting.md) -### [How to pack and ship your Surface Hub 2S for service](surface-hub-2s-pack-components.md) -### [Change history](surface-hub-2s-change-history.md) - -# Surface Hub -## Overview -### [What's new in Windows 10, version 1703 for Surface Hub?](surfacehub-whats-new-1703.md) -### [Operating system essentials (Surface Hub)](differences-between-surface-hub-and-windows-10-enterprise.md) -### [Technical information for 55" Microsoft Surface Hub](surface-hub-technical-55.md) -### [Technical information for 84" Microsoft Surface Hub](surface-hub-technical-84.md) -### [Use Microsoft Whiteboard on a Surface Hub](https://support.office.com/article/use-microsoft-whiteboard-on-a-surface-hub-5c594985-129d-43f9-ace5-7dee96f7621d) - -## Plan -### [Prepare your environment for Microsoft Surface Hub](prepare-your-environment-for-surface-hub.md) -### [Surface Hub Site Readiness Guide](surface-hub-site-readiness-guide.md) -### [Physically install Microsoft Surface Hub](physically-install-your-surface-hub-device.md) - -## Deploy -### [Create and test a device account](create-and-test-a-device-account-surface-hub.md) -#### [Online deployment](online-deployment-surface-hub-device-accounts.md) -#### [On-premises deployment (single forest)](on-premises-deployment-surface-hub-device-accounts.md) -#### [On-premises deployment (multiple forests)](on-premises-deployment-surface-hub-multi-forest.md) -#### [Hybrid deployment](hybrid-deployment-surface-hub-device-accounts.md) -#### [Online or hybrid deployment using Skype Hybrid Voice environment](skype-hybrid-voice.md) -#### [Create a device account using UI](create-a-device-account-using-office-365.md) -#### [Microsoft Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) -#### [Applying ActiveSync policies to device accounts](apply-activesync-policies-for-surface-hub-device-accounts.md) -#### [Password management](password-management-for-surface-hub-device-accounts.md) -#### [Create provisioning packages](provisioning-packages-for-surface-hub.md) -#### [Admin group management](admin-group-management-for-surface-hub.md) -### [Set up Microsoft Surface Hub](set-up-your-surface-hub.md) -#### [Setup worksheet](setup-worksheet-surface-hub.md) -#### [First-run program](first-run-program-surface-hub.md) - -## Manage -### [Manage Microsoft Surface Hub](manage-surface-hub.md) -### [PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) -### [Remote Surface Hub management](remote-surface-hub-management.md) -#### [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md) -#### [Monitor your Surface Hub](monitor-surface-hub.md) -#### [Windows updates](manage-windows-updates-for-surface-hub.md) -### [Manage Surface Hub settings](manage-surface-hub-settings.md) -#### [Local management for Surface Hub settings](local-management-surface-hub-settings.md) -#### [Accessibility](accessibility-surface-hub.md) -#### [Change the Surface Hub device account](change-surface-hub-device-account.md) -#### [Device reset](device-reset-surface-hub.md) -#### [Use fully qualified domain name with Surface Hub](use-fully-qualified-domain-name-surface-hub.md) -#### [Wireless network management](wireless-network-management-for-surface-hub.md) -### [Implement Quality of Service on Surface Hub](surface-hub-qos.md) -### [Install apps on your Surface Hub](install-apps-on-surface-hub.md) -### [Configure Surface Hub Start menu](surface-hub-start-menu.md) -### [Set up and use Microsoft Whiteboard](whiteboard-collaboration.md) -### [End a Surface Hub meeting with End session](i-am-done-finishing-your-surface-hub-meeting.md) -### [Connect other devices and display with Surface Hub](connect-and-display-with-surface-hub.md) -### [Miracast on existing wireless network or LAN](miracast-over-infrastructure.md) -### [Enable 802.1x wired authentication](enable-8021x-wired-authentication.md) -### [Using a room control system](use-room-control-system-with-surface-hub.md) - -## Secure -### [Sign in to Surface Hub with Microsoft Authenticator](surface-hub-authenticator-app.md) -### [Save your BitLocker key](save-bitlocker-key-surface-hub.md) -### [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md) - -## Troubleshoot -### [Using the Surface Hub Recovery Tool](surface-hub-recovery-tool.md) -### [Surface Hub SSD replacement](surface-hub-ssd-replacement.md) -### [Top support solutions for Surface Hub](support-solutions-surface-hub.md) -### [Troubleshoot Microsoft Surface Hub](troubleshoot-surface-hub.md) -### [Surface Hub Update History](surface-hub-update-history.md) -### [Known issues and additional information about Microsoft Surface Hub](known-issues-and-additional-info-about-surface-hub.md) -### [How to use cloud recovery for BitLocker on a Surface Hub](use-cloud-recovery-for-bitlocker-on-surfacehub.md) -### [Using the Surface Hub Hardware Diagnostic Tool to test a device account](use-surface-hub-diagnostic-test-device-account.md) -### [Troubleshoot Miracast on Surface Hub](miracast-troubleshooting.md) -### [Surface Hub Miracast channels 149-165 not supported in Europe, Japan, Israel](surfacehub-miracast-not-supported-europe-japan-israel.md) -### [What to do if the Connect app in Surface Hub exits unexpectedly](connect-app-in-surface-hub-unexpectedly-exits.md) -### [Surface Hub may install updates and restart outside maintenance hours](surface-hub-installs-updates-and-restarts-outside-maintenance-hours.md) -### [General Data Privacy Regulation and Surface Hub](general-data-privacy-regulation-and-surface-hub.md) -### [Useful downloads for Surface Hub administrators](surface-hub-downloads.md) -### [Change history for Surface Hub](change-history-surface-hub.md) diff --git a/devices/surface-hub/accessibility-surface-hub.md b/devices/surface-hub/accessibility-surface-hub.md deleted file mode 100644 index 8237e61a08..0000000000 --- a/devices/surface-hub/accessibility-surface-hub.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: Accessibility (Surface Hub) -description: Accessibility settings for the Microsoft Surface Hub can be changed by using the Settings app. You'll find them under Ease of Access. Your Surface Hub has the same accessibility options as Windows 10. -ms.assetid: 1D44723B-1162-4DF6-99A2-8A3F24443442 -ms.reviewer: -manager: laurawi -keywords: Accessibility settings, Settings app, Ease of Access -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.localizationpriority: medium ---- - -# Accessibility (Surface Hub) - -Microsoft Surface Hub has the same accessibility options as Windows 10. - - -## Default accessibility settings - -The full list of accessibility settings are available to IT admins in the **Settings** app. The default accessibility settings for Surface Hub include: - -| Accessibility feature | Default settings | -| --------------------- | ----------------- | -| Magnifier | Off | -| High contrast | No theme selected | -| Closed captions | Defaults selected for Font and Background and window | -| Keyboard | **On-screen Keyboard**, **Sticky Keys**, **Toggle Keys**, and **Filter Keys** are all off. | -| Mouse | Defaults selected for **Pointer size**, **Pointer color** and **Mouse keys**. | -| Other options | Defaults selected for **Visual options** and **Touch feedback**. | - -The accessibility feature Narrator is not available in the **Settings** app. By default, Narrator is turned off. To change the default settings for Narrator, perform the following steps using a keyboard and mouse. - -1. Dismiss the Welcome screen. -2. Open **Quick Actions** > **Ease of Access** from the status bar. - - ![Screenshot of Ease of Access tile](images/ease-of-access.png) - -3. Turn Narrator on. -4. Click **Task Switcher**. -5. Select **Narrator Settings** from Task Switcher. You can now edit the default Narrator settings. - -Additionally, these accessibility features and apps are returned to default settings when users press [End session](finishing-your-surface-hub-meeting.md): -- Narrator -- Magnifier -- High contrast -- Filter keys -- Sticky keys -- Toggle keys -- Mouse keys - - -## Change accessibility settings during a meeting - -During a meeting, users can toggle accessibility features and apps in a couple ways: -- [Keyboard shortcuts](https://support.microsoft.com/help/13813/windows-10-microsoft-surface-hub-keyboard-shortcuts) -- **Quick Actions** > **Ease of Access** from the status bar - -> ![Image showing Quick Action center on Surface Hub](images/sh-quick-action.png) - - -## Related topics - -[Manage Microsoft Surface Hub](manage-surface-hub.md) - -[Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md) diff --git a/devices/surface-hub/admin-group-management-for-surface-hub.md b/devices/surface-hub/admin-group-management-for-surface-hub.md deleted file mode 100644 index 81c03b484c..0000000000 --- a/devices/surface-hub/admin-group-management-for-surface-hub.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: Admin group management (Surface Hub) -description: Every Microsoft Surface Hub can be configured individually by opening the Settings app on the device. -ms.assetid: FA67209E-B355-4333-B903-482C4A3BDCCE -ms.reviewer: -manager: laurawi -keywords: admin group management, Settings app, configure Surface Hub -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 07/27/2017 -ms.localizationpriority: medium ---- - -# Admin group management (Surface Hub) - - -Every Surface Hub can be configured locally using the Settings app on the device. To prevent unauthorized users from changing settings, the Settings app requires admin credentials to open the app. - - -## Admin Group Management - -You can set up administrator accounts for the device in one of three ways: - -- Create a local admin account -- Domain join the device to Active Directory (AD) -- Azure Active Directory (Azure AD) join the device - - -### Create a local admin account - -To create a local admin, [choose to use a local admin during first run](first-run-program-surface-hub.md#use-a-local-admin). This will create a single local admin account on the Surface Hub with the username and password of your choice. Use these credentials to open the Settings app. - -Note that the local admin account information is not backed by any directory service. We recommend you only choose a local admin if the device does not have access to Active Directory (AD) or Azure Active Directory (Azure AD). If you decide to change the local admin’s password, you can do so in Settings. However, if you want to change from using the local admin account to using a group from your domain or Azure AD tenant, then you’ll need to [reset the device](device-reset-surface-hub.md) and go through the first-time program again. - -### Domain join the device to Active Directory (AD) - -You can domain join the Surface Hub to your AD domain to allow users from a specified security group to configure settings. During first run, choose to use [Active Directory Domain Services](first-run-program-surface-hub.md#use-active-directory-domain-services). You'll need to provide credentials that are capable of joining the domain of your choice, and the name of an existing security group. Anyone who is a member of that security group can enter their credentials and unlock Settings. - -#### What happens when you domain join your Surface Hub? -Surface Hubs use domain join to: -- Grant admin rights to members of a specified security group in AD. -- Backup the device's BitLocker recovery key by storing it under the computer object in AD. See [Save your BitLocker key](save-bitlocker-key-surface-hub.md) for details. -- Synchronize the system clock with the domain controller for encrypted communication - -Surface Hub does not support applying group policies or certificates from the domain controller. - -> [!NOTE] -> If your Surface Hub loses trust with the domain (for example, if you remove the Surface Hub from the domain after it is domain joined), you won't be able to authenticate into the device and open up Settings. If you decide to remove the trust relationship of the Surface Hub with your domain, [reset the device](device-reset-surface-hub.md) first. - - -### Azure Active Directory (Azure AD) join the device - -You can Azure AD join the Surface Hub to allow IT pros from your Azure AD tenant to configure settings. During first run, choose to use [Microsoft Azure Active Directory](first-run-program-surface-hub.md#use-microsoft-azure-active-directory). You will need to provide credentials that are capable of joining the Azure AD tenant of your choice. After you successfully Azure AD join, the appropriate people will be granted admin rights on the device. - -By default, all **global administrators** will be given admin rights on an Azure AD joined Surface Hub. With **Azure AD Premium** or **Enterprise Mobility Suite (EMS)**, you can add additional administrators: -1. In the [Azure classic portal](https://manage.windowsazure.com/), click **Active Directory**, and then click the name of your organization's directory. -2. On the **Configure** page, under **Devices** > **Additional administrators on Azure AD joined devices**, click **Selected**. -3. Click **Add**, and select the users you want to add as administrators on your Surface Hub and other Azure AD joined devices. -4. When you have finished, click the checkmark button to save your change. - -#### What happens when you Azure AD join your Surface Hub? -Surface Hubs use Azure AD join to: -- Grant admin rights to the appropriate users in your Azure AD tenant. -- Backup the device's BitLocker recovery key by storing it under the account that was used to Azure AD join the device. See [Save your BitLocker key](save-bitlocker-key-surface-hub.md) for details. - -### Automatic enrollment via Azure Active Directory join - -Surface Hub now supports the ability to automatically enroll in Intune by joining the device to Azure Active Directory. - -For more information, see [Enable Windows 10 automatic enrollment](https://docs.microsoft.com/intune/windows-enroll#enable-windows-10-automatic-enrollment). - -### Which should I choose? - -If your organization is using AD or Azure AD, we recommend you either domain join or Azure AD join, primarily for security reasons. People will be able to authenticate and unlock Settings with their own credentials, and can be moved in or out of the security groups associated with your domain. - -| Option | Requirements | Which credentials can be used to access the Settings app? | -|---------------------------------------------------|-----------------------------------------|-------| -| Create a local admin account | None | The user name and password specified during first run | -| Domain join to Active Directory (AD) | Your organization uses AD | Any AD user from a specific security group in your domain | -| Azure Active Directory (Azure AD) join the device | Your organization uses Azure AD Basic | Global administrators only | -|   | Your organization uses Azure AD Premium or Enterprise Mobility Suite (EMS) | Global administrators and additional administrators | - - diff --git a/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md b/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md deleted file mode 100644 index d4aee59674..0000000000 --- a/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md +++ /dev/null @@ -1,1670 +0,0 @@ ---- -title: PowerShell for Surface Hub (Surface Hub) -description: PowerShell scripts to help set up and manage your Microsoft Surface Hub. -ms.assetid: 3EF48F63-8E4C-4D74-ACD5-461F1C653784 -ms.reviewer: -manager: laurawi -keywords: PowerShell, set up Surface Hub, manage Surface Hub -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 01/10/2018 -ms.localizationpriority: medium ---- - -# PowerShell for Surface Hub - -PowerShell scripts to help set up and manage your Microsoft Surface Hub. - -- [PowerShell scripts for Surface Hub admins](#scripts-for-admins) - - [Create an on-premises account](#create-on-premises-ps-scripts) - - [Create a device account using Office 365](#create-os356-ps-scripts) - - [Account verification script](#acct-verification-ps-scripts) - - [Enable Skype for Business (EnableSfb.ps1)](#enable-sfb-ps-scripts) -- [Useful cmdlets](#useful-cmdlets) - - [Creating a Surface Hub-compatible Exchange ActiveSync policy](#create-compatible-as-policy) - - [Allowing device IDs for ActiveSync](#whitelisting-device-ids-cmdlet) - - [Auto-accepting and declining meeting requests](#auto-accept-meetings-cmdlet) - - [Accepting external meeting requests](#accept-ext-meetings-cmdlet) - -## Prerequisites - -To successfully execute these PowerShell scripts, you will need to install the following prerequisites: - -- [Microsoft Online Services Sign-in Assistant for IT Professionals RTW](https://www.microsoft.com/download/details.aspx?id=41950) -- [Microsoft Azure Active Directory Module for Windows PowerShell (64-bit version)](https://www.powershellgallery.com/packages/MSOnline/1.1.183.17) -- [Windows PowerShell Module for Skype for Business Online](https://www.microsoft.com/download/details.aspx?id=39366) - -## PowerShell scripts for Surface Hub administrators - -What do the scripts do? - -- Create device accounts for setups using pure single-forest on-premises (Microsoft Exchange and Skype 2013 and later only) or online (Microsoft Office 365), that are configured correctly for your Surface Hub. -- Validate existing device accounts for any setup (on-premises or online) to make sure they're compatible with Surface Hub. -- Provide a base template for anyone wanting to create their own device account creation or validation scripts. - -What do you need in order to run the scripts? - -- Remote PowerShell access to your organization's domain or tenant, Exchange servers, and Skype for Business servers. -- Admin credentials for your organization's domain or tenant, Exchange servers, and Skype for Business servers. - -> [!NOTE] -> Whether you’re creating a new account or modifying an already-existing account, the validation script will verify that your device account is configured correctly. You should always run the validation script before adding a device account to Surface Hub. - -## Running the scripts - -The account creation scripts will: - -- Ask for administrator credentials -- Create device accounts in your domain/tenant -- Create or assign a Surface Hub-compatible ActiveSync policy to the device account(s) -- Set various attributes for the created account(s) in Exchange and Skype for Business. -- Assign licenses and permissions to the created account(s) - -These are the attributes that are set by the scripts: - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
CmdletAttributeValue

Set-Mailbox

RoomMailboxPassword

User-provided

EnableRoomMailboxAccount

True

Type

Room

Set-CalendarProcessing

AutomateProcessing

AutoAccept

RemovePrivateProperty

False

DeleteSubject

False

DeleteComments

False

AddOrganizerToSubject

False

AddAdditionalResponse

True

AdditionalResponse

"This is a Surface Hub room!"

New-MobileDeviceMailboxPolicy

PasswordEnabled

False

AllowNonProvisionableDevices

True

Enable-CSMeetingRoom

RegistrarPool

User-provided

SipAddress

Set to the User Principal Name (UPN) of the device account

Set-MsolUserLicense (O365 only)

AddLicenses

User-provided

Set-MsolUser (O365 only)

PasswordNeverExpires

True

Set-AdUser (On-prem only)

Enabled

True

Set-AdUser (On-prem only)

PasswordNeverExpires

True

- -## Account creation scripts - -These scripts will create a device account for you. You can use the [Account verification script](#acct-verification-ps-scripts) to make sure they ran correctly. - -The account creation scripts cannot modify an already existing account, but can be used to help you understand which cmdlets need to be run to configure the existing account correctly. - -### Create an on-premises account - -Creates an account as described in [On-premises deployment](on-premises-deployment-surface-hub-device-accounts.md). - -```PowerShell -# SHAccountCreateOnPrem.ps1 - -$Error.Clear() -$ErrorActionPreference = "Stop" -$status = @{} - -# Cleans up set state such as remote powershell sessions -function Cleanup() -{ - if ($sessExchange) - { - Remove-PSSession $sessExchange - } - if ($sessCS) - { - Remove-PSSession $sessCS - } -} - -function PrintError($strMsg) -{ - Write-Host $strMsg -foregroundcolor Red -} - -function PrintSuccess($strMsg) -{ - Write-Host $strMsg -foregroundcolor Green -} - -function PrintAction($strMsg) -{ - Write-Host $strMsg -ForegroundColor Cyan -} - - -# Cleans up and prints an error message -function CleanupAndFail($strMsg) -{ - if ($strMsg) - { - PrintError($strMsg); - } - Cleanup - exit 1 -} - -# Exits if there is an error set and prints the given message -function ExitIfError($strMsg) -{ - if ($Error) - { - CleanupAndFail($strMsg); - } -} - -## Collect account data ## -$credNewAccount = (Get-Credential -Message "Enter the desired UPN and password for this new account") -$strUpn = $credNewAccount.UserName -$strDisplayName = Read-Host "Please enter the display name you would like to use for $strUpn" -if (!$credNewAccount -Or [System.String]::IsNullOrEmpty($strDisplayName) -Or [System.String]::IsNullOrEmpty($credNewAccount.UserName) -Or $credNewAccount.Password.Length -le 0) -{ - CleanupAndFail "Please enter all of the requested data to continue." - exit 1 -} - -## Sign in to remote powershell for exchange and lync online ## - -$credExchange = $null -$credExchange=Get-Credential -Message "Enter credentials of an Exchange user with mailbox creation rights" -if (!$credExchange) -{ - CleanupAndFail("Valid credentials are required to create and prepare the account."); -} -$strExchangeServer = Read-Host "Please enter the FQDN of your exchange server (e.g. exch.contoso.com)" - -# Lync info -$credLync = Get-Credential -Message "Enter credentials of a Skype for Business admin (or cancel if they are the same as Exchange)" -if (!$credLync) -{ - $credLync = $credExchange -} -$strLyncFQDN = Read-Host "Please enter the FQDN of your Lync server (e.g. lync.contoso.com) or enter to use [$strExchangeServer]" -if ([System.String]::IsNullOrEmpty($strLyncFQDN)) -{ - $strLyncFQDN = $strExchangeServer -} - - -PrintAction "Connecting to remote sessions. This can occasionally take a while - please do not enter input..." -try -{ - $sessExchange = New-PSSession -ConfigurationName microsoft.exchange -Credential $credExchange -AllowRedirection -Authentication Kerberos -ConnectionUri "http://$strExchangeServer/powershell" -WarningAction SilentlyContinue -} -catch -{ - CleanupAndFail("Failed to connect to exchange. Please check your credentials and try again. If this continues to fail, you may not have permission for remote powershell - if not, please perform the setup manually. Error message: $_") -} -PrintSuccess "Connected to Remote Exchange Shell" - -try -{ - $sessLync = New-PSSession -Credential $credLync -ConnectionURI "https://$strLyncFQDN/OcsPowershell" -AllowRedirection -WarningAction SilentlyContinue -} -catch -{ - CleanupAndFail("Failed to connect to Lync. Please check your credentials and try again. Error message: $_") -} -PrintSuccess "Connected to Lync Server Remote PowerShell" - - -Import-PSSession $sessExchange -AllowClobber -WarningAction SilentlyContinue -Import-PSSession $sessLync -AllowClobber -WarningAction SilentlyContinue - -## Create the Exchange mailbox ## -> [!Note] -> These exchange commandlets do not always throw their errors as exceptions - -# Because Get-Mailbox will throw an error if the mailbox is not found -$Error.Clear() -PrintAction "Creating a new account..." -try -{ - $mailbox = $null - $mailbox = (New-Mailbox -UserPrincipalName $credNewAccount.UserName -Alias $credNewAccount.UserName.substring(0,$credNewAccount.UserName.indexOf('@')) -room -Name $strDisplayName -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true) -} catch { } -ExitIfError "Failed to create a new mailbox on exchange."; -$status["Mailbox Setup"] = "Successfully created a mailbox for the new account" - - -$strEmail = $mailbox.WindowsEmailAddress -PrintSuccess "The following mailbox has been created for this room: $strEmail" - -## Create or retrieve a policy that will be applied to surface hub devices ## -# The policy disables requiring a device password so that the SurfaceHub does not need to be lockable to use Active Sync -$strPolicy = Read-Host 'Please enter the name for a new Surface Hub ActiveSync policy that will be created and applied to this account. -We will configure that policy to be compatible with Surface Hub devices. -If this script has been used before, please enter the name of the existing policy.' - -$easpolicy = $null -try { - $easpolicy = Get-MobileDeviceMailboxPolicy $strPolicy -} -catch {} - -if ($easpolicy) -{ - if (!$easpolicy.PasswordEnabled -and ($easpolicy.AllowNonProvisionableDevices -eq $null -or $easpolicy.AllowNonProvisionableDevices )) - { - PrintSuccess "An existing policy has been found and will be applied to this account." - } - else - { - PrintError "The policy you provided is incompatible with the surface hub." - $easpolicy = $null - $status["Device Password Policy"] = "Failed to apply the EAS policy to the account because the policy was invalid." - } -} -else -{ - $Error.Clear() - PrintAction "Creating policy..." - $easpolicy = New-MobileDeviceMailboxPolicy -Name $strPolicy -PasswordEnabled $false -AllowNonProvisionableDevices $true - if ($easpolicy) - { - PrintSuccess "A new device policy has been created; you can use this same policy for all future Surface Hub device accounts." - } - else - { - PrintError "Could not create $strPolicy" - } -} - -if ($easpolicy) -{ - # Convert mailbox to user type so we can apply the policy (necessary) - # Sometimes it takes a while for this change to take affect so we have some nasty retry loops - $Error.Clear(); - try - { - Set-Mailbox $credNewAccount.UserName -Type Regular - } catch {} - if ($Error) - { - $Error.Clear() - $status["Device Password Policy"] = "Failed to apply the EAS policy to the account." - } - else - { - # Loop until resource type goes away, up to 5 times - for ($i = 0; $i -lt 5 -And (Get-Mailbox $credNewAccount.UserName).ResourceType; $i++) - { - Start-Sleep -s 5 - } - # If the mailbox is still a Room we cannot apply the policy - if (!((Get-Mailbox $credNewAccount.UserName).ResourceType)) - { - $Error.Clear() - # Set policy for account - Set-CASMailbox $credNewAccount.UserName -ActiveSyncMailboxPolicy $strPolicy - if (!$Error) - { - $status["ActiveSync Policy"] = "Successfully applied $strPolicy to the account" - } - else - { - $status["ActiveSync Policy"] = "Failed to apply the EAS policy to the account." - } - $Error.Clear() - - # Convert back to room mailbox - Set-Mailbox $credNewAccount.UserName -Type Room - # Loop until resource type goes back to room - for ($i = 0; ($i -lt 5) -And ((Get-Mailbox $credNewAccount.UserName).ResourceType -ne "Room"); $i++) - { - Start-Sleep -s 5 - } - if ((Get-Mailbox $credNewAccount.UserName).ResourceType -ne "Room") - { - # A failure to convert the mailbox back to a room is unfortunate but means the mailbox is unusable. - $status["Mailbox Setup"] = "A mailbox was created but we could not set it to a room resource type." - } - else - { - try - { - Set-Mailbox $credNewAccount.UserName -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true - } catch { } - if ($Error) - { - $status["Mailbox Setup"] = "A room mailbox was created but we could not set its password." - } - $Error.Clear() - } - - } - } -} -PrintSuccess "Account creation completed." - -PrintAction "Setting calendar processing rules..." - -$Error.Clear(); -## Prepare the calendar for automatic meeting responses ## -try { - Set-CalendarProcessing -Identity $credNewAccount.UserName -AutomateProcessing AutoAccept -} catch { } -if ($Error) -{ - $status["Calendar Acceptance"] = "Failed to configure the account to automatically accept/decline meeting requests" -} -else -{ - $status["Calendar Acceptance"] = "Successfully configured the account to automatically accept/decline meeting requests" -} - - -$Error.Clear() -try { - Set-CalendarProcessing -Identity $credNewAccount.UserName -RemovePrivateProperty $false -AddOrganizerToSubject $false -AddAdditionalResponse $true -DeleteSubject $false -DeleteComments $false -AdditionalResponse "This is a Surface Hub room!" -} catch { } -if ($Error) -{ - $status["Calendar Response Configuration"] = "Failed to configure the account's response properties" -} -else -{ - $status["Calendar Response Configuration"] = "Successfully configured the account's response properties" -} - -$Error.Clear() -## Configure the Account to not expire ## -PrintAction "Configuring password not to expire..." -Start-Sleep -s 20 -try -{ - Set-AdUser $mailbox.UserPrincipalName -PasswordNeverExpires $true -Enabled $true -} -catch -{ - -} - -if ($Error) -{ - $status["Password Expiration Policy"] = "Failed to set the password to never expire" -} -else -{ - $status["Password Expiration Policy"] = "Successfully set the password to never expire" -} - -PrintSuccess "Completed Exchange configuration" - -## Setup Skype for Business. This is somewhat optional and if it fails we SfbEnable can be used later ## -PrintAction "Configuring account for Skype for Business." - -# Getting registrar pool -$strRegPool = $strLyncFQDN -$Error.Clear() -$strRegPoolEntry = Read-Host "Enter a Skype for Business Registrar Pool, or leave blank to use [$strRegPool]" -if (![System.String]::IsNullOrEmpty($strRegPoolEntry)) -{ - $strRegPool = $strRegPoolEntry -} - -# Try to SfB-enable the account. Note that it may not work right away as the account needs to propagate to active directory -PrintAction "Enabling Skype for Business..." -Start-Sleep -s 10 -$Error.Clear() -try { - Enable-CsMeetingRoom -Identity $credNewAccount.UserName -RegistrarPool $strRegPool -SipAddressType EmailAddress -} -catch { } - -if ($Error) -{ - $status["Skype for Business Account Setup"] = "Failed to setup the Skype for Business meeting room - you can run EnableSfb.ps1 to try again." - $Error.Clear(); -} -else -{ - $status["Skype for Business Account Setup"] = "Successfully enabled account as a Skype for Business meeting room" -} - -Write-Host - -## Cleanup and print results ## -Cleanup -$strDisplay = $mailbox.DisplayName -$strUsr = $credNewAccount.UserName -PrintAction "Summary for creation of $strUsr ($strDisplay)" -if ($status.Count -gt 0) -{ - ForEach($k in $status.Keys) - { - $v = $status[$k] - $color = "yellow" - if ($v[0] -eq "S") { $color = "green" } - elseif ($v[0] -eq "F") - { - $color = "red" - $v += " Go to https://aka.ms/shubtshoot" - } - - Write-Host -NoNewline $k -ForegroundColor $color - Write-Host -NoNewline ": " - Write-Host $v - } -} -else -{ - PrintError "The account could not be created" -} -``` - -### Create a device account using Office 365 - -Creates an account as described in [Create a device account using Office 365](create-a-device-account-using-office-365.md) - -```PowerShell -# SHAccountCreateO365.ps1 - -$Error.Clear() -$ErrorActionPreference = "Stop" -$status = @{} - -# Cleans up set state such as remote powershell sessions -function Cleanup() -{ - if ($sessExchange) - { - Remove-PSSession $sessExchange - } - if ($sessCS) - { - Remove-PSSession $sessCS - } -} - -function PrintError($strMsg) -{ - Write-Host $strMsg -foregroundcolor Red -} - -function PrintSuccess($strMsg) -{ - Write-Host $strMsg -foregroundcolor Green -} - -function PrintAction($strMsg) -{ - Write-Host $strMsg -ForegroundColor Cyan -} - - -# Cleans up and prints an error message -function CleanupAndFail($strMsg) -{ - if ($strMsg) - { - PrintError($strMsg); - } - Cleanup - exit 1 -} - -# Exits if there is an error set and prints the given message -function ExitIfError($strMsg) -{ - if ($Error) - { - CleanupAndFail($strMsg); - } -} - - -## Check dependencies ## -try { - Import-Module SkypeOnlineConnector - Import-Module MSOnline -} -catch -{ - PrintError "Some dependencies are missing" - PrintError "Please install the Windows PowerShell Module for Lync Online. For more information go to https://www.microsoft.com/download/details.aspx?id=39366" - PrintError "Please install the Azure Active Directory module for PowerShell from https://go.microsoft.com/fwlink/p/?linkid=236297" - CleanupAndFail -} - - - -## Collect account data ## -$credNewAccount = (Get-Credential -Message "Enter the desired UPN and password for this new account") -$strUpn = $credNewAccount.UserName -$strDisplayName = Read-Host "Please enter the display name you would like to use for $strUpn" -if (!$credNewAccount -Or [System.String]::IsNullOrEmpty($strDisplayName) -Or [System.String]::IsNullOrEmpty($credNewAccount.UserName) -Or $credNewAccount.Password.Length -le 0) -{ - CleanupAndFail "Please enter all of the requested data to continue." - exit 1 -} - - -## Sign in to remote powershell for exchange and lync online ## -$credAdmin = $null -$credAdmin=Get-Credential -Message "Enter credentials of an Exchange and Skype for Business admin" -if (!$credadmin) -{ - CleanupAndFail "Valid admin credentials are required to create and prepare the account." -} -PrintAction "Connecting to remote sessions. This can occasionally take a while - please do not enter input..." -try -{ - $sessExchange = New-PSSession -ConfigurationName microsoft.exchange -Credential $credAdmin -AllowRedirection -Authentication basic -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -WarningAction SilentlyContinue -} -catch -{ - CleanupAndFail "Failed to connect to exchange. Please check your credentials and try again. Error message: $_" -} - -try -{ - $sessCS = New-CsOnlineSession -Credential $credAdmin -} -catch -{ - CleanupAndFail "Failed to connect to Skype for Business Online Datacenter. Please check your credentials and try again. Error message: $_" -} - -try -{ - Connect-MsolService -Credential $credAdmin -} -catch -{ - CleanupAndFail "Failed to connect to Azure Active Directory. Please check your credentials and try again. Error message: $_" -} - -Import-PSSession $sessExchange -AllowClobber -WarningAction SilentlyContinue -Import-PSSession $sessCS -AllowClobber -WarningAction SilentlyContinue - -## Create the Exchange mailbox ## -> [!Note] -> These exchange commandlets do not always throw their errors as exceptions - -# Because Get-Mailbox will throw an error if the mailbox is not found -$Error.Clear() -PrintAction "Creating a new account..." -try -{ - $mailbox = $null - $mailbox = (New-Mailbox -MicrosoftOnlineServicesID $credNewAccount.UserName -room -Name $strDisplayName -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true) -} catch { } -ExitIfError "Failed to create a new mailbox on exchange."; -$status["Mailbox Setup"] = "Successfully created a mailbox for the new account" - - -$strEmail = $mailbox.WindowsEmailAddress -PrintSuccess "The following mailbox has been created for this room: $strEmail" - - -## Create or retrieve a policy that will be applied to surface hub devices ## -# The policy disables requiring a device password so that the SurfaceHub does not need to be lockable to use Active Sync -$strPolicy = Read-Host 'Please enter the name for a new Surface Hub ActiveSync policy that will be created and applied to this account. -We will configure that policy to be compatible with Surface Hub devices. -If this script has been used before, please enter the name of the existing policy.' - -$easpolicy = $null -try { - $easpolicy = Get-MobileDeviceMailboxPolicy $strPolicy -} -catch {} - -if ($easpolicy) -{ - if (!$easpolicy.PasswordEnabled -and ($easpolicy.AllowNonProvisionableDevices -eq $null -or $easpolicy.AllowNonProvisionableDevices )) - { - PrintSuccess "An existing policy has been found and will be applied to this account." - } - else - { - PrintError "The policy you provided is incompatible with the surface hub." - $easpolicy = $null - $status["ActiveSync Policy"] = "Failed to apply the EAS policy to the account because the policy was invalid." - } -} -else -{ - $Error.Clear() - PrintAction "Creating policy..." - $easpolicy = New-MobileDeviceMailboxPolicy -Name $strPolicy -PasswordEnabled $false -AllowNonProvisionableDevices $true - if ($easpolicy) - { - PrintSuccess "A new device policy has been created; you can use this same policy for all future Surface Hub device accounts." - } - else - { - PrintError "Could not create $strPolicy" - } -} - -if ($easpolicy) -{ - # Convert mailbox to user type so we can apply the policy (necessary) - # Sometimes it takes a while for this change to take affect so we have some nasty retry loops - $Error.Clear(); - try - { - Set-Mailbox $credNewAccount.UserName -Type Regular - } catch {} - if ($Error) - { - $Error.Clear() - $status["Device Password Policy"] = "Failed to apply the EAS policy to the account." - PrintError "Failed to convert to regular account" - } - else - { - # Loop until resource type goes away, up to 5 times - for ($i = 0; $i -lt 5 -And (Get-Mailbox $credNewAccount.UserName).ResourceType; $i++) - { - Start-Sleep -s 5 - } - # If the mailbox is still a Room we cannot apply the policy - if (!((Get-Mailbox $credNewAccount.UserName).ResourceType)) - { - $Error.Clear() - # Set policy for account - Set-CASMailbox $credNewAccount.UserName -ActiveSyncMailboxPolicy $strPolicy - if (!$Error) - { - $status["Device Password Policy"] = "Successfully applied $strPolicy to the account" - } - else - { - $status["Device Password Policy"] = "Failed to apply the EAS policy to the account." - PrintError "Failed to apply policy" - } - $Error.Clear() - - # Convert back to room mailbox - Set-Mailbox $credNewAccount.UserName -Type Room - # Loop until resource type goes back to room - for ($i = 0; ($i -lt 5) -And ((Get-Mailbox $credNewAccount.UserName).ResourceType -ne "Room"); $i++) - { - Start-Sleep -s 5 - } - if ((Get-Mailbox $credNewAccount.UserName).ResourceType -ne "Room") - { - # A failure to convert the mailbox back to a room is unfortunate but means the mailbox is unusable. - $status["Mailbox Setup"] = "A mailbox was created but we could not set it to a room resource type." - } - else - { - Set-Mailbox $credNewAccount.UserName -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true - if ($Error) - { - $status["Mailbox Setup"] = "A room mailbox was created but we could not set its password." - } - $Error.Clear() - } - - } - } -} -else -{ - $status["Device Password Policy"] = "Failed to apply the EAS policy to the account." - PrintError "Failed to obtain policy" -} -PrintSuccess "Account creation completed." - -PrintAction "Setting calendar processing rules..." - -$Error.Clear(); -## Prepare the calendar for automatic meeting responses ## -try { - Set-CalendarProcessing -Identity $credNewAccount.UserName -AutomateProcessing AutoAccept -} catch { } -if ($Error) -{ - $status["Calendar Acceptance"] = "Failed to configure the account to automatically accept/decline meeting requests" -} -else -{ - $status["Calendar Acceptance"] = "Successfully configured the account to automatically accept/decline meeting requests" -} - - -$Error.Clear() -try { - Set-CalendarProcessing -Identity $credNewAccount.UserName -RemovePrivateProperty $false -AddOrganizerToSubject $false -AddAdditionalResponse $true -DeleteSubject $false -DeleteComments $false -AdditionalResponse "This is a Surface Hub room!" -} catch { } -if ($Error) -{ - $status["Calendar Response Configuration"] = "Failed to configure the account's response properties" -} -else -{ - $status["Calendar Response Configuration"] = "Successfully configured the account's response properties" -} - -$Error.Clear() -## Configure the Account to not expire ## -PrintAction "Configuring password not to expire..." -try -{ - Set-MsolUser -UserPrincipalName $credNewAccount.UserName -PasswordNeverExpires $true -} -catch -{ - -} - -if ($Error) -{ - $status["Password Expiration Policy"] = "Failed to set the password to never expire" -} -else -{ - $status["Password Expiration Policy"] = "Successfully set the password to never expire" -} - -PrintSuccess "Completed Exchange configuration" - -## Setup Skype for Business. This is somewhat optional and if it fails we SfbEnable can be used later ## -PrintAction "Configuring account for Skype for Business." - -# Getting registrar pool -$strRegPool = $null -try { - $strRegPool = (Get-CsTenant).TenantPoolExtension -} -catch {} -$Error.Clear() -if (![System.String]::IsNullOrEmpty($strRegPool)) -{ - $strRegPool = $strRegPool.Substring($strRegPool[0].IndexOf(':') + 1) -} -<# -$strRegPoolEntry = Read-Host "Enter a Skype for Business Registrar Pool, or leave blank to use [$strRegPool]" -if (![System.String]::IsNullOrEmpty($strRegPoolEntry)) -{ - $strRegPool = $strRegPoolEntry -} -#> - -# Try to SfB-enable the account. Note that it may not work right away as the account needs to propagate to active directory -PrintAction "Enabling Skype for Business on $strRegPool" -Start-Sleep -s 10 -$Error.Clear() -try { - Enable-CsMeetingRoom -Identity $credNewAccount.UserName -RegistrarPool $strRegPool -SipAddressType EmailAddress -} -catch { } - -if ($Error) -{ - $status["Skype for Business Account Setup"] = "Failed to setup the Skype for Business meeting room - you can run EnableSfb.ps1 to try again." - $Error.Clear(); -} -else -{ - $status["Skype for Business Account Setup"] = "Successfully enabled account as a Skype for Business meeting room" -} - -## Now we need to assign a Skype for Business license to the account ## -# Assign a license to thes -$countryCode = (Get-CsTenant).CountryAbbreviation -$loc = Read-Host "Please enter the usage location for this device account (where the account is being used). This is a 2-character code that is used to assign licenses (e.g. $countryCode)" -try { - $Error.Clear() - Set-MsolUser -UserPrincipalName $credNewAccount.UserName -UsageLocation $loc -} -catch{} -if ($Error) -{ - $status["Office 365 License"] = "Failed to assign an Office 365 license to the account" - $Error.Clear() -} -else -{ - PrintAction "We found the following licenses available for your tenant:" - $skus = (Get-MsolAccountSku | Where-Object { !$_.AccountSkuID.Contains("INTUNE"); }) - $i = 1 - $skus | % { - Write-Host -NoNewline $i - Write-Host -NoNewLine ": AccountSKUID: " - Write-Host -NoNewLine $_.AccountSkuid - Write-Host -NoNewLine " Active Units: " - Write-Host -NoNewLine $_.ActiveUnits - Write-Host -NoNewLine " Consumed Units: " - Write-Host $_.ConsumedUnits - $i++ - } - $iLicenseIndex = 0; - do - { - $iLicenseIndex = Read-Host 'Choose the number for the SKU you want to pick' - } while ($iLicenseIndex -lt 1 -or $iLicenseIndex -gt $skus.Length) - $strLicenses = $skus[$iLicenseIndex - 1].AccountSkuId - - if (![System.String]::IsNullOrEmpty($strLicenses)) - { - try - { - $Error.Clear() - Set-MsolUserLicense -UserPrincipalName $credNewAccount.UserName -AddLicenses $strLicenses - } - catch - { - - } - if ($Error) - { - $Error.Clear() - $status["Office 365 License"] = "Failed to add a license to the account. Make sure you have remaining licenses." - } - else - { - $status["Office 365 License"] = "Successfully added license to the account" - } - } - else - { - $status["Office 365 License"] = "You opted not to install a license on this account" - } -} - - -Write-Host - -## Cleanup and print results ## -Cleanup -$strDisplay = $mailbox.DisplayName -$strUsr = $credNewAccount.UserName -PrintAction "Summary for creation of $strUsr ($strDisplay)" -if ($status.Count -gt 0) -{ - ForEach($k in $status.Keys) - { - $v = $status[$k] - $color = "yellow" - if ($v[0] -eq "S") { $color = "green" } - elseif ($v[0] -eq "F") - { - $color = "red" - $v += " Go to https://aka.ms/shubtshoot for help" - } - - Write-Host -NoNewline $k -ForegroundColor $color - Write-Host -NoNewline ": " - Write-Host $v - } -} -else -{ - PrintError "The account could not be created" -} -``` - -## Account verification script - -This script will validate the previously-created device account on a Surface Hub, no matter which method was used to create it. This script is basically pass/fail. If one of the test errors out, it will show a detailed error message, but if all tests pass, the end result will be a summary report. For example, you might see: - -``` syntax -15 tests executed -0 failures -2 warnings -15 passed -``` - -Details of specific settings will not be shown. - -```PowerShell -# SHAccountValidate.ps1 - -$Error.Clear() -$ErrorActionPreference = "Stop" - - -# Cleans up set state such as remote powershell sessions -function Cleanup() -{ - if ($sessEx) - { - Remove-PSSession $sessEx - } - if ($sessSfb) - { - Remove-PSSession $sessSfb - } -} - -function PrintError($strMsg) -{ - Write-Host $strMsg -foregroundcolor "red" -} - -function PrintSuccess($strMsg) -{ - Write-Host $strMsg -foregroundcolor "green" -} - -function PrintAction($strMsg) -{ - Write-Host $strMsg -ForegroundColor Cyan -} - - -# Cleans up and prints an error message -function CleanupAndFail($strMsg) -{ - if ($strMsg) - { - PrintError($strMsg); - } - Cleanup - exit 1 -} - -# Exits if there is an error set and prints the given message -function ExitIfError($strMsg) -{ - if ($Error) - { - CleanupAndFail($strMsg); - } -} - -$strUpn = Read-Host "What is the email address of the account you wish to validate?" -if (!$strUpn.Contains('@')) -{ - CleanupAndFail "$strUpn is not a valid email address" -} -$strExServer = Read-Host "What is your exchange server? (leave blank for online tenants)" -if ($strExServer.Equals("")) -{ - $fExIsOnline = $true -} -else -{ - $fExIsOnline = $false -} -$credEx = Get-Credential -Message "Please provide exchange user credentials" - -$strRegistrarPool = Read-Host ("What is the Skype for Business registrar pool for $strUpn" + "? (leave blank for online tenants)") -$fSfbIsOnline = $strRegistrarPool.Equals("") - -$fHasOnPrem = $true -if ($fSfbIsOnline -and $fExIsOnline) -{ - do - { - $strHasOnPrem = (Read-Host "Do you have an on-premises Active Directory (Y/N) (No if your domain services are hosted entirely online)").ToUpper() - } while ($strHasOnPrem -ne "Y" -and $strHasOnPrem -ne "N") - $fHasOnPrem = $strHasOnPrem.Equals("Y") -} - -$fHasOnline = $false -if ($fSfbIsOnline -or $fExIsOnline) -{ - $fHasOnline = $true -} - -if ($fSfbIsOnline) -{ - try { - Import-Module SkypeOnlineConnector - } - catch - { - CleanupAndFail "To verify Skype for Business in online tenants you need the Lync Online Connector module from https://www.microsoft.com/download/details.aspx?id=39366" - } -} -else -{ - $credSfb = (Get-Credential -Message "Please enter Skype for Business admin credentials") -} - -if ($fHasOnline) -{ - $credSfb = $credEx - try { - Import-Module MSOnline - } - catch - { - CleanupAndFail "To verify accounts in online tenants you need the Azure Active Directory module for PowerShell from https://go.microsoft.com/fwlink/p/?linkid=236297" - } -} - -PrintAction "Connecting to Exchange Powershell Session..." -[System.Management.Automation.Runspaces.AuthenticationMechanism] $authType = [System.Management.Automation.Runspaces.AuthenticationMechanism]::Kerberos -if ($fExIsOnline) -{ - $authType = [System.Management.Automation.Runspaces.AuthenticationMechanism]::Basic -} -try -{ - $sessEx = $null - if ($fExIsOnline) - { - $sessEx = New-PSSession -ConfigurationName microsoft.exchange -Credential $credEx -AllowRedirection -Authentication $authType -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -WarningAction SilentlyContinue - } - else - { - $sessEx = New-PSSession -ConfigurationName microsoft.exchange -Credential $credEx -AllowRedirection -Authentication $authType -ConnectionUri https://$strExServer/powershell -WarningAction SilentlyContinue - } -} -catch -{ -} - -if (!$sessEx) -{ - CleanupAndFail "Connecting to Exchange Powershell failed, please validate your server is accessible and credentials are correct" -} - -PrintSuccess "Connected to Exchange Powershell Session" - -PrintAction "Connecting to Skype for Business Powershell Session..." - -if ($fSfbIsOnline) -{ - $sessSfb = New-CsOnlineSession -Credential $credSfb -} -else -{ - $sessSfb = New-PSSession -Credential $credSfb -ConnectionURI "https://$strRegistrarPool/OcsPowershell" -AllowRedirection -WarningAction SilentlyContinue -} - -if (!$sessSfb) -{ - CleanupAndFail "Connecting to Skype for Business Powershell failed, please validate your server is accessible and credentials are correct" -} - -PrintSuccess "Connected to Skype for Business Powershell" - -if ($fHasOnline) -{ - $credMsol = $null - if ($fExIsOnline) - { - $credMsol = $credEx - } - elseif ($fSfbIsOnline) - { - $credMsol = $credSfb - } - else - { - CleanupAndFail "Internal error - could not determine MS Online credentials" - } - try - { - PrintAction "Connecting to Azure Active Directory Services..." - Connect-MsolService -Credential $credMsol - PrintSuccess "Connected to Azure Active Directory Services" - } - catch - { - # This really shouldn't happen unless there is a network error - CleanupAndFail "Failed to connect to MSOnline" - } -} - - -PrintAction "Importing remote sessions into the local session..." -try -{ - $importEx = Import-PSSession $sessEx -AllowClobber -WarningAction SilentlyContinue -DisableNameChecking - $importSfb = Import-PSSession $sessSfb -AllowClobber -WarningAction SilentlyContinue -DisableNameChecking -} -catch -{ -} -if (!$importEx -or !$importSfb) -{ - CleanupAndFail "Import failed" -} -PrintSuccess "Import successful" - - -$mailbox = $null -try -{ - $mailbox = Get-Mailbox -Identity $strUpn -} -catch -{ -} - -if (!$mailbox) -{ - CleanupAndFail "Account exists check failed. Unable to find the mailbox for $strUpn - please make sure the Exchange account exists on $strExServer" -} - -$exchange = $null -if (!$fExIsOnline) -{ - $exchange = Get-ExchangeServer - if (!$exchange -or !$exchange.IsE14OrLater) - { - CleanupAndFail "A compatible exchange server version was not found. Please use at least exchange 2010." - } -} - - -$strAlias = $mailbox.UserPrincipalName -$strDisplayName = $mailbox.DisplayName - -$strLinkedAccount = $strLinkedDomain = $strLinkedUser = $strLinkedServer = $null -$credLinkedDomain = $Null -if (!$fExIsOnline -and ![System.String]::IsNullOrEmpty($mailbox.LinkedMasterAccount) -and !$mailbox.LinkedMasterAccount.EndsWith("\SELF")) -{ - $strLinkedAccount = $mailbox.LinkedMasterAccount - $strLinkedDomain = $strLinkedAccount.substring(0,$strLinkedAccount.IndexOf('\')) - $strLinkedUser = $strLinkedAccount.substring($strLinkedAccount.IndexOf('\') + 1) - $strLinkedServer = Read-Host "What is the domain controller for the $strLinkedDomain" - $credLinkedDomain = (Get-Credential -Message "Please provide credentials for $strLinkedDomain") -} - - - - - - - -Write-Host -Write-Host -Write-Host -PrintAction "Performing verification checks on $strDisplayName..." -$Global:iTotalFailures = 0 -$global:iTotalWarnings = 0 -$Global:iTotalPasses = 0 - -function Validate() -{ - Param( - [string]$Test, - [bool] $Condition, - [string]$FailureMsg, - [switch]$WarningOnly - ) - - Write-Host -NoNewline -ForegroundColor White $Test.PadRight(100,'.') - if ($Condition) - { - Write-Host -ForegroundColor Green "Passed" - $global:iTotalPasses++ - } - else - { - if ($WarningOnly) - { - Write-Host -ForegroundColor Yellow ("Warning: "+$FailureMsg) - $global:iTotalWarnings++ - } - else - { - Write-Host -ForegroundColor Red ("Failed: "+$FailureMsg) - $global:iTotalFailures++ - } - } -} - -## Exchange ## - -Validate -WarningOnly -Test "The mailbox $strUpn is enabled as a room account" -Condition ($mailbox.RoomMailboxAccountEnabled -eq $True) -FailureMsg "RoomMailboxEnabled - without a device account, the Surface Hub will not be able to use various key features." -$calendarProcessing = Get-CalendarProcessing -Identity $strUpn -WarningAction SilentlyContinue -ErrorAction SilentlyContinue -Validate -Test "The mailbox $strUpn is configured to accept meeting requests" -Condition ($calendarProcessing -ne $null -and $calendarProcessing.AutomateProcessing -eq 'AutoAccept') -FailureMsg "AutomateProcessing - the Surface Hub will not be able to send mail or sync its calendar." -Validate -WarningOnly -Test "The mailbox $strUpn will not delete meeting comments" -Condition ($calendarProcessing -ne $null -and !$calendarProcessing.DeleteComments) -FailureMsg "DeleteComments - the Surface Hub may be missing some meeting information on the welcome screen and Skype." -Validate -WarningOnly -Test "The mailbox $strUpn keeps private meetings private" -Condition ($calendarProcessing -ne $null -and !$calendarProcessing.RemovePrivateProperty) -FailureMsg "RemovePrivateProperty - the Surface Hub will make show private meetings." -Validate -Test "The mailbox $strUpn keeps meeting subjects" -Condition ($calendarProcessing -ne $null -and !$calendarProcessing.DeleteSubject) -FailureMsg "DeleteSubject - the Surface Hub will not keep meeting subject information." -Validate -WarningOnly -Test "The mailbox $strUpn does not prepend meeting organizers to subjects" -Condition ($calendarProcessing -ne $null -and !$calendarProcessing.AddOrganizerToSubject) -FailureMsg "AddOrganizerToSubject - the Surface Hub will not display meeting subjects as intended." - -if ($fExIsOnline) -{ - #No online specifics -} -else -{ - #No onprem specifics -} - -#ActiveSync -$casMailbox = Get-Casmailbox $strUpn -WarningAction SilentlyContinue -ErrorAction SilentlyContinue -Validate -Test "The mailbox $strUpn has a mailbox policy" -Condition ($casMailbox -ne $null) -FailureMsg "PasswordEnabled - unable to find policy - the Surface Hub will not be able to send mail or sync its calendar." -if ($casMailbox) -{ - $policy = $null - if ($fExIsOnline -or $exchange.IsE15OrLater) - { - $strPolicy = $casMailbox.ActiveSyncMailboxPolicy - $policy = Get-MobileDeviceMailboxPolicy -Identity $strPolicy -WarningAction SilentlyContinue -ErrorAction SilentlyContinue - Validate -Test "The policy $strPolicy does not require a device password" -Condition ($policy.PasswordEnabled -ne $True) -FailureMsg "PasswordEnabled - policy requires a device password - the Surface Hub will not be able to send mail or sync its calendar." - } - else - { - $strPolicy = $casMailbox.ActiveSyncMailboxPolicy - $policy = Get-ActiveSyncMailboxPolicy -Identity $strPolicy -WarningAction SilentlyContinue -ErrorAction SilentlyContinue - Validate -Test "The policy $strPolicy does not require a device password" -Condition ($policy.PasswordEnabled -ne $True) -FailureMsg "PasswordEnabled - policy requires a device password - the Surface Hub will not be able to send mail or sync its calendar." - } - - if ($policy -ne $null) - { - Validate -Test "The policy $strPolicy allows non-provisionable devices" -Condition ($policy.AllowNonProvisionableDevices -eq $null -or $policy.AllowNonProvisionableDevices -eq $true) -FailureMsg "AllowNonProvisionableDevices - policy will not allow the SurfaceHub to sync" - } - -} - - -# Check the default access level -$orgSettings = Get-ActiveSyncOrganizationSettings -$strDefaultAccessLevel = $orgSettings.DefaultAccessLevel -Validate -Test "ActiveSync devices are allowed" -Condition ($strDefaultAccessLevel -eq 'Allow') -FailureMsg "DeviceType Windows Mail is accessible - devices are not allowed by default - the surface hub will not be able to send mail or sync its calendar." - -# Check if there exists a device access rule that bans the device type Windows Mail -$blockingRules = Get-ActiveSyncDeviceAccessRule | where {($_.AccessLevel -eq 'Block' -or $_.AccessLevel -eq 'Quarantine') -and $_.Characteristic -eq 'DeviceType'-and $_.QueryString -eq 'WindowsMail'} -Validate -Test "Windows mail devices are not blocked or quarantined" -Condition ($blockingRules -eq $null -or $blockingRules.Length -eq 0) -FailureMsg "DeviceType Windows Mail is accessible - devices are blocked or quarantined - the surface hub will not be able to send mail or sync its calendar." - -## End Exchange ## - - - -## SfB ## -$strLyncIdentity = $null -if ($fSfbIsOnline) -{ - $strLyncIdentity = $strUpn -} -else -{ - $strLyncIdentity = $strAlias -} - -$lyncAccount = $null -try { - $lyncAccount = Get-CsMeetingRoom -Identity $strLyncIdentity -WarningAction SilentlyContinue -ErrorAction SilentlyContinue -} catch { - try { - $lyncAccount = Get-CsUser -Identity $strLyncIdentity -WarningAction SilentlyContinue -ErrorAction SilentlyContinue - } catch { } -} -Validate -Test "There is a Lync or Skype for Business account for $strLyncIdentity" -Condition ($lyncAccount -ne $null -and $lyncAccount.Enabled) -FailureMsg "SfB Enabled - there is no Skype for Business account - meetings will not support Skype for Business" -if ($lyncAccount) -{ - Validate -Test "The meeting room has a SIP address" -Condition (![System.String]::IsNullOrEmpty($lyncAccount.SipAddress)) -FailureMsg "SfB Enabled - there is no SIP Address - the device account cannot be used to sign into Skype for Business." -} -## End SFB ## - - -if ($fHasOnline) -{ - #License validation and password expiry - $accountOnline = Get-MsolUser -UserPrincipalName $strUpn -WarningAction SilentlyContinue -ErrorAction SilentlyContinue - Validate -Test "There is an online user account for $strUpn" -Condition ($accountOnline -ne $null) -FailureMsg "Could not find a Microsoft Online account for this user even though some services are online" - if ($accountOnline) - { - Validate -Test "The password for $strUpn will not expire" -Condition ($accountOnline.PasswordNeverExpires -eq $True) -FailureMsg "PasswordNeverExpires - the admin will need to update the device account's password on the Surface Hub when it expires." - if ($fIsSfbOnline -and !$fIsExOnline) - { - $strLicenseFailureMsg = "Has O365 license - The devices will not be able to use Skype for Business services." - } - elseif ($fIsExOnline -and !$fIsSfbOnline) - { - $strLicenseFailureMsg = "Has O365 license - The devices will not be able to use Exchange Online services." - } - else - { - $strLicenseFailureMsg = "Has O365 license - The devices will not be able to use Skype for Business or Exchange Online services." - } - Validate -Test "$strUpn is licensed" -Condition ($accountOnline.IsLicensed -eq $True) -FailureMsg $strLicenseFailureMsg - - Validate -Test "$strUpn is allowed to sign in" -Condition ($accountOnline.BlockCredential -ne $True) -FailureMsg "BlockCredential - This user is not allowed to sign in." - } -} - -#If there is an on-prem component, we can get the authoritative AD user from mailbox -if ($fHasOnPrem) -{ - $accountOnPrem = $null - if ($strLinkedAccount) - { - $accountOnPrem = Get-AdUser $strLinkedUser -server $strLinkedServer -credential $credLinkedDomain -properties PasswordNeverExpires -WarningAction SilentlyContinue -ErrorAction SilentlyContinue - } - else - { - #AD User enabled validation - $accountOnPrem = Get-AdUser $mailbox.UserPrincipalName -properties PasswordNeverExpires -WarningAction SilentlyContinue -ErrorAction SilentlyContinue - } - $strOnPremUpn = $accountOnPrem.UserPrincipalName - Validate -Test "There is a user account for $strOnPremUpn" -Condition ($accountOnprem -ne $null) -FailureMsg "Could not find an Active Directory account for this user" - if ($accountOnPrem) - { - Validate -WarningOnly -Test "The password for $strOnPremUpn will not expire" -Condition ($accountOnprem.PasswordNeverExpires -eq $True) -FailureMsg "PasswordNeverExpires - the admin will need to update the device account's password on the Surface Hub when it expires." - Validate -Test "$strOnPremUpn is enabled" -Condition $accountOnPrem.Enabled -FailureMsg "AccountEnabled - this device account will not sign in" - } -} - - -$global:iTotalTests = ($global:iTotalFailures + $global:iTotalPasses + $global:iTotalWarnings) - -Write-Host -NoNewline $global:iTotalTests "tests executed: " -Write-Host -NoNewline -ForegroundColor Red $Global:iTotalFailures "failures " -Write-Host -NoNewline -ForegroundColor Yellow $Global:iTotalWarnings "warnings " -Write-Host -ForegroundColor Green $Global:iTotalPasses "passes " - -Cleanup -``` - -## Enable Skype for Business - -This script will enable Skype for Business on a device account. Use it only if Skype for Business wasn't previously enabled during account creation. - -```PowerShell -## This script performs only the Enable for Skype for Business step on an account. It should only be run if this step failed in SHAccountCreate and the other steps have been completed ## -# EnableSfb.ps1 - -$Error.Clear() -$ErrorActionPreference = "Stop" - -# Cleans up set state such as remote powershell sessions -function Cleanup() -{ - if ($sessCS) - { - Remove-PSSession $sessCS - } -} - -function PrintError($strMsg) -{ - Write-Host $strMsg -foregroundcolor "red" -} - -function PrintSuccess($strMsg) -{ - Write-Host $strMsg -foregroundcolor "green" -} - -# Cleans up and prints an error message -function CleanupAndFail($strMsg) -{ - if ($strMsg) - { - PrintError($strMsg); - } - Cleanup - exit 1 -} - -# Exits if there is an error set and prints the given message -function ExitIfError($strMsg) -{ - if ($Error) - { - CleanupAndFail($strMsg); - } -} - -## Check dependencies ## - -$input = Read-Host "Is the account you wish to enable part of an online environment (enter O) or on-premises environment (enter P)" -if ($input -eq "P") -{ - $online = $false -} -elseif ($input -eq "O") -{ - $online = $true -} -else -{ - CleanupAndFail "Invalid selection" -} -if ($online) -{ - try { - Import-Module SkypeOnlineConnector - } - catch - { - PrintError "Some dependencies are missing" - PrintError "Please install the Windows PowerShell Module for Lync Online. For more information go to https://www.microsoft.com/download/details.aspx?id=39366" - PrintError "Please install the Azure Active Directory module for PowerShell from https://go.microsoft.com/fwlink/p/?linkid=236297" - CleanupAndFail - } -} -else -{ - $strRegPool = Read-Host "Enter the FQDN of your Skype for Business Registrar Pool" -} - - -## Collect account data ## -Write-Host "----------- Enter info for the account to enable -----------." -foregroundcolor "magenta" -$strRoomUri=Read-Host 'Please enter the UPN of the account you are enabling (e.g. confroom@surfacehub.microsoft.com)' - -if ([System.String]::IsNullOrEmpty($strRoomUri)) -{ - CleanupAndFail "Please enter all of the requested data to continue." - exit 1 -} -Write-Host "--------------------------------------------------------------." -foregroundcolor "magenta" - - - -## Sign in to remote powershell for exchange and lync online ## -Write-Host "`n------------------ Establishing connection -----------------." -foregroundcolor "magenta" -$credAdmin=Get-Credential -Message "Enter credentials of a Skype for Business admin" -if (!$credadmin) -{ - CleanupAndFail("Valid admin credentials are required to create and prepare the account."); -} -Write-Host "Connecting to remote sessions. This can occasionally take a while - please do not enter input..." - -try -{ - if ($online) - { - $sessCS = New-CsOnlineSession -Credential $credAdmin - } - else - { - $sessCS = New-PSSession -Credential $credAdmin -ConnectionURI "https://$strRegPool/OcsPowershell" -AllowRedirection -WarningAction SilentlyContinue - } -} -catch -{ - CleanupAndFail("Failed to connect to Skype for Business server. Please check your credentials and try again. Error message: $_") -} - -Import-PSSession $sessCS -AllowClobber - - -Write-Host "--------------------------------------------------------------." -foregroundcolor "magenta" - -# Getting registrar pool -if ($online) -{ - try { - $strRegPool = $null; - $strRegPool = (Get-CsTenant).RegistrarPool - } catch {} - if ($Error) - { - $Error.Clear(); - $strRegPool = ""; - Write-Host "We failed to lookup your Skype for Business Registrar Pool, but you can still enter it manually" - } - else - { - $strRegPool = $strRegPool[0].Substring($strRegPool[0].IndexOf(':') + 1) - } -} - - -$Error.Clear() -try { - Enable-CsMeetingRoom -Identity $strRoomUri -RegistrarPool $strRegPool -SipAddressType EmailAddress -} -catch {} - -ExitIfError("Failed to setup Skype for Business meeting room") - -PrintSuccess "Successfully enabled $strRoomUri as a Skype for Business meeting room" - -Cleanup -``` - -## Useful cmdlets - -### Creating a Surface Hub-compatible ActiveSync policy - -For Surface Hub to use Exchange services, a device account configured with a compatible ActiveSync policy must be provisioned on the device. This policy has the following requirements: - -``` syntax -PasswordEnabled == 0 -``` - -In the following cmdlets, `$strPolicy` is the name of the ActiveSync policy, and `$strRoomUpn` is the UPN of the device account you want to apply the policy to. - -Note that in order to run the cmdlets, you need to set up a remote PowerShell session and: - -- Your admin account must be remote-PowerShell-enabled. This allows the admin to use the PowerShell cmdlets that are needed by the script. (This permission can be set using `set-user $admin -RemotePowerShellEnabled $true`) -- Your admin account must have the "Reset Password" role if you plan to run the creation scripts. This allows the admin to change the password of the account, which is needed for the script. The Reset Password Role can be enabled using the Exchange Admin Center. - -Create the policy. - -```PowerShell -# Create new policy with PasswordEnabled == false -New-MobileDeviceMailboxPolicy -Name $strPolicy -PasswordEnabled $false –AllowNonProvisionableDevices $true -``` - -To apply the policy, the mailbox cannot be a room type, so it has to be converted into a user first. - -```PowerShell -# Convert user to regular type -Set-Mailbox $strRoomUpn -Type Regular -# Set policy for account -Set-CASMailbox $strRoomUpn -ActiveSyncMailboxPolicy $strPolicy -``` - -Now the device account just needs to be converted back into a room type. - -```PowerShell -# Convert back to room mailbox -Set-Mailbox $strRoomUpn -Type Room -``` - -### Allowing device IDs for ActiveSync - -To allow an account `$strRoomUpn`, run the following command: - -```PowerShell -Set-CASMailbox –Identity $strRoomUpn –ActiveSyncAllowedDeviceIDs “” -``` - -To find a device's ID, run: - -```PowerShell -Get-ActiveSyncDevice -Mailbox $strRoomUpn -``` - -This retrieves device information for every device that the account has been provisioned on, Including the `DeviceId` property. - -### Auto-accepting and declining meeting requests - -For a device account to automatically accept or decline meeting requests based on its availability, the **AutomateProcessing** attribute must be set to **AutoAccept**. This is recommended as to prevent overlapping meetings. - -```PowerShell -Set-CalendarProcessing $strRoomUpn -AutomateProcessing AutoAccept -``` - -### Accepting external meeting requests - -For a device account to accept external meeting requests (a meeting request from an account not in the same tenant/domain), the device account must be set to allow processing of external meeting requests. Once set, the device account will automatically accept or decline meeting requests from external accounts as well as local accounts. - -> [!Note] -> If the **AutomateProcessing** attribute is not set to **AutoAccept**, then setting this will have no effect. - -```PowerShell -Set-CalendarProcessing $strRoomUpn -ProcessExternalMeetingMessages $true -``` diff --git a/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md b/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md deleted file mode 100644 index 8c94fbb5fe..0000000000 --- a/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: Applying ActiveSync policies to device accounts (Surface Hub) -description: The Microsoft Surface Hub's device account uses ActiveSync to sync mail and calendar. This allows people to join and start scheduled meetings from the Surface Hub, and allows them to email any whiteboards they have made during their meeting. -ms.assetid: FAABBA74-3088-4275-B58E-EC1070F4D110 -ms.reviewer: -manager: laurawi -keywords: Surface Hub, ActiveSync policies -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 06/20/2019 -ms.localizationpriority: medium ---- - -# Applying ActiveSync policies to device accounts (Surface Hub) - - -The Microsoft Surface Hub's device account uses ActiveSync to sync mail and calendar. This allows people to join and start scheduled meetings from the Surface Hub, and allows them to email any whiteboards they have made during their meeting. - -For these features to work, the ActiveSync policies for your organization must be configured as follows: - -- There can't be any global policies that block synchronization of the resource mailbox that's being used by the Surface Hub’s device account. If there is such a blocking policy, you need to add the Surface Hub as an allowed device. -- You must set a mobile device mailbox policy where the **PasswordEnabled** setting is set to False. Other mobile device mailbox policy settings are not compatible with the Surface Hub. - -## Allowing the DeviceID - - -Your organization may have a global policy that prevents syncing of device accounts provisioned on Surface Hubs. To configure this property, see [Allowing device IDs for ActiveSync](appendix-a-powershell-scripts-for-surface-hub.md#whitelisting-device-ids-cmdlet). - -## Setting PasswordEnabled - - -The device account must have an ActiveSync policy where the **PasswordEnabled** attribute is set to False or 0. To configure this property, see [Creating a Surface Hub-compatible Microsoft Exchange ActiveSync policy](appendix-a-powershell-scripts-for-surface-hub.md#create-compatible-as-policy). - -  - -  - - - - - diff --git a/devices/surface-hub/breadcrumb/toc.yml b/devices/surface-hub/breadcrumb/toc.yml deleted file mode 100644 index d846a15189..0000000000 --- a/devices/surface-hub/breadcrumb/toc.yml +++ /dev/null @@ -1,7 +0,0 @@ -- name: Docs - tocHref: / - topicHref: / - items: - - name: Surface Hub - tocHref: /surface-hub - topicHref: /surface-hub/index \ No newline at end of file diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md deleted file mode 100644 index 77ce204725..0000000000 --- a/devices/surface-hub/change-history-surface-hub.md +++ /dev/null @@ -1,195 +0,0 @@ ---- -title: Change history for Surface Hub -ms.reviewer: -manager: laurawi -description: This topic lists new and updated topics for Surface Hub. -keywords: change history -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.localizationpriority: medium ---- - -# Change history for Surface Hub - -This topic lists new and updated topics in the [Surface Hub Admin Guide]( surface-hub-administrators-guide.md). - -## April 2019 - -New or changed topic | Description ---- | --- -[Surface Hub Site Readiness Guide](surface-hub-site-readiness-guide.md) | New; previously available for download only -[Technical information for 55” Microsoft Surface Hub](surface-hub-technical-55.md) | New; previously available for download and on [Surface Hub Tech Spec](https://support.microsoft.com/help/4483539/surface-hub-tech-spec) -[Technical information for 84” Microsoft Surface Hub](surface-hub-technical-84.md) | New; previously available for download and on [Surface Hub Tech Spec](https://support.microsoft.com/help/4483539/surface-hub-tech-spec) -[Surface Hub SSD replacement](surface-hub-ssd-replacement.md) | New; previously available for download only -[Implement Quality of Service on Surface Hub](surface-hub-qos.md) | New - -## July 2018 - -New or changed topic | Description ---- | --- -[Set up and use Whiteboard to Whiteboard collaboration](whiteboard-collaboration.md) | Added information and links for new Microsoft Whiteboard app release. - -## June 2018 - -New or changed topic | Description ---- | --- -[On-premises deployment (single forest)](on-premises-deployment-surface-hub-device-accounts.md) and [On-premises deployment (multiple forests)](on-premises-deployment-surface-hub-multi-forest.md) | Added (prerelease) instructions for disabling anonymous email and IM. - -## May 2018 - -New or changed topic | Description ---- | --- -[Using the Surface Hub Recovery Tool](surface-hub-recovery-tool.md) | New - -## April 2018 - -New or changed topic | Description ---- | --- -[Hybrid deployment](hybrid-deployment-surface-hub-device-accounts.md) | Updated instructions for Skype for Business Hybrid. - - -## March 2018 - -New or changed topic | Description ---- | --- -[Create and test a device account (Surface Hub)](create-and-test-a-device-account-surface-hub.md) | Added section for account verification and testing, with link to new Surface Hub Hardware Diagnostic app. - -## February 2018 - -New or changed topic | Description ---- | --- -[Manage settings with an MDM provider (Surface Hub)](manage-settings-with-mdm-for-surface-hub.md) | Updated instructions for custom settings using Microsoft Intune. -[Hybrid deployment](hybrid-deployment-surface-hub-device-accounts.md) | Updated instructions and scripts. -| [Online deployment](online-deployment-surface-hub-device-accounts.md) | Updated instructions and scripts. - -## January 2018 - -New or changed topic | Description ---- | --- -[Configure Surface Hub Start menu](surface-hub-start-menu.md) | New -[PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) | Added prerequisites for running the scripts - -## November 2017 - -New or changed topic | Description ---- | --- -[Enable 802.1x wired authentication](enable-8021x-wired-authentication.md) | New -[Manage settings with an MDM provider (Surface Hub)](manage-settings-with-mdm-for-surface-hub.md) | Added settings for 802.1x wired authentication. - -## October 2017 - -New or changed topic | Description | ---- | --- -[Install apps on your Microsoft Surface Hub](install-apps-on-surface-hub.md) | Updated instructions to use Windows Team device family -[Hybrid deployment](hybrid-deployment-surface-hub-device-accounts.md) | Updated the instructions for Exchange on-premises -[Create a device account using UI](create-a-device-account-using-office-365.md) | Updated the instructions -[Differences between Surface Hub and Windows 10 Enterprise](differences-between-surface-hub-and-windows-10-enterprise.md) | Clarified user sign-in on Surface Hub -[Set up and use Whiteboard to Whiteboard collaboration](whiteboard-collaboration.md) | Removed **How to control and manage Whiteboard to Whiteboard collaboration** due to issues with the EnterpriseModernAppmanagement CSP losing state during End Session. -| [Manage settings with an MDM provider (Surface Hub)](manage-settings-with-mdm-for-surface-hub.md) | Removed settings for managing Whiteboard collaboration. | -[Top support solutions for Surface Hub](support-solutions-surface-hub.md) | Added link to Surface Hub warranty information - - -## September 2017 - -New or changed topic | Description ---- | --- -[Top support solutions for Surface Hub](support-solutions-surface-hub.md) | New -[PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) | Updated account creation scripts - -## August 2017 - - -| New or changed topic | Description | -| --- | --- | -[Accessibility](accessibility-surface-hub.md) | Added information about Narrator -[Sign in to Surface Hub with Microsoft Authenticator](surface-hub-authenticator-app.md) | New - - - - - -## July 2017 - -| New or changed topic | Description | -| --- | --- | -| [Windows updates](manage-windows-updates-for-surface-hub.md) | Changed deferral recommendations for Windows Updates | -| [Set up and use Whiteboard to Whiteboard collaboration](whiteboard-collaboration.md) | Added Whiteboard URLs to prerequisites | -| [Hybrid deployment](hybrid-deployment-surface-hub-device-accounts.md#skype-for-business-online) | Updated the Skype for Business Online requirements | -| [Prepare your environment for Surface Hub](prepare-your-environment-for-surface-hub.md) | Added that Surface Hub supports 802.1X using PEAP-MSCHAPv2 | - -## June 2017 - -| New or changed topic | Description | -| --- | --- | -| [Set up and use Whiteboard to Whiteboard collaboration](whiteboard-collaboration.md) | New | -| [Manage settings with an MDM provider (Surface Hub)](manage-settings-with-mdm-for-surface-hub.md) | Added settings for managing Whiteboard collaboration | - -## RELEASE: Windows 10, version 1703 - -The topics in this library have been updated for Windows 10, version 1703 (also known as the Creators Update). The following new topics have been added: - -- [Miracast on existing wireless network or LAN](miracast-over-infrastructure.md) - ->[Looking for the Surface Hub admin guide for Windows 10, version 1607?](https://download.microsoft.com/download/7/2/5/7252051B-7E97-4781-B5DF-58D4B1A4BB88/surface-hub-admin-guide-1607.pdf) - - -## May 2017 - -| New or changed topic | Description | -| --- | --- | -| [Online or hybrid deployment using Skype Hybrid Voice environment](skype-hybrid-voice.md) | New | - - -## February 2017 - -| New or changed topic | Description | -| --- | --- | -| [Useful downloads for Surface Hub administrators](surface-hub-downloads.md) | New | - -## January 2017 - -| New or changed topic | Description | -| --- | --- | -| [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md) | New | -| [On-premises deployment (multiple forests)](on-premises-deployment-surface-hub-multi-forest.md) | New | -| [Connect other devices and display with Surface Hub](connect-and-display-with-surface-hub.md) | Added graphics cards verified to work with 84" Surface Hubs and added information about the lengths of cables. | -| [Online deployment](online-deployment-surface-hub-device-accounts.md) | Updated procedures for adding a device account for your Microsoft Surface Hub when you have a pure, online deployment. | - -## December 2016 - -| New or changed topic | Description| -| --- | --- | -| [Connect other devices and display with Surface Hub](connect-and-display-with-surface-hub.md) | Added information about Bluetooth accessories. | -| [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md) | Updated example procedures to include screenshots. | - -## November 2016 - -| New or changed topic | Description | -| --- | --- | -| [Differences between Surface Hub and Windows 10 Enterprise](differences-between-surface-hub-and-windows-10-enterprise.md) | New | -| [Connect other devices and display with Surface Hub](connect-and-display-with-surface-hub.md) | Added information for Video Out and a table to help select a display method. | -| [Hybrid deployment](hybrid-deployment-surface-hub-device-accounts.md) | Added instructions for creating accounts for Surface Hub in a Skype for Business hybrid environment. | - - - -## RELEASE: Windows Anniversary Update for Surface Hub (Windows 10, version 1607) -The topics in this library have been updated for Windows 10, version 1607 (also known as Windows Anniversary Update for Surface Hub). These topics had significant updates for this release: -- [Windows Updates (Surface Hub)](manage-windows-updates-for-surface-hub.md) -- [Manage settings with an MDM provider (Surface Hub)](manage-settings-with-mdm-for-surface-hub.md) -- [Monitor your Microsoft Surface Hub](monitor-surface-hub.md) -- [Create provisioning packages (Surface Hub)](provisioning-packages-for-certificates-surface-hub.md) -- [Install apps on your Microsoft Surface Hub](install-apps-on-surface-hub.md) -- [Device reset (Surface Hub)](device-reset-surface-hub.md) - -## October 2016 -| New or changed topic | Description | -| --- | --- | -| [Admin group management (Surface Hub)](admin-group-management-for-surface-hub.md) |Add note about automatic enrollment, and update table. | -| [Password management (Surface Hub)](password-management-for-surface-hub-device-accounts.md) | Updates to content. | -| [Create and test a device account (Surface Hub)](create-and-test-a-device-account-surface-hub.md) | Reorganize and streamline guidance on creating a device account. | -| [Introduction to Surface Hub](intro-to-surface-hub.md) | Move Surface Hub dependencies table to [Prepare your environment for Surface Hub](prepare-your-environment-for-surface-hub.md). | -| [Prepare your environment for Surface Hub](prepare-your-environment-for-surface-hub.md) | Add dependency table and reorganize topic. | -| [Local management for Surface Hub settings](local-management-surface-hub-settings.md) | New topic. | diff --git a/devices/surface-hub/change-surface-hub-device-account.md b/devices/surface-hub/change-surface-hub-device-account.md deleted file mode 100644 index d20e57a184..0000000000 --- a/devices/surface-hub/change-surface-hub-device-account.md +++ /dev/null @@ -1,93 +0,0 @@ ---- -title: Change the Microsoft Surface Hub device account -description: You can change the device account in Settings to either add an account if one was not already provisioned, or to change any properties of an account that was already provisioned. -ms.assetid: AFC43043-3319-44BC-9310-29B1F375E672 -ms.reviewer: -manager: laurawi -keywords: change device account, change properties, Surface Hub -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 07/27/2017 -ms.localizationpriority: medium ---- - -# Change the Microsoft Surface Hub device account - - -You can change the device account in Settings to either add an account if one was not already provisioned, or to change any properties of an account that was already provisioned. - -## Details - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ValueDescription

User Principal Name

The user principal name (UPN) of the device account.

Password

The corresponding password of the device account.

Domain

The domain that the device account belongs to. This field does not need to be provided for Office 365 accounts.

User name

The user name of the device account. This field does not need to be provided for Office 365 accounts.

Session Initiation Protocol (SIP) address

The SIP address of the device account.

Microsoft Exchange server

This is the Exchange server of the device account. The device account’s username and password must be able to authenticate to the specified Exchange server.

Enable Exchange services

When checked, all Exchange services will be enabled (for example, calendar on the welcome screen, emailing whiteboards). When not checked, all Exchange services will be disabled, and the Exchange server does not need to be provided.

- -  - -## What happens? - - -The UPN and password are used to validate the account in AD or Azure AD. If the validation fails, you may need to provide the domain and user name. - -Using the credentials provided, we will try to discover the SIP address. If a SIP address can't be found, then Skype for Business will use the UPN as the SIP address. If this is not the SIP address for the account, you will need to provide the SIP address. - -The Exchange server address will need to be provided if the device can't find a server associated with the login credentials. Microsoft Surface Hub will use the Exchange server to talk to ActiveSync, which enables several key features on the device. - -## Related topics - - -[Manage Microsoft Surface Hub](manage-surface-hub.md) - -[Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md) - -  - -  - - - - - diff --git a/devices/surface-hub/connect-and-display-with-surface-hub.md b/devices/surface-hub/connect-and-display-with-surface-hub.md deleted file mode 100644 index d5f39c55db..0000000000 --- a/devices/surface-hub/connect-and-display-with-surface-hub.md +++ /dev/null @@ -1,494 +0,0 @@ ---- -title: Connect other devices and display with Surface Hub -description: You can connect other device to your Surface Hub to display content. -ms.assetid: 8BB80FA3-D364-4A90-B72B-65F0F0FC1F0D -ms.reviewer: -manager: laurawi -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 07/27/2017 -ms.localizationpriority: medium ---- - -# Connect other devices and display with Surface Hub - - -You can connect other devices to your Microsoft Surface Hub to display content. This topic describes the Guest Mode, Replacement PC Mode, and Video Out functionality available through wired connections, and also lists accessories that you can connect to Surface Hub using [Bluetooth](#bluetooth-accessories). - ->[!NOTE] ->Surface Hub will use the video input that you select until a new connection is made, the existing connection is disrupted, or the Connect App is closed. - -## Which method should I choose? - -When connecting external devices and displays to a Surface Hub, there are several available options. The method you use will depend upon your scenario and needs. - -| When you want to: | Use this method: | -| --- | --- | -| Mirror the Surface Hub's display on another device. | [Video Out](#video-out) | -| Present another device's display on the Surface Hub screen and interact with both the device's content and the built-in Surface Hub experience. | [Guest Mode](#guest-mode) | -| Power the Surface Hub from an external Windows 10 PC, turning off the embedded computer of the Surface Hub. Cameras, microphones, speakers, and other peripherals, are sent to the external PC, in addition to pen and touch. | [Replacement PC Mode](#replacement-pc-mode) | - - -## Guest Mode - - -Guest Mode uses a wired connection, so people can display content from their devices to the Surface Hub. If the source device is Windows-based, that device can also provide Touchback and Inkback. Surface Hub's internal PC takes video and audio from the connected device and presents them on the Surface Hub. If Surface Hub encounters a High-Bandwidth Digital Content Protection (HDCP) signal, the source will be displayed as a black image. To display your content without violating HDCP requirements, use the keypad on the right side of the Surface Hub to directly choose the external source. - ->[!NOTE] ->When an HDCP source is connected, use the side keypad to change source inputs. - -### Ports - -Use these ports on the Surface Hub for Guest Mode. - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
InterfaceTypeDescriptionCapabilities

Display Port 1.1a

Video input

Guest input #1

    -

  • Support simultaneous guest input display with guest input #2 and guest input #3 (one full resolution, two thumbnail).

    • -

  • HDCP compliant in bypass mode

    • -

  • Touchback enabled

    • -

HDMI 1.4

Video input

Guest input #2

    -

  • Support simultaneous guest input display with guest input #1 and guest input #3 (one full resolution, two thumbnail).

    • -

  • HDCP compliant in bypass mode

    • -

  • Touchback enabled

    • -

VGA

Video input

Guest input #3

    -

  • Support simultaneous guest input display with guest input #1 and guest input #2 (one full resolution, two thumbnail).

    • -

  • HDCP compliant in bypass mode

    • -

  • Touchback enabled

    • -

3.5 mm jack

Audio input

Analog audio input

    -

  • Ingest into Surface Hub PC, usually with the VGA video input.

    • -

USB 2.0, type B

USB out

Touchback

    -

  • Provides access to the HID input devices mouse, touch, keyboard, and stylus back to the guest PC.

    • -
- - - -### Port locations - -These are the port connections used for Guest Mode on the 55" and 84" Surface Hubs. - -![image showing guest ports on 55" surface hub.](images/sh-55-guest-ports.png) - -Wired port connections on 55" Surface Hub - -![image showing guest ports on 84" surface hub.](images/sh-84-guest-ports.png) - -Wired port connections on 84" Surface Hub - -### Port enumeration - -When a Surface hub is connected to a guest computer with the wired connect USB port, a number of USB devices are discovered and configured. These peripheral devices are created for Touchback and Inkback. The peripheral devices can be viewed in Device Manager. Device Manager will show duplicate names for some devices. - -**Human interface devices** - -- HID-compliant consumer control device - -- HID-compliant pen - -- HID-compliant pen (duplicate item) - -- HID-compliant pen (duplicate item) - -- HID-compliant touch screen - -- USB Input Device - -- USB Input Device (duplicate item) - -**Keyboards** - -- Standard PS/2 keyboard - -**Mice and other pointing devices** - -- HID-compliant mouse - -**Universal serial bus controllers** - -- Generic USB hub - -- USB composite device - -### Guest Mode connectivity - -Your choice of video cable will be determined by what is available from your source input. The Surface Hub has three choices of video input: DisplayPort, HDMI, and VGA. See the following chart for available resolutions. - - -------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Signal TypeResolutionFrame rateHDMI - RGBDisplayPortVGA

PC

640 x 480

59.94/60

X

X

X

PC

720 x 480

59.94/60

X

X

PC

1024 x 768

60

X

X

X

HDTV

720p

59.94/60

X

X

X

HDTV

1080p

59.94/60

X

X

X

- - - -Source audio is provided by DisplayPort and HDMI cables. If you must use VGA, Surface Hub has an audio input port that uses a 3.5 mm plug. Surface Hub also uses a USB cable that provides Touchback and Inkback from the Surface Hub to compatible Windows 10 devices. The USB cable can be used with any video input that is already connected with a cable. - -Someone using Guest Mode to connect a PC would use one of these options: - -**DisplayPort** -- DisplayPort cable and USB 2.0 cable - -**HDMI** -- HDMI cable and USB 2.0 cable - -**VGA** -- VGA cable, 3.5 mm audio cable, and USB 2.0 cable - -If the computer you are using for Guest Mode is not compatible with Touchback and Inkback, then you won't need the USB cable. - -## Replacement PC Mode - - -In Replacement PC Mode, the embedded computer of the Surface Hub is turned off and an external PC is connected to the Surface Hub. Connections to replacement PC ports give access to key peripherals on the Surface Hub, including the screen, pen, and touch features. This does mean that your Surface Hub won’t have the benefit of the Windows Team experience, but you will have the flexibility offered by providing and managing your own Windows computer. - -### Software requirements - -You can run Surface Hub in Replacement PC Mode with 64-bit versions of Windows 10 Home, Windows 10 Pro, and Windows 10 Enterprise. You can download the [Surface Hub Replacement PC driver package](https://www.microsoft.com/download/details.aspx?id=52210) from the Microsoft Download Center. We recommend that you install these drivers on any computer you plan to use as a replacement PC. - -### Hardware requirements - -Surface Hub is compatible with a range of hardware. Choose the processor and memory confirmation for your replacement PC so that it supports the programs you'll be using. Your replacement PC hardware needs to support 64-bit versions of Windows 10. - -### Graphics adapter - -In Replacement PC Mode, Surface Hub supports any graphics adapter that can produce a DisplayPort signal. You'll improve your experience with a graphics adapter that can match Surface Hub's resolution and refresh rate. For example, the best and recommended replacement PC experience on the Surface Hub is with a 120Hz video signal. - -**55" Surface Hubs** - For best experience, use a graphics card capable of 1080p resolution at 120Hz. - -**84" Surface Hubs** - For best experience, use a graphics card capable of outputting four DisplayPort 1.2 streams to produce 2160p at 120Hz (3840 x 2160 at 120Hz vertical refresh). We've verified that this works with the NVIDIA Quadro K2200, NVIDIA Quadro K4200, NVIDIA Quadro M6000, AMD FirePro W5100, AMD FirePro W7100, and AMD FirePro W9100. These are not the only graphics cards - others are available from other vendors. - -Check directly with graphics card vendors for the latest drivers. - - ---- - - - - - - - - - - - - - - - - - - - - -
Graphics vendorDriver download page

NVIDIA

http://nvidia.com/Download/index.aspx

AMD

http://support.amd.com/en-us/download

Intel

https://downloadcenter.intel.com/

- - - -### Ports - -Replacement PC ports on 55" Surface Hub - -![image showing replacement pc ports on 55" surface hub.](images/sh-55-rpc-ports.png) - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
DescriptionTypeInterfaceDetails

PC video

Video input

DP 1.2

    -

  • Full screen display of 1080p at 120 Hz, plus audio

    • -

  • HDCP compliant

    • -

Internal peripherals

USB output

USB 2.0 type B

    -

  • Touch

    • -

  • Pen

    • -

  • Speakers

    • -

  • Microphone

    • -

  • Cameras

    • -

  • NFC sensor

    • -

  • Ambient light sensor

    • -

  • Passive infrared sensor

    • -

USB hub

USB output

USB 2.0 type B

    -

  • Underneath USB ports

    • -
- - - -Replacement PC ports on 84" Surface Hub - -![image showing replacement pc ports on 84" surface hub.](images/sh-84-rpc-ports.png) - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
DescriptionTypeInterfaceDetails

PC video

Video input

DP 1.2 (2x)

    -

  • Full screen display of 2160p at 120 Hz, plus audio

    • -

  • HDCP compliant

    • -

Internal peripherals

USB output

USB 2.0 type B

    -

  • Touch

    • -

  • Pen

    • -

  • Speakers

    • -

  • Microphone

    • -

  • Cameras

    • -

  • NFC sensor

    • -

  • Ambient light sensor

    • -

  • Passive infrared sensor

    • -

USB hub

USB output

USB 2.0 type B

    -

  • Underneath USB ports

    • -
- - - -### Replacement PC setup instructions - -**To use Replacement PC Mode** - -1. Download and install the [Surface Hub Replacement PC driver package](https://www.microsoft.com/download/details.aspx?id=52210) on the replacement PC. - - >[!NOTE] - >We recommend that you set sleep or hibernation on the replacement PC so the Surface Hub will turn off the display when it isn't being used. - -2. Turn off the Surface Hub using the power switch next to the power cable. - -3. Connect the cables from the Surface Hub's replacement PC ports to the replacement PC. These ports are usually covered by a removable plastic cover. - - 55" Surface Hub -- connect one DisplayPort cable, and two USB cables. - - 84" Surface Hub -- connect two DisplayPort cables, and two USB cables. - -4. Toggle the Mode switch to **Replacement PC**. The Mode switch is next to the Replacement PC ports. - -5. Turn on the Surface Hub using the power switch next to the power cable. - -6. Press the power button on the right side of the Surface Hub. - -You can switch the Surface Hub to use the internal PC. - -**To switch back to internal PC** - -1. Turn off the Surface Hub using the power switch next to the power cable. - -2. Toggle the Mode switch to Internal PC. The Mode switch is next to the Replacement PC ports. - -3. Turn on the Surface Hub using the power switch next to the power cable. - - -## Video Out - -The Surface Hub includes a Video Out port for mirroring visual content from the Surface Hub to another display. - -### Ports - -Video Out port on the 55" Surface Hub - -![Illustration of video output port](images/video-out-55.png) - -Video Out port on the 84" Surface Hub - -![Illustration of video output port](images/video-out-84.png) - - - - - - - - - - - - - - - - - - -
DescriptionTypeInterfaceCapabilities

Video Output Mirror

Video Output

Video Output

    -

  • Supports connection to a standard DisplayPort monitor (only supports an x4 Link displaying 1080p60 resolution at 24bpp)

    • -

  • Supports use with HDMI monitors (supporting 1080p60) by using a DisplayPort-to-HDMI adaptor

    • -
- -## Cables - -Both the 55” and 84” Surface Hub devices have been tested to work with Certified DisplayPort and HDMI cables. While vendors do sell longer cables that may work with the Surface Hub, only those cables that have been certified by testing labs are certain to work with the Hub. For example, DisplayPort cables are certified only up to 3 meters, however many vendors sell cables that are 3 times that length. If a long cable is necessary, we strongly suggest using HDMI. HDMI has many cost-effective solutions for long-haul cables, including the use of repeaters. Nearly every DisplayPort source will automatically switch to HDMI signaling if a HDMI sink is detected. - - -## Bluetooth accessories - -You can connect the following accessories to Surface Hub using Bluetooth: - -- Mice -- Keyboards -- Headsets -- Speakers - ->[!NOTE] ->After you connect a Bluetooth headset or speaker, you might need to change the [default microphone and speaker settings](local-management-surface-hub-settings.md). diff --git a/devices/surface-hub/connect-app-in-surface-hub-unexpectedly-exits.md b/devices/surface-hub/connect-app-in-surface-hub-unexpectedly-exits.md deleted file mode 100644 index 439d3c68d7..0000000000 --- a/devices/surface-hub/connect-app-in-surface-hub-unexpectedly-exits.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -title: What to do if the Connect app in Surface Hub exits unexpectedly -description: Describes how to resolve an issue where the Connect app in Surface Hub exits to the Welcome screen after cycling through inputs. -ms.assetid: 9576f4e4-d936-4235-8a03-d8a6fe9e8fec -keywords: surface, hub, connect, input, displayport -ms.prod: surface-hub -ms.sitesec: library -author: todmccoy -ms.author: v-todmc -ms.topic: article -ms.localizationpriority: medium ---- - -# What to do if the Connect app in Surface Hub exits unexpectedly - -At times, a wired Connect session that is started from the Welcome screen by connecting a DisplayPort input will exit back to the Welcome screen after using the side keypad or the source button to cycle through all source inputs. - -This is an issue in the Connect app and its default full-screen state. By changing the size of the app, or by selecting a DisplayPort input thumbnail in the Connect app, you can prevent input cycling from affecting the app. - -The way to resolve this issue is to first launch the Connect app from the Welcome screen, and THEN connect a DisplayPort input. If the input is already connected, manually select the thumbnail. \ No newline at end of file diff --git a/devices/surface-hub/create-a-device-account-using-office-365.md b/devices/surface-hub/create-a-device-account-using-office-365.md deleted file mode 100644 index 29f9557045..0000000000 --- a/devices/surface-hub/create-a-device-account-using-office-365.md +++ /dev/null @@ -1,387 +0,0 @@ ---- -title: Create a device account using UI (Surface Hub) -description: If you prefer to use a graphical user interface, you can create a device account for your Microsoft Surface Hub with either the Office 365 UI or the Exchange Admin Center. -ms.assetid: D11BCDC4-DABA-4B9A-9ECB-58E02CC8218C -ms.reviewer: -manager: laurawi -keywords: create device account, Office 365 UI, Exchange Admin center, Microsoft 365 admin center, Skype for Business, mobile device mailbox policy -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 05/04/2018 -ms.localizationpriority: medium ---- - -# Create a device account using UI (Surface Hub) - - -If you prefer to use a graphical user interface, you can create a device account for your Microsoft Surface Hub with either the [Office 365 UI](#create-device-acct-o365) or the [Exchange Admin Center](#create-device-acct-eac). - -## Create a device account using Office 365 - - -1. [Create the account in the Microsoft 365 Admin Center](#create-device-acct-o365-admin-ctr). -2. [Create a mobile device mailbox (ActiveSync) policy from the Microsoft Exchange Admin Center](#create-device-acct-o365-mbx-policy). -3. [Use PowerShell to complete device account creation](#create-device-acct-o365-complete-acct). -4. [Use PowerShell to configure Exchange properties of the account](#create-device-acct-o365-configure-exch-prop). -5. [Enable the account with Skype for Business](#create-device-acct-o365-skype-for-business). - -### Create the account in the admin center - -1. Sign in to Office 365 by visiting https://portal.office.com -2. Provide the admin credentials for your Office 365 tenant. This will take you to your Microsoft 365 Admin Center. - - ![Microsoft 365 admin center.](images/setupdeviceaccto365-02.png) - -3. In the admin center, navigate to **Resources** in the left panel, and then click **Rooms & equipment**. - - ![Rooms & equipment option in admin center](images/room-equipment.png) - -4. Click **Add** to create a new Room account. Enter a display name and email address for the account, and then click **Add**. - - ![Create new room account window](images/room-add.png) - -5. Select the Room account you just created in the Active Users list. In the right panel, you can see the account properties and several optional actions. Click **Reset password** to change the password, and unselect **Make this user change their password when they first sign in**, because it is not possible to change the password from the Surface Hub sign-in flow. - -6. In the **Assigned license** section, click **Edit**, and then click the dropdown arrow next to the appropriate license to expand the details. Select a user location, and in the list of licenses, toggle on **Skype for Business Online (Plan 2)**, and then click **Save**. The license may vary depending on your organization (for example, you might have Plan 2 or Plan 3). - -### Create a mobile device mailbox (ActiveSync) policy from the Exchange Admin Center - -1. In the admin center’s left panel, click **ADMIN**, and then click **Exchange**. - - ![admin center, showing exchange active users.](images/setupdeviceaccto365-08.png) - -2. This will open another tab on your browser to take you to the Exchange Admin Center, where you can create and set the Mailbox Setting for Surface Hub. - - ![Exchange admin center.](images/setupdeviceaccto365-09.png) - -3. To create a Mobile Device Mailbox Policy, click **Mobile** from the left panel and then click **Mobile device mailbox policies**. Surface Hubs require an account with a mobile device mailbox policy that does not require a password, so if you already have an existing policy that matches this requirement, you can apply that policy to the account. Otherwise use the following steps to create a new one to be used only for Surface Hub device accounts. - - ![Exchange admin center - creating a mobile device mailbox policy.](images/setupdeviceaccto365-10.png) - -4. To create a New Surface Hub mobile device mailbox policy, click the **+** button from the controls above the list of policies to add a new policy. For the name, provide a name that will help you distinguish this policy from other device accounts (for example, *SurfaceHubDeviceMobilePolicy*). Make sure the policy does not require a password for the devices assigned to, so make sure **Require a Password** remains unchecked, then click **Save**. - - ![Image showing new mobile device policy.](images/setupdeviceaccto365-11.png) - -5. After you have created the new mobile device mailbox policy, go back to the **Exchange Admin Center** and you will see the new policy listed. - - ![Image with new mobile device mailbox policy in Exchange admin center.](images/setupdeviceaccto365-12.png) - - - -### Use PowerShell to complete device account creation - -From here on, you'll need to finish the account creation process using PowerShell to set up some configuration. - -In order to run cmdlets used by these PowerShell scripts, the following must be installed for the admin PowerShell console: - -- [Microsoft Online Services Sign-In Assistant for IT Professionals RTW](https://www.microsoft.com/download/details.aspx?id=41950) -- [Windows Azure Active Directory Module for Windows PowerShell](https://www.microsoft.com/web/handlers/webpi.ashx/getinstaller/WindowsAzurePowershellGet.3f.3f.3fnew.appids) -- [Skype for Business Online, Windows PowerShell Module](https://www.microsoft.com/download/details.aspx?id=39366) - -Install the following module in Powershell -``` syntax - install-module AzureAD - Install-module MsOnline -``` - -### Connecting to online services - -1. Run Windows PowerShell as Administrator. - - ![Image showing how to start Windows PowerShell and run as administrator.](images/setupdeviceaccto365-17.png) - -2. Create a Credentials object, then create a new session that connects to Skype for Business Online, and provide the global tenant administrator account, then click **OK**. - - ![Image for Windows PowerShell credential request.](images/setupdeviceaccto365-18.png) - -3. To connect to Microsoft Online Services, run: - - ``` syntax - Connect-MsolService -Credential $Cred - ``` - - ![Image showing PowerShell cmdlet.](images/setupdeviceaccto365-19.png) - -4. Now to connect to Skype for Business Online Services, run: - - ``` syntax - $sfbsession = New-CsOnlineSession -Credential $cred - ``` - - ![Image showing PowerShell cmdlet.](images/setupdeviceaccto365-20.png) - -5. Finally, to connect to Exchange Online Services, run: - - ``` syntax - $exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -Credential $cred -Authentication "Basic" –AllowRedirection - ``` - - ![Image showing PowerShell cmdlet.](images/setupdeviceaccto365-21.png) - -6. Now you have to import the Skype for Business Online Session and the Exchange Online session you have just created, which will import the Exchange and Skype Commands so you can use them locally. - - ``` syntax - Import-PSSession $exchangesession -AllowClobber -WarningAction SilentlyContinue - Import-PSSession $sfbsession -AllowClobber -WarningAction SilentlyContinue - ``` - - Note that this could take a while to complete. - - ![Image showing PowerShell cmdlet.](images/setupdeviceaccto365-22.png) - -7. Once you’re connected to the online services you need to run a few more cmdlets to configure this account as a Surface Hub device account. - -### Use PowerShell to configure Exchange properties of the account - -Now that you're connected to the online services, you can finish setting up the device account. You'll use the device account email address to: - -- Change the mailbox type from regular to room. -- Set the password and enable the room mailbox account -- Change various Exchange properties -- Set the user account password to never expire. - -1. You’ll need to enter the account’s mail address and create a variable with that value: - - ```powershell - $mailbox = (Get-Mailbox ) - ``` - - To store the value get it from the mailbox: - - ```powershell - $strEmail = $mailbox.WindowsEmailAddress - ``` - - Print the value: - - ```powershell - $strEmail - ``` - - You will see the correct email address. - - ![Image showing PowerShell cmdlet.](images/setupdeviceaccto365-23.png) - -2. Run the following cmdlet: - - ```powershell - Set-CASMailbox $strEmail -ActiveSyncMailboxPolicy "SurfaceHubDeviceMobilePolicy" - ``` - -4. Various Exchange properties can be set on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section. - - ``` syntax - Set-CalendarProcessing -Identity $strEmail -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false - Set-CalendarProcessing -Identity $strEmail -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!" - ``` - - ![Image showing PowerShell cmdlet.](images/setupdeviceaccto365-26.png) - -5. If you decide to have the password not expire, you can set that with PowerShell cmdlets too. See [Password management](password-management-for-surface-hub-device-accounts.md) for more information. - - ``` syntax - Set-MsolUser -UserPrincipalName $strEmail -PasswordNeverExpires $True - ``` - -### Enable the account with Skype for Business - -Enable the device account with Skype for Business. - -In order to enable Skype for Business, your environment will need to meet the following prerequisites: - -- You'll need to have Skype for Business Online Standalone Plan 2 or higher in your O365 plan. The plan needs to support conferencing capability. -- If you need Enterprise Voice (PSTN telephony) using telephony service providers for the Surface Hub, you need Skype for Business Online Standalone Plan 3. -- Your tenant users must have Exchange mailboxes. -- Your Surface Hub account does require a Skype for Business Online Standalone Plan 2 or Skype for Business Online Standalone Plan 3 license, but it does not require an Exchange Online license. - -1. Start by creating a remote PowerShell session from a PC. - - ```PowerShell - Import-Module SkypeOnlineConnector - $cssess=New-CsOnlineSession -Credential $cred - Import-PSSession $cssess -AllowClobber - ``` - -2. To enable your Surface Hub account for Skype for Business Server, run this cmdlet: - - ```PowerShell - Enable-CsMeetingRoom -Identity $strEmail -RegistrarPool "sippoolbl20a04.infra.lync.com" -SipAddressType EmailAddress - ``` - - If you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet: - - ```PowerShell - Get-CsOnlineUser -Identity ‘alice@contoso.microsoft.com’| fl *registrarpool* - ``` - -## Create a device account using the Exchange Admin Center - ->[!NOTE] ->This method will only work if you are syncing from an on-premises Active Directory. - -You can use the Exchange Admin Center to create a device account: - -1. [Create an account and mailbox with the Exchange Admin Center](#create-device-acct-exch-admin-ctr). -2. [Create a mobile device mailbox policy from the Exchange Admin Center](#create-device-acct-exch-mbx-policy). -3. [Use PowerShell to configure the account](#create-device-acct-exch-powershell-conf). -4. [Enable the account with Skype for Business](#create-device-acct-exch-skype-for-business). - -### Create an account and mailbox with the Exchange Admin Center - -1. Sign in to your Exchange Admin Center using Exchange admin credentials. -2. Once you are at the Exchange Admin Center (EAC), navigate to **Recipients** in the left panel. - - ![Image showing mailboxes in Exchange admin center.](images/setupdeviceacctexch-01.png) - -3. On the controls above the list of mailboxess, choose **+** to create a new one, and provide a **Display name**, **Name**, and **User logon name**, and then click **Save**. - - ![Image showing creating a new mailbox.](images/setupdeviceacctexch-02.png) - -### Create a mobile device mailbox policy from the Exchange Admin Center - ->[!NOTE] ->If you want to create and assign a policy to the account you created, and are using Exchange 2010, look up the corresponding information regarding policy creation and policy assignment when using the EMC (Exchange management console). - - - -1. Go to the Exchange Admin Center. - - ![Image showing Exchange admin center.](images/setupdeviceacctexch-03.png) - -2. To create a mobile device mailbox policy, click **Mobile** from the left panel, then **Mobile device mailbox policies**. Surface Hubs require an account with a mobile device mailbox policy that does not require a password, so if you already have an existing policy that matches this requirement, you can apply that policy to the account. Otherwise use the following steps to create a new one to be used only for Surface Hub device accounts. - - ![Image showing using Exchange admin center to create a mobile device mailbox policy.](images/setupdeviceacctexch-05.png) - -3. To create a new mobile device account mailbox policy, click the **+** button from the controls above the list of policies to add a new policy. For the name provide a name that will help you distinguish this policy from other device accounts (for example, *SurfaceHubDeviceMobilePolicy*). The policy must not be password-protected, so make sure **Require a Password** remains unchecked, then click **Save**. - - ![Image showing new mobile device mailbox policy.](images/setupdeviceacctexch-06.png) - -4. After you have created the new mobile device mailbox policy, go back to the Exchange Admin Center and you will see the new policy listed. - - ![Image showing new mobile device mailbox policy in Exchange admin center.](images/setupdeviceacctexch-07.png) - -5. To apply the ActiveSync policy without using PowerShell, you can do the following: - - - In the EAC, click **Recipients** > **Mailboxes** and select a mailbox. - - ![image showing exchange admin center.](images/setupdeviceacctexch-08.png) - - - In the **Details** pane, scroll to **Phone and Voice Features** and click **View details** to display the **Mobile Device Details** screen. - - ![image showing mailbox details.](images/setupdeviceacctexch-09.png) - - - The mobile device mailbox policy that’s currently assigned is displayed. To change the mobile device mailbox policy, click **Browse**. - - ![image showing the currently assigned mobile device mailbox policy.](images/setupdeviceacctexch-10.png) - - - Choose the appropriate mobile device mailbox policy from the list, click **OK** and then click **Save**. - - ![image showing list of mobile device mailbox policies.](images/setupdeviceacctexch-11.png) - -### Use PowerShell to configure the account - -Now that you're connected to the online services, you can finish setting up the device account. You'll use the device account email address to: - -- Change the mailbox type from regular to room. -- Change various Exchange properties -- Set the user account password to never expire. - -1. You’ll need to enter the account’s mail address and create a variable with that value: - - ``` syntax - $mailbox = (Get-Mailbox ) - ``` - - To store the value got it from the mailbox: - - ``` syntax - $strEmail = $mailbox.WindowsEmailAddress - ``` - - Print the value by running: - - ``` syntax - $strEmail - ``` - - You will see the correct email address. - -2. You need to convert the account into a room mailbox, so run: - - ``` syntax - Set-Mailbox $strEmail -Type Room - ``` - -3. In order for the device account to be authenticated on a Surface Hub, you need to enable the room mailbox account and set a password, so the account can be used by the device to get meeting information using ActiveSync and log in to Skype for Business. - - ``` syntax - Set-Mailbox $strEmail -RoomMailboxPassword (ConvertTo-SecureString -String "" -AsPlainText -Force) -EnableRoomMailboxAccount $true - ``` - -4. Various Exchange properties can be set on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section. - - ``` syntax - Set-CalendarProcessing -Identity $strEmail -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false - Set-CalendarProcessing -Identity $strEmail -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!" - ``` - -5. Now we have to set some properties in AD. To do that, you need the alias of the account (this is the part of the UPN that becomes before the “@”). - - ``` syntax - $strAlias = “” - ``` - -6. The user needs to be enabled in AD before it can authenticate with a Surface Hub. Run: - - ``` syntax - Set-ADUser $strAlias -Enabled $True - ``` - -7. If you decide to have the password not expire, you can set that with PowerShell cmdlets too. See [Password management](password-management-for-surface-hub-device-accounts.md) for more information. - - ``` syntax - Set-ADUser $strAlias -PasswordNeverExpires $True - ``` - -### Enable the account with Skype for Business - -Enable the device account with Skype for Business. - -In order to enable Skype for Business, your environment will need to meet the following prerequisites: - -- You'll need to have Skype for Business Online Standalone Plan 2 or higher in your O365 plan. The plan needs to support conferencing capability. -- If you need Enterprise Voice (PSTN telephony) using telephony service providers for the Surface Hub, you need Skype for Business Online Standalone Plan 3. -- Your tenant users must have Exchange mailboxes. -- Your Surface Hub account does require a Skype for Business Online Standalone Plan 2 or Skype for Business Online Standalone Plan 3 license, but it does not require an Exchange Online license. - -1. Start by creating a remote PowerShell session from a PC. - - ```PowerShell - Import-Module SkypeOnlineConnector - $cssess=New-CsOnlineSession -Credential $cred - Import-PSSession $cssess -AllowClobber - ``` - -2. Retrieve your Surface Hub account Registrar Pool - -If you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet: - - ```PowerShell - Get-CsOnlineUser -Identity ‘alice@contoso.microsoft.com’| fl *registrarpool* - ``` - -3. To enable your Surface Hub account for Skype for Business Server, run this cmdlet: - - ```PowerShell - Enable-CsMeetingRoom -Identity $strEmail -RegistrarPool "sippoolbl20a04.infra.lync.com" -SipAddressType EmailAddress - ``` - - - - - - - diff --git a/devices/surface-hub/create-and-test-a-device-account-surface-hub.md b/devices/surface-hub/create-and-test-a-device-account-surface-hub.md deleted file mode 100644 index b5ce94c19a..0000000000 --- a/devices/surface-hub/create-and-test-a-device-account-surface-hub.md +++ /dev/null @@ -1,75 +0,0 @@ ---- -title: Create and test a device account (Surface Hub) -description: This topic introduces how to create and test the device account that Microsoft Surface Hub uses to communicate with Microsoft Exchange and Skype. -ms.assetid: C8605B5F-2178-4C3A-B4E0-CE32C70ECF67 -ms.reviewer: rikot -manager: laurawi -keywords: create and test device account, device account, Surface Hub and Microsoft Exchange, Surface Hub and Skype -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 03/06/2018 -ms.localizationpriority: medium -ms.audience: itpro ---- - -# Create and test a device account (Surface Hub) - - -This topic introduces how to create and test the device account that Microsoft Surface Hub uses to communicate with Microsoft Exchange and Skype. - -A **device account** is an Exchange resource account that Surface Hub uses to: - -- Display its meeting calendar -- Join Teams or Skype for Business calls -- Send email (for example, email whiteboard content from a meeting) - -Once the device account is provisioned to a Surface Hub, people can add this account to a meeting invitation the same way that they would invite a meeting room. - -## Configuration overview - -This table explains the main steps and configuration decisions when you create a device account. - -| Step | Description | Purpose | -|------|---------------------------------|--------------------------------------| -| 1 | Created a logon-enabled Exchange resource mailbox (Exchange 2013 or later, or Exchange Online) | This resource mailbox allows the device to maintain a meeting calendar, receive meeting requests, and send mail. It must be logon-enabled to be provisioned to a Surface Hub. | -| 2 | Configure mailbox properties | The mailbox must be configured with the correct properties to enable the best meeting experience on Surface Hub. For more information on mailbox properties, see [Mailbox properties](exchange-properties-for-surface-hub-device-accounts.md). | -| 3 | Apply a compatible mobile device mailbox policy to the mailbox | Surface Hub is managed using mobile device management (MDM) rather than through mobile device mailbox policies. For compatibility, the device account must have a mobile device mailbox policy where the **PasswordEnabled** setting is set to False. Otherwise, Surface Hub can't sync mail and calendar info. | -| 4 | Enable mailbox with Skype for Business (Lync Server 2013 or later, or Skype for Business Online) | Skype for Business must be enabled to use conferencing features like video calls, IM, and screen sharing. | -| 5 | (Optional) Whitelist ActiveSync Device ID | Your organization may have a global policy that prevents device accounts from syncing mail and calendar info. If so, you need to allow the ActiveSync Device ID of your Surface Hub. | -| 6 | (Optional) Disable password expiration | To simplify management, you can turn off password expiration for the device account and allow Surface Hub to automatically rotate the device account password. For more information about password management, see [Password management](password-management-for-surface-hub-device-accounts.md). | - -## Detailed configuration steps - -We recommend setting up your device accounts using remote PowerShell. There are PowerShell scripts available to help create and validate device accounts For more information on PowerShell scripts and instructions, see [Appendix A: PowerShell](appendix-a-powershell-scripts-for-surface-hub.md). - -For detailed steps using PowerShell to provision a device account, choose an option from the table, based on your organization deployment. - -| Organization deployment | Description | -|---------------------------------|--------------------------------------| -| [Online deployment (Office 365)](online-deployment-surface-hub-device-accounts.md) | Your organization's environment is deployed entirely on Office 365. | -| [On-premises deployment (single-forest)](on-premises-deployment-surface-hub-device-accounts.md) | Your organization has servers that it controls and uses to host Active Directory, Exchange, and Skype for Business (or Lync) in a single-forest environment. | -| [On-premises deployment (multiple forests)](on-premises-deployment-surface-hub-multi-forest.md) | Your organization has servers that it controls and uses to host Active Directory, Exchange, and Skype for Business (or Lync) in a multi-forest environment. | -| [Hybrid deployment](hybrid-deployment-surface-hub-device-accounts.md) | Your organization has a mix of services, with some hosted on-premises and some hosted online through Office 365. | -| [Online or hybrid deployment using Skype Hybrid Voice environment](skype-hybrid-voice.md) | Your organization has Skype for Business home pools and Exchange servers in the cloud, and uses an on-premises pool of Skype for Business 2015 or Cloud Connector edition connected via Public Switched Telephone Network (PSTN). | - - -If you prefer to use a graphical user interface (UI), some steps can be done using UI instead of PowerShell. -For more information, see [Creating a device account using UI](create-a-device-account-using-office-365.md). - -## Account verification and testing - -There are two methods available that you can use to validate and test a Surface Hub device account: [account verifications scripts](appendix-a-powershell-scripts-for-surface-hub.md#acct-verification-ps-scripts) and the [Surface Hub Hardware Diagnostic app](https://www.microsoft.com/store/apps/9nblggh51f2g). The account verification script will validate a previously-created device account using PowerShell from your desktop. The Surface Hub Hardware Diagnostic app is installed on your Surface Hub and provides detailed feedback about signin and communication failures. Both are valuable tools to test newly created device accounts and should be used to ensure optimal account availability. - -  - -  - -  - - - - - diff --git a/devices/surface-hub/device-reset-surface-hub.md b/devices/surface-hub/device-reset-surface-hub.md deleted file mode 100644 index 8eb3486d7d..0000000000 --- a/devices/surface-hub/device-reset-surface-hub.md +++ /dev/null @@ -1,129 +0,0 @@ ---- -title: Reset or recover a Surface Hub -description: Describes the reset and recovery processes for the Surface Hub, and provides instructions. -ms.assetid: 44E82EEE-1905-464B-A758-C2A1463909FF -ms.reviewer: -manager: laurawi -keywords: reset Surface Hub, recover -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 07/31/2019 -ms.localizationpriority: medium ---- - -# Reset or recover a Surface Hub - -This article describes how to reset or recover a Microsoft Surface Hub. - -[Resetting the Surface Hub](#reset-a-surface-hub) returns its operating system to the last cumulative Windows update, and removes all local user files and configuration information. The information that is removed includes the following: - -- The device account -- Account information for the device's local administrators -- Domain-join or Azure AD-join information -- Mobile Device Management (MDM) enrollment information -- Configuration information that was set by using MDM or the Settings app - -[Recovering a Surface Hub from the cloud](#recover-a-surface-hub-from-the-cloud) also removes this information. In addition, the Surface Hub downloads a new operating system image and installs it. You can specify whether the recovery process preserves other information that is stored on the Surface Hub. - -## Reset a Surface Hub - -You may have to reset your Surface Hub for reasons such as the following: - -- You are re-purposing the device for a new meeting space and want to reconfigure it. -- You want to change how you locally manage the device. -- The user name or password for the device account or the Administrator account has been lost. -- After you install an update, the performance of the device decreases. - -During the reset process, if you see a blank screen for long periods of time, please wait and do not take any action. - -> [!WARNING] -> The device reset process may take up to six hours. Do not turn off or unplug the Surface Hub until the process has finished. If you interrupt the process, the device becomes inoperable. The device requires warranty service in order to become functional again. - -1. On your Surface Hub, open **Settings**. - - ![Image that shows Settings app for Surface Hub.](images/sh-settings.png) - -1. Select **Update & Security**. - - ![Image that shows Update & Security group in Settings app for Surface Hub.](images/sh-settings-update-security.png) - -1. Select **Recovery**, and then, under **Reset device**, select **Get started**. - - ![Image that shows the Reset device option in Settings app for Surface Hub.](images/sh-settings-reset-device.png) - - After the reset process finishes, the Surface Hub starts the [first run program](first-run-program-surface-hub.md) again. If the reset process encounters a problem, it rolls the Surface Hub back to the previously-existing operating system image and then displays the Welcome screen. - - - -## Recover a Surface Hub from the cloud - -If for some reason the Surface Hub becomes unusable, you can still recover it from the cloud without assistance from Microsoft Support. The Surface Hub can download a fresh operating system image from the cloud, and use that image to reinstall its operating system. - -You may have to use this type of recovery process under the following circumstances: - -- [The Surface Hub or its related accounts have entered an unstable state](#recover-a-surface-hub-in-a-bad-state) -- [The Surface Hub is locked](#recover-a-locked-surface-hub) - ->[!IMPORTANT] ->The **Recover from the cloud** process requires an open internet connection (no proxy or other authentications). An ethernet connection is recommended. - -### Recover a Surface Hub in a bad state - -If the device account gets into an unstable state or if the administrator account encounters problems, you can use the Settings app to start the cloud recovery process. You should only use the cloud recovery process when the [device reset](#reset-a-surface-hub) process doesn't fix the problem. - -1. On your Surface Hub, select **Settings** > **Update & security** > **Recovery**. - -1. Under **Recover from the cloud**, select **Restart now**. - - ![recover from the cloud](images/recover-from-the-cloud.png) - -### Recover a locked Surface Hub - -On rare occasions, a Surface Hub may encounter an error while cleaning up user and app data at the end of a session. When this happens, the device automatically restarts and tries the operation again. But if this operation fails repeatedly, the device automatically locks to protect user data. To unlock it, you must [reset the device](#reset-a-surface-hub) or, if that doesn't work, recover it from the cloud. - -1. Locate the power switch on the bottom of Surface Hub. The power switch is next to the power cord connection. For more information about the power switch, see the [Surface Hub Site Readiness Guide (PDF)](surface-hub-site-readiness-guide.md). - -1. While the Surface Hub displays the Welcome screen, use the power switch to turn off the Surface Hub. - -1. Use the power switch to turn the Surface Hub back on. The device starts and displays the Surface Hub Logo screen. When you see spinning dots under the Surface Hub Logo, use the power switch to turn the Surface Hub off again. - -1. Repeat step 3 three times, or until the Surface Hub displays the "Preparing Automatic Repair" message. After it displays this message, the Surface Hub displays the Windows RE screen. - -1. Select **Advanced Options**. - -1. Select **Recover from the cloud**. (Optionally, you can select **Reset**. However, **Recover from the cloud** is the recommended approach.) - - ![Recover from the cloud](images/recover-from-cloud.png) -1. If you are prompted to enter the Bitlocker key, do one of the following: - - - To preserve the information that Bitlocker protects on the Surface Hub, enter the Bitlocker key. - - To discard the protected information, select **Skip this drive** - -1. When you are prompted, select **Reinstall**. - - ![Reinstall](images/reinstall.png) - -1. To repartition the disk, select **Yes**. - - ![Repartition](images/repartition.png) - - First, the recovery process downloads the operating system image from the cloud. - - ![downloading 97&](images/recover-progress.png) - - When the download finishes, the recovery process restores the Surface Hub according to the options that you selected. - - -## Contact Support - -If you have questions or need help, you can [create a support request](https://support.microsoft.com/supportforbusiness/productselection). - - -## Related topics - -[Manage Microsoft Surface Hub](manage-surface-hub.md) - -[Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md) diff --git a/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md b/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md deleted file mode 100644 index 9309e9b2a3..0000000000 --- a/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md +++ /dev/null @@ -1,172 +0,0 @@ ---- -title: Operating system essentials (Surface Hub) -description: This topic explains unique aspects of the Windows 10 Team operating system and how it differs from Windows 10 Enterprise. -keywords: change history -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 06/20/2019 -ms.reviewer: -manager: laurawi -ms.localizationpriority: medium ---- - -# Operating system essentials (Surface Hub) - -The Surface Hub operating system, Windows 10 Team, is based on Windows 10 Enterprise, providing rich support for enterprise management, security, and other features. However, there are important differences between them. While the Enterprise edition is designed for PCs, Windows 10 Team is designed from the ground up for large screens and meeting rooms. When you evaluate security and management requirements for Surface Hub, it's best to consider it as a new operating system. This article is designed to help highlight the key differences between Windows 10 Team on Surface Hub and Windows 10 Enterprise, and what the differences mean for your organization. - -## User interface - -### Shell (OS user interface) - -The Surface Hub's shell is designed from the ground up to be large screen and touch optimized. It doesn't use the same shell as Windows 10 Enterprise. - -*Organization policies that this may affect:*
Settings related to controls in the Windows 10 Enterprise shell don't apply for Surface Hub. - -### Lock screen and screensaver - -Surface Hub doesn't have a lock screen or a screen saver, but it has a similar feature called the welcome screen. The welcome screen shows scheduled meetings from the device account's calendar, and easy entry points to the Surface Hub's top apps - Skype for Business, Whiteboard, and Connect. - -*Organization policies that this may affect:*
Settings for lock screen, screen timeout, and screen saver don't apply for Surface Hub. - -### User sign-in - -Surface Hub is designed to be used in communal spaces, such as meeting rooms. Unlike Windows PCs, anyone can walk up and use a Surface Hub without requiring a user to sign in. To enable this communal functionality, Surface Hub does not support Windows sign-in the same way that Windows 10 Enterprise does (e.g., signing in a user to the OS and using those credentials throughout the OS). Instead, there is always a local, auto signed-in, low-privilege user signed in to the Surface Hub. It doesn't support signing in any additional users, including admin users (e.g., when an admin signs in, they are not signed in to the OS). - -Users can sign in to a Surface Hub, but they will not be signed in to the OS. For example, when a user signs in to Apps or My Meetings and Files, the users is signed in only to the apps or services, not to the OS. As a result, the signed-in user is able to retrieve their cloud files and personal meetings stored in the cloud, and these credentials are discarded when **End session** is activated. - - -*Organization policies that this may affect:*
Generally, Surface Hub uses lockdown features rather than user access control to enforce security. Policies related to password requirements, interactive logon, user accounts, and access control don't apply for Surface Hub. - -### Saving and browsing files - -Users have access to a limited set of directories on the Surface Hub: -- Music -- Videos -- Documents -- Pictures -- Downloads - -Files saved locally in these directories are deleted when users press **End session**. To save content created during a meeting, users should save files to a USB drive or to OneDrive. - -*Organization policies that this may affect:*
Policies related to access permissions and ownership of files and folders don't apply for Surface Hub. Users can't browse and save files to system directories and network folders. - -## Applications - -### Default applications - -With few exceptions, the default Universal Windows Platform (UWP) apps on Surface Hub are also available on Windows 10 PCs. - -UWP apps pre-installed on Surface Hub: -- Alarms & Clock -- Calculator -- Connect -- Excel Mobile -- Feedback Hub -- File Explorer* -- Get Started -- Maps -- Microsoft Edge -- Microsoft Power BI -- OneDrive -- Photos -- PowerPoint Mobile -- Settings* -- Skype for Business* -- Store -- Whiteboard* -- Word Mobile - -*Apps with an asterisk (*) are unique to Surface Hub* - -*Organization policies that this may affect:*
Use guidelines for Windows 10 Enterprise to determine the features and network requirements for default apps on the Surface Hub. - -### Installing apps, drivers, and services - -To help preserve the appliance-like nature of the device, Surface Hub only supports installing Universal Windows Platform (UWP) apps, and does not support installing classic Win32 apps, services and drivers. Furthermore, only admins have access to install UWP apps. - -*Organization policies that this may affect:*
Employees can only use the apps that have been installed by admins, helping mitigate against unintended use. Surface Hub doesn't support installing Win32 agents required by most traditional PC management and monitoring tools. - -## Security and lockdown - -For Surface Hub to be used in communal spaces, such as meeting rooms, its custom OS implements many of the security and lockdown features available in Windows 10. - -Surface Hub implements these Windows 10 security features: -- [UEFI Secure Boot](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/secure-boot-overview) -- [User Mode Code Integrity (UMCI) with Device Guard](https://technet.microsoft.com/itpro/windows/keep-secure/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies) -- [Application restriction policies using AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview) -- [BitLocker Drive Encryption](https://technet.microsoft.com/itpro/windows/keep-secure/bitlocker-overview) -- [Trusted Platform Module (TPM)](https://technet.microsoft.com/itpro/windows/keep-secure/trusted-platform-module-overview) -- [Windows Defender](https://technet.microsoft.com/itpro/windows/keep-secure/windows-defender-in-windows-10) -- [User Account Control (UAC)](https://technet.microsoft.com/itpro/windows/keep-secure/user-account-control-overview) for access to the Settings app - -These Surface Hub features provide additional security: -- Custom UEFI firmware -- Custom shell and Start menu limits device to meeting functions -- Custom File Explorer only grants access to files and folders under My Documents -- Custom Settings app only allows admins to modify device settings -- Downloading advanced Plug and Play drivers is disabled - -*Organization policies that this may affect:*
Consider these features when performing your security assessment for Surface Hub. - -## Management - -### Device settings - -Device settings can be configured through the Settings app. The Settings app is customized for Surface Hub, but also contains many familiar settings from Windows 10 Desktop. A User Accounts Control (UAC) prompt appears when opening up the Settings app to verify the admin's credentials, but this does not sign in the admin. - -*Organization policies that this may affect:*
Employees can use the Surface Hub for meetings, but cannot modify any device settings. In addition to lockdown features, this ensures that employees only use the device for meeting functions. - -### Administrative features - -The administrative features in Windows 10 Enterprise, such as the Microsoft Management Console, Run, Command Prompt, PowerShell, registry editor, event viewer, and task manager are not supported on Surface Hub. The Settings app contains all of the administrative features locally available on Surface Hub. - -*Organization policies that this may affect:*
Surface Hubs are not managed like traditional PCs. Use MDM to configure settings and OMS to monitor your Surface Hub. - -### Remote management and monitoring - -Surface Hub supports remote management through mobile device management (MDM) solutions such as [Microsoft Intune](https://docs.microsoft.com/intune/) and monitoring through [Azure Monitor](https://azure.microsoft.com/services/monitor/). - -*Organization policies that this may affect:*
Surface Hub doesn't support installing Win32 agents required by most traditional PC management and monitoring tools, such as System Center Operations Manager. - -### Group Policy - -Surface Hub does not support Windows Group Policy, including auditing. Instead, use MDM to apply policies to your Surface Hub. For more information about MDM, see [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md). - -*Organization policies that this may affect:*
Use MDM to manage Surface Hub rather than group policy. - -### Remote assistance - -Surface Hub does not support remote assistance. - -*Organization policies that this may affect:*
Policies related to remote assistance don't apply for Surface Hub. - -## Network - -### Domain join and Azure Active Directory (Azure AD) join - -Surface Hub uses domain join and Azure AD join primarily to provide a directory-backed admin group. Users can't sign in with a domain account. For more information, see [Admin group management](admin-group-management-for-surface-hub.md). - -*Organization policies that this may affect:*
Group policies are not applied when a Surface Hub is joined to your domain. Policies related to domain membership don't apply for Surface Hub. - -### Accessing domain resources - -Users can sign in to Microsoft Edge to access intranet sites and online resources (such as Office 365). If your Surface Hub is configured with a device account, the system uses it to access Exchange and Skype for Business. However, Surface Hub doesn't support accessing domain resources such as file shares and printers. - -*Organization policies that this may affect:*
Policies related to accessing domain objects don't apply for Surface Hub. - - - -### Diagnostic data - -The Surface Hub OS uses the Windows 10 Connected User Experience and Telemetry component to gather and transmit diagnostic data. For more information, see [Configure Windows diagnostic data in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-diagnostic-data-in-your-organization). - -*Organization policies that this may affect:*
Configure diagnostic data levels for Surface Hub in the same way as you do for Windows 10 Enterprise. diff --git a/devices/surface-hub/downloads/Guide-SurfaceHub2S-Navigation.pptx b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Navigation.pptx deleted file mode 100644 index b06a6e8b44..0000000000 Binary files a/devices/surface-hub/downloads/Guide-SurfaceHub2S-Navigation.pptx and /dev/null differ diff --git a/devices/surface-hub/downloads/Guide-SurfaceHub2S-Office365.pptx b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Office365.pptx deleted file mode 100644 index 4fa5e3abd9..0000000000 Binary files a/devices/surface-hub/downloads/Guide-SurfaceHub2S-Office365.pptx and /dev/null differ diff --git a/devices/surface-hub/downloads/Guide-SurfaceHub2S-Teams.pptx b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Teams.pptx deleted file mode 100644 index 210102de52..0000000000 Binary files a/devices/surface-hub/downloads/Guide-SurfaceHub2S-Teams.pptx and /dev/null differ diff --git a/devices/surface-hub/downloads/Guide-SurfaceHub2S-Whiteboard.pptx b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Whiteboard.pptx deleted file mode 100644 index 6d39d374a7..0000000000 Binary files a/devices/surface-hub/downloads/Guide-SurfaceHub2S-Whiteboard.pptx and /dev/null differ diff --git a/devices/surface-hub/downloads/Outline-SurfaceHub2S-EndUser.pdf b/devices/surface-hub/downloads/Outline-SurfaceHub2S-EndUser.pdf deleted file mode 100644 index 6c5b52d377..0000000000 Binary files a/devices/surface-hub/downloads/Outline-SurfaceHub2S-EndUser.pdf and /dev/null differ diff --git a/devices/surface-hub/downloads/Outline-SurfaceHub2S-HelpDesk.pdf b/devices/surface-hub/downloads/Outline-SurfaceHub2S-HelpDesk.pdf deleted file mode 100644 index ae296c8c08..0000000000 Binary files a/devices/surface-hub/downloads/Outline-SurfaceHub2S-HelpDesk.pdf and /dev/null differ diff --git a/devices/surface-hub/downloads/Outline-SurfaceHub2S-PowerUser.pdf b/devices/surface-hub/downloads/Outline-SurfaceHub2S-PowerUser.pdf deleted file mode 100644 index 9f64a7c4f2..0000000000 Binary files a/devices/surface-hub/downloads/Outline-SurfaceHub2S-PowerUser.pdf and /dev/null differ diff --git a/devices/surface-hub/downloads/QRCConnectYourPC.pdf b/devices/surface-hub/downloads/QRCConnectYourPC.pdf deleted file mode 100644 index fbdb9d9164..0000000000 Binary files a/devices/surface-hub/downloads/QRCConnectYourPC.pdf and /dev/null differ diff --git a/devices/surface-hub/downloads/QRCJoinTeamsMeeting.pdf b/devices/surface-hub/downloads/QRCJoinTeamsMeeting.pdf deleted file mode 100644 index 62b86d2a00..0000000000 Binary files a/devices/surface-hub/downloads/QRCJoinTeamsMeeting.pdf and /dev/null differ diff --git a/devices/surface-hub/downloads/QRCManageTeamsMeeting.pdf b/devices/surface-hub/downloads/QRCManageTeamsMeeting.pdf deleted file mode 100644 index a6af26dcf9..0000000000 Binary files a/devices/surface-hub/downloads/QRCManageTeamsMeeting.pdf and /dev/null differ diff --git a/devices/surface-hub/downloads/QRCNavigationBasics.pdf b/devices/surface-hub/downloads/QRCNavigationBasics.pdf deleted file mode 100644 index 6d8eb75ad5..0000000000 Binary files a/devices/surface-hub/downloads/QRCNavigationBasics.pdf and /dev/null differ diff --git a/devices/surface-hub/downloads/QRCScheduleTeamsMeeting.pdf b/devices/surface-hub/downloads/QRCScheduleTeamsMeeting.pdf deleted file mode 100644 index a33cf1b1e1..0000000000 Binary files a/devices/surface-hub/downloads/QRCScheduleTeamsMeeting.pdf and /dev/null differ diff --git a/devices/surface-hub/downloads/QRCShareSendFile.pdf b/devices/surface-hub/downloads/QRCShareSendFile.pdf deleted file mode 100644 index 56d5c9f8c2..0000000000 Binary files a/devices/surface-hub/downloads/QRCShareSendFile.pdf and /dev/null differ diff --git a/devices/surface-hub/downloads/QRCSignInToViewMeetingsFiles.pdf b/devices/surface-hub/downloads/QRCSignInToViewMeetingsFiles.pdf deleted file mode 100644 index 61caa64f94..0000000000 Binary files a/devices/surface-hub/downloads/QRCSignInToViewMeetingsFiles.pdf and /dev/null differ diff --git a/devices/surface-hub/downloads/QRCStartNewTeamsMeeting.pdf b/devices/surface-hub/downloads/QRCStartNewTeamsMeeting.pdf deleted file mode 100644 index d7a7c89268..0000000000 Binary files a/devices/surface-hub/downloads/QRCStartNewTeamsMeeting.pdf and /dev/null differ diff --git a/devices/surface-hub/downloads/QRCWhiteboardAdvanced.pdf b/devices/surface-hub/downloads/QRCWhiteboardAdvanced.pdf deleted file mode 100644 index aed2f55671..0000000000 Binary files a/devices/surface-hub/downloads/QRCWhiteboardAdvanced.pdf and /dev/null differ diff --git a/devices/surface-hub/downloads/QRCWhiteboardTools.pdf b/devices/surface-hub/downloads/QRCWhiteboardTools.pdf deleted file mode 100644 index c6dfcc3523..0000000000 Binary files a/devices/surface-hub/downloads/QRCWhiteboardTools.pdf and /dev/null differ diff --git a/devices/surface-hub/downloads/SurfaceHubAdoptionToolKit.pdf b/devices/surface-hub/downloads/SurfaceHubAdoptionToolKit.pdf deleted file mode 100644 index 79675aaaaa..0000000000 Binary files a/devices/surface-hub/downloads/SurfaceHubAdoptionToolKit.pdf and /dev/null differ diff --git a/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-EndUser.pdf b/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-EndUser.pdf deleted file mode 100644 index 9fa82b77c5..0000000000 Binary files a/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-EndUser.pdf and /dev/null differ diff --git a/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-HelpDesk.pdf b/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-HelpDesk.pdf deleted file mode 100644 index 36d552a91a..0000000000 Binary files a/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-HelpDesk.pdf and /dev/null differ diff --git a/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-PowerUser.pdf b/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-PowerUser.pdf deleted file mode 100644 index 216737e393..0000000000 Binary files a/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-PowerUser.pdf and /dev/null differ diff --git a/devices/surface-hub/enable-8021x-wired-authentication.md b/devices/surface-hub/enable-8021x-wired-authentication.md deleted file mode 100644 index 8ac2baccb6..0000000000 --- a/devices/surface-hub/enable-8021x-wired-authentication.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Enable 802.1x wired authentication -description: 802.1x Wired Authentication MDM policies have been enabled on Surface Hub devices. -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 11/15/2017 -ms.reviewer: -manager: laurawi -ms.localizationpriority: medium ---- - -# Enable 802.1x wired authentication - -The [November 14, 2017 update to Windows 10](https://support.microsoft.com/help/4048954/windows-10-update-kb4048954) (build 15063.726) enables 802.1x wired authentication MDM policies on Surface Hub devices. The feature allows organizations to enforce standardized wired network authentication using the [IEEE 802.1x authentication protocol](http://www.ieee802.org/1/pages/802.1x-2010.html). This is already available for wireless authentication using WLAN profiles via MDM. This topic explains how to configure a Surface Hub for use with wired authentication. - -Enforcement and enablement of 802.1x wired authentication on Surface Hub can be done through MDM [OMA-URI definition](https://docs.microsoft.com/intune-classic/deploy-use/windows-10-policy-settings-in-microsoft-intune#oma-uri-settings). - -The primary configuration to set is the **LanProfile** policy. Depending on the authentication method selected, other policies may be required, either the **EapUserData** policy or through MDM policies for adding user or machine certificates (such as [ClientCertificateInstall](https://docs.microsoft.com/windows/client-management/mdm/clientcertificateinstall-csp) for user/device certificates or [RootCATrustedCertificates](https://docs.microsoft.com/windows/client-management/mdm/rootcacertificates-csp) for device certificates). - -## LanProfile policy element - -To configure Surface Hub to use one of the supported 802.1x authentication methods, utilize the following OMA-URI. - -``` -./Vendor/MSFT/SurfaceHub/Dot3/LanProfile -``` - -This OMA-URI node takes a text string of XML as a parameter. The XML provided as a parameter should conform to the [Wired LAN Profile Schema](https://msdn.microsoft.com/library/cc233002.aspx) including elements from the [802.1X schema](https://msdn.microsoft.com/library/cc233003.aspx). - -In most instances, an administrator or user can export the LanProfile XML from an existing PC that is already configured on the network for 802.1X using this following NETSH command. - -``` -netsh lan export profile folder=. -``` - -Running this command will give the following output and place a file titled **Ethernet.xml** in the current directory. - -``` -Interface: Ethernet -Profile File Name: .\Ethernet.xml -1 profile(s) were exported successfully. -``` - -## EapUserData policy element - -If your selected authentication method requires a username and password as opposed to a certificate, you can use the **EapUserData** element to specify credentials for the device to use to authenticate to the network. - -``` -./Vendor/MSFT/SurfaceHub/Dot3/EapUserData -``` - -This OMA-URI node takes a text string of XML as a parameter. The XML provided as a parameter should conform to the [PEAP MS-CHAPv2 User Properties example](https://msdn.microsoft.com/library/windows/desktop/bb891979). In the example, you will need to replace all instances of *test* and *ias-domain* with your information. - - - -## Adding certificates - -If your selected authentication method is certificate-based, you will need to [create a provisioning package](provisioning-packages-for-surface-hub.md), [utilize MDM](https://docs.microsoft.com/windows/client-management/mdm/clientcertificateinstall-csp), or import a certificate from settings (**Settings** > **Update and Security** > **Certificates**) to deploy those certificates to your Surface Hub device in the appropriate Certificate Store. When adding certificates, each PFX must contain only one certificate (a PFX cannot have multiple certificates). - diff --git a/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md b/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md deleted file mode 100644 index 9a100d4a60..0000000000 --- a/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md +++ /dev/null @@ -1,104 +0,0 @@ ---- -title: Microsoft Exchange properties (Surface Hub) -description: Some Microsoft Exchange properties of the device account must be set to particular values to have the best meeting experience on Microsoft Surface Hub. -ms.assetid: 3E84393B-C425-45BF-95A6-D6502BA1BF29 -ms.reviewer: -manager: laurawi -keywords: Microsoft Exchange properties, device account, Surface Hub, Windows PowerShell cmdlet -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 06/20/2019 -ms.localizationpriority: medium ---- - -# Microsoft Exchange properties (Surface Hub) - - -Some Microsoft Exchange properties of the device account must be set to particular values to have the best meeting experience on Microsoft Surface Hub. The following table lists various Exchange properties based on PowerShell cmdlet parameters, their purpose, and the values they should be set to. - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PropertyDescriptionValueImpact

AutomateProcessing

The AutomateProcessing parameter enables or disables calendar processing on the mailbox.

AutoAccept

The Surface Hub will be able to automatically accept or decline meeting requests based on its availability.

AddOrganizerToSubject

The AddOrganizerToSubject parameter specifies whether the meeting organizer's name is used as the subject of the meeting request.

$False

The welcome screen will not show the meeting organizer twice (instead of showing it as both the organizer and in the meeting subject).

AllowConflicts

The AllowConflicts parameter specifies whether to allow conflicting meeting requests.

$False

The Surface Hub will decline meeting requests that conflict with another meeting’s time.

DeleteComments

The DeleteComments parameter specifies whether to remove or keep any text in the message body of incoming meeting requests.

$False

The message body of meetings can be retained and retrieved from a Surface Hub if you need it during a meeting.

DeleteSubject

The DeleteSubject parameter specifies whether to remove or keep the subject of incoming meeting requests.

$False

Meeting request subjects can be shown on the Surface Hub.

RemovePrivateProperty

The RemovePrivateProperty parameter specifies whether to clear the private flag for incoming meeting requests.

$False

Private meeting subjects will show as Private on the welcome screen.

AddAdditionalResponse

The AddAdditionalResponse parameter specifies whether additional information will be sent from the resource mailbox when responding to meeting requests.

$True

When a response is sent to a meeting request, custom text will be provided in the response.

AdditionalResponse

The AdditionalResponse parameter specifies the additional information to be included in responses to meeting requests.

-
-Note  This text will not be sent unless AddAdditionalResponse is set to $True. -
-
-  -

Your choice—the additional response can be used to inform people how to use a Surface Hub or point them towards resources.

Adding an additional response message can provide people an introduction to how they can use a Surface Hub in their meeting.

- -  - -  - -  - - - - - diff --git a/devices/surface-hub/finishing-your-surface-hub-meeting.md b/devices/surface-hub/finishing-your-surface-hub-meeting.md deleted file mode 100644 index 3e02c9bb0a..0000000000 --- a/devices/surface-hub/finishing-your-surface-hub-meeting.md +++ /dev/null @@ -1,95 +0,0 @@ ---- -title: End session - ending a Surface Hub meeting -description: To end a Surface Hub meeting, tap End session. Surface Hub cleans up the application state, operating system state, and the user interface so that Surface Hub is ready for the next meeting. -keywords: I am Done, end Surface Hub meeting, finish Surface Hub meeting, clean up Surface Hub meeting -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 07/27/2017 -ms.reviewer: -manager: laurawi -ms.localizationpriority: medium ---- - -# End a Surface Hub meeting with End session -Surface Hub is a collaboration device designed to be used in meeting spaces by different groups of people. At the end of a meeting, users can tap **End session** to clean up any sensitive data and prepare the device for the next meeting. Surface Hub will clean up, or reset, the following states: -- Applications -- Operating system -- User interface - -This topic explains what **End session** resets for each of these states. - -## Applications -When you start apps on Surface Hub, they are stored in memory and data is stored at the application level. Data is available to all users during that session (or meeting) until date is removed or overwritten. When **End session** is selected, Surface Hub application state is cleared out by closing applications, deleting browser history, resetting applications, and removing Skype logs. - -### Close applications -Surface Hub closes all visible windows, including Win32 and Universal Windows Platform (UWP) applications. The application close stage uses the multitasking view to query the visible windows. Win32 windows that do not close within a certain timeframe are closed using **TerminateProcess**. - -### Delete browser history -Surface Hub uses Delete Browser History (DBH) in Edge to clear Edge history and cached data. This is similar to how a user can clear out their browser history manually, but **End session** also ensures that application states are cleared and data is removed before the next session, or meeting, starts. - -### Reset applications -**End session** resets the state of each application that is installed on the Surface Hub. Resetting an application clears all background tasks, application data, notifications, and user consent dialogs. Applications are returned to their first-run state for the next people that use Surface Hub. - -### Remove Skype logs -Skype does not store personally-identifiable information on Surface Hub. Information is stored in the Skype service to meet existing Skype for Business guidance. Local Skype logging information is the only data removed when **End session** is selected. This includes Unified Communications Client Platform (UCCP) logs and media logs. - -## Operating System -The operating system hosts a variety of information about the state of the sessions that needs to be cleared after each Surface Hub meeting. - -### File System -Meeting attendees have access to a limited set of directories on the Surface Hub. When **End session** is selected, Surface Hub clears these directories:
-- Music -- Videos -- Documents -- Pictures -- Downloads - -Surface Hub also clears these directories, since many applications often write to them: -- Desktop -- Favorites -- Recent -- Public Documents -- Public Music -- Public Videos -- Public Downloads - -### Credentials -User credentials that are stored in **TokenBroker**, **PasswordVault**, or **Credential Manager** are cleared when you tap **End session**. - -## User interface -User interface (UI) settings are returned to their default values when **End session** is selected. - -### UI items -- Reset Quick Actions to default state -- Clear Toast notifications -- Reset volume levels -- Reset sidebar width -- Reset tablet mode layout -- Sign user out of Office 365 meetings and files - -### Accessibility -Accessibility features and apps are returned to default settings when **End session** is selected. -- Filter keys -- High contrast -- Sticky keys -- Toggle keys -- Mouse keys -- Magnifier -- Narrator - -### Clipboard -The clipboard is cleared to remove data that was copied to the clipboard during the session. - -## Frequently asked questions -**What happens if I forget to tap End session at the end of a meeting, and someone else uses the Surface Hub later?**
-Surface Hub only cleans up meeting content when users tap **End session**. If you leave the meeting without tapping **End session**, the device will return to the welcome screen after some time. From the welcome screen, users have the option to resume the previous session or start a new one. You can also disable the ability to resume a session if **End session** is not pressed. - -**Are documents recoverable?**
-Removing files from the hard drive when **End session** is selected is just like any other file deletion from a hard disk drive. Third-party software might be able to recover data from the hard disk drive, but file recovery is not a supported feature on Surface Hub. To prevent data loss, always save the data you need before leaving a meeting. - -**Do the clean-up actions from End session comply with the US Department of Defense clearing and sanitizing standard: DoD 5220.22-M?**
-No. Currently, the clean-up actions from **End session** do not comply with this standard. - diff --git a/devices/surface-hub/first-run-program-surface-hub.md b/devices/surface-hub/first-run-program-surface-hub.md deleted file mode 100644 index 8a3bfc6e91..0000000000 --- a/devices/surface-hub/first-run-program-surface-hub.md +++ /dev/null @@ -1,461 +0,0 @@ ---- -title: First-run program (Surface Hub) -description: The term \ 0034;first run \ 0034; refers to the series of steps you'll go through the first time you power up your Microsoft Surface Hub, and means the same thing as \ 0034;out-of-box experience \ 0034; (OOBE). This section will walk you through the process. -ms.assetid: 07C9E84C-1245-4511-B3B3-75939AD57C49 -ms.reviewer: -manager: laurawi -keywords: first run, Surface Hub, out-of-box experience, OOBE -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 07/27/2017 -ms.localizationpriority: medium ---- - -# First-run program (Surface Hub) - - -The term "first run" refers to the series of steps you'll go through the first time you power up your Microsoft Surface Hub, and means the same thing as "out-of-box experience" (OOBE). This section will walk you through the process. - -By now, you should have gone through all of the previous steps: - -- [Prepare your environment for Surface Hub](prepare-your-environment-for-surface-hub.md) -- [Physically install your Surface Hub device](physically-install-your-surface-hub-device.md), and -- [Setup worksheet](setup-worksheet-surface-hub.md) - -Assuming that's the case, first run should be both simple and quick. -The normal procedure goes through six steps: - -1. [Hi there page](#first-page) -2. [Set up for you page](#set-up-for-you) -3. [Device account page](#device-account) -4. [Name this device page](#name-this-device) -5. [Set up admins for this device page](#setup-admins) -6. [Update the Surface Hub](#update-surface-hub) - -Each of these sections also contains information about paths you might take when something is different. For example, most Surface Hubs will use a wired network connection, but some of them will be set up with wireless instead. Details are described where appropriate. - ->[!NOTE] ->You should have the separate keyboard that came with your Surface Hub set up and ready before beginning. See the Surface Hub Setup Guide for details. - - - -## Hi there page - - -This is the first screen you'll see when you power up the Surface Hub for the first time. It's where you input localization information for your device. - ->[!NOTE] ->This is also where you begin the optional process of deploying a provisioning package. See [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md) if that's what you're doing. - - Select a language and the initial setup options are displayed. - -![Image showing ICD options checklist.](images/setuplocale.png) - -### Details - -If the default values shown are correct, then you can click **Next** to go on. Otherwise, you'll need to enter data in the appropriate boxes. - -- **Country/region:** Select the country or region where the Surface Hub will be used. -- **App language:** Apps and features will display in this language and language format. -- **Keyboard layout:** Select the keyboard layout for the on-screen and physical keyboards that will be used with your device. -- **Time zone:** Select the time zone where the Surface Hub will be used. - -### What happens? - ->[!NOTE] -> Once the settings on this page are entered, you can't come back to this screen unless you reset the device (see [Device reset](device-reset-surface-hub.md)). Make sure that the settings are properly configured before proceeding. - - - -When the settings are accepted, the device will check for a wired network connection. If the connection is fine, it will display the [Set up for you page](#set-up-for-you). If there is a problem with the wired connection, the device will display the [Network setup page](#network-setup). - -If no wired connection can be found, then the device will attempt to set up a wireless connection, and will display the [Network setup page](#network-setup). - -## Network setup page - - -If your device does not detect a wired connection that it can use to connect to a network or the Internet, you will see this page. Here you can either connect to a wireless network, or skip making the network connection. - -![Image shoring Network setup page.](images/setupnetworksetup-1.png) - -### Details - -This screen is shown only if the device fails to detect a wired network. If you see this screen, you have three choices: - -- You can select one of the wireless networks shown. If the network is secured, you'll be taken to a login page. See [Wireless network setup](#wireless) for details. -- Click **Skip this step** to skip connecting to a network. You'll be taken to the [Set up for you page](#set-up-for-you). - >[!NOTE] - >If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including system updates and email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network management](wireless-network-management-for-surface-hub.md)). - - - -- You can plug in a network cable while this screen is visible. The device will detect it, and will add **Next** to the screen. Click **Next** to continue with making the wired connection. - -### What happens? - -If the device has a wired connection when it starts, and can establish a network or Internet connection, then this page will not be displayed. If you want to connect the device to a wireless connection, make sure no Ethernet cable is plugged in at first run, which will bring you to this screen. No matter what you choose to set up now, you can [use Settings](wireless-network-management-for-surface-hub.md) to set up different connections later. - -If you want to connect to a secured wireless network from this page, click on the network of your choice, and then provide the necessary information (password or account credentials) to connect. See [Wireless network setup](#wireless). - -## Wireless network setup - - -This page will be shown when you've selected a secured wireless network. - -![Image showing wireless network setup page.](images/setupnetworksetup-3.png) - -### Details - -- **User name:** Enter the user name for the selected wireless network. -- **Password:** This is the password for the network. - -### What happens? - -The device will attempt to connect to the specified network. If it's successful, you'll be taken to the [Set up for you page](#set-up-for-you). - -## Network proxy setup - - -This page will be shown when the device detects a wired connection with limited connectivity. You have three options: - -- You can select a wireless network to use instead of the limited wired connection. -- You can skip connecting to a network by selecting **Skip this step**. You'll be taken to the [Set up for you page](#set-up-for-you). - **Note**  If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including things like email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network management](wireless-network-management-for-surface-hub.md)). - - - -- You can select **Enter proxy settings** which will allow you to specify how to use the network proxy. You'll be taken to the next screen. - -![Image showing network proxy page.](images/setupnetworksetup-2.png) - -This is the screen you'll see if you clicked **Enter proxy settings** on the previous screen. - -![Image showing proxy server setting details.](images/setupnetworksetup-4.png) - -### Details - -In order to make a network connection, you'll need to fill in either a script name, or the proxy server and port info. - -- **Proxy script:** Provide the address of a proxy script. -- **Proxy server and port:** You can provide the proxy server address and port. - -### What happens? - -When you click **Next**, the device will attempt to connect to the proxy server. If successful, you'll be taken to the [Set up for you page](#set-up-for-you). - -You can skip connecting to a network by selecting **Skip this step**. You'll be taken to the [Set up for you page](#set-up-for-you). - ->[!NOTE] ->If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including things like email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network management](wireless-network-management-for-surface-hub.md)). - - - -## Set up for you page - - -This screen is purely informational, and shows which recommended settings have been enabled by default. - -![Image showing set up for you page.](images/setupsetupforyou.png) - -### Details - -You should read this screen and note which services have been enabled by default. All of them can be changed using the Settings app if need be, but you should be careful about the effects of doing so. See [Intro to Surface Hub](intro-to-surface-hub.md) for details. - -Once you're done reviewing the settings, click **Next** to go on. - -### What happens? - -The settings shown on the page have already been made, and can't be changed until after first run is completed. - -## Device account page - - -On this page, the Surface Hub will ask for credentials for the device account that you previously configured. (See [Create and test a device account](create-and-test-a-device-account-surface-hub.md).) The Surface Hub will attempt to discover various properties of the account, and may ask for more information on another page if it does not succeed. - ->[!NOTE] ->This section does not cover specific errors that can happen during first run. See [Troubleshoot Surface Hub](troubleshoot-surface-hub.md) for more information on errors. - - -![Image showing Enter device account info page.](images/setupdeviceacct.png) - -### Details - -Use either a **user principal name (UPN)** or a **domain\\user name** as the account identifier in the first entry field. Use the format that matches your environment, and enter the password. - - -| Environment | Required format for device account | -|-------------------------------------------------------|------------------------------------| -| Device account is hosted only online. | username@domain.com | -| Device account is hosted only on-prem. | DOMAIN\username | -| Device account is hosted online and on-prem (hybrid). | DOMAIN\username | - -Click **Skip setting up a device account** to skip setting up a device account. However, if you don't set up a device account, the device will not be fully integrated into your infrastructure. For example, people won't be able to: - -- See a meeting calendar on the Welcome screen -- Start a meeting from the Welcome screen -- Email whiteboards from OneNote -- Use Skype for Business for meetings - -If you skip setting it up now, you can add a device account later by using the Settings app. - -If you click **Skip setting up a device account**, the device will display a dialog box showing what will happen if the device doesn't have a device account. If you choose **Yes, skip this**, you will be sent to the [Name this device page](#name-this-device). - -![Image showing message the is displayed to confirm you want to skip creating a device account.](images/setupskipdeviceacct.png) - -### What happens? - -The device will use the UPN or DOMAIN\\User name and password for the device account to do the following: - -- Check if the account exists in Active Directory (AD) or Azure Active Directory (Azure AD): - - - If a UPN was entered: the device will look for the account in Azure AD. - - If a DOMAIN\\User name was entered: the device will look for the account in AD. -- Look up the Microsoft Exchange server for the account’s mailbox. -- Look up the Session Initiation Protocol (SIP) address for the account. -- Pull the account’s display name and alias attributes. - -## Exchange server page - - -This page will only be shown if there's a problem. Typically, it means that the device account that you provided was found in Active Directory (AD) or Azure Active Directory (Azure AD), but the Exchange server for the account was not discovered. - -![Image showing Exchange server page.](images/setupexchangeserver-01.png) - -### Details - -Enter the name of the Exchange server where the device account's mailbox is hosted. - -Click **Skip setting up Exchange services** to skip this step. If you do, people will not be able to: - -- See a meeting calendar on the welcome screen. -- Start a meeting from the welcome screen. -- Email whiteboards from OneNote. - -See [Intro to Surface Hub](intro-to-surface-hub.md) for details on setup dependencies. - -You can enable Exchange services for a device account later by using the Settings app. - -If you click **Skip setting up Exchange services**, the device will display a dialog showing what will happen. If you choose **Yes, skip this**, then Exchange services will not be set up. - -![Image showing confirmation message that is displayed when you skip setting up Exchange services.](images/setupexchangeserver-02.png) - -### What happens? - -The Surface Hub will attempt to validate the device account on the Exchange server that you enter here. If the Exchange server can be reached and validates, then first run will proceed. - -If you choose to skip setting up Exchange services, the Surface Hub will stop looking for the Exchange server, and no Exchange services (mail and calendar) will be enabled. - -## Exchange policies page - - -This page will be shown when: - -- The device account is using an Exchange Active Sync (EAS) policy where the PasswordEnabled policy is set to 1. -- There’s no connection to Exchange. -- Exchange returns a status code indicating an error. (For example: The account has been provisioned to too many devices.) -- Exchange supported protocols are not supported by the Surface Hub. -- Exchange returns incorrect XML. - -![Image showing Exchange policis page.](images/setupexchangepolicies.png) - -### Details - -This page is purely informational, so no input is required. However, you have two options for proceeding: either skipping ahead or retrying the validation that caused the error. Before deciding which option is best, please read the following **What happens?** section. You may be able to fix the problem elsewhere before you click on one of the options. - -- **Click here to continue using unsupported policies**: click on this to continue first run. The Surface Hub will not be able to use Exchange services, or sync. -- **Retry**: check the policy on the Exchange server again. - -### What happens? - -The Surface Hub checks whether the device account’s EAS policy has the PasswordEnabled policy set to 0 (False). If this is not the case, mail and calendar can't be synced and the Surface Hub can't use any Exchange services. You can use your Exchange management tools from a PC to check that the device account has the PasswordEnabled policy set to 0. If that's not the case, you can reconfigure the account and click **Retry** here. - -If the policy has already been configured properly, check that your device is properly connected to the network or Internet, and can reach your Exchange server, because this page will also be shown if the Surface Hub can't reach the Exchange server. - -Another possible reason for not being able to reach Exchange is because of certificate-based authentication. You may wind up on this page because of certificate issues. Note that if the device displays error codes 0x80072F0D or 0X800C0019, then a certificate is required. Because provisioning is done on the first page of the first run process, you must disable Exchange services by clicking **Click here to continue using unsupported policies**, and then install the correct certificates through the Settings app. - -If you choose to skip this check, the Surface Hub will stop looking for the Exchange server and validating EAS policies, and no Exchange services will be enabled. See [Intro to Surface Hub](intro-to-surface-hub.md) for details on setup dependencies. - -## Name this device page - - -This page asks you to provide two names that will be used for identifying the Surface Hub. - -![Image showing Name this device page.](images/setupnamedevice.png) - -### Details - -If the default values shown are correct, then you can click **Next** to go on. Otherwise, enter data in one or both of the text boxes. - -- **Friendly name:** This is the name that people will see when they want to wirelessly connect to the Surface Hub. -- **Device name:** Can be set to any unique name as described on the screen. - -As long as both names are within the length requirements and do not use restricted characters, clicking **Next** will take you to the next page, [Set up admins for this device](#setup-admins). - -### What happens? - -The Surface Hub requires two names for the device, which will default to: - -- **Friendly name:** Defaults to the Display Name of the device account -- **Device name:** Defaults to the alias of the device account - -While either of the names can be changed later, keep in mind that: - -- The friendly name should be recognizable and different so that people can distinguish one Surface Hub from another when trying to wirelessly connect. -- If you decide to domain join the device, the device name must not be the same as any other device on the account’s Active Directory domain. The device can't join the domain if it is using the same name as another domain-joined device. - ->[!NOTE] ->If you want to enable [Miracast over Infrastructure](miracast-over-infrastructure.md), the device name needs to be discoverable via DNS. You can achieve this by either allowing your Surface Hub to register automatically via Dynamic DNS, or by manually creating an A or AAAA record for the Surface Hub's device name. - -## Set up admins for this device page - - -On this page, you will choose from several options for how you want to set up admin accounts to locally manage your device. - -Because every Surface Hub can be used by any number of authenticated employees, settings are locked down so that they can't change from session to session. Only admins can configure the settings on the device, and on this page, you’ll choose which type of admins have that privilege. - ->[!NOTE] ->The purpose of this page is primarily to determine who can configure the device from the device’s UI; that is, who can actually visit a device, log in, open up the Settings app, and make changes to the Settings. - - - -![Image showing Set up admins for this device page.](images/setupsetupadmins.png) - -### Details - -Choose one of the three available options: - -- **Use Microsoft Azure Active Directory** -- **Use Active Directory Domain Services** -- **Use a local admin** - -### What happens? - -This is what happens when you choose an option. - -- **Use Microsoft Azure Active Directory** - - Clicking this option allows you to join the device to Azure AD. Once you click **Next**, the device will restart to apply some settings, and then you’ll be taken to the [Use Microsoft Azure Active Directory](#use-microsoft-azure) page and asked to enter credentials that can allow you to join Azure AD. Members of the Azure Global Admins role from the joined organization will be able to use the Settings app. The specific people that will be allowed depends on your Azure AD subscription and how you’ve configured the settings for your Azure AD organization. - - > [!IMPORTANT] - > Administrators added to the Azure Device Administrators role after you join the device to Azure AD will be unable to use the Settings app. - > - > If you join Surface Hub to Azure AD during first-run setup, single sign-on (SSO) for Office apps will not work properly. Users will have to sign in to each Office app individually. - -- **Use Active Directory Domain Services** - - Click this option to join the device to AD. Once you click **Next**, you’ll be taken to the [Use Active Directory Domain Services](#use-active-directory) page and asked to enter credentials that allow you to join the specified domain. After joining, you can pick a security group from the joined domain, and people from that security group will be able to use the Settings app. - -- **Use a local admin** - - Choosing this option will allow you to create a single local admin. This admin won’t be backed by any directory service, so we recommend you only choose this case if the device does not have access to Azure AD or AD. Once you create an admin’s user name and password on the [Use a local admin](#use-a-local-admin) page, you will need to re-enter those same credentials whenever you open the Settings app. - - Note that a local admin must have physical access to the Surface Hub to log in. - ->[!NOTE] ->After you finish this process, you won't be able to change the device's admin option unless you reset the device. - - - -### Use Microsoft Azure Active Directory - -If you've decided to join your Surface Hub to Azure Active Directory (Azure AD), you'll see this **What happens next** page. Read it and click **Next** to go to the **Let's get you signed in page**. - -Joining Azure AD has two primary benefits: - -1. Some employees from your organization will be able to access the device as admins, and will be able to start the Settings app and configure the device. People that have admin permissions will be defined in your Azure AD subscription. -2. If your Azure AD is connected to a mobile device management (MDM) solution, the device will enroll with that MDM solution so you can apply policies and configuration. - -![Image showing message when you join your Surface Hub to Azure Active Directory.](images/setupjoiningazuread-1.png) - -### Details - -The following input is required: - -- **User's UPN:** The user principal name (UPN) of an account that can join Azure AD. -- **Password:** The password of the account you’re using to join Azure AD. - -![Image showing account log in info.](images/setupjoiningazuread-2.png) - -If you get to this point and don't have valid credentials for an Azure AD account, the device will allow you to continue by creating a local admin account. Click **Set up Windows with a local account instead**. - -![Image showing Set up an admin account page.](images/setupjoiningazuread-3.png) - -### What happens? - -Once you enter valid Azure AD account credentials, the device will try to join the associated Azure AD organization. If this succeeds, then the device will provision employees in that organization to be local admins on the device. If your Azure AD tenant was configured for it, the device will also enroll into MDM. - -### Use Active Directory Domain Services - -This page will ask for credentials to join a domain so that the Surface Hub can provision a security group as administrators of the device. - -Once the device has been domain joined, you must specify a security group from the domain you joined. This security group will be provisioned as administrators on the Surface Hub, and anyone from the security group can enter their domain credentials to access Settings. - -![Image showing Set up admins using domain join page.](images/setupdomainjoin.png) - -### Details - -The following input is required: - -- **Domain:** This is the fully qualified domain name (FQDN) of the domain that you want to join. A security group from this domain can be used to manage the device. -- **User name:** The user name of an account that has sufficient permission to join the specified domain. -- **Password:** The password for the account. - -After the credentials are verified, you will be asked to type a security group name. This input is required. - -![Image showing Enter a security group page.](images/setupsecuritygroup-1.png) - -### What happens? - -Using the provided domain, account credentials from the [Use Active Directory Domain Services page](#use-active-directory) and the device name from the [Name this device](#name-this-device) page, the Surface Hub will attempt to join the domain. If the join is successful, first run will continue, and will ask for a security group. If the join is not successful, first run will halt and ask you to change the information provided. - -If the join is successful, you'll see the **Enter a security group** page. When you click the **Select** button on this page, the device will search for the specified security group on your domain. If found, the group will be verified. Click **Finish** to complete the first run process. - ->[!NOTE] ->If you domain join the Surface Hub, you can't unjoin the device without resetting it. - - - -### Use a local admin - -If you decide not to use Azure Active Directory (Azure AD) or Active Directory (AD) to manage the Surface Hub, you'll need to create a local admin account. - -![Image showing Set up an admin account for local admin.](images/setuplocaladmin.png) - -### Details - -The following input is required: - -- **User name:** This is the user name of the local admin account that will be created for this Surface Hub. -- **Password:** This is the password of the device account. -- **Re-enter password:** Verifying the password as in the previous box. - -### What happens? - -This page will attempt to create a new admin account using the credentials that you enter here. If it's successful, then first run will end. If not, you'll be asked for different credentials. - -## Update the Surface Hub - - ->[!IMPORTANT] ->Before you do the updates, make sure you read [Save your BitLocker key](save-bitlocker-key-surface-hub.md) in order to make sure you have a backup of the key. - - - -In order to get the latest features and fixes, you should update your Surface Hub as soon as you finish all of the preceding first-run steps. - -1. Make sure the device has access to the Windows Update servers or to Windows Server Update Services (WSUS). To configure WSUS, see [Using WSUS](manage-windows-updates-for-surface-hub.md#use-windows-server-update-services). -2. Open Settings, click **Update & security**, then **Windows Update**, and then click **Check for updates**. -3. If updates are available, they will be downloaded. Once downloading is complete, click the **Update now** button to install the updates. -4. Follow the onscreen prompts after the updates are installed. You may need to restart the device. - - - - - - - - - diff --git a/devices/surface-hub/hub-teams-app.md b/devices/surface-hub/hub-teams-app.md deleted file mode 100644 index 358d5f8d3c..0000000000 --- a/devices/surface-hub/hub-teams-app.md +++ /dev/null @@ -1,24 +0,0 @@ ---- -title: Microsoft Teams app for Surface Hub -description: Provides a version history of updates for the Microsoft Teams app for Surface Hub -keywords: surface, hub, -ms.prod: surface-hub -ms.sitesec: library -author: greglin -ms.author: greglin -ms.topic: article -ms.date: 06/15/2020 -ms.localizationpriority: medium ---- - -# Microsoft Teams app for Surface Hub - -The Microsoft Teams app for Surface Hub is periodically updated and available via the [Microsoft Store](https://www.microsoft.com/store/apps/windows). If you manage Surface Hub with Automatic Updates enabled (default setting), the app will update automatically. - - -## Version history -| Store app version | Updates | Published to Microsoft Store | -| --------------------- | --------------------------------------------------------------------------------------------------- | -------------------------------- | -| 0.2020.13201.0 | - 3x3 Gallery view on Surface Hub
- Ability to search for External users | June 10, 2020
| -| 0.2020.13201 | - Quality improvements and Bug fixes | June 1, 2020
| -| 0.2020.4301.0 | - Accept incoming PSTN calls on Surface Hub
- Consume Attendee/Presenter role changes | May 21, 2020 | diff --git a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md deleted file mode 100644 index 329f00f931..0000000000 --- a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md +++ /dev/null @@ -1,413 +0,0 @@ ---- -title: Hybrid deployment (Surface Hub) -description: A hybrid deployment requires special processing to set up a device account for your Microsoft Surface Hub. -ms.assetid: 7BFBB7BE-F587-422E-9CE4-C9DDF829E4F1 -ms.reviewer: -manager: laurawi -keywords: hybrid deployment, device account for Surface Hub, Exchange hosted on-prem, Exchange hosted online -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 08/30/2018 -ms.localizationpriority: medium ---- - -# Hybrid deployment (Surface Hub) - -A hybrid deployment requires special processing to set up a device account for your Microsoft Surface Hub. If you’re using a hybrid deployment, in which your organization has a mix of services, with some hosted on-premises and some hosted online, then your configuration will depend on where each service is hosted. This topic covers hybrid deployments for [Exchange hosted on-premises](#exchange-on-premises), [Exchange hosted online](#exchange-online), Skype for Business on-premises, Skype for Business online, and Skype for Business hybrid. Because there are so many different variations in this type of deployment, it's not possible to provide detailed instructions for all of them. The following process will work for many configurations. If the process isn't right for your setup, we recommend that you use PowerShell (see [Appendix: PowerShell](appendix-a-powershell-scripts-for-surface-hub.md)) to achieve the same end result as documented here, and for other deployment options. You should then use the provided Powershell script to verify your Surface Hub setup. (See [Account Verification Script](appendix-a-powershell-scripts-for-surface-hub.md#acct-verification-ps-scripts).) - -> [!NOTE] -> In an Exchange hybrid environment, follow the steps for [Exchange on-premises](#exchange-on-premises). To move Exchange objects to Office 365, use the [New-MoveRequest](https://docs.microsoft.com/powershell/module/exchange/move-and-migration/new-moverequest?view=exchange-ps) cmdlet. - -## Exchange on-premises - -Use this procedure if you use Exchange on-premises. - -1. For this procedure, you'll be using AD admin tools to add an email address for your on-premises domain account. This account will be synced to Office 365. - -- In **Active Directory Users and Computers** AD tool, right-click on the folder or Organizational Unit that your Surface Hub accounts will be created in, click **New**, and **User**. -- Type the display name from the previous cmdlet into the **Full name** box, and the alias into the **User logon name** box. Click **Next**.

- -![New object box for creating a new user in active directory.](images/hybriddeployment-01a.png) - -- Type the password for this account. You'll need to retype it for verification. Make sure the **Password never expires** checkbox is the only option selected. - -> **Important** Selecting **Password never expires** is a requirement for Skype for Business on the Surface Hub. Your domain rules may prohibit passwords that don't expire. If so, you'll need to create an exception for each Surface Hub device account. - -![Image showing password dialog box.](images/hybriddeployment-02a.png) - -- Click **Finish** to create the account. - -![Image with account name, logon name, and password options for new user.](images/hybriddeployment-03a.png) - -2. Enable the remote mailbox. - -Open your on-premises Exchange Management Shell with administrator permissions, and run this cmdlet. - -```PowerShell -Enable-RemoteMailbox 'HUB01@contoso.com' -RemoteRoutingAddress 'HUB01@contoso.com' -Room -``` - -> [!NOTE] -> If you don't have an on-premises Exchange environment to run this cmdlet, you can make the same changes directly to the Active Directory object for the account. -> -> msExchRemoteRecipientType = 33 -> -> msExchRecipientDisplayType = -2147481850 -> -> msExchRecipientTypeDetails = 8589934592 - -3. After you've created the account, run a directory synchronization. When it's complete, go to the users page in your Microsoft 365 admin center and verify that the account created in the previous steps has merged to online. - -4. Connect to Microsoft Exchange Online and set some properties for the account in Office 365. - -Start a remote PowerShell session on a PC and connect to Microsoft Exchange. Be sure you have the right permissions set to run the associated cmdlets. - -The next steps will be run on your Office 365 tenant. - -```PowerShell -Set-ExecutionPolicy RemoteSigned -$cred=Get-Credential -Message "Please use your Office 365 admin credentials" -$sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 'https://ps.outlook.com/powershell' -Credential $cred -Authentication Basic -AllowRedirection -Import-PSSession $sess -``` - -5. Create a new Exchange ActiveSync policy, or use a compatible existing policy. - -After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy or use a compatible existing policy. - -Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to False. If this isn’t set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled. - -If you haven’t created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts. - -```PowerShell -$easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false -``` - -Once you have a compatible policy, you will need to apply the policy to the device account. - -```PowerShell -Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.id -``` - -6. Set Exchange properties. - -Setting Exchange properties on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section. - -```PowerShell -Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false -Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AddAdditionalResponse $true -AdditionalResponse 'This is a Surface Hub room!' -``` - -7. Connect to Azure AD. - -You first need to install Azure AD module for PowerShell version 2. In an elevated PowerShell prompt, run the following command: - -```PowerShell -Install-Module -Name AzureAD -``` - -You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect. - -```PowerShell -Import-Module AzureAD -Connect-AzureAD -Credential $cred -``` - -8. Assign an Office 365 license. - -The device account needs to have a valid Office 365 (O365) license, or Exchange and Skype for Business will not work. If you have the license, you need to assign a usage location to your device account—this determines what license SKUs are available for your account. - -You can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant. - -Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable. - -```PowerShell -Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US" - -Get-AzureADSubscribedSku | Select Sku*,*Units -$License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense -$License.SkuId = SkuId You selected - -$AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses -$AssignedLicenses.AddLicenses = $License -$AssignedLicenses.RemoveLicenses = @() - -Set-AzureADUserLicense -ObjectId "HUB01@contoso.com" -AssignedLicenses $AssignedLicenses -``` - -Next, you enable the device account with [Skype for Business Online](#skype-for-business-online), [Skype for Business on-premises](#skype-for-business-on-premises), or [Skype for Business hybrid](#skype-for-business-hybrid). - -### Skype for Business Online - -To enable Skype for Business online, your tenant users must have Exchange mailboxes (at least one Exchange mailbox in the tenant is required). The following table explains which plans or additional services you need. - -| Skype room system scenario | If you have Office 365 Premium, Microsoft 365 Apps for enterprise, or Skype for Business Standalone Plan 2, you need: | If you have an Enterprise-based plan, you need: | If you have Skype for Business Server 2015 (on-premises or hybrid), you need: | -| --- | --- | --- | --- | -| Join a scheduled meeting | Skype for Business Standalone Plan 1 | E1, 3, 4, or 5 | Skype for Business Server Standard CAL | -| Initiate an ad-hoc meeting | Skype for Business Standalone Plan 2 | E 1, 3, 4, or 5 | Skype for Business Server Standard CAL or Enterprise CAL | -| Initiate an ad-hoc meeting and dial out from a meeting to phone numbers | Skype for Business Standalone Plan 2 with Audio Conferencing

**Note** PSTN consumption billing is optional | E1 or E3 with Audio Conferencing, or E5| Skype for Business Server Standard CAL or Enterprise CAL | -| Give the room a phone number and make or receive calls from the room or join a dial-in conference using a phone number | Skype for Business Standalone Plan 2 with Phone System and a PSTN Voice Calling plan | E1 or E3 with Phone System and a PSTN Voice Calling plan, or E5 | Skype for Business Server Standard CAL or Plus CAL | - -The following table lists the Office 365 plans and Skype for Business options. - -| O365 Plan | Skype for Business | Phone System | Audio Conferencing | Calling Plans | -| --- | --- | --- | --- | --- | -| O365 Business Essentials | Included | | | | -| O365 Business Premium | Included | | | | -| E1 | Included | Add-on | Add-on | Add-on (requires Phone System add-on) | -| E3 | Included | Add-on | Add-on | Add-on (requires Phone System add-on) | -| E5 | Included | Included | Included | Add-on | - -1. Start by creating a remote PowerShell session from a PC to the Skype for Business online environment. - -```PowerShell -Import-Module SkypeOnlineConnector -$cssess=New-CsOnlineSession -Credential $cred -Import-PSSession $cssess -AllowClobber -``` - -2. To enable your Surface Hub account for Skype for Business Server, run this cmdlet: - -```PowerShell -Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool 'sippoolbl20a04.infra.lync.com' -SipAddressType UserPrincipalName -``` - -If you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet: - -```PowerShell -Get-CsOnlineUser -Identity ‘HUB01@contoso.com’| fl *registrarpool* -``` - -3. Assign Skype for Business license to your Surface Hub account. - - Once you've completed the preceding steps to enable your Surface Hub account in Skype for Business Online, you need to assign a license to the Surface Hub. Using the O365 administrative portal, assign either a Skype for Business Online (Plan 2) or a Skype for Business Online (Plan 3) license to the device. - -- Login as a tenant administrator, open the O365 Administrative Portal, and click on the Admin app. - -- Click on **Users and Groups** and then **Add users, reset passwords, and more**. - -- Click the Surface Hub account, and then click the pen icon to edit the account information. - -- Click **Licenses**. - -- In **Assign licenses**, select Skype for Business (Plan 1) or Skype for Business (Plan 2), depending on your licensing and Enterprise Voice requirements. You'll have to use a Plan 2 license if you want to use Enterprise Voice on your Surface Hub. - -- Click **Save**. - -> [!NOTE] -> You can also use the Windows Azure Active Directory Module for Windows Powershell to run the cmdlets needed to assign one of these licenses, but that's not covered here. - -For validation, you should be able to use any Skype for Business client (PC, Android, etc.) to sign in to this account. - -### Skype for Business on-premises - -To run this cmdlet, you will need to connect to one of the Skype front-ends. Open the Skype PowerShell and run: - -```PowerShell -Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool registrarpoolfqdn -SipAddressType UserPrincipalName -``` - -### Skype for Business hybrid - -If your organization has set up [hybrid connectivity between Skype for Business Server and Skype for Business Online](https://technet.microsoft.com/library/jj205403.aspx), the guidance for creating accounts differs from a standard Surface Hub deployment. - -The Surface Hub requires a Skype account of the type `meetingroom`, while a normal user would use a user type account in Skype. If your Skype server is set up for hybrid where you might have users on the local Skype server as well as users hosted in Office 365, you might run into a few issues when trying to create a Surface Hub account. - -In Skype for Business Server 2015 hybrid environment, any user that you want in Skype for Business Online must first be created in the on-premises deployment, so that the user account is created in Active Directory Domain Services. You can then move the user to Skype for Business Online. The move of a user account from on-premises to online is done via the [Move-CsUser](https://technet.microsoft.com/library/gg398528.aspx) cmdlet. To move a Csmeetingroom object, use the [Move-CsMeetingRoom](https://technet.microsoft.com/library/jj204889.aspx?f=255&mspperror=-2147217396) cmdlet. - -> [!NOTE] -> To use the Move-CsMeetingRoom cmdlet, you must have installed [the May 2017 cumulative update 6.0.9319.281 for Skype for Business Server 2015](https://support.microsoft.com/help/4020991/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p) or [the July 2017 cumulative update 5.0.8308.992 for Lync Server 2013](https://support.microsoft.com/help/4034279/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p). - - -## Exchange online - -Use this procedure if you use Exchange online. - -1. Create an email account in Office 365. - -Start a remote PowerShell session on a PC and connect to Exchange. Be sure you have the right permissions set to run the associated cmdlets. - -```PowerShell -Set-ExecutionPolicy RemoteSigned -$cred=Get-Credential -Message "Please use your Office 365 admin credentials" -$sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/PowerShell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection -Import-PSSession $sess -``` - -2. Set up a mailbox. - -After establishing a session, you’ll either create a new mailbox and enable it as a RoomMailboxAccount, or change the settings for an existing room mailbox. This will allow the account to authenticate into the Surface Hub. - -If you're changing an existing resource mailbox: - -```PowerShell -Set-Mailbox -Identity 'HUB01' -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force) -``` - -If you’re creating a new resource mailbox: - -```PowerShell -New-Mailbox -MicrosoftOnlineServicesID 'HUB01@contoso.com' -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force) -``` - -3. Create Exchange ActiveSync policy. - -After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy. - -Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to False. If this isn’t set properly, Exchange services on the Surface Hub (mail, calendar, and joining meetings) will not be enabled. - -If you haven’t created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts. - -```PowerShell -$easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false -``` - -Once you have a compatible policy, you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. You need to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox—you may need to re-enable it and set the password again too. - -```PowerShell -Set-Mailbox 'HUB01@contoso.com' -Type Regular -Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.id -Set-Mailbox 'HUB01@contoso.com' -Type Room -$credNewAccount = Get-Credential -Message "Please provide the Surface Hub username and password" -Set-Mailbox 'HUB01@contoso.com' -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true -``` - -4. Set Exchange properties. - -Various Exchange properties must be set on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section. - -```PowerShell -Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false -Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!" -``` - -5. Add an email address for your on-premises domain account. - -For this procedure, you'll be using AD admin tools to add an email address for your on-premises domain account. - -- In **Active Directory Users and Computers** AD tool, right-click on the folder or Organizational Unit that your Surface Hub accounts will be created in, click **New**, and **User**. -- Type the display name from the previous cmdlet into the **Full name** box, and the alias into the **User logon name** box. Click **Next**. - -![New object box for creating a new user in Active Directory.](images/hybriddeployment-01a.png) - -- Type the password for this account. You'll need to retype it for verification. Make sure the **Password never expires** checkbox is the only option selected. - -> [!IMPORTANT] -> Selecting **Password never expires** is a requirement for Skype for Business on the Surface Hub. Your domain rules may prohibit passwords that don't expire. If so, you'll need to create an exception for each Surface Hub device account. - -![Image showing password dialog box.](images/hybriddeployment-02a.png) - -- Click **Finish** to create the account. - -![Image with account name, logon name, and password options for new user.](images/hybriddeployment-03a.png) - -6. Run directory synchronization. - -After you've created the account, run a directory synchronization. When it's complete, go to the users page and verify that the two accounts created in the previous steps have merged. - -7. Connect to Azure AD. - -You first need to install Azure AD module for PowerShell version 2. In an elevated PowerShell prompt, run the following command: - -```PowerShell -Install-Module -Name AzureAD -``` - -You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect: - -```PowerShell -Import-Module AzureAD -Connect-AzureAD -Credential $cred -``` - -8. Assign an Office 365 license. - -The device account needs to have a valid Office 365 (O365) license, or Exchange and Skype for Business will not work. If you have the license, you need to assign a usage location to your device account—this determines what license SKUs are available for your account. - -Next, you can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant. - -Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable. - -```PowerShell -Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US" - -Get-AzureADSubscribedSku | Select Sku*,*Units -$License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense -$License.SkuId = SkuId You selected - -$AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses -$AssignedLicenses.AddLicenses = $License -$AssignedLicenses.RemoveLicenses = @() - -Set-AzureADUserLicense -ObjectId "HUB01@contoso.com" -AssignedLicenses $AssignedLicenses -``` - -Next, you enable the device account with [Skype for Business Online](#skype-for-business-online), [Skype for Business on-premises](#skype-for-business-on-premises), or [Skype for Business hybrid](#skype-for-business-hybrid). - -### Skype for Business Online - -In order to enable Skype for Business, your environment will need to meet the [prerequisites for Skype for Business online](#skype-for-business-online). - -1. Start by creating a remote PowerShell session to the Skype for Business online environment from a PC. - -```PowerShell -Import-Module SkypeOnlineConnector -$cssess=New-CsOnlineSession -Credential $cred -Import-PSSession $cssess -AllowClobber -``` - -2. To enable your Surface Hub account for Skype for Business Server, run this cmdlet: - -```PowerShell -Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool -'sippoolbl20a04.infra.lync.com' -SipAddressType UserPrincipalName -``` - - If you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet: - -```PowerShell -Get-CsOnlineUser -Identity 'HUB01@contoso.com'| fl *registrarpool* -``` - -10. Assign Skype for Business license to your Surface Hub account - -Once you've completed the preceding steps to enable your Surface Hub account in Skype for Business Online, you need to assign a license to the Surface Hub. Using the O365 administrative portal, assign either a Skype for Business Online (Plan 2) or a Skype for Business Online (Plan 3) license to the device. - -- Sign in as a tenant administrator, open the O365 Administrative Portal, and click on the Admin app. - -- Click on **Users and Groups** and then **Add users, reset passwords, and more**. - -- Click the Surface Hub account, and then click the pen icon to edit the account information. - -- Click **Licenses**. - -- In **Assign licenses**, select Skype for Business (Plan 2) or Skype for Business (Plan 3), depending on your licensing and Enterprise Voice requirements. You'll have to use a Plan 3 license if you want to use Enterprise Voice on your Surface Hub. - -- Click **Save**. - -> [!NOTE] -> You can also use the Windows Azure Active Directory Module for Windows PowerShell to run the cmdlets needed to assign one of these licenses, but that's not covered here. - -For validation, you should be able to use any Skype for Business client (PC, Android, etc) to sign in to this account. - -### Skype for Business on-premises - -To run this cmdlet, you will need to connect to one of the Skype front-ends. Open the Skype PowerShell and run: - -```PowerShell -Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool registrarpoolfqdn -SipAddressType UserPrincipalName -``` - -### Skype for Business hybrid - -If your organization has set up [hybrid connectivity between Skype for Business Server and Skype for Business Online](https://technet.microsoft.com/library/jj205403.aspx), the guidance for creating accounts differs from a standard Surface Hub deployment. - -The Surface Hub requires a Skype account of the type *meetingroom*, while a normal user would use a *user* type account in Skype. If your Skype server is set up for hybrid where you might have users on the local Skype server as well as users hosted in Office 365, you might run into a few issues when trying to create a Surface Hub account. - -In Skype for Business Server 2015 hybrid environment, any user that you want in Skype for Business Online must first be created in the on-premises deployment, so that the user account is created in Active Directory Domain Services. You can then move the user to Skype for Business Online. The move of a user account from on-premises to online is done via the [Move-CsUser](https://technet.microsoft.com/library/gg398528.aspx) cmdlet. To move a Csmeetingroom object, use the [Move-CsMeetingRoom](https://technet.microsoft.com/library/jj204889.aspx?f=255&mspperror=-2147217396) cmdlet. - -> [!NOTE] -> To use the Move-CsMeetingRoom cmdlet, you must have installed [the May 2017 cumulative update 6.0.9319.281 for Skype for Business Server 2015](https://support.microsoft.com/help/4020991/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p) or [the July 2017 cumulative update 5.0.8308.992 for Lync Server 2013](https://support.microsoft.com/help/4034279/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p). diff --git a/devices/surface-hub/images/01-diagnostic.png b/devices/surface-hub/images/01-diagnostic.png deleted file mode 100644 index fde5951776..0000000000 Binary files a/devices/surface-hub/images/01-diagnostic.png and /dev/null differ diff --git a/devices/surface-hub/images/01-escape.png b/devices/surface-hub/images/01-escape.png deleted file mode 100644 index badfc5883d..0000000000 Binary files a/devices/surface-hub/images/01-escape.png and /dev/null differ diff --git a/devices/surface-hub/images/02-all-apps.png b/devices/surface-hub/images/02-all-apps.png deleted file mode 100644 index a29e9d8428..0000000000 Binary files a/devices/surface-hub/images/02-all-apps.png and /dev/null differ diff --git a/devices/surface-hub/images/02-skip-this-drive.png b/devices/surface-hub/images/02-skip-this-drive.png deleted file mode 100644 index 930f0b26d3..0000000000 Binary files a/devices/surface-hub/images/02-skip-this-drive.png and /dev/null differ diff --git a/devices/surface-hub/images/03-recover-from-cloud.png b/devices/surface-hub/images/03-recover-from-cloud.png deleted file mode 100644 index be422cecc8..0000000000 Binary files a/devices/surface-hub/images/03-recover-from-cloud.png and /dev/null differ diff --git a/devices/surface-hub/images/03-welcome.png b/devices/surface-hub/images/03-welcome.png deleted file mode 100644 index b71ebe0752..0000000000 Binary files a/devices/surface-hub/images/03-welcome.png and /dev/null differ diff --git a/devices/surface-hub/images/04-test-results-1.png b/devices/surface-hub/images/04-test-results-1.png deleted file mode 100644 index e0b53f2dc3..0000000000 Binary files a/devices/surface-hub/images/04-test-results-1.png and /dev/null differ diff --git a/devices/surface-hub/images/04-yes.png b/devices/surface-hub/images/04-yes.png deleted file mode 100644 index 9c26b795ce..0000000000 Binary files a/devices/surface-hub/images/04-yes.png and /dev/null differ diff --git a/devices/surface-hub/images/05-test-results-2.png b/devices/surface-hub/images/05-test-results-2.png deleted file mode 100644 index 55b7c7abed..0000000000 Binary files a/devices/surface-hub/images/05-test-results-2.png and /dev/null differ diff --git a/devices/surface-hub/images/05a-reinstall.png b/devices/surface-hub/images/05a-reinstall.png deleted file mode 100644 index 60d90928ba..0000000000 Binary files a/devices/surface-hub/images/05a-reinstall.png and /dev/null differ diff --git a/devices/surface-hub/images/05b-downloading.png b/devices/surface-hub/images/05b-downloading.png deleted file mode 100644 index 59393e7162..0000000000 Binary files a/devices/surface-hub/images/05b-downloading.png and /dev/null differ diff --git a/devices/surface-hub/images/06-account-settings.png b/devices/surface-hub/images/06-account-settings.png deleted file mode 100644 index 35a92f2ff8..0000000000 Binary files a/devices/surface-hub/images/06-account-settings.png and /dev/null differ diff --git a/devices/surface-hub/images/06-out-of-box.png b/devices/surface-hub/images/06-out-of-box.png deleted file mode 100644 index a513b46c5b..0000000000 Binary files a/devices/surface-hub/images/06-out-of-box.png and /dev/null differ diff --git a/devices/surface-hub/images/07-account-settings-details.png b/devices/surface-hub/images/07-account-settings-details.png deleted file mode 100644 index 421f372b03..0000000000 Binary files a/devices/surface-hub/images/07-account-settings-details.png and /dev/null differ diff --git a/devices/surface-hub/images/07-cancel.png b/devices/surface-hub/images/07-cancel.png deleted file mode 100644 index a788960011..0000000000 Binary files a/devices/surface-hub/images/07-cancel.png and /dev/null differ diff --git a/devices/surface-hub/images/08-test-account.png b/devices/surface-hub/images/08-test-account.png deleted file mode 100644 index d7cbf9620d..0000000000 Binary files a/devices/surface-hub/images/08-test-account.png and /dev/null differ diff --git a/devices/surface-hub/images/08-troubleshoot.png b/devices/surface-hub/images/08-troubleshoot.png deleted file mode 100644 index d2af1969bd..0000000000 Binary files a/devices/surface-hub/images/08-troubleshoot.png and /dev/null differ diff --git a/devices/surface-hub/images/09-network.png b/devices/surface-hub/images/09-network.png deleted file mode 100644 index d69f2d67ec..0000000000 Binary files a/devices/surface-hub/images/09-network.png and /dev/null differ diff --git a/devices/surface-hub/images/09-recover-from-cloud2.png b/devices/surface-hub/images/09-recover-from-cloud2.png deleted file mode 100644 index 64650a91bb..0000000000 Binary files a/devices/surface-hub/images/09-recover-from-cloud2.png and /dev/null differ diff --git a/devices/surface-hub/images/10-cancel.png b/devices/surface-hub/images/10-cancel.png deleted file mode 100644 index ffef745522..0000000000 Binary files a/devices/surface-hub/images/10-cancel.png and /dev/null differ diff --git a/devices/surface-hub/images/10-environment.png b/devices/surface-hub/images/10-environment.png deleted file mode 100644 index 376e077249..0000000000 Binary files a/devices/surface-hub/images/10-environment.png and /dev/null differ diff --git a/devices/surface-hub/images/11-certificates.png b/devices/surface-hub/images/11-certificates.png deleted file mode 100644 index 13b45396b3..0000000000 Binary files a/devices/surface-hub/images/11-certificates.png and /dev/null differ diff --git a/devices/surface-hub/images/12-trust-model.png b/devices/surface-hub/images/12-trust-model.png deleted file mode 100644 index 996bb4fdd4..0000000000 Binary files a/devices/surface-hub/images/12-trust-model.png and /dev/null differ diff --git a/devices/surface-hub/images/2s-mount-pattern.png b/devices/surface-hub/images/2s-mount-pattern.png deleted file mode 100644 index 92262fb428..0000000000 Binary files a/devices/surface-hub/images/2s-mount-pattern.png and /dev/null differ diff --git a/devices/surface-hub/images/35mm.png b/devices/surface-hub/images/35mm.png deleted file mode 100644 index 7a414337b6..0000000000 Binary files a/devices/surface-hub/images/35mm.png and /dev/null differ diff --git a/devices/surface-hub/images/ICDstart-option.PNG b/devices/surface-hub/images/ICDstart-option.PNG deleted file mode 100644 index 1ba49bb261..0000000000 Binary files a/devices/surface-hub/images/ICDstart-option.PNG and /dev/null differ diff --git a/devices/surface-hub/images/OOBE-2.jpg b/devices/surface-hub/images/OOBE-2.jpg deleted file mode 100644 index 0c615a2ec4..0000000000 Binary files a/devices/surface-hub/images/OOBE-2.jpg and /dev/null differ diff --git a/devices/surface-hub/images/account-management-details.PNG b/devices/surface-hub/images/account-management-details.PNG deleted file mode 100644 index 66712394ec..0000000000 Binary files a/devices/surface-hub/images/account-management-details.PNG and /dev/null differ diff --git a/devices/surface-hub/images/account-management.PNG b/devices/surface-hub/images/account-management.PNG deleted file mode 100644 index 34165dfcd6..0000000000 Binary files a/devices/surface-hub/images/account-management.PNG and /dev/null differ diff --git a/devices/surface-hub/images/add-applications-details.PNG b/devices/surface-hub/images/add-applications-details.PNG deleted file mode 100644 index 2efd3483ae..0000000000 Binary files a/devices/surface-hub/images/add-applications-details.PNG and /dev/null differ diff --git a/devices/surface-hub/images/add-applications.PNG b/devices/surface-hub/images/add-applications.PNG deleted file mode 100644 index 2316deb2fd..0000000000 Binary files a/devices/surface-hub/images/add-applications.PNG and /dev/null differ diff --git a/devices/surface-hub/images/add-certificates-details.PNG b/devices/surface-hub/images/add-certificates-details.PNG deleted file mode 100644 index 78cd783282..0000000000 Binary files a/devices/surface-hub/images/add-certificates-details.PNG and /dev/null differ diff --git a/devices/surface-hub/images/add-certificates.PNG b/devices/surface-hub/images/add-certificates.PNG deleted file mode 100644 index 24cb605d1c..0000000000 Binary files a/devices/surface-hub/images/add-certificates.PNG and /dev/null differ diff --git a/devices/surface-hub/images/add-config-file-details.PNG b/devices/surface-hub/images/add-config-file-details.PNG deleted file mode 100644 index c7b4db97e6..0000000000 Binary files a/devices/surface-hub/images/add-config-file-details.PNG and /dev/null differ diff --git a/devices/surface-hub/images/add-config-file.PNG b/devices/surface-hub/images/add-config-file.PNG deleted file mode 100644 index 5b779509d9..0000000000 Binary files a/devices/surface-hub/images/add-config-file.PNG and /dev/null differ diff --git a/devices/surface-hub/images/adjust-room-audio.png b/devices/surface-hub/images/adjust-room-audio.png deleted file mode 100644 index 3d0eef5ed7..0000000000 Binary files a/devices/surface-hub/images/adjust-room-audio.png and /dev/null differ diff --git a/devices/surface-hub/images/analog.png b/devices/surface-hub/images/analog.png deleted file mode 100644 index 1f1666903b..0000000000 Binary files a/devices/surface-hub/images/analog.png and /dev/null differ diff --git a/devices/surface-hub/images/approve-signin.png b/devices/surface-hub/images/approve-signin.png deleted file mode 100644 index 7736b95431..0000000000 Binary files a/devices/surface-hub/images/approve-signin.png and /dev/null differ diff --git a/devices/surface-hub/images/approve-signin2.png b/devices/surface-hub/images/approve-signin2.png deleted file mode 100644 index 2ccfc40ecc..0000000000 Binary files a/devices/surface-hub/images/approve-signin2.png and /dev/null differ diff --git a/devices/surface-hub/images/apps.png b/devices/surface-hub/images/apps.png deleted file mode 100644 index 5cb3b7ec8f..0000000000 Binary files a/devices/surface-hub/images/apps.png and /dev/null differ diff --git a/devices/surface-hub/images/attendees.png b/devices/surface-hub/images/attendees.png deleted file mode 100644 index fd468aa971..0000000000 Binary files a/devices/surface-hub/images/attendees.png and /dev/null differ diff --git a/devices/surface-hub/images/caution.PNG b/devices/surface-hub/images/caution.PNG deleted file mode 100644 index 0f87b07c0f..0000000000 Binary files a/devices/surface-hub/images/caution.PNG and /dev/null differ diff --git a/devices/surface-hub/images/choose-package.png b/devices/surface-hub/images/choose-package.png deleted file mode 100644 index 2bf7a18648..0000000000 Binary files a/devices/surface-hub/images/choose-package.png and /dev/null differ diff --git a/devices/surface-hub/images/configmgr-additional.png b/devices/surface-hub/images/configmgr-additional.png deleted file mode 100644 index 7c8fbf8e2f..0000000000 Binary files a/devices/surface-hub/images/configmgr-additional.png and /dev/null differ diff --git a/devices/surface-hub/images/configmgr-create.png b/devices/surface-hub/images/configmgr-create.png deleted file mode 100644 index 1db436d3ad..0000000000 Binary files a/devices/surface-hub/images/configmgr-create.png and /dev/null differ diff --git a/devices/surface-hub/images/configmgr-oma-uri.png b/devices/surface-hub/images/configmgr-oma-uri.png deleted file mode 100644 index 699bc054a1..0000000000 Binary files a/devices/surface-hub/images/configmgr-oma-uri.png and /dev/null differ diff --git a/devices/surface-hub/images/configmgr-platform.png b/devices/surface-hub/images/configmgr-platform.png deleted file mode 100644 index e857c50cc3..0000000000 Binary files a/devices/surface-hub/images/configmgr-platform.png and /dev/null differ diff --git a/devices/surface-hub/images/configmgr-team.png b/devices/surface-hub/images/configmgr-team.png deleted file mode 100644 index f99acd5738..0000000000 Binary files a/devices/surface-hub/images/configmgr-team.png and /dev/null differ diff --git a/devices/surface-hub/images/connect-aad.png b/devices/surface-hub/images/connect-aad.png deleted file mode 100644 index 8583866165..0000000000 Binary files a/devices/surface-hub/images/connect-aad.png and /dev/null differ diff --git a/devices/surface-hub/images/deploy1.png b/devices/surface-hub/images/deploy1.png deleted file mode 100644 index 1c5c119303..0000000000 Binary files a/devices/surface-hub/images/deploy1.png and /dev/null differ diff --git a/devices/surface-hub/images/deploy2.png b/devices/surface-hub/images/deploy2.png deleted file mode 100644 index 2b035e979f..0000000000 Binary files a/devices/surface-hub/images/deploy2.png and /dev/null differ diff --git a/devices/surface-hub/images/deploy3.png b/devices/surface-hub/images/deploy3.png deleted file mode 100644 index 56621a24dc..0000000000 Binary files a/devices/surface-hub/images/deploy3.png and /dev/null differ diff --git a/devices/surface-hub/images/deploymentoptions-01.png b/devices/surface-hub/images/deploymentoptions-01.png deleted file mode 100644 index 05a5eb45c6..0000000000 Binary files a/devices/surface-hub/images/deploymentoptions-01.png and /dev/null differ diff --git a/devices/surface-hub/images/developer-setup.PNG b/devices/surface-hub/images/developer-setup.PNG deleted file mode 100644 index 8c93d5ed91..0000000000 Binary files a/devices/surface-hub/images/developer-setup.PNG and /dev/null differ diff --git a/devices/surface-hub/images/device-family.png b/devices/surface-hub/images/device-family.png deleted file mode 100644 index 1efe12fc57..0000000000 Binary files a/devices/surface-hub/images/device-family.png and /dev/null differ diff --git a/devices/surface-hub/images/dport.png b/devices/surface-hub/images/dport.png deleted file mode 100644 index 2842f96ad4..0000000000 Binary files a/devices/surface-hub/images/dport.png and /dev/null differ diff --git a/devices/surface-hub/images/dportio.png b/devices/surface-hub/images/dportio.png deleted file mode 100644 index 02bf145d60..0000000000 Binary files a/devices/surface-hub/images/dportio.png and /dev/null differ diff --git a/devices/surface-hub/images/dportout.png b/devices/surface-hub/images/dportout.png deleted file mode 100644 index 4b6bb87663..0000000000 Binary files a/devices/surface-hub/images/dportout.png and /dev/null differ diff --git a/devices/surface-hub/images/ease-of-access.png b/devices/surface-hub/images/ease-of-access.png deleted file mode 100644 index 2cb79254f8..0000000000 Binary files a/devices/surface-hub/images/ease-of-access.png and /dev/null differ diff --git a/devices/surface-hub/images/end-session.png b/devices/surface-hub/images/end-session.png deleted file mode 100644 index 4b28583af4..0000000000 Binary files a/devices/surface-hub/images/end-session.png and /dev/null differ diff --git a/devices/surface-hub/images/enroll-mdm-details.PNG b/devices/surface-hub/images/enroll-mdm-details.PNG deleted file mode 100644 index f3a7fea8da..0000000000 Binary files a/devices/surface-hub/images/enroll-mdm-details.PNG and /dev/null differ diff --git a/devices/surface-hub/images/enroll-mdm.PNG b/devices/surface-hub/images/enroll-mdm.PNG deleted file mode 100644 index b7cfdbc767..0000000000 Binary files a/devices/surface-hub/images/enroll-mdm.PNG and /dev/null differ diff --git a/devices/surface-hub/images/express-settings.png b/devices/surface-hub/images/express-settings.png deleted file mode 100644 index 99e9c4825a..0000000000 Binary files a/devices/surface-hub/images/express-settings.png and /dev/null differ diff --git a/devices/surface-hub/images/finish-details.png b/devices/surface-hub/images/finish-details.png deleted file mode 100644 index 727efac696..0000000000 Binary files a/devices/surface-hub/images/finish-details.png and /dev/null differ diff --git a/devices/surface-hub/images/finish.PNG b/devices/surface-hub/images/finish.PNG deleted file mode 100644 index 7c65da1799..0000000000 Binary files a/devices/surface-hub/images/finish.PNG and /dev/null differ diff --git a/devices/surface-hub/images/five.png b/devices/surface-hub/images/five.png deleted file mode 100644 index 961f0e15b7..0000000000 Binary files a/devices/surface-hub/images/five.png and /dev/null differ diff --git a/devices/surface-hub/images/four.png b/devices/surface-hub/images/four.png deleted file mode 100644 index 0fef213b37..0000000000 Binary files a/devices/surface-hub/images/four.png and /dev/null differ diff --git a/devices/surface-hub/images/getstarted.png b/devices/surface-hub/images/getstarted.png deleted file mode 100644 index e5b85dd8ae..0000000000 Binary files a/devices/surface-hub/images/getstarted.png and /dev/null differ diff --git a/devices/surface-hub/images/h2gen-platemount.png b/devices/surface-hub/images/h2gen-platemount.png deleted file mode 100644 index 4a8ca76fd4..0000000000 Binary files a/devices/surface-hub/images/h2gen-platemount.png and /dev/null differ diff --git a/devices/surface-hub/images/h2gen-railmount.png b/devices/surface-hub/images/h2gen-railmount.png deleted file mode 100644 index 0c8bf8ffb6..0000000000 Binary files a/devices/surface-hub/images/h2gen-railmount.png and /dev/null differ diff --git a/devices/surface-hub/images/hdmi.png b/devices/surface-hub/images/hdmi.png deleted file mode 100644 index a2c69ace45..0000000000 Binary files a/devices/surface-hub/images/hdmi.png and /dev/null differ diff --git a/devices/surface-hub/images/hub-sec-1.png b/devices/surface-hub/images/hub-sec-1.png deleted file mode 100644 index fe4e25d084..0000000000 Binary files a/devices/surface-hub/images/hub-sec-1.png and /dev/null differ diff --git a/devices/surface-hub/images/hub-sec-2.png b/devices/surface-hub/images/hub-sec-2.png deleted file mode 100644 index fdf7af7ca6..0000000000 Binary files a/devices/surface-hub/images/hub-sec-2.png and /dev/null differ diff --git a/devices/surface-hub/images/hub2s-rear.png b/devices/surface-hub/images/hub2s-rear.png deleted file mode 100644 index f30a81159c..0000000000 Binary files a/devices/surface-hub/images/hub2s-rear.png and /dev/null differ diff --git a/devices/surface-hub/images/hub2s-schematic.png b/devices/surface-hub/images/hub2s-schematic.png deleted file mode 100644 index 28c328a005..0000000000 Binary files a/devices/surface-hub/images/hub2s-schematic.png and /dev/null differ diff --git a/devices/surface-hub/images/hybriddeployment-01a.png b/devices/surface-hub/images/hybriddeployment-01a.png deleted file mode 100644 index 9eb84f777f..0000000000 Binary files a/devices/surface-hub/images/hybriddeployment-01a.png and /dev/null differ diff --git a/devices/surface-hub/images/hybriddeployment-02a.png b/devices/surface-hub/images/hybriddeployment-02a.png deleted file mode 100644 index 85229d2d0d..0000000000 Binary files a/devices/surface-hub/images/hybriddeployment-02a.png and /dev/null differ diff --git a/devices/surface-hub/images/hybriddeployment-03a.png b/devices/surface-hub/images/hybriddeployment-03a.png deleted file mode 100644 index 42cd08d900..0000000000 Binary files a/devices/surface-hub/images/hybriddeployment-03a.png and /dev/null differ diff --git a/devices/surface-hub/images/icd-common-settings.png b/devices/surface-hub/images/icd-common-settings.png deleted file mode 100644 index c2a8eb807f..0000000000 Binary files a/devices/surface-hub/images/icd-common-settings.png and /dev/null differ diff --git a/devices/surface-hub/images/icd-new-project.png b/devices/surface-hub/images/icd-new-project.png deleted file mode 100644 index 8a5c64fa4e..0000000000 Binary files a/devices/surface-hub/images/icd-new-project.png and /dev/null differ diff --git a/devices/surface-hub/images/icd-simple-edit.png b/devices/surface-hub/images/icd-simple-edit.png deleted file mode 100644 index aea2e24c8a..0000000000 Binary files a/devices/surface-hub/images/icd-simple-edit.png and /dev/null differ diff --git a/devices/surface-hub/images/idcfeatureschecklist.png b/devices/surface-hub/images/idcfeatureschecklist.png deleted file mode 100644 index a58d20fcb2..0000000000 Binary files a/devices/surface-hub/images/idcfeatureschecklist.png and /dev/null differ diff --git a/devices/surface-hub/images/iec.png b/devices/surface-hub/images/iec.png deleted file mode 100644 index 7ca6e9237b..0000000000 Binary files a/devices/surface-hub/images/iec.png and /dev/null differ diff --git a/devices/surface-hub/images/intune-save-policy.png b/devices/surface-hub/images/intune-save-policy.png deleted file mode 100644 index f53cc85602..0000000000 Binary files a/devices/surface-hub/images/intune-save-policy.png and /dev/null differ diff --git a/devices/surface-hub/images/intune-template.png b/devices/surface-hub/images/intune-template.png deleted file mode 100644 index 047aed6502..0000000000 Binary files a/devices/surface-hub/images/intune-template.png and /dev/null differ diff --git a/devices/surface-hub/images/key-55.png b/devices/surface-hub/images/key-55.png deleted file mode 100644 index d0ee9a5d13..0000000000 Binary files a/devices/surface-hub/images/key-55.png and /dev/null differ diff --git a/devices/surface-hub/images/license-terms.png b/devices/surface-hub/images/license-terms.png deleted file mode 100644 index 8dd34b0a18..0000000000 Binary files a/devices/surface-hub/images/license-terms.png and /dev/null differ diff --git a/devices/surface-hub/images/manage1.png b/devices/surface-hub/images/manage1.png deleted file mode 100644 index 4caf53b809..0000000000 Binary files a/devices/surface-hub/images/manage1.png and /dev/null differ diff --git a/devices/surface-hub/images/manage2.png b/devices/surface-hub/images/manage2.png deleted file mode 100644 index cb232cffa6..0000000000 Binary files a/devices/surface-hub/images/manage2.png and /dev/null differ diff --git a/devices/surface-hub/images/manage3.png b/devices/surface-hub/images/manage3.png deleted file mode 100644 index 9da88b808e..0000000000 Binary files a/devices/surface-hub/images/manage3.png and /dev/null differ diff --git a/devices/surface-hub/images/manage4.png b/devices/surface-hub/images/manage4.png deleted file mode 100644 index 5c9553718e..0000000000 Binary files a/devices/surface-hub/images/manage4.png and /dev/null differ diff --git a/devices/surface-hub/images/managesettingsmdm-enroll.png b/devices/surface-hub/images/managesettingsmdm-enroll.png deleted file mode 100644 index fe33277b4e..0000000000 Binary files a/devices/surface-hub/images/managesettingsmdm-enroll.png and /dev/null differ diff --git a/devices/surface-hub/images/mfa-options.png b/devices/surface-hub/images/mfa-options.png deleted file mode 100644 index 5bd3defd01..0000000000 Binary files a/devices/surface-hub/images/mfa-options.png and /dev/null differ diff --git a/devices/surface-hub/images/networkmgtwired-01.png b/devices/surface-hub/images/networkmgtwired-01.png deleted file mode 100644 index d2c1748b0b..0000000000 Binary files a/devices/surface-hub/images/networkmgtwired-01.png and /dev/null differ diff --git a/devices/surface-hub/images/networkmgtwired-02.png b/devices/surface-hub/images/networkmgtwired-02.png deleted file mode 100644 index 7312b644d0..0000000000 Binary files a/devices/surface-hub/images/networkmgtwired-02.png and /dev/null differ diff --git a/devices/surface-hub/images/networkmgtwireless-01.png b/devices/surface-hub/images/networkmgtwireless-01.png deleted file mode 100644 index 0ccdc9f5c7..0000000000 Binary files a/devices/surface-hub/images/networkmgtwireless-01.png and /dev/null differ diff --git a/devices/surface-hub/images/networkmgtwireless-02.png b/devices/surface-hub/images/networkmgtwireless-02.png deleted file mode 100644 index 5e9ccb9d99..0000000000 Binary files a/devices/surface-hub/images/networkmgtwireless-02.png and /dev/null differ diff --git a/devices/surface-hub/images/networkmgtwireless-03.png b/devices/surface-hub/images/networkmgtwireless-03.png deleted file mode 100644 index 33954daf1a..0000000000 Binary files a/devices/surface-hub/images/networkmgtwireless-03.png and /dev/null differ diff --git a/devices/surface-hub/images/networkmgtwireless-04.png b/devices/surface-hub/images/networkmgtwireless-04.png deleted file mode 100644 index c1d0e6ec6d..0000000000 Binary files a/devices/surface-hub/images/networkmgtwireless-04.png and /dev/null differ diff --git a/devices/surface-hub/images/new-user-hybrid-voice.png b/devices/surface-hub/images/new-user-hybrid-voice.png deleted file mode 100644 index e291f9ebca..0000000000 Binary files a/devices/surface-hub/images/new-user-hybrid-voice.png and /dev/null differ diff --git a/devices/surface-hub/images/new-user-password-hybrid-voice.png b/devices/surface-hub/images/new-user-password-hybrid-voice.png deleted file mode 100644 index 1ae4d5560b..0000000000 Binary files a/devices/surface-hub/images/new-user-password-hybrid-voice.png and /dev/null differ diff --git a/devices/surface-hub/images/oma-uri.png b/devices/surface-hub/images/oma-uri.png deleted file mode 100644 index b6d4a325d0..0000000000 Binary files a/devices/surface-hub/images/oma-uri.png and /dev/null differ diff --git a/devices/surface-hub/images/one.png b/devices/surface-hub/images/one.png deleted file mode 100644 index 42b4742c49..0000000000 Binary files a/devices/surface-hub/images/one.png and /dev/null differ diff --git a/devices/surface-hub/images/oobe.jpg b/devices/surface-hub/images/oobe.jpg deleted file mode 100644 index 53a5dab6bf..0000000000 Binary files a/devices/surface-hub/images/oobe.jpg and /dev/null differ diff --git a/devices/surface-hub/images/plan1.png b/devices/surface-hub/images/plan1.png deleted file mode 100644 index 891e1e43a6..0000000000 Binary files a/devices/surface-hub/images/plan1.png and /dev/null differ diff --git a/devices/surface-hub/images/plan2.png b/devices/surface-hub/images/plan2.png deleted file mode 100644 index 3ad1f2b9fc..0000000000 Binary files a/devices/surface-hub/images/plan2.png and /dev/null differ diff --git a/devices/surface-hub/images/plan3.png b/devices/surface-hub/images/plan3.png deleted file mode 100644 index 1891d1d2b5..0000000000 Binary files a/devices/surface-hub/images/plan3.png and /dev/null differ diff --git a/devices/surface-hub/images/ppkg-config.png b/devices/surface-hub/images/ppkg-config.png deleted file mode 100644 index 10a2b7de58..0000000000 Binary files a/devices/surface-hub/images/ppkg-config.png and /dev/null differ diff --git a/devices/surface-hub/images/ppkg-csv.png b/devices/surface-hub/images/ppkg-csv.png deleted file mode 100644 index 0648f555e1..0000000000 Binary files a/devices/surface-hub/images/ppkg-csv.png and /dev/null differ diff --git a/devices/surface-hub/images/product-license-hybrid-voice.png b/devices/surface-hub/images/product-license-hybrid-voice.png deleted file mode 100644 index 3d16aeb467..0000000000 Binary files a/devices/surface-hub/images/product-license-hybrid-voice.png and /dev/null differ diff --git a/devices/surface-hub/images/prov.jpg b/devices/surface-hub/images/prov.jpg deleted file mode 100644 index 1593ccb36b..0000000000 Binary files a/devices/surface-hub/images/prov.jpg and /dev/null differ diff --git a/devices/surface-hub/images/provisioningpackageoobe-01.png b/devices/surface-hub/images/provisioningpackageoobe-01.png deleted file mode 100644 index 72774987c7..0000000000 Binary files a/devices/surface-hub/images/provisioningpackageoobe-01.png and /dev/null differ diff --git a/devices/surface-hub/images/provisioningpackageoobe-02.png b/devices/surface-hub/images/provisioningpackageoobe-02.png deleted file mode 100644 index 43d283a316..0000000000 Binary files a/devices/surface-hub/images/provisioningpackageoobe-02.png and /dev/null differ diff --git a/devices/surface-hub/images/provisioningpackageoobe-03.png b/devices/surface-hub/images/provisioningpackageoobe-03.png deleted file mode 100644 index 84b037292f..0000000000 Binary files a/devices/surface-hub/images/provisioningpackageoobe-03.png and /dev/null differ diff --git a/devices/surface-hub/images/provisioningpackageoobe-04.png b/devices/surface-hub/images/provisioningpackageoobe-04.png deleted file mode 100644 index 9c854e8084..0000000000 Binary files a/devices/surface-hub/images/provisioningpackageoobe-04.png and /dev/null differ diff --git a/devices/surface-hub/images/provisioningpackagesettings-01.png b/devices/surface-hub/images/provisioningpackagesettings-01.png deleted file mode 100644 index b42614c566..0000000000 Binary files a/devices/surface-hub/images/provisioningpackagesettings-01.png and /dev/null differ diff --git a/devices/surface-hub/images/provisioningpackagesettings-02.png b/devices/surface-hub/images/provisioningpackagesettings-02.png deleted file mode 100644 index f6cae68e8b..0000000000 Binary files a/devices/surface-hub/images/provisioningpackagesettings-02.png and /dev/null differ diff --git a/devices/surface-hub/images/provisioningpackagesettings-03.png b/devices/surface-hub/images/provisioningpackagesettings-03.png deleted file mode 100644 index e4538d7368..0000000000 Binary files a/devices/surface-hub/images/provisioningpackagesettings-03.png and /dev/null differ diff --git a/devices/surface-hub/images/proxy-details.PNG b/devices/surface-hub/images/proxy-details.PNG deleted file mode 100644 index fcc7b06a41..0000000000 Binary files a/devices/surface-hub/images/proxy-details.PNG and /dev/null differ diff --git a/devices/surface-hub/images/proxy.PNG b/devices/surface-hub/images/proxy.PNG deleted file mode 100644 index cdfc02c454..0000000000 Binary files a/devices/surface-hub/images/proxy.PNG and /dev/null differ diff --git a/devices/surface-hub/images/qos-create.png b/devices/surface-hub/images/qos-create.png deleted file mode 100644 index 7cd4726ddb..0000000000 Binary files a/devices/surface-hub/images/qos-create.png and /dev/null differ diff --git a/devices/surface-hub/images/qos-setting.png b/devices/surface-hub/images/qos-setting.png deleted file mode 100644 index d775d9a46f..0000000000 Binary files a/devices/surface-hub/images/qos-setting.png and /dev/null differ diff --git a/devices/surface-hub/images/recover-from-cloud.png b/devices/surface-hub/images/recover-from-cloud.png deleted file mode 100644 index 7d409edc5f..0000000000 Binary files a/devices/surface-hub/images/recover-from-cloud.png and /dev/null differ diff --git a/devices/surface-hub/images/recover-from-the-cloud.png b/devices/surface-hub/images/recover-from-the-cloud.png deleted file mode 100644 index 07c1e22851..0000000000 Binary files a/devices/surface-hub/images/recover-from-the-cloud.png and /dev/null differ diff --git a/devices/surface-hub/images/recover-progress.png b/devices/surface-hub/images/recover-progress.png deleted file mode 100644 index 316d830a57..0000000000 Binary files a/devices/surface-hub/images/recover-progress.png and /dev/null differ diff --git a/devices/surface-hub/images/reinstall.png b/devices/surface-hub/images/reinstall.png deleted file mode 100644 index 2f307841aa..0000000000 Binary files a/devices/surface-hub/images/reinstall.png and /dev/null differ diff --git a/devices/surface-hub/images/repartition.png b/devices/surface-hub/images/repartition.png deleted file mode 100644 index 26725a8c54..0000000000 Binary files a/devices/surface-hub/images/repartition.png and /dev/null differ diff --git a/devices/surface-hub/images/replacement-port-55.PNG b/devices/surface-hub/images/replacement-port-55.PNG deleted file mode 100644 index 5bf0b51b02..0000000000 Binary files a/devices/surface-hub/images/replacement-port-55.PNG and /dev/null differ diff --git a/devices/surface-hub/images/replacement-port-84.PNG b/devices/surface-hub/images/replacement-port-84.PNG deleted file mode 100644 index 45284b4ab9..0000000000 Binary files a/devices/surface-hub/images/replacement-port-84.PNG and /dev/null differ diff --git a/devices/surface-hub/images/rj11.png b/devices/surface-hub/images/rj11.png deleted file mode 100644 index f044354caa..0000000000 Binary files a/devices/surface-hub/images/rj11.png and /dev/null differ diff --git a/devices/surface-hub/images/rj45.png b/devices/surface-hub/images/rj45.png deleted file mode 100644 index ca88423217..0000000000 Binary files a/devices/surface-hub/images/rj45.png and /dev/null differ diff --git a/devices/surface-hub/images/room-add.png b/devices/surface-hub/images/room-add.png deleted file mode 100644 index 6b0597c41a..0000000000 Binary files a/devices/surface-hub/images/room-add.png and /dev/null differ diff --git a/devices/surface-hub/images/room-control-wiring-diagram.png b/devices/surface-hub/images/room-control-wiring-diagram.png deleted file mode 100644 index 5a2ecf613e..0000000000 Binary files a/devices/surface-hub/images/room-control-wiring-diagram.png and /dev/null differ diff --git a/devices/surface-hub/images/room-equipment.png b/devices/surface-hub/images/room-equipment.png deleted file mode 100644 index 131f8b8c75..0000000000 Binary files a/devices/surface-hub/images/room-equipment.png and /dev/null differ diff --git a/devices/surface-hub/images/roomcontrolwiring.png b/devices/surface-hub/images/roomcontrolwiring.png deleted file mode 100644 index 78da10ce77..0000000000 Binary files a/devices/surface-hub/images/roomcontrolwiring.png and /dev/null differ diff --git a/devices/surface-hub/images/select-room-hybrid-voice.png b/devices/surface-hub/images/select-room-hybrid-voice.png deleted file mode 100644 index 961f8355e8..0000000000 Binary files a/devices/surface-hub/images/select-room-hybrid-voice.png and /dev/null differ diff --git a/devices/surface-hub/images/set-up-device-admins-details.PNG b/devices/surface-hub/images/set-up-device-admins-details.PNG deleted file mode 100644 index 42c04b4b3b..0000000000 Binary files a/devices/surface-hub/images/set-up-device-admins-details.PNG and /dev/null differ diff --git a/devices/surface-hub/images/set-up-device-admins.PNG b/devices/surface-hub/images/set-up-device-admins.PNG deleted file mode 100644 index e0e037903c..0000000000 Binary files a/devices/surface-hub/images/set-up-device-admins.PNG and /dev/null differ diff --git a/devices/surface-hub/images/set-up-device-details.PNG b/devices/surface-hub/images/set-up-device-details.PNG deleted file mode 100644 index be565ac8d9..0000000000 Binary files a/devices/surface-hub/images/set-up-device-details.PNG and /dev/null differ diff --git a/devices/surface-hub/images/set-up-device.PNG b/devices/surface-hub/images/set-up-device.PNG deleted file mode 100644 index 0c9eb0e3ff..0000000000 Binary files a/devices/surface-hub/images/set-up-device.PNG and /dev/null differ diff --git a/devices/surface-hub/images/set-up-network-details.PNG b/devices/surface-hub/images/set-up-network-details.PNG deleted file mode 100644 index 7e1391326c..0000000000 Binary files a/devices/surface-hub/images/set-up-network-details.PNG and /dev/null differ diff --git a/devices/surface-hub/images/set-up-network.PNG b/devices/surface-hub/images/set-up-network.PNG deleted file mode 100644 index a0e856c103..0000000000 Binary files a/devices/surface-hub/images/set-up-network.PNG and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceacct.png b/devices/surface-hub/images/setupdeviceacct.png deleted file mode 100644 index 23c2f22171..0000000000 Binary files a/devices/surface-hub/images/setupdeviceacct.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceacctexch-01.png b/devices/surface-hub/images/setupdeviceacctexch-01.png deleted file mode 100644 index 10710fa4ca..0000000000 Binary files a/devices/surface-hub/images/setupdeviceacctexch-01.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceacctexch-02.png b/devices/surface-hub/images/setupdeviceacctexch-02.png deleted file mode 100644 index b55cb6b87e..0000000000 Binary files a/devices/surface-hub/images/setupdeviceacctexch-02.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceacctexch-03.png b/devices/surface-hub/images/setupdeviceacctexch-03.png deleted file mode 100644 index 4f15b6e025..0000000000 Binary files a/devices/surface-hub/images/setupdeviceacctexch-03.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceacctexch-05.png b/devices/surface-hub/images/setupdeviceacctexch-05.png deleted file mode 100644 index 40dced3c01..0000000000 Binary files a/devices/surface-hub/images/setupdeviceacctexch-05.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceacctexch-06.png b/devices/surface-hub/images/setupdeviceacctexch-06.png deleted file mode 100644 index f4f1686037..0000000000 Binary files a/devices/surface-hub/images/setupdeviceacctexch-06.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceacctexch-07.png b/devices/surface-hub/images/setupdeviceacctexch-07.png deleted file mode 100644 index aebb0ae29e..0000000000 Binary files a/devices/surface-hub/images/setupdeviceacctexch-07.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceacctexch-08.png b/devices/surface-hub/images/setupdeviceacctexch-08.png deleted file mode 100644 index 85c013f98d..0000000000 Binary files a/devices/surface-hub/images/setupdeviceacctexch-08.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceacctexch-09.png b/devices/surface-hub/images/setupdeviceacctexch-09.png deleted file mode 100644 index f36fb9817c..0000000000 Binary files a/devices/surface-hub/images/setupdeviceacctexch-09.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceacctexch-10.png b/devices/surface-hub/images/setupdeviceacctexch-10.png deleted file mode 100644 index 4a5d1aaee4..0000000000 Binary files a/devices/surface-hub/images/setupdeviceacctexch-10.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceacctexch-11.png b/devices/surface-hub/images/setupdeviceacctexch-11.png deleted file mode 100644 index 03d320cd55..0000000000 Binary files a/devices/surface-hub/images/setupdeviceacctexch-11.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceaccto365-02.png b/devices/surface-hub/images/setupdeviceaccto365-02.png deleted file mode 100644 index e0694bac42..0000000000 Binary files a/devices/surface-hub/images/setupdeviceaccto365-02.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceaccto365-03.png b/devices/surface-hub/images/setupdeviceaccto365-03.png deleted file mode 100644 index f93f0f1594..0000000000 Binary files a/devices/surface-hub/images/setupdeviceaccto365-03.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceaccto365-04.png b/devices/surface-hub/images/setupdeviceaccto365-04.png deleted file mode 100644 index 8484394faa..0000000000 Binary files a/devices/surface-hub/images/setupdeviceaccto365-04.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceaccto365-05.png b/devices/surface-hub/images/setupdeviceaccto365-05.png deleted file mode 100644 index 51150e3bcb..0000000000 Binary files a/devices/surface-hub/images/setupdeviceaccto365-05.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceaccto365-06.png b/devices/surface-hub/images/setupdeviceaccto365-06.png deleted file mode 100644 index 3f6567feca..0000000000 Binary files a/devices/surface-hub/images/setupdeviceaccto365-06.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceaccto365-07.png b/devices/surface-hub/images/setupdeviceaccto365-07.png deleted file mode 100644 index ce0eb99af2..0000000000 Binary files a/devices/surface-hub/images/setupdeviceaccto365-07.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceaccto365-08.png b/devices/surface-hub/images/setupdeviceaccto365-08.png deleted file mode 100644 index e174c7d54c..0000000000 Binary files a/devices/surface-hub/images/setupdeviceaccto365-08.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceaccto365-09.png b/devices/surface-hub/images/setupdeviceaccto365-09.png deleted file mode 100644 index 4820c18f0f..0000000000 Binary files a/devices/surface-hub/images/setupdeviceaccto365-09.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceaccto365-10.png b/devices/surface-hub/images/setupdeviceaccto365-10.png deleted file mode 100644 index bb461ddf8d..0000000000 Binary files a/devices/surface-hub/images/setupdeviceaccto365-10.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceaccto365-11.png b/devices/surface-hub/images/setupdeviceaccto365-11.png deleted file mode 100644 index f88d1246aa..0000000000 Binary files a/devices/surface-hub/images/setupdeviceaccto365-11.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceaccto365-12.png b/devices/surface-hub/images/setupdeviceaccto365-12.png deleted file mode 100644 index 29a2fa31d3..0000000000 Binary files a/devices/surface-hub/images/setupdeviceaccto365-12.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceaccto365-13.png b/devices/surface-hub/images/setupdeviceaccto365-13.png deleted file mode 100644 index 3e079c3092..0000000000 Binary files a/devices/surface-hub/images/setupdeviceaccto365-13.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceaccto365-14.png b/devices/surface-hub/images/setupdeviceaccto365-14.png deleted file mode 100644 index da2175f3d1..0000000000 Binary files a/devices/surface-hub/images/setupdeviceaccto365-14.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceaccto365-15.png b/devices/surface-hub/images/setupdeviceaccto365-15.png deleted file mode 100644 index 00e066f97e..0000000000 Binary files a/devices/surface-hub/images/setupdeviceaccto365-15.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceaccto365-16.png b/devices/surface-hub/images/setupdeviceaccto365-16.png deleted file mode 100644 index b6e467c72f..0000000000 Binary files a/devices/surface-hub/images/setupdeviceaccto365-16.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceaccto365-17.png b/devices/surface-hub/images/setupdeviceaccto365-17.png deleted file mode 100644 index e1501c92a1..0000000000 Binary files a/devices/surface-hub/images/setupdeviceaccto365-17.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceaccto365-18.png b/devices/surface-hub/images/setupdeviceaccto365-18.png deleted file mode 100644 index 8f1f3aba04..0000000000 Binary files a/devices/surface-hub/images/setupdeviceaccto365-18.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceaccto365-19.png b/devices/surface-hub/images/setupdeviceaccto365-19.png deleted file mode 100644 index 3e9b2a86fc..0000000000 Binary files a/devices/surface-hub/images/setupdeviceaccto365-19.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceaccto365-20.png b/devices/surface-hub/images/setupdeviceaccto365-20.png deleted file mode 100644 index 210cfb54c8..0000000000 Binary files a/devices/surface-hub/images/setupdeviceaccto365-20.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceaccto365-21.png b/devices/surface-hub/images/setupdeviceaccto365-21.png deleted file mode 100644 index 6ea80e548d..0000000000 Binary files a/devices/surface-hub/images/setupdeviceaccto365-21.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceaccto365-22.png b/devices/surface-hub/images/setupdeviceaccto365-22.png deleted file mode 100644 index cacd3294ad..0000000000 Binary files a/devices/surface-hub/images/setupdeviceaccto365-22.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceaccto365-23.png b/devices/surface-hub/images/setupdeviceaccto365-23.png deleted file mode 100644 index f15727c542..0000000000 Binary files a/devices/surface-hub/images/setupdeviceaccto365-23.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceaccto365-24.png b/devices/surface-hub/images/setupdeviceaccto365-24.png deleted file mode 100644 index a335591f17..0000000000 Binary files a/devices/surface-hub/images/setupdeviceaccto365-24.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceaccto365-25.png b/devices/surface-hub/images/setupdeviceaccto365-25.png deleted file mode 100644 index b49e3e9066..0000000000 Binary files a/devices/surface-hub/images/setupdeviceaccto365-25.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdeviceaccto365-26.png b/devices/surface-hub/images/setupdeviceaccto365-26.png deleted file mode 100644 index 5a2841ec32..0000000000 Binary files a/devices/surface-hub/images/setupdeviceaccto365-26.png and /dev/null differ diff --git a/devices/surface-hub/images/setupdomainjoin.png b/devices/surface-hub/images/setupdomainjoin.png deleted file mode 100644 index c42a637981..0000000000 Binary files a/devices/surface-hub/images/setupdomainjoin.png and /dev/null differ diff --git a/devices/surface-hub/images/setupexchangepolicies.png b/devices/surface-hub/images/setupexchangepolicies.png deleted file mode 100644 index 63a4396364..0000000000 Binary files a/devices/surface-hub/images/setupexchangepolicies.png and /dev/null differ diff --git a/devices/surface-hub/images/setupexchangeserver-01.png b/devices/surface-hub/images/setupexchangeserver-01.png deleted file mode 100644 index f3b9dc9e18..0000000000 Binary files a/devices/surface-hub/images/setupexchangeserver-01.png and /dev/null differ diff --git a/devices/surface-hub/images/setupexchangeserver-02.png b/devices/surface-hub/images/setupexchangeserver-02.png deleted file mode 100644 index 58462ec244..0000000000 Binary files a/devices/surface-hub/images/setupexchangeserver-02.png and /dev/null differ diff --git a/devices/surface-hub/images/setupjoiningazuread-1.png b/devices/surface-hub/images/setupjoiningazuread-1.png deleted file mode 100644 index cd24be2c90..0000000000 Binary files a/devices/surface-hub/images/setupjoiningazuread-1.png and /dev/null differ diff --git a/devices/surface-hub/images/setupjoiningazuread-2.png b/devices/surface-hub/images/setupjoiningazuread-2.png deleted file mode 100644 index 9ec163f679..0000000000 Binary files a/devices/surface-hub/images/setupjoiningazuread-2.png and /dev/null differ diff --git a/devices/surface-hub/images/setupjoiningazuread-3.png b/devices/surface-hub/images/setupjoiningazuread-3.png deleted file mode 100644 index abe6691d92..0000000000 Binary files a/devices/surface-hub/images/setupjoiningazuread-3.png and /dev/null differ diff --git a/devices/surface-hub/images/setuplocaladmin.png b/devices/surface-hub/images/setuplocaladmin.png deleted file mode 100644 index 30ac056c5a..0000000000 Binary files a/devices/surface-hub/images/setuplocaladmin.png and /dev/null differ diff --git a/devices/surface-hub/images/setuplocale.png b/devices/surface-hub/images/setuplocale.png deleted file mode 100644 index e9aa468697..0000000000 Binary files a/devices/surface-hub/images/setuplocale.png and /dev/null differ diff --git a/devices/surface-hub/images/setupmsg.jpg b/devices/surface-hub/images/setupmsg.jpg deleted file mode 100644 index 12935483c5..0000000000 Binary files a/devices/surface-hub/images/setupmsg.jpg and /dev/null differ diff --git a/devices/surface-hub/images/setupnamedevice.png b/devices/surface-hub/images/setupnamedevice.png deleted file mode 100644 index 5baa35c487..0000000000 Binary files a/devices/surface-hub/images/setupnamedevice.png and /dev/null differ diff --git a/devices/surface-hub/images/setupnetworksetup-1.png b/devices/surface-hub/images/setupnetworksetup-1.png deleted file mode 100644 index 49dfbde566..0000000000 Binary files a/devices/surface-hub/images/setupnetworksetup-1.png and /dev/null differ diff --git a/devices/surface-hub/images/setupnetworksetup-2.png b/devices/surface-hub/images/setupnetworksetup-2.png deleted file mode 100644 index 4d96e95782..0000000000 Binary files a/devices/surface-hub/images/setupnetworksetup-2.png and /dev/null differ diff --git a/devices/surface-hub/images/setupnetworksetup-3.png b/devices/surface-hub/images/setupnetworksetup-3.png deleted file mode 100644 index 62d6e0a772..0000000000 Binary files a/devices/surface-hub/images/setupnetworksetup-3.png and /dev/null differ diff --git a/devices/surface-hub/images/setupnetworksetup-4.png b/devices/surface-hub/images/setupnetworksetup-4.png deleted file mode 100644 index 836bb208fb..0000000000 Binary files a/devices/surface-hub/images/setupnetworksetup-4.png and /dev/null differ diff --git a/devices/surface-hub/images/setupsecuritygroup-1.png b/devices/surface-hub/images/setupsecuritygroup-1.png deleted file mode 100644 index bab6e2f197..0000000000 Binary files a/devices/surface-hub/images/setupsecuritygroup-1.png and /dev/null differ diff --git a/devices/surface-hub/images/setupsetupadmins.png b/devices/surface-hub/images/setupsetupadmins.png deleted file mode 100644 index 109cb1ea92..0000000000 Binary files a/devices/surface-hub/images/setupsetupadmins.png and /dev/null differ diff --git a/devices/surface-hub/images/setupsetupforyou.png b/devices/surface-hub/images/setupsetupforyou.png deleted file mode 100644 index c0ea230caf..0000000000 Binary files a/devices/surface-hub/images/setupsetupforyou.png and /dev/null differ diff --git a/devices/surface-hub/images/setupskipdeviceacct.png b/devices/surface-hub/images/setupskipdeviceacct.png deleted file mode 100644 index 7a71c7f982..0000000000 Binary files a/devices/surface-hub/images/setupskipdeviceacct.png and /dev/null differ diff --git a/devices/surface-hub/images/sh-55-bottom.png b/devices/surface-hub/images/sh-55-bottom.png deleted file mode 100644 index 3d718d1226..0000000000 Binary files a/devices/surface-hub/images/sh-55-bottom.png and /dev/null differ diff --git a/devices/surface-hub/images/sh-55-clearance.png b/devices/surface-hub/images/sh-55-clearance.png deleted file mode 100644 index 12fc35ec49..0000000000 Binary files a/devices/surface-hub/images/sh-55-clearance.png and /dev/null differ diff --git a/devices/surface-hub/images/sh-55-front.png b/devices/surface-hub/images/sh-55-front.png deleted file mode 100644 index e1268ee328..0000000000 Binary files a/devices/surface-hub/images/sh-55-front.png and /dev/null differ diff --git a/devices/surface-hub/images/sh-55-guest-ports.png b/devices/surface-hub/images/sh-55-guest-ports.png deleted file mode 100644 index af42c738f8..0000000000 Binary files a/devices/surface-hub/images/sh-55-guest-ports.png and /dev/null differ diff --git a/devices/surface-hub/images/sh-55-hand-rear.png b/devices/surface-hub/images/sh-55-hand-rear.png deleted file mode 100644 index b1ff007ec2..0000000000 Binary files a/devices/surface-hub/images/sh-55-hand-rear.png and /dev/null differ diff --git a/devices/surface-hub/images/sh-55-hand.png b/devices/surface-hub/images/sh-55-hand.png deleted file mode 100644 index 6f8d96ba8e..0000000000 Binary files a/devices/surface-hub/images/sh-55-hand.png and /dev/null differ diff --git a/devices/surface-hub/images/sh-55-rear.png b/devices/surface-hub/images/sh-55-rear.png deleted file mode 100644 index 840b941e03..0000000000 Binary files a/devices/surface-hub/images/sh-55-rear.png and /dev/null differ diff --git a/devices/surface-hub/images/sh-55-rpc-ports.png b/devices/surface-hub/images/sh-55-rpc-ports.png deleted file mode 100644 index 7df98f2277..0000000000 Binary files a/devices/surface-hub/images/sh-55-rpc-ports.png and /dev/null differ diff --git a/devices/surface-hub/images/sh-55-top.png b/devices/surface-hub/images/sh-55-top.png deleted file mode 100644 index f8c93f5d1b..0000000000 Binary files a/devices/surface-hub/images/sh-55-top.png and /dev/null differ diff --git a/devices/surface-hub/images/sh-84-bottom.png b/devices/surface-hub/images/sh-84-bottom.png deleted file mode 100644 index d7252537e4..0000000000 Binary files a/devices/surface-hub/images/sh-84-bottom.png and /dev/null differ diff --git a/devices/surface-hub/images/sh-84-clearance.png b/devices/surface-hub/images/sh-84-clearance.png deleted file mode 100644 index 8fd0cd2c32..0000000000 Binary files a/devices/surface-hub/images/sh-84-clearance.png and /dev/null differ diff --git a/devices/surface-hub/images/sh-84-front.png b/devices/surface-hub/images/sh-84-front.png deleted file mode 100644 index 8afa0de18b..0000000000 Binary files a/devices/surface-hub/images/sh-84-front.png and /dev/null differ diff --git a/devices/surface-hub/images/sh-84-guest-ports.png b/devices/surface-hub/images/sh-84-guest-ports.png deleted file mode 100644 index 6c7060154b..0000000000 Binary files a/devices/surface-hub/images/sh-84-guest-ports.png and /dev/null differ diff --git a/devices/surface-hub/images/sh-84-hand-top.png b/devices/surface-hub/images/sh-84-hand-top.png deleted file mode 100644 index 1e52446eb0..0000000000 Binary files a/devices/surface-hub/images/sh-84-hand-top.png and /dev/null differ diff --git a/devices/surface-hub/images/sh-84-hand.png b/devices/surface-hub/images/sh-84-hand.png deleted file mode 100644 index 3e84a8a434..0000000000 Binary files a/devices/surface-hub/images/sh-84-hand.png and /dev/null differ diff --git a/devices/surface-hub/images/sh-84-rear.png b/devices/surface-hub/images/sh-84-rear.png deleted file mode 100644 index 5837d4e185..0000000000 Binary files a/devices/surface-hub/images/sh-84-rear.png and /dev/null differ diff --git a/devices/surface-hub/images/sh-84-rpc-ports.png b/devices/surface-hub/images/sh-84-rpc-ports.png deleted file mode 100644 index f3a0a52327..0000000000 Binary files a/devices/surface-hub/images/sh-84-rpc-ports.png and /dev/null differ diff --git a/devices/surface-hub/images/sh-84-side.png b/devices/surface-hub/images/sh-84-side.png deleted file mode 100644 index 6b1ad8385b..0000000000 Binary files a/devices/surface-hub/images/sh-84-side.png and /dev/null differ diff --git a/devices/surface-hub/images/sh-84-top.png b/devices/surface-hub/images/sh-84-top.png deleted file mode 100644 index badc94af0b..0000000000 Binary files a/devices/surface-hub/images/sh-84-top.png and /dev/null differ diff --git a/devices/surface-hub/images/sh-84-wall.png b/devices/surface-hub/images/sh-84-wall.png deleted file mode 100644 index 15d2e5a848..0000000000 Binary files a/devices/surface-hub/images/sh-84-wall.png and /dev/null differ diff --git a/devices/surface-hub/images/sh-device-family-availability.png b/devices/surface-hub/images/sh-device-family-availability.png deleted file mode 100644 index 30b8a954af..0000000000 Binary files a/devices/surface-hub/images/sh-device-family-availability.png and /dev/null differ diff --git a/devices/surface-hub/images/sh-org-licensing.png b/devices/surface-hub/images/sh-org-licensing.png deleted file mode 100644 index 48c7033715..0000000000 Binary files a/devices/surface-hub/images/sh-org-licensing.png and /dev/null differ diff --git a/devices/surface-hub/images/sh-quick-action.png b/devices/surface-hub/images/sh-quick-action.png deleted file mode 100644 index 3003e464b3..0000000000 Binary files a/devices/surface-hub/images/sh-quick-action.png and /dev/null differ diff --git a/devices/surface-hub/images/sh-select-template.png b/devices/surface-hub/images/sh-select-template.png deleted file mode 100644 index 58ab21481e..0000000000 Binary files a/devices/surface-hub/images/sh-select-template.png and /dev/null differ diff --git a/devices/surface-hub/images/sh-settings-reset-device.png b/devices/surface-hub/images/sh-settings-reset-device.png deleted file mode 100644 index f3a9a6dc5c..0000000000 Binary files a/devices/surface-hub/images/sh-settings-reset-device.png and /dev/null differ diff --git a/devices/surface-hub/images/sh-settings-update-security.png b/devices/surface-hub/images/sh-settings-update-security.png deleted file mode 100644 index 59212d1805..0000000000 Binary files a/devices/surface-hub/images/sh-settings-update-security.png and /dev/null differ diff --git a/devices/surface-hub/images/sh-settings.png b/devices/surface-hub/images/sh-settings.png deleted file mode 100644 index 0134fda740..0000000000 Binary files a/devices/surface-hub/images/sh-settings.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-account2.png b/devices/surface-hub/images/sh2-account2.png deleted file mode 100644 index 2a2267ab7c..0000000000 Binary files a/devices/surface-hub/images/sh2-account2.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-account3.png b/devices/surface-hub/images/sh2-account3.png deleted file mode 100644 index b67ff0da37..0000000000 Binary files a/devices/surface-hub/images/sh2-account3.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-account4.png b/devices/surface-hub/images/sh2-account4.png deleted file mode 100644 index 7495f28607..0000000000 Binary files a/devices/surface-hub/images/sh2-account4.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-account5.png b/devices/surface-hub/images/sh2-account5.png deleted file mode 100644 index 3dc9061733..0000000000 Binary files a/devices/surface-hub/images/sh2-account5.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-add-group.png b/devices/surface-hub/images/sh2-add-group.png deleted file mode 100644 index eb44ad8cf9..0000000000 Binary files a/devices/surface-hub/images/sh2-add-group.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-add-room.png b/devices/surface-hub/images/sh2-add-room.png deleted file mode 100644 index c53ee340bc..0000000000 Binary files a/devices/surface-hub/images/sh2-add-room.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-apps-assign.png b/devices/surface-hub/images/sh2-apps-assign.png deleted file mode 100644 index f6a91864c8..0000000000 Binary files a/devices/surface-hub/images/sh2-apps-assign.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-assign-group.png b/devices/surface-hub/images/sh2-assign-group.png deleted file mode 100644 index a2d79bcd34..0000000000 Binary files a/devices/surface-hub/images/sh2-assign-group.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-cartridge.png b/devices/surface-hub/images/sh2-cartridge.png deleted file mode 100644 index 3c7a2e83be..0000000000 Binary files a/devices/surface-hub/images/sh2-cartridge.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-config-file.png b/devices/surface-hub/images/sh2-config-file.png deleted file mode 100644 index d8293c8ff6..0000000000 Binary files a/devices/surface-hub/images/sh2-config-file.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-deploy-apps-sync.png b/devices/surface-hub/images/sh2-deploy-apps-sync.png deleted file mode 100644 index 060c29c17f..0000000000 Binary files a/devices/surface-hub/images/sh2-deploy-apps-sync.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-keepout-zones.png b/devices/surface-hub/images/sh2-keepout-zones.png deleted file mode 100644 index bf318963df..0000000000 Binary files a/devices/surface-hub/images/sh2-keepout-zones.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-keypad.png b/devices/surface-hub/images/sh2-keypad.png deleted file mode 100644 index 595bb19341..0000000000 Binary files a/devices/surface-hub/images/sh2-keypad.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-mobile-stand.png b/devices/surface-hub/images/sh2-mobile-stand.png deleted file mode 100644 index 75c64f06f3..0000000000 Binary files a/devices/surface-hub/images/sh2-mobile-stand.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-mount-config.png b/devices/surface-hub/images/sh2-mount-config.png deleted file mode 100644 index 5cde6108a1..0000000000 Binary files a/devices/surface-hub/images/sh2-mount-config.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-onscreen-display.png b/devices/surface-hub/images/sh2-onscreen-display.png deleted file mode 100644 index 4605f50734..0000000000 Binary files a/devices/surface-hub/images/sh2-onscreen-display.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-pen-1.png b/devices/surface-hub/images/sh2-pen-1.png deleted file mode 100644 index 71693c021e..0000000000 Binary files a/devices/surface-hub/images/sh2-pen-1.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-pen-pressure.png b/devices/surface-hub/images/sh2-pen-pressure.png deleted file mode 100644 index 67054ca972..0000000000 Binary files a/devices/surface-hub/images/sh2-pen-pressure.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-pen.png b/devices/surface-hub/images/sh2-pen.png deleted file mode 100644 index 06b344d8c5..0000000000 Binary files a/devices/surface-hub/images/sh2-pen.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-ports.png b/devices/surface-hub/images/sh2-ports.png deleted file mode 100644 index 2d30422911..0000000000 Binary files a/devices/surface-hub/images/sh2-ports.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-proxy.png b/devices/surface-hub/images/sh2-proxy.png deleted file mode 100644 index 81946a9906..0000000000 Binary files a/devices/surface-hub/images/sh2-proxy.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-reset.png b/devices/surface-hub/images/sh2-reset.png deleted file mode 100644 index 06b306ec5d..0000000000 Binary files a/devices/surface-hub/images/sh2-reset.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-run1.png b/devices/surface-hub/images/sh2-run1.png deleted file mode 100644 index 15aa540166..0000000000 Binary files a/devices/surface-hub/images/sh2-run1.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-run10.png b/devices/surface-hub/images/sh2-run10.png deleted file mode 100644 index 5e980fa334..0000000000 Binary files a/devices/surface-hub/images/sh2-run10.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-run11.png b/devices/surface-hub/images/sh2-run11.png deleted file mode 100644 index 02362bc5da..0000000000 Binary files a/devices/surface-hub/images/sh2-run11.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-run12.png b/devices/surface-hub/images/sh2-run12.png deleted file mode 100644 index f619ac4c42..0000000000 Binary files a/devices/surface-hub/images/sh2-run12.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-run13.png b/devices/surface-hub/images/sh2-run13.png deleted file mode 100644 index 77b9e3e2a6..0000000000 Binary files a/devices/surface-hub/images/sh2-run13.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-run14.png b/devices/surface-hub/images/sh2-run14.png deleted file mode 100644 index d88ca872ca..0000000000 Binary files a/devices/surface-hub/images/sh2-run14.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-run2.png b/devices/surface-hub/images/sh2-run2.png deleted file mode 100644 index fd379b2b05..0000000000 Binary files a/devices/surface-hub/images/sh2-run2.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-run3.png b/devices/surface-hub/images/sh2-run3.png deleted file mode 100644 index 8171beecbf..0000000000 Binary files a/devices/surface-hub/images/sh2-run3.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-run4.png b/devices/surface-hub/images/sh2-run4.png deleted file mode 100644 index 1a132dfebb..0000000000 Binary files a/devices/surface-hub/images/sh2-run4.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-run5.png b/devices/surface-hub/images/sh2-run5.png deleted file mode 100644 index ebfe53f3cb..0000000000 Binary files a/devices/surface-hub/images/sh2-run5.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-run6.png b/devices/surface-hub/images/sh2-run6.png deleted file mode 100644 index 896531f4ec..0000000000 Binary files a/devices/surface-hub/images/sh2-run6.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-run7.png b/devices/surface-hub/images/sh2-run7.png deleted file mode 100644 index 59e60d84de..0000000000 Binary files a/devices/surface-hub/images/sh2-run7.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-run8.png b/devices/surface-hub/images/sh2-run8.png deleted file mode 100644 index ec2daf8e4f..0000000000 Binary files a/devices/surface-hub/images/sh2-run8.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-run9.png b/devices/surface-hub/images/sh2-run9.png deleted file mode 100644 index 5bd3abea88..0000000000 Binary files a/devices/surface-hub/images/sh2-run9.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-set-intune1.png b/devices/surface-hub/images/sh2-set-intune1.png deleted file mode 100644 index 9993225210..0000000000 Binary files a/devices/surface-hub/images/sh2-set-intune1.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-set-intune3.png b/devices/surface-hub/images/sh2-set-intune3.png deleted file mode 100644 index f931d828fc..0000000000 Binary files a/devices/surface-hub/images/sh2-set-intune3.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-set-intune5.png b/devices/surface-hub/images/sh2-set-intune5.png deleted file mode 100644 index 9afb1c1445..0000000000 Binary files a/devices/surface-hub/images/sh2-set-intune5.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-set-intune6.png b/devices/surface-hub/images/sh2-set-intune6.png deleted file mode 100644 index 155cbb9930..0000000000 Binary files a/devices/surface-hub/images/sh2-set-intune6.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-set-intune8.png b/devices/surface-hub/images/sh2-set-intune8.png deleted file mode 100644 index a8d9bfe874..0000000000 Binary files a/devices/surface-hub/images/sh2-set-intune8.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-setup-1.png b/devices/surface-hub/images/sh2-setup-1.png deleted file mode 100644 index 1204020f9f..0000000000 Binary files a/devices/surface-hub/images/sh2-setup-1.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-setup-2.png b/devices/surface-hub/images/sh2-setup-2.png deleted file mode 100644 index 0d6501782b..0000000000 Binary files a/devices/surface-hub/images/sh2-setup-2.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-setup-3.png b/devices/surface-hub/images/sh2-setup-3.png deleted file mode 100644 index 2b827f4405..0000000000 Binary files a/devices/surface-hub/images/sh2-setup-3.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-setup-4.png b/devices/surface-hub/images/sh2-setup-4.png deleted file mode 100644 index 0825dadce4..0000000000 Binary files a/devices/surface-hub/images/sh2-setup-4.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-thermal-audio.png b/devices/surface-hub/images/sh2-thermal-audio.png deleted file mode 100644 index 5d9640df9b..0000000000 Binary files a/devices/surface-hub/images/sh2-thermal-audio.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-token.png b/devices/surface-hub/images/sh2-token.png deleted file mode 100644 index 115153a767..0000000000 Binary files a/devices/surface-hub/images/sh2-token.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-token2.png b/devices/surface-hub/images/sh2-token2.png deleted file mode 100644 index 324bc27f63..0000000000 Binary files a/devices/surface-hub/images/sh2-token2.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-token3.png b/devices/surface-hub/images/sh2-token3.png deleted file mode 100644 index 04e173d391..0000000000 Binary files a/devices/surface-hub/images/sh2-token3.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-uefi1.png b/devices/surface-hub/images/sh2-uefi1.png deleted file mode 100644 index ecb5aad455..0000000000 Binary files a/devices/surface-hub/images/sh2-uefi1.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-uefi10.png b/devices/surface-hub/images/sh2-uefi10.png deleted file mode 100644 index eafc0617a2..0000000000 Binary files a/devices/surface-hub/images/sh2-uefi10.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-uefi2.png b/devices/surface-hub/images/sh2-uefi2.png deleted file mode 100644 index 8dbcb3df84..0000000000 Binary files a/devices/surface-hub/images/sh2-uefi2.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-uefi3.png b/devices/surface-hub/images/sh2-uefi3.png deleted file mode 100644 index f9b0fdb754..0000000000 Binary files a/devices/surface-hub/images/sh2-uefi3.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-uefi4.png b/devices/surface-hub/images/sh2-uefi4.png deleted file mode 100644 index ae6f427772..0000000000 Binary files a/devices/surface-hub/images/sh2-uefi4.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-uefi5.png b/devices/surface-hub/images/sh2-uefi5.png deleted file mode 100644 index 18a780074f..0000000000 Binary files a/devices/surface-hub/images/sh2-uefi5.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-uefi6.png b/devices/surface-hub/images/sh2-uefi6.png deleted file mode 100644 index 7b4390574a..0000000000 Binary files a/devices/surface-hub/images/sh2-uefi6.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-uefi7.png b/devices/surface-hub/images/sh2-uefi7.png deleted file mode 100644 index 0302b41a43..0000000000 Binary files a/devices/surface-hub/images/sh2-uefi7.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-uefi8.png b/devices/surface-hub/images/sh2-uefi8.png deleted file mode 100644 index c5ccc27628..0000000000 Binary files a/devices/surface-hub/images/sh2-uefi8.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-uefi9.png b/devices/surface-hub/images/sh2-uefi9.png deleted file mode 100644 index 4747c398c8..0000000000 Binary files a/devices/surface-hub/images/sh2-uefi9.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-wall-front.png b/devices/surface-hub/images/sh2-wall-front.png deleted file mode 100644 index 349e124bb0..0000000000 Binary files a/devices/surface-hub/images/sh2-wall-front.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-wall-side.png b/devices/surface-hub/images/sh2-wall-side.png deleted file mode 100644 index f09cbda81e..0000000000 Binary files a/devices/surface-hub/images/sh2-wall-side.png and /dev/null differ diff --git a/devices/surface-hub/images/sh2-wcd.png b/devices/surface-hub/images/sh2-wcd.png deleted file mode 100644 index 8a945dfca4..0000000000 Binary files a/devices/surface-hub/images/sh2-wcd.png and /dev/null differ diff --git a/devices/surface-hub/images/shrt-complete.png b/devices/surface-hub/images/shrt-complete.png deleted file mode 100644 index 64525f76a3..0000000000 Binary files a/devices/surface-hub/images/shrt-complete.png and /dev/null differ diff --git a/devices/surface-hub/images/shrt-done.png b/devices/surface-hub/images/shrt-done.png deleted file mode 100644 index ea05c13051..0000000000 Binary files a/devices/surface-hub/images/shrt-done.png and /dev/null differ diff --git a/devices/surface-hub/images/shrt-download.png b/devices/surface-hub/images/shrt-download.png deleted file mode 100644 index 8eee758a54..0000000000 Binary files a/devices/surface-hub/images/shrt-download.png and /dev/null differ diff --git a/devices/surface-hub/images/shrt-drive-start.png b/devices/surface-hub/images/shrt-drive-start.png deleted file mode 100644 index 490998f214..0000000000 Binary files a/devices/surface-hub/images/shrt-drive-start.png and /dev/null differ diff --git a/devices/surface-hub/images/shrt-drive.png b/devices/surface-hub/images/shrt-drive.png deleted file mode 100644 index 9afeb4b7f3..0000000000 Binary files a/devices/surface-hub/images/shrt-drive.png and /dev/null differ diff --git a/devices/surface-hub/images/shrt-guidance.png b/devices/surface-hub/images/shrt-guidance.png deleted file mode 100644 index c878761704..0000000000 Binary files a/devices/surface-hub/images/shrt-guidance.png and /dev/null differ diff --git a/devices/surface-hub/images/shrt-shortcut.png b/devices/surface-hub/images/shrt-shortcut.png deleted file mode 100644 index d71d3e163c..0000000000 Binary files a/devices/surface-hub/images/shrt-shortcut.png and /dev/null differ diff --git a/devices/surface-hub/images/shrt-start.png b/devices/surface-hub/images/shrt-start.png deleted file mode 100644 index 93356c889b..0000000000 Binary files a/devices/surface-hub/images/shrt-start.png and /dev/null differ diff --git a/devices/surface-hub/images/sign-in-prov.png b/devices/surface-hub/images/sign-in-prov.png deleted file mode 100644 index 55c9276203..0000000000 Binary files a/devices/surface-hub/images/sign-in-prov.png and /dev/null differ diff --git a/devices/surface-hub/images/sign-in.png b/devices/surface-hub/images/sign-in.png deleted file mode 100644 index bd34f642a7..0000000000 Binary files a/devices/surface-hub/images/sign-in.png and /dev/null differ diff --git a/devices/surface-hub/images/six.png b/devices/surface-hub/images/six.png deleted file mode 100644 index 2816328ec3..0000000000 Binary files a/devices/surface-hub/images/six.png and /dev/null differ diff --git a/devices/surface-hub/images/ssd-click.PNG b/devices/surface-hub/images/ssd-click.PNG deleted file mode 100644 index 5dfcc57c42..0000000000 Binary files a/devices/surface-hub/images/ssd-click.PNG and /dev/null differ diff --git a/devices/surface-hub/images/ssd-lift-door.PNG b/devices/surface-hub/images/ssd-lift-door.PNG deleted file mode 100644 index d395ce91aa..0000000000 Binary files a/devices/surface-hub/images/ssd-lift-door.PNG and /dev/null differ diff --git a/devices/surface-hub/images/ssd-location.PNG b/devices/surface-hub/images/ssd-location.PNG deleted file mode 100644 index 9b774456b1..0000000000 Binary files a/devices/surface-hub/images/ssd-location.PNG and /dev/null differ diff --git a/devices/surface-hub/images/ssd-lock-tab.PNG b/devices/surface-hub/images/ssd-lock-tab.PNG deleted file mode 100644 index 17c11dc7a2..0000000000 Binary files a/devices/surface-hub/images/ssd-lock-tab.PNG and /dev/null differ diff --git a/devices/surface-hub/images/ssd-pull-tab.PNG b/devices/surface-hub/images/ssd-pull-tab.PNG deleted file mode 100644 index a306f08a13..0000000000 Binary files a/devices/surface-hub/images/ssd-pull-tab.PNG and /dev/null differ diff --git a/devices/surface-hub/images/surface-hub-2s-repack-1.png b/devices/surface-hub/images/surface-hub-2s-repack-1.png deleted file mode 100644 index c78a536083..0000000000 Binary files a/devices/surface-hub/images/surface-hub-2s-repack-1.png and /dev/null differ diff --git a/devices/surface-hub/images/surface-hub-2s-repack-10.png b/devices/surface-hub/images/surface-hub-2s-repack-10.png deleted file mode 100644 index ae99a0697a..0000000000 Binary files a/devices/surface-hub/images/surface-hub-2s-repack-10.png and /dev/null differ diff --git a/devices/surface-hub/images/surface-hub-2s-repack-11.png b/devices/surface-hub/images/surface-hub-2s-repack-11.png deleted file mode 100644 index 1d79a116ef..0000000000 Binary files a/devices/surface-hub/images/surface-hub-2s-repack-11.png and /dev/null differ diff --git a/devices/surface-hub/images/surface-hub-2s-repack-12.png b/devices/surface-hub/images/surface-hub-2s-repack-12.png deleted file mode 100644 index 67108c5110..0000000000 Binary files a/devices/surface-hub/images/surface-hub-2s-repack-12.png and /dev/null differ diff --git a/devices/surface-hub/images/surface-hub-2s-repack-13.png b/devices/surface-hub/images/surface-hub-2s-repack-13.png deleted file mode 100644 index 565d0469c5..0000000000 Binary files a/devices/surface-hub/images/surface-hub-2s-repack-13.png and /dev/null differ diff --git a/devices/surface-hub/images/surface-hub-2s-repack-2.png b/devices/surface-hub/images/surface-hub-2s-repack-2.png deleted file mode 100644 index 117f0d5899..0000000000 Binary files a/devices/surface-hub/images/surface-hub-2s-repack-2.png and /dev/null differ diff --git a/devices/surface-hub/images/surface-hub-2s-repack-3.png b/devices/surface-hub/images/surface-hub-2s-repack-3.png deleted file mode 100644 index 53afdbd11c..0000000000 Binary files a/devices/surface-hub/images/surface-hub-2s-repack-3.png and /dev/null differ diff --git a/devices/surface-hub/images/surface-hub-2s-repack-4.png b/devices/surface-hub/images/surface-hub-2s-repack-4.png deleted file mode 100644 index cc213389d9..0000000000 Binary files a/devices/surface-hub/images/surface-hub-2s-repack-4.png and /dev/null differ diff --git a/devices/surface-hub/images/surface-hub-2s-repack-5.png b/devices/surface-hub/images/surface-hub-2s-repack-5.png deleted file mode 100644 index 202963bcb5..0000000000 Binary files a/devices/surface-hub/images/surface-hub-2s-repack-5.png and /dev/null differ diff --git a/devices/surface-hub/images/surface-hub-2s-repack-6.png b/devices/surface-hub/images/surface-hub-2s-repack-6.png deleted file mode 100644 index d7617b8f1b..0000000000 Binary files a/devices/surface-hub/images/surface-hub-2s-repack-6.png and /dev/null differ diff --git a/devices/surface-hub/images/surface-hub-2s-repack-7.png b/devices/surface-hub/images/surface-hub-2s-repack-7.png deleted file mode 100644 index 18310ea9cb..0000000000 Binary files a/devices/surface-hub/images/surface-hub-2s-repack-7.png and /dev/null differ diff --git a/devices/surface-hub/images/surface-hub-2s-repack-8.png b/devices/surface-hub/images/surface-hub-2s-repack-8.png deleted file mode 100644 index fb5b8929bb..0000000000 Binary files a/devices/surface-hub/images/surface-hub-2s-repack-8.png and /dev/null differ diff --git a/devices/surface-hub/images/surface-hub-2s-repack-9.png b/devices/surface-hub/images/surface-hub-2s-repack-9.png deleted file mode 100644 index be9ceb2bee..0000000000 Binary files a/devices/surface-hub/images/surface-hub-2s-repack-9.png and /dev/null differ diff --git a/devices/surface-hub/images/surface-hub-2s-replace-camera-1.png b/devices/surface-hub/images/surface-hub-2s-replace-camera-1.png deleted file mode 100644 index 57ed3f50a6..0000000000 Binary files a/devices/surface-hub/images/surface-hub-2s-replace-camera-1.png and /dev/null differ diff --git a/devices/surface-hub/images/surface-hub-2s-replace-camera-2.png b/devices/surface-hub/images/surface-hub-2s-replace-camera-2.png deleted file mode 100644 index 888d417b0e..0000000000 Binary files a/devices/surface-hub/images/surface-hub-2s-replace-camera-2.png and /dev/null differ diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-1.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-1.png deleted file mode 100644 index 5924546a4c..0000000000 Binary files a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-1.png and /dev/null differ diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-10.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-10.png deleted file mode 100644 index a1d6d6d163..0000000000 Binary files a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-10.png and /dev/null differ diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-2.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-2.png deleted file mode 100644 index ddb0ccfc7d..0000000000 Binary files a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-2.png and /dev/null differ diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-3.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-3.png deleted file mode 100644 index 1e9156e94f..0000000000 Binary files a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-3.png and /dev/null differ diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-4.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-4.png deleted file mode 100644 index 9885cc6c7a..0000000000 Binary files a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-4.png and /dev/null differ diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-5.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-5.png deleted file mode 100644 index 54cb393ff4..0000000000 Binary files a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-5.png and /dev/null differ diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-6.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-6.png deleted file mode 100644 index e74270f93b..0000000000 Binary files a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-6.png and /dev/null differ diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-7.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-7.png deleted file mode 100644 index 39fd3da31f..0000000000 Binary files a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-7.png and /dev/null differ diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-8.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-8.png deleted file mode 100644 index c68b5fab64..0000000000 Binary files a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-8.png and /dev/null differ diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-9.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-9.png deleted file mode 100644 index 6acb8a627d..0000000000 Binary files a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-9.png and /dev/null differ diff --git a/devices/surface-hub/images/surfaceblog.png b/devices/surface-hub/images/surfaceblog.png deleted file mode 100644 index ae996a918c..0000000000 Binary files a/devices/surface-hub/images/surfaceblog.png and /dev/null differ diff --git a/devices/surface-hub/images/surfacehub.png b/devices/surface-hub/images/surfacehub.png deleted file mode 100644 index 1b9b484ab8..0000000000 Binary files a/devices/surface-hub/images/surfacehub.png and /dev/null differ diff --git a/devices/surface-hub/images/surfacemechanics.png b/devices/surface-hub/images/surfacemechanics.png deleted file mode 100644 index ad674466fa..0000000000 Binary files a/devices/surface-hub/images/surfacemechanics.png and /dev/null differ diff --git a/devices/surface-hub/images/switch.png b/devices/surface-hub/images/switch.png deleted file mode 100644 index 5ea0d21909..0000000000 Binary files a/devices/surface-hub/images/switch.png and /dev/null differ diff --git a/devices/surface-hub/images/system-settings-add-fqdn.png b/devices/surface-hub/images/system-settings-add-fqdn.png deleted file mode 100644 index ef00872a16..0000000000 Binary files a/devices/surface-hub/images/system-settings-add-fqdn.png and /dev/null differ diff --git a/devices/surface-hub/images/three.png b/devices/surface-hub/images/three.png deleted file mode 100644 index 887fa270d7..0000000000 Binary files a/devices/surface-hub/images/three.png and /dev/null differ diff --git a/devices/surface-hub/images/trust-package.png b/devices/surface-hub/images/trust-package.png deleted file mode 100644 index 8a293ea4da..0000000000 Binary files a/devices/surface-hub/images/trust-package.png and /dev/null differ diff --git a/devices/surface-hub/images/twitter.png b/devices/surface-hub/images/twitter.png deleted file mode 100644 index 25143adcf6..0000000000 Binary files a/devices/surface-hub/images/twitter.png and /dev/null differ diff --git a/devices/surface-hub/images/two.png b/devices/surface-hub/images/two.png deleted file mode 100644 index b8c2d52eaf..0000000000 Binary files a/devices/surface-hub/images/two.png and /dev/null differ diff --git a/devices/surface-hub/images/usb.png b/devices/surface-hub/images/usb.png deleted file mode 100644 index a743c6b634..0000000000 Binary files a/devices/surface-hub/images/usb.png and /dev/null differ diff --git a/devices/surface-hub/images/vga.png b/devices/surface-hub/images/vga.png deleted file mode 100644 index 016b42d1f4..0000000000 Binary files a/devices/surface-hub/images/vga.png and /dev/null differ diff --git a/devices/surface-hub/images/video-out-55.png b/devices/surface-hub/images/video-out-55.png deleted file mode 100644 index e386b7f3d9..0000000000 Binary files a/devices/surface-hub/images/video-out-55.png and /dev/null differ diff --git a/devices/surface-hub/images/video-out-84.png b/devices/surface-hub/images/video-out-84.png deleted file mode 100644 index 672ae78556..0000000000 Binary files a/devices/surface-hub/images/video-out-84.png and /dev/null differ diff --git a/devices/surface-hub/images/wb-collab-example.png b/devices/surface-hub/images/wb-collab-example.png deleted file mode 100644 index 0ed67c03ea..0000000000 Binary files a/devices/surface-hub/images/wb-collab-example.png and /dev/null differ diff --git a/devices/surface-hub/images/wb-collab-link.png b/devices/surface-hub/images/wb-collab-link.png deleted file mode 100644 index 9b0531d0c0..0000000000 Binary files a/devices/surface-hub/images/wb-collab-link.png and /dev/null differ diff --git a/devices/surface-hub/images/wcd-wizard.PNG b/devices/surface-hub/images/wcd-wizard.PNG deleted file mode 100644 index 706771f756..0000000000 Binary files a/devices/surface-hub/images/wcd-wizard.PNG and /dev/null differ diff --git a/devices/surface-hub/images/whats-new-video-thumbnail.PNG b/devices/surface-hub/images/whats-new-video-thumbnail.PNG deleted file mode 100644 index 44cbffcbb3..0000000000 Binary files a/devices/surface-hub/images/whats-new-video-thumbnail.PNG and /dev/null differ diff --git a/devices/surface-hub/images/who-owns-pc.png b/devices/surface-hub/images/who-owns-pc.png deleted file mode 100644 index d3ce1def8d..0000000000 Binary files a/devices/surface-hub/images/who-owns-pc.png and /dev/null differ diff --git a/devices/surface-hub/images/wicd-screen-apps-02a.png b/devices/surface-hub/images/wicd-screen-apps-02a.png deleted file mode 100644 index caf88b011e..0000000000 Binary files a/devices/surface-hub/images/wicd-screen-apps-02a.png and /dev/null differ diff --git a/devices/surface-hub/images/wicd-screen-apps-03a.png b/devices/surface-hub/images/wicd-screen-apps-03a.png deleted file mode 100644 index 20d4218c6b..0000000000 Binary files a/devices/surface-hub/images/wicd-screen-apps-03a.png and /dev/null differ diff --git a/devices/surface-hub/images/wicd-screen-apps-04a.png b/devices/surface-hub/images/wicd-screen-apps-04a.png deleted file mode 100644 index 494a661420..0000000000 Binary files a/devices/surface-hub/images/wicd-screen-apps-04a.png and /dev/null differ diff --git a/devices/surface-hub/images/wicd-screen-apps-06a.png b/devices/surface-hub/images/wicd-screen-apps-06a.png deleted file mode 100644 index 44e6e2cee7..0000000000 Binary files a/devices/surface-hub/images/wicd-screen-apps-06a.png and /dev/null differ diff --git a/devices/surface-hub/images/wicd-screen-apps-08a.png b/devices/surface-hub/images/wicd-screen-apps-08a.png deleted file mode 100644 index 19ce342449..0000000000 Binary files a/devices/surface-hub/images/wicd-screen-apps-08a.png and /dev/null differ diff --git a/devices/surface-hub/images/wicd-screen-apps-10a.png b/devices/surface-hub/images/wicd-screen-apps-10a.png deleted file mode 100644 index 820fd3efff..0000000000 Binary files a/devices/surface-hub/images/wicd-screen-apps-10a.png and /dev/null differ diff --git a/devices/surface-hub/images/wicd-screen-apps-11a.png b/devices/surface-hub/images/wicd-screen-apps-11a.png deleted file mode 100644 index 2bf0a692ef..0000000000 Binary files a/devices/surface-hub/images/wicd-screen-apps-11a.png and /dev/null differ diff --git a/devices/surface-hub/images/wicd-screen-apps-12a.png b/devices/surface-hub/images/wicd-screen-apps-12a.png deleted file mode 100644 index 8ab9d524f4..0000000000 Binary files a/devices/surface-hub/images/wicd-screen-apps-12a.png and /dev/null differ diff --git a/devices/surface-hub/images/wicd-screen01a.png b/devices/surface-hub/images/wicd-screen01a.png deleted file mode 100644 index 34b528951e..0000000000 Binary files a/devices/surface-hub/images/wicd-screen01a.png and /dev/null differ diff --git a/devices/surface-hub/images/wicd-screen02a.png b/devices/surface-hub/images/wicd-screen02a.png deleted file mode 100644 index f76eec1efb..0000000000 Binary files a/devices/surface-hub/images/wicd-screen02a.png and /dev/null differ diff --git a/devices/surface-hub/images/wicd-screen02b.png b/devices/surface-hub/images/wicd-screen02b.png deleted file mode 100644 index 6686186f8b..0000000000 Binary files a/devices/surface-hub/images/wicd-screen02b.png and /dev/null differ diff --git a/devices/surface-hub/images/wicd-screen02c.png b/devices/surface-hub/images/wicd-screen02c.png deleted file mode 100644 index eb8fd6b307..0000000000 Binary files a/devices/surface-hub/images/wicd-screen02c.png and /dev/null differ diff --git a/devices/surface-hub/images/wicd-screen03a.png b/devices/surface-hub/images/wicd-screen03a.png deleted file mode 100644 index afec8ef352..0000000000 Binary files a/devices/surface-hub/images/wicd-screen03a.png and /dev/null differ diff --git a/devices/surface-hub/images/wicd-screen04a.png b/devices/surface-hub/images/wicd-screen04a.png deleted file mode 100644 index 62ea7e595c..0000000000 Binary files a/devices/surface-hub/images/wicd-screen04a.png and /dev/null differ diff --git a/devices/surface-hub/images/wicd-screen06a.png b/devices/surface-hub/images/wicd-screen06a.png deleted file mode 100644 index 53c223746b..0000000000 Binary files a/devices/surface-hub/images/wicd-screen06a.png and /dev/null differ diff --git a/devices/surface-hub/images/wicd-screen07a.png b/devices/surface-hub/images/wicd-screen07a.png deleted file mode 100644 index e44f5cf0b7..0000000000 Binary files a/devices/surface-hub/images/wicd-screen07a.png and /dev/null differ diff --git a/devices/surface-hub/images/wicd-screen08a.png b/devices/surface-hub/images/wicd-screen08a.png deleted file mode 100644 index 7a2b5bbefb..0000000000 Binary files a/devices/surface-hub/images/wicd-screen08a.png and /dev/null differ diff --git a/devices/surface-hub/images/wicd-screen09a.png b/devices/surface-hub/images/wicd-screen09a.png deleted file mode 100644 index 29e14902bd..0000000000 Binary files a/devices/surface-hub/images/wicd-screen09a.png and /dev/null differ diff --git a/devices/surface-hub/images/wicd-screen10a.png b/devices/surface-hub/images/wicd-screen10a.png deleted file mode 100644 index 556c9fbdb5..0000000000 Binary files a/devices/surface-hub/images/wicd-screen10a.png and /dev/null differ diff --git a/devices/surface-hub/images/wicd-screen11a.png b/devices/surface-hub/images/wicd-screen11a.png deleted file mode 100644 index 9f7bf2ba64..0000000000 Binary files a/devices/surface-hub/images/wicd-screen11a.png and /dev/null differ diff --git a/devices/surface-hub/images/wicd-screen12a.png b/devices/surface-hub/images/wicd-screen12a.png deleted file mode 100644 index 7c55111ae4..0000000000 Binary files a/devices/surface-hub/images/wicd-screen12a.png and /dev/null differ diff --git a/devices/surface-hub/images/~$rface-hub-site-readiness-guide-en-us.docx b/devices/surface-hub/images/~$rface-hub-site-readiness-guide-en-us.docx deleted file mode 100644 index 1d44312447..0000000000 Binary files a/devices/surface-hub/images/~$rface-hub-site-readiness-guide-en-us.docx and /dev/null differ diff --git a/devices/surface-hub/index.yml b/devices/surface-hub/index.yml deleted file mode 100644 index a4a4b05f20..0000000000 --- a/devices/surface-hub/index.yml +++ /dev/null @@ -1,105 +0,0 @@ -### YamlMime:Landing - -title: Surface Hub documentation # < 60 chars -summary: Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platform, and collaborative computing device. # < 160 chars - -metadata: - title: Surface Hub documentation # Required; page title displayed in search results. Include the brand. < 60 chars. - description: Get started with Microsoft Surface Hub # Required; article description that is displayed in search results. < 160 chars. - ms.service: product-insights #Required; service per approved list. service slug assigned to your service by ACOM. - ms.topic: landing-page # Required - manager: laurawi - author: greg-lindsay #Required; your GitHub user alias, with correct capitalization. - ms.author: greglin #Required; microsoft alias of author; optional team alias. - audience: itpro - ms.localizationpriority: High - -# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new - -landingContent: -# Cards and links should be based on top customer tasks or top subjects -# Start card title with a verb - # Card (optional) - - title: Surface devices - linkLists: - - linkListType: overview - links: - - text: What's new in Surface Hub 2S? - url: surface-hub-2s-whats-new.md - - text: Surface Hub 2S tech specs - url: surface-hub-2s-techspecs.md - - text: Operating system essentials - url: differences-between-surface-hub-and-windows-10-enterprise.md - - # Card (optional) - - title: Get started - linkLists: - - linkListType: get-started - links: - - text: Surface Hub 2S Site Readiness Guide - url: surface-hub-2s-site-readiness-guide.md - - text: Customize Surface Hub 2S installation - url: surface-hub-2s-custom-install.md - - text: Prepare your environment for Surface Hub 2S - url: surface-hub-2s-prepare-environment.md - - # Card - - title: Deploy Surface Hub - linkLists: - - linkListType: deploy - links: - - text: Surface Hub 2S adoption and training - url: surface-hub-2s-adoption-kit.md - - text: Surface Hub 2S deployment checklist - url: surface-hub-2s-deploy-checklist.md - - text: Create device account - url: surface-hub-2s-account.md - - # Card - - title: Manage Surface devices - linkLists: - - linkListType: how-to-guide - links: - - text: Manage Surface Hub 2S with Intune - url: surface-hub-2s-manage-intune.md - - text: Manage local settings - url: local-management-surface-hub-settings.md - - text: Manage Windows updates on Surface Hub - url: manage-windows-updates-for-surface-hub.md - - # Card - - title: Explore security guidance - linkLists: - - linkListType: learn - links: - - text: Secure and manage Surface Hub 2S with SEMM and UEFI - url: surface-hub-2s-secure-with-uefi-semm.md - - text: Wi-Fi security considerations - url: surface-hub-wifi-direct.md - - text: Surface Hub security overview - url: surface-hub-security.md - - # Card - - title: Troubleshoot Surface Hub - linkLists: - - linkListType: learn - links: - - text: Service and warranty - url: https://support.microsoft.com/help/4493926 - - text: Recover & reset Surface Hub 2S - url: surface-hub-2s-recover-reset.md - - text: Surface Hub support solutions - url: support-solutions-surface-hub.md - - -# Card - - title: Surface Hub 2S Videos - linkLists: - - linkListType: video - links: - - text: Adoption and training videos - url: surface-hub-2s-adoption-videos.md - - text: Surface Hub 2S with Teams - url: https://www.youtube.com/watch?v=CH2seLS5Wb0 - - text: Surface Hub 2S with Microsoft 365 - url: https://www.youtube.com/watch?v=I4N2lQX4WyI&list=PLXtHYVsvn_b__1Baibdu4elN4SoF3JTBZ&index=7 diff --git a/devices/surface-hub/install-apps-on-surface-hub.md b/devices/surface-hub/install-apps-on-surface-hub.md deleted file mode 100644 index 9e1c8767f5..0000000000 --- a/devices/surface-hub/install-apps-on-surface-hub.md +++ /dev/null @@ -1,188 +0,0 @@ ---- -title: Install apps on your Microsoft Surface Hub -description: Admins can install apps can from either the Microsoft Store or the Microsoft Store for Business. -ms.assetid: 3885CB45-D496-4424-8533-C9E3D0EDFD94 -ms.reviewer: -manager: laurawi -keywords: install apps, Microsoft Store, Microsoft Store for Business -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 10/23/2018 -ms.localizationpriority: medium -audience: ITPro ---- - -# Install apps on your Microsoft Surface Hub - -You can install additional apps on your Surface Hub to fit your team or organization's needs. There are different methods for installing apps depending on whether you are developing and testing an app, or deploying a released app. This topic describes methods for installing apps for either scenario. - -A few things to know about apps on Surface Hub: -- Surface Hub only runs [Universal Windows Platform (UWP) apps](https://msdn.microsoft.com/windows/uwp/get-started/whats-a-uwp). Apps created using the [Desktop App Converter](https://docs.microsoft.com/windows/uwp/porting/desktop-to-uwp-run-desktop-app-converter) will not run on Surface Hub. -- Apps must be targeted for the [Universal device family](https://msdn.microsoft.com/library/windows/apps/dn894631) or Windows Team device family. -- Surface Hub only supports [offline-licensed apps](https://docs.microsoft.com/microsoft-store/distribute-offline-apps) from [Microsoft Store for Business](https://businessstore.microsoft.com/store). -- By default, apps must be Store-signed to be installed. During testing and development, you can also choose to run developer-signed UWP apps by placing the device in developer mode. -- When submitting an app to the Microsoft Store, developers need to set Device family availability and Organizational licensing options to make sure an app will be available to run on Surface Hub. -- You need admin credentials to install apps on your Surface Hub. Since the device is designed to be used in communal spaces like meeting rooms, people can't access the Microsoft Store to download and install apps. - - -## Develop and test apps -While you're developing your own app, there are a few options for testing apps on Surface Hub. - -### Developer Mode -By default, Surface Hub only runs UWP apps that have been published to and signed by the Microsoft Store. Apps submitted to the Microsoft Store go through security and compliance tests as part of the [app certification process](https://msdn.microsoft.com/windows/uwp/publish/the-app-certification-process), so this helps safeguard your Surface Hub against malicious apps. - -By enabling developer mode, you can also install developer-signed UWP apps. - -> [!IMPORTANT] -> After developer mode has been enabled, you will need to reset the Surface Hub to disable it. Resetting the device removes all local user files and configurations and then reinstalls Windows. - -**To turn on developer mode** -1. From your Surface Hub, start **Settings**. -2. Type the device admin credentials when prompted. -3. Navigate to **Update & security** > **For developers**. -4. Select **Developer mode** and accept the warning prompt. - -### Visual Studio -During development, the easiest way to test your app on a Surface Hub is using Visual Studio. Visual Studio's remote debugging feature helps you discover issues in your app before deploying it broadly. For more information, see [Test Surface Hub apps using Visual Studio](https://msdn.microsoft.com/windows/uwp/debug-test-perf/test-surface-hub-apps-using-visual-studio). - -### Provisioning package -Use Visual Studio to [create an app package](https://msdn.microsoft.com/library/windows/apps/hh454036.aspx) for your UWP app, signed using a test certificate. Then use Windows Imaging and Configuration Designer (ICD) to create a provisioning package containing the app package. For more information, see [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md). - - -## Submit apps to the Microsoft Store -Once an app is ready for release, developers need to submit and publish it to the Microsoft Store. For more information, see [Publish Windows apps](https://developer.microsoft.com/store/publish-apps). - -During app submission, developers need to set **Device family availability** and **Organizational licensing** options to make sure the app will be available to run on Surface Hub. - -**To set device family availability** -1. On the [Windows Dev Center](https://developer.microsoft.com), navigate to your app submission page. -2. Select **Packages**. -3. Under **Device family availability**, select these options: - - - **Windows 10 Team** - - **Let Microsoft decide whether to make the app available to any future device families** - -![Image showing Device family availability page - part of Microsoft Store app submission process.](images/device-family.png) - -For more information, see [Device family availability](https://msdn.microsoft.com/windows/uwp/publish/upload-app-packages#device-family-availability). - -**To set organizational licensing** -1. On the [Windows Dev Center](https://developer.microsoft.com), navigate to your app submission page. -2. Select **Pricing and availability**. -3. Under Organizational licensing, select **Allow disconnected (offline) licensing for organizations**. - -![Image showing Organizational licensing page - part of Microsoft Store app submission process.](images/sh-org-licensing.png) - -> [!NOTE] -> **Make my app available to organizations with Store-managed (online) licensing and distribution** is selected by default. - -> [!NOTE] -> Developers can also publish line-of-business apps directly to enterprises without making them broadly available in the Store. For more information, see [Distribute LOB apps to enterprises](https://msdn.microsoft.com/windows/uwp/publish/distribute-lob-apps-to-enterprises). - -For more information, see [Organizational licensing options](https://msdn.microsoft.com/windows/uwp/publish/organizational-licensing). - - -## Deploy released apps - -There are several options for installing apps that have been released to the Microsoft Store, depending on whether you want to evaluate them on a few devices, or deploy them broadly to your organization. - -To install released apps: -- Download the app using the Microsoft Store app, or -- Download the app package from the Microsoft Store for Business, and distribute it using a provisioning package or a supported MDM provider. - -### Microsoft Store app -To evaluate apps released on the Microsoft Store, use the Microsoft Store app on the Surface Hub to browse and download apps. - -> [!NOTE] -> Using the Microsoft Store app is not the recommended method of deploying apps at scale to your organization: -> - To download apps, you must sign in to the Microsoft Store app with a Microsoft account or organizational account. However, you can only connect an account to a maximum of 10 devices at once. If you have more than 10 Surface Hubs, you will need to create multiple accounts or remove devices from your account between app installations. -> - To install apps, you will need to manually sign in to the Microsoft Store app on each Surface Hub you own. - -**To browse the Microsoft Store on Surface Hub** -1. From your Surface Hub, start **Settings**. -2. Type the device admin credentials when prompted. -3. Navigate to **This device** > **Apps & features**. -4. Select **Open Store**. - -### Download app packages from Microsoft Store for Business -To download the app package you need to install apps on your Surface Hub, visit the [Microsoft Store for Business](https://www.microsoft.com/business-store). The Store for Business is where you can find, acquire, and manage apps for the Windows 10 devices in your organization, including Surface Hub. - -> [!NOTE] -> Currently, Surface Hub only supports offline-licensed apps available through the Store for Business. App developers set offline-license availability when they submit apps. - -Find and acquire the app you want, then download: -- The offline-licensed app package (either an .appx or an .appxbundle) -- The *unencoded* license file (if you're using provisioning packages to install the app) -- The *encoded* license file (if you're using MDM to distribute the app) -- Any necessary dependency files - -For more information, see [Download an offline-licensed app](https://technet.microsoft.com/itpro/windows/manage/distribute-offline-apps#download-an-offline-licensed-app). - -### Provisioning package -You can manually install the offline-licensed apps that you downloaded from the Store for Business on a few Surface Hubs using provisioning packages. Use Windows Imaging and Configuration Designer (ICD) to create a provisioning package containing the app package and *unencoded* license file that you downloaded from the Store for Business. For more information, see [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md). - -### Supported MDM provider -To deploy apps to a large number of Surface Hubs in your organization, use a supported MDM provider. The table below shows which MDM providers support deploying offline-licensed app packages. - -| MDM provider | Supports offline-licensed app packages | -|-----------------------------|----------------------------------------| -| On-premises MDM with Configuration Manager (beginning in version 1602) | Yes | -| -| Third-party MDM provider | Check to make sure your MDM provider supports deploying offline-licensed app packages. | - -**To deploy apps remotely using Microsoft Endpoint Configuration Manager** - -> [!NOTE] -> These instructions are based on the current branch of Microsoft Endpoint Configuration Manager. - -1. Enroll your Surface Hubs to Configuration Manager. For more information, see [Enroll a Surface Hub into MDM](manage-settings-with-mdm-for-surface-hub.md#enroll-into-mdm). -2. Download the offline-licensed app package, the *encoded* license file, and any necessary dependency files from the Store for Business. For more information, see [Download an offline-licensed app](https://technet.microsoft.com/itpro/windows/manage/distribute-offline-apps#download-an-offline-licensed-app). Place the downloaded files in the same folder on a network share. -3. In the **Software Library** workspace of the Configuration Manager console, click **Overview** > **Application Management** > **Applications**. -4. On the **Home** tab, in the **Create** group, click **Create Application**. -5. On the **General** page of the **Create Application Wizard**, select the **Automatically detect information about this application from installation files** check box. -6. In the **Type** drop-down list, select **Windows app package (\*.appx, \*.appxbundle)**. -7. In the **Location** field, specify the UNC path in the form \\server\share\\filename for the offline-licensed app package that you downloaded from the Store for Business. Alternatively, click **Browse** to browse to the app package. -8. On the **Import Information** page, review the information that was imported, and then click **Next**. If necessary, you can click **Previous** to go back and correct any errors. -9. On the **General Information** page, complete additional details about the app. Some of this information might already be populated if it was automatically obtained from the app package. -10. Click **Next**, review the application information on the Summary page, and then complete the Create Application Wizard. -11. Create a deployment type for the application. For more information, see [Create deployment types for the application](https://docs.microsoft.com/sccm/apps/deploy-use/create-applications#create-deployment-types-for-the-application). -12. Deploy the application to your Surface Hubs. For more information, see [Deploy applications with Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications). -13. As needed, update the app by downloading a new package from the Store for Business, and publishing an application revision in Configuration Manager. For more information, see [Update and retire applications with Microsoft Endpoint Configuration Manager](https://technet.microsoft.com/library/mt595704.aspx). - -> [!NOTE] -> If you are using Microsoft Endpoint Configuration Manager (current branch), you can bypass the above steps by connecting the Store for Business to Configuration Manager. By doing so, you can synchronize the list of apps you've purchased with Configuration Manager, view these in the Configuration Manager console, and deploy them like you would any other app. For more information, see [Manage apps from the Microsoft Store for Business with Configuration Manager](https://technet.microsoft.com/library/mt740630.aspx). - - -## Summary - -There are a few different ways to install apps on your Surface Hub depending on whether you are developing apps, evaluating apps on a small number of devices, or deploying apps broadly to your organization. This table summarizes the supported methods: - -| Install method | Developing apps | Evaluating apps on
a few devices | Deploying apps broadly
to your organization | -| -------------------------- | --------------- | ------------------------------------- | ---------------------- | -| Visual Studio | X | | | -| Provisioning package | X | X | | -| Microsoft Store app | | X | | -| Supported MDM provider | | | X | - -## More information - -- [Blog post: Deploy Windows Store apps to Surface Hub using Intune](https://blogs.technet.microsoft.com/y0av/2018/01/18/7-2/) - - -## Related topics - -[Manage Microsoft Surface Hub](manage-surface-hub.md) - -[Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md) - -  - -  - - - - - diff --git a/devices/surface-hub/juneworkspace.code-workspace b/devices/surface-hub/juneworkspace.code-workspace deleted file mode 100644 index f23e17c3ca..0000000000 --- a/devices/surface-hub/juneworkspace.code-workspace +++ /dev/null @@ -1,11 +0,0 @@ -{ - "folders": [ - { - "path": "C:\\github\\windows-docs-pr" - }, - { - "path": "." - } - ], - "settings": {} -} \ No newline at end of file diff --git a/devices/surface-hub/known-issues-and-additional-info-about-surface-hub.md b/devices/surface-hub/known-issues-and-additional-info-about-surface-hub.md deleted file mode 100644 index 003795ec22..0000000000 --- a/devices/surface-hub/known-issues-and-additional-info-about-surface-hub.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -title: Known issues and additional information about Microsoft Surface Hub -description: Outlines known issues with Microsoft Surface Hub. -ms.assetid: aee90a0c-fb05-466e-a2b1-92de89d0f2b7 -keywords: surface, hub, issues -ms.prod: surface-hub -ms.sitesec: library -author: todmccoy -ms.author: v-todmc -ms.topic: article -ms.localizationpriority: medium ---- - -# Known issues and additional information about Microsoft Surface Hub - -We're listening. Quality is a top priority, and we want to keep you informed about issues impacting customers. The following are some known issues of Microsoft Surface Hub: - -- **Skype for Business isn't using proxy for media traffic with RS2** -
For some Surface Hub users who are behind a proxy, Skype for Business won't use the proxy server for media. However, the Surface Hub will be able to sign in to the account. We received your feedback and are aware of the media traffic issue when you are using proxy. We're actively investigating this issue and will release fixes as soon as a solution is identified and tested. - -- **For AAD joined devices, when a user tries to sign in to "My meetings & files", Surface Hub reports that there is no Internet connection** -
We’re aware of a set of issues that affect sign-in and document access on Surface Hub. We're actively investigating these issues. As a workaround until a resolution is released, customers can reset their devices and set up their Hub to use a local admin account. After reconfiguring to use the local admin account, "My meetings and files" will work as expected. -- **Single sign-in when Azure AD joined** -
Surface Hub was designed for communal spaces, which impacts the way user credentials are stored. Because of this, there are currently limitations in how single sign-in works when devices are Azure AD joined. Microsoft is aware of this limitation and is actively investigating options for a resolution. -- **Miracast over Infrastructure projection to Surface Hub fails if the Surface Hub has a dot character (.) in the friendly name** -
Surface Hub users may experience issues projecting to their device if the Friendly Name includes a period or dot in the name (.) -- for example, "Conf.Room42". To work around the issue, change the Friendly Name of the Hub in **Settings** > **Surface Hub** > **About**, and then restart the device. Microsoft is working on a solution to this issue. \ No newline at end of file diff --git a/devices/surface-hub/local-management-surface-hub-settings.md b/devices/surface-hub/local-management-surface-hub-settings.md deleted file mode 100644 index 652f22390c..0000000000 --- a/devices/surface-hub/local-management-surface-hub-settings.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Local management Surface Hub settings -description: How to manage Surface Hub settings with Settings. -keywords: manage Surface Hub, Surface Hub settings -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 07/08/2019 -ms.reviewer: -manager: laurawi -ms.localizationpriority: medium ---- - -# Local management for Surface Hub settings - -After initial setup of Microsoft Surface Hub, the device’s settings can be locally managed through **Settings**. - -## Surface Hub settings - -Surface Hubs have many settings that are common to other Windows devices, but also have settings which are only configurable on Surface Hubs. This table lists settings only configurable on Surface Hubs. - -| Setting | Location | Description | -| ------- | -------- | ----------- | -| Device account | Surface Hub > Accounts | Set or change the Surface Hub's device account. | -| Device account sync status | Surface Hub > Accounts | Check the sync status of the device account’s mail and calendar on the Surface Hub. | -| Password rotation | Surface Hub > Accounts | Choose whether to let the Surface Hub automatically rotate the device account's password.| -| Change admin account password | Surface Hub > Accounts | Change the password for the local admin account. This is only available if you configured the device to use a local admin during first run. | -| Device Management | Surface Hub > Device management | Manage policies and business applications using mobile device management (MDM). | -| Provisioning packages | Surface Hub > Device management | Set or change provisioning packages installed on the Surface Hub. | -| Open the Microsoft Store app | Surface Hub > Apps & features | The Microsoft Store app is only available to admins through the Settings app. | -| Skype for Business domain name | Surface Hub > Calling & Audio | Configure a domain name for your Skype for Business server. | -| Default Speaker volume | Surface Hub > Calling & Audio | Configure the default speaker volume for the Surface Hub when it starts a session. | -| Default microphone and speaker settings | Surface Hub > Calling & Audio | Configure a default microphone and speaker for calls, and a default speaker for media playback. | -| Enable Dolby Audio X2 | Surface Hub > Calling & Audio | Configure the Dolby Audio X2 speaker enhancements. | -| Open Connect App automatically | Surface Hub > Projection | Choose whether projection will automatically open the Connect app or wait for user input before opening. | -| Turn off wireless projection using Miracast | Surface Hub > Projection | Choose whether presenters can wirelessly project to the Surface Hub using Miracast. | -| Require a PIN for wireless projection | Surface Hub > Projection | Choose whether people are required to enter a PIN before they use wireless projection. | -| Wireless projection (Miracast) channel | Surface Hub > Projection | Set the channel for Miracast projection. | -| Meeting info shown on the welcome screen | Surface Hub > Welcome screen | Choose whether meeting organizer, time, and subject show up on the welcome screen. | -| Welcome screen background | Surface Hub > Welcome screen | Choose a background image for the welcome screen. | -| Session timeout to Welcome screen | Surface Hub > Session & power | Choose how long until the Surface Hub returns to the welcome screen after no motion is detected. | -| Resume session | Surface Hub > Session & power | Choose to allow users to resume a session after no motion is detected or to automatically clean up a session. | -| Access to Office 365 meetings and files | Surface Hub > Session & power | Choose whether a user can sign in to Office 365 to get access to their meetings and files. | -| Turn on screen with motion sensors | Surface Hub > Session & power | Choose whether the screen turns on when motion is detected. | -| Screen time out | Surface Hub > Session & power | Choose how long the device needs to be inactive before turning off the screen. | -| Sleep time out | Surface Hub > Session & power | Choose how long the device needs to be inactive before going to sleep mode. | -| Friendly name | Surface Hub > About | Set the Surface Hub name that people will see when connecting wirelessly. | -| Maintenance hours | Update & security > Windows Update > Advanced options | Configure when updates can be installed. | -| Configure Windows Server Update Services (WSUS) server | Update & security > Windows Update > Advanced options | Change whether Surface Hub receives updates from a WSUS server instead of Windows Update. | -| Recover from the cloud | Update & security > Recovery | Reinstall the operating system on Surface Hub to a manufacturer build from the cloud. | -| Save BitLocker key | Update & security > Recovery | Backup your Surface Hub's BitLocker key to a USB drive. | -| Collect logs | Update & security > Recovery | Save logs to a USB drive to send to Microsoft later. | - -## Related topics - -[Manage Surface Hub settings](manage-surface-hub-settings.md) - -[Remote Surface Hub management](remote-surface-hub-management.md) - -[Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md) diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md deleted file mode 100644 index 3762de36a4..0000000000 --- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md +++ /dev/null @@ -1,280 +0,0 @@ ---- -title: Manage settings with an MDM provider (Surface Hub) -description: Microsoft Surface Hub provides an enterprise management solution to help IT administrators manage policies and business applications on these devices using a mobile device management (MDM) solution. -ms.assetid: 18EB8464-6E22-479D-B0C3-21C4ADD168FE -ms.reviewer: -manager: laurawi -keywords: mobile device management, MDM, manage policies -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 03/07/2018 -ms.localizationpriority: medium ---- - -# Manage settings with an MDM provider (Surface Hub) - -Surface Hub and other Windows 10 devices allow IT administrators to manage settings and policies using a mobile device management (MDM) provider. A built-in management component communicates with the management server, so there is no need to install additional clients on the device. For more information, see [Windows 10 mobile device management](https://msdn.microsoft.com/library/windows/hardware/dn914769.aspx). - -Surface Hub has been validated with Microsoft's first-party MDM providers: -- Microsoft Intune standalone -- On-premises MDM with Microsoft Endpoint Configuration Manager - -You can also manage Surface Hubs using any third-party MDM provider that can communicate with Windows 10 using the MDM protocol. - -## Enroll a Surface Hub into MDM -You can enroll your Surface Hubs using bulk, manual, or automatic enrollment. - -### Bulk enrollment -**To configure bulk enrollment** -- Surface Hub supports the [Provisioning CSP](https://msdn.microsoft.com/library/windows/hardware/mt203665.aspx) for bulk enrollment into MDM. For more information, see [Windows 10 bulk enrollment](https://msdn.microsoft.com/library/windows/hardware/mt613115.aspx).
---OR-- -- If you have an on-premises Microsoft Endpoint Configuration Manager infrastructure, see [How to bulk enroll devices with On-premises Mobile Device Management in Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/mdm/deploy-use/bulk-enroll-devices-on-premises-mdm). - -### Manual enrollment -**To configure manual enrollment** -1. On your Surface Hub, open **Settings**. -2. Type the device admin credentials when prompted. -3. Select **This device**, and navigate to **Device management**. -4. Under **Device management**, select **+ Device management**. -5. Follow the instructions in the dialog to connect to your MDM provider. - -### Automatic enrollment via Azure Active Directory join - -Surface Hub now supports the ability to automatically enroll in Intune by joining the device to Azure Active Directory. - -First step is to set up Automatic MDM enrollment. See [Enable Windows 10 automatic enrollment](https://docs.microsoft.com/intune/windows-enroll#enable-windows-10-automatic-enrollment). - -Then, when devices are setup during First-run, pick the option to join to Azure Active Directory, see [Set up admins for this device page](https://docs.microsoft.com/surface-hub/first-run-program-surface-hub#set-up-admins-for-this-device-page) - -## Manage Surface Hub settings with MDM - -You can use MDM to manage some [Surface Hub CSP settings](#supported-surface-hub-csp-settings), and some [Windows 10 settings](#supported-windows-10-settings). Depending on the MDM provider that you use, you may set these settings using a built-in user interface, or by deploying custom SyncML. Microsoft Intune and Microsoft Endpoint Configuration Manager provide built-in experiences to help create policy templates for Surface Hub. Refer to documentation from your MDM provider to learn how to create and deploy SyncML. - -### Supported Surface Hub CSP settings - -You can configure the Surface Hub settings in the following table using MDM. The table identifies if the setting is supported with Microsoft Intune, Microsoft Endpoint Configuration Manager, or SyncML. - -For more information, see [SurfaceHub configuration service provider](https://msdn.microsoft.com/library/windows/hardware/mt608323). - - -| Setting | Node in the SurfaceHub CSP | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML\*? | -|----------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------| -| Maintenance hours | MaintenanceHoursSimple/Hours/StartTime
MaintenanceHoursSimple/Hours/Duration | Yes | Yes | Yes | -| Automatically turn on the screen using motion sensors | InBoxApps/Welcome/AutoWakeScreen | Yes | Yes | Yes | -| Require a pin for wireless projection | InBoxApps/WirelessProjection/PINRequired | Yes | Yes | Yes | -| Enable wireless projection | InBoxApps/WirelessProjection/Enabled | Yes | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Miracast channel to use for wireless projection | InBoxApps/WirelessProjection/Channel | Yes | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Connect to your Operations Management Suite workspace | MOMAgent/WorkspaceID
MOMAgent/WorkspaceKey | Yes | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Welcome screen background image | InBoxApps/Welcome/CurrentBackgroundPath | Yes | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Meeting information displayed on the welcome screen | InBoxApps/Welcome/MeetingInfoOption | Yes | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager | Yes | -| Friendly name for wireless projection | Properties/FriendlyName | Yes
[Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Device account, including password rotation | DeviceAccount/*``*
See [SurfaceHub CSP](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). | No | No | Yes | -| Specify Skype domain | InBoxApps/SkypeForBusiness/DomainName | Yes
| Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Auto launch Connect App when projection is initiated | InBoxApps/Connect/AutoLaunch | Yes
| Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Set default volume | Properties/DefaultVolume | Yes
| Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Set screen timeout | Properties/ScreenTimeout | Yes
| Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Set session timeout | Properties/SessionTimeout | Yes
| Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Set sleep timeout | Properties/SleepTimeout | Yes
| Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Allow session to resume after screen is idle | Properties/AllowSessionResume | Yes
| Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Allow device account to be used for proxy authentication | Properties/AllowAutoProxyAuth | Yes
| Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Disable auto-populating the sign-in dialog with invitees from scheduled meetings | Properties/DisableSignInSuggestions | Yes
| Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Disable "My meetings and files" feature in Start menu | Properties/DoNotShowMyMeetingsAndFiles | Yes
| Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Set the LanProfile for 802.1x Wired Auth | Dot3/LanProfile | Yes
[Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Set the EapUserData for 802.1x Wired Auth | Dot3/EapUserData | Yes
[Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | - -\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. - -### Supported Windows 10 settings - -In addition to Surface Hub-specific settings, there are numerous settings common to all Windows 10 devices. These settings are defined in the [Configuration service provider reference](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference). - -The following tables include info on Windows 10 settings that have been validated with Surface Hub. There is a table with settings for these areas: security, browser, Windows Updates, Windows Defender, remote reboot, certificates, and logs. Each table identifies if the setting is supported with Microsoft Intune, Microsoft Endpoint Configuration Manager, or SyncML. - -#### Security settings - -| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML\*? | -|--------------------|------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------| -| Allow Bluetooth | Keep this enabled to support Bluetooth peripherals. | [Connectivity/AllowBluetooth](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Connectivity_AllowBluetooth) | Yes.
| Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Bluetooth policies | Use to set the Bluetooth device name, and block advertising, discovery, and automatic pairing. | Bluetooth/*``*
See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes.
| Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Allow camera | Keep this enabled for Skype for Business. | [Camera/AllowCamera](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Camera_AllowCamera) | Yes.
| Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Allow location | Keep this enabled to support apps such as Maps. | [System/AllowLocation](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowLocation) | Yes.
. | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Allow telemetry | Keep this enabled to help Microsoft improve Surface Hub. | [System/AllowTelemetry](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowTelemetry) | Yes.
| Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Allow USB Drives | Keep this enabled to support USB drives on Surface Hub | [System/AllowStorageCard](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowstoragecard) | Yes
[Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | - -\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. - -#### Browser settings - -| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML\*? | -|-----------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------| -| Homepages | Use to configure the default homepages in Microsoft Edge. | [Browser/Homepages](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_Homepages) | Yes
[Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Allow cookies | Surface Hub automatically deletes cookies at the end of a session. Use this to block cookies within a session. | [Browser/AllowCookies](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowCookies) | Yes
[Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Allow developer tools | Use to stop users from using F12 Developer Tools. | [Browser/AllowDeveloperTools](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDeveloperTools) | Yes
[Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Allow Do Not Track | Use to enable Do Not Track headers. | [Browser/AllowDoNotTrack](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDoNotTrack) | Yes
[Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Allow pop-ups | Use to block pop-up browser windows. | [Browser/AllowPopups](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowPopups) | Yes
[Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Allow search suggestions | Use to block search suggestions in the address bar. | [Browser/AllowSearchSuggestionsinAddressBar](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSearchSuggestionsinAddressBar) | Yes
[Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Allow Windows Defender SmartScreen | Keep this enabled to turn on Windows Defender SmartScreen. | [Browser/AllowSmartScreen](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSmartScreen) | Yes
[Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Prevent ignoring Windows Defender SmartScreen warnings for websites | For extra security, use to stop users from ignoring Windows Defender SmartScreen warnings and block them from accessing potentially malicious websites. | [Browser/PreventSmartScreenPromptOverride](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverride) | Yes
[Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Prevent ignoring Windows Defender SmartScreen warnings for files | For extra security, use to stop users from ignoring Windows Defender SmartScreen warnings and block them from downloading unverified files from Microsoft Edge. | [Browser/PreventSmartScreenPromptOverrideForFiles](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverrideForFiles) | Yes
[Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | - -\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. - -#### Windows Update settings - -| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML\*? | -|---------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------| -| Use Current Branch or Current Branch for Business | Use to configure Windows Update for Business – see [Windows updates](manage-windows-updates-for-surface-hub.md). | [Update/BranchReadinessLevel](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_BranchReadinessLevel) | Yes
[Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Defer feature updates | See above. | [Update/ DeferFeatureUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferFeatureUpdatesPeriodInDays) | Yes
[Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Defer quality updates | See above. | [Update/DeferQualityUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferQualityUpdatesPeriodInDays) | Yes
[Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Pause feature updates | See above. | [Update/PauseFeatureUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseFeatureUpdates) | Yes
[Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Pause quality updates | See above. | [Update/PauseQualityUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseQualityUpdates) | Yes
[Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Configure device to use WSUS | Use to connect your Surface Hub to WSUS instead of Windows Update – see [Windows updates](manage-windows-updates-for-surface-hub.md). | [Update/UpdateServiceUrl](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_UpdateServiceUrl) | Yes
[Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Delivery optimization | Use peer-to-peer content sharing to reduce bandwidth issues during updates. See [Configure Delivery Optimization for Windows 10](https://technet.microsoft.com/itpro/windows/manage/waas-delivery-optimization) for details. | DeliveryOptimization/*``*
See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes
[Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | - -\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. - -#### Windows Defender settings - -| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML\*? | -|-------------------|----------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------| -| Defender policies | Use to configure various Defender settings, including a scheduled scan time. | Defender/*``*
See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes
[Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Defender status | Use to initiate a Defender scan, force a Security intelligence update, query any threats detected. | [Defender CSP](https://msdn.microsoft.com/library/windows/hardware/mt187856.aspx) | Yes | Yes | Yes | - -\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. - -#### Remote reboot - -| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML\*? | -|------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------| -| Reboot the device immediately | Use in conjunction with OMS to minimize support costs – see [Monitor your Microsoft Surface Hub](monitor-surface-hub.md). | ./Vendor/MSFT/Reboot/RebootNow
See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes | No | Yes | -| Reboot the device at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/Single
See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes
[Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | -| Reboot the device daily at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/DailyRecurrent
See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes
[Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | - -\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. - -#### Install certificates - -| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML\*? | -|---------------------------------|--------------------------------------------------------------|----------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------| -| Install trusted CA certificates | Use to deploy trusted root and intermediate CA certificates. | [RootCATrustedCertificates CSP](https://msdn.microsoft.com/library/windows/hardware/dn904970.aspx) | Yes.
See [Configure Intune certificate profiles](https://docs.microsoft.com/intune/deploy-use/configure-intune-certificate-profiles). | Yes.
See [How to create certificate profiles in Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/protect/deploy-use/create-certificate-profiles). | Yes | - - -\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. - -#### Collect logs - -| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML\*? | -|------------------|----------------------------------------------------|----------------------------------------------------------------------------------------|---------------------------|------------------------------------------|-----------------------------| -| Collect ETW logs | Use to remotely collect ETW logs from Surface Hub. | [DiagnosticLog CSP](https://msdn.microsoft.com/library/windows/hardware/mt219118.aspx) | No | No | Yes | - - -\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. - -#### Set network quality of service (QoS) policy - -| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML\*? | -|------------------------|--------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------| -| Set Network QoS Policy | Use to set a QoS policy to perform a set of actions on network traffic. This is useful for prioritizing Skype network packets. | [NetworkQoSPolicy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkqospolicy-csp) | Yes
[Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | - -\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. - -#### Set network proxy - -| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML\*? | -|-------------------|---------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------| -| Set Network proxy | Use to configure a proxy server for ethernet and Wi-Fi connections. | [NetworkProxy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkproxy-csp) | Yes
[Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | - -\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. - -#### Configure Start menu - -| Setting | Details | CSP reference | Supported with
Intune? | Supported with
Configuration Manager? | Supported with
SyncML\*? | -|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------| -| Configure Start menu | Use to configure which apps are displayed on the Start menu. For more information, see [Configure Surface Hub Start menu](surface-hub-start-menu.md) | [Policy CSP: Start/StartLayout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-startlayout) | Yes
[Use a custom policy.](#example-manage-surface-hub-settings-with-microsoft-intune) | Yes.
[Use a custom setting.](#example-manage-surface-hub-settings-with-microsoft-endpoint-configuration-manager) | Yes | - -\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package. - -### Generate OMA URIs for settings -You need to use a setting's OMA URI to create a custom policy in Intune, or a custom setting in Microsoft Endpoint Configuration Manager. - -**To generate the OMA URI for any setting in the CSP documentation** -1. In the CSP documentation, identify the root node of the CSP. Generally, this looks like `./Vendor/MSFT/`
-*For example, the root node of the [SurfaceHub CSP](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx) is `./Vendor/MSFT/SurfaceHub`.* -2. Identify the node path for the setting you want to use.
-*For example, the node path for the setting to enable wireless projection is `InBoxApps/WirelessProjection/Enabled`.* -3. Append the node path to the root node to generate the OMA URI.
-*For example, the OMA URI for the setting to enable wireless projection is `./Vendor/MSFT/SurfaceHub/InBoxApps/WirelessProjection/Enabled`.* - -The data type is also stated in the CSP documentation. The most common data types are: -- char (String) -- int (Integer) -- bool (Boolean) - - -## Example: Manage Surface Hub settings with Microsoft Intune - -You can use Microsoft Intune to manage Surface Hub settings. For custom settings, follow the instructions in [How to configure custom device settings in Microsoft Intune](https://docs.microsoft.com/intune/custom-settings-configure). For **Platform**, select **Windows 10 and later**, and in **Profile type**, select **Device restrictions (Windows 10 Team)**. - - - -## Example: Manage Surface Hub settings with Microsoft Endpoint Configuration Manager -Configuration Manager supports managing modern devices that do not require the Configuration Manager client to manage them, including Surface Hub. If you already use Configuration Manager to manage other devices in your organization, you can continue to use the Configuration Manager console as your single location for managing Surface Hubs. - -> [!NOTE] -> These instructions are based on the current branch of Configuration Manager. - -**To create a configuration item for Surface Hub settings** - -1. On the **Assets and Compliance** workspace of the Configuration Manager console, click **Overview** > **Compliance Settings** > **Configuration Items**. -2. On the **Home** tab, in the **Create** group, click **Create Configuration Item**. -3. On the **General** page of the Create Configuration Item Wizard, specify a name and optional description for the configuration item. -4. Under **Settings for devices managed without the Configuration Manager client**, select **Windows 8.1 and Windows 10**, and then click **Next**. - - ![example of UI](images/configmgr-create.png) -5. On the **Supported Platforms** page, expand **Windows 10** and select **All Windows 10 Team and higher**. Unselect the other Windows platforms, and then click **Next**. - - ![select platform](images/configmgr-platform.png) -7. On the **Device Settings** page, under **Device settings groups**, select **Windows 10 Team**. - - -8. On the **Windows 10 Team** page, configure the settings you require. - - ![Windows 10 Team](images/configmgr-team.png) -9. You'll need to create custom settings to manage settings that are not available in the Windows 10 Team page. On the **Device Settings** page, select the check box **Configure additional settings that are not in the default setting groups**. - - ![additional settings](images/configmgr-additional.png) -10. On the **Additional Settings** page, click **Add**. -11. In the **Browse Settings** dialog, click **Create Setting**. -12. In the **Create Setting** dialog, under the **General** tab, specify a name and optional description for the custom setting. -13. Under **Setting type**, select **OMA URI**. -14. Complete the form to create a new setting, and then click **OK**. - - ![OMA URI setting](images/configmgr-oma-uri.png) -15. On the **Browse Settings** dialog, under **Available settings**, select the new setting you created, and then click **Select**. -16. On the **Create Rule** dialog, complete the form to specify a rule for the setting, and then click **OK**. -17. Repeat steps 9 to 15 for each custom setting you want to add to the configuration item. -18. When you're done, on the **Browse Settings** dialog, click **Close**. -19. Complete the wizard.
You can view the new configuration item in the **Configuration Items** node of the **Assets and Compliance** workspace. - -For more information, see [Create configuration items for Windows 8.1 and Windows 10 devices managed without the Microsoft Endpoint Configuration Manager client](https://docs.microsoft.com/configmgr/compliance/deploy-use/create-configuration-items-for-windows-8.1-and-windows-10-devices-managed-without-the-client). - -## Related topics - -[Manage Microsoft Surface Hub](manage-surface-hub.md) - - - - - - - - - - - diff --git a/devices/surface-hub/manage-surface-hub-settings.md b/devices/surface-hub/manage-surface-hub-settings.md deleted file mode 100644 index b217ccee4d..0000000000 --- a/devices/surface-hub/manage-surface-hub-settings.md +++ /dev/null @@ -1,27 +0,0 @@ ---- -title: Manage Surface Hub settings -description: This section lists topics for managing Surface Hub settings. -keywords: Surface Hub accessibility settings, device account, device reset, windows updates, wireless network management -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 07/27/2017 -ms.reviewer: -manager: laurawi -ms.localizationpriority: medium ---- - -# Manage Surface Hub settings - -## In this section - -|Topic | Description| -| ------ | --------------- | -| [Local management for Surface Hub settings](local-management-surface-hub-settings.md) | Learn about Surface Hub settings. | -| [Accessibility](accessibility-surface-hub.md) | Accessibility settings for the Surface Hub can be changed by using the Settings app. You'll find them under Ease of Access. Your Surface Hub has the same accessibility options as Windows 10.| -| [Change the Surface Hub device account](change-surface-hub-device-account.md) | You can change the device account in Settings to either add an account if one was not already provisioned, or to change any properties of an account that was already provisioned.| -| [Device reset](device-reset-surface-hub.md) | You may need to reset your Surface Hub.| -| [Use fully qualified domain name with Surface Hub](use-fully-qualified-domain-name-surface-hub.md) | Options to configure domain name with Surface Hub. | -| [Wireless network management](wireless-network-management-for-surface-hub.md) | Surface Hub offers two options for network connectivity to your corporate network and Internet: wireless, and wired. While both provide network access, we recommend you use a wired connection. | diff --git a/devices/surface-hub/manage-surface-hub.md b/devices/surface-hub/manage-surface-hub.md deleted file mode 100644 index 10240a192f..0000000000 --- a/devices/surface-hub/manage-surface-hub.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: Manage Microsoft Surface Hub -description: How to manage your Surface Hub after finishing the first-run program. -ms.assetid: FDB6182C-1211-4A92-A930-6C106BCD5DC1 -ms.reviewer: -manager: laurawi -keywords: manage Surface Hub -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 01/17/2018 -ms.localizationpriority: medium ---- - -# Manage Microsoft Surface Hub - -After initial setup of Microsoft Surface Hub, the device’s settings and configuration can be modified or changed in a couple ways: - -- **Local management** - Every Surface Hub can be configured locally using the **Settings** app on the device. To prevent unauthorized users from changing settings, the Settings app requires admin credentials to open the app. For more information, see [Local management for Surface Hub settings](local-management-surface-hub-settings.md). -- **Remote management** - Surface Hub allow IT admins to manage settings and policies using a mobile device management (MDM) provider, such as Microsoft Intune, Microsoft Endpoint Configuration Manager, and other third-party providers. Additionally, admins can monitor Surface Hubs using Microsoft Operations Management Suite (OMS). For more information, see [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md), and [Monitor your Microsoft Surface Hub](monitor-surface-hub.md). - -> [!NOTE] -> These management methods are not mutually exclusive. Devices can be both locally and remotely managed if you choose. However, MDM policies and settings will overwrite any local changes when the Surface Hub syncs with the management server. - -## In this section - -Learn about managing and updating Surface Hub. - -| Topic | Description | -| ----- | ----------- | -| [Remote Surface Hub management](remote-surface-hub-management.md) |Topics related to managing your Surface Hub remotely. Include install apps, managing settings with MDM and monitoring with Operations Management Suite. | -| [Manage Surface Hub settings](manage-surface-hub-settings.md) |Topics related to managing Surface Hub settings: accessibility, device account, device reset, fully qualified domain name, Windows Update settings, and wireless network | -| [Install apps on your Surface Hub]( https://technet.microsoft.com/itpro/surface-hub/install-apps-on-surface-hub) | Admins can install apps can from either the Microsoft Store or the Microsoft Store for Business.| -[Configure Surface Hub Start menu](surface-hub-start-menu.md) | Use MDM to customize the Start menu for Surface Hub. -| [Set up and use Microsoft Whiteboard](whiteboard-collaboration.md) | Microsoft Whiteboard’s latest update includes the capability for two Surface Hubs to collaborate in real time on the same board. | -| [End a meeting with End session](https://technet.microsoft.com/itpro/surface-hub/i-am-done-finishing-your-surface-hub-meeting) | At the end of a meeting, users can tap **End session** to clean up any sensitive data and prepare the device for the next meeting.| -| [Sign in to Surface Hub with Microsoft Authenticator](surface-hub-authenticator-app.md) | You can sign in to a Surface Hub without a password using the Microsoft Authenticator app, available on Android and iOS. | -| [Save your BitLocker key](https://technet.microsoft.com/itpro/surface-hub/save-bitlocker-key-surface-hub) | Every Surface Hub is automatically set up with BitLocker drive encryption software. Microsoft strongly recommends that you make sure you back up your BitLocker recovery keys.| -| [Connect other devices and display with Surface Hub](https://technet.microsoft.com/itpro/surface-hub/connect-and-display-with-surface-hub) | You can connect other device to your Surface Hub to display content.| -| [Miracast on existing wireless network or LAN](miracast-over-infrastructure.md) | You can use Miracast on your wireless network or LAN to connect to Surface Hub. | - [Enable 802.1x wired authentication](enable-8021x-wired-authentication.md) | 802.1x Wired Authentication MDM policies have been enabled on Surface Hub devices. -| [Using a room control system](https://technet.microsoft.com/itpro/surface-hub/use-room-control-system-with-surface-hub) | Room control systems can be used with your Microsoft Surface Hub.| -[Using the Surface Hub Recovery Tool](surface-hub-recovery-tool.md) | Use the Surface Hub Recovery Tool to re-image the Surface Hub SSD. -[Surface Hub SSD replacement](surface-hub-ssd-replacement.md) | Learn how to remove and replace the solid state drive in your Surface Hub. - -## Related topics - -- [View Power BI presentation mode on Surface Hub & Windows 10](https://powerbi.microsoft.com/documentation/powerbi-mobile-win10-app-presentation-mode/) diff --git a/devices/surface-hub/manage-windows-updates-for-surface-hub.md b/devices/surface-hub/manage-windows-updates-for-surface-hub.md deleted file mode 100644 index 9dee3e2a4b..0000000000 --- a/devices/surface-hub/manage-windows-updates-for-surface-hub.md +++ /dev/null @@ -1,145 +0,0 @@ ---- -title: Manage Windows updates on Surface Hub -description: You can manage Windows updates on your Microsoft Surface Hub or Surface Hub 2S by setting the maintenance window, deferring updates, or using Windows Server Update Services (WSUS). -ms.assetid: A737BD50-2D36-4DE5-A604-55053D549045 -ms.reviewer: -manager: laurawi -keywords: manage Windows updates, Surface Hub, Windows Server Update Services, WSUS -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.localizationpriority: medium ---- - -# Manage Windows updates on Surface Hub - -New releases of the Surface Hub operating system are published through Windows Update, just like releases of Windows 10. There are a couple of ways you can manage which updates are installed on your Surface Hubs, and the timing for when updates are applied. -- **Windows Update for Business** - New in Windows 10, Windows Update for Business is a set of features designed to provide enterprises additional control over how and when Windows Update installs releases, while reducing device management costs. Using this method, Surface Hubs are directly connected to Microsoft’s Windows Update service. -- **Windows Server Update Services (WSUS)** - Set of services that enable IT administrators to obtain the updates that Windows Update determines are applicable to the devices in their enterprise, perform additional testing and evaluation on the updates, and select the updates they want to install. Using this method, Surface Hubs will receive updates from WSUS rather than Windows Update. - -You can also configure Surface Hub to receive updates from both Windows Update for Business and WSUS. See [Integrate Windows Update for Business with Windows Server Update Services](https://technet.microsoft.com/itpro/windows/manage/waas-integrate-wufb#integrate-windows-update-for-business-with-windows-server-update-services) for details. - -| Capabilities | Windows Update for Business | Windows Server Update Services (WSUS) | -| ------------ | --------------------------- | ------------------------------------- | -| Receive updates directly from Microsoft's Windows Update service, with no additional infrastructure required. | Yes | No | -| Defer updates to provide additional time for testing and evaluation. | Yes | Yes | -| Deploy updates to select groups of devices. | Yes | Yes | -| Define maintenance windows for installing updates. | Yes | Yes | - -> [!TIP] -> Use peer-to-peer content sharing to reduce bandwidth issues during updates. See [Optimize update delivery for Windows 10 updates](https://technet.microsoft.com/itpro/windows/manage/waas-optimize-windows-10-updates) for details. - -> [!NOTE] -> Surface Hub does not currently support rolling back updates. - - -## Surface Hub servicing model - -Surface Hub uses the Windows 10 servicing model, referred to as [Windows as a Service (WaaS)](https://docs.microsoft.com/windows/deployment/update/waas-overview). Traditionally, new features were added only in new versions of Windows that were released every few years. Each new version required lengthy and expensive processes to deploy in an organization. As a result, end users and organizations don't frequently enjoy the benefits of new innovation. The goal of Windows as a Service is to continually provide new capabilities while maintaining a high level of quality. - -Microsoft publishes two types of Surface Hub releases broadly on an ongoing basis: -- **Feature updates** - Updates that install the latest new features, experiences, and capabilities. Microsoft expects to publish two new feature updates per year. -- **Quality updates** - Updates that focus on the installation of security fixes, drivers, and other servicing updates. Microsoft expects to publish one cumulative quality update per month. - -In order to improve release quality and simplify deployments, all new releases that Microsoft publishes for Windows 10, including Surface Hub, will be cumulative. This means new feature updates and quality updates will contain the payloads of all previous releases (in an optimized form to reduce storage and networking requirements), and installing the release on a device will bring it completely up to date. Also, unlike earlier versions of Windows, you cannot install a subset of the contents of a Windows 10 quality update. For example, if a quality update contains fixes for three security vulnerabilities and one reliability issue, deploying the update will result in the installation of all four fixes. - -The Surface Hub operating system receives updates on the [Semi-Annual Channel](https://docs.microsoft.com/windows/deployment/update/waas-overview#naming-changes). Like other editions of Windows 10, the servicing lifetime is finite. You must install new feature updates on machines running these branches in order to continue receiving quality updates. - -For more information on Windows as a Service, see [Overview of Windows as a service](https://technet.microsoft.com/itpro/windows/manage/waas-overview). - - -## Use Windows Update for Business -Surface Hubs, like all Windows 10 devices, include **Windows Update for Business (WUfB)** to enable you to control how your devices are being updated. Windows Update for Business helps reduce device management costs, provide controls over update deployment, offer quicker access to security updates, as well as provide access to the latest innovations from Microsoft on an ongoing basis. For more information, see [Manage updates using Windows Update for Business](https://technet.microsoft.com/itpro/windows/manage/waas-manage-updates-wufb). - -**To set up Windows Update for Business:** -1. [Group Surface Hub into deployment rings](#group-surface-hub-into-deployment-rings) -2. [Configure when Surface Hub receives updates](#configure-when-surface-hub-receives-updates). - -> [!NOTE] -> You can use Microsoft Intune, Microsoft Endpoint Configuration Manager, or a supported third-party MDM provider to set up WUfB. [Walkthrough: use Microsoft Intune to configure Windows Update for Business.](https://docs.microsoft.com/windows/deployment/update/waas-wufb-intune) - - -### Group Surface Hub into deployment rings -Use deployment rings to control when updates roll out to your Surface Hubs, giving you time to validate them. For example, you can update a small pool of devices first to verify quality before a broader roll-out to your organization. Depending on who manages Surface Hub in your organization, consider incorporating Surface Hub into the deployment rings that you've built for your other Windows 10 devices. For more information about deployment rings, see [Build deployment rings for Windows 10 updates](https://technet.microsoft.com/itpro/windows/manage/waas-deployment-rings-windows-10-updates). - -This table gives examples of deployment rings. - -| Deployment ring | Ring size | Servicing branch | Deferral for feature updates | Deferral for quality updates (security fixes, drivers, and other updates) | Validation step | -| --------- | --------- | --------- | --------- | --------- | --------- | -| Preview (e.g. non-critical or test devices) | Small | Windows Insider Preview | None. | None. | Manually test and evaluate new functionality. Pause updates if there are issues. | -| Release (e.g. devices used by select teams) | Medium | Semi-annual channel | None. | None. | Monitor device usage and user feedback. Pause updates if there are issues. | -| Broad deployment (e.g. most of the devices in your organization) | Large | Semi-annual channel | 120 days after release. | 7-14 days after release. | Monitor device usage and user feedback. Pause updates if there are issues. | -| Mission critical (e.g. devices in executive boardrooms) | Small | Semi-annual channel | 180 days after release (maximum deferral for feature updates). | 30 days after release (maximum deferral for quality updates). | Monitor device usage and user feedback. | - - - - - -### Configure when Surface Hub receives updates -Once you've determined deployment rings for your Surface Hubs, configure update deferral policies for each ring: -- To defer feature updates, set an appropriate [Update/DeferFeatureUpdatesPeriodInDays](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-deferfeatureupdatesperiodindays) policy for each ring. -- To defer quality updates, set an appropriate [Update/DeferQualityUpdatesPeriodInDays](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-deferqualityupdatesperiodindays) policy for each ring. - -> [!NOTE] -> If you encounter issues during the update rollout, you can pause updates using [Update/PauseFeatureUpdates](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-pausefeatureupdates) and [Update/PauseQualityUpdates](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-pausequalityupdates). - - -## Use Windows Server Update Services - -You can connect Surface Hub to your Windows Server Update Services (WSUS) server to manage updates. Updates will be controlled through approvals or automatic deployment rules configured in your WSUS server, so new upgrades will not be deployed until you choose to deploy them. - -**To manually connect a Surface Hub to a WSUS server:** -1. Open **Settings** on your Surface Hub. -2. Enter the device admin credentials when prompted. -3. Navigate to **Update & security** > **Windows Update** > **Advanced options** > **Configure Windows Server Update Services (WSUS) server**. -4. Click **Use WSUS Server to download updates** and type the URL of your WSUS server. - -To connect Surface Hub to a WSUS server using MDM, set an appropriate [Update/UpdateServiceUrl](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_UpdateServiceUrl) policy. - -**If you use a proxy server or other method to block URLs** - -If you use a method other than WSUS to block specific URLs and prevent updates, you will need to add the following Windows update trusted site URLs to the “allow list”: -- `http(s)://*.update.microsoft.com` -- `http://download.windowsupdate.com` -- `http://windowsupdate.microsoft.com` - -Once the Windows 10 Team Anniversary Update is installed, you can remove these addresses to return your Surface Hub to its previous state. - -## Maintenance window - -To ensure the device is always available for use during business hours, Surface Hub performs its administrative functions during a specified maintenance window. During the maintenance window, the Surface Hub automatically installs updates through Windows Update or WSUS, and reboots the device if needed. - -Surface Hub follows these guidelines to apply updates: -- Install the update during the next maintenance window. If a meeting is scheduled to start during a maintenance window, or the Surface Hub sensors detect that the device is being used, the pending update will be postponed to the following maintenance window. -- If the next maintenance window is past the update’s prescribed grace period, the device will calculate the next available slot during business hours using the estimated install time from the update’s metadata. It will continue to postpone the update if a meeting is scheduled, or the Surface Hub sensors detect that the device is being used. -- If the next maintenance window is **not** past the update's grace period, the Surface Hub will continue to postpone the update. -- If a reboot is needed, the Surface Hub will automatically reboot during the next maintenance window. - -> [!NOTE] -> Allow time for updates when you first setup your Surface Hub. For example, a backlog of virus definitions may be available, which should be immediately installed. - -A default maintenance window is set for all new Surface Hubs: -- **Start time:** 3:00 AM -- **Duration:** 1 hour - -**To manually change the maintenance window:** -1. Open **Settings** on your Surface Hub. -2. Navigate to **Update & security** > **Windows Update** > **Advanced options**. -3. Under **Maintenance hours**, select **Change**. - -To change the maintenance window using MDM, set the **MOMAgent** node in the [SurfaceHub configuration service provider](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). See [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md) for more details. - - -## More information - -- [Blog post: Servicing, Flighting, and Managing updates for Surface Hub (With Intune, of course!)](https://blogs.technet.microsoft.com/y0av/2018/05/31/7-3/) - - -## Related topics - -[Manage Microsoft Surface Hub](manage-surface-hub.md) - -[Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md) - diff --git a/devices/surface-hub/miracast-over-infrastructure.md b/devices/surface-hub/miracast-over-infrastructure.md deleted file mode 100644 index 5ef43af85c..0000000000 --- a/devices/surface-hub/miracast-over-infrastructure.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: Miracast on existing wireless network or LAN -description: Windows 10 enables you to send a Miracast stream over a local network. -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 04/24/2020 -ms.reviewer: -manager: laurawi -ms.localizationpriority: medium ---- - -# Miracast over infrastructure - -In the Windows 10, version 1703, Microsoft has extended the ability to send a Miracast stream over a local network rather than over a direct wireless link. This functionality is based on the [Miracast over Infrastructure Connection Establishment Protocol (MS-MICE)](https://msdn.microsoft.com/library/mt796768.aspx). - -Miracast over Infrastructure offers a number of benefits: - -- Windows automatically detects when sending the video stream over this path is applicable. -- Windows will only choose this route if the connection is over Ethernet or a secure Wi-Fi network. -- Users do not have to change how they connect to a Miracast receiver. They use the same UX as for standard Miracast connections. -- No changes to current wireless drivers or PC hardware are required. -- It works well with older wireless hardware that is not optimized for Miracast over Wi-Fi Direct. -- It leverages an existing connection which both reduces the time to connect and provides a very stable stream. - - -## How it works - -Users attempt to connect to a Miracast receiver through their Wi-Fi adapter as they did previously. When the list of Miracast receivers is populated, Windows 10 will identify that the receiver is capable of supporting a connection over the infrastructure. When the user selects a Miracast receiver, Windows 10 will attempt to resolve the device's hostname via standard DNS, as well as via multicast DNS (mDNS). If the name is not resolvable via either DNS method, Windows 10 will fall back to establishing the Miracast session using the standard Wi-Fi direct connection. - -> [!NOTE] -> For more information on the connection negotiation sequence, see [Miracast over Infrastructure Connection Establishment Protocol (MS-MICE)](https://msdn.microsoft.com/library/mt796768.aspx) - - - - -## Enabling Miracast over Infrastructure - -If you have a Surface Hub or other Windows 10 device that has been updated to Windows 10, version 1703, then you automatically have this new feature. To take advantage of it in your environment, you need to ensure the following is true within your deployment: - -- The Surface Hub or device (Windows PC or phone) needs to be running Windows 10, version 1703. -- Open TCP port: **7250**. -- A Surface Hub or Windows PC can act as a Miracast over Infrastructure *receiver*. A Windows PC or phone can act as a Miracast over Infrastructure *source*. - - As a Miracast receiver, the Surface Hub or device must be connected to your enterprise network via either Ethernet or a secure Wi-Fi connection (e.g. using either WPA2-PSK or WPA2-Enterprise security). If the Surface Hub or device is connected to an open Wi-Fi connection, Miracast over Infrastructure will disable itself. - - As a Miracast source, the Windows PC or phone must be connected to the same enterprise network via Ethernet or a secure Wi-Fi connection. -- The DNS Hostname (device name) of the Surface Hub or device needs to be resolvable via your DNS servers. You can achieve this by either allowing your Surface Hub to register automatically via Dynamic DNS, or by manually creating an A or AAAA record for the Surface Hub's hostname. -- Windows 10 PCs must be connected to the same enterprise network via Ethernet or a secure Wi-Fi connection. -- On Windows 10 PCs, the **Projecting to this PC** feature must be enabled in System Settings, and the device must have a Wi-Fi interface enabled in order to respond to discovery requests that only occur through the Wi-Fi adapter. - - -It is important to note that Miracast over Infrastructure is not a replacement for standard Miracast. Instead, the functionality is complementary, and provides an advantage to users who are part of the enterprise network. Users who are guests to a particular location and don’t have access to the enterprise network will continue to connect using the Wi-Fi Direct connection method. - -The **InBoxApps/WirelessProjection/PinRequired** setting in the [SurfaceHub configuration service provider (CSP)](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/surfacehub-csp) is not required for Miracast over Infrastructure. This is because Miracast over Infrastructure only works when both devices are connected to the same enterprise network. This removes the security restriction that was previously missing from Miracast. We recommend that you continue using this setting (if you used it previously) as Miracast will fall back to regular Miracast if the infrastructure connection does not work. - -## FAQ -**Why do I still need Wi-Fi to use Miracast over infrastructure?**
-Discovery requests to identify Miracast receivers can only occur through the Wi-Fi adapter. Once the receivers have been identified, Windows 10 can then attempt the connection to the network. diff --git a/devices/surface-hub/miracast-troubleshooting.md b/devices/surface-hub/miracast-troubleshooting.md deleted file mode 100644 index c4e2ff5b3e..0000000000 --- a/devices/surface-hub/miracast-troubleshooting.md +++ /dev/null @@ -1,84 +0,0 @@ ---- -title: Troubleshoot Miracast on Surface Hub -description: Learn how to resolve issues with Miracast on Surface Hub. -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 06/20/2019 -ms.reviewer: -manager: laurawi -ms.localizationpriority: medium ---- - -# Troubleshoot Miracast on Surface Hub - -Surface Hub supports wireless projection through the Miracast protocol. Most wireless monitors and adapters available today use the original implementation of Miracast. Surface Hub uses a slightly different version of Miracast known as **Miracast Autonomous Group Owner (AGO)**. A common troubleshooting step when projecting wirelessly to Surface Hub fails is to test projecting to another wireless monitor or adapter. However, in most cases, these devices are not using Miracast AGO and do not handle wireless projection the same way that Surface Hub does. - -In traditional Miracast, the projecting device will connect the access point set up by the Miracast-enabled monitor, and then the monitor will send traffic back to the projecting device using the network channel of the projecting device. Miracast AGO is a two-step connection process: - -- The first step is an initial connection using 2.4GHz. -- After that initial handshake, the projecting device sends traffic to the monitor using the wireless channel settings on the monitor. If Surface Hub is connected to a Wi-Fi network, the access point, it will use the same channel as the connected network, otherwise it will use the Miracast channel from Settings. - -There are generally two types of issues with Miracast to Surface Hub: [connection](#connect-issues) and [performance](#performance-issues). In either case, it is a good idea to get a general picture of wireless network activity in the Surface Hub's location. Running a network scanning tool will show you the available networks and channel usage in the environment. - -## Connect issues - -Ensure both Wi-Fi and Miracast are both enabled in Settings on Surface Hub. - -If you ran a network scan, you should see Surface Hub Miracast listed as an access point. If Surface Hub's Miracast network shows up on the scan, but you cannot not see it as an available device, you can try to adjust the Miracast channel used by Surface Hub. - -When Surface Hub is connected to a Wi-Fi network it will use the same channel settings as the Wi-Fi access point for its Miracast access point. For troubleshooting purposes, disconnect Surface Hub from any Wi-Fi networks (but keep Wi-Fi enabled), so you can control the channel used for Miracast. You can manually select the Miracast channel in Settings. You will need to restart Surface Hub after each change. Generally speaking, you will want to use channels that do not show heavy utilization from the network scan. - -It is also possible that the connect issue can be the result of a problem on the connecting device. If the projecting device is running Windows, it should be Windows 8.1 or newer for full Miracast support. Again, for troubleshooting, disconnect the projecting device from any Wi-Fi networks. This will eliminate any channel switching between the access point channel and the Miracast channel set on Surface Hub. Also, some Group Policy and firewall settings may be tied to a Wi-Fi network. - -### Check drivers - -It is also a good idea to ensure the latest drivers and updates are installed on the projecting device. In Device Manager, open the Wi-Fi adapter and video adapter and check for an updated driver version. [Hotfix 3120232](https://support.microsoft.com/help/3120232/poor-wireless-performance-on-5-ghz-connections-on-surface-pro-3-and-surface-3) is highly recommended for Surface Pro 3 and Surface Pro 4 if they are on an older Wi-Fi driver. - -### Check for Miracast support - -Next, ensure Miracast is supported on the device. - -1. Press Windows Key + R and type `dxdiag`. -2. Click "Save all information". -3. Open the saved dxdiag.txt and find **Miracast**. It should say **Available, with HDCP**. - -### Check firewall - -The Windows firewall can block Miracast traffic. The simplest test is to disable the firewall and test projection. If Miracast works with the firewall disabled, add an exception for - - C:\Windows\System32\WUDFHost.exe - Allow In/Out connections for TCP and UDP, Ports: All. - -### Check Group Policy settings - -On domain-joined devices, Group Policy can also block Miracast. - -1. Use the Windows Key + R and type `rsop.msc` to execute the **Resultant Set of Policy** snap-in. This will show the current policies applied to the PC. -2. Review **Computer Configuration** > **Windows Settings** > **Security Settings** > **Wireless Network (IEEE 802.11) Policies**. There should be a setting for wireless policies. -3. Double click the setting for wireless policies and a dialog box will appear. -4. Open the **Network Permissions** tab and select **Allow everyone to create all user profiles**. - -### Check event logs - -The last place to check is in the Event logs. Miracast events will be logged to **Wlanautoconfig**. This is true on both Surface Hub and the projecting device. If you export Surface Hub logs, you can view Surface Hub's Wlanautoconfig in the **WindowsEventLog** folder. Errors in the event log can provide some additional details on where the connection fails. - -## Performance issues - -After wireless projection is connected, it is possible to see performance issues causing latency. This is generally a result of overall channel saturation or a situation that causes channel switching. - -For channel saturation, refer to the network scan and try to use channels with less traffic. - -Channel switching is caused when the Wi-Fi adapter needs to send traffic to multiple channels. Certain channels support Dynamic Frequency Selection (DFS). DFS is used on channels 49 through 148. Some Wi-Fi drivers will show poor performance when connected to a DFS channel. If you are seeing poor Miracast performance while connected to a DFS channel, try the projection on a non-DFS channel. Both Surface Hub and projecting device should use non-DFS channels. - -If Surface Hub and the projecting device are both connected to Wi-Fi but using different access points with different channels, this will force Surface Hub and the projecting device to channel switch while Miracast is connected. This will result in both poor wireless project and poor network performance over Wi-Fi. The channel switching will affect the performance of all wireless traffic, not just wireless projection. - -Channel switching will also occur if the projecting device is connected to an Wi-Fi network using a different channel than the channel that Surface Hub uses for Miracast. So, a best practice is to set Surface Hub's Miracast channel to the same channel as the most commonly used access point. - -If there are multiple Wi-Fi networks or access points in the environment, some channel switching is unavoidable. This is best addressed by ensuring all Wi-Fi drivers are up to date. - -## Contact Support - -If you have questions or need help, you can [create a support request](https://support.microsoft.com/supportforbusiness/productselection). diff --git a/devices/surface-hub/monitor-surface-hub.md b/devices/surface-hub/monitor-surface-hub.md deleted file mode 100644 index 9828a8a268..0000000000 --- a/devices/surface-hub/monitor-surface-hub.md +++ /dev/null @@ -1,159 +0,0 @@ ---- -title: Monitor your Microsoft Surface Hub -description: Monitoring for Microsoft Surface Hub devices is enabled through Microsoft Operations Management Suite (OMS). -ms.assetid: 1D2ED317-DFD9-423D-B525-B16C2B9D6942 -ms.reviewer: -manager: laurawi -keywords: monitor Surface Hub, Microsoft Operations Management Suite, OMS -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 07/27/2017 -ms.localizationpriority: medium ---- - -# Monitor your Microsoft Surface Hub - -Monitoring for Microsoft Surface Hub devices is enabled through Microsoft Operations Management Suite (OMS). The [Operations Management Suite](https://go.microsoft.com/fwlink/?LinkId=718138) is Microsoft's IT management solution that helps you manage and protect your entire IT infrastructure, including your Surface Hubs. - - -Surface Hub is offered as a Log Analytics solution in OMS, allowing you to collect and view usage and reliability data across all your Surface Hubs. Use the Surface Hub solution to: -- Inventory your Surface Hubs. -- View a snapshot of usage and reliability data for Skype meetings, wired and wireless projection, and apps on your Surface Hubs. -- Create custom alerts to respond quickly if your Surface Hubs report software or hardware issues. - -## Add Surface Hub to Operations Management Suite - -1. **Sign in to Operations Management Suite (OMS)**. You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS. -2. **Create a new OMS workspace**. Enter a name for the workspace, select the workspace region, and provide the email address that you want associated with this workspace. Select **Create**. -3. **Link Azure subscription to your workspace**. If your organization already has an Azure subscription, you can link it to your workspace. Note that you may need to request access from your organization’s Azure administrator. - - > [!NOTE] - > If your organization does not have an Azure subscription, create a new one or select the default OMS Azure subscription from the list. Your workspace opens. - -4. **Add Surface Hub solution**. In the Solutions Gallery, select the **Surface Hub** tile in the gallery and then select **Add** on the solution’s details page. The solution is now visible on your workspace. - -## Use the Surface Hub dashboard -From the **Overview** page in your OMS workspace, click the Surface Hub tile to see the Surface Hub dashboard. Use the dashboard to get a snapshot of usage and reliability data across your Surface Hubs. Click into each view on the dashboard to see detailed data, modify the query as desired, and create alerts. - -> [!NOTE] -> Most of these views show data for the past 30 days, but this is subject to your subscription's data retention policy. - -**Active Surface Hubs** - -Use this view to get an inventory of all your Surface Hubs. Once connected to OMS, each Surface Hub periodically sends a "heartbeat" event to the server. This view shows Surface Hubs that have reported a heartbeat in the past 24 hours. - - - -**Wireless projection** - -Use this view to get usage and reliability data for wireless projection over the past 30 days. The graph shows the total number of wireless connections across all your Surface Hubs, which provides an indication whether people in your organization are using this feature. If it's a low number, it may suggest a need to provide training to help people in your organization learn how to wirelessly connect to a Surface Hub. - -Also, the graph shows a breakdown of successful and unsuccessful connections. If you see a high number of unsuccessful connections, devices may not properly support wireless projection using Miracast. For best performance, Microsoft suggests that devices run a WDI Wi-Fi driver and a WDDM 2.0 graphics driver. Use the details view to learn if wireless projection problems are common with particular devices. - -When a connection fails, users can also do the following if they are using a Windows laptop or phone: -- Remove the paired device from **Settings** > **Devices** > **Connected devices**, then try to connect again. -- Reboot the device. - -**Wired projection** - -Use this view to get usage and reliability data for wired projection over the past 30 days. If the graph shows a high number of unsuccessful connections, it may indicate a connectivity issue in your audio-visual pipeline. For example, if you use a HDMI repeater or a center-of-room control panel, they may need to be restarted. - -**Application usage** - -Use this view to get usage data for apps on your Surface Hubs over the past 30 days. The data comes from app launches on your Surface Hubs, not including Skype for Business. This view helps you understand which Surface Hub apps are the most valuable in your organization. If you are deploying new line-of-business apps in your environment, this can also help you understand how often they are being used. - -**Application Crashes** - -Use this view to get reliability data for apps on your Surface Hubs over the past 30 days. The data comes from app crashes on your Surface Hubs. This view helps you detect and notify app developers of poorly behaving in-box and line-of-business apps. - -**Sample Queries** - -Use this to create custom alerts based on a recommended set of queries. Alerts help you respond quickly if your Surface Hubs report software or hardware issues. For more inforamtion, see [Set up alerts using sample queries](#set-up-alerts-with-sample-queries). - -## Set up alerts with sample queries - -Use alerts to respond quickly if your Surface Hubs report software or hardware issues. Alert rules automatically run log searches according to a schedule, and runs one or more actions if the results match specific criteria. For more information, see [Alerts in Log Analytics](https://azure.microsoft.com/documentation/articles/log-analytics-alerts/). - -The Surface Hub Log Analytics solution comes with a set of sample queries to help you set up the appropriate alerts and understand how to resolve issues you may encounter. Use them as a starting point to plan your monitoring and support strategy. - -This table describes the sample queries in the Surface Hub solution: - -| Alert type | Impact | Recommended remediation | Details | -| ---------- | ------ | ----------------------- | ------- | -| Software | Error | **Reboot the device**.
Reboot manually, or using the [Reboot configuration service provider](https://msdn.microsoft.com/library/windows/hardware/mt720802(v=vs.85).aspx).
Suggest doing this between meetings to minimize impact to your people in your organization. | Trigger conditions:
- A critical process in the Surface Hub operating system, such as the shell, projection, or Skype, crashes or becomes non-responsive.
- The device hasn't reported a heartbeat in the past 24 hours. This may be due to network connectivity issue or network-related hardware failure, or an error with the diagnostic data reporting system. | -| Software | Error | **Check your Exchange service**.
Verify:
- The service is available.
- The device account password is up to date – see [Password management](password-management-for-surface-hub-device-accounts.md) for details.| Triggers when there's an error syncing the device calendar with Exchange. | -| Software | Error | **Check your Skype for Business service**.
Verify:
- The service is available.
- The device account password is up to date – see [Password management](password-management-for-surface-hub-device-accounts.md) for details.
- The domain name for Skype for Business is properly configured - see [Configure a domain name](use-fully-qualified-domain-name-surface-hub.md). | Triggers when Skype fails to sign in. | -| Software | Error | **Reset the device**.
This takes some time, so you should take the device offline.
For more information, see [Device reset](device-reset-surface-hub.md).| Triggers when there is an error cleaning up user and app data at the end of a session. When this operation repeatedly fails, the device is locked to protect user data. You must reset the device to continue. | -| Hardware | Warning | **None**. Indicates negligible impact to functionality.| Triggers when there is an error with any of the following hardware components:
- Virtual pen slots
- NFC driver
- USB hub driver
- Bluetooth driver
- Proximity sensor
- Graphical performance (video card driver)
- Mismatched hard drive
- No keyboard/mouse detected | -| Hardware | Error | **Contact Microsoft support**.
Indicates impact to core functionality (such as Skype, projection, touch, and internet connectivity).
**Note** Some events, including heartbeat, include the device’s serial number that you can use when contacting support.| Triggers when there is an error with any of the following hardware components.
**Components that affect Skype**:
- Speaker driver
- Microphone driver
- Camera driver
**Components that affect wired and wireless projection**:
- Wired touchback driver
- Wired ingest driver
- Wireless adapter driver
- Wi-Fi Direct error
**Other components**:
- Touch digitizer driver
- Network adapter error (not reported to OMS)| - -**To set up an alert** -1. From the Surface Hub solution, select one of the sample queries. -2. Modify the query as desired. See Log Analytics search reference to learn more. -3. Click **Alert** at the top of the page to open the **Add Alert Rule** screen. See [Alerts in Log Analytics](https://azure.microsoft.com/documentation/articles/log-analytics-alerts/) for details on the options to configure the alert. -4. Click **Save** to complete the alert rule. It will start running immediately. - -## Enroll your Surface Hub - -For Surface Hub to connect to and register with the OMS service, it must have access to the port number of your domains and the URLs. This table list the ports that OMS needs. For more information, see [Configure proxy and firewall settings in Log Analytics](https://azure.microsoft.com/documentation/articles/log-analytics-proxy-firewall/). - ->[!NOTE] ->Surface Hub does not currently support the use of a proxy server to communicate with the OMS service. - -| Agent resource | Ports | Bypass HTTPS inspection? | -| --------------------------- | ----- | ------------------------ | -| *.ods.opinsights.azure.com | 443 | Yes | -| *.oms.opinsights.azure.com | 443 | Yes | -| *.blob.core.windows.net | 443 | Yes | -| ods.systemcenteradvisor.com | 443 | No | - -The Microsoft Monitoring Agent, used to connect devices to OMS, is integrated with the Surface Hub operating system, so there is no need to install additional clients to connect Surface Hub to OMS. - -Once your OMS workspace is set up, there are several ways to enroll your Surface Hub devices: -- [Settings app](#enroll-using-the-settings-app) -- [Provisioning package](#enroll-using-a-provisioning-package) -- [MDM provider](#enroll-using-a-mdm-provider), such as Microsoft Intune and Configuration Manager - -You'll need the workspace ID and primary key of your OMS workspace. You can get these from the OMS portal. - -### Enroll using the Settings app - -**To Enroll using the settings app** - -1. From your Surface Hub, start **Settings**. -2. Enter the device admin credentials when prompted. -3. Select **This device**, and navigate to **Device management**. -4. Under **Monitoring**, select **Configure OMS settings**. -5. In the OMS settings dialog, select **Enable monitoring**. -6. Type the workspace ID and primary key of your OMS workspace. You can get these from the OMS portal. -7. Click **OK** to complete the configuration. - -A confirmation dialog will appear telling you whether or not the OMS configuration was successfully applied to the device. If it was, the device will start sending data to OMS. - -### Enroll using a provisioning package -You can use a provisioning package to enroll your Surface Hub. For more information, see [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md). - -### Enroll using a MDM provider -You can enroll Surface Hub into OMS using the SurfaceHub CSP. Intune and Configuration Manager provide built-in experiences to help create policy templates for Surface Hub. For more information, see [Manage Surface Hub settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md). - -## Related topics - -[Manage Microsoft Surface Hub](manage-surface-hub.md) - -[Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md) - -  - -  - - - - - diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md deleted file mode 100644 index d35f03b804..0000000000 --- a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md +++ /dev/null @@ -1,164 +0,0 @@ ---- -title: On-premises deployment single forest (Surface Hub) -description: This topic explains how you add a device account for your Microsoft Surface Hub when you have a single-forest, on-premises deployment. -ms.assetid: 80E12195-A65B-42D1-8B84-ECC3FCBAAFC6 -ms.reviewer: -manager: laurawi -keywords: single forest deployment, on prem deployment, device account, Surface Hub -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.date: 08/28/2018 -ms.localizationpriority: medium ---- - -# On-premises deployment for Surface Hub in a single-forest environment - - -This topic explains how you add a device account for your Microsoft Surface Hub when you have a single-forest, on-premises deployment. - -If you have a single-forest on-premises deployment with Microsoft Exchange 2013 or later and Skype for Business 2013 or later, then you can [use the provided PowerShell scripts](appendix-a-powershell-scripts-for-surface-hub.md#create-on-premises-ps-scripts) to create device accounts. If you’re using a multi-forest deployment, see [On-premises deployment for Surface Hub in a multi-forest environment](on-premises-deployment-surface-hub-multi-forest.md). - -1. Start a remote PowerShell session from a PC and connect to Exchange. - - Be sure you have the right permissions set to run the associated cmdlets. - - Note here that `$strExchangeServer` is the fully qualified domain name (FQDN) of your Exchange server, and `$strLyncFQDN` is the FQDN of your Skype for Business server. - - ```PowerShell - Set-ExecutionPolicy Unrestricted - $org='contoso.microsoft.com' - $cred=Get-Credential $admin@$org - $sessExchange = New-PSSession -ConfigurationName microsoft.exchange -Credential $cred -AllowRedirection -Authentication Kerberos -ConnectionUri "http://$strExchangeServer/powershell" -WarningAction SilentlyContinue - $sessLync = New-PSSession -Credential $cred -ConnectionURI "https://$strLyncFQDN/OcsPowershell" -AllowRedirection -WarningAction SilentlyContinue - Import-PSSession $sessExchange - Import-PSSession $sessLync - ``` - -2. After establishing a session, you’ll either create a new mailbox and enable it as a RoomMailboxAccount, or change the settings for an existing room mailbox. This will allow the account to authenticate into the Surface Hub. - - If you're changing an existing resource mailbox: - - ```PowerShell - Set-Mailbox -Identity 'HUB01' -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force) - ``` - - If you’re creating a new resource mailbox: - - ```PowerShell - New-Mailbox -UserPrincipalName HUB01@contoso.com -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force) - ``` -> [!IMPORTANT] -> ActiveSync Virtual Directory Basic Authentication is required to be enabled as the Surface Hub is unable to authenticate using other authentication methods. - -3. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy. - - Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to False. If this isn’t set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled. - - If you haven’t created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts. - - ```PowerShell - $easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false - ``` - - Once you have a compatible policy, then you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. You need to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox—you may need to re-enable it and set the password again too. - - ```PowerShell - $acctUpn = Get-Mailbox -Identity "" - $credNewAccount.Password = ConvertTo-SecureString -String -AsPlainText -Force - Set-Mailbox $acctUpn -Type Regular - Set-CASMailbox $acctUpn -ActiveSyncMailboxPolicy $easPolicy - Set-Mailbox $acctUpn -Type Room - Set-Mailbox $acctUpn -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true - ``` - -4. Various Exchange properties can be set on the device account to improve the meeting experience for people. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section. - - ```PowerShell - Set-CalendarProcessing -Identity $acctUpn -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false - Set-CalendarProcessing -Identity $acctUpn -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!" - ``` - -5. If you decide to have the password not expire, you can set that with PowerShell cmdlets too. See [Password management](password-management-for-surface-hub-device-accounts.md) for more information. - - ```PowerShell - Set-AdUser $acctUpn -PasswordNeverExpires $true - ``` - -6. Enable the account in Active Directory so it will authenticate to the Surface Hub. - - ```PowerShell - Set-AdUser $acctUpn -Enabled $true - ``` - -7. Enable the device account with Skype for Business by enabling your Surface Hub AD account on a Skype for Business Server pool: - - ```PowerShell - Enable-CsMeetingRoom -SipAddress "sip:HUB01@contoso.com" - -DomainController DC-ND-001.contoso.com -RegistrarPool LYNCPool15.contoso.com - -Identity HUB01 - ``` - - You'll need to use the Session Initiation Protocol (SIP) address and domain controller for the Surface Hub, along with your own Skype for Business Server pool identifier and user identity. - -8. OPTIONAL: You can also allow your Surface Hub to make and receive public switched telephone network (PSTN) phone calls by enabling Enterprise Voice for your account. Enterprise Voice isn't a requirement for Surface Hub, but if you want PSTN dialing functionality for the Surface Hub client, here's how to enable it: - - ```PowerShell - Set-CsMeetingRoom -Identity HUB01 -DomainController DC-ND-001.contoso.com -LineURI "tel:+14255550555;ext=50555" -EnterpriseVoiceEnabled $true - ``` - - Again, you need to replace the provided domain controller and phone number examples with your own information. The parameter value `$true` stays the same. - - - ## Disable anonymous email and IM - - - - -Surface Hub uses a device account to provide email and collaboration services (IM, video, voice). This device account is used as the originating identity (the “from” party) when sending email, IM, and placing calls. As this account is not coming from an individual, identifiable user, it is deemed “anonymous” because it originated from the Surface Hub's device account. - -Assume you have a per-user client policy assigned to each meeting room device with an identity of **SurfaceHubPolicy**. To disable anonymous email and messaging, you add a clientPolicyEntry to this client policy by using the following commands. - -``` -$policyEntry = New-CsClientPolicyEntry -Name AllowResourceAccountSendMessage -value $false -$clientPolicy = Get-CsClientPolicy -Identity SurfaceHubPolicy -$clientPolicy.PolicyEntry.Add($policyEntry) -Set-CsClientPolicy -Instance $clientPolicy -``` - -To verify that the policy has been set: - -``` -Select-Object -InputObject $clientPolicy -Property PolicyEntry -``` - -The output should be: - -``` -PolicyEntry ------------ -{Name=AllowResourceAccountSendMessage;Value=False} -``` - - -To change the policy entry: - -``` -$policyEntry = New-CsClientPolicyEntry -Name AllowResourceAccountSendMessage -value $true -$clientPolicy | Set-CsClientPolicy -PolicyEntry @{Replace = $policyEntry} -``` - -To remove the policy entry: - -``` -$policyEntry = New-CsClientPolicyEntry -Name AllowResourceAccountSendMessage -value $true -$clientPolicy | Set-CsClientPolicy -PolicyEntry @{Remove = $policyEntry} -``` - - - - - - - diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md b/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md deleted file mode 100644 index 170dd03968..0000000000 --- a/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md +++ /dev/null @@ -1,148 +0,0 @@ ---- -title: On-premises deployment multi-forest (Surface Hub) -description: This topic explains how you add a device account for your Microsoft Surface Hub when you have a multi-forest, on-premises deployment. -keywords: multi forest deployment, on prem deployment, device account, Surface Hub -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.date: 08/28/2018 -ms.reviewer: -manager: laurawi -ms.localizationpriority: medium ---- - -# On-premises deployment for Surface Hub in a multi-forest environment - - -This topic explains how you add a device account for your Microsoft Surface Hub when you have a multi-forest, on-premises deployment. - -If you have a multi-forest on-premises deployment with Microsoft Exchange 2013 or later and Skype for Business 2013 or later, then you can [use the provided PowerShell scripts](appendix-a-powershell-scripts-for-surface-hub.md#create-on-premises-ps-scripts) to create device accounts. If you’re using a single-forest deployment, see [On-premises deployment for Surface Hub in a single-forest environment](on-premises-deployment-surface-hub-device-accounts.md). - -1. Start a remote PowerShell session from a PC and connect to Exchange. - - Be sure you have the right permissions set to run the associated cmdlets. - - Note here that `$strExchangeServer` is the fully qualified domain name (FQDN) of your Exchange server, and `$strLyncFQDN` is the FQDN of your Skype for Business server. - - ```PowerShell - Set-ExecutionPolicy Unrestricted - $org='contoso.microsoft.com' - $cred=Get-Credential $admin@$org - $sessExchange = New-PSSession -ConfigurationName microsoft.exchange -Credential $cred -AllowRedirection -Authentication Kerberos -ConnectionUri "http://$strExchangeServer/powershell" -WarningAction SilentlyContinue - $sessLync = New-PSSession -Credential $cred -ConnectionURI "https://$strLyncFQDN/OcsPowershell" -AllowRedirection -WarningAction SilentlyContinue - Import-PSSession $sessExchange - Import-PSSession $sessLync - ``` - -2. After establishing a session, create a new mailbox in the Resource Forest. This will allow the account to authenticate into the Surface Hub. - - If you're changing an existing resource mailbox: - - ```PowerShell - New-Mailbox -UserPrincipalName HUB01@contoso.com -Alias HUB01 -Name "Hub-01" - ``` - -3. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy. - - Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to **False**. If this isn’t set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled. - - If you haven’t created a compatible policy yet, use the following cmdlet-—this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts. - - ```PowerShell - $easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false - ``` - - Once you have a compatible policy, then you will need to apply the policy to the device account. - - ```PowerShell - Set-CASMailbox $acctUpn -ActiveSyncMailboxPolicy $easPolicy -ActiveSyncEnabled $true - Set-Mailbox $acctUpn -Type Room - ``` - -4. Various Exchange properties can be set on the device account to improve the meeting experience for people. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section. - - ```PowerShell - Set-CalendarProcessing -Identity $acctUpn -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false - Set-CalendarProcessing -Identity $acctUpn -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!" - ``` - -5. If you decide to have the password not expire, you can set that with PowerShell cmdlets too. See [Password management](password-management-for-surface-hub-device-accounts.md) for more information. This should be set in the User Forest. - - ```PowerShell - Set-AdUser $acctUpn -PasswordNeverExpires $true - ``` - -6. Enable the account in Active Directory so it will authenticate to the Surface Hub. This should be set in the User Forest. - - ```PowerShell - Set-AdUser $acctUpn -Enabled $true - ``` - -6. You now need to change the room mailbox to a linked mailbox: - - ```PowerShell - $cred=Get-Credential AuthForest\ADAdmin - Set-mailbox -Alias LinkedRoomTest1 -LinkedMasterAccount AuthForest\LinkedRoomTest1 -LinkedDomainController AuthForest-4939.AuthForest.extest.contoso.com -Name LinkedRoomTest1 -LinkedCredential $cred -Identity LinkedRoomTest1 - ``` - -7. Enable the device account with Skype for Business by enabling your Surface Hub AD account on a Skype for Business Server pool: - - ```PowerShell - Enable-CsMeetingRoom -SipAddress "sip:HUB01@contoso.com" - -DomainController DC-ND-001.contoso.com -RegistrarPool LYNCPool15.contoso.com - -Identity HUB01 - ``` - - You'll need to use the Session Initiation Protocol (SIP) address and domain controller for the Surface Hub, along with your own Skype for Business Server pool identifier and user identity. - - -## Disable anonymous email and IM - - - -Surface Hub uses a device account to provide email and collaboration services (IM, video, voice). This device account is used as the originating identity (the “from” party) when sending email, IM, and placing calls. As this account is not coming from an individual, identifiable user, it is deemed “anonymous” because it originated from the Surface Hub's device account. - -Assume you have a per-user client policy assigned to each meeting room device with an identity of **SurfaceHubPolicy**. To disable anonymous email and messaging, you add a clientPolicyEntry to this client policy by using the following commands. - -``` -$policyEntry = New-CsClientPolicyEntry -Name AllowResourceAccountSendMessage -value $false -$clientPolicy = Get-CsClientPolicy -Identity SurfaceHubPolicy -$clientPolicy.PolicyEntry.Add($policyEntry) -Set-CsClientPolicy -Instance $clientPolicy -``` - -To verify that the policy has been set: - -``` -Select-Object -InputObject $clientPolicy -Property PolicyEntry -``` - -The output should be: - -``` -PolicyEntry ------------ -{Name=AllowResourceAccountSendMessage;Value=False} -``` - - -To change the policy entry: - -``` -$policyEntry = New-CsClientPolicyEntry -Name AllowResourceAccountSendMessage -value $true -$clientPolicy | Set-CsClientPolicy -PolicyEntry @{Replace = $policyEntry} -``` - -To remove the policy entry: - -``` -$policyEntry = New-CsClientPolicyEntry -Name AllowResourceAccountSendMessage -value $true -$clientPolicy | Set-CsClientPolicy -PolicyEntry @{Remove = $policyEntry} -``` -  - - - - - diff --git a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md b/devices/surface-hub/online-deployment-surface-hub-device-accounts.md deleted file mode 100644 index 30f0e34b1f..0000000000 --- a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md +++ /dev/null @@ -1,153 +0,0 @@ ---- -title: Online deployment with Office 365 (Surface Hub) -description: This topic has instructions for adding a device account for your Microsoft Surface Hub when you have a pure, online deployment. -ms.assetid: D325CA68-A03F-43DF-8520-EACF7C3EDEC1 -ms.reviewer: -manager: laurawi -keywords: device account for Surface Hub, online deployment -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 02/21/2018 -ms.localizationpriority: medium ---- - -# Online deployment with Office 365 (Surface Hub) - - -This topic has instructions for adding a device account for your Microsoft Surface Hub when you have a pure, online deployment. - -If you have a pure, online (O365) deployment, then you can [use the provided PowerShell scripts](appendix-a-powershell-scripts-for-surface-hub.md#create-os356-ps-scripts) to create device accounts. - -1. Start a remote PowerShell session on a PC and connect to Exchange. - - Be sure you have the right permissions set to run the associated cmdlets. - - ```PowerShell - Set-ExecutionPolicy RemoteSigned - $org='contoso.microsoft.com' - $cred=Get-Credential admin@$org - $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection - Import-PSSession $sess - ``` - -2. After establishing a session, you’ll either create a new mailbox and enable it as a RoomMailboxAccount, or change the settings for an existing room mailbox. This will allow the account to authenticate into the Surface Hub. - - If you're changing an existing resource mailbox: - - ```PowerShell - Set-Mailbox -Identity 'HUB01' -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force) - ``` - - If you’re creating a new resource mailbox: - - ```PowerShell - New-Mailbox -MicrosoftOnlineServicesID HUB01@contoso.com -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force) - ``` - -3. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy. - - Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to False. If this isn’t set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled. - - If you haven’t created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts. - - ```PowerShell - $easPolicy = New-MobileDeviceMailboxPolicy -Name "SurfaceHubs" -PasswordEnabled $false -AllowNonProvisionableDevices $True - ``` - - Once you have a compatible policy, then you will need to apply the policy to the device account. - - ```PowerShell - Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.Id - ``` - -4. Various Exchange properties must be set on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section. - - ```PowerShell - Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false - Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!" - ``` - -5. Connect to Azure AD. - - You first need to install Azure AD module for PowerShell version 2. In an elevated powershell prompt run the following command : - - ```PowerShell - Install-Module -Name AzureAD - ``` - You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect. - - ```PowerShell - Import-Module AzureAD - Connect-AzureAD -Credential $cred - ``` - -6. If you decide to have the password not expire, you can set that with PowerShell cmdlets too. See [Password management](password-management-for-surface-hub-device-accounts.md) for more information. - - ```PowerShell - Set-AzureADUser -ObjectId "HUB01@contoso.com" -PasswordPolicies "DisablePasswordExpiration" - ``` - -7. Surface Hub requires a license for Skype for Business functionality. In order to enable Skype for Business, your environment will need to meet the [prerequisites for Skype for Business online](hybrid-deployment-surface-hub-device-accounts.md#skype-for-business-online). - - Next, you can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant. - - Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable. - - ```PowerShell - Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US" - - Get-AzureADSubscribedSku | Select Sku*,*Units - $License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense - $License.SkuId = SkuId You selected - - $AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses - $AssignedLicenses.AddLicenses = $License - $AssignedLicenses.RemoveLicenses = @() - - Set-AzureADUserLicense -ObjectId "HUB01@contoso.com" -AssignedLicenses $AssignedLicenses - ``` - -8. Enable the device account with Skype for Business. - If the Skype for Business PowerShell module is not installed, [download the Skype for Business Online Windows PowerShell Module](https://www.microsoft.com/download/details.aspx?id=39366). - - - Start by creating a remote PowerShell session from a PC. - - ```PowerShell - Import-Module SkypeOnlineConnector - $cssess=New-CsOnlineSession -Credential $cred - Import-PSSession $cssess -AllowClobber - ``` - - - Next, if you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet (for example, alice@contoso.com): - - ```PowerShell - Get-CsOnlineUser -Identity 'alice@contoso.com' | fl registrarpool - ``` - OR by setting a variable - - ```PowerShell - $strRegistrarPool = Get-CsOnlineUser -Identity 'alice@contoso.com' | fl registrarpool | out-string - $strRegistrarPool = $strRegistrarPool.Substring($strRegistrarPool.IndexOf(':') + 2) - ``` - - - Enable the Surface Hub account with the following cmdlet: - - ```PowerShell - Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool yourRegistrarPool -SipAddressType EmailAddress - ``` - - OR using the $strRegistarPool variable from above - - ```PowerShell - Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool $strRegistrarPool -SipAddressType EmailAddress - ``` - -For validation, you should be able to use any Skype for Business client (PC, Android, etc) to sign in to this account. - - - - - diff --git a/devices/surface-hub/password-management-for-surface-hub-device-accounts.md b/devices/surface-hub/password-management-for-surface-hub-device-accounts.md deleted file mode 100644 index 1ef2fcaa46..0000000000 --- a/devices/surface-hub/password-management-for-surface-hub-device-accounts.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -title: Password management (Surface Hub) -description: Every Microsoft Surface Hub device account requires a password to authenticate and enable features on the device. -ms.assetid: 0FBFB546-05F0-430E-905E-87111046E4B8 -ms.reviewer: -manager: laurawi -keywords: password, password management, password rotation, device account -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 07/27/2017 -ms.localizationpriority: medium ---- - -# Password management (Surface Hub) - -Every Microsoft Surface Hub device account requires a password to authenticate and enable features on the device. For security reasons, you may want to change (or "rotate") this password regularly. However, if the device account’s password changes, the password that was previously stored on the Surface Hub will be invalid, and all features that depend on the device account will be disabled. You will need to update the device account’s password on the Surface Hub from the Settings app to re-enable these features. - -To simplify password management for your Surface Hub device accounts, there are two options: - -1. Turn off password expiration for the device account. -2. Allow the Surface Hub to automatically rotate the device account’s password. - - -## Turn off password rotation for the device account - -Set the device account’s **PasswordNeverExpires** property to True. You should verify whether this meets your organization’s security requirements. - - -## Allow the Surface Hub to automatically rotate the device account’s password - -The Surface Hub can manage a device account’s password by changing it frequently without requiring you to manually update the device account’s information. You can enable this feature in **Settings**. Once enabled, the device account's password will change weekly during maintenance hours. - -Note that when the device account’s password is changed, you will not be shown the new password. If you need to sign in to the account, or to provide the password again (for example, if you want to change the device account settings on the Surface Hub), then you'll need use Active Directory or the Office 365 admin portal to reset the password. - -> [!IMPORTANT] -> If your organization uses a hybrid topology (some services are hosted on-premises and some are hosted online through Office 365), you must setup the device account in **domain\username** format. Otherwise, password rotation will not work. diff --git a/devices/surface-hub/physically-install-your-surface-hub-device.md b/devices/surface-hub/physically-install-your-surface-hub-device.md deleted file mode 100644 index aeadcb900a..0000000000 --- a/devices/surface-hub/physically-install-your-surface-hub-device.md +++ /dev/null @@ -1,34 +0,0 @@ ---- -title: Physically install Microsoft Surface Hub -description: The Microsoft Surface Hub Readiness Guide will help make sure that your site is ready for the installation. -ms.assetid: C764DBFB-429B-4B29-B4E8-D7F0073BC554 -ms.reviewer: -manager: laurawi -keywords: Surface Hub, readiness guide, installation location, mounting options -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 07/27/2017 -ms.localizationpriority: medium ---- - -# Physically install Microsoft Surface Hub - - -The [Microsoft Surface Hub Readiness Guide](surface-hub-site-readiness-guide.md) will help make sure that your site is ready for the installation. It includes planning information for both the 55" and 84" devices, as well as info on moving the Surface Hub from receiving to the installation location, mounting options, and a list of what's in the box. - -You may also want to check out the Unpacking Guide. It will show you how to unpack the devices efficiently and safely. There are two guides, one for the 55" and one for the 84". A printed version of the Unpacking Guide is attached to the outside front of each unit's shipping crate. - -- Download the 55" Unpacking Guide from the [Microsoft Download Center](https://go.microsoft.com/fwlink/?LinkId=718145). -- Download the 84" version from the [Microsoft Download Center](https://go.microsoft.com/fwlink/?LinkId=718146). - -  - -  - - - - - diff --git a/devices/surface-hub/prepare-your-environment-for-surface-hub.md b/devices/surface-hub/prepare-your-environment-for-surface-hub.md deleted file mode 100644 index 69ca8e6c3e..0000000000 --- a/devices/surface-hub/prepare-your-environment-for-surface-hub.md +++ /dev/null @@ -1,133 +0,0 @@ ---- -title: Prepare your environment for Microsoft Surface Hub -description: This section contains an overview of the steps required to prepare your environment so that you can use all of the features of Microsoft Surface Hub. -ms.assetid: 336A206C-5893-413E-A270-61BFF3DF7DA9 -ms.reviewer: -manager: laurawi -keywords: prepare environment, features of Surface Hub, create and test device account, check network availability -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 12/04/2017 -ms.localizationpriority: medium ---- - -# Prepare your environment for Microsoft Surface Hub - - -This section contains an overview of setup dependencies and the setup process. Review the info in this section to help you prepare your environment and gather information needed to set up your Surface Hub. - - -## Review infrastructure dependencies -Review these dependencies to make sure Surface Hub features will work in your IT infrastructure. - -| Dependency | Purpose | -|-------------|------------------| -| Active Directory or Azure Active Directory (Azure AD) |

The Surface Hub's uses an Active Directory or Azure AD account (called a **device account**) to access Exchange and Skype for Business services. The Surface Hub must be able to connect to your Active Directory domain controller or to your Azure AD tenant in order to validate the device account’s credentials, as well as to access information like the device account’s display name, alias, Exchange server, and Session Initiation Protocol (SIP) address.

You can also domain join or Azure AD join your Surface Hub to allow a group of authorized users to configure settings on the Surface Hub. | -| Exchange (Exchange 2013 or later, or Exchange Online) and Exchange ActiveSync |

Exchange is used for enabling mail and calendar features, and also lets people who use the device send meeting requests to the Surface Hub, enabling one-touch meeting join.

ActiveSync is used to sync the device account’s calendar and mail to the Surface Hub. If the device cannot use ActiveSync, it will not show meetings on the welcome screen, and joining meetings and emailing whiteboards will not be enabled. | -| Skype for Business (Lync Server 2013 or later, or Skype for Business Online) | Skype for Business is used for various conferencing features, like video calls, instant messaging, and screen sharing.| -| Mobile device management (MDM) solution (Microsoft Intune, Microsoft Endpoint Configuration Manager, or supported third-party MDM provider) | If you want to apply settings and install apps remotely, and to multiple devices at a time, you must set up a MDM solution and enroll the device to that solution. See [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md) for details. | -| Microsoft Operations Management Suite (OMS) | OMS is used to monitor the health of Surface Hub devices. See [Monitor your Surface Hub](monitor-surface-hub.md) for details. | -| Network and Internet access | In order to function properly, the Surface Hub should have access to a wired or wireless network. Overall, a wired connection is preferred. 802.1X Authentication is supported for both wired and wireless connections.


**802.1X authentication:** In Windows 10, version 1703, 802.1X authentication for wired and wireless connections is enabled by default in Surface Hub. If your organization doesn't use 802.1X authentication, there is no configuration required and Surface Hub will continue to function as normal. If you use 802.1X authentication, you must ensure that the authentication certification is installed on Surface Hub. You can deliver the certificate to Surface Hub using the [ClientCertificateInstall CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/clientcertificateinstall-csp) in MDM, or you can [create a provisioning package](provisioning-packages-for-surface-hub.md) and install it during first run or through the Settings app. After the certificate is applied to Surface Hub, 802.1X authentication will start working automatically.
**Note:** For more information on enabling 802.1X wired authentication on Surface Hub, see [Enable 802.1x wired authentication](enable-8021x-wired-authentication.md).

**Dynamic IP:** The Surface Hub cannot be configured to use a static IP. It must use DHCP to assign an IP address.

**Proxy servers:** If your topology requires a connection to a proxy server to reach Internet services, then you can configure it during first run, or in Settings. Proxy credentials are stored across Surface Hub sessions and only need to be set once. | - -Additionally, note that Surface Hub requires the following open ports: -- HTTPS: 443 -- HTTP: 80 -- NTP: 123 - -If you are using Surface Hub with Skype for Business, you will need to open additional ports. Please follow the guidance below: -- If you use Skype for Business Online, see [Office 365 IP URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US). -- If you use Skype for Business Server, see [Skype for Business Server: Ports and protocols for internal servers](https://docs.microsoft.com/SkypeForBusiness/plan-your-deployment/network-requirements/ports-and-protocols). -- If you use a hybrid of Skype for Business Online and Skype for Business Server, you need to open all documented ports from [Office 365 IP URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) and [Skype for Business Server: Ports and protocols for internal servers](https://docs.microsoft.com/SkypeForBusiness/plan-your-deployment/network-requirements/ports-and-protocols?toc=/SkypeForBusiness/toc.json&bc=/SkypeForBusiness/breadcrumb/toc.json). - -Microsoft collects diagnostic data to help improve your Surface Hub experience. Add these sites to your allow list: -- Diagnostic data client endpoint: `https://vortex.data.microsoft.com/` -- Diagnostic data settings endpoint: `https://settings.data.microsoft.com/` - -### Proxy configuration - -If your organization restricts computers on your network from connecting to the Internet, there is a set of URLs that need to be available for devices to use Microsoft Store for Business. Some of the Store for Business features use Microsoft Store app and Microsoft Store services. Devices using Store for Business – either to acquire, install, or update apps – will need access to these URLs. If you use a proxy server to block traffic, your configuration needs to allow these URLs: - -- login.live.com -- login.windows.net -- account.live.com -- clientconfig.passport.net -- windowsphone.com -- *.wns.windows.com -- *.microsoft.com -- www.msftncsi.com (prior to Windows 10, version 1607) -- www.msftconnecttest.com/connecttest.txt (replaces www.msftncsi.com starting with Windows 10, version 1607) - - -## Work with other admins - -Surface Hub interacts with a few different products and services. Depending on the size of your organization, there could be multiple people supporting different products in your environment. You'll want to include people who manage Exchange, Active Directory (or Azure Active Directory), mobile device management (MDM), and network resources in your planning and prep for Surface Hub deployments. - - -## Create and verify device account - -A device account is an Exchange resource account that Surface Hub uses to display its meeting calendar, join Skype for Business calls, send email, and (optionally) to authenticate to Exchange. See [Create and test a device account](create-and-test-a-device-account-surface-hub.md) for details. - -After you've created your device account, to verify that it's setup correctly, run Surface Hub device account validation PowerShell scripts. For more information, see [PowerShell scripts for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) later in this guide. - - - -## Prepare for first-run program -There are a few more item to consider before you start the [first-run program](first-run-program-surface-hub.md). - -### Create provisioning packages (optional) -You can use provisioning packages to add certificates, customize settings and install apps. See [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md) for details. You can [install provisioning packages at first-run](first-run-program-surface-hub.md#first-page). - -### Set up admin groups -Every Surface Hub can be configured locally using the Settings app on the device. To prevent unauthorized users from changing settings, the Settings app requires admin credentials to open the app. See [Admin group management](admin-group-management-for-surface-hub.md) for details on how admin groups are set up and managed. You will [set up admins for the device at first run](first-run-program-surface-hub.md#setup-admins). - -### Review and complete Surface Hub setup worksheet (optional) -When you go through the first-run program for your Surface Hub, there's some information that you'll need to supply. The setup worksheet summarizes that info, and provides lists of environment-specific info that you'll need when you go through the first-run program. For more information, see [Setup worksheet](setup-worksheet-surface-hub.md). - - -## In this section - - ---- - - - - - - - - - - - - - - - - - - - - -
TopicDescription

Create and test a device account

This topic introduces how to create and test the device account that Surface Hub uses to communicate with and Skype.

Create provisioning packages

For Windows 10, settings that use the registry or a content services platform (CSP) can be configured using provisioning packages. You can also add certificates during first run using provisioning.

Admin group management

Every Surface Hub can be configured individually by opening the Settings app on the device. However, to prevent people who are not administrators from changing the settings, the Settings app requires administrator credentials to open the app and change settings.

-

The Settings app requires local administrator credentials to open the app.

- -## More information - -- [Blog post: Surface Hub and the Skype for Business Trusted Domain List](https://blogs.technet.microsoft.com/y0av/2017/10/25/95/) -- [Blog post: Surface Hub in a Multi-Domain Environment](https://blogs.technet.microsoft.com/y0av/2017/11/08/11/) -- [Blog post: Configuring a proxy for your Surface Hub](https://blogs.technet.microsoft.com/y0av/2017/12/03/7/) - - - - - - - - - diff --git a/devices/surface-hub/provisioning-packages-for-surface-hub.md b/devices/surface-hub/provisioning-packages-for-surface-hub.md deleted file mode 100644 index 305403b9dc..0000000000 --- a/devices/surface-hub/provisioning-packages-for-surface-hub.md +++ /dev/null @@ -1,322 +0,0 @@ ---- -title: Create provisioning packages (Surface Hub) -description: For Windows 10, settings that use the registry or a configuration service provider (CSP) can be configured using provisioning packages. -ms.assetid: 8AA25BD4-8A8F-4B95-9268-504A49BA5345 -ms.reviewer: -manager: laurawi -keywords: add certificate, provisioning package -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 03/16/2019 -ms.localizationpriority: medium ---- - -# Create provisioning packages (Surface Hub) - -This topic explains how to create a provisioning package using the Windows Configuration Designer, and apply it to Surface Hub devices. For Surface Hub, you can use provisioning packages to add certificates, install Universal Windows Platform (UWP) apps, and customize policies and settings. - -You can apply a provisioning package using a USB stick during first-run setup, or through the **Settings** app. - - -## Advantages -- Quickly configure devices without using a mobile device management (MDM) provider. - -- No network connectivity required. - -- Simple to apply. - -[Learn more about the benefits and uses of provisioning packages.](https://technet.microsoft.com/itpro/windows/configure/provisioning-packages) - - -## Requirements - -To create and apply a provisioning package to a Surface Hub, you'll need the following: - -- Windows Configuration Designer, which can be installed from Microsoft Store or from the Windows 10 Assessment and Deployment Kit (ADK). [Learn how to install Windows Configuration Designer.](https://technet.microsoft.com/itpro/windows/configure/provisioning-install-icd) -- A USB stick. -- If you apply the package using the **Settings** app, you'll need device admin credentials. - -You create the provisioning package on a PC running Windows 10, save the package to a USB drive, and then deploy it to your Surface Hub. - - -## Supported items for Surface Hub provisioning packages - -Using the **Provision Surface Hub devices** wizard, you can: - -- Enroll in Active Directory, Azure Active Directory, or MDM -- Create an device administrator account -- Add applications and certificates -- Configure proxy settings -- Add a Surface Hub configuration file - ->[!WARNING] ->You must run Windows Configuration Designer on Windows 10 to configure Azure Active Directory enrollment using the wizard. - -Using the advanced provisioning editor, you can add these items to provisioning packages for Surface Hub: - -- **Policies** - Surface Hub supports a subset of the policies in the [Policy configuration service provider](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#surfacehubpolicies). -- **Settings** - You can configure any setting in the [SurfaceHub configuration service provider](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). - ->[!TIP] -> Use the wizard to create a package with the common settings, then switch to the advanced editor to add other settings. -> ->![open advanced editor](images/icd-simple-edit.png) - -## Use the Surface Hub provisioning wizard - -After you [install Windows Configuration Designer](https://technet.microsoft.com/itpro/windows/configure/provisioning-install-icd), you can create a provisioning package. - -### Create the provisioning package - -1. Open Windows Configuration Designer: - - From either the Start screen or Start menu search, type 'Windows Configuration Designer' and click on the Windows Configuration Designer shortcut, - - or - - - If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then double-click **ICD.exe**. - -2. Click **Provision Surface Hub devices**. - -3. Name your project and click **Next**. - -### Configure settings - - - - - - - - - -
step one add certificates

To provision the device with a certificate, click Add a certificate. Enter a name for the certificate, and then browse to and select the certificate to be used.		add a certificate
step two configure proxy settings

Toggle Yes or No for proxy settings. The default configuration for Surface Hub is to automatically detect proxy settings, so you can select No if that is the setting that you want. However, if your infrastructure previously required using a proxy server and has changed to not require a proxy server, you can use a provisioning package to revert your Surface Hub devices to the default settings by selecting Yes and Automatically detect settings.

If you toggle Yes, you can select to automatically detect proxy settings, or you can manually configure the settings by entering a URL to a setup script, or a static proxy server address. You can also identify whether to use the proxy server for local addresses, and enter exceptions (addresses that Surface Hub should connect to directly without using the proxy server). 		configure proxy settings
step three device admins

You can enroll the device in Active Directory and specify a security group to use the Settings app, enroll in Azure Active Directory to allow global admins to use the Settings app, or create a local administrator account on the device.

To enroll the device in Active Directory, enter the credentials for a least-privileged user account to join the device to the domain, and specify the security group to have admin credentials on Surface Hub. If a provisioning package that enrolls a device in Active Directory is going to be applied to a Surface Hub that was reset, the same domain account can only be used if the account listed is a domain administrator or is the same account that set up the Surface Hub initially. Otherwise, a different domain account must be used in the provisioning package.

Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, set up Azure AD join in your organization. The maximum number of devices per user setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 30 days from the date you get the token). Click Get bulk token. In the Let's get you signed in window, enter an account that has permissions to join a device to Azure AD, and then the password. Click Accept to give Windows Configuration Designer the necessary permissions.

To create a local administrator account, select that option and enter a user name and password.

Important: If you create a local account in the provisioning package, you must change the password using the Settings app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in. 		join Active Directory, Azure AD, or create a local admin account
step four enroll in device management

Toggle Yes or No for enrollment in MDM.

If you toggle Yes, you must provide a service account and password or certificate thumbprint that is authorized to enroll the device, and also specify the authentication type. If required by your MDM provider, also enter the URLs for the discovery service, enrollment service, and policy service. Learn more about managing Surface Hub with MDM.		enroll in mobile device management
step five add applications

You can install multiple Universal Windows Platform (UWP) apps in a provisioning package. For help with the settings, see Provision PCs with apps.

Important: Although the wizard interface allows you to select a Classic Win32 app, only include UWP apps in a provisioning package that will be applied to Surface Hub. If you include a Classic Win32 app, provisioning will fail. 		add an application
step six Add configuration file

You don't configure any settings in this step. It provides instructions for including a configuration file that contains a list of device accounts. The configuration file must not contain column headers. When you apply the provisioning package to Surface Hub, if a Surface Hub configuration file is included on the USB drive, you can select the account and friendly name for the device from the file. See Sample configuration file for an example.

Important: The configuration file can only be applied during the out-of-box setup experience (OOBE) and can only be used with provisioning packages created using the Windows Configuration Designer released with Windows 10, version 1703. 		Add a Surface Hub configuration file
finish

You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device.		Protect your package
- -After you're done, click **Create**. It only takes a few seconds. When the package is built, the location where the package is stored is displayed as a hyperlink at the bottom of the page. - -## Sample configuration file - -A Surface Hub configuration file contains a list of device accounts that your device can use to connect to Exchange and Skype for Business. When you apply a provisioning package to Surface Hub, you can include a configuration file in the root directory of the USB flash drive, and then select the desired account to apply to that device. The configuration file can only be applied during the out-of-box setup experience (OOBE) and can only be used with provisioning packages created using the Windows Configuration Designer released with Windows 10, version 1703. - -Use Microsoft Excel or other CSV editor to create a CSV file named `SurfaceHubConfiguration.csv`. In the file, enter a list of device accounts and friendly names in this format: - -``` -,, -``` ->[!IMPORTANT] ->Because the configuration file stores the device account passwords in plaintext, we recommend that you update the passwords after you've applied the provisioning package to your devices. You can use the [DeviceAccount node](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/surfacehub-csp#deviceaccount) in the [Surface Hub configuration service provider (CSP)](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/surfacehub-csp) to update the passwords via MDM. - - -The following is an example of `SurfaceHubConfiguration.csv`. - -``` -Rainier@contoso.com,password,Rainier Surface Hub -Adams@contoso.com,password,Adams Surface Hub -Baker@contoso.com,password,Baker Surface Hub -Glacier@constoso.com,password,Glacier Surface Hub -Stuart@contoso.com,password,Stuart Surface Hub -Fernow@contoso.com,password,Fernow Surface Hub -Goode@contoso.com,password,Goode Surface Hub -Shuksan@contoso.com,password,Shuksan Surface Hub -Buckner@contoso.com,password,Buckner Surface Hub -Logan@contoso.com,password,Logan Surface Hub -Maude@consoto.com,password,Maude Surface hub -Spickard@contoso.com,password,Spickard Surface Hub -Redoubt@contoso.com,password,Redoubt Surface Hub -Dome@contoso.com,password,Dome Surface Hub -Eldorado@contoso.com,password,Eldorado Surface Hub -Dragontail@contoso.com,password,Dragontail Surface Hub -Forbidden@contoso.com,password,Forbidden Surface Hub -Oval@contoso.com,password,Oval Surface Hub -StHelens@contoso.com,password,St Helens Surface Hub -Rushmore@contoso.com,password,Rushmore Surface Hub -``` - -## Use advanced provisioning - -After you [install Windows Configuration Designer](https://technet.microsoft.com/itpro/windows/configure/provisioning-install-icd), you can create a provisioning package. - -### Create the provisioning package (advanced) - -1. Open Windows Configuration Designer: - - From either the Start screen or Start menu search, type 'Windows Configuration Designer' and click on the Windows Configuration Designer shortcut, - - or - - - If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then double-click **ICD.exe**. - -2. Click **Advanced provisioning**. - -3. Name your project and click **Next**. - -4. Select **Common to Windows 10 Team edition**, click **Next**, and then click **Finish**. - - ![ICD new project](images/icd-new-project.png) - -5. In the project, under **Available customizations**, select **Common Team edition settings**. - - ![ICD common settings](images/icd-common-settings.png) - - -### Add a certificate to your package -You can use provisioning packages to install certificates that will allow the device to authenticate to Microsoft Exchange. - -> [!NOTE] -> Provisioning packages can only install certificates to the device (local machine) store, and not to the user store. If your organization requires that certificates must be installed to the user store, use Mobile Device Management (MDM) to deploy these certificates. See your MDM solution documentation for details. - -1. In the **Available customizations** pane, go to **Runtime settings** > **Certificates** > **ClientCertificates**. - -2. Enter a **CertificateName** and then click **Add**. - -2. Enter the **CertificatePassword**. - -3. For **CertificatePath**, browse and select the certificate. - -4. Set **ExportCertificate** to **False**. - -5. For **KeyLocation**, select **Software only**. - - -### Add a Universal Windows Platform (UWP) app to your package -Before adding a UWP app to a provisioning package, you need the app package (either an .appx, or .appxbundle) and any dependency files. If you acquired the app from the Microsoft Store for Business, you will also need the *unencoded* app license. See [Distribute offline apps](https://technet.microsoft.com/itpro/windows/manage/distribute-offline-apps#download-an-offline-licensed-app) to learn how to download these items from the Microsoft Store for Business. - -1. In the **Available customizations** pane, go to **Runtime settings** > **UniversalAppInstall** > **DeviceContextApp**. - -2. Enter a **PackageFamilyName** for the app and then click **Add**. For consistency, use the app's package family name. If you acquired the app from the Microsoft Store for Business, you can find the package family name in the app license. Open the license file using a text editor, and use the value between the \...\ tags. - -3. For **ApplicationFile**, click **Browse** to find and select the target app (either an \*.appx or \*.appxbundle). - -4. For **DependencyAppxFiles**, click **Browse** to find and add any dependencies for the app. For Surface Hub, you will only need the x64 versions of these dependencies. - -If you acquired the app from the Microsoft Store for Business, you will also need to add the app license to your provisioning package. - -1. Make a copy of the app license, and rename it to use a **.ms-windows-store-license** extension. For example, "example.xml" becomes "example.ms-windows-store-license". - -2. In ICD, in the **Available customizations** pane, go to **Runtime settings** > **UniversalAppInstall** > **DeviceContextAppLicense**. - -3. Enter a **LicenseProductId** and then click **Add**. For consistency, use the app's license ID from the app license. Open the license file using a text editor. Then, in the \ tag, use the value in the **LicenseID** attribute. - -4. Select the new **LicenseProductId** node. For **LicenseInstall**, click **Browse** to find and select the license file that you renamed in Step 1. - - -### Add a policy to your package -Surface Hub supports a subset of the policies in the [Policy configuration service provider](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). Some of those policies can be configured with ICD. - -1. In the **Available customizations** pane, go to **Runtime settings** > **Policies**. - -2. Select one of the available policy areas. - -3. Select and set the policy you want to add to your provisioning package. - - -### Add Surface Hub settings to your package - -You can add settings from the [SurfaceHub configuration service provider](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx) to your provisioning package. - -1. In the **Available customizations** pane, go to **Runtime settings** > **WindowsTeamSettings**. - -2. Select one of the available setting areas. - -3. Select and set the setting you want to add to your provisioning package. - - -## Build your package - -1. When you are done configuring the provisioning package, on the **File** menu, click **Save**. - -2. Read the warning that project files may contain sensitive information, and click **OK**. - - > [!IMPORTANT] - > When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed. - -3. On the **Export** menu, click **Provisioning package**. - -4. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources. - -5. Set a value for **Package Version**, and then select **Next.** - - > [!TIP] - > You can make changes to existing packages and change the version number to update previously applied packages. - -6. Optional: You can choose to encrypt the package and enable package signing. - - - **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen. - - - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Browse...** and choosing the certificate you want to use to sign the package. - - > [!IMPORTANT] - > We recommend that you include a trusted provisioning certificate in your provisioning package. When the package is applied to a device, the certificate is added to the system store and any package signed with that certificate thereafter can be applied silently.  - -7. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location.

-Optionally, you can click **Browse** to change the default output location. - -8. Click **Next**. - -9. Click **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status.

-If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**. - -10. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.

-If your build is successful, the name of the provisioning package, output directory, and project directory will be shown. - - - If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build. - - - If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**. - -11. Select the **output location** link to go to the location of the package. Copy the .ppkg to an empty USB flash drive. - - -## Apply a provisioning package to Surface Hub - -There are two options for deploying provisioning packages to a Surface Hub. [During the first run wizard](#apply-a-provisioning-package-during-first-run), you can apply a provisioning package that installs certificates, or after the first-run program is complete, you can apply a provisioning package that configures settings, apps, and certificates by using [Settings](#apply-a-package-using-settings). - - -### Apply a provisioning package during first run - -> [!IMPORTANT] -> During the first-run program, you can only use provisioning packages to install certificates. Use the **Settings** app to install apps and apply other settings. - -1. When you turn on the Surface Hub for the first time, the first-run program will display the [**Hi there page**](first-run-program-surface-hub.md#first-page). Make sure that the settings are properly configured before proceeding. - -2. Insert the USB flash drive containing the .ppkg file into the Surface Hub. If the package is in the root directory of the drive, the first-run program will recognize it and ask if you want to set up the device. Select **Set up**. - - ![Set up device?](images/provisioningpackageoobe-01.png) - -3. The next screen asks you to select a provisioning source. Select **Removable Media** and tap **Next**. - - ![Provision this device](images/provisioningpackageoobe-02.png) - -4. Select the provisioning package (\*.ppkg) that you want to apply, and tap **Next**. Note that you can only install one package during first run. - - ![Choose a package](images/provisioningpackageoobe-03.png) - -5. The first-run program will show you a summary of the changes that the provisioning package will apply. Select **Yes, add it**. - - ![Do you trust this package?](images/provisioningpackageoobe-04.png) - -6. If a configuration file is included in the root directory of the USB flash drive, you will see **Select a configuration**. The first device account in the configuration file will be shown with a summary of the account information that will be applied to the Surface Hub. - - ![select a configuration](images/ppkg-config.png) - -7. In **Select a configuration**, select the device name to apply, and then click **Next**. - - ![select a friendly device name](images/ppkg-csv.png) - -The settings from the provisioning package will be applied to the device and OOBE will be complete. After the device restarts, you can remove the USB flash drive. - -### Apply a package using Settings - -1. Insert the USB flash drive containing the .ppkg file into the Surface Hub. - -2. From the Surface Hub, start **Settings** and enter the admin credentials when prompted. - -3. Navigate to **Surface Hub** > **Device management**. Under **Provisioning packages**, select **Add or remove a provisioning package**. - -4. Select **Add a package**. - -5. Choose your provisioning package and select **Add**. You may have to re-enter the admin credentials if prompted. - -6. You'll see a summary of the changes that the provisioning package will apply. Select **Yes, add it**. - - diff --git a/devices/surface-hub/remote-surface-hub-management.md b/devices/surface-hub/remote-surface-hub-management.md deleted file mode 100644 index 1794a9bcac..0000000000 --- a/devices/surface-hub/remote-surface-hub-management.md +++ /dev/null @@ -1,24 +0,0 @@ ---- -title: Remote Surface Hub management -description: This section lists topics for managing Surface Hub. -keywords: remote management, MDM, install apps, monitor Surface Hub, Operations Management Suite, OMS -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 07/27/2017 -ms.reviewer: -manager: laurawi -ms.localizationpriority: medium ---- - -# Remote Surface Hub management - -## In this section - -|Topic | Description| -| ------ | --------------- | -| [Manage settings with an MDM provider]( https://technet.microsoft.com/itpro/surface-hub/manage-settings-with-mdm-for-surface-hub) | Surface Hub provides an enterprise management solution to help IT administrators manage policies and business applications on these devices using a mobile device management (MDM) solution.| -| [Monitor your Surface Hub]( https://technet.microsoft.com/itpro/surface-hub/monitor-surface-hub) | Monitoring for Surface Hub devices is enabled through Microsoft Operations Management Suite.| -| [Windows updates](https://technet.microsoft.com/itpro/surface-hub/manage-windows-updates-for-surface-hub) | You can manage Windows updates on your Surface Hub by setting the maintenance window, deferring updates, or using WSUS.| diff --git a/devices/surface-hub/save-bitlocker-key-surface-hub.md b/devices/surface-hub/save-bitlocker-key-surface-hub.md deleted file mode 100644 index 12e59349d6..0000000000 --- a/devices/surface-hub/save-bitlocker-key-surface-hub.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: Save your BitLocker key (Surface Hub) -description: Every Microsoft Surface Hub is automatically set up with BitLocker drive encryption software. Microsoft strongly recommends that you make sure you back up your BitLocker recovery keys. -ms.assetid: E11E4AB6-B13E-4ACA-BCE1-4EDC9987E4F2 -ms.reviewer: -manager: laurawi -keywords: Surface Hub, BitLocker, Bitlocker recovery keys -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 07/08/2019 -ms.localizationpriority: medium ---- - -# Save your BitLocker key (Surface Hub) - - -Every Microsoft Surface Hub is automatically set up with BitLocker drive encryption software. Microsoft strongly recommends that you make sure you back up your BitLocker recovery keys. - -There are several ways to manage your BitLocker key on the Surface Hub. - -1. If you’ve joined the Surface Hub to a domain, the device will back up the key on the domain and store it under the computer object. - - If you can’t find the BitLocker key after joining the device to a domain, it’s likely that your Active Directory schema doesn’t support BitLocker key backup. If you don’t want to change the schema, you can save the BitLocker key by going to Settings and following the procedure for using a local admin account, which is detailed later in this list. - -2. If you’ve joined the Surface Hub to Azure Active Directory (Azure AD), the BitLocker key will be stored under the account that was used to join the device. - -3. If you’re using a local admin account to manage the device, you can save the BitLocker key by going to the **Settings** app and navigating to **Update & security** > **Recovery**. Insert a USB drive and select the option to save the BitLocker key. The key will be saved to a text file on the USB drive. - - -## Related topics - -[Manage Microsoft Surface Hub](manage-surface-hub.md) - -[Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md) - -  - -  - - - - - diff --git a/devices/surface-hub/set-up-your-surface-hub.md b/devices/surface-hub/set-up-your-surface-hub.md deleted file mode 100644 index 08ca875984..0000000000 --- a/devices/surface-hub/set-up-your-surface-hub.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: Set up Microsoft Surface Hub -description: Set up instructions for Surface Hub include a setup worksheet, and a walkthrough of the first-run program. -ms.assetid: 4D1722BC-704D-4471-BBBE-D0500B006221 -ms.reviewer: -manager: laurawi -keywords: set up instructions, Surface Hub, setup worksheet, first-run program -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 07/27/2017 -ms.localizationpriority: medium ---- - -# Set up Microsoft Surface Hub - - -Set up instructions for Surface Hub include a setup worksheet, and a walkthrough of the first-run program. - -Before you turn on your Microsoft Surface Hub for the first time, make sure you've completed the checklist at the end of the [Prepare your environment for Surface Hub](prepare-your-environment-for-surface-hub.md) section, and that you have the information listed in the [Setup worksheet](setup-worksheet-surface-hub.md). When you do power it on, the device will walk you through a series of setup screens. If you haven't properly set up your environment, or don't have the required information, you'll have to do extra work afterward making sure the settings are correct. - -## In this section - - - ---- - - - - - - - - - - - - - - - - -
TopicDescription

Setup worksheet

When you've finished pre-setup and are ready to start first-time setup for your Surface Hub, make sure you have all the information listed in this section.

First-run program

The term "first run" refers to the series of steps you'll go through the first time you power up your Surface Hub, and means the same thing as "out-of-box experience" (OOBE). This section will walk you through the process.

- - - - - - - - - - - diff --git a/devices/surface-hub/setup-worksheet-surface-hub.md b/devices/surface-hub/setup-worksheet-surface-hub.md deleted file mode 100644 index e7352a5dbe..0000000000 --- a/devices/surface-hub/setup-worksheet-surface-hub.md +++ /dev/null @@ -1,252 +0,0 @@ ---- -title: Setup worksheet (Surface Hub) -description: When you've finished pre-setup and are ready to start first-time setup for your Microsoft Surface Hub, make sure you have all the information listed in this section. -ms.assetid: AC6F925B-BADE-48F5-8D53-8B6FFF6EE3EB -ms.reviewer: -manager: laurawi -keywords: Setup worksheet, pre-setup, first-time setup -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 06/20/2019 -ms.localizationpriority: medium ---- - -# Setup worksheet (Surface Hub) - - -When you've finished pre-setup and are ready to start first-time setup for your Microsoft Surface Hub, make sure you have all the information listed in this section. - -You should fill out one list for each Surface Hub you need to configure, although some information can be used on all Surface Hubs, like the proxy information or domain credentials. Some of this information may not be needed, depending on how you've decided to configure your device, or depending on how the environment is configured for your organization's infrastructure. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PropertyWhat this is used forExampleActual value
-

Proxy information

-		 -

If your network uses a proxy for network and/or Internet access, you must provide a script or server/port information.

-		 -

Proxy script: http://contoso/proxy.pa
-- OR -
-Server and port info: 10.10.10.100, port 80 -

-		 -

-
-

Wireless network credentials (username and password)

-		 -

If you decide to connect your device to Wi-Fi, and your wireless network requires user credentials.

-		 -

admin1@contoso.com, #MyPassw0rd

-		 -

-
-

Device account UPN or Domain\username and device account password

-		 -

This is the User Principal Name (UPN) or the domain\username, and the password of the device account. Mail, calendar, and Skype for Business depend on a compatible device account.

-		 -

UPN: ConfRoom15@contoso.com, #Passw0rd1
-- OR -
-Domain and username: CONTOSO\ConfRoom15, #Passw0rd1

-		 -

-
-

Device account Microsoft Exchange server

-		 -

This is the device account's Exchange server. -Mail, calendar, and Skype for Business depend on a compatible device account. -For mail and calendar to work, the device account must have a valid Exchange server. The device will try to find this automatically.

-		 -

outlook.office365.com

-		 -

-
-

Device account Session Initiation Protocol (SIP) address

-		 -

This is the device account's Skype for Business SIP address. -Mail, calendar, and Skype for Business depend on a compatible device account. -For Skype for Business to work, the device account must have a valid SIP address. The device will try to find this automatically.

-		 -

sip: ConfRoom15@contoso.com

-		 -

-
-

Friendly name

-		 -

The friendly name of the device is the broadcast name that people will see when they try to wirelessly connect to the Surface Hub. This name will be displayed prominently on the Surface Hub's screen. -We suggest that the friendly name you choose is recognizable and unique so that people can distinguish one Surface Hub from another when trying to connect.

-		 -

Conference Room 15

-		 -

-
-

Device name

-		 -

The device name is the name that will be used for domain join, and is the identity you will see in your MDM provider if the device is enrolled into MDM. -The device name you choose must not be the same name as any other device on the user’s Active Directory domain (if you decide to domain join the device). The device cannot join the domain if its name is not unique. -

-		 -

confroom15

-		 -

-
-

IF YOU'RE JOINING AZURE AD

-
-

Azure AD tenant user credentials (username and password)

-		 -

If you decide to have people in your Azure Active Directory (Azure AD) organization become admins on the device, then you'll need to join Azure AD. -To join Azure AD, you will need valid user credentials.

-		 -

admin1@contoso.com, #MyPassw0rd

-		 -

-
-

IF YOU'RE JOINING A DOMAIN

-
-

Domain to join

-		 -

This is the domain you will need to join so that a security group of your choice can be admins for the device. -You may need the fully qualified domain name (FQDN).

-		 -

contoso (short name) OR contoso.corp.com (FQDN)

-		 -

-
-

Domain account credentials (username and password)

-		 -

A domain can't be joined unless you provide sufficient account credentials to join the domain. Once you provide a domain to join and credentials to join the domain, then a security group of your choice can change settings on the device.

-		 -

admin1, #MyPassw0rd

-		 -

-
-

Admin security group alias

-		 -

This is a security group in your Active Directory (AD); any members of this security group can change settings on the device.

-		 -

SurfaceHubAdmins

-		 -

-
-

IF YOU'RE USING A LOCAL ADMIN

-
-

Local admin account credentials (username and password)

-		 -

If you decide not to join an AD domain or Azure AD, you can create a local admin account on the device.

-		 -

admin1, #MyPassw0rd

-		 -

-
-

IF YOU NEED TO INSTALL CERTIFICATES OR APPS

-
-

USB drive

-		 -

If you know before first run that you want to install certificates or universal apps, follow the steps in Create provisioning packages. Your provisioning packages will be created on a USB drive.

-		 -

-		 -

-
  - - - - - diff --git a/devices/surface-hub/skype-hybrid-voice.md b/devices/surface-hub/skype-hybrid-voice.md deleted file mode 100644 index 910f2d0129..0000000000 --- a/devices/surface-hub/skype-hybrid-voice.md +++ /dev/null @@ -1,108 +0,0 @@ ---- -title: Online or hybrid deployment using Skype Hybrid Voice environment (Surface Hub) -description: This topic explains how to enable Skype for Business Cloud PBX with on premises PSTN connectivity via Cloud Connector Edition or Skype for Business 2015 pool. -keywords: hybrid deployment, Skype Hybrid Voice -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 07/27/2017 -ms.reviewer: -manager: laurawi -ms.localizationpriority: medium ---- - -# Online or hybrid deployment using Skype Hybrid Voice environment (Surface Hub) - -This topic explains how to enable Skype for Business Cloud PBX with on-premises Public Switched Telephone Network (PSTN) connectivity via Cloud Connector Edition or Skype for Business 2015 pool. In this option. your Skype for Business home pools and Exchange servers are in the cloud, and are connected by PSTN via an on-premises pool running Skype for Business 2015 or Cloud Connector edition. [Learn more about different Cloud PBX options](https://technet.microsoft.com/library/mt612869.aspx). - -If you deployed Skype for Business Cloud PBX with one of the hybrid voice options, follow the steps below to enable the room account for Surface Hub. It is important to create a regular user account first, assign all hybrid voice options and phone numbers, and then convert the account to a room account. If you do not follow this order, you will not be able to assign a hybrid phone number. - ->[!WARNING] ->If you create an account before configuration of Hybrid voice (you run Enable-CSMeetingRoom command), you will not be able to configure required hybrid voice parameters. In order to configure hybrid voice parameters for a previously configured account or to reconfigure a phone number, delete the E5 or E3 + Cloud PBX add-on license, and then follow the steps below, starting at step 3. - -1. Create a new user account for Surface Hub. This example uses surfacehub2@adatum.com. The account can be created in local Active Directory and synchronized to the cloud, or created directly in the cloud. - - ![new object user](images/new-user-hybrid-voice.png) - -2. Select **Password Never Expires**. This is important for a Surface Hub device. - - ![Password never expires](images/new-user-password-hybrid-voice.png) - -3. In Office 365, add **E5** license or **E3 and Cloud PBX** add-on to the user account created for the room. This is required for Hybrid Voice to work. - - ![Add product license](images/product-license-hybrid-voice.png) - -4. Wait approximately 15 minutes until the user account for the room appears in Skype for Business Online. - -5. After the user account for room is created in Skype for Business Online, enable it for Hybrid Voice in Skype for Business Remote PowerShell by running the following cmdlet: - - ``` - Set-csuser surfacehub2@adatum.com EnterpriseVoiceEnabled $true -HostedVoiceMail $true -onpremlineuri tel:+15005000102 - ``` - -6. Validate Hybrid Voice call flow by placing test calls from the Surface Hub. - -7. Start a remote PowerShell session on a PC and connect to Exchange by running the following cmdlets. - - ``` - Set-ExecutionPolicy Unrestricted - $cred=Get-Credential -Message "Please use your Office 365 admin credentials" - $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/ps1-liveid/ -Credential $cred -Authentication Basic -AllowRedirection - Import-PSSession $sess - ``` - -8. After establishing a session, modify the user account for the room to enable it as a **RoomMailboxAccount** by running the following cmdlets. This allows the account to authenticate with Surface Hub. - - ``` - Set-Mailbox surfacehub2@adatum.com -Type Room - Set-Mailbox surfacehub2@adatum.com -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force) - ``` - -9. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy. - - Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to **False**. If this isn’t set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled. - - If you haven’t created a compatible policy yet, use the following cmdlet (this one creates a policy called "Surface Hubs"). After it’s created, you can apply the same policy to other device accounts. - - ``` - $easPolicy = New-MobileDeviceMailboxPolicy -Name "SurfaceHubs" -PasswordEnabled $false - ``` - - After you have a compatible policy, then you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. Run the following cmdlets to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox (you may need to re-enable the account and set the password again). - - ``` - Set-Mailbox surfacehub2@adatum.com -Type Regular - Set-CASMailbox surfacehub2@adatum.com -ActiveSyncMailboxPolicy $easPolicy.id - Set-Mailbox surfacehub2@adatum.com -Type Room - $credNewAccount = Get-Credential -Message "Please provide the Surface Hub username and password" - Set-Mailbox surfacehub2@adatum.com -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true - ``` - -10. Various Exchange properties must be set on the device account to improve the meeting experience. You can see which properties can be set in [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md). The following cmdlets provide an example of setting Exchange properties. - - ``` - Set-CalendarProcessing surfacehub2@adatum.com -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false - Set-CalendarProcessing surfacehub2@adatum.com -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!" - ``` - -11. Enable the mailbox as a meeting device in Skype for Business Online. Run the following cmdlet which enables the account as a meeting device. - - ``` - Get-CsTenant | select registrarpool - Enable-CsMeetingRoom surfacehub2@adatum.com -RegistrarPool 'sippoolbl20a04.infra.lync.com' -SipAddressType UserPrincipalName - ``` - - As a result of running this cmdlet, users will be asked if they are in a meeting room, as shown in the following image. **Yes** will mute the microphone and speaker. - - ![](images/adjust-room-audio.png) - - - -At this moment the room account is fully configured, including Hybrid Voice. If you use Skype on-premises, you can configure additional attributes, like description, location, etc., on-premises. If you create a room in Skype Online, these parameters can be set online. - -In the following image, you can see how the device appears to users. - - -![](images/select-room-hybrid-voice.png) diff --git a/devices/surface-hub/support-solutions-surface-hub.md b/devices/surface-hub/support-solutions-surface-hub.md deleted file mode 100644 index 9de0b753f9..0000000000 --- a/devices/surface-hub/support-solutions-surface-hub.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: Top support solutions for Microsoft Surface Hub -description: Find top solutions for common issues using Surface Hub. -ms.assetid: CF58F74D-8077-48C3-981E-FCFDCA34B34A -ms.reviewer: -manager: laurawi -keywords: Troubleshoot common problems, setup issues -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 10/24/2017 -ms.localizationpriority: medium ---- - -# Top support solutions for Microsoft Surface Hub - -Microsoft regularly releases both updates and solutions for Surface Hub. To ensure your devices can receive future updates, including security updates, it's important to keep your Surface Hub devices updated. For a complete listing of the update history, see [Surface Hub update history](https://www.microsoft.com/surface/support/surface-hub/surface-hub-update-history) and [Known issues and additional information about Microsoft Surface Hub](https://support.microsoft.com/help/4025643). - ->[!TIP] ->Looking for [Surface Hub warranty information](https://support.microsoft.com/help/4040687/surface-surface-documents)? - -These are the top Microsoft Support solutions for common issues experienced when using Surface Hub. - -## Setup and install issues - -- [Setup troubleshooting](troubleshoot-surface-hub.md#setup-troubleshooting) -- [Exchange ActiveSync errors](troubleshoot-surface-hub.md#exchange-activesync-errors) - -## Miracast issues - -- [Troubleshoot Miracast on Surface Hub](miracast-troubleshooting.md) - -## Download updates issues - -- [Surface Hub can't download updates from Windows Update](https://support.microsoft.com/help/3191418/surface-hub-can-t-download-updates-from-windows-update) - -## Connect app issues - -- [The Connect app in Surface Hub exits unexpectedly](https://support.microsoft.com/help/3157417/the-connect-app-in-surface-hub-exits-unexpectedly) - - -  - - -  - - - - - diff --git a/devices/surface-hub/surface-Hub-installs-updates-and-restarts-outside-maintenance-hours.md b/devices/surface-hub/surface-Hub-installs-updates-and-restarts-outside-maintenance-hours.md deleted file mode 100644 index 98ad30890e..0000000000 --- a/devices/surface-hub/surface-Hub-installs-updates-and-restarts-outside-maintenance-hours.md +++ /dev/null @@ -1,40 +0,0 @@ ---- -title: Surface Hub may install updates and restart outside maintenance hours -description: troubleshooting information for Surface Hub regarding automatic updates -ms.assetid: 6C09A9F8-F9CF-4491-BBFB-67A1A1DED0AA -keywords: surface hub, maintenance window, update -ms.prod: surface-hub -ms.sitesec: library -author: Teresa-MOTIV -ms.author: v-tea -ms.topic: article -ms.localizationpriority: medium ---- - -# Surface Hub may install updates and restart outside maintenance hours - -Under specific circumstances, Surface Hub installs updates during business hours instead of during the regular maintenance window. The device then restarts if it is necessary. You cannot use the device until the process is completed. - -> [!NOTE] -> This isn't expected behavior for missing a maintenance window. It occurs only if the device is out-of-date for a long time. - -## Cause -To ensure that Surface Hub remains available for use during business hours, the Hub is configured to perform administrative functions during a maintenance window that is defined in Settings (see "References," below). During this maintenance period, the Hub automatically installs any available updates through Windows Update or Windows Server Update Service (WSUS). Once updates are complete, the Hub may restart. - -Updates can be installed during the maintenance window only if the Surface Hub is turned on but not in use or reserved. For example, if the Surface Hub is scheduled for a meeting that lasts 24 hours, any updates that are scheduled to be installed will be deferred until the Hub is available during the next maintenance window. If the Hub continues to be busy and misses multiple maintenance windows, the Hub will eventually begin to install and download updates. This can occur during or outside the maintenance window. Once the download and installation has begun, the device may restart. - -## To avoid this issue - -It's important that you set aside maintenance time for Surface Hub to perform administrative functions. Reserving the Surface Hub for 24 hour intervals or using the device during the maintenance window delays installing updates. We recommend that you not use or reserve the Hub during scheduled maintenance period. A two-hour window should be reserved for updating. - -One option that you can use to control the availability of updates is Windows Server Update Service (WSUS). WSUS provides control over what updates are installed and when. - -## References - -[Update the Surface Hub](first-run-program-surface-hub.md#update-the-surface-hub) - -[Maintenance window](manage-windows-updates-for-surface-hub.md#maintenance-window) - -[Deploy Windows 10 updates using Windows Server Update Services (WSUS)](/windows/deployment/update/waas-manage-updates-wsus) - - diff --git a/devices/surface-hub/surface-hub-2s-account.md b/devices/surface-hub/surface-hub-2s-account.md deleted file mode 100644 index 27c7053045..0000000000 --- a/devices/surface-hub/surface-hub-2s-account.md +++ /dev/null @@ -1,100 +0,0 @@ ---- -title: Create Surface Hub 2S device account -description: This page describes the procedure for creating the Surface Hub 2S device account. -keywords: separate values with commas -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -manager: laurawi -audience: Admin -ms.topic: article -ms.date: 06/20/2019 -ms.localizationpriority: Medium ---- - -# Create Surface Hub 2S device account - -Creating a Surface Hub device account (also known as a Room mailbox) allows Surface Hub 2S to receive, approve, or decline meeting requests and join meetings using either Microsoft Teams or Skype for Business. Configure the device account during Out-of-Box Experience (OOBE) setup. If needed, you can change it later (without going through OOBE setup). - -Unlike standard Room mailboxes that remain disabled by default, you need to enable the Surface Hub 2S device account to sign on to Microsoft Teams and Skype for Business. Surface Hub 2S relies on Exchange ActiveSync, which requires an ActiveSync mailbox policy on the device account. Apply the default ActiveSync mailbox policy that comes with Exchange Online. - -Create the account by using the Microsoft 365 admin center or by using PowerShell. You can use Exchange Online PowerShell to configure specific features including: - -- Calendar processing for every Surface Hub device account. -- Custom auto replies to scheduling requests. -- If the default ActiveSync mailbox policy has already been modified by someone else or by another process, you will likely have to create and assign a new ActiveSync mailbox policy. - -> [!NOTE] -> The Surface Hub device account doesn’t support third-party Federated Identity Providers (FIPs) and must be a standard Active Directory or Azure Active Directory account. - -## Create account using Microsoft 365 admin center - -1. In the Microsoft 365 admin center, go to **Resources** and choose **Rooms & Equipment** and then select **+ Room**. - -2. Provide a name and email address for the device account. Leave remaining settings unchanged in the default state. - - ![Provide a name and email address](images/sh2-account2.png) - - ![Leave remaining settings unchanged in the default state](images/sh2-account3.png) - -3. Set the password for the device account. To set the password, choose **Users** and then select **Active Users**. Now search for the newly created user to set the password. Ensure that you **do not** select the option **Make this user change their password when they first sign in.** - - ![Set the password for the device account](images/sh2-account4.png) - -4. Assign the room with an Office 365 license. It’s recommended to assign the Office 365 **Meeting Room** license, a new option that automatically enables the account for Skype for Business Online and Microsoft Teams. - - ![Assign Office 365 license](images/sh2-account5.png) - -### Finalize setup via PowerShell - -- **Skype for Business:** For Skype for Business only (on-premises or online), you can enable the Skype for Business object by running **Enable-CsMeetingRoom** to enable features such as Meeting room prompt for audio and Lobby hold. - -- **Microsoft Teams and Skype for Business Calendar:** Set [**Calendar Auto processing**](https://docs.microsoft.com/surface-hub/surface-hub-2s-account?source=docs#set-calendar-auto-processing) for this account. - -## Create account using PowerShell - -Instead of using the Microsoft Admin Center portal, you can create the account using PowerShell. - -### Connect to Exchange Online PowerShell - -```powershell -$365Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential (Get-Credential) -Authentication Basic –AllowRedirection -$ImportResults = Import-PSSession $365Session -``` - -### Create a new Room mailbox - -```powershell -New-Mailbox -MicrosoftOnlineServicesID account@YourDomain.com -Alias SurfaceHub2S -Name SurfaceHub2S -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String "" -AsPlainText -Force) -``` - -### Set Calendar auto-processing - -```powershell -Set-CalendarProcessing -Identity "account@YourDomain.com" -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false -AddAdditionalResponse $true -AdditionalResponse "This room is equipped with a Surface Hub" -``` - -### Assign a license - -```powershell -Connect-MsolService -Set-Msoluser -UserPrincipalName account@YourDomain.com -UsageLocation IE -Set-MsolUserLicense -UserPrincipalName "account@YourDomain.com" -AddLicenses "contoso:MEETING_ROOM" -``` - -## Connect to Skype for Business Online using PowerShell - -### Install pre-requisites - -- [Visual C++ 2017 Redistributable](https://aka.ms/vs/15/release/vc_redist.x64.exe) -- [Skype for Business Online PowerShell Module](https://www.microsoft.com/download/confirmation.aspx?id=39366) - -```powershell -Import-Module LyncOnlineConnector -$SfBSession = New-CsOnlineSession -Credential (Get-Credential) -Import-PSSession $SfBSession -AllowClobber - -# Enable the Skype for Business meeting room -Enable-CsMeetingRoom -Identity account@YourDomain.com -RegistrarPool(Get-CsTenant).Registrarpool -SipAddressType EmailAddress -``` diff --git a/devices/surface-hub/surface-hub-2s-adoption-kit.md b/devices/surface-hub/surface-hub-2s-adoption-kit.md deleted file mode 100644 index 2cc29c519b..0000000000 --- a/devices/surface-hub/surface-hub-2s-adoption-kit.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: "Surface Hub 2S Adoption and training guides" -description: "Microsoft has developed downloadable materials that you can make available for your users to aid in adoption of Surface Hub 2S." -keywords: separate values with commas -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -manager: laurawi -audience: Admin -ms.topic: article -ms.date: 11/04/2019 -ms.localizationpriority: Medium ---- - -# Surface Hub 2S adoption and training guides - -Whether you're a small or large business, a Surface Hub adoption plan is critical in generating the right use cases and helping your users become comfortable with the device. Check out these downloadable guides designed to help you deliver training across your organization. - -## On-demand training - -- [Surface Hub 2S adoption and training videos](surface-hub-2s-adoption-videos.md) - -## Adoption toolkit - -- [Surface Hub adoption toolkit](downloads/SurfaceHubAdoptionToolKit.pdf) - -## Training guides - -- [Training guide – end user](downloads/TrainingGuide-SurfaceHub2S-EndUser.pdf) -- [Training guide – power user](downloads/TrainingGuide-SurfaceHub2S-PowerUser.pdf) -- [Training guide – help desk](downloads/TrainingGuide-SurfaceHub2S-HelpDesk.pdf) -- [Training guide – Microsoft Teams desktop](downloads/Guide-SurfaceHub2S-Teams.pptx) - -[Download all training guides](https://download.microsoft.com/download/2/2/3/2234F70E-E65A-4790-93DF-F4C373A75B8E/SurfaceHub2S-TrainerGuides-July2019.zip) - -## End user guides - -- [Guide to Navigation on Surface Hub](downloads/Guide-SurfaceHub2S-Navigation.pptx) -- [Guide to Office 365 on Surface Hub](downloads/Guide-SurfaceHub2S-Office365.pptx) -- [Guide to Microsoft Whiteboard on Surface Hub](downloads/Guide-SurfaceHub2S-Whiteboard.pptx) -- [Guide to Microsoft Teams on Surface Hub](downloads/Guide-SurfaceHub2S-Teams.pptx) - -[Download all end user guides](https://download.microsoft.com/download/E/7/F/E7FC6611-BB55-43E1-AF36-7BD5CE6E0FE0/SurfaceHub2S-EndUserGuides-July2019.zip) - -## Quick reference cards - -- [Connect your PC](downloads/QRCConnectYourPC.pdf) -- [Join a Teams Meeting](downloads/QRCJoinTeamsMeeting.pdf) -- [Manage a Teams meeting](downloads/QRCManageTeamsMeeting.pdf) -- [Navigation basics](downloads/QRCNavigationBasics.pdf) -- [Schedule a Teams meeting](downloads/QRCScheduleTeamsMeeting.pdf) -- [Start a new Teams meeting](downloads/QRCStartNewTeamsMeeting.pdf) -- [Share or send a file](downloads/QRCShareSendFile.pdf) -- [Sign in to view meetings and files](downloads/QRCSignInToViewMeetingsFiles.pdf) -- [Whiteboard advanced](downloads/QRCWhiteboardAdvanced.pdf) -- [Whiteboard tools](downloads/QRCWhiteboardTools.pdf) - -[Download all quick reference cards](https://download.microsoft.com/download/E/7/F/E7FC6611-BB55-43E1-AF36-7BD5CE6E0FE0/SurfaceHub2S-EndUserGuides-July2019.zip) diff --git a/devices/surface-hub/surface-hub-2s-adoption-videos.md b/devices/surface-hub/surface-hub-2s-adoption-videos.md deleted file mode 100644 index deb3ae66dc..0000000000 --- a/devices/surface-hub/surface-hub-2s-adoption-videos.md +++ /dev/null @@ -1,136 +0,0 @@ ---- -title: "Surface Hub 2S on-demand adoption and training videos" -description: "This page contains on-demand training for Surface Hub 2S." -keywords: separate values with commas -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -manager: laurawi -audience: Admin -ms.topic: article -ms.localizationpriority: Medium ---- - -# Surface Hub 2S on-demand adoption and training videos - -This page contains comprehensive training for Surface Hub 2S, available on demand. - -## Chapter 1 - Training overview - -> [!video https://www.microsoft.com/videoplayer/embed/RE46Jud] - -- Welcome and introduction -- Training overview and agenda -- Software and technology reference -- Surface Hub messaging -- Industries and user roles -- Overview of training services -- Training best practices - -## Chapter 2 - Getting started with Surface Hub - -> [!video https://www.microsoft.com/videoplayer/embed/RE46Ejt] - -- What is Surface Hub? -- Technical overview -- Steelcase Roam and the mobility story -- Surface Hub services -- Getting started with Surface Hub -- Gathering expectations - -## Chapter 3 - Navigating Surface Hub - -> [!video https://www.microsoft.com/videoplayer/embed/RE46OFW] - -- Welcome screen -- Start menu -- Full screen -- Clip to Whiteboard -- Task bar menu -- Teams/Skype -- End Session - -## Chapter 4 - Whiteboarding and collaboration - -> [!video https://www.microsoft.com/videoplayer/embed/RE46M4v] - -- Whiteboard introduction -- Starting the Whiteboard -- Whiteboard tools -- Inserting pictures -- Changing the background -- Sharing the whiteboard -- Export the Whiteboard - -## Chapter 5 - Exploring Surface Hub apps - -> [!video https://www.microsoft.com/videoplayer/embed/RE46Ejz] - -- Surface Hub apps introduction -- PowerPoint overview -- Microsoft Word -- Microsoft Excel -- Microsoft Edge - -## Chapter 6 - Advanced apps and Office 365 - -> [!video https://www.microsoft.com/videoplayer/embed/RE46EjA] - -- Advanced apps introduction -- Microsoft Maps -- Photos -- Power BI -- Sign in to Office 365 -- OneDrive -- CoAuthor documents - -## Chapter 7 - Connecting devices - -> [!video https://www.microsoft.com/videoplayer/embed/RE46M4w] - -- Connect introduction -- Miracast overview -- Touch and Pen Input -- Wired connect overview -- Line of Business app workflows -- Troubleshooting Miracast and wired connect - -## Chapter 8 - Skype for Business meetings - -> [!video https://www.microsoft.com/videoplayer/embed/RE46M4x] - -- Introduction to Skype for Business --Scheduling Skype for Business meetings -- Start a meeting -- Start an ad hoc meeting -- Join a meeting on your calendar -- Managing a Skype for Business meeting -- Present content - -## Chapter 9 - Microsoft Teams meetings - -> [!video https://www.microsoft.com/videoplayer/embed/RE46OFZ] - -- Introduction to Microsoft Teams -- Scheduling Microsoft Teams meetings -- Start a meeting -- Start an ad hoc meeting -- Join a meeting on your calendar -- Managing a Microsoft Teams meeting -- Present content -- Conclusion - -## Chapter 10 - Basic troubleshooting - -> [!video https://www.microsoft.com/videoplayer/embed/RE46z65] - -- Introduction to Surface Hub troubleshooting -- Application troubleshooting -- End Session -- Restart the device -- Power cycle the device -- Factory reset -- Settings -- Manage Surface Hub -- Conclusion \ No newline at end of file diff --git a/devices/surface-hub/surface-hub-2s-change-history.md b/devices/surface-hub/surface-hub-2s-change-history.md deleted file mode 100644 index f629bd6bd6..0000000000 --- a/devices/surface-hub/surface-hub-2s-change-history.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -title: "Change history for Surface Hub 2S" -description: "This page shows change history for Surface Hub 2S." -keywords: separate values with commas -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -audience: Admin -ms.manager: laurawi -ms.topic: article -ms.date: 06/20/2019 -ms.localizationpriority: Medium ---- - -# Change history for Surface Hub 2S - -This topic summarizes new and updated content in the Surface Hub 2S documentation library. - -## August 2019 - -Changes | Description -|:--- |:--- -|Connect devices to Surface Hub 2S| Updated with guidance for connecting to a second display. - -## July 2019 - -Changes | Description -|:--- |:--- | -| Reset and recovery for Surface Hub 2S | Added link to Surface recovery website that enables customers to download a recovery image for Surface Hub 2S | -| Surface Hub 2S tech specs | Updated power consumption data | -| Surface Hub 2S Adoption Kit | New | - -## June 2019 - -Changes | Description -|:--- |:--- | -| Published new guidance for Surface Hub 2S | New | diff --git a/devices/surface-hub/surface-hub-2s-connect.md b/devices/surface-hub/surface-hub-2s-connect.md deleted file mode 100644 index a09044e60d..0000000000 --- a/devices/surface-hub/surface-hub-2s-connect.md +++ /dev/null @@ -1,135 +0,0 @@ ---- -title: "Connect devices to Surface Hub 2S" -description: "This page explains how to connect external devices to Surface Hub 2S." -keywords: separate values with commas -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -manager: laurawi -audience: Admin -ms.topic: article -ms.date: 02/24/2020 -ms.localizationpriority: Medium ---- - -# Connect devices to Surface Hub 2S -Surface Hub 2S enables you to connect external devices, mirror the display on Surface Hub 2S to another device, and connect multiple third-party peripherals including video conference cameras, conference phones, and room system devices. - -You can display content from your devices to Surface Hub 2S. If the source device is Windows-based, that device can also provide TouchBack and InkBack, which takes video and audio from the connected device and presents them on Surface Hub 2S. If Surface Hub 2S encounters a High-Bandwidth Digital Content Protection (HDCP) signal, such as a Blu-ray DVD player, the source is displayed as a black image. - -> [!NOTE] -> Surface Hub 2S uses the video input selected until a new connection is made, the existing connection is disrupted, or the Connect app is closed. - -## Recommended wired configurations - -In general, it’s recommended to use native cable connections whenever possible such as USB-C to USB-C or HDMI to HDMI. Other combinations such as MiniDP to HDMI or MiniDP to USB-C will also work. Some additional configuration may be required to optimize the video-out experience, as described on this page. - -| **Connection** | **Functionality** | **Description**| -| --- | --- | ---| -| HDMI + USB-C | HDMI-in for audio and video

USB-C for TouchBack and InkBack | USB-C supports TouchBack and InkBack with the HDMI A/V connection.

Use USB-C to USB-A to connect to legacy computers.

**NOTE:** For best results, connect HDMI before connecting a USB-C cable. If the computer you're using for HDMI is not compatible with TouchBack and InkBack, you won't need a USB-C cable. | -| USB-C
(via compute module) | Video-in
Audio-in | Single cable needed for A/V

TouchBack and InkBack is supported

HDCP enabled | -| HDMI (in port) | Video, Audio into Surface Hub 2S | Single cable needed for A/V

TouchBack and InkBack not supported

HDCP enabled | -| MiniDP 1.2 output | Video-out such as mirroring to a larger projector. | Single cable needed for A/V | - -When you connect a guest computer to Surface Hub 2S via the USB-C port, several USB devices are discovered and configured. These peripheral devices are created for TouchBack and InkBack. As shown in the following table, the peripheral devices can be viewed in Device Manager, which will show duplicate names for some devices, as shown in the following table. - - -|**Peripheral**| **Listing in Device Manager** | -| ---------------------------- |------------- | ------------------------------| -| Human interface devices | HID-compliant consumer control device
HID-compliant pen
HID-compliant pen (duplicate item)
HID-compliant pen (duplicate item)
HID-compliant touch screen
USB Input Device
USB Input Device (duplicate item) | -| Keyboards | Standard PS/2 keyboard | -| Mice and other pointing devices | HID-compliant mouse | -| USB controllers | Generic USB hub
USB composite device | - -## Connecting video-in to Surface Hub 2S - -You can input video to Surface Hub 2S using USB-C or HDMI, as indicated in the following table. - -### Surface Hub 2S video-in settings - -| **Signal Type** | **Resolution** | **Frame rate** | **HDMI** | **USB-C** | -| --------------- | -------------- | -------------- | -------- | --------- | -| PC | 640 x 480 | 60 | X | X | -| PC | 720 x 480 | 60 | X | X | -| PC | 1024 x 768 | 60 | X | X | -| PC | 1920 x 1080 | 60 | X | X | -| PC | 3840x2560 | 30 | X | X | -| HDTV | 720p | 60 | X | X | -| HDTV | 1080p | 60 | X | X | -| 4K UHD | 3840x2560 | 30 | X | X | - -> [!NOTE] -> The 4K UHD resolution (3840×2560) is only supported when connecting to ports on the compute module. It is not supported on the “guest” USB ports located on the left, top, and right sides of the device. - -> [!NOTE] -> Video from a connected external PC may appear smaller when displayed on Surface Hub 2S. - -## Mirroring Surface Hub 2S display on another device - -You can output video to another display using MiniDP, as indicated in the following table. - -### Surface Hub 2S video-out settings - -| **Signal Type** | **Resolution** | **Frame rate** | **MiniDP** | -| --------------- | -------------- | -------------- | ---------- | -| PC | 640 x 480 | 60 | X | -| PC | 720 x 480 | 60 | X | -| PC | 1024 x 768 | 60 | X | -| PC | 1920 x 1080 | 60 | X | -| PC | 3840 x 2560 | 60 | X | -| HDTV | 720p | 60 | X | -| HDTV | 1080p | 60 | X | -| 4K UHD | 3840 x 2560 | 60 | X | - - - -Surface Hub 2S includes a MiniDP video-out port for projecting visual content from Surface Hub 2S to another display. If you plan to use Surface Hub 2S to project to another display, note the following recommendations: - -- **Keyboard required.** Before you begin, you’ll need to connect either a wired or Bluetooth-enabled external keyboard to Surface Hub 2S. Note that unlike the original Surface Hub, a keyboard for Surface Hub 2S is sold separately and is not included in the shipping package.

-- **Set duplicate mode.** Surface Hub 2S supports video-out in duplicate mode only. However, you will still need to manually configure the display mode when you connect for the first time: - 1. Enter the **Windows logo key** + **P**, which opens the Project pane on the right side of Surface Hub 2S, and then select **Duplicate** mode. - 2. When you’re finished with your Surface Hub 2S session, select **End Session**. This ensures that the duplicate setting is saved for the next session.

-- **Plan for different aspect ratios.** Like other Surface devices, Surface Hub 2S uses a 3:2 display aspect ratio (the relationship between the width and the height of the display). Projecting Surface Hub 2S onto displays with different aspect ratios is supported. Note however that because Surface Hub 2S duplicates the display, the MiniDP output will also only display in a 3:2 aspect ratio, which may result in letterboxing or curtaining depending on the aspect ratio of the receiving display. - -> [!NOTE] -> if your second monitor uses a 16:9 aspect ratio (the predominant ratio for most TV monitors), black bars may appear on the left and right sides of the mirrored display. If this occurs, you may wish to inform your users that there is no need to adjust the second display. - -## Selecting cables - -Note the following recommendations: - -- **USB.** USB 3.1 Gen 2 cables. -- **MiniDP.** DisplayPort cables certified for up to 3 meters in length. -- **HDMI.** If a long cable is necessary, HDMI is recommended due to the wide availability of cost-effective, long-haul cables with the ability to install repeaters if needed. - -> [!NOTE] -> Most DisplayPort sources will automatically switch to HDMI signaling if HDMI is detected. - -## Wirelessly connect to Surface Hub 2S - -Windows 10 natively supports Miracast, which lets you wireless connect to Surface Hub 2S.

- -### To connect using Miracast: - -1. On your Windows 10 device, enter **Windows logo key** + **K**. -2. In the Connect window, look for the name of your Surface Hub 2S in the list of nearby devices. You can find the name of your Surface Hub 2S in the bottom left corner of the display. -3. Enter a PIN if your system administrator has enabled the PIN setting for Miracast connections. This requires you to enter a PIN number when you connect to Surface Hub 2S for the first time. - -> [!NOTE] ->If you do not see the name of the Surface Hub 2S device as expected, it’s possible the previous session was prematurely closed. If so, sign into Surface Hub 2S directly to end the previous session and then connect from your external device. - -## Connecting peripherals to Surface Hub 2S - -### Bluetooth accessories - -You can connect the following accessories to Surface Hub-2S using Bluetooth: - -- Mice -- Keyboards -- Headsets -- Speakers -- Surface Hub 2 pens - -> [!NOTE] -> After you connect a Bluetooth headset or speaker, you might need to change the default microphone and speaker settings. For more information, see [**Local management for Surface Hub settings**](https://docs.microsoft.com/surface-hub/local-management-surface-hub-settings). diff --git a/devices/surface-hub/surface-hub-2s-custom-install.md b/devices/surface-hub/surface-hub-2s-custom-install.md deleted file mode 100644 index c86ac8b4b3..0000000000 --- a/devices/surface-hub/surface-hub-2s-custom-install.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: "Customize wall mount of Surface Hub 2S" -description: "Learn how to perform a custom install of Surface Hub 2S." -keywords: separate values with commas -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -manager: laurawi -audience: Admin -ms.topic: article -ms.date: 06/20/2019 -ms.localizationpriority: Medium ---- - -# Customize wall mount of Surface Hub 2S - -If you’re not using certified mounting solutions, you can mount Surface Hub 2S using readily available retail hardware. - -## Set wall mount measurements - -Surface Hub 2S recommended mounting measurements: - -|**Item**|**Description**|**Notes**| -|:------ |:------------- |:------- | -|**Height from bottom of Surface Hub 2S**| 1026.5 mm (40.41”) | Recommended | -|**Height from top of Surface Hub 2S**| 1767.2 mm (69.57”) | Recommended | -|**Height from center of mount**| 1397 mm (55”) | Recommended | - -1. Measure 1026.5 mm (40.41”) from the floor level to set the recommended minimum height. -2. Measure 1767.2 mm (69.57”) from the floor level to set the recommended top height. - -![*Surface Hub 2S wall mount front view*](images/sh2-wall-front.png)
- -3. Measure 1397 mm (55”) mm from the floor level to set the recommended center height. - -![*Surface Hub 2S wall mount side view*](images/sh2-wall-side.png)
- -## Obstruction free mounting - -In addition to the visible ports on the sides of the device, certain integrated components must remain free of obstruction in order to function correctly. These include the Bluetooth, Wi-Fi, occupancy, and mic sensors as well thermal cooling vents. - Keep out zones - -|**Item**|**Description**|**Notes**| -|:---- |:----------- |:----- | -|**Access**| Ensure unimpeded access to input/output ports, the compute cartridge, Bluetooth radio, Bluetooth sensor, Wi-Fi radio, Wi-Fi sensor, occupancy sensor. | See Figure 1. | -|**Air flow**| Avoid blocking inlet and outlet air vent zones. | See Figure 2 | -|**Audio**| Avoid blocking audio exit zone on rear of Surface Hub 2S. | See Figure 2. | - -![*Figure 1. Keep out zones for Surface Hub 2S components*](images/sh2-keepout-zones.png)
-***Figure 1. Keep out zones for Surface Hub 2S components*** - -![*Figure 2. Avoid blocking thermal inlet/outlet and audio exit zones*](images/sh2-thermal-audio.png)
-***Figure 2. Avoid blocking thermal inlet/outlet and audio exit zones.
*** - -The removable compute cartridge containing the I/O ports must remain free of any obstructions or impediments of any kind. - -![*Figure 3.View of compute cartridge on the underside of Surface Hub 2s.*](images/sh2-ports.png)
-***Figure 3.View of compute cartridge on the underside of Surface Hub 2s.*** - -![*Figure 4. Unimpeded removal of compute cartridge *](images/sh2-cartridge.png)
-***Figure 4. Unimpeded removal of compute cartridge*** - -## Selecting a mounting system - -Surface Hub 2S uses a 350 mm x 350 mm mounting framework that meets most — but not all — of the criteria listed in the VESA Flat Display Mounting Interface Standard. You can install Surface Hub 2S using any of various off-the-shelf display brackets designed to accommodate displays that diverge from exact VESA specifications, as shown below. - -On the back of Surface Hub 2S, you’ll find a square pattern of four M6 x 1.0 threaded holes centered on the circular bump (565 mm in diameter). Attach your mount using four M6 x 1.0–12 mm-long metric bolts. Or, depending on preference, you can use longer bolts up to a maximum of 20 mm. -Important considerations for mounting systems - -|**Item**|**Description**|**Notes**| -|:------ |:------------- |:------- | -|**Strength**| Only choose mounts that can safely support devices of at least 28 kg (62 lbs.). | Required | -|**Stiffness**| Avoid flexible display mounts that can diminish the interactive pen and touch use experience. Most TV mounts are not designed to support touch displays. | Recommended | -|**Depth**| Keep the device mounted tightly to the wall especially in corridors and along circulation paths within rooms.| Recommended | -|**Versatility**| Ensure your mounting solution remains hidden from view in both the existing landscape mode and any potential portrait mode (subject to future availability). | Recommended | - -![*Figure 5. Surface Hub 2S mounting configuration*](images/sh2-mount-config.png)
-***Figure 5. Surface Hub 2S mounting configuration*** - -## Mounting methods compatible with Surface Hub 2S - -Surface Hub 2S is compatible with mounts that allow you to place it at angles of 10-70 degrees from the vertical plane. Rail mounts typically have multiple holes and a set of slots, enabling compatibility across a wide range of displays. A rail attached to the wall and two mounts attached to the display enable you to securely install Surface Hub 2S to a wall. When evaluating rail mounts for compatibility, ensure they meet versatility requirements listed earlier. - -![*Figure 6. Rail mounts*](images/h2gen-railmount.png)
-***Figure 6. Surface Hub 2S rail mounts*** diff --git a/devices/surface-hub/surface-hub-2s-deploy-apps-intune.md b/devices/surface-hub/surface-hub-2s-deploy-apps-intune.md deleted file mode 100644 index 77fe0fa1ca..0000000000 --- a/devices/surface-hub/surface-hub-2s-deploy-apps-intune.md +++ /dev/null @@ -1,58 +0,0 @@ ---- -title: "Deploy apps to Surface Hub 2S using Intune" -description: "Learn how you can deploy apps to Surface Hub 2S using Intune." -keywords: separate values with commas -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -manager: laurawi -audience: Admin -ms.topic: article -ms.date: 06/20/2019 -ms.localizationpriority: Medium ---- - -# Deploy apps to Surface Hub 2S using Intune - -You can install additional apps to fit your team or organization's needs. - -## Developer guidelines - -- Surface Hub only runs [Universal Windows Platform (UWP) apps](https://msdn.microsoft.com/windows/uwp/get-started/whats-a-uwp). Apps created using the [Desktop App Converter](https://docs.microsoft.com/windows/uwp/porting/desktop-to-uwp-run-desktop-app-converter) will not run on Surface Hub. -- Apps must be targeted for the [Universal device family](https://msdn.microsoft.com/library/windows/apps/dn894631) or Windows Team device family. -- Surface Hub only supports [offline-licensed apps](https://docs.microsoft.com/microsoft-store/distribute-offline-apps) from [Microsoft Store for Business](https://businessstore.microsoft.com/store). -- By default, apps must be Store-signed to be installed. During testing and development, you can also choose to run developer-signed UWP apps by placing the device in developer mode. -- When developing and submitting apps to the Microsoft Store, set Device family availability and Organizational licensing options to ensure that apps are available to run on Surface Hub. -- You need admin credentials to install apps on Surface Hub. Designed for use in meeting rooms and other shared spaces, Surface Hub prevents regular users from accessing the Microsoft Store to download and install apps. - -## Deployment guidelines - -You can deploy Universal Windows Platform (UWP) apps to Surface Hub 2S using Intune, easing app deployment to devices. - -1. To deploy apps, enable MDM for your organization. In the Intune portal, select **Intune** as your MDM Authority (recommended).
- - ![Choose MDM authority](images/sh2-set-intune5.png) - -2. Enable the Microsoft Store for Business in Intune. Open Intune, select **Client apps** > **Microsoft Store for Business.**
- - ![Enable Store for Business](images/sh2-deploy-apps-sync.png) - -3. In Intune open **Microsoft Store for Business** and select **Settings** > **Distribute** > **Management tools**. Choose **Microsoft Intune** as your management tool.
- - ![Add Intune as your management tool](images/sh2-set-intune8.png) - -4. In Microsoft Store for Business, select **Settings** > **Shop** > **Shopping Experience**, and then select **Show offline apps**. Offline apps refer to apps that can be synced to Intune and centrally deployed to a device. -5. After enabling Offline shopping, you can acquire offline licenses for apps that you can sync to Intune and deploy as Device licensing. -6. In **Intune** > **Client apps** > **Microsoft Store for Business**, select **Sync**. -7. In the Client apps page, search for the app in the apps list. Assign the apps to the desired device group or groups. Select **Assignments** > **Add group**.
- -![*Assigning apps to groups *](images/sh2-assign-group.png)
- -8. Under assignment type, choose **Required**.
- -![*Assigning apps to groups *](images/sh2-add-group.png)
- -9. For the selected groups, choose **Device licensing** and then select **OK** and save the assignment.
- -![*Assigning apps to groups *](images/sh2-apps-assign.png) diff --git a/devices/surface-hub/surface-hub-2s-deploy-checklist.md b/devices/surface-hub/surface-hub-2s-deploy-checklist.md deleted file mode 100644 index 08421ad2f6..0000000000 --- a/devices/surface-hub/surface-hub-2s-deploy-checklist.md +++ /dev/null @@ -1,65 +0,0 @@ ---- -title: "Surface Hub 2S deployment checklists" -description: "Verify your deployment of Surface Hub 2S using pre- and post-deployment checklists." -keywords: separate values with commas -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -manager: laurawi -audience: Admin -ms.topic: article -ms.date: 06/20/2019 -ms.localizationpriority: Medium ---- - -# Surface Hub 2S deployment checklists - -## Surface Hub 2S pre-deployment checklist - -|**Item**|**Response**| -|:------ |:------ | -|**Device account name**| | -|**Device account UPN**| | -|**ActiveSync Policy**| | -|**Calendar processing configuration completed**| ☐ Yes
☐ No | -|**Device-friendly name**| | -|**Device host name**| | -|**Affiliation**| ☐ None
☐ Active Directory affiliation
☐ Azure Active Directory | -|**Microsoft Teams Mode**| ☐ Mode 0
☐ Mode 1
☐ Mode 2 | -|**Device Management**| ☐ Yes, Microsoft Intune
☐ Yes, other mobile device manager [MDM]
☐ None | -|**Proxy**| ☐ Automatic configuration
☐ Proxy server
☐ Proxy auto-config (PAC) file | -|**Proxy authentication**| ☐ Device account credentials
☐ Prompt for credentials | -|**Password rotation**| ☐ On
☐ Off | -|**Skype for Business additional domain names (on-premises only)**| | -|**Session timeout time**| | -|**Session timeout action**| ☐ End session
☐ Allow resume | -|**My meetings and files**| ☐ Enabled
☐ Disabled | -|**Lock screen timeout**| | -|**Sleep idle timeout**| | -|**Bluetooth**| ☐ On
☐ Off | -|**Use only BitLocker USB drives**| ☐ On
☐ Off | -|**Install additional certificates (on-premises only)**| | -|**Windows update**| ☐ Windows Update for Business
☐ Windows Server Update Services [WSUS] | -|**Surface app speaker setting**| ☐ Rolling stand
☐ Wall-mounted | -|**IP Address**| ☐ Wired — DHCP
☐ Wired — DHCP reservation
☐ Wireless — DHCP
☐ Wireless — DHCP reservation | - -## Surface Hub 2S post-deployment checklist - -|**Check**|**Response**| -|:------|:---------| -|**Device account syncing**| ☐ Yes
☐ No | -|**Bitlocker key**| ☐ Saved to file (no affiliation)
☐ Saved in Active Directory (AD affiliation)
☐ Saved in Azure AD (Azure AD affiliation) | -|**Device OS updates**| ☐ Completed | -|**Windows Store updates**| ☐ Automatic
☐ Manual | -|**Microsoft Teams scheduled meeting**| ☐ Confirmation email received
☐ Meeting appears on start screen
☐ One-touch join functions
☐ Able to join audio
☐ Able to join video
☐ Able to share screen || -|**Skype for Business scheduled meeting**| ☐ Confirmation email received
☐ Meeting appears on start screen
☐ One-touch join functions correctly
☐ Able to join audio
☐ Able to join video
☐ Able to share screen
☐ Able to send/receive IM | -|**Scheduled meeting when already invited**| ☐ Meeting declined | -|**Microsoft Teams ad-hoc meeting**| ☐ Invite other users work
☐ Able to join audio
☐ Able to join video
☐ Able to share screen | -|**Skype for Business scheduled meeting**| ☐ Invite other users work
☐ Able to join audio
☐ Able to join video
☐ Able to share screen
☐ Able to send/receive IM | -|**Microsoft Whiteboard**| ☐ Launch from Welcome / Start screen
☐ Launch from Microsoft Teams | -|**Incoming Skype/Teams call**| ☐ Able to join audio
☐ Able to join video
☐ Able to share screen
☐ Able to send/receive IM (Skype for Business only) | -|**Incoming live video streams**| ☐ Maximum 2 (Skype for Business)
☐ Maximum 4 (Microsoft Teams) | -|**Microsoft Teams Mode 0 behavior**| ☐ Skype for Business tile on Welcome/Start screen
☐ Can join scheduled Skype for Business meetings (Skype UI)
☐ Can join scheduled Teams meetings (Teams UI) | -|**Microsoft Teams Mode 1 behavior**| ☐ Teams tile on Welcome/Start screen
☐ Can join scheduled Skype for Business meetings (Skype UI)
☐ Can join scheduled Teams meetings (Teams UI) | -|**Microsoft Teams Mode 2 behavior**| ☐ Teams tile on Welcome / Start screen
☐ Can join scheduled Teams meetings
☐ Fail to join Skype for Business meetings | diff --git a/devices/surface-hub/surface-hub-2s-deploy.md b/devices/surface-hub/surface-hub-2s-deploy.md deleted file mode 100644 index 87908ed944..0000000000 --- a/devices/surface-hub/surface-hub-2s-deploy.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -title: "Create provisioning packages for Surface Hub 2S" -description: "This page describes how to deploy Surface Hub 2S using provisioning packages and other tools." -keywords: separate values with commas -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -manager: laurawi -audience: Admin -ms.topic: article -ms.date: 06/20/2019 -ms.localizationpriority: Medium ---- - -# Create provisioning packages for Surface Hub 2S - -You can use Windows Configuration Designer (WCD) to create provisioning packages to automate the deployment process of Surface Hub 2S. Use provisioning packages to add certificates, configure proxies, set up device administrators and device accounts. You can also use provisioning packages along with a configuration file to deploy multiple Surface Hubs with a single USB thumb drive. - -### Install Windows Configuration Designer - -Install Windows Configuration Designer from the Windows Assessment and Deployment Kit (ADK) for Windows 10. Download and install the [ADK for Windows 10, version 1703](https://go.microsoft.com/fwlink/p/?LinkId=845542). For more information, see [Download and install the Windows ADK](https://docs.microsoft.com/windows-hardware/get-started/adk-install). - -### Add certificates - -You can import Certificate Authority certificates to Surface Hub 2S. -To add certificates to Surface Hub 2S, you need a copy of each certificate as X.509 in .cer format. You cannot import .crt, .pfx or other container formats. Certificates must be imported into Windows Configuration Designer and arranged by hierarchy: - - ![Add certificates](images/sh2-wcd.png) - -### Configure proxy during OOBE - -In Windows Configuration Designer, go to the Configure proxy settings tab and enter the appropriate settings as shown below. - - ![Configure proxy settings](images/sh2-proxy.png) - -> [!NOTE] -> When configuring proxy settings, turn off **Automatically detect settings** if you intend to use a setup script or a proxy server. You can use a setup script *or* a proxy server, not both. - -### Affiliate Surface Hub 2S with Azure Active Directory - -You can affiliate Surface Hub 2S with Azure Active Directory using a provisioning package: -As an Azure Active Directory Global Administrator, you can join large numbers of new Windows devices to Azure Active Directory and Intune using a bulk token. - -To create a bulk token, give it a friendly name, configure the expiration date (maximum of 30 days) and use your Admin credentials to acquire the token as shown below: - - ![Set up device admins](images/sh2-token.png)

- ![Set up device admins](images/sh2-token2.png)

- ![Set up device admins](images/sh2-token3.png)

- -### Provisioning multiple devices (.csv file) - -In addition to the provisioning package, you can use a Surface Hub configuration file to make it even easier to set up your devices. A Surface Hub configuration file contains a list of device accounts and friendly names for wireless projection. During first run, you get an option to choose a device account and friendly name from a configuration file. - -### To create a Surface Hub configuration file - -1. Using Microsoft Excel or another CSV editor, create a CSV file named: **SurfaceHubConfiguration.csv** -2. Enter a list of device accounts and friendly names in this format: - -``` -,, -``` - -3. Save the file to the root of the USB thumb drive where you copied the PPKG file. - - ![Configuration file example](images/sh2-config-file.png) diff --git a/devices/surface-hub/surface-hub-2s-install-mount.md b/devices/surface-hub/surface-hub-2s-install-mount.md deleted file mode 100644 index 1ae4dcadb6..0000000000 --- a/devices/surface-hub/surface-hub-2s-install-mount.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -title: "Install and mount Surface Hub 2S" -description: "Learn how to install and mount Surface Hub 2S." -keywords: separate values with commas -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -manager: laurawi -audience: Admin -ms.topic: article -ms.date: 06/20/2019 -ms.localizationpriority: Medium ---- - -# Install and mount Surface Hub 2S - -Surface Hub 2S is designed for ease of mobility with a form factor that enables you to quickly install and begin using the device. Microsoft has partnered with Steelcase on the following certified mounting solutions: Roam Mobile Stand and Roam Wall Mount. Both fully integrate with the design of Surface Hub 2S, enabling unimpeded access to the compute cartridge, power, USB-A, USB-C, and other ports. - -You can mount Surface Hub 2S with the certified wall mount or the certified mobile stand, both developed in partnership with Steelcase. Both fully integrate with the design of Surface Hub 2S, enabling unimpeded access to the compute cartridge along with all I/O ports and power. - -For more information, see [Officially licensed third-party accessories](http://licensedhardware.azurewebsites.net/surface) and view installation demos from the Surface product team at [Steelcase mobile stand and APC battery set up](https://youtu.be/VTzdu4Skpkg). - - ![Surface Hub 2S on Roam Mobile Stand](images/sh2-mobile-stand.png)
- -If you’re not using licensed accessories, see [Customize wall mount of Surface Hub 2S](surface-hub-2s-custom-install.md). - -| 1. **Set up your mount first** | | -|:------ |:-------- | -| Leave your Surface Hub in the box until the mount is set up and mounting hardware is applied. Mount is not included. Your mount is sold separately. | ![* Set up your mount first *](images/sh2-setup-1.png)
| -| 2. **Attach hardware to the Surface Hub** | | -| Mounting hardware and specific instructions are found in the box for your mount. | ![* Attach hardware to the Surface Hub *](images/sh2-setup-2.png)
| -| 3. **Remove the instructional label before mounting.** | | -| Get someone to help you lift and mount your Surface Hub. Make sure to hold and lift the Surface Hub from the bottom. | ![* Remove the instructional label before mounting *](images/sh2-setup-3.png)
| -| 4. **Attach accessories and power on** | | -| Install accessories and attach power cable as shown. See guides on the screen cling. Remove cling wrap from the screen. Press the power button to power on. | ![* Attach accessories and power on *](images/sh2-setup-4.png)
| diff --git a/devices/surface-hub/surface-hub-2s-manage-intune.md b/devices/surface-hub/surface-hub-2s-manage-intune.md deleted file mode 100644 index c36d53f1f6..0000000000 --- a/devices/surface-hub/surface-hub-2s-manage-intune.md +++ /dev/null @@ -1,92 +0,0 @@ ---- -title: "Manage Surface Hub 2S with Intune" -description: "Learn how to update and manage Surface Hub 2S using Intune." -keywords: separate values with commas -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -manager: laurawi -audience: Admin -ms.topic: article -ms.date: 02/28/2020 -ms.localizationpriority: Medium ---- - -# Manage Surface Hub 2S with Intune - -## Register Surface Hub 2S with Intune - -Surface Hub 2S allows IT administrators to manage settings and policies using a mobile device management (MDM) provider. Surface Hub 2S has a built-in management component to communicate with the management server, so there is no need to install additional clients on the device. - -### Manual registration - -1. Sign in as a local administrator on Surface Hub 2S and open the **Settings** app. Select **Surface Hub** > **Device management** and then select **+** to add. -2. After authenticating, the device will automatically register with Intune. - - ![Register Surface Hub 2S with Intune](images/sh2-set-intune1.png)
- -### Auto registration — Azure Active Directory Affiliated - -During the initial setup process, when affiliating a Surface Hub with an Azure AD tenant that has Intune auto enrollment enabled, the device will automatically enroll with Intune. For more information, refer to [Intune enrollment methods for Windows devices](https://docs.microsoft.com/intune/enrollment/windows-enrollment-methods). Azure AD affiliation and Intune auto enrollment is required for the Surface Hub to be a "compliant device" in Intune. - -## Windows 10 Team Edition settings - -Select Windows 10 Team for preset device restriction settings for Surface Hub and Surface Hub 2S. - - ![Set device restrictions for Surface Hub 2S.](images/sh2-set-intune3.png)
- -These settings include user experience and app behavior, Azure Log Analytics registration, Maintenance windows configuration, Session settings, and Miracast settings. For a complete list of available Windows 10 Team settings, see [SurfaceHub CSP](https://docs.microsoft.com/windows/client-management/mdm/surfacehub-csp). - -## Additional supported configuration service providers (CSPs) - -For additional supported CSPs, see [Surface Hub CSPs in Windows 10](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#surfacehubcspsupport). - -## Quality of Service (QoS) settings - -To ensure optimal video and audio quality on Surface Hub 2S, add the following QoS settings to the device. - -### Microsoft Teams QoS settings - -|**Name**|**Description**|**OMA-URI**|**Type**|**Value**| -|:------ |:------------- |:--------- |:------ |:------- | -|**Audio Ports**| Audio Port range | ./Device/Vendor/MSFT/NetworkQoSPolicy/TeamsAudio/DestinationPortMatchCondition | String | 3478-3479 | -|**Audio DSCP**| Audio ports marking | ./Device/Vendor/MSFT/NetworkQoSPolicy/TeamsAudio/DSCPAction | Integer | 46 | -|**Video Port**| Video Port range | ./Device/Vendor/MSFT/NetworkQoSPolicy/TeamsVideo/DestinationPortMatchCondition | String | 3480 | -|**Video DSCP**| Video ports marking | ./Device/Vendor/MSFT/NetworkQoSPolicy/TeamsVideo/DSCPAction | Integer | 34 | -|**P2P Audio Ports**| Audio Port range | ./Device/Vendor/MSFT/NetworkQoSPolicy/TeamsP2PAudio/DestinationPortMatchCondition | String | 50000-50019 | -|**P2P Audio DSCP**| Audio ports marking | ./Device/Vendor/MSFT/NetworkQoSPolicy/TeamsP2PAudio/DSCPAction | Integer | 46 | -|**P2P Video Ports**| Video Port range | ./Device/Vendor/MSFT/NetworkQoSPolicy/TeamsP2PVideo/DestinationPortMatchCondition | String | 50020-50039 | -|**P2P Video DSCP**| Video ports marking | ./Device/Vendor/MSFT/NetworkQoSPolicy/TeamsP2PVideo/DSCPAction | Integer | 34 | - - -### Skype for Business QoS settings - -| Name | Description | OMA-URI | Type | Value | -| ------------------ | ------------------- | ------------------------------------------------------------------------ | ------- | ------------------------------ | -| Audio Ports | Audio Port range | ./Device/Vendor/MSFT/NetworkQoSPolicy/SfBAudio/SourcePortMatchCondition | String | 50000-50019 | -| Audio DSCP | Audio ports marking | ./Device/Vendor/MSFT/NetworkQoSPolicy/SfBAudio/DSCPAction | Integer | 46 | -| Audio Media Source | Skype App name | ./Device/Vendor/MSFT/NetworkQoSPolicy/SfBAudio/AppPathNameMatchCondition | String | Microsoft.PPISkype.Windows.exe | -| Video Ports | Video Port range | ./Device/Vendor/MSFT/NetworkQoSPolicy/SfBVideo/SourcePortMatchCondition | String | 50020-50039 | -| Video DSCP | Video ports marking | ./Device/Vendor/MSFT/NetworkQoSPolicy/SfBVideo/DSCPAction | Integer | 34 | -| Video Media Source | Skype App name | ./Device/Vendor/MSFT/NetworkQoSPolicy/SfBVideo/AppPathNameMatchCondition | String | Microsoft.PPISkype.Windows.exe | - -> [!NOTE] -> Both tables show default port ranges. Administrators may change the port ranges in the Skype for Business and Teams control panel. - -## Microsoft Teams Mode settings - -You can set the Microsoft Teams app mode using Intune. Surface Hub 2S comes installed with Microsoft Teams in mode 0, which supports both Microsoft Teams and Skype for Business. You can adjust the modes as shown below. - -### Modes: - -- Mode 0 — Skype for Business with Microsoft Teams functionality for scheduled meetings. -- Mode 1 — Microsoft Teams with Skype for Business functionality for scheduled meetings. -- Mode 2 — Microsoft Teams only. - -To set modes, add the following settings to a custom Device Configuration Profile. - -|**Name**|**Description**|**OMA-URI**|**Type**|**Value**| -|:--- |:--- |:--- |:--- |:--- | -|**Teams App ID**|App name|./Vendor/MSFT/SurfaceHub/Properties/VtcAppPackageId|String| Microsoft.MicrosoftTeamsforSurfaceHub_8wekyb3d8bbwe!Teams| -|**Teams App Mode**|Teams mode|./Vendor/MSFT/SurfaceHub/Properties/SurfaceHubMeetingMode|Integer| 0 or 1 or 2| diff --git a/devices/surface-hub/surface-hub-2s-manage-passwords.md b/devices/surface-hub/surface-hub-2s-manage-passwords.md deleted file mode 100644 index accd5d7e84..0000000000 --- a/devices/surface-hub/surface-hub-2s-manage-passwords.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -title: "Manage device account password rotation" -description: "Learn how to configure Surface Hub 2S on-premises accounts with PowerShell" -keywords: separate values with commas -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -manager: laurawi -audience: Admin -ms.topic: article -ms.date: 06/20/2019 -ms.localizationpriority: Medium ---- -# Manage device account password rotation - -You can configure Surface Hub 2S to automatically change a device account password without requiring you to manually update the device account information. - -If you turn on Password Rotation, Surface Hub 2S changes the password every 7 days. The automatically generated passwords contain 15-32 characters including a combination of uppercase and lowercase letters, numbers, and special characters. - -Passwords do not change during a meeting. If Surface Hub 2S is turned off, it attempts to change the password immediately when turned on or every 10 minutes until successful. diff --git a/devices/surface-hub/surface-hub-2s-onprem-powershell.md b/devices/surface-hub/surface-hub-2s-onprem-powershell.md deleted file mode 100644 index 6a0553f72e..0000000000 --- a/devices/surface-hub/surface-hub-2s-onprem-powershell.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -title: "Configure Surface Hub 2S on-premises accounts with PowerShell" -description: "Learn how to configure Surface Hub 2S on-premises accounts with PowerShell" -keywords: separate values with commas -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -manager: laurawi -audience: Admin -ms.topic: article -ms.date: 06/20/2019 -ms.localizationpriority: Medium ---- - -# Configure Surface Hub 2S on-premises accounts with PowerShell - -## Connect to Exchange Server PowerShell - -> [!IMPORTANT] -> You'll need the Fully Qualified Domain Name (FQDN) for the Client Access service of the on-premises Exchange server for some of these cmdlets. - -```PowerShell -$ExchServer = Read-Host "Please Enter the FQDN of your Exchange Server" -$ExchSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://$ExchServer/PowerShell/ -Authentication Kerberos -Credential (Get-Credential) -Import-PSSession $ExchSession -``` - -## Create the device account - -```PowerShell -New-Mailbox -UserPrincipalName Hub01@contoso.com -Alias Hub01 -Name "Hub 01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force) -``` - -## Set automatic calendar processing - -```PowerShell -Set-CalendarProcessing -Identity "HUB01@contoso.com" -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false -AddAdditionalResponse $true -AdditionalResponse "This room is equipped with a Surface Hub" -``` - -## Enable the Skype for Business object - -> [!NOTE] -> It is important that you know the FQDN of the Skype for Business Registrar Pool. - -```PowerShell -Enable-CsMeetingRoom -Identity Contoso\HUB01 -SipAddressType emailaddress -RegistrarPool SfbIEFE01.contoso.local -``` - -## Mobile Device Mailbox Policy - -You may need to create a Mobile Device Mailbox Policy (also known as ActiveSync Policy) to allow your Surface Hub to connect to your online or on-premises environment. - -## Create a Surface Hub mobile device mailbox policy - -```PowerShell -New-MobileDeviceMailboxPolicy -Name “Surface Hubs” -PasswordEnabled $false -``` - -## Additional settings - -It is recommended to add a MailTip to Surface Hub rooms so users remember to make the meeting a Skype for Business or Teams meeting: - -```PowerShell -Set-Mailbox "Surface Hub 2S" -MailTip "This is a Surface Hub room. Please make sure this is a Microsoft Teams meeting." -``` diff --git a/devices/surface-hub/surface-hub-2s-onscreen-display.md b/devices/surface-hub/surface-hub-2s-onscreen-display.md deleted file mode 100644 index da4712505e..0000000000 --- a/devices/surface-hub/surface-hub-2s-onscreen-display.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -title: "Adjust Surface Hub 2S brightness, volume, and input" -description: "Learn how to use the onscreen display to adjust brightness and other settings in Surface Hub 2S." -keywords: separate values with commas -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -manager: laurawi -audience: Admin -ms.topic: article -ms.date: 07/09/2019 -ms.localizationpriority: Medium ---- -# Adjust Surface Hub 2S brightness, volume, and input - -Surface Hub 2S provides an on-screen display for volume, brightness, and input control. The Source button functions as a toggle key to switch between the volume, brightness, and input control menus. - -## To show the on-screen display - -- Press and hold the **Source** button for 4 seconds. - - ![Surface Hub 2S on-screen display](images/sh2-onscreen-display.png)
- - When the on-screen display is visible, use one or more buttons to reach desired settings. - -## To adjust volume - -- Use the **Volume up/down** button to increase or decrease volume. - -## To adjust brightness - -1. Press the **Source** button again to switch to the brightness menu. -2. Use the **Volume up/down** button to increase or decrease brightness. - -## To adjust input - -1. Press the **Source** button twice to switch to the Source menu. -2. Use the **Volume up/down** button to switch between PC, HDMI, and USB-C inputs. diff --git a/devices/surface-hub/surface-hub-2s-pack-components.md b/devices/surface-hub/surface-hub-2s-pack-components.md deleted file mode 100644 index 2c713a0a21..0000000000 --- a/devices/surface-hub/surface-hub-2s-pack-components.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: "How to pack and ship your Surface Hub 2S for service" -description: "Instructions for packing Surface Hub 2S components, replacing the Compute cartridge, and replacing the camera" -keywords: pack, replace components, camera, compute cartridge -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -manager: laurawi -audience: Admin -ms.topic: article -ms.date: 02/06/2019 -ms.localizationpriority: Medium ---- - -# How to pack and ship your Surface Hub 2S for service - -If you replace your Surface Hub 2S, one of its components, or a related accessory, use the instructions in this article when you pack the device for shipment. - ->[!IMPORTANT] ->When packing your device for shipment, make sure that you use the packaging in which your replacement device arrived. - -## How to pack your Surface Hub 2S 50” - -Use the following steps to pack your Surface Hub 2S 50" for shipment. - - -| | | | -| - | ----------------------------------------------------------------------------------------------------------------------------------------------- | ----- | -| **1.** | Remove the pen and the camera. Do not pack them with the unit. | ![Remove the pen and the camera. Do not pack them with the unit.](images/surface-hub-2s-repack-2.png) | -| **2.** | Remove the drive and the power cable. Do not pack them with the unit. Do not pack the Setup guide with the unit. | ![Remove the drive and the power cable. Do not pack them with the unit.](images/surface-hub-2s-repack-3.png) | -| **3.** | Unplug all cables, slide the cover sideways, and unscrew the locking screw of the Compute Cartridge. | ![Unplug all cables, slide the cover sideways, and unscrew the locking screw of the Compute Cartridge.](images/surface-hub-2s-repack-5.png) | -| **4.** | Slide the Compute Cartridge out of the unit. | ![Slide the Compute Cartridge out of the unit.](images/surface-hub-2s-repack-6.png) | -| **5.** | You will need the Compute Cartridge and a screwdriver. | ![You will need the Compute Cartridge and a screwdriver.](images/surface-hub-2s-repack-7.png)| -| **6.** | Remove the cover screw and the cover from the Compute Cartridge, and then remove the solid state drive (SSD). | ![Remove the cover screw and the cover from the Compute Cartridge, and then remove the solid state drive (SSD).](images/surface-hub-2s-repack-8.png)| -| **7.** | Replace the cover and slide the Compute Cartridge back into the unit. | ![Replace the cover and slide the Compute Cartridge back into the unit.](images/surface-hub-2s-repack-9.png)| -| **8.** | Re-fasten the locking screw and slide the cover into place. | ![Re-fasten the locking screw and slide the cover into place.](images/surface-hub-2s-repack-10.png)| -| **9.** | Remove any base or mounting hardware. Using two people, place the unit in the base of the shipping container. | ![Remove any base or mounting hardware. Using two people, place the unit in the base of the shipping container.](images/surface-hub-2s-repack-11.png)| -| **10.** | Replace the cover of the shipping container, and insert the four clips. | ![Replace the cover of the shipping container, and insert the four clips.](images/surface-hub-2s-repack-12.png)| -| **11.** | Close the four clips. | ![Close the four clips.](images/surface-hub-2s-repack-13.png)| - - -## How to replace and pack your Surface Hub 2S Compute Cartridge - -Use the following steps to remove the Surface Hub 2S Compute Cartridge, pack it for shipment, and install the new Compute Cartridge.
- ![Image of the compute cartridge.](images/surface-hub-2s-replace-cartridge-1.png) - -| | | | -| - | ----------------------------------------------------------------------------------------------------------------------------------------------- | ----- | -| **1.** | Unplug all cables, slide the cover sideways, and unscrew the locking screw of the Compute Cartridge. | ![Unplug all cables, slide the cover sideways, and unscrew the locking screw of the Compute Cartridge.](images/surface-hub-2s-replace-cartridge-2.png) | -| **2.** | Slide the Compute Cartridge out of the unit. | ![Slide the Compute Cartridge out of the unit.](images/surface-hub-2s-replace-cartridge-3.png) | -| **3.** | You will need the Compute Cartridge and a screwdriver. | ![You will need the Compute Cartridge and a screwdriver.](images/surface-hub-2s-replace-cartridge-4.png) | -| **4.** | Remove the cover screw and the cover from the Compute Cartridge, and then remove the solid state drive (SSD). When finished, replace the cover. | ![Remove the cover screw and the cover from the Compute Cartridge, and then remove the solid state drive (SSD). When finished, replace the cover.](images/surface-hub-2s-repack-8.png) | -| **5.**| You will need the packaging fixtures that were used to package your replacement Compute Cartridge. | ![You will need the packaging fixtures that were used to package your replacement Compute Cartridge.](images/surface-hub-2s-replace-cartridge-6.png) | -| **6.**| Place the old Compute Cartridge in the packaging fixtures. | ![Place the old Compute Cartridge in the packaging fixtures.](images/surface-hub-2s-replace-cartridge-7.png) | -| **7.** | Place the old Compute Cartridge and its packaging into the box that was used for the replacement Compute Cartridge. Reseal the box. | ![Place the old Compute Cartridge and its packaging into the box that was used for the replacement Compute Cartridge. Reseal the box.](images/surface-hub-2s-replace-cartridge-8.png)| -| **8.**| Slide the replacement Compute Cartridge into the unit. | ![Slide the replacement Compute Cartridge into the unit.](images/surface-hub-2s-replace-cartridge-9.png) | -| **9.**| Fasten the locking screw and slide the cover into place | ![Fasten the locking screw and slide the cover into place.](images/surface-hub-2s-replace-cartridge-10.png) | - -## How to replace your Surface Hub 2S Camera - -Use the following steps to remove the Surface Hub 2S camera and install the new camera. - - -| | | | -| - | ----------------------------------------------------------------------------------------------------------------------------------------------- | ----- | -| **1.** | You will need the new camera and the two-millimeter allen wrench. |![You will need the new camera and the two-millimeter allen wrench](images/surface-hub-2s-replace-camera-1.png) | -| **2.** | Unplug the old camera from the unit. If needed, use the allen wrench to adjust the new camera. Plug the new camera into the unit. | ![Unplug the old camera from the unit. If needed, use the allen wrench to adjust the new camera. Plug the new camera into the unit.](images/surface-hub-2s-replace-camera-2.png) | diff --git a/devices/surface-hub/surface-hub-2s-pen-firmware.md b/devices/surface-hub/surface-hub-2s-pen-firmware.md deleted file mode 100644 index ce16a5cad3..0000000000 --- a/devices/surface-hub/surface-hub-2s-pen-firmware.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: "Update pen firmware on Surface Hub 2S" -description: "This page describes how to update firmware for the Surface Hub 2 pen." -keywords: separate values with commas -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -manager: laurawi -audience: Admin -ms.topic: article -ms.date: 02/26/2020 -ms.localizationpriority: Medium ---- - -# Update pen firmware on Surface Hub 2S - -You can update firmware on Surface Hub 2 pen from Windows Update for Business or by downloading the firmware update to a separate PC. Updated firmware is available from Windows Update beginning February 26, 2020. - -## Update pen firmware using Windows Update for Business - -This section describes how to update pen firmware via the automated maintenance cycles for Windows Update, configured by default to occur nightly at 3 a.m. You will need to plan for two maintenance cycles to complete before applying the update to the Surface Hub 2 pen. Alternately, like any other update, you can use Windows Server Update Services (WSUS) to apply the pen firmware. For more information, see [Managing Windows updates on Surface Hub](manage-windows-updates-for-surface-hub.md). - -1. Ensure the Surface Hub 2 pen is paired to Surface Hub 2S: Press and hold the **top** button until the white indicator LED light begins to blink.
-![Surface Hub 2 pen](images/sh2-pen-1.png)
-2. On Surface Hub, login as an Admin, open **Settings**, and then scan for new Bluetooth devices. -3. Select the pen to complete the pairing process. -4. Press the **top** button on the pen to apply the update. It may take up to two hours to complete. - -## Update pen firmware by downloading to separate PC - -You can update the firmware on Surface Hub 2 pen from a separate PC running Windows 10. This method also enables you to verify that the pen firmware has successfully updated to the latest version. - -1. Pair the Surface Hub 2 pen to your Bluetooth-capable PC: Press and hold the **top** button until the white indicator LED light begins to blink.
-![Surface Hub 2 pen](images/sh2-pen-1.png)
-2. On the PC, scan for new Bluetooth devices. -3. Select the pen to complete the pairing process. -4. Disconnect all other Surface Hub 2s pens before starting a new update. -3. Download the [Surface Hub 2 Pen Firmware Update Tool](https://download.microsoft.com/download/8/3/F/83FD5089-D14E-42E3-AF7C-6FC36F80D347/Pen_Firmware_Tool.zip) to your PC. -4. Run **PenCfu.exe.** The install progress is displayed in the tool. It may take several minutes to finish updating. - - -## Check firmware version of Surface Hub 2 pen - -1. Run **get_version.bat** and press the **top** button on the pen. -2. The tool will report the firmware version of the pen. Example: - - Old firmware is 468.2727.368 - - New firmware is 468.2863.369 - -## Command line options - -You can run Surface Hub 2 Pen Firmware Update Tool (PenCfu.exe) from the command line. - -1. Pair the pen to your PC and click the **top** button on the pen. -2. Double click **PenCfu.exe** to initiate the firmware update. Note that the configuration file and the firmware image files must be stored in the same folder as the tool. -3. For additional options, run **PenCfu.exe -h** to display the available parameters, as listed in the following table. - - Example: PenCfu.exe -h -4. Enter **Ctrl+C** to safely shut down the tool. - - - -| **Command** | **Description** | -| -------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| -h help | Display tool command line interface help and exit. | -| -v version | Display tool version and exit. | -| -l log-filter | Set a filter level for the log file. Log messages have 4 possible levels: DEBUG (lowest), INFO, WARNING and ERROR (highest). Setting a log filter level filters log messages to only message with the same level or higher. For example, if the filter level is set to WARNING, only WARNING and ERROR messages will be logged. By default, this option is set to OFF, which disables logging. | -| -g get-version | If specified, the tool will only get the FW version of the connected pen that matches the configuration file that is stored in the same folder as the tool. \ No newline at end of file diff --git a/devices/surface-hub/surface-hub-2s-phone-authenticate.md b/devices/surface-hub/surface-hub-2s-phone-authenticate.md deleted file mode 100644 index f79bbca0d4..0000000000 --- a/devices/surface-hub/surface-hub-2s-phone-authenticate.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: "Configure password-less phone sign-in for Surface Hub 2S" -description: "Learn how to simplify signing in to Surface Hub 2S using password-less phone sign-in on your mobile device." -keywords: separate values with commas -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -manager: laurawi -audience: Admin -ms.topic: article -ms.date: 06/20/2019 -ms.localizationpriority: Medium ---- - -# Configure password-less phone sign-in for Surface Hub 2S - -Password-less phone sign-in simplifies signing-in to your meetings and files on Surface Hub 2S. - -> [!NOTE] -> Password-less phone sign-in requires that your primary email address must match your UPN. - -## To set up password-less phone sign-in - -1. Download the [Microsoft Authenticator](https://www.microsoft.com/account/authenticator) app for iPhone or Android to your phone. -2. From your PC, go to [https://aka.ms/MFASetup](https://aka.ms/MFASetup) , sign in with your account, and select **Next.** -3. In the Additional security verification screen, select Mobile App and Use verification code, and then select **Setup**. - -## To configure mobile app - -1. In the Microsoft authenticator app on your phone, add an account, choose **Work or School Account**, and then scan the QR code displayed on your PC -2. Send a notification to your phone and then approve the sign-in request. -3. In the Authenticator app on your phone, use the drop-down menu next to your account and select **Enable phone sign-in**. -4. If required, register your device with your organization and follow the on-screen instructions. - -## To sign in to Surface Hub - -1. On Surface Hub, sign into **My meetings and files** and select **Send notification** when prompted. -2. Match the number displayed on your phone with the number displayed on Surface Hub to approve your sign-in request. -3. If prompted, enter the PIN or biometric ID on your phone to complete sign-in. - -## Learn more -For more information, see [Password-less phone sign-in with the Microsoft Authenticator app](https://docs.microsoft.com/azure/active-directory/authentication/howto-authentication-phone-sign-in). diff --git a/devices/surface-hub/surface-hub-2s-port-keypad-overview.md b/devices/surface-hub/surface-hub-2s-port-keypad-overview.md deleted file mode 100644 index 8a667d95ac..0000000000 --- a/devices/surface-hub/surface-hub-2s-port-keypad-overview.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: "Surface Hub 2S ports and keypad overview" -description: "This page describes the ports, physical buttons, and configuration information essential for connecting to Surface Hub 2S." -keywords: separate values with commas -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -manager: laurawi -audience: Admin -ms.topic: article -ms.date: 06/20/2019 -ms.localizationpriority: Medium ---- - -# Surface Hub 2S ports and keypad overview - -This page describes the ports, physical buttons, and configuration information essential for connecting to Surface Hub 2S whether via wired, Wi-Fi, or Bluetooth methods. It also includes best practice recommendations for key connectivity scenarios. - -> [!NOTE] -> You can find the serial number on the outside of the packaging, on the display by the power cord, or by using the Surface app. - -The figure below shows the location of ports and physical buttons on a keypad attached to the underside of the device. The table includes detailed descriptions of each element. - - ![Front facing and underside view of I/O connections and physical buttons](images/hub2s-schematic.png) - -## Port and keypad component reference - -|**Key**|**Component**|**Description**|**Key parameters**| -|:--- |:--------- |:----------- |:-------------- | -| 1 | **USB C** | **USB 3.1 Gen 1**
Use as a walk-up port for plugging in peripherals such as thumb-drives. Guest ports are on each side of the device (4).

*NOTE: This is the recommended port for connecting an external camera. Additional camera mount features are incorporated into the design to help support retention of attached cameras.*

NOTE: TouchBack and video ingest are not supported on these ports. | Type C

15 W Port (5V/3A) | -| 2 | **AC power** | **100-240 V input**
Connect to standard AC power and Surface Hub 2S will auto switch to the local power standard such as110 volts in the US and Canada or 220 volts in the UK. | IEC 60320 C14 | -| 3 | **DC power** | **24V DC input port**
Use for connecting to mobile battery. | Xbox1 Dual barrel to Anderson connector | -| 4 | **Ethernet** | **1000/100/10 Base-T**
Use for providing a continuous connection in a corporate environment and related scenarios requiring maximum stability or capacity. | RJ45 | -| 5 | **USB-A** | **USB 3.1 Gen 1**
Use as a walk-up port for plugging in peripherals such as thumb-drives. | Type A
7.5 W Port (5V/1.5A) | -| 6 | **USB-C** | **USB 3.1 Gen 1**
Use as a walk-up port for connecting external PCs and related devices or plugging in peripherals such as thumb-drives.

*NOTE: This is the recommended input port for video, TouchBack, and InkBack.* | Type C
18 W Port (5V/3A, 9V/2A) | -| 7 | **HDMI-in** | **HDMI 2.0, HDCP 2.2 /1.4**
Use for multiple scenarios including HDMI-to-HDMI guest input. | Standard HDMI | -| 8 | **Mini DP-out** | **Mini DP 1.2 output**
Use for video-out scenarios such as mirroring the Surface Hub 2S display to a larger projector.

*NOTE: This supports a maximum resolution of 3840 x 2160 (4K UHD) @60Hz.* | Mini DP | -| 9 | **Source** | Use to toggle among connected ingest sources — external PC, HDMI, and Mini DP modes. | n/a | -| 10 | **Volume** | Use +/- to adjust audio locally on the device.

*NOTE: When navigating to the brightness control, use +/- on the volume slider to control display brightness.* | n/a | -| 11 | **Power** | Power device on/off.
Use also to navigate display menus and select items. | n/a | - - ![Rear facing view of wireless, audio, & related components](images/hub2s-rear.png) diff --git a/devices/surface-hub/surface-hub-2s-prepare-environment.md b/devices/surface-hub/surface-hub-2s-prepare-environment.md deleted file mode 100644 index 5f10258934..0000000000 --- a/devices/surface-hub/surface-hub-2s-prepare-environment.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: "Prepare your environment for Surface Hub 2S" -description: "Learn what you need to do to prepare your environment for Surface Hub 2S." -keywords: separate values with commas -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -manager: laurawi -audience: Admin -ms.topic: article -ms.date: 11/21/2019 -ms.localizationpriority: Medium ---- - -# Prepare your environment for Surface Hub 2S - -## Office 365 readiness - -If you use Exchange Online, Skype for Business Online, Microsoft Teams, or Microsoft Whiteboard, and intend to manage Surface Hub 2S with Intune, first review the [Office 365 requirements for endpoints](https://docs.microsoft.com/office365/enterprise/office-365-endpoints). - -Office 365 endpoints help optimize your network by sending all trusted Office 365 network requests directly through your firewall, bypassing all additional packet-level inspection or processing. This feature reduces latency and your perimeter capacity requirements. - -Microsoft regularly updates the Office 365 service with new features and functionality, which may alter required ports, URLs, and IP addresses. To evaluate, configure, and stay up to date with changes, subscribe to the [Office 365 IP Address and URL Web service](https://docs.microsoft.com/office365/enterprise/office-365-ip-web-service). - -## Device affiliation - -Use Device affiliation to manage user access to the Settings app on Surface Hub 2S. -With the Windows 10 Team Edition operating system (that runs on Surface Hub 2S), only authorized users can adjust settings using the Settings app. Since choosing the affiliation can impact feature availability, plan appropriately to ensure that users can access features as intended. - -> [!NOTE] -> You can only set Device affiliation during the initial out-of-box experience (OOBE) setup. If you need to reset Device affiliation, you’ll have to repeat OOBE setup. - -## No affiliation - -No affiliation is like having Surface Hub 2S in a workgroup with a different local Administrator account on each Surface Hub 2S. If you choose No affiliation, you must locally save the [BitLocker Key to a USB thumb drive](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-key-management-faq). You can still enroll the device with Intune; however, only the local admin can access the Settings app using the account credentials configured during OOBE. You can change the Administrator account password from the Settings app. - -## Active Directory Domain Services - -If you affiliate Surface Hub 2S with on-premises Active Directory Domain Services, you need to manage access to the Settings app using a security group on your domain. This helps ensure that all security group members have permissions to change settings on Surface Hub 2S. Also note the following: - -- When Surface Hub 2S affiliates with your on-premises Active Directory Domain Services, the BitLocker key can be saved in the Active Directory Schema. For more information, see [Prepare your organization for BitLocker: Planning and policies](https://docs.microsoft.com/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies). -- Your organization’s Trusted Root CAs are pushed to the same container in Surface Hub 2S, which means you don’t need to import them using a provisioning package. -- You can still enroll the device with Intune to centrally manage settings on your Surface Hub 2S. - -## Azure Active Directory - -When you choose to affiliate your Surface Hub 2S with Azure Active Directory (Azure AD), any user in the Global Admins Security Group can sign in to the Settings app on Surface Hub 2S. Currently, no other group can be delegated to sign in to the Settings app on Surface Hub 2S. - -If you enabled Intune Automatic Enrollment for your organization, Surface Hub 2S will automatically enroll itself with Intune. The device’s BitLocker key is automatically saved in Azure AD. When affiliating Surface Hub 2S with Azure AD, single sign-on and Easy Authentication will not work. diff --git a/devices/surface-hub/surface-hub-2s-quick-start.md b/devices/surface-hub/surface-hub-2s-quick-start.md deleted file mode 100644 index 3d7f08641a..0000000000 --- a/devices/surface-hub/surface-hub-2s-quick-start.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: "Surface Hub 2S quick start" -description: "View the quick start steps to begin using Surface Hub 2S." -keywords: separate values with commas -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -manager: laurawi -audience: Admin -ms.topic: article -ms.date: 06/20/2019 -ms.localizationpriority: Medium ---- - -# Surface Hub 2S quick start - -## Unpack Surface Hub 2S - -1. Use the handles on each side of the box to move it to the space where you'll set it up. -2. Before opening, remove the clips (4) on the front and back, and then lift the top off the box using the handles. -3. In the base of the Surface Hub 2S, open the accessories box containing the setup guide, Surface Hub 2 pen, Surface Hub 2 camera, and the power cable. -4. On the back of the Surface Hub, there's an instructional label showing you where to attach the mounting hardware. Install them in place and remove the label. - -See this video for more information about [unboxing and set up](https://youtu.be/fCrxdNXvru4). - -## Install and adjust pen - -1. Attach Surface Hub 2 pen magnetically to your preferred side of the device. - -![*Surface Hub 2 pen comes ready to use. To replace AAA battery, pull off the top button and insert battery as shown. The indicator light will turn red when the battery is low.*](images/sh2-pen.png)
- -2. To adjust pen pressure, open the Surface app on Surface Hub 2S, select Pen, and adjust the slider. - -![*Adjust the slider to change pen pressure *](images/sh2-pen-pressure.png)
- -## Install camera - -Remove the lens cling from the camera and attach it to the USB-C port on the top of the Surface Hub 2S. - -## Start Surface Hub 2S - -1. Insert the power cable into the back of the device and plug it into a power outlet. Run the cable through any cable guides on your mounting solution and remove the screen clang. -2. To begin, press the power button on the bottom right. - -![* Keypad showing source, volume and power buttons*](images/sh2-keypad.png)
diff --git a/devices/surface-hub/surface-hub-2s-recover-reset.md b/devices/surface-hub/surface-hub-2s-recover-reset.md deleted file mode 100644 index 44912c169c..0000000000 --- a/devices/surface-hub/surface-hub-2s-recover-reset.md +++ /dev/null @@ -1,65 +0,0 @@ ---- -title: "Reset and recovery for Surface Hub 2S" -description: "Learn how to recover and reset Surface Hub 2S." -keywords: separate values with commas -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -manager: laurawi -audience: Admin -ms.topic: article -ms.date: 12/05/2019 -ms.localizationpriority: Medium ---- - -# Reset and recovery for Surface Hub 2S - -If you encounter problems with Surface Hub 2S, you can reset the device to factory settings or restore by using a USB drive. - -To begin, sign in to Surface Hub 2S with admin credentials, open the **Settings** app, select **Update & security**, and then select **Recovery**. - -## Reset the device - -1. To reset the device, select **Get Started**. -2. When the **Ready to reset this device** window appears, select **Reset**. - - >[!NOTE] - >Surface Hub 2S reinstalls the operating system from the recovery partition. This may take up to one hour to complete. - -3. To reconfigure the device, run the first-time Setup program. -4. If you manage the device using Microsoft Intune or another mobile device management solution, retire and delete the previous record, and then re-enroll the new device. For more information, see [Remove devices by using wipe, retire, or manually unenrolling the device](https://docs.microsoft.com/intune/devices-wipe). - -![*Reset and recovery for Surface Hub 2S*](images/sh2-reset.png)
-*Figure 1. Reset and recovery for Surface Hub 2S* - -## Recover Surface Hub 2S by using a USB recovery drive - -New in Surface Hub 2S, you can now reinstall the device by using a recovery image. - -### Recovery from a USB drive - -Using Surface Hub 2S, you can reinstall the device by using a recovery image. By doing this, you can reinstall the device to the factory settings if you lost the BitLocker key, or if you no longer have admin credentials to the Settings app. - ->[!NOTE] ->Use a USB 3.0 drive with 8 GB or 16 GB of storage, formatted as FAT32. - -1. From a separate PC, download the .zip file recovery image from the [Surface Recovery website](https://support.microsoft.com/surfacerecoveryimage?devicetype=surfacehub2s) and then return to these instructions. -1. Unzip the downloaded file onto the root of the USB drive. -1. Connect the USB drive to any USB-C or USB-A port on Surface Hub 2S. -1. Turn off the device: - 1. While holding down the Volume down button, press the Power button. - 1. Keep holding both buttons until you see the Windows logo. - 1. Release the Power button but continue to hold the Volume until the Install UI begins. - - ![*Use Volume down and power buttons to initiate recovery*](images/sh2-keypad.png)
- **Figure 2. Volume and Power buttons** - -1. On the language selection screen, select the display language for your Surface Hub 2S. -1. Select **Recover from a drive** and **Fully clean the drive**, and then select **Recover**. If you're prompted for a BitLocker key, select **Skip this drive**. Surface Hub 2S reboots several times and takes approximately 30 minutes to complete the recovery process. - -When the first-time setup screen appears,remove the USB drive. - -## Contact Support - -If you have questions or need help, you can [create a support request](https://support.microsoft.com/supportforbusiness/productselection). diff --git a/devices/surface-hub/surface-hub-2s-secure-with-uefi-semm.md b/devices/surface-hub/surface-hub-2s-secure-with-uefi-semm.md deleted file mode 100644 index 8d0768ba93..0000000000 --- a/devices/surface-hub/surface-hub-2s-secure-with-uefi-semm.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: "Secure and manage Surface Hub 2S with SEMM" -description: "Learn more about securing Surface Hub 2S with SEMM." -keywords: separate values with commas -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -manager: laurawi -audience: Admin -ms.topic: article -ms.date: 06/20/2019 -ms.localizationpriority: Medium ---- - -# Secure and manage Surface Hub 2S with SEMM and UEFI - -New in Surface Hub 2S, you can use SEMM to manage the UEFI setting of the device. -Use the Microsoft Surface UEFI Configurator to control the following components: - -- Wired LAN -- Cameras -- Bluetooth -- Wi-Fi -- Occupancy sensor - -Use the Microsoft Surface UEFI Configurator to turn on or off the following UEFI settings: - -- Boot - - - IPv6 for PXE Boot - - Alternate Boot - - Boot Order Lock - - USB Boot -- UEFI Front Page - - - Devices - - Boot - - Date/Time - -## Create UEFI configuration image - -Unlike other Surface devices, you cannot use an MSI file or a Win PE image to apply these settings on Surface Hub 2S. Instead, you need to create a USB image to load into the device. To create a Surface Hub 2S UEFI configuration image, download and install the latest version of the Microsoft Surface UEFI Configurator from the [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) page in the Microsoft Download Center. For more information about using UEFI and SEMM, see [Microsoft Surface Enterprise Management Mode](https://docs.microsoft.com/surface/surface-enterprise-management-mode). - -## To configure UEFI on Surface Hub 2S - -1. Start the UEFI Configurator and on the first screen, choose **Configuration Package**.

-![* Start the UEFI Configurator and choose Configuration Package*](images/sh2-uefi1.png)

-2. To add the certificate to your package, you must have a valid certificate with the private key in a .pfx file format to sign and protect the package. Select **+ Certificate Protection.**
-![* Select + Certificate Protection *](images/sh2-uefi2.png)

-3. Enter the certificate’s private key’s password.
-![* Enter the certificate’s private key’s password *](images/sh2-uefi3.png)

-4. After importing the private key, continue creating the package.
-![* Continue creating the package *](images/sh2-uefi4.png)

-5. Choose **Hub** and **Surface Hub 2S** as the target for the UEFI configuration package.
-![* Choose Hub and Surface Hub 2S as the target for the UEFI configuration package *](images/sh2-uefi5.png)

-6. Choose the components and settings you want to activate or deactivate on Surface Hub 2S.
-![* Choose the components and settings you want to activate or deactivate *](images/sh2-uefi6.png)

-7. Use the USB option to export the file.
-![* Use the USB option to export the file *](images/sh2-uefi8.png)

-8. Insert and choose the USB drive you’d like to use for this package. The USB drive will be formatted and you lose any information you have on it.
-![* Insert and choose the USB drive for your package *](images/sh2-uefi9.png)

-9. Upon successful creation of the package, the Configurator will display the last two characters of your certificate’s thumbprint. You need these characters when you import to the configuration to Surface Hub 2S.
-![* Successful configuration of package *](images/sh2-uefi10.png)
- -## To boot into UEFI - -Turn off Surface Hub 2S. Press and hold the **Volume Up** button and press the **Power** Button. Keep holding the Volume Up button until the UEFI menu appears. diff --git a/devices/surface-hub/surface-hub-2s-setup.md b/devices/surface-hub/surface-hub-2s-setup.md deleted file mode 100644 index 08318020fb..0000000000 --- a/devices/surface-hub/surface-hub-2s-setup.md +++ /dev/null @@ -1,100 +0,0 @@ ---- -title: "First time Setup for Surface Hub 2S" -description: "Learn how to complete first time Setup for Surface Hub 2S." -keywords: separate values with commas -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -manager: laurawi -audience: Admin -ms.topic: article -ms.date: 07/03/2019 -ms.localizationpriority: Medium ---- - -# First time Setup for Surface Hub 2S - -When you first start Surface Hub 2S, the device automatically enters first time Setup mode to guide you through account configuration and related settings. - -## Configuring Surface Hub 2S account - -1. **Configure your locale.** Enter region, language, keyboard layout and time zone information. Select **Next**. - - ![* Configure your locale *](images/sh2-run1.png)
-1. **Connect to a wireless network.** Choose your preferred wireless network and select **Next.** - -- This option is not shown if connected using an Ethernet cable. -- You cannot connect to a wireless network in hotspots (captive portals) that redirect sign-in requests to a provider’s website. - -3. **Enter device account info.** Use **domain\user** for on-premises and hybrid environments and **user\@example.com** for online environments. Select **Next.** - - ![* Enter device account info *](images/sh2-run2.png)
-1. **Enter additional info.** If requested, provide your Exchange server address and then select **Next.** - - ![* Enter more info; for example, Exchange server name*](images/sh2-run3.png)
- -1. **Name this device.** Enter a name for your device or use the suggested one based on your account’s display name and user principle name [UPN]. **Select Next**. - -- The **Friendly name** is visible on the bottom left corner of Surface Hub 2S and is shown when projecting to the device. - -- The **Device name** identifies the device when affiliated with Active Directory or Azure Active Directory, and when enrolling the device with Intune. - - ![* Name this device*](images/sh2-run4.png)
- -## Configuring device admin accounts - -You can only set up device admins during first time Setup. For more information, refer to [Surface Hub 2S device affiliation](https://docs.microsoft.com/surface-hub/surface-hub-2s-prepare-environment#device-affiliation). - - In the **Setup admins for this device** window, select one of the following options: Active Directory Domain Services, Azure Active Directory, or Local admin. - - ![* Setup admins for this device *](images/sh2-run5.png)
- -### Active Directory Domain Services - -1. Enter the credentials of a user who has permissions to join the device to Active Directory. - - ![* Setup admins using domain join *](images/sh2-run6.png)
- -2. Select the Active Directory Security Group containing members allowed to log on to the Settings app on Surface Hub 2S. - - ![* Enter a security group *](images/sh2-run7.png)
-1. Select **Finish**. The device will restart. - -### Azure Active Directory - -When choosing to affiliate your device with Azure Active Directory, the device will immediately restart and display the following page. Select **Next**. - -![* If your organization uses Office 365 or other business services from Microsoft, we’ll enrolll this device with your organization*](images/sh2-run8.png)
- -1. Enter the email address or UPN of an account **with Intune Plan 1** or greater and then select **Next.** - - ![* Enter work or school account*](images/sh2-run9.png)
- -2. If redirected, authenticate using your organization’s sign-in page and provide additional logon information if requested. The device will restart. - -## Local Administrator account - -- Enter a username and password for your local admin. The device will restart. - - ![* Set up an admin account*](images/sh2-run10.png)
- -## Using provisioning packages - -If you insert a USB thumb drive with a provisioning package into one of the USB ports when you start Surface Hub 2S, the device displays the following page. - -1. Enter the requested settings and select **Set up**. - - ![* Enter regional settings for provisioning package*](images/sh2-run11.png)
- - ![* Provision this device from removable media*](images/sh2-run12.png)
-2. Choose the provisioning package you’d like to use. - - ![* Choose provisioning package to use*](images/sh2-run13.png)
- -3. If you created a multiple devices CSV file, you will be able to choose a device configuration. For more information, refer to [Create provisioning packages for Surface Hub 2S](https://docs.microsoft.com/surface-hub/surface-hub-2s-deploy#provisioning-multiple-devices-csv-file). - - - ![* Select a device account and friendly name from your configuration file*](images/sh2-run14.png)
- -4. Follow the instructions to complete first time Setup. diff --git a/devices/surface-hub/surface-hub-2s-site-planning.md b/devices/surface-hub/surface-hub-2s-site-planning.md deleted file mode 100644 index 9b04ea0174..0000000000 --- a/devices/surface-hub/surface-hub-2s-site-planning.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: "Surface Hub 2S site planning" -description: "Learn more about rooms for Surface Hub 2S." -keywords: separate values with commas -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -manager: laurawi -audience: Admin -ms.topic: article -ms.date: 06/20/2019 -ms.localizationpriority: Medium ---- - -# Surface Hub 2S site planning - -## Introduction - -Designed for team collaboration, Surface Hub 2S can transform the way you work — not only in the conference rooms but any place you want to work. One of the biggest advantages of Surface Hub 2S is the ability to move it from one space to another when used with the Steelcase Roam mobile stand and mobile battery. Providing unplugged, uninterrupted teamwork capabilities, Surface Hub 2S can be integrated into almost any workspace. - -## Room considerations - -Designed for interactive use in smaller conference rooms and huddle spaces, Surface Hub 2S provides a 4K camera, microphone array, crystal clear speakers, and a brilliant 4K+ resolution display. Optimizing the user experience in larger spaces with more people further away from the display may require peripherals such as an extra camera, microphone, or room systems solution such as Microsoft Teams Rooms. - -As a general guideline, install Surface Hub 2S in a space that meets the following criteria: - -- People can reach all four edges of the touchscreen. -- The screen is not in direct sunlight, which could affect viewing or damage the screen. -- Ventilation openings are not blocked. -- Microphones are not affected by noise sources, such as fans or vents. -- Space is well lit with no reflective sources. - -Whether mounted to a wall or installed on the mobile stand, the areas where you use the device should maintain: - -- Room temperatures no cooler than 10°C (50° F) and no hotter than 35°C (95° F). -- Relative humidity no lower than 20 percent and no higher than 80 percent. - -For detailed room planning guidance and more information about Microsoft Teams Rooms see [Plan Microsoft Teams Rooms.](https://docs.microsoft.com/MicrosoftTeams/room-systems/skype-room-systems-v2-0) - -## Managing Surface Hub 2S location - -If you plan to use Surface Hub 2S on a mobile stand, you may wish to explore third-party solutions that enable location services. For example, active RFID systems can provide real-time tracking throughout complex office or industrial spaces. For more information, see your A/V provider or other third-party expertise for guidance. diff --git a/devices/surface-hub/surface-hub-2s-site-readiness-guide.md b/devices/surface-hub/surface-hub-2s-site-readiness-guide.md deleted file mode 100644 index 8db9d3818e..0000000000 --- a/devices/surface-hub/surface-hub-2s-site-readiness-guide.md +++ /dev/null @@ -1,25 +0,0 @@ ---- -title: "Surface Hub 2S site readiness guide" -description: "Get familiar with site readiness requirements and recommendations for Surface Hub 2S." -keywords: separate values with commas -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -manager: laurawi -audience: Admin -ms.topic: article -ms.date: 06/20/2019 -ms.localizationpriority: Medium ---- - -# Surface Hub 2S site readiness guide - -|**Topic**|**Description**| -|:-------|:-------| -| [Site planning for Surface Hub 2S](surface-hub-2s-site-planning.md) | Review room considerations and planning for peripherals. | -| [Surface Hub 2S quick start](surface-hub-2s-quick-start.md) | Get an overview of required steps to unpack and start Surface Hub 2S. | -| [Install and mount Surface Hub 2S](surface-hub-2s-install-mount.md) | Learn about licensed accessories to install and mount Surface Hub 2S. | -| [Customizing installation of Surface Hub 2S](surface-hub-2s-custom-install.md) | Learn how to custom install without licensed mounting accessories.| -| [Surface Hub 2S ports and keypad overview](surface-hub-2s-port-keypad-overview.md) | Get details for I/O ports and keypad power and selection controls. | -| [Connect to Surface Hub 2S](surface-hub-2s-connect.md) | Learn about wired and wireless methods to connect to Surface Hub.| diff --git a/devices/surface-hub/surface-hub-2s-techspecs.md b/devices/surface-hub/surface-hub-2s-techspecs.md deleted file mode 100644 index 4e40f9ae25..0000000000 --- a/devices/surface-hub/surface-hub-2s-techspecs.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: "Surface Hub 2S tech specs" -description: "View tech specs for Surface Hub 2S including pen, camera, and optional mobile battery specifications." -keywords: separate values with commas -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -manager: laurawi -ms.author: greglin -audience: Admin -ms.topic: article -ms.date: 11/19/2019 -ms.localizationpriority: Medium ---- - -# Surface Hub 2S tech specs - -|**Item**|**Details**| -|:------ |:--------- | -|**Dimensions**| 29.2" x 43.2" x 3.0” (741 mm x 1097 mm x 76 mm) | -|**Shipping dimensions**| 47.64" x 36.89" x 9.92" (1,210 mm x 937 mm x 252 mm)| -|**Weight**| 61.6 lbs. (28 kg) | -|**Shipping Weight**| 81.08 lbs. (36.77 kg) | -|**Resolution**| 3840 x 2560 | -|**Display**| PixelSense Display, 3:2 aspect ratio, 10-bit color, 15.5 mm border, anti-glare, IPS LCD | -|**Processor**| Quad-core 8th Generation Intel Core i5 processor, 8 GB RAM, 128 GB SSD 1 | -|**Graphics**| Intel UHD Graphics 620 | -|**Wireless**| Wi-Fi 5 (IEEE 802.11 a/b/g/n/ac compatible) Bluetooth Wireless 4.1 technology
Miracast display | -|**Connections**| USB-A
Mini-DisplayPort 1.2 video output
RJ45 gigabit Ethernet (1000/100/10 BaseT)
HDMI video input (HDMI 2.0, HDCP 2.2 /1.4)
USB-C with DisplayPort input
Four USB-C (on display) | -|**Sensors**| Doppler occupancy 2
Accelerometer
Gyroscope | -|**Audio/Video**| Full-range, front facing 3-way stereo speakers
Full band 8-element MEMS microphone array
Microsoft Surface Hub 2 Camera, 4K, USB-C connection, 90-degree HFOV | -|**Pen**| Microsoft Surface Hub 2 Pen (active) | -|**Software**| Windows 10
Microsoft Teams for Surface Hub 3
Skype for Business
Microsoft Whiteboard
Microsoft Office (Mobile)
Microsoft Power BI 2 | -|**Exterior**| Casing: Precision machined aluminum with mineral-composite resin
Color: Platinum
Physical Buttons: Power, Volume, Source | -|**What’s in the box**| One Surface Hub 2S
One Surface Hub 2 Pen
One Surface Hub 2 Camera
2.5 m AC Power Cable
Quick Start Guide | -|**Warranty**| 1-year limited hardware warranty | -|**BTU**| 1518 BTU/hr | -|**Input Voltage**| 50/60Hz 110/230v nominal, 90-265v max | -|**Input power, operating**| 445 W (495 W Surge Load) | -|**Input Current**| 5.46 A | -|**Input Power, standby**| 5 W max | - -> [!NOTE] -> 1 System software uses significant storage space. Available storage is subject to change based on system software updates and apps usage. 1 GB= 1 billion bytes. See Surface.com/Storage for more details.
2 Doppler sensor not available in Hong Kong, India, Kuwait, and Oman due to government regulations. -
3 Software license required for some features. Sold separately.
diff --git a/devices/surface-hub/surface-hub-2s-unpack.md b/devices/surface-hub/surface-hub-2s-unpack.md deleted file mode 100644 index 950a5caa6f..0000000000 --- a/devices/surface-hub/surface-hub-2s-unpack.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -title: "Unpack Surface Hub 2S" -description: "This page includes information about safely unpacking Surface Hub 2S." -keywords: separate values with commas -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -manager: laurawi -audience: Admin -ms.topic: article -ms.date: 06/20/2019 -ms.localizationpriority: Medium ---- - -# Unpack Surface Hub 2S - -## Unpacking the Surface Hub 2S - -Before you remove Surface Hub 2S from the box, make sure that you have your mounting solution assembled and someone available to help you. - -1. Use the handles on each side of the box to move it to the space where you'll set it up. -2. Before opening, remove the clips (4) on the front and back, and then lift the top off the box using the handles. -3. In the base of the Surface Hub 2S, open the accessories box containing the setup guide, Surface Hub 2 pen, Surface Hub 2 camera, and the power cable. -4. On the back of the surface hub, there's an instructional label that shows you where to attach the mounting hardware. Install them in place and remove the label. -5. If you're using a mobile stand remember to lock the wheels to keep the stand in place -6. Be sure to lift the Surface Hub 2S with both hands and support the bottom of the device. -7. Align the installed hardware with the slots on the mount so it rests firmly in place. -8. Follow any further instructions that came with your mounting solution. - -## Install pen and camera - -1. Unwrap your Surface Hub 2 pen and attach it magnetically to your preferred side of the device. -2. Remove the lens cling from the camera and attach it to the USB-C port on the top of the Surface Hub 2S. -3. Insert the power cable into the back of the device and plug it into a power outlet. Run the cable through any cable guides on your mounting solution and remove the screen clang. -4. To begin, press the power button on the bottom right. diff --git a/devices/surface-hub/surface-hub-2s-whats-new.md b/devices/surface-hub/surface-hub-2s-whats-new.md deleted file mode 100644 index 82589b360e..0000000000 --- a/devices/surface-hub/surface-hub-2s-whats-new.md +++ /dev/null @@ -1,65 +0,0 @@ ---- -title: "What's new in Surface Hub 2S for IT admins" -description: "Learn more about new features in Surface Hub 2S." -keywords: separate values with commas -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -manager: laurawi -audience: Admin -ms.topic: article -ms.date: 06/20/2019 -ms.localizationpriority: Medium ---- - -# What's new in Surface Hub 2S for IT admins - -Surface Hub 2S is an all-in-one collaboration canvas that’s built for teamwork delivering a digital whiteboard, meetings platform, and a Windows 10 computing experience in one device. - -|**Capability**|**Summary**|**Learn more**| -|:-------|:------|:----| -|**Mobile Device Management and UEFI manageability**| Manage settings and policies using a mobile device management (MDM) provider.

Full integration with Surface Enterprise Management Mode (SEMM) lets you manage hardware components and firmware. | [Managing Surface Hub 2S with Microsoft Intune](surface-hub-2s-manage-intune.md)

[Surface Enterprise Management Mode](https://docs.microsoft.com/surface/surface-enterprise-management-mode) | -|**Cloud and on-premises coexistence**| Supports on-premises, hybrid, or online. | [Prepare your environment for Microsoft Surface Hub 2S](surface-hub-2s-prepare-environment.md) | -|**Reset and recovery**| Restore from the cloud or USB drive. | [Recover and reset Surface Hub 2S](surface-hub-2s-recover-reset.md) | -|**Microsoft Whiteboard**| Office 365 integration, intelligent ink, and Bing search bring powerful new capabilities, enabling a persistent digital canvas shareable across most browsers, Windows and iOS devices. | [Announcing a new whiteboard for your Surface Hub](https://techcommunity.microsoft.com/t5/Office-365-Blog/Announcing-a-new-Whiteboard-for-your-Surface-Hub/ba-p/637050) | -|**Microsoft Teams Meeting Room License**| Extends Office 365 licensing options across Skype for Business, Microsoft Teams, and Intune. | [Teams Meeting Room Licensing Update](https://docs.microsoft.com/MicrosoftTeams/room-systems/skype-room-systems-v2-0) | -|**On-screen display**| Adjust volume, brightness, and input control directly on the display. | | -|**Sensor-activated Connected Standby**| Doppler sensor activates Connected Standby after 1 minute of inactivity.

Manage this setting remotely using Intune or directly on the device from the Settings app. | [Surface Hub 2S tech specs](surface-hub-2s-techspecs.md) | -|**Surface Hub pen**| Ergonomically redesigned and easily attachable on the sides of the device. | | -|**Surface app for Surface Hub 2S**| Change audio settings and view your device's information from the Surface app | | -|**Ready for tomorrow**| Removable cartridge facilitates upgrading to new features. | | - -For more information about what’s new in Surface Hub 2S, see: - -- [Surface Hub 2S product site](https://www.microsoft.com/p/surface-hub-2S/8P62MW6BN9G4?activetab=pivot:overviewtab) -- [Behind the Design Surface Hub 2S](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Behind-the-design-Surface-Hub-2S/ba-p/464099) - -## Surface Hub 2S compared with Surface Hub - -The following table details the differences between Surface Hub and Surface Hub 2S: - -|**Component**| **Surface Hub 55”**|**Surface Hub 84”**| **Surface Hub 2S**| -|:----- |:---- |:---- |:----- | -|**Form Factor**| 55” | 84” | 50” | -|**Dimension**| 31.75” x 59.62” x 3.38”
(806.4 mm x 1514.3 mm x 85.8 mm) | 46.12” x 86.7” x 4.15”
(1171.5 mm x 2202.9 mm x 105.4 mm) | 29.2" x 43.2" x 3.0"
(741 mm x 1097 mm x 76 mm) | -|**Weight**| 105 lbs. (48 kg) | 280 lbs. (127 kg) | 61.6 lbs. (28 kg) | -|**Display**| Resolution:
1920 x 1080 @ 120 Hz
Contrast ratio:
1300:1
Touch:
100-point multi-touch
Projective Capacitance optically bonded sensor | Resolution:
3840 x 2160 @ 120 Hz
Contrast Ratio:
1400:1
Touch:
100-point multi-touch
Projective Capacitance optically bonded sensor | Resolution:
3840 x 2560 @ 60 Hz | -|**Aspect Ratio**| 16:9 | 16:9 | 3:2 | -|**Storage**| SSD 128 GB | SSD 128 GB | SSD 128 GB | -|**RAM**| 8 GB RAM | 8 GB RAM | 8 GB RAM | -|**Processor**| 4th Generation Intel® Core i5 | 4th Generation Intel Core i7 | Quad-core 8th Generation Intel Core i5 processor | -|**Graphics**| Intel HD 4600 | NVIDIA Quadro K2200 | Intel UHD Graphics 620 | -|**Network**| Wi-Fi (802.11 a/b/g/n/ac)
Ethernet 1 Gbps
Bluetooth 4.0 low energy
Miracast enabled | Wi-Fi (802.11 a/b/g/n/ac)
Ethernet 1 Gbps
Bluetooth 4.0 low energy
Miracast enabled | Wi-Fi 5 (IEEE 802.11 a/b/g/n/ac)
Ethernet 1 Gbps
Bluetooth Wireless 4.1 technology
Miracast Display | -|**Ports**| (1) USB 3.0 (bottom) + (1) USB 3.0 (side access)
(2) USB 2.0
DisplayPort Video Output
3.5 mm Stereo Out
RJ11 Connector for system-level control

DisplayPort Video Input
HDMI Video Input
VGA Video Input
3.5 mm Stereo Input
(1) USB 2.0 type B Touchback Output | (1) USB 3.0 (bottom) + (1) USB 3.0 (side access)
(4) USB 2.0
DisplayPort Video Output
3.5 mm Stereo Out
RJ11 Connector for system-level control

DisplayPort Video Input
HDMI Video Input
VGA Video Input
3.5 mm Stereo Input
(1) USB 2.0 type B Touchback Output | (1) USB-A
Mini-DisplayPort Video Output
HDMI Video Input
USB-C with DisplayPort Input
(4) USB-C (on display)
RJ45 Gigabit Ethernet | -|**Sensors**| (2) Passive Infrared Presence Sensors, Ambient Light Sensors | (2) Passive Infrared Presence Sensors, Ambient Light Sensors | Doppler occupancy sensor,
Accelerometer,
Gyroscope | -|**NFC**| NFC reader | NFC reader | N/A | -|**Speakers**| (2) Front-facing stereo speakers | (2) Front-facing stereo speakers | Full range front facing 3-way stereo speakers | -|**Microphone**| High-Performance, 4-Element Array | High-Performance, 4-Element Array | Full band 8-element MEMS microphone array | -|**Camera**| (2) Wide angle HD cameras 1080p @ 30 fps | (2) Wide angle HD cameras 1080p @ 30 fps | (1) Microsoft Surface Hub 2 Camera, 4K, USB-C connection, 90-degree horizontal field of view | -|**Pen**| (2) Powered, active, subpixel accuracy | (2) Powered, active, subpixel accuracy | (1) Microsoft Surface Hub 2 Pen (active) | -|**Physical buttons**| Power, Input Select, Volume, Brightness | Power, Input Select, Volume, Brightness | Power, Volume, Source | -|**Software**| Windows 10 + Office (Word, PowerPoint, Excel) | Windows 10 + Office (Word, PowerPoint, Excel) | Windows 10 + Office (Word, PowerPoint, Excel) | - -> [!NOTE] -> The NFC reader available in the original Surface Hub is discontinued in Surface Hub 2S and is no longer available. diff --git a/devices/surface-hub/surface-hub-authenticator-app.md b/devices/surface-hub/surface-hub-authenticator-app.md deleted file mode 100644 index 80c7dbefd1..0000000000 --- a/devices/surface-hub/surface-hub-authenticator-app.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: Sign in to Surface Hub with Microsoft Authenticator -description: Use Microsoft Authenticator on your mobile device to sign in to Surface Hub. -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 08/28/2017 -ms.reviewer: -manager: laurawi -localizationpriority: medium ---- - -# Sign in to Surface Hub with Microsoft Authenticator - -People in your organization can sign in to a Surface Hub without a password using the Microsoft Authenticator app, available on Android and iOS. - -## Organization prerequisites - -To let people in your organization sign in to Surface Hub with their phones and other devices instead of a password, you’ll need to make sure that your organization meets these prerequisites: - -- Your organization must be a hybrid or cloud-only organization, backed by Azure Active Directory (Azure AD). For more information, see [What is Azure Active Directory?](https://docs.microsoft.com/azure/active-directory/active-directory-whatis) - -- Make sure you have at minimum an Office 365 E3 subscription. - -- [Configure Multi-Factor Authentication](https://docs.microsoft.com/azure/active-directory/authentication/howto-mfa-mfasettings). Make sure **Notification through mobile app** is selected. - - ![multi-factor authentication options](images/mfa-options.png) - -- Enable content hosting on Azure AD services such as Office, SharePoint, etc. - -- Surface Hub must be running Windows 10, version 1703 or later. - -- Surface Hub is set up with either a local or domain-joined account. - -Currently, you cannot use Microsoft Authenticator to sign in to Surface Hubs that are joined to Azure AD. - -## Individual prerequisites - -- An Android phone running 6.0 or later, or an iPhone or iPad running iOS9 or later - -- The most recent version of the Microsoft Authenticator app from the appropriate app store - - >[!NOTE] - >On iOS, the app version must be 5.4.0 or higher. - > - >The Microsoft Authenticator app on phones running a Windows operating system can't be used to sign in to Surface Hub. - -- Passcode or screen lock on your device is enabled - -- A standard SMTP email address (example: joe@contoso.com). Non-standard or vanity SMTP email addresses (example: firstname.lastname@contoso.com) currently don’t work. - -## How to set up the Microsoft Authenticator app - ->[!NOTE] ->If Company Portal is installed on your Android device, uninstall it before you set up Microsoft Authenticator. After you set up the app, you can reinstall Company Portal. -> ->If you have already set up Microsoft Authenticator on your phone and registered your device, go to the sign-in instructions. - -1. Add your work or school account to Microsoft Authenticator for Multi-Factor Authentication. You will need a QR code provided by your IT department. For help, see [Get started with the Microsoft Authenticator app](https://docs.microsoft.com/azure/multi-factor-authentication/end-user/microsoft-authenticator-app-how-to). -2. Go to **Settings** and register your device. -3. Return to the accounts page and choose **Enable phone sign-in** from the account dropdown menu. - -## How to sign in to Surface Hub during a meeting - -1. After you’ve set up a meeting, go to the Surface Hub and select **Sign in to see your meetings and files**. - - >[!NOTE] - >If you’re not sure how to schedule a meeting on a Surface Hub, see [Schedule a meeting on Surface Hub](https://support.microsoft.com/help/17325/surfacehub-schedulemeeting). - - ![screenshot of Sign in option on Surface Hub](images/sign-in.png) - -2. You’ll see a list of the people invited to the meeting. Select yourself (or the person who wants to sign in – make sure this person has gone through the steps to set up their device before your meeting), and then select **Continue**. - - ![screenshot of list of attendees in a meeting](images/attendees.png) - - You'll see a code on the Surface Hub. - - ![screenshot of code for Approve Sign in](images/approve-signin.png) - -3. To approve the sign-in, open the Authenticator app, enter the four-digit code that’s displayed on the Surface Hub, and select **Approve**. You will then be asked to enter the PIN or use your fingerprint to complete the sign in. - - ![screenshot of the Approve sign-in screen in Microsoft Authenticator](images/approve-signin2.png) - -You can now access all files through the OneDrive app. \ No newline at end of file diff --git a/devices/surface-hub/surface-hub-downloads.md b/devices/surface-hub/surface-hub-downloads.md deleted file mode 100644 index 79ff342ba9..0000000000 --- a/devices/surface-hub/surface-hub-downloads.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -title: Useful downloads for Microsoft Surface Hub -description: Downloads related to the Microsoft Surface Hub. -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 08/22/2017 -ms.reviewer: -manager: laurawi -ms.localizationpriority: medium ---- - -# Useful downloads for Microsoft Surface Hub - -This topic provides links to useful Surface Hub documents, such as product datasheets and user's guide. - -| Link | Description | -| --- | --- | -| [Surface Hub Setup Guide (English, French, Spanish) (PDF)](https://download.microsoft.com/download/0/1/6/016363A4-8602-4F01-8281-9BE5C814DC78/Setup-Guide_EN-FR-SP.pdf) | Get a quick overview of how to set up the environment for your new Surface Hub. | -| [Surface Hub Quick Reference Guide (PDF)](https://download.microsoft.com/download/9/E/E/9EE660F8-3FC6-4909-969E-89EA648F06DB/Surface%20Hub%20Quick%20Reference%20Guide_en-us.pdf) | Use this quick reference guide to get information about key features and functions of the Surface Hub. | -| [Surface Hub User Guide (PDF)](https://download.microsoft.com/download/3/6/B/36B6331E-0C63-4E71-A05D-EE88D05081F8/surface-hub-user-guide-en-us.pdf) | Learn how to use Surface Hub in scheduled or ad-hoc meetings. Invite remote participants, use the built-in tools, save data from your meeting, and more. | -| [Surface Hub Replacement PC Drivers](https://www.microsoft.com/download/details.aspx?id=52210) | The Surface Hub Replacement PC driver set is available for those customers who have chosen to disable the Surface Hub’s internal PC and use an external computer with their 84” or 55” Surface Hub. This download is meant to be used with the Surface Hub Admin Guide , which contains further details on configuring a Surface Hub Replacement PC. | -| [Microsoft Surface Hub Rollout and Adoption Success Kit (ZIP)](https://download.microsoft.com/download/F/A/3/FA3ADEA4-4966-456B-8BDE-0A594FD52C6C/Surface_Hub_Adoption_Kit_Final_0519.pdf) | Best practices for generating awareness and implementing change management to maximize adoption, usage, and benefits of Microsoft Surface Hub. The Rollout and Adoption Success Kit zip file includes the Rollout and Adoption Success Kit detailed document, Surface Hub presentation, demo guidance, awareness graphics, and more. | -| [Unpacking Guide for 84-inch Surface Hub (PDF)](https://download.microsoft.com/download/5/2/B/52B4007E-D8C8-4EED-ACA9-FEEF93F6055C/84_Unpacking_Guide_English_French-Spanish.pdf) | Learn how to unpack your 84-inch Surface Hub efficiently and safely. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/75/2b/752b73dc-6e9d-4692-8ba1-0f9fc03bff6b.mov?n=04.07.16_installation_video_03_unpacking_84.mov) | -| [Unpacking Guide for 55-inch Surface Hub (PDF)](https://download.microsoft.com/download/2/E/7/2E7616A2-F936-4512-8052-1E2D92DFD070/55_Unpacking_Guide_English-French-Spanish.PDF) | Learn how to unpack your 55-inch Surface Hub efficiently and safely. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/a9/d6/a9d6b4d7-d33f-4e8b-be92-28f7fc2c06d7.mov?n=04.07.16_installation_video_02_unpacking_55.mov) | -| [Wall Mounting and Assembly Guide (PDF)](https://download.microsoft.com/download/7/0/2/702485E3-B55E-4DE8-B5DD-3B56F90DCF5D/SH-Guide_WACG_Wall_Mounts_EN-FR-ES-NL-DE-IT-PT-AR-DA-FI-NO-SV.pdf) | Detailed instructions on how to safely and securely assemble the wall brackets, and how to mount your Surface Hub onto them. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/bf/4d/bf4d6f06-370c-45ee-88e6-c409873914e8.mov?n=04.07.16_installation_video_05_wall_mount.mov) | -| [Floor-Supported Mounting and Assembly Guide (PDF)](https://download.microsoft.com/download/7/0/2/702485E3-B55E-4DE8-B5DD-3B56F90DCF5D/SH-Guide_WACG_Floor_Support_Mount_EN-FR-ES-NL-DE-IT-AR-DA-FI-NO-SV.pdf) | Detailed instructions on how to safely and securely assemble the floor-supported brackets, and how to mount your Surface Hub onto them. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/ed/de/edde468a-e1d4-4ce8-8b61-c4527dd25c81.mov?n=04.07.16_installation_video_06_floor_support_mount.mov) | -| [Rolling Stand Mounting and Assembly Guide (PDF)](https://download.microsoft.com/download/7/0/2/702485E3-B55E-4DE8-B5DD-3B56F90DCF5D/SH-Guide_WACG_Rolling_Stands_EN-FR-ES-NL-DE-IT-AR-DA-FI-NO-SV.pdf) | Detailed instructions on how to safely and securely assemble the rolling stand, and how to mount your Surface Hub onto it. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/1f/94/1f949613-3e4a-41e3-ad60-fe8aa7134115.mov?n=04.07.16_installation_video_04_rolling_stand_mount.mov) | -| [Mounts and Stands Datasheet (PDF)](https://download.microsoft.com/download/5/0/1/501F98D9-1BCC-4448-A1DB-47056CEE33B6/20160711_Surface_Hub_Mounts_and_Stands_Datasheet.pdf) | Specifications and prices for all Surface Hub add-on stands and mounts that turn your workspace into a Surface Hub workspace. | -| [Surface Hub Stand and Wall Mount Specifications (PDF)](https://download.microsoft.com/download/7/A/7/7A75BD0F-5A46-4BCE-B313-A80E47AEB581/20160720_Combined_Stand_Wall_Mount_Drawings.pdf) | Illustrated specifications for the 55” and 84” Surface Hub rolling stands, wall mounts, and floor-supported wall mounts. | - - - - diff --git a/devices/surface-hub/surface-hub-qos.md b/devices/surface-hub/surface-hub-qos.md deleted file mode 100644 index aa1b746b8d..0000000000 --- a/devices/surface-hub/surface-hub-qos.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -title: Implement Quality of Service on Surface Hub -ms.reviewer: -manager: laurawi -description: Learn how to configure QoS on Surface Hub. -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.localizationpriority: medium ---- - -# Implement Quality of Service (QoS) on Surface Hub - -Quality of Service (QoS) is a combination of network technologies that allows the administrators to optimize the experience of real time audio/video and application sharing communications. - -Configuring [QoS for Skype for Business](https://docs.microsoft.com/windows/client-management/mdm/networkqospolicy-csp) on the Surface Hub can be done using your [mobile device management (MDM) provider](manage-settings-with-mdm-for-surface-hub.md) or through a [provisioning package](provisioning-packages-for-surface-hub.md). - - -This procedure explains how to configure QoS for Surface Hub using Microsoft Intune. - -1. In Intune, [create a custom policy](https://docs.microsoft.com/intune/custom-settings-configure). - - ![Screenshot of custom policy creation dialog in Intune](images/qos-create.png) - -2. In **Custom OMA-URI Settings**, select **Add**. For each setting that you add, you will enter a name, description (optional), data type, OMA-URI, and value. - - ![Screenshot of a blank OMA-URI setting dialog box](images/qos-setting.png) - -3. Add the following custom OMA-URI settings: - - Name | Data type | OMA-URI
./Device/Vendor/MSFT/NetworkQoSPolicy | Value - --- | --- | --- | --- - Audio Source Port | String | /HubAudio/SourcePortMatchCondition | Get the values from your Skype administrator - Audio DSCP | Integer | /HubAudio/DSCPAction | 46 - Video Source Port | String | /HubVideo/SourcePortMatchCondition | Get the values from your Skype administrator - Video DSCP | Integer | /HubVideo/DSCPAction | 34 - Audio Process Name | String | /HubAudio/AppPathNameMatchCondition | Microsoft.PPISkype.Windows.exe - Video Process Name | String | /HubVideo/AppPathNameMatchCondition | Microsoft.PPISkype.Windows.exe - - >[!IMPORTANT] - >Each **OMA-URI** path begins with `./Device/Vendor/MSFT/NetworkQoSPolicy`. The full path for the audio source port setting, for example, will be `./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/SourcePortMatchCondition`. - - - - -4. When the policy has been created, [deploy it to the Surface Hub.](manage-settings-with-mdm-for-surface-hub.md#manage-surface-hub-settings-with-mdm) - - ->[!WARNING] ->Currently, you cannot configure the setting **IPProtocolMatchCondition** in the [NetworkQoSPolicy CSP](https://docs.microsoft.com/windows/client-management/mdm/networkqospolicy-csp). If this setting is configured, the policy will fail to apply. - diff --git a/devices/surface-hub/surface-hub-recovery-tool.md b/devices/surface-hub/surface-hub-recovery-tool.md deleted file mode 100644 index 2db5f9706e..0000000000 --- a/devices/surface-hub/surface-hub-recovery-tool.md +++ /dev/null @@ -1,101 +0,0 @@ ---- -title: Using the Surface Hub Recovery Tool -description: How to use the Surface Hub Recovery Tool to re-image the SSD. -ms.assetid: FDB6182C-1211-4A92-A930-6C106BCD5DC1 -ms.reviewer: -manager: laurawi -keywords: manage Surface Hub -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 05/22/2018 -ms.localizationpriority: medium ---- - -# Using the Surface Hub Recovery Tool - -The [Microsoft Surface Hub Recovery Tool](https://www.microsoft.com/download/details.aspx?id=52210) helps you re-image your Surface Hub Solid State Drive (SSD) using a Windows 10 desktop device, without calling support or replacing the SSD. With this tool, you can reimage an SSD that has an unknown Administrator password, boot errors, was unable to complete a cloud recovery, or for a device that has an older version of the operating system. The tool will not fix physically damaged SSDs. - -To re-image the Surface Hub SSD using the Recovery Tool, you'll need to remove the SSD from the Surface Hub, connect the drive to the USB-to-SATA cable, and then connect the cable to the desktop PC on which the Recovery Tool is installed. For more information on how to remove the existing drive from your Surface Hub, see [Surface Hub SSD replacement](surface-hub-ssd-replacement.md). - -> [!IMPORTANT] -> Do not let the device go to sleep or interrupt the download of the image file. - -If the tool is unsuccessful in reimaging your drive, please contact [Surface Hub Support](https://support.microsoft.com/help/4037644/surface-contact-surface-warranty-and-software-support). - -## Prerequisites - -### Mandatory - -- Host PC running 64-bit version of Windows 10, version 1607 or higher. -- Internet access -- Open USB 2.0 or greater port -- USB-to-SATA cable -- 10 GB of free disk space on the host computer -- SSDs shipped with Surface Hub or a SSD provided by Support as a replacement. SSDs not supplied by Microsoft are not supported. - -### Recommended - -- High-speed Internet connection -- Open USB 3.0 port -- USB 3.0 or higher USB-to-SATA cable -- The imaging tool was tested with the following make and model of cables: - - Startech USB312SAT3CB - - Rosewill RCUC16001 - - Ugreen 20231 - -## Download Surface Hub Recovery Tool - -Surface Hub Recovery Tool is available for download from [Surface Hub Tools for IT](https://www.microsoft.com/download/details.aspx?id=52210) under the file name **SurfaceHub_Recovery_v1.14.137.0.msi**. - -To start the download, click **Download**, choose **SurfaceHub_Recovery_v1.14.137.0.msi** from the list, and click **Next**. From the pop-up, choose one of the following: - -- Click **Run** to start the installation immediately. -- Click **Save** to copy the download to your computer for later installation. - -Install Surface Hub Recovery Tool on the host PC. - -## Run Surface Hub Recovery Tool - -1. On the host PC, select the **Start** button, scroll through the alphabetical list on the left, and select the recovery tool shortcut. - - ![Microsoft Surface Hub Recovery Tool shortcut](images/shrt-shortcut.png) - -2. Click **Start**. - - ![Recovery Tool Start button](images/shrt-start.png) - -3. In the **Guidance** window, click **Next**. - - ![Do not let your machine go to sleep guidance](images/shrt-guidance.png) - -4. click **Yes** to download the image. Time to download the recovery image is dependent on internet connection speeds. On an average corporate connection, it can take up to an hour to download the 8GB image file. - - ![Download the image?](images/shrt-download.png) - -5. When the download is complete, the tool instructs you to connect an SSD drive. If the tool is unable to locate the attached drive, there is a good chance that the cable being used is not reporting the name of the SSD to Windows. The imaging tool must find the name of the drive as "LITEON L CH-128V2S USB Device" before it can continue. For more information on how to remove the existing drive from your Surface Hub, see [Surface Hub SSD replacement](surface-hub-ssd-replacement.md). - - ![Connect SSD](images/shrt-drive.png) - -6. When the drive is recognized, click **Start** to begin the re-imaging process. On the warning that all data on the drive will be erased, click **OK**. - - ![Start re-imaging the SSD](images/shrt-drive-start.png) - - Prior to applying the system image to the drive, the SSD is repartitioned and formatted. Copying the system binaries will take approximately 30 minutes, but can take longer depending on the speed of your USB bus, the cable being used, or antivirus software installed on your system. - - ![Copying done](images/shrt-done.png) - - ![Reimaging complete](images/shrt-complete.png) - -## Troubleshooting and common problems - -Issue | Notes ---- | --- -The tool fails to image the SSD | Make sure you are using a factory-supplied SSD and one of the tested cables. -The reimaging process appears halted/frozen | It is safe to close and restart the Surface Hub Recovery Tool with no ill effect to the SSD. -The drive isn’t recognized by the tool | Verify that the Surface Hub SSD is enumerated as a Lite-On drive, "LITEON L CH-128V2S USB Device". If the drive is recognized as another named device, your current cable isn’t compatible. Try another cable or one of the tested cable listed above. -Error: -2147024809 | Open Disk Manager and remove the partitions on the Surface Hub drive. Disconnect and reconnect the drive to the host machine. Restart the imaging tool again. - -If the tool is unsuccessful in reimaging your drive, please contact [Surface Hub Support](https://support.microsoft.com/help/4037644/surface-contact-surface-warranty-and-software-support). diff --git a/devices/surface-hub/surface-hub-security.md b/devices/surface-hub/surface-hub-security.md deleted file mode 100644 index faee5ad929..0000000000 --- a/devices/surface-hub/surface-hub-security.md +++ /dev/null @@ -1,158 +0,0 @@ ---- -title: "Surface Hub security overview" -description: "This page explains the Defense in Depth design of Surface Hub and describes security enhancements in Surface Hub 2S, wireless security protections, and related features." -keywords: separate values with commas -ms.prod: surface-hub -ms.sitesec: library -author: coveminer -ms.author: greglin -manager: laurawi -audience: Admin -ms.topic: article -ms.date: 03/27/2020 -ms.localizationpriority: High ---- -# Surface Hub security overview - -Surface Hub provides a locked-down computing appliance with custom platform firmware running the Windows 10 Team Edition operating system. The resulting device takes the traditional, "single use" secure kiosk, "only run what you need" philosophy and delivers a modern take on it. Built to support a rich collaborative user experience, Surface Hub is protected against continually evolving security threats. - -Built on Windows 10, Surface Hub delivers enterprise-grade modern security enabling IT admins to enforce data protection with BitLocker, Trusted Platform Module 2.0 (TPM), plus cloud-powered security with Windows Defender (also known as Microsoft Defender). - -## Defense in Depth security - -Security protocols begin as soon as Surface Hub is turned on. Starting at the firmware level, Surface Hub will only load the operating system and its components in response to multiple security checks. Surface Hub employs a strategy called Defense in Depth that involves layering independent defensive sub-components to protect the whole of the system in the event of partial failure. This industry practice has proven to be highly effective in mitigating against potential unilateral exploits and weakness in sub-components. - -The modern Unified Extensible Firmware Interface (UEFI) is statically and securely configured by Microsoft to only boot an authenticated Windows 10 Team Edition operating system from internal storage. Every line of code that runs on Surface Hub has its signature verified prior to execution. Only applications signed by Microsoft, either as part of the operating system or installed via the Microsoft Store, can run on the Surface Hub. Code or apps not meeting these requirements are blocked. - -Surface Hub security systems include the following: - -- **Boot-time defenses.** Loads only trusted Surface Hub operating system components. -- **Operating system defenses.** Protects against execution of unintended or malicious software or code. -- **User interface defenses.** Provides a user interface that's safe for end users, preventing access to potentially risky activities such as running executables from the command line. - -### Boot-time defenses - -The SoC has a security processor that's separate from every other core. When you first start Surface Hub, only the security processor starts before anything else can be loaded. - -![Hub startup boot phases showing security processor protections](images/hub-sec-1.png) - -#### Secure Boot - -Secure Boot is used to verify that the components of the boot process, including drivers and the operating system, are validated against a database of valid and known signatures. On Surface Hub, a platform-specific signature must first be validated before the authorized Windows Team operating system can be loaded. This helps prevent attacks from a cloned or modified system running malicious code hidden in what appears to be an otherwise normal user experience. For more information, see [Secure Boot overview](https://docs.microsoft.com/windows-hardware/design/device-experiences/oem-secure-boot). - -### Operating system defenses - -Once the operating system is verified as originating from Microsoft and Surface Hub successfully completes the boot process, the device scrutinizes the executable code. Our approach to securing the operating system involves identifying the code signature of all executables, allowing only those that pass our restrictions to be loaded into the runtime. This code signing method enables the operating system to verify the author and confirm that code was not altered prior to running on the device. - -Surface Hub uses a code signing feature known as User Mode Code Integrity (UMCI) in Windows Application Control (formerly known as Device Guard). Policy settings are configured to only allow apps that meet one of these requirements: - -- Universal Windows Platform (Microsoft Store) apps that are [officially certified](https://docs.microsoft.com/windows/uwp/publish/the-app-certification-process). -- Apps signed with the unique Microsoft Production Root Certification Authority (CA), which can only be signed by Microsoft employees with authorized access to those certificates. -- Apps signed with the unique Surface Hub Production Root C. - -The configuration file is signed using the Microsoft Production Root CA designed to prevent restrictions from being removed or modified by a third party. All other executables at this point are simply blocked at the operating system runtime level and prevented from accessing processing power. This attack surface reduction provides the following protections: - -- No legacy document modes -- No legacy script engines -- No Vector Markup Language -- No Browser Helper Objects -- No ActiveX controls - -In addition to blocking unsigned or incorrectly signed code via UMCI, Surface Hub uses Windows Application Control to block Windows components, such as the Command Prompt, PowerShell, and Task Manager. These safeguards reflect a key design feature of Surface Hub as a secure computing appliance. For more information, see the following: - -- [Application Control overview](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control) - -- [Windows Defender Application Control and virtualization-based protection of code integrity](https://docs.microsoft.com/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control) - -### User interface defenses - -While boot-time defenses and operating system lockdown safeguards deliver foundational security, the user interface provides an additional layer designed to further reduce risk. To prevent malicious code from reaching the device through drivers, Surface Hub does not download advanced drivers for plug and play (PnP) devices. Devices that leverage basic drivers, such as USB flash drives or certified Surface Hub peripherals (speakers, microphones, cameras) work as expected, but advanced systems, such as printers, will not. - -User interface defenses also simplify the UI, further preventing the execution of malicious software or code. The following Surface Hub UI elements layer the core security provided by code signing: - -- **File Explorer.** Surface Hub has a custom File Explorer that enables quick access to Music, Videos, Documents, Pictures, and Downloads folders — without exposing users to system or program files. Other locations on the local hard drive are not available through File Explorer. In addition, many file types running such as .exe, and .msi installation files cannot run providing another layer of safety against potentially malicious executables. - -- **Start & All Apps.** The Start and All Apps components of Surface Hub do not expose access to Command Prompt, PowerShell, or other Windows components blocked via Application Control. In addition, Windows run functionality typically accessed on PCs from the Search box is turned off for Surface Hub. - -## Security enhancements in Surface Hub 2S - -Although Surface Hub and Surface Hub 2S both run the same operating system software, some features unique to Surface Hub 2S provide additional management and security capabilities enabling IT admins to perform the following tasks: - -- Manage UEFI settings with SEMM -- Recover Hub with bootable USB -- Harden device account with password rotation - -### Manage UEFI settings with SEMM - -UEFI is an interface between the underlying hardware platform pieces and the operating system. On Surface Hub, a custom UEFI implementation allows granular control over these settings and prevents any non-Microsoft entity from changing the UEFI settings of the device — or booting to a removable drive to modify or change the operating system. - -At a high level, during the factory provisioning process, Surface Hub UEFI is preconfigured to enable Secure Boot and is set to only boot from the internal solid-state drive (SSD), with access to UEFI menus locked down and shortcuts removed. This seals UEFI access and ensures the device can only boot into the Windows Team operating system installed on Surface Hub. - -When managed via Microsoft Surface Enterprise Management Mode (SEMM), IT admins can deploy UEFI settings on Hub devices across an organization. This includes the ability to enable or disable built-in hardware components, protect UEFI settings from being changed by unauthorized users, and adjust boot settings. - -![Surface Hub UEFI settings](images/hub-sec-2.png) - -Admins can implement SEMM and enrolled Surface Hub 2S devices using the downloadable [Microsoft Surface UEFI Configurator](https://www.microsoft.com/download/details.aspx?id=46703). For more information, see [Secure and manage Surface Hub 2S with SEMM and UEFI](https://docs.microsoft.com/surface-hub/surface-hub-2s-secure-with-uefi-semm). -Secured using a certificate to protect the configuration from unauthorized tampering or removal, SEMM enables management of the following components: - -- Wired LAN -- Camera -- Bluetooth -- Wi-Fi -- Occupancy sensor -- IPv6 for PXE Boot -- Alternate Boot -- Boot Order Lock -- USB Boot -- UEFI front page interface - - Devices - - Boot - - Date/Time - - -### Recover Hub with bootable USB - -Surface Hub 2S enables admins to reinstall the device to factory settings using a recovery image in as little as 20 minutes. Typically, you would only need to do this if your Surface Hub is no longer functioning. Recovery is also useful if you have lost the Bitlocker key or no longer have admin credentials to the Settings app. - -### Harden device account with password rotation - -Surface Hub uses a device account, also known as a "room account" to authenticate with Exchange, Microsoft Teams, and other services. When you enable password rotation, Hub 2S automatically generates a new password every 7 days, consisting of 15-32 characters with a combination of uppercase and lowercase letters, numbers, and special characters. Because no one knows the password, the device account password rotation effectively mitigates associated risk from human error and potential social engineering security attacks. - -## Windows 10 enterprise-grade security - -In addition to Surface Hub-specific configurations and features addressed in this document, Surface Hub also uses the standard security features of Windows 10. These include: - -- **BitLocker**. The Surface Hub SSD is equipped with BitLocker to protect the data on the device. Its configuration follows industry standards. For more information, see [BitLocker overview](https://docs.microsoft.com/windows-hardware/design/device-experiences/oem-secure-boot). -- **Windows Defender.** The Windows Defender anti-malware engine runs continuously on Surface Hub and works to automatically remediate threats found on Surface Hub. The Windows Defender engine receives updates automatically and is manageable via remote management tools for IT admins. The Windows Defender engine is a perfect example of our Defense in Depth approach: If malware can find a way around our core code-signage-based security solution, it will be caught here. For more information, see [Windows Defender Application Control and virtualization-based protection of code integrity](https://docs.microsoft.com/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control). -- **Plug and play drivers.** To prevent malicious code from reaching the device through drivers, Surface Hub does not download advanced drivers for PnP devices. This allows devices that leverage basic drivers such as USB flash drives to work as expected while blocking more advanced systems such as printers. -- **Trusted Platform Module 2.0.** Surface Hub has an industry standard discrete Trusted Platform Module (dTPM) for generating and storing cryptographic keys and hashes. The dTPM protects keys used for the verification of boot phases, the BitLocker master key, password-less sign-on key, and more. The dTPM meets [FIPS 140-2 Level 2](https://docs.microsoft.com/windows/security/threat-protection/fips-140-validation) certification, the U.S. government computer security standard, and is compliant with [Common Criteria](https://docs.microsoft.com/windows/security/threat-protection/windows-platform-common-criteria) certification used worldwide. - -## Wireless security for Surface Hub - -Surface Hub uses Wi-Fi Direct / Miracast technology and the associated 802.11, Wi-Fi Protected Access (WPA2), and Wireless Protected Setup (WPS) standards. Since the device only supports WPS (as opposed to WPA2 Pre-Shared Key (PSK) or WPA2 Enterprise), issues traditionally associated with 802.11 encryption are simplified by design. - -Miracast is part of the Wi-Fi Display standard, which itself is supported by the Wi-Fi Direct protocol. These standards are supported in modern mobile devices for screen sharing and collaboration. - -Wi-Fi Direct or Wi-Fi "peer to peer" (P2P) is a standard released by the Wi-Fi Alliance for "Ad-Hoc" networks. This allows supported devices to communicate directly and create groups of networks without requiring a traditional Wi-Fi Access Point or an Internet connection. - -Security for Wi-Fi Direct is provided by WPA2 using the WPS standard. Devices can be authenticated using a numerical pin, a physical or virtual push button, or an out-of-band message using near-field communication. Surface Hub supports both push button by default as well PIN methods. For more information, see [How Surface Hub addresses Wi-Fi Direct security issues](https://docs.microsoft.com/surface-hub/surface-hub-wifi-direct). - -## Learn more - -- [Secure Boot overview](https://docs.microsoft.com/windows-hardware/design/device-experiences/oem-secure-boot) - -- [BitLocker overview](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview) - -- [Application Control overview](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control) - -- [Secure and manage Surface Hub 2S with SEMM and UEFI](https://docs.microsoft.com/surface-hub/surface-hub-2s-secure-with-uefi-semm) - -- [How Surface Hub addresses Wi-Fi Direct security issues](https://docs.microsoft.com/surface-hub/surface-hub-wifi-direct) - -- [Windows Defender Application Control and virtualization-based protection of code integrity](https://docs.microsoft.com/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control) - -- [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) - -- [FIPS 140-2 Level 2](https://docs.microsoft.com/windows/security/threat-protection/fips-140-validation) - -- [Common Criteria certification](https://docs.microsoft.com/windows/security/threat-protection/windows-platform-common-criteria) diff --git a/devices/surface-hub/surface-hub-site-readiness-guide.md b/devices/surface-hub/surface-hub-site-readiness-guide.md deleted file mode 100644 index d12281f55b..0000000000 --- a/devices/surface-hub/surface-hub-site-readiness-guide.md +++ /dev/null @@ -1,138 +0,0 @@ ---- -title: Surface Hub Site Readiness Guide -ms.reviewer: -manager: laurawi -description: Use this Site Readiness Guide to help plan your Surface Hub installation. -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -ms.topic: article -ms.localizationpriority: medium ---- - -# Surface Hub Site Readiness Guide - -Use this Site Readiness Guide to help plan your Surface Hub installation. In this guide, you’ll find: -- Site readiness topics -- Detailed hardware specifications on power, ports, and cables -- Recommendations for moving and storage -- Links to guidance on unpacking and mounting - -## Site readiness planning - -The room needs to be large enough to provide good viewing angles, but small enough for the microphones to pick up clear signals from the people in the room. Most rooms that are about 22 feet (seven meters) long will provide a good meeting experience. In the conference area, mount Surface Hub where: - -- Everyone in the room can see it. -- People can reach all four edges of the touchscreen. -- The screen is not in direct sunlight, which could affect viewing or damage the screen. -- Ventilation openings are not blocked. -- Microphones are not affected by noise sources, such as fans or vents. -You can find more details in the [55” Microsoft Surface Hub technical information](surface-hub-technical-55.md) or [84” Microsoft Surface Hub technical information](surface-hub-technical-84.md) sections. For cleaning, care, and safety information, see the mounting guides and user guide at https://www.microsoft.com/surface/support/surface-hub. - -### Hardware considerations - -Surface Hub arrives with: -- Two Microsoft Surface Hub pens -- A Microsoft wireless keyboard, customized for Surface Hub -- A 9-foot NEMA 5-15P (US Standard) to C13 power cable - -You’ll need to provide: -- Cat-5e or Cat-6 network cables -- Display cables (optional) -- Audio cable (optional) -- Type A to B USB cable (optional) - -For details about cable ports, see the [55” Microsoft Surface Hub technical information](surface-hub-technical-55.md) or [84” Microsoft Surface Hub technical information](surface-hub-technical-84.md) sections. For details about cables, see [Wired Connect](#wired). - -Microsoft Surface Hub has an internal PC and does not require an external computer system. - -For power recommendations, see [55” Microsoft Surface Hub technical information](surface-hub-technical-55.md) or [84” Microsoft Surface Hub technical information](surface-hub-technical-84.md). For power cable safety warnings, see the mounting guides at https://www.microsoft.com/surface/support/surface-hub. - -### Data and other connections - -To use Surface Hub, you need an active Ethernet port and a standard power outlet. In addition, you may want to: - -- Equip the conference table for Wired Connect. -- Expand the wall outlet configuration to include: - - Additional AC outlets - - Ethernetports - - Audio ports - - Video ports (DisplayPort, HDMI, VGA, etc.) - - -## When Surface Hub arrives - -Surface Hub is large and heavy, so let Receiving know when it will arrive and what they should do to handle it safely. For details on the packing weights and other specifications, see [55” Microsoft Surface Hub technical information](surface-hub-technical-55.md) or [84” Microsoft Surface Hub technical information](surface-hub-technical-84.md). - -Consider the following: -- Wait to unpack Surface Hub from the shipping container until you’ve moved it to the conference area where you plan to install it. -- Make sure your loading dock can accept a shipment on a pallet and hold it securely until it can be installed. -- Check for local labor union rules that would require you to use union labor to unload or move Surface Hub. -- Do not leave Surface Hub in a hot or humid environment. As with any computer-based or display equipment, heat and humidity can damage Surface Hub. The recommended storage temperatures are 32°F to 95°F with a relative humidity of less than 70 percent. - -### Moving Surface Hub - -Before you move Surface Hub, make sure that all the doorways, thresholds, hallways, and elevators are big enough to accommodate it. For information on the dimensions and weight of your Surface Hub in its shipping container, see [55” Microsoft Surface Hub technical information](surface-hub-technical-55.md) or [84” Microsoft Surface Hub technical information](surface-hub-technical-84.md). - -### Unpacking Surface Hub - -For unpacking information, refer to the unpacking guide included in the shipping container. You can open the unpacking instructions before you open the shipping container. These instructions can also be found here: https://www.microsoft.com/surface/support/surface-hub - ->[!IMPORTANT] ->Retain and store all Surface Hub shipping materials—including the pallet, container, and screws—in case you need to ship Surface Hub to a new location or send it -for repairs. For the 84” Surface Hub, retain the lifting handles. - -### Lifting Surface Hub - -The 55” Surface Hub requires two people to safely lift and mount. The 84” Surface Hub requires four people to safely lift and mount. Those assisting must be able to lift 70 pounds to waist height. Review the unpacking and mounting guide for details on lifting Surface Hub. You can find it at https://www.microsoft.com/surface/support/surface-hub. - -## Mounting and setup - -See your mounting guide at https://www.microsoft.com/surface/support/surface-hub for detailed instructions. - -There are three ways to mount your Surface Hub: - -- **Wall mount**: Lets you permanently hang Surface Hub on a conference space wall. -- **Floor support mount**: Supports Surface Hub on the floor while it is permanently anchored to a conference space wall. -- **Rolling stand**: Supports Surface Hub and lets you move it to other conference locations. For links to guides that provide details about each mounting method, including building requirements, see https://www.microsoft.com/surface/support/surface-hub. - -For specifications on available mounts for the original Surface Hub, see the following: - -- [Surface Hub Mounts and Stands Datasheet](https://download.microsoft.com/download/5/0/1/501F98D9-1BCC-4448-A1DB-47056CEE33B6/20160711_Surface_Hub_Mounts_and_Stands_Datasheet.pdf) -- [Surface Hub Stand and Wall Mount Specifications](https://download.microsoft.com/download/7/A/7/7A75BD0F-5A46-4BCE-B313-A80E47AEB581/20160720_Combined_Stand_Wall_Mount_Drawings.pdf) - -## The Connect experience - -Connect lets people project their laptop, tablet, or phone to the Surface Hub screen. Connect allows wireless or wired connection types. - -#### Wireless connect - -Since wireless connect is based on Miracast, you don’t need cables or additional setup planning to use it. Your users can load Miracast on most Miracast-enabled Windows 8.1 and Windows 10 devices. Then they can project their display from their computer or phone to the Surface Hub screen. - - -#### Wired connect - -With wired connect, a cable transmits information from computers, tablets, or phones to Surface Hub. There are three video cable options, and they all use the same USB 2.0 cable. The cable bundle can include one or all of these connection options. - -- DisplayPort (DisplayPort cable + USB 2.0 cable) -- HDMI (HDMI cable + USB 2.0 cable) -- VGA (VGA cable + 3.5mm audio cable + USB 2.0 cable) - -For example, to provide audio, video, and touchback capability to all three video options, your Wired Connect cable bundle must include: - -- A DisplayPort cable -- An HDMI cable -- A VGA cable -- A USB 2.0 cable -- A 3.5mm cable - -When you create your wired connect cable bundles, check the [55” Microsoft Surface Hub technical information](surface-hub-technical-55.md) or [84” Microsoft Surface Hub technical information](surface-hub-technical-84.md) sections for specific technical and physical details and port locations for each type of Surface Hub. Make the cables long enough to reach from Surface Hub to where the presenter will sit or stand. - -For details on Touchback and Inkback, see the user guide at https://www.microsoft.com/surface/support/surface-hub. - - - -## See also - -[Watch the video (opens in a pop-up media player)](https://compass.xbox.com/assets/27/aa/27aa7dd7-7cb7-40ea-9bd6-c7de0795f68c.mov?n=04.07.16_installation_video_01_site_readiness.mov) diff --git a/devices/surface-hub/surface-hub-ssd-replacement.md b/devices/surface-hub/surface-hub-ssd-replacement.md deleted file mode 100644 index 12f256388d..0000000000 --- a/devices/surface-hub/surface-hub-ssd-replacement.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: Surface Hub SSD replacement -ms.reviewer: -manager: laurawi -description: Learn how to replace the solid state drive in a Surface Hub. -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.localizationpriority: medium ---- - -# Surface Hub SSD replacement - -You might need to remove the solid state drive (SSD) from your Surface Hub so that you can reimage it using the [Surface Hub Recovery Tool](surface-hub-recovery-tool.md) or because you've been sent a replacement drive. You would reimage your SSD when the operating system is no longer bootable, such as from a Windows update failure, BitLocker issues, reset failure, or hardware failure. - - ->[!WARNING] ->Make sure the Surface Hub is turned off at the AC switch. - -1. Locate the SSD compartment door on the rear, upper portion of the Surface Hub in the locations illustrated below. The door is identifiable as it doesn't have open ventilation slots. - - ![SSD compartment door](images/ssd-location.png) - - *Surface Hub hard drive locations* - -2. Locate the locking tab on the hard drive compartment door. On the Surface Hub 55, the locking tab will be located on the left-hand side of the door. On the Surface Hub 84, it will be on the right-hand side as shown in the illustration. - - ![SSD compartment locking tab](images/ssd-lock-tab.png) - - *Locking tab on hard drive compartment door* - -3. Lift open the compartment door to access the hard drive. - - ![Lift](images/ssd-lift-door.png) - - *Lift compartment door* - -4. Locate the pull tab, which may be partially hidden under the rear cover. Pull on the tab to eject the hard drive from the compartment. - - ![Pull](images/ssd-pull-tab.png) - - *Pull tab* - -5. Slide the replacement drive into place until you hear it click. - - ![Slide in drive](images/ssd-click.png) - - *Slide replacement drive into place* - -6. Close the compartment door. - -7. Apply power to the Surface Hub. diff --git a/devices/surface-hub/surface-hub-start-menu.md b/devices/surface-hub/surface-hub-start-menu.md deleted file mode 100644 index 468e0d3329..0000000000 --- a/devices/surface-hub/surface-hub-start-menu.md +++ /dev/null @@ -1,184 +0,0 @@ ---- -title: Configure Surface Hub Start menu -description: Use MDM to customize the Start menu on Surface Hub. -ms.prod: surface-hub -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -ms.topic: article -ms.date: 08/15/2018 -ms.reviewer: -manager: laurawi -ms.localizationpriority: medium ---- - -# Configure Surface Hub Start menu - -The [January 17, 2018 update to Windows 10](https://support.microsoft.com/help/4057144) (build 15063.877) enables customized Start menus on Surface Hub devices. You apply the customized Start menu layout using mobile device management (MDM). - -When you apply a customized Start menu layout to Surface Hub, users cannot pin, unpin, or uninstall apps from Start. - -## How to apply a customized Start menu to Surface Hub - -The customized Start menu is defined in a Start layout XML file. You have two options for creating your Start layout XML file: - -- Edit the [default Surface Hub Start XML](#default) - - -or- - -- Configure the desired Start menu on a desktop (pinning only apps that are available on Surface Hub), and then [export the layout](https://docs.microsoft.com/windows/configuration/customize-and-export-start-layout#export-the-start-layout). - ->[!TIP] ->To add a tile with a web link to your desktop start menu, go to the link in Microsoft Edge, select `...` in the top right corner, and select **Pin this page to Start**. See [a Start layout that includes a Microsoft Edge link](#edge) for an example of how links will appear in the XML. - -To edit the default XML or the exported layout, familiarize yourself with the [Start layout XML](https://docs.microsoft.com/windows/configuration/start-layout-xml-desktop). There are a few [differences between Start layout on a deskop and a Surface Hub.](#differences) - -When you have your Start menu defined in a Start layout XML, [create an MDM policy to apply the layout.](https://docs.microsoft.com/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management#a-href-idbkmk-domaingpodeploymentacreate-a-policy-for-your-customized-start-layout) - - -## Differences between Surface Hub and desktop Start menu - -There are a few key differences between Start menu customization for Surface Hub and a Windows 10 desktop: - -- You cannot use **DesktopApplicationTile** (https://docs.microsoft.com/windows/configuration/start-layout-xml-desktop#startdesktopapplicationtile) in your Start layout XML because Windows desktop applications (Win32) are not supported on Surface Hub. -- You cannot use the Start layout XML to configure the taskbar or the Welcome screen for Surface Hub. -- Surface Hub supports a maximum of 6 columns (6 1x1 tiles), however, you **must** define `GroupCellWidth=8` even though Surface Hub will only display tiles in columns 0-5, not columns 6 and 7. -- Surface Hub supports a maximum 6 rows (6 1x1 tiles) -- `SecondaryTile`, which is used for links, will open the link in Microsoft Edge. - - - -## Example: Default Surface Hub Start layout - -```xml - - - - - - - - - - - - - - - - - - - -``` - - -## Example: Start layout that includes a Microsoft Edge link - -This example shows a link to a website and a link to a .pdf file. The secondary tile for Microsoft Edge uses a 150 x 150 pixel icon. - -```xml - - - - - - - - - - - - - - - - - - - -``` - ->[!NOTE] ->The default value for `ForegroundText` is light; you don't need to include `ForegroundText` in your XML unless you're changing the value to dark. diff --git a/devices/surface-hub/surface-hub-technical-55.md b/devices/surface-hub/surface-hub-technical-55.md deleted file mode 100644 index 209e77df4c..0000000000 --- a/devices/surface-hub/surface-hub-technical-55.md +++ /dev/null @@ -1,153 +0,0 @@ ---- -title: Technical information for 55" Surface Hub -ms.reviewer: -manager: laurawi -description: Specifications for the 55" Surface Hub -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.localizationpriority: medium ---- - -# Technical information for 55" Surface Hub - -## Measurements - -| ---- | --- -Pricing | Starting at $8,999 -Size | 31.75” x 59.62” x 3.38” (806.4mm x 1514.3mm x 85.8mm) -Storage/RAM | SSD 128GB with 8GB RAM -Processor | 4th Generation Intel® Core™ i5 -Graphics | Intel® HD 4600 -Ports | **Internal PC**
• (1) USB 3.0 (bottom) + (1) USB 3.0 (side access)
• (2) USB 2.0
• Ethernet 1000 Base-T
• DisplayPort
• Video Output
• 3.5mm Stereo Out
• RJ11 Connector for system-level control
**Alternate PC**
• (2) USB 2.0 type B output
• Connection for Camera, Sensors, Microphone, Speakers
• (1) DisplayPort Video Input
**Guest PC**
• DisplayPort Video Input
• HDMI Video Input
• VGA Video Input
• 3.5mm Stereo Input
• (1) USB 2.0 type B Touchback™ Output -Sensors | (2) Passive Infrared Presence Sensors, Ambient Light Sensors -Speakers | (2) Front-facing stereo speakers -Microphone | High-Performance, 4-Element Array -Camera | (2) Wide angle HD cameras 1080p @ 30fps -Pen | (2) Powered, active, subpixel accuracy -Physical side buttons | Power, Input Select, Volume, Brightness -Software | Windows 10 + Office (Word, PowerPoint, Excel) -What’s in the box | • Surface Hub 55”
• (2) Surface Hub Pens
• Power Cable
• Setup Guide
• Start Guide
• Safety and Warranty documents
• Wireless All-in-One Keyboard -Mounting features | 4X VESA standard, 400mm x 400mm plus 1150mm x 400mm pattern, 8X M6 X 1.0 threaded mounting locations -Display height from floor | Recommended height of 55 inches (139.7 cm) to center of screen -Product weight | Approx. 105 lb. (47.6 kg) without accessories -Product shipping weight | Approx. 150 lb. (68 kg) -Product dimensions HxWxD | 31.63 x 59.62 x 3.2 inches (80.34 x 151.44 x 8.14 cm) -Product shipping dimensions HxWxD | 43 x 65 x 20 inches (109 x 165 x 51 cm) -Product thickness | Touch surface to mounting surface: ≤ 2.4 inches (6 cm) -Orientation | Landscape only. Display cannot be used in a portrait orientation. -BTU | 1706 BTU/h -Image resolution | 1920 x 1080 -Frame rate | 120Hz -EDID preferred timing, replacement PC | 1920 x 1080, 120Hz vertical refresh -EDID preferred timing, wired connect | 1920 x 1080, 60Hz vertical refresh -Input voltage | (50/60Hz) 110/230v nominal, 90-265v max -Input power, operating | 500W max -Input power, standby | 5W nominal - - -## Replacement PC connections - -Connector and location | Label | Description ---- | --- | --- -Switch, bottom I/O | ![](images/switch.png) | Switches the function between using internal PC or external PC. -Display port, bottom I/O | ![](images/dport.png) | Provides input for replacement PC. -USB type B, bottom I/O | ![](images/usb.png) | Provides USB connection for replacement PC to internal peripherals. -USB type B, bottom I/O | ![](images/usb.png) | Provides USB connection for integrated hub. - - -## Wired connect connections - -Connector and location | Label | Description ---- | --- | --- -Display port, bottom I/O | ![](images/dportio.png) | Provides input for wired connect PC. -HDMI, bottom I/O | ![](images/hdmi.png) | Provides HDMI input for wired connect PC. -VGA, bottom I/O | ![](images/vga.png) | Provides VGA input for wired connect PC. -3.5mm, bottom I/O | ![](images/35mm.png) | Provides analog audio input. -USB type B, bottom I/O | ![](images/usb.png) | Provides USB connection for video ingest touchback. - -## Additional connections - -Connector and location | Label | Description ---- | --- | --- -USB type A, side I/O | ![](images/usb.png) | Provides 1 USB 3.0 connection for USB devices. Wake-on USB capable. -USB type A, bottom I/O with blue insulator | ![](images/usb.png) | Provides USB 3.0 connection. -3.5mm, bottom I/O | ![](images/analog.png) | Provides analog audio out. -Display port, bottom I/O | ![](images/dportout.png) | Provides mirrored video out function to another display. -IEC/EN60320-C13 receptacle with hard switch | ![](images/iec.png) | Provides AC input and compliance with EU power requirements. -RJ45, bottom I/O | ![](images/rj45.png) | Connects to Ethernet. -RJ11, bottom I/O | ![](images/rj11.png) | Connects to room control systems. - - - - - - - -## Diagrams of ports and clearances - -***Top view of 55" Surface Hub*** - -![](images/sh-55-top.png) - ---- - - -***Front view of 55" Surface Hub*** - -![](images/sh-55-front.png) - - ---- - -***Bottom view of 55" Surface Hub*** - -![](images/sh-55-bottom.png) - - ---- - -***Replacement PC ports on 55" Surface Hub*** - -![](images/sh-55-rpc-ports.png) - - ---- - -***Keypad on right side of 55" Surface Hub*** - -![](images/key-55.png) - - ---- - -***Rear view of 55" Surface Hub*** - -![](images/sh-55-rear.png) - - ---- - -***Clearances for 55" Surface Hub*** - -![](images/sh-55-clearance.png) - ---- - - -***Front and bottom handholds and clearances for 55" Surface Hub*** - -![](images/sh-55-hand.png) - - ---- - - -***Rear handholds and clearances for 55" Surface Hub*** - -![](images/sh-55-hand-rear.png) - - diff --git a/devices/surface-hub/surface-hub-technical-84.md b/devices/surface-hub/surface-hub-technical-84.md deleted file mode 100644 index 837883da14..0000000000 --- a/devices/surface-hub/surface-hub-technical-84.md +++ /dev/null @@ -1,159 +0,0 @@ ---- -title: Technical information for 84" Surface Hub -ms.reviewer: -manager: laurawi -description: Specifications for the 84" Surface Hub -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.localizationpriority: medium ---- - -# Technical information for 84" Surface Hub - -## Measurements - -| ---- | --- -Pricing | Starting at $21,999 -Size | 46.12” x 86.7” x 4.15” (1171.5mm x 2202.9mm x 105.4mm) -Storage/RAM | SSD 128GB with 8GB RAM -Processor | 4th Generation Intel® Core™ i7 -Graphics | NVIDIA Quadro K2200 -Ports | **Internal PC**
• (1) USB 3.0 (bottom) + (1) USB 3.0 (side access)
• (4) USB 2.0
• Ethernet 1000 Base-T
• DisplayPort Video Output
• 3.5mm Stereo Out
• RJ11 Connector for system-level control
**Alternate PC**
• (2) USB 2.0 type B output
• connection for Camera, Sensors, Microphone, Speakers
• (2) DisplayPort Video Input
**Guest PC**
• DisplayPort Video Input
• HDMI Video Input
• VGA Video Input
• 3.5mm Stereo Input
• (1) USB 2.0 type B Touchback™ Output -Sensors | (2) Passive Infrared Presence Sensors, Ambient Light Sensors -Speakers | (2) Front-facing stereo speakers -Microphone | High-Performance, 4-Element Array -Camera | (2) Wide angle HD cameras 1080p @ 30fps -Pen | (2) Powered, active, subpixel accuracy -Physical side buttons | Power, Input Select, Volume, Brightness -Software | Windows 10 + Office (Word, PowerPoint, Excel) -What’s in the box | • Surface Hub 84”
• (2) Surface Hub Pens
• Power Cable
• Setup Guide
• Safety and Warranty documents
• Wireless All-in-One Keyboard -Mounting features | 4X VESA standard, 1200mm x 600mm pattern, 8X M8 X 1.25 threaded mounting locations -Display height from floor | Recommended height of 54 inches (139.7 cm) to center of screen -Product weight | Approx. 280 lb. (127 kg.) -Product shipping weight | Approx. 580 lb. (263 kg.) -Product dimensions HxWxD | 46 x 86.9 x 4.1 inches (116.8 x 220.6 x 10.4 cm) -Product shipping dimensions HxWxD | 66.14 x 88.19 x 24.4 inches (168 x 224 x 62 cm) -Product thickness | Touch surface to mounting surface: ≤ 3.1 inches (7.8 cm) -Orientation | Landscape only. Display cannot be used in a portrait orientation. -BTU | 3070.8 BTU/h -Image resolution | 3840 x 2160 -Frame rate | 120Hz -Contrast Ratio | 1400:1 -EDID preferred timing, replacement PC | 3840 x 2140, 120Hz vertical refresh -EDID preferred timing, wired connect | 1920 x 1080, 60Hz vertical refresh -Input voltage | 110/230v nominal, 90-265v max -Input power, operating | 900W max -Input power, standby | 5W nominal, 1-10W max - - -## Replacement PC connections - -Connector and location | Label | Description ---- | --- | --- -Switch, bottom I/O | ![](images/switch.png) | Switches the function between using internal PC or external PC. -Display port, bottom I/O | ![](images/dport.png) | Provides input for replacement PC. -Display port, bottom I/O | ![](images/dport.png) | Provides second input for replacement PC. -USB type B, bottom I/O | ![](images/usb.png) | Provides USB connection for replacement PC to internal peripherals. -USB type B, bottom I/O | ![](images/usb.png) | Provides USB connection for integrated hub. - - -## Wired connect connections - -Connector and location | Label | Description ---- | --- | --- -Display port, bottom I/O | ![](images/dportio.png) | Provides input for wired connect PC. -HDMI, bottom I/O | ![](images/hdmi.png) | Provides HDMI input for wired connect PC. -VGA, bottom I/O | ![](images/vga.png) | Provides VGA input for wired connect PC. -3.5mm, bottom I/O | ![](images/35mm.png) | Provides analog audio input. -USB type B, bottom I/O | ![](images/usb.png) | Provides USB connection for video ingest touchback. - -## Additional connections - -Connector and location | Label | Description ---- | --- | --- -USB type A, side I/O | ![](images/usb.png) | Provides 1 USB 3.0 connection for USB devices. Wake-on USB capable. -USB type A, bottom I/O with blue insulator | ![](images/usb.png) | Provides USB 3.0 connection. -3.5mm, bottom I/O | ![](images/analog.png) | Provides analog audio out. -Display port, bottom I/O | ![](images/dportout.png) | Provides mirrored video out function to another display. -IEC/EN60320-C13 receptacle with hard switch | ![](images/iec.png) | Provides AC input and compliance with EU power requirements. -RJ45, bottom I/O | ![](images/rj45.png) | Connects to Ethernet. -RJ11, bottom I/O | ![](images/rj11.png) | Connects to room control systems. - - - - - - - -## Diagrams of ports and clearances - -***Top view of 84" Surface Hub*** - -![](images/sh-84-top.png) - ---- - - -***Front view of 84" Surface Hub*** - -![](images/sh-84-front.png) - - ---- - -***Bottom view of 84" Surface Hub*** - -![](images/sh-84-bottom.png) - - ---- - -***Replacement PC ports on 84" Surface Hub*** - -![](images/sh-84-rpc-ports.png) - - - ---- - -***Rear view of 84" Surface Hub*** - -![](images/sh-84-rear.png) - - ---- - -***Clearances for 84" Surface Hub*** - -![](images/sh-84-clearance.png) - ---- - - -***Removable lifting handles on 84” Surface Hub*** - -![](images/sh-84-hand.png) - - ---- - - -***Wall mount threads on back of 84” Surface Hub*** - -![](images/sh-84-wall.png) - ---- -***Lifting handles in top view of 84” Surface Hub*** - -![](images/sh-84-hand-top.png) - ---- -***Side view of 84” Surface Hub*** - -![](images/sh-84-side.png) - - diff --git a/devices/surface-hub/surface-hub-update-history.md b/devices/surface-hub/surface-hub-update-history.md deleted file mode 100644 index 673c77e71c..0000000000 --- a/devices/surface-hub/surface-hub-update-history.md +++ /dev/null @@ -1,581 +0,0 @@ ---- -title: Surface Hub update history -description: Surface Hub update history -ms.assetid: d66a9392-2b14-4cb2-95c3-92db0ae2de34 -keywords: -ms.prod: surface-hub -ms.sitesec: library -author: v-miegge -ms.author: v-miegge -ms.topic: article -ms.localizationpriority: medium ---- - -# Surface Hub update history - -Windows 10 was designed to be a service, which means it automatically gets better through periodic software updates. The great news is that you usually don’t have to do anything to get the latest Windows 10 updates—they'll download and install whenever they’re available. - -Most Windows updates focus on performance and security improvements to keep you going 24/7. - -One thing we’re hearing from you is that you want to know more about what's in our Windows 10 updates, so we're providing more details on this page. In the list below, the most recent Windows update is listed first. Installing the most recent update ensures that you also get any previous updates you might have missed, including security updates. Microsoft Store apps are updated through the Microsoft Store (managed by the Surface Hub's system administrator). Details about app updates are provided on a per-app basis. -We'll be refreshing this page as new updates are released, so stay tuned for the latest info. And thank you for helping us learn and get better with each update! - -Please refer to the “[Surface Hub Important Information](https://support.microsoft.com/products/surface-devices/surface-hub)” page for related topics on current and past releases that may require your attention. - -## Windows 10 Team Creators Update 1703 - -

-May 4, 2020—update for Surface Hub 2S - -This update is specific to the Surface Hub 2S and provides the driver and firmware updates outlined below: - -* Surface USB audio driver - 15.3.6.0 - * Improves directional audio performance. -* Intel(R) display audio driver - 10.27.0.5 - * Improves screen sharing scenarios. -* Intel(R) graphics driver - 26.20.100.7263 - * Improves system stability. -* Surface System driver - 1.7.139.0 - * Improves system stability. -* Surface SMC Firmware update - 1.176.139.0 - * Improves system stability. -
- -
-February 28, 2020—update for Surface Hub 2S - -This update is specific to the Surface Hub 2S and provides the driver and firmware updates outlined below: - -* Surface Integration driver - 13.46.139.0 - * Improves display brightness scenarios. -* Intel(R) Management Engine Interface driver - 1914.12.0.1256 - * Improves system stability. -* Surface SMC Firmware update - 1.161.139.0 - * Improves pen battery performance. -* Surface UEFI update - 694.2938.768.0 - * Improves system stability. -
- -
-February 11, 2020—update for Team edition based on KB4537765* (OS Build 15063.2284) - -This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* Resolves an issue where the Hub 2S cannot be heard well by other participants during Skype for Business calls. -* Improves reliability for some Arabic, Hebrew, and other RTL language usage scenarios on Surface Hub. - -Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services. -*[KB4537765](https://support.microsoft.com/help/4537765) -
- -
-January 14, 2020—update for Team edition based on KB4534296* (OS Build 15063.2254) - -This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* Addresses an issue with log collection for Microsoft Surface Hub 2S. - -Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services. -*[KB4534296](https://support.microsoft.com/help/4534296) -
- -
-September 24, 2019—update for Team edition based on KB4516059* (OS Build 15063.2078) - -This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - - * Update to Surface Hub 2S Recovery Settings page to accurately reflect recovery options. - * Update to Surface Hub 2S Welcome screen to improve device recognizability. - * Addressed an issue with the Windows Team Edition shell background displaying incorrectly. - * Addressed an issue with Start Menu layout persistence when configured using MDM policy. - * Fixed an issue in Microsoft Edge that occurs when browsing some internal websites. - * Fixed an issue in Skype for Business that occurs when presenting in full-screen mode. - -Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services. -*[KB4503289](https://support.microsoft.com/help/4503289) -
- -
-August 17, 2019—update for Team edition based on KB4512474* (OS Build 15063.2021) - -This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - - * Ensures that Video Out on Hub 2S defaults to "Duplicate" mode. - * Improves reliability for some Arabic language usage scenarios on Surface Hub. - -Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services. -*[KB4503289](https://support.microsoft.com/help/4503289) -
- -
-June 18, 2019—update for Team edition based on KB4503289* (OS Build 15063.1897) - -This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* Addresses an issue preventing a user from signing in to a Microsoft Surface Hub device with an Azure Active Directory account. This issue occurs because a previous session did not end successfully. -* Adds support for TLS 1.2 connections to identity providers and Exchange in device account setup scenarios. -* Fixes to improve reliability of Hardware Diagnostic App on Hub 2S. -* Fix to improve consistency of first-run setup experience on Hub 2S. - -Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services. -*[KB4503289](https://support.microsoft.com/help/4503289) -
- -
-May 28, 2019—update for Team edition based on KB4499162* (OS Build 15063.1835) - -This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* Ensures that Surface Hub users aren't prompted to enter proxy credentials after the "Use device account credentials" feature has been enabled. -* Resolves an issue where Skype connections fail periodically because audio/video isn't using the correct proxy. -* Adds support for TLS 1.2 in Skype for Business. -* Resolves a SIP connection failure in the Skype client when the Skype server has TLS 1.0 or TLS 1.1 disabled. - -Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services. -*[KB4499162](https://support.microsoft.com/help/4499162) -
- -
-April 25, 2019—update for Team edition based on KB4493436* (OS Build 15063.1784) - -This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* Resolves video and audio sync issue with some USB devices that are connected to the Surface Hub. - -Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services. -*[KB4493436](https://support.microsoft.com/help/4493436) -
- -
-November 27, 2018—update for Team edition based on KB4467699* (OS Build 15063.1478) - -This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* Addresses an issue that prevents some users from Signing-In to “My Meetings and Files.” - -Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services. -*[KBKB4467699](https://support.microsoft.com/help/KB4467699) -
- -
-October 18, 2018 —update for Team edition based on KB4462939* (OS Build 15063.1418) - -This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* Skype for Business fixes: - * Resolves Skype for Business connection issue when resuming from sleep - * Resolves Skype for Business network connection issue, when device is connected to Internet - * Resolves Skype for Business crash when searching for users from directory -* Resolves issue where the Hub mistakenly reports “No Internet connection” in enterprise proxy environments. -* Implemented a feature allowing customers to op-in to a new Whiteboard experience. - -Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services. -*[KB4462939](https://support.microsoft.com/help/4462939) -
- -
-August 31, 2018 —update for Team edition based on KB4343889* (OS Build 15063.1292) - -This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* Adds support for Microsoft Teams -* Resolves task management issue with Intune registration -* Enables Administrators to disable Instant Messaging and Email services for the Hub -* Additional bug fixes and reliability improvements for the Surface Hub Skype for Business App - -Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services. -*[KB4343889](https://support.microsoft.com/help/4343889) -
- -
-June 21, 2018 —update for Team edition based on KB4284830* (OS Build 15063.1182) - -This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* Telemetry change in support of GDPR requirements in EMEA - -Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services. -*[KB4284830](https://support.microsoft.com/help/KB4284830) -
- -
-April 17, 2018 —update for Team edition based on KB4093117* (OS Build 15063.1058) - -This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* Resolves a wired projection issue -* Enables bulk update for certain MDM (Mobile Device Management) policies -* Resolves phone dialer issue with international calls -* Addresses image resolution issue when 2 Surface Hubs join the same meeting -* Resolves OMS (Operations Management Suite) certificate handling error -* Addresses a security issue when cleaning up at the end of a session -* Addresses Miracast issue, when Surface Hub is specified to channels 149 through 165 - * Channels 149 through 165 will continue to be unusable in Europe, Japan or Israel due to regional governmental regulations - -Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services. -*[KB4093117](https://support.microsoft.com/help/4093117) -
- -
-February 23, 2018 —update for Team edition based on KB4077528* (OS Build 15063.907) - -This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* Resolved an issue where MDM settings were not being correctly applied -* Improved Cleanup process - -Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services. -*[KB4077528](https://support.microsoft.com/help/4077528) -
- -
-January 16, 2018 —update for Team edition based on KB4057144* (OS Build 15063.877) - -This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* Adds ability to manage Start Menu tile layout via MDM -* MDM bug fix on password rotation configuration - -Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services. -*[KB4057144](https://support.microsoft.com/help/4057144) -
- -
-December 12, 2017 —update for Team edition based on KB4053580* (OS Build 15063.786) - -This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* Resolves camera video flashes (tearing or flickers) during Skype for Business calls -* Resolves Notification Center SSD ID issue - -Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services. -*[KB4053580](https://support.microsoft.com/help/4053580) -
- -
-November 14, 2017 —update for Team edition based on KB4048954* (OS Build 15063.726) - -This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* Feature update that allows customers to enable 802.1x wired network authentication using MDM policy. -* A feature update that enables users to dynamically select an application of their choice when opening a file. -* Fix that ensures that End Session cleanup fully removes all connections between the user’s account and the device. -* Performance fix that improves cleanup time as well as Miracast connection time. -* Introduces Easy Authentication utilization during ad-hock meetings. -* Fix that ensures service components to use the same proxy that is configured across the device. -* Reduces and more thoroughly secures the telemetry transmitted by the device, reducing bandwidth utilization. -* Enables a feature allowing users to provide feedback to Microsoft after a meeting concludes. - -Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services. -*[KB4048954](https://support.microsoft.com/help/4048954) -
- -
-October 10, 2017 —update for Team edition based on KB4041676* (OS Build 15063.674) - -This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* Skype for Business - * Resolves issue that required a device reboot when resuming from sleep. - * Fixes issue where external contacts did not resolve through Skype Online Hub account. -* PowerPoint - * Fixes problem where some PowerPoint presentations would not project on Hub. -* General - * Fix to resolve issue where USB port could not be disabled by System Administrator. - -*[KB4041676](https://support.microsoft.com/help/4041676) -
- -
-September 12, 2017 —update for Team edition based on KB4038788* (OS Build 15063.605) - -This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* Security - * Resolves issue with Bitlocker when device wakes from sleep. -* General - * Reduces frequency/amount of device health telemetry, improving system performance. - * Fixes issue that prevented device from collecting system logs. - -*[KB4038788](https://support.microsoft.com/help/4038788) -
- -
-August 1, 2017 — update for Team edition based on KB4032188* (OS Build 15063.498) - -* Skype for Business - * Resolves Skype for Business Sign-In issue, which required retry or system reboot. - * Resolves Skype for Business meeting time being incorrectly displayed. - * Fixes to improve Surface Hub Skype for Business reliability. - -*[KB4032188](https://support.microsoft.com/help/4032188) -
- -
-June 27, 2017 — update for Team edition based on KB4022716* (OS Build 15063.442) - -This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* Address NVIDIA driver crashes that may necessitate sleeping 84” Surface Hub to power down, requiring a manual restart. -* Resolved an issue where some apps fail to launch on an 84” Surface Hub. - -*[KB4022716](https://support.microsoft.com/help/4022716) -
- -
-June 13, 2017 — update for Team edition based on KB4022725* (OS Build 15063.413) - -This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* General - * Resolved Pen ink dropping issues with pens - * Resolved issue causing extended time to “cleanup” meeting - -*[KB4022725](https://support.microsoft.com/help/4022725) -
- -
-May 24, 2017 — update for Team edition based on KB4021573* (OS Build 15063.328) - -This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* General - * Resolved issue with proxy setting retention during update issue - -*[KB4021573](https://support.microsoft.com/help/4021573) -
- -
-May 9, 2017 — update for Team edition based on KB4016871* (OS Build 15063.296) - -This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* General - * Addressed sleep/wake cycle issue - * Resolved several Reset and Recovery issues - * Addressed Update History tab issue - * Resolved Miracast service launch issue -* Apps - * Fixed App package update error - -*[KB4016871](https://support.microsoft.com/help/4016871) -
- -
-Windows 10 Team Creators Update 1703 for Surface Hub — General Release notes (OS Build 15063.0) - -This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* Evolving the large screen experience - * Improved the meeting carousel in Welcome and Start - * Join meetings and end the session directly from the Start menu - * Apps can utilize more of the screen during a session - * Simplified Skype controls - * Improved mechanisms for providing feedback -* Access My Personal Content* - * Personal single sign-on from Welcome or Start - * Join meetings and end the session directly from the Start menu - * Access personal files through OneDrive for Business directly from Start - * Pre-populated attendee sign-in - * Streamlined authentication flows with “Authenticator” app** -* Deployment & Manageability - * Simplified OOBE experience through bulk provisioning - * Cloud-based device recovery service - * Enterprise client certificate support - * Improved proxy credential support - * Added and /improved Skype Quality of Service (QoS) configuration support - * Added ability to set default device volume in Settings - * Improved MDM support for Surface Hub [settings](https://docs.microsoft.com/surface-hub/remote-surface-hub-management) -* Improved Security - * Added ability to restrict USB drives to BitLocker only - * Added ability to disable USB ports via MDM - * Added ability to disable “Resume session” functionality on timeout - * Addition of wired 802.1x support -* Audio and Projection - * Dolby Audio “Human Speaker” enhancements - * Reduced “pen tap” sounds when using Pen during Skype for Business calls - * Added support for Miracast infrastructure connections -* Reliability and Performance fixes - * Resolved several Reset and Recovery issues - * Resolved Surface Hub Exchange authentication issue when utilizing client certificates - * Improved Wi-Fi network connection and credentials stability - * Fixed Miracast audio popping and sync issues during video playback - * Included setting to disable auto connect behavior - -*Single sign-in feature requires use of Office365 and OneDrive for Business -**Refer to Admin Guide for service requirements - -
- -## Windows 10 Team Anniversary Update 1607 - -
-March 14th, 2017 — update for Team edition based on KB4013429* (OS Build 14393.953) - -This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* General - * Security fix for File Explorer to prevent navigation to restricted file locations -* Skype for Business - * Fix to address latency during Remote Desktop based screen sharing - -*[KB4013429](https://support.microsoft.com/help/4013429) -
- -
-January 10th, 2017 — update for Team edition based on KB4000825* (OS Build 14393.693) - -This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* Enabled selection of 106/109 Keyboard Layouts for use with physical Japanese keyboards - -*[KB4000825](https://support.microsoft.com/help/4000825) -
- -
-December 13, 2016 — update for Team edition based on KB3206632* (OS Build 14393.576) - -This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* Resolves wired connection audio distortion issue - -*[KB3206632](https://support.microsoft.com/help/3206632) -
- -
-November 4, 2016 — update for Windows 10 Team Anniversary edition based on KB3200970* (OS Build 14393.447) - -This update to the Windows 10 Team Anniversary Update (version 1607) for Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* Skype for Business bug fixes to improve reliability - -*[KB3200970](https://support.microsoft.com/help/3200970) -
- -
-October 25, 2016 — update for Team edition based on KB3197954* (OS Build 14393.351) - -This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* Enabling new Sleep feature in OS and Bios to reduce the Surface Hub’s power consumption and improve its long-term reliability -* General - * Resolves scenarios where the on-screen keyboard would sometimes not appear - * Resolves Whiteboard application shift that occasionally occurs when opening scheduled meeting - * Resolves issue that prevented Admins from changing the local administrator password, after device has been Reset - * BIOS change resolving issue with status bar tracking during device Reset - * UEFI update to resolve powering down issues - -*[KB3197954](https://support.microsoft.com/help/3197954) -
- -
-October 11, 2016 — update for Team edition based on KB3194496* (OS Build 14393.222) - -This update brings the Windows 10 Team Anniversary Update to Surface Hub and includes quality improvements and security fixes. (Your device will be running Windows 10 Version 1607 after it's installed.) Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* Skype for Business - * Performance improvements when joining meetings, including issues when joining a meeting using federated accounts - * Video Based Screen Sharing (VBSS) support now available on Skype for Business for Surface Hub - * Resolved disconnection after 5 minutes of idle time issue - * Resolved Skype Hub-to-Hub screen sharing failure - * Improvements to Skype video, including: - * Loss of video during meeting with multiple video presenters - * Video cropping during calls - * Outgoing call video not displaying for other participants - * Addressed issue with UPN sign in error - * Addressed issue with dial pad during use of Session Initiation Protocol (SIP) calls -* Whiteboard - * User can now save and recall Whiteboard sessions using OneDrive online service (via Share functionality) - * Improved launching Whiteboard when removing pen from dock -* Apps - * Pre-installed OneDrive app, for access to your personal and work files - * Pre-installed Photos app, to view photos and video - * Pre-installed PowerBI app, to view dashboards - * The Office apps – Word, Excel, PowerPoint – are all ink-enabled - * Edge on Surface Hub now supports Flash-based websites -* General - * Enabled Audio Device Selection (for Surface Hubs attached using external audio devices) - * Enabled support for HDCP on DisplayPort output connector - * System UI changes to settings for usability optimization (refer to [User and Admin Guides](https://www.microsoft.com/surface/support/surface-hub) for additional details) - * Bug fixes and performance optimizations to speed up the Azure Active Directory sign-in flow - * Significantly improved time needed to reset and restore Surface Hub - * Windows Defender UI has been added within settings - * Improved UX touch to start - * Enabled support for greater than 1080p wireless projection via Miracast, on supported devices - * Resolved “There’s no internet connection” and “Appointments may be out of date” false notification states from launch - * Improved reliability of on-screen keyboard - * Additional support for creating Surface Hub provisioning packages using Windows Imaging & Configuration Designer (ICD) and improved Surface Hub monitoring solution on Operations Management Suite (OMS) - -*[KB3194496](https://support.microsoft.com/help/3194496) -
- -## Updates for Windows 10 Version 1511 - -
-November 4, 2016 — update for Windows 10 Team (version 1511) on KB3198586* (OS Build 10586.679) - -This update to the Windows 10 Team edition (version 1511) to Surface Hub includes quality improvements and security fixes that are outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history). There are no Surface Hub specific items in this update. - -*[KB3198586](https://support.microsoft.com/help/3198586) -
- -
-July 12, 2016 — KB3172985* (OS Build 10586.494) - -This update includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key changes specific to the Surface Hub (those not already included in the [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history)), include: - -* Fixed issue that caused Windows system crashes -* Fixed issue that caused repeated Edge crashes -* Fixed issue causing pre-shutdown service crashes -* Fixed issue where some app data wasn’t properly removed after a session -* Updated Broadcom NFC driver to improve NFC performance -* Updated Marvell Wi-Fi driver to improve Miracast performance -* Updated Nvidia driver to fix a display bug in which 84" Surface Hub devices show dim or fuzzy content -* Numerous Skype for Business issues fixed, including: - * Issue that caused Skype for Business to disconnect during meetings - * Issue in which users were unable to join meetings when the meeting organizer was on a federated configuration - * Enabling Skype for Business application sharing - * Issue that caused Skype application crashes -* Added a prompt in “Settings” to inform users that the OS can become corrupted if device reset is interrupted before completion - -*[KB3172985](https://support.microsoft.com/help/3172985) -
- -
-June 14, 2016 — KB3163018* (OS Build 10586.420) - -This update to the Surface Hub includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* Constrained release. Refer to July 12, 2016 — [KB3172985](https://support.microsoft.com/en-us/help/3172985) (OS Build 10586.494) for Surface Hub specific package details - -*[KB3163018](https://support.microsoft.com/help/3163018) -
- -
-May 10, 2016 — KB3156421* (OS Build 10586.318) - -This update to the Surface Hub includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* Fixed issue that prevented certain Store apps (OneDrive) from installing -* Fixed issue that caused touch input to stop responding in applications - -*[KB3156421](https://support.microsoft.com/help/3156421) -
- -
-April 12, 2016 — KB3147458* (OS Build 10586.218) - -This update to the Surface Hub includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include: - -* Fixed issue where volume level wasn’t properly reset between sessions - -*[KB3147458](https://support.microsoft.com/help/3147458) -
- -## Related topics - -* [Windows 10 release information](https://go.microsoft.com/fwlink/p/?LinkId=724328) -* [Windows 10 November update: FAQ](https://windows.microsoft.com/windows-10/windows-update-faq) -* [Microsoft Surface update history](https://go.microsoft.com/fwlink/p/?LinkId=724327) -* [Microsoft Lumia update history](https://go.microsoft.com/fwlink/p/?LinkId=785968) -* [Get Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=616447) diff --git a/devices/surface-hub/surface-hub-wifi-direct.md b/devices/surface-hub/surface-hub-wifi-direct.md deleted file mode 100644 index fc1ada3230..0000000000 --- a/devices/surface-hub/surface-hub-wifi-direct.md +++ /dev/null @@ -1,122 +0,0 @@ ---- -title: How Surface Hub addresses Wi-Fi Direct security issues -description: Guidance about Wi-Fi Direct security risks. -keywords: change history -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 11/27/2019 -ms.reviewer: -manager: laurawi -ms.localizationpriority: medium ---- - -# How Surface Hub addresses Wi-Fi Direct security issues - -Microsoft Surface Hub is an all-in-one productivity device that enables teams to better brainstorm, collaborate, and share ideas. Surface Hub relies on Miracast for wireless projection through Wi-Fi Direct. - -This article describes Wi-Fi Direct security vulnerabilities, how Surface Hub addresses those risks, and how administrators can configure Surface Hub for the highest level of security. This information will help customers who have high security requirements protect their Surface Hub-connected networks and data in transit. - -The intended audiences for this article are IT and network administrators who want to deploy Surface Hub in their corporate environment with optimal security settings. - -## Overview - -Security for Surface Hub depends extensively on Wi-Fi Direct/Miracast and the associated 802.11, Wi-Fi Protected Access (WPA2), and Wireless Protected Setup (WPS) standards. Because the device only supports WPS (as opposed to WPA2 Pre-Shared Key [PSK] or WPA2 Enterprise), the issues often associated with 802.11 encryption are simplified. - -Surface Hub operates on par with the field of Miracast receivers. So, it's vulnerable to a similar set of exploits as all WPS-based wireless network devices. But the Surface Hub implementation of WPS has extra precautions built in. Also, its internal architecture helps prevent an attacker who has compromised the Wi-Fi Direct/Miracast layer from moving past the network interface onto other attack surfaces and connected enterprise networks. - -## Wi-Fi Direct background - -Miracast is part of the Wi-Fi Display standard, which is supported by the Wi-Fi Direct protocol. These standards are supported in modern mobile devices for screen sharing and collaboration. - -Wi-Fi Direct or Wi-Fi "peer to peer" (P2P) is a standard from the Wi-Fi Alliance for "Ad-Hoc" networks. Supported devices can communicate directly and create groups of networks without a conventional Wi-Fi access point or Internet connection. - -Security for Wi-Fi Direct is provided by WPA2 under the WPS standard. The authentication mechanism for devices can be a numerical pin (WPS-PIN), a physical or virtual push button (WPS-PBC), or an out-of-band message such as near field communication (WPS-OOO). Surface Hub supports both the PIN method and the push-button method, which is the default. - -In Wi-Fi Direct, groups are created as one of the following types: -- *Persistent*, in which automatic reconnection can occur by using stored key material -- *Temporary*, in which devices can't re-authenticate without user action - -Wi-Fi Direct groups determine a *group owner* (GO) through a negotiation protocol, which mimics the "station" or "access point" functionality for the established Wi-Fi Direct group. The Wi-Fi Direct GO provides authentication (via an "internal registrar") and facilitates upstream network connections. For Surface Hub, this GO negotiation doesn't occur. The network only operates in "autonomous" mode, and Surface Hub is always the group owner. Finally, Surface Hub itself doesn't join other Wi-Fi Direct networks as a client. - -## How Surface Hub addresses Wi-Fi Direct vulnerabilities - -**Vulnerabilities and attacks in the Wi-Fi Direct invitation, broadcast, and discovery process:** Wi-Fi Direct/Miracast attacks may target weaknesses in the group establishment, peer discovery, device broadcast, or invitation processes. - -|Wi-Fi Direct vulnerability | Surface Hub mitigation | -| --- | --- | -| The discovery process may remain active for an extended period of time, which could allow invitations and connections to be established without the approval of the device owner. | Surface Hub only operates as the group owner, which doesn't perform the client discovery or GO negotiation processes. You can fully disable wireless projection to turn off broadcast. | -| Invitation and discovery through PBC allows an unauthenticated attacker to perform repeated connection attempts, or unauthenticated connections are automatically accepted. | By requiring WPS PIN security, administrators can reduce the potential for such unauthorized connections or "invitation bombs," in which invitations are repeatedly sent until a user mistakenly accepts one. | - -**Wi-Fi Protected Setup (WPS) push button connect (PBC) vs PIN entry:** Public weaknesses have been demonstrated in WPS-PIN method design and implementation. WPS-PBC has other vulnerabilities that could allow active attacks against a protocol that's designed for one-time use. - -| Wi-Fi Direct vulnerability | Surface Hub mitigation | -| --- | --- | -| WPS-PBC is vulnerable to active attackers. The WPS specification states: "The PBC method has zero bits of entropy and only protects against passive eavesdropping attacks. PBC protects against eavesdropping attacks and takes measures to prevent a device from joining a network that was not selected by the device owner. The absence of authentication, however, means that PBC does not protect against active attack." Attackers can use selective wireless jamming or other denial-of-service techniques to trigger an unintended Wi-Fi Direct GO or connection. Also, an active attacker who merely has physical proximity can repeatedly tear down any Wi-Fi Direct group and attempt the attack until it succeeds. | Enable WPS-PIN security in Surface Hub configuration. The Wi-Fi WPS specification states: "The PBC method should only be used if no PIN-capable registrar is available and the WLAN user is willing to accept the risks associated with PBC." | -| WPS-PIN implementations can be subject to brute-force attacks that target a vulnerability in the WPS standard. The design of split PIN verification led to multiple implementation vulnerabilities over the past several years across a range of Wi-Fi hardware manufacturers. In 2011, researchers Stefan Viehböck and Craig Heffner released information about this vulnerability and tools such as "Reaver" as a proof of concept. | The Microsoft implementation of WPS in Surface Hub changes the PIN every 30 seconds. To crack the PIN, an attacker must complete the entire exploit in less than 30 seconds. Given the current state of tools and research in this area, a brute-force PIN-cracking attack through WPS is unlikely to succeed. | -| WPS-PIN can be cracked by an offline attack because of weak initial key (E-S1,E S2) entropy. In 2014, Dominique Bongard described a "Pixie Dust" attack where poor initial randomness for the pseudo random number generator (PRNG) in the wireless device allowed an offline brute-force attack. | The Microsoft implementation of WPS in Surface Hub is not susceptible to this offline PIN brute-force attack. The WPS-PIN is randomized for each connection. | - -**Unintended exposure of network services:** Network daemons that are intended for Ethernet or WLAN services may be accidentally exposed because of misconfiguration (such as binding to "all"/0.0.0.0 interfaces). Other possible causes include a poorly configured device firewall or missing firewall rules. - -| Wi-Fi Direct vulnerability | Surface Hub mitigation | -| --- | --- | -| Misconfiguration binds a vulnerable or unauthenticated network service to "all" interfaces, which includes the Wi-Fi Direct interface. This can expose services that shouldn't be accessible to Wi-Fi Direct clients, which may be weakly or automatically authenticated. | In Surface Hub, the default firewall rules only permit the required TCP and UDP network ports and by default deny all inbound connections. Configure strong authentication by enabling the WPS-PIN mode.| - -**Bridging Wi-Fi Direct and other wired or wireless networks:** Network bridging between WLAN or Ethernet networks is a violation of the Wi-Fi Direct specification. Such a bridge or misconfiguration may effectively lower or remove wireless access controls for the internal corporate network. - -| Wi-Fi Direct vulnerability | Surface Hub mitigation | -| --- | --- | -| Wi-Fi Direct devices could allow unauthenticated or poorly authenticated access to bridged network connections. This might allow Wi-Fi Direct networks to route traffic to internal Ethernet LAN or other infrastructure or to enterprise WLAN networks in violation of existing IT security protocols. | Surface Hub can't be configured to bridge wireless interfaces or allow routing between disparate networks. The default firewall rules add defense in depth to any such routing or bridge connections. | - -**The use of Wi-Fi Direct "legacy" mode:** Exposure to unintended networks or devices may occur when you operate in "legacy" mode. Device spoofing or unintended connections could occur if WPS-PIN is not enabled. - -| Wi-Fi Direct vulnerability | Surface Hub mitigation | -| --- | --- | -| By supporting both Wi-Fi Direct and 802.11 infrastructure clients, the system is operating in a "legacy" support mode. This may expose the connection-setup phase indefinitely, allowing groups to be joined or devices invited to connect well after their intended setup phase terminates. | Surface Hub doesn't support Wi-Fi Direct legacy clients. Only Wi-Fi Direct connections can be made to Surface Hub even when WPS-PIN mode is enabled. | - -**Wi-Fi Direct GO negotiation during connection setup:** The group owner in Wi-Fi Direct is analogous to the "access point" in a conventional 802.11 wireless network. The negotiation can be gamed by a malicious device. - -|Wi-Fi Direct vulnerability | Surface Hub mitigation | -| --- | --- | -| If groups are dynamically established or the Wi-Fi Direct device can be made to join new groups, the group owner negotiation can be won by a malicious device that always specifies the maximum group owner "intent" value of 15. (But the connection fails if the device is configured to always be a group owner.) | Surface Hub takes advantage of Wi-Fi Direct "Autonomous mode," which skips the GO negotiation phase of connection setup. And Surface Hub is always the group owner. | - -**Unintended or malicious Wi-Fi deauthentication:** Wi-Fi deauthentication is an old attack in which a local attacker can expedite information leaks in the connection-setup process, trigger new four-way handshakes, target Wi-Fi Direct WPS-PBC for active attacks, or create denial-of-service attacks. - -| Wi-Fi Direct vulnerability | Surface Hub mitigation | -| --- | --- | -| Deauthentication packets can be sent by an unauthenticated attacker to cause the station to re-authenticate then to sniff the resulting handshake. Cryptographic or brute-force attacks can be attempted on the resulting handshake. Mitigation for these attack includes enforcing length and complexity policies for pre-shared keys, configuring the access point (if applicable) to detect malicious levels of deauthentication packets, and using WPS to automatically generate strong keys. In PBC mode, the user interacts with a physical or virtual button to allow arbitrary device association. This process should happen only at setup, within a short window. After the button is automatically "pushed," the device will accept any station that associates via a canonical PIN value (all zeros). Deauthentication can force a repeated setup process. | Surface Hub uses WPS in PIN or PBC mode. No PSK configuration is permitted. This method helps enforce generation of strong keys. It's best to enable WPS-PIN security for Surface Hub. | -| In addition to denial-of-service attacks, deauthentication packets can be used to trigger a reconnect that re-opens the window of opportunity for active attacks against WPS-PBC. | Enable WPS-PIN security in the Surface Hub configuration. | - -**Basic wireless information disclosure:** Wireless networks, 802.11 or otherwise, are inherently at risk of information disclosure. Although this information is mostly connection or device metadata, this problem remains a known risk for any 802.11 network administrator. Wi-Fi Direct with device authentication via WPS-PIN effectively reveals the same information as a PSK or Enterprise 802.11 network. - -| Wi-Fi Direct vulnerability | Surface Hub mitigation | -| --- | --- | -| During broadcast, connection setup, or even normal operation of already-encrypted connections, basic information about devices and packet sizes is wirelessly transmitted. At a basic level, a local attacker who's within wireless range can examine the relevant 802.11 information elements to determine the names of wireless devices, the MAC addresses of communicating equipment, and possibly other details, such as the version of the wireless stack, packet sizes, or the configured access point or group owner options. | The Wi-Fi Direct network that Surface Hub uses can't be further protected from metadata leaks, just like for 802.11 Enterprise or PSK wireless networks. Physical security and removal of potential threats from wireless proximity can help reduce potential information leaks. | - -**Wireless evil twin or spoofing attacks:** Spoofing the wireless name is a simple, well-known exploit a local attacker can use to lure unsuspecting or mistaken users to connect. - -| Wi-Fi Direct vulnerability | Surface Hub mitigation | -| --- | --- | -| By spoofing or cloning the wireless name or "SSID" of the target network, an attacker may trick the user into connecting to a fake, malicious network. By supporting unauthenticated, auto-join Miracast, an attacker could capture the intended display materials or launch network attacks on the connecting device. | While there are no specific protections against joining a spoofed Surface Hub, this vulnerability is partially mitigated in two ways. First, any potential attack must be physically within Wi-Fi range. Second, this attack is only possible during the first connection. Subsequent connections use a persistent Wi-Fi Direct group, and Windows will remember and prioritize this prior connection during future Hub use. (Note: Spoofing the MAC address, Wi-Fi channel, and SSID simultaneously was not considered for this report and may result in inconsistent Wi-Fi behavior.) Overall, this weakness is a fundamental problem for any 802.11 wireless network that lacks Enterprise WPA2 protocols such as EAP-TLS or EAP-PWD, which Wi-Fi Direct doesn't support. | - -## Surface Hub hardening guidelines - -Surface Hub is designed to facilitate collaboration and allow users to start or join meetings quickly and efficiently. The default Wi-Fi Direct settings for Surface Hub are optimized for this scenario. - -For additional wireless interface security, Surface Hub users should enable the WPS-PIN security setting. This setting disables WPS-PBC mode and offers client authentication. It provides the strongest level of protection by preventing unauthorized connection to Surface Hub. - -If you still have concerns about authentication and authorization for Surface Hub, we recommend that you connect the device to a separate network. You could use Wi-Fi (such as a "guest" Wi-Fi network) or a separate Ethernet network, preferably an entirely different physical network. But a VLAN can also provide added security. Of course, this approach may preclude connections to internal network resources or services and may require additional network configuration to regain access. - -Also recommended: -- [Install regular system updates](manage-windows-updates-for-surface-hub.md) -- Update the Miracast settings to disable auto-present mode - -## Learn more - -- [Wi-Fi Direct specifications](http://www.wi-fi.org/discover-wi-fi/wi-fi-direct) -- [Wireless Protected Setup (WPS) specification](http://www.wi-fi.org/discover-wi-fi/wi-fi-protected-setup) - - - diff --git a/devices/surface-hub/surface-hub.yml b/devices/surface-hub/surface-hub.yml deleted file mode 100644 index dac70e8f37..0000000000 --- a/devices/surface-hub/surface-hub.yml +++ /dev/null @@ -1,62 +0,0 @@ -### YamlMime:YamlDocument - -documentType: LandingData -title: Surface Hub -metadata: - document_id: - title: Surface Hub - description: Find tools and resources to help you install, set up, and manage a Surface Hub in your organization. - keywords: Surface Hub, Windows 10 - ms.localizationpriority: medium - author: lizap - ms.author: elizapo - manager: dougkim - ms.topic: article - ms.devlang: na - -sections: -- items: - - type: markdown - text: " - Find tools and resources to help you install, set up, and manage a Surface Hub in your organization. - " -- title: Explore -- items: - - type: markdown - text: " - Discover how this all-in-one productivity device enables teams to better brainstorm, collaborate, and share ideas.
-
- -
Explore the key features and product specifications of Surface Hub.
Get real-world examples of how you can increase productivity and improve collaboration.		Differences between Surface Hub and Windows 10 Enterprise
Surface Hub FAQ'
- " -- title: Plan -- items: - - type: markdown - text: " - Prepare to deploy Surface Hub in your organization. Explore site readiness, assembly, configuration, and Exchange and ActiveSync policies.
- -

**Get ready for Surface Hub**
Explore the steps you'll need to take to set up Surface Hub.
Surface Hub Site Readiness Guide (PDF, 1.48 MB)
Unpacking guides
**Assembly for Surface Hub**
Learn how to assemble your Surface Hub.
Surface Hub Setup Guide (PDF, 1.43 MB)
Mounting and assembling guides
**Prepare your environment**
Learn about setup dependencies and account requirements.
Prepare your environment
Create and test a device account
- " -- title: Deploy -- items: - - type: markdown - text: " - Get information for setup, app management and installation, and network management of your Surface Hub.
- -

**Set up your Surface Hub**
Review info needed to prepare for using the out-of-box experience to set up your Surface Hub.
Setup worksheet
First-run program
PowerShell scripts
**Install apps**
Options for installing and managing apps on your Surface Hub.
Install apps
Whiteboard to Whiteboard collaboration
Create provisioning packages
**Network your Surface Hub**
Network scenarios for your Surface Hub.
Wireless network management
Using a room control system
Connect other devices with Surface Hub.
- " -- title: Manage -- items: - - type: markdown - text: " - Learn how to manage Surface Hub updates and maintain the security and integrity of corporate devices.
- -

**Manage the device**
Monitoring for Surface Hub is performed through Microsoft Operations Management Suite (OMS).
Monitor your Surface Hub
Accessibility and Surface Hub
**Manage account**
Learn about options for managing accounts used with Surface Hub.
Change the Surface Hub device account
Admin account management
**Stay secure and up to date**
Learn how Surface Hub stays current.
Manage Windows updates
Surface Hub update history
Save your BitLocker key
**Training for your employees**
Find resources to help employees be productive with Surface Hub.
Surface Hub User Guide (PDF, 1.69 MB)
How-to videos
- " -- title: Stay informed -- items: - - type: markdown - text: " - -

**Surface IT Pro Blog**
Get insight into new Surface products plus tips and tricks for IT professionals.
Learn more
**Surface on Microsoft Mechanics**
View technical demos and walkthroughs of Surface devices, features, and functionality.
Get started
**Follow us on Twitter**
Keep up with the latest news and see the latest product demonstrations.
Visit Twitter
- " diff --git a/devices/surface-hub/surfacehub-miracast-not-supported-europe-japan-israel.md b/devices/surface-hub/surfacehub-miracast-not-supported-europe-japan-israel.md deleted file mode 100644 index 7a30ff1e37..0000000000 --- a/devices/surface-hub/surfacehub-miracast-not-supported-europe-japan-israel.md +++ /dev/null @@ -1,23 +0,0 @@ ---- -title: Surface Hub Miracast channels 149-165 not supported in Europe, Japan, Israel -description: Surface Hub Miracast channels 149-165 not supported in Europe, Japan, Israel -ms.assetid: 8af3a832-0537-403b-823b-12eaa7a1af1f -keywords: -ms.prod: surface-hub -ms.sitesec: library -author: v-miegge -ms.author: v-miegge -ms.topic: article -ms.localizationpriority: medium ---- - -# Summary - -In compliance with regional governmental regulations, all 5-GHz wireless devices in Europe, Japan, and Israel do not support the U-NII-3 band. In Surface Hub, the channels that are associated with U-NII-3 are 149 through 165. This includes Miracast connection on these channels. Therefore, Surface Hubs that are used in Europe, Japan, and Israel can't use channels 149 through 165 for Miracast connection. - -## More Information - -For more information see the [U-NII](https://en.wikipedia.org/wiki/U-NII) topic on Wikipedia. - -> [!NOTE] -> Microsoft provides third-party contact information to help you find additional information about this topic. This information may change without notice. Microsoft does not guarantee the accuracy of third-party information. \ No newline at end of file diff --git a/devices/surface-hub/surfacehub-whats-new-1703.md b/devices/surface-hub/surfacehub-whats-new-1703.md deleted file mode 100644 index 4c324d33ce..0000000000 --- a/devices/surface-hub/surfacehub-whats-new-1703.md +++ /dev/null @@ -1,71 +0,0 @@ ---- -title: What's new in Windows 10, version 1703 for Surface Hub -description: Windows 10, version 1703 (Creators Update) brings new features to Microsoft Surface Hub. -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 01/18/2018 -ms.reviewer: -manager: laurawi -ms.localizationpriority: medium ---- - -# What's new in Windows 10, version 1703 for Microsoft Surface Hub? - -Watch Surface Hub engineer Jordan Marchese present updates to Microsoft Surface Hub with Windows 10, version 1703 (Creators Update). - - Link to Surface Hub video on Youtube - -Windows 10, version 1703 (also called the Creators Update), introduces the following changes for Microsoft Surface Hub. - -## New settings - -Settings have been added to mobile device management (MDM) and configuration service providers (CSPs) to expand the Surface Hub management capabilities. [New settings include](manage-settings-with-mdm-for-surface-hub.md): - -- InBoxApps/SkypeForBusiness/DomainName -- InBoxApps/Connect/AutoLaunch -- Properties/DefaultVolume -- Properties/ScreenTimeout -- Properties/SessionTimeout -- Properties/SleepTimeout -- Properties/AllowSessionResume -- Properties/AllowAutoProxyAuth -- Properties/DisableSigninSuggestions -- Properties/DoNotShowMyMeetingsAndFiles -- System/AllowStorageCard - -Plus settings based on the new [NetworkQoSPolicy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkqospolicy-csp) and [NetworkProxy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkproxy-csp). -
- -## Provisioning wizard - -An easy-to-use wizard helps you quickly create provisioning packages that you can apply to multiple Surface Hub devices, and includes bulk join to Azure Active Directory. [Learn how to create a provisioning package for Surface Hub.](provisioning-packages-for-certificates-surface-hub.md) - -![steps in the provision Surface Hub devices wizard](images/wcd-wizard.png) - -## Miracast on your existing wireless network or LAN - -Microsoft has extended the ability to [send a Miracast stream over a local network](miracast-over-infrastructure.md) rather than over a direct wireless link. - -## Cloud recovery - -When you reset a Surface Hub device, you now have the ability to download and install a factory build of the operating system from the cloud. [Learn more about cloud recovery.](device-reset-surface-hub.md#cloud-recovery) - ->[!NOTE] ->Cloud recovery doesn't work if you use proxy servers. - -![Reinstall](images/reinstall.png) - -## End session - -**I'm done** is now **End session**. [Learn how to use End session.](i-am-done-finishing-your-surface-hub-meeting.md) - -![end session](images/end-session.png) - - - - - - diff --git a/devices/surface-hub/troubleshoot-surface-hub.md b/devices/surface-hub/troubleshoot-surface-hub.md deleted file mode 100644 index 06b493c24d..0000000000 --- a/devices/surface-hub/troubleshoot-surface-hub.md +++ /dev/null @@ -1,619 +0,0 @@ ---- -title: Troubleshoot Microsoft Surface Hub -description: Troubleshoot common problems, including setup issues, Exchange ActiveSync errors. -ms.assetid: CF58F74D-8077-48C3-981E-FCFDCA34B34A -ms.reviewer: -manager: laurawi -keywords: Troubleshoot common problems, setup issues, Exchange ActiveSync errors -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 03/16/2018 -ms.localizationpriority: medium ---- - -# Troubleshoot Microsoft Surface Hub - - -Troubleshoot common problems, including setup issues, Exchange ActiveSync errors. - -The [Surface Hub Hardware Diagnostic tool](https://www.microsoft.com/store/p/surface-hub-hardware-diagnostic/9nblggh51f2g?rtc=1&activetab=pivot%3aoverviewtab) contains interactive tests which allow you to confirm essential functionality of your Hub is working as expected. In addition to testing hardware, the diagnostic can test the resource account to verify that it is configured properly for your environment. If problems are encountered, results can be saved and shared with the Surface Hub Support Team. For usage information, see [Using the Surface Hub Hardware Diagnostic Tool to test a device account](https://support.microsoft.com/help/4077574/using-the-surface-hub-hardware-diagnostic-tool-to-test-a-device-accoun). - -Common issues are listed in the following table, along with causes and possible fixes. The [Setup troubleshooting](#setup-troubleshooting) section contains a listing of on-device problems, along with several types of issues that may be encountered during the first-run experience. The [Exchange ActiveSync errors](#exchange-activesync-errors) section lists common errors the device may encounter when trying to synchronize with an Microsoft Exchange ActiveSync server. - - - - -## Setup troubleshooting - - -This section lists causes, and possible fixes to help troubleshoot issues you might find when you set up your Microsoft Surface Hub. - -### On-device - -Possible fixes for issues on the Surface Hub after you've completed the first-run program. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IssueCausesPossible fixes
-

Not receiving automatic accept/decline messages.

-		 -

The device account isn't configured to automatically accept/decline messages.

-		 -

Use PowerShell cmdlet Set-CalendarProcessing $upn -AutomateProcessing AutoAccept.

-
-

The device account isn't configured to process external meeting requests.

-		 -

Use PowerShell cmdlet Set-CalendarProcessing $upn -ProcessExternalMeetingMessages $true.

-
-

Calendar is not showing on the Welcome screen, or message "Appointments of date (no account provisioned)" is being displayed.

-		 -

No device account is set up on this Surface Hub.

-		 -

Provision a device account through Settings.

-
-

Calendar is not showing on the Welcome screen or message "Appointments of date (overprovisioned)" is being displayed.

-		 -

The device account is provisioned on too many devices.

-		 -

Remove the device account from other devices that it's provisioned to. This can be done using the Exchange admin portal.

-
-

Calendar is not showing on the Welcome screen or message "Appointments of date (invalid credentials)" is being displayed.

-		 -

The device account's password has expired and is no longer valid.

-		 -

Update the account's password in Settings. Also see Password management.

-
-

Calendar is not showing on the Welcome screen or message "Appointments of date (account policy)" is being displayed.

-		 -

The device account is using an invalid ActiveSync policy.

-		 -

Make sure the device account has an ActiveSync policy where PasswordEnabled == False.

-
-

Calendar is not showing on the Welcome screen or message "Appointments may be out of date" is being displayed.

-		 -

Exchange is not enabled.

-		Enable the device account for Exchange services through Settings. You need to make sure you have the right set of ActiveSync policies and have also installed any necessary certificates for Exchange services to work.
-

Can't log in to Skype for Business.

-		 -

The device account does not have a Session Initiation Protocol (SIP) address property.

-		 -

The account does not have a SIP address property and its User Principal Name (UPN) does not match the actual SIP address. The account must have its SIP address set, or the SIP address should be added using the Settings app.

-
-

Can't log in to Skype for Business.

-		 -

The device account requires a certificate to authenticate into Skype for Business.

-		 -

Install the appropriate certificate using provisioning packages.

-
-  - -### First run - -Possible fixes for issues with Surface Hub first-run program. - - ----- - - - - - - - - - - - - - - -
IssueCausesPossible fixes

Cannot find account when asked for domain and user name.

Domain needs to be the fully qualified domain name (FQDN).

The FQDN should be provided in the domain field.

- -  - -### Device account page, issues for new account settings - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IssueCausesPossible fixes

Unable to find the provided account in Azure AD.

The provided account's User Principal Name (UPN) has a tenant that can't be reached in Azure AD.

Make sure that you have a working Internet connection, and that the device can reach Microsoft Online Services. Make sure the account credentials are entered correctly.

Unable to reach the specified directory.

The provided account domain specifies a domain that can't be reached.

Make sure that you have a working network connection, and that the device can reach the domain controller. Make sure the account credentials are entered correctly. You can also try using the FQDN instead.

Can't auto-discover Exchange server.

The Exchange server isn't configured for auto-discovery.

Enable auto-discovery of the Exchange server for the device account, or enter the account's Exchange server address manually.

Could not discover the SIP address after entering the account credentials.

There was no SIP address entry in Active Directory or Azure AD.

Make sure the account is enabled with Skype for Business and has a SIP address. If not, you can enter the SIP address manually into the text box.

- -  - -### Device account page, issues for existing account settings - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IssueCausesError codesPossible fixes
-

Account could not authenticate with the specified credentials.

-		 -

The account is not enabled as a user in Active Directory (AD), needs a password to authenticate, or the password is incorrect.

-		 -

None

-		 -

Make sure the credentials are entered correctly. Enable the account as a user in AD and add a password, or set the RoomMailboxPassword

.
-

Error 0x800C0019 is displayed when providing an Exchange server.

-		 -

The device account requires a certificate to authenticate.

-		 -

0x800C0019

-		 -

Install the appropriate certificate using provisioning packages.

-
-

Device account credentials are not valid for the provided Exchange server.

-		 -

The provided Exchange server is not where the device account's mailbox is hosted.

-		 -

None

-		 -

Make sure you are providing the correct Exchange mail server for the device account.

-
-

HTTP timeout while trying to reach Exchange server.

-		 -

0x80072EE2

-
-

Couldn't find the provided Exchange server.

-		 -

The Exchange server provided could not be found.

-		 -

None

-		 -

Ensure that you have a working network or Internet connection, and that the Exchange server you provided is correct.

-
-

http not supported.

-		 -

An Exchange server with http:// instead of https:// was provided.

-		 -

None

-		 -

Use an Exchange server that uses https.

-
-

People land on the page titled "There's a problem with this account" regarding ActiveSync.

-
-
 
-		 -

The ActiveSync policy PasswordEnabled is set to True (or 1).

-		 -

None

-		 -

Create a new ActiveSync policy where PasswordEnabled is set to False (or 0), and then apply that policy to the account.

-
-

The Surface Hub doesn't have a connection to Exchange.

-		 -

None

-		 -

Make sure that you have a working network or Internet connection.

-
-

Exchange returns a status code indicating an error.

-		 -

None

-		 -

Make sure that you have a working network or Internet connection.

-
-  - -### First run, Domain join page issues - - ----- - - - - - - - - - - - - - - - - - - - -
IssueCausesPossible fixes

When trying to join a domain, an error shows that the account couldn't authenticate using the specified credentials.

The credentials provided are not capable of joining the specified domain.

Enter correct credentials for an account that exists in the specified domain.

When specifying a group from a domain, an error shows that the group couldn't be found on the domain.

The group may have been removed or no longer exists.

Verify that the group exists within the domain.

- -  - -### First run, Exchange server page - - ----- - - - - - - - - - - - - - - -
IssueCausesPossible fixes

People land on this page and are asked for the Exchange server address.

The Exchange server isn't configured for auto-discovery.

Enable auto-discovery of the Exchange server for the device account, or enter the account's Exchange server address manually.

- -  - -### First run, On-device issues - - ------ - - - - - - - - - - - - - - - - -
IssueCausesError codesPossible fixes

Can't sync mail/calendar.

The account has not allowed the Surface Hub as an allowed device.

0x86000C1C

Add the Surface Hub device ID to the allowed list by setting the ActiveSyncAllowedDeviceIds property for the mailbox.

- -  - - - -  - -## Exchange ActiveSync errors - - -This section lists status codes, mapping, user messages, and actions an admin can take to solve Exchange ActiveSync errors. - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Hex CodeMappingUser-Friendly MessageAction admin should take

0x85010002

E_HTTP_DENIED

The password must be updated.

Update the password.

0x80072EFD

WININET_E_CANNOT_CONNECT

Can't connect to the server right now. Wait a while and try again, or check the account settings.

Verify that the server name is correct and reachable. Verify that the device is connected to the network.

0x86000C29

E_NEXUS_STATUS_DEVICE_NOTPROVISIONED (policies don't match)

The account is configured with policies not compatible with Surface Hub.

Disable the PasswordEnabled policy for this account.

-

We have a bug were we may surface policy errors if the account doesn't receive any server notifications within the policy refresh interval.

0x86000C4C

E_NEXUS_STATUS_MAXIMUMDEVICESREACHED

The account has too many device partnerships.

Delete one or more partnerships on the server.

0x86000C0A

E_NEXUS_STATUS_SERVERERROR_RETRYLATER

Can't connect to the server right now.

Wait until the server comes back online. If the issue persists, re-provision the account.

0x85050003

E_CREDENTIALS_EXPIRED (Credentials have expired and need to be updated)

The password must be updated.

Update the password.

0x8505000D

E_AIRSYNC_RESET_RETRY

Can't connect to the server right now. Wait a while or check the account's settings.

This is normally a transient error but if the issue persists check the number of devices associated with the account and delete some of them if the number is large.

0x86000C16

E_NEXUS_STATUS_USER_HASNOMAILBOX

The mailbox was migrated to a different server.

You should never see this error. If the issue persists, re-provision the account.

0x85010004

E_HTTP_FORBIDDEN

Can't connect to the server right now. Wait a while and try again, or check the account's settings.

Verify the server name to make sure it is correct. If the account is using cert based authentication make sure the certificate is still valid and update it if not.

0x85030028

E_ACTIVESYNC_PASSWORD_OR_GETCERT

The account's password or client certificate are missing or invalid.

Update the password and/or deploy the client certificate.

0x86000C2A

E_NEXUS_STATUS_DEVICE_POLICYREFRESH

The account is configured with policies not compatible with Surface Hub.

Disable the PasswordEnabled policy for this account.

0x85050002

E_CREDENTIALS_UNAVAILABLE

The password must be updated.

Update the password.

0x80072EE2

WININET_E_TIMEOUT

The network doesn't support the minimum idle timeout required to receive server notification, or the server is offline.

Verify that the server is running. Verify the NAT settings.

0x85002004

E_FAIL_ABORT

This error is used to interrupt the hanging sync, and will not be exposed to users. It will be shown in the diagnostic data if you force an interactive sync, delete the account, or update its settings.

Nothing.

0x85010017

E_HTTP_SERVICE_UNAVAIL

Can't connect to the server right now. Wait a while or check the account's settings.

Verify the server name to make sure it is correct. Wait until the server comes back online. If the issue persists, re-provision the account.

0x86000C0D

E_NEXUS_STATUS_MAILBOX_SERVEROFFLINE

Can't connect to the server right now. Wait a while or check the account's settings.

Verify the server name to make sure it is correct. Wait until the server comes back online. If the issue persists, re-provision the account.

0x85030027

E_ACTIVESYNC_GETCERT

The Exchange server requires a certificate.

Import the appropriate EAS certificate on the Surface Hub.

0x86000C2B

E_NEXUS_STATUS_INVALID_POLICYKEY

The account is configured with policies not compatible with Surface Hub.

Disable the PasswordEnabled policy for this account.

-

We have a bug were we may surface policy errors if the account doesn't receive any server notifications within the policy refresh interval.

0x85010005

E_HTTP_NOT_FOUND

The server name is invalid.

Verify the server name to make sure it is correct. If the issue persists, re-provision the account.

0x85010014

E_HTTP_SERVER_ERROR

Can't connect to the server.

Verify the server name to make sure it is correct. Trigger a sync and, if the issue persists, re-provision the account.

0x80072EE7

WININET_E_NAME_NOT_RESOLVED

The server name or address could not be resolved.

Make sure the server name is entered correctly.

0x8007052F

ERROR_ACCOUNT_RESTRICTION

While auto-discovering the Exchange server, a policy is applied that prevents the logged-in user from logging in to the server.

This is a timing issue. Re-verify the account's credentials. Try to re-provision when they're correct.

0x800C0019

INET_E_INVALID_CERTIFICATE

Security certificate required to access this resource is invalid.

Install the correct ActiveSync certificate needed for the provided device account.

0x80072F0D

WININET_E_INVALID_CA

The certificate authority is invalid or is incorrect. Could not auto-discover the Exchange server because a certificate is missing.

Install the correct ActiveSync certificate needed for the provided device account.

0x80004005

E_FAIL

The domain provided couldn't be found. The Exchange server could not be auto-discovered and was not provided in the settings.

Make sure that the domain entered is the FQDN, and that there is an Exchange server entered in the Exchange server text box.

- -## Contact Support - -If you have questions or need help, you can [create a support request](https://support.microsoft.com/supportforbusiness/productselection). - - -  -## Related content - -- [Troubleshooting Miracast connection to the Surface Hub](https://docs.microsoft.com/surface-hub/miracast-troubleshooting) -  - - - - - diff --git a/devices/surface-hub/use-cloud-recovery-for-bitlocker-on-surfacehub.md b/devices/surface-hub/use-cloud-recovery-for-bitlocker-on-surfacehub.md deleted file mode 100644 index d03cfe3055..0000000000 --- a/devices/surface-hub/use-cloud-recovery-for-bitlocker-on-surfacehub.md +++ /dev/null @@ -1,77 +0,0 @@ ---- -title: How to use cloud recovery for BitLocker on a Surface Hub -description: How to use cloud recovery for BitLocker on a Surface Hub -ms.assetid: c0bde23a-49de-40f3-a675-701e3576d44d -keywords: Accessibility settings, Settings app, Ease of Access -ms.prod: surface-hub -ms.sitesec: library -author: v-miegge -ms.author: v-miegge -ms.topic: article -ms.localizationpriority: medium ---- - -# Summary - -This article describes how to use the cloud recovery function if you are unexpectedly prompted by BitLocker on a Surface Hub device. - -> [!NOTE] -> You should follow these steps only if a BitLocker recovery key isn't available. - -> [!WARNING] -> * This recovery process deletes the contents of the internal drive. If the process fails, the internal drive will become completely unusable. If this occurs, you will have to log a service request with Microsoft for a resolution. -> * After the recovery process is complete, the device will be reset to the factory settings and returned to its Out of Box Experience state. -> * After the recovery, the Surface Hub must be completely reconfigured. - -> [!IMPORTANT] -> This process requires an open Internet connection that does not use a proxy or other authentication method. - -## Cloud recovery process - -To perform a cloud recovery, follow these steps: - -1. Select **Press Esc for more recovery options**. - - ![Screenshot of Escape](images/01-escape.png) - -1. Select **Skip this drive**. - - ![Screenshot of Skip this drive](images/02-skip-this-drive.png) - -1. Select **Recover from the cloud**. - - ![Screenshot of Recover from the cloud](images/03-recover-from-cloud.png) - -1. Select **Yes**. - - ![Screenshot of Yes](images/04-yes.png) - -1. Select **Reinstall**. - - ![Screenshot of Reinstall](images/05a-reinstall.png) - - ![Screenshot of Downloading](images/05b-downloading.png) - -1. After the cloud recovery process is complete, start the reconfiguration by using the **Out of Box Experience**. - - ![Screenshot of Out of the Box](images/06-out-of-box.png) - -## "Something went Wrong" error message - -This error is usually caused by network issues that occur during the recovery download. When this issue occurs, don't turn off the Hub because you won't be able to restart it. If you receive this error message, return to the "Recover from the cloud" step, and then restart the recovery process. - -1. Select **Cancel**. - - ![Screenshot of Cancel](images/07-cancel.png) - -1. Select **Troubleshoot**. - - ![Screenshot of Troubleshoot](images/08-troubleshoot.png) - -1. Select **Recover from the cloud**. - - ![Screenshot of Recover from the cloud](images/09-recover-from-cloud2.png) - -1. If the **Wired network isn't found** error occurs, select **Cancel**, and then let the Surface Hub rediscover the wired network. - - ![Screenshot of Wired network isn't found](images/10-cancel.png) \ No newline at end of file diff --git a/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md b/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md deleted file mode 100644 index cf9f2b6339..0000000000 --- a/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md +++ /dev/null @@ -1,31 +0,0 @@ ---- -title: Use fully qualified domain name with Surface Hub -description: Troubleshoot common problems, including setup issues, Exchange ActiveSync errors. -keywords: ["Troubleshoot common problems", "setup issues", "Exchange ActiveSync errors"] -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 07/27/2017 -ms.reviewer: -manager: laurawi -ms.localizationpriority: medium -ms.prod: surface-hub -ms.sitesec: library ---- - -# Configure domain name for Skype for Business - -There are a few scenarios where you need to specify the domain name of your Skype for Business server: -- **Multiple DNS suffixes** - When your Skype for Business infrastructure has disjointed namespaces such that one or more servers have a DNS suffix that doesn't match the suffix of the sign-in address (SIP) for Skype for Business. -- **Skype for Business and Exchange suffixes are different** - When the suffix of the sign-in address for Skype for Business differs from the suffix of the Exchange address used for the device account. -- **Working with certificates** - Large organizations with on-premises Skype for Business servers commonly use certificates with their own root certificate authority (CA). It is common for the CA domain to be different than the domain of the Skype for Business server which causes the certificate to not be trusted, and sign-in fails. Skype needs to know the domain name of the certificate in order to set up a trust relationship. Enterprises typically use Group Policy to push this out to Skype desktop, but Group Policy is not supported on Surface Hub. - -**To configure the domain name for your Skype for Business server**
-1. On Surface Hub, open **Settings**. -2. Click **Surface Hub**, and then click **Calling & Audio**. -3. Under **Skype for Business configuration**, click **Configure domain name**. -4. Type the domain name for your Skype for Business server, and then click **Ok**. - > [!TIP] - > You can type multiple domain names, separated by commas.
For example: lync.com, outlook.com, lync.glbdns.microsoft.com - - ![Add Skype for Business FQDN to Settings](images/system-settings-add-fqdn.png) diff --git a/devices/surface-hub/use-room-control-system-with-surface-hub.md b/devices/surface-hub/use-room-control-system-with-surface-hub.md deleted file mode 100644 index 1ec1e19ab5..0000000000 --- a/devices/surface-hub/use-room-control-system-with-surface-hub.md +++ /dev/null @@ -1,179 +0,0 @@ ---- -title: Using a room control system (Surface Hub) -description: Room control systems can be used with your Microsoft Surface Hub. -ms.assetid: DC365002-6B35-45C5-A2B8-3E1EB0CB8B50 -ms.reviewer: -manager: laurawi -keywords: room control system, Surface Hub -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 07/27/2017 -ms.localizationpriority: medium ---- - -# Using a room control system (Surface Hub) - - -Room control systems can be used with your Microsoft Surface Hub. - -Using a room control system with your Surface Hub involves connecting room control hardware to the Surface Hub, usually through the RJ11 serial port on the bottom of the Surface Hub. - -## Terminal settings - -To connect to a room control system control panel, you don't need to configure any terminal settings on the Surface Hub. If you want to connect a PC or laptop to your Surface Hub and send serial commands from the Surface Hub, you can use a terminal emulator program like Tera Term or PuTTY. - -| Setting | Value | -| --- | --- | -| Baud rate | 115200 | -| Data bits | 8 | -| Stop bits | 1 | -| Parity | none | -| Flow control | none | -| Line feed | every carriage return | - - -## Wiring diagram - -You can use a standard RJ-11 (6P6C) connector to connect the Surface Hub serial port to a room control system. This is the recommended method. You can also use an RJ-11 4-conductor cable, but we do not recommend this method. - -This diagram shows the correct pinout used for an RJ-11 (6P6C) to DB9 cable. - -![Image showing the wiring diagram.](images/room-control-wiring-diagram.png) - -## Command sets - -Room control systems use common meeting-room scenarios for commands. Commands originate from the room control system, and are communicated over a serial connection to a Surface Hub. Commands are ASCII based, and the Surface Hub will acknowledge when state changes occur. - -The following command modifiers are available. Commands terminate with a new line character (\n). Responses can come at any time in response to state changes not triggered directly by a management port command. - -| Modifier | Result | -| --- | --- | -| + | Increment a value | -| - | Decrease a value | -| = | Set a discrete value | -| ? | Queries for a current value | - - -## Power - -Surface Hub can be in one of these power states. - -| State | Energy Star state| Description | -| --- | --- | --- | -| 0 | S5 | Off | -| 1 | - | Power up (indeterminate) | -| 2 | S3 | Sleep | -| 5 | S0 | Ready | - - -In Replacement PC mode, the power states are only Ready and Off and only change the display. The management port can't be used to power on the replacement PC. - -| State | Energy Star state| Description | -| --- | --- | --- | -| 0 | S5 | Off | -| 5 | S0 | Ready | - -For a control device, anything other than 5 / Ready should be considered off. Each PowerOn command results in two state changes and responses. - -| Command | State change| Response | -| --- | --- | --- | -| PowerOn | Device turns on (display + PC).

PC service notifies SMC that the PC is ready. | Power=0

Power=5 | -| PowerOff | Device transitions to ambient state (PC on, display dim). | Power=0 | -| Power? | SMC reports the last-known power state. | Power=<#> | - - - -## Brightness - -The current brightness level is a range from 0 to 100. - -Changes to brightness levels can be sent by a room control system, or other system. - -| Command | State change |Response | -| --- | --- | --- | -| Brightness+ | System management controller (SMC) sends the brightness up command.

PC service on the room control system notifies SMC of new brightness level. | Brightness = 51 | -| Brightness- | SMC sends the brightness down command.

PC service notifies SMC of new brightness level. | Brightness = 50 | - -## Volume - -The current volume level is a range from 0 to 100. - -Changes to volume levels can be sent by a room control system, or other system. - ->[!NOTE] ->The Volume command will only control the volume for embedded or Replacement PC mode, not from [Guest sources](connect-and-display-with-surface-hub.md). - -| Command | State change | Response
(On in [Replacement PC mode](connect-and-display-with-surface-hub.md#replacement-pc-mode)) | -| --- | --- | --- | -| Volume+ | SMC sends the volume up command.

PC service notifies SMC of new volume level. | Volume = 51 | -| Volume- | SMC sends the volume down command.

PC service notifies SMC of new volume level. | Volume = 50 | - - - - -## Mute for audio - -Audio can be muted. - -| Command | State change | Response | -| --- | --- | --- | -| AudioMute+ | SMC sends the audio mute command.

PC service notifies SMC that audio is muted. | none | - - - - -## Video source - -Several display sources can be used. - -| State | Description | -| --- | --- | -| 0 | Onboard PC | -| 1 | DisplayPort | -| 2 | HDMI | -| 3 | VGA | - - - - -Changes to display source can be sent by a room control system, or other system. - -| Command | State change | Response | -| --- | --- | --- | -| Source=# | SMC changes to the desired source.

PC service notifies SMC that the display source has switched. | Source=<#> | -| Source+ | SMC cycles to the next active input source.

PC service notifies SMC of the current input source. | Source=<#> | -| Source- | SMC cycles to the previous active input source.

PC service notifies SMC of the current input source. | Source=<#> | -| Source? | SMC queries PC service for the active input source.

PC service notifies SMC of the current in;put source. | Source=<#> | - -## Errors - -Errors are returned following the format in this table. - -| Error | Notes | -| --- | --- | -| Error: Unknown command '<input>'. | The instruction contains an unknown initial command. For example, "VOL+" would be invalid and return " Error: Unknown command 'VOL'". | -| Error: Unknown operator '<input>'. | The instruction contains an unknown operator. For example, "Volume!" would be invalid and return " Error: Unknown operator '!'". | -| Error: Unknown parameter '<input>'. | The instruction contains an unknown parameter. For example, "Volume=abc" would be invalid and return " Error: Unknown parameter 'abc'". | -| Error: Command not available when off '<input>'. | When the Surface Hub is off, commands other than Power return this error. For example, "Volume+" would be invalid and return " Error: Command not available when off 'Volume'". | - - - - -## Related topics - - -[Manage Microsoft Surface Hub](manage-surface-hub.md) - -[Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md) - - - - - - - - - diff --git a/devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md b/devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md deleted file mode 100644 index e01737c52e..0000000000 --- a/devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md +++ /dev/null @@ -1,135 +0,0 @@ ---- -title: Using the Surface Hub Hardware Diagnostic Tool to test a device account -description: Using the Surface Hub Hardware Diagnostic Tool to test a device account -ms.assetid: a87b7d41-d0a7-4acc-bfa6-b9070f99bc9c -keywords: Accessibility settings, Settings app, Ease of Access -ms.prod: surface-hub -ms.sitesec: library -author: v-miegge -ms.author: v-miegge -ms.topic: article -ms.localizationpriority: medium ---- - -# Using the Surface Hub Hardware Diagnostic Tool to test a device account - -## Introduction - -> [!NOTE] -> The "Account Settings" section of the Surface Hub Hardware Diagnostic tool doesn’t collect any information. The email and password that are entered as input are used only directly on your environment and not collected or transferred to anyone. The login information persists only until the application is closed or you end the current session on the Surface Hub. - -> [!IMPORTANT] -> * Administrator privileges are not required to run this application. -> * The results of the diagnostic should be discussed with your local administrator before you open a service call with Microsoft. - -### Surface Hub Hardware Diagnostic - -By default, the [Surface Hub Hardware Diagnostic](https://www.microsoft.com/store/apps/9nblggh51f2g) application isn’t installed in earlier versions of the Surface Hub system. The application is available for free from the Microsoft Store. Administrator privileges are required to install the application. - - ![Screenshot of Hardware Diagnostic](images/01-diagnostic.png) - -## About the Surface Hub Hardware Diagnostic Tool - -The Surface Hub Hardware Diagnostic tool is an easy-to-navigate tool that lets the user test many of the hardware components within the Surface Hub device. This tool can also test and verify a Surface Hub device account. This article describes how to use the Account Settings test within the Surface Hub Hardware Diagnostic tool. - -> [!NOTE] -> The device account for the Surface Hub should be created before any testing is done. The Surface Hub Administrator Guide provides instructions and PowerShell scripts to help you create on-premises, online (Office365), or hybrid device accounts. For more information, go to the [Create and test a device account (Surface Hub)](https://docs.microsoft.com/surface-hub/create-and-test-a-device-account-surface-hub) topic in the guide. - -### Device account testing process - -1. Navigate to **All Apps**, and then locate the Surface Hub Hardware Diagnostic application. - - ![Screenshot of All Apps](images/02-all-apps.png) - -1. When the application starts, the **Welcome** page provides a text window to document the reason why you are testing the Hub. This note can be saved to USB together with the diagnostic results at the conclusion of testing. After you finish entering a note, select the **Continue** button. - - ![Screenshot of Welcome](images/03-welcome.png) - -1. The next screen provides you the option to test all or some of the Surface Hub components. To begin testing the device account, select the **Test Results** icon. - - ![Screenshot of Test Results](images/04-test-results-1.png) - - ![Screenshot of Test Results](images/05-test-results-2.png) - -1. Select **Account Settings**. - - ![Screenshot of Account Settings](images/06-account-settings.png) - - The Account Settings screen is used to test your device account. - - ![Screenshot of Account Settings Details](images/07-account-settings-details.png) - -1. Enter the email address of your device account. The password is optional but is recommended. Select the **Test Account** button when you are ready to continue. - - ![Screenshot of Test Account](images/08-test-account.png) - -1. After testing is finished, review the results for the four areas of testing. Each section can be expanded or collapsed by selecting the Plus or Minus sign next to each topic. - - **Network** - - ![Screenshot of Network](images/09-network.png) - - **Environment** - - ![Screenshot of Environment](images/10-environment.png) - - **Certificates** - - ![Screenshot of Certificates](images/11-certificates.png) - - **Trust Model** - - ![Screenshot of Trust Model](images/12-trust-model.png) - -## Appendix - -### Field messages and resolution - -#### Network - -Field |Success |Failure |Comment |Reference -|------|------|------|------|------| -Internet Connectivity |Device does have Internet connectivity |Device does not have Internet connectivity |Verifies internet connectivity, including proxy connection | -HTTP Version |1.1 |1.0 |If HTTP 1.0 found, it will cause issue with WU and Store | -Direct Internet Connectivity |Device has a Proxy configured Device has no Proxy configured |N/A |Informational. Is your device behind a proxy? | -Proxy Address | | |If configured, returns proxy address. | -Proxy Authentication |Proxy does not require Authentication |Proxy requires Proxy Auth |Result may be a false positive if a user already has an open session in Edge and has authenticated through the proxy. | -Proxy Auth Types | | |If proxy authentication is used, return the Authentication methods advertised by the proxy. | - -#### Environment - -Field |Success |Failure |Comment |Reference -|------|------|------|------|------| -SIP Domain | | |Informational. | -Skype Environment |Skype for Business Online, Skype for Business OnPrem, Skype for Business Hybrid |Informational. |What type of environment was detected. Note: Hybrid can only be detected if the password is entered. -LyncDiscover FQDN | | |Informational. Displays the LyncDiscover DNS result | -LyncDiscover URI | | |Informational. Displays the URL used to perform a LyncDiscover on your environment.| -LyncDiscover |Connection Successful |Connection Failed |Response from LyncDiscover web service. | -SIP Pool Hostname | | |Informational. Display the SIP pool name discovered from LyncDiscover | - -#### Certificates (in-premises hybrid only) - -LyncDiscover Certificate - -Field |Success |Failure |Comment |Reference -|------|------|------|------|------| -LyncDiscover Cert CN | | |Informational. Displays the LD cert Common name | -LyncDiscover Cert CA | | |Informational. Displays the LD Cert CA | -LyncDiscover Cert Root CA | | |Informational. Displays the LD Cert Root CA, if available. | -LD Trust Status |Certificate is Trusted. |Certificate is not trusted, please add the Root CA. |Verify the certificate against the local cert store. Returns positive if the machine trusts the certificate.|[Download and deploy Skype for Business certificates using PowerShell](https://blogs.msdn.microsoft.com/surfacehub/2016/06/07/download-and-deploy-skype-for-business-certificates-using-powershell/)/[Supported items for Surface Hub provisioning packages](https://docs.microsoft.com/surface-hub/provisioning-packages-for-surface-hub#supported-items-for-surface-hub-provisioning-packages) - -SIP Pool Certification - -Field |Success |Failure |Comment |Reference -|------|------|------|------|------| -SIP Pool Cert CN | | |(CONTENTS) | -SIP Pool Cert CA | | |(CONTENTS) | -SIP Pool Trust Status |Certificate is Trusted. |Certificate is not trusted, please add the Root CA. |Verify the certificate against the local cert store and return a positive if the devices trusts the certificate. | -SIP Pool Cert Root CA | | |Information. Display the SIP Pool Cert Root CA, if available. | - -#### Trust Model (on-premises hybrid only) - -Field |Success |Failure |Comment |Reference -|------|------|------|------|------| -Trust Model Status |No Trust Model Issue Detected. |SIP Domain and server domain are different please add the following domains. |Check the LD FQDN/ LD Server Name/ Pool Server name for Trust model issue. -Domain Name(s) | | |Return the list of domains that should be added for SFB to connect. | diff --git a/devices/surface-hub/whiteboard-collaboration.md b/devices/surface-hub/whiteboard-collaboration.md deleted file mode 100644 index a1e05d92b5..0000000000 --- a/devices/surface-hub/whiteboard-collaboration.md +++ /dev/null @@ -1,74 +0,0 @@ ---- -title: Set up and use Microsoft Whiteboard -description: Microsoft Whiteboard's latest update includes the capability for two Surface Hubs to collaborate in real time on the same board. -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 03/18/2019 -ms.reviewer: -manager: laurawi -ms.localizationpriority: medium ---- - -# Set up and use Microsoft Whiteboard - -The Microsoft Whiteboard app includes the capability for Surface Hubs and other devices with the Microsoft Whiteboard app installed to collaborate in real time on the same board. - -## Prerequisites - -To use whiteboard collaboration complete the following actions: - -- Add Whiteboard.ms, whiteboard.microsoft.com, and wbd.ms to your list of allowed sites. -- Open port: **HTTPS: 443** (normally configured when you first run Surface Hub.) - -## Office 365 requirements - -- Whiteboard collaboration is only supported in the Office 365 commercial environment and requires Office 365 with cloud-based Azure Active Directory (Azure AD). -- You can only run collaborative sessions among users belonging to the same Office 365 tenant. -- Office 365 Germany or Office 365 operated by 21Vianet do not support whiteboard collaboration. - -## Collaborating with whiteboards - -To start a collaboration session: - -1. In the Whiteboard app, tap the **Sign in** button. -2. Sign in with your organization ID. -3. Tap the **Invite** button next to your name at the top of the app. -4. Write or type the names of the colleagues you wish to collaborate with. - -On the other device, such as a Surface Hub, when you are signed in, the shared board will now appear in the board gallery. - -### User tips -- Log in to access your whiteboards. As you work, changes are saved automatically. -- Name your whiteboards to help organize your content and find it quickly. Select the … to open the menu. Select the **Options** gear icon to access more tools and features of the Whiteboard. -- Use **Ink to shape** to turn drawing into actual shapes like circles, squares, and triangles. -- Use **Ink to table** to turn a drawn grid into a table with rows and columns. -- You can also change the background color and design from solid to grid or dots. Pick the background, then choose the color from the wheel around it. -- You can export a copy of the Whiteboard collaboration for yourself through the Share charm and leave the board for others to continue working. - -For more information, see [Use Microsoft Whiteboard on a Surface Hub](https://support.office.com/article/use-microsoft-whiteboard-on-a-surface-hub-5c594985-129d-43f9-ace5-7dee96f7621d). - -> [!NOTE] -> If you are using Whiteboard and cannot sign in, you can collaborate by joining a Teams or Skype for Business meeting, and then sharing your screen. After you're done, tap **Settings** > **Export to email** or save a copy of the board. If you choose to export to SVG, it exports vector graphics and provides higher resolution than PNG and can be opened in a web browser. - -## New features in Whiteboard - -The Microsoft Whiteboard app, updated for Surface Hub on July 1, 2019 includes a host of new features including: - -- **Automatic Saving** - Boards are saved to the cloud automatically when you sign in, and can be found in the board gallery. There is no local folder name or directory. -- **Extended collaboration across devices** - You can collaborate using new apps for Windows 10 PC and iOS, and a web version for other devices. -- **Richer canvas** - In addition to ink and images, Whiteboard now includes sticky notes, text and GIFs, with more objects coming soon. -- **Intelligence** – In addition to ink to shape and table, Whiteboard now includes ink beautification to improve handwriting and ink grab to convert images to ink. -- **More color and background options** - Whiteboard now includes more pen colors and thickness options along with additional background colors and designs. -- **Teams Integration** – You can automatically launch Whiteboard from a Teams meeting and share with participants (currently in preview). - - -## Related topics - -- [Windows 10 Creators Update for Surface Hub](https://www.microsoft.com/surface/support/surface-hub/windows-10-creators-update-surface-hub) - -- [Support documentation for Microsoft Whiteboard](https://support.office.com/article/Whiteboard-Help-0c0f2aa0-b1bb-491c-b814-fd22de4d7c01) - -- [Use Microsoft Whiteboard on a Surface Hub](https://support.office.com/article/use-microsoft-whiteboard-on-a-surface-hub-5c594985-129d-43f9-ace5-7dee96f7621d) diff --git a/devices/surface-hub/wireless-network-management-for-surface-hub.md b/devices/surface-hub/wireless-network-management-for-surface-hub.md deleted file mode 100644 index 96162edafe..0000000000 --- a/devices/surface-hub/wireless-network-management-for-surface-hub.md +++ /dev/null @@ -1,71 +0,0 @@ ---- -title: Wireless network management (Surface Hub) -description: Microsoft Surface Hub offers two options for network connectivity to your corporate network and Internet wireless, and wired. While both provide network access, we recommend you use a wired connection. -ms.assetid: D2CFB90B-FBAA-4532-B658-9AA33CAEA31D -ms.reviewer: -manager: laurawi -keywords: network connectivity, wired connection -ms.prod: surface-hub -ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article -ms.date: 07/27/2017 -ms.localizationpriority: medium ---- - -# Wireless network management (Surface Hub) - - -Microsoft Surface Hub offers two options for network connectivity to your corporate network and Internet: wireless, and wired. While both provide network access, we recommend you use a wired connection. - -## Modifying, adding, or reviewing a network connection - - -If a wired network connection is not available, the Surface Hub can use a wireless network for internet access. A properly connected and configured Wi-Fi access point must be available and within range of the Surface Hub. - -### Choose a wireless access point - -1. On the Surface Hub, open **Settings** and enter your admin credentials. -2. Click **Network & Internet**. Under **Wi-Fi**, choose an access point. If you want Surface Hub to automatically connect to this access point, click **Connect automatically**. Click **Connect**. - - ![Image showing Wi-Fi settings, Network & Internet page.](images/networkmgtwireless-01.png) - -3. If the network is secured, you'll be asked to enter the security key. Click **Next** to connect. - - ![Image showing security key and password prompts for connecting to secured Wi-Fi.](images/networkmgtwireless-02.png) - -### Review wireless settings - -1. On the Surface Hub, open **Settings** and enter your admin credentials. -2. Click **Network & Internet**, then **Wi-Fi**, and then click **Advanced options**. -3. Surface Hub shows you the properties for the wireless network connection. - - ![Image showing properties for connected Wi-Fi.](images/networkmgtwireless-04.png) - -### Review wired settings - -1. On the Surface Hub, open **Settings** and enter your admin credentials. -2. Click **System**, click **Network & Internet**, then click on the network under Ethernet. - - ![Image showing Network & Internet, Ethernet settings page.](images/networkmgtwired-01.png) - -3. The system will show you the properties for the wired network connection. - - ![Image showing properties for ethernet connection.](images/networkmgtwired-02.png) - -## Related topics - - -[Manage Microsoft Surface Hub](manage-surface-hub.md) - -[Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md) - -  - -  - - - - - diff --git a/devices/surface/TOC.md b/devices/surface/TOC.md deleted file mode 100644 index 7ecc47044f..0000000000 --- a/devices/surface/TOC.md +++ /dev/null @@ -1,75 +0,0 @@ -# [Surface](index.yml) - -## [Surface devices documentation](get-started.yml) - -## Overview - -### [What's new in Surface Dock 2](surface-dock-whats-new.md) -### [Surface Book 3 GPU technical overview](surface-book-GPU-overview.md) -### [Surface Book 3 Quadro RTX 3000 technical overview](surface-book-quadro.md) -### [Surface Book 3 for Business](https://www.microsoft.com/surface/business/surface-book-3) -### [Surface Go 2 for Business](https://www.microsoft.com/surface/business/surface-go-2) -### [Surface Pro 7 for Business](https://www.microsoft.com/surface/business/surface-pro-7) -### [Surface Pro X for Business](https://www.microsoft.com/surface/business/surface-pro-x) -### [Surface Laptop 3 for Business](https://www.microsoft.com/surface/business/surface-laptop-3) -### [Surface Studio 2 for Business](https://www.microsoft.com/surface/business/surface-studio-2) - -### [Secure, work-anywhere mobility with LTE Advanced](https://www.microsoft.com/surface/business/lte-laptops-and-tablets) - -## Plan - -### [Surface device compatibility with Windows 10 Long-Term Servicing Branch](surface-device-compatibility-with-windows-10-ltsc.md) -### [Long-Term Servicing Branch for Surface devices](ltsb-for-surface.md) -### [Wake On LAN for Surface devices](wake-on-lan-for-surface-devices.md) -### [Considerations for Surface and Endpoint Configuration Manager](considerations-for-surface-and-system-center-configuration-manager.md) -### [Deploy Surface app with Microsoft Store for Business](deploy-surface-app-with-windows-store-for-business.md) -### [Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md) -### [Ethernet adapters and Surface deployment](ethernet-adapters-and-surface-device-deployment.md) - -## Deploy - -### [Deploy Surface devices](deploy.md) -### [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md) -### [Windows Virtual Desktop on Surface](windows-virtual-desktop-surface.md) -### [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md) -### [Surface Pro X app compatibility](surface-pro-arm-app-performance.md) -### [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) -### [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md) -### [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md) -### [Enable the Surface Laptop keyboard during MDT deployment](enable-surface-keyboard-for-windows-pe-deployment.md) -### [Upgrade Surface devices to Windows 10 with MDT](upgrade-surface-devices-to-windows-10-with-mdt.md) -### [Customize the OOBE for Surface deployments](customize-the-oobe-for-surface-deployments.md) -### [Surface System SKU reference](surface-system-sku-reference.md) - -## Manage - -### [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) -### [Manage Surface driver updates in Configuration Manager](manage-surface-driver-updates-configuration-manager.md) -### [Optimize Wi-Fi connectivity for Surface devices](surface-wireless-connect.md) -### [Best practice power settings for Surface devices](maintain-optimal-power-settings-on-Surface-devices.md) -### [Surface Dock Firmware Update](surface-dock-firmware-update.md) -### [Battery Limit setting](battery-limit.md) -### [Surface Brightness Control](microsoft-surface-brightness-control.md) -### [Surface Asset Tag](assettag.md) - -## Secure - -### [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md) -### [Manage Surface UEFI settings](manage-surface-uefi-settings.md) -### [Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md) -### [Surface Enterprise Management Mode](surface-enterprise-management-mode.md) -### [Enroll and configure Surface devices with SEMM](enroll-and-configure-surface-devices-with-semm.md) -### [Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md) -### [Secure Surface Dock 2 ports with SEMM](secure-surface-dock-ports-semm.md) -### [Use Microsoft Endpoint Configuration Manager to manage devices with SEMM](use-system-center-configuration-manager-to-manage-devices-with-semm.md) -### [Surface Data Eraser](microsoft-surface-data-eraser.md) -### [Surface DMA Protection](dma-protect.md) - -## Troubleshoot -### [Top support solutions for Surface devices](support-solutions-surface.md) -### [Fix common Surface problems using the Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-for-business-intro.md) -#### [Deploy Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md) -#### [Use Surface Diagnostic Toolkit for Business in desktop mode](surface-diagnostic-toolkit-desktop-mode.md) -#### [Run Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md) - -### [Change history for Surface documentation](change-history-for-surface.md) diff --git a/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md b/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md deleted file mode 100644 index 4abd9e0c86..0000000000 --- a/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md +++ /dev/null @@ -1,171 +0,0 @@ ---- -title: Advanced UEFI security features for Surface Pro 3 (Surface) -description: This article describes how to install and configure the v3.11.760.0 UEFI update to enable additional security options for Surface Pro 3 devices. -ms.assetid: 90F790C0-E5FC-4482-AD71-60589E3C9C93 -ms.reviewer: -manager: laurawi -keywords: security, features, configure, hardware, device, custom, script, update -ms.localizationpriority: medium -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: surface, devices, security -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article ---- - -# Advanced UEFI security features for Surface Pro 3 - - -This article describes how to install and configure the v3.11.760.0 UEFI update to enable additional security options for Surface Pro 3 devices. - -To address more granular control over the security of Surface devices, the v3.11.760.0 UEFI update provides additional security options that allow you to disable specific hardware devices or to prevent starting from those devices. After the UEFI update is installed on a device, you can configure it manually or automatically by running a script. - -## Manually install the UEFI update - - -Before you can configure the advanced security features of your Surface device, you must first install the v3.11.760.0 UEFI update. This update is installed automatically if you receive your updates from Windows Update. For more information about how to configure Windows to update automatically by using Windows Update, see [How to configure and use Automatic Updates in Windows](https://support.microsoft.com/kb/306525). - -To update the UEFI on Surface Pro 3, you can download and install the Surface UEFI updates as part of the Surface Pro 3 Firmware and Driver Pack. These firmware and driver packs are available from the [Surface Pro 3 page](https://www.microsoft.com/download/details.aspx?id=38826) on the Microsoft Download Center. You can find out more about the firmware and driver packs at [Download the latest firmware and drivers for Surface devices](https://technet.microsoft.com/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices). The firmware and driver packs are available as both self-contained Windows Installer (.msi) and archive (.zip) formats. You can find out more about these two formats and how you can use them to update your drivers at [Manage Surface driver and firmware updates](https://technet.microsoft.com/itpro/surface/manage-surface-pro-3-firmware-updates). - -## Manually configure additional security settings - - ->[!NOTE] ->To enter firmware setup on a Surface device, begin with the device powered off, press and hold the **Volume Up** button, then press and release the **Power** button, then release the **Volume Up** button after the device has begun to boot. - -After the v3.11.760.0 UEFI update is installed on a Surface device, an additional UEFI menu named **Advanced Device Security** becomes available. If you click this menu, the following options are displayed: - -| Option | Description | Available settings (default listed in bold) | -|----------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------| -| Network Boot | Enables or disables the ability of your Surface device to boot from the network (also known as PXE boot). | **Enabled**, Not Bootable | -| Side USB | Enables or disables the USB port on the side of the Surface device. Additionally, the USB port can be enabled, but not allow booting. | **Enabled**, Not Bootable, Disabled | -| Docking Port | Enables or disables the ports on the Surface docking station. Additionally, the docking port can be enabled, but block booting from any USB or Ethernet port in the docking station. | **Enabled**, Not Bootable, Disabled | -| Front Camera | Enables or disables the camera on the front of the Surface device. | **Enabled**, Disabled | -| Rear Camera | Enables or disables the camera on the rear of the Surface device. | **Enabled**, Disabled | -| On Board Audio | Enables or disables audio on the Surface device. | **Enabled**, Disabled | -| microSD | Enables or disables the microSD slot on the Surface device. | **Enabled**, Disabled | -| WiFi | Enables or disables the built-in Wi-Fi transceiver in the Surface device. This also disables Bluetooth. | **Enabled**, Disabled | -| Bluetooth | Enables or disables the built-in Bluetooth transceiver in the Surface device. | **Enabled**, Disabled | - -  - -## Automate additional security settings - - -As an IT professional with administrative privileges, you can automate the configuration of UEFI settings by leveraging [Surface Pro 3 Firmware Tools (476 KB)](https://go.microsoft.com/fwlink/p/?LinkID=618038) available from the Microsoft Download Center. These tools install a .NET assembly that can be called from any custom application or script. - -**Prerequisites** - -- The sample scripts below leverage the previously mentioned extension and therefore assume that the tool has been installed on the device being managed. -- The scripts must be run with administrative privilege. -- The Windows PowerShell command [**Set-ExecutionPolicy Unrestricted**](https://technet.microsoft.com/library/ee176961.aspx) must be called prior to running sample scripts if they are not digitally signed. - -**Sample scripts** - ->**Note**:  The UEFI password used in the sample scripts below is presented in clear text. We strongly recommend saving the scripts in a protected location and running them in a controlled environment. - - -Show all configurable options: - -``` -# Load the extension -[System.Reflection.Assembly]::Load("SurfaceUefiManager, Version=1.0.5483.22783, Culture=neutral, PublicKeyToken=20606f4b5276c705") - -# Get the collection of all configurable settings -$uefiOptions = [Microsoft.Surface.FirmwareOption]::All() - -foreach ($uefiOption in $uefiOptions) -{ - Write-Host "Name:" $uefiOption.Name - Write-Host " Description =" $uefiOption.Description - Write-Host " Current Value =" $uefiOption.CurrentValue - Write-Host " Default Value =" $uefiOption.DefaultValue - Write-Host " Proposed Value =" $uefiOption.ProposedValue - - # This gives usage and validation information - Write-Host " Allowed Values =" $uefiOption.FriendlyRegEx - Write-Host " Regular Expression =" $uefiOption.RegEx - - Write-Host -} -``` - -Set or change UEFI password: - -``` -# Load the extension -[System.Reflection.Assembly]::Load("SurfaceUefiManager, Version=1.0.5483.22783, Culture=neutral, PublicKeyToken=20606f4b5276c705") - -# Must supply UEFI administrator Password if set -# If it is not currently set this is ignored -[Microsoft.Surface.FirmwareOption]::Unlock("1234") - -$Password = [Microsoft.Surface.FirmwareOption]::Find("Password") - -# Set New value to 12345 -$Password.ProposedValue = "12345" -``` - -Check status of proposed changes: - -``` -# Load the extension -[System.Reflection.Assembly]::Load("SurfaceUefiManager, Version=1.0.5483.22783, Culture=neutral, PublicKeyToken=20606f4b5276c705") - -# Check update status -$updateStatus = [Microsoft.Surface.FirmwareOption]::UpdateStatus -$updateIteration = [Microsoft.Surface.FirmwareOption]::UpdateIteration -Write-Host "Last Update Status =" $updateStatus -Write-Host "Last Update Iteration =" $updateIteration - -# Get the individual results for the last proposed update -# If the device has never had an update attempt this will be an empty list -$details = [Microsoft.Surface.FirmwareOption]::UpdateStatusDetails -Write-Host $details.Count "Settings were proposed" -if ($details.Count -gt 0) -{ - Write-Host "Result Details" - foreach ($detail in $details.GetEnumerator()) - { - Write-Host " " $detail.Key "=" $detail.Value - } -} -``` - -Revert UEFI to default values: - -``` -# Load the extension -[System.Reflection.Assembly]::Load("SurfaceUefiManager, Version=1.0.5483.22783, Culture=neutral, PublicKeyToken=20606f4b5276c705") - -# Must supply UEFI administrator Password if set -# If it is not currently set this is ignored -[Microsoft.Surface.FirmwareOption]::Unlock("1234") - -# Get the collection of all configurable settings -$uefiOptions = [Microsoft.Surface.FirmwareOption]::All() - -# Reset all options to the factory default -foreach ($uefiOption in $uefiOptions) -{ - $uefiOption.ProposedValue = $uefiOption.DefaultValue -} -``` - -Status code interpretation - -- 00 - The proposed update was a success -- 02 - One of the proposed values had an invalid value -- 03 - There was a proposed value set that was not recognized -- 0F - The unlock password did not match currently set password - -  - -  - - - - - diff --git a/devices/surface/assettag.md b/devices/surface/assettag.md deleted file mode 100644 index 6d9533bb52..0000000000 --- a/devices/surface/assettag.md +++ /dev/null @@ -1,117 +0,0 @@ ---- -title: Surface Asset Tag Tool -description: This topic explains how to use the Surface Asset Tag Tool. -ms.prod: w10 -ms.mktglfcycl: manage -ms.localizationpriority: medium -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.reviewer: hachidan -manager: laurawi ---- - -# Surface Asset Tag Tool - -Surface Asset Tag is a command line interface (CLI) utility -that allows you to view, assign, and modify an assigned asset tag value -for Surface devices. It works on Surface Pro 3 and all newer Surface devices. - -## System requirements - -- Surface Pro 3 or later - -- UEFI firmware version 3.9.150.0 or later - -## Using Surface Asset Tag - -To run Surface Asset Tag: - -1. On the Surface device, download **Surface Asset Tag.zip** from the [Microsoft Download - Center](https://www.microsoft.com/download/details.aspx?id=46703), - extract the zip file, and save AssetTag.exe in desired folder (in - this example, C:\\assets). - - > [!NOTE] - > For Surface Pro X, use the application named **AssetTag_x86** in the ZIP file. - -2. Open a command console as an Administrator and run AssetTag.exe, - entering the full path to the tool. - -3. Restart Surface. - -### Asset Tag tool commands -In the following examples, AssetTag.exe is saved in a directory on a local machine (C:\assets). - -To get the proposed asset tag, run AssetTag -g. - -**Example** - - ``` - C:\assets\AssetTag.exe -g - ``` - - To clear the proposed asset tag, run AssetTag -s. - - **Example** - - ``` -C:\assets\AssetTag.exe -s - ``` -To set the proposed asset tag, run AssetTag -s testassettag12. - -**Example** - -``` -C:\assets\AssetTag.exe -s testassettag12 -``` - ->[!NOTE] ->The asset tag value must contain between 1 and 36 characters. Valid characters include A-Z, a-z, 0-9, period (.) and hyphen (-). - - -## Managing asset tags - -You can view the existing asset tag in the UEFI settings under Device -Information (**Control Panel > Recovery > Advanced Startup > Restart -now**.) - -The figure below shows the results of running the Asset Tag Tool on -Surface Go. - -![Results of running Surface Asset Tag tool on Surface Go. -](images/assettag-fig1.png) - -> **Figure 1.** Results of running Surface Asset Tag tool on Surface Go - -Alternately, you can use WMI to query the existing asset tag on a device: - -(Get-WmiObject -query “Select * from Win32_SystemEnclosure”) - -**Example** - - ``` -C:\Windows\System32> (Get-WmiObject -query “Select * from Win32_SystemEnclosure”) - ``` - -### Using PowerShell - -You can use the script below as a way of getting the proposed value and -interpreting any errors. - - ``` -AssetTag -g \> $asset\_tag 2\> $error\_message -$asset\_tag\_return\_code = $LASTEXITCODE -$asset\_tag = $asset\_tag.Trim(“\`r\`n”) - -if ($asset\_tag\_return\_code -eq 0) { -Write-Output (“Good Tag = ” + $asset\_tag) -} else { -Write-Output ( -“Failure: Code = ” + $asset\_tag\_return\_code + -“Tag = ” + $asset\_tag + -“Message = ” + $error\_message) - -} - ``` diff --git a/devices/surface/battery-limit.md b/devices/surface/battery-limit.md deleted file mode 100644 index f65a6dc353..0000000000 --- a/devices/surface/battery-limit.md +++ /dev/null @@ -1,95 +0,0 @@ ---- -title: Battery Limit setting (Surface) -description: Battery Limit is a UEFI setting that changes how the Surface device battery is charged and may prolong its longevity. -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: surface, devices -ms.sitesec: library -author: coveminer -ms.reviewer: jesko -ms.author: greglin -ms.topic: article -ms.localizationpriority: medium -manager: laurawi -audience: itpro -ms.date: 5/06/2020 ---- - -# Battery Limit setting - -Battery Limit option is a UEFI setting that changes how the Surface device battery is charged and may prolong its longevity. This setting is recommended in cases in which the device is continuously connected to power, for example when devices are integrated into kiosk solutions. - -## How Battery Limit works - -Setting the device on Battery Limit changes the protocol for charging the device battery. When Battery Limit is enabled, the battery charge will be limited to 50% of its maximum capacity. The charge level reported in Windows will reflect this limit. Therefore, it will show that the battery is charged up to 50% and will not charge beyond this limit. If you enable Battery Limit while the device is above 50% charge, the Battery icon will show that the device is plugged in but discharging until the device reaches 50% of its maximum charge capacity. - -## Supported devices -The Battery Limit UEFI setting is built into the latest Surface devices including Surface Pro 7 and Surface Laptop 3. Earlier devices require a - [Surface UEFI firmware update](manage-surface-driver-and-firmware-updates.md), available through Windows Update or via the MSI driver and firmware packages on the [Surface Support site](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware-for-surface). Check [Enable "Battery Limit" for Surface devices that have to be plugged in for extended periods of time](https://support.microsoft.com/help/4464941) for the specific Surface UEFI version required for each supported device. - -## Enabling Battery Limit in Surface UEFI (Surface Pro 4 and later) - -The Surface UEFI Battery Limit setting can be configured by booting into Surface UEFI (**Power + Vol Up** when turning on the device). Choose **boot configuration**, and then, under **Advanced Options**, toggle **Enable Battery Limit Mode** to **On**. - -![Screenshot of Advanced options](images/enable-bl.png) - -## Enabling battery limit on Surface Go and Surface Go 2 -The Surface Battery Limit setting can be configured by booting into Surface UEFI (**Power + Vol Up** when turning on the device). Choose **boot configuration**, and then, under **Kiosk Mode**, move the slider to the right to set Battery Limit to **Enabled**. - -![Screenshot of Kiosk Mode Battery Limit in Surface Go](images/go-batterylimit.png) - -## Enabling Battery Limit in Surface UEFI (Surface Pro 3) - -The Surface UEFI Battery Limit setting can be configured by booting into Surface UEFI (**Power + Vol Up** when turning on the device). Choose **Kiosk Mode**, select **Battery Limit**, and then choose **Enabled**. - -![Screenshot of Advanced options](images/enable-bl-sp3.png) - -![Screenshot of Advanced options](images/enable-bl-sp3-2.png) - -## Enabling Battery Limit using Surface Enterprise Management Mode (SEMM) or Surface Pro 3 firmware PowerShell scripts - -The Surface UEFI battery limit is also available for configuration via the following methods: - -- Surface Pro 4 and later - - [Microsoft Surface UEFI Configurator](https://docs.microsoft.com/surface/surface-enterprise-management-mode) - - Surface UEFI Manager Powershell scripts (SEMM_Powershell.zip) in the [Surface Tools for IT downloads](https://www.microsoft.com/download/details.aspx?id=46703) -- Surface Pro 3 - - [SP3_Firmware_Powershell_Scripts.zip](https://www.microsoft.com/download/details.aspx?id=46703) - -### Using Microsoft Surface UEFI Configurator - -To configure Battery Limit mode, set the **Kiosk Overrides** setting on the **Advanced Settings** configuration page in SEMM (Surface Pro 4 and later). - -![Screenshot of advanced settings](images/semm-bl.png) - -### Using Surface UEFI Manager PowerShell scripts - -The battery limit feature is controlled via the following setting: - -`407 = Battery Profile` - -**Description**: Active management scheme for battery usage pattern - -**Default**: `0` - -Set this to `1` to enable Battery Limit. - -### Using Surface Pro 3 firmware tools - -The battery limit feature is controlled via the following setting: - -**Name**: BatteryLimitEnable - -**Description**: BatteryLimit - -**Current Value**: `0` - -**Default Value**: `0` - -**Proposed Value**: `0` - -Set this to `1` to enable Battery Limit. - ->[!NOTE] ->To configure this setting, you must use [SP3_Firmware_Powershell_Scripts.zip](https://www.microsoft.com/download/details.aspx?id=46703). - diff --git a/devices/surface/breadcrumb/toc.yml b/devices/surface/breadcrumb/toc.yml deleted file mode 100644 index 1ab1f047c2..0000000000 --- a/devices/surface/breadcrumb/toc.yml +++ /dev/null @@ -1,7 +0,0 @@ -- name: Docs - tocHref: / - topicHref: / - items: - - name: Surface - tocHref: /surface - topicHref: /surface/index \ No newline at end of file diff --git a/devices/surface/change-history-for-surface.md b/devices/surface/change-history-for-surface.md deleted file mode 100644 index b1aed6e997..0000000000 --- a/devices/surface/change-history-for-surface.md +++ /dev/null @@ -1,189 +0,0 @@ ---- -title: Change history for Surface documentation (Windows 10) -ms.reviewer: -manager: laurawi -description: This topic lists new and updated topics in the Surface documentation library. -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.localizationpriority: medium -ms.audience: itpro ---- - -# Change history for Surface documentation - -This topic lists new and updated topics in the Surface documentation library. - -## January 2020 -| **New or changed topic** | **Description** | -| ------------------------ | --------------- | -| [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md)| Updated with the latest information and links to related articles.| - - -## October 2019 - -| **New or changed topic** | **Description** | -| ------------------------ | --------------- | -| [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md)| New document explaining how to configure a DFCI environment in Microsoft Intune and manage firmware settings for targeted Surface devices.| -| [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)| New document highlighting key considerations for deploying, managing, and servicing Surface Pro X.| -|Multiple topics| Updated with information on Surface Pro 7, Surface Pro X, and Surface Laptop 3.| - -## September 2019 - -| **New or changed topic** | **Description** | -| ------------------------ | --------------- | -| [Surface Dock Firmware Update](surface-dock-firmware-update.md)| New document for Microsoft Surface Dock Firmware Update, newly redesigned to update Surface Dock firmware while running in the background on your Surface device.| - -## August 2019 - -| **New or changed topic** | **Description** | -| ------------------------ | --------------- | -| [Optimizing wireless connectivity for Surface devices](surface-wireless-connect.md) | New document highlights key wireless connectivity considerations for Surface devices in mobile scenarios. | -| [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) | Updated to reflect minor changes in the file naming convention for Surface MSI files. | - - -## July 2019 - -| **New or changed topic** | **Description** | -| ------------------------ | --------------- | -| [Deploy Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md) | Renamed to reflect focus on deployment guidance for IT professionals. Covers minor changes in Version 2.41.139.0. | - - - -## June 2019 - -| **New or changed topic** | **Description** | -| ------------------------ | --------------- | -|[Fix common Surface problems using the Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-for-business-intro.md) | New introductory page for the Surface Diagnostic Toolkit for Business. | -| [Best practice power settings for Surface devices](maintain-optimal-power-settings-on-Surface-devices.md) |Updated with summary of recommendations for managing power settings and optimizing battery life. | - - -## March 2019 - -| **New or changed topic** | **Description** | -| ------------------------ | --------------- | -| [Surface System SKU reference](surface-system-sku-reference.md) | New | - - -## February 2019 - -New or changed topic | Description ---- | --- -[Surface Asset Tag](assettag.md) | New - - -## January 2019 - -New or changed topic | Description ---- | --- -[Surface Brightness Control](microsoft-surface-brightness-control.md) | New -[Maintain optimal power settings on Surface devices](maintain-optimal-power-settings-on-Surface-devices.md) | New -|[Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) | Added Surface Studio 2 | - - -## November 2018 - -New or changed topic | Description ---- | --- -|[Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) | Added Surface Pro 6 | -[Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md) | New -[Use Surface Diagnostic Toolkit for Business in desktop mode](surface-diagnostic-toolkit-desktop-mode.md) | New -[Run Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md) | New - -## October 2018 - -New or changed topic | Description ---- | --- -[Battery Limit setting](battery-limit.md) | New -|[Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) | Added Surface GO | - -## May 2018 - -|New or changed topic | Description | -| --- | --- | -|[Microsoft Surface Data Eraser](microsoft-surface-data-eraser.md) | Added version 3.2.58.0 information | -|[Surface device compatibility with Windows 10 Long-Term Servicing Channel (LTSC)](surface-device-compatibility-with-windows-10-ltsc.md) | Removed note box around content | - -## February 2018 - -|New or changed topic | Description | -| --- | --- | -|[Microsoft Surface Data Eraser](microsoft-surface-data-eraser.md) | Added version 3.2.46.0 information | - -## January 2018 - -|New or changed topic | Description | -| --- | --- | -|[Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md) | New article | -|[Microsoft Surface Data Eraser](microsoft-surface-data-eraser.md) | Added version 3.2.45.0 information | -|[Surface device compatibility with Windows 10 Long-Term Servicing Channel (LTSC)](surface-device-compatibility-with-windows-10-ltsc.md) | Updated Current Branch (CB) or Current Branch for Business (CBB) servicing options with Semi-Annual Channel (SAC) information | -|[Wake On LAN for Surface devices](wake-on-lan-for-surface-devices.md) | Added Surface Book 2, Surface Laptop, Surface Pro, Surface Pro with LTE Advanced, and Surface Pro information | - -## December 2017 - -|New or changed topic | Description | -| --- | --- | -|[Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) | Added Surface Book 2, Surface Laptop, Surface Pro, and Surface Pro with LTE Advanced information | - -## October 2017 - -New or changed topics | Description ---- | --- -Microsoft Surface Diagnostic Toolkit | Topic removed. The Microsoft Surface Diagnostic Toolkit is no longer available for download. - -## September 2017 - -New or changed topic | Description ---- | --- -[Top support solutions for Surface devices](support-solutions-surface.md) | New - -## June 2017 - -|New or changed topic | Description | -| --- | --- | -|[Surface Data Eraser](microsoft-surface-data-eraser.md) | Update compatible devices, added version 3.2.36 information | -|[Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md) | Added version 2.0.8.0 information | - - -## April 2017 - -|New or changed topic | Description | -| --- | --- | -|[Surface device compatibility with Windows 10 Long-Term Servicing Branch](surface-device-compatibility-with-windows-10-ltsc.md) | New (supersedes [Long-Term Servicing Branch for Surface devices](ltsb-for-surface.md))| - - -## January 2017 - -|New or changed topic | Description | -| --- | --- | -|[Wake On LAN for Surface devices](wake-on-lan-for-surface-devices.md) | New | - -## December 2016 - -|New or changed topic | Description | -| --- | --- | -|[Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) | Added driver info for Surface Studio; updated info for Surface Book and Surface Pro 4 (Windows 10 .zip cumulative update), Surface Pro 3 (Windows8.1-KB2969817-x64.msu), and Surface 3 (UEFI Asset Tag management tool)| - -## November 2016 - -|New or changed topic | Description | -| --- | --- | -|[Surface Enterprise Management Mode](surface-enterprise-management-mode.md) | Added procedure for viewing certificate thumbprint. | -|[Use Microsoft Endpoint Configuration Manager to manage devices with SEMM](use-system-center-configuration-manager-to-manage-devices-with-semm.md) | New | - - - -## October 2016 - -| New or changed topic | Description | -| --- | --- | -| [Considerations for Surface and Microsoft Endpoint Configuration Manager](considerations-for-surface-and-system-center-configuration-manager.md) | New | -| [Long-term servicing branch for Surface devices](ltsb-for-surface.md) | New | - - - - -  diff --git a/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md b/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md deleted file mode 100644 index e8ce13b98d..0000000000 --- a/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md +++ /dev/null @@ -1,80 +0,0 @@ ---- -title: Considerations for Surface and Microsoft Endpoint Configuration Manager -description: The management and deployment of Surface devices with Configuration Manager is fundamentally the same as any other PC; this article describes scenarios that may require additional considerations. -keywords: manage, deployment, updates, driver, firmware -ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: surface, devices -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.localizationpriority: medium -ms.audience: itpro -ms.reviewer: -manager: laurawi ---- - -# Considerations for Surface and Microsoft Endpoint Configuration Manager - -Fundamentally, management and deployment of Surface devices with Microsoft Endpoint Configuration Manager is the same as the management and deployment of any other PC. Like any other PC, a deployment to Surface devices includes importing drivers, importing a Windows image, preparing a deployment task sequence, and then deploying the task sequence to a collection. After deployment, Surface devices are like any other Windows client; to publish apps, settings, and policies, you use the same process as you would use for any other device. - -You can find more information about how to use Configuration Manager to deploy and manage devices in the [Documentation for Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/sccm/index). - -Although the deployment and management of Surface devices is fundamentally the same as any other PC, there are some scenarios that may require additional considerations or steps. This article provides descriptions and guidance for these scenarios. The solutions documented in this article may apply to other devices and manufacturers as well. - -> [!NOTE] -> For management of Surface devices it is recommended that you use the Current Branch of Microsoft Endpoint Configuration Manager. - -## Updating Surface device drivers and firmware - -For devices that recieve updates through Windows Update, drivers for Surface components (and even firmware updates) are applied automatically as part of the Windows Update process. For devices with managed updates, such as those updated through Windows Server Update Services (WSUS) or Configuration Manager, see [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-driver-and-firmware-updates/). - -> [!NOTE] -> Surface device drivers and firmware are signed with SHA-256, which is not natively supported by Windows Server 2008 R2. A workaround is available for Configuration Manager environments running on Windows Server 2008 R2. For more information, see [Can't import drivers into Microsoft Endpoint Configuration Manager (KB3025419)](https://support.microsoft.com/kb/3025419). - -## Surface Ethernet adapters and Configuration Manager deployment - -The default mechanism that Configuration Manager uses to identify devices during deployment is the Media Access Control (MAC) address. Because the MAC address is associated with the Ethernet controller, an Ethernet adapter shared among multiple devices will cause Configuration Manager to identify each of the devices as only a single device. This can cause a Configuration Manager deployment of Windows to not be applied to intended devices. - -To ensure that Surface devices using the same Ethernet adapter are identified as unique devices during deployment, you can instruct Configuration Manager to identify devices using another method. This other method could be the MAC address of the wireless network adapter or the System Universal Unique Identifier (System UUID). You can specify that Configuration Manager use other identification methods with the following options: - -* Add an exclusion for the MAC addresses of Surface Ethernet adapters, which forces Configuration Manager to overlook the MAC address in preference of the System UUID, as documented in the [Reusing the same NIC for multiple PXE initiated deployments in SMicrosoft Endpoint Configuration Manager OSD](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2015/08/27/reusing-the-same-nic-for-multiple-pxe-initiated-deployments-in-system-center-configuration-manger-osd/) blog post. - -* Prestage devices by System UUID as documented in the [Reusing the same NIC for multiple PXE initiated deployments in Microsoft Endpoint Configuration Manager OSD](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2015/08/27/reusing-the-same-nic-for-multiple-pxe-initiated-deployments-in-system-center-configuration-manger-osd/) blog post. - -* Use a script to identify a newly deployed Surface device by the MAC address of its wireless adapter, as documented in the [How to Use The Same External Ethernet Adapter For Multiple SCCM OSD](https://blogs.technet.microsoft.com/askpfeplat/2014/07/27/how-to-use-the-same-external-ethernet-adapter-for-multiple-sccm-osd/) blog post. - -Another consideration for the Surface Ethernet adapter during deployments with Configuration Manager is the driver for the Ethernet controller. Beginning in Windows 10, version 1511, the driver for the Surface Ethernet adapter is included by default in Windows. For organizations that want to deploy the latest version of Windows 10 and use the latest version of WinPE, use of the Surface Ethernet adapter requires no additional actions. - -For versions of Windows prior to Windows 10, version 1511 (including Windows 10 RTM and Windows 8.1), you may still need to install the Surface Ethernet adapter driver and include the driver in your WinPE boot media. With its inclusion in Windows 10, the driver is no longer available for download from the Microsoft Download Center. To download the Surface Ethernet adapter driver, download it from the Microsoft Update Catalog as documented in the [Surface Ethernet Drivers](https://blogs.technet.microsoft.com/askcore/2016/08/18/surface-ethernet-drivers/) blog post from the Ask The Core Team blog. - -## Deploy Surface app with Configuration Manager - -With the release of Microsoft Store for Business, Surface app is no longer available as a driver and firmware download. Organizations that want to deploy Surface app to managed Surface devices or during deployment with the use of Configuration Manager, must acquire Surface app through Microsoft Store for Business and then deploy Surface app with PowerShell. You can find the PowerShell commands for deployment of Surface app, instructions to download Surface app, and prerequisite frameworks from Microsoft Store for Business in the [Deploy Surface app with Microsoft Store for Business](https://technet.microsoft.com/itpro/surface/deploy-surface-app-with-windows-store-for-business) article in the TechNet Library. - -## Use prestaged media with Surface clients - -If your organization uses prestaged media to pre-load deployment resources on to machines prior to deployment with Configuration Manager, the nature of Surface devices as UEFI devices may require you to take additional steps. Specifically, a native UEFI environment requires that you create multiple partitions on the boot disk of the system. If you are following along with the [documentation for prestaged media](https://technet.microsoft.com/library/79465d90-4831-4872-96c2-2062d80f5583?f=255&MSPPError=-2147217396#BKMK_CreatePrestagedMedia), the instructions provide for only single partition boot disks and therefore will fail when applied to Surface devices. - -Instructions for applying prestaged media to UEFI devices, such as Surface devices, can be found in the [How to apply Task Sequence Prestaged Media on multi-partitioned disks for BIOS or UEFI PCs in Microsoft Endpoint Configuration Manager](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2014/04/02/how-to-apply-task-sequence-prestaged-media-on-multi-partitioned-disks-for-bios-or-uefi-pcs-in-system-center-configuration-manager/) blog post. - -## Licensing conflicts with OEM Activation 3.0 - -Surface devices come preinstalled with a licensed copy of Windows. For example, Surface Pro 4 is preinstalled with Windows 10 Professional. The license key for this preinstalled copy of Windows is embedded in the firmware of the device with OEM Activation 3.0 (OA 3.0). When you run Windows installation media on a device with an OA 3.0 key, Windows setup automatically reads the license key and uses it to install and activate Windows. In most situations, this simplifies the reinstallation of Windows, because the user does not have to find or enter a license key. - -When you reimage a device by using Windows Enterprise, this embedded license key does not cause a conflict. This is because the installation media for Windows Enterprise is configured to install only an Enterprise edition of Windows and therefore is incompatible with the license key embedded in the system firmware. If a product key is not specified (such as when you intend to activate with Key Management Services [KMS] or Active Directory Based Activation), a Generic Volume License Key (GVLK) is used until Windows is activated by one of those technologies. - -However, issues may arise when organizations intend to use versions of Windows that are compatible with the firmware embedded key. For example, an organization that wants to install Windows 10 Professional on a Surface 3 device that originally shipped with Windows 10 Home edition may encounter difficulty when Windows setup automatically reads the Home edition key during installation and installs as Home edition rather than Professional. To avoid this conflict, you can use the Ei.cfg or Pid.txt file to explicitly instruct Windows setup to prompt for a product key, or you can enter a specific product key in the deployment task sequence. For more information, see [Windows Setup Edition Configuration and Product ID Files](https://technet.microsoft.com/library/hh824952.aspx). If you do not have a specific key, you can use the default product keys for Windows, which you can find in [Customize and deploy a Windows 10 operating system](https://dpcenter.microsoft.com/en/Windows/Build/cp-Windows-10-build) on the Device Partner Center. - -## Apply an asset tag during deployment - -Surface Studio, Surface Book, Surface Pro 4, Surface Pro 3, and Surface 3 devices all support the application of an asset tag in UEFI. This asset tag can be used to identify the device from UEFI even if the operating system fails, and it can also be queried from within the operating system. To read more about the Surface Asset Tag function, see the [Asset Tag Tool for Surface Pro 3](https://blogs.technet.microsoft.com/askcore/2014/10/20/asset-tag-tool-for-surface-pro-3/) blog post. - -To apply an asset tag using the [Surface Asset Tag CLI Utility](https://www.microsoft.com/download/details.aspx?id=44076) during a Configuration Manager deployment task sequence, use the script and instructions found in the [Set Surface Asset Tag During a Configuration Manager Task Sequence](https://blogs.technet.microsoft.com/jchalfant/set-surface-pro-3-asset-tag-during-a-configuration-manager-task-sequence/) blog post. - -## Configure push-button reset - -When you deploy Windows to a Surface device, the push-button reset functionality of Windows is configured by default to revert the system back to a state where the environment is not yet configured. When the reset function is used, the system discards any installed applications and settings. Although in some situations it can be beneficial to restore the system to a state without applications and settings, in a professional environment this effectively renders the system unusable to the end user. - -Push-button reset can be configured, however, to restore the system configuration to a state where it is ready for use by the end user. Follow the process outlined in [Deploy push-button reset features](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/deploy-push-button-reset-features) to customize the push-button reset experience for your devices. diff --git a/devices/surface/customize-the-oobe-for-surface-deployments.md b/devices/surface/customize-the-oobe-for-surface-deployments.md deleted file mode 100644 index cb492c2620..0000000000 --- a/devices/surface/customize-the-oobe-for-surface-deployments.md +++ /dev/null @@ -1,75 +0,0 @@ ---- -title: Customize the OOBE for Surface deployments (Surface) -description: This article will walk you through the process of customizing the Surface out-of-box experience for end users in your organization. -ms.assetid: F6910315-9FA9-4297-8FA8-2C284A4B1D87 -ms.reviewer: -manager: laurawi -keywords: deploy, customize, automate, network, Pen, pair, boot -ms.localizationpriority: medium -ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: surface, devices -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.audience: itpro ---- - -# Customize the OOBE for Surface deployments - -This article describes customizing the Surface out-of-box experience for end users in your organization. - -It is common practice in a Windows deployment to customize the user experience for the first startup of deployed computers — the out-of-box experience, or OOBE. - ->[!NOTE] ->OOBE is also often used to describe the phase, or configuration pass, of Windows setup during which the user experience is displayed. For more information about the OOBE phase of setup, see [How Configuration Passes Work](https://msdn.microsoft.com/library/windows/hardware/dn898581.aspx). - -In some scenarios, you may want to provide complete automation to ensure that at the end of a deployment, computers are ready for use without any interaction from the user. In other scenarios, you may want to leave key elements of the experience for users to perform necessary actions or select between important choices. For administrators deploying to Surface devices, each of these scenarios presents a unique challenge to overcome. - -> [!NOTE] -> This article does not apply to Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md) - -This article provides a summary of the scenarios where a deployment might require additional steps. It also provides the required information to ensure that the desired experience is achieved on any newly deployed Surface device. This article is intended for administrators who are familiar with the deployment process, as well as concepts such as answer files and [reference images](https://technet.microsoft.com/itpro/windows/deploy/create-a-windows-10-reference-image). - ->[!NOTE] ->Although the OOBE phase of setup is still run during a deployment with an automated deployment solution such as the [Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?LinkId=618117) or Microsoft Endpoint Configuration Manager Operating System Deployment (OSD), it is automated by the settings supplied in the Deployment Wizard and task sequence. For more information see:
->- [Deploy Windows 10 with the Microsoft Deployment Toolkit](https://technet.microsoft.com/itpro/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit) ->- [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](https://technet.microsoft.com/itpro/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager) - -  - -## Scenario 1: Wireless networking in OOBE with MDT 2013 - - -When a wireless network adapter is present during OOBE, the **Join a wireless network** page is displayed, which prompts a user to connect to a wireless network. This page is not automatically hidden by deployment technologies, including MDT 2013, and therefore will be displayed even when a deployment is configured for complete automation. - -To ensure that an automated deployment is not stopped by this page, the page must be hidden by configuring an additional setting in the answer file, **HideWirelessSetupInOOBE**. You can find additional information about the **HideWirelessSetupInOOBE** setting in [Unattended Windows Setup Reference](https://technet.microsoft.com/library/ff716213.aspx). - -## Scenario 2: Surface Pen pairing in OOBE - - -When you first take a Surface Pro 3, Surface Pro 4, Surface Book, or Surface Studio out of the package and start it up, the first-run experience of the factory image includes a prompt that asks you to pair the included Surface Pen to the device. This prompt is only provided by the factory image that ships with the device and is not included in other images used for deployment, such as the Windows Enterprise installation media downloaded from the Volume Licensing Service Center. Because pairing the Bluetooth Surface Pen outside of this experience requires that you enter the Control Panel or PC Settings and manually pair a Bluetooth device, you may want to have users or a technician use this prompt to perform the pairing operation. - -To provide the factory Surface Pen pairing experience in OOBE, you must copy four files from the factory Surface image into the reference image. You can copy these files into the reference environment before you capture the reference image, or you can add them later by using Deployment Image Servicing and Management (DISM) to mount the image. The four required files are: - -- %windir%\\system32\\oobe\\info\\default\\1033\\oobe.xml -- %windir%\\system32\\oobe\\info\\default\\1033\\PenPairing\_en-US.png -- %windir%\\system32\\oobe\\info\\default\\1033\\PenError\_en-US.png -- %windir%\\system32\\oobe\\info\\default\\1033\\PenSuccess\_en-US.png - ->[!NOTE] ->You should copy the files from a factory image for the same model Surface device that you intend to deploy to. For example, you should use the files from a Surface Pro 7 to deploy to Surface Pro 7, and the files from Surface Book 2 to deploy Surface Book 2, but you should not use the files from a Surface Pro 7 to deploy Surface Book or Surface Pro 6. - -  - -The step-by-step process for adding these required files to an image is described in [Deploying Surface Pro 3 Pen and OneNote Tips](https://blogs.technet.microsoft.com/askcore/2014/07/15/deploying-surface-pro-3-pen-and-onenote-tips/). This blog post also includes tips to ensure that the necessary updates for the Surface Pen Quick Note-Taking Experience are installed, which allows users to send notes to OneNote with a single click. - -  - -  - - - - - diff --git a/devices/surface/deploy-surface-app-with-windows-store-for-business.md b/devices/surface/deploy-surface-app-with-windows-store-for-business.md deleted file mode 100644 index fc2956ead6..0000000000 --- a/devices/surface/deploy-surface-app-with-windows-store-for-business.md +++ /dev/null @@ -1,185 +0,0 @@ ---- -title: Deploy Surface app with Microsoft Store for Business or Microsoft Store for Education (Surface) -description: Find out how to add and download Surface app with Microsoft Store for Business or Microsoft Store for Education, as well as install Surface app with PowerShell and MDT. -keywords: surface app, app, deployment, customize -ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: surface, store -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.localizationpriority: medium -ms.audience: itpro -ms.reviewer: -manager: laurawi ---- - -# Deploy Surface app with Microsoft Store for Business and Education - -**Applies to** - -- Surface Pro 7 -- Surface Laptop 3 -- Surface Pro 6 -- Surface Laptop 2 -- Surface Go -- Surface Go with LTE -- Surface Book 2 -- Surface Pro with LTE Advanced (Model 1807) -- Surface Pro (Model 1796) -- Surface Laptop -- Surface Studio -- Surface Studio 2 -- Surface Book -- Surface Pro 4 -- Surface 3 LTE -- Surface 3 -- Surface Pro 3 - - -The Surface app is a lightweight Microsoft Store app that provides control of many Surface-specific settings and options, including: - -* Enable or disable the Windows button on the Surface device - -* Adjust the sensitivity of a Surface Pen - -* Customize Surface Pen button actions - -* Enable or disable Surface audio enhancements - -* Quick access to support documentation and information for your device - -Customers using Windows Update will ordinarily receive Surface app as part of automatic updates. But if your organization is preparing images for deployment to your Surface devices, you may want to include the Surface app (formerly called the Surface Hub) in your imaging and deployment process instead of requiring users of each individual device to download and install the app from the Microsoft Store or your Microsoft Store for Business. - -> [!NOTE] -> This article does not apply to Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md) - -## Surface app overview - -The Surface app is available as a free download from the [Microsoft Store](https://www.microsoft.com/store/apps/Surface/9WZDNCRFJB8P). Users can download and install it from the Microsoft Store, but if your organization uses Microsoft Store for Business instead, you will need to add it to your store’s inventory and possibly include the app as part of your Windows deployment process. These processes are discussed throughout this article. For more information about Microsoft Store for Business, see [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/) in the Windows TechCenter. - -## Add Surface app to a Microsoft Store for Business account - -Before users can install or deploy an app from a company’s Microsoft Store for Business account, the desired app(s) must first be made available and licensed to the users of a business. - -1. If you have not already done so, create a [Microsoft Store for Business account](https://www.microsoft.com/business-store). - -2. Log on to the portal. - -3. Enable offline licensing: click **Manage->Store settings**, and then select the **Show offline licensed apps to people shopping in the store** checkbox, as shown in Figure 1. For more information about Microsoft Store for Business app licensing models, see [Apps in Microsoft Store for Business and Education](https://docs.microsoft.com/microsoft-store/).

- ![Show offline licenses apps checkbox](images/deploysurfapp-figure1-enablingapps.png "Show offline licenses apps checkbox")
- *Figure 1. Enable apps for offline use* - -4. Add Surface app to your Microsoft Store for Business account by following this procedure: - * Click the **Shop** menu. - * In the search box, type **Surface app**, and then click the search icon. - * After the Surface app is presented in the search results, click the app’s icon. - * You are presented with a choice (select **Online** or **Offline**), as shown in Figure 2.

- - ![Select the Offline licensing mode and add the app to your inventory](images/deploysurfapp-fig2-selectingofflinelicense.png "Select the Offline licensing mode and add the app to your inventory") - - *Figure 2. Select the Offline licensing mode and add the app to your inventory* - - * Click **Offline** to select the Offline licensing mode. - * Click **Get the app** to add the app to your Microsoft Store for Business inventory. As shown in Figure 3, you’ll see a dialog box that prompts you to acknowledge that offline apps can be deployed using a management tool or downloaded from the company’s inventory page in their private store. - - ![Offline-licensed app acknowledgement window](images/deploysurfapp-fig3-acknowledge.png "Offline-licensed app acknowledgement window") - - *Figure 3. Offline-licensed app acknowledgement* - * Click **OK**. - -## Download Surface app from a Microsoft Store for Business account -After you add an app to the Microsoft Store for Business account in Offline mode, you can download and add the app as an AppxBundle to a deployment share. -1. Log on to the Microsoft Store for Business account at https://businessstore.microsoft.com. -2. Click **Manage->Apps & software**. A list of all of your company’s apps is displayed, including the Surface app you added in the [Add Surface app to a Microsoft Store for Business account](#add-surface-app-to-a-microsoft-store-for-business-account) section of this article. -3. Under **Actions**, click the ellipsis (**…**), and then click **Download for offline use** for the Surface app. -4. Select the desired **Platform** and **Architecture** options from the available selections for the selected app, as shown in Figure 4. - - ![Example of the AppxBundle package](images/deploysurfapp-fig4-downloadappxbundle.png "Example of the AppxBundle package") - - *Figure 4. Download the AppxBundle package for an app* -5. Click **Download**. The AppxBundle package will be downloaded. Make sure you note the path of the downloaded file because you’ll need that later in this article. -6. Click either the **Encoded license** or **Unencoded license** option. Use the Encoded license option with management tools like Microsoft Endpoint Configuration Manager or when you use Windows Configuration Designer to create a provisioning package. Select the Unencoded license option when you use Deployment Image Servicing and Management (DISM) or deployment solutions based on imaging, including the Microsoft Deployment Toolkit (MDT). -7. Click **Generate** to generate and download the license for the app. Make sure you note the path of the license file because you’ll need that later in this article. - ->[!NOTE] ->When you download an app for offline use, such as the Surface app, you may notice a section at the bottom of the page labeled **Required frameworks**. Your target computers must have the frameworks installed for the app to run, so you may need to repeat the download process for each of the required frameworks for your architecture (either x86 or x64) and also include them as part of your Windows deployment discussed later in this article. - -Figure 5 shows the required frameworks for the Surface app. - -![Required frameworks for the Surface app](images/deploysurfapp-fig5-requiredframework.png "Required frameworks for the Surface app") - -*Figure 5. Required frameworks for the Surface app* - ->[!NOTE] ->The version numbers of the Surface app and required frameworks will change as the apps are updated. Check for the latest version of Surface app and each framework in Microsoft Store for Business. Always use the Surface app and recommended framework versions as provided by Microsoft Store for Business. Using outdated frameworks or the incorrect versions may result in errors or application crashes. - -To download the required frameworks for the Surface app, follow these steps: -1. Click the **Download** button under **Microsoft.VCLibs.140.00_14.0.23816.0_x64__8wekyb3d8bbwe**. This downloads the Microsoft.VCLibs.140.00_14.0.23816.0_x64__8wekyb3d8bbwe.Appx file to your specified folder. -2. Click the **Download** button under **Microsoft.NET.Native.Runtime.1.1_1.1.23406.0_x64__8wekyb3d8bbwe**. This downloads the Microsoft.NET.Native.Runtime.1.1_1.1.23406.0_x64__8wekyb3d8bbwe.Appx file to your specified folder. - ->[!NOTE] ->Only the 64-bit (x64) version of each framework is required for Surface devices. Surface devices are native 64-bit UEFI devices and are not compatible with 32-bit (x86) versions of Windows that would require 32-bit frameworks. - -## Install Surface app on your computer with PowerShell -The following procedure provisions the Surface app onto your computer and makes it available for any user accounts created on the computer afterwards. -1. Using the procedure described in the [How to download Surface app from a Microsoft Store for Business account](#download-surface-app-from-a-microsoft-store-for-business-account) section of this article, download the Surface app AppxBundle and license file. -2. Begin an elevated PowerShell session. - - >[!NOTE] - >If you don’t run PowerShell as an Administrator, the session won’t have the required permissions to install the app. - -3. In the elevated PowerShell session, copy and paste the following command: - ``` - Add-AppxProvisionedPackage –Online –PackagePath \ Microsoft.SurfaceHub_10.0.342.0_neutral_~_8wekyb3d8bbwe.AppxBundle –LicensePath \ Microsoft.SurfaceHub_8wekyb3d8bbwe_a53ef8ab-9dbd-dec1-46c5-7b664d4dd003.xml - ``` - - Where `` is the folder where you downloaded the AppxBundle and license file from the Microsoft Store for Business account. - - For example, if you downloaded the files to c:\Temp, the command you run is: - ```` - Add-AppxProvisionedPackage –Online –PackagePath c:\Temp\ Microsoft.SurfaceHub_10.0.342.0_neutral_~_8wekyb3d8bbwe.AppxBundle –LicensePath c:\Temp\ Microsoft.SurfaceHub_8wekyb3d8bbwe_a53ef8ab-9dbd-dec1-46c5-7b664d4dd003.xml - ``` - -4. The Surface app will now be available on your current Windows computer. - -Before the Surface app is functional on the computer where it has been provisioned, you must also provision the frameworks described earlier in this article. To provision these frameworks, use the following procedure in the elevated PowerShell session you used to provision the Surface app. - -5. In the elevated PowerShell session, copy and paste the following command: - ``` - Add-AppxProvisionedPackage –Online –SkipLicense –PackagePath \Microsoft.VCLibs.140.00_14.0.23816.0_x64__8wekyb3d8bbwe.Appx - ``` -6. In the elevated PowerShell session, copy and paste the following command: - ``` - Add-AppxProvisionedPackage –Online –SkipLicense –PackagePath \Microsoft.NET.Native.Runtime.1.1_1.1.23406.0_x64__8wekyb3d8bbwe.Appx - ``` - -## Install Surface app with MDT -The following procedure uses MDT to automate installation of the Surface app at the time of deployment. The application is provisioned automatically by MDT during deployment and thus you can use this process with existing images. This is the recommended process to deploy the Surface app as part of a Windows deployment to Surface devices because it does not reduce the cross platform compatibility of the Windows image. -1. Using the procedure described [earlier in this article](#download-surface-app-from-a-microsoft-store-for-business-account), download the Surface app AppxBundle and license file. -2. Using the New Application Wizard in the MDT Deployment Workbench, import the downloaded files as a new **Application with source files**. -3. On the **Command Details** page of the New Application Wizard, specify the default **Working Directory** and for the **Command** specify the file name of the AppxBundle, as follows: - - * Command: - ``` - Microsoft.SurfaceHub_10.0.342.0_neutral_~_8wekyb3d8bbwe.AppxBundle - ``` - * Working Directory: %DEPLOYROOT%\Applications\SurfaceApp - -For the Surface app to function on the target computer, it will also require the frameworks described earlier in this article. Use the following procedure to import the frameworks required for the Surface app into MDT and to configure them as dependencies. -1. Using the procedure described earlier in this article, download the framework files. Store each framework in a separate folder. -2. Using the New Application Wizard in the MDT Deployment Workbench, import the downloaded files as a new **Application with source files**. -3. On the **Command Details** page, type the file name of each application you downloaded in the **Command** field and the default Working Directory. - -To configure the frameworks as dependencies of the Surface app, use this process: -1. Open the properties of the Surface app in the MDT Deployment Workbench. -2. Click the **Dependencies** tab, and then click **Add**. -3. Select the check box for each framework using the name you provided in the New Application Wizard. - -After import, the Surface app will be available for selection in the **Applications** step of the Windows Deployment Wizard. You can also install the application automatically by specifying the application in the deployment task sequence by following this process: -1. Open your deployment task sequence in the MDT Deployment Workbench. -2. Add a new **Install Application** task in the **State Restore** section of deployment. -3. Select **Install a single application** and specify the **Surface App** as the **Application to be installed**. - -For more information about including apps into your Windows deployments, see [Deploy Windows 10 with the Microsoft Deployment Toolkit](https://technet.microsoft.com/itpro/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit). diff --git a/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md b/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md deleted file mode 100644 index bb8e62fb6b..0000000000 --- a/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit (Surface) -description: Walk through the recommended process of how to deploy Windows 10 to your Surface devices with the Microsoft Deployment Toolkit. -keywords: windows 10 surface, automate, customize, mdt -ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: surface -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.localizationpriority: medium -ms.audience: itpro -ms.reviewer: -manager: laurawi -ms.date: 04/24/2020 ---- - -# Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit - -**Applies to** - -- Surface Studio and later -- Surface Pro 4 and later -- Surface Book and later -- Surface Laptop and later -- Surface Go -- Surface 3 -- Windows 10 - -> [!NOTE] -> MDT is not supported on Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md). - -For the latest information about using MDT, refer to [Deploy a Windows 10 image using MDT](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt). - diff --git a/devices/surface/deploy.md b/devices/surface/deploy.md deleted file mode 100644 index 7431a22a8a..0000000000 --- a/devices/surface/deploy.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: Deploy Surface devices (Surface) -description: Get deployment guidance for your Surface devices including information about MDT, OOBE customization, Ethernet adaptors, and Surface Deployment Accelerator. -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: surface, devices -ms.sitesec: library -author: coveminer -ms.reviewer: -manager: laurawi -ms.author: greglin -ms.topic: article -ms.localizationpriority: medium -ms.audience: itpro ---- - -# Deploy Surface devices - -Learn about about deploying ARM- and Intel-based Surface devices. - -## Deploying ARM-based devices - -| Topic | Description | -| --- | --- | -| [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md) | Get an overview of key considerations for deploying, managing, and servicing Surface Pro X running the Microsoft SQ1 ARM processor. | -| [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md) | Learn about Autopilot, the recommended method for deploying Surface Pro X. | -| [Windows 10 ARM-based PC app compatibility](surface-pro-arm-app-performance.md) | Review app compatibility guidance for Surface Pro X. | - - -## Deploying Intel-based devices - -| Topic | Description | -| --- | --- | -| [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md) | Find out how to remotely deploy and configure devices with Windows Autopilot. | -| [Surface device compatibility with Windows 10 Long-Term Servicing Channel](surface-device-compatibility-with-windows-10-ltsc.md) | Find out about compatibility and limitations of Surface devices running Windows 10 Enterprise LTSC edition. | -| [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md) | Walk through the recommended process of how to deploy Windows 10 to your Surface devices with the Microsoft Deployment Toolkit.| -| [Upgrade Surface devices to Windows 10 with MDT](upgrade-surface-devices-to-windows-10-with-mdt.md)| Find out how to perform a Windows 10 upgrade deployment to your Surface devices. | -| [Customize the OOBE for Surface deployments](customize-the-oobe-for-surface-deployments.md)| Walk through the process of customizing the Surface out-of-box experience for end users in your organization.| -| [Ethernet adapters and Surface deployment](ethernet-adapters-and-surface-device-deployment.md)| Get guidance and answers to help you perform a network deployment to Surface devices.| -| [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)| See how Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices. | -[Battery Limit setting](battery-limit.md) | Learn how to use Battery Limit, a UEFI setting that changes how the Surface device battery is charged and may prolong its longevity. - -## Related topics - -[Surface IT Pro Blog](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/bg-p/SurfaceITPro) - diff --git a/devices/surface/dma-protect.md b/devices/surface/dma-protect.md deleted file mode 100644 index 93909724b7..0000000000 --- a/devices/surface/dma-protect.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -title: Surface DMA Protection -description: This article describes DMA protection on compatible Surface devices -ms.prod: w10 -ms.mktglfcycl: manage -ms.localizationpriority: medium -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.date: 6/10/2020 -ms.reviewer: carlol -manager: laurawi -audience: itpro ---- -# DMA Protection on Surface devices - -Direct Memory Access (DMA) protection is designed to mitigate potential security vulnerabilities associated with using removable SSDs or external storage devices. Newer Surface devices come with DMA Protection enabled by default. These include Surface Pro 7, Surface Laptop 3, and Surface Pro X. To check the presence of DMA protection feature on your device, open System Information (**Start** > **msinfo32.exe**), as shown in the figure below. - -![System information showing DMA Protection enabled](images/systeminfodma.png) - -If a Surface removable SSD is tampered with, the device will shutoff power. The resulting reboot causes UEFI to wipe memory, to erase any residual data. diff --git a/devices/surface/documentation/surface-system-sku-reference.md b/devices/surface/documentation/surface-system-sku-reference.md deleted file mode 100644 index 0014ad0c25..0000000000 --- a/devices/surface/documentation/surface-system-sku-reference.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: Surface System SKU reference -description: This topic provides a reference of System SKU names that you can use to quickly determine the machine state of a specific device. -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article ---- -# Surface System SKU Reference -This document provides a reference of System SKU names that you can use to quickly determine the machine state of a specific device using PowerShell, WMI, and related tools. - -System SKU is a variable (along with System Model and others) stored in System Management BIOS (SMBIOS) tables in the UEFI layer of Surface devices. Use the System SKU name whenever you need to differentiate between devices with the same System Model name, such as Surface Pro and Surface Pro with LTE Advanced. - -| **Device**| **System Model** | **System SKU**| -| --- | ---| --- | -| Surface 3 WiFI | Surface 3 | Surface_3 | -| Surface 3 LTE AT&T | Surface 3 | Surface_3_US1 | -| Surface 3 LTE Verizon | Surface 3 | Surface_3_US2 | -| Surface 3 LTE North America | Surface 3 | Surface_3_NAG | -| Surface 3 LTE Outside of North America and T-Mobile In Japan | Surface 3 | Surface_3_ROW | -| Surface Pro | Surface Pro | Surface_Pro_1796 | -| Surface Pro with LTE Advanced | Surface Pro | Surface_Pro_1807 | -| Surface Book 2 13inch | Surface Book 2 | Surface_Book_1832 | -| Surface Book 2 15inch | Surface Book 2 | Surface_Book_1793 | -| Surface Go Consumer | Surface Go | Surface_Go_1824_Consumer | -| Surface Go Commercial | Surface Go | Surface_Go_1824_Commercial | -| Surface Go 2 | Surface Go 2 | Surface_Go_2_1927 | -| Surface Pro 6 Consumer | Surface Pro 6 | Surface_Pro_6_1796_Consumer | -| Surface Pro 6 Commercial | Surface Pro 6 | Surface_Pro_6_1796_Commercial | -| Surface Laptop 2 Consumer | Surface Laptop 2 | Surface_Laptop_2_1769_Consumer | -| Surface Laptop 2 Commercial | Surface Laptop 2 | Surface_Laptop_2_1769_Commercial | - -## Using System SKU variables - -### PowerShell - - gwmi -namespace root\wmi -class MS_SystemInformation | select SystemSKU - -### System Information -You can also find the System SKU and System Model for a device in System Information. -- Click **Start** > **MSInfo32**. - -### WMI -You can use System SKU variables in a Task Sequence WMI Condition in the Microsoft Deployment Toolkit (MDT) or Microsoft Endpoint Configuration Manager. For example: - - - WMI Namespace – Root\WMI - - WQL Query – SELECT * FROM MS_SystemInformation WHERE SystemSKU = "Surface_Pro_1796" - - - - - - diff --git a/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md b/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md deleted file mode 100644 index 36f05515f3..0000000000 --- a/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md +++ /dev/null @@ -1,95 +0,0 @@ ---- -title: Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices (Surface) -description: Find out how to enable support for PEAP, EAP-FAST, or Cisco LEAP protocols on your Surface device. -ms.assetid: A281EFA3-1552-467D-8A21-EB151E58856D -ms.reviewer: -manager: laurawi -keywords: network, wireless, device, deploy, authentication, protocol -ms.localizationpriority: medium -ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: surface, devices -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article ---- - -# Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices - - -Find out how to enable support for PEAP, EAP-FAST, or Cisco LEAP protocols on your Surface device. - -If you use PEAP, EAP-FAST, or Cisco LEAP in your enterprise network, you probably already know that these three wireless authentication protocols are not supported by Surface devices out of the box. Some users may discover this when they attempt to connect to your wireless network; others may discover it when they are unable to gain access to resources inside the network, like file shares and internal sites. For more information, see [Extensible Authentication Protocol](https://technet.microsoft.com/network/bb643147). - -You can add support for each protocol by executing a small MSI package from a USB stick or from a file share. For organizations that want to enable EAP support on their Surface devices, the MSI package format supports deployment with many management and deployment tools, like the Microsoft Deployment Toolkit (MDT) and Microsoft Endpoint Configuration Manager. - -## Download PEAP, EAP-FAST, or Cisco LEAP installation files - - -You can download the MSI installation files for PEAP, EAP-FAST, or Cisco LEAP in a single zip archive file from the Microsoft Download Center. To download this file, go to the [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) page on the Microsoft Download Center, click **Download**, and then select the **Cisco EAP-Supplicant Installer.zip** file. - -## Deploy PEAP, EAP-FAST, or Cisco LEAP with MDT - - -If you are already performing a Windows deployment to Surface devices in your organization, it is quick and easy to add the installation files for each protocol to your deployment share and configure automatic installation during deployment. You can even configure a task sequence that updates previously deployed Surface devices to provide support for these protocols using the same process. - -To enable support for PEAP, EAP-FAST, or Cisco LEAP on newly deployed Surface devices, follow these steps: - -1. Download and extract the installation files for each protocol to separate folders in an easily accessible location. - -2. Open the MDT Deployment Workbench and expand your deployment share to the **Applications** folder. - -3. Select **New Application** from the **Action** pane. - -4. Choose **Application with source files** to copy the MSI files into the Deployment Share. - -5. Select the folder you created in step 1 for the desired protocol. - -6. Name the folder in the deployment share where the installation files will be stored. - -7. Specify the command line to deploy the application: - - - For PEAP use **EAP-PEAP.msi /qn /norestart**. - - - For LEAP use **EAP-LEAP.msi /qn /norestart**. - - - For EAP-FAST use **EAP-FAST.msi /qn /norestart**. - -8. Use the default options to complete the New Application Wizard. - -9. Repeat steps 3 through 8 for each desired protocol. - -After you’ve performed these steps to import the three MSI packages as applications into MDT, they will be available for selection in the Applications page of the Windows Deployment Wizard. Although in some simple deployment scenarios it might be sufficient to have technicians select each package at the time of deployment, it is not recommended. This practice introduces the possibility that a technician could attempt to apply these packages to computers other than Surface devices, or that a Surface device could be deployed without EAP support due to human error. - -To hide these applications from the Install Applications page, select the **Hide this application in the Deployment Wizard** checkbox in the properties of each application. After the applications are hidden, they will not be displayed as optional applications during deployment. To deploy them in your Surface deployment task sequence, they must be explicitly defined for installation through a separate step in the task sequence. - -To specify the protocol(s) explicitly, follow these steps: - -1. Open your Surface deployment task sequence properties from the MDT Deployment Workbench. - -2. On the **Task Sequence** tab, select the **Install Applications** step under **State Restore**. This is typically found between the pre-application and post-application Windows Update steps. - -3. Use the **Add** button to create a new **Install Application** step from the **General** category. - -4. Select **Install a single application** in the step **Properties** tab. - -5. Select the desired EAP protocol from the list. - -6. Repeat steps 2 through 5 for each desired protocol. - -## Deploy PEAP, EAP-FAST, or Cisco LEAP with Configuration Manager - - -For organizations that manage Surface devices with Configuration Manager, it is even easier to deploy PEAP, EAP-FAST, or Cisco LEAP support to Surface devices. Simply import each MSI file as an application from the Software Library and configure a deployment to your Surface device collection. - -For more information on how to deploy applications with Configuration Manager see [How to Create Applications in Configuration Manager](https://technet.microsoft.com/library/gg682159.aspx) and [How to Deploy Applications in Configuration Manager](https://technet.microsoft.com/library/gg682082.aspx). - -  - -  - - - - - diff --git a/devices/surface/enable-surface-keyboard-for-windows-pe-deployment.md b/devices/surface/enable-surface-keyboard-for-windows-pe-deployment.md deleted file mode 100644 index 4f3c602781..0000000000 --- a/devices/surface/enable-surface-keyboard-for-windows-pe-deployment.md +++ /dev/null @@ -1,197 +0,0 @@ ---- -title: How to enable the Surface Laptop keyboard during MDT deployment -description: When you use MDT to deploy Windows 10 to Surface laptops, you need to import keyboard drivers to use in the Windows PE environment. -keywords: windows 10 surface, automate, customize, mdt -ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: surface -ms.sitesec: library -author: Teresa-Motiv -ms.author: v-tea -ms.topic: article -ms.reviewer: scottmca -ms.localizationpriority: medium -ms.audience: itpro -manager: jarrettr -appliesto: -- Surface Laptop (1st Gen) -- Surface Laptop 2 -- Surface Laptop 3 ---- - -# How to enable the Surface Laptop keyboard during MDT deployment - -This article addresses a deployment approach that uses Microsoft Deployment Toolkit (MDT). You can also apply this information to other deployment methodologies. On most types of Surface devices, the keyboard should work during Lite Touch Installation (LTI). However, Surface Laptop requires some additional drivers to enable the keyboard. For Surface Laptop (1st Gen) and Surface Laptop 2 devices, you must prepare the folder structure and selection profiles that allow you to specify keyboard drivers for use during the Windows Preinstallation Environment (Windows PE) phase of LTI. For more information about this folder structure, see [Deploy a Windows 10 image using MDT: Step 5: Prepare the drivers repository](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt?redirectedfrom=MSDN#step-5-prepare-the-drivers-repository). - -> [!NOTE] -> It is currently not supported to add Surface Laptop 2 and Surface Laptop 3 keyboard drivers in the same Windows PE boot instance due to a driver conflict; use separate instances instead. - -> [!IMPORTANT] -> If you are deploying a Windows 10 image to a Surface Laptop that has Windows 10 in S mode preinstalled, see KB [4032347, Problems when deploying Windows to Surface devices with preinstalled Windows 10 in S mode](https://support.microsoft.com/help/4032347/surface-preinstall-windows10-s-mode-issues). - -To add the keyboard drivers to the selection profile, follow these steps: - -1. Download the latest Surface Laptop MSI file from the appropriate locations: - - [Surface Laptop (1st Gen) Drivers and Firmware](https://www.microsoft.com/download/details.aspx?id=55489) - - [Surface Laptop 2 Drivers and Firmware](https://www.microsoft.com/download/details.aspx?id=57515) - - [Surface Laptop 3 with Intel Processor Drivers and Firmware](https://www.microsoft.com/download/details.aspx?id=100429) - -2. Extract the contents of the Surface Laptop MSI file to a folder that you can easily locate (for example, c:\surface_laptop_drivers). To extract the contents, open an elevated Command Prompt window and run the command from the following example: - - ```cmd - Msiexec.exe /a SurfaceLaptop_Win10_15063_1703008_1.msi targetdir=c:\surface_laptop_drivers /qn - ``` - -3. Open the Deployment Workbench and expand the **Deployment Shares** node and your deployment share, then navigate to the **WindowsPEX64** folder. - - ![Image that shows the location of the WindowsPEX64 folder in the Deployment Workbench](./images/surface-laptop-keyboard-1.png) - -4. Right-click the **WindowsPEX64** folder and select **Import Drivers**. -5. Follow the instructions in the Import Driver Wizard to import the driver folders into the WindowsPEX64 folder. - -> [!NOTE] -> Check the downloaded MSI package to determine the format and directory structure. The directory structure will start with either SurfacePlatformInstaller (older MSI files) or SurfaceUpdate (Newer MSI files) depending on when the MSI was released. - -To support Surface Laptop (1st Gen), import the following folders: - - - SurfacePlatformInstaller\Drivers\System\GPIO - - SurfacePlatformInstaller\Drivers\System\SurfaceHidMiniDriver - - SurfacePlatformInstaller\Drivers\System\SurfaceSerialHubDriver - - SurfacePlatformInstaller\Drivers\System\PreciseTouch - -Or for newer MSI files beginning with "SurfaceUpdate", use: - -- SurfaceUpdate\SerialIOGPIO -- SurfaceUpdate\SurfaceHidMiniDriver -- SurfaceUpdate\SurfaceSerialHubDriver -- SurfaceUpdate\Itouch - -To support Surface Laptop 2, import the following folders: - - - SurfacePlatformInstaller\Drivers\System\GPIO - - SurfacePlatformInstaller\Drivers\System\SurfaceHIDMiniDriver - - SurfacePlatformInstaller\Drivers\System\SurfaceSerialHubDriver - - SurfacePlatformInstaller\Drivers\System\I2C - - SurfacePlatformInstaller\Drivers\System\SPI - - SurfacePlatformInstaller\Drivers\System\UART - - SurfacePlatformInstaller\Drivers\System\PreciseTouch - -Or for newer MSI files beginning with "SurfaceUpdate", use: - -- SurfaceUpdate\SerialIOGPIO -- SurfaceUpdate\IclSerialIOI2C -- SurfaceUpdate\IclSerialIOSPI -- SurfaceUpdate\IclSerialIOUART -- SurfaceUpdate\SurfaceHidMini -- SurfaceUpdate\SurfaceSerialHub -- SurfaceUpdate\Itouch - - -To support Surface Laptop 3 with Intel Processor, import the following folders: - -- SurfaceUpdate\IclSerialIOGPIO -- SurfaceUpdate\IclSerialIOI2C -- SurfaceUpdate\IclSerialIOSPI -- SurfaceUpdate\IclSerialIOUART -- SurfaceUpdate\SurfaceHidMini -- SurfaceUpdate\SurfaceSerialHub -- SurfaceUpdate\SurfaceHotPlug -- SurfaceUpdate\Itouch - -Importing the following folders will enable full keyboard, trackpad, and touch functionality in PE for Surface Laptop 3. - -- IclSerialIOGPIO -- IclSerialIOI2C -- IclSerialIOSPI -- IclSerialIOUART -- itouch -- IclChipset -- IclChipsetLPSS -- IclChipsetNorthpeak -- ManagementEngine -- SurfaceAcpiNotify -- SurfaceBattery -- SurfaceDockIntegration -- SurfaceHidMini -- SurfaceHotPlug -- SurfaceIntegration -- SurfaceSerialHub -- SurfaceService -- SurfaceStorageFwUpdate - - - > [!NOTE] - > Check the downloaded MSI package to determine the format and directory structure. The directory structure will start with either SurfacePlatformInstaller (older MSI files) or SurfaceUpdate (Newer MSI files) depending on when the MSI was released. - - To support Surface Laptop (1st Gen), import the following folders: - - - SurfacePlatformInstaller\Drivers\System\GPIO - - SurfacePlatformInstaller\Drivers\System\SurfaceHidMiniDriver - - SurfacePlatformInstaller\Drivers\System\SurfaceSerialHubDriver - - SurfacePlatformInstaller\Drivers\System\PreciseTouch - - Or for newer MSI files beginning with "SurfaceUpdate", use: - - - SurfaceUpdate\SerialIOGPIO - - SurfaceUpdate\SurfaceHidMiniDriver - - SurfaceUpdate\SurfaceSerialHubDriver - - SurfaceUpdate\Itouch - - To support Surface Laptop 2, import the following folders: - - - SurfacePlatformInstaller\Drivers\System\GPIO - - SurfacePlatformInstaller\Drivers\System\SurfaceHIDMiniDriver - - SurfacePlatformInstaller\Drivers\System\SurfaceSerialHubDriver - - SurfacePlatformInstaller\Drivers\System\I2C - - SurfacePlatformInstaller\Drivers\System\SPI - - SurfacePlatformInstaller\Drivers\System\UART - - SurfacePlatformInstaller\Drivers\System\PreciseTouch - - Or for newer MSI files beginning with "SurfaceUpdate", use: - - - SurfaceUpdate\SerialIOGPIO - - SurfaceUpdate\IclSerialIOI2C - - SurfaceUpdate\IclSerialIOSPI - - SurfaceUpdate\IclSerialIOUART - - SurfaceUpdate\SurfaceHidMini - - SurfaceUpdate\SurfaceSerialHub - - SurfaceUpdate\Itouch - - To support Surface Laptop 3 with Intel Processor, import the following folders: - - - SurfaceUpdate\IclSerialIOGPIO - - SurfaceUpdate\IclSerialIOI2C - - SurfaceUpdate\IclSerialIOSPI - - SurfaceUpdate\IclSerialIOUART - - SurfaceUpdate\SurfaceHidMini - - SurfaceUpdate\SurfaceSerialHub - - SurfaceUpdate\SurfaceHotPlug - - SurfaceUpdate\Itouch - - > [!NOTE] - > For Surface Laptop 3 with Intel processor, the model is Surface Laptop 3. The remaining Surface Laptop drivers are located in the \MDT Deployment Share\Out-of-Box Drivers\Windows10\X64\Surface Laptop 3 folder. - -6. Verify that the WindowsPEX64 folder now contains the imported drivers. The folder should resemble the following: - - ![Image that shows the newly imported drivers in the WindowsPEX64 folder of the Deployment Workbench](./images/surface-laptop-keyboard-2.png) - -7. Configure a selection profile that uses the WindowsPEX64 folder. The selection profile should resemble the following: - - ![Image that shows the WindowsPEX64 folder selected as part of a selection profile](./images/surface-laptop-keyboard-3.png) - -8. Configure the Windows PE properties of the MDT deployment share to use the new selection profile, as follows: - - - For **Platform**, select **x64**. - - For **Selection profile**, select the new profile. - - Select **Include all drivers from the selection profile**. - - ![Image that shows the Windows PE properties of the MDT Deployment Share](./images/surface-laptop-keyboard-4.png) - -9. Verify that you have configured the remaining Surface Laptop drivers by using either a selection profile or a **DriverGroup001** variable. - - For Surface Laptop (1st Gen), the model is **Surface Laptop**. The remaining Surface Laptop drivers should reside in the \MDT Deployment Share\Out-of-Box Drivers\Windows10\X64\Surface Laptop folder as shown in the figure that follows this list. - - For Surface Laptop 2, the model is **Surface Laptop 2**. The remaining Surface Laptop drivers should reside in the \MDT Deployment Share\Out-of-Box Drivers\Windows10\X64\Surface Laptop 2 folder. - - For Surface Laptop 3 with Intel processor, the model is Surface Laptop 3. The remaining Surface Laptop drivers are located in the \MDT Deployment Share\Out-of-Box Drivers\Windows10\X64\Surface Laptop 3 folder. - - ![Image that shows the regular Surface Laptop (1st Gen) drivers in the Surface Laptop folder of the Deployment Workbench](./images/surface-laptop-keyboard-5.png) - -After configuring the MDT Deployment Share to use the new selection profile and related settings, continue the deployment process as described in [Deploy a Windows 10 image using MDT: Step 6: Create the deployment task sequence](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt#step-6-create-the-deployment-task-sequence). diff --git a/devices/surface/enroll-and-configure-surface-devices-with-semm.md b/devices/surface/enroll-and-configure-surface-devices-with-semm.md deleted file mode 100644 index 6eb848da41..0000000000 --- a/devices/surface/enroll-and-configure-surface-devices-with-semm.md +++ /dev/null @@ -1,151 +0,0 @@ ---- -title: Enroll and configure Surface devices with SEMM (Surface) -description: Learn how to create a Surface UEFI configuration package to control the settings of Surface UEFI, as well as enroll a Surface device in SEMM. -keywords: surface enterprise management -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: surface, devices, security -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.localizationpriority: medium -ms.audience: itpro -ms.reviewer: -manager: laurawi ---- - -# Enroll and configure Surface devices with SEMM - -With Microsoft Surface Enterprise Management Mode (SEMM), you can securely configure the settings of Surface UEFI on a Surface device and manage those settings on Surface devices in your organization. When a Surface device is managed by SEMM, that device is considered to be *enrolled* (sometimes referred to as activated). This article shows you how to create a Surface UEFI configuration package that will not only control the settings of Surface UEFI, but will also enroll a Surface device in SEMM. - -For a more high-level overview of SEMM, see [Microsoft Surface Enterprise Management Mode](https://technet.microsoft.com/itpro/surface/surface-enterprise-management-mode). - -A streamlined method of managing firmware from the cloud on Surface Pro 7,Surface Pro X and Surface Laptop 3 is now available via public preview. For more information,refer to [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md). - -> [!NOTE] -> SEMM is supported on Surface Pro X via the UEFI Manager only. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md). - -#### Download and install Microsoft Surface UEFI Configurator -The tool used to create SEMM packages is Microsoft Surface UEFI Configurator. You can download Microsoft Surface UEFI Configurator from the [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) page in the Microsoft Download Center. -Run the Microsoft Surface UEFI Configurator Windows Installer (.msi) file to start the installation of the tool. When the installer completes, find Microsoft Surface UEFI Configurator in the All Apps section of your Start menu. - ->[!NOTE] ->Microsoft Surface UEFI Configurator is supported only on Windows 10. - -## Create a Surface UEFI configuration package - -The Surface UEFI configuration package performs both the role of applying a new configuration of Surface UEFI settings to a Surface device managed with SEMM and the role of enrolling Surface devices in SEMM. The creation of a configuration package requires you to have a signing certificate to be used with SEMM to secure the configuration of UEFI settings on each Surface device. For more information about the requirements for the SEMM certificate, see [Microsoft Surface Enterprise Management Mode](https://technet.microsoft.com/itpro/surface/surface-enterprise-management-mode). - -To create a Surface UEFI configuration package, follow these steps: - -1. Open Microsoft Surface UEFI Configurator from the Start menu. -2. Click **Start**. -3. Click **Configuration Package**, as shown in Figure 1. - - ![Create a package for SEMM enrollment](images/surface-ent-mgmt-fig1-uefi-configurator.png "Create a package for SEMM enrollment") - - *Figure 1. Select Configuration Package to create a package for SEMM enrollment and configuration* - -4. Click **Certificate Protection** to add your exported certificate file with private key (.pfx), as shown in Figure 2. Browse to the location of your certificate file, select the file, and then click **OK**. - - ![Add the SEM certificate and Surface UEFI password to configuration package](images/surface-ent-mgmt-fig2-securepackage.png "Add the SEM certificate and Surface UEFI password to configuration package") - - *Figure 2. Add the SEMM certificate and Surface UEFI password to a Surface UEFI configuration package* - -5. When you are prompted to confirm the certificate password, enter and confirm the password for your certificate file, and then click **OK**. -6. Click **Password Protection** to add a password to Surface UEFI. This password will be required whenever you boot to UEFI. If this password is not entered, only the **PC information**, **About**, **Enterprise management**, and **Exit** pages will be displayed. This step is optional. -7. When you are prompted, enter and confirm your chosen password for Surface UEFI, and then click **OK**. If you want to clear an existing Surface UEFI password, leave the password field blank. -8. If you do not want the Surface UEFI package to apply to a particular device, on the **Choose which Surface type you want to target** page, click the slider beneath the corresponding Surface Book or Surface Pro 4 image so that it is in the **Off** position. (As shown in Figure 3.) - > [!NOTE] - > You must select a device as none are selected by default. - - ![Choose devices for package compatibility](images/surface-semm-enroll-fig3.jpg "Choose devices for package compatibility") - - *Figure 3. Choose the devices for package compatibility* - -9. Click **Next**. -10. If you want to deactivate a component on managed Surface devices, on the **Choose which components you want to activate or deactivate** page, click the slider next to any device or group of devices you want to deactivate so that the slider is in the **Off** position. (Shown in Figure 4.) The default configuration for each device is **On**. Click the **Reset** button if you want to return all sliders to the default position. - - ![Disable or enable Surface components](images/surface-ent-mgmt-fig3-enabledisable.png "Disable or enable Surface components") - - *Figure 4. Disable or enable individual Surface components* - -11. Click **Next**. -12. To enable or disable advanced options in Surface UEFI or the display of Surface UEFI pages, on the **Choose the advanced settings for your devices** page, click the slider beside the desired setting to configure that option to **On** or **Off** (shown in Figure 5). In the **UEFI Front Page** section, you can use the sliders for **Security**, **Devices**, and **Boot** to control what pages are available to users who boot into Surface UEFI. (For more information about Surface UEFI settings, see [Manage Surface UEFI settings](https://technet.microsoft.com/itpro/surface/manage-surface-uefi-settings).) Click **Build** when you have finished selecting options to generate and save the package. - - ![Control advanced Surface UEFI settings and Surface UEFI pages](images/surface-ent-mgmt-fig4-advancedsettings.png "Control advanced Surface UEFI settings and Surface UEFI pages") - - *Figure 5. Control advanced Surface UEFI settings and Surface UEFI pages with SEMM* - -13. In the **Save As** dialog box, specify a name for the Surface UEFI configuration package, browse to the location where you would like to save the file, and then click **Save**. -14. When the package is created and saved, the **Successful** page is displayed. - ->[!NOTE] ->Record the certificate thumbprint characters that are displayed on this page, as shown in Figure 6. You will need these characters to confirm enrollment of new Surface devices in SEMM. Click **End** to complete package creation and close Microsoft Surface UEFI Configurator. - -![Display of certificate thumbprint characters](images/surface-ent-mgmt-fig5-success.png "Display of certificate thumbprint characters") - -*Figure 6. The last two characters of the certificate thumbprint are displayed on the Successful page* - -Now that you have created your Surface UEFI configuration package, you can enroll or configure Surface devices. - ->[!NOTE] ->When a Surface UEFI configuration package is created, a log file is created on the desktop with details of the configuration package settings and options. - -## Enroll a Surface device in SEMM -When the Surface UEFI configuration package is executed, the SEMM certificate and Surface UEFI configuration files are staged in the firmware storage of the Surface device. When the Surface device reboots, Surface UEFI processes these files and begins the process of applying the Surface UEFI configuration or enrolling the Surface device in SEMM, as shown in Figure 7. - -![SEMM process for configuration of Surface UEFI or enrollment](images/surface-semm-enroll-fig7.png "SEMM process for configuration of Surface UEFI or enrollment") - -*Figure 7. The SEMM process for configuration of Surface UEFI or enrollment of a Surface device* - -Before you begin the process to enroll a Surface device in SEMM, ensure that you have the last two characters of the certificate thumbprint on hand. You will need these characters to confirm the device’s enrollment (see Figure 6). - -To enroll a Surface device in SEMM with a Surface UEFI configuration package, follow these steps: - -1. Run the Surface UEFI configuration package .msi file on the Surface device you want to enroll in SEMM. This will provision the Surface UEFI configuration file in the device’s firmware. -2. Select the **I accept the terms in the License Agreement** check box to accept the End User License Agreement (EULA), and then click **Install** to begin the installation process. -3. Click **Finish** to complete the Surface UEFI configuration package installation and restart the Surface device when you are prompted to do so. -4. Surface UEFI will load the configuration file and determine that SEMM is not enabled on the device. Surface UEFI will then begin the SEMM enrollment process, as follows: - * Surface UEFI will verify that the SEMM configuration file contains a SEMM certificate. - * Surface UEFI will prompt you to enter the last two characters of the certificate thumbprint to confirm enrollment of the Surface device in SEMM, as shown in Figure 8. - - ![SEMM enrollment requires last two characters of certificate thumbprint](images/surface-semm-enroll-fig8.png "SEMM enrollment requires last two characters of certificate thumbprint") - - *Figure 8. Enrollment in SEMM requires the last two characters of the certificate thumbprint* - - * Surface UEFI will store the SEMM certificate in firmware and apply the configuration settings that are specified in the Surface UEFI configuration file. - -5. The Surface device is now enrolled in SEMM and will boot to Windows. - -You can verify that a Surface device has been successfully enrolled in SEMM by looking for **Microsoft Surface Configuration Package** in **Programs and Features** (as shown in Figure 9), or in the events stored in the **Microsoft Surface UEFI Configurator** log, found under **Applications and Services Logs** in Event Viewer (as shown in Figure 10). - -![Verify enrollment of Surface device in SEMM in Programs and Features](images/surface-semm-enroll-fig9.png "Verify enrollment of Surface device in SEMM in Programs and Features") - -*Figure 9. Verify the enrollment of a Surface device in SEMM in Programs and Features* - -![Verify enrollment of Surface device in SEMM in Event Viewer](images/surface-semm-enroll-fig10.png "Verify enrollment of Surface device in SEMM in Event Viewer") - -*Figure 10. Verify the enrollment of a Surface device in SEMM in Event Viewer* - -You can also verify that the device is enrolled in SEMM in Surface UEFI – while the device is enrolled, Surface UEFI will contain the **Enterprise management** page (as shown in Figure 11). - -![Surface UEFI Enterprise management page](images/surface-semm-enroll-fig11.png "Surface UEFI Enterprise management page") - -*Figure 11. The Surface UEFI Enterprise management page* - - -## Configure Surface UEFI settings with SEMM - -After a device is enrolled in SEMM, you can run Surface UEFI configuration packages signed with the same SEMM certificate to apply new Surface UEFI settings. These settings are applied automatically the next time the device boots, without any interaction from the user. You can use application deployment solutions like Microsoft Endpoint Configuration Manager to deploy Surface UEFI configuration packages to Surface devices to change or manage the settings in Surface UEFI. - -For more information about how to deploy Windows Installer (.msi) files with Configuration Manager, see [Deploy and manage applications with Microsoft Endpoint Configuration Manager](https://technet.microsoft.com/library/mt627959). - -If you have secured Surface UEFI with a password, users without the password who attempt to boot to Surface UEFI will only have the **PC information**, **About**, **Enterprise management**, and **Exit** pages displayed to them. - -If you have not secured Surface UEFI with a password or a user enters the password correctly, settings that are configured with SEMM will be dimmed (unavailable) and the text Some settings are managed by your organization will be displayed at the top of the page, as shown in Figure 12. - -![Settings managed by SEMM disabled in Surface UEFI](images/surface-semm-enroll-fig12.png "Settings managed by SEMM disabled in Surface UEFI") - -*Figure 12. Settings managed by SEMM will be disabled in Surface UEFI* diff --git a/devices/surface/ethernet-adapters-and-surface-device-deployment.md b/devices/surface/ethernet-adapters-and-surface-device-deployment.md deleted file mode 100644 index a68242b88a..0000000000 --- a/devices/surface/ethernet-adapters-and-surface-device-deployment.md +++ /dev/null @@ -1,96 +0,0 @@ ---- -title: Ethernet adapters and Surface deployment (Surface) -description: This article provides guidance and answers to help you perform a network deployment to Surface devices. -ms.assetid: 5273C59E-6039-4E50-96B3-426BB38A64C0 -ms.reviewer: -manager: laurawi -keywords: ethernet, deploy, removable, network, connectivity, boot, firmware, device, adapter, PXE boot, USB -ms.localizationpriority: medium -ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: surface, devices -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.audience: itpro ---- - -# Ethernet adapters and Surface deployment - - -This article provides guidance and answers to help you perform a network deployment to Surface devices including Surface Pro 3 and later. - -Network deployment to Surface devices can pose some unique challenges for system administrators. Due to the lack of a native wired Ethernet adapter, administrators must provide connectivity through a removable Ethernet adapter. - -## Select an Ethernet adapter for Surface devices - - -Before you can address the concerns of how you will boot to your deployment environment or how devices will be recognized by your deployment solution, you have to use a wired network adapter. - -The primary concern when selecting an Ethernet adapter is how that adapter will boot your Surface device from the network. If you are pre-staging clients with Windows Deployment Services (WDS) or if you are using Microsoft Endpoint Configuration Manager, you may also want to consider whether the removable Ethernet adapters will be dedicated to a specific Surface device or shared among multiple devices. For more information on potential conflicts with shared adapters, see [Manage MAC addresses with removable Ethernet adapters](#manage-mac-addresses) later in this article. - -Booting from the network (PXE boot) is only supported when you use an Ethernet adapter or docking station from Microsoft. To boot from the network, the chipset in the Ethernet adapter or dock must be detected and configured as a boot device in the firmware of the Surface device. Microsoft Ethernet adapters, such as the Surface Ethernet Adapter and the [Surface Dock](https://www.microsoft.com/surface/accessories/surface-dock) use a chipset that is compatible with the Surface firmware. - -The following Ethernet devices are supported for network boot with Surface devices: - -- Surface USB-C to Ethernet and USB 3.0 Adapter - -- Surface USB 3.0 to Gigabit Ethernet Adapter - -- Surface Dock - -- Surface 3 Docking Station - -- Surface Pro 3 Docking Station - -- Docking Station for Surface Pro and Surface Pro 2 - -Third-party Ethernet adapters are also supported for network deployment, although they do not support PXE boot. To use a third-party Ethernet adapter, you must load the drivers into the deployment boot image and you must launch that boot image from a separate storage device, such as a USB stick. - -## Boot Surface devices from the network - -To boot from the network or a connected USB stick, you must instruct the Surface device to boot from an alternate boot device. You can alter the boot order in the system firmware to prioritize USB boot devices, or you can instruct it to boot from an alternate boot device during the boot up process. - -To boot a Surface device from an alternative boot device, follow these steps: - -1. Ensure the Surface device is powered off. -2. Press and hold the **Volume Down** button. -3. Press and release the **Power** button. -4. After the system begins to boot from the USB stick or Ethernet adapter, release the **Volume Down** button. - ->[!NOTE] ->In addition to an Ethernet adapter, a keyboard must also be connected to the Surface device to enter the preinstallation environment and navigate the deployment wizard. - -  -For Windows 10, version 1511 and later – including the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10, version 1511 – the drivers for Microsoft Surface Ethernet Adapters are present by default. If you are using a deployment solution that uses Windows Preinstallation Environment (WinPE), like the Microsoft Deployment Toolkit, and booting from the network with PXE, ensure that your deployment solution is using the latest version of the Windows ADK. - -## Manage MAC addresses with removable Ethernet adapters - -Another consideration for administrators performing Windows deployment over the network is how you will identify computers when you use the same Ethernet adapter to deploy to more than one computer. A common identifier used by deployment technologies is the Media Access Control (MAC) address that is associated with each Ethernet adapter. However, when you use the same Ethernet adapter to deploy to multiple computers, you cannot use a deployment technology that inspects MAC addresses because there is no way to differentiate the MAC address of the removable adapter when used on the different computers. - -The simplest solution to avoid MAC address conflicts is to provide a dedicated removable Ethernet adapter for each Surface device. This can make sense in many scenarios where the Ethernet adapter or the additional functionality of the docking station will be used regularly. However, not all scenarios call for the additional connectivity of a docking station or support for wired networks. - -Another potential solution to avoid conflict when adapters are shared is to use the [Microsoft Deployment Toolkit (MDT)](https://technet.microsoft.com/windows/dn475741) to perform deployment to Surface devices. MDT does not use the MAC address to identify individual computers and thus is not subject to this limitation. However, MDT does use Windows Deployment Services to provide PXE boot functionality, and is subject to the limitations regarding pre-staged clients which is covered later in this section. - -When you use a shared adapter for deployment, the solution for affected deployment technologies is to use another means to identify unique systems. For Configuration Manager and WDS, both of which can be affected by this issue, the solution is to use the System Universal Unique Identifier (System UUID) that is embedded in the computer firmware by the computer manufacturer. For Surface devices, you can see this entry in the computer firmware under **Device Information**. - -To access the firmware of a Surface device, follow these steps: - -1. Ensure the Surface device is powered off. -2. Press and hold the **Volume Up** button. -3. Press and release the **Power** button. -4. After the device begins to boot, release the **Volume Up** button. - -When deploying with WDS, the MAC address is only used to identify a computer when the deployment server is configured to respond only to known, pre-staged clients. When pre-staging a client, an administrator creates a computer account in Active Directory and defines that computer by the MAC address or the System UUID. To avoid the identity conflicts caused by shared Ethernet adapters, you should use [System UUID to define pre-staged clients](https://technet.microsoft.com/library/cc742034). Alternatively, you can configure WDS to respond to unknown clients that do not require definition by either MAC address or System UUID by selecting the **Respond to all client computers (known and unknown)** option on the [**PXE Response** tab](https://technet.microsoft.com/library/cc732360) in **Windows Deployment Server Properties**. - -The potential for conflicts with shared Ethernet adapters is much higher with Configuration Manager. Where WDS only uses MAC addresses to define individual systems when configured to do so, Configuration Manager uses the MAC address to define individual systems whenever performing a deployment to new or unknown computers. This can result in improperly configured devices or even the inability to deploy more than one system with a shared Ethernet adapter. There are several potential solutions for this situation that are described in detail in [How to Use The Same External Ethernet Adapter For Multiple SCCM OSD](https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/how-to-use-the-same-external-ethernet-adapter-for-multiple-sccm/ba-p/257374), a blog post on the Core Infrastructure and Security Blog. - -  - -  - - - - - diff --git a/devices/surface/get-started.yml b/devices/surface/get-started.yml deleted file mode 100644 index 0c309e50b7..0000000000 --- a/devices/surface/get-started.yml +++ /dev/null @@ -1,116 +0,0 @@ -### YamlMime:Landing - -title: Surface devices documentation # < 60 chars -summary: Harness the power of Surface, Windows, and Office connected together through the cloud. # < 160 chars - -metadata: - title: Surface devices documentation # Required; page title displayed in search results. Include the brand. < 60 chars. - description: Get started with Microsoft Surface devices # Required; article description that is displayed in search results. < 160 chars. - ms.service: product-insights #Required; service per approved list. service slug assigned to your service by ACOM. - ms.topic: landing-page # Required - manager: laurawi - author: greg-lindsay #Required; your GitHub user alias, with correct capitalization. - ms.author: greglin #Required; microsoft alias of author; optional team alias. - audience: itpro - ms.localizationpriority: High - -# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new - -landingContent: -# Cards and links should be based on top customer tasks or top subjects -# Start card title with a verb - # Card (optional) - - title: Surface devices - linkLists: - - linkListType: overview - links: - - text: Surface Go 2 for Business - url: https://www.microsoft.com/surface/business/surface-go-2 - - text: Surface Book 3 for Business - url: https://www.microsoft.com/surface/business/surface-book-3 - - text: Explore all Surface family products - url: https://www.microsoft.com/surface/business - - # Card (optional) - - title: Get started - linkLists: - - linkListType: get-started - links: - - text: Surface Book 3 GPU technical overview - url: surface-book-gpu-overview.md - - text: Surface Book 3 Quadro RTX 3000 technical overview - url: surface-book-quadro.md - - text: What’s new in Surface Dock 2 - url: surface-dock-whats-new.md - - # Card - - title: Deploy Surface devices - linkLists: - - linkListType: deploy - links: - - text: Surface Deployment Accelerator tool - url: microsoft-surface-deployment-accelerator.md - - text: Autopilot and Surface devices - url: windows-autopilot-and-surface-devices.md - - text: Windows Virtual Desktop on Surface - url: windows-virtual-desktop-surface.md - - # Card - - title: Manage Surface devices - linkLists: - - linkListType: how-to-guide - links: - - text: Manage and deploy Surface driver and firmware updates - url: manage-surface-driver-and-firmware-updates.md - - text: Best practice power settings for Surface devices - url: maintain-optimal-power-settings-on-Surface-devices.md - - text: Optimize Wi-Fi connectivity for Surface devices - url: surface-wireless-connect.md - - # Card - - title: Explore security guidance - linkLists: - - linkListType: how-to-guide - links: - - text: Secure Surface Dock 2 ports with Surface Enterprise Management Mode (SEMM) - url: secure-surface-dock-ports-semm.md - - text: Intune management of Surface UEFI settings - url: surface-manage-dfci-guide.md - - text: Surface Data Eraser tool - url: microsoft-surface-data-eraser.md - - # Card - - title: Discover Surface tools - linkLists: - - linkListType: how-to-guide - links: - - text: Surface Diagnostic Toolkit for Business - url: surface-diagnostic-toolkit-for-business-intro.md - - text: SEMM and UEFI - url: surface-enterprise-management-mode.md - - text: Battery Limit setting - url: battery-limit.md - - # Card - - title: Browse support solutions - linkLists: - - linkListType: learn - links: - - text: Top support solutions - url: support-solutions-surface.md - - text: Protecting your data during Surface repair or service - url: https://support.microsoft.com/help/4023508/surface-faq-protecting-your-data-service - - text: Troubleshoot Surface Dock and docking stations - url: https://support.microsoft.com/help/4023468/surface-troubleshoot-surface-dock-and-docking-stations - -# Card - - title: Participate in Surface Community - linkLists: - - linkListType: learn - links: - - text: Surface IT Pro blog - url: https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/bg-p/SurfaceITPro - - text: Surface Devices Tech Community - url: https://techcommunity.microsoft.com/t5/Surface-Devices/ct-p/SurfaceDevices - - text: Microsoft Mechanics Surface videos - url: https://www.youtube.com/watch?v=Uk2kJ5FUZxY&list=PLXtHYVsvn_b__1Baibdu4elN4SoF3JTBZ diff --git a/devices/surface/images/Surface-Devices-400x140.svg b/devices/surface/images/Surface-Devices-400x140.svg deleted file mode 100644 index 4414de0f16..0000000000 --- a/devices/surface/images/Surface-Devices-400x140.svg +++ /dev/null @@ -1,25 +0,0 @@ - - - - -Surface-Devices-400x140 - - - - - - - - - - - diff --git a/devices/surface/images/Surface-Hub-400x140.svg b/devices/surface/images/Surface-Hub-400x140.svg deleted file mode 100644 index f5a5c12a56..0000000000 --- a/devices/surface/images/Surface-Hub-400x140.svg +++ /dev/null @@ -1,51 +0,0 @@ - - - - -win_it-pro-6 - - - - - - - - - - - - - DevicesLaptopTablet-blue - - - - - - - - - - - - - - - - diff --git a/devices/surface/images/Surface-Workplace-400x140.svg b/devices/surface/images/Surface-Workplace-400x140.svg deleted file mode 100644 index 9bb3779192..0000000000 --- a/devices/surface/images/Surface-Workplace-400x140.svg +++ /dev/null @@ -1,33 +0,0 @@ - - - - -SharePoint_Doc_3_400x140 - - users_group - - - - - - - - - - - - - - diff --git a/devices/surface/images/assettag-fig1.png b/devices/surface/images/assettag-fig1.png deleted file mode 100644 index 5ccb36c85f..0000000000 Binary files a/devices/surface/images/assettag-fig1.png and /dev/null differ diff --git a/devices/surface/images/config-mgr-semm-fig1.png b/devices/surface/images/config-mgr-semm-fig1.png deleted file mode 100644 index 7ff888c2e2..0000000000 Binary files a/devices/surface/images/config-mgr-semm-fig1.png and /dev/null differ diff --git a/devices/surface/images/config-mgr-semm-fig2.png b/devices/surface/images/config-mgr-semm-fig2.png deleted file mode 100644 index 33836c09eb..0000000000 Binary files a/devices/surface/images/config-mgr-semm-fig2.png and /dev/null differ diff --git a/devices/surface/images/config-mgr-semm-fig3.png b/devices/surface/images/config-mgr-semm-fig3.png deleted file mode 100644 index e699359552..0000000000 Binary files a/devices/surface/images/config-mgr-semm-fig3.png and /dev/null differ diff --git a/devices/surface/images/data-eraser-3.png b/devices/surface/images/data-eraser-3.png deleted file mode 100644 index eed3836aa7..0000000000 Binary files a/devices/surface/images/data-eraser-3.png and /dev/null differ diff --git a/devices/surface/images/dataeraser-arch.png b/devices/surface/images/dataeraser-arch.png deleted file mode 100644 index 5010120cf1..0000000000 Binary files a/devices/surface/images/dataeraser-arch.png and /dev/null differ diff --git a/devices/surface/images/dataeraser-complete-process.png b/devices/surface/images/dataeraser-complete-process.png deleted file mode 100644 index c7d0ee1d09..0000000000 Binary files a/devices/surface/images/dataeraser-complete-process.png and /dev/null differ diff --git a/devices/surface/images/dataeraser-start-tool.png b/devices/surface/images/dataeraser-start-tool.png deleted file mode 100644 index a727d8a870..0000000000 Binary files a/devices/surface/images/dataeraser-start-tool.png and /dev/null differ diff --git a/devices/surface/images/dataeraser-usb-selection.png b/devices/surface/images/dataeraser-usb-selection.png deleted file mode 100644 index 6c5382c7b0..0000000000 Binary files a/devices/surface/images/dataeraser-usb-selection.png and /dev/null differ diff --git a/devices/surface/images/deploysurfapp-fig2-selectingofflinelicense.png b/devices/surface/images/deploysurfapp-fig2-selectingofflinelicense.png deleted file mode 100644 index eb7a2ef787..0000000000 Binary files a/devices/surface/images/deploysurfapp-fig2-selectingofflinelicense.png and /dev/null differ diff --git a/devices/surface/images/deploysurfapp-fig3-acknowledge.png b/devices/surface/images/deploysurfapp-fig3-acknowledge.png deleted file mode 100644 index dd59593baf..0000000000 Binary files a/devices/surface/images/deploysurfapp-fig3-acknowledge.png and /dev/null differ diff --git a/devices/surface/images/deploysurfapp-fig4-downloadappxbundle.png b/devices/surface/images/deploysurfapp-fig4-downloadappxbundle.png deleted file mode 100644 index 59b96e327b..0000000000 Binary files a/devices/surface/images/deploysurfapp-fig4-downloadappxbundle.png and /dev/null differ diff --git a/devices/surface/images/deploysurfapp-fig5-requiredframework.png b/devices/surface/images/deploysurfapp-fig5-requiredframework.png deleted file mode 100644 index 24d6e7edd8..0000000000 Binary files a/devices/surface/images/deploysurfapp-fig5-requiredframework.png and /dev/null differ diff --git a/devices/surface/images/deploysurfapp-figure1-enablingapps.png b/devices/surface/images/deploysurfapp-figure1-enablingapps.png deleted file mode 100644 index 78bfef9e8b..0000000000 Binary files a/devices/surface/images/deploysurfapp-figure1-enablingapps.png and /dev/null differ diff --git a/devices/surface/images/df1.png b/devices/surface/images/df1.png deleted file mode 100644 index 92aff587bc..0000000000 Binary files a/devices/surface/images/df1.png and /dev/null differ diff --git a/devices/surface/images/df2a.png b/devices/surface/images/df2a.png deleted file mode 100644 index 2a755ac374..0000000000 Binary files a/devices/surface/images/df2a.png and /dev/null differ diff --git a/devices/surface/images/df3.png b/devices/surface/images/df3.png deleted file mode 100644 index c5263ce83f..0000000000 Binary files a/devices/surface/images/df3.png and /dev/null differ diff --git a/devices/surface/images/df3b.png b/devices/surface/images/df3b.png deleted file mode 100644 index 60370c5541..0000000000 Binary files a/devices/surface/images/df3b.png and /dev/null differ diff --git a/devices/surface/images/dfciconfig.png b/devices/surface/images/dfciconfig.png deleted file mode 100644 index 2e8b0b4fee..0000000000 Binary files a/devices/surface/images/dfciconfig.png and /dev/null differ diff --git a/devices/surface/images/discovertools.png b/devices/surface/images/discovertools.png deleted file mode 100644 index 2568398824..0000000000 Binary files a/devices/surface/images/discovertools.png and /dev/null differ diff --git a/devices/surface/images/enable-bl-sp3-2.png b/devices/surface/images/enable-bl-sp3-2.png deleted file mode 100644 index f1940c403f..0000000000 Binary files a/devices/surface/images/enable-bl-sp3-2.png and /dev/null differ diff --git a/devices/surface/images/enable-bl-sp3.png b/devices/surface/images/enable-bl-sp3.png deleted file mode 100644 index 7fa99786f1..0000000000 Binary files a/devices/surface/images/enable-bl-sp3.png and /dev/null differ diff --git a/devices/surface/images/enable-bl.png b/devices/surface/images/enable-bl.png deleted file mode 100644 index b1f7cff7f6..0000000000 Binary files a/devices/surface/images/enable-bl.png and /dev/null differ diff --git a/devices/surface/images/fig1-downloads-msi.png b/devices/surface/images/fig1-downloads-msi.png deleted file mode 100644 index 4d8b1410ff..0000000000 Binary files a/devices/surface/images/fig1-downloads-msi.png and /dev/null differ diff --git a/devices/surface/images/go-batterylimit.png b/devices/surface/images/go-batterylimit.png deleted file mode 100644 index 893e78ea9f..0000000000 Binary files a/devices/surface/images/go-batterylimit.png and /dev/null differ diff --git a/devices/surface/images/graphics-settings2.png b/devices/surface/images/graphics-settings2.png deleted file mode 100644 index 3ee5235962..0000000000 Binary files a/devices/surface/images/graphics-settings2.png and /dev/null differ diff --git a/devices/surface/images/manage-surface-dock-fig1-updateprocess.png b/devices/surface/images/manage-surface-dock-fig1-updateprocess.png deleted file mode 100644 index e779fa33ef..0000000000 Binary files a/devices/surface/images/manage-surface-dock-fig1-updateprocess.png and /dev/null differ diff --git a/devices/surface/images/manage-surface-driver-updates-1.png b/devices/surface/images/manage-surface-driver-updates-1.png deleted file mode 100644 index 58cec90ea0..0000000000 Binary files a/devices/surface/images/manage-surface-driver-updates-1.png and /dev/null differ diff --git a/devices/surface/images/manage-surface-driver-updates-2.png b/devices/surface/images/manage-surface-driver-updates-2.png deleted file mode 100644 index 26bcfcda74..0000000000 Binary files a/devices/surface/images/manage-surface-driver-updates-2.png and /dev/null differ diff --git a/devices/surface/images/manage-surface-driver-updates-3.png b/devices/surface/images/manage-surface-driver-updates-3.png deleted file mode 100644 index e1dafd7f15..0000000000 Binary files a/devices/surface/images/manage-surface-driver-updates-3.png and /dev/null differ diff --git a/devices/surface/images/manage-surface-driver-updates-4.png b/devices/surface/images/manage-surface-driver-updates-4.png deleted file mode 100644 index 5e6e4cafb4..0000000000 Binary files a/devices/surface/images/manage-surface-driver-updates-4.png and /dev/null differ diff --git a/devices/surface/images/manage-surface-uefi-fig10.png b/devices/surface/images/manage-surface-uefi-fig10.png deleted file mode 100644 index daccc0efbb..0000000000 Binary files a/devices/surface/images/manage-surface-uefi-fig10.png and /dev/null differ diff --git a/devices/surface/images/manage-surface-uefi-fig11.png b/devices/surface/images/manage-surface-uefi-fig11.png deleted file mode 100644 index 34d2dc5342..0000000000 Binary files a/devices/surface/images/manage-surface-uefi-fig11.png and /dev/null differ diff --git a/devices/surface/images/manage-surface-uefi-fig12.png b/devices/surface/images/manage-surface-uefi-fig12.png deleted file mode 100644 index b7a58d16c2..0000000000 Binary files a/devices/surface/images/manage-surface-uefi-fig12.png and /dev/null differ diff --git a/devices/surface/images/manage-surface-uefi-fig13.png b/devices/surface/images/manage-surface-uefi-fig13.png deleted file mode 100644 index ee4691bf9e..0000000000 Binary files a/devices/surface/images/manage-surface-uefi-fig13.png and /dev/null differ diff --git a/devices/surface/images/manage-surface-uefi-fig14.png b/devices/surface/images/manage-surface-uefi-fig14.png deleted file mode 100644 index 8224fb5bab..0000000000 Binary files a/devices/surface/images/manage-surface-uefi-fig14.png and /dev/null differ diff --git a/devices/surface/images/manage-surface-uefi-fig15.png b/devices/surface/images/manage-surface-uefi-fig15.png deleted file mode 100644 index 8973b83528..0000000000 Binary files a/devices/surface/images/manage-surface-uefi-fig15.png and /dev/null differ diff --git a/devices/surface/images/manage-surface-uefi-fig16.png b/devices/surface/images/manage-surface-uefi-fig16.png deleted file mode 100644 index cac0f7c1c1..0000000000 Binary files a/devices/surface/images/manage-surface-uefi-fig16.png and /dev/null differ diff --git a/devices/surface/images/manage-surface-uefi-fig17.png b/devices/surface/images/manage-surface-uefi-fig17.png deleted file mode 100644 index 8b66d3605f..0000000000 Binary files a/devices/surface/images/manage-surface-uefi-fig17.png and /dev/null differ diff --git a/devices/surface/images/manage-surface-uefi-fig18.png b/devices/surface/images/manage-surface-uefi-fig18.png deleted file mode 100644 index 8845608fbd..0000000000 Binary files a/devices/surface/images/manage-surface-uefi-fig18.png and /dev/null differ diff --git a/devices/surface/images/manage-surface-uefi-fig19.png b/devices/surface/images/manage-surface-uefi-fig19.png deleted file mode 100644 index 8845608fbd..0000000000 Binary files a/devices/surface/images/manage-surface-uefi-fig19.png and /dev/null differ diff --git a/devices/surface/images/manage-surface-uefi-fig2.png b/devices/surface/images/manage-surface-uefi-fig2.png deleted file mode 100644 index 6d8e4b41c8..0000000000 Binary files a/devices/surface/images/manage-surface-uefi-fig2.png and /dev/null differ diff --git a/devices/surface/images/manage-surface-uefi-fig3.png b/devices/surface/images/manage-surface-uefi-fig3.png deleted file mode 100644 index 4ae63c2a49..0000000000 Binary files a/devices/surface/images/manage-surface-uefi-fig3.png and /dev/null differ diff --git a/devices/surface/images/manage-surface-uefi-fig4.png b/devices/surface/images/manage-surface-uefi-fig4.png deleted file mode 100644 index 480b1d7f46..0000000000 Binary files a/devices/surface/images/manage-surface-uefi-fig4.png and /dev/null differ diff --git a/devices/surface/images/manage-surface-uefi-fig5-a.png b/devices/surface/images/manage-surface-uefi-fig5-a.png deleted file mode 100644 index 7605291e93..0000000000 Binary files a/devices/surface/images/manage-surface-uefi-fig5-a.png and /dev/null differ diff --git a/devices/surface/images/manage-surface-uefi-fig5.png b/devices/surface/images/manage-surface-uefi-fig5.png deleted file mode 100644 index 00bb44ea76..0000000000 Binary files a/devices/surface/images/manage-surface-uefi-fig5.png and /dev/null differ diff --git a/devices/surface/images/manage-surface-uefi-fig5a.png b/devices/surface/images/manage-surface-uefi-fig5a.png deleted file mode 100644 index 7baecb2fff..0000000000 Binary files a/devices/surface/images/manage-surface-uefi-fig5a.png and /dev/null differ diff --git a/devices/surface/images/manage-surface-uefi-fig6.png b/devices/surface/images/manage-surface-uefi-fig6.png deleted file mode 100644 index e424e84f4b..0000000000 Binary files a/devices/surface/images/manage-surface-uefi-fig6.png and /dev/null differ diff --git a/devices/surface/images/manage-surface-uefi-fig7.png b/devices/surface/images/manage-surface-uefi-fig7.png deleted file mode 100644 index b0a49134f3..0000000000 Binary files a/devices/surface/images/manage-surface-uefi-fig7.png and /dev/null differ diff --git a/devices/surface/images/manage-surface-uefi-fig7a.png b/devices/surface/images/manage-surface-uefi-fig7a.png deleted file mode 100644 index 62e6536ea8..0000000000 Binary files a/devices/surface/images/manage-surface-uefi-fig7a.png and /dev/null differ diff --git a/devices/surface/images/manage-surface-uefi-fig8.png b/devices/surface/images/manage-surface-uefi-fig8.png deleted file mode 100644 index 2269fe6c17..0000000000 Binary files a/devices/surface/images/manage-surface-uefi-fig8.png and /dev/null differ diff --git a/devices/surface/images/manage-surface-uefi-fig9.png b/devices/surface/images/manage-surface-uefi-fig9.png deleted file mode 100644 index 7d36f66808..0000000000 Binary files a/devices/surface/images/manage-surface-uefi-fig9.png and /dev/null differ diff --git a/devices/surface/images/manage-surface-uefi-figure-1.png b/devices/surface/images/manage-surface-uefi-figure-1.png deleted file mode 100644 index cd5a789d70..0000000000 Binary files a/devices/surface/images/manage-surface-uefi-figure-1.png and /dev/null differ diff --git a/devices/surface/images/managefirmware.png b/devices/surface/images/managefirmware.png deleted file mode 100644 index 392bcc601c..0000000000 Binary files a/devices/surface/images/managefirmware.png and /dev/null differ diff --git a/devices/surface/images/managesettings.png b/devices/surface/images/managesettings.png deleted file mode 100644 index 0f0567f97c..0000000000 Binary files a/devices/surface/images/managesettings.png and /dev/null differ diff --git a/devices/surface/images/mdt.png b/devices/surface/images/mdt.png deleted file mode 100644 index e185c8c501..0000000000 Binary files a/devices/surface/images/mdt.png and /dev/null differ diff --git a/devices/surface/images/powerintrofig1.png b/devices/surface/images/powerintrofig1.png deleted file mode 100644 index d33b9922fd..0000000000 Binary files a/devices/surface/images/powerintrofig1.png and /dev/null differ diff --git a/devices/surface/images/powerintrofig1a.png b/devices/surface/images/powerintrofig1a.png deleted file mode 100644 index e704b940c9..0000000000 Binary files a/devices/surface/images/powerintrofig1a.png and /dev/null differ diff --git a/devices/surface/images/powerintrofig2.png b/devices/surface/images/powerintrofig2.png deleted file mode 100644 index eea52a8f3d..0000000000 Binary files a/devices/surface/images/powerintrofig2.png and /dev/null differ diff --git a/devices/surface/images/powerintrofig2a.png b/devices/surface/images/powerintrofig2a.png deleted file mode 100644 index e00fe81105..0000000000 Binary files a/devices/surface/images/powerintrofig2a.png and /dev/null differ diff --git a/devices/surface/images/powerintrofig3.png b/devices/surface/images/powerintrofig3.png deleted file mode 100644 index 08e9cd36a3..0000000000 Binary files a/devices/surface/images/powerintrofig3.png and /dev/null differ diff --git a/devices/surface/images/powerintrofig4.png b/devices/surface/images/powerintrofig4.png deleted file mode 100644 index f983673f35..0000000000 Binary files a/devices/surface/images/powerintrofig4.png and /dev/null differ diff --git a/devices/surface/images/preparewindowsdeployment.png b/devices/surface/images/preparewindowsdeployment.png deleted file mode 100644 index d7c04abc9e..0000000000 Binary files a/devices/surface/images/preparewindowsdeployment.png and /dev/null differ diff --git a/devices/surface/images/regeditDock.png b/devices/surface/images/regeditDock.png deleted file mode 100644 index e074712665..0000000000 Binary files a/devices/surface/images/regeditDock.png and /dev/null differ diff --git a/devices/surface/images/sccm.png b/devices/surface/images/sccm.png deleted file mode 100644 index 754f2ef89f..0000000000 Binary files a/devices/surface/images/sccm.png and /dev/null differ diff --git a/devices/surface/images/sda-fig1-select-steps.png b/devices/surface/images/sda-fig1-select-steps.png deleted file mode 100644 index cb5c24c2e0..0000000000 Binary files a/devices/surface/images/sda-fig1-select-steps.png and /dev/null differ diff --git a/devices/surface/images/sda-fig2-specify-local.png b/devices/surface/images/sda-fig2-specify-local.png deleted file mode 100644 index a7eb4d5b33..0000000000 Binary files a/devices/surface/images/sda-fig2-specify-local.png and /dev/null differ diff --git a/devices/surface/images/sda-fig5-erase.png b/devices/surface/images/sda-fig5-erase.png deleted file mode 100644 index 8ac3e174a7..0000000000 Binary files a/devices/surface/images/sda-fig5-erase.png and /dev/null differ diff --git a/devices/surface/images/sda.png b/devices/surface/images/sda.png deleted file mode 100644 index b9433dcd4a..0000000000 Binary files a/devices/surface/images/sda.png and /dev/null differ diff --git a/devices/surface/images/sdasteps-fig1.png b/devices/surface/images/sdasteps-fig1.png deleted file mode 100644 index 2f83597305..0000000000 Binary files a/devices/surface/images/sdasteps-fig1.png and /dev/null differ diff --git a/devices/surface/images/sdasteps-fig10-rules.png b/devices/surface/images/sdasteps-fig10-rules.png deleted file mode 100644 index 581c6f1492..0000000000 Binary files a/devices/surface/images/sdasteps-fig10-rules.png and /dev/null differ diff --git a/devices/surface/images/sdasteps-fig11-bootstrap.ini.png b/devices/surface/images/sdasteps-fig11-bootstrap.ini.png deleted file mode 100644 index 64a4bd9aad..0000000000 Binary files a/devices/surface/images/sdasteps-fig11-bootstrap.ini.png and /dev/null differ diff --git a/devices/surface/images/sdasteps-fig12-updatemedia.png b/devices/surface/images/sdasteps-fig12-updatemedia.png deleted file mode 100644 index 01a677ba02..0000000000 Binary files a/devices/surface/images/sdasteps-fig12-updatemedia.png and /dev/null differ diff --git a/devices/surface/images/sdasteps-fig13-taskseq.png b/devices/surface/images/sdasteps-fig13-taskseq.png deleted file mode 100644 index 1fe51f0b60..0000000000 Binary files a/devices/surface/images/sdasteps-fig13-taskseq.png and /dev/null differ diff --git a/devices/surface/images/sdasteps-fig14-credentials.png b/devices/surface/images/sdasteps-fig14-credentials.png deleted file mode 100644 index d2944325f4..0000000000 Binary files a/devices/surface/images/sdasteps-fig14-credentials.png and /dev/null differ diff --git a/devices/surface/images/sdasteps-fig15-deploy.png b/devices/surface/images/sdasteps-fig15-deploy.png deleted file mode 100644 index 14cc461225..0000000000 Binary files a/devices/surface/images/sdasteps-fig15-deploy.png and /dev/null differ diff --git a/devices/surface/images/sdasteps-fig16-computername.png b/devices/surface/images/sdasteps-fig16-computername.png deleted file mode 100644 index 1960c5b138..0000000000 Binary files a/devices/surface/images/sdasteps-fig16-computername.png and /dev/null differ diff --git a/devices/surface/images/sdasteps-fig17-installprogresswindow.png b/devices/surface/images/sdasteps-fig17-installprogresswindow.png deleted file mode 100644 index ab2c456857..0000000000 Binary files a/devices/surface/images/sdasteps-fig17-installprogresswindow.png and /dev/null differ diff --git a/devices/surface/images/sdasteps-fig2.png b/devices/surface/images/sdasteps-fig2.png deleted file mode 100644 index 4edeb35ca3..0000000000 Binary files a/devices/surface/images/sdasteps-fig2.png and /dev/null differ diff --git a/devices/surface/images/sdasteps-fig3.png b/devices/surface/images/sdasteps-fig3.png deleted file mode 100644 index 728ddab514..0000000000 Binary files a/devices/surface/images/sdasteps-fig3.png and /dev/null differ diff --git a/devices/surface/images/sdasteps-fig4-select.png b/devices/surface/images/sdasteps-fig4-select.png deleted file mode 100644 index 15d4df2af7..0000000000 Binary files a/devices/surface/images/sdasteps-fig4-select.png and /dev/null differ diff --git a/devices/surface/images/sdasteps-fig5-installwindow.png b/devices/surface/images/sdasteps-fig5-installwindow.png deleted file mode 100644 index 66f1814146..0000000000 Binary files a/devices/surface/images/sdasteps-fig5-installwindow.png and /dev/null differ diff --git a/devices/surface/images/sdasteps-fig6-specify-driver-app-files.png b/devices/surface/images/sdasteps-fig6-specify-driver-app-files.png deleted file mode 100644 index cb82d3fec7..0000000000 Binary files a/devices/surface/images/sdasteps-fig6-specify-driver-app-files.png and /dev/null differ diff --git a/devices/surface/images/sdasteps-fig7-diskpart.png b/devices/surface/images/sdasteps-fig7-diskpart.png deleted file mode 100644 index 70b517f3f1..0000000000 Binary files a/devices/surface/images/sdasteps-fig7-diskpart.png and /dev/null differ diff --git a/devices/surface/images/sdasteps-fig8-mediafolder.png b/devices/surface/images/sdasteps-fig8-mediafolder.png deleted file mode 100644 index f6a862e60f..0000000000 Binary files a/devices/surface/images/sdasteps-fig8-mediafolder.png and /dev/null differ diff --git a/devices/surface/images/sdasteps-fig9-location.png b/devices/surface/images/sdasteps-fig9-location.png deleted file mode 100644 index c8247de908..0000000000 Binary files a/devices/surface/images/sdasteps-fig9-location.png and /dev/null differ diff --git a/devices/surface/images/sdt-1.png b/devices/surface/images/sdt-1.png deleted file mode 100644 index fb10753608..0000000000 Binary files a/devices/surface/images/sdt-1.png and /dev/null differ diff --git a/devices/surface/images/sdt-2.png b/devices/surface/images/sdt-2.png deleted file mode 100644 index be951967f0..0000000000 Binary files a/devices/surface/images/sdt-2.png and /dev/null differ diff --git a/devices/surface/images/sdt-3.png b/devices/surface/images/sdt-3.png deleted file mode 100644 index 0d3077cc1b..0000000000 Binary files a/devices/surface/images/sdt-3.png and /dev/null differ diff --git a/devices/surface/images/sdt-4.png b/devices/surface/images/sdt-4.png deleted file mode 100644 index babddbb240..0000000000 Binary files a/devices/surface/images/sdt-4.png and /dev/null differ diff --git a/devices/surface/images/sdt-5.png b/devices/surface/images/sdt-5.png deleted file mode 100644 index 5c5346d93a..0000000000 Binary files a/devices/surface/images/sdt-5.png and /dev/null differ diff --git a/devices/surface/images/sdt-6.png b/devices/surface/images/sdt-6.png deleted file mode 100644 index acf8e684b3..0000000000 Binary files a/devices/surface/images/sdt-6.png and /dev/null differ diff --git a/devices/surface/images/sdt-7.png b/devices/surface/images/sdt-7.png deleted file mode 100644 index 5e16961c6b..0000000000 Binary files a/devices/surface/images/sdt-7.png and /dev/null differ diff --git a/devices/surface/images/sdt-desk-1.png b/devices/surface/images/sdt-desk-1.png deleted file mode 100644 index f1ecc03b30..0000000000 Binary files a/devices/surface/images/sdt-desk-1.png and /dev/null differ diff --git a/devices/surface/images/sdt-desk-2.png b/devices/surface/images/sdt-desk-2.png deleted file mode 100644 index 3d066cb3e5..0000000000 Binary files a/devices/surface/images/sdt-desk-2.png and /dev/null differ diff --git a/devices/surface/images/sdt-desk-3.png b/devices/surface/images/sdt-desk-3.png deleted file mode 100644 index bbd9709300..0000000000 Binary files a/devices/surface/images/sdt-desk-3.png and /dev/null differ diff --git a/devices/surface/images/sdt-desk-4.png b/devices/surface/images/sdt-desk-4.png deleted file mode 100644 index f533646605..0000000000 Binary files a/devices/surface/images/sdt-desk-4.png and /dev/null differ diff --git a/devices/surface/images/sdt-desk-5.png b/devices/surface/images/sdt-desk-5.png deleted file mode 100644 index 664828762e..0000000000 Binary files a/devices/surface/images/sdt-desk-5.png and /dev/null differ diff --git a/devices/surface/images/sdt-desk-6.png b/devices/surface/images/sdt-desk-6.png deleted file mode 100644 index 1b9ce9f7e2..0000000000 Binary files a/devices/surface/images/sdt-desk-6.png and /dev/null differ diff --git a/devices/surface/images/sdt-install.png b/devices/surface/images/sdt-install.png deleted file mode 100644 index ce0fe297d7..0000000000 Binary files a/devices/surface/images/sdt-install.png and /dev/null differ diff --git a/devices/surface/images/secure-surface-dock-ports-semm-1.png b/devices/surface/images/secure-surface-dock-ports-semm-1.png deleted file mode 100644 index d1eeafaf12..0000000000 Binary files a/devices/surface/images/secure-surface-dock-ports-semm-1.png and /dev/null differ diff --git a/devices/surface/images/secure-surface-dock-ports-semm-2.png b/devices/surface/images/secure-surface-dock-ports-semm-2.png deleted file mode 100644 index db8de73dbf..0000000000 Binary files a/devices/surface/images/secure-surface-dock-ports-semm-2.png and /dev/null differ diff --git a/devices/surface/images/secure-surface-dock-ports-semm-3.png b/devices/surface/images/secure-surface-dock-ports-semm-3.png deleted file mode 100644 index c9cf60aad3..0000000000 Binary files a/devices/surface/images/secure-surface-dock-ports-semm-3.png and /dev/null differ diff --git a/devices/surface/images/secure-surface-dock-ports-semm-4.png b/devices/surface/images/secure-surface-dock-ports-semm-4.png deleted file mode 100644 index 0b19c52652..0000000000 Binary files a/devices/surface/images/secure-surface-dock-ports-semm-4.png and /dev/null differ diff --git a/devices/surface/images/secure-surface-dock-ports-semm-5.png b/devices/surface/images/secure-surface-dock-ports-semm-5.png deleted file mode 100644 index 0d4c7df937..0000000000 Binary files a/devices/surface/images/secure-surface-dock-ports-semm-5.png and /dev/null differ diff --git a/devices/surface/images/secure-surface-dock-ports-semm-6.png b/devices/surface/images/secure-surface-dock-ports-semm-6.png deleted file mode 100644 index c5f6c3ca1f..0000000000 Binary files a/devices/surface/images/secure-surface-dock-ports-semm-6.png and /dev/null differ diff --git a/devices/surface/images/semm-bl.png b/devices/surface/images/semm-bl.png deleted file mode 100644 index 3f8a375057..0000000000 Binary files a/devices/surface/images/semm-bl.png and /dev/null differ diff --git a/devices/surface/images/surface-deploymdt-fig1.png b/devices/surface/images/surface-deploymdt-fig1.png deleted file mode 100644 index d2fe0995a7..0000000000 Binary files a/devices/surface/images/surface-deploymdt-fig1.png and /dev/null differ diff --git a/devices/surface/images/surface-deploymdt-fig10.png b/devices/surface/images/surface-deploymdt-fig10.png deleted file mode 100644 index 96cb86b56f..0000000000 Binary files a/devices/surface/images/surface-deploymdt-fig10.png and /dev/null differ diff --git a/devices/surface/images/surface-deploymdt-fig11.png b/devices/surface/images/surface-deploymdt-fig11.png deleted file mode 100644 index a78c147322..0000000000 Binary files a/devices/surface/images/surface-deploymdt-fig11.png and /dev/null differ diff --git a/devices/surface/images/surface-deploymdt-fig12.png b/devices/surface/images/surface-deploymdt-fig12.png deleted file mode 100644 index 6200a677ec..0000000000 Binary files a/devices/surface/images/surface-deploymdt-fig12.png and /dev/null differ diff --git a/devices/surface/images/surface-deploymdt-fig13.png b/devices/surface/images/surface-deploymdt-fig13.png deleted file mode 100644 index c04c8f6d19..0000000000 Binary files a/devices/surface/images/surface-deploymdt-fig13.png and /dev/null differ diff --git a/devices/surface/images/surface-deploymdt-fig14.png b/devices/surface/images/surface-deploymdt-fig14.png deleted file mode 100644 index f02bc1fdb9..0000000000 Binary files a/devices/surface/images/surface-deploymdt-fig14.png and /dev/null differ diff --git a/devices/surface/images/surface-deploymdt-fig15.png b/devices/surface/images/surface-deploymdt-fig15.png deleted file mode 100644 index 4eb72e98cc..0000000000 Binary files a/devices/surface/images/surface-deploymdt-fig15.png and /dev/null differ diff --git a/devices/surface/images/surface-deploymdt-fig16.png b/devices/surface/images/surface-deploymdt-fig16.png deleted file mode 100644 index 0c5abc40a3..0000000000 Binary files a/devices/surface/images/surface-deploymdt-fig16.png and /dev/null differ diff --git a/devices/surface/images/surface-deploymdt-fig17.png b/devices/surface/images/surface-deploymdt-fig17.png deleted file mode 100644 index 3ccd548a70..0000000000 Binary files a/devices/surface/images/surface-deploymdt-fig17.png and /dev/null differ diff --git a/devices/surface/images/surface-deploymdt-fig18.png b/devices/surface/images/surface-deploymdt-fig18.png deleted file mode 100644 index f510c5b884..0000000000 Binary files a/devices/surface/images/surface-deploymdt-fig18.png and /dev/null differ diff --git a/devices/surface/images/surface-deploymdt-fig19.png b/devices/surface/images/surface-deploymdt-fig19.png deleted file mode 100644 index 535a139991..0000000000 Binary files a/devices/surface/images/surface-deploymdt-fig19.png and /dev/null differ diff --git a/devices/surface/images/surface-deploymdt-fig2.png b/devices/surface/images/surface-deploymdt-fig2.png deleted file mode 100644 index ad18f2ad58..0000000000 Binary files a/devices/surface/images/surface-deploymdt-fig2.png and /dev/null differ diff --git a/devices/surface/images/surface-deploymdt-fig20.png b/devices/surface/images/surface-deploymdt-fig20.png deleted file mode 100644 index 045801b6ac..0000000000 Binary files a/devices/surface/images/surface-deploymdt-fig20.png and /dev/null differ diff --git a/devices/surface/images/surface-deploymdt-fig21.png b/devices/surface/images/surface-deploymdt-fig21.png deleted file mode 100644 index 7660a618c8..0000000000 Binary files a/devices/surface/images/surface-deploymdt-fig21.png and /dev/null differ diff --git a/devices/surface/images/surface-deploymdt-fig22.png b/devices/surface/images/surface-deploymdt-fig22.png deleted file mode 100644 index 1852197dc7..0000000000 Binary files a/devices/surface/images/surface-deploymdt-fig22.png and /dev/null differ diff --git a/devices/surface/images/surface-deploymdt-fig23.png b/devices/surface/images/surface-deploymdt-fig23.png deleted file mode 100644 index 306a662236..0000000000 Binary files a/devices/surface/images/surface-deploymdt-fig23.png and /dev/null differ diff --git a/devices/surface/images/surface-deploymdt-fig24.png b/devices/surface/images/surface-deploymdt-fig24.png deleted file mode 100644 index 546a310733..0000000000 Binary files a/devices/surface/images/surface-deploymdt-fig24.png and /dev/null differ diff --git a/devices/surface/images/surface-deploymdt-fig25.png b/devices/surface/images/surface-deploymdt-fig25.png deleted file mode 100644 index a58b7fba71..0000000000 Binary files a/devices/surface/images/surface-deploymdt-fig25.png and /dev/null differ diff --git a/devices/surface/images/surface-deploymdt-fig3.png b/devices/surface/images/surface-deploymdt-fig3.png deleted file mode 100644 index 7d87a1c986..0000000000 Binary files a/devices/surface/images/surface-deploymdt-fig3.png and /dev/null differ diff --git a/devices/surface/images/surface-deploymdt-fig4.png b/devices/surface/images/surface-deploymdt-fig4.png deleted file mode 100644 index 944fd37f41..0000000000 Binary files a/devices/surface/images/surface-deploymdt-fig4.png and /dev/null differ diff --git a/devices/surface/images/surface-deploymdt-fig5.png b/devices/surface/images/surface-deploymdt-fig5.png deleted file mode 100644 index 8fa0679886..0000000000 Binary files a/devices/surface/images/surface-deploymdt-fig5.png and /dev/null differ diff --git a/devices/surface/images/surface-deploymdt-fig6.png b/devices/surface/images/surface-deploymdt-fig6.png deleted file mode 100644 index 53c923be28..0000000000 Binary files a/devices/surface/images/surface-deploymdt-fig6.png and /dev/null differ diff --git a/devices/surface/images/surface-deploymdt-fig7.png b/devices/surface/images/surface-deploymdt-fig7.png deleted file mode 100644 index 48892a9ef0..0000000000 Binary files a/devices/surface/images/surface-deploymdt-fig7.png and /dev/null differ diff --git a/devices/surface/images/surface-deploymdt-fig8.png b/devices/surface/images/surface-deploymdt-fig8.png deleted file mode 100644 index 59028f2a82..0000000000 Binary files a/devices/surface/images/surface-deploymdt-fig8.png and /dev/null differ diff --git a/devices/surface/images/surface-deploymdt-fig9.png b/devices/surface/images/surface-deploymdt-fig9.png deleted file mode 100644 index 6044405883..0000000000 Binary files a/devices/surface/images/surface-deploymdt-fig9.png and /dev/null differ diff --git a/devices/surface/images/surface-deployment-accelerator.png b/devices/surface/images/surface-deployment-accelerator.png deleted file mode 100644 index 1886a08227..0000000000 Binary files a/devices/surface/images/surface-deployment-accelerator.png and /dev/null differ diff --git a/devices/surface/images/surface-diagnostic-kit-fig1-options.png b/devices/surface/images/surface-diagnostic-kit-fig1-options.png deleted file mode 100644 index 8e10b877f9..0000000000 Binary files a/devices/surface/images/surface-diagnostic-kit-fig1-options.png and /dev/null differ diff --git a/devices/surface/images/surface-diagnostic-kit-fig2-testdepth.png b/devices/surface/images/surface-diagnostic-kit-fig2-testdepth.png deleted file mode 100644 index 061c7748b3..0000000000 Binary files a/devices/surface/images/surface-diagnostic-kit-fig2-testdepth.png and /dev/null differ diff --git a/devices/surface/images/surface-diagnostic-kit-fig3-results.png b/devices/surface/images/surface-diagnostic-kit-fig3-results.png deleted file mode 100644 index e02087d6d9..0000000000 Binary files a/devices/surface/images/surface-diagnostic-kit-fig3-results.png and /dev/null differ diff --git a/devices/surface/images/surface-diagnostic-kit-fig4-notes.png b/devices/surface/images/surface-diagnostic-kit-fig4-notes.png deleted file mode 100644 index 02726648db..0000000000 Binary files a/devices/surface/images/surface-diagnostic-kit-fig4-notes.png and /dev/null differ diff --git a/devices/surface/images/surface-diagnostic-kit-gear-icon.png b/devices/surface/images/surface-diagnostic-kit-gear-icon.png deleted file mode 100644 index fe6be488b1..0000000000 Binary files a/devices/surface/images/surface-diagnostic-kit-gear-icon.png and /dev/null differ diff --git a/devices/surface/images/surface-dock2.png b/devices/surface/images/surface-dock2.png deleted file mode 100644 index 410bcd1df7..0000000000 Binary files a/devices/surface/images/surface-dock2.png and /dev/null differ diff --git a/devices/surface/images/surface-enroll-semm-fig1.png b/devices/surface/images/surface-enroll-semm-fig1.png deleted file mode 100644 index 0db814ae84..0000000000 Binary files a/devices/surface/images/surface-enroll-semm-fig1.png and /dev/null differ diff --git a/devices/surface/images/surface-ent-mgmt-fig1-uefi-configurator.png b/devices/surface/images/surface-ent-mgmt-fig1-uefi-configurator.png deleted file mode 100644 index e8fb93a1a7..0000000000 Binary files a/devices/surface/images/surface-ent-mgmt-fig1-uefi-configurator.png and /dev/null differ diff --git a/devices/surface/images/surface-ent-mgmt-fig2-securepackage.png b/devices/surface/images/surface-ent-mgmt-fig2-securepackage.png deleted file mode 100644 index fa47419ca0..0000000000 Binary files a/devices/surface/images/surface-ent-mgmt-fig2-securepackage.png and /dev/null differ diff --git a/devices/surface/images/surface-ent-mgmt-fig3-enabledisable.png b/devices/surface/images/surface-ent-mgmt-fig3-enabledisable.png deleted file mode 100644 index 0a34907def..0000000000 Binary files a/devices/surface/images/surface-ent-mgmt-fig3-enabledisable.png and /dev/null differ diff --git a/devices/surface/images/surface-ent-mgmt-fig4-advancedsettings.png b/devices/surface/images/surface-ent-mgmt-fig4-advancedsettings.png deleted file mode 100644 index f425466056..0000000000 Binary files a/devices/surface/images/surface-ent-mgmt-fig4-advancedsettings.png and /dev/null differ diff --git a/devices/surface/images/surface-ent-mgmt-fig5-success.png b/devices/surface/images/surface-ent-mgmt-fig5-success.png deleted file mode 100644 index e671570fee..0000000000 Binary files a/devices/surface/images/surface-ent-mgmt-fig5-success.png and /dev/null differ diff --git a/devices/surface/images/surface-ent-mgmt-fig6-enrollconfirm.png b/devices/surface/images/surface-ent-mgmt-fig6-enrollconfirm.png deleted file mode 100644 index a1421da21c..0000000000 Binary files a/devices/surface/images/surface-ent-mgmt-fig6-enrollconfirm.png and /dev/null differ diff --git a/devices/surface/images/surface-ent-mgmt-fig7-semmrecovery.png b/devices/surface/images/surface-ent-mgmt-fig7-semmrecovery.png deleted file mode 100644 index 91c03fef5e..0000000000 Binary files a/devices/surface/images/surface-ent-mgmt-fig7-semmrecovery.png and /dev/null differ diff --git a/devices/surface/images/surface-laptop-keyboard-1.png b/devices/surface/images/surface-laptop-keyboard-1.png deleted file mode 100644 index 090ca2b58e..0000000000 Binary files a/devices/surface/images/surface-laptop-keyboard-1.png and /dev/null differ diff --git a/devices/surface/images/surface-laptop-keyboard-2.png b/devices/surface/images/surface-laptop-keyboard-2.png deleted file mode 100644 index 2a2cb8b3be..0000000000 Binary files a/devices/surface/images/surface-laptop-keyboard-2.png and /dev/null differ diff --git a/devices/surface/images/surface-laptop-keyboard-3.png b/devices/surface/images/surface-laptop-keyboard-3.png deleted file mode 100644 index 80ccc1fc3c..0000000000 Binary files a/devices/surface/images/surface-laptop-keyboard-3.png and /dev/null differ diff --git a/devices/surface/images/surface-laptop-keyboard-4.png b/devices/surface/images/surface-laptop-keyboard-4.png deleted file mode 100644 index cf08e7a292..0000000000 Binary files a/devices/surface/images/surface-laptop-keyboard-4.png and /dev/null differ diff --git a/devices/surface/images/surface-laptop-keyboard-5.png b/devices/surface/images/surface-laptop-keyboard-5.png deleted file mode 100644 index cf4bc9109c..0000000000 Binary files a/devices/surface/images/surface-laptop-keyboard-5.png and /dev/null differ diff --git a/devices/surface/images/surface-semm-enroll-fig1.png b/devices/surface/images/surface-semm-enroll-fig1.png deleted file mode 100644 index 0db814ae84..0000000000 Binary files a/devices/surface/images/surface-semm-enroll-fig1.png and /dev/null differ diff --git a/devices/surface/images/surface-semm-enroll-fig10.png b/devices/surface/images/surface-semm-enroll-fig10.png deleted file mode 100644 index e61cf3d70a..0000000000 Binary files a/devices/surface/images/surface-semm-enroll-fig10.png and /dev/null differ diff --git a/devices/surface/images/surface-semm-enroll-fig11.png b/devices/surface/images/surface-semm-enroll-fig11.png deleted file mode 100644 index 91c03fef5e..0000000000 Binary files a/devices/surface/images/surface-semm-enroll-fig11.png and /dev/null differ diff --git a/devices/surface/images/surface-semm-enroll-fig12.png b/devices/surface/images/surface-semm-enroll-fig12.png deleted file mode 100644 index d6c0505c16..0000000000 Binary files a/devices/surface/images/surface-semm-enroll-fig12.png and /dev/null differ diff --git a/devices/surface/images/surface-semm-enroll-fig3.jpg b/devices/surface/images/surface-semm-enroll-fig3.jpg deleted file mode 100644 index bdbc3dfd4f..0000000000 Binary files a/devices/surface/images/surface-semm-enroll-fig3.jpg and /dev/null differ diff --git a/devices/surface/images/surface-semm-enroll-fig3.png b/devices/surface/images/surface-semm-enroll-fig3.png deleted file mode 100644 index 2d66b485f9..0000000000 Binary files a/devices/surface/images/surface-semm-enroll-fig3.png and /dev/null differ diff --git a/devices/surface/images/surface-semm-enroll-fig4.png b/devices/surface/images/surface-semm-enroll-fig4.png deleted file mode 100644 index 39b0c797e7..0000000000 Binary files a/devices/surface/images/surface-semm-enroll-fig4.png and /dev/null differ diff --git a/devices/surface/images/surface-semm-enroll-fig5.png b/devices/surface/images/surface-semm-enroll-fig5.png deleted file mode 100644 index b3d3db34c7..0000000000 Binary files a/devices/surface/images/surface-semm-enroll-fig5.png and /dev/null differ diff --git a/devices/surface/images/surface-semm-enroll-fig6.png b/devices/surface/images/surface-semm-enroll-fig6.png deleted file mode 100644 index 95b1c1b24b..0000000000 Binary files a/devices/surface/images/surface-semm-enroll-fig6.png and /dev/null differ diff --git a/devices/surface/images/surface-semm-enroll-fig7.png b/devices/surface/images/surface-semm-enroll-fig7.png deleted file mode 100644 index 26a640ac0c..0000000000 Binary files a/devices/surface/images/surface-semm-enroll-fig7.png and /dev/null differ diff --git a/devices/surface/images/surface-semm-enroll-fig8.png b/devices/surface/images/surface-semm-enroll-fig8.png deleted file mode 100644 index a1421da21c..0000000000 Binary files a/devices/surface/images/surface-semm-enroll-fig8.png and /dev/null differ diff --git a/devices/surface/images/surface-semm-enroll-fig9.png b/devices/surface/images/surface-semm-enroll-fig9.png deleted file mode 100644 index 9229ee255d..0000000000 Binary files a/devices/surface/images/surface-semm-enroll-fig9.png and /dev/null differ diff --git a/devices/surface/images/surface-semm-enrollment-fig2.png b/devices/surface/images/surface-semm-enrollment-fig2.png deleted file mode 100644 index 1a5649b01e..0000000000 Binary files a/devices/surface/images/surface-semm-enrollment-fig2.png and /dev/null differ diff --git a/devices/surface/images/surface-semm-unenroll-fig1.png b/devices/surface/images/surface-semm-unenroll-fig1.png deleted file mode 100644 index b0247d3871..0000000000 Binary files a/devices/surface/images/surface-semm-unenroll-fig1.png and /dev/null differ diff --git a/devices/surface/images/surface-semm-unenroll-fig10.png b/devices/surface/images/surface-semm-unenroll-fig10.png deleted file mode 100644 index 968bf44d8c..0000000000 Binary files a/devices/surface/images/surface-semm-unenroll-fig10.png and /dev/null differ diff --git a/devices/surface/images/surface-semm-unenroll-fig11.png b/devices/surface/images/surface-semm-unenroll-fig11.png deleted file mode 100644 index c5e86d2b65..0000000000 Binary files a/devices/surface/images/surface-semm-unenroll-fig11.png and /dev/null differ diff --git a/devices/surface/images/surface-semm-unenroll-fig12.png b/devices/surface/images/surface-semm-unenroll-fig12.png deleted file mode 100644 index d9a3e0617b..0000000000 Binary files a/devices/surface/images/surface-semm-unenroll-fig12.png and /dev/null differ diff --git a/devices/surface/images/surface-semm-unenroll-fig13.png b/devices/surface/images/surface-semm-unenroll-fig13.png deleted file mode 100644 index cfe16c3a99..0000000000 Binary files a/devices/surface/images/surface-semm-unenroll-fig13.png and /dev/null differ diff --git a/devices/surface/images/surface-semm-unenroll-fig14.png b/devices/surface/images/surface-semm-unenroll-fig14.png deleted file mode 100644 index 5c95097c8d..0000000000 Binary files a/devices/surface/images/surface-semm-unenroll-fig14.png and /dev/null differ diff --git a/devices/surface/images/surface-semm-unenroll-fig2.png b/devices/surface/images/surface-semm-unenroll-fig2.png deleted file mode 100644 index 5affd8cef6..0000000000 Binary files a/devices/surface/images/surface-semm-unenroll-fig2.png and /dev/null differ diff --git a/devices/surface/images/surface-semm-unenroll-fig3.png b/devices/surface/images/surface-semm-unenroll-fig3.png deleted file mode 100644 index 45c1ae38ed..0000000000 Binary files a/devices/surface/images/surface-semm-unenroll-fig3.png and /dev/null differ diff --git a/devices/surface/images/surface-semm-unenroll-fig4.png b/devices/surface/images/surface-semm-unenroll-fig4.png deleted file mode 100644 index c4ecf92b1b..0000000000 Binary files a/devices/surface/images/surface-semm-unenroll-fig4.png and /dev/null differ diff --git a/devices/surface/images/surface-semm-unenroll-fig5.png b/devices/surface/images/surface-semm-unenroll-fig5.png deleted file mode 100644 index 9229ee255d..0000000000 Binary files a/devices/surface/images/surface-semm-unenroll-fig5.png and /dev/null differ diff --git a/devices/surface/images/surface-semm-unenroll-fig6.png b/devices/surface/images/surface-semm-unenroll-fig6.png deleted file mode 100644 index 91c03fef5e..0000000000 Binary files a/devices/surface/images/surface-semm-unenroll-fig6.png and /dev/null differ diff --git a/devices/surface/images/surface-semm-unenroll-fig7.png b/devices/surface/images/surface-semm-unenroll-fig7.png deleted file mode 100644 index 0dcbace491..0000000000 Binary files a/devices/surface/images/surface-semm-unenroll-fig7.png and /dev/null differ diff --git a/devices/surface/images/surface-semm-unenroll-fig8.png b/devices/surface/images/surface-semm-unenroll-fig8.png deleted file mode 100644 index 77e7e05407..0000000000 Binary files a/devices/surface/images/surface-semm-unenroll-fig8.png and /dev/null differ diff --git a/devices/surface/images/surface-semm-unenroll-fig9.png b/devices/surface/images/surface-semm-unenroll-fig9.png deleted file mode 100644 index b40ccb2449..0000000000 Binary files a/devices/surface/images/surface-semm-unenroll-fig9.png and /dev/null differ diff --git a/devices/surface/images/surface-upgrademdt-fig1.png b/devices/surface/images/surface-upgrademdt-fig1.png deleted file mode 100644 index 094f5d700b..0000000000 Binary files a/devices/surface/images/surface-upgrademdt-fig1.png and /dev/null differ diff --git a/devices/surface/images/surface-upgrademdt-fig2.png b/devices/surface/images/surface-upgrademdt-fig2.png deleted file mode 100644 index 88ec207691..0000000000 Binary files a/devices/surface/images/surface-upgrademdt-fig2.png and /dev/null differ diff --git a/devices/surface/images/surface-upgrademdt-fig3.png b/devices/surface/images/surface-upgrademdt-fig3.png deleted file mode 100644 index 7660a618c8..0000000000 Binary files a/devices/surface/images/surface-upgrademdt-fig3.png and /dev/null differ diff --git a/devices/surface/images/surface-upgrademdt-fig4.png b/devices/surface/images/surface-upgrademdt-fig4.png deleted file mode 100644 index 1852197dc7..0000000000 Binary files a/devices/surface/images/surface-upgrademdt-fig4.png and /dev/null differ diff --git a/devices/surface/images/surface-upgrademdt-fig5.png b/devices/surface/images/surface-upgrademdt-fig5.png deleted file mode 100644 index 306a662236..0000000000 Binary files a/devices/surface/images/surface-upgrademdt-fig5.png and /dev/null differ diff --git a/devices/surface/images/surfaceblog.png b/devices/surface/images/surfaceblog.png deleted file mode 100644 index d5bef3dc3d..0000000000 Binary files a/devices/surface/images/surfaceblog.png and /dev/null differ diff --git a/devices/surface/images/surfacebook.png b/devices/surface/images/surfacebook.png deleted file mode 100644 index d27cf05820..0000000000 Binary files a/devices/surface/images/surfacebook.png and /dev/null differ diff --git a/devices/surface/images/surfacedockupdater-fig1-uptodate-568pix.png b/devices/surface/images/surfacedockupdater-fig1-uptodate-568pix.png deleted file mode 100644 index 900ffd9269..0000000000 Binary files a/devices/surface/images/surfacedockupdater-fig1-uptodate-568pix.png and /dev/null differ diff --git a/devices/surface/images/surfacedockupdater-fig2a-needsupdating.png b/devices/surface/images/surfacedockupdater-fig2a-needsupdating.png deleted file mode 100644 index 4c690e0a7f..0000000000 Binary files a/devices/surface/images/surfacedockupdater-fig2a-needsupdating.png and /dev/null differ diff --git a/devices/surface/images/surfacedockupdater-fig3-progress.png b/devices/surface/images/surfacedockupdater-fig3-progress.png deleted file mode 100644 index aa56e090e9..0000000000 Binary files a/devices/surface/images/surfacedockupdater-fig3-progress.png and /dev/null differ diff --git a/devices/surface/images/surfacedockupdater-fig4-disconnect.png b/devices/surface/images/surfacedockupdater-fig4-disconnect.png deleted file mode 100644 index 4892dce1ba..0000000000 Binary files a/devices/surface/images/surfacedockupdater-fig4-disconnect.png and /dev/null differ diff --git a/devices/surface/images/surfacedockupdater-fig5-success.png b/devices/surface/images/surfacedockupdater-fig5-success.png deleted file mode 100644 index 790ff235e9..0000000000 Binary files a/devices/surface/images/surfacedockupdater-fig5-success.png and /dev/null differ diff --git a/devices/surface/images/surfacedockupdater-fig6-countdown.png b/devices/surface/images/surfacedockupdater-fig6-countdown.png deleted file mode 100644 index fa208e0e4a..0000000000 Binary files a/devices/surface/images/surfacedockupdater-fig6-countdown.png and /dev/null differ diff --git a/devices/surface/images/surfacedockupdater-fig7-error.png b/devices/surface/images/surfacedockupdater-fig7-error.png deleted file mode 100644 index c18ef16b4c..0000000000 Binary files a/devices/surface/images/surfacedockupdater-fig7-error.png and /dev/null differ diff --git a/devices/surface/images/surfacedockupdater-fig8-737test.png b/devices/surface/images/surfacedockupdater-fig8-737test.png deleted file mode 100644 index c101313b96..0000000000 Binary files a/devices/surface/images/surfacedockupdater-fig8-737test.png and /dev/null differ diff --git a/devices/surface/images/surfacemechanics.png b/devices/surface/images/surfacemechanics.png deleted file mode 100644 index 3d42daaed2..0000000000 Binary files a/devices/surface/images/surfacemechanics.png and /dev/null differ diff --git a/devices/surface/images/surfacepro.png b/devices/surface/images/surfacepro.png deleted file mode 100644 index c036b2ad3a..0000000000 Binary files a/devices/surface/images/surfacepro.png and /dev/null differ diff --git a/devices/surface/images/surfacestudio.png b/devices/surface/images/surfacestudio.png deleted file mode 100644 index c41bbbf0f7..0000000000 Binary files a/devices/surface/images/surfacestudio.png and /dev/null differ diff --git a/devices/surface/images/systeminfodma.png b/devices/surface/images/systeminfodma.png deleted file mode 100644 index 46c86e9dd6..0000000000 Binary files a/devices/surface/images/systeminfodma.png and /dev/null differ diff --git a/devices/surface/images/twitter.png b/devices/surface/images/twitter.png deleted file mode 100644 index c61827284e..0000000000 Binary files a/devices/surface/images/twitter.png and /dev/null differ diff --git a/devices/surface/images/uefidfci.png b/devices/surface/images/uefidfci.png deleted file mode 100644 index ec95181145..0000000000 Binary files a/devices/surface/images/uefidfci.png and /dev/null differ diff --git a/devices/surface/images/using-sda-driverfiles-fig1.png b/devices/surface/images/using-sda-driverfiles-fig1.png deleted file mode 100644 index 51244bfe16..0000000000 Binary files a/devices/surface/images/using-sda-driverfiles-fig1.png and /dev/null differ diff --git a/devices/surface/images/using-sda-installcommand-fig2.png b/devices/surface/images/using-sda-installcommand-fig2.png deleted file mode 100644 index 61a4fbd1f2..0000000000 Binary files a/devices/surface/images/using-sda-installcommand-fig2.png and /dev/null differ diff --git a/devices/surface/images/using-sda-newinstall-fig3.png b/devices/surface/images/using-sda-newinstall-fig3.png deleted file mode 100644 index ff18b67e3e..0000000000 Binary files a/devices/surface/images/using-sda-newinstall-fig3.png and /dev/null differ diff --git a/devices/surface/images/wifi-band.png b/devices/surface/images/wifi-band.png deleted file mode 100644 index 38681a9dc8..0000000000 Binary files a/devices/surface/images/wifi-band.png and /dev/null differ diff --git a/devices/surface/images/wifi-roaming.png b/devices/surface/images/wifi-roaming.png deleted file mode 100644 index eb539c9bd6..0000000000 Binary files a/devices/surface/images/wifi-roaming.png and /dev/null differ diff --git a/devices/surface/images/windows10.png b/devices/surface/images/windows10.png deleted file mode 100644 index e48690853c..0000000000 Binary files a/devices/surface/images/windows10.png and /dev/null differ diff --git a/devices/surface/images/windows10upgradepath.png b/devices/surface/images/windows10upgradepath.png deleted file mode 100644 index c008e446ea..0000000000 Binary files a/devices/surface/images/windows10upgradepath.png and /dev/null differ diff --git a/devices/surface/index.yml b/devices/surface/index.yml deleted file mode 100644 index b173beeed8..0000000000 --- a/devices/surface/index.yml +++ /dev/null @@ -1,61 +0,0 @@ -### YamlMime:Hub - -title: Microsoft Surface # < 60 chars -summary: Learn how to plan, deploy, and manage Microsoft Surface and Surface Hub devices. # < 160 chars -# brand: aspnet | azure | dotnet | dynamics | m365 | ms-graph | office | power-platform | project | sharepoint | sql | sql-server | teams | vs | visual-studio | windows | xamarin -brand: windows - -metadata: - title: Microsoft Surface # Required; page title displayed in search results. Include the brand. < 60 chars. - description: Learn how to plan, deploy, and manage Microsoft Surface and Surface Hub devices. # Required; article description that is displayed in search results. < 160 chars. - ms.prod: surface #Required; service per approved list. service slug assigned to your service by ACOM. - ms.topic: hub-page # Required - audience: ITPro - author: samanro #Required; your GitHub user alias, with correct capitalization. - ms.author: samanro #Required; microsoft alias of author; optional team alias. - ms.date: 07/03/2019 #Required; mm/dd/yyyy format. - localization_priority: Priority - -# additionalContent section (optional) -# Card with summary style -additionalContent: - # Supports up to 3 sections - sections: - - title: For IT Professionals # < 60 chars (optional) - items: - # Card - - title: Surface devices documentation - summary: Harness the power of Surface, Windows, and Office connected together through the cloud. Find tools, step-by-step guides, and other resources to help you plan, deploy, and manage Surface devices in your organization. - url: https://docs.microsoft.com/en-us/surface/get-started - # Card - - title: Surface Hub documentation - summary: Learn how to deploy and manage Surface Hub 2S, the all-in-one digital interactive whiteboard, meetings platform, and collaborative computing device. - url: https://docs.microsoft.com/surface-hub/index - - title: Other resources # < 60 chars (optional) - items: - # Card - - title: Communities - links: - - text: Surface IT Pro blog - url: https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/bg-p/SurfaceITPro - - text: Surface Devices Tech Community - url: https://techcommunity.microsoft.com/t5/Surface-Devices/ct-p/SurfaceDevices - # Card - - title: Learn - links: - - text: Surface training on Microsoft Learn - url: https://docs.microsoft.com/learn/browse/?term=Surface - - text: Surface Hub 2S adoption guidance - url: https://docs.microsoft.com/surface-hub/surface-hub-2s-adoption-kit - - text: Microsoft Mechanics Surface videos - url: https://www.youtube.com/watch?v=Uk2kJ5FUZxY&list=PLXtHYVsvn_b__1Baibdu4elN4SoF3JTBZ - - # Card - - title: Need help? - links: - - text: Surface devices - url: https://support.microsoft.com/products/surface-devices - - text: Surface Hub - url: https://support.microsoft.com/hub/4343507/surface-hub-help - - text: Contact Surface Hub Support - url: https://support.microsoft.com/supportforbusiness/productselection?sapId=bb7066fb-e329-c1c0-9c13-8e9949c6a64e diff --git a/devices/surface/ltsb-for-surface.md b/devices/surface/ltsb-for-surface.md deleted file mode 100644 index 17e6d48fb1..0000000000 --- a/devices/surface/ltsb-for-surface.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -title: Long-Term Servicing Channel for Surface devices (Surface) -description: LTSB is not supported for general-purpose Surface devices and should be used for specialized devices only. -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: surface, devices -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.reviewer: -manager: laurawi -ms.localizationpriority: medium -ms.audience: itpro ---- - -# Long-Term Servicing Channel (LTSC) for Surface devices - ->[!WARNING] ->For updated information on this topic, see [Surface device compatibility with Windows 10 Long-Term Servicing Channel](surface-device-compatibility-with-windows-10-ltsc.md). For additional information on this update, see the [Documentation Updates for Surface and Windows 10 LTSB Compatibility](https://blogs.technet.microsoft.com/surface/2017/04/11/documentation-updates-for-surface-and-windows-10-ltsb-compatibility) post on the Surface Blog for IT Pros. - -General-purpose Surface devices in the Long-Term Servicing Channel (LTSC) are not supported. As a general guideline, if a Surface device runs productivity software, such as Microsoft Office, it is a general-purpose device that does not qualify for LTSC and should instead be on the Semi-Annual Channel. - ->[!NOTE] ->For more information about the servicing branches, see [Overview of Windows as a service](https://technet.microsoft.com/itpro/windows/manage/waas-overview). - -LTSC prevents Surface devices from receiving critical Windows 10 feature updates and certain non-security servicing updates. Customers with poor experiences using Surface devices in the LTSC configuration will be instructed to switch to the Semi-Annual Channel. Furthermore, the Windows 10 Enterprise LTSB edition removes core features of Surface devices, including seamless inking and touch-friendly applications. It does not contain key in-box applications including Microsoft Edge, OneNote, Calendar or Camera. Therefore, productivity is impacted and functionality is limited. LTSC is not supported as a suitable servicing solution for general-purpose Surface devices. - -General-purpose Surface devices are intended to run on the Semi-Annual Channel to receive full servicing and firmware updates and forward compatibility with the introduction of new Surface features. In the Semi-Annual Channel, feature updates are available as soon as Microsoft releases them. - -Surface devices in specialized scenarios–such as PCs that control medical equipment, point-of-sale systems, and ATMs–might consider the use of LTSC. These special-purpose systems typically perform a single task and do not require feature updates as frequently as other devices in the organization. - -## Related topics - -- [Surface IT Pro Blog](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/bg-p/SurfaceITPro) - diff --git a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md deleted file mode 100644 index e7c739be75..0000000000 --- a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md +++ /dev/null @@ -1,181 +0,0 @@ ---- -title: Best practice power settings for Surface devices -description: This topic provides best practice recommendations for maintaining optimal power settings and explains how Surface streamlines the power management experience. This article applies to all currently supported Surface devices including Surface Pro 7, Surface Pro X, and Surface Laptop 3. -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.reviewer: -manager: laurawi -ms.localizationpriority: medium -ms.audience: itpro -ms.date: 10/28/2019 ---- - -# Best practice power settings for Surface devices - -Surface devices are designed to take advantage of the latest advances in -mobile device energy consumption to deliver a streamlined experience -optimized across workloads. Depending on what you’re doing, Surface -dynamically fine tunes how power flows to individual hardware -components, momentarily waking up system components to handle background -tasks -- such as an incoming email or network traffic -- before returning to a -low power idle state (S0ix). - -## Summary of recommendations for IT administrators - -To ensure Surface devices across your organization fully benefit from Surface power optimization features: - -- Install the latest drivers and firmware from Windows Update or the Surface Driver and Firmware MSI. This creates the balanced power plan (aka power profile) by default and configures optimal power settings. For more information, refer to [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md). -- Avoid creating custom power profiles or adjusting advanced power settings not visible in the default UI (**System** > **Power & sleep**). -- If you must manage the power profile of devices across your network (such as in highly managed organizations), use the powercfg command tool to export the power plan from the factory image of the Surface device and then import it into the provisioning package for your Surface devices. - - >[!NOTE] - >You can only export a power plan across the same type of Surface device. For example, you cannot export a power plan from Surface Laptop and import it on Surface Pro. For more information, refer to [Configure power settings](https://docs.microsoft.com/windows-hardware/customize/power-settings/configure-power-settings). - -- Exclude Surface devices from any existing power management policy settings. - -## Background - -The way Surface implements power management differs significantly from -the earlier OS standard that gradually reduces and turns off power via a -series of sleep states; for example, cycling through S1, S2, S3, and so on. - -Instead, Surface is imaged with a custom power profile that replaces -legacy sleep and energy consumption functionality with modern standby -features and dynamic fine tuning. This custom power profile is -implemented via the Surface Serial Hub Driver and the system aggregator -module (SAM). The SAM chip functions as the Surface device power-policy -owner, using algorithms to calculate optimal power requirements. It -works in conjunction with Windows power manager to allocate or throttle -only the exact amount of power required for hardware components to -function. This article applies to all currently supported Surface devices including Surface Pro 7, Surface Pro X, and Surface Laptop 3. - -## Utilizing the custom power profile in Surface - -If you go into the power options on a surface device, you'll see that there's a single power plan available. This is the custom power profile. And if you go to the advanced power settings, you’ll see a much smaller subset of power options compared to a generic PC running Windows 10. Unlike generic devices, Surface has firmware and custom components to manage these power options. - - -## Modern Standby - -The algorithmically embedded custom power profile enables modern standby -connectivity for Surface by maintaining a low power state for -instant on/instant off functionality typical of smartphones. S0ix, also -known as Deepest Runtime Idle Platform State (DRIPS), is the default -power mode for Surface devices. Modern standby has two modes: - -- **Connected standby.** The default mode for up-to-the minute - delivery of emails, messaging, and cloud-synced data, connected - standby keeps Wi-Fi on and maintains network connectivity. - -- **Disconnected standby.** An optional mode for extended battery - life, disconnected standby delivers the same instant-on experience - and saves power by turning off Wi-Fi, Bluetooth, and related network - connectivity. - -To learn more about modern standby, refer to the [Microsoft Hardware Dev -Center](https://docs.microsoft.com/windows-hardware/design/device-experiences/modern-standby-wake-sources). - -## How Surface streamlines the power management experience - -Surface integrates the following features designed to help users -optimize the power management experience: - -- [Singular power plan](#singular-power-plan) - -- [Simplified power settings user - interface](#simplified-power-settings-user-interface) - -- [Windows performance power - slider](#windows-performance-power-slider) - -### Singular power plan - -Surface is designed for a streamlined power management experience that -eliminates the need to create custom power plans or manually configure -power settings. Microsoft streamlines the user -experience by delivering a single power plan (balanced) that replaces -the multiple power plans from standard Windows builds. - -### Simplified power settings user interface - -Surface provides a simplified UI in accord with best practice power -setting recommendations. In general, it's recommended to only adjust settings visible in the default user interface and avoid configuring advanced power settings or Group Policy settings. Using the default screen and sleep timeouts while avoiding maximum -brightness levels are the most effective ways for users to maintain -extended battery life. - -![Figure 1. Simplified power & sleep settings](images/powerintrofig1.png) - -Figure 1. Simplified power and sleep settings - -### Windows performance power slider - -Surface devices running Windows 10 build 1709 and later include a power -slider allowing you to prioritize battery life when needed or favor performance if desired. You -can access the power slider from the taskbar by clicking on the battery -icon. Slide left for longer battery life (battery saver mode) or slide -right for faster performance. - -![Figure 2. Power slider](images/powerintrofig2a.png) - -Figure 2. Power slider - -Power slider enables four states as described in the following table: - -| Slider mode| Description | -|---|---| -| Battery saver| Helps conserve power and prolong battery life when the system is disconnected from a power source. When battery saver is on, some Windows features are disabled, throttled, or behave differently. Screen brightness is also reduced. Battery saver is only available when using battery power (DC). To learn more, see [Battery Saver](https://docs.microsoft.com/windows-hardware/design/component-guidelines/battery-saver).| -| Recommended | Delivers longer battery life than the default settings in earlier versions of Windows. | -| Better Performance | Slightly favors performance over battery life, functioning as the default slider mode. | -| Best Performance | Favors performance over power for workloads requiring maximum performance and responsiveness, regardless of battery power consumption.| - -Power slider modes directly control specific hardware components shown -in the following table. - -| Component | Slider functionality | -|---|---| -| Intel Speed Shift (CPU energy registers) and Energy Performance Preference hint. | Selects the best operating frequency and voltage for optimal performance and power. The Energy Performance Preference (PERFEPP) is a global power efficiency hint to the CPU. | -| Fan speed (RPM)| Where applicable, adjusts for changing conditions such as keeping fan silent in battery saver slider mode.| -| Processor package power limits (PL1/PL2).| Requires the CPU to manage its frequency choices to accommodate a running average power limit for both steady state (PL1) and turbo (PL2) workloads.| -| Processor turbo frequency limits (IA turbo limitations). | Adjusts processor and graphics performance allowing processor cores to run faster or slower than the rated operating frequency. | - ->[!NOTE] ->The power slider is entirely independent of operating system power settings whether configured from Control Panel/ Power Options, Group Policy, or related methods. - -To learn more, see: - -- [Customize the Windows performance power - slider](https://docs.microsoft.com/windows-hardware/customize/desktop/customize-power-slider) - -- [Battery - saver.](https://docs.microsoft.com/windows-hardware/design/component-guidelines/battery-saver) - -## Best practices for extended battery life - - -| Best practice | Go to | Next steps | -|---|---|---| -| Ensure your Surface device is up to date| Windows Update | In the taskbar search box, type **Windows Update** and select **Check for updates**. | -| Choose the best power setting for what you’re doing | Power slider | In the taskbar, select the battery icon, then choose **Best performance**, **Best battery life**, or somewhere in between.| -| Conserve battery when it’s low | Battery saver | In the taskbar, select the battery icon and click **Battery settings**. Select **Turn battery saver on automatically if my battery falls below** and then move the slider further to the right for longer battery life. | -| Configure optimal screen brightness | Battery saver | In the taskbar, select the battery icon and click **Battery settings**, select **Lower screen brightness while in battery saver**. | -| Conserve power whenever you’re not plugged in | Battery saver| Select **Turn on battery saver status until next charge**.| -| Investigate problems with your power settings. | Power troubleshooter | In the Taskbar search for troubleshoot, select **Troubleshoot**, and then select **Power** and follow the instructions.| -| Check app usage | Your apps | Close apps.| -| Check your power cord for any damage.| Your power cord | Replace power cord if worn or damaged.| - -## Learn more - -- [Modern - standby](https://docs.microsoft.com/windows-hardware/design/device-experiences/modern-standby-wake-sources) - - - -- [Customize the Windows performance power - slider](https://docs.microsoft.com/windows-hardware/customize/desktop/customize-power-slider) - -- [Battery - saver](https://docs.microsoft.com/windows-hardware/design/component-guidelines/battery-saver) -- [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) diff --git a/devices/surface/manage-surface-driver-and-firmware-updates.md b/devices/surface/manage-surface-driver-and-firmware-updates.md deleted file mode 100644 index 39fccb3ec4..0000000000 --- a/devices/surface/manage-surface-driver-and-firmware-updates.md +++ /dev/null @@ -1,153 +0,0 @@ ---- -title: Manage and deploy Surface driver and firmware updates -description: This article describes the available options to manage and deploy firmware and driver updates for Surface devices. -ms.assetid: CD1219BA-8EDE-4BC8-BEEF-99B50C211D73 -ms.reviewer: -manager: laurawi -keywords: Surface, Surface Pro 3, firmware, update, device, manage, deploy, driver, USB -ms.localizationpriority: medium -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: surface, devices -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.audience: itpro ---- - -# Manage and deploy Surface driver and firmware updates - -How you manage Surface driver and firmware updates varies depending on your environment and organizational requirements. On Surface devices, firmware is exposed to the operating system as a driver and is visible in Device Manager, enabling device firmware and drivers to be automatically updated using Windows Update or Windows Update for Business. Although this simplified approach may be feasible for startups and small or medium-sized businesses, larger organizations typically need IT admins to distribute updates internally. This may involve comprehensive planning, application compatibility testing, piloting and validating updates, before final approval and distribution across the network. - -> [!NOTE] -> This article is intended for technical support agents and IT professionals and applies to Surface devices only. If you're looking for help to install Surface updates or firmware on a home device, see [Update Surface firmware and Windows 10](https://support.microsoft.com/help/4023505). - -While enterprise-grade software distribution solutions continue to evolve, the business rationale for centrally managing updates remains the same: Maintain the security of Surface devices and keep them updated with the latest operating system and feature improvements. This is essential for sustaining a stable production environment and ensuring users aren't blocked from being productive. This article provides an overview of recommended tools and processes for larger organizations to accomplish these goals. - -## Central update management in commercial environments - -Microsoft has streamlined tools for managing devices – including driver and firmware updates -- into a single unified experience called [Microsoft Endpoint Manager admin center](https://devicemanagement.microsoft.com/) accessed from devicemanagement.microsoft.com. - -### Manage updates with Configuration Manager and Intune - -Microsoft Endpoint Configuration Manager allows you to synchronize and deploy Surface firmware and driver updates with the Configuration Manager client. Integration with Microsoft Intune lets you see all your managed, co-managed, and partner-managed devices in one place. This is the recommended solution for large organizations to manage Surface updates. - -For detailed steps, see the following resources: - -- [How to manage Surface driver updates in Configuration Manager](https://docs.microsoft.com/surface/manage-surface-driver-updates-configuration-manager) -- [Deploy applications with Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/deploy-applications) -- [Endpoint Configuration Manager documentation](https://docs.microsoft.com/configmgr/) - -### Manage updates with Microsoft Deployment Toolkit - -Included in Endpoint Configuration Manager, the Microsoft Deployment Toolkit (MDT) contains optional deployment tools that you may wish to use depending on your environment. These include the Windows Assessment and Deployment Kit (Windows ADK), Windows System Image Manager (Windows SIM), Deployment Image Servicing and Management (DISM), and User State Migration Tool (USMT). You can download the latest version of MDT from the [Microsoft Deployment Toolkit download page](https://www.microsoft.com/download/details.aspx?id=54259). - -For detailed steps, see the following resources: - -- [Microsoft Deployment Toolkit documentation](https://docs.microsoft.com/configmgr/mdt/) -- [Deploy Windows 10 with the Microsoft Deployment Toolkit](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit) -- [Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit](https://docs.microsoft.com/surface/deploy-windows-10-to-surface-devices-with-mdt) - -Surface driver and firmware updates are packaged as Windows Installer (*.msi) files. To deploy these Windows Installer packages, you can use Endpoint Configuration Manager or MDT. For information about selecting the correct .msi file for a device and operating system, refer to the guidance below about downloading .msi files. - -For instructions on how to deploy updates by using Endpoint Configuration Manager refer to [Deploy applications with Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/deploy-applications). For instructions on how to deploy updates by using MDT, see [Deploy a Windows 10 image using MDT](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt). - -**WindowsPE and Surface firmware and drivers** - -Endpoint Configuration Manager and MDT both use the Windows Preinstallation Environment (WindowsPE) during the deployment process. WindowsPE only supports a limited set of basic drivers such as those for network adapters and storage controllers. Drivers for Windows components that are not part of WindowsPE might produce errors. As a best practice, you can prevent such errors by configuring the deployment process to use only the required drivers during the WindowsPE phase. - -### Endpoint Configuration Manager - -Starting in Endpoint Configuration Manager, you can synchronize and deploy Microsoft Surface firmware and driver updates by using the Configuration Manager client. For additional information, see KB 4098906, [How to manage Surface driver updates in Configuration Manager](https://support.microsoft.com/help/4098906/manage-surface-driver-updates-in-configuration-manager). - -## Supported devices - -Downloadable .msi files are available for Surface devices from Surface Pro 2 and later. Information about .msi files for the newest Surface devices such as Surface Pro 7, Surface Pro X, and Surface Laptop 3 will be available from this page upon release. - -## Managing firmware with DFCI - -With Device Firmware Configuration Interface (DFCI) profiles built into Intune (now available in [public preview](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows)), Surface UEFI management extends the modern management stack down to the UEFI hardware level. DFCI supports zero-touch provisioning, eliminates BIOS passwords, provides control of security settings including boot options and built-in peripherals, and lays the groundwork for advanced security scenarios in the future. For more information, see: - -- [Intune management of Surface UEFI settings](https://docs.microsoft.com/surface/surface-manage-dfci-guide) -- [Ignite 2019: Announcing remote management of Surface UEFI settings from Intune](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Ignite-2019-Announcing-remote-management-of-Surface-UEFI/ba-p/978333). - -## Best practices for update deployment processes - -To maintain a stable environment, it's strongly recommended to maintain parity with the most recent version of Windows 10. For best practice recommendations, see [Build deployment rings for Windows 10 updates](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates). - -## Downloadable Surface update packages - -Specific versions of Windows 10 have separate .msi files, each containing all required cumulative driver and firmware updates for Surface devices. Update packages may include some or all of the following components: - -- Wi-Fi and LTE -- Video -- Solid state drive -- System aggregator module (SAM) -- Battery -- Keyboard controller -- Embedded controller (EC) -- Management engine (ME) -- Unified extensible firmware interface (UEFI) - -### Downloading .msi files - -1. Browse to [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware) on the Microsoft Download Center. -2. Select the .msi file name that matches the Surface model and version of Windows. The .msi file name includes the minimum supported Windows build number required to install the drivers and firmware. For example, as shown in the following figure, to update a Surface Book 2 with build 18362 of Windows 10, choose **SurfaceBook2_Win10_18362_19.101.13994.msi.** For a Surface Book 2 with build 16299 of Windows 10, choose **SurfaceBook2_Win10_16299_1803509_3.msi**. - - ![Figure 1. Downloading Surface updates](images/fig1-downloads-msi.png) - - *Figure 1. Downloading Surface updates* - -### Surface .msi naming convention - -Since August 2019, .msi files have used the following naming convention: - -- *Product*_*Windows release*_*Windows build number*_*Version number*_*Revision of version number (typically zero)*. - -**Example** - -- SurfacePro6_Win10_18362_19.073.44195_0.msi - -This file name provides the following information: - -- **Product:** SurfacePro6 -- **Windows release:** Win10 -- **Build:** 18362 -- **Version:** 19.073.44195 – This shows the date and time that the file was created, as follows: - - **Year:** 19 (2019) - - **Month and week:** 073 (third week of July) - - **Minute of the month:** 44195 -- **Revision of version:** 0 (first release of this version) - -### Legacy Surface .msi naming convention - -Legacy .msi files (files built before August 2019) followed the same overall naming formula but used a different method to derive the version number. - -**Example** - -- SurfacePro6_Win10_16299_1900307_0.msi - -This file name provides the following information: - -- **Product:** SurfacePro6 -- **Windows release:** Win10 -- **Build:** 16299 -- **Version:** 1900307 – This shows the date that the file was created and its position in the release sequence, as follows: - - **Year:** 19 (2019) - - **Number of release:** 003 (third release of the year) - - **Product version number:** 07 (Surface Pro 6 is officially the seventh version of Surface Pro) -- **Revision of version:** 0 (first release of this version) - -## Learn more - -- [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware) -- [How to manage Surface driver updates in Configuration Manager](https://support.microsoft.com/help/4098906/manage-surface-driver-updates-in-configuration-manager) -- [Deploy applications with Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/deploy-applications) -- [Endpoint Configuration Manager documentation](https://docs.microsoft.com/configmgr/) -- [Microsoft Deployment Toolkit documentation](https://docs.microsoft.com/configmgr/mdt/) -- [Deploy Windows 10 with the Microsoft Deployment Toolkit](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit) -- [Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit](https://docs.microsoft.com/surface/deploy-windows-10-to-surface-devices-with-mdt) -- [Intune management of Surface UEFI settings](https://docs.microsoft.com/surface/surface-manage-dfci-guide) -- [Ignite 2019: Announcing remote management of Surface UEFI settings from Intune](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Ignite-2019-Announcing-remote-management-of-Surface-UEFI/ba-p/978333). -- [Build deployment rings for Windows 10 updates](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates) diff --git a/devices/surface/manage-surface-driver-updates-configuration-manager.md b/devices/surface/manage-surface-driver-updates-configuration-manager.md deleted file mode 100644 index 23222b5e01..0000000000 --- a/devices/surface/manage-surface-driver-updates-configuration-manager.md +++ /dev/null @@ -1,180 +0,0 @@ ---- -title: Manage Surface driver updates in Configuration Manager -description: This article describes the available options to manage and deploy firmware and driver updates for Surface devices. -ms.assetid: b64879c4-37eb-4fcf-a000-e05cbb3d26ea -ms.reviewer: -author: v-miegge -manager: laurawi -keywords: Surface, Surface Pro 3, firmware, update, device, manage, deploy, driver, USB -ms.localizationpriority: medium -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: surface, devices -ms.sitesec: library -ms.author: daclark -ms.topic: article -audience: itpro ---- - -# Manage Surface driver updates in Configuration Manager - -## Summary - -Starting in [Microsoft System Center Configuration Manager version 1710](https://docs.microsoft.com/sccm/core/plan-design/changes/whats-new-in-version-1710#software-updates), you can synchronize and deploy Microsoft Surface firmware and driver updates directly through the Configuration Manager client. The process resembles deploying regular updates. However, some additional configurations are required to get the Surface driver updates into your catalog. - -## Prerequisites - -To manage Surface driver updates, the following prerequisites must be met: - -- You must use Configuration Manager version 1710 or a later version. -- All Software Update Points (SUPs) must run Windows Server 2016 or a later version. Otherwise, Configuration Manager ignores this setting and Surface drivers won't be synchronized. - -> [!NOTE] -> If your environment doesn’t meet the prerequisites, refer to the [alternative methods](https://support.microsoft.com/help/4098906/manage-surface-driver-updates-in-configuration-manager#1) to deploy Surface driver and firmware updates in the [FAQ](#frequently-asked-questions-faq) section. - -## Useful log files - -The following logs are especially useful when you manage Surface driver updates. - -|Log name|Description| -|---|---| -|WCM.log|Records details about the software update point configuration and connections to the WSUS server for subscribed update categories, classifications, and languages.| -|WsyncMgr.log|Records details about the software updates sync process.| - -These logs are located on the site server that manages the SUP, or on the SUP itself if it's installed directly on a site server. -For a complete list of Configuration Manager logs, see [Log files in System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/log-files). - -## Enabling Surface driver updates management - -To enable Surface driver updates management in Configuration Manager, follow these steps: - -1. In the Configuration Manager console, go to **Administration** > **Overview** > **Site Configuration** > **Sites**. -1. Select the site that contains the top-level SUP server for your environment. -1. On the ribbon, select **Configure Site Components**, and then select **Software Update Point**. Or, right-click the site, and then select **Configure Site Components** > **Software Update Point**. -1. On the **Classifications** tab, select the **Include Microsoft Surface drivers and firmware updates** check box. - - ![Software Update Point Component Properties](images/manage-surface-driver-updates-1.png) - -1. When you're prompted by the following warning message, select **OK**. - - ![Configuration Manager](images/manage-surface-driver-updates-2.png) - -1. On the Products tab, select the products that you want to update, and then select **OK**. - - Most drivers belong to the following product groups: - - - Windows 10 and later version drivers - - Windows 10 and later Upgrade & Servicing Drivers - - Windows 10 Anniversary Update and Later Servicing Drivers - - Windows 10 Anniversary Update and Later Upgrade & Servicing Drivers - - Windows 10 Creators Update and Later Servicing Drivers - - Windows 10 Creators Update and Later Upgrade & Servicing Drivers - - Windows 10 Fall Creators Update and Later Servicing Drivers - - Windows 10 Fall Creators Update and Later Upgrade & Servicing Drivers - - Windows 10 S and Later Servicing Drivers - - Windows 10 S Version 1709 and Later Servicing Drivers for testing - - Windows 10 S Version 1709 and Later Upgrade & Servicing Drivers for testing - - > [!NOTE] - > Most Surface drivers belong to multiple Windows 10 product groups. You may not have to select all the products that are listed here. To help reduce the number of products that populate your Update Catalog, we recommend that you select only the products that are required by your environment for synchronization. - -## Verifying the configuration - -To verify that the SUP is configured correctly, follow these steps: - -1. Open WsyncMgr.log, and then look for the following entry: - - ```console - Surface Drivers can be supported in this hierarchy since all SUPs are on Windows Server 2016, WCM SCF property Sync Catalog Drivers is set. - - Sync Catalog Drivers SCF value is set to : 1 - ``` - - If either of the following entries is logged in WsyncMgr.log, recheck step 4 in the previous section: - - ```console - Sync Surface Drivers option is not set - - Sync Catalog Drivers SCF value is set to : 0 - ``` - -1. Open WCM.log, and then look for an entry that resembles the following: - - ![WCM.log settings](images/manage-surface-driver-updates-3.png) - - This entry is an XML element that lists every product group and classification that's currently synchronized by your SUP server. For example, you might see an entry that resembles the following: - - ```xml - - - - - - ``` - - If you can't find the products that you selected in step 6 in the previous section, double-check whether the SUP settings are saved. - - You can also wait until the next synchronization finishes, and then check whether the Surface driver and firmware updates are listed in Software Updates in the Configuration Manager console. For example, the console might display the following information: - - ![All Software Updates Search Results](images/manage-surface-driver-updates-4.png) - -## Manual synchronization - -If you don't want to wait until the next synchronization, follow these steps to start a synchronization: - -1. In the Configuration Manager console, go to **Software Library** > **Overview** > **Software Updates** > **All Software Updates**. -1. On the ribbon, select **Synchronize Software Updates**. Or, right-click **All Software Update**, and then select **Synchronize Software Update**. -1. Monitor the synchronization progress by looking for the following entries in WsyncMgr.log: - - ```console - Surface Drivers can be supported in this hierarchy since all SUPs are on Windows Server 2016, WCM SCF property Sync Catalog Drivers is set. - - sync: SMS synchronizing categories - sync: SMS synchronizing categories, processed 0 out of 311 items (0%) - sync: SMS synchronizing categories, processed 311 out of 311 items (100%) - sync: SMS synchronizing categories, processed 311 out of 311 items (100%) - sync: SMS synchronizing updates - - Synchronizing update 7eaa0148-c42b-45fd-a1ab-012c82972de6 - Microsoft driver update for Surface Type Cover Integration - Synchronizing update 2dcb07f8-37ec-41ef-8cd5-030bf24dc1d8 - Surface driver update for Surface Pen Pairing - Synchronizing update 63067414-ae52-422b-b3d1-0382a4d6519a - Surface driver update for Surface UEFI - Synchronizing update 8e4e3a41-a784-4dd7-9a42-041f43ddb775 - Surface driver update for Surface Integration - Synchronizing update 7f8baee8-419f-47e2-918a-045a15a188e7 - Microsoft driver update for Surface DTX - Synchronizing update aed66e05-719b-48cd-a0e7-059e50f67fdc - Microsoft driver update for Surface Base Firmware Update - Synchronizing update 8ffe1526-6e66-43cc-86e3-05ad92a24e3a - Surface driver update for Surface UEFI - Synchronizing update 74102899-0a49-48cf-97e6-05bde18a27ff - Microsoft driver update for Surface UEFI - ``` - -## Deploying Surface firmware and driver updates - -You can deploy Surface firmware and driver updates in the same manner as you deploy other updates. - -For more information about deployment, see [System Center 2012 Configuration Manager–Part7: Software Updates (Deploy)](https://blogs.technet.microsoft.com/elie/2012/05/25/system-center-2012-configuration-managerpart7-software-updates-deploy/). - -## Frequently asked questions (FAQ) - -**After I follow the steps in this article, my Surface drivers are still not synchronized. Why?** - -If you synchronize from an upstream Windows Server Update Services (WSUS) server, instead of Microsoft Update, make sure that the upstream WSUS server is configured to support and synchronize Surface driver updates. All downstream servers are limited to updates that are present in the upstream WSUS server database. - -There are more than 68,000 updates that are classified as drivers in WSUS. To prevent non-Surface related drivers from synchronizing to Configuration Manager, Microsoft filters driver synchronization against an allow list. After the new allow list is published and incorporated into Configuration Manager, the new drivers are added to the console following the next synchronization. Microsoft aims to get the Surface drivers added to the allow list each month in line with Patch Tuesday to make them available for synchronization to Configuration Manager. - -If your Configuration Manager environment is offline, a new allow list is imported every time you import [servicing updates](https://docs.microsoft.com/mem/configmgr/core/servers/manage/use-the-service-connection-tool) to Configuration Manager. You will also have to import a [new WSUS catalog](https://docs.microsoft.com/mem/configmgr/sum/get-started/synchronize-software-updates-disconnected) that contains the drivers before the updates are displayed in the Configuration Manager console. Because a stand-alone WSUS environment contains more drivers than a Configuration Manager SUP, we recommend that you establish a Configuration Manager environment that has online capabilities, and that you configure it to synchronize Surface drivers. This provides a smaller WSUS export that closely resembles the offline environment. - -If your Configuration Manager environment is online and able to detect new updates, you will receive updates to the list automatically. If you don’t see the expected drivers, please review the WCM.log and WsyncMgr.log for any synchronization failures. - -**My Configuration Manager environment is offline, can I manually import Surface drivers into WSUS?** - -No. Even if the update is imported into WSUS, the update won't be imported into the Configuration Manager console for deployment if it isn't listed in the allow list. You must use the [Service Connection Tool](https://docs.microsoft.com/mem/configmgr/core/servers/manage/use-the-service-connection-tool) to import servicing updates to Configuration Manager to update the allow list. - -**What alternative methods do I have to deploy Surface driver and firmware updates?** - -For information about how to deploy Surface driver and firmware updates through alternative channels, see [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-driver-and-firmware-updates). If you want to download the .msi or .exe file, and then deploy through traditional software deployment channels, see [Keeping Surface Firmware Updated with Configuration Manager](https://docs.microsoft.com/archive/blogs/thejoncallahan/keeping-surface-firmware-updated-with-configuration-manager). - -## Additional Information - -For more information about Surface driver and firmware updates, see the following articles: - -- [Download the latest firmware and drivers for Surface devices](https://docs.microsoft.com/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices) -- [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates) -- [Considerations for Surface and System Center Configuration Manager](https://docs.microsoft.com/surface/considerations-for-surface-and-system-center-configuration-manager) diff --git a/devices/surface/manage-surface-uefi-settings.md b/devices/surface/manage-surface-uefi-settings.md deleted file mode 100644 index f56bcb55d1..0000000000 --- a/devices/surface/manage-surface-uefi-settings.md +++ /dev/null @@ -1,221 +0,0 @@ ---- -title: Manage Surface UEFI settings -description: Use Surface UEFI settings to enable or disable devices or components, configure security settings, and adjust Surface device boot settings. -keywords: firmware, security, features, configure, hardware -ms.localizationpriority: medium -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: devices, surface -author: coveminer -ms.author: greglin -ms.topic: article -ms.reviewer: -manager: laurawi ---- - -# Manage Surface UEFI settings - -All current and future generations of Surface devices use a unique Unified Extensible Firmware Interface (UEFI) engineered by Microsoft specifically for these devices. Surface UEFI settings provide the ability to enable or disable built-in devices and components, protect UEFI settings from being changed, and adjust the Surface device boot settings. - -## Support for cloud-based management - -With Device Firmware Configuration Interface (DFCI) profiles built into Microsoft Intune (now available in public preview), Surface UEFI management extends the modern management stack down to the UEFI hardware level. DFCI supports zero-touch provisioning, eliminates BIOS passwords, provides control of security settings including boot options and built-in peripherals, and lays the groundwork for advanced security scenarios in the future. DFCI is currently available for Surface Pro 7, Surface Pro X, and Surface Laptop 3. For more information, refer to [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md). - -## Open Surface UEFI menu - -To adjust UEFI settings during system startup: - -1. Shut down your Surface and wait about 10 seconds to make sure it's off. -2. Press and hold the **Volume-up** button and - at the same time - press and release the **Power button.** -3. As the Microsoft or Surface logo appears on your screen, continue to hold the **Volume-up** button until the UEFI screen appears. - -## UEFI PC information page - -The PC information page includes detailed information about your Surface device: - -- **Model** – Your Surface device’s model will be displayed here, such as Surface Book 2 or Surface Pro 7. The exact configuration of your device is not shown, (such as processor, disk size, or memory size). -- **UUID** – This Universally Unique Identification number is specific to your device and is used to identify the device during deployment or management. - -- **Serial Number** – This number is used to identify this specific Surface device for asset tagging and support scenarios. -- **Asset Tag** – The asset tag is assigned to the Surface device with the [Asset Tag Tool](https://docs.microsoft.com/surface/assettag). - -You will also find detailed information about the firmware of your Surface device. Surface devices have several internal components that each run different versions of firmware. The firmware version of each of the following devices is displayed on the **PC information** page (as shown in Figure 1): - -- System UEFI - -- SAM Controller - -- Intel Management Engine - -- System Embedded Controller - -- Touch Firmware - -![System information and firmware version information](images/manage-surface-uefi-figure-1.png "System information and firmware version information") - -*Figure 1. System information and firmware version information* - -You can find up-to-date information about the latest firmware version for your Surface device in the [Surface Update History](https://www.microsoft.com/surface/support/install-update-activate/surface-update-history) for your device. - -## UEFI Security page - -![Configure Surface UEFI security settings](images/manage-surface-uefi-fig4.png "Configure Surface UEFI security settings") - -*Figure 2. Configure Surface UEFI security settings* - -The Security page allows you to set a password to protect UEFI settings. This password must be entered when you boot the Surface device to UEFI. The password can contain the following characters (as shown in Figure 3): - -- Uppercase letters: A-Z - -- Lowercase letters: a-z - -- Numbers: 1-0 - -- Special characters: !@#$%^&*()?<>{}[]-_=+|.,;:’`” - -The password must be at least 6 characters and is case sensitive. - -![Add a password to protect Surface UEFI settings](images/manage-surface-uefi-fig2.png "Add a password to protect Surface UEFI settings") - -*Figure 3. Add a password to protect Surface UEFI settings* - -On the Security page you can also change the configuration of Secure Boot on your Surface device. Secure Boot technology prevents unauthorized boot code from booting on your Surface device, which protects against bootkit and rootkit-type malware infections. You can disable Secure Boot to allow your Surface device to boot third-party operating systems or bootable media. You can also configure Secure Boot to work with third-party certificates, as shown in Figure 4. Read more about [Secure Boot](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/secure-boot-overview) in the TechNet Library. - -![Configure Secure Boot](images/manage-surface-uefi-fig3.png "Configure Secure Boot") - -*Figure 4. Configure Secure Boot* - -Depending on your device, you may also be able to see if your TPM is enabled or disabled. If you do not see the **Enable TPM** setting, open tpm.msc in Windows to check the status, as shown in Figure 5. The TPM is used to authenticate encryption for your device’s data with BitLocker. To learn more, see [BitLocker overview](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview). - -![TPM console](images/manage-surface-uefi-fig5-a.png "TPM console") - -*Figure 5. TPM console* - - -## UEFI menu: Devices - -The Devices page allows you to enable or disable specific devices and components including: - -- Docking and USB Ports - -- MicroSD or SD Card Slot - -- Rear Camera - -- Front Camera - -- Infrared (IR) Camera - -- Wi-Fi and Bluetooth - -- Onboard Audio (Speakers and Microphone) - -Each device is listed with a slider button that you can move to **On** (enabled) or **Off** (disabled) position, as shown in Figure 6. - -![Enable and disable specific devices](images/manage-surface-uefi-fig5a.png "Enable and disable specific devices") - -*Figure 6. Enable and disable specific devices* - -## UEFI menu: Boot configuration - -The Boot Configuration page allows you to change the order of your boot devices as well as enable or disable boot of the following devices: - -- Windows Boot Manager - -- USB Storage - -- PXE Network - -- Internal Storage - -You can boot from a specific device immediately, or you can swipe left on that device’s entry in the list using the touchscreen. You can also boot immediately to a USB device or USB Ethernet adapter when the Surface device is powered off by pressing the **Volume Down** button and the **Power** button simultaneously. - -For the specified boot order to take effect, you must set the **Enable Alternate Boot Sequence** option to **On**, as shown in Figure 7. - -![Configure the boot order for your Surface device](images/manage-surface-uefi-fig6.png "Configure the boot order for your Surface device") - -*Figure 7. Configure the boot order for your Surface device* - -You can also turn on and off IPv6 support for PXE with the **Enable IPv6 for PXE Network Boot** option, for example when performing a Windows deployment using PXE where the PXE server is configured for IPv4 only. - -## UEFI menu: Management -The Management page allows you to manage use of Zero Touch UEFI Management and other features on eligible devices including Surface Pro 7, Surface Pro X, and Surface Laptop 3. - -![Manage access to Zero Touch UEFI Management and other features](images/manage-surface-uefi-fig7a.png "Manage access to Zero Touch UEFI Management and other features") -*Figure 8. Manage access to Zero Touch UEFI Management and other features* - - -Zero Touch UEFI Management lets you remotely manage UEFI settings by using a device profile within Intune called Device Firmware Configuration Interface (DFCI). If you do not configure this setting, the ability to manage eligible devices with DFCI is set to **Ready**. To prevent DFCI, select **Opt-Out**. - -> [!NOTE] -> The UEFI Management settings page and use of DFCI is only available on Surface Pro 7, Surface Pro X, and Surface Laptop 3. - -For more information, refer to [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md). - -## UEFI menu: Exit - -Use the **Restart Now** button on the **Exit** page to exit UEFI settings, as shown in Figure 9. - -![Exit Surface UEFI and restart the device](images/manage-surface-uefi-fig7.png "Exit Surface UEFI and restart the device") - -*Figure 9. Click Restart Now to exit Surface UEFI and restart the device* - -## Surface UEFI boot screens - -When you update Surface device firmware, by using either Windows Update or manual installation, the updates are not applied immediately to the device, but instead during the next reboot cycle. You can find out more about the Surface firmware update process in [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates). The progress of the firmware update is displayed on a screen with progress bars of differing colors to indicate the firmware for each component. Each component’s progress bar is shown in Figures 9 through 18. - -![Surface UEFI firmware update with blue progress bar](images/manage-surface-uefi-fig8.png "Surface UEFI firmware update with blue progress bar") - -*Figure 10. The Surface UEFI firmware update displays a blue progress bar* - -![System Embedded Controller firmware with green progress bar](images/manage-surface-uefi-fig9.png "System Embedded Controller firmware with green progress bar") - -*Figure 11. The System Embedded Controller firmware update displays a green progress bar* - -![SAM Controller firmware update with orange progress bar](images/manage-surface-uefi-fig10.png "SAM Controller firmware update with orange progress bar") - -*Figure 12. The SAM Controller firmware update displays an orange progress bar* - -![Intel Management Engine firmware with red progress bar](images/manage-surface-uefi-fig11.png "Intel Management Engine firmware with red progress bar") - -*Figure 13. The Intel Management Engine firmware update displays a red progress bar* - -![Surface touch firmware with gray progress bar](images/manage-surface-uefi-fig12.png "Surface touch firmware with gray progress bar") - -*Figure 14. The Surface touch firmware update displays a gray progress bar* - -![Surface KIP firmware with light green progress bar](images/manage-surface-uefi-fig13.png "Surface touch firmware with light green progress bar") - -*Figure 15. The Surface KIP firmware update displays a light green progress bar* - -![Surface ISH firmware with pink progress bar](images/manage-surface-uefi-fig14.png "Surface ISH firmware with pink progress bar") - -*Figure 16 The Surface ISH firmware update displays a light pink progress bar* - -![Surface Trackpad firmware with gray progress bar](images/manage-surface-uefi-fig15.png "Surface Trackpad firmware with gray progress bar") - -*Figure 17. The Surface Trackpad firmware update displays a pink progress bar* - -![Surface TCON firmware with light gray progress bar](images/manage-surface-uefi-fig16.png "Surface TCON firmware with light gray progress bar") - -*Figure 18. The Surface TCON firmware update displays a light gray progress bar* - - -![Surface TPM firmware with light purple progress bar](images/manage-surface-uefi-fig17.png "Surface TPM firmware with purple progress bar") - -*Figure 19. The Surface TPM firmware update displays a purple progress bar* - - ->[!NOTE] ->An additional warning message that indicates Secure Boot is disabled is displayed, as shown in Figure 19. - -![Surface boot screen that indicates Secure Boot has been disabled](images/manage-surface-uefi-fig18.png "Surface boot screen that indicates Secure Boot has been disabled") - -*Figure 20. Surface boot screen that indicates Secure Boot has been disabled in Surface UEFI settings* - -## Related topics - -- [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md) - -- [Surface Enterprise Management Mode](surface-enterprise-management-mode.md) diff --git a/devices/surface/microsoft-surface-brightness-control.md b/devices/surface/microsoft-surface-brightness-control.md deleted file mode 100644 index 2bb2c8a956..0000000000 --- a/devices/surface/microsoft-surface-brightness-control.md +++ /dev/null @@ -1,81 +0,0 @@ ---- -title: Surface Brightness Control -description: This topic describes how you can use the Surface Brightness Control app to manage display brightness in point-of-sale and kiosk scenarios. -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: surface, devices -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.reviewer: hachidan -manager: laurawi -ms.localizationpriority: medium -ms.audience: itpro ---- - -# Surface Brightness Control - -When deploying Surface devices in point of sale or other “always-on” -kiosk scenarios, you can optimize power management using the new Surface -Brightness Control app. - -Available for download with [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703). -Surface Brightness Control is designed to help reduce thermal load and lower the overall carbon footprint for deployed Surface devices. -If you plan to get only this tool from the download page, select the file **Surface_Brightness_Control_v1.16.137.0.msi** in the available list. -The tool automatically dims the screen when not in use and includes the following configuration options: - -- Period of inactivity before dimming the display. - -- Brightness level when dimmed. - -- Maximum brightness level when in use. - -**To run Surface Brightness Control:** - -- Install surfacebrightnesscontrol.msi on the target device and Surface Brightness Control - will begin working immediately. - -## Configuring Surface Brightness Control - -You can adjust the default values via the Windows Registry. For more -information about using the Windows Registry, refer to the [Registry -documentation](https://docs.microsoft.com/windows/desktop/sysinfo/registry). - -1. Run regedit from a command prompt to open the Windows Registry - Editor. - - - Computer\HKEY\_LOCAL\_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Surface\Surface - Brightness Control\ - - If you're running an older version of Surface Brightness control, run the following command instead: - - - Computer\HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Surface\Surface - Brightness Control\ - - -| Registry Setting | Data| Description -|-----------|------------|--------------- -| Brightness Control Enabled | Default: 01
Option: 01, 00
Type: REG_BINARY | This setting allows you to turn Surface Brightness Control on or off. To disable Surface Brightness Control, set the value to 00. If you do not configure this setting, Surface Brightness Control is on. | -| Brightness Control On Power Enabled| Default: 01
Options: 01, 00
Type: REG_BINARY | This setting allows you to turn off Surface Brightness Control when the device is directly connected to power. To disable Surface Brightness Control when power is plugged in, set the value to 00. If you do not configure this setting, Surface Brightness Control is on. | -| Dimmed Brightness | Default: 20
Option: Range of 0-100 percent of screen brightness
Data Type: Positive integer
Type: REG_DWORD | This setting allows you to manage brightness range during periods of inactivity. If you do not configure this setting, the brightness level will drop to 20 percent of full brightness after 30 seconds of inactivity. | -Full Brightness | Default: 100
Option: Range of 0-100 percent of screen brightness
Data Type: Positive integer
Type: REG_DWORD | This setting allows you to manage the maximum brightness range for the device. If you do not configure this setting, the maximum brightness range is 100 percent.| -| Inactivity Timeout| Default: 30 seconds
Option: Any numeric value
Data Type: Integer
Type: REG_DWORD | This setting allows you to manage the period of inactivity before dimming the device. If you do not configure this setting, the inactivity timeout is 30 seconds.| -| Telemetry Enabled | Default: 01
Option: 01, 00
Type: REG_BINARY | This setting allows you to manage the sharing of app usage information to improve software and provide better user experience. To disable telemetry, set the value to 00. If you do not configure this setting, telemetry information is shared with Microsoft in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement). | - -## Changes and updates - -### Version 1.16.137
-*Release Date: 22 October 2019*
-This version of Surface Brightness Control adds support for the following: --Recompiled for x86, adding support for Surface Pro 7, Surface Pro X, and Surface Laptop 3. - -### Version 1.12.239.0 -*Release Date: 26 April 2019*
-This version of Surface Brightness Control adds support for the following: -- Touch delay fixes. - - -## Related topics - -- [Battery limit setting](battery-limit.md) diff --git a/devices/surface/microsoft-surface-data-eraser.md b/devices/surface/microsoft-surface-data-eraser.md deleted file mode 100644 index 1ad32d8518..0000000000 --- a/devices/surface/microsoft-surface-data-eraser.md +++ /dev/null @@ -1,253 +0,0 @@ ---- -title: Microsoft Surface Data Eraser (Surface) -description: Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices. -ms.assetid: 8DD3F9FE-5458-4467-BE26-E9200341CF10 -ms.reviewer: hachidan -manager: laurawi -ms.localizationpriority: medium -keywords: tool, USB, data, erase -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: surface, devices, security -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -audience: itpro -ms.date: 05/11/2020 ---- - -# Microsoft Surface Data Eraser - - -Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices. - -[Microsoft Surface Data Eraser](https://www.microsoft.com/download/details.aspx?id=46703) is a tool that boots from a USB stick and allows you to perform a secure wipe of all data from a compatible Surface device. A Microsoft Surface Data Eraser USB stick requires only the ability to boot from USB. The USB stick is easy to create by using the provided wizard, the Microsoft Surface Data Eraser wrapper, and is easy to use with a simple graphic interface, no command line needed. To learn more about the data wiping capabilities and practices Microsoft uses during the service process for Surface, see [Protecting your data if you send your Surface in for service](https://www.microsoft.com/surface/support/security-sign-in-and-accounts/data-wiping-policy). - ->[!IMPORTANT] ->Microsoft Surface Data Eraser uses the NVM Express (NVMe) format command to erase data as authorized in [NIST Special Publication 800-88 Revision 1](http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf). - -Compatible Surface devices include: - -* Surface Book 3 -* Surface Go 2 -* Surface Pro 7 -* Surface Pro X -* Surface Laptop 3 -* Surface Pro 6 -* Surface Laptop 2 -* Surface Go -* Surface Book 2 -* Surface Pro with LTE Advanced (Model 1807) -* Surface Pro (Model 1796) -* Surface Laptop -* Surface Studio -* Surface Studio 2 -* Surface Book -* Surface Pro 4 -* Surface 3 LTE -* Surface 3 -* Surface Pro 3 -* Surface Pro 2 - -Some scenarios where Microsoft Surface Data Eraser can be helpful include: - -- Prepare a Surface device to be sent for repair - -- Decommission a Surface device to be removed from corporate or organizational use - -- Repurpose a Surface device for use in a new department or for use by a new user - -- Standard practice when performing reimaging for devices used with sensitive data - ->[!NOTE] ->Third-party devices, Surface devices running Windows RT (including Surface and Surface 2), and Surface Pro are not compatible with Microsoft Surface Data Eraser. - ->[!NOTE] ->Because the ability to boot to USB is required to run Microsoft Surface Data Eraser, if the device is not configured to boot from USB or if the device is unable to boot or POST successfully, the Microsoft Surface Data Eraser tool will not function. - ->[!NOTE] ->Surface Data Eraser on Surface Studio and Surface Studio 2 can take up to 6 minutes to boot into WinPE before disk erasure can occur. - - -## How to create a Microsoft Surface Data Eraser USB stick - - -To create a Microsoft Surface Data Eraser USB stick, first install the Microsoft Surface Data Eraser setup tool from the Microsoft Download Center using the link provided at the beginning of this article. You do not need a Surface device to *create* the USB stick. After you have downloaded the installation file to your computer, follow these steps to install the Microsoft Surface Data Eraser creation tool: - -1. Run the DataEraserSetup.msi installation file that you downloaded from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=46703). - -2. Select the check box to accept the terms of the license agreement, and then click **Install**. - -3. Click **Finish** to close the Microsoft Surface Data Eraser setup window. - -After the creation tool is installed, follow these steps to create a Microsoft Surface Data Eraser USB stick. Before you begin these steps, ensure that you have a USB 3.0 stick that is 4 GB or larger connected to the computer. - -1. Start Microsoft Surface Data Eraser from the Start menu or Start screen. - -2. Click **Build** to begin the Microsoft Surface Data Eraser USB creation process. - -3. Click **Start** to acknowledge that you have a USB stick of at least 4 GB connected, as shown in Figure 1. - - ![Start the Microsoft Surface Data Eraser tool](images/dataeraser-start-tool.png "Start the Microsoft Surface Data Eraser tool") - - *Figure 1. Start the Microsoft Surface Data Eraser tool* -4. Choose **x64** for most Surface devices or **ARM64** for Surface Pro X from the **Architecture Selection** page, as shown in Figure 2. Select **Continue**. - - ![Architecture selection](images/dataeraser-arch.png "Architecture Selection")
- *Figure 2. Select device architecture* - - -4. Select the USB drive of your choice from the **USB Thumb Drive Selection** page as shown in Figure 3, and then click **Start** to begin the USB creation process. The drive you select will be formatted and any existing data on this drive will be lost. - - >[!NOTE] - >If the Start button is disabled, check that your removable drive has a total capacity of at least 4 GB. - - ![USB thumb drive selection](images/dataeraser-usb-selection.png "USB thumb drive selection") - - *Figure 3. USB thumb drive selection* - -5. After the creation process is finished, the USB drive has been formatted and all binaries are copied to the USB drive. Click **Success**. - -6. When the **Congratulations** screen is displayed, you can eject and remove the thumb drive. This thumb drive is now ready to be inserted into a Surface device, booted from, and wipe any data on the device. Click **Complete** to finish the USB creation process, as shown in Figure 4. - - ![Surface Data Eraser USB creation process](images/dataeraser-complete-process.png "Surface Data Eraser USB creation process") - - *Figure 4. Complete the Microsoft Surface Data Eraser USB creation process* - -7. Click **X** to close Microsoft Surface Data Eraser. - -## How to use a Microsoft Surface Data Eraser USB stick - - -After you create a Microsoft Surface Data Eraser USB stick, you can boot a supported Surface device from the USB stick by following this procedure: - -1. Insert the bootable Microsoft Surface Data Eraser USB stick into the supported Surface device. - -2. Boot your Surface device from the Microsoft Surface Data Eraser USB stick. To boot your device from the USB stick follow these steps: - - a. Turn off your Surface device. - - b. Press and hold the **Volume Down** button. - - c. Press and release the **Power** button. - - d. Release the **Volume Down** button. - - >[!NOTE] - >If your device does not boot to USB using these steps, you may need to turn on the **Enable Alternate Boot Sequence** option in Surface UEFI. You can read more about Surface UEFI boot configuration in [Manage Surface UEFI Settings](https://technet.microsoft.com/itpro/surface/manage-surface-uefi-settings). - -3. When the Surface device boots, a **SoftwareLicenseTerms** text file is displayed, as shown in Figure 5. - - ![Booting the Microsoft Surface Data Eraser USB stick](images/data-eraser-3.png "Booting the Microsoft Surface Data Eraser USB stick") - - *Figure 5. Booting the Microsoft Surface Data Eraser USB stick* - -4. Read the software license terms, and then close the Notepad file. - -5. Accept or decline the software license terms by typing **Accept** or **Decline**. You must accept the license terms to continue. - -6. The Microsoft Surface Data Eraser script detects the storage devices that are present in your Surface device and displays the details of the native storage device. To continue, press **Y** (this action runs Microsoft Surface Data Eraser and removes all data from the storage device) or press **N** (this action shuts down the device without removing data). - - >[!NOTE] - >The Microsoft Surface Data Eraser tool will delete all data, including Windows operating system files required to boot the device, in a secure and unrecoverable way. To boot a Surface device that has been wiped with Microsoft Surface Data Eraser, you will first need to reinstall the Windows operating system. To remove data from a Surface device without removing the Windows operating system, you can use the **Reset your PC** function. However, this does not prevent your data from being recovered with forensic or data recovery capabilities. See [Recovery options in Windows 10](https://support.microsoft.com/help/12415/windows-10-recovery-options) for more information. - - ![Partition to be erased is displayed](images/sda-fig5-erase.png "Partition to be erased is displayed") - - *Figure 6. Partition to be erased is displayed in Microsoft Surface Data Eraser* - -7. If you pressed **Y** in step 6, due to the destructive nature of the data erasure process, an additional dialog box is displayed to confirm your choice. - -8. Click the **Yes** button to continue erasing data on the Surface device. - - >[!NOTE] - >When you run Surface Data Eraser on the Surface Data Eraser USB drive, a log file is generated in the **SurfaceDataEraserLogs** folder. - -## Changes and updates - -Microsoft Surface Data Eraser is periodically updated by Microsoft. For information about the changes provided in each new version, see the following: - -### 3.30.139 -*Release Date: 11 May 2020* - -This version of Surface Data Eraser adds support for: -- Surface Book 3 -- Surface Go 2 -- New SSD in Surface Go - -### 3.28.137 -*Release Date: 11 Nov 2019* -This version of Surface Data Eraser: - -- Includes bug fixes - -### Version 3.21.137 -*Release Date: 21 Oct 2019* -This version of Surface Data Eraser is compiled for x86 and adds support for the following devices: - -- Supports Surface Pro 7, Surface Pro X, and Surface Laptop 3 - -### Version 3.2.78.0 -*Release Date: 4 Dec 2018* - -This version of Surface Data Eraser: - -- Includes bug fixes - - -### Version 3.2.75.0 -*Release Date: 12 November 2018* - -This version of Surface Data Eraser: - -- Adds support to Surface Studio 2 -- Fixes issues with SD card - -### Version 3.2.69.0 -*Release Date: 12 October 2018* - -This version of Surface Data Eraser adds support for the following: - -- Surface Pro 6 -- Surface Laptop 2 - -### Version 3.2.68.0 -This version of Microsoft Surface Data Eraser adds support for the following: - -- Surface Go - - -### Version 3.2.58.0 -This version of Microsoft Surface Data Eraser adds support for the following: - -- Additional storage devices (drives) for Surface Pro and Surface Laptop devices - - -### Version 3.2.46.0 -This version of Microsoft Surface Data Eraser adds support for the following: - -- Surface Pro with LTE Advanced - - -### Version 3.2.45.0 - -This version of Microsoft Surface Data Eraser adds support for the following: - -- Surface Book 2 - -- Surface Pro 1TB - - >[!NOTE] - >Surface Data Eraser v3.2.45.0 and above can be used to restore Surface Pro or Surface Laptop devices with the 1TB storage option in the scenario that the device shows two separate 512GB volumes or encounters errors when attempting to deploy or install Windows 10. See [Surface Pro Model 1796 and Surface Laptop 1TB display two drives](https://support.microsoft.com/help/4046105/surface-pro-model-1796-and-surface-laptop-1tb-display-two-drives) for more information. - - -### Version 3.2.36.0 - -This version of Microsoft Surface Data Eraser adds support for the following: - -- Surface Pro - -- Surface Laptop - ->[!NOTE] ->The Microsoft Surface Data Eraser USB drive creation tool is unable to run on Windows 10 S. To wipe a Surface Laptop running Windows 10 S, you must first create the Microsoft Surface Data Eraser USB drive on another computer with Windows 10 Pro or Windows 10 Enterprise. diff --git a/devices/surface/microsoft-surface-deployment-accelerator.md b/devices/surface/microsoft-surface-deployment-accelerator.md deleted file mode 100644 index 4a2b2a806c..0000000000 --- a/devices/surface/microsoft-surface-deployment-accelerator.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: Microsoft Surface Deployment Accelerator (Surface) -description: Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices. -ms.assetid: E7991E90-4AAE-44B6-8822-58BFDE3EADE4 -ms.reviewer: hachidan -manager: laurawi -ms.localizationpriority: medium -keywords: deploy, install, tool -ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: surface, devices -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.audience: itpro -ms.date: 5/08/2020 ---- - -# Microsoft Surface Deployment Accelerator - -Microsoft Surface Deployment Accelerator (SDA) automates the creation and configuration of a Microsoft recommended deployment experience by using free Microsoft deployment tools. - -Redesigned in April 2020 to simplify and automate deployment of Surface images in a corporate environment, the -SDA tool allows you to build a “factory-like” Windows image that you can customize to your organizational requirements. - -The open source, script-driven SDA tool leverages the Windows Assessment and Deployment Kit (ADK) for Windows 10, facilitating the creation of Windows images (WIM) in test or production environments. If the latest ADK is not already installed, it will be downloaded and installed when running the SDA tool. - -The resulting image closely matches the configuration of Bare Metal Recovery (BMR) images, without any pre-installed applications such as Microsoft Office or the Surface UWP application. - -**To run SDA:** - -1. Go to [SurfaceDeploymentAccelerator](https://github.com/microsoft/SurfaceDeploymentAccelerator) on GitHub. -2. Select **Clone or Download** and review the Readme file. -3. Edit the script with the appropriate variables for your environment, as documented in the Readme, and review before running it in your test environment. - - ![Running Surface Deployment Accelerator tool](images/surface-deployment-accelerator.png) - -## Related links - - - [Open source image deployment tool released on GitHub](https://techcommunity.microsoft.com/t5/surface-it-pro-blog/open-source-image-deployment-tool-released-on-github/ba-p/1314115) - - - [Download and install the Windows ADK](https://docs.microsoft.com/windows-hardware/get-started/adk-install) diff --git a/devices/surface/secure-surface-dock-ports-semm.md b/devices/surface/secure-surface-dock-ports-semm.md deleted file mode 100644 index 266f6d92cf..0000000000 --- a/devices/surface/secure-surface-dock-ports-semm.md +++ /dev/null @@ -1,168 +0,0 @@ ---- -title: Secure Surface Dock 2 ports with Surface Enterprise Management Mode (SEMM) -description: This document provides guidance for configuring UEFI port settings for Surface Dock 2 when connected to compatible Surface devices including Surface Book 3, Surface Laptop 3, and Surface Pro 7. -ms.assetid: 2808a8be-e2d4-4cb6-bd53-9d10c0d3e1d6 -ms.reviewer: -manager: laurawi -keywords: Troubleshoot common problems, setup issues -ms.prod: w10 -ms.mktglfcycl: support -ms.sitesec: library -ms.pagetype: surfacehub -author: v-miegge -ms.author: jesko -ms.topic: article -ms.date: 06/08/2020 -ms.localizationpriority: medium -ms.audience: itpro ---- - -# Secure Surface Dock 2 ports with Surface Enterprise Management Mode (SEMM) - -## Introduction - -Surface Enterprise Management Mode (SEMM) enables IT admins to secure and manage Surface Dock 2 ports by configuring UEFI settings in a Windows installer configuration package (.MSI file) deployed to compatible Surface devices across a corporate environment. - -### Supported devices - -Managing Surface Dock 2 with SEMM is available for docks connected to Surface Book 3, Surface Laptop 3, and Surface Pro 7. These compatible Surface devices are commonly referred to as **host devices**. A package is applied to host devices based on if a host device is **authenticated** or **unauthenticated**. Configured settings reside in the UEFI layer on host devices enabling you — the IT admin — to manage Surface Dock 2 just like any other built-in peripheral such as the camera. - ->[!NOTE] ->You can manage Surface Dock 2 ports only when the dock is connected to one of the following compatible devices: Surface Book 3, Surface Laptop 3, and Surface Pro 7. Any device that doesn't receive the UEFI Authenticated policy settings is inherently an unauthenticated device. - -### Scenarios - -Restricting Surface Dock 2 to authorized persons signed into a corporate host device provides another layer of data protection. This ability to lock down Surface Dock 2 is critical for specific customers in highly secure environments who want the functionality and productivity benefits of the dock while maintaining compliance with strict security protocols. We anticipate SEMM used with Surface Dock 2 will be particularly useful in open offices and shared spaces especially for customers who want to lock USB ports for security reasons. For a video demo, check out [SEMM for Surface Dock 2](https://youtu.be/VLV19ISvq_s). - -## Configuring and deploying UEFI settings for Surface Dock 2 - -This section provides step-by-step guidance for the following tasks: - -1. Install [**Surface UEFI Configurator**](https://www.microsoft.com/download/details.aspx?id=46703). -1. Create or obtain public key certificates. -1. Create an .MSI configuration package. - 1. Add your certificates. - 1. Enter the 16-digit RN number for your Surface Dock 2 devices. - 1. Configure UEFI settings. -1. Build and apply the configuration package to targeted Surface devices (Surface Book 3, Surface Laptop 3, or Surface Pro 7.) - ->[!NOTE] ->The **Random Number (RN)** is a unique 16-digit hex code identifier which is provisioned at the factory, and printed in small type on the underside of the dock. The RN differs from most serial numbers in that it can't be read electronically. This ensures proof of ownership is primarily established only by reading the RN when physically accessing the device. The RN may also be obtained during the purchase transaction and is recorded in Microsoft inventory systems. - -### Install SEMM and Surface UEFI Configurator - -Install SEMM by running **SurfaceUEFI_Configurator_v2.71.139.0.msi**. This is a standalone installer and contains everything you need to create and distribute configuration packages for Surface Dock 2. - -- Download **Surface UEFI Configurator** from [Surface Tools for IT](https://www.microsoft.com/en-us/download/details.aspx?id=46703). - -## Create public key certificates - -This section provides specifications for creating the certificates needed to manage ports for Surface Dock 2. - -### Prerequisites - -This article assumes that you either obtain certificates from a third-party provider or you already have expertise in PKI certificate services and know how to create your own. You should be familiar with and follow the general recommendations for creating certificates as described in [Surface Enterprise Management Mode (SEMM)](https://docs.microsoft.com/surface/surface-enterprise-management-mode) documentation, with one exception. The certificates documented on this page require expiration terms of 30 years for the **Dock Certificate Authority**, and 20 years for the **Host Authentication Certificate**. - -For more information, see [Certificate Services Architecture](https://docs.microsoft.com/windows/win32/seccrypto/certificate-services-architecture) documentation and review the appropriate chapters in [Windows Server 2019 Inside Out](https://www.microsoftpressstore.com/store/windows-server-2019-inside-out-9780135492277), or [Windows Server 2008 PKI and Certificate Security](https://www.microsoftpressstore.com/store/windows-server-2008-pki-and-certificate-security-9780735640788) available from Microsoft Press. - -### Root and host certificate requirements - -Prior to creating the configuration package, you need to prepare public key certificates that authenticate ownership of Surface Dock 2 and facilitate any subsequent changes in ownership during the device lifecycle. The host and provisioning certificates require entering EKU IDs otherwise known as **Client Authentication Enhanced Key Usage (EKU) object identifiers (OIDs)**. - -The required EKU values are listed in Table 1 and Table 2. - -#### Table 1. Root and Dock Certificate requirements - -|Certificate|Algorithm|Description|Expiration|EKU OID| -|---|---|---|---|---| -|Root Certificate Authority|ECDSA_P384|- Root certificate with 384-bit prime elliptic curve digital signature algorithm (ECDSA)
- SHA 256 Key Usage:
CERT_DIGITAL_SIGNATURE_KEY_USAGE
- CERT_KEY_CERT_SIGN_KEY_USAGE
CERT_CRL_SIGN_KEY_USAGE|30 years|N/A -|Dock Certificate Authority|ECC P256 curve|- Host certificate with 256-bit elliptic-curve cryptography (ECC)
- SHA 256 Key Usage:
CERT_KEY_CERT_SIGN_KEY_USAGE
- Path Length Constraint = 0|20 years|1.3.6.1.4.1.311.76.9.21.2
1.3.6.1.4.1.311.76.9.21.3| - - >[!NOTE] - >The dock CA must be exported as a .p7b file. - -### Provisioning Administration Certificate requirements - -Each host device must have the doc CA and two certificates as shown in Table 2. - -#### Table 2. Provisioning administration certificate requirements - -|Certificate|Algorithm|Description|EKU OID| -|---|---|---|---| -|Host authentication certificate|ECC P256
SHA 256|Proves the identity of the host device.|1.3.6.1.4.1.311.76.9.21.2| -|Provisioning administration certificate|ECC P256
SHA256|Enables you to change dock ownership and/or policy settings by allowing you to replace the CA that's currently installed on the dock.|1.3.6.1.4.1.311.76.9.21.3
1.3.6.1.4.1.311.76.9.21.4| - - >[!NOTE] - >The host authentication and provisioning certificates must be exported as .pfx files. - -### Create configuration package - -When you have obtained or created the certificates, you’re ready to build the MSI configuration package that will be applied to target Surface devices. - -1. Run Surface **UEFI Configurator**. - - ![Run Surface UEFI Configurator](images/secure-surface-dock-ports-semm-1.png) - -1. Select **Surface Dock**. - - ![Select Surface Dock](images/secure-surface-dock-ports-semm-2.png) - -1. On the certificate page, enter the appropriate **certificates**. - - ![enter the appropriate certificates](images/secure-surface-dock-ports-semm-3.png) - -1. Add appropriate dock RNs to the list. - - >[!NOTE] - >When creating a configuration package for multiple Surface Dock 2 devices, instead of entering each RN manually, you can use a .csv file that contains a list of RNs. - -1. Specify your policy settings for USB data, Ethernet, and Audio ports. UEFI Configurator lets you configure policy settings for authenticated users (Authenticated Policy) and unauthenticated users (Unauthenticated Policy). The following figure shows port access turned on for authenticated users and turned off for unauthenticated users. - - ![Choose which components you want to activate or deactivate.](images/secure-surface-dock-ports-semm-4.png) - - - Authenticated user refers to a Surface Device that has the appropriate certificates installed, as configured in the .MSI configuration package that you applied to target devices. It applies to any user authenticated user who signs into the device. - - Unauthenticated user refers to any other device. - - Select **Reset** to create a special “Reset” package that will remove any previous configuration package that the dock had accepted. - -1. Select **Build** to create the package as specified. - -### Apply the configuration package to a Surface Dock 2 - -1. Take the MSI file that the Surface UEFI Configurator generated and install it on a Surface host device. Compatible host devices are Surface Book 3, Surface Laptop 3, or Surface Pro 7. -1. Connect the host device to the Surface Dock 2. When you connect the dock UEFI policy settings are applied. - -## Verify managed state using the Surface App - -Once you have applied the configuration package, you can quickly verify the resultant policy state of the dock directly from the Surface App, installed by default on all Surface devices. If Surface App isn't present on the device, you can download and install it from the Microsoft Store. - -### Test scenario - -Objective: Configure policy settings to allow port access by authenticated users only. - -1. Turn on all ports for authenticated users and turn them off for unauthenticated users. - - ![Enabling ports for authenticated users](images/secure-surface-dock-ports-semm-4.png) - -1. Apply the configuration package to your target device and then connect Surface Dock 2. - -1. Open **Surface App** and select **Surface Dock** to view the resultant policy state of your Surface Dock. If the policy settings are applied, Surface App will indicate that ports are available. - - ![Surface app shows all ports are available for authenticated users](images/secure-surface-dock-ports-semm-5.png) - -1. Now you need to verify that the policy settings have successfully turned off all ports for unauthenticated users. Connect Surface Dock 2 to an unmanaged device, i.e., any Surface device outside the scope of management for the configuration package you created. - -1. Open **Surface App** and select **Surface Dock**. The resultant policy state will indicate ports are turned off. - - ![Surface app showing ports turned off for unauthenticated users ](images/secure-surface-dock-ports-semm-6.png) - ->[!NOTE] ->If you want to keep ownership of the device, but allow all users full access, you can make a new package with everything turned on. If you wish to completely remove the restrictions and ownership of the device (make it unmanaged), select **Reset** in Surface UEFI Configurator to create a package to apply to target devices. - -Congratulations. You have successfully managed Surface Dock 2 ports on targeted host devices. - -## Learn more - -- [Surface Enterprise Management Mode (SEMM) documentation](https://docs.microsoft.com/surface/surface-enterprise-management-mode) -- [Certificate Services Architecture](https://docs.microsoft.com/windows/win32/seccrypto/certificate-services-architecture) -- [Windows Server 2019 Inside Out](https://www.microsoftpressstore.com/store/windows-server-2019-inside-out-9780135492277) -- [Windows Server 2008 PKI and Certificate Security](https://www.microsoftpressstore.com/store/windows-server-2008-pki-and-certificate-security-9780735640788) diff --git a/devices/surface/support-solutions-surface.md b/devices/surface/support-solutions-surface.md deleted file mode 100644 index d9f0e6200d..0000000000 --- a/devices/surface/support-solutions-surface.md +++ /dev/null @@ -1,78 +0,0 @@ ---- -title: Top support solutions for Surface devices in the enterprise -description: Find top solutions for common issues using Surface devices in the enterprise. -ms.assetid: CF58F74D-8077-48C3-981E-FCFDCA34B34A -ms.reviewer: -manager: laurawi -keywords: Troubleshoot common problems, setup issues -ms.prod: w10 -ms.mktglfcycl: support -ms.sitesec: library -ms.pagetype: surfacehub -author: coveminer -ms.author: greglin -ms.topic: article -ms.date: 09/26/2019 -ms.localizationpriority: medium -ms.audience: itpro ---- - -# Top support solutions for Surface devices - -> [!Note] -> **Home users**: This article is only intended for use by IT professionals and technical support agents, and applies only to Surface devices. If you're looking for help with a problem with your home device, please see [Surface Devices Help](https://support.microsoft.com/products/surface-devices). - -These are the Microsoft Support solutions for common issues you may experience using Surface devices in an enterprise. If your issue is not listed here, [contact Microsoft Support](https://support.microsoft.com/supportforbusiness/productselection). - -## Surface Drivers and Firmware - -Microsoft regularly releases both updates and solutions for Surface devices. To ensure your devices can receive future updates, including security updates, it's important to keep your Surface devices updated. - -- [Surface update history](https://www.microsoft.com/surface/support/install-update-activate/surface-update-history) -- [Install Surface and Windows updates](https://www.microsoft.com/surface/support/performance-and-maintenance/install-software-updates-for-surface?os=windows-10&=undefined) -- [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482) -- [Deploy the latest firmware and drivers for Surface devices](https://docs.microsoft.com/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices) -- [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates) -- [How to manage Surface driver updates in Configuration Manager](https://support.microsoft.com/help/4098906) - -## Surface Dock Issues - -- [Troubleshoot Surface Dock and docking stations](https://support.microsoft.com/help/4023468/surface-troubleshoot-surface-dock-and-docking-stations) - -- [Troubleshoot connecting Surface to a second screen](https://support.microsoft.com/help/4023496) - -- [Microsoft Surface Dock Firmware Update](https://docs.microsoft.com/surface/surface-dock-updater) - -## Device cover or keyboard issues - -- [Troubleshoot your Surface Type Cover or keyboard](https://www.microsoft.com/surface/support/hardware-and-drivers/troubleshoot-surface-keyboards) - -## Screen cracked or scratched issues - -- [Contact Microsoft Support](https://support.microsoft.com/supportforbusiness/productselection) - -## Surface Power or battery Issues - -- [How to Charge Surface(Surface PSU information)](https://support.microsoft.com/help/4023496) - -- [Surface battery won’t charge or Surface won’t run on battery](https://support.microsoft.com/help/4023536) - -- [Surface won’t turn on or wake from sleep](https://support.microsoft.com/help/4023537) - -- [Maximize your Surface battery life](https://support.microsoft.com/help/4483194) - -## Reset device - -- [Creating and using a USB recovery drive for Surface](https://support.microsoft.com/help/4023512) - -- [FAQ: Protecting your data if you send your Surface in for Service](https://support.microsoft.com/help/4023508) - -- [Microsoft Surface Data Eraser](https://docs.microsoft.com/surface/microsoft-surface-data-eraser) - -## Deployment Issues - -- [DISK0 not found when you deploy Windows on Surface Pro Model 1796 or Surface Laptop](https://support.microsoft.com/help/4046108) - -- [Surface Pro Model 1796 and Surface Laptop 1TB display two drives](https://support.microsoft.com/help/4046105) - -- [System SKU reference](https://docs.microsoft.com/surface/surface-system-sku-reference) diff --git a/devices/surface/surface-book-gpu-overview.md b/devices/surface/surface-book-gpu-overview.md deleted file mode 100644 index 77c5af7cc9..0000000000 --- a/devices/surface/surface-book-gpu-overview.md +++ /dev/null @@ -1,165 +0,0 @@ ---- -title: Surface Book 3 GPU technical overview -description: This article provides a technical evaluation of GPU capabilities across Surface Book 3 models. -ms.prod: w10 -ms.mktglfcycl: manage -ms.localizationpriority: medium -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.date: 5/06/2020 -ms.reviewer: brrecord -manager: laurawi -audience: itpro ---- -# Surface Book 3 GPU technical overview - -## Introduction - -Surface Book 3, the most powerful Surface laptop yet released, integrates fully modernized compute and graphics capabilities into its famous detachable form factor. Led by the quad-core 10th Gen Intel® Core™ i7 and NVIDIA® Quadro RTX™ 3000 graphical processing unit (GPU) on the 15-inch model, Surface Book 3 comes in a wide range of configurations for consumers, creative professionals, architects, engineers, and data scientists. This article explains the major differences between the GPU configurations across 13-inch and 15-inch models of Surface Book 3. - -A significant differentiator across Surface Book 3 models is the GPU configuration. In addition to the integrated Intel GPU built into all models, all but the entry-level 13.5-inch Core i5 device also feature a discrete NVIDIA GPU with Max-Q Design, which incorporates features that optimize energy efficiency for mobile form factors. - -Built into the keyboard base, the additional NVIDIA GPU provides advanced graphics rendering capabilities and comes in two primary configurations: GeForce® GTX® 1650/1660 Ti for consumers or creative professionals and Quadro RTX 3000 for creative professionals, engineers, and other business professionals who need advanced graphics or deep learning capabilities. This article also describes how to optimize app utilization of GPUs by specifying which apps should use the integrated iGPU versus the discrete NVIDIA GPU. - -## Surface Book 3 GPUs - -This section describes the integrated and discrete GPUs across Surface Book 3 models. For configuration details of all models, refer to [Appendix A: Surface Book 3 SKUs](#). - -### Intel Iris™ Plus Graphics - -The integrated GPU (iGPU) included on all Surface Book 3 models incorporates a wider graphics engine and a redesigned memory controller with support for LPDDR4X. Installed as the secondary GPU on most Surface Book 3 models, Intel Iris Plus Graphics functions as the singular GPU in the core i5, 13.5-inch model. Although nominally the entry level device in the Surface Book 3 line, it delivers advanced graphics capabilities enabling consumers, hobbyists, and online creators to run the latest productivity software like Adobe Creative Cloud or enjoy gaming titles in 1080p. - -### NVIDIA GeForce GTX 1650 - -NVIDIA GeForce GTX 1650 with Max-Q design delivers a major upgrade of the core streaming multiprocessor to more efficiently handle the complex graphics of modern games. Its -concurrent execution of floating point and integer operations boosts performance in the compute-heavy workloads of modern games. A new unified memory architecture with twice the cache of its predecessor allows for better performance on complex modern games. New shading advancements improve performance, enhance image quality, and deliver new levels of geometric complexity. - -### NVIDIA GeForce GTX 1660 Ti - -Compared with the GeForce GTX 1650, the faster GeForce GTX 1660 Ti provides Surface Book 3 with additional performance improvements and includes the new and upgraded NVIDIA Encoder, making it better for consumers, gamers, live streamers, and creative professionals. - -Thanks to 6 GB of GDDR6 graphics memory, Surface Book 3 models equipped with NVIDIA GeForce GTX 1660 TI provide superior speeds on advanced business productivity software and popular games especially when running the most modern titles or livestreaming. With an optional 2 TB SSD (available in U.S. only), the 15-inch model with GeForce GTX 1660 Ti delivers the most storage of any Surface Book 3 device. - -### NVIDIA Quadro RTX 3000 - -NVIDIA Quadro RTX 3000 unlocks several key features for professional users: ray tracing rendering and AI acceleration, and advanced graphics and compute performance. A combination of 30 RT cores, 240 tensor cores, and 6 GB of GDDR6 graphics memory enables multiple advanced workloads including Al-powered workflows, 3D content creation, advanced video editing, professional broadcasting, and multi-app workflows. Enterprise level hardware and software support integrate deployment tools to maximize uptime and minimize IT support requirements. Certified for the world’s most advanced software, Quadro drivers are optimized for professional applications and are tuned, tested, and validated to provide app certification, enterprise level stability, reliability, availability, and support with extended product availability. - - -## Comparing GPUs across Surface Book 3 - -NVIDIA GPUs provide users with great performance for gaming, live streaming, and content creation. GeForce GTX products are great for gamers and content creators. Quadro RTX products are targeted at professional users, provide great performance in gaming and content creation, and also add the following features: - -- RTX acceleration for ray tracing and AI. This makes it possible to render film-quality, photorealistic objects and environments with physically accurate shadows, reflections and refractions. And its hardware accelerated AI capabilities means the advanced AI-based features in popular applications can run faster than ever before. -- Enterprise-level hardware, drivers and support, as well as ISV app certifications. -- IT management features including an additional layer of dedicated enterprise tools for remote management that help maximize uptime and minimize IT support requirements. - - Unless you count yourself among the ranks of advanced engineering, design, architecture, or data science professionals, Surface Book 3 equipped with NVIDIA GeForce graphics capabilities will likely meet your needs. Conversely, if you’re already in -- or aspiring to join -- a profession that requires highly advanced graphics capabilities in a portable form factor that lets you work from anywhere, Surface Book 3 with Quadro RTX 3000 deserves serious consideration. To learn more, refer to the Surface Book 3 Quadro RTX 3000 technical overview. - -**Table 1. Discrete GPUs on Surface Book 3** - -| | **GeForce GTX 1650** | **GeForce GTX 1660 Ti** | **Quadro RTX 3000** | -| -------------------- | -------------------------------------- | -------------------------------------------------- | --------------------------------------------------------------------------------------------------------- | -| **Target users** | Gamers, hobbyists, and online creators | Gamers, creative professionals, and online creators | Creative professionals, architects, engineers, developers, data scientists | -| **Workflows** | Graphic design
Photography
Video | Graphic design
Photography
Video | Al-powered Workflows
App certifications
High-res video
Pro broadcasting
Multi-app workflows | -| **Key apps** | Adobe Creative Suite | Adobe Creative Suite | Adobe Creative Suite
Autodesk AutoCAD
Dassault Systemes SolidWorks | -| **GPU acceleration** | Video and image processing | Video and image processing | Ray tracing + AI + 6K video
Pro broadcasting features
Enterprise support | - - -**Table 2. GPU tech specs on Surface Book 3** - -| | **GeForce GTX 1650** | **GeForce GTX 1660 Ti** | **Quadro RTX 3000** | -| -------------------------------------------------------- | -------------------- | ----------------------- | ------------------- | -| **NVIDIA CUDA processing cores** | 1024 | 1536 | 1920 | -| **NVIDIA Tensor Cores** | No | No | 240 | -| **NVIDIA RT Cores** | No | No | 30 | -| **GPU memory** | 4 GB | 6 GB | 6 GB | -| **Memory Bandwidth (GB/sec)** | Up to 112 | Up to 288 | Up to 288 | -| **Memory type** | GDDR5 | GDDR6 | GDDR6 | -| **Memory interface** | 128-bit | 192-bit | 192-bit | -| **Boost clock MHz** | 1245 | 1425 | 1305 | -| **Base clock (MHz)** | 1020 | 1245 | 765 | -| **Real-time ray tracing** | No | No | Yes | -| **AI hardware acceleration** | No | No | Yes | -| **Hardware Encoder** | Yes | Yes | Yes | -| **Game Ready Driver (GRD)** | Yes 1 | Yes 1 |Yes 2 -| **Studio Driver (SD)** | Yes 1 | Yes1 | Yes 1 | -| **Optimal Driver for Enterprise (ODE)** | No | No | Yes | -| **Quadro New Feature Driver (QNF)** | No | No | Yes | -| **Microsoft DirectX 12 API, Vulkan API, Open GL 4.6** | Yes | Yes | Yes | -| **High-bandwidth Digital Content Protection (HDCP) 2.2** | Yes | Yes | Yes | -| **NVIDIA GPU Boost** | Yes | Yes | Yes | - - - 1. *Recommended* - 2. *Supported* - -## Optimizing power and performance on Surface Book 3 - -Windows 10 includes a Battery Saver mode with a performance slider that lets you maximize app performance (by sliding it to the right) or preserve battery life (by sliding it to the left). Surface Book 3 implements this functionality algorithmically to optimize power and performance across the following components: - -- CPU Energy Efficiency Registers (Intel Speed Shift technology) and other SoC tuning parameters to maximize efficiency. -- Fan Maximum RPM with four modes: quiet, nominal, performance, and max. -- Processor Power Caps (PL1/PL2). -- Processor IA Turbo limitations. - -By default, when the battery drops below 20 percent, the Battery Saver adjusts settings to extend battery life. When connected to power, Surface Book 3 defaults to “Best Performance” settings to ensure apps run in high performance mode on the secondary NVIDIA GPU present on all i7 Surface Book 3 systems. - -Using default settings is recommended for optimal performance when used as a laptop or detached in tablet or studio mode. You can access Battery Saver by selecting the battery icon on the far right of the taskbar. - -### Game mode - -Surface Book 3 includes a new game mode that automatically selects maximum performance settings when launched. - -### Safe Detach - -New in Surface Book 3, apps enabled for Safe Detach let you disconnect while the app is using the GPU. For supported apps like *World of Warcraft*, your work is moved to the iGPU. - -### Modifying app settings to always use a specific GPU - -You can switch between the power-saving but still capable built-in Intel graphics and the more powerful discrete NVIDIA GPU and associate a GPU with a specific app. By default, Windows 10 automatically chooses the appropriate GPU, assigning graphically demanding apps to the discrete NVIDIA GPU. In most instances there is no need to manually adjust these settings. However, if you frequently detach and reattach the display from the keyboard base while using a graphically demanding app, you’ll typically need to close the app prior to detaching. To enable continuous use of the app without having to close it every time you detach or reattach the display, you can assign it to the integrated GPU, albeit with some loss of graphics performance. - -In some instances, Windows 10 may assign a graphically demanding app to be iGPU; for example, if the app is not fully optimized for hybrid graphics. To remedy this, you can manually assign the app to the discrete NVIDIA GPU. - -**To configure apps using custom per-GPU options:** - -1. Go to **Settings** > **System** > **Display** and select **Graphics Settings**. - - 1. For a Windows desktop program, choose **Classic App** > **Browse** and then locate the program. - 2. For a UWP app, choose **Universal App** and then select the app from the drop-down list. - -2. Select **Add** to create a new entry on the list for your selected program, select Options to open Graphics Specifications, and then select your desired option. - - ![Select power saving or high performance GPU options](./images/graphics-settings2.png) - -3. To verify which GPU are used for each app, open **Task Manager,** select **Performance,** and view the **GPU Engine** column. - - -## Appendix A: Surface Book 3 SKUs - -| **Display** | **Processor** | **GPU** | **RAM** | **Storage** | -| ------------- | --------------------------------- | ---------------------------------------------------------------------------------------------------- | ---------- | ----------- | -| **13.5-inch** | Quad-core 10th Gen Core i5-1035G7 | Intel Iris™ Plus Graphics | 16 LPDDR4x | 256 GB | -| **13.5-inch** | Quad-core 10th Gen Core i7-1065G7 | Intel Iris Plus Graphics
NVIDIA GeForce GTX 1650. Max-Q Design with 4GB GDDR5 graphics memory | 16 LPDDR4x | 256 GB | -| **13.5-inch** | Quad-core 10th Gen Core i7-1065G7 | Intel Iris Plus Graphics
NVIDIA GeForce GTX 1650. Max-Q Design with 4GB GDDR5 graphics memory | 32 LPDDR4x | 512 GB | -| **13.5-inch** | Quad-core 10th Gen Core i7-1065G7 | Intel Iris Plus Graphics
NVIDIA GeForce GTX 1650. Max-Q Design with 4GB GDDR5 graphics memory | 32 LPDDR4x | 1 TB | -| **15-inch** | Quad-core 10th Gen Core i7-1065G7 | Intel Iris Plus Graphics
NVIDIA GeForce GTX 1660 Ti. Max-Q Design with 6GB GDDR6 graphics memory | 16 LPDDR4x | 256 GB | -| **15-inch** | Quad-core 10th Gen Core i7-1065G7 | Intel Iris Plus Graphics
NVIDIA GeForce GTX 1660 Ti. Max-Q Design with 6GB GDDR6 graphics memory | 32 LPDDR4x | 512 GB | -| **15-inch** | Quad-core 10th Gen Core i7-1065G7 | Intel Iris Plus Graphics
NVIDIA GeForce GTX 1660 Ti. Max-Q Design with 6GB GDDR6 graphics memory | 32 LPDDR4x | 1 TB | -| **15-inch** | Quad-core 10th Gen Core i7-1065G7 | Intel Iris Plus Graphics
NVIDIA GeForce GTX 1660 Ti. Max-Q Design with 6GB GDDR6 graphics memory | 32 LPDDR4x | 2 TB | -| **15-inch** | Quad-core 10th Gen Core i7-1065G7 | Intel Iris Plus Graphics
NVIDIA Quadro RTX 3000. Max-Q Design with 6GB GDDR6 graphics memory | 32 LPDDR4x | 512 GB | -| **15-inch** | Quad-core 10th Gen Core i7-1065G7 | Intel Iris Plus Graphics
NVIDIA Quadro RTX 3000. Max-Q Design with 6GB GDDR6 graphics memory | 32 LPDDR4x | 1 TB | - -> [!NOTE] -> 2TB SSD available in U.S. only: Surface Book 3 15” with NVIDIA GTX 1660Ti - -## Summary - -Built for performance, Surface Book 3 includes different GPU configurations optimized to meet specific workload and use requirements. An integrated Intel Iris graphics GPU functions as the sole GPU on the entry-level Core i5 device and as a secondary GPU on all other models. GeForce GTX 1650 features a major upgrade of the core streaming multiprocessor to run complex graphics more efficiently. The faster GeForce GTX 1660 Ti provides Surface Book 3 with additional performance improvements making it better for consumers, gamers, live streamers, and creative professionals. Quadro RTX 3000 unlocks several key features for professional users: ray tracing rendering and AI acceleration, and advanced graphics and compute performance. - - -## Learn more - -- [Surface Book 3 Quadro RTX 3000 technical overview](surface-book-quadro.md) -- [Surface for Business](https://www.microsoft.com/surface/business) diff --git a/devices/surface/surface-book-quadro.md b/devices/surface/surface-book-quadro.md deleted file mode 100644 index c1e6f3bcc2..0000000000 --- a/devices/surface/surface-book-quadro.md +++ /dev/null @@ -1,136 +0,0 @@ ---- -title: Surface Book 3 GPU technical overview -description: This article describes the advanced capabilities enabled by Nvidia Quadro RTX 3000 in select Surface Book 3 for Business 15-inch models. -ms.prod: w10 -ms.mktglfcycl: manage -ms.localizationpriority: medium -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.date: 5/06/2020 -ms.reviewer: brrecord -manager: laurawi -audience: itpro ---- - -# Surface Book 3 Quadro RTX 3000 technical overview - -Surface Book 3 for Business powered by the NVIDIA® Quadro RTX™ 3000 GPU is built for professionals who need real-time rendering, AI acceleration, advanced graphics, and compute performance in a portable form factor. Quadro RTX 3000 fundamentally changes what you can do with the new Surface Book 3: - -- **Ray Tracing** - Produce stunning renders, designs and animations faster than ever before with 30 RT Cores for hardware-accelerated ray tracing. -- **Artificial Intelligence** - Remove redundant, tedious tasks and compute intensive work with 240 Tensor Cores for GPU-accelerated AI. -- **Advanced Graphics and Compute Technology** - Experience remarkable speed and interactivity during your most taxing graphics and compute workloads with 1,920 CUDA Cores and 6GB of GDDR6 memory. - -## Enterprise grade solution - -Of paramount importance to commercial customers, Quadro RTX 3000 brings a fully professional-grade solution that combines accelerated ray tracing and deep learning capabilities with an integrated enterprise level management and support solution. Quadro drivers are tested and certified for more than 100 professional applications by leading ISVs, providing an additional layer of quality assurance to validate stability, reliability, and performance. - -Quadro includes dedicated enterprise tools for remote management of Surface Book 3 devices with Quadro RTX 3000. IT admins can remotely configure graphics systems, save/restore configurations, continuously monitor graphics systems, and perform remote troubleshooting if necessary. These capabilities along with deployment tools help maximize uptime and minimize IT support requirements. - -NVIDIA develops and maintains Quadro Optimal Drivers for Enterprise (ODE) that are tuned, tested, and validated to provide enterprise level stability, reliability, availability, and support with extended product availability. Each driver release involves more than 2,000 man-days of testing with professional applications test suites and test cases, as well as WHQL certification. Security threats are continually monitored, and regular security updates are released to protect against newly discovered vulnerabilities. In addition, Quadro drivers undergo an additional layer of testing by Surface engineering prior to release via Windows Update. - - -## Built for compute-intensive workloads - -The Surface Book 3 with Quadro RTX 3000 delivers the best graphics performance of any Surface laptop, enabling advanced professionals to work from anywhere. - -- **Creative professionals such as designers and animators.** Quadro RTX enables real-time cinematic-quality rendering through Turing-optimized ray tracing APIs such as NVIDIA OptiX, Microsoft DXR, and Vulkan. -- **Architects and engineers using large, complex computer aided design (CAD) models and assemblies.** The RTX platform features the new NGX SDK to infuse powerful AI-enhanced capabilities into visual applications. This frees up time and resources through intelligent manipulation of images, automation of repetitive tasks, and optimization of compute-intensive processes. -- **Software developers across manufacturing, media and entertainment, medical, and other industries.** Quadro RTX speeds application development with ray tracing, deep learning, and rasterization capabilities through industry-leading software SDKs and APIs. -- **Data scientists using Tensor Cores and CUDA cores to accelerate computationally intensive tasks and other deep learning operations.** By using sensors, increased connectivity, and deep learning, researchers and developers can enable AI applications for everything from autonomous vehicles to scientific research. - - -**Table 1. Quadro RTX 3000 performance features** - -| **Component** | **Description** | -| --------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| RT cores | Dedicated hardware-based ray-tracing technology allows the GPU to render film quality, photorealistic objects and environments with physically accurate shadows, reflections, and refractions. The real-time ray-tracing engine works with NVIDIA OptiX, Microsoft DXR, and Vulkan APIs to deliver a level of realism far beyond what is possible using traditional rendering techniques. RT cores accelerate the Bounding Volume Hierarchy (BVH) traversal and ray casting functions using low number of rays casted through a pixel. | -| Enhanced tensor cores | Mixed-precision cores purpose-built for deep learning matrix arithmetic, deliver 8x TFLOPS for training compared with previous generation. Quadro RTX 3000 utilizes 240 Tensor Cores; each Tensor Core performs 64 floating point fused multiply-add (FMA) operations per clock, and each streaming multiprocessor (SM) performs a total of 1,024 individual floating-point operations per clock. In addition to supporting FP16/FP32 matrix operations, new Tensor Cores added INT8 (2,048 integer operations per clock) and experimental INT4 and INT1 (binary) precision modes for matrix operations. | -| Turing optimized software | Deep learning frameworks such as the Microsoft Cognitive Toolkit (CNTK), Caffe2, MXNet, TensorFlow, and others deliver significantly faster training times and higher multi-node training performance. GPU accelerated libraries such as cuDNN, cuBLAS, and TensorRT deliver higher performance for both deep learning inference and High-Performance Computing (HPC) applications. | -| NVIDIA CUDA parallel computing platform | Natively execute standard programming languages like C/C++ and Fortran, and APIs such as OpenCL, OpenACC and Direct Compute to accelerate techniques such as ray tracing, video and image processing, and computation fluid dynamics. | -| Advanced streaming multiprocessor (SM) architecture | Combined shared memory and L1 cache improve performance significantly, while simplifying programming and reducing the tuning required to attain the best application performance. | -| High performance GDDR6 Memory | Quadro RTX 3000 features 6GB of frame buffer, making it the ideal platform for handling large datasets and latency-sensitive applications. | -| Single instruction, multiple thread (SIMT) | New independent thread scheduling capability enables finer-grain synchronization and cooperation between parallel threads by sharing resources among small jobs. | -| Mixed-precision computing | 16-bit floating-point precision computing enables the training and deployment of larger neural networks. With independent parallel integer and floating-point data paths, the Turing SM handles workloads more efficiently using a mix of computation and addressing calculations. | -| Dynamic load balancing | Provides dynamic allocation capabilities of GPU resources for graphics and compute tasks as needed to maximize resource utilization. | -| Compute preemption | Preemption at the instruction-level provides finer grain control over compute tasks to prevent long-running applications from either monopolizing system resources or timing out. | -| H.264, H.265 and HEVC encode/decode engines | Enables faster than real-time performance for transcoding, video editing, and other encoding applications with two dedicated H.264 and HEVC encode engines and a dedicated decode engine that are independent of 3D/compute pipeline. | -| NVIDIA GPU boost 4.0 | Maximizes application performance automatically without exceeding the power and thermal envelope of the GPU. Allows applications to stay within the boost clock state longer under higher temperature threshold before dropping to a secondary temperature setting base clock. | - - **Table 2. Quadro RTX tech specs** - -| **Component** | **Description** | -| ---------------------------------------------------------- | --------------- | -| NVIDIA CUDA processing cores | 1,920 | -| NVIDIA RT Cores | 30 | -| Tensor Cores | 240 | -| GPU memory | 6 GB | -| Memory bandwidth | 288 Gbps | -| Memory type | GDDR6 | -| Memory interface | 192-bit | -| TGP max power consumption | 65W | -| Display port | 1.4 | -| OpenGL | 4.6 | -| Shader model | 5.1 | -| DirectX | 12.1 | -| PCIe generation | 3 | -| Single precision floating point performance (TFLOPS, Peak) | 5.4 | -| Tensor performance (TOPS, Peak) | 42.9 | -| NVIDIA FXAA/TX AA antialiasing | Yes | -| GPU direct for video | Yes | -| Vulkan support | Yes | -| NVIDIA 3D vision Pro | Yes | -| NVIDIA Optimus | Yes | - - -## App acceleration - -The following table shows how Quadro RTX 3000 provides significantly faster acceleration across leading professional applications. It includes SPECview perf 13 benchmark test results comparing the Surface Book 3 15-inch with NVIDIA Quadro RTX 3000 versus the Surface Book 2 15-inch with NVIDIA GeForce GTX 1060 devices in the market as of March 2020. - -**Table 3. App acceleration on Surface Book 3 with Quadro RTX 3000** - -| **App** | **Quadro RTX 3000 app acceleration capabilities**
| -| ------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Adobe Dimension | - RTX-accelerated ray tracing delivers photorealistic 3D rendering to 2D artists and designers. | -| Adobe Substance Alchemist | - Create and blend materials with ease, featuring RTX-accelerated AI. | -| Adobe Substance Painter | - Paint materials onto 3d models, featuring RTX accelerated bakers, and Iray RTX rendering which generates photorealistic imagery for interactive and batch rendering workflows.
| -| Adobe Substance Designer | - Author procedural materials featuring RTX accelerated bakers
- Uses NVIDIA Iray rendering including textures/substances and bitmap texture export to render in any Iray that is compatible with MDL.
- DXR-accelerated light and ambient occlusion baking. | -| Adobe Photoshop | - CUDA core acceleration enables faster editing with 30+ GPU-accelerated features such as blur gallery, liquify, smart sharpen, and perspective warp enable photographers and designers to modify images smoothly and quickly. | -| Adobe Lightroom | - Faster editing high res images with GPU-accelerated viewport, which enables the modeling of larger 3D scenes, and the rigging of more complex animations.
- GPU-accelerated image processing enables dramatically more responsive adjustments, especially on 4K or higher resolution displays.
- GPU-accelerated AI-powered “Enhance Details” for refining fine color detail of RAW images. | -| Adobe Illustrator | - Pan and zoom with GPU-accelerated canvas faster, which enables graphic designers and illustrators to pan across and zoom in and out of complex vector graphics smoothly and interactively. | -| Adobe
Premiere Pro | - Significantly faster editing and rendering video with GPU-accelerated effects vs CPU.
- GPU-accelerated effects with NVIDIA CUDA technology for real-time video editing and faster final frame rendering.
- GPU-accelerated AI Auto Reframe feature for intelligently converting landscape video to dynamically tracked portrait or square video. | -| Autodesk
Revit | - GPU-accelerated viewport for a smoother, more interactive design experience.
- Supports 3rd party GPU-accelerated 3D renderers such as V-Ray and Enscape. | -| Autodesk
3ds Max | - GPU-accelerated viewport graphics for fast, interactive 3D modelling and design.
- RTX-accelerated ray tracing and AI denoising with the default Arnold renderer.
- More than 70 percent faster compared with Surface Book 2 15”. | -| Autodesk
Maya | - RTX-accelerated ray tracing and AI denoising with the default Arnold renderer.
- OpenGL Viewport Acceleration. | -| Dassault Systemes
Solidworks | - Solidworks Interactive Ray Tracer (Visualize) accelerated by both RT Cores and Tensor Cores; AI-accelerated denoiser.
- Runs more than 50% faster compared with Surface Book 2 15”. | -| Dassault Systemes
3D Experience Platform | - CATIA Interactive Ray Tracer (Live Rendering) accelerated by RT Cores.
- Catia runs more than 100% faster compared with Surface Book 2 15". | -| ImageVis3D | - Runs more than 2x faster compared with Surface Book 2 15”. | -| McNeel & Associates
Rhino 3D | - GPU-accelerated viewport for a smooth and interactive modelling and design experience.
- Supports Cycles for GPU-accelerated 3D rendering. | -| Siemens NX | - Siemens NX Interactive Ray Tracer (Ray Traced Studio) accelerated by RT Cores.
- Runs more than 10x faster compared with Surface Book 2 15”. | -| Esri ArcGIS | - Real-time results from what took days and weeks, due to DL inferencing leveraging tensor cores. | -| PTC Creo | - Creo's real-time engineering simulation tool (Creo Simulation Live) built on CUDA.
- Runs more than 15% faster compared with Surface Book 2 15”. | -| Luxion KeyShot | - 3rd party Interactive Ray Tracer used by Solidworks, Creo, and Rhino. Accelerated by RT Cores, OptiX™ AI-accelerated denoising. | -| ANSYS
Discovery Live | - ANSYS real-time engineering simulation tool (ANSYS Discovery Live) built on CUDA. | -## SKUs - -**Table 4. Surface Book 3 with Quadro RTX 3000 SKUs** - -| **Display** | **Processor** | **GPU** | **RAM** | **Storage** | -| ----------- | --------------------------------- | ------------------------------------------------------------------------------------------------ | ---------- | ----------- | -| 15-inch | Quad-core 10th Gen Core i7-1065G7 | Intel Iris™ Plus Graphics
NVIDIA Quadro RTX 3000. Max-Q Design with 6GB GDDR6 graphics memory | 32 LPDDR4x | 512 GB | -| 15-inch | Quad-core 10th Gen Core i7-1065G7 | Intel Iris™ Plus Graphics
NVIDIA Quadro RTX 3000. Max-Q Design with 6GB GDDR6 graphics memory | 32 LPDDR4x | 1 TB | - -## Summary - -The Surface Book 3 with Quadro RTX 3000 delivers the best graphics performance of any Surface laptop, providing architects, engineers, developers, and data scientists with the tools they need to work efficiently from anywhere: - -- RTX-acceleration across multiple workflows like design, animation, video production, and more. -- Desktop-grade performance in a mobile form factor. -- Enterprise-class features, reliability, and support for mission-critical projects. - -## Learn more - -- [Surface Book 3 GPU technical overview](surface-book-GPU-overview.md) -- [Surface for Business](https://www.microsoft.com/surface/business) -- [Microsoft Cognitive Toolkit (CNTK)](https://docs.microsoft.com/cognitive-toolkit/) diff --git a/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md b/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md deleted file mode 100644 index 19eb605696..0000000000 --- a/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: Surface device compatibility with Windows 10 Long-Term Servicing Channel (Surface) -description: Find out about compatibility and limitations of Surface devices running Windows 10 Enterprise LTSB edition. -keywords: ltsb, update, surface servicing options -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: surface, devices -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.localizationpriority: medium -ms.audience: itpro -ms.reviewer: scottmca -manager: laurawi ---- - -# Surface device compatibility with Windows 10 Long-Term Servicing Channel (LTSC) - -Surface devices are designed to provide best-in-class experiences in productivity and general-purpose scenarios. Regular updates enable Surface devices to bring to life new innovations and to evolve with the new capabilities delivered by Windows 10 Feature Updates. Feature Updates are available only in Windows 10 Pro or Windows 10 Enterprise editions that receive continuous updates through the Semi-Annual Channel (SAC). - -In contrast to the SAC servicing option, formerly known as the Current Branch (CB) or Current Branch for Business (CBB) servicing options, you cannot select the Long-Term Servicing Channel (LTSC) option in Windows 10 settings. To use the LTSC servicing option, you must install a separate edition of Windows 10 Enterprise, known as Windows 10 Enterprise LTSC, formerly known as Windows 10 Enterprise LTSB (Long-Term Servicing Branch. In addition to providing an extended servicing model, the Windows 10 Enterprise LTSC edition also provides an environment with several Windows components removed. The core Surface experiences that are impacted by LTSC include: - -* Windows Feature Updates, including enhancements such as: - - * Improvements to Direct Ink and palm rejection provided in Windows 10, version 1607 (also referred to as the Anniversary Update) - * Improved support for high DPI applications provided in Windows 10, version 1703 (also referred to as the Creators Update) - -* Pressure sensitivity settings provided by the Surface app - -* The Windows Ink Workspace - -* Key touch-optimized in-box applications including Microsoft Edge, OneNote, Calendar, and Camera - -The use of the Windows 10 Enterprise LTSC environment on Surface devices results in sub-optimal end-user experiences and you should avoid using it in environments where users want and expect a premium, up-to-date user experience. - -The LTSC servicing option is designed for device types and scenarios where the key attribute is for features or functionality to never change. Examples include systems that power manufacturing or medical equipment, or embedded systems in kiosks, such as ATMs or airport ticketing systems. - ->[!NOTE] ->For general information about Windows servicing branches, including LTSC, see [Overview of Windows as a service](https://technet.microsoft.com/itpro/windows/update/waas-overview#long-term-servicing-branch). - -As a general guideline, devices that fulfill the following criteria are considered general-purpose devices and should be paired with Windows 10 Pro or Windows 10 Enterprise using the Semi-Annual Channel servicing option: - -* Devices that run productivity software such as Microsoft Office - -* Devices that use Microsoft Store applications - -* Devices that are used for general Internet browsing (for example, research or access to social media) - -Before you choose to use Windows 10 Enterprise LTSC edition on Surface devices, consider the following limitations: - -* Driver and firmware updates are not explicitly tested against releases of Windows 10 Enterprise LTSC. - -* If you encounter problems, Microsoft Support will provide troubleshooting assistance. However, due to the servicing nature of the Windows LTSC, issue resolution may require that devices be upgraded to a more recent version of Windows 10 Enterprise LTSC, or to Windows 10 Pro or Enterprise with the SAC servicing option. - -* Surface device replacements (for example, devices replaced under warranty) may contain subtle variations in hardware components that require updated device drivers and firmware. Compatibility with these updates may require the installation of a more recent version of Windows 10 Enterprise LTSC or Windows 10 Pro or Enterprise with the SAC servicing option. - ->[!NOTE] ->Organizations that standardize on a specific version of Windows 10 Enterprise LTSC may be unable to adopt new generations of Surface hardware such as Surface Pro 7, Surface Pro X, or Surface Laptop 3 without also updating to a later version of Windows 10 Enterprise LTSC or Windows 10 Pro or Enterprise. For more information, see the **How will Windows 10 LTSBs be supported?** topic in the **Supporting the latest processor and chipsets on Windows** section of [Lifecycle Policy FAQ—Windows products](https://support.microsoft.com/help/18581/lifecycle-policy-faq-windows-products#b4). - -Surface devices running Windows 10 Enterprise LTSC edition will not receive new features. In many cases these features are requested by customers to improve the usability and capabilities of Surface hardware. For example, new improvements for High DPI applications in Windows 10, version 1703. Customers that use Surface devices in the LTSC configuration will not see the improvements until they either update to a new Windows 10 Enterprise LTSC release or upgrade to a version of Windows 10 with support for the SAC servicing option. - -Devices can be changed from Windows 10 Enterprise LTSC to a more recent version of Windows 10 Enterprise, with support for the SAC servicing option, without the loss of user data by performing an upgrade installation. You can also perform an upgrade installation on multiple devices by leveraging the Upgrade Task Sequence Templates available in the Microsoft Deployment Toolkit (MDT) and Microsoft Endpoint Configuration Manager. For more information, see [Upgrade Surface devices to Windows 10 with Microsoft Deployment Toolkit](https://technet.microsoft.com/itpro/surface/upgrade-surface-devices-to-windows-10-with-mdt). diff --git a/devices/surface/surface-diagnostic-toolkit-business.md b/devices/surface/surface-diagnostic-toolkit-business.md deleted file mode 100644 index ae9ddc100b..0000000000 --- a/devices/surface/surface-diagnostic-toolkit-business.md +++ /dev/null @@ -1,215 +0,0 @@ ---- -title: Deploy Surface Diagnostic Toolkit for Business -description: This topic explains how to use the Surface Diagnostic Toolkit for Business. -ms.prod: w10 -ms.mktglfcycl: manage -ms.localizationpriority: medium -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.date: 05/11/2020 -ms.reviewer: hachidan -manager: laurawi -audience: itpro ---- - -# Deploy Surface Diagnostic Toolkit for Business - -The Microsoft Surface Diagnostic Toolkit for Business (SDT) enables IT administrators to quickly investigate, troubleshoot, and resolve hardware, software, and firmware issues with Surface devices. You can run a range of diagnostic tests and software repairs in addition to obtaining device health insights and guidance for resolving issues. - -Specifically, SDT for Business enables you to: - -- [Customize the package.](#create-custom-sdt) -- [Run the app using commands.](surface-diagnostic-toolkit-command-line.md) -- [Run multiple hardware tests to troubleshoot issues.](surface-diagnostic-toolkit-desktop-mode.md#multiple) -- [Generate logs for analyzing issues.](surface-diagnostic-toolkit-desktop-mode.md#logs) -- [Obtain detailed report comparing device vs optimal configuration.](surface-diagnostic-toolkit-desktop-mode.md#detailed-report) - - -## Primary scenarios and download resources - -To run SDT for Business, download the components listed in the following table. - - -Mode | Primary scenarios | Download | Learn more ---- | --- | --- | --- -Desktop mode | Assist users in running SDT on their Surface devices to troubleshoot issues.
Create a custom package to deploy on one or more Surface devices allowing users to select specific logs to collect and analyze. | SDT distributable MSI package:
Microsoft Surface Diagnostic Toolkit for Business Installer
[Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Use Surface Diagnostic Toolkit in desktop mode](surface-diagnostic-toolkit-desktop-mode.md) -Command line | Directly troubleshoot Surface devices remotely without user interaction, using standard tools such as Configuration Manager. It includes the following commands:
`-DataCollector` collects all log files
`-bpa` runs health diagnostics using Best Practice Analyzer.
`-windowsupdate` checks Windows Update for missing firmware or driver updates.
`-warranty` checks warranty information.

| SDT console app:
Microsoft Surface Diagnostics App Console
[Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Run Surface Diagnostic Toolkit using commands](surface-diagnostic-toolkit-command-line.md) - -## Supported devices - -SDT for Business is supported on Surface 3 and later devices, including: - -- Surface Book 3 -- Surface Go 2 -- Surface Pro X -- Surface Pro 7 -- Surface Laptop 3 -- Surface Pro 6 -- Surface Laptop 2 -- Surface Go -- Surface Go with LTE -- Surface Book 2 -- Surface Pro with LTE Advanced (Model 1807) -- Surface Pro (Model 1796) -- Surface Laptop -- Surface Studio -- Surface Studio 2 -- Surface Book -- Surface Pro 4 -- Surface 3 LTE -- Surface 3 -- Surface Pro 3 - -## Installing Surface Diagnostic Toolkit for Business - -To create an SDT package that you can distribute to users in your organization: - -1. Sign in to your Surface device using the Administrator account. -2. Download SDT Windows Installer Package (.msi) from the [Surface Tools for IT download page](https://www.microsoft.com/download/details.aspx?id=46703) and copy it to a preferred location on your Surface device, such as Desktop. -3. The SDT setup wizard appears, as shown in figure 1. Click **Next**. - - >[!NOTE] - >If the setup wizard does not appear, ensure that you are signed into the Administrator account on your computer. - - ![welcome to the Surface Diagnostic Toolkit setup wizard](images/sdt-1.png) - - *Figure 1. Surface Diagnostic Toolkit setup wizard* - -4. When the SDT setup wizard appears, click **Next**, accept the End User License Agreement (EULA) - -5. On the Install Options screen, change the default install location if desired. -6. Under Setup Type, select **Advanced**. - - >[!NOTE] - >The standard option allows users to run the diagnostic tool directly on their Surface device provided they are signed into their device using an Administrator account. - - ![Install Options: Advanced](images/sdt-install.png) - -7. Click **Next** and then click **Install**. - -## Installing using the command line -If desired, you can install SDT at a command prompt and set a custom flag to install the tool in admin mode. SDT contains the following install option flags: - -- `SENDTELEMETRY` sends telemetry data to Microsoft. The flag accepts `0` for disabled or `1` for enabled. The default value is `1` to send telemetry. -- `ADMINMODE` configures the tool to be installed in admin mode. The flag accepts `0` for client mode or `1` for IT Administrator mode. The default value is `0`. - -### To install SDT from the command line: - -1. Open a command prompt and enter: - - ``` - msiexec.exe /i ADMINMODE=1. - ``` - **Example:** - - ``` - C:\Users\Administrator> msiexec.exe/I"C:\Users\Administrator\Desktop\Microsoft_Surface_Diagnostic_Toolkit_for_Business_Installer.msi" ADMINMODE=1 - ``` - -## Locating SDT on your Surface device - -Both SDT and the SDT app console are installed at `C:\Program Files\Microsoft\Surface\Microsoft Surface Diagnostic Toolkit for Business`. - -In addition to the .exe file, SDT installs a JSON file and an admin.dll file (modules\admin.dll), as shown in figure 2. - -![list of SDT installed files in File Explorer](images/sdt-2.png) - -*Figure 2. Files installed by SDT* - - - -## Preparing the SDT package for distribution - -Creating a custom package allows you to target the tool to specific known issues. - -1. Click **Start > Run**, enter **Surface** and then click **Surface Diagnostic Toolkit for Business**. -2. When the tool opens, click **Create Custom Package**, as shown in figure 3. - - ![Create custom package option](images/sdt-3.png) - - *Figure 3. Create custom package* - -### Language and telemetry settings - - When creating a package, you can select language settings or opt out of sending telemetry information to Microsoft. By default, SDT sends telemetry to Microsoft that is used to improve the application in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement). If you wish to decline, clear the check box when creating a custom package, as shown below. Or clear the **Send telemetry to Microsoft** check box on the **Install Options** page during SDT Setup. - ->[!NOTE] ->This setting does not affect the minimal telemetry automatically stored on Microsoft servers when running tests and repairs that require an Internet connection, such as Windows Update and Software repair, or providing feedback using the Smile or Frown buttons in the app toolbar. - - -![Select language and telemetry settings](images/sdt-4.png) - -*Figure 4. Select language and telemetry settings* - - -### Windows Update page - -Select the option appropriate for your organization. Most organizations with multiple users will typically select to receive updates via Windows Server Update Services (WSUS), as shown in figure 5. If using local Windows Update packages or WSUS, enter the path as appropriate. - -![Select Windows Update option](images/sdt-5.png) - -*Figure 5. Windows Update option* - -### Software repair page - -This allows you to select or remove the option to run software repair updates. - -![Select software repair option](images/sdt-6.png) - -*Figure 6. Software repair option* - -### Collecting logs and saving package page - -You can select to run a wide range of logs across applications, drivers, hardware, and the operating system. Click the appropriate area and select from the menu of available logs. You can then save the package to a software distribution point or equivalent location that users can access. - -![Select log options](images/sdt-7.png) - -*Figure 7. Log option and save package* - -## Next steps - -- [Use Surface Diagnostic Toolkit for Business in desktop mode](surface-diagnostic-toolkit-desktop-mode.md) -- [Use Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md) - -## Changes and updates - -### Version 2.94.139.0 -*Release date: May 11, 2020*
-This version of Surface Diagnostic Toolkit for Business adds support for the following: - -- Ability to skip Windows Update to perform hardware check. -- Ability to receive notifications for about the latest version update -- Surface Go 2 -- Surface Book 3 -- Show progress indicator - - -### Version 2.43.139.0 -*Release date: October 21, 2019*
-This version of Surface Diagnostic Toolkit for Business adds support for the following: - -- Surface Pro 7 -- Surface Laptop 3 - -### Version 2.42.139.0 -*Release date: September 24, 2019*
-This version of Surface Diagnostic Toolkit for Business adds support for the following: -- Ability to download hardware reports. -- Ability to contact Microsoft Support directly from the tool.
- -### Version 2.41.139.0 -*Release date: June 24, 2019*
-This version of Surface Diagnostic Toolkit for Business adds support for the following: -- Driver version information included in logs and report. -- Ability to provide feedback about the app.
- - -### Version 2.36.139.0 -*Release date: April 26, 2019*
-This version of Surface Diagnostic Toolkit for Business adds support for the following: -- Advanced Setup option to unlock admin capabilities through the installer UI, without requiring command line configuration. -- Accessibility improvements. -- Surface brightness control settings included in logs. -- External monitor compatibility support link in report generator. diff --git a/devices/surface/surface-diagnostic-toolkit-command-line.md b/devices/surface/surface-diagnostic-toolkit-command-line.md deleted file mode 100644 index d7b8828415..0000000000 --- a/devices/surface/surface-diagnostic-toolkit-command-line.md +++ /dev/null @@ -1,151 +0,0 @@ ---- -title: Run Surface Diagnostic Toolkit for Business using commands -description: How to run Surface Diagnostic Toolkit in a command console -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.reviewer: hachidan -manager: laurawi -ms.localizationpriority: medium -ms.audience: itpro ---- - -# Run Surface Diagnostic Toolkit for Business using commands - -Running the Surface Diagnostic Toolkit (SDT) at a command prompt requires downloading the STD app console. After it's installed, you can run SDT at a command prompt via the Windows command console (cmd.exe) or using Windows PowerShell, including PowerShell Integrated Scripting Environment (ISE), which provides support for autocompletion of commands, copy/paste, and other features. For a list of supported Surface devices in SDT, refer to [Deploy Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md). - ->[!NOTE] ->To run SDT using commands, you must be signed in to the Administrator account or signed in to an account that is a member of the Administrator group on your Surface device. - -## Running SDT app console - -Download and install SDT app console from the [Surface Tools for IT download page](https://www.microsoft.com/download/details.aspx?id=46703). You can use the Windows command prompt (cmd.exe) or Windows PowerShell to: - -- Collect all log files. -- Run health diagnostics using Best Practice Analyzer. -- Check update for missing firmware or driver updates. - ->[!NOTE] ->In this release, the SDT app console supports single commands only. Running multiple command line options requires running the console exe separately for each command. - -By default, output files are saved in the same location as the console app. Refer to the following table for a complete list of commands. - -Command | Notes ---- | --- --DataCollector "output file" | Collects system details into a zip file. "output file" is the file path to create system details zip file.

**Example**:
`Microsoft.Surface.Diagnostics.App.Console.exe -DataCollector SDT_DataCollection.zip` --bpa "output file" | Checks several settings and health indicators in the device. “output file" is the file path to create the HTML report.

**Example**:
`Microsoft.Surface.Diagnostics.App.Console.exe -bpa BPA.html` --windowsupdate | Checks Windows Update online servers for missing firmware and/or driver updates.

**Example**:
Microsoft.Surface.Diagnostics.App.Console.exe -windowsupdate --warranty "output file" | Checks warranty information on the device (valid or invalid). The optional “output file” is the file path to create the xml file.

**Example**:
Microsoft.Surface.Diagnostics.App.Console.exe –warranty “warranty.xml” - - ->[!NOTE] ->To run the SDT app console remotely on target devices, you can use a configuration management tool such as Microsoft Endpoint Configuration Manager. Alternatively, you can create a .zip file containing the console app and appropriate console commands and deploy per your organization’s software distribution processes. - -## Running Best Practice Analyzer - -You can run BPA tests across key components such as BitLocker, Secure Boot, and Trusted Platform Module (TPM) and then output the results to a shareable file. The tool generates a series of tables with color-coded headings and condition descriptors along with guidance about how to approach resolving the issue. - -- Green indicates the component is running in an optimal condition (optimal). -- Orange indicates the component is not running in an optimal condition (not optimal). -- Red indicates the component is in an abnormal state. - -### Sample BPA results output - - - - - - - -
BitLocker
Description:Checks if BitLocker is enabled on the system drive.
Value:Protection On
Condition:Optimal
Guidance:It is highly recommended to enable BitLocker to protect your data.
- - - - - - - -
Secure Boot
Description:Checks if Secure Boot is enabled.
Value:True
Condition:Optimal
Guidance:It is highly recommended to enable Secure Boot to protect your PC.
- - - - - - - -
Trusted Platform Module
Description:Ensures that the TPM is functional.
Value:True
Condition:Optimal
Guidance:Without a functional TPM, security-based functions such as BitLocker may not work properly.
- - - - - - - -
Connected Standby
Description:Checks if Connected Standby is enabled.
Value:True
Condition:Optimal
Guidance:Connected Standby allows a Surface device to receive updates and notifications while not being used. For best experience, Connected Standby should be enabled.
- - - - - - - -
Bluetooth
Description:Checks if Bluetooth is enabled.
Value:Enabled
Condition:Optimal
Guidance:
- - - - - - - -
Debug Mode
Description:Checks if the operating system is in Debug mode.
Value:Normal
Condition:Optimal
Guidance:The debug boot option enables or disables kernel debugging of the Windows operating system. Enabling this option can cause system instability and can prevent DRM (digital rights managemend) protected media from playing.
- - - - - - - -
Test Signing
Description:Checks if Test Signing is enabled.
Value:Normal
Condition:Optimal
Guidance:Test Signing is a Windows startup setting that should only be used to test pre-release drivers.
- - - - - - - -
Active Power Plan
Description:Checks that the correct power plan is active.
Value:Balanced
Condition:Optimal
Guidance:It is highly recommended to use the "Balanced" power plan to maximize productivity and battery life.
- - - - - - - -
Windows Update
Description:Checks if the device is up to date with Windows updates.
Value:Microsoft Silverlight (KB4023307), Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.279.1433.0)
Condition:Not Optimal
Guidance:Updating to the latest windows makes sure you are on the latest firmware and drivers. It is recommended to always keep your device up to date
- - - - - - - -
Free Hard Drive Space
Description:Checks for low free hard drive space.
Value:66%
Condition:Optimal
Guidance:For best performance, your hard drive should have at least 10% of its capacity as free space.
- - - - - - - -
Non-Functioning Devices
Description:List of non-functioning devices in Device Manager.
Value:
Condition:Optimal
Guidance:Non-functioning devices in Device Manager may cause unpredictable problems with Surface devices such as, but not limited to, no power savings for the respective hardware component.
- - - - - - - -
External Monitor
Description:Checks for an external monitor that may have compatibility issues.
Value:
Condition:Optimal
Guidance:Check with the original equipment manufacturer for compatibility with your Surface device.
diff --git a/devices/surface/surface-diagnostic-toolkit-desktop-mode.md b/devices/surface/surface-diagnostic-toolkit-desktop-mode.md deleted file mode 100644 index 7734d2a4fa..0000000000 --- a/devices/surface/surface-diagnostic-toolkit-desktop-mode.md +++ /dev/null @@ -1,94 +0,0 @@ ---- -title: Use Surface Diagnostic Toolkit for Business in desktop mode -description: How to use SDT to help users in your organization run the tool to identify and diagnose issues with the Surface device. -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.reviewer: hachidan -manager: laurawi -ms.localizationpriority: medium -ms.audience: itpro ---- - -# Use Surface Diagnostic Toolkit for Business in desktop mode - -This topic explains how to use the Surface Diagnostic Toolkit (SDT) to help users in your organization run the tool to identify and diagnose issues with the Surface device. Successfully running SDT can quickly determine if a reported issue is caused by failed hardware or user error. For a list of supported Surface devices in SDT, refer to [Deploy Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md). - - -1. Direct the user to install [the SDT package](surface-diagnostic-toolkit-business.md#create-custom-sdt) from a software distribution point or network share. After it is installed, you’re ready to guide the user through a series of tests. - -2. Begin at the home page, which allows users to enter a description of the issue, and click **Continue**, as shown in figure 1. - - ![Start SDT in desktop mode](images/sdt-desk-1.png) -*Figure 1. SDT in desktop mode* - -3. When SDT indicates the device has the latest updates, click **Continue** to advance to the catalog of available tests, as shown in figure 2. - - ![Select from SDT options](images/sdt-desk-2.png) -*Figure 2. Select from SDT options* - -4. You can choose to run all the diagnostic tests. Or, if you already suspect a particular issue such as a faulty display or a power supply problem, click **Select** to choose from the available tests and click **Run Selected**, as shown in figure 3. See the following table for details of each test. - - ![Select hardware tests](images/sdt-desk-3.png) -*Figure 3. Select hardware tests* - - Hardware test | Description - --- | --- - Power Supply and Battery | Checks Power supply is functioning optimally - Display and Sound | Checks brightness, stuck or dead pixels, speaker and microphone functioning - Ports and Accessories | Checks accessories, screen attach and USB functioning - Connectivity | Checks Bluetooth, wireless and LTE connectivity - Security | Checks security related issues - Touch | Checks touch related issues - Keyboard and touch | Checks integrated keyboard connection and type cover - Sensors | Checks functioning of different sensors in the device - Hardware | Checks issues with different hardware components such as graphics card and camera - - - - - - - -## Running multiple hardware tests to troubleshoot issues - -SDT is designed as an interactive tool that runs a series of tests. For each test, SDT provides instructions summarizing the nature of the test and what users should expect or look for in order for the test to be successful. For example, to diagnose if the display brightness is working properly, SDT starts at zero and increases the brightness to 100 percent, asking users to confirm – by answering **Yes** or **No** -- that brightness is functioning as expected, as shown in figure 4. - -For each test, if functionality does not work as expected and the user clicks **No**, SDT generates a report of the possible causes and ways to troubleshoot it. - -![Running hardware diagnostics](images/sdt-desk-4.png) -*Figure 4. Running hardware diagnostics* - -1. If the brightness successfully adjusts from 0-100 percent as expected, direct the user to click **Yes** and then click **Continue**. -2. If the brightness fails to adjust from 0-100 percent as expected, direct the user to click **No** and then click **Continue**. -3. Guide users through remaining tests as appropriate. When finished, SDT automatically provides a high-level summary of the report, including the possible causes of any hardware issues along with guidance for resolution. - - -### Repairing applications - -SDT enables you to diagnose and repair applications that may be causing issues, as shown in figure 5. - -![Running repairs](images/sdt-desk-5.png) -*Figure 5. Running repairs* - - -### Generating logs for analyzing issues - -SDT provides extensive log-enabled diagnosis support across applications, drivers, hardware, and operating system issues, as shown in figure 6. - -![Generating logs](images/sdt-desk-6.png) -*Figure 6. Generating logs* - - - -### Generating detailed report comparing device vs. optimal configuration - -Based on the logs, SDT generates a report for software- and firmware-based issues that you can save to a preferred location. - -## Related topics - -- [Run Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md) - diff --git a/devices/surface/surface-diagnostic-toolkit-for-business-intro.md b/devices/surface/surface-diagnostic-toolkit-for-business-intro.md deleted file mode 100644 index 10939f979e..0000000000 --- a/devices/surface/surface-diagnostic-toolkit-for-business-intro.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: Fix common Surface problems using the Surface Diagnostic Toolkit for Business -description: This page provides an introduction to the Surface Diagnostic Toolkit for Business for use in commercial environments. -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.reviewer: cottmca -manager: laurawi -ms.localizationpriority: medium -ms.audience: itpro ---- - -# Fix common Surface problems using the Surface Diagnostic Toolkit for Business - -If your Surface isn’t working properly, the Microsoft Surface Diagnostic Toolkit for Business can help you or your administrator find and solve problems. - -> [!NOTE] -> Surface Diagnostic Toolkit for Business is built for commercial devices. If your device is a personal device and not managed by your work or school run the [Surface Diagnostic Toolkit](https://support.microsoft.com/en-us/help/4037239/surface-fix-common-surface-problems-using-surface-diagnostic-toolkit) instead. - -## Run the Surface Diagnostic Toolkit for Business - -Before you run the diagnostic tool, make sure you have the latest Windows updates. Go to [Install Surface and Windows 10 updates](https://support.microsoft.com/en-us/help/4023505/surface-install-surface-and-windows-updates) for more information. If that doesn't solve the problem, you'll need to run the diagnostic tool. - -> [!NOTE] -> The Surface Diagnostic Toolkit for Business only works on Surface devices running Windows 10. It does not work on Surface Pro, Surface Pro 2, or Surface devices configured in S mode. - -**To run the Surface Diagnostic Toolkit for Business:** - -1. Download the Surface Diagnostic Toolkit for Business. To do this, go to the [**Surface Tools for IT** download page](https://www.microsoft.com/download/details.aspx?id=46703), choose **Download**, select **Surface Diagnostic Toolkit for Business** from the provided list, and choose **Next**. -2. Select Run and follow the on-screen instructions. For full details, refer to [Deploy Surface Diagnostic Toolkit for Business](https://docs.microsoft.com/surface/surface-diagnostic-toolkit-business). - -The diagnosis and repair time averages 15 minutes but could take an hour or longer, depending on internet connection speed and the number of updates or repairs required. - -## If you still need help - -If the Surface Diagnostic Toolkit for Business didn’t fix the problem, you can also: - -- Make an in-store appointment: We might be able to fix the problem or provide a replacement Surface at your local Microsoft Store. [Locate a Microsoft Store near you](https://www.microsoft.com/store/locations/find-a-store?WT.mc_id=MSC_Solutions_en_us_scheduleappt). -- Contact customer support: If you want to talk to someone about how to fix your problem, [contact us](https://support.microsoft.com/en-us/help/4037645/contact-surface-warranty-and-software-support-for-business). -- Get your Surface serviced: If your Surface product needs service, [request it online](https://mybusinessservice.surface.com/). diff --git a/devices/surface/surface-dock-firmware-update.md b/devices/surface/surface-dock-firmware-update.md deleted file mode 100644 index 26264b1509..0000000000 --- a/devices/surface/surface-dock-firmware-update.md +++ /dev/null @@ -1,235 +0,0 @@ ---- -title: Microsoft Surface Dock Firmware Update - Technical information for IT administrators -description: This article explains how to use Microsoft Surface Dock Firmware Update to update Surface Dock firmware. When installed on your Surface device, it will update any Surface Dock attached to your Surface device. -ms.localizationpriority: medium -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -author: greg-lindsay -ms.author: greglin -ms.topic: article -ms.reviewer: scottmca -manager: laurawi -ms.audience: itpro ---- -# Microsoft Surface Dock Firmware Update: Technical information for IT administrators - -> [!IMPORTANT] -> This article contains technical instructions for IT administrators. If you are a home user, please see [How to update your Surface Dock Firmware](https://support.microsoft.com/help/4023478/surface-update-your-surface-dock) on the Microsoft Support site. The instructions at the support site are the same as the general installation steps below, but this article has additional information for monitoring, verifying, and deploying the update to multiple devices on a network. - -This article explains how to use Microsoft Surface Dock Firmware Update to update Surface Dock firmware. When installed on your Surface device, it will update any Surface Dock attached to your Surface device. - -This tool supersedes the earlier Microsoft Surface Dock Updater tool, previously available for download as part of Surface Tools for IT. The earlier tool was named Surface_Dock_Updater_vx.xx.xxx.x.msi (where x indicates the version number) and is no longer available for download and should not be used. - -## Install the Surface Dock Firmware Update - -This section describes how to manually install the firmware update. - -> [!NOTE] -> Microsoft periodically releases new versions of Surface Dock Firmware Update. The MSI file is not self-updating. If you have deployed the MSI to Surface devices and a new version of the firmware is released, you will need to deploy the new version. - -1. Download and install [Microsoft Surface Dock Firmware Update](https://www.microsoft.com/download/details.aspx?id=46703). - - The update requires a Surface device running Windows 10, version 1803 or later. - - Installing the MSI file might prompt you to restart Surface. However, restarting is not required to perform the update. - -2. Disconnect your Surface device from the Surface Dock (using the power adapter), wait ~5 seconds, and then reconnect. The Surface Dock Firmware Update will update the dock silently in background. The process can take a few minutes to complete and will continue even if interrupted. - -## Monitor the Surface Dock Firmware Update - -This section is optional and provides an overview of how to monitor installation of the firmware update. - -To monitor the update: - -1. Open Event Viewer, browse to **Windows Logs > Application**, and then under **Actions** in the right-hand pane click **Filter Current Log**, enter **SurfaceDockFwUpdate** next to **Event sources**, and then click **OK**. - -2. Type the following command at an elevated command prompt: - - ```cmd - Reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WUDF\Services\SurfaceDockFwUpdate\Parameters" - ``` -3. Install the update as described in the [next section](#install-the-surface-dock-firmware-update) of this article. -4. Event 2007 with the following text indicates a successful update: **Firmware update finished. hr=0 DriverTelementry EventCode = 2007**. - - If the update is not successful, then event ID 2007 will be displayed as an **Error** event rather than **Information**. Additionally, the version reported in the Windows Registry will not be current. -5. When the update is complete, updated DWORD values will be displayed in the Windows Registry, corresponding to the current version of the tool. See the [Versions reference](#versions-reference) section in this article for details. For example: - - Component10CurrentFwVersion 0x04ac3970 (78395760) - - Component20CurrentFwVersion 0x04915a70 (76634736) - ->[!TIP] ->If you see "The description for Event ID xxxx from source SurfaceDockFwUpdate cannot be found" in event text, this is expected and can be ignored. - -Also see the following sections in this article: - - [How to verify completion of firmware update](#how-to-verify-completion-of-the-firmware-update) - - [Event logging](#event-logging) - - [Troubleshooting tips](#troubleshooting-tips) - - [Versions reference](#versions-reference) - -## Network deployment - -You can use Windows Installer commands (Msiexec.exe) to deploy Surface Dock Firmware Update to multiple devices across your network. When using Microsoft Endpoint Configuration Manager or other deployment tool, enter the following syntax to ensure the installation is silent: - -- **Msiexec.exe /i \ /quiet /norestart** - - For example: - ``` - msiexec /i "\\share\folder\Surface_Dock_FwUpdate_1.42.139_Win10_17134_19.084.31680_0.msi" /quiet /norestart - ``` - - > [!NOTE] - > A log file is not created by default. In order to create a log file, you will need to append "/l*v [path]". For example: Msiexec.exe /i \ /l*v %windir%\logs\ SurfaceDockFWI.log" - - For more information, refer to [Command line options](https://docs.microsoft.com/windows/win32/msi/command-line-options) documentation. - -> [!IMPORTANT] -> If you want to keep your Surface Dock updated using any other method, refer to [Update your Surface Dock](https://support.microsoft.com/help/4023478/surface-update-your-surface-dock) for details. - -## Intune deployment - -You can use Intune to distribute Surface Dock Firmware Update to your devices. First you will need to convert the MSI file to the .intunewin format, as described in the following documentation: [Intune Standalone - Win32 app management](https://docs.microsoft.com/intune/apps/apps-win32-app-management). - -Use the following command: - - **msiexec /i \ /quiet /q** - -## How to verify completion of the firmware update - -Surface dock firmware consists of two components: - -- **Component10:** Micro controller unit (MCU) firmware -- **Component20:** Display port (DP) firmware. - -Successful completion of Surface Dock Firmware Update results in new registry key values for these firmware components. - -**To verify updates:** - -1. Open Regedit and navigate to the following registry path: - - - **HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WUDF\Services\SurfaceDockFwUpdate\Parameters** - -2. Look for the registry keys: **Component10CurrentFwVersion and Component20CurrentFwVersion**, which refer to the firmware that is currently on the device. - - ![Surface Dock Firmware Update installation process](images/regeditDock.png) - -3. Verify the new registry key values match the updated registry key values listed in the Versions reference at the end of this document. If the values match, the firmware was updated successfully. - -4. If unable to verify, review Event logging and Troubleshooting tips in the next section. - -## Event logging - -**Table 1. Log files for Surface Dock Firmware Update** - -| Log | Location | Notes | -| -------------------------------- | --------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Surface Dock Firmware Update log | Path needs to be specified (see note) | Earlier versions of this tool wrote events to Applications and Services Logs\Microsoft Surface Dock Updater. | -| Windows Device Install log | %windir%\inf\setupapi.dev.log | For more information about using Device Install Log, refer to [SetupAPI Logging](https://docs.microsoft.com/windows-hardware/drivers/install/setupapi-logging--windows-vista-and-later-) documentation. | - - -**Table 2. Event log IDs for Surface Dock Firmware Update**
-Events are logged in the Application Event Log. Note: Earlier versions of this tool wrote events to Applications and Services Logs\Microsoft Surface Dock Updater. - -| Event ID | Event type | -| -------- | -------------------------------------------------------------------- | -| 2001 | Dock firmware update has started. | -| 2002 | Dock firmware update skipped because dock is known to be up to date. | -| 2003 | Dock firmware update failed to get firmware version. | -| 2004 | Querying the firmware version. | -| 2005 | Dock firmware failed to start update. | -| 2006 | Failed to send offer/payload pairs. | -| 2007 | Firmware update finished. | -| 2008 | BEGIN dock telemetry. | -| 2011 | END dock telemetry. | - -## Troubleshooting tips - -- Completely disconnect power for Surface dock from the AC power to reset the Surface Dock. -- Disconnect all peripherals except for the Surface Dock. -- Uninstall any current Surface Dock Firmware Update and then install the latest version. -- Ensure that the Surface Dock is disconnected, and then allow enough time for the update to complete as monitored via an LED in the Ethernet port of the dock. Wait until the LED stops blinking before you unplug Surface Dock from power. -- Connect the Surface Dock to a different device to see if it is able to update the dock. - -## Versions reference - ->[!NOTE] ->The installation file is released with the following naming format: **Surface_Dock_FwUpdate_X.XX.XXX_Win10_XXXXX_XX.XXX.XXXXX_X.MSI** (ex: Surface_Dock_FwUpdate_1.42.139_Win10_17134_19.084.31680_0.msi) and installs by default to C:\Program Files\SurfaceUpdate. - -### Version 1.42.139 -*Release Date: September 18 2019* - -This version, contained in Surface_Dock_FwUpdate_1.42.139_Win10_17134_19.084.31680_0.MSI, updates firmware in the background. -**Updated registry key values:**
- -- Component10CurrentFwVersion updated to **4ac3970**. -- Component20CurrentFwVersion updated to **4a1d570**. - -It adds support for Surface Pro 7 and Surface Laptop 3. - -## Legacy versions - -### Version 2.23.139.0 -*Release Date: 10 October 2018* - -This version of Surface Dock Updater adds support for the following: - -- Add support for Surface Pro 6 -- Add support for Surface Laptop 2 - - -### Version 2.22.139.0 -*Release Date: 26 July 2018* - -This version of Surface Dock Updater adds support for the following: - -- Increase update reliability -- Add support for Surface Go - -### Version 2.12.136.0 -*Release Date: 29 January 2018* - -This version of Surface Dock Updater adds support for the following: -* Update for Surface Dock Main Chipset Firmware -* Update for Surface Dock DisplayPort Firmware -* Improved display stability for external displays when used with Surface Book or Surface Book 2 - -Additionally, installation of this version of Surface Dock Updater on Surface Book devices includes the following: -* Update for Surface Book Base Firmware -* Added support for Surface Dock firmware updates with improvements targeted to Surface Book devices - - -### Version 2.9.136.0 -*Release date: November 3, 2017* - -This version of Surface Dock Updater adds support for the following: - -* Update for Surface Dock DisplayPort Firmware -* Resolves an issue with audio over passive display port adapters - -### Version 2.1.15.0 -*Release date: June 19, 2017* - -This version of Surface Dock Updater adds support for the following: - -* Surface Laptop -* Surface Pro - -### Version 2.1.6.0 -*Release date: April 7, 2017* - -This version of Surface Dock Updater adds support for the following: - -* Update for Surface Dock DisplayPort firmware -* Requires Windows 10 - -### Version 2.0.22.0 -*Release date: October 21, 2016* - -This version of Surface Dock Updater adds support for the following: - -* Update for Surface Dock USB firmware -* Improved reliability of Ethernet, audio, and USB ports - -### Version 1.0.8.0 -*Release date: April 26, 2016* - -This version of Surface Dock Updater adds support for the following: - -* Update for Surface Dock Main Chipset firmware -* Update for Surface Dock DisplayPort firmware - diff --git a/devices/surface/surface-dock-whats-new.md b/devices/surface/surface-dock-whats-new.md deleted file mode 100644 index f3443b6c31..0000000000 --- a/devices/surface/surface-dock-whats-new.md +++ /dev/null @@ -1,122 +0,0 @@ ---- -title: What’s new in Surface Dock 2 -description: This article highlights new features and functionality for the next generation Surface Dock. -ms.prod: w10 -ms.mktglfcycl: manage -ms.localizationpriority: medium -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.date: 5/29/2020 -ms.reviewer: brrecord -manager: laurawi -audience: itpro ---- -# What’s new in Surface Dock 2 - -Surface Dock 2, the next generation Surface dock, lets users connect external monitors and multiple peripherals to obtain a fully modernized desktop experience from a Surface device. Built to maximize efficiency at the office, in a flexible workspace, or at home, Surface Dock 2 features seven ports, including two front-facing USB-C ports, with 15 watts of fast charging power for phone and accessories. Surface Dock 2 is designed to simplify IT management, enabling admins to automate firmware updates using Windows Update or centralize updates with internal software distribution tools. Surface Enterprise Management Mode (SEMM) now enables IT admins to secure ports on Surface Dock 2. For more information, see [Secure Surface Dock 2 ports with Surface Enterprise Management Mode](https://techcommunity.microsoft.com/t5/surface-it-pro-blog/secure-surface-dock-2-ports-with-surface-enterprise-management/ba-p/1418999). - -## General system requirements - -- Windows 10 version 1809. There is no support for Windows 7, Windows 8, or non-Surface host devices. Surface Dock 2 works with the following Surface devices: - - - Surface Pro (5th Gen) - - Surface Pro (5th Gen) with LTE Advanced - - Surface Laptop (1st Gen) - - Surface Pro 6 - - Surface Book 2 - - Surface Laptop 2 - - Surface Go - - Surface Go with LTE Advanced - - Surface Pro 7 - - Surface Laptop 3 - - Surface Book 3 - - Surface Go 2 - - Surface Go 2 with LTE Advanced - - -## Surface Dock 2 Components - -![Surface Dock 2 Components](./images/surface-dock2.png) - -### USB - -- Two front facing USB-C ports. -- Two rear facing USB-C (gen 2) ports. -- Two rear facing USB-A ports. - -### Video - -- Dual 4K@60hz. Supports up to two displays on the following devices: - - - Surface Book 3 - - Surface Go 2 - - Surface Go 2 with LTE Advanced - - Surface Pro 7 - - Surface Pro X - - Surface Laptop 3 - -- Dual 4K@ 4K@30Hz. Supports up to two displays on the following devices: - - - Surface Pro 6 - - Surface Pro (5th Gen) - - Surface Pro (5th Gen) with LTE Advanced - - Surface Laptop 2 - - Surface Laptop (1st Gen) - - Surface Go - - Surface Book 2. - -### Ethernet - -- 1 gigabit Ethernet port. - -### External Power supply - -- 199 watts supporting 100V-240V. - - -## Comparing Surface Dock 2 - -### Table 1. Surface Dock 2 tech specs comparison - -|Component|Surface Dock|Surface Dock 2| -|---|---|---| -|Surflink|Yes|Yes| -|USB-A|2 front facing USB 3.1 Gen 1
2 rear facing USB 3.1 Gen 1|2 rear facing USB 3.2 Gen 2 (7.5W power)| -|Mini Display port|2 rear facing (DP1.2)|None| -|USB-C|None|2 front facing USB 3.2 Gen 2
(15W power)
2 rear facing USB 3.2 Gen 2 (DP1.4a)
(7.5W power)| -|3.5 mm Audio in/out|Yes|Yes| -|Ethernet|Yes, 1 gigabit|Yes 1 gigabit| -|DC power in|Yes|Yes| -|Kensington lock|Yes|Yes| -|Surflink cable length|65cm|80cm| -|Surflink host power|60W|120W| -|USB load power|30W|60W| -|USB bit rate|5 Gbps|10 Gbps| -|Monitor support|2 x 4k @30fps, or
1 x 4k @ 60fps|2 x 4K @ 60fps| -|Wake-on-LAN from Connected Standby1|Yes|Yes| -|Wake-on-LAN from S4/S5 sleep modes|No|Yes| -|Network PXE boot|Yes|Yes| -|SEMM host access control|No|Yes -|SEMM port access control2|No|Yes| -|Servicing support|MSI|Windows Update or MSI| -|||| - -1. *Devices must be configured for Wake on LAN via Surface Enterprise Management Mode (SEMM) or Device Firmware Control Interface (DFCI) to wake from Hibernation or Power-Off states. Wake from Hibernation or Power-Off is supported on Surface Pro 7, Surface Laptop 3, Surface Pro X, Surface Book 3, and Surface Go 2. Software license required for some features. Sold separately.* - -2. *Software license required for some features. Sold separately.* - -## Streamlined device management - -Surface has released streamlined management functionality via Windows Update enabling IT admins to utilize the following enterprise-grade features: - -- **Frictionless updates**. Update your docks silently and automatically, with Windows Update or Microsoft Endpoint Configuration Manager, (formerly System Center Configuration Manager - SCCM) or other MSI deployment tools. -- **Wake from the network**. Manage and access corporate devices without depending on users to keep their devices powered on. Even when a docked device is in sleep, hibernation, or power off mode, your team can wake from the network for service and management, using Endpoint Configuration Manager or other enterprise management tools. -- **Centralized IT control**. Control who can connect to Surface Dock 2 by turning ports on and off. Restrict which host devices can be used with Surface Dock 2. Limit dock access to a single user or configure docks so they can only be accessed by specific users in your team or across the entire company. - -## Next steps - -- [Secure Surface Dock 2 ports with Surface Enterprise Management Mode](https://techcommunity.microsoft.com/t5/surface-it-pro-blog/secure-surface-dock-2-ports-with-surface-enterprise-management/ba-p/1418999) -- [Surface Enterprise Management Mode](surface-enterprise-management-mode.md) -- [Best practice power settings for Surface devices](maintain-optimal-power-settings-on-Surface-devices.md) diff --git a/devices/surface/surface-enterprise-management-mode.md b/devices/surface/surface-enterprise-management-mode.md deleted file mode 100644 index c983e5f0f5..0000000000 --- a/devices/surface/surface-enterprise-management-mode.md +++ /dev/null @@ -1,290 +0,0 @@ ---- -title: Surface Enterprise Management Mode (Surface) -description: See how this feature of Surface devices with Surface UEFI helps you secure and manage firmware settings within your organization. -keywords: uefi, configure, firmware, secure, semm -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: surface, devices, security -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.reviewer: hachidan -manager: laurawi -ms.localizationpriority: medium -audience: itpro -ms.date: 05/26/2020 ---- - -# Microsoft Surface Enterprise Management Mode - -Microsoft Surface Enterprise Management Mode (SEMM) is a feature of Surface devices with Surface UEFI that allows you to secure and manage firmware settings within your organization. With SEMM, IT professionals can prepare configurations of UEFI settings and install them on a Surface device. In addition to the ability to configure UEFI settings, SEMM also uses a certificate to protect the configuration from unauthorized tampering or removal. - ->[!NOTE] ->SEMM is only available on devices with Surface UEFI firmware. This includes most Surface devices including Surface Pro 7, Surface Pro X, and Surface Laptop 3 commercial SKUs with an Intel processor. SEMM is not supported on the 15" Surface Laptop 3 SKU with AMD processor (only available as a retail SKU). - -When Surface devices are configured by SEMM and secured with the SEMM certificate, they are considered *enrolled* in SEMM. When the SEMM certificate is removed and control of UEFI settings is returned to the user of the device, the Surface device is considered *unenrolled* in SEMM. - -There are two administrative options you can use to manage SEMM and enrolled Surface devices – a standalone tool or integration with Microsoft Endpoint Configuration Manager. The SEMM standalone tool, called the Microsoft Surface UEFI Configurator, is described in this article. For more information about how to manage SEMM with Microsoft Endpoint Configuration Manager, see [Use Microsoft Endpoint Configuration Manager to manage devices with SEMM](https://technet.microsoft.com/itpro/surface/use-system-center-configuration-manager-to-manage-devices-with-semm). - - -## Microsoft Surface UEFI Configurator - -The primary workspace of SEMM is Microsoft Surface UEFI Configurator, as shown in Figure 1. Microsoft Surface UEFI Configurator is a tool that is used to create Windows Installer (.msi) packages or WinPE images that are used to enroll, configure, and unenroll SEMM on a Surface device. These packages contain a configuration file where the settings for UEFI are specified. SEMM packages also contain a certificate that is installed and stored in firmware and used to verify the signature of configuration files before UEFI settings are applied. - ->[!NOTE] ->You can now use Surface UEFI Configurator and SEMM to manage ports on Surface Dock 2. To learn more, see [Secure Surface Dock 2 ports with SEMM](secure-surface-dock-ports-semm.md). - -![Microsoft Surface UEFI Configurator](images/surface-ent-mgmt-fig1-uefi-configurator.png "Microsoft Surface UEFI Configurator") - -*Figure 1. Microsoft Surface UEFI Configurator* - - -You can use the Microsoft Surface UEFI Configurator tool in three modes: - -* [Surface UEFI Configuration Package](#configuration-package). Use this mode to create a Surface UEFI configuration package to enroll a Surface device in SEMM and to configure UEFI settings on enrolled devices. -* [Surface UEFI Reset Package](#reset-package). Use this mode to unenroll a Surface device from SEMM. -* [Surface UEFI Recovery Request](#recovery-request). Use this mode to respond to a recovery request to unenroll a Surface device from SEMM where a Reset Package operation is not successful. - - -#### Download Microsoft Surface UEFI Configurator - -You can download Microsoft Surface UEFI Configurator from the [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) page in the Microsoft Download Center. - -### Configuration package - -Surface UEFI configuration packages are the primary mechanism to implement and manage SEMM on Surface devices. These packages contain a configuration file of UEFI settings specified during creation of the package in Microsoft Surface UEFI Configurator and a certificate file, as shown in Figure 2. When a configuration package is run for the first time on a Surface device that is not already enrolled in SEMM, it provisions the certificate file in the device’s firmware and enrolls the device in SEMM. When enrolling a device in SEMM, you will be prompted to confirm the operation by providing the last two digits of the SEMM certificate thumbprint before the certificate file is stored and the enrollment can complete. This confirmation requires that a user be present at the device at the time of enrollment to perform the confirmation. - -![Secure a SEMM configuration package with a certificate](images/surface-ent-mgmt-fig2-securepackage.png "Secure a SEMM configuration package with a certificate") - -*Figure 2. Secure a SEMM configuration package with a certificate* - -See the [Surface Enterprise Management Mode certificate requirements](#surface-enterprise-management-mode-certificate-requirements) section of this article for more information about the requirements for the SEMM certificate. - ->[!NOTE] ->You can also specify a UEFI password with SEMM that is required to view the **Security**, **Devices**, **Boot Configuration**, or **Enterprise Management** pages of Surface UEFI. - -After a device is enrolled in SEMM, the configuration file is read and the settings specified in the file are applied to UEFI. When you run a configuration package on a device that is already enrolled in SEMM, the signature of the configuration file is checked against the certificate that is stored in the device firmware. If the signature does not match, no changes are applied to the device. - -### Enable or disable devices in Surface UEFI with SEMM - -The following list shows all the available devices you can manage in SEMM: - -* Docking USB Port -* On-board Audio -* DGPU -* Type Cover -* Micro SD Card -* Front Camera -* Rear Camera -* Infrared Camera, for Windows Hello -* Bluetooth Only -* Wi-Fi and Bluetooth -* LTE - - >[!NOTE] ->The built-in devices that appear in the UEFI Devices page may vary depending on your device or corporate environment. For example, the UEFI Devices page is not supported on Surface Pro X; LTE only appears on LTE-equipped devices. -### Configure advanced settings with SEMM -**Table 1. Advanced settings** - -| Setting | Description | -| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| IPv6 for PXE Boot | Allows you to manage Ipv6 support for PXE boot. If you do not configure this setting, IPv6 support for PXE boot is disabled. | -| Alternate Boot | Allows you to manage use of an Alternate boot order to boot directly to a USB or Ethernet device by pressing both the Volume Down button and Power button during boot. If you do not configure this setting, Alternate boot is enabled. | -| Boot Order Lock | Allows you to lock the boot order to prevent changes. If you do not configure this setting, Boot Order Lock is disabled. | -| USB Boot | Allows you to manage booting to USB devices. If you do not configure this setting, USB Boot is enabled. | -| Network Stack | Allows you to manage Network Stack boot settings. If you do not configure this setting, the ability to manage Network Stack boot settings is disabled. | -| Auto Power On | Allows you to manage Auto Power On boot settings. If you do not configure this setting, Auto Power on is enabled. | -| Simultaneous Multi-Threading (SMT) | Allows you to manage Simultaneous Multi-Threading (SMT) to enable or disable hyperthreading. If you do not configure this setting, SMT is enabled. | -|Enable Battery limit| Allows you to manage Battery limit functionality. If you do not configure this setting, Battery limit is enabled | -| Security | Displays the Surface UEFI **Security** page. If you do not configure this setting, the Security page is displayed. | -| Devices | Displays the Surface UEFI **Devices** page. If you do not configure this setting, the Devices page is displayed. | -| Boot | Displays the Surface UEFI **Boot** page. If you do not configure this setting, the Boot page is displayed. | -| DateTime | Displays the Surface UEFI **DateTime** page. If you do not configure this setting, the DateTime page is displayed. | - - - ->[!NOTE] ->When you create a SEMM configuration package, two characters are shown on the **Successful** page, as shown in Figure 3. - -![Certificate thumbprint display](images/surface-ent-mgmt-fig5-success.png "Certificate thumbprint display") - -*Figure 3. Display of the last two characters of the certificate thumbprint on the Successful page* - -These characters are the last two characters of the certificate thumbprint and should be written down or recorded. The characters are required to confirm enrollment in SEMM on a Surface device, as shown in Figure 4. - -![Enrollment confirmation in SEMM](images/surface-ent-mgmt-fig6-enrollconfirm.png "Enrollment confirmation in SEMM") - -*Figure 4. Enrollment confirmation in SEMM with the SEMM certificate thumbprint* - ->[!NOTE] ->Administrators with access to the certificate file (.pfx) can read the thumbprint at any time by opening the .pfx file in CertMgr. To view the thumbprint with CertMgr, follow this process: ->1. Right-click the .pfx file, and then click **Open**. ->2. Expand the folder in the navigation pane. ->3. Click **Certificates**. ->4. Right-click your certificate in the main pane, and then click **Open**. ->5. Click the **Details** tab. ->6. **All** or **Properties Only** must be selected in the **Show** drop-down menu. ->7. Select the field **Thumbprint**. - -To enroll a Surface device in SEMM or to apply the UEFI configuration from a configuration package, all you need to do is run the .msi file with administrative privileges on the intended Surface device. You can use application deployment or operating system deployment technologies such as [Microsoft Endpoint Configuration Manager](https://technet.microsoft.com/library/mt346023) or the [Microsoft Deployment Toolkit](https://technet.microsoft.com/windows/dn475741). When you enroll a device in SEMM you must be present to confirm the enrollment on the device. User interaction is not required when you apply a configuration to devices that are already enrolled in SEMM. - -For a step-by-step walkthrough of how to enroll a Surface device in SEMM or apply a Surface UEFI configuration with SEMM, see [Enroll and configure Surface devices with SEMM](https://technet.microsoft.com/itpro/surface/enroll-and-configure-surface-devices-with-semm). - -### Reset package - -A Surface UEFI reset package is used to perform only one task — to unenroll a Surface device from SEMM. The reset package contains signed instructions to remove the SEMM certificate from the device’s firmware and to reset UEFI settings to factory default. Like a Surface UEFI configuration package, a reset package must be signed with the same SEMM certificate that is provisioned on the Surface device. When you create a SEMM reset package, you are required to supply the serial number of the Surface device you intend to reset. SEMM reset packages are not universal and are specific to one device. - -### Recovery request - -In some scenarios, it may be impossible to use a Surface UEFI reset package. (For example, if Windows becomes unusable on the Surface device.) In these scenarios you can unenroll the Surface device from SEMM through the **Enterprise Management** page of Surface UEFI (shown in Figure 5) with a Recovery Request operation. - -![Initiate a SEMM recovery request](images/surface-ent-mgmt-fig7-semmrecovery.png "Initiate a SEMM recovery request") - -*Figure 5. Initiate a SEMM recovery request on the Enterprise Management page* - -When you use the process on the **Enterprise Management** page to reset SEMM on a Surface device, you are provided with a Reset Request. This Reset Request can be saved as a file to a USB drive, copied as text, or read as a QR Code with a mobile device to be easily emailed or messaged. Use the Microsoft Surface UEFI Configurator Reset Request option to load a Reset Request file or enter the Reset Request text or QR Code. Microsoft Surface UEFI Configurator will generate a verification code that can be entered on the Surface device. If you enter the code on the Surface device and click **Restart**, the device will be unenrolled from SEMM. - ->[!NOTE] ->A Reset Request expires two hours after it is created. - -For a step-by-step walkthrough of how to unenroll Surface devices from SEMM, see [Unenroll Surface devices from SEMM](https://technet.microsoft.com/itpro/surface/unenroll-surface-devices-from-semm). - -## Surface Enterprise Management Mode certificate requirements - ->[!NOTE] ->The SEMM certificate is required to perform any modification to SEMM or Surface UEFI settings on enrolled Surface devices. If the SEMM certificate is corrupted or lost, SEMM cannot be removed or reset. Manage your SEMM certificate accordingly with an appropriate solution for backup and recovery. - -Packages created with the Microsoft Surface UEFI Configurator tool are signed with a certificate. This certificate ensures that after a device is enrolled in SEMM, only packages created with the approved certificate can be used to modify the settings of UEFI. The following settings are recommended for the SEMM certificate: - -* **Key Algorithm** – RSA -* **Key Length** – 2048 -* **Hash Algorithm** – SHA-256 -* **Type** – SSL Server Authentication -* **Key Usage** – Digital signature, Key Encipherment -* **Provider** – Microsoft Enhanced RSA and AES Cryptographic Provider -* **Expiration Date** – 15 Months from certificate creation -* **Key Export Policy** – Exportable - -It is also recommended that the SEMM certificate be authenticated in a two-tier public key infrastructure (PKI) architecture where the intermediate certification authority (CA) is dedicated to SEMM, enabling certificate revocation. For more information about a two-tier PKI configuration, see [Test Lab Guide: Deploying an AD CS Two-Tier PKI Hierarchy](https://technet.microsoft.com/library/hh831348). - ->[!NOTE] ->You can use the following PowerShell script to create a self-signed certificate for use in proof-of-concept scenarios. - > To use this script, copy the following text into Notepad and save the file as a PowerShell script (.ps1). This script creates a certificate with a password of `12345678`.

The certificate generated by this script is not recommended for production environments. - - ``` -if (-not (Test-Path "Demo Certificate")) { New-Item -ItemType Directory -Force -Path "Demo Certificate" } -if (Test-Path "Demo Certificate\TempOwner.pfx") { Remove-Item "Demo Certificate\TempOwner.pfx" } - -# Generate the Ownership private signing key with password 12345678 -$pw = ConvertTo-SecureString "12345678" -AsPlainText -Force - -$TestUefiV2 = New-SelfSignedCertificate ` - -Subject "CN=Surface Demo Kit, O=Contoso Corporation, C=US" ` - -Type SSLServerAuthentication ` - -HashAlgorithm sha256 ` - -KeyAlgorithm RSA ` - -KeyLength 2048 ` - -KeyUsage KeyEncipherment ` - -KeyUsageProperty All ` - -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" ` - -NotAfter (Get-Date).AddYears(25) ` - -TextExtension @("2.5.29.37={text}1.2.840.113549.1.1.1") ` - -KeyExportPolicy Exportable - -$TestUefiV2 | Export-PfxCertificate -Password $pw -FilePath "Demo Certificate\TempOwner.pfx" - ``` - -For use with SEMM and Microsoft Surface UEFI Configurator, the certificate must be exported with the private key and with password protection. Microsoft Surface UEFI Configurator will prompt you to select the SEMM certificate file (.pfx) and certificate password when it is required. - ->[!NOTE] ->For organizations that use an offline root in their PKI infrastructure, Microsoft Surface UEFI Configurator must be run in an environment connected to the root CA to authenticate the SEMM certificate. The packages generated by Microsoft Surface UEFI Configurator can be transferred as files and therefore can be transferred outside the offline network environment with removable storage, such as a USB stick. - -### Managing certificates FAQ - -The recommended *minimum* length is 15 months. You can use a -certificate that expires in less than 15 months or use a certificate -that expires in longer than 15 months. - ->[!NOTE] ->When a certificate expires, it does not automatically renew. - -**Will existing machines continue to apply the bios settings after 15 -months?** - -Yes, but only if the package itself was signed when the certificate was -valid. - -**Will** **the SEMM package and certificate need to be updated on all -machines that have it?** - -If you want SEMM reset or recovery to work, the certificate needs to be -valid and not expired. - -**Can bulk reset packages be created for each surface that we order? Can -one be built that resets all machines in our environment?** - -The PowerShell samples that create a config package for a specific -device type can also be used to create a reset package that is -serial-number independent. If the certificate is still valid, you can -create a reset package using PowerShell to reset SEMM. - -## Version History - -### Version 2.71.139.0 - -This version of SEMM adds support for Surface Dock 2 management features for Surface Book 3, Surface Laptop 3, and Surface Pro 7 including: - -- Enabling audio (locking/unlocking), Ethernet and USB ports -- Ability to create dock packages for both authenticated and unauthenticated hosts - -### Version 2.70.130.0 - -This version of SEMM includes: - -- Support for Surface Go 2 -- Support for Surface Book 3 -- Bug fixes - - -### Version 2.59.139.0 - -* Support for Surface Pro 7, Surface Pro X, and Surface Laptop 3 13.5" and 15" models with Intel processor. Note: Surface Laptop 3 15" AMD processor is not supported. - -- Support for Wake on Power feature - -### Version 2.54.139.0 -* Support to Surface Hub 2S -* Bug fixes - -### Version 2.43.136.0 -* Support to enable/disable simulatenous multithreating -* Separate options for WiFi and Bluetooth for some devices -* Battery Limit removed for Surface Studio - -### Version 2.26.136.0 -* Add support to Surface Studio 2 -* Battery Limit feature - -### Version 2.21.136.0 -* Add support to Surface Pro 6 -* Add support to Surface Laptop 2 - -### Version 2.14.136.0 -* Add support to Surface Go - -### Version 2.9.136.0 -* Add support to Surface Book 2 -* Add support to Surface Pro LTE -* Accessibility improvements - -### Version 1.0.74.0 -* Add support to Surface Laptop -* Add support to Surface Pro -* Bug fixes and general improvement - -## Related topics - -- [Enroll and configure Surface devices with SEMM](enroll-and-configure-surface-devices-with-semm.md) -- [Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md) -- [Secure Surface Dock 2 ports with SEMM](secure-surface-dock-ports-semm.md) diff --git a/devices/surface/surface-manage-dfci-guide.md b/devices/surface/surface-manage-dfci-guide.md deleted file mode 100644 index d9b08bd9e4..0000000000 --- a/devices/surface/surface-manage-dfci-guide.md +++ /dev/null @@ -1,188 +0,0 @@ ---- -title: Intune management of Surface UEFI settings -description: This article explains how to configure a DFCI environment in Microsoft Intune and manage firmware settings for targeted Surface devices. -ms.localizationpriority: medium -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.date: 11/13/2019 -ms.reviewer: jesko -manager: laurawi -ms.audience: itpro ---- -# Intune management of Surface UEFI settings - -## Introduction - -The ability to manage devices from the cloud has dramatically simplified IT deployment and provisioning across the lifecycle. With Device Firmware Configuration Interface (DFCI) profiles built into Microsoft Intune (now available in [public preview](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows)), Surface UEFI management extends the modern management stack down to the UEFI hardware level. DFCI supports zero-touch provisioning, eliminates BIOS passwords, provides control of security settings including boot options and built-in peripherals, and lays the groundwork for advanced security scenarios in the future. For answers to frequently asked questions, see [Ignite 2019: Announcing remote management of Surface UEFI settings from Intune](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Ignite-2019-Announcing-remote-management-of-Surface-UEFI/ba-p/978333). - -### Background - -Like any computer running Windows 10, Surface devices rely on code stored in the SoC that enables the CPU to interface with hard drives, display devices, USB ports, and other devices. The programs stored in this read-only memory (ROM) are known as firmware (while programs stored in dynamic media are known as software). - -In contrast to other Windows 10 devices available in the market today, Surface provides IT admins with the ability to configure and manage firmware through a rich set of UEFI configuration settings. This provides a layer of hardware control on top of software-based policy management as implemented via mobile device management (MDM) policies, Configuration Manager or Group Policy. For example, organizations deploying devices in highly secure areas with sensitive information can prevent camera use by removing functionality at the hardware level. From a device standpoint, turning the camera off via a firmware setting is equivalent to physically removing the camera. Compare the added security of managing at the firmware level to relying only on operating system software settings. For example, if you disable the Windows audio service via a policy setting in a domain environment, a local admin could still re-enable the service. - -### DFCI versus SEMM - -Until now, managing firmware required enrolling devices into Surface Enterprise Management Mode (SEMM) with the overhead of ongoing manual IT-intensive tasks. As an example, SEMM requires IT staff to physically access each PC to enter a two-digit pin as part of the certificate management process. Although SEMM remains a good solution for organizations in a strictly on-premises environment, its complexity and IT-intensive requirements make it costly to use. - -Now with newly integrated UEFI firmware management capabilities in Microsoft Intune, the ability to lock down hardware is simplified and easier to use with new features for provisioning, security, and streamlined updating all in a single console, now unified as [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager). The following figure shows UEFI settings viewed directly on the device (left) and viewed in the Endpoint Manager console (right). - -![UEFI settings shown on device (left) and in the Endpoint Manager console (right)](images/uefidfci.png) - -Crucially, DFCI enables zero touch management, eliminating the need for manual interaction by IT admins. DFCI is deployed via Windows Autopilot using the device profiles capability in Intune. A device profile allows you to add and configure settings which can then be deployed to devices enrolled in management within your organization. Once the device receives the device profile, the features and settings are applied automatically. Examples of common device profiles include Email, Device restrictions, VPN, Wi-Fi, and Administrative templates. DFCI is simply an additional device profile that enables you to manage UEFI configuration settings from the cloud without having to maintain on-premises infrastructure. - -## Supported devices - -At this time, DFCI is supported in the following devices: - -- Surface Pro 7 -- Surface Pro X -- Surface Laptop 3 - -> [!NOTE] -> Surface Pro X does not support DFCI settings management for built-in camera, audio, and Wi-Fi/Bluetooth. - -## Prerequisites - -- Devices must be registered with Windows Autopilot by a [Microsoft Cloud Solution Provider (CSP) partner](https://partner.microsoft.com/membership/cloud-solution-provider) or OEM distributor. - -- Before configuring DFCI for Surface, you should be familiar with Autopilot configuration requirements in [Microsoft Intune](https://docs.microsoft.com/intune/) and [Azure Active Directory](https://docs.microsoft.com/azure/active-directory/) (Azure AD). - -## Before you begin - -Add your target Surface devices to an Azure AD security group. For more information about creating and managing security groups, refer to [Intune documentation](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows#create-your-azure-ad-security-groups). - -## Configure DFCI management for Surface devices - -A DFCI environment requires setting up a DFCI profile that contains the settings and an Autopilot profile to apply the settings to registered devices. An enrollment status profile is also recommended to ensure settings are pushed down during OOBE setup when users first start the device. This guide explains how to configure the DFCI environment and manage UEFI configuration settings for targeted Surface devices. - -## Create DFCI profile - -Before configuring DFCI policy settings, first create a DFCI profile and assign it to the Azure AD security group that contains your target devices. - -1. Sign into your tenant at devicemanagement.microsoft.com. -2. In the Microsoft Endpoint Manager Admin Center, select **Devices > Configuration profiles > Create profile** and enter a name; for example, **DFCI Configuration Policy.** -3. Select **Windows 10 and later** for platform type. -4. In the Profile type drop down list, select **Device Firmware Configuration Interface** to open the DFCI blade containing all available policy settings. For information on DFCI settings, refer to Table 1 on this page or the [Intune documentation](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows). You can configure DFCI settings during the initial setup process or later by editing the DFCI profile. - - ![Create DFCI profile](images/df1.png) - -5. Click **OK** and then select **Create**. -6. Select **Assignments** and under **Select groups to include** select the Azure AD security group that contains your target devices, as shown in the following figure. Click **Save**. - - ![Assign security group](images/df2a.png) - -## Create Autopilot profile - -1. In Endpoint Manager at devicemanagement.microsoft.com, select **devices > Windows enrollment** and scroll down to **Deployment profiles**. -2. Select **Create profile** and enter a name; for example, **My Autopilot profile**, and select **Next**. -3. Select the following settings: - - - Deployment mode: **User-Driven**. - - Join type: Azure **AD joined**. - -4. Leave the remaining default settings unchanged and select **Next**, as shown in the following figure. - - ![Create Autopilot profile](images/df3b.png) - -5. On the Assignments page, choose **Select groups to include** and click your Azure AD security group. Select **Next**. -6. Accept the summary and then select **Create**. The Autopilot profile is now created and assigned to the group. - -## Configure Enrollment Status Page - -To ensure that devices apply the DFCI configuration during OOBE before users sign in, you need to configure enrollment status. - -For more information, refer to [Set up an enrollment status page](https://docs.microsoft.com/intune/enrollment/windows-enrollment-status). - - -## Configure DFCI settings on Surface devices - -DFCI includes a streamlined set of UEFI configuration policies that provide an extra level of security by locking down devices at the hardware level. DFCI is designed to be used in conjunction with mobile device management settings at the software level. Note that DFCI settings only affect hardware components built into Surface devices and do not extend to attached peripherals such as USB webcams. (However, you can use Device restriction policies in Intune to turn off access to attached peripherals at the software level). - -You configure DFCI policy settings by editing the DFCI profile from Endpoint Manager, as shown in the figure below. - -- In Endpoint Manager at devicemanagement.microsoft.com, select **Devices > Windows > Configuration Profiles > “DFCI profile name” > Properties > Settings**. - - ![Configure DFCI settings](images/dfciconfig.png) - -### Block user access to UEFI settings - -For many customers, the ability to block users from changing UEFI settings is critically important and a primary reason to use DFCI. As listed in Table 1, this is managed via the setting **Allow local user to change UEFI settings**. If you do not edit or configure this setting, local users will be able to change any UEFI setting not managed by Intune. Therefore, it’s highly recommended to disable **Allow local user to change UEFI settings.** -The rest of the DFCI settings enable you to turn off functionality that would otherwise be available to users. For example, if you need to protect sensitive information in highly secure areas, you can disable the camera, and if you don’t want users booting from USB drives, you can disable that also. - -### Table 1. DFCI scenarios - -| Device management goal | Configuration steps | -| --------------------------------------------- | --------------------------------------------------------------------------------------------- | -| Block local users from changing UEFI settings | Under **Security Features > Allow local user to change UEFI settings**, select **None**. | -| Disable cameras | Under **Built in Hardware > Cameras**, select **Disabled**. | -| Disable Microphones and speakers | Under **Built in Hardware > Microphones and speakers**, select **Disabled**. | -| Disable radios (Bluetooth, Wi-Fi) | Under **Built in Hardware > Radios (Bluetooth, Wi-Fi, etc…)**, select **Disabled**. | -| Disable Boot from external media (USB, SD) | Under **Built in Hardware > Boot Options > Boot from external media (USB, SD)**, select **Disabled**. | - -> [!CAUTION] -> The **Disable radios (Bluetooth, Wi-Fi)** setting should only be used on devices that have a wired Ethernet connection. - -> [!NOTE] -> DFCI in Intune includes two settings that do not currently apply to Surface devices: (1) CPU and IO virtualization and (2) Disable Boot from network adapters. - -Intune provides Scope tags to delegate administrative rights and Applicability Rules to manage device types. For more information about policy management support and full details on all DFCI settings, refer to [Microsoft Intune documentation](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows). - -## Register devices in Autopilot - -As stated above, DFCI can only be applied on devices registered in Windows Autopilot by your reseller or distributor and is only supported, at this time, on Surface Pro 7, Surface Pro X, and Surface Laptop 3. For security reasons, it’s not possible to “self-provision” your devices into Autopilot. - -## Manually Sync Autopilot devices - -Although Intune policy settings typically get applied almost immediately, there may be a delay of 10 minutes before the settings take effect on targeted devices. In rare circumstances, delays of up to 8 hours are possible. To ensure settings apply as soon as possible, (such as in test scenarios), you can manually sync the target devices. - -- In Endpoint Manager at devicemanagement.microsoft.com, go to **Devices > Device enrollment > Windows enrollment > Windows Autopilot Devices** and select **Sync**. - - For more information, refer to [Sync your Windows device manually](https://docs.microsoft.com/intune-user-help/sync-your-device-manually-windows). - -> [!NOTE] -> When adjusting settings directly in UEFI, you need to ensure the device fully restarts to the standard Windows login. - -## Verifying UEFI settings on DFCI-managed devices - -In a test environment, you can verify settings in the Surface UEFI interface. - -1. Open Surface UEFI, which involves pressing the **Volume +** and **Power** buttons at the same time. -2. Select **Devices**. The UEFI menu will reflect configured settings, as shown in the following figure. - - ![Surface UEFI](images/df3.png) - - Note how: - - - The settings are greyed out because **Allow local user to change UEFI setting** is set to None. - - Audio is set to off because **Microphones and speakers** are set to **Disabled**. - -## Removing DFCI policy settings - -When you create a DFCI profile, all configured settings will remain in effect across all devices within the profile’s scope of management. You can only remove DFCI policy settings by editing the DFCI profile directly. - -If the original DFCI profile has been deleted, you can remove policy settings by creating a new profile and then editing the settings, as appropriate. - -## Removing DFCI management - -**To remove DFCI management and return device to factory new state:** - -1. Retire the device from Intune: - 1. In Endpoint Manager at devicemanagement.microsoft.com, choose **Groups > All Devices**. Select the devices you want to retire, and then choose **Retire/Wipe.** To learn more refer to [Remove devices by using wipe, retire, or manually unenrolling the device](https://docs.microsoft.com/intune/remote-actions/devices-wipe). -2. Delete the Autopilot registration from Intune: - 1. Choose **Device enrollment > Windows enrollment > Devices**. - 2. Under Windows Autopilot devices, choose the devices you want to delete, and then choose **Delete**. -3. Connect device to wired internet with Surface-branded ethernet adapter. Restart device and open the UEFI menu (press and hold the volume-up button while also pressing and releasing the power button). -4. Select **Management > Configure > Refresh from Network** and then choose **Opt-out.** - -To keep managing the device with Intune, but without DFCI management, self-register the device to Autopilot and enroll it to Intune. DFCI will not be applied to self-registered devices. - -## Learn more -- [Ignite 2019: Announcing remote management of Surface UEFI settings from Intune](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Ignite-2019-Announcing-remote-management-of-Surface-UEFI/ba-p/978333) -[Windows Autopilot](https://www.microsoft.com/microsoft-365/windows/windows-autopilot) -- [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md) -- [Use DFCI profiles on Windows devices in Microsoft Intune](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows) diff --git a/devices/surface/surface-pro-arm-app-management.md b/devices/surface/surface-pro-arm-app-management.md deleted file mode 100644 index 5b7adaf812..0000000000 --- a/devices/surface/surface-pro-arm-app-management.md +++ /dev/null @@ -1,174 +0,0 @@ ---- -title: Deploying, managing, and servicing Surface Pro X -description: This article provides an overview of key considerations for deploying, managing, and servicing Surface Pro X. -ms.prod: w10 -ms.mktglfcycl: manage -ms.localizationpriority: high -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.date: 4/15/2020 -ms.reviewer: jessko -manager: laurawi -ms.audience: itpro ---- -# Deploying, managing, and servicing Surface Pro X - -## Introduction - -Built to handle high performance commercial requirements, Surface Pro X breaks new ground by incorporating the most powerful processor ever released on an ARM device, the Microsoft SQ1 ARM chipset. - -Powered by a 3GHz CPU and a 2.1 teraflop GPU, Surface Pro X provides a full Windows experience. Its 13-hour battery life and built-in 4G LTE make it ideally suited for mobile first-line workers and professionals across the financial, legal, and medical fields or any role demanding extended battery life and continuous connectivity capabilities. - -Surface Pro X is designed almost exclusively for a modern, cloud-based environment centered around Microsoft 365, Intune and Windows Autopilot. This article highlights what that looks like and outlines key considerations for deploying, managing, and servicing Surface Pro X. - -## Deploying Surface Pro X - -For the best experience, deploy Surface Pro X using Windows Autopilot either with the assistance of a Microsoft Cloud Solution Provider or self-provisioned using Autopilot deployment profiles and related features. For more information, refer to: - -- [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md) -- [Overview of Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot) - -Autopilot deployment has several advantages: It allows you to use the factory provisioned operating system, streamlined for zero-touch deployment, to include pre-installation of Office Pro Plus. - -Organizations already using modern management, security, and productivity solutions are well positioned to take advantage of the unique performance features in Surface Pro X. Customers using modernized line of business apps, Microsoft store (UWP) apps, or remote desktop solutions also stand to benefit. - -## Image-based deployment considerations - -Microsoft Deployment Toolkit (MDT) and Microsoft Endpoint Configuration Manager (formerly System Center Configuration Manager) currently do not support Surface Pro X for operating system deployment. Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud. - -## Managing Surface Pro X devices - -### Intune - -A component of Microsoft Enterprise Mobility + Security, Intune integrates with Azure Active Directory for identity and access control and provides granular management of enrolled Surface Pro X devices. Intune mobile device management (MDM) policies have a number of advantages over older on-premises tools such as Windows Group Policy. This includes faster device login times and a more streamlined catalog of policies enabling full device management from the cloud. For example, you can manage LTE using eSIM profiles to configure data plans and deploy activation codes to multiple devices.
- -For more information about using Intune, refer to the [Intune documentation](https://docs.microsoft.com/intune/). - -### Co-management - -Once deployed in Autopilot, you can join Surface Pro X devices to Azure AD or Active Directory (Hybrid Azure AD Join) where you will be able to manage the devices with Intune or co-manage them with Endpoint Configuration Manager, which will install the 32-bit x86 ConfigMgr client. - -### Third party MDM solutions - -You may be able to use third-party MDM tools to manage Surface Pro X devices. For details, contact your MDM provider. - -### Antivirus software - -Windows Defender will help protect Windows 10 on ARM-based PCs for the supported lifetime of the Windows 10 device. - -Some third-party antivirus software cannot be installed on a Windows 10 PC running on an ARM-based processor. Collaboration with third-party antivirus software providers is continuing for AV app readiness on ARM-based PCs. Contact your antivirus software provider to understand when their apps will be available. - -## Servicing Surface Pro X - -Surface Pro X supports Windows 10, version 1903 and later. As an ARM-based device, it has specific requirements for maintaining the latest drivers and firmware. - -Surface Pro X was designed to use Windows Update to simplify the process of keeping drivers and firmware up to date for both home users and small business users. Use the default settings to receive Automatic updates. To verify: - -1. Go to **Start** > **Settings > Update & Security > Windows Update** > **Advanced Options.** -2. Under **Choose how updates are installed,** select **Automatic (recommended)**. - -### Recommendations for commercial customers - -- Use Windows Update or Windows Update for Business for maintaining the latest drivers and firmware. For more information, see [Deploy Updates using Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb). -- If your procedures require using a Windows Installer .msi file, contact [Surface for Business support](https://support.microsoft.com/help/4037645). -- For more information about deploying and managing updates on Surface devices, see [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md). -- Note that Windows Server Update Services (WSUS) does not support the ability to deliver drivers and firmware to Surface Pro X. - -## Running apps on Surface Pro X - -Most apps run on ARM-based Windows 10 PCs with limited exclusions. - -### Supported apps - -- Most x86 Win32 apps run on Surface Pro X. -- Native ARM64 and Microsoft Store UWP apps provide an excellent user experience utilizing the full native speed of the ARM-based processor while optimizing battery life. -- Apps that use drivers designed for a Windows 10 PC running on an ARM-based processor. - -### Not supported - -- x64 apps won't run on a Windows 10 PC on an ARM-based processor. - -For more information about running apps on Surface Pro X, refer to: - -- [Windows 10 ARM-based PCs Support FAQ](https://support.microsoft.com/help/4521606) -- [Windows 10 on ARM documentation](https://docs.microsoft.com/windows/arm) - -## Virtual Desktops (VDI) - -Windows Virtual Desktop enables access to Windows desktops,applications, and data on any computing device or platform, from any location. To learn more, refer to the [Windows Virtual Desktop site](https://aka.ms/wvd). - -## Browsing with Surface Pro X - -Popular browsers run on Surface Pro X: - -- In-box Edge, Firefox, Chrome, and Internet Explorer all run on Surface Pro X. -- In-box Edge and Firefox run natively and therefore have enhanced performance on a Windows 10 PC on an ARM-based processor. - -## Installing and using Microsoft Office - -- Use Office 365 for the best experience on a Windows 10 PC on an ARM-based processor. -- Office 365 "click-to-run" installs Outlook, Word, Excel, and PowerPoint, optimized to run on a Windows 10 PC on an ARM-based processor. -- Microsoft Teams runs great on Surface Pro X. -- For "perpetual versions" of Office such as Office 2019, install the 32-bit version. - -## VPN - -To confirm if a specific third-party VPN supports a Windows 10 PC on an ARM-based processor, contact the VPN provider. - -## Comparing key features - -The following tables show the availability of selected key features on Surface Pro X with Windows 10 on ARM compared to Intel-based Surface Pro 7. - -| Deployment | Surface Pro 7 | Surface Pro X | Notes | -| --------------------------------------- | ------------- | ------------- | ------------------------------------------------------------------------------------------------------------------------------- | -| Windows Autopilot | Yes | Yes | | -| Support for Network Boot (PXE) | Yes | No | | -| Windows Configuration Designer | Yes | No | Not recommended for Surface Pro X. | -| WinPE | Yes | Yes | Not recommended for Surface Pro X. Microsoft does not provide the necessary .ISO and drivers to support WinPE with Surface Pro X. | -| Endpoint Configuration Manager: Operating System Deployment (OSD) | Yes | No | Not supported on Surface Pro X. | -| MDT | Yes | No | Not supported on Surface Pro X. | - - -| Management | Surface Pro 7 | Surface Pro X | Notes | -| --------------------------------------------- | ------------------- | ------------- | ------------------------------------------------------------------------------------- | -| Intune | Yes | Yes | Manage LTE with eSIM profiles. | -| Windows Autopilot | Yes | Yes | | -| Azure AD (co-management) | Yes | Yes | Ability to join Surface Pro X to Azure AD or Active Directory (Hybrid Azure AD Join). | -| Endpoint Configuration Manager | Yes | Yes | | -| Power on When AC Restore | Yes | Yes | | -| Surface Diagnostic Toolkit (SDT) for Business | Yes | Yes | | -| Surface Dock Firmware Update | Yes | No | | -| Asset Tag Utility | Yes | Yes | | -| Surface Enterprise management Mode (SEMM) | Yes | Partial | No option to disable hardware on Surface Pro X at the firmware level. | -| Surface UEFI Configurator | Yes | No | No option to disable hardware. on Surface Pro X at the firmware level. | -| Surface UEFI Manager | Yes | Partial | No option to disable hardware on Surface Pro X at the firmware level. | - - -| Security | Surface Pro 7 | Surface Pro X | Notes | -| --------------------------------- | ------------- | ------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| BitLocker | Yes | Yes | | -| Windows Defender | Yes | Yes | | -| Support for third-party antivirus | Yes | See note |Some third-party antivirus software cannot be installed on a Windows 10 PC running on an ARM-based processor. Collaboration with third-party antivirus software providers is continuing for AV app readiness on ARM-based PCs. Contact your antivirus software provider to understand when their apps will be available. | -| Conditional Access | Yes | Yes | | -| Secure Boot | Yes | Yes | | -| Windows Information Protection | Yes | Yes | | -| Surface Data Eraser (SDE) | Yes | Yes | -## FAQ - -### Can I deploy Surface Pro X with MDT or Endpoint Configuration Manager? - -The Microsoft Deployment Toolkit (MDT) and Microsoft Endpoint Configuration Manager currently do not support Surface Pro X for operating system deployment.Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud. - -### How can I deploy Surface Pro X? - -Deploy Surface Pro X using Windows Autopilot. - -### Will a BMR be available? - -Yes. - -### Is Intune required to manage Surface Pro X? - -Intune is recommended but not required. Once deployed in Autopilot, you can join Surface Pro X devices to Azure AD or Active Directory (Hybrid Azure AD Join) where you will be able to manage the devices with Intune or co-manage them with Endpoint Configuration Manager, which will install the 32-bit x86 ConfigMgr client. diff --git a/devices/surface/surface-pro-arm-app-performance.md b/devices/surface/surface-pro-arm-app-performance.md deleted file mode 100644 index 10f3e57bbd..0000000000 --- a/devices/surface/surface-pro-arm-app-performance.md +++ /dev/null @@ -1,27 +0,0 @@ ---- -title: Surface Pro X app compatibility -description: This article provides introductory app compatibility information for Surface Pro X ARM-based PCs. -ms.prod: w10 -ms.localizationpriority: medium -ms.mktglfcycl: manage -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.date: 10/03/2019 -ms.reviewer: jessko -manager: laurawi -ms.audience: itpro ---- -# Surface Pro X app compatibility - -Applications run differently on ARM-based Windows 10 PCs such as Surface Pro X. Limitations include the following: - -- **Drivers for hardware, games and apps will only work if they're designed for a Windows 10 ARM-based PC**. For more info, check with the hardware manufacturer or the organization that developed the driver. Drivers are software programs that communicate with hardware devices—they're commonly used for antivirus and antimalware software, printing or PDF software, assistive technologies, CD and DVD utilities, and virtualization software. If a driver doesn’t work, the app or hardware that relies on it won’t work either (at least not fully). Peripherals and devices only work if the drivers they depend on are built into Windows 10, or if the hardware developer has released ARM64 drivers for the device. -- **64-bit (x64) apps won’t work**. You'll need 64-bit (ARM64) apps, 32-bit (ARM32) apps, or 32-bit (x86) apps. You can usually find 32-bit (x86) versions of apps, but some app developers only offer 64-bit (x64) apps. -- **Certain games won’t work**. Games and apps won't work if they use a version of OpenGL greater than 1.1, or if they rely on "anti-cheat" drivers that haven't been made for Windows 10 ARM-based PCs. Check with your game publisher to see if a game will work. -- **Apps that customize the Windows experience might have problems**. This includes some input method editors (IMEs), assistive technologies, and cloud storage apps. The organization that develops the app determines whether their app will work on a Windows 10 ARM-based PC. -- **Some third-party antivirus software can’t be installed**. You won't be able to install some third-party antivirus software on a Windows 10 ARM-based PC. However, Windows Security will help keep you safe for the supported lifetime of your Windows 10 device. -- **Windows Fax and Scan isn’t available**. This feature isn’t available on a Windows 10 ARM-based PC. - -For more information about app compatibility, refer to [Windows 10 ARM-based PCs FAQ](https://support.microsoft.com/en-us/help/4521606) diff --git a/devices/surface/surface-system-sku-reference.md b/devices/surface/surface-system-sku-reference.md deleted file mode 100644 index 499e718991..0000000000 --- a/devices/surface/surface-system-sku-reference.md +++ /dev/null @@ -1,72 +0,0 @@ ---- -title: System SKU reference (Surface) -description: See a reference of System Model and System SKU names. -keywords: uefi, configure, firmware, secure, semm -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: surface, devices, security -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.date: 03/09/2020 -ms.reviewer: -manager: laurawi -ms.localizationpriority: medium -ms.audience: itpro ---- - -# System SKU reference - -This document provides a reference of System Model and System SKU names that you can use to quickly determine the machine state of a specific device by using PowerShell or WMI. - -System Model and System SKU are variables that are stored in the System Management BIOS (SMBIOS) tables in the UEFI layer of Surface devices. The System SKU name is required to differentiate between devices that have the same System Model name, such as Surface Pro and Surface Pro with LTE Advanced. - -| Device | System Model | System SKU | -| ---------- | ----------- | -------------- | -| Surface 3 WiFI | Surface 3 | Surface_3 | -| Surface 3 LTE AT&T | Surface 3 | Surface_3_US1 | -| Surface 3 LTE Verizon | Surface 3 | Surface_3_US2 | -| Surface 3 LTE North America | Surface 3 | Surface_3_NAG | -| Surface 3 LTE outside of North America and Y!mobile in Japan | Surface 3 | Surface_3_ROW | -| Surface Pro | Surface Pro | Surface_Pro_1796 | -| Surface Pro with LTE Advanced | Surface Pro | Surface_Pro_1807 | -| Surface Book 2 13" | Surface Book 2 | Surface_Book_1832 | -| Surface Book 2 15" | Surface Book 2 | Surface_Book_1793 | -| Surface Go LTE Consumer | Surface Go | Surface_Go_1825_Consumer | -| Surface Go LTE Commercial | System Go | Surface_Go_1825_Commercial | -| Surface Go Consumer | Surface Go | Surface_Go_1824_Consumer | -| Surface Go Commercial | Surface Go | Surface_Go_1824_Commercial | -| Surface Pro 6 Consumer | Surface Pro 6 | Surface_Pro_6_1796_Consumer | -| Surface Pro 6 Commercial | Surface Pro 6 | Surface_Pro_6_1796_Commercial | -| Surface Laptop | Surface Laptop | Surface_Laptop | -| Surface Laptop 2 Consumer | Surface Laptop 2 | Surface_Laptop_2_1769_Consumer | -| Surface Laptop 2 Commercial | Surface Laptop 2 | Surface_Laptop_2_1769_Commercial | -| Surface Pro 7 | Surface Pro 7 | Surface_Pro_7_1866 | -| Surface Pro X | Surface Pro X | Surface_Pro_X_1876 | -| Surface Laptop 3 13" Intel | Surface Laptop 3 | Surface_Laptop_3_1867:1868 | -| Surface Laptop 3 15" Intel | Surface Laptop 3 | Surface_Laptop_3_1872 | -| Surface Laptop 3 15" AMD | Surface Laptop 3 | Surface_Laptop_3_1873 | - -## Examples - -**Retrieving the SKU by using PowerShell** -Use the following PowerShell command to pull the System SKU information: - - ``` powershell -gwmi -namespace root\wmi -class MS_SystemInformation | select SystemSKU -``` - -**Retrieving the SKU by using System Information** -You can also find the System SKU and System Model for a device in **System Information**. To do this, follow these steps: - -1. Select **Start**, and then type **MSInfo32** in the search box. -1. Select **System Information**. - -**Using the SKU in a task sequence WMI condition** -You can use the System SKU information in the Microsoft Deployment Toolkit (MDT) or Microsoft Endpoint Configuration Manager as part of a task sequence WMI condition. - - ``` powershell - - WMI Namespace – Root\WMI - - WQL Query – SELECT * FROM MS_SystemInformation WHERE SystemSKU = "Surface_Pro_1796" - ``` diff --git a/devices/surface/surface-wireless-connect.md b/devices/surface/surface-wireless-connect.md deleted file mode 100644 index 34c653abc0..0000000000 --- a/devices/surface/surface-wireless-connect.md +++ /dev/null @@ -1,83 +0,0 @@ ---- -title: Optimize Wi-Fi connectivity for Surface devices -description: This topic describes recommended Wi-Fi settings to ensure Surface devices stay connected in congested network environments and mobile scenarios. -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -author: coveminer -ms.audience: itpro -ms.localizationpriority: medium -ms.author: greglin -ms.topic: article -ms.reviewer: tokatz -manager: laurawi ---- -# Optimize Wi-Fi connectivity for Surface devices - - -To stay connected with all-day battery life, Surface devices implement wireless connectivity settings that balance performance and power conservation. Outside of the most demanding mobility scenarios, users can maintain sufficient wireless connectivity without modifying default network adapter or related settings. - -In congested network environments, organizations can implement purpose-built wireless protocols across multiple network access points to facilitate roaming. This page highlights key wireless connectivity considerations in mobile scenarios utilizing Surface Pro 3 and later, Surface Book, Surface Laptop, and Surface Go. - -## Prerequisites - -This document assumes you have successfully deployed a wireless network that supports 802.11n (Wi-Fi 4) or later in accordance with best practice recommendations from leading equipment vendors. - -## Configuring access points for optimal roaming capabilities - -If you’re managing a wireless network that’s typically accessed by many different types of client devices, it’s recommended to enable specific protocols on access points (APs) in your WLAN, as described in [Fast Roaming with 802.11k, 802.11v, and 802.11r](https://docs.microsoft.com/windows-hardware/drivers/network/fast-roaming-with-802-11k--802-11v--and-802-11r). Surface devices can take advantage of the following wireless protocols: - -- **802.11r.** “**Fast BSS Transition”** accelerates connecting to new wireless access points by reducing the number of frames required before your device can access another AP as you move around with your device. -- **802.11k.** **“Neighbor Reports”** provides devices with information on current conditions at neighboring access points. It can help your Surface device choose the best AP using criteria other than signal strength such as AP utilization. - -Specific Surface devices can also use 802.11v “BSS Transition Management Frames,” which functions much like 802.11k in providing information on nearby candidate APs. These include Surface Go, Surface Pro 7, Surface Pro X, and Surface Laptop 3. - -## Managing user settings - -You can achieve optimal roaming capabilities through a well-designed network that supports 802.11r and 802.11k across all access points. Ensuring that your network is properly configured to provide users with the best wireless experience is the recommended approach versus attempting to manage user settings on individual devices. Moreover, in many corporate environments Surface device users won’t be able to access advanced network adapter settings without explicit permissions or local admin rights. In other lightly managed networks, users can benefit by knowing how specific settings can impact their ability to remain connected. - -### Recommended user settings and best practices - -In certain situations, modifying advanced network adapter settings built into Surface devices may facilitate a more reliable connection. Keep in mind however that an inability to connect to wireless resources is more often due to an access point issue, networking design flaw, or environmental site issue. - -> [!NOTE] -> How you hold your Surface Pro or Surface Go can also affect signal strength. If you’re experiencing a loss of bandwidth, check that you’re not holding the top of the display, where the Wi-Fi radio receiver is located. Although holding the top of the display does not block wireless signals, it can trigger the device driver to initiate changes that reduce connectivity. - -### Keep default Auto setting for dual bandwidth capability -On most Surface devices, you can configure client network adapter settings to only connect to wireless APs over 5 gigahertz (GHz), only connect over 2.4 GHz, or let the operating system choose the best option (default Auto setting). - -**To access network adapter settings go to:** - -- **Start** > **Control panel** > **Network and Sharing Center** > **your Wi-Fi adapter** > **Properties** > **Configure** > **Advanced**. - -![* wifi-band settings*](images/wifi-band.png)
- -Keep in mind that 2.4 GHz has some advantages over 5 GHz: It extends further and more easily penetrates through walls or other solid objects. Unless you have a clear use case that warrants connecting to 5 GHz, it’s recommended to leave the Band setting in the default state to avoid possible adverse consequences. For example: - - -- Many hotspots found in hotels, coffee shops, and airports still only use 2.4 GHz, effectively blocking access to devices if Band is set to 5 GHz Only. -- Since Miracast wireless display connections require the initial handshake to be completed over 2.4 GHz channels, devices won’t be able to connect at 5 GHz Only. - -> [!NOTE] -> By default Surface devices will prefer connecting to 5 GHz if available. However, to preserve power in a low battery state, Surface will first look for a 2.4 GHz connection. - -You can also toggle the band setting as needed to suit your environment. For example, users living in high density apartment buildings with multiple Wi-Fi hotspots — amid the presence of consumer devices all broadcasting via 2.4 GHz — will likely benefit by setting their Surface device to connect on 5 GHz only and then revert to Auto when needed. - -### Roaming aggressiveness settings on Surface Go - -Front-line workers using Surface Go may wish to select a signal strength threshold that prompts the device to search for a new access point when signal strength drops (roaming aggressiveness). By default, Surface devices attempt to roam to a new access point if the signal strength drops below **Medium** (50 percent signal strength). Note that whenever you increase roaming aggressiveness, you accelerate battery power consumption. - -Leave the roaming aggressiveness setting in the default state unless you’re encountering connectivity issues in specific mobile scenarios such as conducting environmental site inspections while also maintaining voice and video connectivity during a conference meeting. If you don’t notice any improvement revert to the default **Medium** state. - -**To enable roaming aggressiveness on Surface Go:** - -1. Go to **Start > Control Panel** > **Network and Internet** > **Network and Sharing Center.** -2. Under **Connections** select **Wi-Fi** and then select **Properties.** -3. Select **Client for Microsoft Networks** and then select **Configure** -4. Select **Advanced** > **Roaming Aggressiveness** and choose your preferred value from the drop-down menu. - -![* Roaming aggressiveness settings *](images/wifi-roaming.png)
- -## Conclusion - -Surface devices are designed with default settings for optimal wireless connectivity balanced alongside the need to preserve battery life. The most effective way of enabling reliable connectivity for Surface devices is through a well-designed network that supports 802.11r and 802.11k. Users can adjust network adapter settings or roaming aggressiveness but should only do so in response to specific environmental factors and revert to default state if there’s no noticeable improvement. diff --git a/devices/surface/unenroll-surface-devices-from-semm.md b/devices/surface/unenroll-surface-devices-from-semm.md deleted file mode 100644 index 6750387137..0000000000 --- a/devices/surface/unenroll-surface-devices-from-semm.md +++ /dev/null @@ -1,158 +0,0 @@ ---- -title: Unenroll Surface devices from SEMM (Surface) -description: Learn how to unenroll a device from SEMM by using a Surface UEFI reset package or the Recovery Request option. -keywords: surface enterprise management -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: surface, devices, security -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.reviewer: -manager: laurawi -ms.localizationpriority: medium -ms.audience: itpro ---- - -# Unenroll Surface devices from SEMM - -When a Surface device is enrolled in Surface Enterprise Management Mode (SEMM), a certificate is stored in the firmware of that device. The presence of that certificate and the enrollment in SEMM prevent any unauthorized changes to Surface UEFI settings or options while the device is enrolled in SEMM. To restore control of Surface UEFI settings to the user, the Surface device must be unenrolled from SEMM, a process sometimes described as reset or recovery. There are two methods you can use to unenroll a device from SEMM—a Surface UEFI reset package and a Recovery Request. - ->[!WARNING] ->To unenroll a device from SEMM and restore user control of Surface UEFI settings, you must have the SEMM certificate that was used to enroll the device in SEMM. If this certificate becomes lost or corrupted, it is not possible to unenroll from SEMM. Back up and protect your SEMM certificate accordingly. - -For more information about SEMM, see [Microsoft Surface Enterprise Management Mode](https://technet.microsoft.com/itpro/surface/surface-enterprise-management-mode). - -## Unenroll a Surface device from SEMM with a Surface UEFI reset package - -The Surface UEFI reset package is the primary method you use to unenroll a Surface device from SEMM. Like a Surface UEFI configuration package, the reset package is a Windows Installer (.msi) file that configures SEMM on the device. Unlike the configuration package, the reset package will reset the Surface UEFI configuration on a Surface device to its default settings, remove the SEMM certificate, and unenroll the device from SEMM. - -Reset packages are created specifically for an individual Surface device. To begin the process of creating a reset package, you will need the serial number of the device you want to unenroll, as well as the SEMM certificate used to enroll the device. You can find the serial number of your Surface device on the **PC information** page of Surface UEFI, as shown in Figure 1. This page is displayed even if Surface UEFI is password protected and the incorrect password is entered. - -![Serial number of Surface device is displayed](images/surface-semm-unenroll-fig1.png "Serial number of Surface device is displayed") - -*Figure 1. The serial number of the Surface device is displayed on the Surface UEFI PC information page* - ->[!NOTE] ->To boot to Surface UEFI, press **Volume Up** and **Power** simultaneously while the device is off. Hold **Volume Up** until the Surface logo is displayed and the device begins to boot. - -To create a Surface UEFI reset package, follow these steps: - -1. Open Microsoft Surface UEFI Configurator from the Start menu. -2. Click **Start**. -3. Click **Reset Package**, as shown in Figure 2. - - ![Select Reset Package to create a package to unenroll Surface device from SEMM](images/surface-semm-unenroll-fig2.png "Select Reset Package to create a package to unenroll Surface device from SEMM") - - *Figure 2. Click Reset Package to create a package to unenroll a Surface device from SEMM* - -4. Click **Certificate Protection** to add your SEMM certificate file with private key (.pfx), as shown in Figure 3. Browse to the location of your certificate file, select the file, and then click **OK**. - - ![Add the SEMM certificate to Surface UEFI reset package](images/surface-semm-unenroll-fig3.png "Add the SEMM certificate to Surface UEFI reset package") - - *Figure 3. Add the SEMM certificate to a Surface UEFI reset package* - -5. Click **Next**. -6. Type the serial number of the device you want to unenroll from SEMM (as shown in Figure 4), and then click **Build** to generate the Surface UEFI reset package. - - ![Create a Surface UEFI reset package with serial number of Surface device](images/surface-semm-unenroll-fig4.png "Create a Surface UEFI reset package with serial number of Surface device") - - *Figure 4. Use the serial number of your Surface device to create a Surface UEFI reset package* - -7. In the **Save As** dialog box, specify a name for the Surface UEFI reset package, browse to the location where you would like to save the file, and then click **Save**. -8. When the package generation has completed, the **Successful** page is displayed. Click **End** to complete package creation and close Microsoft Surface UEFI Configurator. - -Run the Surface UEFI reset package Windows Installer (.msi) file on the Surface device to unenroll the device from SEMM. The reset package will require a reboot to perform the unenroll operation. After the device has been unenrolled, you can verify the successful removal by ensuring that the **Microsoft Surface Configuration Package** item in **Programs and Features** (shown in Figure 5) is no longer present. - -![Screen that shows device is enrolled in SEMM](images/surface-semm-unenroll-fig5.png "Screen that shows device is enrolled in SEMM") - -*Figure 5. The presence of the Microsoft Surface Configuration Package item in Programs and Features indicates that the device is enrolled in SEMM* - -## Unenroll a Surface device from SEMM with a Recovery Request - -In some scenarios, a Surface UEFI reset package may not be a viable option to unenroll a Surface device from SEMM (for example, where Windows has become unusable). In these scenarios you can unenroll the device by using a Recovery Request generated from within Surface UEFI. The Recovery Request process can be initiated even on devices where you do not have the Surface UEFI password. - -The Recovery Request process is initiated from Surface UEFI on the Surface device, approved with Microsoft Surface UEFI Configurator on another computer, and then completed in Surface UEFI. Like the reset package, approving a Recovery Request with Microsoft Surface UEFI Configurator requires access to the SEMM certificate that was used to enroll the Surface device. - -To initiate a Recovery Request, follow these steps: - -1. Boot the Surface device that is to be unenrolled from SEMM to Surface UEFI. -2. Type the Surface UEFI password if you are prompted to do so. -3. Click the **Enterprise management** page, as shown in Figure 6. - - ![Enterprise Management page](images/surface-semm-unenroll-fig6.png "Enterprise Management page") - - *Figure 6. The Enterprise management page is displayed in Surface UEFI on devices enrolled in SEMM* - -4. Click or press **Get Started**. -5. Click or press **Next** to begin the Recovery Request process. - >[!NOTE] - >A Recovery Request expires two hours after it is created. If a Recovery Request is not completed in this time, you will have to restart the Recovery Request process. -6. Select **SEMM Certificate** from the list of certificates displayed on the **Choose a SEMM reset key** page (shown in Figure 7), and then click or press **Next**. - - ![Select SEMM certificate for your Recovery Request](images/surface-semm-unenroll-fig7.png "Select SEMM certificate for your Recovery Request") - - *Figure 7. Choose SEMM Certificate for your Recovery Request (Reset Request)* - -7. On the **Enter SEMM reset verification code** page you can click the **QR Code** or **Text** buttons to display your Recovery Request (Reset Request) as shown in Figure 8, or the **USB** button to save your Recovery Request (Reset Request) as a file to a USB drive, as shown in Figure 9. - - ![Recovery Request displayed as a QR Code](images/surface-semm-unenroll-fig8.png "Recovery Request displayed as a QR Code") - - *Figure 8. A Recovery Request (Reset Request) displayed as a QR Code* - - ![Save a recovery request to a USB drive](images/surface-semm-unenroll-fig9.png "Save a recovery request to a USB drive") - - *Figure 9. Save a Recovery Request (Reset Request) to a USB drive* - - * To use a QR Code Recovery Request (Reset Request), use a QR reader app on a mobile device to read the code. The QR reader app will translate the QR code into an alphanumeric string. You can then email or message that string to the administrator that will produce the reset verification code with Microsoft Surface UEFI Configurator. - * To use a Recovery Request (Reset Request) saved to a USB drive as a file, use the USB drive to transfer the file to the computer where Microsoft Surface UEFI Configurator will be used to produce the Reset Verification Code. The file can also be copied from the USB drive on another device to be emailed or transferred over the network. - * To use the Recovery Request (Reset Request) as text, simply type the text directly into Microsoft Surface UEFI Configurator. - -8. Open Microsoft Surface UEFI Configurator from the Start menu on another computer. - >[!NOTE] - >Microsoft Surface UEFI Configurator must run in an environment that is able to authenticate the certificate chain for the SEMM certificate. -9. Click **Start**. -10. Click **Recovery Request**, as shown in Figure 10. - - ![Start process to approve a Recovery Request](images/surface-semm-unenroll-fig10.png "Start process to approve a Recovery Request") - - *Figure 10. Click Recovery Request to begin the process to approve a Recovery Request* - -11. Click **Certificate Protection** to authenticate the Recovery Request with the SEMM certificate. -12. Browse to and select your SEMM certificate file, and then click **OK**. -13. When you are prompted to enter the certificate password as shown in Figure 11, type and confirm the password for the certificate file, and then click **OK**. - - ![Type password for SEMM certificate](images/surface-semm-unenroll-fig11.png "Type password for SEMM certificate") - - *Figure 11. Type the password for the SEMM certificate* - -14. Click **Next**. -15. Enter the Recovery Request (Reset Request), and then click **Generate** to create a reset verification code (as shown in Figure 12). - - ![Enter the recovery request](images/surface-semm-unenroll-fig12.png "Enter the recovery request") - - *Figure 12. Enter the Recovery Request (Reset Request)* - - * If you displayed the Recovery Request (Reset Request) as text on the Surface device being reset, use the keyboard to type the Recovery Request (Reset Request) in the provided field. - * If you displayed the Recovery Request (Reset Request) as a QR Code and then used a messaging or email application to send the code to the computer with Microsoft Surface UEFI Configurator, copy and paste the code into the provided field. - * If you saved the Recovery Request (Reset Request) as a file to a USB drive, click the **Import** button, browse to and select the Recovery Request (Reset Request) file, and then click **OK**. - -16. The reset verification code is displayed in Microsoft Surface UEFI Configurator, as shown in Figure 13. - - ![Display of the reset verification code](images/surface-semm-unenroll-fig13.png "Display of the reset verification code") - - *Figure 13. The reset verification code displayed in Microsoft Surface UEFI Configurator* - - * Click the **Share** button to send the reset verification code by email. - -17. Enter the reset verification code in the provided field on the Surface device (shown in Figure 8), and then click or press **Verify** to reset the device and unenroll the device from SEMM. -18. Click or press **Restart now** on the **SEMM reset successful** page to complete the unenrollment from SEMM, as shown in Figure 14. - - ![Example display of successful unenrollment from SEMM](images/surface-semm-unenroll-fig14.png "Example display of successful unenrollment from SEMM") - - *Figure 14. Successful unenrollment from SEMM* - -19. Click **End** in Microsoft Surface UEFI Configurator to complete the Recovery Request (Reset Request) process and close Microsoft Surface UEFI Configurator. - - diff --git a/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md b/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md deleted file mode 100644 index 7602e690be..0000000000 --- a/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: Upgrade Surface devices to Windows 10 with Microsoft Deployment Toolkit (Surface) -description: Find out how to perform a Windows 10 upgrade deployment to your Surface devices. -keywords: windows 10 surface, upgrade, customize, mdt -ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: surface -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.localizationpriority: medium -ms.audience: itpro -ms.reviewer: -manager: laurawi -ms.date: 04/24/2020 ---- - -# Upgrade Surface devices to Windows 10 with Microsoft Deployment Toolkit - -#### Applies to -- Surface Pro 6 -- Surface Laptop 2 -- Surface Go -- Surface Go with LTE -- Surface Book 2 -- Surface Pro with LTE Advanced (Model 1807) -- Surface Pro (Model 1796) -- Surface Laptop -- Surface Studio -- Surface Studio 2 -- Surface Book -- Surface Pro 4 -- Surface 3 LTE -- Surface 3 -- Surface Pro 3 -- Surface Pro 2 -- Surface Pro -- Windows 10 - -In addition to the traditional deployment method of reimaging devices, administrators who want to upgrade Surface devices that are running Windows 8.1 or Windows 10 have the option of deploying upgrades. By performing an upgrade deployment, Windows 10 can be applied to devices without removing users, apps, or configuration. The users of the deployed devices can simply continue using the devices with the same apps and settings that they used prior to the upgrade. - -For the latest information about upgrading surface devices using MDT, refer to [Perform an in-place upgrade to Windows 10 with MDT](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit). - diff --git a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md deleted file mode 100644 index 91c1b17875..0000000000 --- a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md +++ /dev/null @@ -1,491 +0,0 @@ ---- -title: Use Microsoft Endpoint Configuration Manager to manage devices with SEMM (Surface) -description: Learn how to manage Microsoft Surface Enterprise Management Mode (SEMM) with Endpoint Configuration Manager. -keywords: enroll, update, scripts, settings -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: surface, devices -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.reviewer: -manager: laurawi -ms.localizationpriority: medium -ms.audience: itpro ---- - -# Use Microsoft Endpoint Configuration Manager to manage devices with SEMM - -The Microsoft Surface Enterprise Management Mode (SEMM) feature of Surface UEFI devices lets administrators manage and help secure the configuration of Surface UEFI settings. For most organizations, this process is accomplished by creating Windows Installer (.msi) packages with the Microsoft Surface UEFI Configurator tool. These packages are then run or deployed to the client Surface devices to enroll the devices in SEMM and to update the Surface UEFI settings configuration. - -For organizations with Microsoft Endpoint Configuration Manager there is an alternative to using the Microsoft Surface UEFI Configurator .msi process to deploy and administer SEMM. Microsoft Surface UEFI Manager is a lightweight installer that makes required assemblies for SEMM management available on a device. By installing these assemblies with Microsoft Surface UEFI Manager on a managed client, SEMM can be administered by Configuration Manager with PowerShell scripts, deployed as applications. With this process, SEMM management is performed within Configuration Manager, which eliminates the need for the external Microsoft Surface UEFI Configurator tool. - -> [!Note] -> Although the process described in this article may work with earlier versions of Endpoint Configuration Manager or with other third-party management solutions, management of SEMM with Microsoft Surface UEFI Manager and PowerShell is supported only with the Current Branch of Endpoint Configuration Manager. - -#### Prerequisites - -Before you begin the process outlined in this article, familiarize yourself with the following technologies and tools: - -* [Surface UEFI](https://technet.microsoft.com/itpro/surface/manage-surface-uefi-settings) -* [Surface Enterprise Management Mode (SEMM)](https://technet.microsoft.com/itpro/surface/surface-enterprise-management-mode) -* [PowerShell scripting](https://technet.microsoft.com/scriptcenter/dd742419) -* [System Center Configuration Manager application deployment](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications) -* Certificate management - -> [!Note] -> You will also need access to the certificate that you intend to use to secure SEMM. For details about the requirements for this certificate, see [Surface Enterprise Management Mode certificate requirements](https://technet.microsoft.com/itpro/surface/surface-enterprise-management-mode#surface-enterprise-management-mode-certificate-requirements). -> -> It is very important that this certificate be kept in a safe location and properly backed up. If this certificate becomes lost or unusable, it is not possible to reset Surface UEFI, change managed Surface UEFI settings, or remove SEMM from an enrolled Surface device. - -#### Download Microsoft Surface UEFI Manager - -Management of SEMM with Configuration Manager requires the installation of Microsoft Surface UEFI Manager on each client Surface device. You can download Microsoft Surface UEFI Manager (SurfaceUEFIManager.msi) from the [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) page on the Microsoft Download Center. - -#### Download SEMM scripts for Configuration Manager - -After Microsoft Surface UEFI Manager is installed on the client Surface device, SEMM is deployed and managed with PowerShell scripts. You can download samples of the [SEMM management scripts](https://www.microsoft.com/download/details.aspx?id=46703) from the Download Center. - -## Deploy Microsoft Surface UEFI Manager - -Deployment of Microsoft Surface UEFI Manager is a typical application deployment. The Microsoft Surface UEFI Manager installer file is a standard Windows Installer file that you can install with the [standard quiet option](https://msdn.microsoft.com/library/windows/desktop/aa367988). - -The command to install Microsoft Surface UEFI Manager is as follows. - -`msiexec /i "SurfaceUEFIManagerSetup.msi" /q` - -The command to uninstall Microsoft Surface UEFI Manager is as follows. - -`msiexec /x {541DA890-1AEB-446D-B3FD-D5B3BB18F9AF} /q` - -To create a new application and deploy it to a collection that contains your Surface devices, perform the following steps: - -1. Open Configuration Manager Console from the **Start** screen or **Start** menu. -2. Select **Software Library** in the bottom left corner of the window. -3. Expand the **Application Management** node of the Software Library, and then select **Applications**. -4. Select the **Create Application** button under the **Home** tab at the top of the window. This starts the Create Application Wizard. -5. The Create Application Wizard presents a series of steps: - - * **General** – The **Automatically detect information about this application from installation files** option is selected by default. In the **Type** field, **Windows Installer (.msi file)** is also selected by default. Select **Browse** to navigate to and select **SurfaceUEFIManagerSetup.msi**, and then select **Next**. - - > [!Note] - > The location of SurfaceUEFIManagerSetup.msi must be on a network share and located in a folder that contains no other files. A local file location cannot be used. - - * **Import Information** – The Create Application Wizard will parse the .msi file and read the **Application Name** and **Product Code**. SurfaceUEFIManagerSetup.msi should be listed as the only file under the line **Content Files**, as shown in Figure 1. Select **Next** to proceed. - - ![Information from Surface UEFI Manager setup is automatically parsed](images/config-mgr-semm-fig1.png "Information from Surface UEFI Manager setup is automatically parsed") - - *Figure 1. Information from Microsoft Surface UEFI Manager setup is automatically parsed* - - * **General Information** – You can modify the name of the application and information about the publisher and version, or add comments on this page. The installation command for Microsoft Surface UEFI Manager is displayed in the Installation Program field. The default installation behavior of Install for system will allow Microsoft Surface UEFI Manager to install the required assemblies for SEMM even if a user is not logged on to the Surface device. Select **Next** to proceed. - * **Summary** – The information that was parsed in the **Import Information** step and your selections from the **General Information** step is displayed on this page. Select **Next** to confirm your selections and create the application. - * **Progress** – Displays a progress bar and status as the application is imported and added to the Software Library. - * **Completion** – Confirmation of the successful application creation is displayed when the application creation process is complete. Select **Close** to finish the Create Application Wizard. - -After the application is created in Configuration Manager, you can distribute it to your distribution points and deploy it to the collections including your Surface devices. This application will not install or enable SEMM on the Surface device. It only provides the assemblies required for SEMM to be enabled using the PowerShell script. - -If you do not want to install the Microsoft Surface UEFI Manager assemblies on devices that will not be managed with SEMM, you can configure Microsoft Surface UEFI Manager as a dependency of the SEMM Configuration Manager scripts. This scenario is covered in the [Deploy SEMM Configuration Manager Scripts](#deploy-semm-configuration-manager-scripts) section later in this article. - -## Create or modify the SEMM Configuration Manager scripts - -After the required assemblies have been installed on the devices, the process of enrolling the devices in SEMM and configuring Surface UEFI is done with PowerShell scripts and deployed as a script application with Configuration Manager. These scripts can be modified to fit the needs of your organization and environment. For example, you can create multiple configurations for managed Surface devices in different departments or roles. You can download samples of the scripts for SEMM and Configuration Manager from the link in the [Prerequisites](#prerequisites) section at the beginning of this article. - -There are two primary scripts you will need in order to perform a SEMM deployment with Configuration Manager: - -* **ConfigureSEMM.ps1** – Use this script to create configuration packages for your Surface devices with your desired Surface UEFI settings to apply the specified settings to a Surface device, to enroll the device in SEMM, and to set a registry key used to identify the enrollment of the device in SEMM. -* **ResetSEMM.ps1** – Use this script to reset SEMM on a Surface device, which unenrolls it from SEMM and removes the control over Surface UEFI settings. - -The sample scripts include examples of how to set Surface UEFI settings and how to control permissions to those settings. These settings can be modified to secure Surface UEFI and set Surface UEFI settings according to the needs of your environment. The following sections of this article explain the ConfigureSEMM.ps1 script and explore the modifications you need to make to the script to fit your requirements. - -> [!NOTE] -> The SEMM Configuration Manager scripts and the exported SEMM certificate file (.pfx) should be placed in the same folder with no other files before they are added to Configuration Manager. - -### Specify certificate and package names - -The first region of the script that you need to modify is the portion that specifies and loads the SEMM certificate, and also indicates SurfaceUEFIManager version, and the names for the SEMM configuration package and SEMM reset package. The certificate name and SurfaceUEFIManager version are specified on lines 56 through 73 in the ConfigureSEMM.ps1 script. - - ```powershell - 56 $WorkingDirPath = split-path -parent $MyInvocation.MyCommand.Definition - 57 $packageRoot = "$WorkingDirPath\Config" - 58 $certName = "FabrikamSEMMSample.pfx" - 59 $DllVersion = "2.26.136.0" - 60 - 61 $certNameOnly = [System.IO.Path]::GetFileNameWithoutExtension($certName) - 62 $ProvisioningPackage = $certNameOnly + "ProvisioningPackage.pkg" - 63 $ResetPackage = $certNameOnly + "ResetPackage.pkg" - 64 - 65 if (-not (Test-Path $packageRoot)) { New-Item -ItemType Directory -Force -Path $packageRoot } - 66 Copy-Item "$WorkingDirPath\$certName" $packageRoot - 67 - 68 $privateOwnerKey = Join-Path -Path $packageRoot -ChildPath $certName - 69 $ownerPackageName = Join-Path -Path $packageRoot -ChildPath $ProvisioningPackage - 70 $resetPackageName = Join-Path -Path $packageRoot -ChildPath $ResetPackage - 71 - 72 # If your PFX file requires a password then it can be set here, otherwise use a blank string. - 73 $password = "1234" - ``` - -Replace the **FabrikamSEMMSample.pfx** value for the **$certName** variable with the name of your SEMM Certificate file on line 58. The script will create a working directory (named Config) in the folder where your scripts are located, and then copies the certificate file to this working directory. - -Owner package and reset package will also be created in the Config directory and hold the configuration for Surface UEFI settings and permissions generated by the script. - -On line 73, replace the value of the **$password** variable, from **1234** to the password for your certificate file. If a password is not required, delete the **1234** text. - -> [!Note] -> The last two characters of the certificate thumbprint are required to enroll a device in SEMM. This script will display these digits to the user, which allows the user or technician to record these digits before the system reboots to enroll the device in SEMM. The script uses the following code, found on lines 150-155, to accomplish this. - -```powershell -150 # Device owners will need the last two characters of the thumbprint to accept SEMM ownership. -151 # For convenience we get the thumbprint here and present to the user. -152 $pw = ConvertTo-SecureString $password -AsPlainText -Force -153 $certPrint = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 -154 $certPrint.Import($privateOwnerKey, $pw, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::DefaultKeySet) -155 Write-Host "Thumbprint =" $certPrint.Thumbprint -``` - -Administrators with access to the certificate file (.pfx) can read the thumbprint at any time by opening the .pfx file in CertMgr. To view the thumbprint with CertMgr, follow this process: - -1. Right-click the .pfx file, and then select **Open**. -2. Expand the folder in the navigation pane. -3. Select **Certificates**. -4. Right-click your certificate in the main pane, and then select **Open**. -5. Select the **Details** tab. -6. **All** or **Properties Only** must be selected in the **Show** drop-down menu. -7. Select the field **Thumbprint**. - -> [!NOTE] -> The SEMM certificate name and password must also be entered in this section of the ResetSEMM.ps1 script to enable Configuration Manager to remove SEMM from the device with the uninstall action. - -### Configure permissions - -The first region of the script where you will specify the configuration for Surface UEFI is the **Configure Permissions** region. This region begins at line 210 in the sample script with the comment **# Configure Permissions** and continues to line 247. The following code fragment first sets permissions to all Surface UEFI settings so that they may be modified by SEMM only, then adds explicit permissions to allow the local user to modify the Surface UEFI password, TPM, and front and rear cameras. - -```powershell -210 # Configure Permissions -211 foreach ($uefiV2 IN $surfaceDevices.Values) { -212 if ($uefiV2.SurfaceUefiFamily -eq $Device.Model) { -213 Write-Host "Configuring permissions" -214 Write-Host $Device.Model -215 Write-Host "=======================" -216 -217 # Here we define which "identities" will be allowed to modify which settings -218 # PermissionSignerOwner = The primary SEMM enterprise owner identity -219 # PermissionLocal = The user when booting to the UEFI pre-boot GUI -220 # PermissionSignerUser, PermissionSignerUser1, PermissionSignerUser2 = -221 # Additional user identities created so that the signer owner -222 # can delegate permission control for some settings. -223 $ownerOnly = [Microsoft.Surface.IUefiSetting]::PermissionSignerOwner -224 $ownerAndLocalUser = ([Microsoft.Surface.IUefiSetting]::PermissionSignerOwner -bor [Microsoft.Surface.IUefiSetting]::PermissionLocal) -225 -226 # Make all permissions owner only by default -227 foreach ($setting IN $uefiV2.Settings.Values) { -228 $setting.ConfiguredPermissionFlags = $ownerOnly -229 } -230 -231 # Allow the local user to change their own password -232 $uefiV2.SettingsById[501].ConfiguredPermissionFlags = $ownerAndLocalUser -233 -234 Write-Host "" -235 -236 # Create a unique package name based on family and LSV. -237 # We will choose a name that can be parsed by later scripts. -238 $packageName = $uefiV2.SurfaceUefiFamily + "^Permissions^" + $lsv + ".pkg" -239 $fullPackageName = Join-Path -Path $packageRoot -ChildPath $packageName -240 -241 # Build and sign the Permission package then save it to a file. -242 $permissionPackageStream = $uefiV2.BuildAndSignPermissionPackage($privateOwnerKey, $password, "", $null, $lsv) -243 $permissionPackage = New-Object System.IO.Filestream($fullPackageName, [System.IO.FileMode]::CreateNew, [System.IO.FileAccess]::Write) -244 $permissionPackageStream.CopyTo($permissionPackage) -245 $permissionPackage.Close() -246 } -247 } -``` - -Each **$uefiV2** variable identifies a Surface UEFI setting by setting name or ID, and then configures the permissions to one of the following values: - -* **$ownerOnly** – Permission to modify this setting is granted only to SEMM. -* **$ownerAndLocalUser** – Permission to modify this setting is granted to a local user booting to Surface UEFI, as well as to SEMM. - -You can find information about the available settings names and IDs for Surface UEFI in the [Settings Names and IDs](#settings-names-and-ids) section of this article. - -### Configure settings - -The second region of the script where you will specify the configuration for Surface UEFI is the **Configure Settings** region of the ConfigureSEMM.ps1 script, which configures whether each setting is enabled or disabled. The sample script includes instructions to set all settings to their default values. The script then provides explicit instructions to disable IPv6 for PXE Boot and to leave the Surface UEFI Administrator password unchanged. You can find this region beginning with the **# Configure Settings** comment at line 291 through line 335 in the sample script. The region appears as follows. - -```powershell -291 # Configure Settings -292 foreach ($uefiV2 IN $surfaceDevices.Values) { -293 if ($uefiV2.SurfaceUefiFamily -eq $Device.Model) { -294 Write-Host "Configuring settings" -295 Write-Host $Device.Model -296 Write-Host "====================" -297 -298 # In this demo, we will start by setting every setting to the default factory setting. -299 # You may want to start by doing this in your scripts -300 # so that every setting gets set to a known state. -301 foreach ($setting IN $uefiV2.Settings.Values) { -302 $setting.ConfiguredValue = $setting.DefaultValue -303 } -304 -305 $EnabledValue = "Enabled" -306 $DisabledValue = "Disabled" -307 -308 # If you want to set something to a different value from the default, -309 # here are examples of how to accomplish this. -310 # This disables IPv6 PXE boot by name: -311 $uefiV2.Settings["IPv6 for PXE Boot"].ConfiguredValue = $DisabledValue -312 -313 # This disables IPv6 PXE Boot by ID: -314 $uefiV2.SettingsById[400].ConfiguredValue = $DisabledValue -315 -316 Write-Host "" -317 -318 # If you want to leave the setting unmodified, set it to $null -319 # PowerShell has issues setting things to $null so ClearConfiguredValue() -320 # is supplied to do this explicitly. -321 # Here is an example of leaving the UEFI administrator password as-is, -322 # even after we initially set it to factory default above. -323 $uefiV2.SettingsById[501].ClearConfiguredValue() -324 -325 # Create a unique package name based on family and LSV. -326 # We will choose a name that can be parsed by later scripts. -327 $packageName = $uefiV2.SurfaceUefiFamily + "^Settings^" + $lsv + ".pkg" -328 $fullPackageName = Join-Path -Path $packageRoot -ChildPath $packageName -329 -330 # Build and sign the Settings package then save it to a file. -331 $settingsPackageStream = $uefiV2.BuildAndSignSecuredSettingsPackage($privateOwnerKey, $password, "", $null, $lsv) -332 $settingsPackage = New-Object System.IO.Filestream($fullPackageName, [System.IO.FileMode]::CreateNew, [System.IO.FileAccess]::Write) -333 $settingsPackageStream.CopyTo($settingsPackage) -334 $settingsPackage.Close() -335 } -``` - -Like the permissions set in the **Configure Permissions** section of the script, the configuration of each Surface UEFI setting is performed by defining the **$uefiV2** variable. For each line defining the **$uefiV2** variable, a Surface UEFI setting is identified by setting name or ID and the configured value is set to **Enabled** or **Disabled**. - -If you do not want to alter the configuration of a Surface UEFI setting, for example to ensure that the Surface UEFI administrator password is not cleared by the action of resetting all Surface UEFI settings to their default, you can use **ClearConfiguredValue()** to enforce that this setting will not be altered. In the sample script, this is used on line 323 to prevent the clearing of the Surface UEFI Administrator password, identified in the sample script by its setting ID, **501**. - -You can find information about the available settings names and IDs for Surface UEFI in the [Settings Names and IDs](#settings-names-and-ids) section later in this article. - -### Settings registry key - -To identify enrolled systems for Configuration Manager, the ConfigureSEMM.ps1 script writes registry keys that can be used to identify enrolled systems as having been installed with the SEMM configuration script. These keys can be found at the following location. - -`HKLM\SOFTWARE\Microsoft\Surface\SEMM` - -The following code fragment, found on lines 380-477, is used to write these registry keys. - -```powershell -380 # For Endpoint Configuration Manager or other management solutions that wish to know what version is applied, tattoo the LSV and current DateTime (in UTC) to the registry: -381 $UTCDate = (Get-Date).ToUniversalTime().ToString() -382 $certIssuer = $certPrint.Issuer -383 $certSubject = $certPrint.Subject -384 -385 $SurfaceRegKey = "HKLM:\SOFTWARE\Microsoft\Surface\SEMM" -386 New-RegKey $SurfaceRegKey -387 $LSVRegValue = Get-ItemProperty $SurfaceRegKey LSV -ErrorAction SilentlyContinue -388 $DateTimeRegValue = Get-ItemProperty $SurfaceRegKey LastConfiguredUTC -ErrorAction SilentlyContinue -389 $OwnershipSessionIdRegValue = Get-ItemProperty $SurfaceRegKey OwnershipSessionId -ErrorAction SilentlyContinue -390 $PermissionSessionIdRegValue = Get-ItemProperty $SurfaceRegKey PermissionSessionId -ErrorAction SilentlyContinue -391 $SettingsSessionIdRegValue = Get-ItemProperty $SurfaceRegKey SettingsSessionId -ErrorAction SilentlyContinue -392 $IsResetRegValue = Get-ItemProperty $SurfaceRegKey IsReset -ErrorAction SilentlyContinue -393 $certUsedRegValue = Get-ItemProperty $SurfaceRegKey CertName -ErrorAction SilentlyContinue -394 $certIssuerRegValue = Get-ItemProperty $SurfaceRegKey CertIssuer -ErrorAction SilentlyContinue -395 $certSubjectRegValue = Get-ItemProperty $SurfaceRegKey CertSubject -ErrorAction SilentlyContinue -396 -397 -398 If ($LSVRegValue -eq $null) -399 { -400 New-ItemProperty -Path $SurfaceRegKey -Name LSV -PropertyType DWORD -Value $lsv | Out-Null -401 } -402 Else -403 { -404 Set-ItemProperty -Path $SurfaceRegKey -Name LSV -Value $lsv -405 } -406 -407 If ($DateTimeRegValue -eq $null) -408 { -409 New-ItemProperty -Path $SurfaceRegKey -Name LastConfiguredUTC -PropertyType String -Value $UTCDate | Out-Null -410 } -411 Else -412 { -413 Set-ItemProperty -Path $SurfaceRegKey -Name LastConfiguredUTC -Value $UTCDate -414 } -415 -416 If ($OwnershipSessionIdRegValue -eq $null) -417 { -418 New-ItemProperty -Path $SurfaceRegKey -Name OwnershipSessionId -PropertyType String -Value $ownerSessionIdValue | Out-Null -419 } -420 Else -421 { -422 Set-ItemProperty -Path $SurfaceRegKey -Name OwnershipSessionId -Value $ownerSessionIdValue -423 } -424 -425 If ($PermissionSessionIdRegValue -eq $null) -426 { -427 New-ItemProperty -Path $SurfaceRegKey -Name PermissionSessionId -PropertyType String -Value $permissionSessionIdValue | Out-Null -428 } -429 Else -430 { -431 Set-ItemProperty -Path $SurfaceRegKey -Name PermissionSessionId -Value $permissionSessionIdValue -432 } -433 -434 If ($SettingsSessionIdRegValue -eq $null) -435 { -436 New-ItemProperty -Path $SurfaceRegKey -Name SettingsSessionId -PropertyType String -Value $settingsSessionIdValue | Out-Null -437 } -438 Else -439 { -440 Set-ItemProperty -Path $SurfaceRegKey -Name SettingsSessionId -Value $settingsSessionIdValue -441 } -442 -443 If ($IsResetRegValue -eq $null) -444 { -445 New-ItemProperty -Path $SurfaceRegKey -Name IsReset -PropertyType DWORD -Value 0 | Out-Null -446 } -447 Else -448 { -449 Set-ItemProperty -Path $SurfaceRegKey -Name IsReset -Value 0 -450 } -451 -452 If ($certUsedRegValue -eq $null) -453 { -454 New-ItemProperty -Path $SurfaceRegKey -Name CertName -PropertyType String -Value $certName | Out-Null -455 } -456 Else -457 { -458 Set-ItemProperty -Path $SurfaceRegKey -Name CertName -Value $certName -459 } -460 -461 If ($certIssuerRegValue -eq $null) -462 { -463 New-ItemProperty -Path $SurfaceRegKey -Name CertIssuer -PropertyType String -Value $certIssuer | Out-Null -464 } -465 Else -466 { -467 Set-ItemProperty -Path $SurfaceRegKey -Name CertIssuer -Value $certIssuer -468 } -469 -470 If ($certSubjectRegValue -eq $null) -471 { -472 New-ItemProperty -Path $SurfaceRegKey -Name CertSubject -PropertyType String -Value $certSubject | Out-Null -473 } -474 Else -475 { -476 Set-ItemProperty -Path $SurfaceRegKey -Name CertSubject -Value $certSubject -477 } -``` - -### Settings names and IDs - -To configure Surface UEFI settings or permissions for Surface UEFI settings, you must refer to each setting by either its setting name or setting ID. With each new update for Surface UEFI, new settings may be added. The best way to get a complete list of the settings available on a Surface device, along with the settings name and settings IDs, is to use the ShowSettingsOptions.ps1 script from SEMM_Powershell.zip in [Surface Tools for IT Downloads](https://www.microsoft.com/download/details.aspx?id=46703) - -The computer where ShowSettingsOptions.ps1 is run must have Microsoft Surface UEFI Manager installed, but the script does not require a Surface device. - -The best way to view the most current Setting names and IDs for devices is to use the ConfigureSEMM.ps1 script or the ConfigureSEMM - .ps1 from the SEMM_Powershell.zip in [Surface Tools for IT Downloads](https://www.microsoft.com/download/details.aspx?id=46703). - -Setting names and IDs for all devices can be seen in the ConfigureSEMM.ps1 script. - -Setting names and IDs for specific devices can be seen in the ConfigureSEMM - .ps1 scripts. For example, setting names and IDs for Surface Pro X can be found in the ConfigureSEMM – ProX.ps1 script. - -## Deploy SEMM Configuration Manager scripts - -After your scripts are prepared to configure and enable SEMM on the client device, the next step is to add these scripts as an application in Configuration Manager. Before you open Configuration Manager, ensure that the following files are in a shared folder that does not include other files: - -* ConfigureSEMM.ps1 -* ResetSEMM.ps1 -* Your SEMM certificate (for example SEMMCertificate.pfx) - -The SEMM Configuration Manager scripts will be added to Configuration Manager as a script application. The command to install SEMM with ConfigureSEMM.ps1 is as follows. - -`Powershell.exe -file ".\ConfigureSEMM.ps1"` - -The command to uninstall SEMM with ResetSEMM.ps1 is as follows. - -`Powershell.exe -file ".\ResetSEMM.ps1"` - -To add the SEMM Configuration Manager scripts to Configuration Manager as an application, use the following process: - -1. Start the Create Application Wizard using Step 1 through Step 5 from the [Deploy Microsoft Surface UEFI Manager](#deploy-microsoft-surface-uefi-manager) section earlier in this article. - -2. Proceed through The Create Application Wizard as follows: - - - **General** – Select **Manually specify the application information**, and then select **Next**. - - - **General Information** – Enter a name for the application (for example SEMM) and any other information you want such as publisher, version, or comments on this page. Select **Next** to proceed. - - - **Application Catalog** – The fields on this page can be left with their default values. Select **Next**. - - - **Deployment Types** – Select **Add** to start the Create Deployment Type Wizard. - - - Proceed through the steps of the Create Deployment Type Wizard, as follows: - - * **General** – Select **Script Installer** from the **Type** drop-down menu. The **Manually specify the deployment type information** option will automatically be selected. Select **Next** to proceed. - * **General Information** – Enter a name for the deployment type (for example SEMM Configuration Scripts), and then select **Next** to continue. - * **Content** – Select **Browse** next to the **Content Location** field, and then select the folder where your SEMM Configuration Manager scripts are located. In the **Installation Program** field, type the [installation command](#deploy-semm-configuration-manager-scripts) found earlier in this article. In the **Uninstall Program** field, enter the [uninstallation command](#deploy-semm-configuration-manager-scripts) found earlier in this article (shown in Figure 2). Select **Next** to move to the next page. - - ![Set the SEMM Configuration Manager scripts as the install and uninstall commands](images/config-mgr-semm-fig2.png "Set the SEMM Configuration Manager scripts as the install and uninstall commands") - - *Figure 2. Set the SEMM Configuration Manager scripts as the install and uninstall commands* - - * **Detection Method** – Select **Add Clause** to add the SEMM Configuration Manager script registry key detection rule. The **Detection Rule** window is displayed, as shown in Figure 3. Use the following settings: - - - Select **Registry** from the **Setting Type** drop-down menu. - - Select **HKEY_LOCAL_MACHINE** from the **Hive** drop-down menu. - - Enter **SOFTWARE\Microsoft\Surface\SEMM** in the **Key** field. - - Enter **CertName** in the **Value** field. - - Select **String** from the **Data Type** drop-down menu. - - Select the **This registry setting must satisfy the following rule to indicate the presence of this application** button. - - Enter the name of the certificate you entered in line 58 of the script in the **Value** field. - - Select **OK** to close the **Detection Rule** window. - - ![Use a registry key to identify devices enrolled in SEMM](images/config-mgr-semm-fig3.png "Use a registry key to identify devices enrolled in SEMM") - - *Figure 3. Use a registry key to identify devices enrolled in SEMM* - - * Select **Next** to proceed to the next page. - - * **User Experience** – Select **Install for system** from the **Installation Behavior** drop-down menu. If you want your users to record and enter the certificate thumbprint themselves, leave the logon requirement set to **Only when a user is logged on**. If you want your administrators to enter the thumbprint for users and the users do not need to see the thumbprint, select **Whether or not a user is logged on** from the **Logon Requirement** drop-down menu. - - * **Requirements** – The ConfigureSEMM.ps1 script automatically verifies that the device is a Surface device before attempting to enable SEMM. However, if you intend to deploy this script application to a collection with devices other than those to be managed with SEMM, you could add requirements here to ensure this application would run only on Surface devices or devices you intend to manage with SEMM. Select **Next** to continue. - - * **Dependencies** – Select **Add** to open the **Add Dependency** window. - - * Select **Add** to open the **Specify Required Application** window. - - - Enter a name for the SEMM dependencies in the **Dependency Group Name** field (for example, *SEMM Assemblies*). - - - Select **Microsoft Surface UEFI Manager** from the list of **Available Applications** and the MSI deployment type, and then select **OK** to close the **Specify Required Application** window. - - * Keep the **Auto Install** check box selected if you want Microsoft Surface UEFI Manager installed automatically on devices when you attempt to enable SEMM with the Configuration Manager scripts. Select **OK** to close the **Add Dependency** window. - - * Select **Next** to proceed. - - * **Summary** – The information you have entered throughout the Create Deployment Type wizard is displayed on this page. Select **Next** to confirm your selections. - - * **Progress** – A progress bar and status as the deployment type is added for the SEMM script application is displayed on this page. - - * **Completion** – Confirmation of the deployment type creation is displayed when the process is complete. Select **Close** to finish the Create Deployment Type Wizard. - - - **Summary** – The information that you entered throughout the Create Application Wizard is displayed. Select **Next** to create the application. - - - **Progress** – A progress bar and status as the application is added to the Software Library is displayed on this page. - - - **Completion** – Confirmation of the successful application creation is displayed when the application creation process is complete. Select **Close** to finish the Create Application Wizard. - -After the script application is available in the Software Library of Configuration Manager, you can distribute and deploy SEMM using the scripts you prepared to devices or collections. If you have configured the Microsoft Surface UEFI Manager assemblies as a dependency that will be automatically installed, you can deploy SEMM in a single step. If you have not configured the assemblies as a dependency, they must be installed on the devices you intend to manage before you enable SEMM. - -When you deploy SEMM using this script application and with a configuration that is visible to the end user, the PowerShell script will start and the thumbprint for the certificate will be displayed by the PowerShell window. You can have your users record this thumbprint and enter it when prompted by Surface UEFI after the device reboots. - -Alternatively, you can configure the application installation to reboot automatically and to install invisibly to the user. In this scenario, a technician will be required to enter the thumbprint on each device as it reboots. Any technician with access to the certificate file can read the thumbprint by viewing the certificate with CertMgr. Instructions for viewing the thumbprint with CertMgr are in the [Create or modify the SEMM Configuration Manager scripts](#create-or-modify-the-semm-configuration-manager-scripts) section of this article. - -Removal of SEMM from a device deployed with Configuration Manager using these scripts is as easy as uninstalling the application with Configuration Manager. This action starts the ResetSEMM.ps1 script and properly unenrolls the device with the same certificate file that was used during the deployment of SEMM. - -> [!NOTE] -> Microsoft Surface recommends that you create reset packages only when you need to unenroll a device. These reset packages are typically valid for only one device, identified by its serial number. You can, however, create a universal reset package that would work for any device enrolled in SEMM with this certificate. -> -> We strongly recommend that you protect your universal reset package as carefully as the certificate you used to enroll devices in SEMM. Please remember that, just like the certificate itself, this universal reset package can be used to unenroll any of your organization’s Surface devices from SEMM. -> -> When you install a reset package, the Lowest Supported Value (LSV) is reset to a value of 1. You can reenroll a device by using an existing configuration package. The device will prompt for the certificate thumbprint before ownership is taken. -> -> For this reason, the reenrollment of a device in SEMM would require a new package to be created and installed on that device. Because this action is a new enrollment and not a change in configuration on a device already enrolled in SEMM, the device will prompt for the certificate thumbprint before ownership is taken. diff --git a/devices/surface/wake-on-lan-for-surface-devices.md b/devices/surface/wake-on-lan-for-surface-devices.md deleted file mode 100644 index b9c11bd90f..0000000000 --- a/devices/surface/wake-on-lan-for-surface-devices.md +++ /dev/null @@ -1,94 +0,0 @@ ---- -title: Wake On LAN for Surface devices (Surface) -description: See how you can use Wake On LAN to remotely wake up devices to perform management or maintenance tasks, or to enable management solutions automatically – even if the devices are powered down. -keywords: update, deploy, driver, wol, wake-on-lan -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: surface, devices -ms.sitesec: library -ms.localizationpriority: medium -author: coveminer -ms.author: greglin -ms.topic: article -ms.reviewer: scottmca -manager: laurawi -ms.audience: itpro ---- - -# Wake On LAN for Surface devices - -Surface devices that run Windows 10, version 1607 (also known as Windows 10 Anniversary Update) or later and use a Surface Ethernet adapter to connect to a wired network, are capable of Wake On LAN (WOL) from Connected Standby. With WOL, you can remotely wake up devices to perform management or maintenance tasks or enable management solutions (such as Microsoft Endpoint Configuration Manager) automatically. For example, you can deploy applications to Surface devices left docked with a Surface Dock or Surface Pro 3 Docking Station by using Microsoft Endpoint Configuration Manager during a window in the middle of the night, when the office is empty. - ->[!NOTE] ->Surface devices must be connected to AC power and in Connected Standby (Sleep) to support WOL. WOL is not possible from devices that are in hibernation or powered off. - -## Supported devices - -The following devices are supported for WOL: - -* Surface Ethernet adapter -* Surface USB-C to Ethernet and USB Adapter -* Surface Dock -* Surface Docking Station for Surface Pro 3 -* Surface 3 -* Surface Pro 3 -* Surface Pro 4 -* Surface Pro (5th Gen) -* Surface Pro (5th Gen) with LTE Advanced -* Surface Book -* Surface Laptop (1st Gen) -* Surface Pro 6 -* Surface Book 2 -* Surface Laptop 2 -* Surface Go -* Surface Go with LTE Advanced -* Surface Studio 2 (see Surface Studio 2 instructions below) -* Surface Pro 7 -* Surface Laptop 3 - -## WOL driver - -To enable WOL support on Surface devices, a specific driver for the Surface Ethernet adapter is required. This driver is not included in the standard driver and firmware pack for Surface devices – you must download and install it separately. You can download the Surface WOL driver (SurfaceWOL.msi) from the [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) page in the Microsoft Download Center. - -You can run this Microsoft Windows Installer (.msi) file on a Surface device to install the Surface WOL driver, or you can distribute it to Surface devices with an application deployment solution, such as Microsoft Endpoint Configuration Manager. To include the Surface WOL driver during deployment, you can install the .msi file as an application during the deployment process. You can also extract the Surface WOL driver files to include them in the deployment process. For example, you can include them in your Microsoft Deployment Toolkit (MDT) deployment share. You can read more about Surface deployment with MDT in [Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit](https://technet.microsoft.com/itpro/surface/deploy-windows-10-to-surface-devices-with-mdt). - -> [!NOTE] -> During the installation of SurfaceWOL.msi, the following registry key is set to a value of 1, which allows easy identification of systems where the WOL driver has been installed. If you chose to extract and install these drivers separately during deployment, this registry key will not be configured and must be configured manually or with a script. -> -> **HKLM\SYSTEM\CurrentControlSet\Control\Power AllowSystemRequiredPowerRequests** - -To extract the contents of SurfaceWOL.msi, use the MSIExec administrative installation option (**/a**), as shown in the following example, to extract the contents to the C:\WOL\ folder: - - `msiexec /a surfacewol.msi targetdir=C:\WOL /qn` - -## Surface Studio 2 instructions - -To enable WOL on Surface Studio 2, you must use the following procedure - -1. Create the following registry keys: - - ```console - ; Set CONNECTIVITYINSTANDBY to 1: - [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\F15576E8-98B7-4186-B944-EAFA664402D9] - "Attributes"=dword:00000001 - ; Set EnforceDisconnectedStandby to 0 and AllowSystemRequiredPowerRequests to 1: - [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power] - "EnforceDisconnectedStandby"=dword:00000000 - "AllowSystemRequiredPowerRequests"=dword:00000001 - ``` - -2. Run the following command - - ```powercfg /SETACVALUEINDEX SCHEME_BALANCED SUB_NONE CONNECTIVITYINSTANDBY 1``` - -## Using Surface WOL - -The Surface WOL driver conforms to the WOL standard, whereby the device is woken by a special network communication known as a magic packet. The magic packet consists of 6 bytes of 255 (or FF in hexadecimal) followed by 16 repetitions of the target computer’s MAC address. You can read more about the magic packet and the WOL standard on [Wikipedia](https://wikipedia.org/wiki/Wake-on-LAN#Magic_packet). - ->[!NOTE] ->To send a magic packet and wake up a device by using WOL, you must know the MAC address of the target device and Ethernet adapter. Because the magic packet does not use the IP network protocol, it is not possible to use the IP address or DNS name of the device. - -Many management solutions, such as Configuration Manager, provide built-in support for WOL. There are also many solutions, including Microsoft Store apps, PowerShell modules, third-party applications, and third-party management solutions that allow you to send a magic packet to wake up a device. For example, you can use the [Wake On LAN PowerShell module](https://gallery.technet.microsoft.com/scriptcenter/Wake-On-Lan-815424c4) from the TechNet Script Center. - ->[!NOTE] ->After a device has been woken up with a magic packet, the device will return to sleep if an application is not actively preventing sleep on the system or if the AllowSystemRequiredPowerRequests registry key is not configured to 1, which allows applications to prevent sleep. See the [WOL driver](#wol-driver) section of this article for more information about this registry key. diff --git a/devices/surface/windows-autopilot-and-surface-devices.md b/devices/surface/windows-autopilot-and-surface-devices.md deleted file mode 100644 index b4da164970..0000000000 --- a/devices/surface/windows-autopilot-and-surface-devices.md +++ /dev/null @@ -1,65 +0,0 @@ ---- -title: Windows Autopilot and Surface devices -ms.reviewer: -manager: laurawi -description: Find out about Windows Autopilot deployment options for Surface devices. -keywords: autopilot, windows 10, surface, deployment -ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: surface, devices -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.localizationpriority: medium -ms.audience: itpro ---- - -# Windows Autopilot and Surface devices - -Windows Autopilot is a cloud-based deployment technology in Windows 10. You can use Windows Autopilot to remotely deploy and configure devices in a zero-touch process right out of the box. - -Windows Autopilot-registered devices are identified over the Internet at first startup through a unique device signature that's called a *hardware hash*. They're automatically enrolled and configured by using modern management solutions such as Azure Active Directory (Azure AD) and mobile device management. - -You can register Surface devices at the time of purchase from a Surface partner that's enabled for Windows Autopilot. These partners can ship new devices directly to your users. The devices will be automatically enrolled and configured when they are first turned on. This process eliminates reimaging during deployment, which lets you implement new, agile methods of device management and distribution. - -## Modern management - -Autopilot is the recommended deployment option for Surface devices, including Surface Pro 7, Surface Laptop 3, and Surface Pro X, which is specifically designed for deployment through Autopilot. - - It's best to enroll your Surface devices with the help of a Microsoft Cloud Solution Provider. This step allows you to manage UEFI firmware settings on Surface directly from Intune. It eliminates the need to physically touch devices for certificate management. See [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md) for details. - -## Windows version considerations - -Broad deployment of Surface devices through Windows Autopilot, including enrollment by Surface partners at the time of purchase, requires Windows 10 Version 1709 (Fall Creators Update) or later. - -These Windows versions support a 4,000-byte (4k) hash value that uniquely identifies devices for Windows Autopilot, which is necessary for deployments at scale. All new Surface devices, including Surface Pro 7, Surface Pro X, and Surface Laptop 3, ship with Windows 10 Version 1903 or later. - -## Exchange experience on Surface devices in need of repair or replacement - -Microsoft automatically checks every Surface for Autopilot enrollment and will deregister the device from the customer's tenant. Microsoft ensures the replacement device is enrolled into Windows Autopilot once a replacement is shipped back to the customer. This service is available on all device exchange service orders directly with Microsoft. - -> [!NOTE] -> When customers use a Partner to return devices, the Partner is responsible for managing the exchange process including deregistering and enrolling devices into Windows Autopilot. - -## Surface partners enabled for Windows Autopilot - -Select Surface partners can enroll Surface devices in Windows Autopilot for you at the time of purchase. They can also ship enrolled devices directly to your users. The devices can be configured entirely through a zero-touch process by using Windows Autopilot, Azure AD, and mobile device management. - -Surface partners that are enabled for Windows Autopilot include: - -| US partners | Global partners | US distributors | -|--------------|---------------|-------------------| -| * [CDW](https://www.cdw.com/) | * [ALSO](https://www.also.com/ec/cms5/de_1010/1010_anbieter/microsoft/windows-autopilot/index.jsp) | * [Synnex](https://www.synnexcorp.com/us/microsoft/surface-autopilot/) | -| * [Connection](https://www.connection.com/brand/microsoft/microsoft-surface) | * [ATEA](https://www.atea.com/) | * [Techdata](https://www.techdata.com/) | -| * [Insight](https://www.insight.com/en_US/buy/partner/microsoft/surface/windows-autopilot.html) | * [Bechtle](https://www.bechtle.com/marken/microsoft/microsoft-windows-autopilot) | * [Ingram](https://go.microsoft.com/fwlink/p/?LinkID=2128954) | -| * [SHI](https://www.shi.com/Surface) | * [Cancom](https://www.cancom.de/) | | -| * [LDI Connect](https://www.myldi.com/managed-it/) | * [Computacenter](https://www.computacenter.com/uk) | | -| * [F1](https://www.functiononeit.com/#empower) | | | -| * [Protected Trust](https://go.microsoft.com/fwlink/p/?LinkID=2129005) | | | - -## Learn more - -For more information about Windows Autopilot, see: -- [Overview of Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-10-autopilot) -- [Windows Autopilot requirements](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot-requirements) \ No newline at end of file diff --git a/devices/surface/windows-virtual-desktop-surface.md b/devices/surface/windows-virtual-desktop-surface.md deleted file mode 100644 index 80434c8eb7..0000000000 --- a/devices/surface/windows-virtual-desktop-surface.md +++ /dev/null @@ -1,158 +0,0 @@ ---- -title: Windows Virtual Desktop on Surface -description: This article explains how Surface devices deliver an ideal end node for Windows Virtual Desktop solutions, providing customers with flexible form factors, Windows 10 modern device security and manageability, and support for persistent, on-demand & just-in-time work scenarios. -ms.prod: w10 -ms.mktglfcycl: manage -ms.localizationpriority: medium -ms.sitesec: library -author: coveminer -ms.author: greglin -ms.topic: article -ms.date: 5/20/2020 -ms.reviewer: rohenr -manager: laurawi -audience: itpro ---- - -# Windows Virtual Desktop on Surface - -## Introduction - -Windows Virtual Desktop on Surface lets you run Virtual Desktop Infrastructure (VDI) on a Surface device blurring the lines between the local desktop experience and the virtual desktop where touch, pen, ink, and biometric authentication span both physical and virtual environments. Representing another milestone in the evolution of computing, Windows Virtual Desktop on Surface 1 combines Microsoft 365 - virtualized in the Azure cloud - with the advanced security protections, enterprise-level manageability, and enhanced productivity tools of Windows 10 on Surface. This fusion of premium form factor and Virtual Desktop Infrastructure in Azure provides exceptional customer value across user experiences, portability, security, business continuity, and modern management. - -### Windows Virtual Desktop - -Windows Virtual Desktop (WVD) is a comprehensive desktop and app virtualization service running in the Azure cloud. It’s the only virtual desktop infrastructure that delivers simplified management, multi-session Windows 10, optimizations for Office 365 ProPlus, and support for Remote Desktop Services (RDS) environments. With WVD you can quickly deploy and scale Windows desktops and apps on Azure and get built-in security and compliance features. - -### Windows Virtual Desktop partner integrations - -For a list of approved partner providers and independent software vendors for Windows Virtual Desktop, see [Windows Virtual Desktop partner integrations](https://docs.microsoft.com/azure/virtual-desktop/partners). Some partners also provide Virtual Desktop as a Service (DaaS). DaaS frees you from having to maintain your own virtual machines (VMs) by providing a fully managed, turnkey desktop and virtualization service. The ability to deliver customized desktops to users anywhere in the world enables companies to quickly adjust to changing market conditions by spinning up cloud desktops on-demand - when and where they’re needed. - -## Microsoft Surface Devices - -Surface engineering has long set new standards for innovation by going beyond the keyboard and mouse to imagine more natural ways of interacting with devices, whether by touch, voice, ink, or Surface Dial. And with chip-to-cloud integration of Microsoft 365 and the security and manageability of Windows 10 Pro, Surface delivers connected hardware, software, apps, and services the way they were intended. Although it’s possible to run WVD from Windows devices dating back to Windows 7, Microsoft Surface devices provide unique advantages including support for: - -- **Flexible form factors** - like 2-in-1 devices such as Surface Go 2, Surface Pro 7 and Surface Pro X with pen, touch and detachable keyboard. -- **Persistent, on-demand and just-in-time work scenarios** - with offline and on-device access for more productive experiences. -- **Windows 10 modern device security and manageability** - providing the flexibility to be productive anywhere. - -## Flexible form factors and premium user experience - -The Microsoft Surface for Business family comprises a diverse portfolio of form factors including traditional laptops, all-in-one machines, and 2-in-1 devices. Surface devices deliver experiences people love with the choice and flexibility they need in order to work on their terms. - -### The modern virtual desktop endpoint - -Surface 2-in-1 devices, including [Surface Go 2](https://www.microsoft.com/p/surface-go-2) (10.5”), [Surface Pro 7](https://www.microsoft.com/surface/devices/surface-pro-7/) (12”) and [Surface Pro X](https://www.microsoft.com/p/surface-pro-x/) (13”), provide users with the ideal cloud desktop endpoint bringing together the optimal balance of portability, versatility, power, and all-day battery. From site engineers relying on Surface Go 2 in tablet mode to financial advisors attaching Surface Pro 7 to a dock and multiple monitors, 2-in-1 devices deliver the versatility that has come to define the modern workplace. - - Unlike traditional, fixed VDI “terminals”, Surface devices allow users to work from anywhere and enable companies to remain viable and operational during unforeseen events -- from severe weather to public health emergencies. With support for persistent, on-demand and just-in-time scenarios, Surface devices effectively help companies sustain ongoing operations and mitigate risk from disruptive events. Features designed to enhance productivity on Surface 2-in-1 devices include: - -- Vibrant, high resolution displays with 3:2 aspect ratio to get work done. -- Natural inking and multi-touch for more immersive experiences. -- With a wide variety of built-in and third-party accessibility features, Surface devices let you choose how to interact with your device, express ideas, and get work done. -- Far-field mics and high-performance speakers for improved virtual meetings. -- Biometric security including built-in, Windows Hello camera that comes standard on every Surface device. -- Long battery life 2 and fast charging. -- LTE options 3 on modern devices like Surface Pro X and Surface Go 2 for hassle-free and secure connectivity. -- Support for a wide range of peripherals such as standard printers, 3D printers, cameras, credit card readers, barcode scanners, and many others. A large ecosystem of Designed for Surface partners provides licensed and certified Surface accessories. -- Broad range of Device Redirection support. - -### Device Redirection Support - -The Surface-centric productivity experiences listed above become even more compelling in Windows Virtual Desktop environments by taking advantage of device redirection capabilities with Windows 10. Surface provides a broad range of device redirection support, especially when compared to OEM thin clients and fixed terminals, Android, iOS/macOS and Web-based access. The Windows Inbox (MSTSC) and Windows Desktop (MSRDC) clients provide the most device redirection capabilities including Input Redirection (keyboard, mouse, pen and touch), Port Redirection (serial and USB) and Other Redirections (cameras, clipboard, local drive/storage, location, microphones, printers, scanners, smart cards and speakers). For a detailed comparison of device redirection support refer to the [device redirection documentation](https://docs.microsoft.com/windows-server/remote/remote-desktop-services/clients/remote-desktop-app-compare#redirection-support). - -### Familiar Desktop Experience - -Not only does running the Windows Desktop Client on Surface devices provide users with a broad set of device redirection capabilities, it lets everyone launch apps in familiar ways — directly from the Start Menu or Search bar. - -### Persistent, on-demand and just-in-time work scenarios - -Windows Virtual Desktop on Surface helps customers meet increasingly complex business and security requirements across industries, employee roles, and work environments. These include: - -- Multi-layered security of access to data and organizational resources. -- Compliance with industry regulations. -- Support for an increasingly elastic workforce. -- Employee-specific needs across a variety of job functions. -- Ability to support specialized, processor-intensive workloads. -- Resilience for sustaining operations during disruptions. - -### Table 1. Windows Virtual Desktop business conversations - -| Security & regulation | Elastic workforce | Work Roles | Special workloads | Business continuity | -| ---------------------------------------------------- | ---------------------------------------------------------------------------- | ----------------------------------------------------------------- | ---------------------------------------------------------------------------- | ---------------------------------------------------- | -| - Financial Services
- Healthcare
- Government | - Merger & acquisition
- Short term employees
- Contractors & partners | - BYOD & mobile
- Customer support/service
- Branch workers | - Design & engineering
- Support for legacy apps
- Software dev & test | - On demand
- Just-in-Time (JIT)
- Work @ Home | - -### Offline and on-device access for more productive experiences - -Traditionally, VDI solutions only work when the endpoint is connected to the internet. But what happens when the internet or power is unavailable for any reason (due to mobility, being on a plane, or power outages, and so on)? - -To support business continuity and keep employees productive, Surface devices can easily augment the virtual desktop experience with offline access to files, Microsoft 365 and third-party applications. Traditional apps like Microsoft Office, available across .x86, x64, Universal Windows Platform, ARM platforms, enable users to stay productive in “offline mode”. Files from the virtual desktop cloud environment can be synced locally on Surface using OneDrive for Business for offline access as well. You can have the confidence that all locally “cached” information is up-to-date and secure. - -In addition to adding support for offline access to apps and files, Surface devices are designed to optimize collaborative experiences like Microsoft Teams “On-Device”. Although some VDI solutions support the use of Teams through a virtual session, users can benefit from the more optimized experience provided by a locally installed instance of Teams. Localizing communications and collaboration apps for multimedia channels like voice, video, live captioning allows organizations to take full advantage of Surface devices’ ability to provide optimized Microsoft 365 experiences. The emergence of Surface artificial intelligence (AI) or “AI-on-device” brings new capabilities to life, such as eye gaze technology that adjusts the appearance of your eyes so the audience sees you looking directly at the camera when communicating via video. - -An alternative to locally installing traditional applications is to take advantage of the latest version of Microsoft Edge, which comes with support for Progressive Web Apps (PWA). PWAs are just websites that are progressively enhanced to function like native apps on supporting platforms. The qualities of a PWA combine the best of the web and native apps by additional features, such as push notifications, background data refresh, offline support, and more. - -### Virtual GPUs - -GPUs are ideal for AI compute and graphics-intensive workloads, helping customers to fuel innovation through scenarios like high-end remote visualization, deep learning, and predictive analytics. However, this isn’t ideal for professionals who need to work remotely or while on the go because varying degrees of internal GPU horsepower are tied to the physical devices, limiting mobility and flexibility. - -To solve for this Azure offers the N-series family of Virtual Machines with NVIDIA GPU capabilities (vGPU). With vGPUs, IT can either share GPU performance across multiple virtual machines, or power demanding workloads by assigning multiple GPUs to a single virtual machine. For Surface this means that no matter what device you’re using, from the highly portable Surface Go 2 to the slim and stylish Surface Laptop 3, your device has access to powerful server-class graphics performance. Surface and vGPUs allow you to combine all the things you love about Surface, to include pen, touch, keyboard, trackpad and PixelSense displays, with graphics capability only available in high performance computing environments. - -Azure N-series brings these capabilities to life on your Surface device allowing you to work in any way you want, wherever you go. [Learn more about Azure N-Series and GPU optimized virtual machine sizes.](https://docs.microsoft.com/azure/virtual-machines/sizes-gpu) - -## Microsoft 365 and Surface - -Even in a virtualized desktop environment, Microsoft 365 and Surface deliver the experiences employees love, the protection organizations demand, and flexibility for teams to work their way. According to Forrester Research: 4 - -- Microsoft 365-powered Surface devices give users up to 5 hours in weekly productivity gains with up to 9 hours saved per week for highly mobile workers, providing organizations with 112 percent ROI on Microsoft 365 with Surface -- 75 percent agree Microsoft 365-powered Surface devices help improve employee satisfaction and retention -- agree that Microsoft 365- powered Surface devices have helped improve employee satisfaction and retention. - -### Security and management - -From chip to cloud, Microsoft 365 and Surface helps organizations stay protected and up to date. -With both Surface hardware and software designed, built, and tested by Microsoft, users can be confident they’re productive and protected by leading technologies from chip to cloud. With increased numbers of users working remotely, protecting corporate data and intellectual property becomes more paramount than ever. Windows Virtual Desktop on Surface is designed around a zero-trust security model in which every access request is strongly authenticated, authorized within policy constraints, and inspected for anomalies before granting access. - -By maximizing efficiencies from cloud computing, modern management enables IT to better serve the needs of users, stakeholders and customers in an increasingly competitive business environment. For example, you can get Surface devices up-and-running with minimal interaction from your team. Setup is automatic and self-serviced. Updates are quick and painless for both your team and your users. You can manage devices regardless of their physical location. - -Security and management features delivered with Windows Virtual Desktop on Surface include: - -- **Windows Update.** Keeping Windows up to date helps you stay ahead of new security threats. Windows 10 has been engineered from the ground up to be more secure and utilize the latest hardware capabilities to improve security. With a purpose-built UEFI 5 and Windows Update for Business that responds to evolving threats, end-to-end protection is secure and simplified. - -- **Hardware encryption.** Device encryption lets you protect the data on your Surface so it can only be accessed by authorized individuals. All Surface for Business devices feature a discrete Trusted Platform Module (dTPM) that is hardware-protected against intrusion while software uses protected keys and measurements to verify software validity. -- **Windows Defender.** Windows Defender Antivirus brings together machine learning, big-data analysis, in-depth threat resistance research, and the Microsoft cloud infrastructure to protect devices. The tool is built in and needs no extra agents to be deployed on-devices or in the VDI environment, simplifying management and optimizing device start up. Windows Defender is built in and needs no extra agents to be deployed on-device or in the VDI environment, simplifying management and optimizing device start up. The true out-of-the-box experience. -- **Removable drives** - A subset of newer Surface devices feature removable SSD drives 6 providing greater control over data retention. -- **Modern authentication -** Microsoft 365 and Surface is a unified platform delivering every Windows security feature (subject to licensing and enablement). All Surface portfolio devices ship with a custom-built camera, designed for Windows Hello for Business providing biometric security that persists seamlessly from on-device to VDI-based experiences. -- **Modern firmware management** -Using Device Firmware Configuration Interface (DFCI),7 IT administrators can remotely disable hardware elements at a firmware level such as mics, USB ports, SD card slots, cameras, and Bluetooth which removes power to the peripheral. Windows Defender Credential Guard uses virtualization-based security so that only privileged system software can access them. -- **Backward and forward compatibility** - Windows 10 devices provide backward and forward compatibility across hardware, software and services. Microsoft has a strong history of maintaining legacy support of hardware, peripherals, software and services while incorporating the latest technologies. Businesses can plan IT investments to have a long useful life. -- **Bridge for legacy Windows 7 workloads** - For solution scenarios dependent on legacy Windows OS environments, enterprises can use VDI instances of Windows 7 running in Azure. This enables support on modern devices like Surface without the risk of relying on older Windows 7 machines that no longer receive the latest security updates. In addition to these “future proofing” benefits, migration of any legacy workloads becomes greatly simplified when modern Windows 10 hardware is already deployed. -- **Zero-Touch Deployment** - Autopilot is the recommended modern management deployment option for Surface devices. Windows Autopilot on Surface is a cloud-based deployment technology in Windows 10. You can use Windows Autopilot on Surface to remotely deploy and configure devices in a zero-touch process right out of the box. Windows Autopilot-registered devices are identified over the Internet at first startup through a unique device signature that's called a hardware hash. They're automatically enrolled and configured by using modern management solutions such as Azure Active Directory (Azure AD) and mobile device management. - -### Surface devices: Minimizing environmental impacts - -Surface performs life cycle assessments to calculate the environmental impact of devices across key stages of product life cycle enabling Microsoft to minimize these impacts. Each Surface product has an ECO profile that includes details on greenhouse gas emissions, primary energy consumption and material composition data, packaging, recycling, and related criteria. To download profiles for each Surface device, see [ECO Profiles](https://www.microsoft.com/download/details.aspx?id=55974) on the Microsoft Download Center. - -## Summary - -Windows Virtual Desktop on Surface provides organizations with greater flexibility and resilience in meeting the diverse needs of users, stakeholders, and customers. Running Windows Virtual Desktop solutions on Surface devices provides unique advantages over continued reliance on legacy devices. Flexible form factors like Surface Go 2 and Surface Pro 7 connected to the cloud (or offline), enable users to be productive from anywhere, at any time. Whether employees work in persistent, on-demand, or just-in-time scenarios, Windows Virtual Desktop on Surface affords businesses with the versatility to sustain productivity throughout disruptions from public health emergencies or other unforeseen events. Using the built in, multi-layered security and modern manageability of Windows 10, companies can take advantage of an expanding ecosystem of cloud-based services to rapidly deploy and scale Windows desktops and apps. Simply put, Windows Virtual Desktop on Surface delivers critically needed technology to organizations and businesses of all sizes. - -## Learn more - -For more information, see the following resources: - -- [Windows Virtual Desktop](https://azure.microsoft.com/services/virtual-desktop/) -- [Surface for Business](https://www.microsoft.com/surface/business) -- [Modernize your workforce with Microsoft Surface](https://boards.microsoft.com/public/prism/103849?token=754435c36d) -- [A guide to Surface Technical Content and Solutions](https://boards.microsoft.com/public/prism/104362/category/90968?token=09e688ec4a) -- [Microsoft zero-trust security](https://www.microsoft.com/security/business/zero-trust) - - ----------- - -1. Windows Virtual Desktop on Surface refers to running Azure Virtual Desktop Infrastructure on a Surface device and is described here as an architectural solution, not a separately available product.
-2. Battery life varies significantly with settings, usage and other factors.
-3. Service availability and performance subject to service provider’s network. Contact your service provider for details, compatibility, pricing, SIM card, and activation. See all specs and frequencies at surface.com.
-4. Forrester Consulting, “A Forrester Total Economic Impact™ Study: Maximizing Your ROI from Microsoft 365 Enterprise with Microsoft Surface,” commissioned by Microsoft, 2018.
-5. Surface Go and Surface Go 2 use a third-party UEFI and do not support DFCI. DFCI is currently available for Surface Book 3, Surface Laptop 3, Surface Pro 7, and Surface Pro X. Find out more about managing Surface UEFI settings.
-6. Removable SSD is available on Surface Laptop 3 and Surface Pro X. Note that hard drive is not user removable. Hard drive is only removable a by skilled technician following Microsoft instructions.
-7. DFCI is currently available for Surface Book 3, Surface Laptop 3, Surface Pro 7, and Surface Pro X. [Find out more](https://docs.microsoft.com/surface/manage-surface-uefi-settings) about managing Surface UEFI settings. - diff --git a/mdop/TOC.md b/mdop/TOC.md deleted file mode 100644 index 91a625282c..0000000000 --- a/mdop/TOC.md +++ /dev/null @@ -1,21 +0,0 @@ -# [Microsoft Desktop Optimization Pack](index.md) -## [Advanced Group Policy Management](agpm/index.md) -## Application Virtualization -### [Application Virtualization 5](appv-v5/index.md) -### [Application Virtualization 4](appv-v4/index.md) -### [SoftGrid Application Virtualization](softgrid-application-virtualization.md) -## Diagnostics and Recovery Toolset -### [Diagnostics and Recovery Toolset 10](dart-v10/index.md) -### [Diagnostics and Recovery Toolset 8](dart-v8/index.md) -### [Diagnostics and Recovery Toolset 7](dart-v7/index.md) -### [Diagnostics and Recovery Toolset 6.5](dart-v65.md) -## Microsoft Bitlocker Administration and Monitoring -### [Microsoft Bitlocker Administration and Monitoring 2.5](mbam-v25/index.md) -### [Microsoft Bitlocker Administration and Monitoring 2](mbam-v2/index.md) -### [Microsoft Bitlocker Administration and Monitoring 1](mbam-v1/index.md) -## Microsoft Enterprise Desktop Virtualization -### [Microsoft Enterprise Desktop Virtualization 2](medv-v2/index.md) -## User Experience Virtualization -### [User Experience Virtualization 2](uev-v2/index.md) -### [User Experience Virtualization 1](uev-v1/index.md) -## [MDOP Solutions and Scenarios](solutions/index.md) \ No newline at end of file diff --git a/mdop/agpm/TOC.md b/mdop/agpm/TOC.md deleted file mode 100644 index 319eeaf746..0000000000 --- a/mdop/agpm/TOC.md +++ /dev/null @@ -1,245 +0,0 @@ -# [Advanced Group Policy Management](index.md) -## [Technical Overview of AGPM](technical-overview-of-agpm.md) -## [Choosing Which Version of AGPM to Install](choosing-which-version-of-agpm-to-install.md) -## [AGPM 4.0 SP3](agpm-40-sp3-navengl.md) -### [What's New in AGPM 4.0 SP3](whats-new-in-agpm-40-sp3.md) -#### [Release Notes for Microsoft Advanced Group Policy Management 4.0 SP3](release-notes-for-microsoft-advanced-group-policy-management-40-sp3.md) -## [AGPM 4.0 SP2](agpm-40-sp2-navengl.md) -### [What's New in AGPM 4.0 SP2](whats-new-in-agpm-40-sp2.md) -#### [Release Notes for Microsoft Advanced Group Policy Management 4.0 SP2](release-notes-for-microsoft-advanced-group-policy-management-40-sp2.md) -## [AGPM 4.0 SP1](agpm-40-sp1-navengl.md) -### [What's New in AGPM 4.0 SP1](whats-new-in-agpm-40-sp1.md) -### [Release Notes for Microsoft Advanced Group Policy Management 4.0 SP1](release-notes-for-microsoft-advanced-group-policy-management-40-sp1.md) -## [AGPM 4](agpm-4-navengl.md) -### [Advanced Group Policy Management 4.0](advanced-group-policy-management-40.md) -### [What's New in AGPM 4.0](whats-new-in-agpm-40.md) -### [Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0](step-by-step-guide-for-microsoft-advanced-group-policy-management-40.md) -### [Operations Guide for Microsoft Advanced Group Policy Management 4.0](operations-guide-for-microsoft-advanced-group-policy-management-40.md) -#### [Overview of Advanced Group Policy Management](overview-of-advanced-group-policy-management-agpm40.md) -#### [Best Practices for Version Control](best-practices-for-version-control-agpm40.md) -#### [Checklist: Administer the AGPM Server and Archive](checklist-administer-the-agpm-server-and-archive-agpm40.md) -#### [Checklist: Create, Edit, and Deploy a GPO](checklist-create-edit-and-deploy-a-gpo-agpm40.md) -#### [Search and Filter the List of GPOs](search-and-filter-the-list-of-gpos.md) -#### [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm40.md) -##### [Configuring Advanced Group Policy Management](configuring-advanced-group-policy-management-agpm40.md) -###### [Configure AGPM Server Connections](configure-agpm-server-connections-agpm40.md) -###### [Configure E-Mail Notification](configure-e-mail-notification-agpm40.md) -###### [Configure E-Mail Security for AGPM](configure-e-mail-security-for-agpm-agpm40.md) -###### [Delegate Access to the Production Environment](delegate-access-to-the-production-environment-agpm40.md) -###### [Configure Logging and Tracing](configure-logging-and-tracing-agpm40.md) -##### [Managing the Archive](managing-the-archive-agpm40.md) -###### [Delegate Domain-Level Access to the Archive](delegate-domain-level-access-to-the-archive-agpm40.md) -###### [Delegate Access to an Individual GPO in the Archive](delegate-access-to-an-individual-gpo-in-the-archive-agpm40.md) -###### [Limit the GPO Versions Stored](limit-the-gpo-versions-stored-agpm40.md) -###### [Import a GPO from a File](import-a-gpo-from-a-file-agpmadmin.md) -###### [Back Up the Archive](back-up-the-archive-agpm40.md) -###### [Restore the Archive from a Backup](restore-the-archive-from-a-backup-agpm40.md) -##### [Managing the AGPM Service](managing-the-agpm-service-agpm40.md) -###### [Start and Stop the AGPM Service](start-and-stop-the-agpm-service-agpm40.md) -###### [Modify the AGPM Service](modify-the-agpm-service-agpm40.md) -##### [Move the AGPM Server and the Archive](move-the-agpm-server-and-the-archive-agpm40.md) -#### [Performing Editor Tasks](performing-editor-tasks-agpm40.md) -##### [Creating or Controlling a GPO](creating-or-controlling-a-gpo-agpm40-ed.md) -###### [Request Control of an Uncontrolled GPO](request-control-of-an-uncontrolled-gpo-agpm40.md) -###### [Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo-agpm40.md) -###### [Import a GPO from Production](import-a-gpo-from-production-agpm40-ed.md) -##### [Editing a GPO](editing-a-gpo-agpm40.md) -###### [Edit a GPO Offline](edit-a-gpo-offline-agpm40.md) -###### [Label the Current Version of a GPO](label-the-current-version-of-a-gpo-agpm40.md) -###### [Rename a GPO or Template](rename-a-gpo-or-template-agpm40.md) -##### [Using a Test Environment](using-a-test-environment.md) -###### [Export a GPO to a File](export-a-gpo-to-a-file.md) -###### [Import a GPO from a File](import-a-gpo-from-a-file-ed.md) -###### [Test a GPO in a Separate Organizational Unit](test-a-gpo-in-a-separate-organizational-unit-agpm40.md) -##### [Request Deployment of a GPO](request-deployment-of-a-gpo-agpm40.md) -##### [Creating a Template and Setting a Default Template](creating-a-template-and-setting-a-default-template-agpm40.md) -###### [Create a Template](create-a-template-agpm40.md) -###### [Set a Default Template](set-a-default-template-agpm40.md) -##### [Deleting or Restoring a GPO](deleting-or-restoring-a-gpo-agpm40.md) -###### [Request Deletion of a GPO](request-deletion-of-a-gpo-agpm40.md) -###### [Request Restoration of a Deleted GPO](request-restoration-of-a-deleted-gpo-agpm40.md) -#### [Performing Approver Tasks](performing-approver-tasks-agpm40.md) -##### [Approve or Reject a Pending Action](approve-or-reject-a-pending-action-agpm40.md) -##### [Creating or Controlling a GPO](creating-or-controlling-a-gpo-agpm40-app.md) -###### [Control an Uncontrolled GPO](control-an-uncontrolled-gpo-agpm40.md) -###### [Create a New Controlled GPO](create-a-new-controlled-gpo-agpm40.md) -###### [Delegate Management of a Controlled GPO](delegate-management-of-a-controlled-gpo-agpm40.md) -###### [Import a GPO from Production](import-a-gpo-from-production-agpm40-app.md) -##### [Check In a GPO](check-in-a-gpo-agpm40.md) -##### [Deploy a GPO](deploy-a-gpo-agpm40.md) -##### [Roll Back to an Earlier Version of a GPO](roll-back-to-an-earlier-version-of-a-gpo-agpm40.md) -##### [Deleting, Restoring, or Destroying a GPO](deleting-restoring-or-destroying-a-gpo-agpm40.md) -###### [Delete a Controlled GPO](delete-a-controlled-gpo-agpm40.md) -###### [Restore a Deleted GPO](restore-a-deleted-gpo-agpm40.md) -###### [Destroy a GPO](destroy-a-gpo-agpm40.md) -#### [Performing Reviewer Tasks](performing-reviewer-tasks-agpm40.md) -##### [Configure an AGPM Server Connection](configure-an-agpm-server-connection-agpm40.md) -##### [Review GPO Settings](review-gpo-settings-agpm40.md) -##### [Review GPO Links](review-gpo-links-agpm40.md) -##### [Identify Differences Between GPOs, GPO Versions, or Templates](identify-differences-between-gpos-gpo-versions-or-templates-agpm40.md) -#### [Troubleshooting AGPM](troubleshooting-agpm-agpm40.md) -#### [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management-agpm40.md) -##### [Contents Tab](contents-tab-agpm40.md) -###### [Contents Tab Features](contents-tab-features-agpm40.md) -###### [History Window](history-window-agpm40.md) -###### [Controlled GPO Commands](controlled-gpo-commands-agpm40.md) -###### [Uncontrolled GPO Commands](uncontrolled-gpo-commands-agpm40.md) -###### [Pending GPO Commands](pending-gpo-commands-agpm40.md) -###### [Template Commands](template-commands-agpm40.md) -###### [Recycle Bin Commands](recycle-bin-commands-agpm40.md) -##### [Domain Delegation Tab](domain-delegation-tab-agpm40.md) -##### [AGPM Server Tab](agpm-server-tab-agpm40.md) -##### [Production Delegation Tab](production-delegation-tab-agpm40.md) -##### [Administrative Templates Folder](administrative-templates-folder-agpm40.md) -###### [Logging and Tracing Settings](logging-and-tracing-settings-agpm40.md) -###### [AGPM Server Connection Settings](agpm-server-connection-settings-agpm40.md) -###### [Feature Visibility Settings](feature-visibility-settings-agpm40.md) -### [Release Notes for Microsoft Advanced Group Policy Management 4.0](release-notes-for-microsoft-advanced-group-policy-management-40.md) -## [AGPM 3](agpm-3-navengl.md) -### [What's New in AGPM 3.0](whats-new-in-agpm-30.md) -### [Step-by-Step Guide for Microsoft Advanced Group Policy Management 3.0](step-by-step-guide-for-microsoft-advanced-group-policy-management-30.md) -### [Operations Guide for Microsoft Advanced Group Policy Management 3.0](operations-guide-for-microsoft-advanced-group-policy-management-30-agpm30ops.md) -#### [Overview of Advanced Group Policy Management](overview-of-advanced-group-policy-management-agpm30ops.md) -#### [Best Practices for Version Control](best-practices-for-version-control.md) -#### [Checklist: Administer the AGPM Server and Archive](checklist-administer-the-agpm-server-and-archive.md) -#### [Checklist: Create, Edit, and Deploy a GPO](checklist-create-edit-and-deploy-a-gpo-agpm30ops.md) -#### [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm30ops.md) -##### [Configuring Advanced Group Policy Management](configuring-advanced-group-policy-management.md) -###### [Configure AGPM Server Connections](configure-agpm-server-connections-agpm30ops.md) -###### [Configure E-Mail Notification](configure-e-mail-notification-agpm30ops.md) -###### [Configure E-Mail Security for AGPM](configure-e-mail-security-for-agpm-agpm30ops.md) -###### [Delegate Access to the Production Environment](delegate-access-to-the-production-environment-agpm30ops.md) -###### [Configure Logging and Tracing](configure-logging-and-tracing-agpm30ops.md) -##### [Managing the Archive](managing-the-archive.md) -###### [Delegate Domain-Level Access to the Archive](delegate-domain-level-access-to-the-archive-agpm30ops.md) -###### [Delegate Access to an Individual GPO in the Archive](delegate-access-to-an-individual-gpo-in-the-archive-agpm30ops.md) -###### [Limit the GPO Versions Stored](limit-the-gpo-versions-stored-agpm30ops.md) -###### [Back Up the Archive](back-up-the-archive.md) -###### [Restore the Archive from a Backup](restore-the-archive-from-a-backup.md) -##### [Managing the AGPM Service](managing-the-agpm-service-agpm30ops.md) -###### [Start and Stop the AGPM Service](start-and-stop-the-agpm-service-agpm30ops.md) -###### [Modify the AGPM Service](modify-the-agpm-service-agpm30ops.md) -##### [Move the AGPM Server and the Archive](move-the-agpm-server-and-the-archive.md) -#### [Performing Editor Tasks](performing-editor-tasks-agpm30ops.md) -##### [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-agpm30ops.md) -###### [Request Control of an Uncontrolled GPO](request-control-of-an-uncontrolled-gpo-agpm30ops.md) -###### [Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo-agpm30ops.md) -###### [Import a GPO from Production](import-a-gpo-from-production-agpm30ops.md) -##### [Editing a GPO](editing-a-gpo-agpm30ops.md) -###### [Edit a GPO Offline](edit-a-gpo-offline-agpm30ops.md) -###### [Use a Test Environment](use-a-test-environment-agpm30ops.md) -###### [Request Deployment of a GPO](request-deployment-of-a-gpo-agpm30ops.md) -###### [Label the Current Version of a GPO](label-the-current-version-of-a-gpo-agpm30ops.md) -###### [Rename a GPO or Template](rename-a-gpo-or-template-agpm30ops.md) -##### [Creating a Template and Setting a Default Template](creating-a-template-and-setting-a-default-template-agpm30ops.md) -###### [Create a Template](create-a-template-agpm30ops.md) -###### [Set a Default Template](set-a-default-template-agpm30ops.md) -##### [Deleting or Restoring a GPO](deleting-or-restoring-a-gpo-agpm30ops.md) -###### [Request Deletion of a GPO](request-deletion-of-a-gpo-agpm30ops.md) -###### [Request Restoration of a Deleted GPO](request-restoration-of-a-deleted-gpo-agpm30ops.md) -#### [Performing Approver Tasks](performing-approver-tasks-agpm30ops.md) -##### [Approve or Reject a Pending Action](approve-or-reject-a-pending-action-agpm30ops.md) -##### [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-editor-agpm30ops.md) -###### [Control an Uncontrolled GPO](control-an-uncontrolled-gpo-agpm30ops.md) -###### [Create a New Controlled GPO](create-a-new-controlled-gpo-agpm30ops.md) -###### [Delegate Management of a Controlled GPO](delegate-management-of-a-controlled-gpo-agpm30ops.md) -###### [Import a GPO from Production](import-a-gpo-from-production-editor-agpm30ops.md) -##### [Check In a GPO](check-in-a-gpo-agpm30ops.md) -##### [Deploy a GPO](deploy-a-gpo-agpm30ops.md) -##### [Roll Back to a Previous Version of a GPO](roll-back-to-a-previous-version-of-a-gpo-agpm30ops.md) -##### [Deleting, Restoring, or Destroying a GPO](deleting-restoring-or-destroying-a-gpo-agpm30ops.md) -###### [Delete a Controlled GPO](delete-a-controlled-gpo-agpm30ops.md) -###### [Restore a Deleted GPO](restore-a-deleted-gpo-agpm30ops.md) -###### [Destroy a GPO](destroy-a-gpo-agpm30ops.md) -#### [Performing Reviewer Tasks](performing-reviewer-tasks-agpm30ops.md) -##### [Configure an AGPM Server Connection](configure-an-agpm-server-connection-reviewer-agpm30ops.md) -##### [Review GPO Settings](review-gpo-settings-agpm30ops.md) -##### [Review GPO Links](review-gpo-links-agpm30ops.md) -##### [Identify Differences Between GPOs, GPO Versions, or Templates](identify-differences-between-gpos-gpo-versions-or-templates-agpm30ops.md) -#### [Troubleshooting AGPM](troubleshooting-advanced-group-policy-management-agpm30ops.md) -#### [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management-agpm30ops.md) -##### [Contents Tab](contents-tab-agpm30ops.md) -###### [Contents Tab Features](contents-tab-features-agpm30ops.md) -###### [History Window](history-window-agpm30ops.md) -###### [Controlled GPO Commands](controlled-gpo-commands-agpm30ops.md) -###### [Uncontrolled GPO Commands](uncontrolled-gpo-commands-agpm30ops.md) -###### [Pending GPO Commands](pending-gpo-commands-agpm30ops.md) -###### [Template Commands](template-commands-agpm30ops.md) -###### [Recycle Bin Commands](recycle-bin-commands-agpm30ops.md) -##### [Domain Delegation Tab](domain-delegation-tab-agpm30ops.md) -##### [AGPM Server Tab](agpm-server-tab-agpm30ops.md) -##### [Production Delegation Tab](production-delegation-tab-agpm30ops.md) -##### [Administrative Templates Folder](administrative-templates-folder-agpm30ops.md) -###### [Logging and Tracing Settings](logging-and-tracing-settings-agpm30ops.md) -###### [AGPM Server Connection Settings](agpm-server-connection-settings-agpm30ops.md) -###### [Feature Visibility Settings](feature-visibility-settings-agpm30ops.md) -## [AGPM 2.5](agpm-25-navengl.md) -### [Step-by-Step Guide for Microsoft Advanced Group Policy Management 2.5](step-by-step-guide-for-microsoft-advanced-group-policy-management-25.md) -### [Operations Guide for Microsoft Advanced Group Policy Management 2.5](operations-guide-for-microsoft-advanced-group-policy-management-25.md) -#### [Overview of Advanced Group Policy Management](overview-of-advanced-group-policy-management.md) -#### [Checklist: Create, Edit, and Deploy a GPO](checklist-create-edit-and-deploy-a-gpo.md) -#### [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks.md) -##### [Configure the AGPM Server Connection](configure-the-agpm-server-connection.md) -##### [Configure E-Mail Notification](configure-e-mail-notification.md) -##### [Delegate Domain-Level Access](delegate-domain-level-access.md) -##### [Delegate Access to an Individual GPO](delegate-access-to-an-individual-gpo.md) -##### [Configure Logging and Tracing](configure-logging-and-tracing.md) -##### [Managing the AGPM Service](managing-the-agpm-service.md) -###### [Start and Stop the AGPM Service](start-and-stop-the-agpm-service.md) -###### [Modify the Archive Path](modify-the-archive-path.md) -###### [Modify the AGPM Service Account](modify-the-agpm-service-account.md) -###### [Modify the Port on Which the AGPM Service Listens](modify-the-port-on-which-the-agpm-service-listens.md) -#### [Performing Editor Tasks](performing-editor-tasks.md) -##### [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-editor.md) -###### [Request Control of a Previously Uncontrolled GPO](request-control-of-a-previously-uncontrolled-gpo.md) -###### [Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo.md) -###### [Import a GPO from Production](import-a-gpo-from-production-editor.md) -##### [Editing a GPO](editing-a-gpo.md) -###### [Edit a GPO Offline](edit-a-gpo-offline.md) -###### [Use a Test Environment](use-a-test-environment.md) -###### [Request Deployment of a GPO](request-deployment-of-a-gpo.md) -###### [Label the Current Version of a GPO](label-the-current-version-of-a-gpo.md) -###### [Rename a GPO or Template](rename-a-gpo-or-template.md) -##### [Creating a Template and Setting a Default Template](creating-a-template-and-setting-a-default-template.md) -###### [Create a Template](create-a-template.md) -###### [Set a Default Template](set-a-default-template.md) -##### [Delete a GPO](delete-a-gpo-editor.md) -#### [Performing Approver Tasks](performing-approver-tasks.md) -##### [Approve or Reject a Pending Action](approve-or-reject-a-pending-action.md) -##### [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-approver.md) -###### [Control a Previously Uncontrolled GPO](control-a-previously-uncontrolled-gpo.md) -###### [Create a New Controlled GPO](create-a-new-controlled-gpo.md) -###### [Delegate Access to a GPO](delegate-access-to-a-gpo.md) -###### [Import a GPO from Production](import-a-gpo-from-production-approver.md) -##### [Check In a GPO](check-in-a-gpo-approver.md) -##### [Deploy a GPO](deploy-a-gpo.md) -##### [Roll Back to a Previous Version of a GPO](roll-back-to-a-previous-version-of-a-gpo.md) -##### [Deleting, Restoring, or Destroying a GPO](deleting-restoring-or-destroying-a-gpo.md) -###### [Delete a GPO](delete-a-gpo-approver.md) -###### [Restore a Deleted GPO](restore-a-deleted-gpo.md) -###### [Destroy a GPO](destroy-a-gpo.md) -#### [Performing Reviewer Tasks](performing-reviewer-tasks.md) -##### [Configure the AGPM Server Connection](configure-the-agpm-server-connection-reviewer.md) -##### [Review GPO Settings](review-gpo-settings.md) -##### [Review GPO Links](review-gpo-links.md) -##### [Identify Differences Between GPOs, GPO Versions, or Templates](identify-differences-between-gpos-gpo-versions-or-templates.md) -#### [Troubleshooting Advanced Group Policy Management](troubleshooting-advanced-group-policy-management.md) -#### [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management.md) -##### [Contents Tab](contents-tab.md) -###### [Controlled Tab](controlled-tab.md) -###### [Uncontrolled Tab](uncontrolled-tab.md) -###### [Pending Tab](pending-tab.md) -###### [Templates Tab](templates-tab.md) -###### [Recycle Bin Tab](recycle-bin-tab.md) -###### [Common Secondary Tab Features](common-secondary-tab-features.md) -###### [History Window](history-window.md) -##### [Domain Delegation Tab](domain-delegation-tab.md) -##### [AGPM Server Tab](agpm-server-tab.md) -##### [Administrative Template Settings](administrative-template-settings.md) -###### [Logging and Tracing Settings](logging-and-tracing-settings.md) -###### [AGPM Server Connection Settings](agpm-server-connection-settings.md) -###### [Feature Visibility Settings](feature-visibility-settings.md) -##### [Other Enhancements to the GPMC](other-enhancements-to-the-gpmc.md) -## [Troubleshooting AGPM Upgrades](troubleshooting-agpm40-upgrades.md) -## [Resources for AGPM](resources-for-agpm.md) - diff --git a/mdop/agpm/administrative-template-settings.md b/mdop/agpm/administrative-template-settings.md deleted file mode 100644 index 7d675b587e..0000000000 --- a/mdop/agpm/administrative-template-settings.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: Administrative Template Settings -description: Administrative Template Settings -author: dansimp -ms.assetid: 1abbf0c1-fd32-46a8-a3ba-c005f066523d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Administrative Template Settings - - -The Administrative template settings for Advanced Group Policy Management (AGPM) enable you to centrally configure logging and tracing options for AGPM clients and servers to which a Group Policy object (GPO) with these settings is applied. Similarly, these settings enable you to centrally configure archive locations and the visibility of the **Change Control** node and **History** tab for Group Policy administrators to whom a GPO with these settings is applied. - -- [Logging and Tracing Settings](logging-and-tracing-settings.md) - -- [AGPM Server Connection Settings](agpm-server-connection-settings.md) - -- [Feature Visibility Settings](feature-visibility-settings.md) - -### Additional references - -- [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management.md) - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks.md) - -  - -  - - - - - diff --git a/mdop/agpm/administrative-templates-folder-agpm30ops.md b/mdop/agpm/administrative-templates-folder-agpm30ops.md deleted file mode 100644 index 357c524122..0000000000 --- a/mdop/agpm/administrative-templates-folder-agpm30ops.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: Administrative Templates Folder -description: Administrative Templates Folder -author: dansimp -ms.assetid: 0cc5b570-b6d3-4841-9646-02521c13519c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Administrative Templates Folder - - -The Administrative template settings for Advanced Group Policy Management (AGPM) enable you to centrally configure logging and tracing options for AGPM Clients and AGPM Servers to which a Group Policy Object (GPO) with these settings is applied. Similarly, these settings enable you to centrally configure archive locations and the visibility of the **Change Control** folder and **History** tab for Group Policy administrators to whom a GPO with these settings is applied. - -- [Logging and Tracing Settings](logging-and-tracing-settings-agpm30ops.md) - -- [AGPM Server Connection Settings](agpm-server-connection-settings-agpm30ops.md) - -- [Feature Visibility Settings](feature-visibility-settings-agpm30ops.md) - -### Additional references - -- [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management-agpm30ops.md) - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/administrative-templates-folder-agpm40.md b/mdop/agpm/administrative-templates-folder-agpm40.md deleted file mode 100644 index daec342d3b..0000000000 --- a/mdop/agpm/administrative-templates-folder-agpm40.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: Administrative Templates Folder -description: Administrative Templates Folder -author: dansimp -ms.assetid: abc41968-4505-4b09-94f2-67ee0e6c9aaf -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Administrative Templates Folder - - -The Administrative template settings for Advanced Group Policy Management (AGPM) enable you to centrally configure logging and tracing options for AGPM Clients and AGPM Servers to which a Group Policy Object (GPO) with these settings is applied. Similarly, these settings enable you to centrally configure archive locations and the visibility of the **Change Control** folder and **History** tab for Group Policy administrators to whom a GPO with these settings is applied. - -- [Logging and Tracing Settings](logging-and-tracing-settings-agpm40.md) - -- [AGPM Server Connection Settings](agpm-server-connection-settings-agpm40.md) - -- [Feature Visibility Settings](feature-visibility-settings-agpm40.md) - -### Additional references - -- [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management-agpm40.md) - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/advanced-group-policy-management-40.md b/mdop/agpm/advanced-group-policy-management-40.md deleted file mode 100644 index 5fccc1a30d..0000000000 --- a/mdop/agpm/advanced-group-policy-management-40.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: Advanced Group Policy Management 4.0 -description: Advanced Group Policy Management 4.0 -author: dansimp -ms.assetid: 9873a1f7-97fc-4546-9538-b4c0308529c0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Advanced Group Policy Management 4.0 - - -You can use Microsoft Advanced Group Policy Management (AGPM) to extend the capabilities of the Group Policy Management Console (GPMC). AGPM provides comprehensive change control and improved management of Group Policy Objects (GPOs). - -Using AGPM, you can do these tasks: - -- Perform offline editing of GPOs so that you can create and test them before you deploy them to a production environment. - -- Maintain multiple versions of a GPO in a central archive so that you can roll back if a problem occurs. - -- Share the responsibility for editing, approving, and reviewing GPOs among multiple people by using role-based delegation. - -- Eliminate the danger of multiple Group Policy administrators overwriting one another's work by using the check-in and check-out capability for GPOs. - -- Analyze changes to a GPO, comparing it to another GPO or another version of the same GPO by using difference reporting. - -- Simplify creating new GPOs by using GPO templates, storing common policy settings and preference settings to use as starting points for new GPOs. - -- Delegate access to the production environment. - -- Search for GPOs with specific attributes and filter the list of GPOs displayed. - -- Export a GPO to a file so that you can copy it from a domain in a test forest to a domain in a production forest. - -AGPM adds a **Change Control** folder under each domain displayed in the GPMC, in addition to a **History** tab for each GPO and Group Policy link displayed in the GPMC. - -- [Overview of Advanced Group Policy Management](overview-of-advanced-group-policy-management-agpm40.md) - -- [Best Practices for Version Control](best-practices-for-version-control-agpm40.md) - -- [Checklist: Administer the AGPM Server and Archive](checklist-administer-the-agpm-server-and-archive-agpm40.md) - -- [Checklist: Create, Edit, and Deploy a GPO](checklist-create-edit-and-deploy-a-gpo-agpm40.md) - -- [Search and Filter the List of GPOs](search-and-filter-the-list-of-gpos.md) - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm40.md) - -- [Performing Editor Tasks](performing-editor-tasks-agpm40.md) - -- [Performing Approver Tasks](performing-approver-tasks-agpm40.md) - -- [Performing Reviewer Tasks](performing-reviewer-tasks-agpm40.md) - -- [Troubleshooting AGPM](troubleshooting-agpm-agpm40.md) - -- [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/agpm-25-navengl.md b/mdop/agpm/agpm-25-navengl.md deleted file mode 100644 index 3eab801c30..0000000000 --- a/mdop/agpm/agpm-25-navengl.md +++ /dev/null @@ -1,31 +0,0 @@ ---- -title: AGPM 2.5 -description: AGPM 2.5 -author: dansimp -ms.assetid: 6db42f2e-88b2-4305-ab6b-d3cd0c5d686c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# AGPM 2.5 - - -- [Step-by-Step Guide for Microsoft Advanced Group Policy Management 2.5](step-by-step-guide-for-microsoft-advanced-group-policy-management-25.md) - -- [Operations Guide for Microsoft Advanced Group Policy Management 2.5](operations-guide-for-microsoft-advanced-group-policy-management-25.md) - -  - -  - - - - - diff --git a/mdop/agpm/agpm-3-navengl.md b/mdop/agpm/agpm-3-navengl.md deleted file mode 100644 index b22f23bf00..0000000000 --- a/mdop/agpm/agpm-3-navengl.md +++ /dev/null @@ -1,33 +0,0 @@ ---- -title: AGPM 3 -description: AGPM 3 -author: dansimp -ms.assetid: b0d0051d-2900-4a0f-8307-552ad26b0e3b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# AGPM 3 - - -- [What's New in AGPM 3.0](whats-new-in-agpm-30.md) - -- [Step-by-Step Guide for Microsoft Advanced Group Policy Management 3.0](step-by-step-guide-for-microsoft-advanced-group-policy-management-30.md) - -- [Operations Guide for Microsoft Advanced Group Policy Management 3.0](operations-guide-for-microsoft-advanced-group-policy-management-30-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/agpm-4-navengl.md b/mdop/agpm/agpm-4-navengl.md deleted file mode 100644 index d9b63043f8..0000000000 --- a/mdop/agpm/agpm-4-navengl.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -title: AGPM 4 -description: AGPM 4 -author: dansimp -ms.assetid: 81693f30-1b8e-4e63-b1ac-e6de1bc30cc0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# AGPM 4 - - -- [What's New in AGPM 4.0](whats-new-in-agpm-40.md) - -- [Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0](step-by-step-guide-for-microsoft-advanced-group-policy-management-40.md) - -- [Operations Guide for Microsoft Advanced Group Policy Management 4.0](operations-guide-for-microsoft-advanced-group-policy-management-40.md) - -- [Release Notes for Microsoft Advanced Group Policy Management 4.0](release-notes-for-microsoft-advanced-group-policy-management-40.md) - -> [!NOTE] -> Advanced Group Policy Management (AGPM) 4.0 will be end of life on January 12, 2021. Please upgrade to a supported version, such as AGPM 4.0 with Service Pack 3 prior to this date. - -  - - - - - diff --git a/mdop/agpm/agpm-40-sp1-navengl.md b/mdop/agpm/agpm-40-sp1-navengl.md deleted file mode 100644 index 94076ee683..0000000000 --- a/mdop/agpm/agpm-40-sp1-navengl.md +++ /dev/null @@ -1,31 +0,0 @@ ---- -title: AGPM 4.0 SP1 -description: AGPM 4.0 SP1 -author: dansimp -ms.assetid: 4e55d9e6-635c-4ba6-acbb-ed1d1b580a5b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# AGPM 4.0 SP1 - - -- [What's New in AGPM 4.0 SP1](whats-new-in-agpm-40-sp1.md) - -- [Release Notes for Microsoft Advanced Group Policy Management 4.0 SP1](release-notes-for-microsoft-advanced-group-policy-management-40-sp1.md) - -  - -  - - - - - diff --git a/mdop/agpm/agpm-40-sp2-navengl.md b/mdop/agpm/agpm-40-sp2-navengl.md deleted file mode 100644 index cc07406cc0..0000000000 --- a/mdop/agpm/agpm-40-sp2-navengl.md +++ /dev/null @@ -1,31 +0,0 @@ ---- -title: AGPM 4.0 SP2 -description: AGPM 4.0 SP2 -author: dansimp -ms.assetid: 915c9791-ac07-43db-bd53-957b641c700f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# AGPM 4.0 SP2 - - -- [What's New in AGPM 4.0 SP2](whats-new-in-agpm-40-sp2.md) - -- [Release Notes for Microsoft Advanced Group Policy Management 4.0 SP2](release-notes-for-microsoft-advanced-group-policy-management-40-sp2.md) - -  - -  - - - - - diff --git a/mdop/agpm/agpm-40-sp3-navengl.md b/mdop/agpm/agpm-40-sp3-navengl.md deleted file mode 100644 index daf9dd9544..0000000000 --- a/mdop/agpm/agpm-40-sp3-navengl.md +++ /dev/null @@ -1,31 +0,0 @@ ---- -title: AGPM 4.0 SP3 -description: AGPM 4.0 SP3 -author: dansimp -ms.assetid: cd80eea9-601f-4e45-b89e-c3904addee37 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# AGPM 4.0 SP3 - - -- [What's New in AGPM 4.0 SP3](whats-new-in-agpm-40-sp3.md) - -- [Release Notes for Microsoft Advanced Group Policy Management 4.0 SP3](release-notes-for-microsoft-advanced-group-policy-management-40-sp3.md) - -  - -  - - - - - diff --git a/mdop/agpm/agpm-server-connection-settings-agpm30ops.md b/mdop/agpm/agpm-server-connection-settings-agpm30ops.md deleted file mode 100644 index bc916bbcd2..0000000000 --- a/mdop/agpm/agpm-server-connection-settings-agpm30ops.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: AGPM Server Connection Settings -description: AGPM Server Connection Settings -author: dansimp -ms.assetid: 5f03e397-b868-4c49-9cbf-a5f5d0ddcc39 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# AGPM Server Connection Settings - - -You can use Administrative template settings for Advanced Group Policy Management (AGPM) to centrally configure AGPM Server connections for Group Policy administrators to whom a Group Policy Object (GPO) with these settings is applied. - -The following settings are available under User Configuration\\Policies\\Administrative Templates\\Windows Components\\AGPM when editing a GPO. - - ---- - - - - - - - - - - - - - - - - -
SettingEffect

AGPM: Specify default AGPM Server (all domains)

This policy setting allows you to specify a default AGPM Server for all domains. This is used only by AGPM Clients, and restricts Group Policy administrators from connecting to another archive. You can override this default for individual domains using the AGPM: Specify AGPM Servers setting.

AGPM: Specify AGPM Servers

This policy setting allows you to specify the AGPM Servers for individual domains. This is used only by AGPM Clients, and restricts Group Policy administrators from connecting to a different archive for the specified domain. To specify a default AGPM Server, use the AGPM: Specify default AGPM Server (all domains) setting and use this policy setting to override the default on a per domain basis.

- -  - -### Additional references - -- [Administrative Templates Folder](administrative-templates-folder-agpm30ops.md) - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/agpm-server-connection-settings-agpm40.md b/mdop/agpm/agpm-server-connection-settings-agpm40.md deleted file mode 100644 index c713631290..0000000000 --- a/mdop/agpm/agpm-server-connection-settings-agpm40.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: AGPM Server Connection Settings -description: AGPM Server Connection Settings -author: dansimp -ms.assetid: cc67f122-6309-4820-92c2-f6a27d897123 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# AGPM Server Connection Settings - - -You can use Administrative template settings for Advanced Group Policy Management (AGPM) to centrally configure AGPM Server connections for Group Policy administrators to whom a Group Policy Object (GPO) with these settings is applied. - -The following settings are available under User Configuration\\Policies\\Administrative Templates\\Windows Components\\AGPM when editing a GPO. - - ---- - - - - - - - - - - - - - - - - -
SettingEffect

AGPM: Specify default AGPM Server (all domains)

This policy setting allows you to specify a default AGPM Server for all domains. This is used only by AGPM Clients, and restricts Group Policy administrators from connecting to another archive. You can override this default for individual domains using the AGPM: Specify AGPM Servers setting.

AGPM: Specify AGPM Servers

This policy setting allows you to specify the AGPM Servers for individual domains. This is used only by AGPM Clients, and restricts Group Policy administrators from connecting to a different archive for the specified domain. To specify a default AGPM Server, use the AGPM: Specify default AGPM Server (all domains) setting and use this policy setting to override the default on a per domain basis.

- -  - -### Additional references - -- [Administrative Templates Folder](administrative-templates-folder-agpm40.md) - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/agpm-server-connection-settings.md b/mdop/agpm/agpm-server-connection-settings.md deleted file mode 100644 index a615120897..0000000000 --- a/mdop/agpm/agpm-server-connection-settings.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: AGPM Server Connection Settings -description: AGPM Server Connection Settings -author: dansimp -ms.assetid: faf78e5b-2b0d-4069-9b8c-910add892200 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# AGPM Server Connection Settings - - -You can use Administrative template settings for Advanced Group Policy Management (AGPM) to centrally configure AGPM Server connections for Group Policy administrators to whom a Group Policy object (GPO) with these settings is applied. - -The following settings are available under User Configuration\\Administrative Templates\\Windows Components\\AGPM when editing a GPO. If this path is not visible, right-click **Administrative Templates**, and add the agpm.admx or agpm.adm template. - - ---- - - - - - - - - - - - - - - - - -
SettingEffect

AGPM Server (all domains)

If enabled, this setting centrally configures one AGPM Server connection for use by all domains and disables the settings on the AGPM Server tab for Group Policy administrators. For multiple AGPM Servers, configure this setting with a default server and then configure the AGPM Server setting in the Administrative template to override this server for other domains.

-

If disabled or not configured, each Group Policy administrator must select the AGPM Server to display for each domain on the AGPM Server tab in AGPM.

AGPM Server

If enabled, this setting centrally configures multiple domain-specific AGPM Servers, overriding the AGPM Server (all domains) setting in the Administrative template. If your environment requires only a single AGPM Server, use only the AGPM Server (all domains) setting in the Administrative template.

-

If disabled or not configured, the AGPM Server (all domains) setting in the Administrative template configures the AGPM Server connection.

- -  - -### Additional references - -- [Administrative Template Settings](administrative-template-settings.md) - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks.md) - -  - -  - - - - - diff --git a/mdop/agpm/agpm-server-tab-agpm30ops.md b/mdop/agpm/agpm-server-tab-agpm30ops.md deleted file mode 100644 index 1732bd6a6e..0000000000 --- a/mdop/agpm/agpm-server-tab-agpm30ops.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: AGPM Server Tab -description: AGPM Server Tab -author: dansimp -ms.assetid: fb3b0265-53ed-4bf6-88a4-c409f5f1bed4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# AGPM Server Tab - - -The **AGPM Server** tab on the **Change Control** pane enables you to select an AGPM Server by entering a fully-qualified computer name and port, and to delete older versions of Group Policy Objects (GPOs) from the archive to conserve disk space on the AGPM Server. - -## Specifying the AGPM Server - - -The AGPM Server selected determines which archive is displayed for you on the **Contents** tab and to which location the **Domain Delegation** settings are applied. The default port for Advanced Group Policy Management (AGPM) is port 4600. - -If the AGPM Server connection is centrally configured using Administrative template settings, the options on this tab for configuring the connection are unavailable. For more information, see [Configure AGPM Server Connections](configure-agpm-server-connections-agpm30ops.md). - -## Deleting old GPO versions - - -By default, all versions of every controlled GPO are retained in the archive. However, you can configure the AGPM Service to limit the number of versions retained for each GPO and automatically delete the oldest version when that limit is exceeded. Only GPO versions displayed on the **Unique Versions** tab of the **History** window count toward the limit. - -**Note**   -The maximum number of unique versions to store for each GPO does not include the current version, so entering 0 retains only the current version. The limit must be no greater than 999 versions. - -When a GPO version is deleted, a record of that version remains in the history of the GPO, but the GPO version itself is deleted from the archive. You can prevent a GPO version from being deleted by marking it in the history as not deletable. - - - -### Additional references - -- [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management-agpm30ops.md) - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm30ops.md) - -- [Performing Reviewer Tasks](performing-reviewer-tasks-agpm30ops.md) - - - - - - - - - diff --git a/mdop/agpm/agpm-server-tab-agpm40.md b/mdop/agpm/agpm-server-tab-agpm40.md deleted file mode 100644 index b2974b2c84..0000000000 --- a/mdop/agpm/agpm-server-tab-agpm40.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: AGPM Server Tab -description: AGPM Server Tab -author: dansimp -ms.assetid: a6689437-233e-4f33-a0d6-f7d432c96c00 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# AGPM Server Tab - - -The **AGPM Server** tab on the **Change Control** pane enables you to select an AGPM Server by entering a fully-qualified computer name and port, and to delete older versions of Group Policy Objects (GPOs) from the archive to conserve disk space on the AGPM Server. - -## Specifying the AGPM Server - - -The AGPM Server selected determines which archive is displayed for you on the **Contents** tab and to which location the **Domain Delegation** settings are applied. The default port for Advanced Group Policy Management (AGPM) is port 4600. - -If the AGPM Server connection is centrally configured using Administrative template settings, the options on this tab for configuring the connection are unavailable. For more information, see [Configure AGPM Server Connections](configure-agpm-server-connections-agpm40.md). - -## Deleting old GPO versions - - -By default, all versions of every controlled GPO are retained in the archive. However, you can configure the AGPM Service to limit the number of versions retained for each GPO and automatically delete the oldest version when that limit is exceeded. Only GPO versions displayed on the **Unique Versions** tab of the **History** window count toward the limit. - -**Note**   -The maximum number of unique versions to store for each GPO does not include the current version, so entering 0 retains only the current version. The limit must be no greater than 999 versions. - -When a GPO version is deleted, a record of that version remains in the history of the GPO, but the GPO version itself is deleted from the archive. You can prevent a GPO version from being deleted by marking it in the history as not deletable. - - - -### Additional references - -- [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management-agpm40.md) - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm40.md) - -- [Performing Reviewer Tasks](performing-reviewer-tasks-agpm40.md) - - - - - - - - - diff --git a/mdop/agpm/agpm-server-tab.md b/mdop/agpm/agpm-server-tab.md deleted file mode 100644 index ad3006d8b0..0000000000 --- a/mdop/agpm/agpm-server-tab.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: AGPM Server Tab -description: AGPM Server Tab -author: dansimp -ms.assetid: ce4490b7-b564-49af-8962-858ee39e0016 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# AGPM Server Tab - - -The **AGPM Server** tab on the **Change Control** pane enables you to select an AGPM Server by entering a fully-qualified computer name and port. The default port for Advanced Group Policy Management (AGPM) is port 4600. - -The AGPM Server selected determines which archive is displayed for you on the **Contents** tab and to which location the **Domain Delegation** settings are applied. - -If the AGPM Server connection is centrally configured using Administrative template settings, the options on this tab are unavailable. For more information, see [Configure the AGPM Server Connection](configure-the-agpm-server-connection.md). - -### Additional references - -- [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management.md) - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks.md) - -- [Performing Reviewer Tasks](performing-reviewer-tasks.md) - -  - -  - - - - - diff --git a/mdop/agpm/approve-or-reject-a-pending-action-agpm30ops.md b/mdop/agpm/approve-or-reject-a-pending-action-agpm30ops.md deleted file mode 100644 index 3d7d96b30b..0000000000 --- a/mdop/agpm/approve-or-reject-a-pending-action-agpm30ops.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Approve or Reject a Pending Action -description: Approve or Reject a Pending Action -author: dansimp -ms.assetid: 6d78989a-b600-4876-9dd9-bc6207ff2ce7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Approve or Reject a Pending Action - - -The core responsibility of an Approver is to evaluate and then approve or reject requests for Group Policy Object (GPO) creation, deployment, and deletion from Editors or Reviewers who do not have permission to complete those actions. Reports can assist an Approver with evaluating a new version of a GPO. - -A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To approve or reject a pending request** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Pending** tab to display the pending GPOs. - -3. Right-click a pending GPO, and then click either **Approve** or **Reject**. - -4. If approving deployment, click **Advanced** in the **Approve Pending Operation** dialog box to review links to the GPO. Pause the mouse pointer on an item in the tree to display details. - - - By default, all links to the GPO will be restored. - - - To prevent a link from being restored, clear the check box for that link. - - - To prevent all links from being restored, clear the **Restore Links** check box in the **Deploy GPO** dialog box. - -5. Click **Yes** or **OK** to confirm approval or rejection of the pending action. If you have approved the request, the GPO is moved to the appropriate tab for the action performed. - - **Note**   - If an Approver's e-mail address is included in the **To e-mail address** field on the **Domain** **Delegation** tab, the Approver will receive e-mail from the AGPM alias when an Editor or Reviewer submits a request. - - - -### Additional considerations - -- By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have the permissions required to perform the request that you are approving. - -### Additional references - -- [Performing Approver Tasks](performing-approver-tasks-agpm30ops.md) - - - - - - - - - diff --git a/mdop/agpm/approve-or-reject-a-pending-action-agpm40.md b/mdop/agpm/approve-or-reject-a-pending-action-agpm40.md deleted file mode 100644 index c03d30ec60..0000000000 --- a/mdop/agpm/approve-or-reject-a-pending-action-agpm40.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Approve or Reject a Pending Action -description: Approve or Reject a Pending Action -author: dansimp -ms.assetid: 078ea8b5-9ac5-45fc-9ac1-a1aa629c10b4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Approve or Reject a Pending Action - - -The core responsibility of an Approver is to evaluate and then approve or reject requests for Group Policy Object (GPO) creation, deployment, and deletion from Editors or Reviewers who do not have permission to complete those actions. Reports can assist an Approver with evaluating a new version of a GPO. - -A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To approve or reject a pending request** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Pending** tab to display the pending GPOs. - -3. Right-click a pending GPO, and then click either **Approve** or **Reject**. - -4. If approving deployment, click **Advanced** in the **Approve Pending Operation** dialog box to review links to the GPO. Pause the mouse pointer on an item in the tree to display details. - - - By default, all links to the GPO will be restored. - - - To prevent a link from being restored, clear the check box for that link. - - - To prevent all links from being restored, clear the **Restore Links** check box in the **Deploy GPO** dialog box. - -5. Click **Yes** or **OK** to confirm approval or rejection of the pending action. If you have approved the request, the GPO is moved to the appropriate tab for the action performed. - - **Note**   - If an Approver's e-mail address is included in the **To e-mail address** field on the **Domain** **Delegation** tab, the Approver will receive e-mail from the AGPM alias when an Editor or Reviewer submits a request. - - - -### Additional considerations - -- By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have the permissions required to perform the request that you are approving. - -### Additional references - -- [Performing Approver Tasks](performing-approver-tasks-agpm40.md) - - - - - - - - - diff --git a/mdop/agpm/approve-or-reject-a-pending-action.md b/mdop/agpm/approve-or-reject-a-pending-action.md deleted file mode 100644 index 7d7dea9ee8..0000000000 --- a/mdop/agpm/approve-or-reject-a-pending-action.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Approve or Reject a Pending Action -description: Approve or Reject a Pending Action -author: dansimp -ms.assetid: 22921a51-50fb-4a47-bec1-4f563f523675 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Approve or Reject a Pending Action - - -The core responsibility of an Approver is to evaluate and then approve or reject requests for Group Policy object (GPO) creation, deployment, and deletion from Editors or Reviewers who do not have permission to complete those actions. The report capabilities of Advanced Group Policy Management (AGPM) can assist an Approver with evaluating a new version of a GPO. - -A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To approve or reject a pending request** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Pending** tab to display the pending GPOs. - -3. Right-click a pending GPO, and then click either **Approve** or **Reject**. - -4. If approving deployment, click **Advanced** in the **Approve Pending Operation** dialog box to review links to the GPO. Pause the mouse pointer on a node in the tree to display details. - - - By default, all links to the GPO will be restored. - - - To prevent a link from being restored, clear the check box for that link. - - - To prevent all links from being restored, clear the **Restore Links** check box in the **Deploy GPO** dialog box. - -5. Click **Yes** or **OK** to confirm approval or rejection of the pending action. If you have approved the request, the GPO is moved to the appropriate tab for the action performed. - - **Note**   - If an Approver's e-mail address is included in the **To** field on the **Domain** **Delegation** tab, the Approver will receive e-mail from the AGPM alias when an Editor or Reviewer submits a request. - - - -### Additional considerations - -- By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have the permissions required to perform the request that you are approving. - -### Additional references - -- [Performing Approver Tasks](performing-approver-tasks.md) - - - - - - - - - diff --git a/mdop/agpm/back-up-the-archive-agpm40.md b/mdop/agpm/back-up-the-archive-agpm40.md deleted file mode 100644 index af468e9671..0000000000 --- a/mdop/agpm/back-up-the-archive-agpm40.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: Back Up the Archive -description: Back Up the Archive -author: dansimp -ms.assetid: 538d85eb-3596-4c1d-bbd7-26bc28857c28 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Back Up the Archive - - -To help in the recovery of the archive for Advanced Group Policy Management (AGPM) if there is a disaster, an AGPM Administrator (Full Control) should back up the archive frequently. By default, the archive is created in %ProgramData%\\Microsoft\\AGPM. However, you can specify a different path during the setup of Microsoft Advanced Group Policy Management - Server. - -A user account that has access to both the AGPM Server—the computer on which the AGPM Service is installed—and to the folder that contains the archive is required to complete this procedure. - -**To back up the archive** - -1. Stop the AGPM Service. For more information, see [Start and Stop the AGPM Service](start-and-stop-the-agpm-service-agpm40.md). - -2. Back up the archive folder by using Windows Explorer, Xcopy, Windows Server® Backup, or another backup tool. Make sure that you back up hidden, system, and read-only files. - -3. Store the archive backup in a secure location. - -4. Restart the AGPM Service. For more information, see [Start and Stop the AGPM Service](start-and-stop-the-agpm-service-agpm40.md). - -**Note**   -If an AGPM Administrator backs up the archive infrequently, the Group Policy Objects (GPOs) in the archive backup will not be current. To better ensure that the archive backup is current, back up the archive as part of your organization’s daily backup strategy. - - - -### Additional references - -- [Restore the Archive from a Backup](restore-the-archive-from-a-backup-agpm40.md) - -- [Move the AGPM Server and the Archive](move-the-agpm-server-and-the-archive-agpm40.md) - -- [Managing the Archive](managing-the-archive-agpm40.md) - - - - - - - - - diff --git a/mdop/agpm/back-up-the-archive.md b/mdop/agpm/back-up-the-archive.md deleted file mode 100644 index 71c30b98c3..0000000000 --- a/mdop/agpm/back-up-the-archive.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: Back Up the Archive -description: Back Up the Archive -author: dansimp -ms.assetid: 400176da-3518-4475-ad19-c96cda6ca7ba -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Back Up the Archive - - -To help in the recovery of the archive for Advanced Group Policy Management (AGPM) if there is a disaster, an AGPM Administrator (Full Control) should back up the archive frequently. By default, the archive is created in %ProgramData%\\Microsoft\\AGPM. However, you can specify a different path during the setup of Microsoft Advanced Group Policy Management - Server. - -A user account that has access to both the AGPM Server—the computer on which the AGPM Service is installed—and to the folder that contains the archive is required to complete this procedure. - -**To back up the archive** - -1. Stop the AGPM Service. For more information, see [Start and Stop the AGPM Service](start-and-stop-the-agpm-service-agpm30ops.md). - -2. Back up the archive folder by using Windows Explorer, Xcopy, Windows Server® Backup, or another backup tool. Make sure that you back up hidden, system, and read-only files. - -3. Store the archive backup in a secure location. - -4. Restart the AGPM Service. For more information, see [Start and Stop the AGPM Service](start-and-stop-the-agpm-service-agpm30ops.md). - -**Note**   -If an AGPM Administrator backs up the archive infrequently, the Group Policy Objects (GPOs) in the archive backup will not be current. To better ensure that the archive backup is current, back up the archive as part of your organization’s daily backup strategy. - - - -### Additional references - -- [Restore the Archive from a Backup](restore-the-archive-from-a-backup.md) - -- [Move the AGPM Server and the Archive](move-the-agpm-server-and-the-archive.md) - -- [Managing the Archive](managing-the-archive.md) - - - - - - - - - diff --git a/mdop/agpm/best-practices-for-version-control-agpm40.md b/mdop/agpm/best-practices-for-version-control-agpm40.md deleted file mode 100644 index 59b5394a61..0000000000 --- a/mdop/agpm/best-practices-for-version-control-agpm40.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Best Practices for Version Control -description: Best Practices for Version Control -author: dansimp -ms.assetid: 4a2a1ac7-67f3-4ba3-ab07-860d33da0efe -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Best Practices for Version Control - - -Microsoft Advanced Group Policy Management (AGPM) provides version control for Group Policy Objects (GPOs) much like Microsoft Visual SourceSafe® provides version control for source code. Developers can use Visual SourceSafe to manage multiple versions of each source file. Group Policy administrators can use AGPM to do the same for GPOs. When you use AGPM, Group Policy administrators should be aware of best practices that apply to any version control system: - -- **Date and time:** AGPM stamps each version of a GPO with the date and time. To ensure that history is accurate, especially when you edit GPOs on more than one computer, make sure that each computer synchronizes its clock with one authoritative time source. - -- **Check in GPOs when you are finished editing them:** It is common for Editors to check out GPOs and forget to check them back into the archive. However, this can prevent other Group Policy administrators from changing the GPO. Always check GPOs back in to AGPM immediately when you are finished editing. - -- **Save changes frequently:** When you edit a GPO, save changes frequently. Most Editors check out a GPO, make many changes, and then check the GPO into the archive. Instead, check the GPO into the archive regularly, and then check it out again. The detail can be as small as checking in the GPO after you change every setting (not recommended) or checking in the GPO after you make groups of related changes. The result is a better-documented history for each GPO that can help when troubleshooting issues. - -- **Deploy GPOs frequently:** Do not let new and edited GPOs that have not yet been deployed accumulate in large numbers in the archive. Instead, deploy new and edited GPOs as soon as possible so that they have a minimum effect on the production environment. Deploying many new and edited GPOs at one time can jeopardize the production environment. - -- **Document the purpose of changes when you check in GPOs:** Any Reviewer can compare versions of a GPO to see specific changes between the two. Documenting those specific changes adds no value. Instead, document the intent and purpose of a change instead of documenting what Reviewers can see by viewing difference reports. Version comments should add value to the comparison report and help a Reviewer understand why the Editor changed the GPO. - -- **Test GPOs in a test environment:** Deploying GPOs to the production environment without testing them is risky. Instead, test your GPOs in a domain in a test forest, and then export the GPOs to files and import them to a domain in a production forest. Also, you can link GPOs to an organizational unit that contains test computers and users. Verify that each GPO functions correctly in the test environment and then deploy the GPOs to the production environment. - -### Additional references - -- [Advanced Group Policy Management 4.0](advanced-group-policy-management-40.md) - -  - -  - - - - - diff --git a/mdop/agpm/best-practices-for-version-control.md b/mdop/agpm/best-practices-for-version-control.md deleted file mode 100644 index e9e4d02c9b..0000000000 --- a/mdop/agpm/best-practices-for-version-control.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Best Practices for Version Control -description: Best Practices for Version Control -author: dansimp -ms.assetid: 89067f6a-f7ea-4dad-999d-118284cf6c5a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Best Practices for Version Control - - -Microsoft Advanced Group Policy Management (AGPM) provides version control for Group Policy Objects (GPOs) much like Microsoft Visual SourceSafe® provides version control for source code. Developers can use Visual SourceSafe to manage multiple versions of each source file. Group Policy administrators can use AGPM to do the same for GPOs. When you use AGPM, Group Policy administrators should be aware of best practices that apply to any version control system: - -- **Date and time:** AGPM stamps each version of a GPO with the date and time. To ensure that history is accurate, especially when you edit GPOs on more than one computer, make sure that each computer synchronizes its clock with one authoritative time source. - -- **Check in GPOs when you are finished editing them:** It is common for Editors to check out GPOs and forget to check them back into the archive. However, this can prevent other Group Policy administrators from changing the GPO. Always check GPOs back in to AGPM immediately when you are finished editing. - -- **Save changes frequently:** When you edit a GPO, save changes frequently. Most Editors check out a GPO, make many changes, and then check the GPO into the archive. Instead, check the GPO into the archive regularly, and then check it out again. The detail can be as small as checking in the GPO after you change every setting (not recommended) or checking in the GPO after you make groups of related changes. The result is a better-documented history for each GPO that can help when troubleshooting issues. - -- **Deploy GPOs frequently:** Do not let new and edited GPOs that have not yet been deployed accumulate in large numbers in the archive. Instead, deploy new and edited GPOs as soon as possible so that they have a minimum effect on the production environment. Deploying many new and edited GPOs at one time can jeopardize the production environment. - -- **Document the purpose of changes when you check in GPOs:** Any Reviewer can compare versions of a GPO to see specific changes between the two. Documenting those specific changes adds no value. Instead, document the intent and purpose of a change instead of documenting what Reviewers can see by viewing difference reports. Version comments should add value to the comparison report and help a Reviewer understand why the Editor changed the GPO. - -- **Test GPOs in a lab before you deploy:** Deploying GPOs to the production environment without first testing them is risky. Instead, test GPOs in a lab environment by linking them to an organizational unit that contains test computers and users, and then verifying that they function correctly. After verifying each GPO in the lab, deploy the GPO to the production environment. - -### Additional references - -- [Operations Guide for Microsoft Advanced Group Policy Management 3.0](operations-guide-for-microsoft-advanced-group-policy-management-30-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/check-in-a-gpo-agpm30ops.md b/mdop/agpm/check-in-a-gpo-agpm30ops.md deleted file mode 100644 index f23e725ea1..0000000000 --- a/mdop/agpm/check-in-a-gpo-agpm30ops.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: Check In a GPO -description: Check In a GPO -author: dansimp -ms.assetid: 437397db-c94b-4940-b1a4-05442619ebee -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Check In a GPO - - -Ordinarily, Editors should check in Group Policy Objects (GPOs) that they have edited when their modifications are complete. (For details, see [Edit a GPO Offline](edit-a-gpo-offline-agpm30ops.md).) However, if the Editor is unavailable, an Approver can also check in a GPO. - -A user account with the Editor, Approver, or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To check in a GPO that has been checked out by an Editor** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - - - To discard any changes made by the Editor, right-click the GPO, click **Undo Check Out**, and then click **Yes** to confirm. - - - To retain changes made by the Editor, right-click the GPO and then click **Check In**. - -3. Type a comment to be displayed in the audit trail of the GPO, and then click **OK**. - -4. When the **Progress** window indicates that overall progress is complete, click **Close**. On the **Controlled** tab, the state of the GPO is identified as **Checked In**. - -### Additional considerations - -- By default, you must be an Editor, an Approver, or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and either **Edit Settings** or **Deploy GPO** permissions for the GPO. If you are not an Approver or AGPM Administrator (or other Group Policy administrator with **Deploy GPO** permission), you must be the Editor who has checked out the GPO. - -### Additional references - -- [Performing Approver Tasks](performing-approver-tasks-agpm30ops.md) - -- [Edit a GPO Offline](edit-a-gpo-offline-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/check-in-a-gpo-agpm40.md b/mdop/agpm/check-in-a-gpo-agpm40.md deleted file mode 100644 index fb203386c7..0000000000 --- a/mdop/agpm/check-in-a-gpo-agpm40.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: Check In a GPO -description: Check In a GPO -author: dansimp -ms.assetid: b838c8a2-eb9e-4e5b-8740-d7701a4294ac -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Check In a GPO - - -Ordinarily, Editors should check in Group Policy Objects (GPOs) that they have edited when their modifications are complete. (For details, see [Edit a GPO Offline](edit-a-gpo-offline-agpm40.md).) However, if the Editor is unavailable, an Approver can also check in a GPO. - -A user account with the Editor, Approver, or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To check in a GPO that has been checked out by an Editor** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - - - To discard any changes made by the Editor, right-click the GPO, click **Undo Check Out**, and then click **Yes** to confirm. - - - To retain changes made by the Editor, right-click the GPO and then click **Check In**. - -3. Type a comment to be displayed in the audit trail of the GPO, and then click **OK**. - -4. When the **Progress** window indicates that overall progress is complete, click **Close**. On the **Controlled** tab, the state of the GPO is identified as **Checked In**. - -### Additional considerations - -- By default, you must be an Editor, an Approver, or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and either **Edit Settings** or **Deploy GPO** permissions for the GPO. If you are not an Approver or AGPM Administrator (or other Group Policy administrator with **Deploy GPO** permission), you must be the Editor who has checked out the GPO. - -### Additional references - -- [Performing Approver Tasks](performing-approver-tasks-agpm40.md) - -- [Edit a GPO Offline](edit-a-gpo-offline-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/check-in-a-gpo-approver.md b/mdop/agpm/check-in-a-gpo-approver.md deleted file mode 100644 index 7547a20849..0000000000 --- a/mdop/agpm/check-in-a-gpo-approver.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: Check In a GPO -description: Check In a GPO -author: dansimp -ms.assetid: e428cfff-651f-4903-bf01-d742714d2fa9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Check In a GPO - - -Ordinarily, Editors should check in Group Policy objects (GPOs) that they have edited when their modifications are complete. (For details, see [Edit a GPO Offline](edit-a-gpo-offline.md).) However, if the Editor is unavailable, an Approver can also check in a GPO. - -A user account with the Editor, Approver, or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To check in a GPO that has been checked out by an Editor** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click the **Controlled** tab to display the controlled GPOs. - - - To discard any changes made by the Editor, right-click the GPO, click **Undo Check Out**, and then click **Yes** to confirm. - - - To retain changes made by the Editor, right-click the GPO and then click **Check In**. - -3. Type a comment to be displayed in the audit trail of the GPO, and then click **OK**. - -4. When the **Progress** window indicates that overall progress is complete, click **Close**. On the **Controlled** tab, the state of the GPO is identified as **Checked In**. - -### Additional considerations - -- By default, you must be an Editor, an Approver, or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and either **Edit Settings** or **Deploy GPO** permissions for the GPO. If you are not an Approver or AGPM Administrator (or other Group Policy administrator with **Deploy GPO** permission), you must be the Editor who has checked out the GPO. - -### Additional references - -- [Performing Approver Tasks](performing-approver-tasks.md) - -- [Edit a GPO Offline](edit-a-gpo-offline.md) - -  - -  - - - - - diff --git a/mdop/agpm/checklist-administer-the-agpm-server-and-archive-agpm40.md b/mdop/agpm/checklist-administer-the-agpm-server-and-archive-agpm40.md deleted file mode 100644 index f04859c49f..0000000000 --- a/mdop/agpm/checklist-administer-the-agpm-server-and-archive-agpm40.md +++ /dev/null @@ -1,93 +0,0 @@ ---- -title: Checklist Administer the AGPM Server and Archive -description: Checklist Administer the AGPM Server and Archive -author: dansimp -ms.assetid: d9c60203-90c2-48a7-9318-197e0ec5038b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Checklist: Administer the AGPM Server and Archive - - -In Advanced Group Policy Management (AGPM), both the AGPM Service and the archive are managed by AGPM Administrators (Full Control). The following are typical tasks for an AGPM Administrator. - - ---- - - - - - - - - - - - - - - - - -
Frequent TaskReference

Delegate access to Group Policy Objects (GPOs) in the archive.

Delegate Domain-Level Access to the Archive

-

Delegate Access to an Individual GPO in the Archive

Back up the archive to enable disaster recovery.

Back Up the Archive

- - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
Infrequent TaskReference

Restore the archive from a backup to recover from a disaster.

Restore the Archive from a Backup

Move the AGPM Service, the archive, or both to a different server.

Move the AGPM Server and the Archive

Change the archive path, the AGPM Service Account, or the port on which the AGPM Service listens.

Modify the AGPM Service

Troubleshoot common problems with the AGPM Server.

Troubleshooting AGPM

-

Configure Logging and Tracing

- - - -### Additional references - -- [Advanced Group Policy Management 4.0](advanced-group-policy-management-40.md) - - - - - - - - - diff --git a/mdop/agpm/checklist-administer-the-agpm-server-and-archive.md b/mdop/agpm/checklist-administer-the-agpm-server-and-archive.md deleted file mode 100644 index ff4a199b6e..0000000000 --- a/mdop/agpm/checklist-administer-the-agpm-server-and-archive.md +++ /dev/null @@ -1,93 +0,0 @@ ---- -title: Checklist Administer the AGPM Server and Archive -description: Checklist Administer the AGPM Server and Archive -author: dansimp -ms.assetid: 0b2eb536-c3cc-462f-a42f-27a53f57bc55 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Checklist: Administer the AGPM Server and Archive - - -In Advanced Group Policy Management (AGPM), both the AGPM Service and the archive are managed by AGPM Administrators (Full Control). The following are typical tasks for an AGPM Administrator. - - ---- - - - - - - - - - - - - - - - - -
Frequent TaskReference

Delegate access to Group Policy Objects (GPOs) in the archive.

Delegate Domain-Level Access to the Archive

-

Delegate Access to an Individual GPO in the Archive

Back up the archive to enable disaster recovery.

Back Up the Archive

- - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
Infrequent TaskReference

Restore the archive from a backup to recover from a disaster.

Restore the Archive from a Backup

Move the AGPM Service, the archive, or both to a different server.

Move the AGPM Server and the Archive

Change the archive path, the AGPM Service Account, or the port on which the AGPM Service listens.

Modify the AGPM Service

Troubleshoot common problems with the AGPM Server.

Troubleshooting Advanced Group Policy Management

-

Configure Logging and Tracing

- - - -### Additional references - -- [Operations Guide for Microsoft Advanced Group Policy Management 3.0](operations-guide-for-microsoft-advanced-group-policy-management-30-agpm30ops.md) - - - - - - - - - diff --git a/mdop/agpm/checklist-create-edit-and-deploy-a-gpo-agpm30ops.md b/mdop/agpm/checklist-create-edit-and-deploy-a-gpo-agpm30ops.md deleted file mode 100644 index 5c37765df2..0000000000 --- a/mdop/agpm/checklist-create-edit-and-deploy-a-gpo-agpm30ops.md +++ /dev/null @@ -1,75 +0,0 @@ ---- -title: Checklist Create, Edit, and Deploy a GPO -description: Checklist Create, Edit, and Deploy a GPO -author: dansimp -ms.assetid: a7a17706-304a-4455-9ada-52508ec620f1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Checklist: Create, Edit, and Deploy a GPO - - -In an environment where multiple people make changes to Group Policy Objects (GPOs) using Advanced Group Policy Management (AGPM), an AGPM Administrator (Full Control) delegates permission to Editors, Approvers, and Reviewers, either as groups or as individuals. The following is a typical GPO development process for an Editor and an Approver. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TaskReference

Editor requests the creation of a new GPO or an Approver creates a new GPO.

Request the Creation of a New Controlled GPO

-

Create a New Controlled GPO

Approver approves the creation of the GPO if it was requested by an Editor.

Approve or Reject a Pending Action

Editor checks out a copy of the GPO from the archive, so no one else can modify the GPO. Editor makes changes to the GPO, and then checks the modified GPO into the archive.

Edit a GPO Offline

Editor requests deployment of the GPO to the production environment.

Request Deployment of a GPO

Reviewers, such as Approvers or Editors, analyze the GPO.

Performing Reviewer Tasks

Approver approves and deploys the GPO to the production environment or rejects the GPO.

Approve or Reject a Pending Action

- - - -### Additional references - -[Operations Guide for Microsoft Advanced Group Policy Management 3.0](operations-guide-for-microsoft-advanced-group-policy-management-30-agpm30ops.md) - - - - - - - - - diff --git a/mdop/agpm/checklist-create-edit-and-deploy-a-gpo-agpm40.md b/mdop/agpm/checklist-create-edit-and-deploy-a-gpo-agpm40.md deleted file mode 100644 index 7df4177133..0000000000 --- a/mdop/agpm/checklist-create-edit-and-deploy-a-gpo-agpm40.md +++ /dev/null @@ -1,79 +0,0 @@ ---- -title: Checklist Create, Edit, and Deploy a GPO -description: Checklist Create, Edit, and Deploy a GPO -author: dansimp -ms.assetid: 44631bed-16d2-4b5a-af70-17a73fb5f6af -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Checklist: Create, Edit, and Deploy a GPO - - -In an environment where multiple people change Group Policy Objects (GPOs) by using Advanced Group Policy Management (AGPM), an AGPM Administrator (Full Control) delegates permission to Editors, Approvers, and Reviewers either as groups or as individuals. The following is a typical GPO development process for an Editor and an Approver. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TaskReference

Editor requests that a new GPO be created or an Approver creates a new GPO.

Request the Creation of a New Controlled GPO

-

Create a New Controlled GPO

Approver approves the creation of the GPO if it was requested by an Editor.

Approve or Reject a Pending Action

Editor checks out a copy of the GPO from the archive so that no one else can modify the GPO. Editor makes changes to the GPO, and then checks the modified GPO into the archive.

Edit a GPO Offline

If developing in a test forest, Editor exports the GPO to a file, transfers the file to the production forest, and imports the file. Additionally, an Editor can link the GPO to an organizational unit that contains test computers and users.

Using a Test Environment

Editor requests deployment of the GPO to the production environment of the domain.

Request Deployment of a GPO

Reviewers, such as Approvers or Editors, analyze the GPO.

Performing Reviewer Tasks

Approver approves and deploys the GPO to the production environment of the domain or rejects the GPO.

Approve or Reject a Pending Action

- - - -### Additional references - -[Advanced Group Policy Management 4.0](advanced-group-policy-management-40.md) - - - - - - - - - diff --git a/mdop/agpm/checklist-create-edit-and-deploy-a-gpo.md b/mdop/agpm/checklist-create-edit-and-deploy-a-gpo.md deleted file mode 100644 index a6b860cc5d..0000000000 --- a/mdop/agpm/checklist-create-edit-and-deploy-a-gpo.md +++ /dev/null @@ -1,71 +0,0 @@ ---- -title: Checklist Create, Edit, and Deploy a GPO -description: Checklist Create, Edit, and Deploy a GPO -author: dansimp -ms.assetid: 614e2d9a-c18b-4f62-99fd-e17a2ac8559d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Checklist: Create, Edit, and Deploy a GPO - - -In an environment where multiple people make changes to Group Policy objects (GPOs), an AGPM Administrator (Full Control) delegates permission to Editors, Approvers, and Reviewers, either as groups or as individuals. The following is a typical GPO development process for an Editor and an Approver. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TaskReference

Editor requests the creation of a new GPO or an Approver creates a new GPO.

Request the Creation of a New Controlled GPO

-

Create a New Controlled GPO

Approver approves the creation of the GPO if it was requested by an Editor.

Approve or Reject a Pending Action

Editor checks out a copy of the GPO from the archive, so no one else can modify the GPO. Editor makes changes to the GPO, and then checks the modified GPO into the archive.

Edit a GPO Offline

Editor requests deployment of the GPO to the production environment.

Request Deployment of a GPO

Reviewers, such as Approvers or Editors, analyze the GPO.

Performing Reviewer Tasks

Approver approves and deploys the GPO to the production environment or rejects the GPO.

Approve or Reject a Pending Action

- - - - - - - - - - - diff --git a/mdop/agpm/choosing-which-version-of-agpm-to-install.md b/mdop/agpm/choosing-which-version-of-agpm-to-install.md deleted file mode 100644 index 792101fd83..0000000000 --- a/mdop/agpm/choosing-which-version-of-agpm-to-install.md +++ /dev/null @@ -1,309 +0,0 @@ ---- -title: Choosing Which Version of AGPM to Install -description: Choosing Which Version of AGPM to Install -author: dansimp -ms.assetid: 31357d2a-bc23-4e15-93f4-0beda8ab7a7b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 04/05/2017 ---- - - -# Choosing Which Version of AGPM to Install - - -Each release of Microsoft Advanced Group Policy Management (AGPM) supports specific versions of the Windows operating system. We strongly recommend that you run the AGPM Client and AGPM Server on the same line of operating systems. For example, Windows 10 with Windows Server 2016, Windows 8.1 with Windows Server 2012 R2, and so on. - -We recommend that you install the AGPM Server on the most recent version of the operating system in the domain. AGPM uses the Group Policy Management Console (GPMC) to back up and restore Group Policy Objects (GPOs). Because newer versions of the GPMC provide additional policy settings that are not available in earlier versions, you can manage more policy settings by using the most recent version of the operating system. - -All versions of AGPM can manage only the policy settings that were introduced in the same version or an earlier version of the operating system on which AGPM is running. For example, if you install AGPM 4.0 SP2 on Windows Server 2012, you can manage policy settings that were introduced in Windows Server 2012 or earlier, but you cannot manage policy settings that were introduced later, in Windows 8.1 or Windows Server 2012 R2. - -If the version of the GPMC on your AGPM Server is older than the version on the computers that administrators use to manage Group Policy, the AGPM Server will be unable to store any policy settings that are not available in the older version of the GPMC. For a spreadsheet of Group Policy settings included in Windows, see [Group Policy Settings Reference for Windows and Windows Server](https://go.microsoft.com/fwlink/p/?LinkId=613627). - -## AGPM 4.0 SP3 - - -If you are using computers that are running Windows 10 to manage GPOs, you must use AGPM 4.0 SP3. You cannot install earlier versions of AGPM on computers that are running the Windows 10 operating system. - -Table 1 lists the operating systems on which you can install AGPM 4.0 SP3, and the policy settings that you can manage by using AGPM 4.0 SP3. - -**Table 1: AGPM  4.0 SP3 supported operating systems and policy settings** - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Supported configurations for the AGPM ServerSupported configurations for the AGPM ClientAGPM Support

Windows Server 2016 or Windows 10

Windows Server 2016 or Windows 10

Supported

Windows Server 2012 R2

Windows 10

Supported with the caveats outlined in KB 4015786 -

Windows Server 2012 R2 or Windows 8.1

Windows Server 2012 R2 or Windows 8.1

Supported

Windows Server 2012 R2, Windows Server 2012, or Windows 8.1

Windows Server 2012 or Windows 8.1

Supported, but cannot edit policy settings or preference items that exist only in Windows 8.1

Windows Server 2008 R2 or Windows 7

Windows Server 2008 R2 or Windows 7

Supported, but cannot edit policy settings or preference items that exist only in Windows 8.1

Windows Server 2012, Windows Server 2008 R2, or Windows 7

Windows Server 2008 or Windows Vista with Service Pack 1 (SP1)

Supported, but cannot edit policy settings or preference items that exist only in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows 8.1, or Windows 7

Windows Server 2008 or Windows Vista with SP1

Windows Server 2012, Windows Server 2008 R2, Windows 8, or Windows 7

Not supported

Windows Server 2008 or Windows Vista with SP1

Windows Server 2008 or Windows Vista with SP1

Supported, but cannot report or edit policy settings or preference items that exist only in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows 8.1, or Windows 7

- - - -## AGPM 4.0 SP2 - - -If you are using computers that are running Windows Server 2012 R2 or Windows 8.1 to manage GPOs, you must use AGPM 4.0 SP2. You cannot install earlier versions of AGPM on computers that are running those operating systems. - -Table 1 lists the operating systems on which you can install AGPM 4.0 SP2, and the policy settings that you can manage by using AGPM 4.0 SP2. - -**Table 2: AGPM 4.0 SP2 supported operating systems and policy settings** - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Supported configurations for the AGPM ServerSupported configurations for the AGPM ClientAGPM Support

Windows Server 2012 R2 or Windows 8.1

Windows Server 2012 R2 or Windows 8.1

Supported

Windows Server 2012 R2, Windows Server 2012, or Windows 8.1

Windows Server 2012 or Windows 8.1

Supported, but cannot edit policy settings or preference items that exist only in Windows 8.1

Windows Server 2008 R2 or Windows 7

Windows Server 2008 R2 or Windows 7

Supported, but cannot edit policy settings or preference items that exist only in Windows 8.1

Windows Server 2012, Windows Server 2008 R2, or Windows 7

Windows Server 2008 or Windows Vista with Service Pack 1 (SP1)

Supported, but cannot edit policy settings or preference items that exist only in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows 8.1, or Windows 7

Windows Server 2008 or Windows Vista with SP1

Windows Server 2012, Windows Server 2008 R2, or Windows 7

Not supported

Windows Server 2008 or Windows Vista with SP1

Windows Server 2008 or Windows Vista with SP1

Supported, but cannot report or edit policy settings or preference items that exist only in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows 8.1, or Windows 7

- - - -## AGPM 4.0 SP1 - - -Table 2 lists the operating systems on which you can install AGPM 4.0 SP1, and the policy settings that you can manage by using AGPM 4.0 SP1. - -**Table 3: AGPM 4.0 SP1 supported operating systems and policy settings** - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Supported configurations for the AGPM ServerSupported configurations for the AGPM ClientAGPM Support

Windows Server 2012

Windows Server 2012

Supported

Windows Server 2008 R2 or Windows 7

Windows Server 2008 R2 or Windows 7

Supported, but cannot edit policy settings or preference items that exist only in Windows 8.1

Windows Server 2012, Windows Server 2008 R2, or Windows 7

Windows Server 2008 or Windows Vista with SP1

Supported, but cannot edit policy settings or preference items that exist only in Windows Server 2008 R2, or Windows 7

Windows Server 2008 or Windows Vista with SP1

Windows Server 2012, Windows Server 2008 R2, or Windows 7

Supported

Windows Server 2008 or Windows Vista with SP1

Windows Server 2008 or Windows Vista with SP1

Supported, but cannot report or edit policy settings or preference items that exist only in Windows Server 2008 R2, or Windows 7

- - - -## AGPM 4.0 - - -Table 3 lists the operating systems on which you can install AGPM 4.0, and the policy settings that you can manage by using AGPM 4.0. - -**Table 4: AGPM 4.0 supported operating systems and policy settings** - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Supported operating systems for the AGPM ServerSupported operating systems for the AGPM ClientAGPM Support

Windows Server 2008 R2 or Windows 7

Windows Server 2008 R2 or Windows 7

Supported

Windows Server 2008 R2 or Windows 7

Windows Server 2008 or Windows Vista with SP1

Supported, but cannot edit policy settings or preference items that exist only in Windows Server 2008 R2 or Windows 7

Windows Server 2008 or Windows Vista with SP1

Windows Server 2008 R2 or Windows 7

Not supported

Windows Server 2008 or Windows Vista with SP1

Windows Server 2008 or Windows Vista with SP1

Supported, but cannot report or edit policy settings or preference items that exist only in Windows Server 2008 R2 or Windows 7

- - - -## Versions of AGPM that precede AGPM 4.0 - - -Table 4 lists the operating systems on which you can install the versions of AGPM that precede AGPM 4.0. If an operating system is not listed, you cannot install AGPM on that operating system. - -**Table 5: Supported operating systems for versions of AGPM that precede AGPM 4.0** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
Operating systemVersion of AGPM that can be installed

Windows Server 2008

3.0

Windows Vista with SP1

3.0

Windows Vista with no service pack installed (32-bit)

2.5

Windows Server 2003 (32-bit)

2.5

- - - -## How to Get MDOP Technologies - - -AGPM 4.0 SP2 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049). - -## Related topics - - -[Advanced Group Policy Management](index.md) - - - - - - - - - diff --git a/mdop/agpm/common-secondary-tab-features.md b/mdop/agpm/common-secondary-tab-features.md deleted file mode 100644 index b54804d0eb..0000000000 --- a/mdop/agpm/common-secondary-tab-features.md +++ /dev/null @@ -1,136 +0,0 @@ ---- -title: Common Secondary Tab Features -description: Common Secondary Tab Features -author: dansimp -ms.assetid: 44a15c28-944c-49c1-8534-115ce1c362ed -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Common Secondary Tab Features - - -Each secondary tab has two sections—**Group Policy objects** and **Groups and Users**. - -## Group Policy objects section - - -The **Group Policy objects** section displays a filtered list of Group Policy objects (GPOs) and identifies the following characteristics for each GPO: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
GPO CharacteristicDescription

Name

Name of the Group Policy object.

Computer (Comp.)

Automatically generated version of the Computer Configuration portion of the GPO.

User

Automatically generated version of the User Configuration portion of the GPO.

State

The state of the selected GPO:

-

Deployed GPO icon Uncontrolled: Not managed by AGPM.

-

Checked in GPO icon Checked In: Available for authorized Editors to check out for editing or for a Group Policy administrator to deploy.

-

Checked out GPO icon Checked Out: Currently being edited. Unavailable for other Editors to check out until the Editor who checked it out or an AGPM Administrator checks it in.

-

Pending GPO icon Pending: Awaiting approval from a Group Policy administrator before being created, controlled, deployed, or deleted.

-

Checked in GPO icon Deleted: Deleted from the archive, but still able to be restored.

-

Template icon Template: A static version of a GPO for use as a starting point when creating new GPOs.

-

Default template icon Template (default): By default, this template is the starting point used when creating a new GPO.

GPO Status

The Computer Configuration and the User Configuration can be managed separately. The GPO Status indicates which portions of the GPO are enabled.

WMI Filter

Display any WMI filters that are applied to this GPO. WMI filters are managed under the WMI Filters node for the domain in the console tree of the GPMC.

Modified

For a controlled GPO, the most recent date when it was checked in after being modified or checked out to be modified. For an uncontrolled GPO, the date when it was last modified.

Owner

The Editor who checked in or the Approver who deployed the selected GPO.

- -  - -## Groups and Users section - - -When a GPO is selected, the **Groups and Users** section displays a list of the groups and users with access to that GPO. The allowed permissions and inheritance are displayed for each group or user. An AGPM Administrator can configure permissions using either standard AGPM roles (Editor, Approver, and Reviewer) or a customized combination of permissions. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ButtonEffect

Add

Add a new entry to the security descriptor. Any user or group in Active Directory can be added.

Remove

Remove the selected entry from the Access Control List.

Properties

Display the properties for the selected object. The properties page is the same one displayed for an object in Active Directory Users and Computers.

Advanced

Open the Access Control List Editor.

- -  - -### Additional considerations - -- For information about roles and permissions related to specific tasks, see the tasks under [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks.md), [Performing Editor Tasks](performing-editor-tasks.md), [Performing Approver Tasks](performing-approver-tasks.md), and [Performing Reviewer Tasks](performing-reviewer-tasks.md). - -### Additional references - -- [Contents Tab](contents-tab.md) - -  - -  - - - - - diff --git a/mdop/agpm/configure-agpm-server-connections-agpm30ops.md b/mdop/agpm/configure-agpm-server-connections-agpm30ops.md deleted file mode 100644 index 01c078c958..0000000000 --- a/mdop/agpm/configure-agpm-server-connections-agpm30ops.md +++ /dev/null @@ -1,110 +0,0 @@ ---- -title: Configure AGPM Server Connections -description: Configure AGPM Server Connections -author: dansimp -ms.assetid: 6062b77b-2fd7-442c-ad1b-6f14419ebd5f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configure AGPM Server Connections - - -All versions of each controlled Group Policy Object (GPO) are stored in a central archive so that Group Policy administrators can view and modify GPOs offline without immediately impacting the deployed version of each GPO. - -A user account with the AGPM Administrator (Full Control) role, the user account of the Approver who created the GPO used in these procedures, or a user account with the necessary permissions in Advanced Group Policy Management (AGPM) is required to complete these procedures for centrally configuring archive locations for all Group Policy administrators. Review the details in "Additional considerations" in this topic. - -## Configuring AGPM Server connections - - -As an AGPM Administrator, you can ensure that all Group Policy administrators connect to the same AGPM Server by centrally configuring the associated setting. If your environment requires separate AGPM Servers for some or all domains, configure those additional AGPM Servers as exceptions to the default. If you do not centrally configure AGPM Server connections, each Group Policy administrator must manually configure the AGPM Server to be displayed for each domain. - -- [Configure an AGPM Server connection for all Group Policy administrators](#bkmk-defaultarchiveloc) - -- [Configure additional AGPM Server connections for all Group Policy administrators](#bkmk-additionalarchiveloc) - -- [Manually configure an AGPM Server connection for your account](#bkmk-manuallyconfigurearchiveloc) - -### - -**To configure an AGPM Server connection for all Group Policy administrators** - -1. In the **Group Policy Management Console** tree, edit a GPO that is applied to all Group Policy administrators. (For more information, see [Editing a GPO](editing-a-gpo-agpm30ops.md).) - -2. In the **Group Policy Management Editor** window, click **User Configuration**, **Policies**, **Administrative Templates**, **Windows Components**, and **AGPM**. - -3. In the details pane, double-click **AGPM: Specify default AGPM Server (all domains)**. - -4. In the **Properties** window, select the **Enabled** check box, and type the fully-qualified computer name and port (for example, server.contoso.com:4600). - -5. Click **OK**. Unless you want to configure additional AGPM Server connections, close the **Group Policy Management Editor** window and deploy the GPO. (For more information, see [Deploy a GPO](deploy-a-gpo-agpm30ops.md).) When Group Policy is updated, the AGPM Server connection is configured for all Group Policy administrators. - -### - -**To configure additional AGPM Server connections for all Group Policy administrators** - -1. If no AGPM Server connection has been configured, follow the preceding procedure to configure a default AGPM Server for all domains. - -2. To configure separate AGPM Servers for some or all domains (overriding the default AGPM Server), in the **Group Policy Management Console** tree, edit a GPO that is applied to all Group Policy administrators. (For more information, see [Editing a GPO](editing-a-gpo-agpm30ops.md).) - -3. In the **Group Policy Management Editor** window, click **User Configuration**, **Policies**, **Administrative Templates**, **Windows Components**, and then **AGPM**. - -4. In the details pane, double-click **AGPM: Specify AGPM Servers**. - -5. In the **Properties** window, select the **Enabled** check box, and click **Show**. - -6. In the **Show Contents** window: - - 1. Click **Add**. - - 2. For **Value Name**, type the domain name (for example, server1.contoso.com). - - 3. For **Value**, type the AGPM Server name and port to use for this domain (for example, server2.contoso.com:4600), and then click **OK**. (By default, the AGPM Service listens on port 4600. To use a different port, see [Modify the AGPM Service](modify-the-agpm-service-agpm30ops.md).) - - 4. Repeat for each domain not using the default AGPM Server. - -7. Click **OK** to close the **Show Contents** and **Properties** windows. - -8. Close the **Group Policy Management Editor** window. (For more information, see [Deploy a GPO](deploy-a-gpo-agpm30ops.md).) When Group Policy is updated, the new AGPM Server connections are configured for all Group Policy administrators. - -### - -If you have centrally configured the AGPM Server connection, the option to manually configure it is unavailable for all Group Policy administrators. - -**To manually configure which AGPM Server to display for your account** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. In the details pane, click the **AGPM Server** tab. - -3. Enter the fully-qualified computer name for the AGPM Server that manages the archive used for this domain (for example, server.contoso.com) and the port on which the AGPM Service listens (by default, port 4600). - -4. Click **Apply**, then click **Yes** to confirm. - -### Additional considerations - -- You must be able to edit and deploy a GPO to perform the procedures for centrally configuring AGPM Server connections for all Group Policy administrators. See [Editing a GPO](editing-a-gpo-agpm30ops.md) and [Deploy a GPO](deploy-a-gpo-agpm30ops.md) for additional detail. - -- The selected AGPM Server determines which GPOs are displayed on the **Contents** tab and to what location the **Domain Delegation** tab settings are applied. If not centrally managed through the Administrative template, each Group Policy administrator must configure this setting to point to the AGPM Server for the domain. - -- Membership in the Group Policy Creator Owners group should be restricted, so it is not used to circumvent AGPM management of access to GPOs. (In the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you want to manage GPOs, click **Delegation**, and then configure the settings to meet the needs of your organization.) - -### Additional references - -- [Configuring Advanced Group Policy Management](configuring-advanced-group-policy-management.md) - -  - -  - - - - - diff --git a/mdop/agpm/configure-agpm-server-connections-agpm40.md b/mdop/agpm/configure-agpm-server-connections-agpm40.md deleted file mode 100644 index c41c27ec1a..0000000000 --- a/mdop/agpm/configure-agpm-server-connections-agpm40.md +++ /dev/null @@ -1,110 +0,0 @@ ---- -title: Configure AGPM Server Connections -description: Configure AGPM Server Connections -author: dansimp -ms.assetid: bbbb15e8-35e7-403c-b695-7a6ebeb87839 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configure AGPM Server Connections - - -All versions of each controlled Group Policy Object (GPO) are stored in a central archive so that Group Policy administrators can view and modify GPOs offline without immediately impacting the deployed version of each GPO. - -A user account with the AGPM Administrator (Full Control) role, the user account of the Approver who created the GPO used in these procedures, or a user account with the necessary permissions in Advanced Group Policy Management (AGPM) is required to complete these procedures for centrally configuring archive locations for all Group Policy administrators. Review the details in "Additional considerations" in this topic. - -## Configuring AGPM Server connections - - -As an AGPM Administrator, you can ensure that all Group Policy administrators connect to the same AGPM Server by centrally configuring the associated setting. If your environment requires separate AGPM Servers for some or all domains, configure those additional AGPM Servers as exceptions to the default. If you do not centrally configure AGPM Server connections, each Group Policy administrator must manually configure the AGPM Server to be displayed for each domain. - -- [Configure an AGPM Server connection for all Group Policy administrators](#bkmk-defaultarchiveloc) - -- [Configure additional AGPM Server connections for all Group Policy administrators](#bkmk-additionalarchiveloc) - -- [Manually configure an AGPM Server connection for your account](#bkmk-manuallyconfigurearchiveloc) - -### - -**To configure an AGPM Server connection for all Group Policy administrators** - -1. In the **Group Policy Management Console** tree, edit a GPO that is applied to all Group Policy administrators. (For more information, see [Editing a GPO](editing-a-gpo-agpm40.md).) - -2. In the **Group Policy Management Editor** window, click **User Configuration**, **Policies**, **Administrative Templates**, **Windows Components**, and **AGPM**. - -3. In the details pane, double-click **AGPM: Specify default AGPM Server (all domains)**. - -4. In the **Properties** window, select the **Enabled** check box, and type the fully-qualified computer name and port (for example, server.contoso.com:4600). - -5. Click **OK**. Unless you want to configure additional AGPM Server connections, close the **Group Policy Management Editor** window and deploy the GPO. (For more information, see [Deploy a GPO](deploy-a-gpo-agpm40.md).) When Group Policy is updated, the AGPM Server connection is configured for all Group Policy administrators. - -### - -**To configure additional AGPM Server connections for all Group Policy administrators** - -1. If no AGPM Server connection has been configured, follow the preceding procedure to configure a default AGPM Server for all domains. - -2. To configure separate AGPM Servers for some or all domains (overriding the default AGPM Server), in the **Group Policy Management Console** tree, edit a GPO that is applied to all Group Policy administrators. (For more information, see [Editing a GPO](editing-a-gpo-agpm40.md).) - -3. In the **Group Policy Management Editor** window, click **User Configuration**, **Policies**, **Administrative Templates**, **Windows Components**, and then **AGPM**. - -4. In the details pane, double-click **AGPM: Specify AGPM Servers**. - -5. In the **Properties** window, select the **Enabled** check box, and click **Show**. - -6. In the **Show Contents** window: - - 1. Click **Add**. - - 2. For **Value Name**, type the domain name (for example, server1.contoso.com). - - 3. For **Value**, type the AGPM Server name and port to use for this domain (for example, server2.contoso.com:4600), and then click **OK**. (By default, the AGPM Service listens on port 4600. To use a different port, see [Modify the AGPM Service](modify-the-agpm-service-agpm40.md).) - - 4. Repeat for each domain not using the default AGPM Server. - -7. Click **OK** to close the **Show Contents** and **Properties** windows. - -8. Close the **Group Policy Management Editor** window. (For more information, see [Deploy a GPO](deploy-a-gpo-agpm40.md).) When Group Policy is updated, the new AGPM Server connections are configured for all Group Policy administrators. - -### - -If you have centrally configured the AGPM Server connection, the option to manually configure it is unavailable for all Group Policy administrators. - -**To manually configure which AGPM Server to display for your account** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. In the details pane, click the **AGPM Server** tab. - -3. Enter the fully-qualified computer name for the AGPM Server that manages the archive used for this domain (for example, server.contoso.com) and the port on which the AGPM Service listens (by default, port 4600). - -4. Click **Apply**, then click **Yes** to confirm. - -### Additional considerations - -- You must be able to edit and deploy a GPO to perform the procedures for centrally configuring AGPM Server connections for all Group Policy administrators. See [Editing a GPO](editing-a-gpo-agpm40.md) and [Deploy a GPO](deploy-a-gpo-agpm40.md) for additional detail. - -- The selected AGPM Server determines which GPOs are displayed on the **Contents** tab and to what location the **Domain Delegation** tab settings are applied. If not centrally managed through the Administrative template, each Group Policy administrator must configure this setting to point to the AGPM Server for the domain. - -- Membership in the Group Policy Creator Owners group should be restricted, so it is not used to circumvent AGPM management of access to GPOs. (In the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you want to manage GPOs, click **Delegation**, and then configure the settings to meet the needs of your organization.) - -### Additional references - -- [Configuring Advanced Group Policy Management](configuring-advanced-group-policy-management-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/configure-an-agpm-server-connection-agpm40.md b/mdop/agpm/configure-an-agpm-server-connection-agpm40.md deleted file mode 100644 index 3fec7b9300..0000000000 --- a/mdop/agpm/configure-an-agpm-server-connection-agpm40.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: Configure an AGPM Server Connection -description: Configure an AGPM Server Connection -author: dansimp -ms.assetid: 409cbbcf-3b0e-459d-9bd2-75cb7b9430b0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configure an AGPM Server Connection - - -To ensure that you are connected to the correct central archive, review the configuration of the AGPM Server connection. If an AGPM Administrator (Full Control) has not configured an AGPM Server connection for you, then you must manually configure it. - -**To select an AGPM Server** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. In the details pane, click the **AGPM Server** tab: - - - If the options on the **AGPM Server** tab are unavailable, they have been centrally configured by an AGPM Administrator. - - - If the options on the **AGPM Server** tab are available, type the fully-qualified computer name for the AGPM Server (for example, server.contoso.com) and the port on which the AGPM Service listens (by default, port 4600). Click **Apply**, then click **Yes** to confirm. - -### Additional considerations - -- The AGPM Servers selected determine which GPOs are displayed on the **Contents** tab and to what location the **Domain Delegation** tab settings are applied. If not centrally managed through the Administrative template, each Group Policy administrator must configure this setting to point to the AGPM Server for the domain. - -### Additional references - -- [Performing Reviewer Tasks](performing-reviewer-tasks-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/configure-an-agpm-server-connection-reviewer-agpm30ops.md b/mdop/agpm/configure-an-agpm-server-connection-reviewer-agpm30ops.md deleted file mode 100644 index 196bbbed79..0000000000 --- a/mdop/agpm/configure-an-agpm-server-connection-reviewer-agpm30ops.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Configure an AGPM Server Connection -description: Configure an AGPM Server Connection -author: dansimp -ms.assetid: ae78dc74-111d-4509-b0a6-e8b8b451c22a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configure an AGPM Server Connection - - -To ensure that you are connected to the correct central archive, review the configuration of the AGPM Server connection. If an AGPM Administrator (Full Control) has not configured an AGPM Server connection for you, then you must manually configure it. - -**To select an AGPM Server** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. In the details pane, click the **AGPM Server** tab: - - - If the options on the **AGPM Server** tab are unavailable, they have been centrally configured by an AGPM Administrator. - - - If the options on the **AGPM Server** tab are available, type the fully-qualified computer name for the AGPM Server (for example, server.contoso.com) and the port on which the AGPM Service listens (by default, port 4600). Click **Apply**, then click **Yes** to confirm. - -### Additional considerations - -- The AGPM Servers selected determine which GPOs are displayed on the **Contents** tab and to what location the **Domain Delegation** tab settings are applied. If not centrally managed through the Administrative template, each Group Policy administrator must configure this setting to point to the AGPM Server for the domain. - -### Additional references - -- [Performing Editor Tasks](performing-editor-tasks-agpm30ops.md) - -- [Performing Approver Tasks](performing-approver-tasks-agpm30ops.md) - -- [Performing Reviewer Tasks](performing-reviewer-tasks-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/configure-e-mail-notification-agpm30ops.md b/mdop/agpm/configure-e-mail-notification-agpm30ops.md deleted file mode 100644 index 7a4f5887a8..0000000000 --- a/mdop/agpm/configure-e-mail-notification-agpm30ops.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: Configure E-Mail Notification -description: Configure E-Mail Notification -author: dansimp -ms.assetid: b32ce395-d1b9-4c5b-b765-97cdbf455f9e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configure E-Mail Notification - - -When an Editor or a Reviewer attempts to create, deploy, or delete a Group Policy Object (GPO), a request for this action is sent to a designated e-mail address or addresses so that an Approver can evaluate the request and implement or deny it. You determine the e-mail address or addresses to which notifications are sent, as well as the alias from which notifications are sent. - -A user account with the AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To configure e-mail notification for AGPM** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. In the details pane, click the **Domain Delegation** tab. - -3. In the **From e-mail address** field, type the e-mail alias for AGPM from which notifications should be sent. - -4. In the **To e-mail address** field, type a comma-delimited list of e-mail addresses of Approvers who should receive requests for approval. - -5. In the **SMTP server** field, type a valid SMTP mail server. - -6. In the **User name** and **Password** fields, type the credentials of a user with access to the SMTP service. - -7. Click **Apply**. - -### Additional considerations - -- By default, you must be an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Modify Options** permissions for the domain. - -- E-mail notification for AGPM is a domain-level setting. You can provide different Approver e-mail addresses or AGPM e-mail aliases on each domain's **Domain Delegation** tab, or use the same e-mail addresses throughout your environment. - -- By default, e-mail messages sent as a result of actions in Advanced Group Policy Management (AGPM) are not encrypted. However, you can configure e-mail security for AGPM using registry settings to specify whether to use Secure Sockets Layer (SSL) encryption and which SMTP port to use. For more information, see [Configure E-Mail Security for AGPM](configure-e-mail-security-for-agpm-agpm30ops.md) - -### Additional references - -- [Configuring Advanced Group Policy Management](configuring-advanced-group-policy-management.md) - -  - -  - - - - - diff --git a/mdop/agpm/configure-e-mail-notification-agpm40.md b/mdop/agpm/configure-e-mail-notification-agpm40.md deleted file mode 100644 index 19f24e340c..0000000000 --- a/mdop/agpm/configure-e-mail-notification-agpm40.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: Configure E-Mail Notification -description: Configure E-Mail Notification -author: dansimp -ms.assetid: 06f19556-f296-4a80-86a4-4f446c992204 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configure E-Mail Notification - - -When an Editor or a Reviewer attempts to create, deploy, or delete a Group Policy Object (GPO), a request for this action is sent to a designated e-mail address or addresses so that an Approver can evaluate the request and implement or deny it. You determine the e-mail address or addresses to which notifications are sent, as well as the alias from which notifications are sent. - -A user account with the AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To configure e-mail notification for AGPM** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. In the details pane, click the **Domain Delegation** tab. - -3. In the **From e-mail address** field, type the e-mail alias for AGPM from which notifications should be sent. - -4. In the **To e-mail address** field, type a comma-delimited list of e-mail addresses of Approvers who should receive requests for approval. - -5. In the **SMTP server** field, type a valid SMTP mail server. - -6. In the **User name** and **Password** fields, type the credentials of a user with access to the SMTP service. - -7. Click **Apply**. - -### Additional considerations - -- By default, you must be an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Modify Options** permissions for the domain. - -- E-mail notification for AGPM is a domain-level setting. You can provide different Approver e-mail addresses or AGPM e-mail aliases on each domain's **Domain Delegation** tab, or use the same e-mail addresses throughout your environment. - -- By default, e-mail messages sent as a result of actions in Advanced Group Policy Management (AGPM) are not encrypted. However, you can configure e-mail security for AGPM using registry settings to specify whether to use Secure Sockets Layer (SSL) encryption and which SMTP port to use. For more information, see [Configure E-Mail Security for AGPM](configure-e-mail-security-for-agpm-agpm40.md). - -### Additional references - -- [Configuring Advanced Group Policy Management](configuring-advanced-group-policy-management-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/configure-e-mail-notification.md b/mdop/agpm/configure-e-mail-notification.md deleted file mode 100644 index 7bda0b1a9c..0000000000 --- a/mdop/agpm/configure-e-mail-notification.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: Configure E-Mail Notification -description: Configure E-Mail Notification -author: dansimp -ms.assetid: 6e152de0-4376-4963-8d1a-3e7f5866d30f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configure E-Mail Notification - - -When an Editor or a Reviewer attempts to create, deploy, or delete a Group Policy object (GPO), a request for this action is sent to a designated e-mail address or addresses so that an Approver can evaluate the request and implement or deny it. You determine the e-mail address or addresses to which notifications are sent, as well as the alias from which notifications are sent. - -A user account with the AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To configure e-mail notification for AGPM** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. In the details pane, click the **Domain Delegation** tab. - -3. In the **From** field, type the e-mail alias for AGPM from which notifications should be sent. - -4. In the **To** field, type a comma-delimited list of e-mail addresses of Approvers who should receive requests for approval. - -5. In the **SMTP server** field, type a valid SMTP mail server. - -6. In the **User name** and **Password** fields, type the credentials of a user with access to the SMTP service. - -7. Click **Apply**. - -### Additional considerations - -- By default, you must be an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Modify Options** permissions for the domain. - -- E-mail notification for AGPM is a domain-level setting. You can provide different Approver e-mail addresses or AGPM e-mail aliases on each domain's **Domain Delegation** tab, or use the same e-mail addresses throughout your environment. - -### Additional references - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks.md) - -  - -  - - - - - diff --git a/mdop/agpm/configure-e-mail-security-for-agpm-agpm30ops.md b/mdop/agpm/configure-e-mail-security-for-agpm-agpm30ops.md deleted file mode 100644 index ed184df8d5..0000000000 --- a/mdop/agpm/configure-e-mail-security-for-agpm-agpm30ops.md +++ /dev/null @@ -1,92 +0,0 @@ ---- -title: Configure E-Mail Security for AGPM -description: Configure E-Mail Security for AGPM -author: dansimp -ms.assetid: 4850ed8e-a1c6-43f0-95c5-853aa66a94ae -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configure E-Mail Security for AGPM - - -By default, e-mail notifications sent because of actions in Advanced Group Policy Management (AGPM) are not encrypted and are sent through SMTP port 25. However, you can configure e-mail security for AGPM by using registry settings to specify whether to use Secure Sockets Layer (SSL) encryption and which SMTP port to use. - -By encrypting AGPM e-mail notifications, you can better protect those that could reveal sensitive information about your organization’s security. Encrypting e-mail notifications is recommended when they are being relayed through remote mail servers, and may be required by some compliance regulations. - -**Caution**   -Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer. - - - -A user account that has the AGPM Administrator (Full Control) role, the user account of the Approver who created the Group Policy Object (GPO) used in these procedures, or a user account that has the necessary permissions in AGPM is required to complete these procedures. Review the details in "Additional considerations" in this topic. - -**To configure e-mail security for AGPM by using Group Policy preferences** - -1. In the **Group Policy Management Console** tree, edit a GPO that is applied to all AGPM Servers for which you want to configure e-mail security. (For more information, see [Editing a GPO](editing-a-gpo-agpm30ops.md).) - -2. In the **Group Policy Management Editor** window, expand the **Computer Configuration**, **Preferences**, **Windows Settings**, and **Registry** folders. - -3. In the console tree, right-click **Registry**, point to **New**, click **Collection Item**, and type **AGPM e-mail security**. - -4. Create a Registry preference item to turn on encryption: - - 1. In the console tree, right-click **AGPM e-mail security**, point to **New**, and then click **Registry Item**. - - 2. In the **New Registry Properties** dialog box, select the **Update** action. - - 3. For **Hive**, select **HKEY\_LOCAL\_MACHINE**. - - 4. For **Key Path**, type **SOFTWARE\\Microsoft\\AGPM**. - - 5. For **Value name**, type **EncryptSmtp**. - - 6. For **Value type**, select **REG\_DWORD**. - - 7. For **Base**, select **Decimal**, and for **Value data**, type **1** to use SSL encryption, or **0** to let e-mail to be sent without encryption. By default, e-mail is sent without encryption. - - 8. Click **OK**. - -5. Create a Registry preference item to specify the SMTP port: - - 1. In the console tree, right-click **AGPM E-mail security**, point to **New**, and then click **Registry Item**. - - 2. In the **New Registry Properties** dialog box, select the **Update** action. - - 3. For **Hive**, select **HKEY\_LOCAL\_MACHINE**. - - 4. For **Key Path** dialog box, type **SOFTWARE\\Microsoft\\AGPM**. - - 5. For **Value name**, type **SmtpPort**. - - 6. For **Value type**, select **REG\_DWORD**. - - 7. For **Base**, select **Decimal**, and for **Value data**, type a port number for the SMTP port. By default, the SMTP port is port 25 if encryption is not enabled or port 587 if SSL encryption is enabled. - - 8. Click **OK**. - -6. Close the **Group Policy Management Editor** window, and then check in and deploy the GPO. For more information, see [Deploy a GPO](deploy-a-gpo-agpm30ops.md). - -### Additional considerations - -- You must be able to edit and deploy a GPO to configure registry settings by using Group Policy Preferences. See [Editing a GPO](editing-a-gpo-agpm30ops.md) and [Deploy a GPO](deploy-a-gpo-agpm30ops.md) for additional detail. - -### Additional references - -- [Configuring Advanced Group Policy Management](configuring-advanced-group-policy-management.md) - - - - - - - - - diff --git a/mdop/agpm/configure-e-mail-security-for-agpm-agpm40.md b/mdop/agpm/configure-e-mail-security-for-agpm-agpm40.md deleted file mode 100644 index 6b62a3bc2a..0000000000 --- a/mdop/agpm/configure-e-mail-security-for-agpm-agpm40.md +++ /dev/null @@ -1,88 +0,0 @@ ---- -title: Configure E-Mail Security for AGPM -description: Configure E-Mail Security for AGPM -author: dansimp -ms.assetid: b9c48894-0a10-4d03-8027-50ed3b02485a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configure E-Mail Security for AGPM - - -By default, e-mail notifications sent because of actions in Advanced Group Policy Management (AGPM) are not encrypted and are sent through SMTP port 25. However, you can configure e-mail security for AGPM by using registry settings to specify whether to use Secure Sockets Layer (SSL) encryption and which SMTP port to use. - -By encrypting AGPM e-mail notifications, you can better protect those that could reveal sensitive information about your organization’s security. Encrypting e-mail notifications is recommended when they are being relayed through remote mail servers, and may be required by some compliance regulations. - -**Caution**   -Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer. - - - -A user account that has the AGPM Administrator (Full Control) role, the user account of the Approver who created the Group Policy Object (GPO) used in these procedures, or a user account that has the necessary permissions in AGPM is required to complete these procedures. Review the details in "Additional considerations" in this topic. - -**To configure e-mail security for AGPM by using Group Policy preferences** - -1. In the **Group Policy Management Console** tree, edit a GPO that is applied to all AGPM Servers for which you want to configure e-mail security. (For more information, see [Editing a GPO](editing-a-gpo-agpm40.md).) - -2. In the **Group Policy Management Editor** window, expand the **Computer Configuration**, **Preferences**, **Windows Settings**, and **Registry** folders. - -3. In the console tree, right-click **Registry**, point to **New**, click **Collection Item**, and type **AGPM e-mail security**. - -4. Create a Registry preference item to turn on encryption: - - 1. In the console tree, right-click **AGPM e-mail security**, point to **New**, and then click **Registry Item**. - - 2. In the **New Registry Properties** dialog box, select the **Update** action. - - 3. For **Hive**, select **HKEY\_LOCAL\_MACHINE**. - - 4. For **Key Path**, type **SOFTWARE\\Microsoft\\AGPM**. - - 5. For **Value name**, type **EncryptSmtp**. - - 6. For **Value type**, select **REG\_DWORD**. - - 7. For **Base**, select **Decimal**, and for **Value data**, type **1** to use SSL encryption, or **0** to let e-mail to be sent without encryption. By default, e-mail is sent without encryption. Click **OK**. - -5. Create a Registry preference item to specify the SMTP port: - - 1. In the console tree, right-click **AGPM E-mail security**, point to **New**, and then click **Registry Item**. - - 2. In the **New Registry Properties** dialog box, select the **Update** action. - - 3. For **Hive**, select **HKEY\_LOCAL\_MACHINE**. - - 4. For **Key Path** dialog box, type **SOFTWARE\\Microsoft\\AGPM**. - - 5. For **Value name**, type **SmtpPort**. - - 6. For **Value type**, select **REG\_DWORD**. - - 7. For **Base**, select **Decimal**, and for **Value data**, type a port number for the SMTP port. By default, the SMTP port is port 25 if encryption is not enabled or port 587 if SSL encryption is enabled. Click **OK**. - -6. Close the **Group Policy Management Editor** window, and then check in and deploy the GPO. For more information, see [Deploy a GPO](deploy-a-gpo-agpm40.md). - -### Additional considerations - -- You must be able to edit and deploy a GPO to configure registry settings by using Group Policy Preferences. See [Editing a GPO](editing-a-gpo-agpm40.md) and [Deploy a GPO](deploy-a-gpo-agpm40.md) for additional detail. - -### Additional references - -- [Configuring Advanced Group Policy Management](configuring-advanced-group-policy-management-agpm40.md) - - - - - - - - - diff --git a/mdop/agpm/configure-logging-and-tracing-agpm30ops.md b/mdop/agpm/configure-logging-and-tracing-agpm30ops.md deleted file mode 100644 index dd666e4815..0000000000 --- a/mdop/agpm/configure-logging-and-tracing-agpm30ops.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: Configure Logging and Tracing -description: Configure Logging and Tracing -author: dansimp -ms.assetid: 4f89552f-e949-48b0-9325-23746034eaa4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configure Logging and Tracing - - -You can centrally configure optional logging and tracing using Administrative templates. This may be helpful when diagnosing any problems related to Advanced Group Policy Management (AGPM). - -A user account with the AGPM Administrator (Full Control) role, the user account of the Approver who created the Group Policy Object (GPO) used in these procedures, or a user account with the necessary permissions in AGPM is required to complete these procedures. Additionally, a user account with access to the AGPM Server is required to initiate logging on the AGPM Server. Review the details in "Additional considerations" in this topic. - -**To configure logging and tracing for AGPM** - -1. In the **Group Policy Management Console** tree, edit a GPO that is applied to all Group Policy administrators for which you want to turn on logging and tracing. (For more information, see [Editing a GPO](editing-a-gpo-agpm30ops.md).) - -2. In the **Group Policy Management Editor** window, click **Computer Configuration**, **Policies**, **Administrative Templates**, **Windows Components**, and **AGPM**. - -3. In the details pane, double-click **AGPM: Configure logging**. - -4. In the **Properties** window, click **Enabled**, and configure the level of detail to record in the logs. - -5. Click **OK**. - -6. Close the **Group Policy Management Editor** window. (For more information, see [Deploy a GPO](deploy-a-gpo-agpm30ops.md).) After Group Policy is updated, you must restart the AGPM Service to start, modify, or stop logging on the AGPM Server. Group Policy administrators must close and restart the GPMC to start, modify, or stop logging on their computers. - - **Trace file locations**: - - - Client: %LocalAppData%\\Microsoft\\AGPM\\agpm.log - - - Server: %ProgramData%\\Microsoft\\AGPM\\agpmserv.log - -### Additional considerations - -- You must be able to edit and deploy a GPO to configure AGPM logging and tracing. See [Editing a GPO](editing-a-gpo-agpm30ops.md) and [Deploy a GPO](deploy-a-gpo-agpm30ops.md) for additional detail. - -### Additional references - -- [Configuring Advanced Group Policy Management](configuring-advanced-group-policy-management.md) - -  - -  - - - - - diff --git a/mdop/agpm/configure-logging-and-tracing-agpm40.md b/mdop/agpm/configure-logging-and-tracing-agpm40.md deleted file mode 100644 index c1e150c7bd..0000000000 --- a/mdop/agpm/configure-logging-and-tracing-agpm40.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: Configure Logging and Tracing -description: Configure Logging and Tracing -author: dansimp -ms.assetid: 2418cb6a-7189-4080-8fe2-9c8d47dec62c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configure Logging and Tracing - - -You can centrally configure optional logging and tracing using Administrative templates. This may be helpful when diagnosing any problems related to Advanced Group Policy Management (AGPM). - -A user account with the AGPM Administrator (Full Control) role, the user account of the Approver who created the Group Policy Object (GPO) used in these procedures, or a user account with the necessary permissions in AGPM is required to complete these procedures. Additionally, a user account with access to the AGPM Server is required to initiate logging on the AGPM Server. Review the details in "Additional considerations" in this topic. - -**To configure logging and tracing for AGPM** - -1. In the **Group Policy Management Console** tree, edit a GPO that is applied to all Group Policy administrators for which you want to turn on logging and tracing. (For more information, see [Editing a GPO](editing-a-gpo-agpm40.md).) - -2. In the **Group Policy Management Editor** window, click **Computer Configuration**, **Policies**, **Administrative Templates**, **Windows Components**, and **AGPM**. - -3. In the details pane, double-click **AGPM: Configure logging**. - -4. In the **Properties** window, click **Enabled**, and configure the level of detail to record in the logs. - -5. Click **OK**. - -6. Close the **Group Policy Management Editor** window. (For more information, see [Deploy a GPO](deploy-a-gpo-agpm40.md).) After Group Policy is updated, you must restart the AGPM Service to start, modify, or stop logging on the AGPM Server. Group Policy administrators must close and restart the GPMC to start, modify, or stop logging on their computers. - - **Trace file locations**: - - - Client: %LocalAppData%\\Microsoft\\AGPM\\agpm.log - - - Server: %ProgramData%\\Microsoft\\AGPM\\agpmserv.log - -### Additional considerations - -- You must be able to edit and deploy a GPO to configure AGPM logging and tracing. See [Editing a GPO](editing-a-gpo-agpm40.md) and [Deploy a GPO](deploy-a-gpo-agpm40.md) for additional detail. - -### Additional references - -- [Configuring Advanced Group Policy Management](configuring-advanced-group-policy-management-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/configure-logging-and-tracing.md b/mdop/agpm/configure-logging-and-tracing.md deleted file mode 100644 index 8f9b6b9e07..0000000000 --- a/mdop/agpm/configure-logging-and-tracing.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: Configure Logging and Tracing -description: Configure Logging and Tracing -author: dansimp -ms.assetid: 419231f9-e9db-4f91-a7cf-a0a73db25256 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configure Logging and Tracing - - -You can centrally configure optional logging and tracing for Advanced Group Policy Management (AGPM) using Administrative templates. - -A user account with the AGPM Administrator (Full Control) role, the user account of the Approver who created the GPO used in these procedures, or a user account with the necessary permissions in Advanced Group Policy Management is required to complete these procedures. Additionally, a user account with access to the AGPM Server is required to initiate logging on the AGPM Server. Review the details in "Additional considerations" in this topic. - -**To configure logging and tracing for AGPM** - -1. In the **Group Policy Management Console** tree, edit a GPO that is applied to all Group Policy administrators for which you want to turn on logging and tracing. (For more information, see [Editing a GPO](editing-a-gpo.md).) - -2. In the **Group Policy Object Editor**, click **Computer Configuration**, **Administrative Templates**, and **Windows Components**. - -3. If **AGPM** is not listed under **Windows Components**: - - 1. Right-click **Administrative Templates** and click **Add/Remove Templates**. - - 2. Click **Add**, select **agpm.admx** or **agpm.adm**, click **Open**, and then click **Close**. - -4. Under **Windows Components**, double-click **AGPM**. - -5. In the details pane, double-click **AGPM Logging**. - -6. In the **AGPM Logging Properties** window, click **Enabled**, and configure the level of detail to record in the logs. - -7. Click **OK**. - -8. Close the **Group Policy Object Editor**. (For more information, see [Deploy a GPO](deploy-a-gpo.md).) After Group Policy is updated, you must restart the AGPM Service to begin logging on the AGPM Server. Group Policy administrators must close and restart the GPMC to begin logging on their computers. - - **Trace file locations**: - - - Client: %LocalAppData%\\Microsoft\\AGPM\\agpm.log - - - Server: %ProgramData%\\Microsoft\\AGPM\\agpmserv.log - -### Additional considerations - -- You must be able to edit and deploy a GPO to configure AGPM logging and tracing. See [Editing a GPO](editing-a-gpo.md) and [Deploy a GPO](deploy-a-gpo.md) for additional detail. - -### Additional references - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks.md) - -  - -  - - - - - diff --git a/mdop/agpm/configure-the-agpm-server-connection-reviewer.md b/mdop/agpm/configure-the-agpm-server-connection-reviewer.md deleted file mode 100644 index ba9b7f9381..0000000000 --- a/mdop/agpm/configure-the-agpm-server-connection-reviewer.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Configure the AGPM Server Connection -description: Configure the AGPM Server Connection -author: dansimp -ms.assetid: 74e8f348-a8ed-4d69-a8e0-9c974aaeca2d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configure the AGPM Server Connection - - -To ensure that you are connected to the correct central archive, review the configuration of the AGPM Server connection. If an AGPM Administrator (Full Control) has not configured the AGPM Server connection for you, then you must manually configure it. - -**To select an AGPM Server** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. In the details pane, click the **AGPM Server** tab: - - - If the options on the **AGPM Server** tab are unavailable, they have been centrally configured by an AGPM Administrator. - - - If the options on the **AGPM Server** tab are available, type the fully-qualified computer name for the AGPM Server (for example, server.contoso.com) and the port on which the AGPM Service listens (by default, port 4600). Click **Apply**, then click **Yes** to confirm. - -### Additional considerations - -- The AGPM Servers selected determine which GPOs are displayed on the **Contents** tab and to what location the **Domain Delegation** tab settings are applied. If not centrally managed through the Administrative template, each Group Policy administrator must configure this setting to point to the AGPM Server for the domain. - -### Additional references - -- [Performing Editor Tasks](performing-editor-tasks.md) - -- [Performing Approver Tasks](performing-approver-tasks.md) - -- [Performing Reviewer Tasks](performing-reviewer-tasks.md) - -  - -  - - - - - diff --git a/mdop/agpm/configure-the-agpm-server-connection.md b/mdop/agpm/configure-the-agpm-server-connection.md deleted file mode 100644 index a6322bd687..0000000000 --- a/mdop/agpm/configure-the-agpm-server-connection.md +++ /dev/null @@ -1,118 +0,0 @@ ---- -title: Configure the AGPM Server Connection -description: Configure the AGPM Server Connection -author: dansimp -ms.assetid: 9a42b5bc-41be-44ef-a6e2-6f56e2cf1996 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configure the AGPM Server Connection - - -Advanced Group Policy Management (AGPM) stores all versions of each controlled Group Policy object (GPO) in a central archive, so Group Policy administrators can view and modify GPOs offline without immediately impacting the deployed version of each GPO. - -A user account with the AGPM Administrator (Full Control) role, the user account of the Approver who created the GPO used in these procedures, or a user account with the necessary permissions in Advanced Group Policy Management is required to complete these procedures for centrally configuring archive locations for all Group Policy administrators. Review the details in "Additional considerations" in this topic. - -## Configuring the AGPM Server connection - - -As an AGPM Administrator (Full Control), you can ensure that all Group Policy administrators connect to the same AGPM Server by centrally configuring the setting. If your environment requires separate AGPM Servers for some or all domains, configure those additional AGPM Servers as exceptions to the default. If you do not centrally configure AGPM Server connections, each Group Policy administrator must manually configure the AGPM Server to be displayed for each domain. - -- [Configure an AGPM Server for all Group Policy administrators](#bkmk-defaultarchiveloc) - -- [Configure additional AGPM Servers for all Group Policy administrators](#bkmk-additionalarchiveloc) - -- [Manually configure an AGPM Server for your account](#bkmk-manuallyconfigurearchiveloc) - -### - -**To configure an AGPM Server for all Group Policy administrators** - -1. In the **Group Policy Management Console** tree, edit a GPO that is applied to all Group Policy administrators. (For more information, see [Editing a GPO](editing-a-gpo.md).) - -2. In the **Group Policy Object Editor**, click **User Configuration**, **Administrative Templates**, and **Windows Components**. - -3. If **AGPM** is not listed under **Windows Components**: - - 1. Right-click **Administrative Templates** and click **Add/Remove Templates**. - - 2. Click **Add**, select **agpm.admx** or **agpm.adm**, click **Open**, and then click **Close**. - -4. Under **Windows Components**, double-click **AGPM**. - -5. In the details pane, double-click **AGPM Server (all domains)**. - -6. In the **AGPM Server (all domains) Properties** window, select the **Enabled** check box, and type the fully-qualified computer name and port (for example, server.contoso.com:4600). - -7. Click **OK**. Unless you want to configure additional AGPM Server connections, close the **Group Policy Object Editor** and deploy the GPO. (For more information, see [Deploy a GPO](deploy-a-gpo.md).) When Group Policy is updated, the AGPM Server connection is configured for all Group Policy administrators. - -### - -**To configure additional AGPM Servers for all Group Policy administrators** - -1. If no AGPM Server connection has been configured, follow the preceding procedure to configure a default AGPM Server for all domains. - -2. To configure separate AGPM Servers for some or all domains (overriding the default AGPM Server), in the **Group Policy Management Console** tree, edit a GPO that is applied to all Group Policy administrators. (For more information, see [Editing a GPO](editing-a-gpo.md).) - -3. Under **User Configuration** in the **Group Policy Object Editor**, double-click **Administrative Templates**, **Windows Components**, and then **AGPM**. - -4. In the details pane, double-click **AGPM Server**. - -5. In the **AGPM Server Properties** window, select the **Enabled** check box, and click **Show**. - -6. In the **Show Contents** window: - - 1. Click **Add**. - - 2. For **Value Name**, type the domain name (for example, server1.contoso.com). - - 3. For **Value**, type the AGPM Server name and port to use for this domain (for example, server2.contoso.com:4600), and then click **OK**. (By default, the AGPM Service listens on port 4600. To use a different port, see [Modify the Port on Which the AGPM Service Listens](modify-the-port-on-which-the-agpm-service-listens.md).) - - 4. Repeat for each domain not using the default AGPM Server. - -7. Click **OK** to close the **Show Contents** and **AGPM Server Properties** windows. - -8. Close the **Group Policy Object Editor**. (For more information, see [Deploy a GPO](deploy-a-gpo.md).) When Group Policy is updated, the new AGPM Server connections are configured for all Group Policy administrators. - -### - -If you have centrally configured the AGPM Server connection, the option to manually it is unavailable for all Group Policy administrators. - -**To manually configure the AGPM Server to display for your account** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. In the details pane, click the **AGPM Server** tab. - -3. Enter the fully-qualified computer name for the AGPM Server that manages the archive used for this domain (for example, server.contoso.com) and the port on which the AGPM Service listens (by default, port 4600). - -4. Click **Apply**, then click **Yes** to confirm. - -### Additional considerations - -- You must be able to edit and deploy a GPO to perform the procedures for centrally configuring AGPM Server connections for all Group Policy administrators. See [Editing a GPO](editing-a-gpo.md) and [Deploy a GPO](deploy-a-gpo.md) for additional detail. - -- The AGPM Server selected determines which GPOs are displayed on the **Contents** tab and to what location the **Domain Delegation** tab settings are applied. If not centrally managed through the Administrative Template, each Group Policy administrator must configure this setting to point to the AGPM Server for the domain. - -- Membership in the Group Policy Creator Owners group should be restricted so that it is not used to circumvent the management of access to GPOs by AGPM. (In the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you want to manage GPOs, click **Delegation**, and then configure the settings to meet the needs of your organization.) - -### Additional references - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks.md) - -  - -  - - - - - diff --git a/mdop/agpm/configuring-advanced-group-policy-management-agpm40.md b/mdop/agpm/configuring-advanced-group-policy-management-agpm40.md deleted file mode 100644 index 837ee68502..0000000000 --- a/mdop/agpm/configuring-advanced-group-policy-management-agpm40.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: Configuring Advanced Group Policy Management -description: Configuring Advanced Group Policy Management -author: dansimp -ms.assetid: 8c978ddf-2789-44e4-9c08-de7b4cd1afa0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configuring Advanced Group Policy Management - - -In Advanced Group Policy Management (AGPM), as an AGPM Administrator (Full Control), you can centrally configure AGPM Server connections for Group Policy administrators, configure e-mail notification for AGPM, configure optional e-mail security for AGPM, delegate access to Group Policy Objects (GPOs) in the production environment of the domain, and configure logging and tracing for troubleshooting. - -- [Configure AGPM Server Connections](configure-agpm-server-connections-agpm40.md) - -- [Configure E-Mail Notification](configure-e-mail-notification-agpm40.md) - -- [Configure E-Mail Security for AGPM](configure-e-mail-security-for-agpm-agpm40.md) - -- [Delegate Access to the Production Environment](delegate-access-to-the-production-environment-agpm40.md) - -- [Configure Logging and Tracing](configure-logging-and-tracing-agpm40.md) - -### Additional references - -- For information about delegating access to GPOs in the archive, see [Managing the Archive](managing-the-archive-agpm40.md). - -- For information about how to restrict the number of versions of each GPO stored in the archive, see [Limit the GPO Versions Stored](limit-the-gpo-versions-stored-agpm40.md). - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/configuring-advanced-group-policy-management.md b/mdop/agpm/configuring-advanced-group-policy-management.md deleted file mode 100644 index 2617957e16..0000000000 --- a/mdop/agpm/configuring-advanced-group-policy-management.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: Configuring Advanced Group Policy Management -description: Configuring Advanced Group Policy Management -author: dansimp -ms.assetid: 836f4a49-2c77-4f6b-8727-9df7ef443141 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configuring Advanced Group Policy Management - - -In Advanced Group Policy Management (AGPM), as an AGPM Administrator (Full Control), you can centrally configure AGPM Server connections for Group Policy administrators, configure e-mail notification for AGPM, configure optional e-mail security for AGPM, delegate access to Group Policy Objects (GPOs) in the production environment, and configure logging and tracing for troubleshooting. - -- [Configure AGPM Server Connections](configure-agpm-server-connections-agpm30ops.md) - -- [Configure E-Mail Notification](configure-e-mail-notification-agpm30ops.md) - -- [Configure E-Mail Security for AGPM](configure-e-mail-security-for-agpm-agpm30ops.md) - -- [Delegate Access to the Production Environment](delegate-access-to-the-production-environment-agpm30ops.md) - -- [Configure Logging and Tracing](configure-logging-and-tracing-agpm30ops.md) - -### Additional references - -- For information about delegating access to GPOs in the archive, see [Managing the Archive](managing-the-archive.md). - -- For information about how to restrict the number of versions of each GPO stored in the archive, see [Limit the GPO Versions Stored](limit-the-gpo-versions-stored-agpm30ops.md). - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/contents-tab-agpm30ops.md b/mdop/agpm/contents-tab-agpm30ops.md deleted file mode 100644 index 4e3f28a7a2..0000000000 --- a/mdop/agpm/contents-tab-agpm30ops.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: Contents Tab -description: Contents Tab -author: dansimp -ms.assetid: 6ada6430-cd93-47aa-af6e-d7f5b5620132 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Contents Tab - - -The **Contents** tab on the **Change Control** pane provides access to Group Policy Objects (GPOs) and a shortcut menu for managing GPOs. The options displayed when right-clicking items are dependent on your role, your permissions, and your ownership stake in the GPO being managed. Additionally, these shortcut menus differ with the state of the GPO being managed. - -The following secondary tabs filter the list of GPOs displayed: - -- **Controlled**: GPOs managed by Advanced Group Policy Management (AGPM) - -- **Uncontrolled**: GPOs not managed by AGPM - -- **Pending**: GPO changes awaiting approval by an Approver - -- **Templates**: GPO templates for creating new GPOs and comparing to existing GPOs - -- **Recycle Bin**: Deleted GPOs - -The **Contents** tab and its secondary tabs provide details about each GPO and access to the history of each GPO: - -- [Contents Tab Features](contents-tab-features-agpm30ops.md) - -- [History Window](history-window-agpm30ops.md) - -When you right-click GPOs on any secondary tab, a shortcut menu unique to that tab is displayed, providing commands for managing the GPOs: - -- [Controlled GPO Commands](controlled-gpo-commands-agpm30ops.md) - -- [Uncontrolled GPO Commands](uncontrolled-gpo-commands-agpm30ops.md) - -- [Pending GPO Commands](pending-gpo-commands-agpm30ops.md) - -- [Template Commands](template-commands-agpm30ops.md) - -- [Recycle Bin Commands](recycle-bin-commands-agpm30ops.md) - -### Additional references - -- [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/contents-tab-agpm40.md b/mdop/agpm/contents-tab-agpm40.md deleted file mode 100644 index 695acca3e9..0000000000 --- a/mdop/agpm/contents-tab-agpm40.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: Contents Tab -description: Contents Tab -author: dansimp -ms.assetid: cf9d1f17-3c3d-422f-bd6b-3db87be45554 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Contents Tab - - -The **Contents** tab on the **Change Control** pane provides access to Group Policy Objects (GPOs) and a shortcut menu for managing GPOs. The options displayed when right-clicking items are dependent on your role, your permissions, and your ownership stake in the GPO being managed. Additionally, these shortcut menus differ with the state of the GPO being managed. - -The following secondary tabs filter the list of GPOs displayed: - -- **Controlled**: GPOs managed by Advanced Group Policy Management (AGPM) - -- **Uncontrolled**: GPOs not managed by AGPM - -- **Pending**: GPO changes awaiting approval by an Approver - -- **Templates**: GPO templates for creating new GPOs and comparing to existing GPOs - -- **Recycle Bin**: Deleted GPOs - -The **Contents** tab and its secondary tabs provide details about each GPO and access to the history of each GPO: - -- [Contents Tab Features](contents-tab-features-agpm40.md) - -- [History Window](history-window-agpm40.md) - -When you right-click GPOs on any secondary tab, a shortcut menu unique to that tab is displayed, providing commands for managing the GPOs: - -- [Controlled GPO Commands](controlled-gpo-commands-agpm40.md) - -- [Uncontrolled GPO Commands](uncontrolled-gpo-commands-agpm40.md) - -- [Pending GPO Commands](pending-gpo-commands-agpm40.md) - -- [Template Commands](template-commands-agpm40.md) - -- [Recycle Bin Commands](recycle-bin-commands-agpm40.md) - -### Additional references - -- [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/contents-tab-features-agpm30ops.md b/mdop/agpm/contents-tab-features-agpm30ops.md deleted file mode 100644 index b902fc0724..0000000000 --- a/mdop/agpm/contents-tab-features-agpm30ops.md +++ /dev/null @@ -1,133 +0,0 @@ ---- -title: Contents Tab Features -description: Contents Tab Features -author: dansimp -ms.assetid: 725f025a-c30a-4d07-add1-4e0ed9a1a5fd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Contents Tab Features - - -Each secondary tab within the **Contents** tab has two sections—**Group Policy objects** and **Groups and Users**. - -## Group Policy objects section - - -The **Group Policy objects** section displays a filtered list of Group Policy Objects (GPOs) and identifies the following attributes for each GPO: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
GPO attributeDescription

Name

Name of the GPO.

State

The state of the selected GPO

Changed By

The Editor who checked in or the Approver who deployed the selected GPO.

Change Date

For a controlled GPO, the most recent date it was checked in after being modified or checked out to be modified. For an uncontrolled GPO, the date when it was last modified.

Comment

A comment entered by the person who checked in or deployed a GPO at the time that it was modified. Useful for identifying the specifics of the version in case of the need to roll back to a previous version.

Computer Version

Automatically generated version of the Computer Configuration portion of the GPO.

User Version

Automatically generated version of the User Configuration portion of the GPO.

GPO Status

The Computer Configuration and the User Configuration can be managed separately. The GPO Status indicates which portions of the GPO are enabled.

WMI Filter

Display any WMI filters that are applied to this GPO. WMI filters are managed under the WMI Filters folder for the domain in the console tree of the GPMC.

- -  - -## Groups and Users section - - -When a GPO is selected, the **Groups and Users** section displays a list of the groups and users with access to that GPO. The allowed permissions and inheritance are displayed for each group or user. An AGPM Administrator can configure permissions using either standard AGPM roles (Editor, Approver, Reviewer, and AGPM Administrator) or a customized combination of permissions. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ButtonEffect

Add

Add a new entry to the security descriptor. Any user or group in Active Directory can be added.

Remove

Remove the selected entry from the Access Control List.

Properties

Display the properties for the selected object. The properties page is the same one displayed for an object in Active Directory Users and Computers.

Advanced

Open the Access Control List Editor.

- -  - -### Additional considerations - -- For information about roles and permissions related to specific tasks, see the tasks under [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm30ops.md), [Performing Editor Tasks](performing-editor-tasks-agpm30ops.md), [Performing Approver Tasks](performing-approver-tasks-agpm30ops.md), and [Performing Reviewer Tasks](performing-reviewer-tasks-agpm30ops.md). - -### Additional references - -- [Contents Tab](contents-tab-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/contents-tab-features-agpm40.md b/mdop/agpm/contents-tab-features-agpm40.md deleted file mode 100644 index 7b909fc508..0000000000 --- a/mdop/agpm/contents-tab-features-agpm40.md +++ /dev/null @@ -1,133 +0,0 @@ ---- -title: Contents Tab Features -description: Contents Tab Features -author: dansimp -ms.assetid: f1f4849d-bf94-47d5-ad81-0eee33abcaca -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Contents Tab Features - - -Each secondary tab within the **Contents** tab has two sections—**Group Policy objects** and **Groups and Users**. - -## Group Policy objects section - - -The **Group Policy objects** section displays a filtered list of Group Policy Objects (GPOs) and identifies the following attributes for each GPO. You can use the **Search** box to search for GPOs with specific attributes. For more information, see [Search and Filter the List of GPOs](search-and-filter-the-list-of-gpos.md). - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
GPO attributeDescription

Name

Name of the GPO.

State

The state of the selected GPO

Changed By

The Editor who checked in or the Approver who deployed the selected GPO.

Change Date

For a controlled GPO, the most recent date it was checked in after being modified or checked out to be modified. For an uncontrolled GPO, the date when it was last modified.

Comment

A comment entered by the person who checked in or deployed a GPO at the time that it was modified. Useful for identifying the specifics of the version in case of the need to roll back to an earlier version.

Computer Version

Automatically generated version of the Computer Configuration part of the GPO.

User Version

Automatically generated version of the User Configuration part of the GPO.

GPO Status

The Computer Configuration and the User Configuration can be managed separately. The GPO Status indicates which portions of the GPO are enabled.

WMI Filter

Display any WMI filters that are applied to this GPO. WMI filters are managed under the WMI Filters folder for the domain in the console tree of the GPMC.

- -  - -## Groups and Users section - - -When a GPO is selected, the **Groups and Users** section displays a list of the groups and users with access to that GPO. The allowed permissions and inheritance are displayed for each group or user. An AGPM Administrator can configure permissions using either standard AGPM roles (Editor, Approver, Reviewer, and AGPM Administrator) or a customized combination of permissions. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ButtonEffect

Add

Add a new entry to the security descriptor. Any user or group in Active Directory can be added.

Remove

Remove the selected entry from the Access Control List.

Properties

Display the properties for the selected object. The properties page is the same one displayed for an object in Active Directory Users and Computers.

Advanced

Open the Access Control List Editor.

- -  - -### Additional considerations - -- For information about roles and permissions related to specific tasks, see the tasks under [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm40.md), [Performing Editor Tasks](performing-editor-tasks-agpm40.md), [Performing Approver Tasks](performing-approver-tasks-agpm40.md), and [Performing Reviewer Tasks](performing-reviewer-tasks-agpm40.md). - -### Additional references - -- [Contents Tab](contents-tab-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/contents-tab.md b/mdop/agpm/contents-tab.md deleted file mode 100644 index 4d154e05f6..0000000000 --- a/mdop/agpm/contents-tab.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Contents Tab -description: Contents Tab -author: dansimp -ms.assetid: 8a756bc1-3900-4d83-93c4-7ebc4705d956 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Contents Tab - - -The **Contents** tab on the **Change Control** pane provides access to Group Policy objects (GPOs) and a shortcut menu for managing GPOs. The options displayed when right-clicking items are dependent on your role, your permissions, and your ownership stake in the GPO being managed. Additionally, these shortcut menus differ with the state of the GPO being managed. - -The secondary tabs filter the list of GPOs displayed. - -- [Controlled Tab](controlled-tab.md): GPOs managed by AGPM - -- [Uncontrolled Tab](uncontrolled-tab.md): GPOs not managed by AGPM - -- [Pending Tab](pending-tab.md): GPO changes awaiting approval by an Approver - -- [Templates Tab](templates-tab.md): GPO templates for creating new GPOs and comparing to existing GPOs - -- [Recycle Bin Tab](recycle-bin-tab.md): Deleted GPOs - -Additionally, the secondary tabs provide access to the History of each GPO and to other features: - -- [Common Secondary Tab Features](common-secondary-tab-features.md) - -- [History Window](history-window.md) - -### Additional references - -- [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management.md) - -  - -  - - - - - diff --git a/mdop/agpm/control-a-previously-uncontrolled-gpo.md b/mdop/agpm/control-a-previously-uncontrolled-gpo.md deleted file mode 100644 index 6932d224a9..0000000000 --- a/mdop/agpm/control-a-previously-uncontrolled-gpo.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Control a Previously Uncontrolled GPO -description: Control a Previously Uncontrolled GPO -author: dansimp -ms.assetid: 452689a9-4e32-4e3b-8208-56353a82bf36 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Control a Previously Uncontrolled GPO - - -To use Advanced Group Policy Management (AGPM) to provide change control for a Group Policy object (GPO), you must first control the GPO with AGPM. - -A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To control a previously uncontrolled GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click the **Uncontrolled** tab to display the uncontrolled GPOs. - -3. Right-click the GPO to be controlled with AGPM, and then click **Control**. - -4. Type a comment to be displayed in the history of the GPO, and then click **OK**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the list on the **Uncontrolled** tab and added to the **Controlled** tab. - -### Additional considerations - -- By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Create GPO** permissions for the domain. - -### Additional references - -- [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-approver.md) - -  - -  - - - - - diff --git a/mdop/agpm/control-an-uncontrolled-gpo-agpm30ops.md b/mdop/agpm/control-an-uncontrolled-gpo-agpm30ops.md deleted file mode 100644 index 87d980d262..0000000000 --- a/mdop/agpm/control-an-uncontrolled-gpo-agpm30ops.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Control an Uncontrolled GPO -description: Control an Uncontrolled GPO -author: dansimp -ms.assetid: 603f00f9-1e65-4b2f-902a-e53dafedbd8d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Control an Uncontrolled GPO - - -To provide change control for a Group Policy Object (GPO), you must first control the GPO. - -A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To control an uncontrolled GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click the **Uncontrolled** tab to display the uncontrolled GPOs. - -3. Right-click the GPO to be controlled with AGPM, and then click **Control**. - -4. Type a comment to be displayed in the history of the GPO, and then click **OK**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the list on the **Uncontrolled** tab and added to the **Controlled** tab. - -### Additional considerations - -- By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Create GPO** permissions for the domain. - -### Additional references - -- [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-editor-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/control-an-uncontrolled-gpo-agpm40.md b/mdop/agpm/control-an-uncontrolled-gpo-agpm40.md deleted file mode 100644 index 438609f31c..0000000000 --- a/mdop/agpm/control-an-uncontrolled-gpo-agpm40.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Control an Uncontrolled GPO -description: Control an Uncontrolled GPO -author: dansimp -ms.assetid: dc81545c-8da5-4b6f-b266-f01a82e27c6b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Control an Uncontrolled GPO - - -To provide change control for a Group Policy Object (GPO), you must first control the GPO. - -A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To control an uncontrolled GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click the **Uncontrolled** tab to display the uncontrolled GPOs. - -3. Right-click the GPO to be controlled with AGPM, and then click **Control**. - -4. Type a comment to be displayed in the history of the GPO, and then click **OK**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the list on the **Uncontrolled** tab and added to the **Controlled** tab. - -### Additional considerations - -- By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Create GPO** permissions for the domain. - -### Additional references - -- [Creating or Controlling a GPO](creating-or-controlling-a-gpo-agpm40-app.md) - -  - -  - - - - - diff --git a/mdop/agpm/controlled-gpo-commands-agpm30ops.md b/mdop/agpm/controlled-gpo-commands-agpm30ops.md deleted file mode 100644 index 494e7b2c47..0000000000 --- a/mdop/agpm/controlled-gpo-commands-agpm30ops.md +++ /dev/null @@ -1,211 +0,0 @@ ---- -title: Controlled GPO Commands -description: Controlled GPO Commands -author: dansimp -ms.assetid: 82db4772-154a-4a8d-99cd-2c69e1738698 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Controlled GPO Commands - - -The **Controlled** tab: - -- Displays a list of Group Policy Objects (GPOs) managed by Advanced Group Policy Management (AGPM). - -- Provides a shortcut menu with commands for managing GPOs and for displaying the history and reports for GPOs. - -- Displays a list of the groups and users who have permission to access a selected GPO. - -Right-clicking the **Group Policy Objects** list on this tab displays a shortcut menu, including whichever of the following options are applicable. - -## Control and history - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

New Controlled GPO

Create a new GPO with change control managed through AGPM and deploy it to the production environment. If you do not have permission to create a GPO, you will be prompted to submit a request. (This option is displayed if no GPO is selected when right-clicking in the Group Policy Objects list.)

History

Open a window listing all versions of the selected GPO saved within the archive. From the history, you can obtain a report of the settings within a GPO, compare two versions of a GPO, compare a GPO to a template, or roll back to a previous version of a GPO.

- -  - -## Reports - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Settings

Generate an HTML-based or XML-based report displaying the settings within the selected GPO or display links to the selected GPO(s) from organizational units as of when the GPO(s) was most recently controlled, imported, or checked in.

Differences

Generate an HTML-based or XML-based report comparing the settings within two selected GPOs or within the selected GPO and a template.

- -  - -## Editing - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
CommandEffect

Edit

Open the Group Policy Management Editor window to make changes to the selected GPO.

Check Out

Obtain a copy of the selected GPO from the archive for offline editing and prohibit anyone else from editing it until it is checked back into the archive. (Check Out can be overridden by an AGPM Administrator (Full Control).)

Check In

Check the edited version of the selected GPO into the archive, so other authorized Editors can make changes or an Approver can deploy it to the production environment.

Undo Check Out

Return a checked out GPO to the archive without any changes.

- -  - -## Version management - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
CommandEffect

Import from Production

For the selected GPO, copy the version in the production environment to the archive.

Delete

Move the selected GPO to the Recycle Bin and indicate whether to leave the deployed version (if one exists) in production or to delete it as well as the version in the archive. If you do not have permission to delete a GPO, you will be prompted to submit a request.

Deploy

Move the selected GPO that is checked into the archive to the production environment. This action makes it active on the network and overwrites the previously active version of the GPO if one existed. If you do not have permission to deploy a GPO, you will be prompted to submit a request.

Label

Mark the selected GPO with a descriptive label (such as "Known good") and comment for record keeping. Labels appear in the State column and comments in the Comment column of the History window, enabling you to easily identify previous versions of a GPO identified with a particular label, so you can roll back if a problem occurs.

Rename

Change the name of the selected GPO. If the GPO has already been deployed, the name will be updated in the production environment when the GPO is redeployed.

Save as Template

Create a new template based on the settings of the selected GPO.

- -  - -## Miscellaneous - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Refresh

Update the display of the Group Policy Management Console (GPMC) to incorporate any changes. Some changes are not visible until the display is refreshed.

Help

Display help for AGPM.

- -  - -### Additional references - -- [Contents Tab](contents-tab-agpm30ops.md) - -- [Performing Editor Tasks](performing-editor-tasks-agpm30ops.md) - -- [Performing Approver Tasks](performing-approver-tasks-agpm30ops.md) - -- [Performing Reviewer Tasks](performing-reviewer-tasks-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/controlled-gpo-commands-agpm40.md b/mdop/agpm/controlled-gpo-commands-agpm40.md deleted file mode 100644 index 38253ca7d8..0000000000 --- a/mdop/agpm/controlled-gpo-commands-agpm40.md +++ /dev/null @@ -1,219 +0,0 @@ ---- -title: Controlled GPO Commands -description: Controlled GPO Commands -author: dansimp -ms.assetid: 370d3db9-4efc-4799-983d-e29ba5f32b07 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Controlled GPO Commands - - -The **Controlled** tab: - -- Displays a list of Group Policy Objects (GPOs) managed by Advanced Group Policy Management (AGPM). - -- Provides a shortcut menu with commands for managing GPOs and for displaying the history and reports for GPOs. - -- Displays a list of the groups and users who have permission to access a selected GPO. - -Right-clicking the **Group Policy Objects** list on this tab displays a shortcut menu. This menu includes whichever of the following options are applicable. - -## Control and history - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

New Controlled GPO

Create a new GPO with change control managed through AGPM and deploy it to the production environment of the domain. If you do not have permission to create a GPO, you are prompted to submit a request. (This option is displayed if no GPO is selected when right-clicking in the Group Policy Objects list.)

History

Open a window listing all versions of the selected GPO saved within the archive. From the history, you can obtain a report of the settings within a GPO, compare two versions of a GPO, compare a GPO to a template, or roll back to an earlier version of a GPO.

- -  - -## Reports - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Settings

Generate an HTML-based or XML-based report displaying the settings within the selected GPO or display links to the selected GPO(s) from organizational units as of when the GPO(s) was most recently controlled, imported, or checked in.

Differences

Generate an HTML-based or XML-based report comparing the settings within two selected GPOs or within the selected GPO and a template.

- -  - -## Editing - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
CommandEffect

Edit

Open the Group Policy Management Editor window to change the selected GPO.

Check Out

Obtain a copy of the selected GPO from the archive for offline editing and prohibit anyone else from editing the GPO until it is checked back into the archive. Check Out can be overridden by an AGPM Administrator (Full Control).

Check In

Check the edited version of the selected GPO into the archive, so other authorized Editors can make changes or an Approver can deploy the GPO to the production environment of the domain.

Undo Check Out

Return a checked out GPO to the archive without any changes.

- -  - -## Version management - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
CommandEffect

Import from Production

For the selected GPO, copy the version in the production environment of the domain to the archive.

Import from File

Replace the policy settings of the selected, checked-out GPO with those from a GPO backup file.

Delete

Move the selected GPO to the Recycle Bin and indicate whether to leave the deployed version (if one exists) in production or to delete the deployed version in addition to the version in the archive. If you do not have permission to delete a GPO, you are prompted to submit a request.

Deploy

Move the selected GPO that is checked into the archive to the production environment of the domain. This action makes it active on the network and overwrites the previously active version of the GPO if one existed. If you do not have permission to deploy a GPO, you will be prompted to submit a request.

Export to

Save the selected GPO to a backup file so that you can copy it to another domain.

Label

Mark the selected GPO with a descriptive label (such as "Known good") and comment for record keeping. Labels appear in the State column and comments in the Comment column of the History window. They help you identify earlier versions of a GPO so that you can roll back if a problem occurs.

Rename

Change the name of the selected GPO. If the GPO has already been deployed, the name will be updated in the production environment of the domain when the GPO is redeployed.

Save as Template

Create a new template based on the settings of the selected GPO.

- -  - -## Miscellaneous - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Refresh

Update the display of the Group Policy Management Console (GPMC) to incorporate any changes. Some changes are not visible until the display is refreshed.

Help

Display help for AGPM.

- -  - -### Additional references - -- [Contents Tab](contents-tab-agpm40.md) - -- [Performing Editor Tasks](performing-editor-tasks-agpm40.md) - -- [Performing Approver Tasks](performing-approver-tasks-agpm40.md) - -- [Performing Reviewer Tasks](performing-reviewer-tasks-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/controlled-tab.md b/mdop/agpm/controlled-tab.md deleted file mode 100644 index 64d9853749..0000000000 --- a/mdop/agpm/controlled-tab.md +++ /dev/null @@ -1,211 +0,0 @@ ---- -title: Controlled Tab -description: Controlled Tab -author: dansimp -ms.assetid: 8995a9e1-ace4-40b7-a47b-e1e9924541ba -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Controlled Tab - - -The **Controlled** tab: - -- Displays a list of Group Policy objects (GPOs) managed by Advanced Group Policy Management (AGPM). - -- Provides a shortcut menu with commands for managing GPOs and for displaying the history and reports for GPOs. - -- Displays a list of the groups and users who have permission to access a selected GPO. - -Right-clicking the **Group Policy Objects** list on this tab displays a shortcut menu, including whichever of the following options are applicable. - -## Control and history - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

New Controlled GPO

Create a new GPO with change control managed through AGPM and deploy it to the production environment. If you do not have permission to create a GPO, you will be prompted to submit a request. (This option is displayed if no GPO is selected when right-clicking in the Group Policy Objects list.)

History

Open a window listing all versions of the selected GPO saved within the archive. From the history, you can obtain a report of the settings within a GPO, compare two versions of a GPO, compare a GPO to a template, or roll back to a previous version of a GPO.

- -  - -## Reports - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Settings

Generate an HTML-based or XML-based report displaying the settings within the selected GPO or display links to the selected GPO(s) from organizational units as of when the GPO(s) was most recently controlled, imported, or checked in.

Differences

Generate an HTML-based or XML-based report comparing the settings within two selected GPOs or within the selected GPO and a template.

- -  - -## Editing - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
CommandEffect

Edit

Open the Group Policy Object Editor to make changes to the selected GPO.

Check Out

Obtain a copy of the selected GPO from the archive for offline editing and prohibit anyone else from editing it until it is checked back into the archive. (Check Out can be overridden by an AGPM Administrator (Full Control).)

Check In

Check the edited version of the selected GPO into the archive, so other authorized Editors can make changes or an Approver can deploy it to the production environment.

Undo Check Out

Return a checked out GPO to the archive without any changes.

- -  - -## Version management - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
CommandEffect

Import from Production

For the selected GPO, copy the version in the production environment to the archive.

Delete

Move the selected GPO to the Recycle Bin and indicate whether to leave the deployed version (if one exists) in production or to delete it as well as the version in the archive. If you do not have permission to delete a GPO, you will be prompted to submit a request.

Deploy

Move the selected GPO that is checked into the archive to the production environment. This action makes it active on the network and overwrites the previously active version of the GPO if one existed. If you do not have permission to deploy a GPO, you will be prompted to submit a request.

Label

Mark the selected GPO with a descriptive label (such as "Known good") and comment for record keeping. Labels appear in the State column and comments in the Comment column of the History window, enabling you to easily identify previous versions of a GPO identified with a particular label, so you can roll back if a problem occurs.

Rename

Change the name of the selected GPO. If the GPO has already been deployed, the name will be updated in the production environment when the GPO is redeployed.

Save as Template

Create a new template based on the settings of the selected GPO.

- -  - -## Miscellaneous - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Refresh

Update the display of the Group Policy Management Console to incorporate any changes. Some changes are not visible until the display is refreshed.

Help

Display help for AGPM.

- -  - -### Additional references - -- [Contents Tab](contents-tab.md) - -- [Performing Editor Tasks](performing-editor-tasks.md) - -- [Performing Approver Tasks](performing-approver-tasks.md) - -- [Performing Reviewer Tasks](performing-reviewer-tasks.md) - -  - -  - - - - - diff --git a/mdop/agpm/create-a-new-controlled-gpo-agpm30ops.md b/mdop/agpm/create-a-new-controlled-gpo-agpm30ops.md deleted file mode 100644 index 2b6c82070c..0000000000 --- a/mdop/agpm/create-a-new-controlled-gpo-agpm30ops.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: Create a New Controlled GPO -description: Create a New Controlled GPO -author: dansimp -ms.assetid: f89eaae8-7858-4222-ba3f-a93a9d7ea5a3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Create a New Controlled GPO - - -New Group Policy Objects (GPOs) created through the **Change Control** folder will automatically be controlled, enabling you to manage them. - -A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To create a new GPO with change control managed through AGPM** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. Right-click **Change Control**, and then click **New Controlled GPO**. - -3. In the **New Controlled GPO** dialog box: - - 1. Type a name for the new GPO. - - 2. Optional: Type a comment for the new GPO to be displayed in the **History** for the GPO. - - 3. To immediately deploy the new GPO to the production environment, click **Create live**. To create the new GPO offline without immediately deploying it, click **Create offline**. - - 4. Select the GPO template to use as a starting point for the new GPO. - - 5. Click **OK**. - -4. When the **Progress** window indicates that overall progress is complete, click **Close**. The new GPO is displayed in the list of GPOs on the **Controlled** tab. - -### Additional considerations - -- By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Create GPO** permissions for the domain. - -### Additional references - -- [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-editor-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/create-a-new-controlled-gpo-agpm40.md b/mdop/agpm/create-a-new-controlled-gpo-agpm40.md deleted file mode 100644 index e688f80ebc..0000000000 --- a/mdop/agpm/create-a-new-controlled-gpo-agpm40.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: Create a New Controlled GPO -description: Create a New Controlled GPO -author: dansimp -ms.assetid: 5ce760f6-9f05-42b4-b787-7835ab8e324e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Create a New Controlled GPO - - -New Group Policy Objects (GPOs) created through the **Change Control** folder will automatically be controlled, enabling you to manage them. - -A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To create a new GPO with change control managed through AGPM** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. Right-click **Change Control**, and then click **New Controlled GPO**. - -3. In the **New Controlled GPO** dialog box: - - 1. Type a name for the new GPO. - - 2. Optional: Type a comment for the new GPO to be displayed in the **History** for the GPO. - - 3. To immediately deploy the new GPO to the production environment of the domain, click **Create live**. To create the new GPO offline without immediately deploying it, click **Create offline**. - - 4. Select the GPO template to use as a starting point for the new GPO, and then click **OK**. - -4. When the **Progress** window indicates that overall progress is complete, click **Close**. The new GPO is displayed in the list of GPOs on the **Controlled** tab. - -### Additional considerations - -- By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Create GPO** permissions for the domain. - -### Additional references - -- [Creating or Controlling a GPO](creating-or-controlling-a-gpo-agpm40-app.md) - -  - -  - - - - - diff --git a/mdop/agpm/create-a-new-controlled-gpo.md b/mdop/agpm/create-a-new-controlled-gpo.md deleted file mode 100644 index dc4d11b70b..0000000000 --- a/mdop/agpm/create-a-new-controlled-gpo.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: Create a New Controlled GPO -description: Create a New Controlled GPO -author: dansimp -ms.assetid: b43ce0f4-4519-4278-83c4-c7d5163ddd11 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Create a New Controlled GPO - - -New Group Policy objects (GPOs) created through the **Change Control** node will automatically be controlled, enabling you to manage them with Advanced Group Policy Management (AGPM). - -A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To create a new GPO with change control managed through AGPM** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. Right-click the **Change Control** node, and then click **New Controlled GPO**. - -3. In the **New Controlled GPO** dialog box: - - 1. Type a name for the new GPO. - - 2. Optional: Type a comment for the new GPO to be displayed in the **History** for the GPO. - - 3. To immediately deploy the new GPO to the production environment, click **Create live**. To create the new GPO offline without immediately deploying it, click **Create offline**. - - 4. Select the GPO template to use as a starting point for the new GPO. - - 5. Click **OK**. - -4. When the **Progress** window indicates that overall progress is complete, click **Close**. The new GPO is displayed in the list of GPOs on the **Controlled** tab. - -### Additional considerations - -- By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Create GPO** permissions for the domain. - -### Additional references - -- [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-approver.md) - -  - -  - - - - - diff --git a/mdop/agpm/create-a-template-agpm30ops.md b/mdop/agpm/create-a-template-agpm30ops.md deleted file mode 100644 index 0af27e71f6..0000000000 --- a/mdop/agpm/create-a-template-agpm30ops.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Create a Template -description: Create a Template -author: dansimp -ms.assetid: 8208f14a-5c18-43a7-8564-118230398cca -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Create a Template - - -Creating a template enables you to save all of the settings of a particular version of a Group Policy Object (GPO) to use as a starting point for creating new GPOs. - -**Note**   -A template is an uneditable, static version of a GPO for use as a starting point for creating new, editable GPOs. - - - -A user account with the Editor or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To create a template based on an existing GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click the **Controlled** or **Uncontrolled** tab to display available GPOs. - -3. Right-click the GPO from which you want to create a template, and then click **Save as Template**. - -4. Type a name for the template and a comment, and then click **OK**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The new template appears on the **Templates** tab. - -### Additional considerations - -- By default, you must be an Editor or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Create Template** permissions for the domain. - -- Renaming or deleting a template does not impact GPOs created from that template. - -- Because it cannot be altered, a template does not have a history. - -### Additional references - -- [Creating a Template and Setting a Default Template](creating-a-template-and-setting-a-default-template-agpm30ops.md) - -- [Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo-agpm30ops.md) - - - - - - - - - diff --git a/mdop/agpm/create-a-template-agpm40.md b/mdop/agpm/create-a-template-agpm40.md deleted file mode 100644 index bb0d209a5b..0000000000 --- a/mdop/agpm/create-a-template-agpm40.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Create a Template -description: Create a Template -author: dansimp -ms.assetid: b38423af-7d24-437a-98bc-01f1ae891127 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Create a Template - - -Creating a template enables you to save all of the settings of a particular version of a Group Policy Object (GPO) to use as a starting point for creating new GPOs. - -**Note**   -A template is an uneditable, static version of a GPO for use as a starting point for creating new, editable GPOs. - - - -A user account with the Editor or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To create a template based on an existing GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click the **Controlled** or **Uncontrolled** tab to display available GPOs. - -3. Right-click the GPO from which you want to create a template, and then click **Save as Template**. - -4. Type a name for the template and a comment, and then click **OK**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The new template appears on the **Templates** tab. - -### Additional considerations - -- By default, you must be an Editor or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Create Template** permissions for the domain. - -- Renaming or deleting a template does not impact GPOs created from that template. - -- Because it cannot be altered, a template does not have a history. - -### Additional references - -- [Creating a Template and Setting a Default Template](creating-a-template-and-setting-a-default-template-agpm40.md) - -- [Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo-agpm40.md) - - - - - - - - - diff --git a/mdop/agpm/create-a-template.md b/mdop/agpm/create-a-template.md deleted file mode 100644 index f25308b5ea..0000000000 --- a/mdop/agpm/create-a-template.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Create a Template -description: Create a Template -author: dansimp -ms.assetid: 6992bd55-4a4f-401f-9815-c468bac598ef -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Create a Template - - -Creating a template enables you to save all of the settings of a particular version of a Group Policy object (GPO) to use as a starting point for creating new GPOs. - -**Note**   -A template is an uneditable, static version of a GPO for use as a starting point for creating new, editable GPOs. - - - -A user account with the Editor or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To create a template based on an existing GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click the **Controlled** or **Uncontrolled** tab to display available GPOs. - -3. Right-click the GPO from which you want to create a template, then click **Save as Template**. - -4. Type a name for the template and a comment, then click **OK**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The new template appears on the **Templates** tab. - -### Additional considerations - -- By default, you must be an Editor or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Create Template** permissions for the domain. - -- Renaming or deleting a template does not impact GPOs created from that template. - -- Because it cannot be altered, a template does not have a history. - -### Additional references - -- [Creating a Template and Setting a Default Template](creating-a-template-and-setting-a-default-template.md) - -- [Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo.md) - - - - - - - - - diff --git a/mdop/agpm/creating-a-template-and-setting-a-default-template-agpm30ops.md b/mdop/agpm/creating-a-template-and-setting-a-default-template-agpm30ops.md deleted file mode 100644 index 946f6e4a3c..0000000000 --- a/mdop/agpm/creating-a-template-and-setting-a-default-template-agpm30ops.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: Creating a Template and Setting a Default Template -description: Creating a Template and Setting a Default Template -author: dansimp -ms.assetid: acce0e0f-7e67-479c-9daa-e678fccd7ced -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Creating a Template and Setting a Default Template - - -Creating a template enables you to save all the settings of a particular version of a Group Policy Object (GPO) to use as a starting point for creating new GPOs. As an Editor, you can also specify which of the available templates will be the default template for all Group Policy administrators creating new GPOs. - -Some potential uses for a template include the following: - -- Create a security baseline that your organization can reuse across domains. - -- Create a template to manage folder redirection and offline files that your organization can customize for each department. - -- Create a wireless networking template that your organization can use to configure wireless network connections for different geographical areas. - -- Create regulatory compliance templates for local network administrators. - -- Create a read-only snapshot of an existing GPO. - -**Note**   -A template is a static version of a GPO that cannot be edited, yet can be used as a starting point for creating new, editable GPOs. Renaming or deleting a template does not affect GPOs created from that template. - - - -- [Create a Template](create-a-template-agpm30ops.md) - -- [Set a Default Template](set-a-default-template-agpm30ops.md) - - - - - - - - - diff --git a/mdop/agpm/creating-a-template-and-setting-a-default-template-agpm40.md b/mdop/agpm/creating-a-template-and-setting-a-default-template-agpm40.md deleted file mode 100644 index 7b81b2a43d..0000000000 --- a/mdop/agpm/creating-a-template-and-setting-a-default-template-agpm40.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: Creating a Template and Setting a Default Template -description: Creating a Template and Setting a Default Template -author: dansimp -ms.assetid: ffa72c2a-64eb-4492-8072-c3a66179b546 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Creating a Template and Setting a Default Template - - -Creating a template enables you to save all the settings of a particular version of a Group Policy Object (GPO) to use as a starting point for creating new GPOs. As an Editor, you can also specify which of the available templates will be the default template for all Group Policy administrators creating new GPOs. - -Some potential uses for a template include the following: - -- Create a security baseline that your organization can reuse across domains. - -- Create a template to manage folder redirection and offline files that your organization can customize for each department. - -- Create a wireless networking template that your organization can use to configure wireless network connections for different geographical areas. - -- Create regulatory compliance templates for local network administrators. - -- Create a read-only snapshot of an existing GPO. - -**Note**   -A template is a static version of a GPO that cannot be edited, yet can be used as a starting point for creating new, editable GPOs. Renaming or deleting a template does not affect GPOs created from that template. - - - -- [Create a Template](create-a-template-agpm40.md) - -- [Set a Default Template](set-a-default-template-agpm40.md) - - - - - - - - - diff --git a/mdop/agpm/creating-a-template-and-setting-a-default-template.md b/mdop/agpm/creating-a-template-and-setting-a-default-template.md deleted file mode 100644 index 049e02aff3..0000000000 --- a/mdop/agpm/creating-a-template-and-setting-a-default-template.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -title: Creating a Template and Setting a Default Template -description: Creating a Template and Setting a Default Template -author: dansimp -ms.assetid: 8771b4b5-4dea-4be1-a675-f60cfd3ec5dc -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Creating a Template and Setting a Default Template - - -Creating a template enables you to save all of the settings of a particular version of a Group Policy object (GPO) to use as a starting point for creating new GPOs. As an Editor, you can also specify which of the available templates will be the default template for all Group Policy administrators creating new GPOs. - -**Note**   -A template is an uneditable, static version of a GPO for use as a starting point for creating new, editable GPOs. Renaming or deleting a template does not impact GPOs created from that template. - - - -- [Create a Template](create-a-template.md) - -- [Set a Default Template](set-a-default-template.md) - - - - - - - - - diff --git a/mdop/agpm/creating-controlling-or-importing-a-gpo-agpm30ops.md b/mdop/agpm/creating-controlling-or-importing-a-gpo-agpm30ops.md deleted file mode 100644 index 5415bea6ec..0000000000 --- a/mdop/agpm/creating-controlling-or-importing-a-gpo-agpm30ops.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: Creating, Controlling, or Importing a GPO -description: Creating, Controlling, or Importing a GPO -author: dansimp -ms.assetid: ce8b232e-7758-4a6a-9e2f-18967da6cdad -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Creating, Controlling, or Importing a GPO - - -To use Advanced Group Policy Management (AGPM) to provide change control for a Group Policy Object (GPO), the GPO must first be controlled by AGPM. New GPOs created through the **Change Control** folder will automatically be controlled. As an Editor, you may not have permission to complete the control, creation, or deletion of a GPO, but you do have the permission necessary to begin the process and submit your request to an Approver. - -- [Request Control of an Uncontrolled GPO](request-control-of-an-uncontrolled-gpo-agpm30ops.md) - -- [Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo-agpm30ops.md) - -- [Import a GPO from Production](import-a-gpo-from-production-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/creating-controlling-or-importing-a-gpo-approver.md b/mdop/agpm/creating-controlling-or-importing-a-gpo-approver.md deleted file mode 100644 index 99e2495711..0000000000 --- a/mdop/agpm/creating-controlling-or-importing-a-gpo-approver.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -title: Creating, Controlling, or Importing a GPO -description: Creating, Controlling, or Importing a GPO -author: dansimp -ms.assetid: f2c8bef5-b654-4864-99d4-9207cfb0a137 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Creating, Controlling, or Importing a GPO - - -To use Advanced Group Policy Management (AGPM) to provide change control for a Group Policy object (GPO), you must first control the GPO with AGPM. New GPOs created through the **Change Control** node will automatically be controlled. - -- [Control a Previously Uncontrolled GPO](control-a-previously-uncontrolled-gpo.md) - -- [Create a New Controlled GPO](create-a-new-controlled-gpo.md) - -- [Delegate Access to a GPO](delegate-access-to-a-gpo.md) - -- [Import a GPO from Production](import-a-gpo-from-production-approver.md) - -  - -  - - - - - diff --git a/mdop/agpm/creating-controlling-or-importing-a-gpo-editor-agpm30ops.md b/mdop/agpm/creating-controlling-or-importing-a-gpo-editor-agpm30ops.md deleted file mode 100644 index 489ce5e692..0000000000 --- a/mdop/agpm/creating-controlling-or-importing-a-gpo-editor-agpm30ops.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -title: Creating, Controlling, or Importing a GPO -description: Creating, Controlling, or Importing a GPO -author: dansimp -ms.assetid: 0cc1b6ee-3335-4d84-9e1c-d1aefabfef51 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Creating, Controlling, or Importing a GPO - - -To use Advanced Group Policy Management (AGPM) to provide change control for a Group Policy Object (GPO), you must first control the GPO with AGPM. New GPOs created through the **Change Control** folder will automatically be controlled. - -- [Control an Uncontrolled GPO](control-an-uncontrolled-gpo-agpm30ops.md) - -- [Create a New Controlled GPO](create-a-new-controlled-gpo-agpm30ops.md) - -- [Delegate Management of a Controlled GPO](delegate-management-of-a-controlled-gpo-agpm30ops.md) - -- [Import a GPO from Production](import-a-gpo-from-production-editor-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/creating-controlling-or-importing-a-gpo-editor.md b/mdop/agpm/creating-controlling-or-importing-a-gpo-editor.md deleted file mode 100644 index 39ac25e986..0000000000 --- a/mdop/agpm/creating-controlling-or-importing-a-gpo-editor.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: Creating, Controlling, or Importing a GPO -description: Creating, Controlling, or Importing a GPO -author: dansimp -ms.assetid: 5259ce25-f570-4346-9f50-6b051724a998 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Creating, Controlling, or Importing a GPO - - -To use Advanced Group Policy Management (AGPM) to provide change control for a Group Policy object (GPO), the GPO must first be controlled by AGPM. New GPOs created through the **Change Control** node will automatically be controlled. As an Editor, you may not have permission to complete the control, creation, or deletion of a GPO, but you do have the permission necessary to begin the process and submit your request to an Approver. - -- [Request Control of a Previously Uncontrolled GPO](request-control-of-a-previously-uncontrolled-gpo.md) - -- [Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo.md) - -- [Import a GPO from Production](import-a-gpo-from-production-editor.md) - -  - -  - - - - - diff --git a/mdop/agpm/creating-or-controlling-a-gpo-agpm40-app.md b/mdop/agpm/creating-or-controlling-a-gpo-agpm40-app.md deleted file mode 100644 index 2206a562b7..0000000000 --- a/mdop/agpm/creating-or-controlling-a-gpo-agpm40-app.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -title: Creating or Controlling a GPO -description: Creating or Controlling a GPO -author: dansimp -ms.assetid: ca2fa40e-c6e9-4c57-9da1-e5375df4a2fd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Creating or Controlling a GPO - - -To use Advanced Group Policy Management (AGPM) to provide change control for a Group Policy Object (GPO), you must first control the GPO with AGPM. New GPOs created through the **Change Control** folder will automatically be controlled. - -- [Control an Uncontrolled GPO](control-an-uncontrolled-gpo-agpm40.md) - -- [Create a New Controlled GPO](create-a-new-controlled-gpo-agpm40.md) - -- [Delegate Management of a Controlled GPO](delegate-management-of-a-controlled-gpo-agpm40.md) - -- [Import a GPO from Production](import-a-gpo-from-production-agpm40-app.md) - -  - -  - - - - - diff --git a/mdop/agpm/creating-or-controlling-a-gpo-agpm40-ed.md b/mdop/agpm/creating-or-controlling-a-gpo-agpm40-ed.md deleted file mode 100644 index 37b7564e65..0000000000 --- a/mdop/agpm/creating-or-controlling-a-gpo-agpm40-ed.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: Creating or Controlling a GPO -description: Creating or Controlling a GPO -author: dansimp -ms.assetid: 807f3b3f-ad3d-4851-9772-7f54a065632a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Creating or Controlling a GPO - - -To use Advanced Group Policy Management (AGPM) to provide change control for a Group Policy Object (GPO), the GPO must first be controlled by AGPM. New GPOs created through the **Change Control** folder will automatically be controlled. As an Editor, you may not have permission to complete the control, creation, or deletion of a GPO, but you do have the permission necessary to begin the process and submit your request to an Approver. - -- [Request Control of an Uncontrolled GPO](request-control-of-an-uncontrolled-gpo-agpm40.md) - -- [Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo-agpm40.md) - -- [Import a GPO from Production](import-a-gpo-from-production-agpm40-ed.md) - -  - -  - - - - - diff --git a/mdop/agpm/delegate-access-to-a-gpo.md b/mdop/agpm/delegate-access-to-a-gpo.md deleted file mode 100644 index 86bb7646c4..0000000000 --- a/mdop/agpm/delegate-access-to-a-gpo.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Delegate Access to a GPO -description: Delegate Access to a GPO -author: dansimp -ms.assetid: f1d6bb6c-d5bf-4080-a6cb-32774689f804 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Delegate Access to a GPO - - -An Approver can delegate the management of a controlled Group Policy object (GPO) that was **created by that Approver**. Like an AGPM Administrator (Full Control), the Approver can delegate access to such a GPO, so selected Editors can edit it, Reviewers can review it, and other Approvers can approve it. By default, an Approver cannot delegate access to GPOs created by another Group Policy administrator. - -A user account with the AGPM Administrator (Full Control) role, the user account of the Approver who created the GPO, or a user account with the necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To delegate the management of a controlled GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click the **Controlled** tab to display controlled GPOs, and then click the GPO to delegate. - -3. Click the **Add** button, select the users or groups to be permitted access, and then click **OK**. - -4. To customize the permissions for each, click the **Advanced** button on the **Contents** tab and check role permissions to allow or deny. (For more detailed control, click **Advanced** in the **Permissions** dialog box.) - -5. Click **Apply**, and then click **OK** in the **Permissions** dialog box. - -### Additional considerations - -- By default, you must be the Approver who created or controlled the GPO or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** permission for the domain and **Modify Security** permission for the GPO. - -### Additional references - -- [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-approver.md) - -  - -  - - - - - diff --git a/mdop/agpm/delegate-access-to-an-individual-gpo-in-the-archive-agpm30ops.md b/mdop/agpm/delegate-access-to-an-individual-gpo-in-the-archive-agpm30ops.md deleted file mode 100644 index 12617d0f27..0000000000 --- a/mdop/agpm/delegate-access-to-an-individual-gpo-in-the-archive-agpm30ops.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: Delegate Access to an Individual GPO in the Archive -description: Delegate Access to an Individual GPO in the Archive -author: dansimp -ms.assetid: 7b37b188-2b6b-4e52-be97-8ef899e9893b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Delegate Access to an Individual GPO in the Archive - - -As an AGPM Administrator (Full Control), you can delegate the management of a controlled Group Policy Object (GPO) in the archive so that selected groups and Editors can edit it, Reviewers can review it, and Approvers can approve it. - -A user account with the AGPM Administrator (Full Control) role, the user account of the Approver who created the GPO, or a user account with the necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To delegate the management of a controlled GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click the **Controlled** tab to display controlled GPOs, and then click the GPO to delegate: - - 1. To add access for a user or group, click the **Add** button, select the user or group, and click **OK**. In the **Add Group or User** dialog box, select a role and click **OK**. - - 2. To remove access for a user or group, select the user or group, and click the **Remove** button. - - **Note**   - If a user or group inherits domain-wide access, the **Remove** button is unavailable. You can modify domain-wide access on the **Domain Delegation** tab. - - - - 3. To modify the roles and permissions delegated to a user or group, click the **Advanced** button. In the **Permissions** dialog box, select the user or group, select the check box for each role to be assigned to that user or group, and click **OK**. - - **Note**   - Editor and Approver include Reviewer permissions. - - - -### Additional considerations - -- By default, you must be the Approver who created or controlled the GPO or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** permission for the domain and **Modify Security** permission for the GPO. - -- To delegate read access to Group Policy administrators who use AGPM, you must grant them **List Contents** as well as **Read Settings** permissions. This enables them to view GPOs on the **Contents** tab of AGPM. Other permissions must be explicitly delegated. - -- Editors must have **Read** permission for the deployed copy of a GPO to make full use of Group Policy Software Installation. - -- Membership in the Group Policy Creator Owners group should be restricted, so it is not used to circumvent AGPM management of access to GPOs. (In the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you want to manage GPOs, click **Delegation**, and then configure the settings to meet the needs of your organization.) - -### Additional references - -- [Managing the Archive](managing-the-archive.md) - - - - - - - - - diff --git a/mdop/agpm/delegate-access-to-an-individual-gpo-in-the-archive-agpm40.md b/mdop/agpm/delegate-access-to-an-individual-gpo-in-the-archive-agpm40.md deleted file mode 100644 index d8d548450f..0000000000 --- a/mdop/agpm/delegate-access-to-an-individual-gpo-in-the-archive-agpm40.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: Delegate Access to an Individual GPO in the Archive -description: Delegate Access to an Individual GPO in the Archive -author: dansimp -ms.assetid: 284d2aa2-7c10-4ffa-8978-bbe30867c1c1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Delegate Access to an Individual GPO in the Archive - - -As an AGPM Administrator (Full Control), you can delegate the management of a controlled Group Policy Object (GPO) in the archive so that selected groups and Editors can edit it, Reviewers can review it, and Approvers can approve it. - -A user account with the AGPM Administrator (Full Control) role, the user account of the Approver who created the GPO, or a user account with the necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To delegate the management of a controlled GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click the **Controlled** tab to display controlled GPOs, and then click the GPO to delegate: - - 1. To add access for a user or group, click the **Add** button, select the user or group, and click **OK**. In the **Add Group or User** dialog box, select a role and click **OK**. - - 2. To remove access for a user or group, select the user or group, and click the **Remove** button. - - **Note**   - If a user or group inherits domain-wide access, the **Remove** button is unavailable. You can modify domain-wide access on the **Domain Delegation** tab. - - - - 3. To modify the roles and permissions delegated to a user or group, click the **Advanced** button. In the **Permissions** dialog box, select the user or group, select the check box for each role to be assigned to that user or group, and click **OK**. - - **Note**   - Editor and Approver include Reviewer permissions. - - - -### Additional considerations - -- By default, you must be the Approver who created or controlled the GPO or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** permission for the domain and **Modify Security** permission for the GPO. - -- To delegate read access to Group Policy administrators who use AGPM, you must grant them **List Contents** as well as **Read Settings** permissions. This enables them to view GPOs on the **Contents** tab of AGPM. Other permissions must be explicitly delegated. - -- Editors must have **Read** permission for the deployed copy of a GPO to make full use of Group Policy Software Installation. - -- Membership in the Group Policy Creator Owners group should be restricted, so it is not used to circumvent AGPM management of access to GPOs. (In the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you want to manage GPOs, click **Delegation**, and then configure the settings to meet the needs of your organization.) - -### Additional references - -- [Managing the Archive](managing-the-archive-agpm40.md) - - - - - - - - - diff --git a/mdop/agpm/delegate-access-to-an-individual-gpo.md b/mdop/agpm/delegate-access-to-an-individual-gpo.md deleted file mode 100644 index ef1ebe53fa..0000000000 --- a/mdop/agpm/delegate-access-to-an-individual-gpo.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: Delegate Access to an Individual GPO -description: Delegate Access to an Individual GPO -author: dansimp -ms.assetid: b2a7d550-14bf-4b41-b6e4-2cc091eedd2d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Delegate Access to an Individual GPO - - -As an AGPM Administrator (Full Control), you can delegate the management of a controlled Group Policy object (GPO), so selected groups and Editors can edit it, Reviewers can review it, and Approvers can approve it. - -A user account with the AGPM Administrator (Full Control) role, the user account of the Approver who created the GPO, or a user account with the necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To delegate the management of a controlled GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click the **Controlled** tab to display controlled GPOs, and then click the GPO to delegate. - -3. Click the **Add** button, select the users or groups to be permitted access, and then click **OK**. - -4. To customize the permissions for each user or group, click the **Advanced** button on the **Contents** tab and check role permissions to allow or deny. (For more detailed control, click **Advanced** in the **Permissions** dialog box.) - -5. Click **Apply**, and then click **OK** in the **Permissions** dialog box. - -### Additional considerations - -- By default, you must be the Approver who created or controlled the GPO or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** permission for the domain and **Modify Security** permission for the GPO. - -- To delegate read access to Group Policy administrators who use AGPM, you must grant them **List Contents** as well as **Read Settings** permissions. This enables them to view GPOs on the **Contents** tab of AGPM. Set the permission to apply to **This object and nested objects**. Other permissions must be explicitly delegated. - -- Editors must have **Read** permission for the deployed copy of a GPO to make full use of Group Policy Software Installation. - -- Membership in the Group Policy Creator Owners group should be restricted so that it is not used to circumvent AGPM management of access to GPOs. (In the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you want to manage GPOs, click **Delegation**, and then configure the settings to meet the needs of your organization.) - -### Additional references - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks.md) - -  - -  - - - - - diff --git a/mdop/agpm/delegate-access-to-the-production-environment-agpm30ops.md b/mdop/agpm/delegate-access-to-the-production-environment-agpm30ops.md deleted file mode 100644 index 6a0eaaf9c7..0000000000 --- a/mdop/agpm/delegate-access-to-the-production-environment-agpm30ops.md +++ /dev/null @@ -1,107 +0,0 @@ ---- -title: Delegate Access to the Production Environment -description: Delegate Access to the Production Environment -author: dansimp -ms.assetid: c1ebae2e-909b-4e64-b368-b7d3cc67b1eb -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Delegate Access to the Production Environment - - -You can change access to Group Policy Objects (GPOs) in the production environment, replacing any existing permissions on those GPOs. You can configure permissions at the domain level to either allow or prevent users from editing, deleting, or modifying the security of GPOs in the production environment when they are not using the **Change Control** folder in the Group Policy Management Console (GPMC). - -**Note**   -- Delegating access to the production environment does not affect users’ ability to link GPOs. - -- When GPOs are controlled or deployed, access for any other accounts except those with **Read** and **Apply** permissions is removed. - -  - -A user account that has either the necessary permissions in Advanced Group Policy Management (AGPM) or the role of AGPM Administrator (Full Control) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To change access to GPOs in the production environment** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. Click the **Production Delegation** tab. - -3. To add permissions for a user or group that does not have access to the production environment, or to replace the permissions for a user or group that does have access: - - 1. Click **Add**, select a user or group, and then click **OK**. - - 2. Select permissions to delegate to that user or group for the production environment, and then click **OK**. - -4. To remove all permissions to the production environment for a user or group, select the user or group, click **Remove**, and then click **OK**. - -### Additional considerations - -- By default, you must be an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **Modify Security** permission for the domain. - -- Permissions for the AGPM Service Account cannot be changed on the **Production Delegation** tab. - -- By default, the following accounts have permissions for GPOs in the production environment: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
AccountDefault Permissions for GPOs

<AGPM Service Account>

Edit Settings, Delete, Modify Security

Authenticated Users

Read, Apply

Domain Admins

Edit Settings, Delete, Modify Security

Enterprise Admins

Edit Settings, Delete, Modify Security

Enterprise Domain Controllers

Read

System

Edit Settings, Delete, Modify Security

- -   - -- Membership in the Group Policy Creator Owners group should be restricted, so it is not used to circumvent AGPM management of access to GPOs. (In the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you want to manage GPOs, click **Delegation**, and then configure the settings to meet the needs of your organization.) - -### Additional references - -- [Configuring Advanced Group Policy Management](configuring-advanced-group-policy-management.md) - -  - -  - - - - - diff --git a/mdop/agpm/delegate-access-to-the-production-environment-agpm40.md b/mdop/agpm/delegate-access-to-the-production-environment-agpm40.md deleted file mode 100644 index 79476c9882..0000000000 --- a/mdop/agpm/delegate-access-to-the-production-environment-agpm40.md +++ /dev/null @@ -1,107 +0,0 @@ ---- -title: Delegate Access to the Production Environment -description: Delegate Access to the Production Environment -author: dansimp -ms.assetid: 4c670581-8c47-41ea-80eb-02846ff1ec1f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Delegate Access to the Production Environment - - -In Advanced Group Policy Management (AGPM), you can change access to Group Policy Objects (GPOs) in the production environment of the domain, replacing any existing permissions on those GPOs. You can configure permissions at the domain level to either allow or prevent users from editing, deleting, or modifying the security of GPOs in the production environment when they are not using the **Change Control** folder in the Group Policy Management Console (GPMC). - -**Note**   -- Changing how access to the production environment is delegated does not affect users' ability to link GPOs. - -- When GPOs are controlled or deployed, access for any other accounts except those with **Read** and **Apply** permissions is removed. - -  - -A user account that has either the role of AGPM Administrator (Full Control) or the necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To change access to GPOs in the production environment of the domain** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. Click the **Production Delegation** tab. - -3. To add permissions for a user or group that does not have access to the production environment, or to replace the permissions for a user or group that does have access: - - 1. Click **Add**, select a user or group, and then click **OK**. - - 2. Select permissions to delegate to that user or group for the production environment, and then click **OK**. - -4. To remove all permissions to the production environment for a user or group, select the user or group, click **Remove**, and then click **OK**. - -### Additional considerations - -- By default, you must be an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **Modify Security** permission for the domain. - -- Permissions for the AGPM Service Account cannot be changed on the **Production Delegation** tab. - -- By default, the following accounts have permissions for GPOs in the production environment: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
AccountDefault Permissions for GPOs

<AGPM Service Account>

Edit Settings, Delete, Modify Security

Authenticated Users

Read, Apply

Domain Admins

Edit Settings, Delete, Modify Security

Enterprise Admins

Edit Settings, Delete, Modify Security

Enterprise Domain Controllers

Read

System

Edit Settings, Delete, Modify Security

- -   - -- Membership in the Group Policy Creator Owners group should be restricted, so it is not used to circumvent AGPM management of access to GPOs. (In the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you want to manage GPOs, click **Delegation**, and then configure the settings to meet the needs of your organization.) - -### Additional references - -- [Configuring Advanced Group Policy Management](configuring-advanced-group-policy-management-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/delegate-domain-level-access-to-the-archive-agpm30ops.md b/mdop/agpm/delegate-domain-level-access-to-the-archive-agpm30ops.md deleted file mode 100644 index 367806c7ef..0000000000 --- a/mdop/agpm/delegate-domain-level-access-to-the-archive-agpm30ops.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Delegate Domain-Level Access to the Archive -description: Delegate Domain-Level Access to the Archive -author: dansimp -ms.assetid: d232069e-71d5-4b4d-b22e-bef11de1cfd4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Delegate Domain-Level Access to the Archive - - -Set up delegation for your environment so that Group Policy administrators have the appropriate access to and control over Group Policy Objects (GPOs) in the archive. There are baseline permissions you can apply to make operation more efficient. You can grant permissions in any manner that meets the needs of your organization. - -A user account with the AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To delegate access so that users and groups have appropriate permissions to all GPOs throughout a domain** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. Click the **Domain Delegation** tab, and configure access to all GPOs in the domain: - - 1. To add access for a user or group, click the **Add** button, select the user or group, and click **OK**. In the **Add Group or User** dialog box, select a role and click **OK**. - - 2. To remove access for a user or group, select the user or group, and click the **Remove** button. - - 3. To modify the roles and permissions delegated to a user or group, select click the **Advanced** button. In the **Permissions** dialog box, select the user or group, select the check box for each role to be assigned to that user or group, and then click **OK**. - - **Note**   - Editor and Approver include Reviewer permissions. - - - -### Additional considerations - -- By default, you must be an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **Modify Security** permission for the domain. - -- To delegate read access to Group Policy administrators who use AGPM, you must grant them **List Contents** as well as **Read Settings** permissions. This enables them to view GPOs on the **Contents** tab of AGPM. Other permissions must be explicitly delegated. - -- Editors must be granted **Read** permission for the deployed copy of a GPO to make full use of Group Policy Software Installation. - -- Membership in the Group Policy Creator Owners group should be restricted, so it is not used to circumvent AGPM management of access to GPOs. (In the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you want to manage GPOs, click **Delegation**, and then configure the settings to meet the needs of your organization.) - -### Additional references - -- [Managing the Archive](managing-the-archive.md) - - - - - - - - - diff --git a/mdop/agpm/delegate-domain-level-access-to-the-archive-agpm40.md b/mdop/agpm/delegate-domain-level-access-to-the-archive-agpm40.md deleted file mode 100644 index 2a6a673529..0000000000 --- a/mdop/agpm/delegate-domain-level-access-to-the-archive-agpm40.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Delegate Domain-Level Access to the Archive -description: Delegate Domain-Level Access to the Archive -author: dansimp -ms.assetid: 11ca1d40-4b5c-496e-8922-d01412717858 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Delegate Domain-Level Access to the Archive - - -Set up delegation for your environment so that Group Policy administrators have the appropriate access to and control over Group Policy Objects (GPOs) in the archive. There are baseline permissions you can apply to make operation more efficient. You can grant permissions in any manner that meets the needs of your organization. - -A user account with the AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To delegate access so that users and groups have appropriate permissions to all GPOs throughout a domain** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. Click the **Domain Delegation** tab, and configure access to all GPOs in the domain: - - 1. To add access for a user or group, click the **Add** button, select the user or group, and click **OK**. In the **Add Group or User** dialog box, select a role and click **OK**. - - 2. To remove access for a user or group, select the user or group, and click the **Remove** button. - - 3. To modify the roles and permissions delegated to a user or group, select click the **Advanced** button. In the **Permissions** dialog box, select the user or group, select the check box for each role to be assigned to that user or group, and then click **OK**. - - **Note**   - Editor and Approver include Reviewer permissions. - - - -### Additional considerations - -- By default, you must be an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **Modify Security** permission for the domain. - -- To delegate read access to Group Policy administrators who use AGPM, you must grant them **List Contents** as well as **Read Settings** permissions. This enables them to view GPOs on the **Contents** tab of AGPM. Other permissions must be explicitly delegated. - -- Editors must be granted **Read** permission for the deployed copy of a GPO to make full use of Group Policy Software Installation. - -- Membership in the Group Policy Creator Owners group should be restricted, so it is not used to circumvent AGPM management of access to GPOs. (In the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you want to manage GPOs, click **Delegation**, and then configure the settings to meet the needs of your organization.) - -### Additional references - -- [Managing the Archive](managing-the-archive-agpm40.md) - - - - - - - - - diff --git a/mdop/agpm/delegate-domain-level-access.md b/mdop/agpm/delegate-domain-level-access.md deleted file mode 100644 index 3facfda7f0..0000000000 --- a/mdop/agpm/delegate-domain-level-access.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -title: Delegate Domain-Level Access -description: Delegate Domain-Level Access -author: dansimp -ms.assetid: 64c8e773-38cc-4991-9ed2-5a801094d06e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Delegate Domain-Level Access - - -Set up delegation for your environment so Group Policy administrators have the appropriate access to and control over Group Policy objects (GPOs). There are baseline permissions you can apply to make the operation of Advanced Group Policy Management (AGPM) more efficient. You can grant permissions in any manner that meets the needs of your organization. - -A user account with the AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To delegate access so users and groups have appropriate permissions to all GPOs throughout a domain** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. Click the **Domain Delegation** tab, then click the **Advanced** button. - -3. In the **Permissions** dialog box, click the check box for each role to be assigned to an individual, and then click the **Advanced** button. - - **Note**   - Editor and Approver include Reviewer permissions. - - - -4. In the **Advanced Security Settings** dialog box, select a Group Policy administrator, and then click **Edit**. - -5. For **Apply onto**, select **This object and nested objects**, configure any special permissions beyond the standard AGPM roles, then click **OK** in the **Permission** **Entry** dialog box. - -6. In the **Advanced Security Settings** dialog box, click **OK**. - -7. In the **Permissions** dialog box, click **OK**. - -### Additional considerations - -- By default, you must be an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **Modify Security** permission for the domain. - -- To delegate read access to Group Policy administrators who use AGPM, you must grant them **List Contents** as well as **Read Settings** permissions. This enables them to view GPOs on the **Contents** tab of AGPM. Set the permission to apply to **This object and nested objects**. Other permissions must be explicitly delegated. - -- Editors must be granted **Read** permission for the deployed copy of a GPO to make full use of Group Policy Software Installation. - -- Membership in the Group Policy Creator Owners group should be restricted so that it is not used to circumvent AGPM management of access to GPOs. (In the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you want to manage GPOs, click **Delegation**, and then configure the settings to meet the needs of your organization.) - -### Additional references - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks.md) - - - - - - - - - diff --git a/mdop/agpm/delegate-management-of-a-controlled-gpo-agpm30ops.md b/mdop/agpm/delegate-management-of-a-controlled-gpo-agpm30ops.md deleted file mode 100644 index 20c4c7176a..0000000000 --- a/mdop/agpm/delegate-management-of-a-controlled-gpo-agpm30ops.md +++ /dev/null @@ -1,65 +0,0 @@ ---- -title: Delegate Management of a Controlled GPO -description: Delegate Management of a Controlled GPO -author: dansimp -ms.assetid: 509b02e7-ce0b-4919-b58a-c3a33051152e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Delegate Management of a Controlled GPO - - -An Approver can delegate the management of a controlled Group Policy Object (GPO) that was created by that Approver. Like an AGPM Administrator (Full Control), the Approver can delegate access to such a GPO so that selected Editors can edit it, Reviewers can review it, and other Approvers can approve it. By default, an Approver cannot delegate access to GPOs created by another Group Policy administrator. - -A user account with the AGPM Administrator (Full Control) role, the user account of the Approver who created the GPO, or a user account with the necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To delegate the management of a controlled GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click the **Controlled** tab to display controlled GPOs, and then click the GPO to delegate: - - 1. To add access for a user or group, click the **Add** button, select the user or group, and click **OK**. In the **Add Group or User** dialog box, select a role and click **OK**. - - 2. To remove access for a user or group, select the user or group, and then click the **Remove** button. - - **Note**   - If a user or group inherits domain-wide access, the **Remove** button is unavailable. You can modify domain-wide access on the **Domain Delegation** tab. - - - - 3. To modify the roles and permissions delegated to a user or group, click the **Advanced** button. In the **Permissions** dialog box, select the user or group, select the check box for each role to be assigned to that user or group, and then click **OK**. - - **Note**   - Editor and Approver include Reviewer permissions. - - - -### Additional considerations - -- By default, you must be the Approver who created or controlled the GPO or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** permission for the domain and **Modify Security** permission for the GPO. - -- To delegate read access to Group Policy administrators who use AGPM, you must grant them **List Contents** as well as **Read Settings** permissions. This enables them to view GPOs on the **Contents** tab of AGPM. Other permissions must be explicitly delegated. - -- Editors must have **Read** permission for the deployed copy of a GPO to make full use of Group Policy Software Installation. - -### Additional references - -- [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-editor-agpm30ops.md) - - - - - - - - - diff --git a/mdop/agpm/delegate-management-of-a-controlled-gpo-agpm40.md b/mdop/agpm/delegate-management-of-a-controlled-gpo-agpm40.md deleted file mode 100644 index 6401b24ac5..0000000000 --- a/mdop/agpm/delegate-management-of-a-controlled-gpo-agpm40.md +++ /dev/null @@ -1,65 +0,0 @@ ---- -title: Delegate Management of a Controlled GPO -description: Delegate Management of a Controlled GPO -author: dansimp -ms.assetid: 96b4bfb3-5657-4267-8326-85d7a0db87ce -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Delegate Management of a Controlled GPO - - -An Approver can delegate the management of a controlled Group Policy Object (GPO) that was created by that Approver. Like an AGPM Administrator (Full Control), the Approver can delegate access to such a GPO so that selected Editors can edit it, Reviewers can review it, and other Approvers can approve it. By default, an Approver cannot delegate access to GPOs created by another Group Policy administrator. - -A user account with the AGPM Administrator (Full Control) role, the user account of the Approver who created the GPO, or a user account with the necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To delegate the management of a controlled GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click the **Controlled** tab to display controlled GPOs, and then click the GPO to delegate: - - 1. To add access for a user or group, click the **Add** button, select the user or group, and click **OK**. In the **Add Group or User** dialog box, select a role and click **OK**. - - 2. To remove access for a user or group, select the user or group, and then click the **Remove** button. - - **Note**   - If a user or group inherits domain-wide access, the **Remove** button is unavailable. You can modify domain-wide access on the **Domain Delegation** tab. - - - - 3. To modify the roles and permissions delegated to a user or group, click the **Advanced** button. In the **Permissions** dialog box, select the user or group, select the check box for each role to be assigned to that user or group, and then click **OK**. - - **Note**   - Editor and Approver include Reviewer permissions. - - - -### Additional considerations - -- By default, you must be the Approver who created or controlled the GPO or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** permission for the domain and **Modify Security** permission for the GPO. - -- To delegate read access to Group Policy administrators who use AGPM, you must grant them **List Contents** as well as **Read Settings** permissions. This enables them to view GPOs on the **Contents** tab of AGPM. Other permissions must be explicitly delegated. - -- Editors must have **Read** permission for the deployed copy of a GPO to make full use of Group Policy Software Installation. - -### Additional references - -- [Creating or Controlling a GPO](creating-or-controlling-a-gpo-agpm40-app.md) - - - - - - - - - diff --git a/mdop/agpm/delete-a-controlled-gpo-agpm30ops.md b/mdop/agpm/delete-a-controlled-gpo-agpm30ops.md deleted file mode 100644 index 15a7b0ca84..0000000000 --- a/mdop/agpm/delete-a-controlled-gpo-agpm30ops.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: Delete a Controlled GPO -description: Delete a Controlled GPO -author: dansimp -ms.assetid: f51c1737-c116-4faf-a6f6-c72303f60a3b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Delete a Controlled GPO - - -Approvers can delete a controlled Group Policy Object (GPO), moving it to the Recycle Bin. - -A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To delete a controlled GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -3. Right-click the GPO you want to delete, and then click **Delete**. - - - To delete the GPO from the archive while leaving the deployed version of the GPO untouched in the production environment, click **Delete GPO from archive only**. - - - To delete the GPO from both the archive and production environment, click **Delete GPO from archive and production**. - -4. Type a comment to be displayed in the audit trail for the GPO, and then click **OK**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the **Controlled** tab and is displayed on the **Recycle Bin** tab, where it can be restored or destroyed. If the GPO was deleted only from the archive, it is also displayed on the **Uncontrolled** tab. - -### Additional considerations - -- By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Delete GPO** permissions for the GPO. - -- To delete an uncontrolled GPO from the production environment without first controlling it, in the **Group Policy Management Console**, click **Forest**, click **Domains**, click **<MyDomain>**, and then click **Group Policy Objects**. Right-click the uncontrolled GPO, and then click **Delete**. - -### Additional references - -- [Deleting, Restoring, or Destroying a GPO](deleting-restoring-or-destroying-a-gpo-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/delete-a-controlled-gpo-agpm40.md b/mdop/agpm/delete-a-controlled-gpo-agpm40.md deleted file mode 100644 index df8fd91963..0000000000 --- a/mdop/agpm/delete-a-controlled-gpo-agpm40.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: Delete a Controlled GPO -description: Delete a Controlled GPO -author: dansimp -ms.assetid: 2a461018-aa0b-4ae3-b079-efc554ca4a3d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Delete a Controlled GPO - - -Approvers can delete a controlled Group Policy Object (GPO), moving it to the Recycle Bin. - -A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To delete a controlled GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -3. Right-click the GPO you want to delete, and then click **Delete**. - - - To delete the GPO from the archive while leaving the deployed version of the GPO untouched in the production environment, click **Delete GPO from archive only**. - - - To delete the GPO from both the archive and production environment of the domain, click **Delete GPO from archive and production**. - -4. Type a comment to be displayed in the audit trail for the GPO, and then click **OK**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the **Controlled** tab and is displayed on the **Recycle Bin** tab, where it can be restored or destroyed. If the GPO was deleted only from the archive, it is also displayed on the **Uncontrolled** tab. - -### Additional considerations - -- By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Delete GPO** permissions for the GPO. - -- To delete an uncontrolled GPO from the production environment without first controlling it, in the **Group Policy Management Console**, click **Forest**, click **Domains**, click **<MyDomain>**, and then click **Group Policy Objects**. Right-click the uncontrolled GPO, and then click **Delete**. - -### Additional references - -- [Deleting, Restoring, or Destroying a GPO](deleting-restoring-or-destroying-a-gpo-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/delete-a-gpo-approver.md b/mdop/agpm/delete-a-gpo-approver.md deleted file mode 100644 index b690ae67d6..0000000000 --- a/mdop/agpm/delete-a-gpo-approver.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: Delete a GPO -description: Delete a GPO -author: dansimp -ms.assetid: 85fca371-5707-49c1-aa51-813fc3a58dfc -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Delete a GPO - - -Advanced Group Policy Management (AGPM) enables Approvers to delete a controlled Group Policy object (GPO), moving it to the Recycle Bin. - -A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To delete a controlled GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -3. Right-click the GPO to delete, and then click **Delete**. - - - To delete the GPO from the archive while leaving the deployed version of the GPO untouched in the production environment, click **Delete GPO from archive only (uncontrol)**. - - - To delete the GPO from both the archive and production environment, click **Delete GPO from archive and production**. - -4. Type a comment to be displayed in the audit trail for the GPO, and then click **OK**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the **Controlled** tab and is displayed on the **Recycle Bin** tab, where it can be restored or destroyed. If the GPO was deleted only from the archive, it is also displayed on the **Uncontrolled** tab. - -### Additional considerations - -- By default, you must be an Approver or an AGPM Administrator (Full Control) to delete a deployed GPO. Specifically, you must have **List Contents** and **Delete GPO** permissions for the GPO. - -- By default, you must be an Editor, an Approver, or an AGPM Administrator (Full Control) to delete a GPO from the archive. Specifically, you must have **List Contents** and either **Edit Settings** or **Delete GPO** permissions for the GPO. - -- To delete an uncontrolled GPO from the production environment without first controlling it, in the **Group Policy Management Console**, click **Forest**, click **Domains**, click **<MyDomain>**, and then click **Group Policy Objects**. Right-click the uncontrolled GPO, and then click **Delete**. - -### Additional references - -- [Deleting, Restoring, or Destroying a GPO](deleting-restoring-or-destroying-a-gpo.md) - -  - -  - - - - - diff --git a/mdop/agpm/delete-a-gpo-editor.md b/mdop/agpm/delete-a-gpo-editor.md deleted file mode 100644 index 151980b771..0000000000 --- a/mdop/agpm/delete-a-gpo-editor.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: Delete a GPO -description: Delete a GPO -author: dansimp -ms.assetid: 66be3dde-653e-4c25-8cb7-00e7090c8d31 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Delete a GPO - - -As an Editor, you may not have permission to complete the deletion of a Group Policy object (GPO), but you do have the permission necessary to begin the process and submit your request to an Approver. - -A user account with the Editor role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To request the deletion of a controlled GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -3. Right-click the GPO to delete, and then click **Delete**. - - - To delete the GPO from the archive while leaving the deployed version of the GPO untouched in the production environment, click **Delete GPO from archive only (uncontrol)**. - - - To delete the GPO from both the archive and production environment, click **Delete GPO from archive and production**. - - Unless you have special permission to delete GPOs, you must submit a request for deletion of the deployed GPO. To receive a copy of the request, type your e-mail address in the **Cc** field. Type a comment to be displayed in the audit trail for the GPO, and then click **Submit**. - -4. When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is displayed on the list of GPOs on the **Pending** tab. When an Approver has approved your request, the GPO will be moved from the **Pending** tab to the **Recycle Bin** tab, where it can be restored or destroyed. - -### Additional considerations - -- By default, you must be an Editor to request the deletion of a deployed GPO. Specifically, you must have **List Contents** and **Edit Settings** permissions for the GPO. - -- By default, you must be an Editor, an Approver, or an AGPM Administrator (Full Control) to delete a GPO from the archive. Specifically, you must have **List Contents** and either **Edit Settings** or **Delete GPO** permissions for the GPO. - -- To withdraw your request before it has been approved, click the **Pending** tab. Right-click the GPO, and then click **Withdraw**. The GPO will be returned to the **Controlled** tab. - -- To delete an uncontrolled GPO from the production environment without first controlling it, in the **Group Policy Management Console**, click **Forest**, click **Domains**, click **<MyDomain>**, and then click **Group Policy Objects**. Right-click the uncontrolled GPO, and then click **Delete**. - -### Additional references - -- [Performing Editor Tasks](performing-editor-tasks.md) - -  - -  - - - - - diff --git a/mdop/agpm/deleting-or-restoring-a-gpo-agpm30ops.md b/mdop/agpm/deleting-or-restoring-a-gpo-agpm30ops.md deleted file mode 100644 index b50eaff2eb..0000000000 --- a/mdop/agpm/deleting-or-restoring-a-gpo-agpm30ops.md +++ /dev/null @@ -1,33 +0,0 @@ ---- -title: Deleting or Restoring a GPO -description: Deleting or Restoring a GPO -author: dansimp -ms.assetid: ee4a467a-187a-48e3-8f0d-548de0606a56 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deleting or Restoring a GPO - - -To use Advanced Group Policy Management (AGPM) to delete a Group Policy Object (GPO) from the archive or restore a deleted GPO from the Recycle Bin, the GPO must be controlled by AGPM. As an Editor, you may not have permission to complete the deletion or restoration of a GPO, but you do have the permission necessary to begin the process and submit your request to an Approver. - -- [Request Deletion of a GPO](request-deletion-of-a-gpo-agpm30ops.md) - -- [Request Restoration of a Deleted GPO](request-restoration-of-a-deleted-gpo-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/deleting-or-restoring-a-gpo-agpm40.md b/mdop/agpm/deleting-or-restoring-a-gpo-agpm40.md deleted file mode 100644 index f45ac8dc42..0000000000 --- a/mdop/agpm/deleting-or-restoring-a-gpo-agpm40.md +++ /dev/null @@ -1,33 +0,0 @@ ---- -title: Deleting or Restoring a GPO -description: Deleting or Restoring a GPO -author: dansimp -ms.assetid: d4f92f4d-eba7-4e6e-b166-13670864d298 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deleting or Restoring a GPO - - -To use Advanced Group Policy Management (AGPM) to delete a Group Policy Object (GPO) from the archive or restore a deleted GPO from the Recycle Bin, the GPO must be controlled by AGPM. As an Editor, you may not have permission to complete the deletion or restoration of a GPO, but you do have the permission necessary to begin the process and submit your request to an Approver. - -- [Request Deletion of a GPO](request-deletion-of-a-gpo-agpm40.md) - -- [Request Restoration of a Deleted GPO](request-restoration-of-a-deleted-gpo-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/deleting-restoring-or-destroying-a-gpo-agpm30ops.md b/mdop/agpm/deleting-restoring-or-destroying-a-gpo-agpm30ops.md deleted file mode 100644 index 2c2c5983b2..0000000000 --- a/mdop/agpm/deleting-restoring-or-destroying-a-gpo-agpm30ops.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: Deleting, Restoring, or Destroying a GPO -description: Deleting, Restoring, or Destroying a GPO -author: dansimp -ms.assetid: 3e1b862e-007a-4b60-900f-0489069f5c75 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deleting, Restoring, or Destroying a GPO - - -As an Approver, you can delete a Group Policy Object (GPO) (moving it to the Recycle Bin), restore a GPO from the Recycle Bin (returning it to the archive), or destroy a GPO (permanently deleting it so that it can no longer be restored). - -- [Delete a Controlled GPO](delete-a-controlled-gpo-agpm30ops.md) - -- [Restore a Deleted GPO](restore-a-deleted-gpo-agpm30ops.md) - -- [Destroy a GPO](destroy-a-gpo-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/deleting-restoring-or-destroying-a-gpo-agpm40.md b/mdop/agpm/deleting-restoring-or-destroying-a-gpo-agpm40.md deleted file mode 100644 index 7373c4011f..0000000000 --- a/mdop/agpm/deleting-restoring-or-destroying-a-gpo-agpm40.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: Deleting, Restoring, or Destroying a GPO -description: Deleting, Restoring, or Destroying a GPO -author: dansimp -ms.assetid: 3af6c396-61c8-4b32-9fd8-28e9f15e575c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deleting, Restoring, or Destroying a GPO - - -As an Approver, you can delete a Group Policy Object (GPO) (moving it to the Recycle Bin), restore a GPO from the Recycle Bin (returning it to the archive), or destroy a GPO (permanently deleting it so that it can no longer be restored). - -- [Delete a Controlled GPO](delete-a-controlled-gpo-agpm40.md) - -- [Restore a Deleted GPO](restore-a-deleted-gpo-agpm40.md) - -- [Destroy a GPO](destroy-a-gpo-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/deleting-restoring-or-destroying-a-gpo.md b/mdop/agpm/deleting-restoring-or-destroying-a-gpo.md deleted file mode 100644 index 86d70a45a4..0000000000 --- a/mdop/agpm/deleting-restoring-or-destroying-a-gpo.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: Deleting, Restoring, or Destroying a GPO -description: Deleting, Restoring, or Destroying a GPO -author: dansimp -ms.assetid: 089c68e7-c1a5-418a-8776-cf23960f10c4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deleting, Restoring, or Destroying a GPO - - -As an Approver, you can delete a Group Policy object (GPO) (moving it to the Recycle Bin), restore a GPO from the Recycle Bin (returning it to the archive), or destroy a GPO (permanently deleting it so that it can no longer be restored). - -- [Delete a GPO](delete-a-gpo-approver.md) - -- [Restore a Deleted GPO](restore-a-deleted-gpo.md) - -- [Destroy a GPO](destroy-a-gpo.md) - -  - -  - - - - - diff --git a/mdop/agpm/deploy-a-gpo-agpm30ops.md b/mdop/agpm/deploy-a-gpo-agpm30ops.md deleted file mode 100644 index 1e51162115..0000000000 --- a/mdop/agpm/deploy-a-gpo-agpm30ops.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Deploy a GPO -description: Deploy a GPO -author: dansimp -ms.assetid: 3767b722-db43-40f1-a714-bb8e38bcaa10 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploy a GPO - - -An Approver can deploy a new or edited Group Policy Object (GPO) to the production environment. For information about redeploying a previous version of a GPO, see [Roll Back to a Previous Version of a GPO](roll-back-to-a-previous-version-of-a-gpo-agpm30ops.md). - -A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To deploy a GPO to the production environment** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -3. Right-click the GPO to be deployed and then click **Deploy**. - -4. To review links to the GPO, click **Advanced**. Pause the mouse pointer on an item in the tree to display details. - - - By default, all links to the GPO will be restored. - - - To prevent a link from being restored, clear the check box for that link. - - - To prevent all links from being restored, clear the **Restore Links** check box in the **Deploy GPO** dialog box. - -5. Click **Yes**. When the **Progress** window indicates that overall progress is complete, click **Close**. - -**Note**   -To verify whether the most recent version of a GPO has been deployed, on the **Controlled** tab, double-click the GPO to display its **History**. In the **History** for the GPO, the **State** column indicates whether a GPO has been deployed. - - - -### Additional considerations - -- By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Deploy GPO** permissions for the GPO. - -### Additional references - -- [Performing Approver Tasks](performing-approver-tasks-agpm30ops.md) - - - - - - - - - diff --git a/mdop/agpm/deploy-a-gpo-agpm40.md b/mdop/agpm/deploy-a-gpo-agpm40.md deleted file mode 100644 index 6c16327cc3..0000000000 --- a/mdop/agpm/deploy-a-gpo-agpm40.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Deploy a GPO -description: Deploy a GPO -author: dansimp -ms.assetid: a6febeaa-144b-4c02-99af-d972f0f2b544 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploy a GPO - - -An Approver can deploy a new or edited Group Policy Object (GPO) to the production environment. For information about redeploying an earlier version of a GPO, see [Roll Back to an Earlier Version of a GPO](roll-back-to-an-earlier-version-of-a-gpo-agpm40.md). - -A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To deploy a GPO to the production environment** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -3. Right-click the GPO to be deployed and then click **Deploy**. - -4. To review links to the GPO, click **Advanced**. Pause the mouse pointer on an item in the tree to display details. - - - By default, all links to the GPO will be restored. - - - To prevent a link from being restored, clear the check box for that link. - - - To prevent all links from being restored, clear the **Restore Links** check box in the **Deploy GPO** dialog box. - -5. Click **Yes**. When the **Progress** window indicates that overall progress is complete, click **Close**. - -**Note**   -To verify whether the most recent version of a GPO has been deployed, on the **Controlled** tab, double-click the GPO to display its **History**. In the **History** for the GPO, the **State** column indicates whether a GPO has been deployed. - - - -### Additional considerations - -- By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Deploy GPO** permissions for the GPO. - -### Additional references - -- [Performing Approver Tasks](performing-approver-tasks-agpm40.md) - - - - - - - - - diff --git a/mdop/agpm/deploy-a-gpo.md b/mdop/agpm/deploy-a-gpo.md deleted file mode 100644 index fcb0ff6fe7..0000000000 --- a/mdop/agpm/deploy-a-gpo.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Deploy a GPO -description: Deploy a GPO -author: dansimp -ms.assetid: a0a3f292-e3ab-46ae-a0fd-d7b2b4ad8883 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploy a GPO - - -Advanced Group Policy Management (AGPM) enables an Approver to deploy a new or edited Group Policy object (GPO) to the production environment. For information about redeploying a previous version of a GPO, see [Roll Back to a Previous Version of a GPO](roll-back-to-a-previous-version-of-a-gpo.md). - -A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To deploy a GPO to the production environment** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -3. Right-click the GPO to be deployed and then click **Deploy**. - -4. To review links to the GPO, click **Advanced**. Pause the mouse pointer on a node in the tree to display details. - - - By default, all links to the GPO will be restored. - - - To prevent a link from being restored, clear the check box for that link. - - - To prevent all links from being restored, clear the **Restore Links** check box in the **Deploy GPO** dialog box. - -5. Click **Yes**. When the **Progress** window indicates that overall progress is complete, click **Close**. - -**Note**   -To verify whether the most recent version of a GPO has been deployed, on the **Controlled** tab, double-click the GPO to display its **History**. In the **History** for the GPO, the **State** column indicates whether a GPO has been deployed. - - - -### Additional considerations - -- By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Deploy GPO** permissions for the GPO. - -### Additional references - -- [Performing Approver Tasks](performing-approver-tasks.md) - - - - - - - - - diff --git a/mdop/agpm/destroy-a-gpo-agpm30ops.md b/mdop/agpm/destroy-a-gpo-agpm30ops.md deleted file mode 100644 index 12697f828f..0000000000 --- a/mdop/agpm/destroy-a-gpo-agpm30ops.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Destroy a GPO -description: Destroy a GPO -author: dansimp -ms.assetid: bfabd71a-47f3-462e-b86f-5f15762b9e28 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Destroy a GPO - - -Approvers can destroy a Group Policy Object (GPO), removing it from the Recycle Bin and permanently deleting it so that it can no longer be restored. - -A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To permanently delete a GPO so it can no longer be restored** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Recycle Bin** tab to display the deleted GPOs. - -3. Right-click the GPO to destroy, and then click **Destroy**. - -4. Click **Yes** to confirm that you want to permanently delete the selected GPO and all backups from the archive. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the **Recycle Bin** tab and is permanently deleted. - -### Additional considerations - -- By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Delete GPO** permissions for the GPO. - -### Additional references - -- [Deleting, Restoring, or Destroying a GPO](deleting-restoring-or-destroying-a-gpo-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/destroy-a-gpo-agpm40.md b/mdop/agpm/destroy-a-gpo-agpm40.md deleted file mode 100644 index 9762120942..0000000000 --- a/mdop/agpm/destroy-a-gpo-agpm40.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Destroy a GPO -description: Destroy a GPO -author: dansimp -ms.assetid: 09bce8c4-f75b-4633-b80b-d894bbec95c9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Destroy a GPO - - -Approvers can destroy a Group Policy Object (GPO), removing it from the Recycle Bin and permanently deleting it so that it can no longer be restored. - -A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To permanently delete a GPO so it can no longer be restored** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Recycle Bin** tab to display the deleted GPOs. - -3. Right-click the GPO to destroy, and then click **Destroy**. - -4. Click **Yes** to confirm that you want to permanently delete the selected GPO and all backups from the archive. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the **Recycle Bin** tab and is permanently deleted. - -### Additional considerations - -- By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Delete GPO** permissions for the GPO. - -### Additional references - -- [Deleting, Restoring, or Destroying a GPO](deleting-restoring-or-destroying-a-gpo-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/destroy-a-gpo.md b/mdop/agpm/destroy-a-gpo.md deleted file mode 100644 index f1b33449d2..0000000000 --- a/mdop/agpm/destroy-a-gpo.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Destroy a GPO -description: Destroy a GPO -author: dansimp -ms.assetid: d74941a3-beef-46cd-a4ca-80a324dcfadf -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Destroy a GPO - - -Advanced Group Policy Management (AGPM) enables Approvers to destroy a Group Policy object (GPO), removing it from the Recycle Bin and permanently deleting it so that it can no longer be restored. - -A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To permanently delete a GPO so it can no longer be restored** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Recycle Bin** tab to display the deleted GPOs. - -3. Right-click the GPO to destroy, and then click **Destroy**. - -4. Click **Yes** to confirm that you want to permanently delete the selected GPO and all backups from the archive. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the **Recycle Bin** tab and is permanently deleted. - -### Additional considerations - -- By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Delete GPO** permissions for the GPO. - -### Additional references - -- [Deleting, Restoring, or Destroying a GPO](deleting-restoring-or-destroying-a-gpo.md) - -  - -  - - - - - diff --git a/mdop/agpm/domain-delegation-tab-agpm30ops.md b/mdop/agpm/domain-delegation-tab-agpm30ops.md deleted file mode 100644 index d2989bdb1a..0000000000 --- a/mdop/agpm/domain-delegation-tab-agpm30ops.md +++ /dev/null @@ -1,123 +0,0 @@ ---- -title: Domain Delegation Tab -description: Domain Delegation Tab -author: dansimp -ms.assetid: 523cdf39-f4b8-4d20-a917-3485756658ce -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Domain Delegation Tab - - -The **Domain Delegation** tab on the **Change Control** pane provides a list of Group Policy administrators who have domain-level access to the archive and indicates the roles of each. Additionally, this tab enables AGPM Administrators (Full Control) to configure domain-level permissions for Editors, Approvers, Reviewers, and other AGPM Administrators. There are two sections on the **Domain Delegation** tab—configuration of e-mail notification and role-based delegation for Advanced Group Policy Management (AGPM) at the domain level. - -## Configuration of e-mail notification - - -The e-mail notification section of this tab identifies the Approvers that will receive notification when operations are pending in AGPM. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SettingDescription

From e-mail address

The AGPM alias from which notification is sent to Approvers. In an environment with multiple domains, this can be the same alias throughout the environment or a different alias for each domain.

To e-mail address

A comma-delimited list of e-mail addresses of Approvers to whom notification is to be sent

SMTP server

The name of the e-mail server, such as mail.contoso.com

User name

A user with access to the SMTP server

Password

User's password for authentication to the SMTP server

Confirm password

Confirm user's password

- -  - -## Domain-level role-based delegation - - -The role-based delegation section of this tab displays and enables an AGPM Administrator to delegate allowed, denied, and inherited permissions for each group and user on the domain with access to the archive. An AGPM Administrator can configure domain-wide permissions using either standard AGPM roles (Editor, Approver, Reviewer, and AGPM Administrator) or a customized combination of permissions for each Group Policy administrator. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ButtonEffect

Add

Add a new entry to the security descriptor. Any users or groups in Active Directory can be added as Group Policy administrators.

Remove

Remove the selected Group Policy administrators from the Access Control List.

Properties

Display the properties for the selected Group Policy administrators.

Advanced

Open the Access Control List Editor.

- -  - -### Additional considerations - -- For information about roles and permissions related to specific tasks, see the tasks under [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm30ops.md), [Performing Editor Tasks](performing-editor-tasks-agpm30ops.md), [Performing Approver Tasks](performing-approver-tasks-agpm30ops.md), and [Performing Reviewer Tasks](performing-reviewer-tasks-agpm30ops.md). - -### Additional references - -- [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management-agpm30ops.md) - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/domain-delegation-tab-agpm40.md b/mdop/agpm/domain-delegation-tab-agpm40.md deleted file mode 100644 index 4a847fcdba..0000000000 --- a/mdop/agpm/domain-delegation-tab-agpm40.md +++ /dev/null @@ -1,123 +0,0 @@ ---- -title: Domain Delegation Tab -description: Domain Delegation Tab -author: dansimp -ms.assetid: 5be5841e-92fb-4af6-aa68-0ae50f8d5141 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Domain Delegation Tab - - -The **Domain Delegation** tab on the **Change Control** pane provides a list of Group Policy administrators who have domain-level access to the archive and indicates the roles of each. Additionally, this tab enables AGPM Administrators (Full Control) to configure domain-level permissions for Editors, Approvers, Reviewers, and other AGPM Administrators. There are two sections on the **Domain Delegation** tab—configuration of e-mail notification and role-based delegation for Advanced Group Policy Management (AGPM) at the domain level. - -## Configuration of e-mail notification - - -The e-mail notification section of this tab identifies the Approvers that will receive notification when operations are pending in AGPM. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SettingDescription

From e-mail address

The AGPM alias from which notification is sent to Approvers. In an environment with multiple domains, this can be the same alias throughout the environment or a different alias for each domain.

To e-mail address

A comma-delimited list of e-mail addresses of Approvers to whom notification is to be sent

SMTP server

The name of the e-mail server, such as mail.contoso.com

User name

A user with access to the SMTP server

Password

User's password for authentication to the SMTP server

Confirm password

Confirm user's password

- -  - -## Domain-level role-based delegation - - -The role-based delegation section of this tab displays and enables an AGPM Administrator to delegate allowed, denied, and inherited permissions for each group and user on the domain with access to the archive. An AGPM Administrator can configure domain-wide permissions using either standard AGPM roles (Editor, Approver, Reviewer, and AGPM Administrator) or a customized combination of permissions for each Group Policy administrator. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ButtonEffect

Add

Add a new entry to the security descriptor. Any users or groups in Active Directory can be added as Group Policy administrators.

Remove

Remove the selected Group Policy administrators from the Access Control List.

Properties

Display the properties for the selected Group Policy administrators.

Advanced

Open the Access Control List Editor.

- -  - -### Additional considerations - -- For information about roles and permissions related to specific tasks, see the tasks under [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm40.md), [Performing Editor Tasks](performing-editor-tasks-agpm40.md), [Performing Approver Tasks](performing-approver-tasks-agpm40.md), and [Performing Reviewer Tasks](performing-reviewer-tasks-agpm40.md). - -### Additional references - -- [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management-agpm40.md) - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/domain-delegation-tab.md b/mdop/agpm/domain-delegation-tab.md deleted file mode 100644 index 01cb0b02be..0000000000 --- a/mdop/agpm/domain-delegation-tab.md +++ /dev/null @@ -1,123 +0,0 @@ ---- -title: Domain Delegation Tab -description: Domain Delegation Tab -author: dansimp -ms.assetid: 15a9bfff-e25b-4b62-9ebc-521a5f4eae96 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Domain Delegation Tab - - -The **Domain Delegation** tab on the **Change Control** pane provides a list of Group Policy administrators who have domain-level access to the archive and indicates the roles of each. Additionally, this tab enables AGPM Administrators (Full Control) to configure domain-level permissions for Editors, Approvers, Reviewers, and other AGPM Administrators. There are two sections on the **Domain Delegation** tab—configuration of e-mail notification and role-based delegation for Advanced Group Policy Management (AGPM) at the domain level. - -## Configuration of e-mail notification - - -The e-mail notification section of this tab identifies the Approvers that will receive notification when operations are pending in AGPM. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SettingDescription

From

The AGPM alias from which notification is sent to Approvers. In an environment with multiple domains, this can be the same alias throughout the environment or a different alias for each domain.

To

A comma-delimited list of e-mail addresses of Approvers to whom notification is to be sent

SMTP server

The name of the e-mail server, such as mail.contoso.com

User name

A user with access to the SMTP server

Password

User's password for authentication to the SMTP server

Confirm password

Confirm user's password

- -  - -## Domain-level role-based delegation - - -The role-based delegation section of this tab displays and enables an AGPM Administrator to delegate allowed, denied, and inherited permissions for each group and user on the domain with access to the archive. An AGPM Administrator can configure domain-wide permissions using either standard AGPM roles (Editor, Approver, Reviewer, and AGPM Administrator) or a customized combination of permissions for each Group Policy administrator. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ButtonEffect

Add

Add a new entry to the security descriptor. Any users or groups in Active Directory can be added as Group Policy administrators.

Remove

Remove the selected Group Policy administrators from the Access Control List.

Properties

Display the properties for the selected Group Policy administrators. The properties page is the same one displayed for an object in Active Directory User and Computers.

Advanced

Open the Access Control List Editor.

- -  - -### Additional considerations - -- For information about roles and permissions related to specific tasks, see the tasks under [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks.md), [Performing Editor Tasks](performing-editor-tasks.md), [Performing Approver Tasks](performing-approver-tasks.md), and [Performing Reviewer Tasks](performing-reviewer-tasks.md). - -### Additional references - -- [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management.md) - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks.md) - -  - -  - - - - - diff --git a/mdop/agpm/edit-a-gpo-offline-agpm30ops.md b/mdop/agpm/edit-a-gpo-offline-agpm30ops.md deleted file mode 100644 index 8e84747307..0000000000 --- a/mdop/agpm/edit-a-gpo-offline-agpm30ops.md +++ /dev/null @@ -1,111 +0,0 @@ ---- -title: Edit a GPO Offline -description: Edit a GPO Offline -author: dansimp -ms.assetid: 51677d8a-6209-41b5-82ed-4f3be817abc0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Edit a GPO Offline - - -To make changes to a controlled Group Policy Object (GPO), you must first check out a copy of the GPO from the archive. No one else will be able to modify the GPO until it is checked in again, preventing the introduction of conflicting changes by multiple Group Policy administrators. When you have finished modifying the GPO, you check it into the archive so that it can be reviewed and deployed to the production environment. - -A user account with the Editor or AGPM Administrator (Full Control) role, the user account of the Approver who created the GPO, or a user account with the necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -## Editing a GPO offline - - -To edit a GPO, you check out the GPO from the archive, edit the GPO offline, and then check the GPO into the archive so that it can be reviewed and deployed (or modified by other Editors). - -- [Check out a GPO from the archive for editing](#bkmk-checkout) - -- [Edit a GPO offline](#bkmk-edit) - -- [Check a GPO into the archive](#bkmk-checkin) - -### - -**To check out a GPO from the archive for editing** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -3. Right-click the GPO to be edited, and then click **Check Out**. - -4. Type a comment to be displayed in the History of the GPO while it is checked out, and then click **OK**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. On the **Controlled** tab, the state of the GPO is now identified as **Checked Out**. - -### - -**To edit a GPO offline** - -1. On the **Controlled** tab, right-click the GPO to be edited, and then click **Edit**. - -2. In the **Group Policy Management Editor** window, make changes to an offline copy of the GPO. - - **Note**   - To disable all Computer Configuration settings or all User Configuration settings, right-click the GPO in the **Group Policy Management Editor** window and click **Properties**. Select **Disable Computer Configuration settings** or **Disable User Configuration settings** as appropriate. - - - -3. When you have finished modifying the GPO, close the **Group Policy Management Editor** window. - -### - -**To check a GPO into the archive** - -1. On the **Controlled** tab: - - - If you have made no changes to the GPO, right-click the GPO and click **Undo Check Out**, and then click **Yes** to confirm. - - - If you have made changes to the GPO, right-click the GPO and click **Check In**. - -2. Type a comment to be displayed in the audit trail of the GPO, and then click **OK**. - -3. When the **Progress** window indicates that overall progress is complete, click **Close**. On the **Controlled** tab, the state of the GPO is identified as **Checked In**. - -### Additional considerations - -- To check out and edit a GPO, by default you must be the Approver who created or controlled the GPO, an Editor, or an AGPM Administrator (Full Control). Specifically, you must have **List Contents** and **Edit Settings** permissions for the GPO. Additionally, to edit the GPO you must be the individual who has checked out the GPO. - -- To check in a GPO, by default, you must be an Editor, an Approver, or an AGPM Administrator (Full Control). Specifically, you must have **List Contents** and either **Edit Settings** or **Deploy GPO** permissions for the GPO. If you are not an Approver or AGPM Administrator (or other Group Policy administrator with **Deploy GPO** permission), you must be the Editor who has checked out the GPO. - -- When editing a GPO, any Group Policy Software Installation upgrade of a package in another GPO should reference the deployed GPO, and not the checked-out copy. - -### Additional references - -- [Editing a GPO](editing-a-gpo-agpm30ops.md) - -- Reviewing a GPO - - - [Review GPO Settings](review-gpo-settings-agpm30ops.md) - - - [Review GPO Links](review-gpo-links-agpm30ops.md) - - - [Identify Differences Between GPOs, GPO Versions, or Templates](identify-differences-between-gpos-gpo-versions-or-templates-agpm30ops.md) - -- Deploying a GPO - - - [Request Deployment of a GPO](request-deployment-of-a-gpo-agpm30ops.md) - - - [Deploy a GPO](deploy-a-gpo-agpm30ops.md) - - - - - - - - - diff --git a/mdop/agpm/edit-a-gpo-offline-agpm40.md b/mdop/agpm/edit-a-gpo-offline-agpm40.md deleted file mode 100644 index 6288426883..0000000000 --- a/mdop/agpm/edit-a-gpo-offline-agpm40.md +++ /dev/null @@ -1,111 +0,0 @@ ---- -title: Edit a GPO Offline -description: Edit a GPO Offline -author: dansimp -ms.assetid: 9c75eb3c-d4d5-41e0-b65e-8b4464a42cd9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Edit a GPO Offline - - -To make changes to a controlled Group Policy Object (GPO), you must first check out a copy of the GPO from the archive. No one else will be able to modify the GPO until it is checked in again, preventing the introduction of conflicting changes by multiple Group Policy administrators. When you have finished modifying the GPO, you check it into the archive so that it can be reviewed and deployed to the production environment. - -A user account with the Editor or AGPM Administrator (Full Control) role, the user account of the Approver who created the GPO, or a user account with the necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -## Editing a GPO offline - - -To edit a GPO, you check out the GPO from the archive, edit the GPO offline, and then check the GPO into the archive so that it can be reviewed and deployed (or modified by other Editors). - -- [Check out a GPO from the archive for editing](#bkmk-checkout) - -- [Edit a GPO offline](#bkmk-edit) - -- [Check a GPO into the archive](#bkmk-checkin) - -### - -**To check out a GPO from the archive for editing** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -3. Right-click the GPO to be edited, and then click **Check Out**. - -4. Type a comment to be displayed in the History of the GPO while it is checked out, and then click **OK**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. On the **Controlled** tab, the state of the GPO is now identified as **Checked Out**. - -### - -**To edit a GPO offline** - -1. On the **Controlled** tab, right-click the GPO to be edited, and then click **Edit**. - -2. In the **Group Policy Management Editor** window, make changes to an offline copy of the GPO. - - **Note**   - To disable all Computer Configuration settings or all User Configuration settings, right-click the GPO in the **Group Policy Management Editor** window and click **Properties**. Select **Disable Computer Configuration settings** or **Disable User Configuration settings** as appropriate. - - - -3. When you have finished modifying the GPO, close the **Group Policy Management Editor** window. - -### - -**To check a GPO into the archive** - -1. On the **Controlled** tab: - - - If you have made no changes to the GPO, right-click the GPO and click **Undo Check Out**, and then click **Yes** to confirm. - - - If you have made changes to the GPO, right-click the GPO and click **Check In**. - -2. Type a comment to be displayed in the audit trail of the GPO, and then click **OK**. - -3. When the **Progress** window indicates that overall progress is complete, click **Close**. On the **Controlled** tab, the state of the GPO is identified as **Checked In**. - -### Additional considerations - -- To check out and edit a GPO, by default you must be the Approver who created or controlled the GPO, an Editor, or an AGPM Administrator (Full Control). Specifically, you must have **List Contents** and **Edit Settings** permissions for the GPO. Additionally, to edit the GPO you must be the individual who has checked out the GPO. - -- To check in a GPO, by default, you must be an Editor, an Approver, or an AGPM Administrator (Full Control). Specifically, you must have **List Contents** and either **Edit Settings** or **Deploy GPO** permissions for the GPO. If you are not an Approver or AGPM Administrator (or other Group Policy administrator with **Deploy GPO** permission), you must be the Editor who has checked out the GPO. - -- When editing a GPO, any Group Policy Software Installation upgrade of a package in another GPO should reference the deployed GPO, and not the checked-out copy. - -### Additional references - -- [Editing a GPO](editing-a-gpo-agpm40.md) - -- Reviewing a GPO - - - [Review GPO Settings](review-gpo-settings-agpm40.md) - - - [Review GPO Links](review-gpo-links-agpm40.md) - - - [Identify Differences Between GPOs, GPO Versions, or Templates](identify-differences-between-gpos-gpo-versions-or-templates-agpm40.md) - -- Deploying a GPO - - - [Request Deployment of a GPO](request-deployment-of-a-gpo-agpm40.md) - - - [Deploy a GPO](deploy-a-gpo-agpm40.md) - - - - - - - - - diff --git a/mdop/agpm/edit-a-gpo-offline.md b/mdop/agpm/edit-a-gpo-offline.md deleted file mode 100644 index bc1aba3836..0000000000 --- a/mdop/agpm/edit-a-gpo-offline.md +++ /dev/null @@ -1,106 +0,0 @@ ---- -title: Edit a GPO Offline -description: Edit a GPO Offline -author: dansimp -ms.assetid: 4a148952-9fe9-4ec4-8df1-b25e37c97a54 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Edit a GPO Offline - - -To make changes to a controlled Group Policy object (GPO), you must first check out a copy of the GPO from the archive. No one else will be able to modify the GPO until it is checked in again, preventing the introduction of conflicting changes by multiple Group Policy administrators. When you have finished modifying the GPO, you check it into the archive, so it can be reviewed and deployed to the production environment. - -A user account with the Editor or AGPM Administrator (Full Control) role, the user account of the Approver who created the GPO, or a user account with the necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -## Editing a GPO offline - - -To edit a GPO, you check out the GPO from the archive, edit the GPO offline, and then check the GPO into the archive, so it can be reviewed and deployed (or modified by other Editors). - -- [Check out a GPO](#bkmk-checkout) - -- [Edit a GPO](#bkmk-edit) - -- [Check in a GPO](#bkmk-checkin) - -### - -**To check out a GPO from the archive for editing** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click the **Controlled** tab to display the controlled GPOs. - -3. Right-click the GPO to be edited, and then click **Check Out**. - -4. Type a comment to be displayed in the History of the GPO while it is checked out, then click **OK**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. On the **Controlled** tab, the state of the GPO is now identified as **Checked Out**. - -### - -**To edit a GPO offline** - -1. On the **Controlled** tab, right-click the GPO to be edited, and then click **Edit**. - -2. In the **Group Policy Object Editor**, make changes to an offline copy of the GPO. - -3. When you have finished modifying the GPO, close the **Group Policy Object Editor**. - -### - -**To check a GPO into the archive** - -1. On the **Controlled** tab: - - - If you have made no changes to the GPO, right-click the GPO and click **Undo Check Out**, then click **Yes** to confirm. - - - If you have made changes to the GPO, right-click the GPO and click **Check In**. - -2. Type a comment to be displayed in the audit trail of the GPO, and then click **OK**. - -3. When the **Progress** window indicates that overall progress is complete, click **Close**. On the **Controlled** tab, the state of the GPO is identified as **Checked In**. - -### Additional considerations - -- To check out and edit a GPO, by default, you must be the Approver who created or controlled the GPO, an Editor, or an AGPM Administrator (Full Control). Specifically, you must have **List Contents** and **Edit Settings** permissions for the GPO. Additionally, to edit the GPO you must be the individual who has checked out the GPO. - -- To check in a GPO, by default, you must be an Editor, an Approver, or an AGPM Administrator (Full Control). Specifically, you must have **List Contents** and either **Edit Settings** or **Deploy GPO** permissions for the GPO. If you are not an Approver or AGPM Administrator (or other Group Policy administrator with **Deploy GPO** permission), you must be the Editor who has checked out the GPO. - -- When editing a GPO, any Group Policy Software Installation upgrade of a package in another GPO should reference the deployed GPO, not the checked-out copy. - -### Additional references - -- [Editing a GPO](editing-a-gpo.md) - -- Reviewing a GPO - - - [Review GPO Settings](review-gpo-settings.md) - - - [Review GPO Links](review-gpo-links.md) - - - [Identify Differences Between GPOs, GPO Versions, or Templates](identify-differences-between-gpos-gpo-versions-or-templates.md) - -- Deploying a GPO - - - [Request Deployment of a GPO](request-deployment-of-a-gpo.md) - - - [Deploy a GPO](deploy-a-gpo.md) - -  - -  - - - - - diff --git a/mdop/agpm/editing-a-gpo-agpm30ops.md b/mdop/agpm/editing-a-gpo-agpm30ops.md deleted file mode 100644 index 59b629a5c0..0000000000 --- a/mdop/agpm/editing-a-gpo-agpm30ops.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: Editing a GPO -description: Editing a GPO -author: dansimp -ms.assetid: 3024051a-ff33-46d0-9c3e-68ebae7f6b60 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Editing a GPO - - -A Group Policy Object (GPO) must be controlled by Advanced Group Policy Management (AGPM) before you can edit it. See [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-agpm30ops.md) for more information about controlling a GPO. - -To make changes to a GPO offline without immediately impacting the deployed copy of the GPO in the production environment, check out a copy of the GPO from the archive. When changes are complete, check the GPO back into the archive and request deployment of the GPO to the production environment. - -- [Edit a GPO Offline](edit-a-gpo-offline-agpm30ops.md) - -- [Use a Test Environment](use-a-test-environment-agpm30ops.md) - -- [Request Deployment of a GPO](request-deployment-of-a-gpo-agpm30ops.md) - -- [Label the Current Version of a GPO](label-the-current-version-of-a-gpo-agpm30ops.md) - -- [Rename a GPO or Template](rename-a-gpo-or-template-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/editing-a-gpo-agpm40.md b/mdop/agpm/editing-a-gpo-agpm40.md deleted file mode 100644 index affa8b706e..0000000000 --- a/mdop/agpm/editing-a-gpo-agpm40.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -title: Editing a GPO -description: Editing a GPO -author: dansimp -ms.assetid: ef42eefe-7705-46b2-954d-18966335cbbf -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Editing a GPO - - -A Group Policy Object (GPO) must be controlled by Advanced Group Policy Management (AGPM) before you can edit it. See [Creating or Controlling a GPO](creating-or-controlling-a-gpo-agpm40-ed.md) for more information about controlling a GPO. - -To make changes to a GPO offline without immediately impacting the deployed copy of the GPO in the production environment, check out a copy of the GPO from the archive. When changes are complete, check the GPO back into the archive, test it, and request deployment of the GPO to the production environment. - -- [Edit a GPO Offline](edit-a-gpo-offline-agpm40.md) - -- [Label the Current Version of a GPO](label-the-current-version-of-a-gpo-agpm40.md) - -- [Rename a GPO or Template](rename-a-gpo-or-template-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/editing-a-gpo.md b/mdop/agpm/editing-a-gpo.md deleted file mode 100644 index 8569b51552..0000000000 --- a/mdop/agpm/editing-a-gpo.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: Editing a GPO -description: Editing a GPO -author: dansimp -ms.assetid: ec77d3bb-8a64-4d8e-9c28-87763de02ec0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Editing a GPO - - -A Group Policy object (GPO) must be controlled by Advanced Group Policy Management (AGPM) before you can edit it. See [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-editor.md) for more information about controlling a GPO. - -To make changes to a GPO offline without immediately impacting the deployed copy of the GPO in the production environment, check out a copy of the GPO from the archive. When changes are complete, check the GPO back into the archive and request deployment of the GPO to the production environment. - -- [Edit a GPO Offline](edit-a-gpo-offline.md) - -- [Use a Test Environment](use-a-test-environment.md) - -- [Request Deployment of a GPO](request-deployment-of-a-gpo.md) - -- [Label the Current Version of a GPO](label-the-current-version-of-a-gpo.md) - -- [Rename a GPO or Template](rename-a-gpo-or-template.md) - -  - -  - - - - - diff --git a/mdop/agpm/export-a-gpo-to-a-file.md b/mdop/agpm/export-a-gpo-to-a-file.md deleted file mode 100644 index 6cbcfe2245..0000000000 --- a/mdop/agpm/export-a-gpo-to-a-file.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: Export a GPO to a File -description: Export a GPO to a File -author: dansimp -ms.assetid: 0d01b1f7-a6a4-4d0d-9aa7-2d6f1ae93d9d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Export a GPO to a File - - -You can export a controlled Group Policy Object (GPO) to a CAB file so that you can copy it to a domain in another forest and import the GPO into Advanced Group Policy Management (AGPM) in that domain. For information about how to import GPO settings into a new or existing GPO, see [Import a GPO from a File](import-a-gpo-from-a-file-ed.md). - -A user account with the Editor or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To export a GPO to a file** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -3. Right-click the GPO, and then click **Export to**. - -4. Enter a file name for the file to which you want to export the GPO, and then click **Export**. If the file does not exist, it is created. If it already exists, it is replaced. - -### Additional considerations - -- By default, you must be an Editor or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents**, **Read Settings**, and **Export GPO** permissions for the GPO. - -### Additional references - -- [Using a Test Environment](using-a-test-environment.md) - -  - -  - - - - - diff --git a/mdop/agpm/feature-visibility-settings-agpm30ops.md b/mdop/agpm/feature-visibility-settings-agpm30ops.md deleted file mode 100644 index 5a6f4b5583..0000000000 --- a/mdop/agpm/feature-visibility-settings-agpm30ops.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: Feature Visibility Settings -description: Feature Visibility Settings -author: dansimp -ms.assetid: 6a844478-a6b0-490d-923f-5a6f82467831 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Feature Visibility Settings - - -The Administrative template settings for Advanced Group Policy Management (AGPM) enable you to centrally configure the visibility of the **Change Control** folder and **History** tab for Group Policy administrators to whom a Group Policy Object (GPO) with these settings is applied. - -The following settings are available under User Configuration\\Policies\\Administrative Templates\\Windows Components\\Microsoft Management Console\\Restricted/Permitted Snap-ins\\Extension Snap-ins when editing a GPO. - - ---- - - - - - - - - - - - - - - - - - - - - -
SettingEffect

AGPM: Show Change Control tab

This policy setting allows you to control the visibility of the Change Control folder in the Group Policy Management Console (GPMC).

AGPM: Show History tab for linked GPOs

This policy setting allows you to control the visibility of the History tab provided by AGPM when you view a linked GPO in the GPMC.

AGPM: Show History tab for GPOs

This policy setting allows you to control the visibility of the History tab provided by AGPM when you view a GPO in the GPMC.

- -  - -### Additional references - -- [Administrative Templates Folder](administrative-templates-folder-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/feature-visibility-settings-agpm40.md b/mdop/agpm/feature-visibility-settings-agpm40.md deleted file mode 100644 index 126b1eb425..0000000000 --- a/mdop/agpm/feature-visibility-settings-agpm40.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: Feature Visibility Settings -description: Feature Visibility Settings -author: dansimp -ms.assetid: d3c0b02a-b943-4001-8b9c-dfac8fe58789 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Feature Visibility Settings - - -The Administrative template settings for Advanced Group Policy Management (AGPM) enable you to centrally configure the visibility of the **Change Control** folder and **History** tab for Group Policy administrators to whom a Group Policy Object (GPO) with these settings is applied. - -The following settings are available under User Configuration\\Policies\\Administrative Templates\\Windows Components\\Microsoft Management Console\\Restricted/Permitted Snap-ins\\Extension Snap-ins when editing a GPO. - - ---- - - - - - - - - - - - - - - - - - - - - -
SettingEffect

AGPM: Show Change Control tab

This policy setting allows you to control the visibility of the Change Control folder in the Group Policy Management Console (GPMC).

AGPM: Show History tab for linked GPOs

This policy setting allows you to control the visibility of the History tab provided by AGPM when you view a linked GPO in the GPMC.

AGPM: Show History tab for GPOs

This policy setting allows you to control the visibility of the History tab provided by AGPM when you view a GPO in the GPMC.

- -  - -### Additional references - -- [Administrative Templates Folder](administrative-templates-folder-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/feature-visibility-settings.md b/mdop/agpm/feature-visibility-settings.md deleted file mode 100644 index 7a3848854c..0000000000 --- a/mdop/agpm/feature-visibility-settings.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: Feature Visibility Settings -description: Feature Visibility Settings -author: dansimp -ms.assetid: 9db2ba03-fb75-4f95-9138-ec89b9fc8d01 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Feature Visibility Settings - - -The Administrative template settings for Advanced Group Policy Management (AGPM) enable you to centrally configure the visibility of the **Change Control** node and **History** tab for Group Policy administrators to whom a Group Policy object (GPO) with these settings is applied. - -The following settings are available under User Configuration\\Administrative Templates\\Windows Components\\Microsoft Management Console\\Restricted/Permitted Snap-ins\\Extension Snap-ins in the **Group Policy Object Editor** when editing a GPO in the Group Policy Management Console (GPMC). If this path is not visible, right-click **Administrative Templates**, and add the agpm.admx or agpm.adm template. - - ---- - - - - - - - - - - - - - - - - - - - - -
SettingEffect

AGPM Change Control

If enabled or not configured, the Change Control node is visible in the GPMC.

-

If disabled, the Change Control node is not visible in the GPMC.

AGPM Link Extension

If enabled or not configured, a History tab appears in the GPMC for each linked GPO.

-

If disabled, the History tab is not visible for linked GPOs.

AGPM GPO Extension

If enabled or not configured, a History tab appears in the GPMC for each GPO.

-

If disabled, the History tab is not visible for GPOs.

- -  - -### Additional references - -- [Administrative Template Settings](administrative-template-settings.md) - -  - -  - - - - - diff --git a/mdop/agpm/history-window-agpm30ops.md b/mdop/agpm/history-window-agpm30ops.md deleted file mode 100644 index bc85f0fee8..0000000000 --- a/mdop/agpm/history-window-agpm30ops.md +++ /dev/null @@ -1,204 +0,0 @@ ---- -title: History Window -description: History Window -author: dansimp -ms.assetid: 114f50a4-508d-4589-b006-6cd05cffe6b7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# History Window - - -The history of a Group Policy Object (GPO) can be displayed by double-clicking a GPO or by right-clicking a GPO and then clicking **History**. It is also displayed in the **Group Policy Management Console** (GPMC) as a tab for each GPO. - -The history provides a record of events in the lifetime of the selected GPO. From the **History** window, you can obtain a report of the settings within a version of the GPO, compare multiple versions of a GPO, or roll back to a previous version of a GPO. - -## Filtering events in the History window - - -The tabs within the **History** window filter the states in the history of the GPO. - - ---- - - - - - - - - - - - - - - - - -
TabsFiltering

All States

Display all states in the history of the GPO.

Unique Versions

Display only unique versions of the GPO checked into the archive. The version deployed to the production environment, shortcuts to unique versions, and informational states are omitted from this list.

- - - -## Event information - - -Information is provided for each state in the history of the GPO. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
GPO attributeDescription

Change Date

Time stamp of when the action in the State column was performed.

State

A state in the history of the GPO.

Changed By

The person who checked in or deployed the GPO.

Comment

A comment entered by the person who checked in or deployed a GPO at the time that this version was modified. Useful for identifying the specifics of the version in case of the need to roll back to a previous version.

Deletable

Whether this version of the GPO can be deleted if the number of unique versions of each GPO retained in the archive is limited.

-
-Note

You can modify whether a version of a GPO is deletable by right-clicking it and then clicking Do Not Allow Deletion or Allow Deletion.

-
-
- -

Computer Version

Automatically generated version of the Computer Configuration portion of the GPO.

User Version

Automatically generated version of the User Configuration portion of the GPO.

GPO Status

The Computer Configuration and the User Configuration can be managed separately from each other. This status shows which portions of the GPO are enabled.

WMI Filter

Display any WMI filters that are applied to this GPO. WMI filters are managed under the WMI Filters folder for the domain in the console tree of the GPMC.

- - - -## Reports - - -The **Settings** and **Differences** buttons display reports about GPO settings for the GPO version or versions selected. Right-clicking GPO versions provides the option to display XML-based reports as well. - - ---- - - - - - - - - - - - - - - - - -
ButtonEffect

Settings

Generate an HTML-based report displaying the settings within the selected version of the GPO.

Differences

Generate an HTML-based report comparing the settings within multiple selected versions of the GPO.

- - - -### Key to difference reports - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SymbolMeaningColor

None

Item exists with identical settings in both GPOs

Varies with level

[#]

Item exists in both GPOs, but with changed settings

Blue

[-]

Item exists only in the first GPO

Red

[+]

Item exists only in the second GPO

Green

- - - -- For items with changed settings, the changed settings are identified when the item is expanded. The value for the attribute in each GPO is displayed in the same order that the GPOs are displayed in the report. - -- Some changes to settings may cause an item to be reported as two different items (one present only in the first GPO, one present only in the second), rather than as one item that has changed. - -### Additional references - -- [Contents Tab](contents-tab-agpm30ops.md) - - - - - - - - - diff --git a/mdop/agpm/history-window-agpm40.md b/mdop/agpm/history-window-agpm40.md deleted file mode 100644 index 0d1f91b021..0000000000 --- a/mdop/agpm/history-window-agpm40.md +++ /dev/null @@ -1,204 +0,0 @@ ---- -title: History Window -description: History Window -author: dansimp -ms.assetid: 5bea62e7-d267-40b2-a66d-fb1be7373a1c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# History Window - - -The history of a Group Policy Object (GPO) can be displayed by double-clicking a GPO or by right-clicking a GPO and then clicking **History**. It is also displayed in the Group Policy Management Console (GPMC) as a tab for each GPO. - -The history provides a record of events in the lifetime of the selected GPO. From the **History** window, you can obtain a report of the settings in a version of the GPO, compare multiple versions of a GPO, or roll back to an earlier version of a GPO. - -## Filtering events in the History window - - -The tabs within the **History** window filter the states in the history of the GPO. - - ---- - - - - - - - - - - - - - - - - -
TabsFiltering

All States

Display all states in the history of the GPO.

Unique Versions

Display only unique versions of the GPO checked into the archive. The version deployed to the production environment, shortcuts to unique versions, and informational states are omitted from this list.

- - - -## Event information - - -Information is provided for each state in the history of the GPO. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
GPO attributeDescription

Change Date

Time stamp of when the action in the State column was performed.

State

A state in the history of the GPO.

Changed By

The person who checked in or deployed the GPO.

Comment

A comment entered by the person who checked in or deployed a GPO at the time that this version was changed, useful for identifying the specifics of the version in case of the need to roll back to an earlier version.

Deletable

Whether this version of the GPO can be deleted if the number of unique versions of each GPO retained in the archive is limited.

-
-Note

You can change whether a version of a GPO can be deleted by right-clicking the GPO and then clicking Do Not Allow Deletion or Allow Deletion.

-
-
- -

Computer Version

Automatically generated version of the Computer Configuration part of the GPO.

User Version

Automatically generated version of the User Configuration part of the GPO.

GPO Status

The Computer Configuration and the User Configuration can be managed separately from each other. This status shows which portions of the GPO are enabled.

Source GPO Information

For a GPO that has been imported from another forest, the original GPO name, domain, and user and date associated with the last change.

- - - -## Reports - - -The **Settings** and **Differences** buttons display reports about GPO settings for the GPO version or versions selected. Also, right-clicking a GPO version or versions provides the option to display XML-based reports. - - ---- - - - - - - - - - - - - - - - - -
ButtonEffect

Settings

Generate an HTML-based report displaying the settings within the selected version of the GPO.

Differences

Generate an HTML-based report comparing the settings within multiple selected versions of the GPO.

- - - -### Key to difference reports - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SymbolMeaningColor

None

Item exists with identical settings in both GPOs

Varies with level

[#]

Item exists in both GPOs, but with changed settings

Blue

[-]

Item exists only in the first GPO

Red

[+]

Item exists only in the second GPO

Green

- - - -- For items with changed settings, the changed settings are identified when the item is expanded. The value for the attribute in each GPO is displayed in the same order that the GPOs are displayed in the report. - -- Some changes to settings may cause an item to be reported as two items (one present only in the first GPO, one present only in the second), instead of one item that has changed. - -### Additional references - -- [Contents Tab](contents-tab-agpm40.md) - - - - - - - - - diff --git a/mdop/agpm/history-window.md b/mdop/agpm/history-window.md deleted file mode 100644 index 7de100917a..0000000000 --- a/mdop/agpm/history-window.md +++ /dev/null @@ -1,199 +0,0 @@ ---- -title: History Window -description: History Window -author: dansimp -ms.assetid: f11f9ad9-bffe-4c56-8c46-fe9c0a8e55c1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# History Window - - -The history of a Group Policy object (GPO) can be displayed by double-clicking a GPO or by right-clicking a GPO and then clicking **History**. It is also displayed in the **Group Policy Management Console** (GPMC) as a tab for each GPO. - -The history provides a list of all versions of the selected GPO saved within the archive. From the **History** window, you can obtain a report of the settings within a GPO, compare multiple versions of a GPO, or roll back to a previous version of a GPO. - -## Filtering events in the History window - - -The tabs within the **History** window filter the events displayed. - - ---- - - - - - - - - - - - - - - - - - - - - -
TabsFiltering

Show All

Display all versions of the GPO.

Checked In

Display only checked-in versions of the GPO. The deployed version is omitted from this list.

Labels Only

Display only GPOs that have labels associated with them.

- -  - -## Event information - - -Information is provided for each event in the history of the selected GPO. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
GPO CharacteristicDescription

Computer

Automatically generated version of the Computer Configuration portion of the GPO.

User

Automatically generated version of the User Configuration portion of the GPO.

Time

Timestamp of the version of the GPO when the action in the status field was performed.

State

The state of the selected version of the GPO:

-

Deployed GPO icon Deployed: This version of the GPO is currently live in the production environment.

-

Checked in GPO icon Checked In: This version of the GPO is available for authorized Editors to check out for editing or for a Group Policy administrator to deploy.

-

Checked out GPO icon Checked Out: This version of the GPO is currently checked out by an Editor and is unavailable for other Editors. (The checked out state is not recorded in the History except to indicate if a GPO is currently checked out.)

-

Created GPO icon Created: Identifies the date and time of the initial creation of the GPO.

-

Labeled GPO icon Labeled: Identifies a labeled version of the GPO.

GPO Status

The Computer Configuration and the User Configuration can be managed separately from each other. This status shows which portions of the GPO are enabled.

Owner

The person who checked in or deployed the GPO.

Comment

A comment entered by the owner of a GPO at the time that this version was modified. Useful for identifying the specifics of the version in case of the need to roll back to a previous version.

- -  - -## Reports - - -Depending on whether a single GPO version or multiple GPO versions are selected, the **Settings** and **Differences** buttons display reports on GPO settings. Right-clicking GPO versions provides the option to display XML-based reports as well. - - ---- - - - - - - - - - - - - - - - - -
ButtonEffect

Settings

Generate an HTML-based report displaying the settings within the selected version of the GPO.

Differences

Generate an HTML-based report comparing the settings within multiple selected versions of the GPO.

- -  - -### Key to difference reports - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SymbolMeaningColor

None

Item exists with identical settings in both GPOs

Varies with level

[#]

Item exists in both GPOs, but with changed settings

Blue

[-]

Item exists only in the first GPO

Red

[+]

Item exists only in the second GPO

Green

- -  - -- For items with changed settings, the changed settings are identified when the item is expanded. The value for the attribute in each GPO is displayed in the same order that the GPOs are displayed in the report. - -- Some changes to settings may cause an item to be reported as two different items (one present only in the first GPO, one present only in the second), rather than as one item that has changed. - -### Additional references - -- [Contents Tab](contents-tab.md) - -  - -  - - - - - diff --git a/mdop/agpm/identify-differences-between-gpos-gpo-versions-or-templates-agpm30ops.md b/mdop/agpm/identify-differences-between-gpos-gpo-versions-or-templates-agpm30ops.md deleted file mode 100644 index b7d575576e..0000000000 --- a/mdop/agpm/identify-differences-between-gpos-gpo-versions-or-templates-agpm30ops.md +++ /dev/null @@ -1,147 +0,0 @@ ---- -title: Identify Differences Between GPOs, GPO Versions, or Templates -description: Identify Differences Between GPOs, GPO Versions, or Templates -author: dansimp -ms.assetid: e391fa91-3956-4150-9d43-900cfc88d543 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Identify Differences Between GPOs, GPO Versions, or Templates - - -You can generate HTML-based or XML-based difference reports to analyze the differences between Group Policy Objects (GPOs), templates, or different versions of a GPO. - -A user account with the Reviewer, Editor, Approver, or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -## Identifying differences between GPOs, GPO versions, or templates - - -- [Between two GPOs or templates](#bkmk-two-gpos) - -- [Between a GPO and a template](#bkmk-gpo-and-template) - -- [Between two versions of one GPO](#bkmk-two-versions) - -- [Between a GPO version and a template](#bkmk-gpo-version-and-template) - -## - - -**To identify differences between two GPOs or templates** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click a tab to display GPOs (or templates, if comparing two templates). - -3. Select the two GPOs or templates. - -4. Right-click one of the GPOs or templates, click **Differences**, and then click **HTML Report** or **XML Report** to display a difference report summarizing the settings of the GPOs or templates. - -### - -**To identify differences between a GPO and a template** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click a tab to display GPOs (or templates, if comparing two templates). - -3. Right-click the GPO, click **Differences**, and then click **Template**. - -4. Select the template and type of report, and then click **OK** to display a difference report summarizing the settings of the GPO and template. - -### - -**To identify differences between two versions of one GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click a tab to display GPOs (or templates, if comparing two templates). - -3. Double-click the GPO to display its history, and then highlight the versions to be compared. - -4. Right-click one of the versions, click **Differences**, and then click **HTML Report** or **XML Report** to display a difference report summarizing the settings of the GPOs. - -### - -**To identify differences between a GPO version and a template** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click a tab to display GPOs (or templates, if comparing two templates). - -3. Double-click the GPO to display its history. - -4. Right-click the GPO version of interest, click **Differences**, and then click **Template**. - -5. Select the template and type of report, and then click **OK** to display a difference report summarizing the settings of the GPO version and template. - -## Key to difference reports - - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SymbolMeaningColor

None

Item exists with identical settings in both GPOs

Varies with level

[#]

Item exists in both GPOs, but with changed settings

Blue

[-]

Item exists only in the first GPO

Red

[+]

Item exists only in the second GPO

Green

- -  - -- For items with changed settings, the changed settings are identified when the item is expanded. The value for the attribute in each GPO is displayed in the same order that the GPOs are displayed in the report. - -- Some changes to settings may cause an item to be reported as two different items (one present only in the first GPO, one present only in the second) rather than as one item that has changed. - -### Additional considerations - -- By default, you must be a Reviewer, an Editor, an Approver, or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Read Settings** permissions for the GPO. Also, to display the list of GPOs, you must have **List Contents** permission for the domain. - -### Additional references - -- [Performing Reviewer Tasks](performing-reviewer-tasks-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/identify-differences-between-gpos-gpo-versions-or-templates-agpm40.md b/mdop/agpm/identify-differences-between-gpos-gpo-versions-or-templates-agpm40.md deleted file mode 100644 index 6201499127..0000000000 --- a/mdop/agpm/identify-differences-between-gpos-gpo-versions-or-templates-agpm40.md +++ /dev/null @@ -1,147 +0,0 @@ ---- -title: Identify Differences Between GPOs, GPO Versions, or Templates -description: Identify Differences Between GPOs, GPO Versions, or Templates -author: dansimp -ms.assetid: 3f03c368-162b-450f-be6c-2807c3e8d741 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Identify Differences Between GPOs, GPO Versions, or Templates - - -You can generate HTML-based or XML-based difference reports to analyze the differences between Group Policy Objects (GPOs), templates, or different versions of a GPO. - -A user account with the Reviewer, Editor, Approver, or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -## Identifying differences between GPOs, GPO versions, or templates - - -- [Between two GPOs or templates](#bkmk-two-gpos) - -- [Between a GPO and a template](#bkmk-gpo-and-template) - -- [Between two versions of one GPO](#bkmk-two-versions) - -- [Between a GPO version and a template](#bkmk-gpo-version-and-template) - -## - - -**To identify differences between two GPOs or templates** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click a tab to display GPOs (or templates, if comparing two templates). - -3. Select the two GPOs or templates. - -4. Right-click one of the GPOs or templates, click **Differences**, and then click **HTML Report** or **XML Report** to display a difference report summarizing the settings of the GPOs or templates. - -### - -**To identify differences between a GPO and a template** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click a tab to display GPOs (or templates, if comparing two templates). - -3. Right-click the GPO, click **Differences**, and then click **Template**. - -4. Select the template and type of report, and then click **OK** to display a difference report summarizing the settings of the GPO and template. - -### - -**To identify differences between two versions of one GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click a tab to display GPOs (or templates, if comparing two templates). - -3. Double-click the GPO to display its history, and then highlight the versions to be compared. - -4. Right-click one of the versions, click **Differences**, and then click **HTML Report** or **XML Report** to display a difference report summarizing the settings of the GPOs. - -### - -**To identify differences between a GPO version and a template** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click a tab to display GPOs (or templates, if comparing two templates). - -3. Double-click the GPO to display its history. - -4. Right-click the GPO version of interest, click **Differences**, and then click **Template**. - -5. Select the template and type of report, and then click **OK** to display a difference report summarizing the settings of the GPO version and template. - -## Key to difference reports - - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SymbolMeaningColor

None

Item exists with identical settings in both GPOs

Varies with level

[#]

Item exists in both GPOs, but with changed settings

Blue

[-]

Item exists only in the first GPO

Red

[+]

Item exists only in the second GPO

Green

- -  - -- For items with changed settings, the changed settings are identified when the item is expanded. The value for the attribute in each GPO is displayed in the same order that the GPOs are displayed in the report. - -- Some changes to settings may cause an item to be reported as two different items (one present only in the first GPO, one present only in the second) rather than as one item that has changed. - -### Additional considerations - -- By default, you must be a Reviewer, an Editor, an Approver, or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Read Settings** permissions for the GPO. Also, to display the list of GPOs, you must have **List Contents** permission for the domain. - -### Additional references - -- [Performing Reviewer Tasks](performing-reviewer-tasks-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/identify-differences-between-gpos-gpo-versions-or-templates.md b/mdop/agpm/identify-differences-between-gpos-gpo-versions-or-templates.md deleted file mode 100644 index 684eac2b0a..0000000000 --- a/mdop/agpm/identify-differences-between-gpos-gpo-versions-or-templates.md +++ /dev/null @@ -1,147 +0,0 @@ ---- -title: Identify Differences Between GPOs, GPO Versions, or Templates -description: Identify Differences Between GPOs, GPO Versions, or Templates -author: dansimp -ms.assetid: 6320afc4-af81-47e8-9f4c-463ff99d5a53 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Identify Differences Between GPOs, GPO Versions, or Templates - - -You can generate HTML-based or XML-based difference reports to analyze the differences between Group Policy objects (GPOs), templates, or different versions of a GPO. - -A user account with the Reviewer, Editor, Approver, or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -## Identifying differences between GPOs, GPO versions, or templates - - -- [Between two GPOs or templates](#bkmk-two-gpos) - -- [Between a GPO and a template](#bkmk-gpo-and-template) - -- [Between two versions of one GPO](#bkmk-two-versions) - -- [Between a GPO version and a template](#bkmk-gpo-version-and-template) - -## - - -**To identify differences between two GPOs or templates** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click a tab to display GPOs (or templates, if comparing two templates). - -3. Select the two GPOs or templates. - -4. Right-click one of the GPOs or templates, click **Differences**, and then click **HTML Report** or **XML Report** to display a difference report summarizing the settings of the GPOs or templates. - -### - -**To identify differences between a GPO and a template** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click a tab to display GPOs (or templates, if comparing two templates). - -3. Right-click the GPO, click **Differences**, and then click **Template**. - -4. Select the template and type of report, and then click **OK** to display a difference report summarizing the settings of the GPO and template. - -### - -**To identify differences between two versions of one GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click a tab to display GPOs (or templates, if comparing two templates). - -3. Double-click the GPO to display its history, and then highlight the versions to be compared. - -4. Right-click one of the versions, click **Differences**, and then click **HTML Report** or **XML Report** to display a difference report summarizing the settings of the GPOs. - -### - -**To identify differences between a GPO version and a template** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click a tab to display GPOs (or templates, if comparing two templates). - -3. Double-click the GPO to display its history. - -4. Right-click the GPO version of interest, click **Differences**, and then click **Template**. - -5. Select the template and type of report, and then click **OK** to display a difference report summarizing the settings of the GPO version and template. - -## Key to difference reports - - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SymbolMeaningColor

None

Item exists with identical settings in both GPOs

Varies with level

[#]

Item exists in both GPOs, but with changed settings

Blue

[-]

Item exists only in the first GPO

Red

[+]

Item exists only in the second GPO

Green

- -  - -- For items with changed settings, the changed settings are identified when the item is expanded. The value for the attribute in each GPO is displayed in the same order that the GPOs are displayed in the report. - -- Some changes to settings may cause an item to be reported as two different items (one present only in the first GPO, one present only in the second) rather than as one item that has changed. - -### Additional considerations - -- By default, you must be a Reviewer, an Editor, an Approver, or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Read Settings** permissions for the GPO. Also, to display the list of GPOs, you must have **List Contents** permission for the domain. - -### Additional references - -- [Performing Reviewer Tasks](performing-reviewer-tasks.md) - -  - -  - - - - - diff --git a/mdop/agpm/images/0840a6a3-54a6-4528-98a9-7b122243c1a5.gif b/mdop/agpm/images/0840a6a3-54a6-4528-98a9-7b122243c1a5.gif deleted file mode 100644 index 92fb2d9983..0000000000 Binary files a/mdop/agpm/images/0840a6a3-54a6-4528-98a9-7b122243c1a5.gif and /dev/null differ diff --git a/mdop/agpm/images/327623bd-0842-4372-be1f-bdc4b8c3481c.gif b/mdop/agpm/images/327623bd-0842-4372-be1f-bdc4b8c3481c.gif deleted file mode 100644 index c44fbda129..0000000000 Binary files a/mdop/agpm/images/327623bd-0842-4372-be1f-bdc4b8c3481c.gif and /dev/null differ diff --git a/mdop/agpm/images/36f6b687-f5cc-40d1-805f-b191d1fb1ace.gif b/mdop/agpm/images/36f6b687-f5cc-40d1-805f-b191d1fb1ace.gif deleted file mode 100644 index 08cd486435..0000000000 Binary files a/mdop/agpm/images/36f6b687-f5cc-40d1-805f-b191d1fb1ace.gif and /dev/null differ diff --git a/mdop/agpm/images/57b610a5-1c71-4d26-9173-d04abd495fcc.gif b/mdop/agpm/images/57b610a5-1c71-4d26-9173-d04abd495fcc.gif deleted file mode 100644 index 7cde9d24a1..0000000000 Binary files a/mdop/agpm/images/57b610a5-1c71-4d26-9173-d04abd495fcc.gif and /dev/null differ diff --git a/mdop/agpm/images/8356fcdc-1279-425b-ab14-a23bcfe391da.gif b/mdop/agpm/images/8356fcdc-1279-425b-ab14-a23bcfe391da.gif deleted file mode 100644 index a911ef77d0..0000000000 Binary files a/mdop/agpm/images/8356fcdc-1279-425b-ab14-a23bcfe391da.gif and /dev/null differ diff --git a/mdop/agpm/images/8e7a7c4e-809a-435a-8b29-30d797936210.gif b/mdop/agpm/images/8e7a7c4e-809a-435a-8b29-30d797936210.gif deleted file mode 100644 index 9514d106f5..0000000000 Binary files a/mdop/agpm/images/8e7a7c4e-809a-435a-8b29-30d797936210.gif and /dev/null differ diff --git a/mdop/agpm/images/9b65829d-253c-4f30-9295-c816a6521ed2.gif b/mdop/agpm/images/9b65829d-253c-4f30-9295-c816a6521ed2.gif deleted file mode 100644 index 7fa479c173..0000000000 Binary files a/mdop/agpm/images/9b65829d-253c-4f30-9295-c816a6521ed2.gif and /dev/null differ diff --git a/mdop/agpm/images/ab77a1f3-f430-4e7d-be58-ee8f9bd1140e.gif b/mdop/agpm/images/ab77a1f3-f430-4e7d-be58-ee8f9bd1140e.gif deleted file mode 100644 index e5c857fb6a..0000000000 Binary files a/mdop/agpm/images/ab77a1f3-f430-4e7d-be58-ee8f9bd1140e.gif and /dev/null differ diff --git a/mdop/agpm/images/cd349b8d-c4d8-45ff-b17f-7db882502c58.gif b/mdop/agpm/images/cd349b8d-c4d8-45ff-b17f-7db882502c58.gif deleted file mode 100644 index 0a689c5b02..0000000000 Binary files a/mdop/agpm/images/cd349b8d-c4d8-45ff-b17f-7db882502c58.gif and /dev/null differ diff --git a/mdop/agpm/import-a-gpo-from-a-file-agpmadmin.md b/mdop/agpm/import-a-gpo-from-a-file-agpmadmin.md deleted file mode 100644 index ae05829359..0000000000 --- a/mdop/agpm/import-a-gpo-from-a-file-agpmadmin.md +++ /dev/null @@ -1,76 +0,0 @@ ---- -title: Import a GPO from a File -description: Import a GPO from a File -author: dansimp -ms.assetid: 2cbcda72-4de3-47ad-aaf8-4fc7341d5a00 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Import a GPO from a File - - -In Advanced Group Policy Management (AGPM), if you are an AGPM Administrator (Full Control) and you have exported a Group Policy Object (GPO) to a CAB file, you can import the policy settings from that GPO into a new GPO or an existing GPO in a domain in another forest. For information about exporting GPO settings to a CAB file, see [Export a GPO to a File](export-a-gpo-to-a-file.md). - -A user account with the AGPM Administrator role or the necessary permissions in AGPM is required to import policy settings into a new controlled GPO. A user account with the Editor or AGPM Administrator role or necessary permissions in AGPM is required to import policy settings into an existing GPO. Review the details in "Additional considerations" in this topic. - -## Importing policy settings from a file - - -When you import policy settings from a file, you can import them into a new GPO or an existing GPO. However, if you import policy settings into an existing GPO, all policy settings within it are replaced. - -- [Import policy settings into a new controlled GPO](#bkmk-new) - -- [Import policy settings into an existing GPO](#bkmk-existing) - -### - -**To import policy settings into a new controlled GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the domain to which you want to import policy settings. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -3. Create a new controlled GPO. In the **New Controlled GPO** dialog box, click **Import** and then click **Launch Wizard**. For more information about how to create a GPO, see [Create a New Controlled GPO](create-a-new-controlled-gpo-agpm40.md). - -4. Follow the instructions in the **Import Settings Wizard** to select a GPO backup, import policy settings from it for the new GPO, and enter a comment for the audit trail of the new GPO. - -### - -**To import policy settings into an existing GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the domain to which you want to import policy settings. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -3. Check out the destination GPO to which you want to import policy settings. - -4. Right-click the destination GPO, point to **Import from**, and then click **File**. - -5. Follow the instructions in the **Import Settings Wizard** to select a GPO backup, import its policy settings to replace those in the destination GPO, and enter a comment for the audit trail of the destination GPO. By default, the destination GPO is checked in when the wizard is finished. - -### Additional considerations - -- To import policy settings to a new controlled GPO, you must have **List Contents**, **Import GPO**, and **Create GPO** permissions for the domain. By default, you must be an AGPM Administrator to perform this procedure. - -- To import policy settings to an existing GPO, you must have **List Contents**, **Edit Settings**, and **Import GPO** permissions for the domain, and the GPO must be checked out by you. By default, you must be an Editor or an AGPM Administrator (Full Control) to perform this procedure. - -### Additional references - -- [Managing the Archive](managing-the-archive-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/import-a-gpo-from-a-file-ed.md b/mdop/agpm/import-a-gpo-from-a-file-ed.md deleted file mode 100644 index 7029d3c69e..0000000000 --- a/mdop/agpm/import-a-gpo-from-a-file-ed.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: Import a GPO from a File -description: Import a GPO from a File -author: dansimp -ms.assetid: 6e901a52-1101-4fed-9f90-3819b573b378 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Import a GPO from a File - - -In Advanced Group Policy Management (AGPM), if you have exported a Group Policy Object (GPO) to a CAB file, you can import the policy settings from that GPO into an existing GPO in a domain in another forest. Importing policy settings into an existing GPO replaces all policy settings within that GPO. For information about exporting GPO settings to a CAB file, see [Export a GPO to a File](export-a-gpo-to-a-file.md). - -A user account with the Editor or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -## - - -**To import policy settings into an existing GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the domain to which you want to import policy settings. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -3. Check out the destination GPO to which you want to import policy settings. - -4. Right-click the destination GPO, point to **Import from**, and then click **File**. - -5. Follow the instructions in the **Import Settings Wizard** to select a GPO backup, import its policy settings to replace those in the destination GPO, and enter a comment for the audit trail of the destination GPO. By default, the destination GPO is checked in when the wizard is finished. - -### Additional considerations - -- By default, you must be an Editor or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents**, **Edit Settings**, and **Import GPO** permissions for the domain, and the GPO must be checked out by you. - -- Although an Editor cannot import policy settings into a new GPO during its creation, an Editor can request the creation of a new GPO and then import policy settings into it after it is created. - -### Additional references - -- [Using a Test Environment](using-a-test-environment.md) - -  - -  - - - - - diff --git a/mdop/agpm/import-a-gpo-from-production-agpm30ops.md b/mdop/agpm/import-a-gpo-from-production-agpm30ops.md deleted file mode 100644 index 7754206dd0..0000000000 --- a/mdop/agpm/import-a-gpo-from-production-agpm30ops.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: Import a GPO from Production -description: Import a GPO from Production -author: dansimp -ms.assetid: 35c2a682-ece8-4577-a083-7e3e9facfd13 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Import a GPO from Production - - -If changes are made to a controlled Group Policy Object (GPO) outside of Advanced Group Policy Management (AGPM), you can import a copy of the GPO from the production environment and save it to the archive to bring the archive and the production environment to a consistent state. (To import an uncontrolled GPO, control the GPO. See [Request Control of an Uncontrolled GPO](request-control-of-an-uncontrolled-gpo-agpm30ops.md).) - -A user account with the Editor, Approver, or AGPM Administrator (Full Control) role or necessary permissions in AGPM is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To import a GPO from the production environment** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -3. Right-click the GPO, and then click **Import from Production**. - -4. Type a comment for the audit trail of the GPO, and then click **OK**. - -### Additional considerations - -- By default, you must be an Editor, Approver, or AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and either **Edit Settings**, **Deploy GPO**, or **Delete GPO** permissions for the GPO. - -### Additional references - -- [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/import-a-gpo-from-production-agpm40-app.md b/mdop/agpm/import-a-gpo-from-production-agpm40-app.md deleted file mode 100644 index cc8288be07..0000000000 --- a/mdop/agpm/import-a-gpo-from-production-agpm40-app.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: Import a GPO from Production -description: Import a GPO from Production -author: dansimp -ms.assetid: c5b2f40d-1dc7-4dbf-b8b3-4d97ad73e1e5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Import a GPO from Production - - -If changes are made to a controlled Group Policy Object (GPO) outside of Advanced Group Policy Management (AGPM), you can import a copy of the GPO from the production environment of the domain and save it to the archive to bring the archive and the production environment to a consistent state. (To import an uncontrolled GPO, control the GPO. See [Control an Uncontrolled GPO](control-an-uncontrolled-gpo-agpm40.md).) - -A user account with the Editor, Approver, or AGPM Administrator (Full Control) role or necessary permissions in AGPM is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To import a GPO from the production environment of the domain** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -3. Right-click the GPO, and then click **Import from Production**. - -4. Type a comment for the audit trail of the GPO, and then click **OK**. - -### Additional considerations - -- By default, you must be an Editor, Approver, or AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and either **Edit Settings**, **Deploy GPO**, or **Delete GPO** permissions for the GPO. - -### Additional references - -- [Creating or Controlling a GPO](creating-or-controlling-a-gpo-agpm40-app.md) - -  - -  - - - - - diff --git a/mdop/agpm/import-a-gpo-from-production-agpm40-ed.md b/mdop/agpm/import-a-gpo-from-production-agpm40-ed.md deleted file mode 100644 index fcddfd97af..0000000000 --- a/mdop/agpm/import-a-gpo-from-production-agpm40-ed.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: Import a GPO from Production -description: Import a GPO from Production -author: dansimp -ms.assetid: ad14203a-2e6a-41d4-a05e-4508c80045fd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Import a GPO from Production - - -If changes are made to a controlled Group Policy Object (GPO) outside of Advanced Group Policy Management (AGPM), you can import a copy of the GPO from the production environment of the domain and save it to the archive to bring the archive and the production environment to a consistent state. (To import an uncontrolled GPO, control the GPO. See [Request Control of an Uncontrolled GPO](request-control-of-an-uncontrolled-gpo-agpm40.md).) - -A user account with the Editor, Approver, or AGPM Administrator (Full Control) role or necessary permissions in AGPM is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To import a GPO from the production environment of the domain** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -3. Right-click the GPO, and then click **Import from Production**. - -4. Type a comment for the audit trail of the GPO, and then click **OK**. - -### Additional considerations - -- By default, you must be an Editor, Approver, or AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and either **Edit Settings**, **Deploy GPO**, or **Delete GPO** permissions for the GPO. - -### Additional references - -- [Creating or Controlling a GPO](creating-or-controlling-a-gpo-agpm40-ed.md) - -  - -  - - - - - diff --git a/mdop/agpm/import-a-gpo-from-production-approver.md b/mdop/agpm/import-a-gpo-from-production-approver.md deleted file mode 100644 index 0f31b8a9c4..0000000000 --- a/mdop/agpm/import-a-gpo-from-production-approver.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: Import a GPO from Production -description: Import a GPO from Production -author: dansimp -ms.assetid: 071270fa-1890-40ce-ab89-ce070a54aa59 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Import a GPO from Production - - -If changes are made to a controlled Group Policy object (GPO) outside of Advanced Group Policy Management (AGPM), you can import a copy of the GPO from the production environment and save it to the archive to bring the archive and the production environment to a consistent state. (To import an uncontrolled GPO, control the GPO. See [Control a Previously Uncontrolled GPO](control-a-previously-uncontrolled-gpo.md).) - -A user account with the Editor, Approver, or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To import a GPO from the production environment** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -3. Right-click the GPO, and then click **Import from Production**. - -4. Type a comment for the audit trail of the GPO, and then click **OK**. - -### Additional considerations - -- By default, you must be an Editor, Approver, or AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and either **Edit Settings**, **Deploy GPO**, or **Delete GPO** permissions for the GPO. - -### Additional references - -- [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-approver.md) - -  - -  - - - - - diff --git a/mdop/agpm/import-a-gpo-from-production-editor-agpm30ops.md b/mdop/agpm/import-a-gpo-from-production-editor-agpm30ops.md deleted file mode 100644 index 272f402550..0000000000 --- a/mdop/agpm/import-a-gpo-from-production-editor-agpm30ops.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: Import a GPO from Production -description: Import a GPO from Production -author: dansimp -ms.assetid: ad90f13e-e73c-400f-b86f-c12f2e75d19d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Import a GPO from Production - - -If changes are made to a controlled Group Policy Object (GPO) outside of Advanced Group Policy Management (AGPM), you can import a copy of the GPO from the production environment and save it to the archive to bring the archive and the production environment to a consistent state. (To import an uncontrolled GPO, control the GPO. See [Control an Uncontrolled GPO](control-an-uncontrolled-gpo-agpm30ops.md).) - -A user account with the Editor, Approver, or AGPM Administrator (Full Control) role or necessary permissions in AGPM is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To import a GPO from the production environment** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -3. Right-click the GPO, and then click **Import from Production**. - -4. Type a comment for the audit trail of the GPO, and then click **OK**. - -### Additional considerations - -- By default, you must be an Editor, Approver, or AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and either **Edit Settings**, **Deploy GPO**, or **Delete GPO** permissions for the GPO. - -### Additional references - -- [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-editor-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/import-a-gpo-from-production-editor.md b/mdop/agpm/import-a-gpo-from-production-editor.md deleted file mode 100644 index 15f7c96a1f..0000000000 --- a/mdop/agpm/import-a-gpo-from-production-editor.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: Import a GPO from Production -description: Import a GPO from Production -author: dansimp -ms.assetid: ffa02b2a-2a43-4fc0-a06e-7d4b59022cc3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Import a GPO from Production - - -If changes are made to a controlled Group Policy object (GPO) outside of Advanced Group Policy Management (AGPM), you can import a copy of the GPO from the production environment and save it to the archive to bring the archive and the production environment to a consistent state. (To import an uncontrolled GPO, control the GPO. See [Request Control of a Previously Uncontrolled GPO](request-control-of-a-previously-uncontrolled-gpo.md).) - -A user account with the Editor, Approver, or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To import a GPO from the production environment** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -3. Right-click the GPO, and then click **Import from Production**. - -4. Type a comment for the audit trail of the GPO, then click **OK**. - -### Additional considerations - -- By default, you must be an Editor, Approver, or AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and either **Edit Settings**, **Deploy GPO**, or **Delete GPO** permissions for the GPO. - -### Additional references - -- [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-editor.md) - -  - -  - - - - - diff --git a/mdop/agpm/index.md b/mdop/agpm/index.md deleted file mode 100644 index bd78561b83..0000000000 --- a/mdop/agpm/index.md +++ /dev/null @@ -1,80 +0,0 @@ ---- -title: Advanced Group Policy Management -description: Advanced Group Policy Management -author: dansimp -ms.assetid: 493ca3c3-c3d6-4bb1-9430-dc1e43c86bb0 -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 11/23/2017 ---- - - -# Advanced Group Policy Management - - -Microsoft Advanced Group Policy Management (AGPM) extends the capabilities of the Group Policy Management Console (GPMC) to provide comprehensive change control and improved management for Group Policy Objects (GPOs). AGPM is available as part of the Microsoft Desktop Optimization Pack (MDOP) for Software Assurance. - -## AGPM Version Information - - -[AGPM 4.0 SP3](agpm-40-sp3-navengl.md) supports Windows 10, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista with SP1. - -[AGPM 4.0 SP2](agpm-40-sp2-navengl.md) supports Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista with SP1. - -[AGPM 4.0 SP1](agpm-40-sp1-navengl.md) supports Windows Server 2012, Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista with SP1. - -[AGPM 4](agpm-4-navengl.md) supports Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista with SP1. - -[AGPM 3](agpm-3-navengl.md) supports Windows Server 2008 and Windows Vista with SP1. - -[AGPM 2.5](agpm-25-navengl.md) supports Windows Vista (32-bit) with no service pack and Windows Server 2003 (32-bit). - -## Supplemental MDOP Product Guidance - - -In addition to the product documentation available online, supplemental product guidance such as informational videos and virtual labs are available for most MDOP products. - - ---- - - - - - - - - - - -

MDOP Virtual Labs

For a list of available MDOP virtual labs, go to Microsoft Desktop Optimization Pack (MDOP) Virtual Labs (https://go.microsoft.com/fwlink/?LinkId=234276).

MDOP TechCenter

For technical whitepapers, evaluation materials, blogs, and additional MDOP resources, go to MDOP TechCenter (https://go.microsoft.com/fwlink/?LinkId=225286)

-

- - - -## How to Get MDOP - - -MDOP is a suite of products that can help streamline desktop deployment, management, and support across the enterprise. MDOP is available as an additional subscription for Software Assurance customers. - -**Evaluate MDOP** -MDOP is also available for test and evaluation to [MSDN](https://msdn.microsoft.com/subscriptions/downloads/default.aspx?PV=42:178) and [TechNet](https://technet.microsoft.com/subscriptions/downloads/default.aspx?PV=42:178) subscribers in accordance with MSDN and TechNet agreements. - -**Download MDOP** -MDOP subscribers can download the software at the [Microsoft Volume Licensing website (MVLS)](https://go.microsoft.com/fwlink/?LinkId=166331). - -**Purchase MDOP** -Visit the enterprise [Purchase Windows Enterprise Licensing](https://www.microsoft.com/windows/enterprise/how-to-buy.aspx) website to find out how to purchase MDOP for your business. - - - - - - - - - diff --git a/mdop/agpm/label-the-current-version-of-a-gpo-agpm30ops.md b/mdop/agpm/label-the-current-version-of-a-gpo-agpm30ops.md deleted file mode 100644 index 12807c514e..0000000000 --- a/mdop/agpm/label-the-current-version-of-a-gpo-agpm30ops.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Label the Current Version of a GPO -description: Label the Current Version of a GPO -author: dansimp -ms.assetid: 3845211a-0bc9-4875-9906-cb758c443825 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Label the Current Version of a GPO - - -You can label the current version of a Group Policy Object (GPO) for easy identification in its history. You can use a label to identify a known good version to which you could roll back if a problem occurs. Also, by labeling multiple GPOs with the same label at one time, you can mark related GPOs that should be rolled back to the same point if rollback should later be necessary. - -A user account with the Editor, Approver, or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To label the current version of GPOs in their histories** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -3. Click a GPO for which to label the current version. To select multiple GPOs, press SHIFT and click the last GPO in a contiguous group of GPOs, or press CTRL and click individual GPOs. Right-click a selected GPO, and then click **Label**. - -4. Type a label and a comment to be displayed in the history of each GPO selected, and then click **OK**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. - -### Additional considerations - -- By default, you must be an Editor, an Approver, or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and either **Edit Settings** or **Deploy GPO** permissions for the GPO. - -### Additional references - -- [Editing a GPO](editing-a-gpo-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/label-the-current-version-of-a-gpo-agpm40.md b/mdop/agpm/label-the-current-version-of-a-gpo-agpm40.md deleted file mode 100644 index 9374aa08cd..0000000000 --- a/mdop/agpm/label-the-current-version-of-a-gpo-agpm40.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Label the Current Version of a GPO -description: Label the Current Version of a GPO -author: dansimp -ms.assetid: cadc8769-21da-44b0-8122-6cafdb448913 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Label the Current Version of a GPO - - -You can label the current version of a Group Policy Object (GPO) for easy identification in its history. You can use a label to identify a known good version to which you could roll back if a problem occurs. Also, by labeling multiple GPOs with the same label at one time, you can mark related GPOs that should be rolled back to the same point if rollback should later be necessary. - -A user account with the Editor, Approver, or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To label the current version of GPOs in their histories** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -3. Click a GPO for which to label the current version. To select multiple GPOs, press SHIFT and click the last GPO in a contiguous group of GPOs, or press CTRL and click individual GPOs. Right-click a selected GPO, and then click **Label**. - -4. Type a label and a comment to be displayed in the history of each GPO selected, and then click **OK**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. - -### Additional considerations - -- By default, you must be an Editor, an Approver, or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and either **Edit Settings** or **Deploy GPO** permissions for the GPO. - -### Additional references - -- [Editing a GPO](editing-a-gpo-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/label-the-current-version-of-a-gpo.md b/mdop/agpm/label-the-current-version-of-a-gpo.md deleted file mode 100644 index e4608abdad..0000000000 --- a/mdop/agpm/label-the-current-version-of-a-gpo.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Label the Current Version of a GPO -description: Label the Current Version of a GPO -author: dansimp -ms.assetid: 5e4e50f8-e4a8-4bda-aac4-1569d5fbd6a7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Label the Current Version of a GPO - - -You can label the current version of a Group Policy object (GPO) for easy identification in its history. You can use a label to identify a known good version to which you could roll back if a problem occurs. Also, by labeling multiple GPOs with the same label at one time, you can mark related GPOs that should be rolled back to the same point if rollback should later be necessary. - -A user account with the Editor, Approver, or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To label the current version of GPOs in their histories** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -3. Click a GPO for which to label the current version. To select multiple GPOs, press SHIFT and click the last GPO in a contiguous group of GPOs, or press CTRL and click individual GPOs. Right-click a selected GPO, and then click **Label**. - -4. Type a label and a comment to be displayed in the history of each GPO selected, and then click **OK**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. - -### Additional considerations - -- By default, you must be an Editor, an Approver, or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and either **Edit Settings** or **Deploy GPO** permissions for the GPO. - -### Additional references - -- [Editing a GPO](editing-a-gpo.md) - -  - -  - - - - - diff --git a/mdop/agpm/limit-the-gpo-versions-stored-agpm30ops.md b/mdop/agpm/limit-the-gpo-versions-stored-agpm30ops.md deleted file mode 100644 index 35f49b04fd..0000000000 --- a/mdop/agpm/limit-the-gpo-versions-stored-agpm30ops.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: Limit the GPO Versions Stored -description: Limit the GPO Versions Stored -author: dansimp -ms.assetid: da14edc5-0c36-4c54-b122-861c86b99eb1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Limit the GPO Versions Stored - - -By default, all versions of every controlled Group Policy Object (GPO) are retained in the archive on the AGPM Server. However, you can limit the number of versions retained for each GPO and delete older versions when that limit is exceeded. When GPO versions are deleted, a record of the version remains in the history of the GPO, but the GPO version itself is deleted from the archive. - -A user account with the AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To limit the number of GPO versions stored** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. In the details pane, click the **AGPM Server** tab. - -3. Select the **Delete old versions of each GPO from the archive** check box, and type the maximum number of GPO versions to store for each GPO, not including the current version. To retain only the current version, enter 0. The maximum must be no greater than 999. - - **Important**   - Only GPO versions displayed on the **Unique Versions** tab of the **History** window count toward the limit. - - - -4. Click the **Apply** button. - -### Additional considerations - -- By default, you must be an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Modify Options** permissions for the domain. - -- You can prevent a GPO version from being deleted by marking it in the history as ineligible for deletion. To do so, right-click the version in the history of the GPO and click **Do Not Delete**. - -### Additional references - -- [Managing the Archive](managing-the-archive.md) - - - - - - - - - diff --git a/mdop/agpm/limit-the-gpo-versions-stored-agpm40.md b/mdop/agpm/limit-the-gpo-versions-stored-agpm40.md deleted file mode 100644 index 6d48c8c1eb..0000000000 --- a/mdop/agpm/limit-the-gpo-versions-stored-agpm40.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: Limit the GPO Versions Stored -description: Limit the GPO Versions Stored -author: dansimp -ms.assetid: d802c7b6-f303-4b23-aefd-f19f1300b0ff -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Limit the GPO Versions Stored - - -By default, all versions of every controlled Group Policy Object (GPO) are retained in the archive on the AGPM Server. However, you can limit the number of versions retained for each GPO and delete older versions when that limit is exceeded. When GPO versions are deleted, a record of the version remains in the history of the GPO, but the GPO version itself is deleted from the archive. - -A user account with the AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To limit the number of GPO versions stored** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. In the details pane, click the **AGPM Server** tab. - -3. Select the **Delete old versions of each GPO from the archive** check box, and type the maximum number of GPO versions to store for each GPO, not including the current version. To retain only the current version, enter 0. The maximum must be no greater than 999. - - **Important**   - Only GPO versions displayed on the **Unique Versions** tab of the **History** window count toward the limit. - - - -4. Click the **Apply** button. - -### Additional considerations - -- By default, you must be an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Modify Options** permissions for the domain. - -- You can prevent a GPO version from being deleted by marking it in the history as ineligible for deletion. To do so, right-click the version in the history of the GPO and click **Do Not Delete**. - -### Additional references - -- [Managing the Archive](managing-the-archive-agpm40.md) - - - - - - - - - diff --git a/mdop/agpm/logging-and-tracing-settings-agpm30ops.md b/mdop/agpm/logging-and-tracing-settings-agpm30ops.md deleted file mode 100644 index 82b6e1ce94..0000000000 --- a/mdop/agpm/logging-and-tracing-settings-agpm30ops.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Logging and Tracing Settings -description: Logging and Tracing Settings -author: dansimp -ms.assetid: 858b6fbf-65b4-42fa-95a9-69b04e5734d7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Logging and Tracing Settings - - -The Administrative template settings for Advanced Group Policy Management (AGPM) enable you to centrally configure logging and tracing options for AGPM Servers and clients to which a Group Policy Object (GPO) with these settings is applied. - -The following setting is available under Computer Configuration\\Policies\\Administrative Templates\\Windows Components\\AGPM when editing a GPO. - -**Trace file locations**: - -- Client: %LocalAppData%\\Microsoft\\AGPM\\agpm.log - -- Server: %ProgramData%\\Microsoft\\AGPM\\agpmserv.log - - ---- - - - - - - - - - - - - -
SettingEffect

AGPM: Configure logging

This policy setting allows you to turn on and configure logging for AGPM. This setting affects both client and server components of AGPM.

- -  - -### Additional references - -- [Administrative Templates Folder](administrative-templates-folder-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/logging-and-tracing-settings-agpm40.md b/mdop/agpm/logging-and-tracing-settings-agpm40.md deleted file mode 100644 index fd2477a527..0000000000 --- a/mdop/agpm/logging-and-tracing-settings-agpm40.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Logging and Tracing Settings -description: Logging and Tracing Settings -author: dansimp -ms.assetid: 66d03306-80d8-4132-bf71-2827157b1fc9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Logging and Tracing Settings - - -The Administrative template settings for Advanced Group Policy Management (AGPM) enable you to centrally configure logging and tracing options for AGPM Servers and clients to which a Group Policy Object (GPO) with these settings is applied. - -The following setting is available under Computer Configuration\\Policies\\Administrative Templates\\Windows Components\\AGPM when editing a GPO. - -**Trace file locations**: - -- Client: %LocalAppData%\\Microsoft\\AGPM\\agpm.log - -- Server: %ProgramData%\\Microsoft\\AGPM\\agpmserv.log - - ---- - - - - - - - - - - - - -
SettingEffect

AGPM: Configure logging

This policy setting allows you to turn on and configure logging for AGPM. This setting affects both client and server components of AGPM.

- -  - -### Additional references - -- [Administrative Templates Folder](administrative-templates-folder-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/logging-and-tracing-settings.md b/mdop/agpm/logging-and-tracing-settings.md deleted file mode 100644 index ff3a6190db..0000000000 --- a/mdop/agpm/logging-and-tracing-settings.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: Logging and Tracing Settings -description: Logging and Tracing Settings -author: dansimp -ms.assetid: db6b43c7-fdde-4d11-b5ab-a81346e56940 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Logging and Tracing Settings - - -The Administrative Template settings for Advanced Group Policy Management (AGPM) enable you to centrally configure logging and tracing options for AGPM Servers and clients to which a Group Policy object (GPO) with these settings is applied. - -The following setting is available under Computer Configuration\\Administrative Templates\\Windows Components\\AGPM in the **Group Policy Object Editor** when editing a GPO in the Group Policy Management Console (GPMC). If this path is not visible, right-click **Administrative Templates**, and add the agpm.admx or agpm.adm template. - -**Trace file locations**: - -- Client: %LocalAppData%\\Microsoft\\AGPM\\agpm.log - -- Server: %CommonAppData%\\Microsoft\\AGPM\\agpmserv.log - - ---- - - - - - - - - - - - - -
SettingEffect

AGPM Logging

If enabled, this setting configures whether tracing is turned on and the level of detail. This setting affects both client and server components of AGPM.

-

If disabled or not configured, this setting has no effect.

- -  - -### Additional references - -- [Administrative Template Settings](administrative-template-settings.md) - -  - -  - - - - - diff --git a/mdop/agpm/managing-the-agpm-service-agpm30ops.md b/mdop/agpm/managing-the-agpm-service-agpm30ops.md deleted file mode 100644 index 91793ce0d5..0000000000 --- a/mdop/agpm/managing-the-agpm-service-agpm30ops.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: Managing the AGPM Service -description: Managing the AGPM Service -author: dansimp -ms.assetid: a522b1f1-c57b-43aa-9d75-acc6f9bedbf9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Managing the AGPM Service - - -The AGPM Service is a Windows service that acts as a security proxy, managing client access to Group Policy Objects (GPOs) in the archive and production environment. It enforces Advanced Group Policy Management (AGPM) delegation and provides an enhanced level of security. The AGPM Service is hosted on the server on which the Microsoft Advanced Group Policy Management - Server is installed. - -**Caution**   -Do not modify settings for the AGPM Service through **Administrative Tools** and **Services** in the operating system. Doing so can prevent the AGPM Service from starting. - - - -- [Start and Stop the AGPM Service](start-and-stop-the-agpm-service-agpm30ops.md) - -- [Modify the AGPM Service](modify-the-agpm-service-agpm30ops.md) - -### Additional references - -- [Move the AGPM Server and the Archive](move-the-agpm-server-and-the-archive.md) - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm30ops.md) - - - - - - - - - diff --git a/mdop/agpm/managing-the-agpm-service-agpm40.md b/mdop/agpm/managing-the-agpm-service-agpm40.md deleted file mode 100644 index 01b91e94ad..0000000000 --- a/mdop/agpm/managing-the-agpm-service-agpm40.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: Managing the AGPM Service -description: Managing the AGPM Service -author: dansimp -ms.assetid: 48ca02aa-6acf-403b-afd4-66ae8a953246 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Managing the AGPM Service - - -The AGPM Service is a Windows service that acts as a security proxy, managing client access to Group Policy Objects (GPOs) in the archive and production environment of the domain. It enforces Advanced Group Policy Management (AGPM) delegation and provides an enhanced level of security. The AGPM Service is hosted on the server on which the Microsoft Advanced Group Policy Management - Server is installed. - -**Caution**   -Do not modify settings for the AGPM Service through **Administrative Tools** and **Services** in the operating system. Doing so can prevent the AGPM Service from starting. - - - -- [Start and Stop the AGPM Service](start-and-stop-the-agpm-service-agpm40.md) - -- [Modify the AGPM Service](modify-the-agpm-service-agpm40.md) - -### Additional references - -- [Move the AGPM Server and the Archive](move-the-agpm-server-and-the-archive-agpm40.md) - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm40.md) - - - - - - - - - diff --git a/mdop/agpm/managing-the-agpm-service.md b/mdop/agpm/managing-the-agpm-service.md deleted file mode 100644 index 43064fd9ba..0000000000 --- a/mdop/agpm/managing-the-agpm-service.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Managing the AGPM Service -description: Managing the AGPM Service -author: dansimp -ms.assetid: 331f64d2-1236-4711-81b4-1b92f019bfa5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Managing the AGPM Service - - -The AGPM Service is a Windows service that acts as a security proxy, managing client access to Group Policy objects (GPOs) in the archive and production environment. It enforces Advanced Group Policy Management (AGPM) delegation and provides an enhanced level of security. The AGPM Service is hosted on the server on which the Microsoft Advanced Group Policy Management - Server is installed. - -**Caution**   -Do not modify settings for the AGPM Service through **Administrative Tools** and **Services** in the operating system. Doing so can prevent the AGPM Service from starting. - - - -- [Start and Stop the AGPM Service](start-and-stop-the-agpm-service.md) - -- [Modify the Archive Path](modify-the-archive-path.md) - -- [Modify the AGPM Service Account](modify-the-agpm-service-account.md) - -- [Modify the Port on Which the AGPM Service Listens](modify-the-port-on-which-the-agpm-service-listens.md) - - - - - - - - - diff --git a/mdop/agpm/managing-the-archive-agpm40.md b/mdop/agpm/managing-the-archive-agpm40.md deleted file mode 100644 index ea712c84ad..0000000000 --- a/mdop/agpm/managing-the-archive-agpm40.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Managing the Archive -description: Managing the Archive -author: dansimp -ms.assetid: b11a3d71-74ea-4dd7-b243-6f2880b7af2d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Managing the Archive - - -In Advanced Group Policy Management (AGPM), as an AGPM Administrator (Full Control), you manage access to the archive and have the option to limit the number of versions of each Group Policy Object (GPO) stored in the archive. You can delegate access to GPOs in the archive at the domain level or GPO level. Additionally, you can back up the archive so that you may be able to recover it if a disaster occurs. - -As an AGPM Administrator, you can export a GPO to a file, copy the file to another forest, and then import the GPO into a domain in that forest. Unlike an Editor, you can import policy settings from a GPO backup directly into a new controlled GPO when you create it. For information about how to export a GPO, see [Export a GPO to a File](export-a-gpo-to-a-file.md). - -- [Delegate Domain-Level Access to the Archive](delegate-domain-level-access-to-the-archive-agpm40.md) - -- [Delegate Access to an Individual GPO in the Archive](delegate-access-to-an-individual-gpo-in-the-archive-agpm40.md) - -- [Limit the GPO Versions Stored](limit-the-gpo-versions-stored-agpm40.md) - -- [Import a GPO from a File](import-a-gpo-from-a-file-agpmadmin.md) - -- [Back Up the Archive](back-up-the-archive-agpm40.md) - -- [Restore the Archive from a Backup](restore-the-archive-from-a-backup-agpm40.md) - -### Additional references - -- For information about how to delegate access to GPOs in the production environment, see [Delegate Access to the Production Environment](delegate-access-to-the-production-environment-agpm40.md). - -- For information about how to move the archive, see [Move the AGPM Server and the Archive](move-the-agpm-server-and-the-archive-agpm40.md). - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/managing-the-archive.md b/mdop/agpm/managing-the-archive.md deleted file mode 100644 index eeacbaf3a0..0000000000 --- a/mdop/agpm/managing-the-archive.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: Managing the Archive -description: Managing the Archive -author: dansimp -ms.assetid: 7c7654e9-ab0e-4531-8ef7-ae77ef391620 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Managing the Archive - - -In Advanced Group Policy Management (AGPM), as an AGPM Administrator (Full Control), you manage access to the archive and have the option to limit the number of versions of each Group Policy Object (GPO) stored in the archive. You can delegate access to GPOs in the archive at the domain level or GPO level. - -- [Delegate Domain-Level Access to the Archive](delegate-domain-level-access-to-the-archive-agpm30ops.md) - -- [Delegate Access to an Individual GPO in the Archive](delegate-access-to-an-individual-gpo-in-the-archive-agpm30ops.md) - -- [Limit the GPO Versions Stored](limit-the-gpo-versions-stored-agpm30ops.md) - -- [Back Up the Archive](back-up-the-archive.md) - -- [Restore the Archive from a Backup](restore-the-archive-from-a-backup.md) - -### Additional references - -- For information about how to delegate access to GPOs in the production environment, see [Delegate Access to the Production Environment](delegate-access-to-the-production-environment-agpm30ops.md). - -- For information about how to move the archive, see [Move the AGPM Server and the Archive](move-the-agpm-server-and-the-archive.md). - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/modify-the-agpm-service-account.md b/mdop/agpm/modify-the-agpm-service-account.md deleted file mode 100644 index 4481c6d031..0000000000 --- a/mdop/agpm/modify-the-agpm-service-account.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: Modify the AGPM Service Account -description: Modify the AGPM Service Account -author: dansimp -ms.assetid: 0d8d8c7b-f299-4fee-8414-406492156942 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Modify the AGPM Service Account - - -The AGPM Service is a Windows service that acts as a security proxy, managing client access to Group Policy objects (GPOs) in the archive and production environment. If this service is stopped or disabled, AGPM clients cannot perform operations through the server. - -The archive path and AGPM Service Account are configured during the installation of AGPM Server and can be changed afterward through **Add or Remove Programs** on the AGPM Server. - -**Caution**   -Do not modify settings for the AGPM Service through **Administrative Tools** and **Services** in the operating system. Doing so can prevent the AGPM Service from starting. - - - -A user account that is a member of the Domain Admins group and has access to the AGPM Server (the computer on which Microsoft Advanced Group Policy Management - Server is installed) is required to complete this procedure. - -**Important**   -The AGPM Service Account must have full access to the GPOs that it will manage and will be granted **Log On As A Service** permission. If you will be managing GPOs on a single domain, you can make the Local System account for the primary domain controller the AGPM Service Account. - -If you will be managing GPOs on multiple domains or if a member server will be the AGPM Server, you should configure a different account as the AGPM Service Account because the Local System account for one domain controller cannot access GPOs on other domains. - - - -**To modify the AGPM Service Account** - -1. On the computer on which Microsoft Advanced Group Policy Management - Server is installed, click **Start**, click **Control Panel**, click **Add or Remove Programs**. - -2. Click **Microsoft Advanced Group Policy Management - Server**, and then click **Change**. - -3. Click **Next**, and then click **Modify**. - -4. Follow the instructions on screen to configure settings for the AGPM Service: - - 1. For the archive path, confirm or change the location for the archive relative to the AGPM Server. The archive path can point to a folder on the AGPM Server or elsewhere, but the location should have sufficient space to store all GPOs and history data managed by this AGPM Server. - - 2. Enter new credentials for the AGPM Service Account. - - 3. For the archive owner, enter the credentials of an AGPM Administrator (Full Control). - -5. Click **Change**, and when the installation is complete click **Finish**. - -### Additional references - -- [Managing the AGPM Service](managing-the-agpm-service.md) - - - - - - - - - diff --git a/mdop/agpm/modify-the-agpm-service-agpm30ops.md b/mdop/agpm/modify-the-agpm-service-agpm30ops.md deleted file mode 100644 index 814f3ad6d7..0000000000 --- a/mdop/agpm/modify-the-agpm-service-agpm30ops.md +++ /dev/null @@ -1,94 +0,0 @@ ---- -title: Modify the AGPM Service -description: Modify the AGPM Service -author: dansimp -ms.assetid: 3485f85f-59d1-48dc-8748-36826214dcb1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Modify the AGPM Service - - -The AGPM Service is a Windows service that acts as a security proxy, managing client access to Group Policy Objects (GPOs) in the archive and production environment. If this service is stopped or disabled, AGPM Clients cannot perform operations through the server. You can modify the archive path, the AGPM Service Account, and the port on which the AGPM Service listens. - -**Caution**   -Do not modify settings for the AGPM Service through **Administrative Tools** and **Services** in the operating system. Doing so can prevent the AGPM Service from starting. - - - -A user account that is a member of the Domain Admins group and has access to the AGPM Server (the computer on which Microsoft Advanced Group Policy Management - Server is installed) is required to complete this procedure. Additionally, you must provide credentials for the AGPM Service Account to complete this procedure. - -**To modify the AGPM Service** - -1. On the computer on which Microsoft Advanced Group Policy Management - Server is installed: - - - For Windows Server 2008, click **Start**, **Control Panel**, and **Programs and Features**. - - - For Windows Vista, click **Start**, **Control Panel**, **Programs**, and **Programs and Features**. - -2. Right-click **Microsoft Advanced Group Policy Management - Server**, and then click **Change**. - -3. Click **Next**, and then click **Modify**. - -4. Follow the instructions to configure the AGPM Service: - - 1. In the **Archive Path** dialog box, enter a new location for the archive relative to the AGPM Server, or confirm the current archive path, and then click **Next**. - - **Important**   - The archive path can point to a folder on the AGPM Server or elsewhere, but the location should have sufficient space to store all GPOs and history data managed by this AGPM Server. - - - - 2. In the **AGPM Service Account** dialog box, enter credentials for a service account under which the AGPM Service will run, and click **Next**. - - **Important**   - Modifying the installation clears the credentials for the AGPM Service Account. You must re-enter credentials, but they are not required to match the credentials used during the original installation. - - The AGPM Service Account must have full access to the GPOs that it will manage and will be granted **Log On As A Service** permission. If you will be managing GPOs on a single domain, you can make the Local System account for the primary domain controller the AGPM Service Account. - - If you will be managing GPOs on multiple domains or if a member server will be the AGPM Server, you should configure a different account as the AGPM Service Account because the Local System account for one domain controller cannot access GPOs on other domains. - - - - 3. In the **Archive Owner** dialog box, enter the user name of an AGPM Administrator (Full Control) or group of AGPM Administrators, and click **Next**. - - **Note**   - Modifying the installation clears the credentials for the Archive Owner. You must re-enter credentials, but they are not required to match the credentials used during the original installation. - - - - 4. In the **Port Configuration** dialog box, type a new port on which the AGPM Service should listen or confirm the port currently selected, and click **Next**. - - **Note**   - By default, the AGPM Service listens on port 4600. - - If you manually configure port exceptions or have rules configuring port exceptions, you can clear the **Add port exception to firewall** check box. - - - -5. Click **Change**, and when the installation is complete click **Finish**. - -6. If you have changed the port on which the AGPM Service listens, modify the port in the AGPM Server connection for each Group Policy administrator. (For more information, see [Configure AGPM Server Connections](configure-agpm-server-connections-agpm30ops.md).) - -7. Repeat for each AGPM Server to which the configuration changes should be applied. - -### Additional references - -- [Managing the AGPM Service](managing-the-agpm-service-agpm30ops.md) - - - - - - - - - diff --git a/mdop/agpm/modify-the-agpm-service-agpm40.md b/mdop/agpm/modify-the-agpm-service-agpm40.md deleted file mode 100644 index 31925f9da1..0000000000 --- a/mdop/agpm/modify-the-agpm-service-agpm40.md +++ /dev/null @@ -1,90 +0,0 @@ ---- -title: Modify the AGPM Service -description: Modify the AGPM Service -author: dansimp -ms.assetid: 3239d088-bb86-4ec4-bc56-dbe8f1c710f5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Modify the AGPM Service - - -The AGPM Service is a Windows service that acts as a security proxy, managing client access to Group Policy Objects (GPOs) in the archive and production environment of the domain. If this service is stopped or disabled, AGPM Clients cannot perform operations through the server. You can modify the archive path, the AGPM Service Account, and the port on which the AGPM Service listens. - -**Caution**   -Do not modify settings for the AGPM Service through **Administrative Tools** and **Services** in the operating system. Doing so can prevent the AGPM Service from starting. - - - -A user account that is a member of the Domain Admins group and has access to the AGPM Server (the computer on which Microsoft Advanced Group Policy Management - Server is installed) is required to complete this procedure. Additionally, you must provide credentials for the AGPM Service Account to complete this procedure. - -**To modify the AGPM Service** - -1. On the computer on which Microsoft Advanced Group Policy Management - Server is installed, click **Start**, **Control Panel**, **Programs**, and **Programs and Features**. - -2. Right-click **Microsoft Advanced Group Policy Management - Server**, and then click **Change**. - -3. Click **Next**, and then click **Modify**. - -4. Follow the instructions to configure the AGPM Service: - - 1. In the **Archive Path** dialog box, enter a new location for the archive relative to the AGPM Server, or confirm the current archive path, and then click **Next**. - - **Important**   - The archive path can point to a folder on the AGPM Server or elsewhere, but the location should have sufficient space to store all GPOs and history data managed by this AGPM Server. - - - - 2. In the **AGPM Service Account** dialog box, enter credentials for a service account under which the AGPM Service will run, and click **Next**. - - **Important**   - Modifying the installation clears the credentials for the AGPM Service Account. You must re-enter credentials, but they are not required to match the credentials used during the original installation. - - The AGPM Service Account must have full access to the GPOs that it will manage and will be granted **Log On As A Service** permission. If you will be managing GPOs on a single domain, you can make the Local System account for the primary domain controller the AGPM Service Account. - - If you will be managing GPOs on multiple domains or if a member server will be the AGPM Server, you should configure a different account as the AGPM Service Account because the Local System account for one domain controller cannot access GPOs on other domains. - - - - 3. In the **Archive Owner** dialog box, enter the user name of an AGPM Administrator (Full Control) or group of AGPM Administrators, and click **Next**. - - **Note**   - Modifying the installation clears the credentials for the Archive Owner. You must re-enter credentials, but they are not required to match the credentials used during the original installation. - - - - 4. In the **Port Configuration** dialog box, type a new port on which the AGPM Service should listen or confirm the port currently selected, and click **Next**. - - **Note**   - By default, the AGPM Service listens on port 4600. - - If you manually configure port exceptions or have rules configuring port exceptions, you can clear the **Add port exception to firewall** check box. - - - -5. Click **Change**, and when the installation is complete click **Finish**. - -6. If you have changed the port on which the AGPM Service listens, modify the port in the AGPM Server connection for each Group Policy administrator. (For more information, see [Configure AGPM Server Connections](configure-agpm-server-connections-agpm40.md).) - -7. Repeat for each AGPM Server to which the configuration changes should be applied. - -### Additional references - -- [Managing the AGPM Service](managing-the-agpm-service-agpm40.md) - - - - - - - - - diff --git a/mdop/agpm/modify-the-archive-path.md b/mdop/agpm/modify-the-archive-path.md deleted file mode 100644 index a442dba78a..0000000000 --- a/mdop/agpm/modify-the-archive-path.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: Modify the Archive Path -description: Modify the Archive Path -author: dansimp -ms.assetid: 6d90daf9-58db-4166-b5b3-e84bb261164a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Modify the Archive Path - - -The archive path is the location of the archive relative to the AGPM Server. The archive path can point to a folder on the AGPM Server or on another server in the same forest. - -The archive path and AGPM Service Account are configured during the installation of AGPM Server and can be changed afterward through **Add or Remove Programs** on the AGPM Server. - -A user account that is a member of the Domain Admins group and has access to the AGPM Server (the computer on which Microsoft Advanced Group Policy Management - Server is installed) is required to complete this procedure. - -**To modify the archive path** - -1. On the computer on which Microsoft Advanced Group Policy Management - Server is installed, click **Start**, click **Control Panel**, click **Add or Remove Programs**. - -2. Click **Microsoft Advanced Group Policy Management - Server**, and then click **Change**. - -3. Click **Next**, and then click **Modify**. - -4. Follow the instructions on screen to configure settings for the AGPM Service: - - 1. For the archive path, enter a new location for the archive relative to the AGPM Server. The archive path can point to a folder on the AGPM Server or elsewhere, but the location should have sufficient space to store all GPOs and history data managed by this AGPM Server. - - 2. Enter credentials for the AGPM Service Account. - - **Important**   - Modifying the installation clears the credentials for the AGPM Service Account. You must re-enter credentials, but they are not required to match the credentials used during the original installation. - - The AGPM Service Account must have full access to the GPOs that it will manage. If you will be managing GPOs on a single domain, you can make the Local System account for the primary domain controller the AGPM Service Account. - - If you will be managing GPOs on multiple domains or if a member server will be the AGPM Server, you should configure a different account as the AGPM Service Account because the Local System account for one domain controller cannot access GPOs on other domains. - - - - 3. For the archive owner, enter the credentials of an AGPM Administrator (Full Control). - -5. Click **Change**, and when the installation is complete click **Finish**. - -### Additional references - -- [Managing the AGPM Service](managing-the-agpm-service.md) - - - - - - - - - diff --git a/mdop/agpm/modify-the-port-on-which-the-agpm-service-listens.md b/mdop/agpm/modify-the-port-on-which-the-agpm-service-listens.md deleted file mode 100644 index d4481a3d70..0000000000 --- a/mdop/agpm/modify-the-port-on-which-the-agpm-service-listens.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: Modify the Port on Which the AGPM Service Listens -description: Modify the Port on Which the AGPM Service Listens -author: dansimp -ms.assetid: a82c6873-e916-4a04-b263-aa612cd6956b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Modify the Port on Which the AGPM Service Listens - - -The AGPM Service is a Windows service that acts as a security proxy, managing client access to Group Policy objects (GPOs) in the archive and production environment. By default, the AGPM Service listens on port 4600. You can change this port by modifying the Advanced Group Policy Management (AGPM) archive index file for each archive. - -**Note**   -Before modifying the port on which the AGPM Service listens, it is recommended that you back up the AGPM archive index file (gpostate.xml). This file is located in the folder entered as the archive path during the installation of Advanced Group Policy Management - Server. By default, this location of this file is %CommonAppData%\\Microsoft\\AGPM\\gpostate.xml on the AGPM Server. If you do not know which computer hosts the archive, you can follow the procedure for modifying the archive path to display the current archive path. For more information, see [Modify the Archive Path](modify-the-archive-path.md). - - - -A user account with access to the AGPM Server (the computer on which the AGPM Service is installed) and the archive index file is required to complete this procedure. - -**To modify the port on which the AGPM Service listens** - -1. On the computer hosting the archive, open the archive index file (gpostate.xml) in a text editor. - -2. In the file, search for **agpm:port="4600"**. - -3. Replace **4600** with the port on which the AGPM Service should listen; then, save and close the file. - -4. On the AGPM Server, restart the AGPM Service. (For more information, see [Start and Stop the AGPM Service](start-and-stop-the-agpm-service.md).) - -5. Modify the port in the AGPM Server connection for each Group Policy administrator. (For more information, see [Configure the AGPM Server Connection](configure-the-agpm-server-connection.md).) - -6. Repeat for each archive and AGPM Server. - -### Additional references - -- [Managing the AGPM Service](managing-the-agpm-service.md) - - - - - - - - - diff --git a/mdop/agpm/move-the-agpm-server-and-the-archive-agpm40.md b/mdop/agpm/move-the-agpm-server-and-the-archive-agpm40.md deleted file mode 100644 index 065322c6a7..0000000000 --- a/mdop/agpm/move-the-agpm-server-and-the-archive-agpm40.md +++ /dev/null @@ -1,82 +0,0 @@ ---- -title: Move the AGPM Server and the Archive -description: Move the AGPM Server and the Archive -author: dansimp -ms.assetid: 9ec48d3a-c293-45f0-8939-32ccdc062303 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Move the AGPM Server and the Archive - - -If you are replacing the AGPM Server and the server on which the archive is hosted, you must move the AGPM Service and the archive. If you prefer, you can move the AGPM Service and the archive separately. - -**Note**   -- The AGPM Server is the computer that hosts the AGPM Service and the computer on which Microsoft Advanced Group Policy Management – Server is installed. - -- By default, the archive is hosted on the AGPM Server, but you can specify an archive path to host it on another server instead. - - - -A user account that is a member of the Domain Admins group and has access to the previous and new AGPM Servers is required to complete this procedure. Additionally, you must provide credentials for the AGPM Service Account to be used by the new AGPM Server to complete this procedure. - -**To move the AGPM Service and the archive to a different server or servers** - -1. Back up the archive. For more information, see [Back Up the Archive](back-up-the-archive-agpm40.md). - -2. Move the AGPM Service: - - 1. Stop the AGPM Service. For more information, see [Start and Stop the AGPM Service](start-and-stop-the-agpm-service-agpm40.md). - - 2. Install Microsoft Advanced Group Policy Management - Server on the new server that will host the AGPM Service. During this process, you specify the new archive path, the location for the archive in relation to the AGPM Server. For more information, see [Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0](https://go.microsoft.com/fwlink/?LinkId=153505) (https://go.microsoft.com/fwlink/?LinkId=153505) and [Planning Guide for Microsoft Advanced Group Policy Management](https://go.microsoft.com/fwlink/?LinkId=156883) (https://go.microsoft.com/fwlink/?LinkId=156883). - - 3. Either an AGPM Administrator (Full Control) must configure the AGPM Server connection for all Group Policy administrators who will use the new AGPM Server and remove the connection for the old AGPM Server, or else each Group Policy administrator must manually configure the new AGPM Server connection and remove the old AGPM Server connection for the AGPM snap-in on their computer. For more information, see [Configure AGPM Server Connections](configure-agpm-server-connections-agpm40.md). - - **Note**   - As a best practice, you should uninstall Microsoft Advanced Group Policy Management – Server from the previous AGPM Server. This will ensure that the AGPM Service cannot be unintentionally restarted on that server and potentially cause confusion if any AGPM Server connections to it remain. - - - -3. Copy the archive from the backup to the new server that will host the archive. For more information, see [Restore the Archive from a Backup](restore-the-archive-from-a-backup-agpm40.md). - - **Important**   - If you moved the archive without moving the AGPM Service at the same time: - - 1. You must change the archive path to point to the new location for the archive in relation to the AGPM Server. For more information, see [Modify the AGPM Service](modify-the-agpm-service-agpm40.md). - - 2. You must re-enter and confirm the password on the **Domain Delegation** tab. For more information, see [Configure E-Mail Notification](configure-e-mail-notification-agpm40.md). - - - -### Additional references - -- [Back Up the Archive](back-up-the-archive-agpm40.md) - -- [Restore the Archive from a Backup](restore-the-archive-from-a-backup-agpm40.md) - -- [Configure AGPM Server Connections](configure-agpm-server-connections-agpm40.md) - -- [Modify the AGPM Service](modify-the-agpm-service-agpm40.md) - -- [Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0](https://go.microsoft.com/fwlink/?LinkId=153505) (https://go.microsoft.com/fwlink/?LinkId=153505) - -- [Planning Guide for Microsoft Advanced Group Policy Management](https://go.microsoft.com/fwlink/?LinkId=156883) (https://go.microsoft.com/fwlink/?LinkId=156883) - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm40.md) - - - - - - - - - diff --git a/mdop/agpm/move-the-agpm-server-and-the-archive.md b/mdop/agpm/move-the-agpm-server-and-the-archive.md deleted file mode 100644 index 1c4ba6015e..0000000000 --- a/mdop/agpm/move-the-agpm-server-and-the-archive.md +++ /dev/null @@ -1,82 +0,0 @@ ---- -title: Move the AGPM Server and the Archive -description: Move the AGPM Server and the Archive -author: dansimp -ms.assetid: 13cb83c4-bb42-4e81-8660-5b7540f473d8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Move the AGPM Server and the Archive - - -If you are replacing the AGPM Server and the server on which the archive is hosted, you must move the AGPM Service and the archive. If you prefer, you can move the AGPM Service and the archive separately. - -**Note**   -- The AGPM Server is the computer that hosts the AGPM Service and the computer on which Microsoft Advanced Group Policy Management – Server is installed. - -- By default, the archive is hosted on the AGPM Server, but you can specify an archive path to host it on another server instead. - - - -A user account that is a member of the Domain Admins group and has access to the previous and new AGPM Servers is required to complete this procedure. Additionally, you must provide credentials for the AGPM Service Account to be used by the new AGPM Server to complete this procedure. - -**To move the AGPM Service and the archive to a different server or servers** - -1. Back up the archive. For more information, see [Back Up the Archive](back-up-the-archive.md). - -2. Move the AGPM Service: - - 1. Stop the AGPM Service. For more information, see [Start and Stop the AGPM Service](start-and-stop-the-agpm-service-agpm30ops.md). - - 2. Install Microsoft Advanced Group Policy Management - Server on the new server that will host the AGPM Service. During this process, you specify the new archive path, the location for the archive in relation to the AGPM Server. For more information, see Step-by-Step Guide for Microsoft Advanced Group Policy Management 3.0 () and Planning Guide for Microsoft Advanced Group Policy Management (). - - 3. Either an AGPM Administrator (Full Control) must configure the AGPM Server connection for all Group Policy administrators who will use the new AGPM Server and remove the connection for the old AGPM Server, or else each Group Policy administrator must manually configure the new AGPM Server connection and remove the old AGPM Server connection for the AGPM snap-in on their computer. For more information, see [Configure AGPM Server Connections](configure-agpm-server-connections-agpm30ops.md). - - **Note**   - As a best practice, you should uninstall Microsoft Advanced Group Policy Management – Server from the previous AGPM Server. This will ensure that the AGPM Service cannot be unintentionally restarted on that server and potentially cause confusion if any AGPM Server connections to it remain. - - - -3. Copy the archive from the backup to the new server that will host the archive. For more information, see [Restore the Archive from a Backup](restore-the-archive-from-a-backup.md). - - **Important**   - If you moved the archive without moving the AGPM Service at the same time: - - 1. You must change the archive path to point to the new location for the archive in relation to the AGPM Server. For more information, see [Modify the AGPM Service](modify-the-agpm-service-agpm30ops.md). - - 2. You must re-enter and confirm the password on the **Domain Delegation** tab. For more information, see [Configure E-Mail Notification](configure-e-mail-notification-agpm30ops.md). - - - -### Additional references - -- [Back Up the Archive](back-up-the-archive.md) - -- [Restore the Archive from a Backup](restore-the-archive-from-a-backup.md) - -- [Configure AGPM Server Connections](configure-agpm-server-connections-agpm30ops.md) - -- [Modify the AGPM Service](modify-the-agpm-service-agpm30ops.md) - -- Step-by-Step Guide for Microsoft Advanced Group Policy Management 3.0 () - -- Planning Guide for Microsoft Advanced Group Policy Management () - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm30ops.md) - - - - - - - - - diff --git a/mdop/agpm/operations-guide-for-microsoft-advanced-group-policy-management-25.md b/mdop/agpm/operations-guide-for-microsoft-advanced-group-policy-management-25.md deleted file mode 100644 index d84f580b21..0000000000 --- a/mdop/agpm/operations-guide-for-microsoft-advanced-group-policy-management-25.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: Operations Guide for Microsoft Advanced Group Policy Management 2.5 -description: Operations Guide for Microsoft Advanced Group Policy Management 2.5 -author: dansimp -ms.assetid: 005f0bb5-789f-42a9-bcaf-7e8c31a8df66 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Operations Guide for Microsoft Advanced Group Policy Management 2.5 - - -You can use Microsoft Advanced Group Policy Management (AGPM) to extend the capabilities of the Group Policy Management Console (GPMC), providing comprehensive change control and enhanced management for Group Policy objects (GPOs). - -With AGPM you can: - -- Perform offline editing of GPOs, so you can create and test them before deploying to a production environment. - -- Retain multiple versions of a GPO in a central archive, so you can roll back if a problem occurs. - -- Share the responsibility for editing, approving, and reviewing GPOs among multiple people using role-based delegation. - -- Eliminate the danger of multiple Group Policy administrators overwriting each other's work by using a check-in/check-out capability for GPOs. - -- Analyze changes to a GPO, comparing it to another GPO or another version of the same GPO using difference reporting. - -- Simplify the creation of new GPOs by using GPO templates, storing standard settings to use as starting points for new GPOs. - -AGPM adds a **Change Control** node under each domain displayed in the GPMC, as well as **History** and **Extensions** tabs for each GPO and Group Policy link displayed in the GPMC. - -- [Overview of Advanced Group Policy Management](overview-of-advanced-group-policy-management.md) - -- [Checklist: Create, Edit, and Deploy a GPO](checklist-create-edit-and-deploy-a-gpo.md) - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks.md) - -- [Performing Editor Tasks](performing-editor-tasks.md) - -- [Performing Approver Tasks](performing-approver-tasks.md) - -- [Performing Reviewer Tasks](performing-reviewer-tasks.md) - -- [Troubleshooting Advanced Group Policy Management](troubleshooting-advanced-group-policy-management.md) - -- [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management.md) - -  - -  - - - - - diff --git a/mdop/agpm/operations-guide-for-microsoft-advanced-group-policy-management-30-agpm30ops.md b/mdop/agpm/operations-guide-for-microsoft-advanced-group-policy-management-30-agpm30ops.md deleted file mode 100644 index 1b9ebfc6e4..0000000000 --- a/mdop/agpm/operations-guide-for-microsoft-advanced-group-policy-management-30-agpm30ops.md +++ /dev/null @@ -1,65 +0,0 @@ ---- -title: Operations Guide for Microsoft Advanced Group Policy Management 3.0 -description: Operations Guide for Microsoft Advanced Group Policy Management 3.0 -author: dansimp -ms.assetid: aaefe6d1-a9e5-43eb-b4d8-85880798cb8b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Operations Guide for Microsoft Advanced Group Policy Management 3.0 - - -You can use Microsoft Advanced Group Policy Management (AGPM) to extend the capabilities of the Group Policy Management Console (GPMC), providing comprehensive change control and enhanced management for Group Policy Objects (GPOs). - -With AGPM you can: - -- Perform offline editing of GPOs, so you can create and test them before deploying to a production environment. - -- Retain multiple versions of a GPO in a central archive, so you can roll back if a problem occurs. - -- Share the responsibility for editing, approving, and reviewing GPOs among multiple people using role-based delegation. - -- Eliminate the danger of multiple Group Policy administrators overwriting each other's work by using a check-in/check-out capability for GPOs. - -- Analyze changes to a GPO, comparing it to another GPO or another version of the same GPO using difference reporting. - -- Simplify the creation of new GPOs by using GPO templates, storing standard settings to use as starting points for new GPOs. - -AGPM adds a **Change Control** folder under each domain displayed in the GPMC, as well as a **History** tab for each GPO and Group Policy link displayed in the GPMC. - -- [Overview of Advanced Group Policy Management](overview-of-advanced-group-policy-management-agpm30ops.md) - -- [Best Practices for Version Control](best-practices-for-version-control.md) - -- [Checklist: Administer the AGPM Server and Archive](checklist-administer-the-agpm-server-and-archive.md) - -- [Checklist: Create, Edit, and Deploy a GPO](checklist-create-edit-and-deploy-a-gpo-agpm30ops.md) - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm30ops.md) - -- [Performing Editor Tasks](performing-editor-tasks-agpm30ops.md) - -- [Performing Approver Tasks](performing-approver-tasks-agpm30ops.md) - -- [Performing Reviewer Tasks](performing-reviewer-tasks-agpm30ops.md) - -- [Troubleshooting Advanced Group Policy Management](troubleshooting-advanced-group-policy-management-agpm30ops.md) - -- [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/operations-guide-for-microsoft-advanced-group-policy-management-40.md b/mdop/agpm/operations-guide-for-microsoft-advanced-group-policy-management-40.md deleted file mode 100644 index c4c260282d..0000000000 --- a/mdop/agpm/operations-guide-for-microsoft-advanced-group-policy-management-40.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: Operations Guide for Microsoft Advanced Group Policy Management 4.0 -description: Operations Guide for Microsoft Advanced Group Policy Management 4.0 -author: dansimp -ms.assetid: 0bafeba3-20a9-4360-be5d-03f786df11ee -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Operations Guide for Microsoft Advanced Group Policy Management 4.0 - - -You can use Microsoft Advanced Group Policy Management (AGPM) to extend the capabilities of the Group Policy Management Console (GPMC). AGPM provides comprehensive change control and improved management of Group Policy Objects (GPOs). - -Using AGPM, you can do these tasks: - -- Perform offline editing of GPOs so that you can create and test them before you deploy them to a production environment. - -- Maintain multiple versions of a GPO in a central archive so that you can roll back if a problem occurs. - -- Share the responsibility for editing, approving, and reviewing GPOs among multiple people by using role-based delegation. - -- Eliminate the danger of multiple Group Policy administrators overwriting one another's work by using the check-in and check-out capability for GPOs. - -- Analyze changes to a GPO, comparing it to another GPO or another version of the same GPO by using difference reporting. - -- Simplify creating new GPOs by using GPO templates, storing common policy settings and preference settings to use as starting points for new GPOs. - -- Delegate access to the production environment. - -- Search for GPOs with specific attributes and filter the list of GPOs displayed. - -- Export a GPO to a file so that you can copy it from a domain in a test forest to a domain in a production forest. - -AGPM adds a **Change Control** folder under each domain displayed in the GPMC, in addition to a **History** tab for each GPO and Group Policy link displayed in the GPMC. - -- [Overview of Advanced Group Policy Management](overview-of-advanced-group-policy-management-agpm40.md) - -- [Best Practices for Version Control](best-practices-for-version-control-agpm40.md) - -- [Checklist: Administer the AGPM Server and Archive](checklist-administer-the-agpm-server-and-archive-agpm40.md) - -- [Checklist: Create, Edit, and Deploy a GPO](checklist-create-edit-and-deploy-a-gpo-agpm40.md) - -- [Search and Filter the List of GPOs](search-and-filter-the-list-of-gpos.md) - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm40.md) - -- [Performing Editor Tasks](performing-editor-tasks-agpm40.md) - -- [Performing Approver Tasks](performing-approver-tasks-agpm40.md) - -- [Performing Reviewer Tasks](performing-reviewer-tasks-agpm40.md) - -- [Troubleshooting AGPM](troubleshooting-agpm-agpm40.md) - -- [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/other-enhancements-to-the-gpmc.md b/mdop/agpm/other-enhancements-to-the-gpmc.md deleted file mode 100644 index b4bf662f24..0000000000 --- a/mdop/agpm/other-enhancements-to-the-gpmc.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: Other Enhancements to the GPMC -description: Other Enhancements to the GPMC -author: dansimp -ms.assetid: ef344101-17e1-4e06-9dc8-2f20ca796774 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Other Enhancements to the GPMC - - -Advanced Group Policy Management (AGPM) adds a **History** tab and an **Extensions** tab to extend the functionality of the **Group Policy Management Console** (GPMC). - -## History tab - - -AGPM adds a **History** tab to all Group Policy objects (GPOs) and Group Policy links displayed in the GPMC. The features of the **History** tab in the details pane of a GPO are the same as those of the **History** window displayed through the **Change Control** tab. For information about these features, see [History Window](history-window.md). - -## Extensions tab - - -In the Microsoft Windows Server® 2003 operating system, AGPM adds an **Extensions** tab to all GPOs and Group Policy links displayed in the GPMC. This tab lists all extensions that have settings in the GPO (or all registered extensions if **Show all registered extensions** is checked) and identifies them as part of the user or computer context. - -### Additional references - -- [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management.md) - -  - -  - - - - - diff --git a/mdop/agpm/overview-of-advanced-group-policy-management-agpm30ops.md b/mdop/agpm/overview-of-advanced-group-policy-management-agpm30ops.md deleted file mode 100644 index 19cb9b5a66..0000000000 --- a/mdop/agpm/overview-of-advanced-group-policy-management-agpm30ops.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -title: Overview of Advanced Group Policy Management -description: Overview of Advanced Group Policy Management -author: dansimp -ms.assetid: 3a8d1e58-12b9-42bd-898f-6d57514dfbb9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Overview of Advanced Group Policy Management - - -You can use Advanced Group Policy Management (AGPM) to extend the capabilities of the Group Policy Management Console (GPMC) to provide comprehensive change control and improved management for Group Policy Objects (GPOs). - -## Group Policy object development with change control - - -With AGPM, you can store a copy of each GPO in a central archive so that Group Policy administrators can view and change it offline without immediately affecting the deployed version of the GPO. Additionally, AGPM stores a copy of each version of each controlled GPO in the archive so that you can roll back to an earlier version if necessary. - -The terms "check in" and "check out" are used just as in a library (or in applications that provide change control, version control, or source control for programming development). To use a book that is in a library, you check it out from the library. No one else can use it while you have it checked out. When you are finished with the book, you check it back into the library, so others can use it. - -When you develop GPOs by using AGPM: - -1. Create a new controlled GPO or control a previously uncontrolled GPO. - -2. Check out the GPO, so that you and only you can change it. - -3. Edit the GPO. - -4. Check in the edited GPO, so that others can change it, or so that it can be deployed. - -5. Review the changes. - -6. Deploy the GPO to the production environment. - -## Role-based delegation - - -AGPM provides comprehensive, easy-to-use role-based delegation for managing access to GPOs in the archive. Domain-level permissions enable AGPM Administrators to provide access to individual domains without providing access to other domains. GPO-based delegation enables AGPM Administrators to provide access to specific GPOs without providing domain-wide access. - -Within AGPM, there are specifically defined roles: AGPM Administrator (Full Control), Approver, Editor, and Reviewer. The AGPM Administrator role includes the permissions for all other roles. By default, only Approvers have the power to deploy GPOs to the production environment, protecting the environment from mistakes by less experienced Editors. Also by default, all roles include the Reviewer role and therefore the ability to view GPO settings in reports. However, AGPM provides an AGPM Administrator with the flexibility to customize GPO access to fit the needs of your organization. - -## Delegation in a multiple Group Policy administrator environment - - -In an environment where multiple people change GPOs, an AGPM Administrator delegates permission to Editors, Approvers, and Reviewers, either as groups or as individuals. For a typical GPO development process for an Editor and an Approver, see [Checklist: Create, Edit, and Deploy a GPO](checklist-create-edit-and-deploy-a-gpo-agpm30ops.md). - -### Additional references - -- [Operations Guide for Microsoft Advanced Group Policy Management 3.0](operations-guide-for-microsoft-advanced-group-policy-management-30-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/overview-of-advanced-group-policy-management-agpm40.md b/mdop/agpm/overview-of-advanced-group-policy-management-agpm40.md deleted file mode 100644 index a9b6c13c20..0000000000 --- a/mdop/agpm/overview-of-advanced-group-policy-management-agpm40.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: Overview of Advanced Group Policy Management -description: Overview of Advanced Group Policy Management -author: dansimp -ms.assetid: 2c12f3b4-8472-4c5b-b7f8-1c98a80d6b47 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Overview of Advanced Group Policy Management - - -You can use Advanced Group Policy Management (AGPM) to extend the capabilities of the Group Policy Management Console (GPMC) to provide comprehensive change control and improved management for Group Policy Objects (GPOs). - -## Group Policy object development with change control - - -With AGPM, you can store a copy of each GPO in a central archive so that Group Policy administrators can view and change it offline without immediately affecting the deployed version of the GPO. Additionally, AGPM stores a copy of each version of each controlled GPO in the archive so that you can roll back to an earlier version if necessary. - -The terms "check in" and "check out" are used just as in a library (or in applications that provide change control, version control, or source control for programming development). To use a book that is in a library, you check it out from the library. No one else can use it while you have it checked out. When you are finished with the book, you check it back into the library, so others can use it. - -To use these GPO control features, you will click a Change Control node in the Group Policy Management editor. The Change Control node appears only if you have installed the AGPM Client. - -When you develop GPOs by using AGPM: - -1. Create a new controlled GPO or control a previously uncontrolled GPO. - -2. Check out the GPO, so that you and only you can change it. - -3. Edit the GPO. - -4. Check in the edited GPO, so that others can change it, or so that it can be deployed. - -5. Review the changes. - -6. Deploy the GPO to the production environment. - -## Role-based delegation - - -AGPM provides comprehensive, easy-to-use role-based delegation for managing access to GPOs in the archive. Domain-level permissions enable AGPM Administrators to provide access to individual domains without providing access to other domains. GPO-based delegation enables AGPM Administrators to provide access to specific GPOs without providing domain-wide access. - -Within AGPM, there are specifically defined roles: AGPM Administrator (Full Control), Approver, Editor, and Reviewer. The AGPM Administrator role includes the permissions for all other roles. By default, only Approvers have the power to deploy GPOs to the production environment of a domain, protecting the environment from mistakes by less experienced Editors. Also by default, all roles include the Reviewer role and therefore the ability to view GPO settings in reports. However, AGPM provides an AGPM Administrator with the flexibility to customize GPO access to fit the needs of your organization. - -## Delegation in a multiple Group Policy administrator environment - - -In an environment where multiple people change GPOs, an AGPM Administrator delegates permission to Editors, Approvers, and Reviewers, either as groups or as individuals. For a typical GPO development process for an Editor and an Approver, see [Checklist: Create, Edit, and Deploy a GPO](checklist-create-edit-and-deploy-a-gpo-agpm40.md). - -### Additional references - -- [Advanced Group Policy Management 4.0](advanced-group-policy-management-40.md) - -  - -  - - - - - diff --git a/mdop/agpm/overview-of-advanced-group-policy-management.md b/mdop/agpm/overview-of-advanced-group-policy-management.md deleted file mode 100644 index ab987de9d0..0000000000 --- a/mdop/agpm/overview-of-advanced-group-policy-management.md +++ /dev/null @@ -1,78 +0,0 @@ ---- -title: Overview of Advanced Group Policy Management -description: Overview of Advanced Group Policy Management -author: dansimp -ms.assetid: 028de9dd-848b-42bc-a982-65ba5c433772 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Overview of Advanced Group Policy Management - - -You can use Advanced Group Policy Management (AGPM) to extend the capabilities of the Group Policy Management Console (GPMC), providing comprehensive change control and enhanced management for Group Policy objects (GPOs). - -## Group Policy object development with change control - - -With AGPM, you can store a copy of each GPO in a central archive, so Group Policy administrators can view and modify it offline without immediately impacting the deployed version of the GPO. Additionally, AGPM stores a copy of each version of each controlled GPO in the archive so that you can roll back to an earlier version if needed. - -The terms "check in" and "check out" are used in much the same way as in a library (or in applications that provide change control, version control, or source code control for programming development). To use a book that is in a library, you check it out from the library. No one else can use it while you have it checked out. When you are finished with the book, you check it back into the library, so others can use it. - -When developing GPOs using AGPM: - -1. Create a new controlled GPO or control a previously uncontrolled GPO. - -2. Check out the GPO, so you and only you can modify it. - -3. Edit the GPO. - -4. Check in the edited GPO, so others can modify it, or so it can be deployed. - -5. Review the changes. - -6. Deploy the GPO to the production environment. - -## Role-based delegation - - -AGPM provides comprehensive, easy-to-use role-based delegation. Domain-level permissions allow AGPM Administrators to provide access to individual domains without providing access to other domains. GPO-based delegation enables AGPM Administrators to allow access only to specific GPOs. - -Within AGPM, there are specifically defined roles: AGPM Administrator (Full Control), Approver, Editor, and Reviewer. The AGPM Administrator role includes the permissions for all other roles. By default, only Approvers have the power to deploy GPOs to the production environment, protecting the environment from inadvertent mistakes by less experienced Editors. Also by default, all roles include the Reviewer role and therefore the ability to view GPO settings in reports. However, AGPM provides an AGPM Administrator with the flexibility to customize GPO access to fit the needs of your organization. - -## Delegation in a multiple Group Policy administrator environment - - -In an environment where multiple people make changes to GPOs, an AGPM Administrator delegates permission to Editors, Approvers, and Reviewers, either as groups or as individuals. For a typical GPO development process for an Editor and an Approver, see [Checklist: Create, Edit, and Deploy a GPO](checklist-create-edit-and-deploy-a-gpo.md). - -### Additional references - -- [Checklist: Create, Edit, and Deploy a GPO](checklist-create-edit-and-deploy-a-gpo.md) - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks.md) - -- [Performing Editor Tasks](performing-editor-tasks.md) - -- [Performing Approver Tasks](performing-approver-tasks.md) - -- [Performing Reviewer Tasks](performing-reviewer-tasks.md) - -- [Troubleshooting Advanced Group Policy Management](troubleshooting-advanced-group-policy-management.md) - -- [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management.md) - -  - -  - - - - - diff --git a/mdop/agpm/pending-gpo-commands-agpm30ops.md b/mdop/agpm/pending-gpo-commands-agpm30ops.md deleted file mode 100644 index 335ce54580..0000000000 --- a/mdop/agpm/pending-gpo-commands-agpm30ops.md +++ /dev/null @@ -1,137 +0,0 @@ ---- -title: Pending GPO Commands -description: Pending GPO Commands -author: dansimp -ms.assetid: 3868dda0-8a41-4bba-9b0c-9f656f9a3cd5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Pending GPO Commands - - -The **Pending** tab: - -- Displays a list of Group Policy Objects (GPOs) with pending requests for GPO management actions (such as creation, control, deployment, or deletion). - -- Provides a shortcut menu with commands for responding to pending requests and for displaying the history and reports for GPOs. - -- Displays a list of the groups and users who have permission to access a selected GPO. - -Right-clicking the **Group Policy Objects** list on this tab displays a shortcut menu, including whichever of the following options are applicable. - -## Control and history - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
CommandEffect

History

Open a window listing all versions of the selected GPO saved within the archive. From the history, you can obtain a report of the settings within a GPO, compare two versions of a GPO, compare a GPO to a template, or roll back to a previous version of a GPO.

Withdraw

Withdraw your pending request to create, control, or delete the selected GPO before the request has been approved.

Approve

Complete a pending request from an Editor to create, control, or delete the selected GPO.

Reject

Deny a pending request from an Editor to create, control, or delete the selected GPO.

- -  - -## Reports - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Settings

Generate an HTML-based or XML-based report displaying the settings within the selected GPO or display links to the selected GPOs from organizational units as of when the GPOs are most recently controlled, imported, or checked in.

Differences

Generate an HTML-based or XML-based report comparing the settings within two selected GPOs or within the selected GPO and a template.

- -  - -## Miscellaneous - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Refresh

Update the display of the Group Policy Management Console (GPMC) to incorporate any changes. Some changes are not visible until the display is refreshed.

Help

Display help for AGPM.

- -  - -### Additional references - -- [Contents Tab](contents-tab-agpm30ops.md) - -- [Performing Approver Tasks](performing-approver-tasks-agpm30ops.md) - -- [Performing Reviewer Tasks](performing-reviewer-tasks-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/pending-gpo-commands-agpm40.md b/mdop/agpm/pending-gpo-commands-agpm40.md deleted file mode 100644 index 828e0f34aa..0000000000 --- a/mdop/agpm/pending-gpo-commands-agpm40.md +++ /dev/null @@ -1,137 +0,0 @@ ---- -title: Pending GPO Commands -description: Pending GPO Commands -author: dansimp -ms.assetid: b62f49e1-43ab-4c93-8102-96cd97a4adad -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Pending GPO Commands - - -The **Pending** tab: - -- Displays a list of Group Policy Objects (GPOs) with pending requests for GPO management actions (such as creation, control, deployment, or deletion). - -- Provides a shortcut menu with commands for responding to pending requests and for displaying the history and reports for GPOs. - -- Displays a list of the groups and users who have permission to access a selected GPO. - -Right-clicking the **Group Policy Objects** list on this tab displays a shortcut menu, including whichever of the following options are applicable. - -## Control and history - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
CommandEffect

History

Open a window listing all versions of the selected GPO saved within the archive. From the history, you can obtain a report of the settings within a GPO, compare two versions of a GPO, compare a GPO to a template, or roll back to an earlier version of a GPO.

Withdraw

Withdraw your pending request to create, control, or delete the selected GPO before the request has been approved.

Approve

Complete a pending request from an Editor to create, control, or delete the selected GPO.

Reject

Deny a pending request from an Editor to create, control, or delete the selected GPO.

- -  - -## Reports - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Settings

Generate an HTML-based or XML-based report displaying the settings within the selected GPO or display links to the selected GPOs from organizational units as of when the GPOs are most recently controlled, imported, or checked in.

Differences

Generate an HTML-based or XML-based report comparing the settings within two selected GPOs or within the selected GPO and a template.

- -  - -## Miscellaneous - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Refresh

Update the display of the Group Policy Management Console (GPMC) to incorporate any changes. Some changes are not visible until the display is refreshed.

Help

Display help for AGPM.

- -  - -### Additional references - -- [Contents Tab](contents-tab-agpm40.md) - -- [Performing Approver Tasks](performing-approver-tasks-agpm40.md) - -- [Performing Reviewer Tasks](performing-reviewer-tasks-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/pending-tab.md b/mdop/agpm/pending-tab.md deleted file mode 100644 index b3797e17cc..0000000000 --- a/mdop/agpm/pending-tab.md +++ /dev/null @@ -1,137 +0,0 @@ ---- -title: Pending Tab -description: Pending Tab -author: dansimp -ms.assetid: 54a9a977-c0bc-4553-922b-b2e10e162df9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Pending Tab - - -The **Pending** tab: - -- Displays a list of Group Policy objects (GPOs) with pending requests for GPO management actions (such as creation, control, deployment, or deletion). - -- Provides a shortcut menu with commands for responding to pending requests and for displaying the history and reports for GPOs. - -- Displays a list of the groups and users who have permission to access a selected GPO. - -Right-clicking the **Group Policy Objects** list on this tab displays a shortcut menu, including whichever of the following options are applicable. - -## Control and history - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
CommandEffect

History

Open a window listing all versions of the selected GPO saved within the archive. From the history, you can obtain a report of the settings within a GPO, compare two versions of a GPO, compare a GPO to a template, or roll back to a previous version of a GPO.

Withdraw

Withdraw your pending request to create, control, or delete the selected GPO before the request has been approved.

Approve

Complete a pending request from an Editor to create, control, or delete the selected GPO.

Reject

Deny a pending request from an Editor to create, control, or delete the selected GPO.

- -  - -## Reports - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Settings

Generate an HTML-based or XML-based report displaying the settings within the selected GPO or display links to the selected GPOs from organizational units as of when the GPOs are most recently controlled, imported, or checked in.

Differences

Generate an HTML-based or XML-based report comparing the settings within two selected GPOs or within the selected GPO and a template.

- -  - -## Miscellaneous - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Refresh

Update the display of the Group Policy Management Console to incorporate any changes. Some changes are not visible until the display is refreshed.

Help

Display help for AGPM.

- -  - -### Additional references - -- [Contents Tab](contents-tab.md) - -- [Performing Approver Tasks](performing-approver-tasks.md) - -- [Performing Reviewer Tasks](performing-reviewer-tasks.md) - -  - -  - - - - - diff --git a/mdop/agpm/performing-agpm-administrator-tasks-agpm30ops.md b/mdop/agpm/performing-agpm-administrator-tasks-agpm30ops.md deleted file mode 100644 index d3dd8dcca6..0000000000 --- a/mdop/agpm/performing-agpm-administrator-tasks-agpm30ops.md +++ /dev/null @@ -1,71 +0,0 @@ ---- -title: Performing AGPM Administrator Tasks -description: Performing AGPM Administrator Tasks -author: dansimp -ms.assetid: 9678b0f4-70a5-411e-a896-afa4dc9ea6c4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Performing AGPM Administrator Tasks - - -In Advanced Group Policy Management (AGPM), an AGPM Administrator (Full Control) configures domain-wide options and delegates permissions to Approvers, Editors, Reviewers, and other AGPM Administrators. By default, an AGPM Administrator is an individual with Full Control—all AGPM permissions—and who therefore can perform tasks associated with any role. - -In an environment in which multiple people develop Group Policy Objects (GPOs), you can choose whether all AGPM users perform the same tasks and have the same level of access or whether AGPM Administrators delegate permissions to Editors who make changes to GPOs and to Approvers who deploy GPOs to the production environment. AGPM Administrators can configure permissions to meet the needs of your organization. - -- [Configuring Advanced Group Policy Management](configuring-advanced-group-policy-management.md): Configure the AGPM Server Connection and e-mail notification, delegate access to GPOs in the production environment, and configure logging and tracing for troubleshooting. - -- [Managing the Archive](managing-the-archive.md): Delegate access to GPOs in the archive and limit the number of versions of each GPO stored. - -- [Managing the AGPM Service](managing-the-agpm-service-agpm30ops.md): Stop and start the AGPM Service or change the archive path, the AGPM Service Account, or the port on which the AGPM Service listens. - -- [Move the AGPM Server and the Archive](move-the-agpm-server-and-the-archive.md): Move the AGPM Service, the archive, or both to a different server. - -Also, because the AGPM Administrator role includes the permissions for all other roles, an AGPM Administrator can perform the tasks normally associated with any other role. - -- [Performing Approver Tasks](performing-approver-tasks-agpm30ops.md), such as creating, deploying, or deleting GPOs - -- [Performing Editor Tasks](performing-editor-tasks-agpm30ops.md), such as editing, renaming, labeling, or importing GPOs, creating templates, or setting a default template - -- [Performing Reviewer Tasks](performing-reviewer-tasks-agpm30ops.md), such as reviewing settings and comparing GPOs - -### Additional considerations - -By default, the AGPM Administrator role has Full Control—all AGPM permissions: - -- List Contents - -- Read Settings - -- Edit Settings - -- Create GPO - -- Deploy GPO - -- Delete GPO - -- Modify Options - -- Modify Security - -- Create Template - -The **Modify Options** and **Modify Security** permissions are unique to the role of AGPM Administrator. - -  - -  - - - - - diff --git a/mdop/agpm/performing-agpm-administrator-tasks-agpm40.md b/mdop/agpm/performing-agpm-administrator-tasks-agpm40.md deleted file mode 100644 index 73153462b6..0000000000 --- a/mdop/agpm/performing-agpm-administrator-tasks-agpm40.md +++ /dev/null @@ -1,78 +0,0 @@ ---- -title: Performing AGPM Administrator Tasks -description: Performing AGPM Administrator Tasks -author: dansimp -ms.assetid: bc746f39-bdc9-4e2a-bc48-c3c7905de098 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Performing AGPM Administrator Tasks - - -Advanced Group Policy Management (AGPM) lets an AGPM Administrator (Full Control) configure domain-wide options and delegate permissions to Approvers, Editors, Reviewers, and AGPM Administrators. By default, an AGPM Administrator is someone who has Full Control— all AGPM permissions—and who therefore can perform tasks associated with any role. - -In an environment in which multiple people develop Group Policy Objects (GPOs), you can choose to let all Group Policy administrators perform the same tasks and have the same level of access. Or, you can choose to let AGPM Administrators delegate permissions to Editors who can change GPOs and to Approvers who deploy GPOs to the production environment. AGPM Administrators can configure permissions to meet the needs of your organization. - -- [Configuring Advanced Group Policy Management](configuring-advanced-group-policy-management-agpm40.md): Configure the AGPM Server Connection and e-mail notification, delegate access to GPOs in the production environment, and configure logging and tracing for troubleshooting. - -- [Managing the Archive](managing-the-archive-agpm40.md): Delegate access to GPOs in the archive, limit the number of versions of each GPO stored, import a GPO from another domain, and back up and restore the archive. - -- [Managing the AGPM Service](managing-the-agpm-service-agpm40.md): Stop and start the AGPM Service or change the archive path, the AGPM Service Account, or the port on which the AGPM Service listens. - -- [Move the AGPM Server and the Archive](move-the-agpm-server-and-the-archive-agpm40.md): Move the AGPM Service, the archive, or both to a different server. - -**Note**   -Because the AGPM Administrator role includes the permissions for all other roles, an AGPM Administrator can perform the tasks usually associated with any other role. - -[Performing Approver Tasks](performing-approver-tasks-agpm40.md), such as creating, deploying, or deleting GPOs - -[Performing Editor Tasks](performing-editor-tasks-agpm40.md), such as editing, renaming, labeling, or importing GPOs, creating templates, or setting a default template - -[Performing Reviewer Tasks](performing-reviewer-tasks-agpm40.md), such as reviewing settings and comparing GPOs - - - -### Additional considerations - -By default, the AGPM Administrator role has Full Control—all AGPM permissions: - -- List Contents - -- Read Settings - -- Edit Settings - -- Create GPO - -- Deploy GPO - -- Delete GPO - -- Export GPO - -- Import GPO - -- Create Template - -- Modify Options - -- Modify Security - -The **Modify Options** and **Modify Security** permissions are unique to the role of AGPM Administrator. - - - - - - - - - diff --git a/mdop/agpm/performing-agpm-administrator-tasks.md b/mdop/agpm/performing-agpm-administrator-tasks.md deleted file mode 100644 index 621841c925..0000000000 --- a/mdop/agpm/performing-agpm-administrator-tasks.md +++ /dev/null @@ -1,83 +0,0 @@ ---- -title: Performing AGPM Administrator Tasks -description: Performing AGPM Administrator Tasks -author: dansimp -ms.assetid: 32e694a7-be64-4943-bce2-2a3a15e5341f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Performing AGPM Administrator Tasks - - -An AGPM Administrator (Full Control) configures domain-wide options and delegates permissions to Approvers, Editors, Reviewers, and other AGPM Administrators. By default, an AGPM Administrator is an individual with Full Control (all Advanced Group Policy Management \[AGPM\] permissions) and therefore can also perform tasks associated with any role. - -In an environment in which multiple people develop Group Policy objects (GPOs), you can choose whether all Advanced Group Policy Management (AGPM) users perform the same tasks and have the same level of access or whether AGPM Administrators delegate permissions to Editors who make changes to GPOs and to Approvers who deploy GPOs to the production environment. AGPM Administrators can configure permissions to meet the needs of your organization. - -- [Configure the AGPM Server Connection](configure-the-agpm-server-connection.md) - -- [Configure E-Mail Notification](configure-e-mail-notification.md) - -- [Delegate Domain-Level Access](delegate-domain-level-access.md) - -- [Delegate Access to an Individual GPO](delegate-access-to-an-individual-gpo.md) - -- [Configure Logging and Tracing](configure-logging-and-tracing.md) - -- [Managing the AGPM Service](managing-the-agpm-service.md) - - - [Start and Stop the AGPM Service](start-and-stop-the-agpm-service.md) - - - [Modify the Archive Path](modify-the-archive-path.md) - - - [Modify the AGPM Service Account](modify-the-agpm-service-account.md) - - - [Modify the Port on Which the AGPM Service Listens](modify-the-port-on-which-the-agpm-service-listens.md) - -Also, because the AGPM Administrator role includes the permissions for all other roles, an AGPM Administrator can perform the tasks normally associated with any other role. - -- [Performing Approver Tasks](performing-approver-tasks.md), such as creating, deploying, or deleting GPOs - -- [Performing Editor Tasks](performing-editor-tasks.md), such as editing, renaming, labeling, or importing GPOs, creating templates, or setting a default template - -- [Performing Reviewer Tasks](performing-reviewer-tasks.md), such as reviewing settings and comparing GPOs - -### Additional considerations - -By default, the AGPM Administrator role has Full Control—all AGPM permissions: - -- List Contents - -- Read Settings - -- Edit Settings - -- Create GPO - -- Deploy GPO - -- Delete GPO - -- Modify Options - -- Modify Security - -- Create Template - -The **Modify Options** and **Modify Security** permissions are unique to the role of AGPM Administrator. - -  - -  - - - - - diff --git a/mdop/agpm/performing-approver-tasks-agpm30ops.md b/mdop/agpm/performing-approver-tasks-agpm30ops.md deleted file mode 100644 index 354cf61ee9..0000000000 --- a/mdop/agpm/performing-approver-tasks-agpm30ops.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: Performing Approver Tasks -description: Performing Approver Tasks -author: dansimp -ms.assetid: 9f711824-191b-4b4b-a1c6-a3b2116006a4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Performing Approver Tasks - - -An Approver is a person authorized by an AGPM Administrator (Full Control) to create, deploy, and delete Group Policy Objects (GPOs) and to approve or reject requests (typically from Editors) to create, deploy, or delete GPOs. - -**Important**   -Make sure that you are connecting to the central archive for GPOs. For more information, see [Configure an AGPM Server Connection](configure-an-agpm-server-connection-reviewer-agpm30ops.md). - - - -- [Approve or Reject a Pending Action](approve-or-reject-a-pending-action-agpm30ops.md) - -- [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-editor-agpm30ops.md) - -- [Check In a GPO](check-in-a-gpo-agpm30ops.md) - -- [Deploy a GPO](deploy-a-gpo-agpm30ops.md) - -- [Roll Back to a Previous Version of a GPO](roll-back-to-a-previous-version-of-a-gpo-agpm30ops.md) - -- [Deleting, Restoring, or Destroying a GPO](deleting-restoring-or-destroying-a-gpo-agpm30ops.md) - -**Note**   -Before approving a GPO, an Approver should review the policy settings that it contains. The Approver role includes the permissions for the Reviewer role, so that an Approver can review policy settings and compare GPOs. See [Performing Reviewer Tasks](performing-reviewer-tasks-agpm30ops.md) for more information. - - - -### Additional considerations - -By default, the following permissions are provided for the Approver role: - -- List Contents - -- Read Settings - -- Create GPO - -- Deploy GPO - -- Delete GPO - -Also, an Approver has full control over GPOs that he created or controlled. - - - - - - - - - diff --git a/mdop/agpm/performing-approver-tasks-agpm40.md b/mdop/agpm/performing-approver-tasks-agpm40.md deleted file mode 100644 index 85377d6b65..0000000000 --- a/mdop/agpm/performing-approver-tasks-agpm40.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: Performing Approver Tasks -description: Performing Approver Tasks -author: dansimp -ms.assetid: e0a4b7fe-ce69-4755-9104-c7f523ea6b62 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Performing Approver Tasks - - -An Approver is a person authorized by an AGPM Administrator (Full Control) to create, deploy, and delete Group Policy Objects (GPOs) and to approve or reject requests (typically from Editors) to create, deploy, or delete GPOs. - -**Important**   -Make sure that you are connecting to the central archive for GPOs. For more information, see [Configure an AGPM Server Connection](configure-an-agpm-server-connection-agpm40.md). - - - -- [Approve or Reject a Pending Action](approve-or-reject-a-pending-action-agpm40.md) - -- [Creating or Controlling a GPO](creating-or-controlling-a-gpo-agpm40-app.md) - -- [Check In a GPO](check-in-a-gpo-agpm40.md) - -- [Deploy a GPO](deploy-a-gpo-agpm40.md) - -- [Roll Back to an Earlier Version of a GPO](roll-back-to-an-earlier-version-of-a-gpo-agpm40.md) - -- [Deleting, Restoring, or Destroying a GPO](deleting-restoring-or-destroying-a-gpo-agpm40.md) - -**Note**   -Before approving a GPO, an Approver should review the policy settings that it contains. The Approver role includes the permissions for the Reviewer role, so that an Approver can review policy settings and compare GPOs. See [Performing Reviewer Tasks](performing-reviewer-tasks-agpm40.md) for more information. - - - -### Additional considerations - -By default, the following permissions are provided for the Approver role: - -- List Contents - -- Read Settings - -- Create GPO - -- Deploy GPO - -- Delete GPO - -Also, an Approver has full control over GPOs that he created or controlled. - - - - - - - - - diff --git a/mdop/agpm/performing-approver-tasks.md b/mdop/agpm/performing-approver-tasks.md deleted file mode 100644 index 643f462b96..0000000000 --- a/mdop/agpm/performing-approver-tasks.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: Performing Approver Tasks -description: Performing Approver Tasks -author: dansimp -ms.assetid: 6f6310b3-19c1-47c9-8615-964ddd10ce14 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Performing Approver Tasks - - -An Approver is a person authorized by an AGPM Administrator (Full Control) to create, deploy, and delete Group Policy objects (GPOs) and to approve or reject requests (typically from Editors) to create, deploy, or delete GPOs. - -**Important**   -Ensure that you are connecting to the central archive for GPOs. For more information, see [Configure the AGPM Server Connection](configure-the-agpm-server-connection-reviewer.md). - - - -- [Approve or Reject a Pending Action](approve-or-reject-a-pending-action.md) - -- [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-approver.md) - -- [Check In a GPO](check-in-a-gpo-approver.md) - -- [Deploy a GPO](deploy-a-gpo.md) - -- [Roll Back to a Previous Version of a GPO](roll-back-to-a-previous-version-of-a-gpo.md) - -- [Deleting, Restoring, or Destroying a GPO](deleting-restoring-or-destroying-a-gpo.md) - -**Note**   -Because the Approver role includes the permissions for the Reviewer role, an Approver can also review settings and compare GPOs. See [Performing Reviewer Tasks](performing-reviewer-tasks.md) for more information. - - - -### Additional considerations - -By default, the following permissions are provided for the Approver role: - -- List Contents - -- Read Settings - -- Create GPO - -- Deploy GPO - -- Delete GPO - -Also, an Approver has full control over GPOs that he created or controlled. - - - - - - - - - diff --git a/mdop/agpm/performing-editor-tasks-agpm30ops.md b/mdop/agpm/performing-editor-tasks-agpm30ops.md deleted file mode 100644 index 56a79bf8fa..0000000000 --- a/mdop/agpm/performing-editor-tasks-agpm30ops.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: Performing Editor Tasks -description: Performing Editor Tasks -author: dansimp -ms.assetid: d4ac3277-2557-41cf-ac90-5adb6c30687c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Performing Editor Tasks - - -An Editor is a person authorized by an AGPM Administrator (Full Control) to make changes to Group Policy Objects (GPOs) and create GPO templates. Additionally, an Editor can initiate the process of creating, deleting, or restoring a GPO, but by default must request approval from an Approver. - -**Important**   -Ensure that you are connecting to the central archive for GPOs. For more information, see [Configure an AGPM Server Connection](configure-an-agpm-server-connection-reviewer-agpm30ops.md). - - - -- [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-agpm30ops.md) - -- [Editing a GPO](editing-a-gpo-agpm30ops.md) - -- [Creating a Template and Setting a Default Template](creating-a-template-and-setting-a-default-template-agpm30ops.md) - -- [Deleting or Restoring a GPO](deleting-or-restoring-a-gpo-agpm30ops.md) - -**Note**   -Because the Editor role includes the permissions for the Reviewer role, an Editor can also review settings and compare GPOs. See [Performing Reviewer Tasks](performing-reviewer-tasks-agpm30ops.md) for more information. - - - -### Additional considerations - -By default, the following permissions are provided for the Editor role: - -- List Contents - -- Read Settings - -- Edit Settings - -- Create Template - - - - - - - - - diff --git a/mdop/agpm/performing-editor-tasks-agpm40.md b/mdop/agpm/performing-editor-tasks-agpm40.md deleted file mode 100644 index cdac449d72..0000000000 --- a/mdop/agpm/performing-editor-tasks-agpm40.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: Performing Editor Tasks -description: Performing Editor Tasks -author: dansimp -ms.assetid: 81976a01-2a95-4256-b703-9fb3c884ef34 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Performing Editor Tasks - - -In Advanced Group Policy Management (AGPM), an Editor is a person authorized by an AGPM Administrator (Full Control) to change Group Policy Objects (GPOs) and create GPO templates. Additionally, an Editor can request that a GPO be created, deleted, or restored. An Approver must approve the request for it to be implemented. An Editor can export a GPO to a file so that it can be copied to a domain in another forest, and import a GPO that was copied from another domain. - -**Important**   -Make sure that you are connecting to the central archive for GPOs. For more information, see [Configure an AGPM Server Connection](configure-an-agpm-server-connection-agpm40.md). - - - -- [Creating or Controlling a GPO](creating-or-controlling-a-gpo-agpm40-ed.md) - -- [Editing a GPO](editing-a-gpo-agpm40.md) - -- [Using a Test Environment](using-a-test-environment.md) - -- [Request Deployment of a GPO](request-deployment-of-a-gpo-agpm40.md) - -- [Creating a Template and Setting a Default Template](creating-a-template-and-setting-a-default-template-agpm40.md) - -- [Deleting or Restoring a GPO](deleting-or-restoring-a-gpo-agpm40.md) - -**Note**   -Because the Editor role includes the permissions for the Reviewer role, an Editor can also review settings and compare GPOs. See [Performing Reviewer Tasks](performing-reviewer-tasks-agpm40.md) for more information. - - - -### Additional considerations - -By default, the following permissions are provided for the Editor role: - -- List Contents - -- Read Settings - -- Edit Settings - -- Export GPO - -- Import GPO - -- Create Template - - - - - - - - - diff --git a/mdop/agpm/performing-editor-tasks.md b/mdop/agpm/performing-editor-tasks.md deleted file mode 100644 index e2b158f4f9..0000000000 --- a/mdop/agpm/performing-editor-tasks.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: Performing Editor Tasks -description: Performing Editor Tasks -author: dansimp -ms.assetid: b1e62615-2e02-460e-81d1-4a3fbe59f62d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Performing Editor Tasks - - -An Editor is a person authorized by an AGPM Administrator (Full Control) to make changes to Group Policy objects (GPOs) and create GPO templates. Additionally, an Editor can initiate the process of creating or deleting a GPO, but by default must request approval from an Approver. - -**Important**   -Ensure that you are connecting to the central archive for GPOs. For more information, see [Configure the AGPM Server Connection](configure-the-agpm-server-connection-reviewer.md). - - - -- [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-editor.md) - -- [Editing a GPO](editing-a-gpo.md) - -- [Creating a Template and Setting a Default Template](creating-a-template-and-setting-a-default-template.md) - -- [Delete a GPO](delete-a-gpo-editor.md) - -**Note**   -Because the Editor role includes the permissions for the Reviewer role, an Editor can also review settings and compare GPOs. See [Performing Reviewer Tasks](performing-reviewer-tasks.md) for more information. - - - -### Additional considerations - -By default, the following permissions are provided for the Editor role: - -- List Contents - -- Read Settings - -- Edit Settings - -- Create Template - - - - - - - - - diff --git a/mdop/agpm/performing-reviewer-tasks-agpm30ops.md b/mdop/agpm/performing-reviewer-tasks-agpm30ops.md deleted file mode 100644 index dc9f09707d..0000000000 --- a/mdop/agpm/performing-reviewer-tasks-agpm30ops.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Performing Reviewer Tasks -description: Performing Reviewer Tasks -author: dansimp -ms.assetid: 1faf396d-be0d-49ac-b063-0722fda2e43d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Performing Reviewer Tasks - - -A Reviewer is a person authorized by an AGPM Administrator (Full Control) to review or audit Group Policy Objects (GPOs). An individual with only the Reviewer role cannot modify GPOs; however, all other roles include the Reviewer role. - -- [Configure an AGPM Server Connection](configure-an-agpm-server-connection-reviewer-agpm30ops.md) - -- [Review GPO Settings](review-gpo-settings-agpm30ops.md) - -- [Review GPO Links](review-gpo-links-agpm30ops.md) - -- [Identify Differences Between GPOs, GPO Versions, or Templates](identify-differences-between-gpos-gpo-versions-or-templates-agpm30ops.md) - -### Additional considerations - -By default, the following permissions are provided for the Reviewer role: - -- List Contents - -- Read Settings - -  - -  - - - - - diff --git a/mdop/agpm/performing-reviewer-tasks-agpm40.md b/mdop/agpm/performing-reviewer-tasks-agpm40.md deleted file mode 100644 index 03929f7e0b..0000000000 --- a/mdop/agpm/performing-reviewer-tasks-agpm40.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Performing Reviewer Tasks -description: Performing Reviewer Tasks -author: dansimp -ms.assetid: b5f0805c-da55-45a5-a94c-2473af92b54a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Performing Reviewer Tasks - - -A Reviewer is a person authorized by an AGPM Administrator (Full Control) to review or audit Group Policy Objects (GPOs). An individual with only the Reviewer role cannot modify GPOs; however, all other roles include the Reviewer role. - -- [Configure an AGPM Server Connection](configure-an-agpm-server-connection-agpm40.md) - -- [Review GPO Settings](review-gpo-settings-agpm40.md) - -- [Review GPO Links](review-gpo-links-agpm40.md) - -- [Identify Differences Between GPOs, GPO Versions, or Templates](identify-differences-between-gpos-gpo-versions-or-templates-agpm40.md) - -### Additional considerations - -By default, the following permissions are provided for the Reviewer role: - -- List Contents - -- Read Settings - -  - -  - - - - - diff --git a/mdop/agpm/performing-reviewer-tasks.md b/mdop/agpm/performing-reviewer-tasks.md deleted file mode 100644 index efab9279e1..0000000000 --- a/mdop/agpm/performing-reviewer-tasks.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Performing Reviewer Tasks -description: Performing Reviewer Tasks -author: dansimp -ms.assetid: 4bdd43fa-5c73-4900-8947-b45906f47f60 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Performing Reviewer Tasks - - -A Reviewer is a person authorized by an AGPM Administrator (Full Control) to review or audit Group Policy objects (GPOs). An individual with only the Reviewer role cannot modify GPOs; however, all other roles include the Reviewer role. - -- [Configure the AGPM Server Connection](configure-the-agpm-server-connection-reviewer.md) - -- [Review GPO Settings](review-gpo-settings.md) - -- [Review GPO Links](review-gpo-links.md) - -- [Identify Differences Between GPOs, GPO Versions, or Templates](identify-differences-between-gpos-gpo-versions-or-templates.md) - -### Additional considerations - -By default, the following permissions are provided for the Reviewer role: - -- List Contents - -- Read Settings - -  - -  - - - - - diff --git a/mdop/agpm/production-delegation-tab-agpm30ops.md b/mdop/agpm/production-delegation-tab-agpm30ops.md deleted file mode 100644 index a66636f4d2..0000000000 --- a/mdop/agpm/production-delegation-tab-agpm30ops.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -title: Production Delegation Tab -description: Production Delegation Tab -author: dansimp -ms.assetid: 9851637d-d5c1-4d29-8582-e8779500a14e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Production Delegation Tab - - -The **Production Delegation** tab on the **Change Control** pane provides a list of users and groups who have domain-level access to controlled Group Policy Objects (GPOs) in the production environment and indicates the allowed permissions of each user or group. - -This tab allows an AGPM Administrator (Full Control) to modify the default delegation of access to GPOs in the production environment, adding or removing users and groups, and modifying the allowed permissions for each user and group. - - ---- - - - - - - - - - - - - - - - - - - - - -
ButtonEffect

Add

Add a new entry to the security descriptor.

Remove

Remove the selected users or groups from the Access Control List.

Properties

Display the properties for the selected user or group. The properties page is the same one displayed for an object in Active Directory User and Computers.

- -  - -### Additional references - -- [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management-agpm30ops.md) - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/production-delegation-tab-agpm40.md b/mdop/agpm/production-delegation-tab-agpm40.md deleted file mode 100644 index 12e0ac126a..0000000000 --- a/mdop/agpm/production-delegation-tab-agpm40.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -title: Production Delegation Tab -description: Production Delegation Tab -author: dansimp -ms.assetid: 046bb9bc-769a-4306-bc49-c159a9533552 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Production Delegation Tab - - -The **Production Delegation** tab on the **Change Control** pane provides a list of users and groups who have domain-level access to controlled Group Policy Objects (GPOs) in the production environment and indicates the allowed permissions of each user or group. - -This tab allows an AGPM Administrator (Full Control) to modify the default delegation of access to GPOs in the production environment of the domain, adding or removing users and groups, and modifying the allowed permissions for each user and group. - - ---- - - - - - - - - - - - - - - - - - - - - -
ButtonEffect

Add

Add a new entry to the security descriptor.

Remove

Remove the selected users or groups from the Access Control List.

Properties

Display the properties for the selected user or group. The properties page is the same one displayed for an object in Active Directory User and Computers.

- -  - -### Additional references - -- [User Interface: Advanced Group Policy Management](user-interface-advanced-group-policy-management-agpm40.md) - -- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/recycle-bin-commands-agpm30ops.md b/mdop/agpm/recycle-bin-commands-agpm30ops.md deleted file mode 100644 index 7f252a28e7..0000000000 --- a/mdop/agpm/recycle-bin-commands-agpm30ops.md +++ /dev/null @@ -1,129 +0,0 @@ ---- -title: Recycle Bin Commands -description: Recycle Bin Commands -author: dansimp -ms.assetid: ffe8f020-7aa9-40ad-8019-cc99901a7840 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Recycle Bin Commands - - -The **Recycle Bin** tab: - -- Displays a list of Group Policy Objects (GPOs) that have been deleted from the archive. - -- Provides a shortcut menu with commands for managing GPOs and for displaying reports for GPOs. - -- Displays a list of the groups and users who have permission to access a selected GPO. - -Right-clicking the **Group Policy Objects** list on this tab displays a shortcut menu, including whichever of the following options are applicable: - -## Reports - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Settings

Generate an HTML-based or XML-based report displaying the settings within the selected GPO or display links to the selected GPOs from organizational units as of when the GPOs were most recently controlled, imported, or checked in.

Differences

Generate an HTML-based or XML-based report comparing the settings within two selected GPOs or within the selected GPO and a template.

- -  - -## Version management - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Destroy

Remove the selected GPO from the Recycle Bin, so it can no longer be restored.

Restore

Move the selected GPO from the Recycle Bin to the Controlled tab. This does not restore the GPO to the production environment.

- -  - -## Miscellaneous - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Refresh

Update the display of the Group Policy Management Console (GPMC) to incorporate any changes. Some changes are not visible until the display is refreshed.

Help

Display help for Advanced Group Policy Management (AGPM).

- -  - -### Additional references - -- [Contents Tab](contents-tab-agpm30ops.md) - -- [Performing Approver Tasks](performing-approver-tasks-agpm30ops.md) - -- [Performing Reviewer Tasks](performing-reviewer-tasks-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/recycle-bin-commands-agpm40.md b/mdop/agpm/recycle-bin-commands-agpm40.md deleted file mode 100644 index e25387fa75..0000000000 --- a/mdop/agpm/recycle-bin-commands-agpm40.md +++ /dev/null @@ -1,129 +0,0 @@ ---- -title: Recycle Bin Commands -description: Recycle Bin Commands -author: dansimp -ms.assetid: 347a101f-0ba0-4afc-bd59-752cc06bb904 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Recycle Bin Commands - - -The **Recycle Bin** tab: - -- Displays a list of Group Policy Objects (GPOs) that have been deleted from the archive. - -- Provides a shortcut menu with commands for managing GPOs and for displaying reports for GPOs. - -- Displays a list of the groups and users who have permission to access a selected GPO. - -Right-clicking the **Group Policy Objects** list on this tab displays a shortcut menu, including whichever of the following options are applicable: - -## Reports - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Settings

Generate an HTML-based or XML-based report displaying the settings within the selected GPO or display links to the selected GPOs from organizational units as of when the GPOs were most recently controlled, imported, or checked in.

Differences

Generate an HTML-based or XML-based report comparing the settings within two selected GPOs or within the selected GPO and a template.

- -  - -## Version management - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Destroy

Remove the selected GPO from the Recycle Bin, so it can no longer be restored.

Restore

Move the selected GPO from the Recycle Bin to the Controlled tab. This does not restore the GPO to the production environment.

- -  - -## Miscellaneous - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Refresh

Update the display of the Group Policy Management Console (GPMC) to incorporate any changes. Some changes are not visible until the display is refreshed.

Help

Display help for Advanced Group Policy Management (AGPM).

- -  - -### Additional references - -- [Contents Tab](contents-tab-agpm40.md) - -- [Performing Approver Tasks](performing-approver-tasks-agpm40.md) - -- [Performing Reviewer Tasks](performing-reviewer-tasks-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/recycle-bin-tab.md b/mdop/agpm/recycle-bin-tab.md deleted file mode 100644 index 5b47c0650b..0000000000 --- a/mdop/agpm/recycle-bin-tab.md +++ /dev/null @@ -1,129 +0,0 @@ ---- -title: Recycle Bin Tab -description: Recycle Bin Tab -author: dansimp -ms.assetid: 9ce62e98-c03e-4a75-90e0-51be83c6d2db -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Recycle Bin Tab - - -The **Recycle Bin** tab: - -- Displays a list of Group Policy objects (GPOs) that have been deleted from the archive. - -- Provides a shortcut menu with commands for managing GPOs and for displaying reports for GPOs. - -- Displays a list of the groups and users who have permission to access a selected GPO. - -Right-clicking the **Group Policy Objects** list on this tab displays a shortcut menu, including whichever of the following options are applicable: - -## Reports - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Settings

Generate an HTML-based or XML-based report displaying the settings within the selected GPO or display links to the selected GPOs from organizational units as of when the GPOs were most recently controlled, imported, or checked in.

Differences

Generate an HTML-based or XML-based report comparing the settings within two selected GPOs or within the selected GPO and a template.

- -  - -## Version management - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Destroy

Remove the selected GPO from the Recycle Bin, so it can no longer be restored.

Restore

Move the selected GPO from the Recycle Bin to the Controlled tab. This does not restore the GPO to the production environment.

- -  - -## Miscellaneous - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Refresh

Update the display of the Group Policy Management Console to incorporate any changes. Some changes are not visible until the display is refreshed.

Help

Display help for AGPM.

- -  - -### Additional references - -- [Contents Tab](contents-tab.md) - -- [Performing Approver Tasks](performing-approver-tasks.md) - -- [Performing Reviewer Tasks](performing-reviewer-tasks.md) - -  - -  - - - - - diff --git a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp1.md b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp1.md deleted file mode 100644 index d727f2d26b..0000000000 --- a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp1.md +++ /dev/null @@ -1,91 +0,0 @@ ---- -title: Release Notes for Microsoft Advanced Group Policy Management 4.0 SP1 -description: Release Notes for Microsoft Advanced Group Policy Management 4.0 SP1 -author: dansimp -ms.assetid: 91835bf8-e53c-4202-986e-8d37050d1267 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Release Notes for Microsoft Advanced Group Policy Management 4.0 SP1 - - -To search these release notes, press Ctrl+F. - -Read these release notes thoroughly before you install Microsoft Advanced Group Policy Management (AGPM) 4.0 SP1. These release notes contain information that is required to successfully install AGPM 4.0 SP1 and contain information that is not available in the product documentation. If there is a difference between these release notes and other AGPM documentation, the latest change should be considered authoritative. These release notes supersede the content included with this product. - -## AGPM 4.0 SP1 known issues - - -This section contains release notes for AGPM 4.0 SP1. - -### Control Panel’s “Uninstall” tool may not work when you try to change AGPM Server settings - -The tool in Control Panel that lets you uninstall or change a program may not work when you try to change AGPM server settings. - -WORKAROUND: Before you try to change AGPM server settings by using Control Panel, make a copy of the AGPM Archive folder. You can then use Setup.exe to reinstall the AGPM server and choose the configuration parameters that you want. - -### Reports do not display the links that were added to a Group Policy Object - -The AGPM settings and difference reports do not display the links that were added to a Group Policy Object (GPO). - -WORKAROUND: To view the links in the reports, select the GPO in the Group Policy Management Console (GPMC), and click the **Settings** tab in the right pane. - -### Reports do not display all “Choice Options Properties” settings - -The AGPM settings and difference reports do not display all of the settings that were selected on the Choice Options Properties window in the Group Policy Object Editor. - -WORKAROUND: Use the GPMC to view the selected Choice Options Properties settings in the reports. - -### Reports do not display the Show and Hide tabs in certain browsers - -The Show and Hide tabs, shown on the right side of the AGPM settings and difference reports, are not displayed when you view the reports in Google Chrome or Mozilla Firefox. - -WORKAROUND: View the reports by using Internet Explorer. - -### AGPM settings and difference reports may show different content from GPMC reports - -The AGPM settings and difference reports may not show the same content as reports in the Group Policy Management Console (GPMC). - -WORKAROUND: Use the GPMC to view the AGPM reports. - -### AGPM Service does not start if the domain controller is not online - -When the AGPM Service is installed on a domain controller on Windows 8, the Service does not start if the domain controller is not online. - -WORKAROUND: Manually start the AGPM Service after the domain controller is online. - -### Upgrade of AGPM Server to AGPM 4.0 SP1 is blocked when you upgrade from the AGPM 4.0 release plus the hotfix - -If you try to upgrade the AGPM server to AGPM 4.0. SP1 after installing AGPM 4.0 and then installing the AGPM hotfix (see Knowledge Base article [2643502](https://go.microsoft.com/fwlink/?LinkId=254474)), the upgrade fails and cannot be completed. - -WORKAROUND: Uninstall the AGPM 4.0 Server and then install AGPM 4.0 SP1. - -### Reports do not display organizational unit links - -If you link an uncontrolled GPO to an organizational unit and then control that GPO using AGPM, the AGPM settings and difference reports do not display the organizational unit links. - -WORKAROUND: From the **Controlled** tab of the **Change Settings** node, right-click the GPO and click **Settings** and then click **GPO Links** to view the organizational links. Alternatively, you can use the GPMC to view the links to a GPO from the **Scope** tab. - -## Related topics - - -[Advanced Group Policy Management](index.md) - -[What's New in AGPM 4.0 SP1](whats-new-in-agpm-40-sp1.md) - -  - -  - - - - - diff --git a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp2.md b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp2.md deleted file mode 100644 index 5ce4c30b65..0000000000 --- a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp2.md +++ /dev/null @@ -1,103 +0,0 @@ ---- -title: Release Notes for Microsoft Advanced Group Policy Management 4.0 SP2 -description: Release Notes for Microsoft Advanced Group Policy Management 4.0 SP2 -author: dansimp -ms.assetid: 0593cd11-3308-4942-bf19-8a7bb9447f01 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Release Notes for Microsoft Advanced Group Policy Management 4.0 SP2 - - -To search these release notes, press Ctrl+F. - -Read these release notes thoroughly before you install Microsoft Advanced Group Policy Management (AGPM) 4.0 Service Pack 2 (SP2). These release notes contain information that is required to successfully install AGPM 4.0 SP2 and contain information that is not available in the product documentation. If there is a difference between these release notes and other AGPM documentation, consider the latest change authoritative. These release notes supersede the content included with this product. - -## AGPM 4.0 SP2 known issues - - -This section describes the known issues for AGPM 4.0 SP2. - -### Control Panel’s “Uninstall” tool may not work when you try to change AGPM Server settings - -The tool in Control Panel that you use to uninstall or change a program may not work when you try to change AGPM Server settings. - -**Workaround:** Before you try to change AGPM Server settings by using Control Panel, make a copy of the AGPM Archive folder. You can then use Setup.exe to reinstall the AGPM Server and choose the configuration parameters that you want. - -### Reports do not display the links that were added to a Group Policy Object - -The AGPM settings and difference reports do not display the links that were added to a Group Policy Object (GPO). - -**Workaround:** To view the links in the reports, select the GPO in the Group Policy Management Console (GPMC), and then click the **Settings** tab in the right pane. - -### Reports do not display all Choice Options Properties settings - -The AGPM settings and difference reports do not display all of the settings that were selected in the **Choice Options Properties** window in the Group Policy Object Editor. - -**Workaround:** Use the GPMC to view the selected **Choice Options Properties** settings in the reports. - -### Reports may not display the Show and Hide tabs in certain browsers - -The **Show** and **Hide** tabs, on the right side of the AGPM settings and difference reports, may not appear when you view the reports in Google Chrome or Mozilla Firefox. - -**Workaround:** View the reports by using the Internet Explorer browser. - -### AGPM settings and difference reports may show different content from GPMC reports - -The AGPM settings and difference reports may not show the same content as reports in the GPMC. - -**Workaround:** Use the GPMC to view the AGPM reports. - -### AGPM Service does not start if the domain controller is offline - -When the AGPM Service is installed on a domain controller on the Windows® 8 operating systems or later operating systems, the service does not start if the domain controller is offline. - -**Workaround:** Manually start the AGPM Service after the domain controller is online. - -### Upgrade of AGPM Server to AGPM 4.0 SP2 is blocked when you upgrade from the AGPM 4.0 release plus hotfix 1 - -If you try to upgrade the AGPM server to AGPM 4.0. SP2 after installing AGPM 4.0 Server and then installing the AGPM hotfix named AGPM 4.0 reports incorrect differences in the HTML report (see Knowledge Base article [2643502](https://go.microsoft.com/fwlink/?LinkId=254474)), the upgrade fails and cannot be completed. - -**Workaround:** Uninstall the AGPM 4.0 Server and then install AGPM 4.0 SP2. - -### Reports do not display organizational unit links - -If you link an uncontrolled GPO to an organizational unit and then control that GPO by using AGPM, the AGPM settings and difference reports do not display the organizational unit links. - -**Workaround:** On the **Controlled** tab of the **Change Settings** node, right-click the GPO, click **Settings**, and then click **GPO Links** to view the organizational links. Alternatively, you can use the GPMC to view the links to a GPO from the **Scope** tab. - -### AGPM displays an error if you click the Back button from the Change, Repair, or Remove AGPM Client dialog box - -If you browse to **Programs and Features** in Control Panel and then select **Microsoft Advanced Group Policy Management – Client**, AGPM displays an error if you click **Modify** and then click the **Back** button in the **Change, Repair, or Remove AGPM Client** dialog box. - -**Workaround:** Click **Cancel** to clear the error, and then start the process again. Do not click the **Back** button after you click **Modify** . - -### Comment fails to appear in the History window when the Approver deploys a GPO and enters a comment - -If a user who has the Editor role submits a request to deploy a GPO, and the user who has the Approver role then deploys the GPO and enters a comment, the comment fails to appear in the **History** window. - -**Workaround:** None. - -## Related topics - - -[Advanced Group Policy Management](index.md) - -[What's New in AGPM 4.0 SP2](whats-new-in-agpm-40-sp2.md) - -  - -  - - - - - diff --git a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp3.md b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp3.md deleted file mode 100644 index 24f3ccb1f0..0000000000 --- a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp3.md +++ /dev/null @@ -1,113 +0,0 @@ ---- -title: Release Notes for Microsoft Advanced Group Policy Management 4.0 SP3 -description: Release Notes for Microsoft Advanced Group Policy Management 4.0 SP3 -author: dansimp -ms.assetid: 955d7674-a8d9-4fc5-b18a-5a1639e38014 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 09/27/2016 ---- - - -# Release Notes for Microsoft Advanced Group Policy Management 4.0 SP3 - - -To search these release notes, press Ctrl+F. - -Read these release notes thoroughly before you install Microsoft Advanced Group Policy Management (AGPM) 4.0 Service Pack 3 (SP3). These release notes contain information that is required to successfully install AGPM 4.0 SP3 and contain information that is not available in the product documentation. If there is a difference between these release notes and other AGPM documentation, consider the latest change authoritative. These release notes supersede the content included with this product. - -## AGPM 4.0 SP3 known issues - - -This section describes the known issues for AGPM 4.0 SP3. - -### AGPM installation fails in Windows 10 - -AGPM internally enables the Windows Communication Foundation (WCF)-NonHTTP-Activation feature during installation. In Windows 10, WCF now includes a requirement to restart Windows after enabling the WCF NonHTTP-Activation feature. However, the current AGPM installer code does not handle this restart requirement and stops responding while it waits for the service to be activated. - -**Workaround:** Before you run the AGPM installer, enable the WCF Non-HTTP Activation feature and then restart Windows. - -### Control Panel’s “Uninstall” tool may not work when you try to change AGPM Server settings - -The tool in Control Panel that you use to uninstall or change a program may not work when you try to change AGPM Server settings. - -**Workaround:** Before you try to change AGPM Server settings by using Control Panel, make a copy of the AGPM Archive folder. You can then use Setup.exe to reinstall the AGPM Server and choose the configuration parameters that you want. - -### Reports do not display the links that were added to a Group Policy Object - -The AGPM settings and difference reports do not display the links that were added to a Group Policy Object (GPO). - -**Workaround:** To view the links in the reports, select the GPO in the Group Policy Management Console (GPMC), and then click the **Settings** tab in the right pane. - -### Reports do not display all Choice Options Properties settings - -The AGPM settings and difference reports do not display all of the settings that were selected in the **Choice Options Properties** window in the Group Policy Object Editor. - -**Workaround:** Use the GPMC to view the selected **Choice Options Properties** settings in the reports. - -### Reports may not display the Show and Hide tabs in certain browsers - -The **Show** and **Hide** tabs, on the right side of the AGPM settings and difference reports, may not appear when you view the reports in Google Chrome or Mozilla Firefox. - -**Workaround:** View the reports by using the Internet Explorer browser. - -### AGPM settings and difference reports may show different content from GPMC reports - -The AGPM settings and difference reports may not show the same content as reports in the GPMC. - -**Workaround:** Use the GPMC to view the AGPM reports. - -### AGPM Service does not start if the domain controller is offline - -When the AGPM Service is installed on a domain controller on the Windows® 8 operating systems or later operating systems, the service does not start if the domain controller is offline. - -**Workaround:** Manually start the AGPM Service after the domain controller is online. - -### Upgrade of AGPM Server to AGPM 4.0 SP2 is blocked when you upgrade from the AGPM 4.0 release plus hotfix 1 - -If you try to upgrade the AGPM server to AGPM 4.0. SP2 after installing AGPM 4.0 Server and then installing the AGPM hotfix named AGPM 4.0 reports incorrect differences in the HTML report (see Knowledge Base article [2643502](https://go.microsoft.com/fwlink/?LinkId=254474)), the upgrade fails and cannot be completed. - -**Workaround:** Uninstall the AGPM 4.0 Server and then install AGPM 4.0 SP2. - -### Reports do not display organizational unit links - -If you link an uncontrolled GPO to an organizational unit and then control that GPO by using AGPM, the AGPM settings and difference reports do not display the organizational unit links. - -**Workaround:** On the **Controlled** tab of the **Change Settings** node, right-click the GPO, click **Settings**, and then click **GPO Links** to view the organizational links. Alternatively, you can use the GPMC to view the links to a GPO from the **Scope** tab. - -### AGPM displays an error if you click the Back button from the Change, Repair, or Remove AGPM Client dialog box - -If you browse to **Programs and Features** in Control Panel and then select **Microsoft Advanced Group Policy Management – Client**, AGPM displays an error if you click **Modify** and then click the **Back** button in the **Change, Repair, or Remove AGPM Client** dialog box. - -**Workaround:** Click **Cancel** to clear the error, and then start the process again. Do not click the **Back** button after you click **Modify** . - -### Comment fails to appear in the History window when the Approver deploys a GPO and enters a comment - -If a user who has the Editor role submits a request to deploy a GPO, and the user who has the Approver role then deploys the GPO and enters a comment, the comment fails to appear in the **History** window. - -**Workaround:** None. - -### Added mechanism to override AGPM default behavior of removing GPO permission changes - -As of HF02, AGPM has added a registry key to enable overriding the default AGPM GPO permission behavior. For more information, please see [Changes to Group Policy object permissions through AGPM are ignored](https://support.microsoft.com/kb/3174540) - -## Related topics - - -[Advanced Group Policy Management](index.md) - -[What's New in AGPM 4.0 SP3](whats-new-in-agpm-40-sp3.md) - -  - -  - - - - - diff --git a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40.md b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40.md deleted file mode 100644 index 5fa848da03..0000000000 --- a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40.md +++ /dev/null @@ -1,110 +0,0 @@ ---- -title: Release Notes for Microsoft Advanced Group Policy Management 4.0 -description: Release Notes for Microsoft Advanced Group Policy Management 4.0 -author: dansimp -ms.assetid: 44c19e61-c8e8-48aa-a2c2-20396d14d5bb -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Release Notes for Microsoft Advanced Group Policy Management 4.0 - - -October 2009 - -## About Microsoft Advanced Group Policy Management 4.0 - - -Microsoft Advanced Group Policy Management (AGPM) 4.0 extends the capabilities of the Group Policy Management Console (GPMC). AGPM provides comprehensive change control and improved management of Group Policy Objects (GPOs). - -The following documents can help you get started with AGPM 4.0. - -- For an overview of the capabilities of AGPM, see [Overview of Microsoft Advanced Group Policy Management](https://go.microsoft.com/fwlink/?LinkID=162671) (https://go.microsoft.com/fwlink/?LinkID=162671). - -- For information about how AGPM 4.0 differs from AGPM 3.0, see [What's New in AGPM 4.0](https://go.microsoft.com/fwlink/?LinkId=160058) (https://go.microsoft.com/fwlink/?LinkId=160058). - -- For guidance about how to determine whether AGPM 4.0, AGPM 3.0, or AGPM 2.5 is appropriate for your environment, see [Choosing Which Version of AGPM to Install](https://go.microsoft.com/fwlink/?LinkId=145981) (https://go.microsoft.com/fwlink/?LinkId=145981). - -- For basic guidance about how to install AGPM and a sample scenario for using AGPM, see [Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0](https://go.microsoft.com/fwlink/?LinkID=153505) (https://go.microsoft.com/fwlink/?LinkID=153505). This guide is primarily designed to help evaluators and first-time users. - -- For information about how to upgrade from an earlier version of AGPM or detailed guidance about how to plan the deployment of AGPM in your organization, see the [Planning Guide for Microsoft Advanced Group Policy Management 4.0](https://go.microsoft.com/fwlink/?LinkID=156883) (https://go.microsoft.com/fwlink/?LinkID=156883). - -- For information about how to use AGPM to perform specific tasks, see the Advanced Group Policy Management 4.0 Help, which is also available on TechNet as the [Operations Guide for AGPM 4.0](https://go.microsoft.com/fwlink/?LinkId=159872) (https://go.microsoft.com/fwlink/?LinkId=159872). - -## More information - - -For more information about AGPM, see the following: - -- [Advanced Group Policy Management TechNet Library](https://go.microsoft.com/fwlink/?LinkID=146846) (https://go.microsoft.com/fwlink/?LinkID=146846) - -- [Microsoft Desktop Optimization Pack TechCenter](https://go.microsoft.com/fwlink/?LinkId=159870) (https://www.microsoft.com/technet/mdop) - -- [Group Policy TechCenter](https://go.microsoft.com/fwlink/?LinkId=145531) (https://www.microsoft.com/gp) - -## Providing feedback - - -You can post feedback or questions about AGPM to the [Group Policy Forum](https://go.microsoft.com/fwlink/?LinkId=145532) (https://go.microsoft.com/fwlink/?LinkId=145532). - -## Known issues with AGPM 4.0 - - -### Import from Production command does not import settings into a GPO that is checked out - -If you edit a GPO in the production environment, you must import the GPO from production to update the GPO in the offline archive. The **Import from Production** command is intended to let you perform a final production backup before you finish editing so that you can roll back to the production backup if it is necessary. - -If the GPO is checked out when you run the **Import from Production** command, then the production changes are not incorporated into the checked out version of the GPO. However, the imported version of the GPO is added to the history of the GPO even though that version is not available to be edited. When the GPO is checked in, that version will supersede the imported version in the archive, but both are available in the history of the GPO. - -**Workaround:** Make sure that the GPO is checked in before you import it from production. If the GPO was not checked in before you imported it, you can use the **Undo Check Out** command to discard your changes and roll back to the version of the GPO that you imported from production. - -### Checked out GPOs cannot be edited for several minutes in an environment that uses a multiple site Active Directory topology - -AGPM uses a client/server model. The AGPM Server and the AGPM Client each determine their own closest domain controller for Group Policy operations. When you check out a GPO by using an AGPM Client, it is actually the AGPM Server that checks the GPO out from the offline archive to a temporary folder in the SYSVOL folder. - -If the AGPM Server and the AGPM Client are in different sites, then the temporary checked out GPO may not be present on the local site's domain controller for several minutes or up to 30 minutes due to SYSVOL replication latency. In this situation, you cannot edit the checked out GPO using the GPMC on an AGPM Client until SYSVOL replication of the checked out GPO has occurred. - -**Workaround:** As a best practice, you should position AGPM Clients in the same site as the AGPM Server to which they connect so that you do not have to wait for SYSVOL replication to occur before you can edit a checked out GPO. - -### AGPM cannot read the backup limit if your account does not have permissions for the archive - -On an AGPM Client, if you log on by using an account that has not been delegated permissions to the AGPM archive, start the Group Policy Management Console (GPMC), and then click **Change Control**, you receive the following error. - -``` syntax -Failed to read backup purge limit for this domain. - -The following error occurred: -You do not have sufficient permissions to perform this operation. -Microsoft.Agpm.AccessDeniedException (80070005) -``` - -**Workaround:** Contact an AGPM Administrator (Full Control) and request that they delegate access to AGPM for your account. If you are an AGPM Administrator, log on by using an account to which the AGPM Administrator role is assigned so that you can delegate access for the additional account. For more information, see "Delegate Domain-Level Access to the Archive" in the AGPM Help. - -## Release notes copyright information - - -Information in this document, including URL and other Internet Web site references, is subject to change without notice, and is provided for informational purposes only. The entire risk of the use or results of the use of this document remains with the user, and Microsoft Corporation makes no warranties, either express or implied. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. - -Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. - - - -Microsoft, MS-DOS, Windows, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries. - -The names of actual companies and products mentioned herein may be the trademarks of their respective owners. - -  - -  - - - - - diff --git a/mdop/agpm/rename-a-gpo-or-template-agpm30ops.md b/mdop/agpm/rename-a-gpo-or-template-agpm30ops.md deleted file mode 100644 index 891a770b95..0000000000 --- a/mdop/agpm/rename-a-gpo-or-template-agpm30ops.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -title: Rename a GPO or Template -description: Rename a GPO or Template -author: dansimp -ms.assetid: 19d17ddf-8b58-4677-929e-9550fa388b93 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Rename a GPO or Template - - -You can rename a controlled Group Policy Object (GPO) or a template. - -A user account with the Editor or AGPM Administrator (Full Control) role, the user account of the Approver who created the GPO, or a user account with the necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To rename a GPO or template** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** or **Templates** tab to display the item to rename. - -3. Right-click the GPO or template to rename and click **Rename**. - -4. Type the new name for the GPO or template and a comment, and then click **OK**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO or template appears under the new name on the **Contents** tab. - -### Additional considerations - -- By default, you must be the Approver who created or controlled the GPO, an Editor, or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Edit Settings** permission for the GPO. - -- When you rename a GPO that has been deployed, the name is immediately changed in the archive. The name is changed in the production environment only when the GPO is redeployed. Until the GPO is redeployed (or the production copy is deleted), the old name is still in use in the production environment and therefore cannot be used for another GPO. Likewise, the GPO in the archive cannot be renamed back to its original name until the GPO has been deployed (changing the name of the production copy) or the production copy has been deleted. - -### Additional references - -- [Editing a GPO](editing-a-gpo-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/rename-a-gpo-or-template-agpm40.md b/mdop/agpm/rename-a-gpo-or-template-agpm40.md deleted file mode 100644 index 6eddae8e9e..0000000000 --- a/mdop/agpm/rename-a-gpo-or-template-agpm40.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -title: Rename a GPO or Template -description: Rename a GPO or Template -author: dansimp -ms.assetid: 84293f7a-4ff7-497e-bdbc-cabb70189a03 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Rename a GPO or Template - - -You can rename a controlled Group Policy Object (GPO) or a template. - -A user account with the Editor or AGPM Administrator (Full Control) role, the user account of the Approver who created the GPO, or a user account with the necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To rename a GPO or template** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** or **Templates** tab to display the item to rename. - -3. Right-click the GPO or template to rename and click **Rename**. - -4. Type the new name for the GPO or template and a comment, and then click **OK**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO or template appears under the new name on the **Contents** tab. - -### Additional considerations - -- By default, you must be the Approver who created or controlled the GPO, an Editor, or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Edit Settings** permission for the GPO. - -- When you rename a GPO that has been deployed, the name is immediately changed in the archive. The name is changed in the production environment only when the GPO is redeployed. Until the GPO is redeployed (or the production copy is deleted), the old name is still in use in the production environment and therefore cannot be used for another GPO. Likewise, the GPO in the archive cannot be renamed back to its original name until the GPO has been deployed (changing the name of the production copy) or the production copy has been deleted. - -### Additional references - -- [Editing a GPO](editing-a-gpo-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/rename-a-gpo-or-template.md b/mdop/agpm/rename-a-gpo-or-template.md deleted file mode 100644 index b4f6b328cf..0000000000 --- a/mdop/agpm/rename-a-gpo-or-template.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: Rename a GPO or Template -description: Rename a GPO or Template -author: dansimp -ms.assetid: 64a1aaf4-f672-48b5-94c6-473bf1076cf3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Rename a GPO or Template - - -You can rename a controlled Group Policy object (GPO) or a template. - -A user account with the Editor or AGPM Administrator (Full Control) role, the user account of the Approver who created the GPO, or a user account with the necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To rename a GPO or template** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** or **Templates** tab to display the item to rename. - -3. Right-click the GPO or template to rename and click **Rename**. - -4. Type the new name for the GPO or template and a comment, then click **OK**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO or template appears under the new name on the **Contents** tab. - -### Additional considerations - -- By default, you must be the Approver who created or controlled the GPO, an Editor, or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Edit Settings** permission for the GPO. - -- When you rename a GPO that has been deployed, the name is immediately changed in the archive. The name is changed in the production environment only when the GPO is redeployed. - - Until the GPO is redeployed (or the production copy is deleted), the old name is still in use in the production environment and therefore cannot be used for another GPO. Likewise, the GPO in the archive cannot be renamed back to its original name until the GPO has been deployed (changing the name of the production copy) or the production copy has been deleted. - -### Additional references - -- [Editing a GPO](editing-a-gpo.md) - -  - -  - - - - - diff --git a/mdop/agpm/request-control-of-a-previously-uncontrolled-gpo.md b/mdop/agpm/request-control-of-a-previously-uncontrolled-gpo.md deleted file mode 100644 index 48168f5274..0000000000 --- a/mdop/agpm/request-control-of-a-previously-uncontrolled-gpo.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -title: Request Control of a Previously Uncontrolled GPO -description: Request Control of a Previously Uncontrolled GPO -author: dansimp -ms.assetid: 00e8725d-5d7f-4eed-a5e6-c3631632cfbd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Request Control of a Previously Uncontrolled GPO - - -To use Advanced Group Policy Management (AGPM) to provide change control for an existing Group Policy object (GPO), the GPO must be controlled with AGPM. Unless you are an Approver or an AGPM Administrator (Full Control), you must request that the GPO be controlled. - -A user account with the Editor or Reviewer role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To control a previously uncontrolled GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click the **Uncontrolled** tab to display the uncontrolled GPOs. - -3. Right-click the GPO to be controlled with AGPM, and then click **Control**. - -4. Unless you have special permission to control GPOs, you must submit a request for control. To receive a copy of the request, type your e-mail address in the **Cc** field. Type a comment to be displayed in the **History** of the GPO, and then click **Submit**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the list on the **Uncontrolled** tab and added to the **Pending** tab. When an Approver has approved your request, the GPO will be moved to the **Controlled** tab. - -### Additional considerations - -- By default, you must be an Editor or a Reviewer to perform this procedure. Specifically, you must have **List Contents** and **Read Settings** permissions for the domain. - -- To withdraw your request before it has been approved, click the **Pending** tab. Right-click the GPO, and then click **Withdraw**. The GPO will be returned to the **Uncontrolled** tab. - -### Additional references - -- [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-editor.md) - -  - -  - - - - - diff --git a/mdop/agpm/request-control-of-an-uncontrolled-gpo-agpm30ops.md b/mdop/agpm/request-control-of-an-uncontrolled-gpo-agpm30ops.md deleted file mode 100644 index 90dde7498f..0000000000 --- a/mdop/agpm/request-control-of-an-uncontrolled-gpo-agpm30ops.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -title: Request Control of an Uncontrolled GPO -description: Request Control of an Uncontrolled GPO -author: dansimp -ms.assetid: b668a67a-5a2c-4f6a-8b1c-efa3ca0794d4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Request Control of an Uncontrolled GPO - - -To provide change control for an existing Group Policy Object (GPO), the GPO must be controlled. Unless you are an Approver or an AGPM Administrator (Full Control), you must request that the GPO be controlled. - -A user account with the Editor or Reviewer role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To control an uncontrolled GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click the **Uncontrolled** tab to display the uncontrolled GPOs. - -3. Right-click the GPO to be controlled with AGPM, and then click **Control**. - -4. Unless you have special permission to control GPOs, you must submit a request for control. To receive a copy of the request, type your e-mail address in the **Cc** field. Type a comment to be displayed in the **History** of the GPO, and then click **Submit**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the list on the **Uncontrolled** tab and added to the **Pending** tab. When an Approver has approved your request, the GPO will be moved to the **Controlled** tab. - -### Additional considerations - -- By default, you must be an Editor or a Reviewer to perform this procedure. Specifically, you must have **List Contents** and **Read Settings** permissions for the domain. - -- To withdraw your request before it has been approved, click the **Pending** tab. Right-click the GPO, and then click **Withdraw**. The GPO will be returned to the **Uncontrolled** tab. - -### Additional references - -- [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/request-control-of-an-uncontrolled-gpo-agpm40.md b/mdop/agpm/request-control-of-an-uncontrolled-gpo-agpm40.md deleted file mode 100644 index aca66f0620..0000000000 --- a/mdop/agpm/request-control-of-an-uncontrolled-gpo-agpm40.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -title: Request Control of an Uncontrolled GPO -description: Request Control of an Uncontrolled GPO -author: dansimp -ms.assetid: a34e0aeb-33a1-4c9f-b187-1d08493a785c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Request Control of an Uncontrolled GPO - - -To provide change control for an existing Group Policy Object (GPO), the GPO must be controlled. Unless you are an Approver or an AGPM Administrator (Full Control), you must request that the GPO be controlled. - -A user account with the Editor or Reviewer role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To control an uncontrolled GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click the **Uncontrolled** tab to display the uncontrolled GPOs. - -3. Right-click the GPO to be controlled with AGPM, and then click **Control**. - -4. Unless you have special permission to control GPOs, you must submit a request for control. To receive a copy of the request, type your e-mail address in the **Cc** field. Type a comment to be displayed in the **History** of the GPO, and then click **Submit**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the list on the **Uncontrolled** tab and added to the **Pending** tab. When an Approver has approved your request, the GPO will be moved to the **Controlled** tab. - -### Additional considerations - -- By default, you must be an Editor or a Reviewer to perform this procedure. Specifically, you must have **List Contents** and **Read Settings** permissions for the domain. - -- To withdraw your request before it has been approved, click the **Pending** tab. Right-click the GPO, and then click **Withdraw**. The GPO will be returned to the **Uncontrolled** tab. - -### Additional references - -- [Creating or Controlling a GPO](creating-or-controlling-a-gpo-agpm40-ed.md) - -  - -  - - - - - diff --git a/mdop/agpm/request-deletion-of-a-gpo-agpm30ops.md b/mdop/agpm/request-deletion-of-a-gpo-agpm30ops.md deleted file mode 100644 index 6ef7e4a702..0000000000 --- a/mdop/agpm/request-deletion-of-a-gpo-agpm30ops.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: Request Deletion of a GPO -description: Request Deletion of a GPO -author: dansimp -ms.assetid: 576ece5c-dc6d-4b5e-8628-01c15ae2c9a8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Request Deletion of a GPO - - -Unless you are an Approver or an AGPM Administrator (Full Control), you must request the deletion of a Group Policy Object (GPO). - -A user account with the Editor role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To request the deletion of a controlled GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -3. Right-click the GPO you want to delete, and then click **Delete**. - - - To delete the GPO from the archive while leaving the deployed version of the GPO untouched in the production environment, click **Delete GPO from archive only**. - - - To delete the GPO from both the archive and production environment, click **Delete GPO from archive and production**. - -4. Unless you have special permission to delete GPOs, you must submit a request for deletion of the deployed GPO. To receive a copy of the request, type your e-mail address in the **Cc** field. Type a comment to be displayed in the audit trail for the GPO, and then click **Submit**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is displayed on the list of GPOs on the **Pending** tab. When an Approver has approved your request, the GPO will be moved from the **Pending** tab to the **Recycle Bin** tab, where it can be restored or destroyed. - -### Additional considerations - -- By default, you must be an Editor to perform this procedure. Specifically, you must have **List Contents** and **Edit Settings** permissions for the GPO. - -- To withdraw your request before it has been approved, click the **Pending** tab. Right-click the GPO, and then click **Withdraw**. The GPO will be returned to the **Controlled** tab. - -- To delete an uncontrolled GPO from the production environment without first controlling it, in the **Group Policy Management Console**, click **Forest**, click **Domains**, click **<MyDomain>**, and then click **Group Policy Objects**. Right-click the uncontrolled GPO, and then click **Delete**. - -### Additional references - -- [Performing Editor Tasks](performing-editor-tasks-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/request-deletion-of-a-gpo-agpm40.md b/mdop/agpm/request-deletion-of-a-gpo-agpm40.md deleted file mode 100644 index 7d9ad25c8e..0000000000 --- a/mdop/agpm/request-deletion-of-a-gpo-agpm40.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: Request Deletion of a GPO -description: Request Deletion of a GPO -author: dansimp -ms.assetid: 2410f7a1-ccca-44cf-ab26-76ad474409e7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Request Deletion of a GPO - - -Unless you are an Approver or an AGPM Administrator (Full Control), you must request the deletion of a Group Policy Object (GPO). - -A user account with the Editor role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To request the deletion of a controlled GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -3. Right-click the GPO you want to delete, and then click **Delete**. - - - To delete the GPO from the archive while leaving the deployed version of the GPO untouched in the production environment, click **Delete GPO from archive only**. - - - To delete the GPO from both the archive and production environment of the domain, click **Delete GPO from archive and production**. - -4. Unless you have special permission to delete GPOs, you must submit a request for deletion of the deployed GPO. To receive a copy of the request, type your e-mail address in the **Cc** field. Type a comment to be displayed in the audit trail for the GPO, and then click **Submit**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is displayed on the list of GPOs on the **Pending** tab. When an Approver has approved your request, the GPO will be moved from the **Pending** tab to the **Recycle Bin** tab, where it can be restored or destroyed. - -### Additional considerations - -- By default, you must be an Editor to perform this procedure. Specifically, you must have **List Contents** and **Edit Settings** permissions for the GPO. - -- To withdraw your request before it has been approved, click the **Pending** tab. Right-click the GPO, and then click **Withdraw**. The GPO will be returned to the **Controlled** tab. - -- To delete an uncontrolled GPO from the production environment without first controlling it, in the **Group Policy Management Console**, click **Forest**, click **Domains**, click **<MyDomain>**, and then click **Group Policy Objects**. Right-click the uncontrolled GPO, and then click **Delete**. - -### Additional references - -- [Deleting or Restoring a GPO](deleting-or-restoring-a-gpo-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/request-deployment-of-a-gpo-agpm30ops.md b/mdop/agpm/request-deployment-of-a-gpo-agpm30ops.md deleted file mode 100644 index 7179891f76..0000000000 --- a/mdop/agpm/request-deployment-of-a-gpo-agpm30ops.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -title: Request Deployment of a GPO -description: Request Deployment of a GPO -author: dansimp -ms.assetid: f44ae0fb-bcf7-477b-b99e-9dd6a55ee597 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Request Deployment of a GPO - - -After you have modified and checked in a Group Policy Object (GPO), deploy the GPO, so it will take effect in the production environment. - -A user account with the Editor role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To request the deployment of a GPO to the production environment** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -3. Right-click the GPO to be deployed, and then click **Deploy**. - -4. Unless you are an Approver or AGPM Administrator or have special permission to deploy GPOs, you must submit a request for deployment. To receive a copy of the request, type your e-mail address in the **Cc** field. Type a comment to be displayed in the **History** for the GPO, and then click **Submit**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is displayed on the list of GPOs on the **Pending** tab. When an Approver has approved your request, the GPO will be moved from the **Pending** tab to the **Controlled** tab and be deployed. - -### Additional considerations - -- By default, you must be an Editor to perform this procedure. Specifically, you must have **List Contents** and **Edit Settings** permissions for the GPO. - -- To withdraw your request before it has been approved, click the **Pending** tab. Right-click the GPO, and then click **Withdraw**. The GPO will be returned to the **Controlled** tab. - -### Additional references - -- [Editing a GPO](editing-a-gpo-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/request-deployment-of-a-gpo-agpm40.md b/mdop/agpm/request-deployment-of-a-gpo-agpm40.md deleted file mode 100644 index 11a8af4db4..0000000000 --- a/mdop/agpm/request-deployment-of-a-gpo-agpm40.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -title: Request Deployment of a GPO -description: Request Deployment of a GPO -author: dansimp -ms.assetid: 5783cfd0-bd93-46b4-8fa0-684bd39aa8fc -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Request Deployment of a GPO - - -After you have modified and checked in a Group Policy Object (GPO), deploy the GPO, so it will take effect in the production environment. - -A user account with the Editor role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To request the deployment of a GPO to the production environment of the domain** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -3. Right-click the GPO to be deployed, and then click **Deploy**. - -4. Unless you are an Approver or AGPM Administrator or have special permission to deploy GPOs, you must submit a request for deployment. To receive a copy of the request, type your e-mail address in the **Cc** field. Type a comment to be displayed in the **History** for the GPO, and then click **Submit**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is displayed on the list of GPOs on the **Pending** tab. When an Approver has approved your request, the GPO will be moved from the **Pending** tab to the **Controlled** tab and be deployed. - -### Additional considerations - -- By default, you must be an Editor to perform this procedure. Specifically, you must have **List Contents** and **Edit Settings** permissions for the GPO. - -- To withdraw your request before it has been approved, click the **Pending** tab. Right-click the GPO, and then click **Withdraw**. The GPO will be returned to the **Controlled** tab. - -### Additional references - -- [Performing Editor Tasks](performing-editor-tasks-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/request-deployment-of-a-gpo.md b/mdop/agpm/request-deployment-of-a-gpo.md deleted file mode 100644 index 6c6043c1c1..0000000000 --- a/mdop/agpm/request-deployment-of-a-gpo.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -title: Request Deployment of a GPO -description: Request Deployment of a GPO -author: dansimp -ms.assetid: 9aa9af29-4754-4f72-b624-bb3e1087cbe1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Request Deployment of a GPO - - -After you have modified and checked in a Group Policy object (GPO), deploy the GPO, so it will take effect in the production environment. - -A user account with the Editor role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To request the deployment of a GPO to the production environment** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click the **Controlled** tab to display the controlled GPOs. - -3. Right-click the GPO to be deployed, and then click **Deploy**. - -4. Unless you are an Approver or AGPM Administrator or have special permission to deploy GPOs, you must submit a request for deployment. To receive a copy of the request, type your e-mail address in the **Cc** field. Type a comment to be displayed in the **History** for the GPO, and then click **Submit**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is displayed on the list of GPOs on the **Pending** tab. When an Approver has approved your request, the GPO will be moved from the **Pending** tab to the **Controlled** tab and be deployed. - -### Additional considerations - -- By default, you must be an Editor to perform this procedure. Specifically, you must have **List Contents** and **Edit Settings** permissions for the GPO. - -- To withdraw your request before it has been approved, click the **Pending** tab. Right-click the GPO, and then click **Withdraw**. The GPO will be returned to the **Controlled** tab. - -### Additional references - -- [Editing a GPO](editing-a-gpo.md) - -  - -  - - - - - diff --git a/mdop/agpm/request-restoration-of-a-deleted-gpo-agpm30ops.md b/mdop/agpm/request-restoration-of-a-deleted-gpo-agpm30ops.md deleted file mode 100644 index 0b1f4ef213..0000000000 --- a/mdop/agpm/request-restoration-of-a-deleted-gpo-agpm30ops.md +++ /dev/null @@ -1,58 +0,0 @@ ---- -title: Request Restoration of a Deleted GPO -description: Request Restoration of a Deleted GPO -author: dansimp -ms.assetid: dcc3baea-8af7-4886-a301-98b6ac5819cd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Request Restoration of a Deleted GPO - - -Unless you are an Approver or an AGPM Administrator (Full Control), you must request the restoration of a deleted Group Policy Object (GPO) from the Recycle Bin to return it to the archive. - -A user account with the Editor role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To request the restoration of a deleted GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Recycle Bin** tab to display the deleted GPOs. - -3. Right-click the GPO you want to restore, and then click **Restore**. - -4. Unless you have special permission to restore GPOs, you must submit a request for restoration of the deleted GPO. To receive a copy of the request, type your e-mail address in the **Cc** field. Type a comment to be displayed in the audit trail for the GPO, and then click **Submit**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the **Recycle Bin** tab and is displayed on the **Controlled** tab. - -**Note**   -If a GPO was deleted from the production environment, restoring it to the archive will not automatically redeploy it to the production environment. To return the GPO to the production environment, deploy the GPO. For information, see [Deploy a GPO](deploy-a-gpo-agpm30ops.md). - - - -### Additional considerations - -- By default, you must be an Editor to perform this procedure. Specifically, you must have **List Contents** and **Edit Settings** permission for the GPO. - -- To withdraw your request before it has been approved, click the **Pending** tab. Right-click the GPO, and then click **Withdraw**. The GPO will be returned to the **Recycle Bin** tab. - -### Additional references - -- [Deleting, Restoring, or Destroying a GPO](deleting-restoring-or-destroying-a-gpo-agpm30ops.md) - - - - - - - - - diff --git a/mdop/agpm/request-restoration-of-a-deleted-gpo-agpm40.md b/mdop/agpm/request-restoration-of-a-deleted-gpo-agpm40.md deleted file mode 100644 index 2ce8f77638..0000000000 --- a/mdop/agpm/request-restoration-of-a-deleted-gpo-agpm40.md +++ /dev/null @@ -1,58 +0,0 @@ ---- -title: Request Restoration of a Deleted GPO -description: Request Restoration of a Deleted GPO -author: dansimp -ms.assetid: bac5ca3b-be47-49b5-bf1b-96280625fda8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Request Restoration of a Deleted GPO - - -Unless you are an Approver or an AGPM Administrator (Full Control), you must request the restoration of a deleted Group Policy Object (GPO) from the Recycle Bin to return it to the archive. - -A user account with the Editor role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To request the restoration of a deleted GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Recycle Bin** tab to display the deleted GPOs. - -3. Right-click the GPO you want to restore, and then click **Restore**. - -4. Unless you have special permission to restore GPOs, you must submit a request for restoration of the deleted GPO. To receive a copy of the request, type your e-mail address in the **Cc** field. Type a comment to be displayed in the audit trail for the GPO, and then click **Submit**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the **Recycle Bin** tab and is displayed on the **Controlled** tab. - -**Note**   -If a GPO was deleted from the production environment, restoring it to the archive will not automatically redeploy it to the production environment. To return the GPO to the production environment, deploy the GPO. For information, see [Request Deployment of a GPO](request-deployment-of-a-gpo-agpm40.md). - - - -### Additional considerations - -- By default, you must be an Editor to perform this procedure. Specifically, you must have **List Contents** and **Edit Settings** permission for the GPO. - -- To withdraw your request before it has been approved, click the **Pending** tab. Right-click the GPO, and then click **Withdraw**. The GPO will be returned to the **Recycle Bin** tab. - -### Additional references - -- [Deleting or Restoring a GPO](deleting-or-restoring-a-gpo-agpm40.md) - - - - - - - - - diff --git a/mdop/agpm/request-the-creation-of-a-new-controlled-gpo-agpm30ops.md b/mdop/agpm/request-the-creation-of-a-new-controlled-gpo-agpm30ops.md deleted file mode 100644 index 7a8c1a3ab6..0000000000 --- a/mdop/agpm/request-the-creation-of-a-new-controlled-gpo-agpm30ops.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: Request the Creation of a New Controlled GPO -description: Request the Creation of a New Controlled GPO -author: dansimp -ms.assetid: 4194c2f3-8116-4a35-be1a-81c84072daec -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Request the Creation of a New Controlled GPO - - -Unless you are an Approver or an AGPM Administrator (Full Control), you must request the creation of a new Group Policy Object (GPO). - -A user account with the Editor or Reviewer role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To create a new GPO with change control managed through AGPM** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. Right-click **Change Control**, and then click **New Controlled GPO**. - -3. Unless you have special permission to create GPOs, you must submit a request for creation. In the **New Controlled GPO** dialog box: - - 1. To receive a copy of the request, enter your e-mail address in the **Cc** field. - - 2. Type a name for the new GPO. - - 3. Optional: Type a comment for the new GPO. - - 4. To deploy the new GPO to the production environment immediately upon approval, click **Create live**. To create the new GPO offline without immediately deploying it upon approval, click **Create offline**. - - 5. Select the GPO template to use as a starting point for the new GPO. - - 6. Click **Submit**. - -4. When the **Progress** window indicates that overall progress is complete, click **Close**. The new GPO is displayed in the list of GPOs on the **Pending** tab. When an Approver has approved your request, the GPO will be moved to the **Controlled** tab. - -### Additional considerations - -- By default, you must be an Editor or a Reviewer to perform this procedure. Specifically, you must have **List Contents** permission for the domain. - -- To withdraw your request before it has been approved, click the **Pending** tab. Right-click the GPO, then click **Withdraw**. The GPO will be destroyed. - -### Additional references - -- [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/request-the-creation-of-a-new-controlled-gpo-agpm40.md b/mdop/agpm/request-the-creation-of-a-new-controlled-gpo-agpm40.md deleted file mode 100644 index bee0c5410d..0000000000 --- a/mdop/agpm/request-the-creation-of-a-new-controlled-gpo-agpm40.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: Request the Creation of a New Controlled GPO -description: Request the Creation of a New Controlled GPO -author: dansimp -ms.assetid: cb265238-386f-4780-a59a-0c9a4a87d736 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Request the Creation of a New Controlled GPO - - -Unless you are an Approver or an AGPM Administrator (Full Control), you must request the creation of a new Group Policy Object (GPO). - -A user account with the Editor or Reviewer role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To create a new GPO with change control managed through AGPM** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. Right-click **Change Control**, and then click **New Controlled GPO**. - -3. Unless you have special permission to create GPOs, you must submit a request for creation. In the **New Controlled GPO** dialog box: - - 1. To receive a copy of the request, enter your e-mail address in the **Cc** field. - - 2. Type a name for the new GPO. - - 3. Optional: Type a comment for the new GPO. - - 4. To deploy the new GPO to the production environment of the domain immediately upon approval, click **Create live**. To create the new GPO offline without immediately deploying it upon approval, click **Create offline**. - - 5. Select the GPO template to use as a starting point for the new GPO. - - 6. Click **Submit**. - -4. When the **Progress** window indicates that overall progress is complete, click **Close**. The new GPO is displayed in the list of GPOs on the **Pending** tab. When an Approver has approved your request, the GPO will be moved to the **Controlled** tab. - -### Additional considerations - -- By default, you must be an Editor or a Reviewer to perform this procedure. Specifically, you must have **List Contents** permission for the domain. - -- To withdraw your request before it has been approved, click the **Pending** tab. Right-click the GPO, then click **Withdraw**. The GPO will be destroyed. - -### Additional references - -- [Creating or Controlling a GPO](creating-or-controlling-a-gpo-agpm40-ed.md) - -  - -  - - - - - diff --git a/mdop/agpm/request-the-creation-of-a-new-controlled-gpo.md b/mdop/agpm/request-the-creation-of-a-new-controlled-gpo.md deleted file mode 100644 index d7c1fe6de4..0000000000 --- a/mdop/agpm/request-the-creation-of-a-new-controlled-gpo.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: Request the Creation of a New Controlled GPO -description: Request the Creation of a New Controlled GPO -author: dansimp -ms.assetid: e1875d81-8553-42ee-8f3a-023d6ced86ca -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Request the Creation of a New Controlled GPO - - -Unless you are an Approver or an AGPM Administrator (Full Control), you must request the creation of a new Group Policy object (GPO) if it is to be managed using Advanced Group Policy Management (AGPM). - -A user account with the Editor or Reviewer role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To create a new GPO with change control managed through AGPM** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. Right-click the **Change Control** node, and then click **New Controlled GPO**. - -3. Unless you have special permission to create GPOs, you must submit a request for creation. In the **New Controlled GPO** dialog box: - - 1. To receive a copy of the request, enter your e-mail address in the **Cc** field. - - 2. Type a name for the new GPO. - - 3. Optional: Type a comment for the new GPO. - - 4. To deploy the new GPO to the production environment immediately upon approval, click **Create live**. To create the new GPO offline without immediately deploying it upon approval, click **Create offline**. - - 5. Select the GPO template to use as a starting point for the new GPO. - - 6. Click **Submit**. - -4. When the **Progress** window indicates that overall progress is complete, click **Close**. The new GPO is displayed in the list of GPOs on the **Pending** tab. When an Approver has approved your request, the GPO will be moved to the **Controlled** tab. - -### Additional considerations - -- By default, you must be an Editor or a Reviewer to perform this procedure. Specifically, you must have **List Contents** permission for the domain. - -- To withdraw your request before it has been approved, click the **Pending** tab. Right-click the GPO, then click **Withdraw**. The GPO will be destroyed. - -### Additional references - -- [Creating, Controlling, or Importing a GPO](creating-controlling-or-importing-a-gpo-editor.md) - -  - -  - - - - - diff --git a/mdop/agpm/resources-for-agpm.md b/mdop/agpm/resources-for-agpm.md deleted file mode 100644 index 5aa2774df3..0000000000 --- a/mdop/agpm/resources-for-agpm.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Resources for AGPM -description: Resources for AGPM -author: dansimp -ms.assetid: b44b58c0-2810-40d6-9677-f2f64e1add75 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Resources for AGPM - - -### Documents for download - -- [Advanced Group Policy Management 4.0 documents](https://www.microsoft.com/download/details.aspx?id=13975) - -### Microsoft Desktop Optimization Pack resources - -- [Microsoft Desktop Optimization Pack (MDOP) for Software Assurance TechCenter](https://go.microsoft.com/fwlink/?LinkID=159870) (https://www.microsoft.com/technet/mdop): Links to MDOP videos and resources. - -- [Enterprise products: MDOP](https://go.microsoft.com/fwlink/?LinkID=160297): Overviews and information about the benefits of applications in MDOP. - -### Group Policy resources - -- [Group Policy TechCenter](https://go.microsoft.com/fwlink/?LinkID=145531) (https://www.microsoft.com/grouppolicy): Links to Group Policy documentation, tools, and downloads. - -- [Group Policy Team Blog](https://go.microsoft.com/fwlink/?LinkID=75192) (https://blogs.technet.com/GroupPolicy): Stay current on the latest news about Group Policy with articles by the Group Policy Team and other experts. - -- [Group Policy Forum](https://go.microsoft.com/fwlink/?LinkID=145532): Do you have questions about Group Policy or AGPM? You can post your questions to the forum, and receive answers from the experts. - -  - -  - - - - - diff --git a/mdop/agpm/restore-a-deleted-gpo-agpm30ops.md b/mdop/agpm/restore-a-deleted-gpo-agpm30ops.md deleted file mode 100644 index 37a1bcf1c0..0000000000 --- a/mdop/agpm/restore-a-deleted-gpo-agpm30ops.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: Restore a Deleted GPO -description: Restore a Deleted GPO -author: dansimp -ms.assetid: 853feb0a-d2d9-4be9-a07e-e113a56a9968 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Restore a Deleted GPO - - -Approvers can restore a deleted Group Policy Object (GPO) from the Recycle Bin, returning it to the archive. - -A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To restore a deleted GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Recycle Bin** tab to display the deleted GPOs. - -3. Right-click the GPO to restore, and then click **Restore**. - -4. Type a comment to be displayed in the history of the GPO, and then click **OK**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the **Recycle Bin** tab and is displayed on the **Controlled** tab. - -**Note**   -If a GPO was deleted from the production environment, restoring it to the archive will not automatically redeploy it to the production environment. To return the GPO to the production environment, deploy the GPO. For information, see [Deploy a GPO](deploy-a-gpo-agpm30ops.md). - - - -### Additional considerations - -- By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and either **Deploy GPO** or **Delete GPO** permissions for the GPO. - -### Additional references - -- [Deleting, Restoring, or Destroying a GPO](deleting-restoring-or-destroying-a-gpo-agpm30ops.md) - - - - - - - - - diff --git a/mdop/agpm/restore-a-deleted-gpo-agpm40.md b/mdop/agpm/restore-a-deleted-gpo-agpm40.md deleted file mode 100644 index 173a4d8932..0000000000 --- a/mdop/agpm/restore-a-deleted-gpo-agpm40.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: Restore a Deleted GPO -description: Restore a Deleted GPO -author: dansimp -ms.assetid: 0a131d26-a741-4a51-b612-c0bc7dbba06b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Restore a Deleted GPO - - -Approvers can restore a deleted Group Policy Object (GPO) from the Recycle Bin, returning it to the archive. - -A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To restore a deleted GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Recycle Bin** tab to display the deleted GPOs. - -3. Right-click the GPO to restore, and then click **Restore**. - -4. Type a comment to be displayed in the history of the GPO, and then click **OK**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the **Recycle Bin** tab and is displayed on the **Controlled** tab. - -**Note**   -If a GPO was deleted from the production environment, restoring it to the archive will not automatically redeploy it to the production environment. To return the GPO to the production environment, deploy the GPO. For information, see [Deploy a GPO](deploy-a-gpo-agpm40.md). - - - -### Additional considerations - -- By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and either **Deploy GPO** or **Delete GPO** permissions for the GPO. - -### Additional references - -- [Deleting, Restoring, or Destroying a GPO](deleting-restoring-or-destroying-a-gpo-agpm40.md) - - - - - - - - - diff --git a/mdop/agpm/restore-a-deleted-gpo.md b/mdop/agpm/restore-a-deleted-gpo.md deleted file mode 100644 index a70c7bb3ae..0000000000 --- a/mdop/agpm/restore-a-deleted-gpo.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: Restore a Deleted GPO -description: Restore a Deleted GPO -author: dansimp -ms.assetid: e6953296-7b7d-4d1e-ad82-d4a23044cdd7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Restore a Deleted GPO - - -Advanced Group Policy Management (AGPM) enables Approvers to restore a deleted Group Policy object (GPO) from the Recycle Bin, returning it to the archive. - -A user account with the Editor, Approver, or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To restore a deleted GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Recycle Bin** tab to display the deleted GPOs. - -3. Right-click the GPO to restore, and then click **Restore**. - -4. Type a comment to be displayed in the history of the GPO, and then click **OK**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the **Recycle Bin** tab and is displayed on the **Controlled** tab. - -**Note**   -If a GPO was deleted from the production environment, restoring it to the archive will not automatically redeploy it to the production environment. To return the GPO to the production environment, deploy the GPO. For information, see [Deploy a GPO](deploy-a-gpo.md). - - - -### Additional considerations - -- By default, you must be an Editor, an Approver, or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and either **Edit Settings**, **Deploy GPO**, or **Delete GPO** permissions for the GPO. - -### Additional references - -- [Deleting, Restoring, or Destroying a GPO](deleting-restoring-or-destroying-a-gpo.md) - - - - - - - - - diff --git a/mdop/agpm/restore-the-archive-from-a-backup-agpm40.md b/mdop/agpm/restore-the-archive-from-a-backup-agpm40.md deleted file mode 100644 index 48e9b29395..0000000000 --- a/mdop/agpm/restore-the-archive-from-a-backup-agpm40.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -title: Restore the Archive from a Backup -description: Restore the Archive from a Backup -author: dansimp -ms.assetid: b83f6173-a236-4da2-b16e-8df20920d4cc -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Restore the Archive from a Backup - - -If a disaster occurs and the archive for Advanced Group Policy Management (AGPM) is damaged or destroyed, an AGPM Administrator (Full Control) can restore the archive from a backup copy prepared in advance and then import from the production environment of the domain any Group Policy Objects (GPOs) that are not in the archive or for which the version in production is more current than that in the archive. For information about how to restore an archive backup to a different server, see [Move the AGPM Server and the Archive](move-the-agpm-server-and-the-archive-agpm40.md). - -A user account that has access to the AGPM Server (the computer on which the AGPM Service is installed) and to the folder that contains the archive is required to complete this procedure. - -**To restore the archive from a backup** - -1. Stop the AGPM Service. For more information, see [Start and Stop the AGPM Service](start-and-stop-the-agpm-service-agpm40.md). - -2. Remove the existing archive. By default, the archive folder is %ProgramData%\\Microsoft\\AGPM, however the AGPM Administrator who installed Microsoft Advanced Group Policy Management - Server may have entered a different location during setup. - -3. Re-create the archive folder by configuring the archive path, AGPM Service Account, Archive Owner, and listening port. Using the same values as used during the original installation is not necessary. For more information, see [Modify the AGPM Service](modify-the-agpm-service-agpm40.md). - -4. Copy the contents of the archive backup to the archive folder, copying the subfolders and files to make sure that each subfolder and file inherits the permissions of the archive folder. Be careful not to overwrite the archive folder. - -5. If you not sure about whether a GPO in the archive backup is more current than the copy of that GPO in production, generate a difference report and compare their settings. For more information, see [Identify Differences Between GPOs, GPO Versions, or Templates](identify-differences-between-gpos-gpo-versions-or-templates-agpm40.md). - -6. Restart the AGPM Service. For more information, see [Start and Stop the AGPM Service](start-and-stop-the-agpm-service-agpm40.md). - -### Additional references - -- [Back Up the Archive](back-up-the-archive-agpm40.md) - -- [Move the AGPM Server and the Archive](move-the-agpm-server-and-the-archive-agpm40.md) - -- [Managing the Archive](managing-the-archive-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/restore-the-archive-from-a-backup.md b/mdop/agpm/restore-the-archive-from-a-backup.md deleted file mode 100644 index 14a140fd80..0000000000 --- a/mdop/agpm/restore-the-archive-from-a-backup.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -title: Restore the Archive from a Backup -description: Restore the Archive from a Backup -author: dansimp -ms.assetid: 49666337-d72c-4e44-99e4-9eb59b2355a9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Restore the Archive from a Backup - - -If a disaster occurs and the archive for Advanced Group Policy Management (AGPM) is damaged or destroyed, an AGPM Administrator (Full Control) can restore the archive from a backup copy prepared in advance and then import from the production environment any Group Policy Objects (GPOs) that are not in the archive or for which the version in production is more current than that in the archive. For information about how to restore an archive backup to a different server, see [Move the AGPM Server and the Archive](move-the-agpm-server-and-the-archive.md). - -A user account that has access to the AGPM Server (the computer on which the AGPM Service is installed) and to the folder that contains the archive is required to complete this procedure. - -**To restore the archive from a backup** - -1. Stop the AGPM Service. For more information, see [Start and Stop the AGPM Service](start-and-stop-the-agpm-service-agpm30ops.md). - -2. Remove the existing archive. By default, the archive folder is %ProgramData%\\Microsoft\\AGPM, however the AGPM Administrator who installed Microsoft Advanced Group Policy Management - Server may have entered a different location during setup. - -3. Re-create the archive folder by configuring the archive path, AGPM Service Account, Archive Owner, and listening port. Using the same values as used during the original installation is not necessary. For more information, see [Modify the AGPM Service](modify-the-agpm-service-agpm30ops.md). - -4. Copy the contents of the archive backup to the archive folder, copying the subfolders and files to make sure that each subfolder and file inherits the permissions of the archive folder. Be careful not to overwrite the archive folder. - -5. If you not sure about whether a GPO in the archive backup is more current than the copy of that GPO in production, generate a difference report and compare their settings. For more information, see [Identify Differences Between GPOs, GPO Versions, or Templates](identify-differences-between-gpos-gpo-versions-or-templates-agpm30ops.md). - -6. Restart the AGPM Service. For more information, see [Start and Stop the AGPM Service](start-and-stop-the-agpm-service-agpm30ops.md). - -### Additional references - -- [Back Up the Archive](back-up-the-archive.md) - -- [Move the AGPM Server and the Archive](move-the-agpm-server-and-the-archive.md) - -- [Managing the Archive](managing-the-archive.md) - -  - -  - - - - - diff --git a/mdop/agpm/review-gpo-links-agpm30ops.md b/mdop/agpm/review-gpo-links-agpm30ops.md deleted file mode 100644 index 344d2114e2..0000000000 --- a/mdop/agpm/review-gpo-links-agpm30ops.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: Review GPO Links -description: Review GPO Links -author: dansimp -ms.assetid: 5ae95afc-2b89-45cf-916c-efe2d43b2211 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Review GPO Links - - -You can display a diagram showing where a Group Policy Object (GPO) or GPOs that you select are linked to organizational units. GPO link diagrams are updated each time the GPO is controlled, imported, or checked in. - -A user account with the Reviewer, Editor, Approver, or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -## Reviewing GPO links - - -- [For one or more GPOs](#bkmk-gpos) - -- [For one or more versions of a GPO](#bkmk-gpo-versions) - -### - -**To display GPO links for one or more GPOs** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click the **Controlled**, **Pending**, or **Recycle Bin** tab to display GPOs. - -3. Select one or more GPOs for which to display links, right-click a selected GPO, click **Settings**, and then click **GPO Links** to display a diagram of domains and organizational units with links to the selected GPO(s). - -### - -**To display GPO links for one or more versions of a GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click the **Controlled** or **Recycle Bin** tab to display GPOs. - -3. Double-click the GPO to display its history. - -4. Right-click the GPO version for which to review the settings, click **Settings**, and then click **HTML Report** or **XML Report** to display a summary of the GPO's settings. - -### Additional considerations - -- By default, you must be a Reviewer, an Editor, an Approver, or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Read Settings** permissions for the GPO. Also, to display the list of GPOs, you must have **List Contents** permission for the domain. - -### Additional references - -- [Performing Reviewer Tasks](performing-reviewer-tasks-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/review-gpo-links-agpm40.md b/mdop/agpm/review-gpo-links-agpm40.md deleted file mode 100644 index 0aa1c8288a..0000000000 --- a/mdop/agpm/review-gpo-links-agpm40.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: Review GPO Links -description: Review GPO Links -author: dansimp -ms.assetid: 3aaba9da-f0aa-466f-bd1c-49f11d00ea54 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Review GPO Links - - -You can display a diagram showing where a Group Policy Object (GPO) or GPOs that you select are linked to organizational units. GPO link diagrams are updated each time the GPO is controlled, imported, or checked in. - -A user account with the Reviewer, Editor, Approver, or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -## Reviewing GPO links - - -- [For one or more GPOs](#bkmk-gpos) - -- [For one or more versions of a GPO](#bkmk-gpo-versions) - -### - -**To display GPO links for one or more GPOs** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click the **Controlled**, **Pending**, or **Recycle Bin** tab to display GPOs. - -3. Select one or more GPOs for which to display links, right-click a selected GPO, click **Settings**, and then click **GPO Links** to display a diagram of domains and organizational units with links to the selected GPO(s). - -### - -**To display GPO links for one or more versions of a GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click the **Controlled** or **Recycle Bin** tab to display GPOs. - -3. Double-click the GPO to display its history. - -4. Right-click the GPO version for which to review the settings, click **Settings**, and then click **HTML Report** or **XML Report** to display a summary of the GPO's settings. - -### Additional considerations - -- By default, you must be a Reviewer, an Editor, an Approver, or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Read Settings** permissions for the GPO. Also, to display the list of GPOs, you must have **List Contents** permission for the domain. - -### Additional references - -- [Performing Reviewer Tasks](performing-reviewer-tasks-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/review-gpo-links.md b/mdop/agpm/review-gpo-links.md deleted file mode 100644 index 5df2d37d92..0000000000 --- a/mdop/agpm/review-gpo-links.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: Review GPO Links -description: Review GPO Links -author: dansimp -ms.assetid: 3c472448-f16a-493c-a229-5ca60a470965 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Review GPO Links - - -You can display a diagram showing where a Group Policy object (GPO) or GPOs that you select are linked to organizational units. GPO link diagrams are updated each time the GPO is controlled, imported, or checked in. - -A user account with the Reviewer, Editor, Approver, or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -## Reviewing GPO links - - -- [For one or more GPOs](#bkmk-gpos) - -- [For one or more versions of a GPO](#bkmk-gpo-versions) - -### - -**To display GPO links for one or more GPOs** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click the **Controlled**, **Pending**, or **Recycle Bin** tab to display GPOs. - -3. Select one or more GPOs for which to display links, right-click a selected GPO, click **Settings**, and then click **GPO Links** to display a diagram of domains and organizational units with links to the selected GPO(s). - -### - -**To display GPO links for one or more versions of a GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click the **Controlled** or **Recycle Bin** tab to display GPOs. - -3. Double-click the GPO to display its history. - -4. Right-click the GPO version for which to review the settings, click **Settings**, and then click **HTML Report** or **XML Report** to display a summary of the GPO's settings. - -### Additional considerations - -- By default, you must be a Reviewer, an Editor, an Approver, or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Read Settings** permissions for the GPO. Also, to display the list of GPOs, you must have **List Contents** permission for the domain. - -### Additional references - -- [Performing Reviewer Tasks](performing-reviewer-tasks.md) - -  - -  - - - - - diff --git a/mdop/agpm/review-gpo-settings-agpm30ops.md b/mdop/agpm/review-gpo-settings-agpm30ops.md deleted file mode 100644 index e8287b80ff..0000000000 --- a/mdop/agpm/review-gpo-settings-agpm30ops.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: Review GPO Settings -description: Review GPO Settings -author: dansimp -ms.assetid: bed956d0-082e-4fa9-bf1e-572d0d3d02ec -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Review GPO Settings - - -You can generate HTML-based and XML-based reports for reviewing settings within any version of a Group Policy Object (GPO). - -A user account with the Reviewer, Editor, Approver, or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To review settings in any version of a GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click a tab to display GPOs. - -3. Double-click the GPO to display its history. - -4. Right-click the GPO version for which to review the settings, click **Settings**, and then click **HTML Report** or **XML Report** to display a summary of the GPO's settings. - -### Additional considerations - -- By default, you must be a Reviewer, an Editor, an Approver, or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Read Settings** permissions for the GPO. Also, to display the list of GPOs, you must have **List Contents** permission for the domain. - -### Additional references - -- [Performing Reviewer Tasks](performing-reviewer-tasks-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/review-gpo-settings-agpm40.md b/mdop/agpm/review-gpo-settings-agpm40.md deleted file mode 100644 index 86d54adf3c..0000000000 --- a/mdop/agpm/review-gpo-settings-agpm40.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: Review GPO Settings -description: Review GPO Settings -author: dansimp -ms.assetid: c346bcde-dd6a-4775-aeab-721ca3a361b2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Review GPO Settings - - -You can generate HTML-based and XML-based reports for reviewing settings within any version of a Group Policy Object (GPO). - -A user account with the Reviewer, Editor, Approver, or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To review settings in any version of a GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click a tab to display GPOs. - -3. Double-click the GPO to display its history. - -4. Right-click the GPO version for which to review the settings, click **Settings**, and then click **HTML Report** or **XML Report** to display a summary of the GPO's settings. - -### Additional considerations - -- By default, you must be a Reviewer, an Editor, an Approver, or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Read Settings** permissions for the GPO. Also, to display the list of GPOs, you must have **List Contents** permission for the domain. - -### Additional references - -- [Performing Reviewer Tasks](performing-reviewer-tasks-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/review-gpo-settings.md b/mdop/agpm/review-gpo-settings.md deleted file mode 100644 index 31cdb5b678..0000000000 --- a/mdop/agpm/review-gpo-settings.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: Review GPO Settings -description: Review GPO Settings -author: dansimp -ms.assetid: e82570b2-d8ce-4bf0-8ad7-8910409f3041 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Review GPO Settings - - -You can generate HTML-based and XML-based reports for reviewing settings within any version of a Group Policy object (GPO). - -A user account with the Reviewer, Editor, Approver, or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To review settings in any version of a GPO** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click a tab to display GPOs. - -3. Double-click the GPO to display its history. - -4. Right-click the GPO version for which to review the settings, click **Settings**, and then click **HTML Report** or **XML Report** to display a summary of the GPO's settings. - -### Additional considerations - -- By default, you must be a Reviewer, an Editor, an Approver, or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Read Settings** permissions for the GPO. Also, to display the list of GPOs, you must have **List Contents** permission for the domain. - -### Additional references - -- [Performing Reviewer Tasks](performing-reviewer-tasks.md) - -  - -  - - - - - diff --git a/mdop/agpm/roll-back-to-a-previous-version-of-a-gpo-agpm30ops.md b/mdop/agpm/roll-back-to-a-previous-version-of-a-gpo-agpm30ops.md deleted file mode 100644 index 5317c7cad8..0000000000 --- a/mdop/agpm/roll-back-to-a-previous-version-of-a-gpo-agpm30ops.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: Roll Back to a Previous Version of a GPO -description: Roll Back to a Previous Version of a GPO -author: dansimp -ms.assetid: 2a98ad8f-32cb-41eb-ab99-0318f2a55d81 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Roll Back to a Previous Version of a GPO - - -An Approver can roll back changes to a Group Policy Object (GPO) by redeploying an earlier version of the GPO from its history. Deploying an earlier version of a GPO overwrites the version of the GPO currently in production. - -A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To deploy a previous version of a GPO to the production environment** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -3. Double-click the GPO to be deployed to display its **History**. - -4. Right-click the version to be deployed, click **Deploy**, and then click **Yes**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. In the **History** window, click **Close**. - -**Note**   -To verify that the version that has been redeployed matches the version intended, examine a difference report for the two versions. In the **History** window for the GPO, highlight the two versions, and then right-click and select **Difference** and either **HTML Report** or **XML Report**. - - - -### Additional considerations - -- By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Deploy GPO** permissions for the GPO. - -### Additional references - -- [Performing Approver Tasks](performing-approver-tasks-agpm30ops.md) - - - - - - - - - diff --git a/mdop/agpm/roll-back-to-a-previous-version-of-a-gpo.md b/mdop/agpm/roll-back-to-a-previous-version-of-a-gpo.md deleted file mode 100644 index 1f984420dd..0000000000 --- a/mdop/agpm/roll-back-to-a-previous-version-of-a-gpo.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: Roll Back to a Previous Version of a GPO -description: Roll Back to a Previous Version of a GPO -author: dansimp -ms.assetid: 028631c0-4cb9-4642-90ad-04cd813051b7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Roll Back to a Previous Version of a GPO - - -Advanced Group Policy Management (AGPM) enables an Approver to roll back changes to a Group Policy object (GPO) by redeploying an earlier version of the GPO from its history. Deploying an earlier version of a GPO overwrites the version of the GPO currently in production. - -A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To deploy a previous version of a GPO to the production environment** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -3. Double-click the GPO to be deployed to display its **History**. - -4. Right-click the version to be deployed, click **Deploy**, and then click **Yes**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. In the **History** window, click **Close**. - -**Note**   -To verify that the version that has been redeployed matches the version intended, examine a difference report for the two versions. In the **History** window for the GPO, highlight the two versions, and then right-click and select **Difference** and either **HTML Report** or **XML Report**. - - - -### Additional considerations - -- By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Deploy GPO** permissions for the GPO. - -### Additional references - -- [Performing Approver Tasks](performing-approver-tasks.md) - - - - - - - - - diff --git a/mdop/agpm/roll-back-to-an-earlier-version-of-a-gpo-agpm40.md b/mdop/agpm/roll-back-to-an-earlier-version-of-a-gpo-agpm40.md deleted file mode 100644 index eda0e2c1fe..0000000000 --- a/mdop/agpm/roll-back-to-an-earlier-version-of-a-gpo-agpm40.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: Roll Back to an Earlier Version of a GPO -description: Roll Back to an Earlier Version of a GPO -author: dansimp -ms.assetid: 06ce9251-95e0-46d0-99c2-b9a0690e5891 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Roll Back to an Earlier Version of a GPO - - -An Approver can roll back changes to a Group Policy Object (GPO) by redeploying an earlier version of the GPO from its history. Deploying an earlier version of a GPO overwrites the version of the GPO currently in production. - -A user account with the Approver or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To deploy an earlier version of a GPO to the production environment of the domain** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -3. Double-click the GPO to be deployed to display its **History**. - -4. Right-click the version to be deployed, click **Deploy**, and then click **Yes**. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. In the **History** window, click **Close**. - -**Note**   -To verify that the version that has been redeployed matches the version intended, examine a difference report for the two versions. In the **History** window for the GPO, highlight the two versions, and then right-click and select **Difference** and either **HTML Report** or **XML Report**. - - - -### Additional considerations - -- By default, you must be an Approver or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Deploy GPO** permissions for the GPO. - -### Additional references - -- [Performing Approver Tasks](performing-approver-tasks-agpm40.md) - - - - - - - - - diff --git a/mdop/agpm/search-and-filter-the-list-of-gpos.md b/mdop/agpm/search-and-filter-the-list-of-gpos.md deleted file mode 100644 index 0266fdfa89..0000000000 --- a/mdop/agpm/search-and-filter-the-list-of-gpos.md +++ /dev/null @@ -1,128 +0,0 @@ ---- -title: Search and Filter the List of GPOs -description: Search and Filter the List of GPOs -author: dansimp -ms.assetid: 1bc58a38-033c-4aed-9eb4-c239827f5501 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Search and Filter the List of GPOs - - -In Advanced Group Policy Management (AGPM), you can search the list of Group Policy Objects (GPOs) and their attributes to filter the list of GPOs displayed. For example, you can search for GPOs with a particular name, state, or comment. You can also search for GPOs that were last changed by a particular Group Policy administrator or on a particular date. - -## Performing a complex search - - -You can perform a complex search by using the format *GPO attribute 1: search string 1 GPO attribute 2: search string 2…all-column search strings*. The search is not case-sensitive. - -- **GPO attribute:** Any column heading in the list of GPOs in AGPM other than **Computer Version** or **User Version**. GPO attributes include the GPO name, state, user who most recently changed the GPO, date and time when the GPO was most recently changed, comment, GPO status, and WMI filter applied to the GPO. - -- **Search string:** Text for which to search in the specified column. If a string includes spaces, you must enclose the string with quotation marks. - -- **All-column search strings:** Text for which to search in all columns in the list of GPOs in AGPM other than **Computer Version** and **User Version**. You can include multiple strings separated by spaces. If a string includes spaces, you must enclose the string with quotation marks. - -Each GPO attribute and search string pair and each all-column search string are combined by using a logical AND operation. The result is a list of all GPOs for which each specified attribute includes the specified search string and for which any all-column search strings appear in at least one column. The search returns any partial matches for strings so that you can enter part of a GPO name or user name and view a list of all GPOs that include that text in their name. - -The following are examples of searches: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Description of search resultSearch query

All GPOs with names that include the text security and North America.

name: security name: "North America"

All checked out GPOs.

state: "checked out"

All GPOs most recently changed by the user named Administrator and most recently changed within the previous month.

changed by: Administrator change date: lastmonth

All GPOs in which the word firewall is included in the most recent comment and in which the word security appears in any column.

comment: firewall security

All GPOs that have a status of All Settings Disabled.

gpo status: all

All GPOs that have a WMI filter named My WMI Filter applied and that have a status of User Configuration Settings Disabled.

wmi filter: "My WMI Filtergpo status: user

- -  - -## Specifying dates - - -You can search for GPOs changed on a specific date, at a specific time, or during a span of time by using the same special terms available when you search in Windows. If entering a specific date or time, you must use the format that is used in the **Change Date** column. The following are examples of searches of the **Change Date** column: - -- **change date:** **10/10/2009** - -- **change date:** **10/10/2009 9:00:00 AM** - -- **change date:** **thisweek** - -You can use the following special terms, which are not case-sensitive, when you search the **Change Date** column: - -- **Today** - -- **Yesterday** - -- **ThisWeek** - -- **LastWeek** - -- **ThisMonth** - -- **LastMonth** - -- **TwoMonths** - -- **ThreeMonths** - -- **ThisYear** - -- **LastYear** - -### Additional considerations - -- By default, you must be a Reviewer, an Editor, an Approver, or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** permission for the domain. - -- For more information about GPO attributes, see [Contents Tab Features](contents-tab-features-agpm40.md). - -### Additional references - -- [Advanced Group Policy Management 4.0](advanced-group-policy-management-40.md) - -  - -  - - - - - diff --git a/mdop/agpm/set-a-default-template-agpm30ops.md b/mdop/agpm/set-a-default-template-agpm30ops.md deleted file mode 100644 index 8da4e564b8..0000000000 --- a/mdop/agpm/set-a-default-template-agpm30ops.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: Set a Default Template -description: Set a Default Template -author: dansimp -ms.assetid: 84edbd69-451b-4c10-a898-781d4b75d09c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Set a Default Template - - -As an Editor, you can specify which of the available templates will be the default template suggested for all Group Policy administrators creating new Group Policy Objects (GPOs). - -**Note**   -A template is an uneditable, static version of a GPO for use as a starting point for creating new, editable GPOs. - - - -A user account with the Editor or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To set the default template for use when creating new GPOs** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click the **Templates** tab to display available templates. - -3. Right-click the template that you want to set as the default, and then click **Set as Default**. - -4. Click **Yes** to confirm. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The default template has a blue icon and the state is identified as **Template (default)** on the **Templates** tab. - -### Additional considerations - -- By default, you must be an Editor or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Create Template** permissions for the domain. - -- After you set a template as the default, that template will be the one initially selected in the **New Controlled GPO** dialog box when Group Policy administrators create new GPOs. However, they will have the option to select any other GPO template, including **<Empty GPO>**, which does not include any settings. - -- Renaming or deleting a template does not impact GPOs created from that template. - -- Because it cannot be altered, a template does not have a history. - -### Additional references - -- [Creating a Template and Setting a Default Template](creating-a-template-and-setting-a-default-template-agpm30ops.md) - -- [Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo-agpm30ops.md) - - - - - - - - - diff --git a/mdop/agpm/set-a-default-template-agpm40.md b/mdop/agpm/set-a-default-template-agpm40.md deleted file mode 100644 index c6b0a93381..0000000000 --- a/mdop/agpm/set-a-default-template-agpm40.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: Set a Default Template -description: Set a Default Template -author: dansimp -ms.assetid: 07208b6b-cb3a-4f6c-9c84-36d4dc1486d8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Set a Default Template - - -As an Editor, you can specify which of the available templates will be the default template suggested for all Group Policy administrators creating new Group Policy Objects (GPOs). - -**Note**   -A template is an uneditable, static version of a GPO for use as a starting point for creating new, editable GPOs. - - - -A user account with the Editor or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management (AGPM) is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To set the default template for use when creating new GPOs** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click the **Templates** tab to display available templates. - -3. Right-click the template that you want to set as the default, and then click **Set as Default**. - -4. Click **Yes** to confirm. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The default template has a blue icon and the state is identified as **Template (default)** on the **Templates** tab. - -### Additional considerations - -- By default, you must be an Editor or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Create Template** permissions for the domain. - -- After you set a template as the default, that template will be the one initially selected in the **New Controlled GPO** dialog box when Group Policy administrators create new GPOs. However, they will have the option to select any other GPO template, including **<Empty GPO>**, which does not include any settings. - -- Renaming or deleting a template does not impact GPOs created from that template. - -- Because it cannot be altered, a template does not have a history. - -### Additional references - -- [Creating a Template and Setting a Default Template](creating-a-template-and-setting-a-default-template-agpm40.md) - -- [Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo-agpm40.md) - - - - - - - - - diff --git a/mdop/agpm/set-a-default-template.md b/mdop/agpm/set-a-default-template.md deleted file mode 100644 index 26a7b044a5..0000000000 --- a/mdop/agpm/set-a-default-template.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: Set a Default Template -description: Set a Default Template -author: dansimp -ms.assetid: e0acf980-437f-4357-b237-298aaebe490d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Set a Default Template - - -As an Editor, you can specify which of the available templates will be the default template suggested for all Group Policy administrators creating new Group Policy objects (GPOs). - -**Note**   -A template is an uneditable, static version of a GPO for use as a starting point for creating new, editable GPOs. - - - -A user account with the Editor or AGPM Administrator (Full Control) role or necessary permissions in Advanced Group Policy Management is required to complete this procedure. Review the details in "Additional considerations" in this topic. - -**To set the default template for use when creating new GPOs** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Contents** tab in the details pane, click the **Templates** tab to display available templates. - -3. Right-click the template that you want to set as the default, and then click **Set as Default**. - -4. Click **Yes** to confirm. - -5. When the **Progress** window indicates that overall progress is complete, click **Close**. The default template has a blue icon and the state is identified as **Template (default)** on the **Templates** tab. - -### Additional considerations - -- By default, you must be an Editor or an AGPM Administrator (Full Control) to perform this procedure. Specifically, you must have **List Contents** and **Create Template** permissions for the domain. - -- After you set a template as the default, that template will be the one initially selected in the **New Controlled GPO** dialog box when Group Policy administrators create new GPOs. However, they will have the option to select any other GPO template, including **<Empty GPO>**, which does not include any settings. - -- Renaming or deleting a template does not impact GPOs created from that template. - -- Because it cannot be altered, a template does not have a history. - -### Additional references - -- [Creating a Template and Setting a Default Template](creating-a-template-and-setting-a-default-template.md) - -- [Request the Creation of a New Controlled GPO](request-the-creation-of-a-new-controlled-gpo.md) - - - - - - - - - diff --git a/mdop/agpm/start-and-stop-the-agpm-service-agpm30ops.md b/mdop/agpm/start-and-stop-the-agpm-service-agpm30ops.md deleted file mode 100644 index 4618d3c9fd..0000000000 --- a/mdop/agpm/start-and-stop-the-agpm-service-agpm30ops.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Start and Stop the AGPM Service -description: Start and Stop the AGPM Service -author: dansimp -ms.assetid: b9d26920-c439-4992-9a78-73e4fba8309d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Start and Stop the AGPM Service - - -The AGPM Service is a Windows service that acts as a security proxy, managing client access to Group Policy Objects (GPOs) in the archive and production environment. - -**Important**   -Stopping or disabling the AGPM Service will prevent AGPM Clients from performing any operations (such as listing or editing GPOs) through the server. - - - -A user account with access to the AGPM Server (the computer on which the AGPM Service is installed) is required to complete this procedure. - -**To start or stop the AGPM Service** - -1. On the computer on which Microsoft Advanced Group Policy Management - Server (and therefore the AGPM Service) is installed, click **Start**, click **Control Panel**, click **Administrative Tools**, and then click **Services**. - -2. In the list of services, right-click **AGPM Service** and select **Start**, **Restart**, or **Stop**. - - **Caution**   - Do not modify settings for the AGPM Service through **Administrative Tools** and **Services** in the operating system. Doing so can prevent the AGPM Service from starting. - - - -### Additional references - -- [Managing the AGPM Service](managing-the-agpm-service-agpm30ops.md) - - - - - - - - - diff --git a/mdop/agpm/start-and-stop-the-agpm-service-agpm40.md b/mdop/agpm/start-and-stop-the-agpm-service-agpm40.md deleted file mode 100644 index 3cc649d89b..0000000000 --- a/mdop/agpm/start-and-stop-the-agpm-service-agpm40.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Start and Stop the AGPM Service -description: Start and Stop the AGPM Service -author: dansimp -ms.assetid: dcc9566c-c515-4fbe-b7f5-8ac030141307 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Start and Stop the AGPM Service - - -The AGPM Service is a Windows service that acts as a security proxy, managing client access to Group Policy Objects (GPOs) in the archive and production environment. - -**Important**   -Stopping or disabling the AGPM Service will prevent AGPM Clients from performing any operations (such as listing or editing GPOs) through the server. - - - -A user account with access to the AGPM Server (the computer on which the AGPM Service is installed) is required to complete this procedure. - -**To start or stop the AGPM Service** - -1. On the computer on which Microsoft Advanced Group Policy Management - Server (and therefore the AGPM Service) is installed, click **Start**, click **Control Panel**, click **Administrative Tools**, and then click **Services**. - -2. In the list of services, right-click **AGPM Service** and select **Start**, **Restart**, or **Stop**. - - **Caution**   - Do not modify settings for the AGPM Service through **Administrative Tools** and **Services** in the operating system. Doing so can prevent the AGPM Service from starting. - - - -### Additional references - -- [Managing the AGPM Service](managing-the-agpm-service-agpm40.md) - - - - - - - - - diff --git a/mdop/agpm/start-and-stop-the-agpm-service.md b/mdop/agpm/start-and-stop-the-agpm-service.md deleted file mode 100644 index e81cfefbbd..0000000000 --- a/mdop/agpm/start-and-stop-the-agpm-service.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Start and Stop the AGPM Service -description: Start and Stop the AGPM Service -author: dansimp -ms.assetid: 769aa0ce-224a-446f-9958-9518af4ad159 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Start and Stop the AGPM Service - - -The AGPM Service is a Windows service that acts as a security proxy, managing client access to Group Policy objects (GPOs) in the archive and production environment. - -**Important**   -Stopping or disabling the AGPM Service will prevent AGPM clients from performing any operations (such as listing or editing GPOs) through the server. - - - -A user account with access to the AGPM Server (the computer on which the AGPM Service is installed) is required to complete this procedure. - -**To start or stop the AGPM Service** - -1. On the computer on which Microsoft Advanced Group Policy Management - Server (and therefore the AGPM Service) is installed, click **Start**, click **Control Panel**, click **Administrative Tools**, and then click **Services**. - -2. In the list of services, right-click **AGPM Service** and select **Start**, **Restart**, or **Stop**. - - **Caution**   - Do not modify settings for the AGPM Service through **Administrative Tools** and **Services** in the operating system. Doing so can prevent the AGPM Service from starting. To modify settings for the service, see [Managing the AGPM Service](managing-the-agpm-service.md). - - - -### Additional references - -- [Managing the AGPM Service](managing-the-agpm-service.md) - - - - - - - - - diff --git a/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-25.md b/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-25.md deleted file mode 100644 index e177ef9954..0000000000 --- a/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-25.md +++ /dev/null @@ -1,541 +0,0 @@ ---- -title: Step-by-Step Guide for Microsoft Advanced Group Policy Management 2.5 -description: Step-by-Step Guide for Microsoft Advanced Group Policy Management 2.5 -author: dansimp -ms.assetid: 454298c9-0fab-497a-9808-c0246a4c8db5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Step-by-Step Guide for Microsoft Advanced Group Policy Management 2.5 - - -This step-by-step guide demonstrates advanced techniques for Group Policy management using the Group Policy Management Console (GPMC) and Microsoft Advanced Group Policy Management (AGPM). AGPM increases the capabilities of the GPMC, providing: - -- Standard roles for delegating permissions to manage Group Policy objects (GPOs) to multiple Group Policy administrators. - -- An archive to enable Group Policy administrators to create and modify GPOs offline before deploying them to a production environment. - -- The ability to roll back to any previous version of a GPO. - -- Check-in/check-out capability for GPOs to ensure that Group Policy administrators do not inadvertently overwrite each other's work. - -## AGPM scenario overview - - -For this scenario, you will use a separate user account for each role in AGPM to demonstrate how Group Policy can be managed in an environment with multiple Group Policy administrators who have different levels of permissions. Specifically, you will perform the following tasks: - -- Using an account that is a member of the Domain Admins group, install AGPM Server and assign the AGPM Administrator role to an account or group. - -- Using accounts to which you will assign AGPM roles, install AGPM Client. - -- Using an account with the AGPM Administrator role, configure AGPM and delegate access to GPOs by assigning roles to other accounts. - -- Using an account with the Editor role, request the creation of a GPO, which you then approve using an account with the Approver role. With the Editor account, check the GPO out of the archive, edit the GPO, check the GPO into the archive, and request deployment. - -- Using an account with the Approver role, review the GPO and deploy it to your production environment. - -- Using an account with the Editor role, create a GPO template and use it as a starting point to create a new GPO. - -- Using an account with the Approver role, delete and restore a GPO. - -![group policy object development process](images/ab77a1f3-f430-4e7d-be58-ee8f9bd1140e.gif) - -## Requirements - - -Computers on which you want to install AGPM must meet the following requirements, and you must create accounts for use in this scenario. - -### AGPM Server requirements - -AGPM Server 2.5 requires Windows Vista® (32-bit version) with no service packs installed or Windows Server® 2003 (32-bit version), as well as the GPMC. Additionally, you must be a member of the Domain Admins group to install AGPM Server. - -You should install AGPM Server on a member server or domain controller with the most recent version of the GPMC that is available to you and supported by AGPM. AGPM uses the GPMC to back up and restore GPOs, and newer versions of the GPMC provide additional policy settings not available in preceding versions. If the version of the GPMC on your AGPM Server is older than the version on the computers that administrators use to manage Group Policy, the AGPM Server will be unable to store those policy settings not available in the older version of the GPMC. - -Specifically, if your AGPM Server is running Windows Server 2003 and the version of the GPMC that accompanied it, and your Group Policy administrators’ computers are running Windows Vista and the version of the GPMC that accompanied it, you can still manage most policy settings. However, policy settings from the GPMC in Windows Vista that are not available in the GPMC in Windows Server 2003—such as those related to folder redirection, wireless networking (IEEE 802.11), and deployed printers—cannot be stored by the AGPM Server, even though administrators can configure them using AGPM on their computers. - -If you must install AGPM Server on a computer with an older version of GPMC than your Group Policy administrators are running, see the Group Policy Settings Reference for details about which policy settings are available with which operating systems. To download the Group Policy Settings Reference, see . - -**Note**   -Archives cannot be migrated from an AGPM Server or a GPOVault Server running Windows Server 2003 to an AGPM Server running Windows Vista. - -For Windows Server 2003, if GPOVault Server is installed on the computer on which you want to install AGPM Server, it is recommended that you do not uninstall GPOVault Server before beginning the installation. The installation of AGPM Server will uninstall GPOVault Server and automatically transfer your existing GPOVault archive data to an AGPM archive. - - - -### AGPM Client requirements - -AGPM Client 2.5 requires Windows Vista (32-bit version) with no service packs installed or Windows Server 2003 (32-bit version), as well as the GPMC. AGPM Client can be installed on a computer running AGPM Server. - -### Scenario requirements - -Before you begin this scenario, create four user accounts. During the scenario, you will assign one of the following AGPM roles to each of these accounts: AGPM Administrator (Full Control), Approver, Editor, and Reviewer. These accounts must be able to send and receive e-mail messages. Assign **Link GPOs** permission to the accounts with the AGPM Administrator, Approver, and (optionally) Editor roles. - -**Note**   -**Link GPOs** permission is assigned to members of Domain Administrators and Enterprise Administrators by default. To assign **Link GPOs** permission to additional users or groups (such as accounts with the roles of AGPM Administrator or Approver), click the node for the domain and then click the **Delegation** tab, select **Link GPOs**, click **Add**, and select users or groups to which to assign the permission. - - - -For this scenario, you perform actions with different accounts. You can either log on with each account as indicated, or you can use the **Run as** command to start the GPMC with the indicated account. - -**Note**   -To use the **Run as** command with GPMC on Windows Server 2003, click **Start**, point to **Administrative Tools**, right-click **Group Policy Management**, and click **Run as**. Click **The following user** and enter credentials for an account. - -To use the **Run as** command with GPMC on Windows Vista, click the **Start** button, point to **Run**, and type **runas /user:**DomainName\\UserName**"mmc %windir%\\system32\\gpmc.msc"**, and click **OK**. Type the password for the account when prompted. - - - -## Steps for installing and configuring AGPM - - -You must complete the following steps to install and configure AGPM. - -[Step 1: Install AGPM Server](#bkmk-config1) - -[Step 2: Install AGPM Client](#bkmk-config2) - -[Step 3: Configure an AGPM Server connection](#bkmk-config3) - -[Step 4: Configure e-mail notification](#bkmk-config4) - -[Step 5: Delegate access](#bkmk-config5) - -### Step 1: Install AGPM Server - -In this step, you install AGPM Server on the member server or domain controller that will run the AGPM Service, and you configure the archive. All AGPM operations are managed through this Windows service and are executed with the service's credentials. The archive managed by an AGPM Server can be hosted on that server or on another server in the same forest. - -**To install AGPM Server on the computer that will host the AGPM Service** - -1. Log on with an account that is a member of the Domain Admins group. - -2. Start the Microsoft Desktop Optimization Pack CD and follow the instructions on screen to select **Advanced Group Policy Management - Server**. - -3. In the **Welcome** dialog box, click **Next**. - -4. In the **Microsoft Software License Terms** dialog box, accept the terms and click **Next**. - -5. In the **Application Path** dialog box, select a location in which to install AGPM Server. The computer on which AGPM Server is installed will host the AGPM Service and manage the archive. Click **Next**. - -6. In the **Archive Path** dialog box, select a location for the archive relative to the AGPM Server. The archive path can point to a folder on the AGPM Server or elsewhere, but you should select a location with sufficient space to store all GPOs and history data managed by this AGPM Server. Click **Next**. - -7. In the **AGPM Service Account** dialog box, select a service account under which the AGPM Service will run and then click **Next**. - -8. In the **Archive Owner** dialog box, select an account or group to which to initially assign the AGPM Administrator (Full Control) role. This AGPM Administrator can assign AGPM roles and permissions to other Group Policy administrators (including the role of AGPM Administrator). For this scenario, select the account to serve in the AGPM Administrator role. Click **Next**. - -9. Click **Install**, and then click **Finish** to exit the Setup Wizard. - - **Caution**   - Do not modify settings for the AGPM Service through **Administrative Tools** and **Services** in the operating system. Doing so can prevent the AGPM Service from starting. For information on how to modify settings for the service, see Help for Advanced Group Policy Management. - - - -### Step 2: Install AGPM Client - -Each Group Policy administrator—anyone who creates, edits, deploys, reviews, or deletes GPOs—must have AGPM Client installed on computers that they use to manage GPOs. For this scenario, you install AGPM Client on at least one computer. You do not need to install AGPM Client on the computers of end users who do not perform Group Policy administration. - -**To install AGPM Client on the computer of a Group Policy administrator** - -1. Start the Microsoft Desktop Optimization Pack CD and follow the instructions on screen to select **Advanced Group Policy Management - Client**. - -2. In the **Welcome** dialog box, click **Next**. - -3. In the **Microsoft Software License Terms** dialog box, accept the terms and click **Next**. - -4. In the **Application Path** dialog box, select a location in which to install AGPM Client. Click **Next**. - -5. In the **AGPM Server** dialog box, type the fully-qualified computer name and the port for the AGPM Server to which to connect. The default port for the AGPM Service is 4600. Click **Next**. - -6. Click **Install**, and then click **Finish** to exit the Setup Wizard. - -### Step 3: Configure an AGPM Server connection - -AGPM stores all versions of each controlled Group Policy object (GPO)—a GPO for which AGPM provides change control—in a central archive, so Group Policy administrators can view and modify GPOs offline without immediately impacting the deployed version of each GPO. - -In this step, you configure an AGPM Server connection and ensure that all Group Policy administrators connect to the same AGPM Server. (For information about configuring multiple AGPM Servers, see Help for Advanced Group Policy Management.) - -**To configure an AGPM Server connection for all Group Policy administrators** - -1. On a computer on which you have installed AGPM Client, log on with the user account that you selected as the Archive Owner. This user has the role of AGPM Administrator (Full Control). - -2. Click **Start**, point to **Administrative Tools**, and click **Group Policy Management** to open the **Group Policy Management Console (GPMC)**. - -3. In the **Group Policy Management Console** tree, edit a GPO that is applied to all Group Policy administrators. - -4. In the **Group Policy Object Editor** window, click **User Configuration**, **Administrative Templates**, and **Windows Components**. - -5. If **AGPM** is not listed under **Windows Components**: - - 1. Right-click **Administrative Templates** and select **Add/Remove Templates**. - - 2. Click **Add**, select **agpm.admx** or **agpm.adm**, click **Open**, and then click **Close**. - -6. Under **Windows Components**, double-click **AGPM**. - -7. In the details pane, double-click **AGPM Server (all domains)**. - -8. In the **AGPM Server (all domains) Properties** window, select **Enabled** and type the fully-qualified computer name and port (for example, server.contoso.com:4600) for the server hosting the archive. The port used by the AGPM Service is port 4600. - -9. Click **OK**, and then close the **Group Policy Object Editor** window. When Group Policy is updated, the AGPM Server connection is configured for each Group Policy administrator. - -### Step 4: Configure e-mail notification - -As an AGPM Administrator (Full Control), you designate the e-mail addresses of Approvers and AGPM Administrators to whom an e-mail message containing a request is sent when an Editor attempts to create, deploy, or delete a GPO. You also determine the alias from which these messages are sent. - -**To configure e-mail notification for AGPM** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. In the details pane, click the **Domain Delegation** tab. - -3. In the **From** field, type the e-mail alias for AGPM from which notifications should be sent. - -4. In the **To** field, type the e-mail address for the user account to which you intend to assign the Approver role. - -5. In the **SMTP server** field, type a valid SMTP mail server. - -6. In the **User name** and **Password** fields, type the credentials of a user with access to the SMTP service. - -7. Click **Apply**. - -### Step 5: Delegate access - -As an AGPM Administrator (Full Control), you delegate domain-level access to GPOs, assigning roles to the account of each Group Policy administrator. - -**Note**   -You can also delegate access at the GPO level rather than the domain level. For details, see Help for Advanced Group Policy Management. - - - -**Important**   -You should restrict membership in the Group Policy Creator Owners group, so it cannot be used to circumvent AGPM management of access to GPOs. (In the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you want to manage GPOs, click **Delegation**, and then configure the settings to meet the needs of your organization.) - - - -**To delegate access to all GPOs throughout a domain** - -1. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -2. On the **Domain Delegation** tab, click the **Advanced** button. - -3. In the **Permissions** dialog box: - - 1. Click the user account of a Group Policy administrator, and then select the **Approver** check box to assign that role to the account. Clear the **Editor** check box. (This role includes the Reviewer role.) - - 2. Click the user account of another Group Policy administrator, and then select the **Editor** check box to assign that role to the account. (This role includes the Reviewer role.) - - 3. Click a third account and then select the **Reviewer** check box to assign only the Reviewer role to the account of that Group Policy administrator. Clear the **Editor** check box. - - 4. Click the **Advanced** button. - -4. In the **Advanced Security Settings** dialog box: - - 1. Select a Group Policy administrator, and then click **Edit**. - - 2. For **Apply onto**, select **This object and nested objects**, and then click **OK** in the **Permission** **Entry** dialog box. - - 3. Repeat for each Group Policy administrator. - -5. In the **Advanced Security Settings** dialog box, click **OK**. - -6. In the **Permissions** dialog box, click **OK**. - -## Steps for managing GPOs - - -You must complete the following steps to create, edit, review, and deploy GPOs using AGPM. Additionally, you will create a template, delete a GPO, and restore a deleted GPO. - -[Step 1: Create a GPO](#bkmk-manage1) - -[Step 2: Edit a GPO](#bkmk-manage2) - -[Step 3: Review and deploy a GPO](#bkmk-manage3) - -[Step 4: Use a template to create a GPO](#bkmk-manage4) - -[Step 5: Delete and restore a GPO](#bkmk-manage5) - -### Step 1: Create a GPO - -In an environment with multiple Group Policy administrators, those with the Editor role have the ability to request the creation of new GPOs, but such a request must be approved by someone with the Approver role because the creation of a new GPO impacts the production environment. - -In this step, you use an account with the Editor role to request the creation of a new GPO. Using an account with the Approver role, you approve this request and complete the creation of a GPO. - -**To request the creation of a new GPO managed through AGPM** - -1. On a computer on which you have installed AGPM Client, log on with a user account that has been assigned the Editor role in AGPM. - -2. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -3. Right-click the **Change Control** node, and then click **New Controlled GPO**. - -4. In the **New Controlled GPO** dialog box: - - 1. To receive a copy of the request, type your e-mail address in the **Cc** field. - - 2. Type **MyGPO** as the name for the new GPO. - - 3. Type a comment for the new GPO. - - 4. Click **Create live** so the new GPO will be deployed to the production environment immediately upon approval. - - 5. Click **Submit**. - -5. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. The new GPO is displayed on the **Pending** tab. - -**To approve the pending request to create a GPO** - -1. On a computer on which you have installed AGPM Client, log on with a user account that has been assigned the role of Approver in AGPM. - -2. Open the e-mail inbox for the account, and note that you have received an e-mail message from the AGPM alias with the Editor's request to create a GPO. - -3. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -4. On the **Contents** tab, click the **Pending** tab to display the pending GPOs. - -5. Right-click **MyGPO**, and then click **Approve**. - -6. Click **Yes** to confirm approval of the creation of the GPO. The GPO is moved to the **Controlled** tab. - -### Step 2: Edit a GPO - -You can use GPOs to configure computer or user settings and deploy them to many computers or users. In this step, you use an account with the Editor role to check out a GPO from the archive, edit the GPO offline, check the edited GPO into the archive, and request deployment of the GPO to the production environment. For this scenario, you configure a setting in the GPO to require that the password be at least eight characters in length. - -**To check the GPO out from the archive for editing** - -1. On a computer on which you have installed AGPM Client, log on with a user account that has been assigned the role of Editor in AGPM. - -2. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -3. On the **Contents** tab in the details pane, click the **Controlled** tab to display the controlled GPOs. - -4. Right-click **MyGPO**, and then click **Check Out**. - -5. Type a comment to be displayed in the **History** of the GPO while it is checked out, and then click **OK**. - -6. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. On the **Controlled** tab, the state of the GPO is identified as **Checked Out**. - -**To edit the GPO offline and configure the minimum password length** - -1. On the **Controlled** tab, right-click **MyGPO**, and then click **Edit** to open the **Group Policy Object Editor** window and make changes to an offline copy of the GPO. For this scenario, configure the minimum password length: - - 1. Under **Computer Configuration**, double-click **Windows Settings**, double-click **Security Settings**, double-click **Account Policies**, and double-click **Password Policy**. - - 2. In the details pane, double-click **Minimum password length**. - - 3. In the properties window, select the **Define this policy setting** check box, set the number of characters to **8**, and then click **OK**. - -2. Close the **Group Policy Object Editor** window. - -**To check the GPO into the archive** - -1. On the **Controlled** tab, right-click **MyGPO** and then click **Check In**. - -2. Type a comment, and then click **OK**. - -3. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. On the **Controlled** tab, the state of the GPO is identified as **Checked In**. - -**To request the deployment of the GPO to the production environment** - -1. On the **Controlled** tab, right-click **MyGPO** and then click **Deploy**. - -2. Because this account is not an Approver or AGPM Administrator, you must submit a request for deployment. To receive a copy of the request, type your e-mail address in the **Cc** field. Type a comment to be displayed in the **History** of the GPO, and then click **Submit**. - -3. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. **MyGPO** is displayed on the list of GPOs on the **Pending** tab. - -### Step 3: Review and deploy a GPO - -In this step, you act as an Approver, creating reports and analyzing the settings and changes to settings in the GPO to determine whether you should approve them. After evaluating the GPO, you deploy it to the production environment and link it to a domain or an organizational unit (OU) so that it takes effect when Group Policy is refreshed for computers in that domain or OU. - -**To review settings in the GPO** - -1. On a computer on which you have installed AGPM Client, log on with a user account that has been assigned the role of Approver in AGPM. (Any Group Policy administrator with the Reviewer role, which is included in all of the other roles, can review the settings in a GPO.) - -2. Open the e-mail inbox for the account and note that you have received an e-mail message from the AGPM alias with an Editor's request to deploy a GPO. - -3. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -4. On the **Contents** tab in the details pane, click the **Pending** tab. - -5. Double-click **MyGPO** to display its history. - -6. Review the settings in the most recent version of MyGPO: - - 1. In the **History** window, right-click the GPO version with the most recent timestamp, click **Settings**, and then click **HTML Report** to display a summary of the GPO's settings. - - 2. In the Web browser, click **show all** to display all of the settings in the GPO. - - 3. Close the browser. - -7. Compare the most recent version of MyGPO to the first version checked in to the archive: - - 1. In the **History** window, click the GPO version with the most recent timestamp. Press **CTRL** and click the oldest GPO version that has a state of **Checked In**. - - 2. Click the **Differences** button. The **Account Policies/Password Policy** section is highlighted in green and preceded by **\[+\]**, indicating that this setting is configured only in the latter version of the GPO. - - 3. Click **Account Policies/Password Policy**. The **Minimum password length** setting is also highlighted in green and preceded by **\[+\]**, indicating that it is configured only in the latter version of the GPO. - - 4. Close the Web browser. - -**To deploy the GPO to the production environment** - -1. On the **Pending** tab, right-click **MyGPO** and then click **Approve**. - -2. Type a comment to include in the history of the GPO. - -3. Click **Yes**. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. The GPO is deployed to the production environment. - -**To link the GPO to a domain or organizational unit** - -1. In the GPMC, right-click the domain or an OU to which to apply the GPO that you configured, and then click **Link an Existing GPO**. - -2. In the **Select GPO** dialog box, click **MyGPO**, and then click **OK**. - -### Step 4: Use a template to create a GPO - -In this step, you use an account with the Editor role to create a template—an uneditable, static version of a GPO for use as a starting point for creating new GPOs—and then create a new GPO based upon that template. Templates are useful for quickly creating multiple GPOs that include many of the same settings. - -**To create a template based on an existing GPO** - -1. On a computer on which you have installed AGPM Client, log on with a user account that has been assigned the role of Editor in AGPM. - -2. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -3. On the **Contents** tab in the details pane, click the **Controlled** tab. - -4. Right-click **MyGPO**, and then click **Save as Template** to create a template incorporating all settings currently in MyGPO. - -5. Type **MyTemplate** as the name for the template and a comment, and then click **OK**. - -6. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. The new template appears on the **Templates** tab. - -**To request the creation of a new GPO managed through AGPM** - -1. Click the **Controlled** tab. - -2. Right-click the **Change Control** node, and then click **New Controlled GPO**. - -3. In the **New Controlled GPO** dialog box: - - 1. To receive a copy of the request, type your e-mail address in the **Cc** field. - - 2. Type **MyOtherGPO** as the name for the new GPO. - - 3. Type a comment for the new GPO. - - 4. Click **Create live**, so the new GPO will be deployed to the production environment immediately upon approval. - - 5. For **From GPO template**, select **MyTemplate**. - - 6. Click **Submit**. - -4. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. The new GPO is displayed on the **Pending** tab. - -Use an account that has been assigned the role of Approver to approve the pending request to create the GPO as you did in [Step 1: Create a GPO](#bkmk-manage1). MyTemplate incorporates all of the settings that you configured in MyGPO. Because MyOtherGPO was created using MyTemplate, it initially contains all of the settings that MyGPO contained at the time that MyTemplate was created. You can confirm this by generating a difference report to compare MyOtherGPO to MyTemplate. - -**To check the GPO out from the archive for editing** - -1. On a computer on which you have installed AGPM Client, log on with a user account that has been assigned the role of Editor in AGPM. - -2. Right-click **MyOtherGPO**, and then click **Check Out**. - -3. Type a comment to be displayed in the history of the GPO while it is checked out, and then click **OK**. - -4. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. On the **Controlled** tab, the state of the GPO is identified as **Checked Out**. - -**To edit the GPO offline and configure the account lockout duration** - -1. On the **Controlled** tab, right-click **MyOtherGPO**, and then click **Edit** to open the **Group Policy Object Editor** window and make changes to an offline copy of the GPO. For this scenario, configure the minimum password length: - - 1. Under **Computer Configuration**, double-click **Windows Settings**, double-click **Security Settings**, double-click **Account Policies**, and double-click **Account Lockout Policy**. - - 2. In the details pane, double-click **Account lockout duration**. - - 3. In the properties window, check **Define this policy setting**, set the duration to **30** minutes, and then click **OK**. - -2. Close the **Group Policy Object Editor** window. - -Check MyOtherGPO into the archive and request deployment as you did for MyGPO in [Step 2: Edit a GPO](#bkmk-manage2). You can compare MyOtherGPO to MyGPO or to MyTemplate using difference reports. Any account that includes the Reviewer role (AGPM Administrator \[Full Control\], Approver, Editor, or Reviewer) can generate reports. - -**To compare a GPO to another GPO and to a template** - -1. To compare MyGPO and MyOtherGPO: - - 1. On the **Controlled** tab, click **MyGPO**. Press **CTRL** and then click **MyOtherGPO**. - - 2. Right-click **MyOtherGPO**, point to **Differences**, and click **HTML Report**. - -2. To compare MyOtherGPO and MyTemplate: - - 1. On the **Controlled** tab, click **MyOtherGPO**. - - 2. Right-click **MyOtherGPO**, point to **Differences**, and click **Template**. - - 3. Select **MyTemplate** and **HTML Report**, and then click **OK**. - -### Step 5: Delete and restore a GPO - -In this step, you act as an Approver to delete a GPO. - -**To delete a GPO** - -1. On a computer on which you have installed AGPM Client, log on with a user account that has been assigned the role of Approver. - -2. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -3. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -4. Right-click **MyGPO**, and then click **Delete**. Click **Delete GPO from archive and production** to delete both the version in the archive as well as the deployed version of the GPO in the production environment. - -5. Type a comment to be displayed in the audit trail for the GPO, and then click **OK**. - -6. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the **Controlled** tab and is displayed on the **Recycle Bin** tab, where it can be restored or destroyed. - -Occasionally you may discover after deleting a GPO that it is still needed. In this step, you act as an Approver to restore a GPO that has been deleted. - -**To restore a deleted GPO** - -1. On the **Contents** tab, click the **Recycle Bin** tab to display deleted GPOs. - -2. Right-click **MyGPO**, and then click **Restore**. - -3. Type a comment to be displayed in the history of the GPO, and then click **OK**. - -4. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the **Recycle Bin** tab and is displayed on the **Controlled** tab. - - **Note**   - Restoring a GPO to the archive does not automatically redeploy it to the production environment. To return the GPO to the production environment, deploy the GPO as in [Step 3: Review and deploy a GPO](#bkmk-manage3). - - - -After editing and deploying a GPO, you may discover that recent changes to the GPO are causing a problem. In this step, you act as an Approver to roll back to a previous version of the GPO. You can roll back to any version in the history of the GPO. You can use comments and labels to identify known good versions and when specific changes were made. - -**To roll back to a previous version of a GPO** - -1. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -2. Double-click **MyGPO** to display its history. - -3. Right-click the version to be deployed, click **Deploy**, and then click **Yes**. - -4. When the **Progress** window indicates that overall progress is complete, click **Close**. In the **History** window, click **Close**. - - **Note**   - To verify that the version that has been redeployed is the version intended, examine a difference report for the two versions. In the **History** window for the GPO, select the two versions, right-click them, point to **Difference**, and then click either **HTML Report** or **XML Report**. - - - - - - - - - - - diff --git a/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-30.md b/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-30.md deleted file mode 100644 index f0fa732a4c..0000000000 --- a/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-30.md +++ /dev/null @@ -1,530 +0,0 @@ ---- -title: Step-by-Step Guide for Microsoft Advanced Group Policy Management 3.0 -description: Step-by-Step Guide for Microsoft Advanced Group Policy Management 3.0 -author: dansimp -ms.assetid: d067f465-d7c8-4f6d-b311-66b9b06874f7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Step-by-Step Guide for Microsoft Advanced Group Policy Management 3.0 - - -This step-by-step guide demonstrates advanced techniques for Group Policy management using the Group Policy Management Console (GPMC) and Microsoft Advanced Group Policy Management (AGPM). AGPM increases the capabilities of the GPMC, providing: - -- Standard roles for delegating permissions to manage Group Policy objects (GPOs) to multiple Group Policy administrators, as well as the ability to delegate access to GPOs in the production environment. - -- An archive to enable Group Policy administrators to create and modify GPOs offline before deploying them to a production environment. - -- The ability to roll back to any previous version of a GPO in the archive and to limit the number of versions stored in the archive. - -- Check-in/check-out capability for GPOs to ensure that Group Policy administrators do not inadvertently overwrite each other's work. - -## AGPM scenario overview - - -For this scenario, you will use a separate user account for each role in AGPM to demonstrate how Group Policy can be managed in an environment with multiple Group Policy administrators who have different levels of permissions. Specifically, you will perform the following tasks: - -- Using an account that is a member of the Domain Admins group, install AGPM Server and assign the AGPM Administrator role to an account or group. - -- Using accounts to which you will assign AGPM roles, install AGPM Client. - -- Using an account with the AGPM Administrator role, configure AGPM and delegate access to GPOs by assigning roles to other accounts. - -- Using an account with the Editor role, request the creation of a GPO, which you then approve using an account with the Approver role. With the Editor account, check the GPO out of the archive, edit the GPO, check the GPO into the archive, and request deployment. - -- Using an account with the Approver role, review the GPO and deploy it to your production environment. - -- Using an account with the Editor role, create a GPO template and use it as a starting point to create a new GPO. - -- Using an account with the Approver role, delete and restore a GPO. - -![group policy object development process](images/ab77a1f3-f430-4e7d-be58-ee8f9bd1140e.gif) - -## Requirements - - -Computers on which you want to install AGPM must meet the following requirements, and you must create accounts for use in this scenario. - -**Note**   -If you have AGPM 2.5 installed and are upgrading from Windows Server® 2003 to Windows Server 2008 or Windows Vista® with no service packs installed to Windows Vista with Service Pack 1, you must upgrade the operating system before you can upgrade to AGPM 3.0. - - - -### AGPM Server requirements - -AGPM Server 3.0 requires Windows Server 2008 or Windows Vista with Service Pack 1 and the GPMC from Remote Server Administration Tools (RSAT) installed. Both 32-bit and 64-bit versions are supported. - -Before you install AGPM Server, you must be a member of the Domain Admins group and the following Windows features must be present unless otherwise noted: - -- GPMC - - - Windows Server 2008: The GPMC is automatically installed by AGPM if not present. - - - Windows Vista: You must install the GPMC from RSAT before you install AGPM. For more information, see . - -- .NET Framework 3.5 - -The following Windows features are required by AGPM Server and will be automatically installed if not present: - -- WCF Activation; Non-HTTP Activation - -- Windows Process Activation Service - - - Process Model - - - .NET Environment - - - Configuration APIs - -### AGPM Client requirements - -AGPM Client 3.0 requires Windows Server 2008 or Windows Vista with Service Pack 1 and the GPMC from Remote Server Administration Tools (RSAT) installed. Both 32-bit and 64-bit versions are supported. AGPM Client can be installed on a computer running AGPM Server. - -The following Windows features are required by AGPM Client and will be automatically installed if not present unless otherwise noted: - -- GPMC - - - Windows Server 2008: The GPMC is automatically installed by AGPM if not present. - - - Windows Vista: You must install the GPMC from RSAT before you install AGPM. For more information, see . - -- .NET Framework 3.0 - -### Scenario requirements - -Before you begin this scenario, create four user accounts. During the scenario, you will assign one of the following AGPM roles to each of these accounts: AGPM Administrator (Full Control), Approver, Editor, and Reviewer. These accounts must be able to send and receive e-mail messages. Assign **Link GPOs** permission to the accounts with the AGPM Administrator, Approver, and (optionally) Editor roles. - -**Note**   -**Link GPOs** permission is assigned to members of Domain Administrators and Enterprise Administrators by default. To assign **Link GPOs** permission to additional users or groups (such as accounts with the roles of AGPM Administrator or Approver), click the node for the domain and then click the **Delegation** tab, select **Link GPOs**, click **Add**, and select users or groups to which to assign the permission. - - - -## Steps for installing and configuring AGPM - - -You must complete the following steps to install and configure AGPM. - -[Step 1: Install AGPM Server](#bkmk-config1) - -[Step 2: Install AGPM Client](#bkmk-config2) - -[Step 3: Configure an AGPM Server connection](#bkmk-config3) - -[Step 4: Configure e-mail notification](#bkmk-config4) - -[Step 5: Delegate access](#bkmk-config5) - -### Step 1: Install AGPM Server - -In this step, you install AGPM Server on the member server or domain controller that will run the AGPM Service, and you configure the archive. All AGPM operations are managed through this Windows service and are executed with the service's credentials. The archive managed by an AGPM Server can be hosted on that server or on another server in the same forest. - -**To install AGPM Server on the computer that will host the AGPM Service** - -1. Log on with an account that is a member of the Domain Admins group. - -2. Start the Microsoft Desktop Optimization Pack CD and follow the instructions on screen to select **Advanced Group Policy Management - Server**. - -3. In the **Welcome** dialog box, click **Next**. - -4. In the **Microsoft Software License Terms** dialog box, accept the terms and click **Next**. - -5. In the **Application Path** dialog box, select a location in which to install AGPM Server. The computer on which AGPM Server is installed will host the AGPM Service and manage the archive. Click **Next**. - -6. In the **Archive Path** dialog box, select a location for the archive relative to the AGPM Server. The archive path can point to a folder on the AGPM Server or elsewhere, but you should select a location with sufficient space to store all GPOs and history data managed by this AGPM Server. Click **Next**. - -7. In the **AGPM Service Account** dialog box, select a service account under which the AGPM Service will run and then click **Next**. - -8. In the **Archive Owner** dialog box, select an account or group to which to initially assign the AGPM Administrator (Full Control) role. This AGPM Administrator can assign AGPM roles and permissions to other Group Policy administrators (including the role of AGPM Administrator). For this scenario, select the account to serve in the AGPM Administrator role. Click **Next**. - -9. In the **Port Configuration** dialog box, type a port on which the AGPM Service should listen. Do not clear the **Add port exception to firewall** check box unless you manually configure port exceptions or use rules to configure port exceptions. Click **Next**. - -10. In the **Languages** dialog box, select one or more display languages to install for AGPM Server. - -11. Click **Install**, and then click **Finish** to exit the Setup Wizard. - - **Caution**   - Do not modify settings for the AGPM Service through **Administrative Tools** and **Services** in the operating system. Doing so can prevent the AGPM Service from starting. For information on how to modify settings for the service, see Help for Advanced Group Policy Management. - - - -### Step 2: Install AGPM Client - -Each Group Policy administrator—anyone who creates, edits, deploys, reviews, or deletes GPOs—must have AGPM Client installed on computers that they use to manage GPOs. For this scenario, you install AGPM Client on at least one computer. You do not need to install AGPM Client on the computers of end users who do not perform Group Policy administration. - -**To install AGPM Client on the computer of a Group Policy administrator** - -1. Start the Microsoft Desktop Optimization Pack CD and follow the instructions on screen to select **Advanced Group Policy Management - Client**. - -2. In the **Welcome** dialog box, click **Next**. - -3. In the **Microsoft Software License Terms** dialog box, accept the terms and click **Next**. - -4. In the **Application Path** dialog box, select a location in which to install AGPM Client. Click **Next**. - -5. In the **AGPM Server** dialog box, type the fully-qualified computer name for the AGPM Server and the port to which to connect. The default port for the AGPM Service is 4600. Do not clear the **Allow Microsoft Management Console through the firewall** check box unless you manually configure port exceptions or use rules to configure port exceptions. Click **Next**. - -6. In the **Languages** dialog box, select one or more display languages to install for AGPM Client. - -7. Click **Install**, and then click **Finish** to exit the Setup Wizard. - -### Step 3: Configure an AGPM Server connection - -AGPM stores all versions of each controlled Group Policy object (GPO)—a GPO for which AGPM provides change control—in a central archive, so Group Policy administrators can view and modify GPOs offline without immediately impacting the deployed version of each GPO. - -In this step, you configure an AGPM Server connection and ensure that all Group Policy administrators connect to the same AGPM Server. (For information about configuring multiple AGPM Servers, see Help for Advanced Group Policy Management.) - -**To configure an AGPM Server connection for all Group Policy administrators** - -1. On a computer on which you have installed AGPM Client, log on with the user account that you selected as the Archive Owner. This user has the role of AGPM Administrator (Full Control). - -2. Click **Start**, point to **Administrative Tools**, and click **Group Policy Management** to open the GPMC. - -3. Edit a GPO that is applied to all Group Policy administrators. - -4. In the **Group Policy Management Editor** window, double-click **User Configuration**, **Policies**, **Administrative Templates**, **Windows Components**, and **AGPM**. - -5. In the details pane, double-click **AGPM: Specify default AGPM Server (all domains)**. - -6. In the **Properties** window, select **Enabled** and type the fully-qualified computer name and port (for example, **server.contoso.com:4600**) for the server hosting the archive. By default, the AGPM Service uses port 4600. - -7. Click **OK**, and then close the **Group Policy Management Editor** window. When Group Policy is updated, the AGPM Server connection is configured for each Group Policy administrator. - -### Step 4: Configure e-mail notification - -As an AGPM Administrator (Full Control), you designate the e-mail addresses of Approvers and AGPM Administrators to whom an e-mail message containing a request is sent when an Editor attempts to create, deploy, or delete a GPO. You also determine the alias from which these messages are sent. - -**To configure e-mail notification for AGPM** - -1. In the details pane, click the **Domain Delegation** tab. - -2. In the **From e-mail address** field, type the e-mail alias for AGPM from which notifications should be sent. - -3. In the **To e-mail address** field, type the e-mail address for the user account to which you intend to assign the Approver role. - -4. In the **SMTP server** field, type a valid SMTP mail server. - -5. In the **User name** and **Password** fields, type the credentials of a user with access to the SMTP service. Click **Apply**. - -### Step 5: Delegate access - -As an AGPM Administrator (Full Control), you delegate domain-level access to GPOs, assigning roles to the account of each Group Policy administrator. - -**Note**   -You can also delegate access at the GPO level rather than the domain level. For details, see Help for Advanced Group Policy Management. - - - -**Important**   -You should restrict membership in the Group Policy Creator Owners group, so it cannot be used to circumvent AGPM management of access to GPOs. (In the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you want to manage GPOs, click **Delegation**, and then configure the settings to meet the needs of your organization.) - - - -**To delegate access to all GPOs throughout a domain** - -1. On the **Domain Delegation** tab, click the **Add** button, select the user account of the Group Policy administrator to serve as Approver, and then click **OK**. - -2. In the **Add Group or User** dialog box, select the **Approver** role to assign that role to the account, and then click **OK**. (This role includes the Reviewer role.) - -3. Click the **Add** button, select the user account of the Group Policy administrator to serve as Editor, and then click **OK**. - -4. In the **Add Group or User** dialog box, select the **Editor** role to assign that role to the account, and then click **OK**. (This role includes the Reviewer role.) - -5. Click the **Add** button, select the user account of the Group Policy administrator to serve as Reviewer, and then click **OK**. - -6. In the **Add Group or User** dialog box, select the **Reviewer** role to assign only that role to the account. - -## Steps for managing GPOs - - -You must complete the following steps to create, edit, review, and deploy GPOs using AGPM. Additionally, you will create a template, delete a GPO, and restore a deleted GPO. - -[Step 1: Create a GPO](#bkmk-manage1) - -[Step 2: Edit a GPO](#bkmk-manage2) - -[Step 3: Review and deploy a GPO](#bkmk-manage3) - -[Step 4: Use a template to create a GPO](#bkmk-manage4) - -[Step 5: Delete and restore a GPO](#bkmk-manage5) - -### Step 1: Create a GPO - -In an environment with multiple Group Policy administrators, those with the Editor role have the ability to request the creation of new GPOs, but such a request must be approved by someone with the Approver role because the creation of a new GPO impacts the production environment. - -In this step, you use an account with the Editor role to request the creation of a new GPO. Using an account with the Approver role, you approve this request and complete the creation of a GPO. - -**To request the creation of a new GPO managed through AGPM** - -1. On a computer on which you have installed AGPM Client, log on with a user account that has been assigned the Editor role in AGPM. - -2. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -3. Right-click the **Change Control** node, and then click **New Controlled GPO**. - -4. In the **New Controlled GPO** dialog box: - - 1. To receive a copy of the request, type your e-mail address in the **Cc** field. - - 2. Type **MyGPO** as the name for the new GPO. - - 3. Type a comment for the new GPO. - - 4. Click **Create live** so the new GPO will be deployed to the production environment immediately upon approval. Click **Submit**. - -5. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. The new GPO is displayed on the **Pending** tab. - -**To approve the pending request to create a GPO** - -1. On a computer on which you have installed AGPM Client, log on with a user account that has been assigned the role of Approver in AGPM. - -2. Open the e-mail inbox for the account, and note that you have received an e-mail message from the AGPM alias with the Editor's request to create a GPO. - -3. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -4. On the **Contents** tab, click the **Pending** tab to display the pending GPOs. - -5. Right-click **MyGPO**, and then click **Approve**. - -6. Click **Yes** to confirm approval of the creation of the GPO. The GPO is moved to the **Controlled** tab. - -### Step 2: Edit a GPO - -You can use GPOs to configure computer or user settings and deploy them to many computers or users. In this step, you use an account with the Editor role to check out a GPO from the archive, edit the GPO offline, check the edited GPO into the archive, and request deployment of the GPO to the production environment. For this scenario, you configure a setting in the GPO to require that the password be at least eight characters in length. - -**To check the GPO out from the archive for editing** - -1. On a computer on which you have installed AGPM Client, log on with a user account that has been assigned the role of Editor in AGPM. - -2. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -3. On the **Contents** tab in the details pane, click the **Controlled** tab to display the controlled GPOs. - -4. Right-click **MyGPO**, and then click **Check Out**. - -5. Type a comment to be displayed in the history of the GPO while it is checked out, and then click **OK**. - -6. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. On the **Controlled** tab, the state of the GPO is identified as **Checked Out**. - -**To edit the GPO offline and configure the minimum password length** - -1. On the **Controlled** tab, right-click **MyGPO**, and then click **Edit** to open the **Group Policy Management Editor** window and make changes to an offline copy of the GPO. For this scenario, configure the minimum password length: - - 1. Under **Computer Configuration**, double-click **Policies**, **Windows Settings**, **Security Settings**, **Account Policies**, and **Password Policy**. - - 2. In the details pane, double-click **Minimum password length**. - - 3. In the properties window, select the **Define this policy setting** check box, set the number of characters to **8**, and then click **OK**. - -2. Close the **Group Policy Management Editor** window. - -**To check the GPO into the archive** - -1. On the **Controlled** tab, right-click **MyGPO** and then click **Check In**. - -2. Type a comment, and then click **OK**. - -3. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. On the **Controlled** tab, the state of the GPO is identified as **Checked In**. - -**To request the deployment of the GPO to the production environment** - -1. On the **Controlled** tab, right-click **MyGPO** and then click **Deploy**. - -2. Because this account is not an Approver or AGPM Administrator, you must submit a request for deployment. To receive a copy of the request, type your e-mail address in the **Cc** field. Type a comment to be displayed in the history of the GPO, and then click **Submit**. - -3. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. **MyGPO** is displayed on the list of GPOs on the **Pending** tab. - -### Step 3: Review and deploy a GPO - -In this step, you act as an Approver, creating reports and analyzing the settings and changes to settings in the GPO to determine whether you should approve them. After evaluating the GPO, you deploy it to the production environment and link it to a domain or an organizational unit (OU) so that it takes effect when Group Policy is refreshed for computers in that domain or OU. - -**To review settings in the GPO** - -1. On a computer on which you have installed AGPM Client, log on with a user account that has been assigned the role of Approver in AGPM. (Any Group Policy administrator with the Reviewer role, which is included in all of the other roles, can review the settings in a GPO.) - -2. Open the e-mail inbox for the account and note that you have received an e-mail message from the AGPM alias with an Editor's request to deploy a GPO. - -3. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -4. On the **Contents** tab in the details pane, click the **Pending** tab. - -5. Double-click **MyGPO** to display its history. - -6. Review the settings in the most recent version of MyGPO: - - 1. In the **History** window, right-click the GPO version with the most recent timestamp, click **Settings**, and then click **HTML Report** to display a summary of the GPO's settings. - - 2. In the Web browser, click **show all** to display all of the settings in the GPO. Close the browser. - -7. Compare the most recent version of MyGPO to the first version checked in to the archive: - - 1. In the **History** window, click the GPO version with the most recent time stamp. Press CTRL and click the oldest GPO version for which the **Computer Version** is not **\\***. - - 2. Click the **Differences** button. The **Account Policies/Password Policy** section is highlighted in green and preceded by **\[+\]**, indicating that this setting is configured only in the latter version of the GPO. - - 3. Click **Account Policies/Password Policy**. The **Minimum password length** setting is also highlighted in green and preceded by **\[+\]**, indicating that it is configured only in the latter version of the GPO. - - 4. Close the Web browser. - -**To deploy the GPO to the production environment** - -1. On the **Pending** tab, right-click **MyGPO** and then click **Approve**. - -2. Type a comment to include in the history of the GPO. - -3. Click **Yes**. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. The GPO is deployed to the production environment. - -**To link the GPO to a domain or organizational unit** - -1. In the GPMC, right-click the domain or an OU to which to apply the GPO that you configured, and then click **Link an Existing GPO**. - -2. In the **Select GPO** dialog box, click **MyGPO**, and then click **OK**. - -### Step 4: Use a template to create a GPO - -In this step, you use an account with the Editor role to create a template—an uneditable, static version of a GPO for use as a starting point for creating new GPOs—and then create a new GPO based upon that template. Templates are useful for quickly creating multiple GPOs that include many of the same settings. - -**To create a template based on an existing GPO** - -1. On a computer on which you have installed AGPM Client, log on with a user account that has been assigned the role of Editor in AGPM. - -2. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -3. On the **Contents** tab in the details pane, click the **Controlled** tab. - -4. Right-click **MyGPO**, and then click **Save as Template** to create a template incorporating all settings currently in MyGPO. - -5. Type **MyTemplate** as the name for the template and a comment, and then click **OK**. - -6. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. The new template appears on the **Templates** tab. - -**To request the creation of a new GPO managed through AGPM** - -1. Click the **Controlled** tab. - -2. Right-click the **Change Control** node, and then click **New Controlled GPO**. - -3. In the **New Controlled GPO** dialog box: - - 1. To receive a copy of the request, type your e-mail address in the **Cc** field. - - 2. Type **MyOtherGPO** as the name for the new GPO. - - 3. Type a comment for the new GPO. - - 4. Click **Create live**, so the new GPO will be deployed to the production environment immediately upon approval. - - 5. For **From GPO template**, select **MyTemplate**. Click **Submit**. - -4. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. The new GPO is displayed on the **Pending** tab. - -Use an account that has been assigned the role of Approver to approve the pending request to create the GPO as you did in [Step 1: Create a GPO](#bkmk-manage1). MyTemplate incorporates all of the settings that you configured in MyGPO. Because MyOtherGPO was created using MyTemplate, it initially contains all of the settings that MyGPO contained at the time that MyTemplate was created. You can confirm this by generating a difference report to compare MyOtherGPO to MyTemplate. - -**To check the GPO out from the archive for editing** - -1. On a computer on which you have installed AGPM Client, log on with a user account that has been assigned the role of Editor in AGPM. - -2. Right-click **MyOtherGPO**, and then click **Check Out**. - -3. Type a comment to be displayed in the history of the GPO while it is checked out, and then click **OK**. - -4. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. On the **Controlled** tab, the state of the GPO is identified as **Checked Out**. - -**To edit the GPO offline and configure the account lockout duration** - -1. On the **Controlled** tab, right-click **MyOtherGPO**, and then click **Edit** to open the **Group Policy Management Editor** window and make changes to an offline copy of the GPO. For this scenario, configure the minimum password length: - - 1. Under **Computer Configuration**, double-click **Policies**, **Windows Settings**, **Security Settings**, **Account Policies**, and **Account Lockout Policy**. - - 2. In the details pane, double-click **Account lockout duration**. - - 3. In the properties window, check **Define this policy setting**, set the duration to **30** minutes, and then click **OK**. - -2. Close the **Group Policy Management Editor** window. - -Check MyOtherGPO into the archive and request deployment as you did for MyGPO in [Step 2: Edit a GPO](#bkmk-manage2). You can compare MyOtherGPO to MyGPO or to MyTemplate using difference reports. Any account that includes the Reviewer role (AGPM Administrator \[Full Control\], Approver, Editor, or Reviewer) can generate reports. - -**To compare a GPO to another GPO and to a template** - -1. To compare MyGPO and MyOtherGPO: - - 1. On the **Controlled** tab, click **MyGPO**. Press CTRL and then click **MyOtherGPO**. - - 2. Right-click **MyOtherGPO**, point to **Differences**, and click **HTML Report**. - -2. To compare MyOtherGPO and MyTemplate: - - 1. On the **Controlled** tab, click **MyOtherGPO**. - - 2. Right-click **MyOtherGPO**, point to **Differences**, and click **Template**. - - 3. Select **MyTemplate** and **HTML Report**, and then click **OK**. - -### Step 5: Delete and restore a GPO - -In this step, you act as an Approver to delete a GPO. - -**To delete a GPO** - -1. On a computer on which you have installed AGPM Client, log on with a user account that has been assigned the role of Approver. - -2. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -3. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -4. Right-click **MyGPO**, and then click **Delete**. Click **Delete GPO from archive and production** to delete both the version in the archive as well as the deployed version of the GPO in the production environment. - -5. Type a comment to be displayed in the audit trail for the GPO, and then click **OK**. - -6. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the **Controlled** tab and is displayed on the **Recycle Bin** tab, where it can be restored or destroyed. - -Occasionally you may discover after deleting a GPO that it is still needed. In this step, you act as an Approver to restore a GPO that has been deleted. - -**To restore a deleted GPO** - -1. On the **Contents** tab, click the **Recycle Bin** tab to display deleted GPOs. - -2. Right-click **MyGPO**, and then click **Restore**. - -3. Type a comment to be displayed in the history of the GPO, and then click **OK**. - -4. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the **Recycle Bin** tab and is displayed on the **Controlled** tab. - - **Note**   - Restoring a GPO to the archive does not automatically redeploy it to the production environment. To return the GPO to the production environment, deploy the GPO as in [Step 3: Review and deploy a GPO](#bkmk-manage3). - - - -After editing and deploying a GPO, you may discover that recent changes to the GPO are causing a problem. In this step, you act as an Approver to roll back to a previous version of the GPO. You can roll back to any version in the history of the GPO. You can use comments and labels to identify known good versions and when specific changes were made. - -**To roll back to a previous version of a GPO** - -1. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -2. Double-click **MyGPO** to display its history. - -3. Right-click the version to be deployed, click **Deploy**, and then click **Yes**. - -4. When the **Progress** window indicates that overall progress is complete, click **Close**. In the **History** window, click **Close**. - - **Note**   - To verify that the version that has been redeployed is the version intended, examine a difference report for the two versions. In the **History** window for the GPO, select the two versions, right-click them, point to **Difference**, and then click either **HTML Report** or **XML Report**. - - - - - - - - - - - diff --git a/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-40.md b/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-40.md deleted file mode 100644 index fa3516b9a3..0000000000 --- a/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-40.md +++ /dev/null @@ -1,601 +0,0 @@ ---- -title: Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0 -description: Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0 -author: dansimp -ms.assetid: dc6f9b16-b1d4-48f3-88bb-f29301f0131c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0 - - -This step-by-step guide demonstrates advanced techniques for Group Policy management that use the Group Policy Management Console (GPMC) and Microsoft Advanced Group Policy Management (AGPM). AGPM increases the capabilities of the GPMC, providing: - -- Standard roles for delegating permissions to manage Group Policy Objects (GPOs) to multiple Group Policy administrators, in addition to the ability to delegate access to GPOs in the production environment. - -- An archive to enable Group Policy administrators to create and modify GPOs offline before the GPOs are deployed into a production environment. - -- The ability to roll back to any earlier version of a GPO in the archive and to limit the number of versions stored in the archive. - -- Check-in and check-out capability for GPOs to make sure that Group Policy administrators do not unintentionally overwrite each other's work. - -- The ability to search for GPOs with specific attributes and to filter the list of GPOs displayed. - -## AGPM scenario overview - - -For this scenario, you will use a separate user account for each role in AGPM to demonstrate how Group Policy can be managed in an environment that has multiple Group Policy administrators who have different levels of permissions. Specifically, you will perform the following tasks: - -- Using an account that is a member of the Domain Admins group, install AGPM Server and assign the AGPM Administrator role to an account or group. - -- Using accounts to which you will assign AGPM roles, install AGPM Client. - -- Using an account that has the AGPM Administrator role, configure AGPM and delegate access to GPOs by assigning roles to other accounts. - -- From an account that has the Editor role, request that a new GPO be created that you then approve by using an account that has the Approver role. Use the Editor account to check the GPO out of the archive, edit the GPO, check the GPO into the archive, and then request deployment. - -- Using an account that has the Approver role, review the GPO and deploy it to your production environment. - -- Using an account that has the Editor role, create a GPO template and use it as a starting point to create a new GPO. - -- Using an account that has the Approver role, delete and restore a GPO. - -![group policy object development process](images/ab77a1f3-f430-4e7d-be58-ee8f9bd1140e.gif) - -## Requirements - - -Computers on which you want to install AGPM must meet the following requirements, and you must create accounts for use in this scenario. - -**Note**   -If you have AGPM 2.5 installed and are upgrading from Windows Server® 2003 to Windows Server 2008 R2 or Windows Server 2008, or are upgrading from Windows Vista with no service packs installed to Windows 7 or Windows Vista® with Service Pack 1 (SP1), you must upgrade the operating system before you can upgrade to AGPM 4.0. - -If you have AGPM 3.0 installed, you do not have to upgrade the operating system before you upgrade to AGPM 4.0 - - - -In a mixed environment that includes both newer and older operating systems, there are some limitations to functionality, as indicated in the following table. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating system on which AGPM Server 4.0 runsOperating system on which AGPM Client 4.0 runsStatus of AGPM 4.0 support

Windows Server 2008 R2 or Windows 7

Windows Server 2008 R2 or Windows 7

Supported

Windows Server 2008 R2 or Windows 7

Windows Server 2008 or Windows Vista with SP1

Supported, but cannot edit policy settings or preference items that exist only in Windows Server 2008 R2 or Windows 7

Windows Server 2008 or Windows Vista with SP1

Windows Server 2008 R2 or Windows 7

Unsupported

Windows Server 2008 or Windows Vista with SP1

Windows Server 2008 or Windows Vista with SP1

Supported, but cannot report or edit policy settings or preference items that exist only in Windows Server 2008 R2 or Windows 7

- - - -### AGPM Server requirements - -AGPM Server 4.0 requires Windows Server 2008 R2, Windows Server 2008, Windows 7 and the GPMC from Remote Server Administration Tools (RSAT), or Windows Vista with SP1 and the GPMC from RSAT installed. Both 32-bit and 64-bit versions are supported. - -Before you install AGPM Server, you must be a member of the Domain Admins group and the following Windows features must be present unless otherwise noted: - -- GPMC - - - Windows Server 2008 R2 or Windows Server 2008: If the GPMC is not present, it is automatically installed by AGPM. - - - Windows 7: You must install the GPMC from RSAT before you install AGPM. For more information, see [Remote Server Administration Tools for Windows 7](https://go.microsoft.com/fwlink/?LinkID=131280) (https://go.microsoft.com/fwlink/?LinkID=131280). - - - Windows Vista with SP1: You must install the GPMC from RSAT before you install AGPM. For more information, see [Remote Server Administration Tools for Windows Vista with Service Pack 1](https://go.microsoft.com/fwlink/?LinkID=116179) (https://go.microsoft.com/fwlink/?LinkID=116179). - -- The .NET Framework 3.5 or later versions - - - Windows Server 2008 R2 or Windows 7: If the .NET Framework 3.5 or later version is not present, the .NET Framework 3.5 is automatically installed by AGPM. - - - Windows Server 2008 or Windows Vista with SP1: You must install the .NET Framework 3.5 or a later version before you install AGPM. - -The following Windows features are required by AGPM Server and will be automatically installed if they are not present: - -- WCF Activation; Non-HTTP Activation - -- Windows Process Activation Service - - - Process Model - - - The .NET Environment - - - Configuration APIs - -### AGPM Client requirements - -AGPM Client 4.0 requires Windows Server 2008 R2, Windows Server 2008, Windows 7 and the GPMC from RSAT, or Windows Vista with SP1 and the GPMC from RSAT installed. Both 32-bit and 64-bit versions are supported. AGPM Client can be installed on a computer that is running AGPM Server. - -The following Windows features are required by AGPM Client and unless otherwise noted are automatically installed if they are not present: - -- GPMC - - - Windows Server 2008 R2 or Windows Server 2008: If the GPMC is not present, it is automatically installed by AGPM. - - - Windows 7: You must install the GPMC from RSAT before you install AGPM. For more information, see [Remote Server Administration Tools for Windows 7](https://go.microsoft.com/fwlink/?LinkID=131280) (https://go.microsoft.com/fwlink/?LinkID=131280). - - - Windows Vista with SP1: You must install the GPMC from RSAT before you install AGPM. For more information, see [Remote Server Administration Tools for Windows Vista with Service Pack 1](https://go.microsoft.com/fwlink/?LinkID=116179) (https://go.microsoft.com/fwlink/?LinkID=116179). - -- The .NET Framework 3.0 or later version - - - Windows Server 2008 R2 or Windows 7: If the .NET Framework 3.0 or later version is not present, the .NET Framework 3.5 is automatically installed by AGPM. - - - Windows Server 2008 or Windows Vista with SP1: If the .NET Framework 3.0 or later version is not present, the .NET Framework 3.0 is automatically installed by AGPM. - -### Scenario requirements - -Before you begin this scenario, create four user accounts. During the scenario, you will assign one of the following AGPM roles to each of these accounts: AGPM Administrator (Full Control), Approver, Editor, and Reviewer. These accounts must be able to send and receive e-mail messages. Assign **Link GPOs** permission to the accounts that have the AGPM Administrator, Approver, and (optionally) Editor roles. - -**Note**   -**Link GPOs** permission is assigned to members of Domain Administrators and Enterprise Administrators by default. To assign **Link GPOs** permission to additional users or groups (such as accounts that have the roles of AGPM Administrator or Approver), click the node for the domain and then click the **Delegation** tab, select **Link GPOs**, click **Add**, and select users or groups to which you want to assign the permission. - - - -## Steps for installing and configuring AGPM - - -You must complete the following steps to install and configure AGPM. - -[Step 1: Install AGPM Server](#bkmk-config1) - -[Step 2: Install AGPM Client](#bkmk-config2) - -[Step 3: Configure an AGPM Server connection](#bkmk-config3) - -[Step 4: Configure e-mail notification](#bkmk-config4) - -[Step 5: Delegate access](#bkmk-config5) - -### Step 1: Install AGPM Server - -In this step, you install AGPM Server on the member server or domain controller that will run the AGPM Service, and you configure the archive. All AGPM operations are managed through this Windows service and are executed with the service's credentials. The archive managed by an AGPM Server can be hosted on that server or on another server in the same forest. - -**To install AGPM Server on the computer that will host the AGPM Service** - -1. Log on with an account that is a member of the Domain Admins group. - -2. Start the Microsoft Desktop Optimization Pack CD and follow the instructions on screen to select **Advanced Group Policy Management - Server**. - -3. In the **Welcome** dialog box, click **Next**. - -4. In the **Microsoft Software License Terms** dialog box, accept the terms and then click **Next**. - -5. In the **Application Path** dialog box, select a location in which to install AGPM Server. The computer on which AGPM Server is installed will host the AGPM Service and manage the archive. Click **Next**. - -6. In the **Archive Path** dialog box, select a location for the archive in relation to the AGPM Server. The archive path can point to a folder on the AGPM Server or elsewhere. However, you should select a location with sufficient space to store all GPOs and history data managed by this AGPM Server. Click **Next**. - -7. In the **AGPM Service Account** dialog box, select a service account under which the AGPM Service will run and then click **Next**. - - This account must be a member of the either the Domain Admins group or, for a least-privilege configuration, the following groups in each domain managed by the AGPM Server: - - - Group Policy Creator Owners - - - Backup Operators - - Additionally, this account requires Full Control permission for the following folders: - - - The AGPM archive folder, for which this permission is automatically granted during the installation of AGPM Server if it is installed on a local drive. - - - The local system temp folder, typically %windir%\\temp. - -8. In the **Archive Owner** dialog box, select an account or group to which you assign the AGPM Administrator (Full Control) role. AGPM Administrators can assign AGPM roles and permissions to other Group Policy administrators, so that later you can assign the role of AGPM Administrator to additional Group Policy administrators. For this scenario, select the account to serve in the AGPM Administrator role. Click **Next**. - -9. In the **Port Configuration** dialog box, type a port on which the AGPM Service should listen. Do not clear the **Add port exception to firewall** check box unless you manually configure port exceptions or use rules to configure port exceptions. Click **Next**. - -10. In the **Languages** dialog box, select one or more display languages to install for AGPM Server. - -11. Click **Install**, and then click **Finish** to exit the Setup Wizard. - - **Caution**   - Do not change settings for the AGPM Service through **Administrative Tools** and **Services** in the operating system. Doing this can prevent the AGPM Service from starting. For information about how to change settings for the service, see Help for Advanced Group Policy Management. - - - -### Step 2: Install AGPM Client - -Each Group Policy administrator—anyone who creates, edits, deploys, reviews, or deletes GPOs—must have AGPM Client installed on computers that they use to manage GPOs. The Change Control node, which you use to perform many of the GPO management tasks, appears in the Group Policy Management Console only if you install the AGPM Client. For this scenario, you install AGPM Client on at least one computer. You do not need to install AGPM Client on the computers of end users who do not perform Group Policy administration. - -**To install AGPM Client on the computer of a Group Policy administrator** - -1. Start the Microsoft Desktop Optimization Pack CD and follow the instructions on screen to select **Advanced Group Policy Management - Client**. - -2. In the **Welcome** dialog box, click **Next**. - -3. In the **Microsoft Software License Terms** dialog box, accept the terms and then click **Next**. - -4. In the **Application Path** dialog box, select a location in which to install AGPM Client. Click **Next**. - -5. In the **AGPM Server** dialog box, type the DNS name or IP address for the AGPM Server and the port to which you want to connect. The default port for the AGPM Service is 4600. Do not clear the **Allow Microsoft Management Console through the firewall** check box unless you manually configure port exceptions or use rules to configure port exceptions. Click **Next**. - -6. In the **Languages** dialog box, select one or more display languages to install for AGPM Client. - -7. Click **Install**, and then click **Finish** to exit the Setup Wizard. - -### Step 3: Configure an AGPM Server connection - -AGPM stores all versions of each controlled Group Policy Object (GPO), that is, each GPO for which AGPM provides change control, in a central archive. This lets Group Policy administrators view and change GPOs offline without immediately affecting the deployed version of each GPO. - -In this step, you configure an AGPM Server connection and ensure that all Group Policy administrators connect to the same AGPM Server. (For information about how to configure multiple AGPM Servers, see Help for Advanced Group Policy Management.) - -**To configure an AGPM Server connection for all Group Policy administrators** - -1. On a computer on which you have installed AGPM Client, log on with the user account that you selected as the Archive Owner. This user has the role of AGPM Administrator (Full Control). - -2. Click **Start**, point to **Administrative Tools**, and then click **Group Policy Management** to open the GPMC. - -3. Edit a GPO that is applied to all Group Policy administrators. - -4. In the **Group Policy Management Editor** window, double-click **User Configuration**, **Policies**, **Administrative Templates**, **Windows Components**, and **AGPM**. - -5. In the details pane, double-click **AGPM: Specify default AGPM Server (all domains)**. - -6. In the **Properties** window, select **Enabled** and type the DNS name or IP address and port (for example, **server.contoso.com:4600**) for the server hosting the archive. By default, the AGPM Service uses port 4600. - -7. Click **OK**, and then close the **Group Policy Management Editor** window. When Group Policy is updated, the AGPM Server connection is configured for each Group Policy administrator. - -### Step 4: Configure e-mail notification - -As an AGPM Administrator (Full Control), you designate the e-mail addresses of Approvers and AGPM Administrators to whom an e-mail message that contains a request is sent when an Editor tries to create, deploy, or delete a GPO. You also determine the alias from which these messages are sent. - -**To configure e-mail notification for AGPM** - -1. In **Group Policy Management Editor** , navigate to the **Change Control** folder - -2. In the details pane, click the **Domain Delegation** tab. - -3. In the **From e-mail address** field, type the e-mail alias for AGPM from which notifications should be sent. - -4. In the **To e-mail address** field, type the e-mail address for the user account to which you intend to assign the Approver role. - -5. In the **SMTP server** field, type a valid SMTP mail server. - -6. In the **User name** and **Password** fields, type the credentials of a user who has access to the SMTP service. Click **Apply**. - -### Step 5: Delegate access - -As an AGPM Administrator (Full Control), you delegate domain-level access to GPOs, assigning roles to the account of each Group Policy administrator. - -**Note**   -You can also delegate access at the GPO level instead of the domain level. For more information, see Help for Advanced Group Policy Management. - - - -**Important**   -You should restrict membership in the Group Policy Creator Owners group so that it cannot be used to circumvent AGPM management of access to GPOs. (In the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you want to manage GPOs, click **Delegation**, and then configure the settings to meet the needs of your organization.) - - - -**To delegate access to all GPOs throughout a domain** - -1. On the **Domain Delegation** tab, click the **Add** button, select the user account of the Group Policy administrator to serve as Approver, and then click **OK**. - -2. In the **Add Group or User** dialog box, select the **Approver** role to assign that role to the account, and then click **OK**. (This role includes the Reviewer role.) - -3. Click the **Add** button, select the user account of the Group Policy administrator to serve as Editor, and then click **OK**. - -4. In the **Add Group or User** dialog box, select the **Editor** role to assign that role to the account, and then click **OK**. (This role includes the Reviewer role.) - -5. Click the **Add** button, select the user account of the Group Policy administrator to serve as Reviewer, and then click **OK**. - -6. In the **Add Group or User** dialog box, select the **Reviewer** role to assign only that role to the account. - -## Steps for managing GPOs - - -You must complete the following steps to create, edit, review, and deploy GPOs by using AGPM. Additionally, you will create a template, delete a GPO, and restore a deleted GPO. - -[Step 1: Create a GPO](#bkmk-manage1) - -[Step 2: Edit a GPO](#bkmk-manage2) - -[Step 3: Review and deploy a GPO](#bkmk-manage3) - -[Step 4: Use a template to create a GPO](#bkmk-manage4) - -[Step 5: Delete and restore a GPO](#bkmk-manage5) - -### Step 1: Create a GPO - -In an environment that has multiple Group Policy administrators, those with the Editor role can request that new GPOs be created. However, that request must be approved by someone with the Approver role. - -In this step, you use an account that has the Editor role to request that a new GPO be created. Using an account that has the Approver role, you approve this request to create the GPO. - -**To request that a new GPO be created and managed through AGPM** - -1. On a computer on which you have installed AGPM Client, log on with a user account that is assigned the Editor role in AGPM. - -2. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -3. Right-click the **Change Control** node, and then click **New Controlled GPO**. - -4. In the **New Controlled GPO** dialog box: - - 1. To receive a copy of the request, type your e-mail address in the **Cc** field. - - 2. Type **MyGPO** as the name for the new GPO. - - 3. Type a comment for the new GPO. - - 4. Click **Create live** so that the new GPO will be deployed to the production environment immediately upon approval. Click **Submit**. - -5. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. The new GPO is displayed on the **Pending** tab. - -**To approve the pending request to create a GPO** - -1. On a computer on which you have installed AGPM Client, log on with a user account that has the role of Approver in AGPM. - -2. Open the e-mail inbox for the account, and notice that you have received an e-mail message from the AGPM alias with the Editor's request to create a GPO. - -3. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -4. On the **Contents** tab, click the **Pending** tab to display the pending GPOs. - -5. Right-click **MyGPO**, and then click **Approve**. - -6. Click **Yes** to confirm approval and move the GPO to the **Controlled** tab. - -### Step 2: Edit a GPO - -You can use GPOs to configure computer or user settings and deploy them to many computers or users. In this step, you use an account that has the Editor role to check out a GPO from the archive, edit the GPO offline, check the edited GPO into the archive, and request deployment of the GPO to the production environment. For this scenario, you configure a setting in the GPO to require that the password be at least eight characters long. - -**To check the GPO out from the archive for editing** - -1. On a computer on which you have installed AGPM Client, log on with a user account that has the role of Editor in AGPM. - -2. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -3. On the **Contents** tab in the details pane, click the **Controlled** tab to display the controlled GPOs. - -4. Right-click **MyGPO**, and then click **Check Out**. - -5. Type a comment to be displayed in the history of the GPO while it is checked out, and then click **OK**. - -6. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. On the **Controlled** tab, the state of the GPO is identified as **Checked Out**. - -**To edit the GPO offline and configure the minimum password length** - -1. On the **Controlled** tab, right-click **MyGPO**, and then click **Edit** to open the **Group Policy Management Editor** window and change an offline copy of the GPO. For this scenario, configure the minimum password length: - - 1. Under **Computer Configuration**, double-click **Policies**, **Windows Settings**, **Security Settings**, **Account Policies**, and **Password Policy**. - - 2. In the details pane, double-click **Minimum password length**. - - 3. In the properties window, select the **Define this policy setting** check box, set the number of characters to **8**, and then click **OK**. - -2. Close the **Group Policy Management Editor** window. - -**To check the GPO into the archive** - -1. On the **Controlled** tab, right-click **MyGPO** and then click **Check In**. - -2. Type a comment, and then click **OK**. - -3. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. On the **Controlled** tab, the state of the GPO is identified as **Checked In**. - -**To request the deployment of the GPO to the production environment** - -1. On the **Controlled** tab, right-click **MyGPO** and then click **Deploy**. - -2. Because this account is not an Approver or AGPM Administrator, you must submit a request for deployment. To receive a copy of the request, type your e-mail address in the **Cc** field. Type a comment to be displayed in the history of the GPO, and then click **Submit**. - -3. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. **MyGPO** is displayed on the list of GPOs on the **Pending** tab. - -### Step 3: Review and deploy a GPO - -In this step, you act as an Approver, creating reports and analyzing the settings and changes to settings in the GPO to determine whether you should approve them. After you evaluate the GPO, you deploy it to the production environment and link the GPO to a domain or an organizational unit (OU). The GPO takes effect when Group Policy is refreshed for computers in that domain or OU. - -**To review settings in the GPO** - -1. On a computer on which you have installed AGPM Client, log on with a user account that is assigned the role of Approver in AGPM. Any Group Policy administrator with the Reviewer role, which is included in all of the other roles, can review the settings in a GPO. - -2. Open the e-mail inbox for the account and notice that you have received an e-mail message from the AGPM alias with an Editor's request to deploy a GPO. - -3. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -4. On the **Contents** tab in the details pane, click the **Pending** tab. - -5. Double-click **MyGPO** to display its history. - -6. Review the settings in the most recent version of MyGPO: - - 1. In the **History** window, right-click the GPO version with the most recent time stamp, click **Settings**, and then click **HTML Report** to display a summary of the GPO's settings. - - 2. In the Web browser, click **show all** to display all the settings in the GPO. Close the browser. - -7. Compare the most recent version of MyGPO to the first version checked in to the archive: - - 1. In the **History** window, click the GPO version with the most recent time stamp. Press CTRL and then click the oldest GPO version for which the **Computer Version** is not **\\***. - - 2. Click the **Differences** button. The **Account Policies/Password Policy** section is highlighted in green and preceded by **\[+\]**. This indicates that the setting is configured only in the latter version of the GPO. - - 3. Click **Account Policies/Password Policy**. The **Minimum password length** setting is also highlighted in green and preceded by **\[+\]**, indicating that it is configured only in the latter version of the GPO. - - 4. Close the Web browser. - -**To deploy the GPO to the production environment** - -1. On the **Pending** tab, right-click **MyGPO** and then click **Approve**. - -2. Type a comment to include in the history of the GPO. - -3. Click **Yes**. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. The GPO is deployed to the production environment. - -**To link the GPO to a domain or organizational unit** - -1. In the GPMC, right-click either the domain or an organizational unit (OU) to which you want to apply the GPO that you configured, and then click **Link an Existing GPO**. - -2. In the **Select GPO** dialog box, click **MyGPO**, and then click **OK**. - -### Step 4: Use a template to create a GPO - -In this step, you use an account that has the Editor role to create and use a template. That template is a static version of a GPO for use as a starting point for creating new GPOs. Although you cannot edit a template, you can create a new GPO based on a template. Templates are useful for quickly creating multiple GPOs that include many of the same policy settings. - -**To create a template based on an existing GPO** - -1. On a computer on which you have installed AGPM Client, log on with a user account that is assigned the role of Editor in AGPM. - -2. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -3. On the **Contents** tab in the details pane, click the **Controlled** tab. - -4. Right-click **MyGPO**, and then click **Save as Template** to create a template incorporating all settings currently in MyGPO. - -5. Type **MyTemplate** as the name for the template and a comment, and then click **OK**. - -6. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. The new template appears on the **Templates** tab. - -**To request that a new GPO be created and managed through AGPM** - -1. Click the **Controlled** tab. - -2. Right-click the **Change Control** node, and then click **New Controlled GPO**. - -3. In the **New Controlled GPO** dialog box: - - 1. To receive a copy of the request, type your e-mail address in the **Cc** field. - - 2. Type **MyOtherGPO** as the name for the new GPO. - - 3. Type a comment for the new GPO. - - 4. Click **Create live** so that the new GPO will be deployed to the production environment immediately upon approval. - - 5. For **From GPO template**, select **MyTemplate**. Click **Submit**. - -4. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. The new GPO is displayed on the **Pending** tab. - -Use an account that is assigned the role of Approver to approve the pending request to create the GPO as you did in [Step 1: Create a GPO](#bkmk-manage1). MyTemplate incorporates all the settings that you configured in MyGPO. Because MyOtherGPO was created using MyTemplate, it at first contains all the settings that MyGPO contained at the time that MyTemplate was created. You can confirm this by generating a difference report to compare MyOtherGPO to MyTemplate. - -**To check the GPO out from the archive for editing** - -1. On a computer on which you have installed AGPM Client, log on with a user account that is assigned the role of Editor in AGPM. - -2. Right-click **MyOtherGPO**, and then click **Check Out**. - -3. Type a comment to be displayed in the history of the GPO while it is checked out, and then click **OK**. - -4. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. On the **Controlled** tab, the state of the GPO is identified as **Checked Out**. - -**To edit the GPO offline and configure the account lockout duration** - -1. On the **Controlled** tab, right-click **MyOtherGPO**, and then click **Edit** to open the **Group Policy Management Editor** window and change an offline copy of the GPO. For this scenario, configure the minimum password length: - - 1. Under **Computer Configuration**, double-click **Policies**, **Windows Settings**, **Security Settings**, **Account Policies**, and **Account Lockout Policy**. - - 2. In the details pane, double-click **Account lockout duration**. - - 3. In the properties window, check **Define this policy setting**, set the duration to **30** minutes, and then click **OK**. - -2. Close the **Group Policy Management Editor** window. - -Check MyOtherGPO into the archive and request deployment as you did for MyGPO in [Step 2: Edit a GPO](#bkmk-manage2). You can compare MyOtherGPO to MyGPO or to MyTemplate by using difference reports. Any account that includes the Reviewer role (AGPM Administrator \[Full Control\], Approver, Editor, or Reviewer) can generate reports. - -**To compare a GPO to another GPO and to a template** - -1. To compare MyGPO and MyOtherGPO: - - 1. On the **Controlled** tab, click **MyGPO**. Press CTRL and then click **MyOtherGPO**. - - 2. Right-click **MyOtherGPO**, point to **Differences**, and then click **HTML Report**. - -2. To compare MyOtherGPO and MyTemplate: - - 1. On the **Controlled** tab, click **MyOtherGPO**. - - 2. Right-click **MyOtherGPO**, point to **Differences**, and then click **Template**. - - 3. Select **MyTemplate** and **HTML Report**, and then click **OK**. - -### Step 5: Delete and restore a GPO - -In this step, you act as an Approver to delete a GPO. - -**To delete a GPO** - -1. On a computer on which you have installed AGPM Client, log on with a user account that is assigned the role of Approver. - -2. In the **Group Policy Management Console** tree, click **Change Control** in the forest and domain in which you want to manage GPOs. - -3. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -4. Right-click **MyGPO**, and then click **Delete**. Click **Delete GPO from archive and production** to delete both the version in the archive and the deployed version of the GPO in the production environment. - -5. Type a comment to be displayed in the audit trail for the GPO, and then click **OK**. - -6. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the **Controlled** tab and is displayed on the **Recycle Bin** tab, where it can be restored or destroyed. - -Occasionally you may discover after you delete a GPO that it is still needed. In this step, you act as an Approver to restore a GPO that was deleted. - -**To restore a deleted GPO** - -1. On the **Contents** tab, click the **Recycle Bin** tab to display deleted GPOs. - -2. Right-click **MyGPO**, and then click **Restore**. - -3. Type a comment to be displayed in the history of the GPO, and then click **OK**. - -4. When the **AGPM Progress** window indicates that overall progress is complete, click **Close**. The GPO is removed from the **Recycle Bin** tab and is displayed on the **Controlled** tab. - - **Note**   - Restoring a GPO to the archive does not automatically redeploy it to the production environment. To return the GPO to the production environment, deploy the GPO as in [Step 3: Review and deploy a GPO](#bkmk-manage3). - - - -After editing and deploying a GPO, you may discover that recent changes to the GPO are causing a problem. In this step, you act as an Approver to roll back to an earlier version of the GPO. You can roll back to any version in the history of the GPO. You can use comments and labels to identify known good versions and when specific changes were made. - -**To roll back to an earlier version of a GPO** - -1. On the **Contents** tab, click the **Controlled** tab to display the controlled GPOs. - -2. Double-click **MyGPO** to display its history. - -3. Right-click the version to be deployed, click **Deploy**, and then click **Yes**. - -4. When the **Progress** window indicates that overall progress is complete, click **Close**. In the **History** window, click **Close**. - - **Note**   - To verify that the version that was redeployed is the version intended, examine a difference report for the two versions. In the **History** window for the GPO, select the two versions, right-click them, point to **Difference**, and then click either **HTML Report** or **XML Report**. - - - - - - - - - - - diff --git a/mdop/agpm/technical-overview-of-agpm.md b/mdop/agpm/technical-overview-of-agpm.md deleted file mode 100644 index 3ea90686e5..0000000000 --- a/mdop/agpm/technical-overview-of-agpm.md +++ /dev/null @@ -1,284 +0,0 @@ ---- -title: Technical Overview of AGPM -description: Technical Overview of AGPM -author: dansimp -ms.assetid: 36bc0ab5-f752-474c-8559-721ea95169c2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Technical Overview of AGPM - - -Microsoft Advanced Group Policy Management (AGPM) is a client/server application. The AGPM Server stores Group Policy Objects (GPOs) offline in the archive that AGPM creates on the server's file system. Group Policy administrators use the AGPM snap-in for the Group Policy Management Console (GPMC) to work with GPOs on the server that hosts the archive. Understanding the parts of AGPM and related items, how they store GPOs in the file system, and how permissions control the actions available to each user role can improve Group Policy administrators' effectiveness with AGPM. - -## Terminology - - -The following explains the basic AGPM terms. - -- **AGPM Client:** A computer that runs the AGPM snap-in for the Group Policy Management Console (GPMC) and from which Group Policy administrators manage GPOs. - -- **AGPM snap-in:** The software component of AGPM installed on AGPM Clients so that they can manage GPOs. - -- **AGPM Server:** A server that runs the AGPM Service and manages an archive. Each AGPM Server can manage only one archive, but one AGPM Server can manage archive data for multiple domains in one archive. An archive can be hosted on a computer other than an AGPM Server. - -- **AGPM Service:** The software component of AGPM that runs on an AGPM Server as a service. The service manages GPOs in the archive and in the production environment in that forest. - -- **Archive:** In AGPM, a central store that contains the controlled GPOs that the associated AGPM Server manages, in addition to the history for each of those GPOs. This includes all previous controlled versions of each GPO. An archive consists of an archive index file and associated archive data that may include data for GPOs in multiple domains. An archive can be hosted on a computer other than an AGPM Server. - -- **Controlled GPO:** A GPO that is being managed by AGPM. AGPM manages the history and permissions of controlled GPOs, which it stores in the archive. - -- **Uncontrolled GPO:** A GPO in the production environment for a domain and not managed by AGPM. - -## What AGPM installs, creates, and affects - - -On an AGPM Server, the AGPM Setup program installs the AGPM Service. AGPM does not alter the Active Directory® directory service or the schema. By default, the AGPM Server program files are installed in %ProgramFiles%\\Microsoft\\AGPM\\Server. You can install the AGPM Service on a domain controller if you have to; however, we recommend that you install the AGPM Service on a member server. - -On an AGPM Client, the AGPM Setup program installs the AGPM snap-in, adding a **Change Control** folder to each domain that appears in the GPMC. By default, the AGPM Client program files are installed in %ProgramFiles%\\Microsoft\\AGPM\\Client. - -Table 1 describes both the items that AGPM installs or creates and the parts of the operating system that affect AGPM operation. - -**Table 1: Items installed, created, or affected by AGPM** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ItemDescription

AGPM Service

The AGPM Service runs on the AGPM Server. The service manages the archive, which contains offline GPOs, and controlled GPOs in the production environment. The default configuration of the AGPM Service is as follows:

-
    -

  • Service name: AGPM Service

    • -

  • Display name: AGPM Service

    • -

  • Path to executable: %ProgramFiles%\Microsoft\AGPM\Server\Agpm.exe

    • -

  • Startup: Automatic

    • -

  • Log on as: AGPM Service Account specified during installation of AGPM Server, which can be changed using Programs and Features in the Control Panel.

    • -

AGPM archive

By default, AGPM creates the archive in %ProgramData%\Microsoft\AGPM on the AGPM Server. The archive provides storage for offline GPOs, and it can store multiple versions of each GPO. Changes that AGPM makes to GPOs in the archive do not affect the production environment until an AGPM Administrator or Approver deploys the GPO to the production environment and links the GPO to an organizational unit (OU).

Windows Firewall

During installation, AGPM enables an inbound Windows Firewall rule that allows the AGPM Client to communicate with the AGPM Server. The default Windows Firewall rule is the following:

-
    -

  • Name: AGPM Service

    • -

  • Action: Allow the connection

    • -

  • Programs: All programs that meet the specified conditions

    • -

  • Protocol type: TCP

    • -

  • Local port: 4600

    • -

  • Remote port: All ports

    • -

  • Local IP address: Any

    • -

  • Remote IP address: Any

    • -

E-mail server

AGPM uses Simple Mail Transfer Protocol (SMTP) to send e-mail requests to the addresses configured on the Domain Delegation tab. For example, when an Editor requests that a new GPO be created, AGPM notifies each e-mail address specified on the Domain Delegation tab.

AGPM snap-in

The AGPM snap-in for the GPMC runs on AGPM Clients and is used by Group Policy administrators to manage GPOs. The snap-in appears in the GPMC as a Change Control folder in each domain.

- - - -### Additional references - -For more information about the files installed by AGPM, see the [Planning Guide for AGPM](https://go.microsoft.com/fwlink/?LinkId=160060). - -## Archive - - -By default, the AGPM Server installation process creates the archive on the local hard disk of the AGPM Server at %ProgramData%\\Microsoft\\AGPM. However, you can change the path during installation and even create the archive on a server other than the AGPM Server. - -The archive contains a subfolder for each version of each GPO the archive contains. The name of each subfolder is a GUID that identifies a version of the GPO. - -The gpostate.xml file records the state of each GPO in the archive. The file is a manifest that describes the contents of the archive. For example, a GPO can have many versions, and each version is in its own subfolder in the archive. The gpostate.xml file indicates which subfolders contain different versions of a single GPO. Additionally, GPO templates have subfolders in the archive, but gpostate.xml indicates that these are templates and not controlled GPOs. Similarly, when Group Policy administrators delete GPOs, AGPM changes their states in gpostate.xml to indicate that they are in the **Recycle Bin** but does not actually remove the GPOs' subfolders from the archive. - -**Caution**   -Do not manually edit gpostate.xml or the GPOs the archive contains. This information is provided only to enhance understanding of the AGPM archive. Instead, use the AGPM snap-in to change GPOs. - - - -When AGPM creates the archive, it gives Full Control to SYSTEM, Administrators, and the AGPM Service Account (specified in the setup of AGPM Server). Changing permissions by using the AGPM user interface on the AGPM snap-in does not alter permissions on the archive, because the AGPM Service Account performs all operations on behalf of the logged-on user. - -### Additional references - -For information about how to back up the archive, restore the archive from a backup, or move both the AGPM Server and the archive, see the "Performing AGPM Administrator Tasks" section in the [Operations Guide for AGPM](https://go.microsoft.com/fwlink/?LinkId=160061). - -## Roles and permissions - - -Roles simplify delegation. Instead of assigning detailed permissions to Group Policy administrators, AGPM Administrators can assign one of four roles to Group Policy administrators to let them perform work related to that role: - -- **AGPM Administrator:** Group Policy administrators assigned the AGPM Administrator (Full Control) role can perform any task in AGPM. AGPM Administrators can configure domain-wide options and delegate permissions to other Group Policy administrators. - -- **Approver:** Group Policy administrators assigned the Approver role can deploy GPOs to the production environment for a domain. Approvers can also create and delete GPOs and approve or reject requests from Editors. Approvers can view the list of GPOs in a domain, view the policy settings in GPOs, and create and view reports of the policy settings in a GPO. They cannot edit the policy settings in GPOs unless they are also assigned the Editor role. - -- **Editor:** Group Policy administrators assigned the Editor role can view the list of GPOs in a domain, view the policy settings in GPOs, edit the policy settings in GPOs, and create and view reports of the policy settings in a GPO. Unless they are also assigned the Approver role, Editors cannot create, deploy, or delete GPOs. However, they can request that GPOs be created, deployed, or deleted. - -- **Reviewer:** Group Policy administrators assigned the Reviewer role can view the list of GPOs in a domain and create and view reports of the policy settings in a GPO. Unless they are also assigned the Editor role, they cannot edit policy settings in a GPO. - -AGPM gives AGPM Administrators the flexibility to configure permissions at a more detailed level than roles by using the AGPM snap-in. Table 2 describes these permissions and indicates the permissions granted to each role by default. - - -------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PermissionDescriptionAGPM AdministratorApproverEditorReviewer

Full Control

Have all permissions.

Yes

Create GPO

Create GPOs in a domain.

Yes

Yes

List Contents

List the GPOs in a domain.

Yes

Yes

Yes

Yes

Read Settings

Read the policy settings within a GPO.

Yes

Yes

Yes

Yes

Edit Settings

Change the policy settings in a GPO.

Yes

Yes

Delete GPO

Delete a GPO.

Yes

Yes

Modify Security

Delegate domain-level access, delegate access to a single GPO, and delegate access to the production environment.

Yes

Deploy GPO

Deploy a GPO from the archive to the production environment.

Yes

Yes

Create Template

Create a GPO template in AGPM.

Yes

Yes

Modify Options

Configure AGPM e-mail notification and limit the GPO versions stored in the archive.

Yes

Export GPO

Export a GPO to a file.

Yes

Yes

Import GPO

Import a GPO from a file.

Yes

Yes

- - - -**Note**   -**Export GPO** and **Import GPO** permissions are not available in AGPM 3.0 or 2.5. - -The ability to delegate access to GPOs in the production environment for a domain and the ability to limit the number of GPO versions stored are not available in AGPM 2.5. - - - -### Additional references - -For information about what tasks can be performed by Group Policy administrators assigned a particular role or about which permissions are required to perform a specific task, see the [Operations Guide for AGPM](https://go.microsoft.com/fwlink/?LinkId=160061). - - - - - - - - - diff --git a/mdop/agpm/template-commands-agpm30ops.md b/mdop/agpm/template-commands-agpm30ops.md deleted file mode 100644 index cd6beac689..0000000000 --- a/mdop/agpm/template-commands-agpm30ops.md +++ /dev/null @@ -1,164 +0,0 @@ ---- -title: Template Commands -description: Template Commands -author: dansimp -ms.assetid: 2ec11b3f-0c5c-4788-97bd-bd4bf64ba51a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Template Commands - - -The **Templates** tab: - -- Displays a list of available templates that you can use to create new Group Policy Objects (GPOs). - -- Provides a shortcut menu with commands for creating a GPO based on a selected template, managing templates, and displaying reports for templates. - -- Displays a list of the groups and users who have permission to access a selected template. - -Because a template cannot be altered, templates have no history. However, like any GPO version, the settings of a template can be displayed with a settings report or compared to another GPO with a difference report. - -**Note**   -A template is an uneditable, static version of a GPO for use as a starting point for creating new, editable GPOs. - - - -Right-clicking the **Group Policy Objects** list on this tab displays a shortcut menu, including whichever of the following options are applicable. - -## Control - - - ---- - - - - - - - - - - - - -
CommandEffect

New Controlled GPO

Create a new GPO based on the selected template. The option to deploy the new GPO to the production environment is provided. If you do not have permission to create a GPO, you will be prompted to submit a request. (This option is displayed if no GPO is selected when right-clicking in the Group Policy Objects list.)

- - - -## Reports - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Settings

Generate an HTML-based or XML-based report displaying the settings within the selected GPO.

Differences

Generate an HTML-based or XML-based report comparing the settings within two selected GPO templates.

- - - -## Template management - - - ---- - - - - - - - - - - - - - - - - - - - - -
CommandEffect

Set as Default

Set the selected template as the default to be used automatically when creating a new GPO.

Delete

Move the selected template to the Recycle Bin. If you do not have permission to delete a GPO, you will be prompted to submit a request.

Rename

Change the name of the selected template.

- - - -## Miscellaneous - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Refresh

Update the display of the Group Policy Management Console to incorporate any changes. Some changes are not visible until the display is refreshed.

Help

Display help for Advanced Group Policy Management (AGPM).

- - - -### Additional references - -- [Contents Tab](contents-tab-agpm30ops.md) - -- [Performing Editor Tasks](performing-editor-tasks-agpm30ops.md) - -- [Performing Reviewer Tasks](performing-reviewer-tasks-agpm30ops.md) - - - - - - - - - diff --git a/mdop/agpm/template-commands-agpm40.md b/mdop/agpm/template-commands-agpm40.md deleted file mode 100644 index ad999f7a40..0000000000 --- a/mdop/agpm/template-commands-agpm40.md +++ /dev/null @@ -1,164 +0,0 @@ ---- -title: Template Commands -description: Template Commands -author: dansimp -ms.assetid: 243a9b18-bf3f-44fa-94d7-5c793f7322da -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Template Commands - - -The **Templates** tab: - -- Displays a list of available templates that you can use to create new Group Policy Objects (GPOs). - -- Provides a shortcut menu with commands for creating a GPO based on a selected template, managing templates, and displaying reports for templates. - -- Displays a list of the groups and users who have permission to access a selected template. - -Because a template cannot be altered, templates have no history. However, like any GPO version, the settings of a template can be displayed with a settings report or compared to another GPO with a difference report. - -**Note**   -A template is an uneditable, static version of a GPO for use as a starting point for creating new, editable GPOs. - - - -Right-clicking the **Group Policy Objects** list on this tab displays a shortcut menu, including whichever of the following options are applicable. - -## Control - - - ---- - - - - - - - - - - - - -
CommandEffect

New Controlled GPO

Create a new GPO based on the selected template. The option to deploy the new GPO to the production environment of the domain is provided. If you do not have permission to create a GPO, you will be prompted to submit a request. (This option is displayed if no GPO is selected when right-clicking in the Group Policy Objects list.)

- - - -## Reports - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Settings

Generate an HTML-based or XML-based report displaying the settings within the selected GPO.

Differences

Generate an HTML-based or XML-based report comparing the settings within two selected GPO templates.

- - - -## Template management - - - ---- - - - - - - - - - - - - - - - - - - - - -
CommandEffect

Set as Default

Set the selected template as the default to be used automatically when creating a new GPO.

Delete

Move the selected template to the Recycle Bin. If you do not have permission to delete a GPO, you will be prompted to submit a request.

Rename

Change the name of the selected template.

- - - -## Miscellaneous - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Refresh

Update the display of the Group Policy Management Console to incorporate any changes. Some changes are not visible until the display is refreshed.

Help

Display help for Advanced Group Policy Management (AGPM).

- - - -### Additional references - -- [Contents Tab](contents-tab-agpm40.md) - -- [Performing Editor Tasks](performing-editor-tasks-agpm40.md) - -- [Performing Reviewer Tasks](performing-reviewer-tasks-agpm40.md) - - - - - - - - - diff --git a/mdop/agpm/templates-tab.md b/mdop/agpm/templates-tab.md deleted file mode 100644 index 75b67d4b89..0000000000 --- a/mdop/agpm/templates-tab.md +++ /dev/null @@ -1,164 +0,0 @@ ---- -title: Templates Tab -description: Templates Tab -author: dansimp -ms.assetid: 5676e9f9-eb52-49e1-a55d-15c1059af368 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Templates Tab - - -The **Templates** tab: - -- Displays a list of available templates that you can use to create new Group Policy objects (GPOs). - -- Provides a shortcut menu with commands for creating a GPO based on a selected template, managing templates, and displaying reports for templates. - -- Displays a list of the groups and users who have permission to access a selected template. - -Because a template cannot be altered, templates have no history. However, like any GPO version, the settings of a template can be displayed with a settings report or compared to another GPO with a difference report. - -**Note**   -A template is an uneditable, static version of a GPO for use as a starting point for creating new, editable GPOs. - - - -Right-clicking the **Group Policy Objects** list on this tab displays a shortcut menu, including whichever of the following options are applicable. - -## Control - - - ---- - - - - - - - - - - - - -
CommandEffect

New Controlled GPO

Create a new GPO based on the selected template. The option to deploy the new GPO to the production environment is provided. If you do not have permission to create a GPO, you will be prompted to submit a request. (This option is displayed if no GPO is selected when right-clicking in the Group Policy Objects list.)

- - - -## Reports - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Settings

Generate an HTML-based or XML-based report displaying the settings within the selected GPO.

Differences

Generate an HTML-based or XML-based report comparing the settings within two selected GPO templates.

- - - -## Template management - - - ---- - - - - - - - - - - - - - - - - - - - - -
CommandEffect

Set as Default

Set the selected template as the default to be used automatically when creating a new GPO.

Delete

Move the selected template to the Recycle Bin. If you do not have permission to delete a GPO, you will be prompted to submit a request.

Rename

Change the name of the selected template.

- - - -## Miscellaneous - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Refresh

Update the display of the Group Policy Management Console to incorporate any changes. Some changes are not visible until the display is refreshed.

Help

Display help for Advanced Group Policy Management (AGPM).

- - - -### Additional references - -- [Contents Tab](contents-tab.md) - -- [Performing Editor Tasks](performing-editor-tasks.md) - -- [Performing Reviewer Tasks](performing-reviewer-tasks.md) - - - - - - - - - diff --git a/mdop/agpm/test-a-gpo-in-a-separate-organizational-unit-agpm40.md b/mdop/agpm/test-a-gpo-in-a-separate-organizational-unit-agpm40.md deleted file mode 100644 index e3ebc0c30b..0000000000 --- a/mdop/agpm/test-a-gpo-in-a-separate-organizational-unit-agpm40.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: Test a GPO in a Separate Organizational Unit -description: Test a GPO in a Separate Organizational Unit -author: dansimp -ms.assetid: 9a9e6d22-74e6-41d8-ac2f-12a1b76ad5a0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Test a GPO in a Separate Organizational Unit - - -If you use a testing organizational unit (OU) to test Group Policy Objects (GPOs) within the same domain before deployment to the production environment, you must have the necessary permissions to access the test OU. Using a test OU is optional. - -**To use a test OU** - -1. Although you have the GPO checked out for editing, in the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you are managing GPOs. - -2. Click the checked out copy of the GPO to be tested. The name will be preceded by **\[AGPM\]**. (If it is not listed, click **Action**, then **Refresh**. Sort the names alphabetically, and **\[AGPM\]** GPOs will typically appear at the top of the list.) - -3. Drag the GPO to the test OU. - -4. Click **OK** in the dialog box that asks whether to create a link to the GPO in the test OU. - -### Additional considerations - -- When testing is complete, checking in the GPO automatically deletes the link to the checked-out copy of the GPO. - -### Additional references - -- [Using a Test Environment](using-a-test-environment.md) - -  - -  - - - - - diff --git a/mdop/agpm/troubleshooting-advanced-group-policy-management-agpm30ops.md b/mdop/agpm/troubleshooting-advanced-group-policy-management-agpm30ops.md deleted file mode 100644 index 9b374f5a81..0000000000 --- a/mdop/agpm/troubleshooting-advanced-group-policy-management-agpm30ops.md +++ /dev/null @@ -1,151 +0,0 @@ ---- -title: Troubleshooting Advanced Group Policy Management -description: Troubleshooting Advanced Group Policy Management -author: dansimp -ms.assetid: f7ece97c-e9f8-4b18-8c7a-a615c98d5c60 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Troubleshooting Advanced Group Policy Management - - -This section lists common issues that you may encounter when you use Advanced Group Policy Management (AGPM) to manage Group Policy Objects (GPOs). To diagnose issues not listed here, it may be helpful for an AGPM Administrator (Full Control) to use logging and tracing. For more information, see [Configure Logging and Tracing](configure-logging-and-tracing-agpm30ops.md). - -**Note**   -- For information about rolling back to an earlier version of a GPO if there are problems, see [Roll Back to a Previous Version of a GPO](roll-back-to-a-previous-version-of-a-gpo-agpm30ops.md). - -- For information about how to recover from a disaster by restoring the complete archive from a backup, see [Restore the Archive from a Backup](restore-the-archive-from-a-backup.md). - -  - -## What problems are you having? - - -- [I am unable to access an archive](#bkmk-access-an-archive) - -- [The GPO state varies for different Group Policy administrators](#bkmk-state-varies) - -- [I am unable to modify the AGPM Server connection](#bkmk-modify-archive-location) - -- [I am unable to change the default template or view, create, edit, rename, deploy, or delete GPOs](#bkmk-perform-task) - -- [I am unable to use a particular GPO name](#bkmk-use-particular-name) - -- [I am not receiving AGPM e-mail notifications](#bkmk-email) - -- [I cannot use port 4600 for the AGPM Service](#bkmk-port) - -- [The AGPM Service will not start](#bkmk-not-start) - -- [Group Policy Software Installation fails to install software](#bkmk-software-installation) - -- [An error occurred when I restored the archive to a new AGPM Server](#bkmk-error-on-restore) - -### I am unable to access an archive - -- **Cause**: You have not selected the correct server and port for the archive. - -- **Solution**: - - - If you are an AGPM Administrator: See [Configure AGPM Server Connections](configure-agpm-server-connections-agpm30ops.md). - - - If you are not an AGPM Administrator: Request connection details for the AGPM Server from an AGPM Administrator. See [Configure an AGPM Server Connection](configure-an-agpm-server-connection-reviewer-agpm30ops.md). - -- **Cause**: The AGPM Service is not running. - -- **Solution**: - - - If you are an AGPM Administrator: Start the AGPM Service. For more information, see [Start and Stop the AGPM Service](start-and-stop-the-agpm-service-agpm30ops.md). - - - If you are not an AGPM Administrator: Contact an AGPM Administrator for assistance. - -### The GPO state varies for different Group Policy administrators - -- **Cause**: Different Group Policy administrators have selected different AGPM Servers for the same archive. - -- **Solution**: - - - If you are an AGPM Administrator: See [Configure AGPM Server Connections](configure-agpm-server-connections-agpm30ops.md). - - - If you are not an AGPM Administrator: Request connection details for the AGPM Server from an AGPM Administrator. See [Configure an AGPM Server Connection](configure-an-agpm-server-connection-reviewer-agpm30ops.md). - -### I am unable to modify the AGPM Server connection - -- **Cause**: If the settings on the **AGPM Server** tab are unavailable, the AGPM Server has been centrally configured using an Administrative template. - -- **Solution**: - - - If you are an AGPM Administrator: If the settings on the **AGPM Server** tab are unavailable, see [Configure AGPM Server Connections](configure-agpm-server-connections-agpm30ops.md). - - - If you are not an AGPM Administrator: If the settings on the **AGPM Server** tab are unavailable, you do not need to modify the AGPM Server. - -### I am unable to change the default template or view, create, edit, rename, deploy, or delete GPOs - -- **Cause**: You have not been assigned a role with the permissions required to perform the task or tasks. - -- **Solution**: - - - If you are an AGPM Administrator: See [Delegate Domain-Level Access to the Archive](delegate-domain-level-access-to-the-archive-agpm30ops.md) and [Delegate Access to an Individual GPO in the Archive](delegate-access-to-an-individual-gpo-in-the-archive-agpm30ops.md). AGPM permissions will cascade from the domain to all GPOs currently in the archive. For details about which roles can perform a task and which permissions are necessary to perform a task, refer to the help for that task. - - - If you are not an AGPM Administrator and you require additional roles or permissions: Contact an AGPM Administrator for assistance. Be aware that if you are an Editor, you can begin the process of creating a GPO, deploying a GPO, or deleting a GPO from the production environment, but an Approver or AGPM Administrator must approve your request. - -### I am unable to use a particular GPO name - -- **Cause**: Either the GPO name is already in use or you lack permission to list the GPO. - -- **Solution**: - - - If the GPO name appears on the **Controlled**, **Uncontrolled**, or **Pending** tab, choose another name. If a GPO that was deployed is renamed but not yet redeployed, it will be displayed under its old name in the production environment. Therefore, the old name is still being used. Redeploy the GPO to update its name in the production environment and release that name for use by another GPO. - - - If the GPO name does not appear on the **Controlled**, **Uncontrolled**, or **Pending** tab, you may lack permission to list the GPO. To request permission, contact an AGPM Administrator. - -### I am not receiving AGPM e-mail notifications - -- **Cause**: A valid SMTP e-mail server and e-mail address has not been provided, or no action has been taken that generates an e-mail notification. - -- **Solution**: - - - If you are an AGPM Administrator: For e-mail notifications about pending actions to be sent by AGPM, an AGPM Administrator must provide a valid SMTP e-mail server and e-mail addresses for Approvers on the **Domain Delegation** tab. For more information, see [Configure E-Mail Notification](configure-e-mail-notification-agpm30ops.md). - - - E-mail notifications are generated only when an Editor, Reviewer, or other Group Policy administrator who lacks the permission necessary to create, deploy, or delete a GPO submits a request for one of those actions to occur. There is no automatic notification of approval or rejection of a request. - -### I cannot use port 4600 for the AGPM Service - -- **Cause**: By default, the port on which the AGPM Service listens is port 4600. - -- **Solution**: If port 4600 is not available for the AGPM Service, modify the port configuration on the AGPM Server to use another port and then update the port in the AGPM Server connection for AGPM Clients. For more information, see [Modify the AGPM Service](modify-the-agpm-service-agpm30ops.md). - -### The AGPM Service will not start - -- **Cause**: You have modified settings for the AGPM Service in the operating system under **Administrative Tools** and **Services**. - -- **Solution**: Modify the settings for **Microsoft Advanced Group Policy Management - Server** under **Programs and Features** in Control Panel. For more information, see [Modify the AGPM Service](modify-the-agpm-service-agpm30ops.md). - -### Group Policy Software Installation fails to install software - -- **Cause**: AGPM preserves the integrity of Group Policy Software Installation packages. Although GPOs are edited offline, links between packages in addition to cached client information are preserved. This is by design. - -- **Solution**: When you edit a GPO offline with AGPM, configure any Group Policy Software Installation upgrade of a package in another GPO to reference the deployed GPO, not the checked-out copy. The Editor must have **Read** permission for the deployed GPO. - -### An error occurred when I restored the archive to a new AGPM Server - -- **Cause**: For security reasons, the encryption protecting the password entered on the **Domain Delegation** tab causes the password to fail if the archive is moved to another computer. - -- **Solution**: Re-enter and confirm the password on the **Domain Delegation** tab. For more information, see [Configure E-Mail Notification](configure-e-mail-notification-agpm30ops.md). - -  - -  - - - - - diff --git a/mdop/agpm/troubleshooting-advanced-group-policy-management.md b/mdop/agpm/troubleshooting-advanced-group-policy-management.md deleted file mode 100644 index 4284e54ffd..0000000000 --- a/mdop/agpm/troubleshooting-advanced-group-policy-management.md +++ /dev/null @@ -1,136 +0,0 @@ ---- -title: Troubleshooting Advanced Group Policy Management -description: Troubleshooting Advanced Group Policy Management -author: dansimp -ms.assetid: f58849cf-6c5b-44d8-b356-0ed7a5b24cee -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Troubleshooting Advanced Group Policy Management - - -This section lists a few common issues you may encounter when using Advanced Group Policy Management (AGPM) to manage Group Policy objects (GPOs). - -## What problems are you having? - - -- [I am unable to access an archive](#bkmk-access-an-archive) - -- [The GPO state varies for different Group Policy administrators](#bkmk-state-varies) - -- [I am unable to modify the AGPM Server connection](#bkmk-modify-archive-location) - -- [I am unable to change the default template or view, create, edit, rename, deploy, or delete GPOs](#bkmk-perform-task) - -- [I am unable to use a particular GPO name](#bkmk-use-particular-name) - -- [I am not receiving AGPM e-mail notifications](#bkmk-email) - -- [I cannot use port 4600 for the AGPM Service](#bkmk-port) - -- [The AGPM Service will not start](#bkmk-not-start) - -- [Group Policy Software Installation fails to install software](#bkmk-software-installation) - -### I am unable to access an archive - -- **Cause**: You have not selected the correct server and port for the archive. - -- **Solution**: - - - If you are an AGPM Administrator: See [Configure the AGPM Server Connection](configure-the-agpm-server-connection.md). - - - If you are not an AGPM Administrator: Request connection details for the AGPM Server from an AGPM Administrator. See [Configure the AGPM Server Connection](configure-the-agpm-server-connection-reviewer.md). - -- **Cause**: The Advanced Group Policy Management Service is not running. - -- **Solution**: - - - If you are an AGPM Administrator: Start the AGPM Service. For more information, see [Start and Stop the AGPM Service](start-and-stop-the-agpm-service.md). - - - If you are not an AGPM Administrator: Contact an AGPM Administrator for assistance. - -### The GPO state varies for different Group Policy administrators - -- **Cause**: Different Group Policy administrators have selected different AGPM Servers for the same archive. - -- **Solution**: - - - If you are an AGPM Administrator: See [Configure the AGPM Server Connection](configure-the-agpm-server-connection.md). - - - If you are not an AGPM Administrator: Request connection details for the AGPM Server from an AGPM Administrator. See [Configure the AGPM Server Connection](configure-the-agpm-server-connection-reviewer.md). - -### I am unable to modify the AGPM Server connection - -- **Cause**: If the settings on the **AGPM Server** tab are unavailable, the AGPM Server has been centrally configured using an Administrative template. - -- **Solution**: - - - If you are an AGPM Administrator: If the settings on the **AGPM Server** tab are unavailable, see [Configure the AGPM Server Connection](configure-the-agpm-server-connection.md). - - - If you are not an AGPM Administrator: If the settings on the **AGPM Server** tab are unavailable, you do not need to modify the AGPM Server. - -### I am unable to change the default template or view, create, edit, rename, deploy, or delete GPOs - -- **Cause**: You have not been assigned a role with the permissions required to perform the task or tasks. - -- **Solution**: - - - If you are an AGPM Administrator: See [Delegate Domain-Level Access](delegate-domain-level-access.md) and [Delegate Access to an Individual GPO](delegate-access-to-an-individual-gpo.md). AGPM permissions will cascade from the domain to all GPOs currently in the archive. As new Group Policy administrators are added at the domain level, their permissions must be set to apply to **This object and nested objects**. For details about which roles can perform a task and what permissions are necessary to perform a task, refer to the help for that task. - - - If you are not an AGPM Administrator and you require additional roles or permissions: Contact an AGPM Administrator for assistance. Note that if you are an Editor, you can begin the process of creating a GPO, deploying a GPO, or deleting a GPO from the production environment, but an Approver or AGPM Administrator must approve your request. - -### I am unable to use a particular GPO name - -- **Cause**: Either the GPO name is already in use or you lack permission to list the GPO. - -- **Solution**: - - - If the GPO name appears on the **Controlled**, **Uncontrolled**, or **Pending** tab, choose another name. If a GPO that has been deployed is renamed but not yet redeployed, it will be displayed under its old name in the production environment—therefore, the old name is still in use. Redeploy the GPO to update its name in the production environment and release that name for use by another GPO. - - - If the GPO name does not appear on the **Controlled**, **Uncontrolled**, or **Pending** tab, you may lack permission to list the GPO. To request permission, contact an AGPM Administrator. - -### I am not receiving AGPM e-mail notifications - -- **Cause**: A valid SMTP e-mail server and e-mail address has not been provided, or no action has been taken that generates an e-mail notification. - -- **Solution**: - - - If you are an AGPM Administrator: For e-mail notifications about pending actions to be sent by AGPM, an AGPM Administrator must provide a valid SMTP e-mail server and e-mail addresses for Approvers on the **Domain Delegation** tab. For more information, see [Configure E-Mail Notification](configure-e-mail-notification.md). - - - E-mail notifications are generated only when an Editor, Reviewer, or other Group Policy administrator who lacks the permission necessary to create, deploy, or delete a GPO submits a request for one of those actions to occur. There is no automatic notification of approval or rejection of a request. - -### I cannot use port 4600 for the AGPM Service - -- **Cause**: By default, the port on which the AGPM Service listens is port 4600. - -- **Solution**: If port 4600 is not available for the AGPM Service, modify each archive index file to use another port and then update the AGPM Server for all Group Policy administrators. For more information, see [Modify the Port on Which the AGPM Service Listens](modify-the-port-on-which-the-agpm-service-listens.md). - -### The AGPM Service will not start - -- **Cause**: You have modified settings for the AGPM Service in the operating system under **Administrative Tools** and **Services**. - -- **Solution**: Modify the settings for **Microsoft Advanced Group Policy Management - Server** under **Add or Remove Programs**. For more information, see [Modify the AGPM Service Account](modify-the-agpm-service-account.md). - -### Group Policy Software Installation fails to install software - -- **Cause**: AGPM preserves the integrity of Group Policy Software Installation packages. Although GPOs are edited offline, links between packages as well as cached client information are preserved. This is by design. - -- **Solution**: When editing a GPO offline with AGPM, configure any Group Policy Software Installation upgrade of a package in another GPO to reference the deployed GPO, not the checked-out copy. The Editor must have **Read** permission for the deployed GPO. - -  - -  - - - - - diff --git a/mdop/agpm/troubleshooting-agpm-agpm40.md b/mdop/agpm/troubleshooting-agpm-agpm40.md deleted file mode 100644 index 27451ca6e3..0000000000 --- a/mdop/agpm/troubleshooting-agpm-agpm40.md +++ /dev/null @@ -1,151 +0,0 @@ ---- -title: Troubleshooting AGPM -description: Troubleshooting AGPM -author: dansimp -ms.assetid: bedcd817-beb2-47bf-aebd-e3923c4fd06f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Troubleshooting AGPM - - -This section lists common issues that you may encounter when you use Advanced Group Policy Management (AGPM) to manage Group Policy Objects (GPOs). To diagnose issues not listed here, it may be helpful for an AGPM Administrator (Full Control) to use logging and tracing. For more information, see [Configure Logging and Tracing](configure-logging-and-tracing-agpm40.md). - -**Note**   -- For information about rolling back to an earlier version of a GPO if there are problems, see [Roll Back to an Earlier Version of a GPO](roll-back-to-an-earlier-version-of-a-gpo-agpm40.md). - -- For information about how to recover from a disaster by restoring the complete archive from a backup, see [Restore the Archive from a Backup](restore-the-archive-from-a-backup-agpm40.md). - -  - -## What problems are you having? - - -- [I am unable to access an archive](#bkmk-access-an-archive) - -- [The GPO state varies for different Group Policy administrators](#bkmk-state-varies) - -- [I am unable to modify the AGPM Server connection](#bkmk-modify-archive-location) - -- [I am unable to change the default template or view, create, edit, rename, deploy, or delete GPOs](#bkmk-perform-task) - -- [I am unable to use a particular GPO name](#bkmk-use-particular-name) - -- [I am not receiving AGPM e-mail notifications](#bkmk-email) - -- [I cannot use port 4600 for the AGPM Service](#bkmk-port) - -- [The AGPM Service will not start](#bkmk-not-start) - -- [Group Policy Software Installation fails to install software](#bkmk-software-installation) - -- [An error occurred when I restored the archive to a new AGPM Server](#bkmk-error-on-restore) - -### I am unable to access an archive - -- **Cause**: You have not selected the correct server and port for the archive. - -- **Solution**: - - - If you are an AGPM Administrator: See [Configure AGPM Server Connections](configure-agpm-server-connections-agpm40.md). - - - If you are not an AGPM Administrator: Request connection details for the AGPM Server from an AGPM Administrator. See [Configure an AGPM Server Connection](configure-an-agpm-server-connection-agpm40.md). - -- **Cause**: The AGPM Service is not running. - -- **Solution**: - - - If you are an AGPM Administrator: Start the AGPM Service. For more information, see [Start and Stop the AGPM Service](start-and-stop-the-agpm-service-agpm40.md). - - - If you are not an AGPM Administrator: Contact an AGPM Administrator for assistance. - -### The GPO state varies for different Group Policy administrators - -- **Cause**: Different Group Policy administrators have selected different AGPM Servers for the same archive. - -- **Solution**: - - - If you are an AGPM Administrator: See [Configure AGPM Server Connections](configure-agpm-server-connections-agpm40.md). - - - If you are not an AGPM Administrator: Request connection details for the AGPM Server from an AGPM Administrator. See [Configure an AGPM Server Connection](configure-an-agpm-server-connection-agpm40.md). - -### I am unable to modify the AGPM Server connection - -- **Cause**: If the settings on the **AGPM Server** tab are unavailable, the AGPM Server has been centrally configured using an Administrative template. - -- **Solution**: - - - If you are an AGPM Administrator: If the settings on the **AGPM Server** tab are unavailable, see [Configure AGPM Server Connections](configure-agpm-server-connections-agpm40.md). - - - If you are not an AGPM Administrator: If the settings on the **AGPM Server** tab are unavailable, you do not need to modify the AGPM Server. - -### I am unable to change the default template or view, create, edit, rename, deploy, or delete GPOs - -- **Cause**: You have not been assigned a role with the permissions required to perform the task or tasks. - -- **Solution**: - - - If you are an AGPM Administrator: See [Delegate Domain-Level Access to the Archive](delegate-domain-level-access-to-the-archive-agpm40.md) and [Delegate Access to an Individual GPO in the Archive](delegate-access-to-an-individual-gpo-in-the-archive-agpm40.md). AGPM permissions will cascade from the domain to all GPOs currently in the archive. For details about which roles can perform a task and which permissions are necessary to perform a task, refer to the help for that task. - - - If you are not an AGPM Administrator and you require additional roles or permissions: Contact an AGPM Administrator for assistance. Be aware that if you are an Editor, you can begin the process of creating a GPO, deploying a GPO, or deleting a GPO from the production environment of the domain, but an Approver or AGPM Administrator must approve your request. - -### I am unable to use a particular GPO name - -- **Cause**: Either the GPO name is already in use or you lack permission to list the GPO. - -- **Solution**: - - - If the GPO name appears on the **Controlled**, **Uncontrolled**, or **Pending** tab, choose another name. If a GPO that was deployed is renamed but not yet redeployed, it will be displayed under its old name in the production environment of the domain. Therefore, the old name is still being used. Redeploy the GPO to update its name in the production environment and release that name for use by another GPO. - - - If the GPO name does not appear on the **Controlled**, **Uncontrolled**, or **Pending** tab, you may lack permission to list the GPO. To request permission, contact an AGPM Administrator. - -### I am not receiving AGPM e-mail notifications - -- **Cause**: A valid SMTP e-mail server and e-mail address has not been provided, or no action has been taken that generates an e-mail notification. - -- **Solution**: - - - If you are an AGPM Administrator: For e-mail notifications about pending actions to be sent by AGPM, an AGPM Administrator must provide a valid SMTP e-mail server and e-mail addresses for Approvers on the **Domain Delegation** tab. For more information, see [Configure E-Mail Notification](configure-e-mail-notification-agpm40.md). - - - E-mail notifications are generated only when an Editor, Reviewer, or other Group Policy administrator who lacks the permission necessary to create, deploy, or delete a GPO submits a request for one of those actions to occur. There is no automatic notification of approval or rejection of a request. - -### I cannot use port 4600 for the AGPM Service - -- **Cause**: By default, the port on which the AGPM Service listens is port 4600. - -- **Solution**: If port 4600 is not available for the AGPM Service, modify the port configuration on the AGPM Server to use another port and then update the port in the AGPM Server connection for AGPM Clients. For more information, see [Modify the AGPM Service](modify-the-agpm-service-agpm40.md). - -### The AGPM Service will not start - -- **Cause**: You have modified settings for the AGPM Service in the operating system under **Administrative Tools** and **Services**. - -- **Solution**: Modify the settings for **Microsoft Advanced Group Policy Management - Server** under **Programs and Features** in Control Panel. For more information, see [Modify the AGPM Service](modify-the-agpm-service-agpm40.md). - -### Group Policy Software Installation fails to install software - -- **Cause**: AGPM preserves the integrity of Group Policy Software Installation packages. Although GPOs are edited offline, links between packages in addition to cached client information are preserved. This is by design. - -- **Solution**: When you edit a GPO offline with AGPM, configure any Group Policy Software Installation upgrade of a package in another GPO to reference the deployed GPO, not the checked-out copy. The Editor must have **Read** permission for the deployed GPO. - -### An error occurred when I restored the archive to a new AGPM Server - -- **Cause**: For security reasons, the encryption protecting the password entered on the **Domain Delegation** tab causes the password to fail if the archive is moved to another computer. - -- **Solution**: Re-enter and confirm the password on the **Domain Delegation** tab. For more information, see [Configure E-Mail Notification](configure-e-mail-notification-agpm40.md). - -  - -  - - - - - diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md deleted file mode 100644 index 0275e8dc91..0000000000 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: Troubleshooting AGPM Upgrades -description: Troubleshooting AGPM Upgrades -author: dansimp -ms.assetid: 1abbf0c1-fd32-46a8-a3ba-c005f066523d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Troubleshooting AGPM Upgrades - -This section lists common issues that you may encounter when you upgrade your Advanced Group Policy Management (AGPM) server to a newer version (e.g. AGPM 4.0 to AGPM 4.3). To diagnose issues not listed here, it may be helpful to view the [Troubleshooting AGPM](troubleshooting-agpm-agpm40.md) or for an AGPM Administrator (Full Control) to use logging and tracing. For more information, see [Configure Logging and Tracing](configure-logging-and-tracing-agpm40.md). - -## What problems are you having? - -- [Failed to generate a HTML GPO difference report (Error code 80004003)](#bkmk-error-80004003) - -### Failed to generate a HTML GPO difference report (Error code 80004003) - -- **Cause**: You have installed the AGPM upgrade package with an incorrect account. - -- **Solution**: You will need to be an AGPM administrator in order to fix this issue. - - - Ensure you know the username & password of your **AGPM service account**. - - - Log onto your AGPM server interactively as your AGPM service account. - - - This is critically important, as the install will fail if you use a different account. - - - Shutdown the AGPM service. - - - Install the required hotfix. - - - Connect to AGPM using an AGPM client to test that your difference reports are now functioning. - -## Install Hotfix Package 1 for Microsoft Advanced Group Policy Management 4.0 SP3 - -**Issue fixed in this hotfix**: AGPM can't generate difference reports when it controls or manages new Group Policy Objects (GPOs). - -**How to get this update**: Install the latest version of Microsoft Desktop Optimization Pack ([March 2017 Servicing Release](https://www.microsoft.com/download/details.aspx?id=54967)). See [KB 4014009](https://support.microsoft.com/help/4014009/) for more information. - -More specifically, you can choose to download only the first file, `AGPM4.0SP1_Server_X64_KB4014009.exe`, from the list presented after pressing the download button. - -The download link to the Microsoft Desktop Optimization Pack (March 2017 Servicing Release) can be found [here](https://www.microsoft.com/download/details.aspx?id=54967). - - -## Reference link -https://support.microsoft.com/help/3127165/hotfix-package-1-for-microsoft-advanced-group-policy-management-4-0-sp - diff --git a/mdop/agpm/uncontrolled-gpo-commands-agpm30ops.md b/mdop/agpm/uncontrolled-gpo-commands-agpm30ops.md deleted file mode 100644 index 1ad9a2806a..0000000000 --- a/mdop/agpm/uncontrolled-gpo-commands-agpm30ops.md +++ /dev/null @@ -1,135 +0,0 @@ ---- -title: Uncontrolled GPO Commands -description: Uncontrolled GPO Commands -author: dansimp -ms.assetid: 94c07b09-cb96-4ff2-b963-b25f103e73e9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Uncontrolled GPO Commands - - -The **Uncontrolled** tab: - -- Displays a list of Group Policy Objects (GPOs) not managed by Advanced Group Policy Management (AGPM). - -- Provides a shortcut menu with commands for bringing uncontrolled GPOs under the management of AGPM and for displaying the history and reports for GPOs. - -- Displays a list of the groups and users who have permission to access a selected GPO. - -Right-clicking the **Group Policy Objects** list on this tab displays a shortcut menu, including whichever of the following options are applicable. - -## Control and history - - - ---- - - - - - - - - - - - - - - - - - - - - -
CommandEffect

History

Open a window listing all versions of the selected GPO saved within the archive. From the history, you can obtain a report of the settings within a GPO, compare two versions of a GPO, compare a GPO to a template, or roll back to a previous version of a GPO.

Control

Bring the selected uncontrolled GPO under the change control management of AGPM. If you do not have permission to control a GPO, you will be prompted to submit a request.

Save as Template

Create a new template based on the settings of the selected GPO.

- -  - -## Reports - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Settings

Generate an HTML-based or XML-based report displaying the settings within the selected GPO.

Differences

Generate an HTML-based or XML-based report comparing the settings within two selected GPOs or within the selected GPO and a template.

- -  - -## Miscellaneous - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Refresh

Update the display of the Group Policy Management Console (GPMC) to incorporate any changes. Some changes are not visible until the display is refreshed.

Help

Display help for AGPM.

- -  - -### Additional references - -- [Contents Tab](contents-tab-agpm30ops.md) - -- [Performing Editor Tasks](performing-editor-tasks-agpm30ops.md) - -- [Performing Approver Tasks](performing-approver-tasks-agpm30ops.md) - -- [Performing Reviewer Tasks](performing-reviewer-tasks-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/uncontrolled-gpo-commands-agpm40.md b/mdop/agpm/uncontrolled-gpo-commands-agpm40.md deleted file mode 100644 index 0b74dd5b18..0000000000 --- a/mdop/agpm/uncontrolled-gpo-commands-agpm40.md +++ /dev/null @@ -1,135 +0,0 @@ ---- -title: Uncontrolled GPO Commands -description: Uncontrolled GPO Commands -author: dansimp -ms.assetid: 05a8050f-adc3-465b-8524-bbe95745165c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Uncontrolled GPO Commands - - -The **Uncontrolled** tab: - -- Displays a list of Group Policy Objects (GPOs) not managed by Advanced Group Policy Management (AGPM). - -- Provides a shortcut menu with commands for bringing uncontrolled GPOs under the management of AGPM and for displaying the history and reports for GPOs. - -- Displays a list of the groups and users who have permission to access a selected GPO. - -Right-clicking the **Group Policy Objects** list on this tab displays a shortcut menu, including whichever of the following options are applicable. - -## Control and history - - - ---- - - - - - - - - - - - - - - - - - - - - -
CommandEffect

History

Open a window listing all versions of the selected GPO saved within the archive. From the history, you can obtain a report of the settings within a GPO, compare two versions of a GPO, compare a GPO to a template, or roll back to an earlier version of a GPO.

Control

Bring the selected uncontrolled GPO under the change control management of AGPM. If you do not have permission to control a GPO, you will be prompted to submit a request.

Save as Template

Create a new template based on the settings of the selected GPO.

- -  - -## Reports - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Settings

Generate an HTML-based or XML-based report displaying the settings within the selected GPO.

Differences

Generate an HTML-based or XML-based report comparing the settings within two selected GPOs or within the selected GPO and a template.

- -  - -## Miscellaneous - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Refresh

Update the display of the Group Policy Management Console (GPMC) to incorporate any changes. Some changes are not visible until the display is refreshed.

Help

Display help for AGPM.

- -  - -### Additional references - -- [Contents Tab](contents-tab-agpm40.md) - -- [Performing Editor Tasks](performing-editor-tasks-agpm40.md) - -- [Performing Approver Tasks](performing-approver-tasks-agpm40.md) - -- [Performing Reviewer Tasks](performing-reviewer-tasks-agpm40.md) - -  - -  - - - - - diff --git a/mdop/agpm/uncontrolled-tab.md b/mdop/agpm/uncontrolled-tab.md deleted file mode 100644 index 49a863ddc3..0000000000 --- a/mdop/agpm/uncontrolled-tab.md +++ /dev/null @@ -1,135 +0,0 @@ ---- -title: Uncontrolled Tab -description: Uncontrolled Tab -author: dansimp -ms.assetid: d7e658bf-a72b-4813-bdc8-2fdb7251e742 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Uncontrolled Tab - - -The **Uncontrolled** tab: - -- Displays a list of Group Policy objects (GPOs) not managed by Advanced Group Policy Management (AGPM). - -- Provides a shortcut menu with commands for bringing uncontrolled GPOs under the management of AGPM and for displaying the history and reports for GPOs. - -- Displays a list of the groups and users who have permission to access a selected GPO. - -Right-clicking the **Group Policy Objects** list on this tab displays a shortcut menu, including whichever of the following options are applicable. - -## Control and history - - - ---- - - - - - - - - - - - - - - - - - - - - -
CommandEffect

History

Open a window listing all versions of the selected GPO saved within the archive. From the history, you can obtain a report of the settings within a GPO, compare two versions of a GPO, compare a GPO to a template, or roll back to a previous version of a GPO.

Control

Bring the selected uncontrolled GPO under the change control management of AGPM. If you do not have permission to control a GPO, you will be prompted to submit a request.

Save as Template

Create a new template based on the settings of the selected GPO.

- -  - -## Reports - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Settings

Generate an HTML-based or XML-based report displaying the settings within the selected GPO.

Differences

Generate an HTML-based or XML-based report comparing the settings within two selected GPOs or within the selected GPO and a template.

- -  - -## Miscellaneous - - - ---- - - - - - - - - - - - - - - - - -
CommandEffect

Refresh

Update the display of the Group Policy Management Console to incorporate any changes. Some changes are not visible until the display is refreshed.

Help

Display help for AGPM.

- -  - -### Additional references - -- [Contents Tab](contents-tab.md) - -- [Performing Editor Tasks](performing-editor-tasks.md) - -- [Performing Approver Tasks](performing-approver-tasks.md) - -- [Performing Reviewer Tasks](performing-reviewer-tasks.md) - -  - -  - - - - - diff --git a/mdop/agpm/use-a-test-environment-agpm30ops.md b/mdop/agpm/use-a-test-environment-agpm30ops.md deleted file mode 100644 index 825a592d62..0000000000 --- a/mdop/agpm/use-a-test-environment-agpm30ops.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: Use a Test Environment -description: Use a Test Environment -author: dansimp -ms.assetid: 86295084-b39e-4040-bb3f-15c3c1e99b1a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Use a Test Environment - - -If you use a testing organizational unit (OU) to test Group Policy Objects (GPOs) before deployment to the production environment, you must have the necessary permissions to access the test OU. The use of a test OU is optional. - -**To use a test OU** - -1. While you have the GPO checked out for editing, in the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you are managing GPOs. - -2. Click the checked out copy of the GPO to be tested. The name will be preceded with **\[Checked Out\]**. (If it is not listed, click **Action**, then **Refresh**. Sort the names alphabetically, and **\[Checked Out\]** GPOs will typically appear at the top of the list.) - -3. Drag and drop the GPO to the test OU. - -4. Click **OK** in the dialog box asking whether to create a link to the GPO in the test OU. - -### Additional considerations - -- When testing is complete, checking in the GPO automatically deletes the link to the checked-out copy of the GPO. - -### Additional references - -- [Editing a GPO](editing-a-gpo-agpm30ops.md) - -  - -  - - - - - diff --git a/mdop/agpm/use-a-test-environment.md b/mdop/agpm/use-a-test-environment.md deleted file mode 100644 index ca6badb289..0000000000 --- a/mdop/agpm/use-a-test-environment.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: Use a Test Environment -description: Use a Test Environment -author: dansimp -ms.assetid: b8d7b3ee-030a-4b5b-8223-4a3276fd47a7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Use a Test Environment - - -If you use a testing organizational unit (OU) to test Group Policy objects (GPOs) before deployment to the production environment, you must have the necessary permissions to access the test OU. The use of a test OU is optional. - -**To use a test OU** - -1. While you have the GPO checked out for editing, in the **Group Policy Management Console**, click **Group Policy Objects** in the forest and domain in which you are managing GPOs. - -2. Click the checked out copy of the GPO to be tested. The name will be preceded with **\[AGPM\]**. (If it is not listed, click **Action**, then **Refresh**. Sort the names alphabetically, and **\[AGPM\]** GPOs will typically appear at the top of the list.) - -3. Drag and drop the GPO to the test OU. - -4. Click **OK** in the dialog box asking whether to create a link to the GPO in the test OU. - -### Additional considerations - -- When testing is complete, checking in the GPO automatically deletes the link to the checked-out copy of the GPO. - -### Additional references - -- [Editing a GPO](editing-a-gpo.md) - -  - -  - - - - - diff --git a/mdop/agpm/user-interface-advanced-group-policy-management-agpm30ops.md b/mdop/agpm/user-interface-advanced-group-policy-management-agpm30ops.md deleted file mode 100644 index 870b709194..0000000000 --- a/mdop/agpm/user-interface-advanced-group-policy-management-agpm30ops.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: User Interface Advanced Group Policy Management -description: User Interface Advanced Group Policy Management -author: dansimp -ms.assetid: 19aab694-8283-4d97-9425-1845404b461f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# User Interface: Advanced Group Policy Management - - -Advanced Group Policy Management (AGPM) adds a **Change Control** folder to each domain displayed in the **Group Policy Management Console** (GPMC). In an environment where multiple domains are managed with the GPMC, each domain is listed under the **Domains** folder in the console tree. Each domain has a **Change Control** folder under it, and there is one archive of Group Policy Objects (GPOs) per domain. - -Within the details pane there are four primary tabs, providing access to both GPO-level settings and domain-level settings and commands for AGPM. Additionally, there are Administrative template settings specific to AGPM. - -- [Contents Tab](contents-tab-agpm30ops.md): GPO settings and commands and GPO-level delegation - -- [Domain Delegation Tab](domain-delegation-tab-agpm30ops.md): AGPM e-mail notification settings and domain-level delegation - -- [AGPM Server Tab](agpm-server-tab-agpm30ops.md): Domain-level archive connection settings - -- [Production Delegation Tab](production-delegation-tab-agpm30ops.md): Production environment delegation - -- [Administrative Templates Folder](administrative-templates-folder-agpm30ops.md): Central configuration of logging and tracking, archive locations, and the visibility of features - -  - -  - - - - - diff --git a/mdop/agpm/user-interface-advanced-group-policy-management-agpm40.md b/mdop/agpm/user-interface-advanced-group-policy-management-agpm40.md deleted file mode 100644 index 7104e96d2a..0000000000 --- a/mdop/agpm/user-interface-advanced-group-policy-management-agpm40.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: User Interface Advanced Group Policy Management -description: User Interface Advanced Group Policy Management -author: dansimp -ms.assetid: 1bf67f6a-4f24-4020-a8c1-fe440de9caa3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# User Interface: Advanced Group Policy Management - - -Advanced Group Policy Management (AGPM) adds a **Change Control** folder to each domain displayed in the **Group Policy Management Console** (GPMC). In an environment where multiple domains are managed with the GPMC, each domain is listed under the **Domains** folder in the console tree. Each domain has a **Change Control** folder under it, and there is one archive of Group Policy Objects (GPOs) per domain. - -Within the details pane there are four primary tabs, providing access to both GPO-level settings and domain-level settings and commands for AGPM. Additionally, there are Administrative template settings specific to AGPM. - -- [Contents Tab](contents-tab-agpm40.md): GPO settings and commands and GPO-level delegation - -- [Domain Delegation Tab](domain-delegation-tab-agpm40.md): AGPM e-mail notification settings and domain-level delegation - -- [AGPM Server Tab](agpm-server-tab-agpm40.md): Domain-level archive connection settings - -- [Production Delegation Tab](production-delegation-tab-agpm40.md): Production environment delegation - -- [Administrative Templates Folder](administrative-templates-folder-agpm40.md): Central configuration of logging and tracking, archive locations, and the visibility of features - -  - -  - - - - - diff --git a/mdop/agpm/user-interface-advanced-group-policy-management.md b/mdop/agpm/user-interface-advanced-group-policy-management.md deleted file mode 100644 index b8a2fbc5b2..0000000000 --- a/mdop/agpm/user-interface-advanced-group-policy-management.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: User Interface Advanced Group Policy Management -description: User Interface Advanced Group Policy Management -author: dansimp -ms.assetid: 73324c99-adca-46dc-b516-ef78b7235f59 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# User Interface: Advanced Group Policy Management - - -Advanced Group Policy Management (AGPM) adds a **Change Control** node to each domain displayed in the **Group Policy Management Console** (GPMC). In an environment where multiple domains are managed with the GPMC, each domain is listed under the **Domains** node in the console tree. Each domain has a **Change Control** node under it, and there is one archive of Group Policy objects (GPOs) per domain. - -Within the details pane there are three primary tabs, providing access to both GPO-level settings and domain-level settings and commands for AGPM. - -- [Contents Tab](contents-tab.md): GPO settings and commands and GPO-level delegation - -- [Domain Delegation Tab](domain-delegation-tab.md): AGPM e-mail notification settings and domain-level delegation - -- [AGPM Server Tab](agpm-server-tab.md): Domain-level archive connection settings - -Other enhancements and settings: - -- [Administrative Template Settings](administrative-template-settings.md): Central configuration of logging and tracing, archive locations, and the visibility of features - -- [Other Enhancements to the GPMC](other-enhancements-to-the-gpmc.md): AGPM adds a **History** tab and an **Extensions** tab for each GPO and Group Policy link - -  - -  - - - - - diff --git a/mdop/agpm/using-a-test-environment.md b/mdop/agpm/using-a-test-environment.md deleted file mode 100644 index 37535bf276..0000000000 --- a/mdop/agpm/using-a-test-environment.md +++ /dev/null @@ -1,40 +0,0 @@ ---- -title: Using a Test Environment -description: Using a Test Environment -author: dansimp -ms.assetid: fc5fcc7c-1ac8-483a-a6bd-2279ae2ee3fb -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Using a Test Environment - - -Before you request that a Group Policy Object (GPO) be deployed to the production environment, you should test the GPO in a lab environment. If you develop the GPO in a domain in a test forest, you can export the GPO to a file and import the file to a domain in the production forest. You can then test the GPO by linking it to an organizational unit (OU) that contains test computers and users. - -- [Export a GPO to a File](export-a-gpo-to-a-file.md) - -- [Import a GPO from a File](import-a-gpo-from-a-file-ed.md) - -- [Test a GPO in a Separate Organizational Unit](test-a-gpo-in-a-separate-organizational-unit-agpm40.md) - -**Note**   -You can also import a GPO from the production environment of the domain. For more information, see [Import a GPO from Production](import-a-gpo-from-production-agpm40-ed.md). - - - - - - - - - - - diff --git a/mdop/agpm/whats-new-in-agpm-30.md b/mdop/agpm/whats-new-in-agpm-30.md deleted file mode 100644 index 0483edc1f5..0000000000 --- a/mdop/agpm/whats-new-in-agpm-30.md +++ /dev/null @@ -1,75 +0,0 @@ ---- -title: What's New in AGPM 3.0 -description: What's New in AGPM 3.0 -author: dansimp -ms.assetid: 0d082b86-63c5-45ce-9529-6e5f37254f9d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# What's New in AGPM 3.0 - - -Microsoft Advanced Group Policy Management (AGPM) 3.0 includes the following new or changed features: - -- Support for Windows Server 2008 and Windows Vista with Service Pack 1 that includes 32-bit and 64-bit versions - -- Improved installation process - -- Simplified procedure for modifying the port on which the AGPM Server listens - -- More detailed information in the History of each GPO - -- Ability to delegate access to the production environment from AGPM - -- Ability to limit the number of GPO versions stored in the archive - -- Ability to configure e-mail security for AGPM - -- Friendlier names for AGPM policy settings - -- The Editor role now requires permission to delete GPOs from the archive - -Additionally, AGPM 3.0 is localized for the following languages: - -- Chinese (Simplified) - -- Chinese (Taiwan) - -- English (U.S.) - -- French - -- German - -- Italian - -- Japanese - -- Korean - -- Portuguese (Brazil) - -- Russian - -- Spanish - -### Additional considerations - -AGPM 3.0 supports Windows Server 2008 and Windows Vista with SP1. It does not support Windows Server 2003 or Windows Vista with no service packs installed. AGPM 2.5 supports those environments. For more information, see [Choosing Which Version of AGPM to Install](choosing-which-version-of-agpm-to-install.md). - -  - -  - - - - - diff --git a/mdop/agpm/whats-new-in-agpm-40-sp1.md b/mdop/agpm/whats-new-in-agpm-40-sp1.md deleted file mode 100644 index 6151532df1..0000000000 --- a/mdop/agpm/whats-new-in-agpm-40-sp1.md +++ /dev/null @@ -1,213 +0,0 @@ ---- -title: What's New in AGPM 4.0 SP1 -description: What's New in AGPM 4.0 SP1 -author: dansimp -ms.assetid: c6a3d94a-13c3-44e6-a466-c3011879999e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# What's New in AGPM 4.0 SP1 - - -This “What’s New” content describes enhancements and supported configurations for Microsoft Advanced Group Policy Management (AGPM) 4.0 SP1. If there is a difference between this content and other AGPM documentation, this content should be considered authoritative and should supersede the content included with this product. - -## What’s new - - -AGPM 4.0 SP1 supports the following enhancements: - -### New and changed client-side extensions - -Group Policy client-side extensions (CSEs) have been added or changed for AGPM to support new Group Policies in Windows 8 and Windows Server 2012. These group policies enable Group Policy administrators to manage and track Windows 8-specific Group Policy settings that change between two Group Policy Objects (GPOs) or templates. You can also create custom GPOs, with Windows 8-specific settings, and configure and save the GPOs as a template. To view your CSEs, use the settings and difference reports that are available in the AGPM 4.0 SP1 client. - -The new and changed Group Policy client-side extensions are: - -- **Central Access Policy:** Enables Group Policy administrators to specify Central Access Policies on Group Policy servers, for example, file servers. Central Access Policy is an authorization policy that is specified by a GPO item and applied to policy targets to facilitate centralized access and control of resources. These Central Access Policies must be configured on a Group Policy client computer from within Active Directory. A Group Policy distributes the knowledge of an applicable Central Access Policy to the computers that have to enforce it. - -- **Name Resolution Policy changes:** Enables Group Policy administrators to configure settings for DNS security and DirectAccess on DNS client computers. New tabs for configuring Generic DNS Server settings and Encoding settings have been added. - -- **Group Policy Preference changes:** Adds support for the configuration and management of Internet Explorer 10 settings that were added for Windows 8. - -- **Remote Application and Desktop Connections:** Lets Group Policy administrators specify the default connection URL that is used for Remote Application and Desktop Connections. - -- **Windows To Go Startup Options:** Lets Group Policy administrators configure whether the computer will boot to Windows To Go if a USB device that contains a Windows To Go workspace is connected. - -- **Windows To Go Hibernate Options:** Lets Group Policy administrators configure whether a computer can use the hibernation sleep state (S4) when the computer is started from a Windows To Go workspace. - -### Customer feedback and hotfix rollup - -AGPM 4.0 SP1 includes a rollup of fixes to address issues found since the AGPM 4.0 release. AGPM 4.0 SP1 contains the latest fixes up to and including Microsoft Advanced Group Policy Management 4.0 Hotfix 1. - -### Settings and difference reports show new Group Policy extensions - -The new Group Policy extensions have been added to the settings and difference reports. - -### Installer changes and support - -The changes and support for the AGPM 4.0 SP1 installer are: - -- If you install AGPM 4.0 SP1 on Windows 8 or Windows Server 2012, the AGPM installer verifies that the required prerequisite software (Group Policy Management Console and the .NET 3.5 Framework) is installed. If these prerequisites are not installed, the AGPM 4.0 SP1 installation is blocked. - -- When you install AGPM 4.0 SP1, WCF Activation, Non-HTTP Activation, and Windows Process Activation Service are automatically enabled. - -- On Windows Vista, Windows 7, and Windows 8 client operating systems, download the appropriate version of the Remote System Administration Toolkit for your operating system before you install AGPM 4.0 SP1. - -- Backward compatibility with older supported operating systems is supported. - -### Ability to upgrade or update to AGPM 4.0 SP1 without re-entering configuration parameters - -You can upgrade the AGPM client or server to AGPM 4.0 SP1 only from AGPM 4.0 without being prompted to re-enter configuration parameters (called “Smart Upgrade”), as shown in the following table. If you are upgrading to AGPM 4.0 SP1 from other versions of AGPM, as shown in the table, you must use the “Classic Upgrade,” which requires you to re-enter the configuration parameters. Since each version of AGPM is associated with a particular operating system, refer to [Choosing Which Version of AGPM to Install](https://go.microsoft.com/fwlink/?LinkId=254350), and be sure to upgrade your operating system as appropriate before performing an upgrade. - - ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

AGPM Version From Which You Can Upgrade

2.5

3.0

4.0

4.0 SP1

2.5

Not Applicable

Classic Upgrade

Classic Upgrade

Installation is blocked

3.0

Not Applicable

Not Applicable

Classic Upgrade

Installation is blocked

4.0

Not Applicable

Not Applicable

Not Applicable

Smart Upgrade

- -  - -## Supported configurations - - -AGPM supports the configurations in the following table. Although AGPM supports mixed configurations, it is strongly recommended that you run the AGPM client and server on the same operating system family, for example, Windows 8 with Windows Server 2012, Windows 7 with Windows Server 2008 R2, and so on. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Supported Configurations for AGPM 4.0 SP1 Server

Supported Configurations for AGPM 4.0 SP1 Client

AGPM 4.0 SP1 Support

Windows 8 or Windows Server 2012

Windows 8 or Windows Server 2012

Supported

Windows Server 2008 R2 or Windows 7

Windows Server 2008 R2 or Windows 7

Supported, but cannot edit policy settings or preference items that exist only in Windows 8

Windows Server 2008 R2 or Windows 7 or Windows 8 or Windows Server 2012

Windows Server 2008 or Windows Vista with SP1

Supported, but cannot edit policy settings or preference items that exist only in Windows Server 2008 R2 or Windows 7 or Windows 8.

Windows Server 2008 or Windows Vista with SP1

Windows Server 2008 R2 or Windows 7 or Windows 8 or Windows Server 2012

Supported

Windows Server 2008 or Windows Vista with SP1

Windows Server 2008 or Windows Vista with SP1

Supported, but cannot report or edit policy settings or preference items that exist only in Windows Server 2008 R2 or Windows 7 or Windows 8

- -  - -## Prerequisites for installing AGPM 4.0 SP1 - - -The following table describes the behavior on Windows 8 of AGPM 4.0 SP1 client and server installers when .NET 3.5 or the Group Policy Management Console in the Remote Server Administration Tools (RSAT) is missing. - -**AGPM Client 4.0 SP1** - -**AGPM Server 4.0 SP1** - -**Operating System** - -**.NET** - -**RSAT** - -**.NET** - -**RSAT** - -**Windows 8** - -If .NET 3.5 is not enabled or installed, the installer blocks the installation. - -If GPMC is not enabled or installed on the system, the installer blocks the installation. - -If .NET 3.5 is not enabled or installed, the installer blocks the installation. - -If GPMC is not enabled or installed on the system, the installer blocks the installation. - -**Windows Server 2012** - -If .NET 3.5 is not enabled or installed, the installer blocks the installation. - -If GPMC is not enabled, the installer enables it during the installation. - -If .NET 3.5 is not enabled or installed, the installer blocks the installation. - -If GPMC is not enabled, the installer enables it during the installation. - -  - -## Related topics - - -[Advanced Group Policy Management](index.md) - -[Release Notes for Microsoft Advanced Group Policy Management 4.0 SP1](release-notes-for-microsoft-advanced-group-policy-management-40-sp1.md) - -  - -  - - - - - diff --git a/mdop/agpm/whats-new-in-agpm-40-sp2.md b/mdop/agpm/whats-new-in-agpm-40-sp2.md deleted file mode 100644 index 407487d485..0000000000 --- a/mdop/agpm/whats-new-in-agpm-40-sp2.md +++ /dev/null @@ -1,242 +0,0 @@ ---- -title: What's New in AGPM 4.0 SP2 -description: What's New in AGPM 4.0 SP2 -author: dansimp -ms.assetid: 5c0dcab4-f27d-4153-8b8e-b280b080be51 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# What's New in AGPM 4.0 SP2 - - -This content describes enhancements and supported configurations for Microsoft Advanced Group Policy Management (AGPM) 4.0 Service Pack 2 (SP2). If there is a difference between this content and other AGPM documentation, consider this content authoritative and assume that it supersedes the other documentation. - -## What’s new - - -AGPM 4.0 SP2 supports the following features and functionality. - -### Support for Windows 8.1 and Windows Server 2012 R2 - -AGPM 4.0 SP2 adds support for the Windows 8.1 and Windows Server 2012 R2 operating systems. - -### New and changed client-side extensions - -Group Policy client-side extensions have been added or changed for AGPM to support new policy settings in Windows 8.1. These policy settings enable Group Policy administrators to manage and track Windows 8.1–specific policy settings that change between two Group Policy Objects (GPOs) or templates. To view your client-side extensions, use the settings and difference reports that are available in the AGPM Client. - -The new and changed Group Policy client-side extensions are: - -- **Specify Work Folders settings**. If you enable this policy setting, IT administrators can configure Work Folders to be created automatically. The Work Folders feature enables end users to synchronize files from their Windows desktop devices to their other devices. Use this policy setting to create the synchronization relationship on an end user’s devices and to configure how to identify the file server that stores the user’s Work Folders. If you select the **Auto provision synchronization** check box, the synchronization partnership will be created without user input, and data will automatically start synchronizing to the user’s device. If you do not select the **Auto provision synchronization** check box, users must provide input to start the synchronization. - -- **Force automatic setup for all users**. If you enable this policy setting, IT administrators can determine whether to create the Work Folders partnership automatically on end-user devices without input from end users. If you enable this policy setting, the synchronization will be set up according to how you configure the **Specify Work Folders settings** policy setting. If you set the **Force automatic setup for all users** policy setting to **Disabled** or **Not configured**, the Work Folders partnership will be configured according to how you set the **Automatic Provisioning** option in the **Specify Work Folders settings** policy setting. - -For more information about the Work Folders feature, see [Work Folders Overview](https://go.microsoft.com/fwlink/?LinkId=330444). - -### Customer feedback and hotfix rollup - -AGPM 4.0 SP2 includes a rollup of hotfixes to address issues found since the AGPM 4.0 Service Pack 1 (SP1) release. AGPM 4.0 SP2 contains the latest fixes up to and including Microsoft Advanced Group Policy Management 4.0 SP1 Hotfix 1. For more information, see Knowledge Base article [2873472](https://go.microsoft.com/fwlink/?LinkId=325400)). - -### New Group Policy extensions in settings and difference reports - -The new Group Policy extensions have been added to the settings and difference reports. - -### Installer changes and support - -The changes and support for the AGPM 4.0 SP2 installer are: - -- If you install AGPM 4.0 SP2 on the Windows 8 or Windows Server 2012 operating system or later operating systems, the AGPM installer verifies that the required prerequisite software (the Group Policy Management Console (GPMC) and the Microsoft .NET Framework 3.5) is installed. If this prerequisite software is not installed, the AGPM 4.0 SP2 installation is blocked. - -- When you install the AGPM Server, WCF Activation, Non-HTTP Activation, and Windows Process Activation Service are automatically enabled. - -- On the Windows Vista client operating system and later operating systems, download the appropriate version of the Remote System Administration Tools for your operating system before you install AGPM 4.0 SP2. - -- AGPM 4.0 SP2 supports backward compatibility with older supported operating systems. - -### Ability to upgrade to AGPM 4.0 SP2 without reentering configuration parameters - -You can upgrade the AGPM Client or AGPM Server to AGPM 4.0 SP2 without being prompted to reenter configuration parameters (called the Smart Upgrade) only from AGPM 4.0 onward, as shown in the following table. If you are upgrading to AGPM 4.0 SP2 from other versions of AGPM, as shown in the table, you must use the Classic Upgrade, which requires you to reenter the configuration parameters. Because each version of AGPM is associated with a particular operating system, see [Choosing Which Version of AGPM to Install](https://go.microsoft.com/fwlink/?LinkId=254350) and make sure that you upgrade your operating system as appropriate before you upgrade AGPM. - -**AGPM 4.0 SP2 supported upgrades** - - -------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

AGPM version from which you can upgrade

2.5

3.0

4.0

4.0 SP1

4.0 SP2

2.5

Not applicable

Classic Upgrade

Classic Upgrade

Installation is blocked

Installation is blocked

3.0

Not applicable

Not applicable

Classic Upgrade

Installation is blocked

Installation is blocked

4.0

Not applicable

Not applicable

Not applicable

Smart Upgrade

Smart Upgrade

4.0 SP1

Not applicable

Not applicable

Not applicable

Not applicable

Smart Upgrade

- -  - -## Supported configurations - - -AGPM 4.0 SP2 supports the configurations in the following table. Although AGPM supports mixed configurations, we strongly recommend that you run the AGPM Client and AGPM Server on the same operating system line—for example, Windows 8.1 with Windows Server 2012 R2, Windows 8 with Windows Server 2012, and so on. - -**AGPM 4.0 SP2 supported operating systems and policy settings** - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Supported configurations for the AGPM ServerSupported configurations for the AGPM ClientAGPM Support

Windows Server 2012 R2 or Windows 8.1

Windows Server 2012 R2 or Windows 8.1

Supported

Windows Server 2012 R2, Windows Server 2012, Windows 8.1, or Windows 8

Windows Server 2012 or Windows 8

Supported, but cannot edit policy settings or preference items that exist only in Windows 8.1

Windows Server 2008 R2 or Windows 7

Windows Server 2008 R2 or Windows 7

Supported, but cannot edit policy settings or preference items that exist only in Windows 8.1 or Windows 8

Windows Server 2012, Windows Server 2008 R2, Windows 8, or Windows 7

Windows Server 2008 or Windows Vista with Service Pack 1 (SP1)

Supported, but cannot edit policy settings or preference items that exist only in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows 8.1, Windows 8, or Windows 7

Windows Server 2008 or Windows Vista with SP1

Windows Server 2012, Windows Server 2008 R2, Windows 8, or Windows 7

Not supported

Windows Server 2008 or Windows Vista with SP1

Windows Server 2008 or Windows Vista with SP1

Supported, but cannot report or edit policy settings or preference items that exist only in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows 8.1, Windows 8, or Windows 7

- -  - -## Prerequisites for installing AGPM 4.0 SP2 - - -The following table describes the behavior of AGPM 4.0 SP2 Client and Server installers on Windows 8.1 when the .NET Framework 3.5 or the GPMC in the Remote Server Administration Tools is missing. - -**AGPM Client** - -**AGPM Server** - -**Operating system** - -**.NET Framework** - -**Remote Server Administration Tools** - -**.NET Framework** - -**Remote Server Administration Tools** - -**Windows 8.1** - -If the .NET Framework 3.5 is not enabled or installed, the installer blocks the installation. - -If the GPMC is not enabled or installed, the installer blocks the installation. - -If the .NET Framework 3.5 is not enabled or installed, the installer blocks the installation. - -If the GPMC is not enabled or installed, the installer blocks the installation. - -**Windows Server 2012 R2** - -If the .NET Framework 3.5 is not enabled or installed, the installer blocks the installation. - -If the GPMC is not enabled, the installer enables it during the installation. - -If the .NET Framework 3.5 is not enabled or installed, the installer blocks the installation. - -If the GPMC is not enabled, the installer enables it during the installation. - -  - -## How to Get MDOP Technologies - - -AGPM 4.0 SP2 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049). - -## Related topics - - -[Advanced Group Policy Management](index.md) - -[Release Notes for Microsoft Advanced Group Policy Management 4.0 SP2](release-notes-for-microsoft-advanced-group-policy-management-40-sp2.md) - -[Choosing Which Version of AGPM to Install](choosing-which-version-of-agpm-to-install.md) - -  - -  - - - - - diff --git a/mdop/agpm/whats-new-in-agpm-40-sp3.md b/mdop/agpm/whats-new-in-agpm-40-sp3.md deleted file mode 100644 index d60031b011..0000000000 --- a/mdop/agpm/whats-new-in-agpm-40-sp3.md +++ /dev/null @@ -1,210 +0,0 @@ ---- -title: What's New in AGPM 4.0 SP3 -description: What's New in AGPM 4.0 SP3 -author: dansimp -ms.assetid: df495d55-9fbf-4f7e-a7af-3905f4f8790e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 09/27/2016 ---- - - -# What's New in AGPM 4.0 SP3 - - -This content describes enhancements and supported configurations for Microsoft Advanced Group Policy Management (AGPM) 4.0 Service Pack 3 (SP3). If there is a difference between this content and other AGPM documentation, consider this content authoritative and assume that it supersedes the other documentation. - -## What’s new - - -AGPM 4.0 SP3 supports the following features and functionality. - -### Support for Windows 10 - -AGPM 4.0 SP3 adds support for the Windows 10 and Windows Server 2016 operating systems. - -### Support for PowerShell - -AGPM 4.0 SP3 adds support for PowerShell cmdlets. For a list of the cmdlets available in AGPM 4.0 SP3, including descriptions and syntax, see [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](https://docs.microsoft.com/powershell/mdop/get-started?view=win-mdop2-ps). - -### Customer feedback and hotfix rollup - -AGPM 4.0 SP3 includes a rollup of all fixes up to and including Microsoft Advanced Group Policy Management 4.0 SP2 and any fixes for issues found since AGPM 4.0 SP2. - -### Ability to upgrade to AGPM 4.0 SP3 without re-entering configuration parameters - -You can upgrade the AGPM Client or AGPM Server to AGPM 4.0 SP3 without being prompted to re-enter configuration parameters (called the Smart Upgrade) only from AGPM 4.0 and later, as shown in the following table. If you are upgrading to AGPM 4.0 SP3 from other versions of AGPM, as shown in the table, you must use the Classic Upgrade, which requires you to re-enter the configuration parameters. Because each version of AGPM is associated with a particular operating system, see [Choosing Which Version of AGPM to Install](https://go.microsoft.com/fwlink/?LinkId=254350) and make sure that you upgrade your operating system as appropriate before you upgrade AGPM. - -**AGPM 4.0 SP3 supported upgrades** - - --------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

AGPM version from which you can upgrade

2.5

3.0

4.0

4.0 SP1

4.0 SP2

4.0 SP3

2.5

Not applicable

Classic Upgrade

Classic Upgrade

Installation is blocked

Installation is blocked

Installation is blocked

3.0

Not applicable

Not applicable

Classic Upgrade

Installation is blocked

Installation is blocked

Installation is blocked

4.0

Not applicable

Not applicable

Not applicable

Smart Upgrade

Smart Upgrade

Smart Upgrade

4.0 SP1

Not applicable

Not applicable

Not applicable

Not applicable

Smart Upgrade

Smart Upgrade

4.0 SP2

Not applicable

Not applicable

Not applicable

Not applicable

Not applicable

Smart Upgrade

- -  - -## Supported configurations - - -AGPM 4.0 SP3 supports the configurations in the following table. Although AGPM supports mixed configurations, we strongly recommend that you run the AGPM Client and AGPM Server on the same operating system line—for example, Windows 10 with Windows Server 2016, Windows 8.1 with Windows Server 2012 R2, and so on. - -**AGPM 4.0 SP3 supported operating systems and policy settings** - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Supported configurations for the AGPM ServerSupported configurations for the AGPM ClientAGPM Support

Windows Server 2016 or Windows 10

Windows 10

Supported

Windows Server 2012 R2 or Windows 8.1

Windows Server 2012 R2 or Windows 8.1

Supported

Windows Server 2012 R2, Windows Server 2012, or Windows 8.1

Windows Server 2012

Supported, but cannot edit policy settings or preference items that exist only in Windows 8.1

Windows Server 2008 R2 or Windows 7

Windows Server 2008 R2 or Windows 7

Supported, but cannot edit policy settings or preference items that exist only in Windows 8.1

Windows Server 2012, Windows Server 2008 R2, or Windows 7

Windows Server 2008 or Windows Vista with Service Pack 1 (SP1)

Supported, but cannot edit policy settings or preference items that exist only in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows 8.1, or Windows 7

Windows Server 2008 or Windows Vista with SP1

Windows Server 2012, Windows Server 2008 R2, or Windows 7

Not supported

Windows Server 2008 or Windows Vista with SP1

Windows Server 2008 or Windows Vista with SP1

Supported, but cannot report or edit policy settings or preference items that exist only in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows 8.1, or Windows 7

- -  - -## Prerequisites for installing AGPM 4.0 SP3 - -The following table describes the behavior of AGPM 4.0 SP3 Client and Server installers when the .NET Framework 4.5.1, PowerShell 3.0, or the GPMC in the Remote Server Administration Tools is missing. - -| AGPM Client | | | AGPM Server | | | -|------------------------|-------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------|---------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------| -| Operating system | .NET Framework | PowerShell | Remote Server Administration Tools | .NET Framework | Remote Server Administration Tools | -| Windows 10 | If the .NET Framework 4.5.1 is not enabled or installed, the installer blocks the installation. | If Powershell 3.0 is not installed, the installer blocks the installation. | If the GPMC is not enabled or installed, the installer blocks the installation. | If the .NET Framework 4.5.1 is not enabled or installed, the installer blocks the installation. | If the GPMC is not enabled or installed, the installer blocks the installation. | -| Windows 8.1 | If the .NET Framework 4.5.1 is not enabled or installed, the installer blocks the installation. | If Powershell 3.0 is not installed, the installer blocks the installation. | If the GPMC is not enabled or installed, the installer blocks the installation. | If the .NET Framework 4.5.1 is not enabled or installed, the installer blocks the installation. | If the GPMC is not enabled or installed, the installer blocks the installation. | -| Windows Server 2012 R2 | If the .NET Framework 4.5.1 is not enabled or installed, the installer blocks the installation. | If Powershell 3.0 is not installed, the installer blocks the installation. | If the GPMC is not enabled, the installer enables it during the installation. | If the .NET Framework 4.5.1 is not enabled or installed, the installer blocks the installation. | If the GPMC is not enabled, the installer enables it during the installation. | - -  - -## How to Get MDOP Technologies - - -AGPM 4.0 SP3 is a part of the Microsoft Desktop Optimization Pack (MDOP) since MDOP 2015. MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049). - -## Related topics - - -[Advanced Group Policy Management](index.md) - -[Release Notes for Microsoft Advanced Group Policy Management 4.0 SP3](release-notes-for-microsoft-advanced-group-policy-management-40-sp3.md) - -[Choosing Which Version of AGPM to Install](choosing-which-version-of-agpm-to-install.md) - -  - -  - - - - - diff --git a/mdop/agpm/whats-new-in-agpm-40.md b/mdop/agpm/whats-new-in-agpm-40.md deleted file mode 100644 index 280c395196..0000000000 --- a/mdop/agpm/whats-new-in-agpm-40.md +++ /dev/null @@ -1,87 +0,0 @@ ---- -title: What's New in AGPM 4.0 -description: What's New in AGPM 4.0 -author: dansimp -ms.assetid: 31775f7f-a59c-4e64-a875-0adc9f5bc835 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# What's New in AGPM 4.0 - - -Microsoft Advanced Group Policy Management (AGPM) 4.0 includes new features that let you search for Group Policy Objects (GPOs), filter the list of GPOs displayed, export and import a GPO to a different forest, and install AGPM on computers running Windows 7 and Windows Server 2008 R2. - -## Search and filter GPOs - - -In AGPM 4.0, you can search the list of GPOs for specific attributes to filter the list of GPOs displayed. For example, you can search for GPOs with a particular name, state, or comment. You can also search for GPOs that were last changed by a particular Group Policy administrator or on a particular date. - -You can create a complex search string by using the format *GPO attribute 1: search text 1 GPO attribute 2: search text 2…*, where a GPO attribute is any column heading in the list of GPOs in AGPM. For example, to search for all GPOs with names including the text "MyGPO" that are checked in and were last changed by the user Editor03, you would type the following in the Search box: **name: MyGPO state:** **checked in** **changed by: Editor03**. The search returns partial matches so that you can enter part of a GPO name or user name and view a list of all GPOs that include that text in their name. - -Additionally, you can use the same special terms available when you search in Windows to search for GPOs changed on a specific date or range of dates. For example, **change date:** **lastmonth** or **change date:** **thisweek**. - -## Export and import GPOs to different forests - - -Using AGPM 4.0, you can copy a controlled GPO from a domain in one forest to a domain in a second forest. For example, you can export a GPO from a domain in one forest to a CAB file by using AGPM, copy that CAB file to a USB drive, plug the USB drive into a computer in a domain in a second forest, and import the GPO into AGPM in a domain in the second forest. You can either import the GPO as a new controlled GPO, or import it to replace the settings of an existing GPO that is checked out. - -## Support for Windows Server 2008 R2 and Windows 7 - - -AGPM 4.0 supports Windows Server 2008 R2 and Windows 7, yet still supports Windows Server 2008 and Windows Vista® with Service Pack 1 (SP1). However, there are limitations in a mixed environment that includes both the newer and older operating systems, as indicated in the following table. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating system on which AGPM Server 4.0 runsOperating system on which AGPM Client 4.0 runsStatus of AGPM 4.0 support

Windows Server 2008 R2 or Windows 7

Windows Server 2008 R2 or Windows 7

Supported

Windows Server 2008 R2 or Windows 7

Windows Server 2008 or Windows Vista with SP1

Supported, but cannot edit policy settings or preference items that exist only in Windows Server 2008 R2 or Windows 7

Windows Server 2008 or Windows Vista with SP1

Windows Server 2008 R2 or Windows 7

Unsupported

Windows Server 2008 or Windows Vista with SP1

Windows Server 2008 or Windows Vista with SP1

Supported, but cannot report or edit policy settings or preference items that exist only in Windows Server 2008 R2 or Windows 7

- -  - -  - -  - - - - - diff --git a/mdop/appv-v4/TOC.md b/mdop/appv-v4/TOC.md deleted file mode 100644 index 743199d765..0000000000 --- a/mdop/appv-v4/TOC.md +++ /dev/null @@ -1,649 +0,0 @@ -# [Application Virtualization 4](index.md) -## [Getting Started Guide](microsoft-application-virtualization-getting-started-guide.md) -### [Overview of Application Virtualization](overview-of-application-virtualization.md) -### [Planning for Application Virtualization System Deployment](planning-for-application-virtualization-system-deployment.md) -#### [Best Practices for the Application Virtualization Sequencer](best-practices-for-the-application-virtualization-sequencer-sp1.md) -#### [Planning the Application Virtualization Sequencer Implementation](planning-the-application-virtualization-sequencer-implementation.md) -#### [Using Electronic Software Distribution as a Package Management Solution](using-electronic-software-distribution-as-a-package-management-solution.md) -##### [Publishing Virtual Applications Using Electronic Software Distribution](publishing-virtual-applications-using-electronic-software-distribution.md) -##### [Planning Your Streaming Solution in an Electronic Software Distribution Implementation](planning-your-streaming-solution-in-an-electronic-software-distribution-implementation.md) -#### [Using Application Virtualization Servers as a Package Management Solution](using-application-virtualization-servers-as-a-package-management-solution.md) -##### [Overview of the Application Virtualization System Components](overview-of-the-application-virtualization-system-components.md) -##### [Publishing Virtual Applications Using Application Virtualization Management Servers](publishing-virtual-applications-using-application-virtualization-management-servers.md) -##### [Planning Your Streaming Solution in an Application Virtualization Server-Based Implementation](planning-your-streaming-solution-in-an-application-virtualization-server-based-implementation.md) -#### [Planning for Application Virtualization Client Deployment](planning-for-application-virtualization-client-deployment.md) -#### [Planning for Migration from Previous Versions](planning-for-migration-from-previous-versions.md) -#### [Planning for Security and Protection](planning-for-security-and-protection.md) -##### [Security and Protection Overview](security-and-protection-overview.md) -##### [Planning for Server Security](planning-for-server-security.md) -##### [Planning for Client Security](planning-for-client-security.md) -##### [Planning for Sequencer Security](planning-for-sequencer-security.md) -### [Application Virtualization Deployment and Upgrade Considerations](application-virtualization-deployment-and-upgrade-considerations-copy.md) -#### [Application Virtualization Deployment Requirements](application-virtualization-deployment-requirements.md) -##### [Application Virtualization System Requirements](application-virtualization-system-requirements.md) -##### [Application Virtualization Sequencer Hardware and Software Requirements](application-virtualization-sequencer-hardware-and-software-requirements.md) -##### [Application Virtualization Client Hardware and Software Requirements](application-virtualization-client-hardware-and-software-requirements.md) -#### [Application Virtualization Deployment and Upgrade Checklists](application-virtualization-deployment-and-upgrade-checklists.md) -##### [App-V Pre-Installation Checklist](app-v-pre-installation-checklist.md) -##### [App-V Installation Checklist](app-v-installation-checklist.md) -##### [App-V Postinstallation Checklist](app-v-postinstallation-checklist.md) -##### [App-V Upgrade Checklist](app-v-upgrade-checklist.md) -#### [How to Install the Servers and System Components](how-to-install-the-servers-and-system-components.md) -##### [How to Install Application Virtualization Management Server](how-to-install-application-virtualization-management-server.md) -##### [How to Install the Application Virtualization Streaming Server](how-to-install-the-application-virtualization-streaming-server.md) -##### [How to Install the Management Web Service](how-to-install-the-management-web-service.md) -##### [How to Install the Management Console](how-to-install-the-management-console.md) -##### [How to Install a Database](how-to-install-a-database.md) -##### [How to Remove the Application Virtualization System Components](how-to-remove-the-application-virtualization-system-components.md) -#### [How to Manually Install the Application Virtualization Client](how-to-manually-install-the-application-virtualization-client.md) -#### [How to Install the Application Virtualization Sequencer](how-to-install-the-application-virtualization-sequencer.md) -#### [How to Upgrade the Application Virtualization Client](how-to-upgrade-the-application-virtualization-client.md) -#### [How to Upgrade the Servers and System Components](how-to-upgrade-the-servers-and-system-components.md) -#### [How to Upgrade the Application Virtualization Sequencer](how-to-upgrade-the-application-virtualization-sequencer.md) -### [About Microsoft Application Virtualization 4.5](about-microsoft-application-virtualization-45.md) -#### [App-V 4.5 Release Notes](microsoft-application-virtualization-management-system-release-notes.md) -### [About Microsoft Application Virtualization 4.5 SP1](about-microsoft-application-virtualization-45-sp1.md) -#### [App-V 4.5 SP1 Release Notes](microsoft-application-virtualization-management-system-release-notes-45-sp1.md) -### [About Microsoft Application Virtualization 4.5 SP2](about-microsoft-application-virtualization-45-sp2.md) -#### [App-V 4.5 SP2 Release Notes](app-v-45-sp2-release-notes.md) -### [About Microsoft Application Virtualization 4.6](about-microsoft-application-virtualization-46.md) -#### [App-V 4.6 Release Notes](app-v-46-release-notes.md) -### [About Microsoft Application Virtualization 4.6 SP1](about-microsoft-application-virtualization-46-sp1.md) -#### [App-V 4.6 SP1 Release Notes](app-v-46-sp1-release-notes.md) -### [About Microsoft Application Virtualization 4.6 SP2](about-microsoft-application-virtualization-46-sp2.md) -#### [App-V 4.6 SP2 Release Notes](app-v-46-sp2-release-notes.md) -### [About Microsoft Application Virtualization 4.6 SP3](about-microsoft-application-virtualization-46-sp3.md) -#### [App-V 4.6 SP3 Release Notes](app-v-46-sp3-release-notes.md) -## [Planning and Deployment](planning-and-deployment-guide-for-the-application-virtualization-system.md) -### [Planning for Application Virtualization System Deployment](planning-for-application-virtualization-system-deployment.md) -#### [Best Practices for the Application Virtualization Sequencer](best-practices-for-the-application-virtualization-sequencer-sp1.md) -#### [Planning the Application Virtualization Sequencer Implementation](planning-the-application-virtualization-sequencer-implementation.md) -#### [Using Electronic Software Distribution as a Package Management Solution](using-electronic-software-distribution-as-a-package-management-solution.md) -##### [Publishing Virtual Applications Using Electronic Software Distribution](publishing-virtual-applications-using-electronic-software-distribution.md) -##### [Planning Your Streaming Solution in an Electronic Software Distribution Implementation](planning-your-streaming-solution-in-an-electronic-software-distribution-implementation.md) -#### [Using Application Virtualization Servers as a Package Management Solution](using-application-virtualization-servers-as-a-package-management-solution.md) -##### [Overview of the Application Virtualization System Components](overview-of-the-application-virtualization-system-components.md) -##### [Publishing Virtual Applications Using Application Virtualization Management Servers](publishing-virtual-applications-using-application-virtualization-management-servers.md) -##### [Planning Your Streaming Solution in an Application Virtualization Server-Based Implementation](planning-your-streaming-solution-in-an-application-virtualization-server-based-implementation.md) -#### [Planning for Application Virtualization Client Deployment](planning-for-application-virtualization-client-deployment.md) -#### [Planning for Migration from Previous Versions](planning-for-migration-from-previous-versions.md) -#### [Planning for Security and Protection](planning-for-security-and-protection.md) -##### [Security and Protection Overview](security-and-protection-overview.md) -##### [Planning for Server Security](planning-for-server-security.md) -##### [Planning for Client Security](planning-for-client-security.md) -##### [Planning for Sequencer Security](planning-for-sequencer-security.md) -### [Application Virtualization Deployment and Upgrade Considerations](application-virtualization-deployment-and-upgrade-considerations.md) -#### [Application Virtualization Deployment Requirements](application-virtualization-deployment-requirements.md) -##### [Application Virtualization System Requirements](application-virtualization-system-requirements.md) -##### [Application Virtualization Sequencer Hardware and Software Requirements](application-virtualization-sequencer-hardware-and-software-requirements.md) -##### [Application Virtualization Client Hardware and Software Requirements](application-virtualization-client-hardware-and-software-requirements.md) -##### [Configuring Prerequisite Groups in Active Directory for App-V](configuring-prerequisite-groups-in-active-directory-for-app-v.md) -##### [How to Configure Windows Server 2008 for App-V Management Servers](how-to-configure-windows-server-2008-for-app-v-management-servers.md) -#### [How to Upgrade the Servers and System Components](how-to-upgrade-the-servers-and-system-components.md) -#### [How to Upgrade the Application Virtualization Client](how-to-upgrade-the-application-virtualization-client.md) -#### [How to Upgrade the Application Virtualization Sequencer](how-to-upgrade-the-application-virtualization-sequencer.md) -#### [How to Install the Application Virtualization Sequencer](how-to-install-the-application-virtualization-sequencer.md) -### [Electronic Software Distribution-Based Scenario](electronic-software-distribution-based-scenario.md) -#### [Electronic Software Distribution-Based Scenario Overview](electronic-software-distribution-based-scenario-overview.md) -##### [Determine Your Publishing Method](determine-your-publishing-method.md) -##### [Determine Your Streaming Method](determine-your-streaming-method.md) -#### [How to Configure Servers for ESD-Based Deployment](how-to-configure-servers-for-esd-based-deployment.md) -##### [How to Configure the Application Virtualization Streaming Servers](how-to-configure-the-application-virtualization-streaming-servers.md) -##### [How to Configure the Server for IIS](how-to-configure-the-server-for-iis.md) -##### [How to Configure the File Server](how-to-configure-the-file-server.md) -#### [How to Install the Client by Using the Command Line](how-to-install-the-client-by-using-the-command-line-new.md) -##### [How to Install the App-V Client by Using Setup.exe](how-to-install-the-app-v-client-by-using-setupexe-new.md) -##### [How to Install the App-V Client by Using Setup.msi](how-to-install-the-app-v-client-by-using-setupmsi-new.md) -#### [How to Uninstall the App-V Client](how-to-uninstall-the-app-v-client.md) -#### [How to Publish a Virtual Application on the Client](how-to-publish-a-virtual-application-on-the-client.md) -### [Application Virtualization Server-Based Scenario](application-virtualization-server-based-scenario.md) -#### [Application Virtualization Server-Based Scenario Overview](application-virtualization-server-based-scenario-overview.md) -#### [How to Install the Servers and System Components](how-to-install-the-servers-and-system-components.md) -##### [How to Install Application Virtualization Management Server](how-to-install-application-virtualization-management-server.md) -##### [How to Install the Application Virtualization Streaming Server](how-to-install-the-application-virtualization-streaming-server.md) -##### [How to Install the Management Web Service](how-to-install-the-management-web-service.md) -##### [How to Install the Management Console](how-to-install-the-management-console.md) -##### [How to Install a Database](how-to-install-a-database.md) -##### [How to Remove the Application Virtualization System Components](how-to-remove-the-application-virtualization-system-components.md) -#### [How to Configure Servers for Server-Based Deployment](how-to-configure-servers-for-server-based-deployment.md) -##### [How to Configure the Application Virtualization Management Servers](how-to-configure-the-application-virtualization-management-servers.md) -##### [How to Configure the Application Virtualization Streaming Servers](how-to-configure-the-application-virtualization-streaming-servers.md) -##### [How to Configure the Server for IIS](how-to-configure-the-server-for-iis.md) -##### [How to Configure the Server to be Trusted for Delegation](how-to-configure-the-server-to-be-trusted-for-delegation.md) -##### [Configuring the Firewall for the App-V Servers](configuring-the-firewall-for-the-app-v-servers.md) -##### [How to Install and Configure the Default Application](how-to-install-and-configure-the-default-application.md) -#### [How to Configure a Read-only Cache on the App-V Client (VDI)](how-to-configure-a-read-only-cache-on-the-app-v-client--vdi-.md) -#### [How to Configure a Read-only Cache on the App-V Client (RDS)](how-to-configure-a-read-only-cache-on-the-app-v-client--rds--sp1.md) -#### [How to Configure Microsoft SQL Server Mirroring Support for App-V](how-to-configure-microsoft-sql-server-mirroring-support-for-app-v.md) -### [Stand-Alone Delivery Scenario for Application Virtualization Clients](stand-alone-delivery-scenario-for-application-virtualization-clients.md) -#### [Stand-Alone Delivery Scenario Overview](stand-alone-delivery-scenario-overview.md) -#### [How to Manually Install the Application Virtualization Client](how-to-manually-install-the-application-virtualization-client.md) -#### [How to Publish a Virtual Application on the Client](how-to-publish-a-virtual-application-on-the-client.md) -### [Application Virtualization Reference](application-virtualization-reference.md) -#### [Application Virtualization Client Installer Command-Line Parameters](application-virtualization-client-installer-command-line-parameters.md) -#### [SFTMIME Command Reference](sftmime--command-reference.md) -##### [ADD APP](add-app.md) -##### [ADD PACKAGE](add-package.md) -##### [ADD SERVER](add-server.md) -##### [ADD TYPE](add-type.md) -##### [CLEAR APP](clear-app.md) -##### [CLEAR OBJ](clear-obj.md) -##### [CONFIGURE APP](configure-app.md) -##### [CONFIGURE PACKAGE](configure-package.md) -##### [CONFIGURE SERVER](configure-server.md) -##### [CONFIGURE TYPE](configure-type.md) -##### [DELETE APP](delete-app.md) -##### [DELETE OBJ](delete-obj.md) -##### [DELETE PACKAGE](delete-package.md) -##### [DELETE SERVER](delete-server.md) -##### [DELETE TYPE](delete-type.md) -##### [HELP](help.md) -##### [LOAD APP](load-app.md) -##### [LOAD PACKAGE](load-package.md) -##### [LOCK APP](lock-app.md) -##### [PUBLISH APP](publish-app.md) -##### [PUBLISH PACKAGE](publish-package.md) -##### [QUERY OBJ](query-obj.md) -##### [REFRESH SERVER](refresh-server.md) -##### [REPAIR APP](repair-app.md) -##### [UNLOAD APP](unload-app.md) -##### [UNLOAD PACKAGE](unload-package.md) -##### [UNLOCK APP](unlock-app.md) -##### [UNPUBLISH PACKAGE](unpublish-package.md) -## [Operations](operations-guide-for-the-application-virtualization-system.md) -### [Application Virtualization Client](application-virtualization-client.md) -#### [How to Use the Desktop Notification Area for Application Virtualization Client Management](how-to-use-the-desktop-notification-area-for-application-virtualization-client-management.md) -##### [How to Refresh Virtual Applications from the Desktop Notification Area](how-to-refresh-virtual-applications-from-the-desktop-notification-area.md) -##### [How to Load Virtual Applications from the Desktop Notification Area](how-to-load-virtual-applications-from-the-desktop-notification-area.md) -##### [How to Cancel Loading of Virtual Applications from the Desktop Notification Area](how-to-cancel-loading-of-virtual-applications-from-the-desktop-notification-area.md) -##### [How to Work Offline or Online with Application Virtualization](how-to-work-offline-or-online-with-application-virtualization.md) -##### [How to Exit the App-V Client from the Notification Area](how-to-exit-the-app-v-client-from-the-notification-area.md) -#### [How to Manage Virtual Applications Manually](how-to-manage-virtual-applications-manually.md) -##### [How to Load or Unload an Application](how-to-load-or-unload-an-application.md) -##### [How to Clear an Application](how-to-clear-an-application.md) -##### [How to Repair an Application](how-to-repair-an-application.md) -##### [How to Import an Application](how-to-import-an-application.md) -##### [How to Lock or Unlock an Application](how-to-lock-or-unlock-an-application.md) -##### [How to Delete an Application](how-to-delete-an-application.md) -##### [How to Change an Application Icon](how-to-change-an-application-icon.md) -##### [How to Add an Application](how-to-add-an-application.md) -##### [How to Publish Application Shortcuts](how-to-publish-application-shortcuts.md) -##### [How to Add a File Type Association](how-to-add-a-file-type-association.md) -##### [How to Delete a File Type Association](how-to-delete-a-file-type-association.md) -#### [How to Configure the Application Virtualization Client Settings Manually](how-to-configure-the-application-virtualization-client-settings-manually.md) -##### [How to Perform General Administrative Tasks in the App-V Client Management Console](how-to-perform-general-administrative-tasks-in-the-app-v-client-management-console.md) -###### [How to Set Up Publishing Servers](how-to-set-up-publishing-servers.md) -###### [How to Refresh the Publishing Servers](how-to-refresh-the-publishing-servers.md) -###### [How to Disable or Modify Disconnected Operation Mode Settings](how-to-disable-or-modify-disconnected-operation-mode-settings.md) -###### [User Access Permissions in Application Virtualization Client](user-access-permissions-in-application-virtualization-client.md) -###### [Disconnected Operation Mode](disconnected-operation-mode.md) -##### [How to Configure the Client in the Application Virtualization Client Management Console](how-to-configure-the-client-in-the-application-virtualization-client-management-console.md) -###### [How to Change the Cache Size and the Drive Letter Designation](how-to-change-the-cache-size-and-the-drive-letter-designation.md) -###### [How to Change the Log Reporting Levels and Reset the Log Files](how-to-change-the-log-reporting-levels-and-reset-the-log-files.md) -###### [How to Change User Access Permissions](how-to-change-user-access-permissions.md) -###### [How to Change Import Search Paths](how-to-change-import-search-paths.md) -###### [How to Set Up Periodic Publishing Refresh](how-to-set-up-periodic-publishing-refresh.md) -###### [How to Set Up Publishing Refresh on Login](how-to-set-up-publishing-refresh-on-login.md) -#### [How to Manage Virtual Applications by Using the Command Line](how-to-manage-virtual-applications-by-using-the-command-line.md) -##### [How to Add a Package by Using the Command Line](how-to-add-a-package-by-using-the-command-line.md) -##### [How to Remove a Package by Using the Command Line](how-to-remove-a-package-by-using-the-command-line.md) -##### [How to Delete All Virtual Applications by Using the Command Line](how-to-delete-all-virtual-applications-by-using-the-command-line.md) -##### [How to Manage the App-V Client Cache Using Performance Counters](how-to-manage-the-app-v-client-cache-using-performance-counters.md) -#### [How to Configure the App-V Client Registry Settings by Using the Command Line](how-to-configure-the-app-v-client-registry-settings-by-using-the-command-line.md) -##### [How to Reset the FileSystem Cache](how-to-reset-the-filesystem-cache.md) -##### [How to Change the Size of the FileSystem Cache](how-to-change-the-size-of-the-filesystem-cache.md) -##### [How to Use the Cache Space Management Feature](how-to-use-the-cache-space-management-feature.md) -##### [How to Configure the Client Log File](how-to-configure-the-client-log-file.md) -##### [How to Configure User Permissions](how-to-configure-user-permissions.md) -##### [How to Configure the Client for Application Package Retrieval](how-to-configure-the-client-for-application-package-retrieval.md) -##### [How to Configure the Client for Disconnected Operation Mode](how-to-configure-the-client-for-disconnected-operation-mode.md) -##### [How to Configure Shortcut and File Type Association Behavior](how-to-configure-shortcut-and-file-type-association-behavior-46-only.md) -##### [How to Configure the Client for MIT Kerberos Realm Support](how-to-configure-the-client-for-mit-kerberos-realm-support.md) -#### [Troubleshooting Information for the Application Virtualization Client](troubleshooting-information-for-the-application-virtualization-client.md) -#### [Application Virtualization Client Reference](application-virtualization-client-reference.md) -##### [SFTMIME Command Reference](sftmime--command-reference.md) -###### [ADD APP](add-app.md) -###### [ADD PACKAGE](add-package.md) -###### [ADD SERVER](add-server.md) -###### [ADD TYPE](add-type.md) -###### [CLEAR APP](clear-app.md) -###### [CLEAR OBJ](clear-obj.md) -###### [CONFIGURE APP](configure-app.md) -###### [CONFIGURE PACKAGE](configure-package.md) -###### [CONFIGURE SERVER](configure-server.md) -###### [CONFIGURE TYPE](configure-type.md) -###### [DELETE APP](delete-app.md) -###### [DELETE OBJ](delete-obj.md) -###### [DELETE PACKAGE](delete-package.md) -###### [DELETE SERVER](delete-server.md) -###### [DELETE TYPE](delete-type.md) -###### [HELP](help.md) -###### [LOAD APP](load-app.md) -###### [LOAD PACKAGE](load-package.md) -###### [LOCK APP](lock-app.md) -###### [PUBLISH APP](publish-app.md) -###### [PUBLISH PACKAGE](publish-package.md) -###### [QUERY OBJ](query-obj.md) -###### [REFRESH SERVER](refresh-server.md) -###### [REPAIR APP](repair-app.md) -###### [UNLOAD APP](unload-app.md) -###### [UNLOAD PACKAGE](unload-package.md) -###### [UNLOCK APP](unlock-app.md) -###### [UNPUBLISH PACKAGE](unpublish-package.md) -##### [SFTTRAY Command Reference](sfttray-command-reference.md) -##### [Application Virtualization Client WMI Provider](application-virtualization-client-wmi-provider.md) -###### [App-V Application WMI Class](app-v-application-wmi-class.md) -###### [App-V Package WMI Class](app-v-package-wmi-class.md) -##### [Log File for the Application Virtualization Client](log-file-for-the-application-virtualization-client.md) -##### [App-V Client Registry Values](app-v-client-registry-values-sp1.md) -##### [App-V Interoperability with Windows AppLocker](app-v-interoperability-with-windows-applocker.md) -##### [Support for Client Reporting over HTTP](support-for-client-reporting-over-http.md) -### [Application Virtualization Server](application-virtualization-server.md) -#### [Monitoring Application Virtualization Servers](monitoring-application-virtualization-servers.md) -#### [How to Load Files and Packages](how-to-load-files-and-packages.md) -#### [How to Perform Administrative Tasks in the Application Virtualization Server Management Console](how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md) -##### [How to Connect to an Application Virtualization System](how-to-connect-to-an-application-virtualization-system.md) -##### [How to Manage Applications in the Server Management Console](how-to-manage-applications-in-the-server-management-console.md) -###### [How to Import an Application](how-to-import-an-applicationserver.md) -###### [How to Rename an Application](how-to-rename-an-application.md) -###### [How to Delete an Application](how-to-delete-an-application-server.md) -###### [How to Manually Add an Application](how-to-manually-add-an-application.md) -###### [How to Move an Application](how-to-move-an-application.md) -###### [How to Grant Access to an Application](how-to-grant-access-to-an-application.md) -###### [How to Deny Access to an Application](how-to-deny-access-to-an-application.md) -###### [How to Change an Application Icon](how-to-change-an-application-iconserver.md) -##### [How to Manage Application Groups in the Server Management Console](how-to-manage-application-groups-in-the-server-management-console.md) -###### [How to Create an Application Group](how-to-create-an-application-group.md) -###### [How to Move an Application Group](how-to-move-an-application-group.md) -###### [How to Rename an Application Group](how-to-rename-an-application-group.md) -###### [How to Remove an Application Group](how-to-remove-an-application-group.md) -##### [How to Manage Packages in the Server Management Console](how-to-manage-packages-in-the-server-management-console.md) -###### [How to Add a Package](how-to-add-a-package.md) -###### [How to Add a Package Version](how-to-add-a-package-version.md) -###### [How to Delete a Package](how-to-delete-a-packageserver.md) -###### [How to Delete a Package Version](how-to-delete-a-package-version.md) -###### [How to Upgrade a Package](how-to-upgrade-a-package.md) -##### [How to Manage Reports in the Server Management Console](how-to-manage-reports-in-the-server-management-console.md) -###### [Application Virtualization Report Types](application-virtualization-report-types.md) -####### [System Utilization Report](system-utilization-reportserver.md) -####### [Software Audit Report](software-audit-reportserver.md) -####### [Application Utilization Report](application-utilization-reportserver.md) -####### [System Error Report](system-error-reportserver.md) -###### [How to Create a Report](how-to-create-a-reportserver.md) -###### [How to Run a Report](how-to-run-a-reportserver.md) -###### [How to Print a Report](how-to-print-a-reportserver.md) -###### [How to Export a Report](how-to-export-a-reportserver.md) -###### [How to Delete a Report](how-to-delete-a-reportserver.md) -##### [How to Manage Servers in the Server Management Console](how-to-manage-servers-in-the-server-management-console.md) -###### [How to Create a Server Group](how-to-create-a-server-group.md) -###### [How to Remove a Server Group](how-to-remove-a-server-group.md) -###### [How to Add a Server](how-to-add-a-server.md) -###### [How to Remove a Server](how-to-remove-a-server.md) -###### [How to Change the Server Cache Size](how-to-change-the-server-cache-size.md) -###### [How to Change the Server Port](how-to-change-the-server-port.md) -##### [How to Manage Application Licenses in the Server Management Console](how-to-manage-application-licenses-in-the-server-management-console.md) -###### [How to Create an Application License Group](how-to-create-an-application-license-group.md) -###### [How to Associate an Application with a License Group](how-to-associate-an-application-with-a-license-group.md) -###### [How to Remove an Application from a License Group](how-to-remove-an-application-from-a-license-group.md) -###### [How to Remove an Application License Group](how-to-remove-an-application-license-group.md) -###### [How to Set Up an Unlimited License Group](how-to-set-up-an-unlimited-license-group.md) -###### [How to Set Up a Concurrent License Group](how-to-set-up-a-concurrent-license-group.md) -###### [How to Set Up a Named License Group](how-to-set-up-a-named-license-group.md) -##### [How to Customize an Application Virtualization System in the Server Management Console](how-to-customize-an-application-virtualization-system-in-the-server-management-console.md) -###### [How to Set Up and Enable or Disable Authentication](how-to-set-up-and-enable-or-disable-authentication.md) -###### [How to Set Up or Disable Usage Reporting](how-to-set-up-or-disable-usage-reporting.md) -###### [How to Set Up or Disable Database Size](how-to-set-up-or-disable-database-size.md) -###### [How to Set Up or Disable Application Licensing](how-to-set-up-or-disable-application-licensing.md) -###### [How to Add an Administrator Group](how-to-add-an-administrator-group.md) -###### [How to Delete an Administrator Group](how-to-delete-an-administrator-group.md) -##### [How to Change the Server Logging Level and the Database Parameters](how-to-change-the-server-logging-level-and-the-database-parameters.md) -#### [How to Configure the App-V System for Package Upgrade](how-to-configure-the-app-v-system-for-package-upgrade.md) -#### [Troubleshooting Information for the Application Virtualization Server](troubleshooting-information-for-the-application-virtualization-server.md) -#### [How to Migrate the App-V SQL Database to a Different SQL Server](how-to-migrate-the-app-v-sql-database-to-a-different-sql-server.md) -### [Application Virtualization Sequencer](application-virtualization-sequencer.md) -#### [Application Virtualization Sequencer Console Overview](application-virtualization-sequencer-console-overview.md) -#### [About Sequencing Phases](about-sequencing-phases.md) -#### [About App-V Package Accelerators (App-V 4.6 SP1)](about-app-v-package-accelerators--app-v-46-sp1-.md) -#### [How to Determine Whether to Edit or Upgrade a Virtual Application Package](how-to-determine-whether-to-edit-or-upgrade-a-virtual-application-package.md) -#### [How to Configure the App-V Sequencer](how-to-configure-the-app-v-sequencer.md) -##### [How to Modify the Log Directory Location](how-to-modify-the-log-directory-location.md) -##### [How to Create the Sequencer Package Root Directory](how-to-create-the-sequencer-package-root-directory.md) -##### [How to Modify the Scratch Directory Location](how-to-modify-the-scratch-directory-location.md) -#### [Configuring the Application Virtualization Sequencer (App-V 4.6 SP1)](configuring-the-application-virtualization-sequencer--app-v-46-sp1-.md) -##### [How to Install the Sequencer (App-V 4.6 SP1)](how-to-install-the-sequencer---app-v-46-sp1-.md) -##### [How to Create an App-V Project Template (App-V 4.6 SP1)](how-to-create-an-app-v-project-template--app-v-46-sp1-.md) -#### [How to Create or Upgrade Virtual Applications Using the App-V Sequencer](how-to-create-or-upgrade-virtual-applications-using--the-app-v-sequencer.md) -##### [How to Sequence an Application](how-to-sequence-an-application.md) -##### [How to Sequence a New Application (App-V 4.6)](how-to-sequence-a-new-application--app-v-46-.md) -##### [How to Edit an Existing Virtual Application](how-to-edit-an-existing-virtual-application.md) -##### [How to Modify a Virtual Application Package (App-V 4.6)](how-to-modify-a-virtual-application-package--app-v-46-.md) -##### [How to Upgrade an Existing Virtual Application](how-to-upgrade-an-existing-virtual-application.md) -##### [How to Upgrade a Virtual Application Package (App-V 4.6)](how-to-upgrade-a-virtual-application-package--app-v-46-.md) -##### [How to Modify the Operating Systems Associated With an Existing Windows Installer File](how-to-modify-the-operating-systems-associated-with-an-existing-windows-installer-file.md) -##### [How to Sequence a New Application by Using the Command Line](how-to-sequence-a-new-application-by-using-the-command-line.md) -##### [How to Upgrade a Virtual Application by Using the Command Line](how-to-upgrade-a-virtual-application-by-using-the-command-line.md) -##### [How To Use Dynamic Suite Composition](how-to-use-dynamic-suite-composition.md) -##### [How to Use the Differential SFT File](how-to-use-the-differential-sft-file.md) -#### [Tasks for the Application Virtualization Sequencer (App-V 4.6 SP1)](tasks-for-the-application-virtualization-sequencer--app-v-46-sp1-.md) -##### [How to Determine Which Type of Application to Sequence (App-V 4.6 SP1)](how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md) -##### [How to Sequence a New Standard Application (App-V 4.6 SP1)](how-to-sequence-a-new-standard-application--app-v-46-sp1-.md) -##### [How to Sequence a New Add-on or Plug-in Application (App-V 4.6 SP1)](how-to-sequence-a-new-add-on-or-plug-in-application--app-v-46-sp1-.md) -##### [How to Sequence a New Middleware Application (App-V 4.6 SP1)](how-to-sequence-a-new-middleware-application--app-v-46-sp1-.md) -##### [How to Modify an Existing Virtual Application Package (App-V 4.6 SP1)](how-to-modify-an-existing-virtual-application-package--app-v-46-sp1-.md) -##### [How to Apply a Package Accelerator to Create a Virtual Application Package (App-V 4.6 SP1)](how-to-apply-a-package-accelerator-to-create-a-virtual-application-package---app-v-46-sp1-.md) -##### [How to Apply an App-V Project Template (App-V 4.6 SP1)](how-to-apply-an-app-v-project-template--app-v-46-sp1-.md) -##### [How to Create App-V Package Accelerators (App-V 4.6 SP1)](how-to-create-app-v-package-accelerators--app-v-46-sp1-.md) -#### [Troubleshooting Application Virtualization Sequencer Issues](troubleshooting-application-virtualization-sequencer-issues.md) -#### [Application Virtualization Sequencer Reference](application-virtualization-sequencer-reference.md) -##### [Log Files for the Application Virtualization Sequencer](log-files-for-the-application-virtualization-sequencer.md) -##### [Sequencer Command-Line Parameters](sequencer-command-line-parameters.md) -##### [Sequencer Command-Line Error Codes](sequencer-command-line-error-codes.md) -##### [Dialog Boxes (AppV 4.6 SP1)](dialog-boxes--appv-46-sp1-.md) -###### [Incompatible Installer Dialog Box (App-V 4.6 SP1)](incompatible-installer-dialog-box--app-v-46-sp1-.md) -###### [Failed Launch Dialog Box (App-V 4.6 SP1)](failed-launch-dialog-box--app-v-46-sp1-.md) -###### [Oversized Package Dialog Box (App-V 4.6 SP1)](oversized-package-dialog-box--app-v-46-sp1-.md) -###### [Restart Task Failure Dialog Box (App-V 4.6 SP1)](restart-task-failure-dialog-box--app-v-46-sp1-.md) -###### [Side-by-side Privatization Failed Dialog Box (App-V 4.6 SP1)](side-by-side-privatization-failed-dialog-box--app-v-46-sp1-.md) -###### [SXS Conflict Detected Dialog Box (App-V 4.6 SP1)](sxs-conflict-detected-dialog-box--app-v-46-sp1-.md) -###### [Files Excluded Page Dialog Box (App-V 4.6 SP1)](files-excluded-page-dialog-box--app-v-46-sp1-.md) -###### [Defender Running Dialog Box (App-V 4.6 SP1)](defender-running-dialog-box--app-v-46-sp1-.md) -###### [Defrag Running Dialog Box (App-V 4.6 SP1)](defrag-running-dialog-box--app-v-46-sp1-.md) -###### [Antivirus Running Dialog Box (App-V 4.6 SP1)](antivirus-running-dialog-box--app-v-46-sp1-.md) -##### [Wizard Pages (AppV 4.6 SP1)](wizard-pages--appv-46-sp1-.md) -###### [Create Package Accelerator Wizard (AppV 4.6 SP1)](create-package-accelerator-wizard--appv-46-sp1-.md) -####### [About Sharing Package Accelerators Page](about-sharing-package-accelerators-page.md) -####### [Select Package (Learn More) Page](select-package--learn-more--page.md) -####### [Installation Files Page](installation-files-page.md) -####### [Gathering Information Page (Learn More)](gathering-information-page--learn-more-.md) -####### [Select Files Page](select-files-page.md) -####### [Verify Applications Page (Package Accelerators)](verify-applications-page--package-accelerators-.md) -####### [Select Guidance Page (Package Accelerators)](select-guidance-page--package-accelerators-.md) -####### [Create Package Accelerator Page](create-package-accelerator-page.md) -####### [Create Package Accelerator (Review Errors) Page](create-package-accelerator--review-errors--page.md) -####### [Completion Page](completion-page.md) -###### [Create New Package Wizard (AppV 4.6 SP1)](create-new-package-wizard---appv-46-sp1-.md) -####### [Packaging Method Page (Learn More)](packaging-method-page--learn-more-.md) -####### [Prepare Computer Page (Learn More)](prepare-computer-page--learn-more-.md) -####### [Type of Application Page (Learn More)](type-of-application-page--learn-more-.md) -####### [Select Installer Page (Learn More)](select-installer-page--learn-more-.md) -####### [Package Name Page (Learn More)](package-name-page---learn-more-.md) -####### [Installation Page (Learn More)](installation-page--learn-more-.md) -####### [Configure Software Page (Learn More)](configure-software-page--learn-more-.md) -####### [Installation Report Page (Learn More)](installation-report-page--learn-more-.md) -####### [Customize Page (Learn More)](customize-page--learn-more-.md) -######## [Edit Shortcuts](edit-shortcuts-learn-more.md) -######## [Streaming Page](streaming-page-learn-more.md) -######## [Target OS Page](target-os-page-learn-more.md) -####### [Select Primary Page (Learn More)](select-primary-page--learn-more-.md) -###### [Open Package Wizard (AppV 4.6 SP1)](open-package-wizard---appv-46-sp1-.md) -####### [Select Task Page (Learn More)](select-task-page--learn-more-.md) -####### [Packaging Method (Learn More)](packaging-method--learn-more-.md) -###### [Sequencer Wizard - Package Accelerator (AppV 4.6 SP1)](sequencer-wizard---package-accelerator--appv-46-sp1-.md) -####### [Select Package Accelerator Page](select-package-accelerator-page.md) -####### [Select Package Accelerator (Learn More) Page](select-package-accelerator--learn-more--page.md) -####### [Guidance Page [App-V 4.6 SP1]](guidance-page-app-v-46-sp1.md) -####### [Select Installation Files Page [App-V 4.6 SP1]](select-installation-files-page-app-v-46-sp1.md) -####### [Package Name Page [App-V 4.6 SP1]](package-name-page--app-v-46-sp1.md) -####### [Create Package Page [App-V 4.6 SP1]](create-package-page--app-v-46-sp1.md) -####### [Configure Software Page [App-V 4.6 SP1]](configure-software-page-app-v-46-sp1.md) -####### [Run Each Program Page [App-V 4.6 SP1]](run-each-program-page-app-v-46-sp1.md) -####### [Completion Page [Package Accelerator]](completion-page-package-accelerator.md) -## [Online Help for Application Virtualization](online-help-for-application-virtualization.md) -### [Application Virtualization Client Help](microsoft-application-virtualization-client-management-help.md) -#### [Application Virtualization Client Management Console Roadmap](application-virtualization-client-management-console-roadmap.md) -#### [About Virtual Environments](about-virtual-environments.md) -#### [How to Use the Desktop Notification Area for Application Virtualization Client Management](how-to-use-the-desktop-notification-area-for-application-virtualization-client-management.md) -##### [How to Refresh Virtual Applications from the Desktop Notification Area](how-to-refresh-virtual-applications-from-the-desktop-notification-area.md) -##### [How to Load Virtual Applications from the Desktop Notification Area](how-to-load-virtual-applications-from-the-desktop-notification-area.md) -##### [How to Cancel Loading of Virtual Applications from the Desktop Notification Area](how-to-cancel-loading-of-virtual-applications-from-the-desktop-notification-area.md) -##### [How to Work Offline or Online with Application Virtualization](how-to-work-offline-or-online-with-application-virtualization.md) -##### [How to Exit the App-V Client from the Notification Area](how-to-exit-the-app-v-client-from-the-notification-area.md) -#### [Application Virtualization Client Management Console](application-virtualization-client-management-console.md) -##### [Application Virtualization Client Management Console Overview](application-virtualization-client-management-console-overview.md) -###### [About Application Virtualization Servers](about-application-virtualization-servers.md) -###### [User Access Permissions in Application Virtualization Client](user-access-permissions-in-application-virtualization-client.md) -###### [Disconnected Operation Mode](disconnected-operation-mode.md) -##### [How to Perform General Administrative Tasks in the Client Management Console](how-to-perform-general-administrative-tasks-in-the-client-management-console.md) -###### [How to Set Up Publishing Servers](how-to-set-up-publishing-servers.md) -###### [How to Refresh the Publishing Servers](how-to-refresh-the-publishing-servers.md) -###### [How to Disable or Modify Disconnected Operation Mode Settings](how-to-disable-or-modify-disconnected-operation-mode-settings.md) -##### [How to Manage Applications in the Client Management Console](how-to-manage-applications-in-the-client-management-console.md) -###### [How to Load or Unload an Application](how-to-load-or-unload-an-application.md) -###### [How to Clear an Application](how-to-clear-an-application.md) -###### [How to Repair an Application](how-to-repair-an-application.md) -###### [How to Import an Application](how-to-import-an-application.md) -###### [How to Lock or Unlock an Application](how-to-lock-or-unlock-an-application.md) -###### [How to Delete an Application](how-to-delete-an-application.md) -###### [How to Change an Application Icon](how-to-change-an-application-icon.md) -##### [How to Configure the Client in the Application Virtualization Client Management Console](how-to-configure-the-client-in-the-application-virtualization-client-management-console.md) -###### [How to Change the Cache Size and the Drive Letter Designation](how-to-change-the-cache-size-and-the-drive-letter-designation.md) -###### [How to Change the Log Reporting Levels and Reset the Log Files](how-to-change-the-log-reporting-levels-and-reset-the-log-files.md) -###### [How to Change User Access Permissions](how-to-change-user-access-permissions.md) -###### [How to Change Import Search Paths](how-to-change-import-search-paths.md) -###### [How to Set Up Periodic Publishing Refresh](how-to-set-up-periodic-publishing-refresh.md) -###### [How to Set Up Publishing Refresh on Login](how-to-set-up-publishing-refresh-on-login.md) -##### [How to Manually Manage Applications in the Client Management Console](how-to-manually-manage-applications-in-the-client-management-console.md) -###### [How to Add an Application](how-to-add-an-application.md) -###### [How to Publish Application Shortcuts](how-to-publish-application-shortcuts.md) -###### [How to Add a File Type Association](how-to-add-a-file-type-association.md) -###### [How to Delete a File Type Association](how-to-delete-a-file-type-association.md) -#### [Application Virtualization Client Management Console Reference](application-virtualization-client-management-console-reference.md) -##### [Client Management Console: Application Virtualization Node](client-management-console-application-virtualization-node.md) -##### [Client Management Console: About Dialog Boxes](client-management-console-about-dialog-boxes.md) -##### [Client Management Console: Applications Node](client-management-console-applications-node.md) -###### [Applications Node](applications-node.md) -###### [Applications Results Pane](applications-results-pane.md) -###### [Applications Results Pane Columns](applications-results-pane-columns.md) -##### [Client Management Console: File Type Associations Node](client-management-console-file-type-associations-node.md) -###### [File Type Associations Node](file-type-associations-node-client.md) -###### [File Type Association Results Pane](file-type-association-results-pane.md) -###### [File Type Association Results Pane Columns](file-type-association-results-pane-columns.md) -##### [Client Management Console: Publishing Servers Node](client-management-console-publishing-servers-node.md) -###### [Publishing Servers Node](publishing-servers-node.md) -###### [Publishing Servers Results Pane](publishing-servers-results-pane.md) -###### [Publishing Servers Results Pane Columns](publishing-servers-results-pane-columns.md) -##### [Client Management Console: Application Virtualization Properties](client-management-console-application-virtualization-properties.md) -###### [Application Virtualization Properties: General Tab](application-virtualization-properties-general-tab.md) -###### [Application Virtualization Properties: Interface Tab](application-virtualization-properties-interface-tab.md) -###### [Application Virtualization Properties: File System Tab](application-virtualization-properties-file-system-tab.md) -###### [Application Virtualization Properties: Import Search Path Tab](application-virtualization-properties-import-search-path-tab.md) -###### [Application Virtualization Properties: Connectivity Tab](application-virtualization-properties-connectivity-tab.md) -###### [Application Virtualization Properties: Permissions Tab](application-virtualization-properties-permissions-tab.md) -### [Application Virtualization Server Help](application-virtualization-server-management-help.md) -#### [About the Application Virtualization Server Management Console](about-the-application-virtualization-server-management-console.md) -##### [About Application Virtualization Applications](about-application-virtualization-applications.md) -##### [About Application Virtualization Packages](about-application-virtualization-packages.md) -##### [About Publishing](about-publishing.md) -##### [About Application Licensing](about-application-licensing.md) -#### [How to Perform Administrative Tasks in the Application Virtualization Server Management Console](how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md) -##### [How to Connect to an Application Virtualization System](how-to-connect-to-an-application-virtualization-system.md) -##### [How to Manage Applications in the Server Management Console](how-to-manage-applications-in-the-server-management-console.md) -###### [How to Import an Application](how-to-import-an-applicationserver.md) -###### [How to Rename an Application](how-to-rename-an-application.md) -###### [How to Delete an Application](how-to-delete-an-application-server.md) -###### [How to Manually Add an Application](how-to-manually-add-an-application.md) -###### [How to Move an Application](how-to-move-an-application.md) -###### [How to Grant Access to an Application](how-to-grant-access-to-an-application.md) -###### [How to Deny Access to an Application](how-to-deny-access-to-an-application.md) -###### [How to Change an Application Icon](how-to-change-an-application-iconserver.md) -##### [How to Manage Application Groups in the Server Management Console](how-to-manage-application-groups-in-the-server-management-console.md) -###### [How to Create an Application Group](how-to-create-an-application-group.md) -###### [How to Move an Application Group](how-to-move-an-application-group.md) -###### [How to Rename an Application Group](how-to-rename-an-application-group.md) -###### [How to Remove an Application Group](how-to-remove-an-application-group.md) -##### [How to Manage Packages in the Server Management Console](how-to-manage-packages-in-the-server-management-console.md) -###### [How to Add a Package](how-to-add-a-package.md) -###### [How to Add a Package Version](how-to-add-a-package-version.md) -###### [How to Delete a Package](how-to-delete-a-packageserver.md) -###### [How to Delete a Package Version](how-to-delete-a-package-version.md) -###### [How to Upgrade a Package](how-to-upgrade-a-package.md) -##### [How to Manage Reports in the Server Management Console](how-to-manage-reports-in-the-server-management-console.md) -###### [Application Virtualization Report Types](application-virtualization-report-types.md) -####### [System Utilization Report](system-utilization-reportserver.md) -####### [Software Audit Report](software-audit-reportserver.md) -####### [Application Utilization Report](application-utilization-reportserver.md) -####### [System Error Report](system-error-reportserver.md) -###### [How to Create a Report](how-to-create-a-reportserver.md) -###### [How to Run a Report](how-to-run-a-reportserver.md) -###### [How to Print a Report](how-to-print-a-reportserver.md) -###### [How to Export a Report](how-to-export-a-reportserver.md) -###### [How to Delete a Report](how-to-delete-a-reportserver.md) -##### [How to Manage Servers in the Server Management Console](how-to-manage-servers-in-the-server-management-console.md) -###### [How to Create a Server Group](how-to-create-a-server-group.md) -###### [How to Remove a Server Group](how-to-remove-a-server-group.md) -###### [How to Add a Server](how-to-add-a-server.md) -###### [How to Remove a Server](how-to-remove-a-server.md) -###### [How to Change the Server Cache Size](how-to-change-the-server-cache-size.md) -###### [How to Change the Server Port](how-to-change-the-server-port.md) -##### [How to Manage Application Licenses in the Server Management Console](how-to-manage-application-licenses-in-the-server-management-console.md) -###### [How to Create an Application License Group](how-to-create-an-application-license-group.md) -###### [How to Associate an Application with a License Group](how-to-associate-an-application-with-a-license-group.md) -###### [How to Remove an Application from a License Group](how-to-remove-an-application-from-a-license-group.md) -###### [How to Remove an Application License Group](how-to-remove-an-application-license-group.md) -###### [How to Set Up an Unlimited License Group](how-to-set-up-an-unlimited-license-group.md) -###### [How to Set Up a Concurrent License Group](how-to-set-up-a-concurrent-license-group.md) -###### [How to Set Up a Named License Group](how-to-set-up-a-named-license-group.md) -##### [How to Customize an Application Virtualization System in the Server Management Console](how-to-customize-an-application-virtualization-system-in-the-server-management-console.md) -###### [How to Set Up and Enable or Disable Authentication](how-to-set-up-and-enable-or-disable-authentication.md) -###### [How to Set Up or Disable Usage Reporting](how-to-set-up-or-disable-usage-reporting.md) -###### [How to Set Up or Disable Database Size](how-to-set-up-or-disable-database-size.md) -###### [How to Set Up or Disable Application Licensing](how-to-set-up-or-disable-application-licensing.md) -###### [How to Add an Administrator Group](how-to-add-an-administrator-group.md) -###### [How to Delete an Administrator Group](how-to-delete-an-administrator-group.md) -##### [How to Change the Server Logging Level and the Database Parameters](how-to-change-the-server-logging-level-and-the-database-parameters.md) -##### [How to Configure Microsoft SQL Server Mirroring Support for App-V](how-to-configure-microsoft-sql-server-mirroring-support-for-app-v.md) -#### [Application Virtualization Server Management Console Reference](application-virtualization-server-management-console-reference.md) -##### [Server Management Console: Application Virtualization System Node](server-management-console-application-virtualization-system-node.md) -##### [Server Management Console: About Dialog Boxes](server-management-console-about-dialog-boxes.md) -##### [Server Management Console: Applications Node](server-management-console-applications-node.md) -###### [Applications Node](applications-node-in-server-management-console.md) -###### [Applications Results Pane](applications-results-pane-in-server-management-console.md) -###### [Applications Results Pane Columns](applications-results-pane-columns-in-server-management-console.md) -##### [Server Management Console: File Type Associations Node](server-management-console-file-type-associations-node.md) -###### [File Type Associations Node](file-type-associations-node.md) -###### [File Type Associations Results Pane](file-type-associations-results-pane.md) -###### [File Type Associations Results Pane Columns](file-type-associations-results-pane-columns.md) -##### [Server Management Console: Packages Node](server-management-console-packages-node.md) -###### [Packages Node](packages-node.md) -###### [Package Results Pane](package-results-pane.md) -###### [Package Results Pane Columns](package-results-pane-columns.md) -##### [Server Management Console: Application Licenses Node](server-management-console-application-licenses-node.md) -###### [Applications Licenses Node](applications-licenses-node.md) -###### [Applications Licenses Results Pane](applications-licenses-results-pane.md) -###### [Applications Licenses Results Pane Columns](applications-licenses-results-pane-columns.md) -##### [Server Management Console: Server Groups Node](server-management-console-server-groups-node.md) -###### [Server Groups Node](server-groups-node.md) -###### [Server Groups Results Pane](server-groups-results-pane.md) -###### [Server Groups Results Pane Columns](server-groups-results-pane-columns.md) -##### [Server Management Console: Provider Policies Node](server-management-console-provider-policies-node.md) -###### [Provider Policies Node](provider-policies-node.md) -###### [Provider Policies Results Pane](provider-policies-results-pane.md) -###### [Provider Policies Results Pane Columns](provider-policies-results-pane-columns.md) -##### [Server Management Console: Administrators Node](server-management-console-administrators-node.md) -###### [Administrators Node](administrators-node.md) -###### [Administrators Results Pane](administrators-results-pane.md) -###### [Administrators Results Pane Columns](administrators-results-pane-columns.md) -##### [Server Management Console: Reports Node](server-management-console-reports-node.md) -###### [Reports Node](reports-node.md) -###### [Reports Results Pane](reports-results-pane.md) -###### [Reports Results Pane Columns](reports-results-pane-columns.md) -### [Application Virtualization Sequencer Online Help](application-virtualization-sequencer-online-help.md) -#### [Application Virtualization Sequencer Overview](application-virtualization-sequencer-overview.md) -##### [About the Application Virtualization Sequencer](about-the-application-virtualization-sequencer.md) -##### [About the Sequencer Console](about-the-sequencer-console.md) -##### [About Using the Sequencer Command Line](about-using-the-sequencer-command-line.md) -##### [Best Practices for the Application Virtualization Sequencer](best-practices-for-the-application-virtualization-sequencer-sp1.md) -#### [Sequencer Hardware and Software Requirements](sequencer-hardware-and-software-requirements.md) -#### [Configuring the Application Virtualization Sequencer](configuring-the-application-virtualization-sequencer.md) -##### [How to Install the Sequencer](how-to-install-the-sequencer.md) -##### [How to Create the Package Root Directory](how-to-create-the-package-root-directory.md) -##### [How to Modify the Location of the Log Directory](how-to-modify-the-location-of-the-log-directory.md) -##### [How to Modify the Location of the Scratch Directory](how-to-modify-the-location-of-the-scratch-directory.md) -#### [Tasks for the Application Virtualization Sequencer](tasks-for-the-application-virtualization-sequencer.md) -##### [How to Sequence a New Application](how-to-sequence-a-new-application.md) -##### [How to Create a Virtual Environment for a Web-Based Application](how-to-create-a-virtual-environment-for-a-web-based-application.md) -##### [How to Upgrade a Sequenced Virtual Application Package](how-to-upgrade-a-sequenced-virtual-application-package.md) -##### [How to Branch a Package](how-to-branch-a-package.md) -##### [How to Upgrade a Package Using the Open Package Command](how-to-upgrade-a-package-using-the-open-package-command.md) -##### [How to Manage Virtual Applications Using the Command Line](how-to-manage-virtual-applications-using-the-command-line.md) -###### [How to Open a Sequenced Application Using the Command Line](how-to-open-a-sequenced-application-using-the-command-line.md) -###### [How to Sequence a New Application Package Using the Command Line](how-to-sequence-a-new-application-package-using-the-command-line.md) -###### [How to Upgrade a Sequenced Application Package Using the Command Line](how-to-upgrade-a-sequenced-application-package-using-the-command-line.md) -#### [Troubleshooting the Application Virtualization Sequencer](troubleshooting-the-application-virtualization-sequencer.md) -#### [Application Virtualization Sequencer Technical Reference](application-virtualization-sequencer-technical-reference-keep.md) -##### [Sequencer Dialog Boxes](sequencer-dialog-boxes.md) -###### [Application Virtualization Sequencer Options Dialog Box](application-virtualization-sequencer-options-dialog-box.md) -####### [General Tab](general-tab-keep.md) -####### [Parse Items Tab](parse-items-tab-keep.md) -####### [Exclusion Items Tab](exclusion-items-tab-keep.md) -####### [Exclusion Item Dialog Box](exclusion-item-dialog-box.md) -###### [Application Virtualization Sequencing Wizard-Add Application Dialog Box](application-virtualization-sequencing-wizard-add-application-dialog-box.md) -###### [Application Virtualization Sequencing Wizard-Add File Type Association Dialog Box](application-virtualization-sequencing-wizard-add-file-type-association-dialog-box.md) -###### [Application Virtualization Sequencing Wizard-Shortcut Locations Dialog Box](application-virtualization-sequencing-wizard-shortcut-locations-dialog-box.md) -##### [Sequencing Wizard](sequencing-wizard.md) -###### [Package Information Page](application-virtualization-sequencing-wizard-package-information-page-keep.md) -###### [Advanced Options Page](application-virtualization-sequencing-wizard-advanced-options-page.md) -###### [Monitor Installation Page](application-virtualization-sequencing-wizard-monitor-installation-page.md) -###### [Add Files to Virtual File System Page](application-virtualization-sequencing-wizard-add-files-to-virtual-file-system-page.md) -###### [Virtual Application Package Additional Components](virtual-application-package-additional-components.md) -###### [Configure Application Page](application-virtualization-sequencing-wizard-configure-application-page-keep.md) -###### [Launch Applications Page](application-virtualization-sequencing-wizard-launch-applications-page.md) -###### [Sequence Package Page](application-virtualization-sequencing-wizard-sequence-package-page.md) -##### [Sequencer Console](sequencer-console.md) -###### [Properties Tab](properties-tab-keep.md) -####### [About the Properties Tab](about-the-properties-tab.md) -####### [How to Change Package Properties](how-to-change-package-properties.md) -###### [Deployment Tab](deployment-tab.md) -####### [About the Deployment Tab](about-the-deployment-tab.md) -####### [How to Change Deployment Properties](how-to-change-deployment-properties.md) -###### [Change History Tab](change-history-tab-keep.md) -###### [Files Tab](files-tab-keep.md) -####### [About the Files Tab](about-the-files-tab.md) -####### [How to Modify the Files Included in a Package](how-to-modify-the-files-included-in-a-package.md) -###### [Virtual Registry Tab](virtual-registry-tab-keep.md) -####### [About the Virtual Registry Tab](about-the-virtual-registry-tab.md) -####### [How to Modify Virtual Registry Key Information](how-to-modify-virtual-registry-key-information.md) -###### [Virtual File System Tab](virtual-file-system-tab-keep.md) -####### [About the Virtual File System Tab](about-the-virtual-file-system-tab.md) -####### [How to Modify File-Mapping Information](how-to-modify-file-mapping-information.md) -###### [Virtual Services Tab](virtual-services-tab-keep.md) -####### [About the Virtual Services Tab](about-the-virtual-services-tab.md) -####### [How to Modify Attributes of Embedded Services](how-to-modify-attributes-of-embedded-services.md) -###### [OSD Tab](osd-tab-keep.md) -####### [About the OSD Tab](about-the-osd-tab.md) -######## [OSD File Elements](osd-file-elements.md) -####### [How to Edit an OSD File](how-to-edit-an-osd-file.md) -####### [How to Edit an OSD File Using a Text Editor](how-to-edit-an-osd-file-using-a-text-editor.md) -##### [Application Virtualization Sequencer Command Line](application-virtualization-sequencer-command-line.md) -###### [Command-Line Parameters](command-line-parameters.md) -###### [Command-Line Errors](command-line-errors.md) -## [Glossary](application-virtualization-glossary.md) -## [Application Virtualization Technical Publications](application-virtualization-technical-publications-white-papers.md) -### [Microsoft Application Virtualization Security Guide](microsoft-application-virtualization-security-guide.md) -#### [Introduction](introduction-to-the-application-virtualization-security-guide.md) -#### [Installing App-V Management Server or Streaming Server Securely](installing-app-v-management-server-or-streaming-server-securely.md) -##### [Configuring Certificates to Support Secure Streaming](configuring-certificates-to-support-secure-streaming.md) -##### [How to Modify Private Key Permissions to Support Management Server or Streaming Server](how-to-modify-private-key-permissions-to-support-management-server-or-streaming-server.md) -##### [Configuring Certificates to Support App-V Management Server or Streaming Server](configuring-certificates-to-support-app-v-management-server-or-streaming-server.md) -#### [Configuring Management or Streaming Server for Secure Communications Post-Installation](configuring-management-or-streaming-server-for-secure-communications-post-installation.md) -##### [How to Configure Management Server Security Post-Installation](how-to-configure-management-server-security-post-installation.md) -##### [How to Configure Streaming Server Security Post-Installation](how-to-configure-streaming-server-security-post-installation.md) -##### [Troubleshooting Certificate Permission Issues](troubleshooting-certificate-permission-issues.md) -#### [Configuring Windows Firewall for App-V](configuring-windows-firewall-for-app-v.md) -##### [How to Configure Windows Server 2003 Firewall for App-V](how-to-configure-windows-server-2003-firewall-for-app-v.md) -##### [How to Configure Windows Server 2008 Firewall for App-V](how-to-configure-windows-server-2008-firewall-for-app-v.md) -#### [Configuring App-V for Secure Administration](configuring-app-v-for-secure-administration.md) -##### [Configuring Certificates to Support the App-V Web Management Service](configuring-certificates-to-support-the-app-v-web-management-service.md) -##### [How to Install and Configure the App-V Management Console for a More Secure Environment](how-to-install-and-configure-the-app-v-management-console-for-a-more-secure-environment.md) -#### [Configuring App-V Administration for a Distributed Environment](configuring-app-v-administration-for-a-distributed-environment.md) -#### [Configuring IIS for Secure Streaming](configuring-iis-for-secure-streaming.md) -#### [App-V Desktop Client Security](app-v-desktop-client-security.md) -#### [Improving Security During App-V Sequencing](improving-security-during-app-v-sequencing.md) -#### [Internet-Facing Server Scenarios for Perimeter Networks](internet-facing-server-scenarios-for-perimeter-networks.md) -#### [Internet-Facing Considerations for App-V Clients](internet-facing-considerations-for-app-v-clients.md) -##### [Domain-Joined and Non-Domain-Joined Clients](domain-joined-and-non-domain-joined-clients.md) -##### [How to Assign the Proper Credentials for Windows XP](how-to-assign--the-proper-credentials-for-windows-xp.md) -##### [How to Assign the Proper Credentials for Windows Vista](how-to-assign--the-proper-credentials-for-windows-vista.md) -## [Microsoft Application Virtualization 4.6 Service Pack 1 Privacy Statement](microsoft-application-virtualization-46-service-pack-1-privacy-statement.md) -## [Microsoft Application Virtualization 4.6 Service Pack 2 Privacy Statement](microsoft-application-virtualization-46-service-pack-2-privacy-statement.md) - diff --git a/mdop/appv-v4/about-app-v-package-accelerators--app-v-46-sp1-.md b/mdop/appv-v4/about-app-v-package-accelerators--app-v-46-sp1-.md deleted file mode 100644 index 638fd0e895..0000000000 --- a/mdop/appv-v4/about-app-v-package-accelerators--app-v-46-sp1-.md +++ /dev/null @@ -1,70 +0,0 @@ ---- -title: About App-V Package Accelerators (App-V 4.6 SP1) -description: About App-V Package Accelerators (App-V 4.6 SP1) -author: manikadhiman -ms.assetid: fc2d2375-8f17-4a6d-b374-771cb947cb8c -ms.reviewer: -manager: dansimp -ms.author: v-madhi -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# About App-V Package Accelerators (App-V 4.6 SP1) - - -You can use App-V Package Accelerators to automatically sequence large, complex applications. Additionally, when you apply an App-V Package Accelerator, you are not always required to manually install an application to create the virtual application package. - -**Note**   -In some cases, you are prompted to install an application locally to the computer running the App-V Sequencer before you can use the Package Accelerator. If you have to install an application, you must install the application to the application’s default location. This installation is not monitored by App-V Sequencer. When the App-V Package Accelerator is created, the author of the Package Accelerator determines whether to install an application locally is required. - - - -App-V Sequencer extracts the required files from the App-V Package Accelerator and associated installation media to create a virtual package without having to monitor the installation of the application. - -**Important**   -Disclaimer: The Microsoft Application Virtualization Sequencer does not give you any license rights to the software application you are using to create a Package Accelerator. You must abide by all end user license terms for such application. It is your responsibility to make sure the software application’s license terms allow you to create a Package Accelerator using Application Virtualization Sequencer. - - - -App-V Package Accelerators and project templates differ from each other. Package Accelerators are application-specific. Project templates enable users to save commonly used settings specific to an organization and apply them to multiple applications. You can also create project templates at the command prompt, while in contrast, you must use the App-V Sequencer console to create Package Accelerators. Additionally, creating a package by using a Package Accelerator and applying a project template is not supported. - -## Sharing App-V Package Accelerators - - -This section provides best practice information about how to share Package Accelerators. If you plan to share Package Accelerators, information such as computer names, user account information, and information about the associated applications might be included in the Package Accelerators.The following list describes methods you should consider when creating Package Accelerators: - -- **User name**. When you log on to the computer running App-V Sequencer, you should use a generic user account, such as the built-in **administrator** account for administering the computer / domain. You should not use an account that is based on an existing user name. - -- **Computer Name**. Specify a general, non-identifying name for the computer running the Sequencer. - -- **Server URL**. In the Sequencer console, on the **Deployment** tab, use the default settings for the server URL configuration information. - -- **Applications**. If you do not want to share the list of applications that were installed on the computer running the Sequencer when you created the Package Accelerator, you must delete the **appv\_manifest.xml** file. This file is located in the package root directory of the virtual application package. - -You should also review any settings or configuration files associated with the virtual application package to ensure the applications do not contain any personal information. - -## Securing App-V Package Accelerators - - -Always save App-V Package Accelerators and any associated installation media in a secure location on the network to protect the App-V Package Accelerators and the installation files from being tampered with or becoming corrupted. Because Package Accelerators can also contain password and user-specific information, you must save App-V Package Accelerators in a secure location, and you must digitally sign the Package Accelerator after you create it so that the publisher can be verified when the Package Accelerator is applied. For more information about digital signatures, see [Application Guidelines on Digital Signature Practices for Common Criteria Security](https://go.microsoft.com/fwlink/?LinkId=204705) (https://go.microsoft.com/fwlink/?LinkId=204705). - -## Related topics - - -[How to Create App-V Package Accelerators (App-V 4.6 SP1)](how-to-create-app-v-package-accelerators--app-v-46-sp1-.md) - -[How to Apply a Package Accelerator to Create a Virtual Application Package (App-V 4.6 SP1)](how-to-apply-a-package-accelerator-to-create-a-virtual-application-package---app-v-46-sp1-.md) - - - - - - - - - diff --git a/mdop/appv-v4/about-application-licensing.md b/mdop/appv-v4/about-application-licensing.md deleted file mode 100644 index 039444d39d..0000000000 --- a/mdop/appv-v4/about-application-licensing.md +++ /dev/null @@ -1,85 +0,0 @@ ---- -title: About Application Licensing -description: About Application Licensing -author: dansimp -ms.assetid: 6b487641-1627-4e91-b829-04f001008176 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About Application Licensing - - -You can manage application licenses directly from the Application Virtualization Server Management Console. - -## License Types - - -The System Center Application Virtualization System currently supports the following license types: - -- **Unlimited License**—Allows access to the application by any number of simultaneous users. This method of licensing is appropriate when you want to associate an enterprise-wide license with an application. - -- **Concurrent License**—Enables you to define the maximum number of concurrent users who are allowed to use the application. - -- **Named License**—Enables you to assign a license to an individual user. A named license can be used to ensure that a particular user will always be able to run the application. - -You can combine concurrent and named licenses for the same application. - -Licensing is disabled by default, but you can enable it from the **Provider Pipeline** tab of the **Provider Properties** dialog. For details about enabling and disabling licensing, see [How to Set Up or Disable Application Licensing](how-to-set-up-or-disable-application-licensing.md). - -## Provider Policies - - -Provider policies were developed for the Application Service Provider (ASP) model. In this model, a single ASP can host a single Application Virtualization System for multiple clients, where each client needs to remain isolated. Clients might have dramatically different requirements—for example, one client might require authentication while another does not. You can use provider policies to associate permissions with clients so that only the approved users can access each virtual application or virtual application package. - -For the enterprise customer, you can use this feature when you have strict licensing requirements for one or more applications. Under this situation, the licensing component is disabled on the **Provider Pipeline** tab of the **Provider Properties** dialog. - -The **Provider Pipeline** tab also has check boxes to enable authentication, authorization (**Enforce Access Permission Settings**), and metering (**Log Usage Information**). If your configuration has special requirements, you can write your own pipeline components and add them to the system by clicking the **Advanced** button. - -## Account Authorities - - -The account authority is the domain in which the Application Virtualization Server is installed. As you proceed through the server installation, you are prompted to supply a domain name; the domain in which the computer is installed is detected and used by default. When users attempt to log in to the system, they are prompted for their credentials before they can access that domain. - -The Application Virtualization System supports multiple domains. You can grant application access to user groups in other domains if a trust relationship is established between domains. Users must supply credentials that are recognized by each domain. - -In the Application Virtualization Server Management Console, you can change the primary domain (account authority) and the credentials that are used to access it. - -## Authentication - - -Authentication is the mechanism used to confirm a user's identity. Any user with a recognized user name and password has access. - -In the Application Virtualization System, you can enable or disable authentication through a check box on the **Provider Pipeline** tab. By default, Windows Authentication is enabled. - -## Authorization - - -Authorization is the process used to confirm a user’s identity. After confirming the user's identity, the system determines whether the user was granted access to the system and to which applications the user was granted access. The Application Virtualization Server Management Console has an **Enforce Access Permission Settings** check box on the **Provider Pipeline** tab to enable or disable authorization. - -In the Application Virtualization System, access is granted to a user group only, not to individual users. - -## Related topics - - -[How to Manage Application Licenses in the Server Management Console](how-to-manage-application-licenses-in-the-server-management-console.md) - -[How to Set Up or Disable Application Licensing](how-to-set-up-or-disable-application-licensing.md) - -[Server Management Console: Provider Policies Node](server-management-console-provider-policies-node.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/about-application-virtualization-applications.md b/mdop/appv-v4/about-application-virtualization-applications.md deleted file mode 100644 index 81f4351171..0000000000 --- a/mdop/appv-v4/about-application-virtualization-applications.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: About Application Virtualization Applications -description: About Application Virtualization Applications -author: dansimp -ms.assetid: 3bf833b7-d172-4eef-a9e8-4b4f0c7eb15b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About Application Virtualization Applications - - -In Application Virtualization, an *application* is an executable program, such as Microsoft Visio, that is streamed to the Application Virtualization Desktop Client or Client for Remote Desktop Services (formerly Terminal Services) from an Application Virtualization Management Server. Before an application can be streamed to a client, the application must be prepared for streaming by processing it with the Application Virtualization Sequencer. - -## Managing Applications - - -You must add applications to the system before you can make the applications available to users. The most common method for adding applications to the system is to import them. To access this feature, right-click the **Applications** node in the Application Virtualization Server Management Console and choose **Import Applications**. - -You can import more than one Open Software Descriptor (OSD) file at the same time, or you can import a Sequencer Project file (SPRJ) that can contain multiple OSD files. This functionality enables you to configure related applications similarly. - -You can also use the following features to help you manage your applications: - -- **Application Groups**—Enables you to create logical groups of applications for simplified management. When changes are made to a group (for example, access permissions), the changes are applied to all applications in the group. Applications in a group can come from different packages. - -- **Multi Select**—Enables you to select multiple applications at once by holding the CTRL key when you click an application to modify the application properties. However, if you want to maintain a relationship between the applications, you should create an application group to hold the applications. - -- **Cross System Copy**—Enables you to copy applications from one environment to another environment that is running the same version of App-V in one step. For example, you might have a user acceptance test environment where you initially deploy and configure applications. After you finish your testing phase, you might want to replicate the same set of applications (including permissions) to the production environment. - -## Related topics - - -[About Application Virtualization Packages](about-application-virtualization-packages.md) - -[About the Application Virtualization Server Management Console](about-the-application-virtualization-server-management-console.md) - -[How to Manage Application Groups in the Server Management Console](how-to-manage-application-groups-in-the-server-management-console.md) - -[How to Manage Applications in the Server Management Console](how-to-manage-applications-in-the-server-management-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/about-application-virtualization-packages.md b/mdop/appv-v4/about-application-virtualization-packages.md deleted file mode 100644 index 63e1915d67..0000000000 --- a/mdop/appv-v4/about-application-virtualization-packages.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: About Application Virtualization Packages -description: About Application Virtualization Packages -author: dansimp -ms.assetid: 69bd35c1-7af3-43db-931b-3074780aa926 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About Application Virtualization Packages - - -In Application Virtualization, a *package* is the output of the sequencing process. You use packages when you first deploy applications on your servers and when you upgrade applications with a new version. Packages enable you to control virtual application versions on your Application Virtualization Management Servers. A single package can contain one or more applications. Each application package contains a set of files as a self-contained unit. - -## Managing Packages - - -After the Sequencer creates a package of one or more applications as part of its process, you can copy the Sequencer-generated files to a Application Virtualization Management Server and make them available for streaming. - -Available packages appear under the **Packages** container in the left pane of the Application Virtualization Management Console. When you import an application with a Sequencer Project (SPRJ) file or an Open Software Descriptor (OSD) file, a related entry appears in the **Packages** container. From the Application Virtualization Server Management Console, you can then deploy, upgrade, or delete packages and versions of them. - -Each virtual application has an associated package. This package includes the following files: - -- SFT—The file that streams the application to clients. - -- OSD—The Open Software Descriptor file contains the information needed to find and launch the application. - -- ICO—The icon file that visually represents the application in user interfaces and shortcuts. - -- SPRJ—The Sequencer Project file. - -When you import the SPRJ file, all sequenced applications are available for deployment, by default, but the applications are not enabled for streaming. You can choose to stream all or some of the applications in the package. For example, if you sequenced and imported Microsoft Office, you can choose not to deploy some applications, such as the Save My Settings Wizard. In this case, right-click each application you want to deploy, choose **Properties**, and make sure that the **Enabled** box is cleared (blank). Only the applications with the **Enabled** box selected will stream to client computers. - -After you resequence a package and produce a new SFT file for streaming, you can upgrade the old package quickly and easily through the Application Virtualization Server Management Console. - -The only operational scenario that requires you to use the **Packages** node is when you introduce a new version (SFT file) for the package. Whenever you import applications, assign access and licenses to applications, and so on, the Application Virtualization System tracks this information at the package level. This means that when you authorize a user to use an application, you are giving the user permission to run any application in the same package. - -### Package Version - -A package version is represented by a specific SFT file. When you upgrade a package (apply an update to an application or add an application to a package), you generate a new SFT file. Each time you create a new SFT file, you are creating a new package version. - -When you import applications through the Application Virtualization Server Management Console, the software automatically creates a package and a package version if they do not already exist. - -## Related topics - - -[About Application Virtualization Applications](about-application-virtualization-applications.md) - -[About the Application Virtualization Server Management Console](about-the-application-virtualization-server-management-console.md) - -[How to Manage Packages in the Server Management Console](how-to-manage-packages-in-the-server-management-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/about-application-virtualization-servers.md b/mdop/appv-v4/about-application-virtualization-servers.md deleted file mode 100644 index 6078a1f5cb..0000000000 --- a/mdop/appv-v4/about-application-virtualization-servers.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: About Application Virtualization Servers -description: About Application Virtualization Servers -author: dansimp -ms.assetid: 60a45509-2112-44ca-8e28-c73b0c2ff85e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About Application Virtualization Servers - - -Application Virtualization Management Servers, also called *application publishing servers*, control access to the applications that are processed to run in a virtual environment. Virtual applications are stored on the Application Virtualization Management Servers. When a virtual application is called for by the client, the application package is streamed to the client from the Application Virtualization Management Servers. - -**Note**   -You can also stream applications to clients from Application Virtualization Streaming Servers. Streaming Servers do not offer some of the services that are available from the Management Servers, such as publishing, management, and reporting. - -You can stream applications to the client directly from a file or disk. Some application virtualization deployment scenarios, which are characterized by low or unreliable connectivity or where bandwidth is limited, are ideally suited for streaming from file or disk. - - - -One or more Application Virtualization Management Servers that share a single data store make up an *Application Virtualization system*. - -## Related topics - - -[Application Virtualization Client Management Console Overview](application-virtualization-client-management-console-overview.md) - -[How to Refresh Virtual Applications from the Desktop Notification Area](how-to-refresh-virtual-applications-from-the-desktop-notification-area.md) - -[How to Set Up Publishing Servers](how-to-set-up-publishing-servers.md) - - - - - - - - - diff --git a/mdop/appv-v4/about-microsoft-application-virtualization-45-sp1.md b/mdop/appv-v4/about-microsoft-application-virtualization-45-sp1.md deleted file mode 100644 index 2379da3dff..0000000000 --- a/mdop/appv-v4/about-microsoft-application-virtualization-45-sp1.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: About Microsoft Application Virtualization 4.5 SP1 -description: About Microsoft Application Virtualization 4.5 SP1 -author: dansimp -ms.assetid: f5dcff12-5956-41ef-bc36-b59200f90807 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# About Microsoft Application Virtualization 4.5 SP1 - - -This service pack contains the following changes: - -- Support for Windows 7 and Windows Server 2008 R2: App-V 4.5 SP1 provides support for Windows 7 and Windows Server 2008 R2, including support for Windows 7 features such as the taskbar, AppLocker, BranchCache, and BitLocker To Go.  Windows Server 2008 R2 support applies only to Application Virtualization Server. For more information about AppLocker support in Windows 7, see [Windows AppLocker](https://go.microsoft.com/fwlink/?LinkID=156732) (https://go.microsoft.com/fwlink/?LinkID=156732). - -- Support for third-party Kerberos realms: App-V 4.5 SP1 provides support for environments that have a trust relationship and mapped user accounts between a Windows domain and an MIT Kerberos realm, which is a scenario commonly used at many universities. For information about how to enable this support, see [How to Configure the Client for MIT Kerberos Realm Support](https://go.microsoft.com/fwlink/?LinkId=166004) (https://go.microsoft.com/fwlink/?LinkId=166004). - -- Improved support for application publishing and streaming through HTTP/HTTPS: App-V 4.5 SP1 provides support for application publishing and streaming through the HTTP/HTTPS protocols for Windows XP Home Edition, Windows Vista Home Basic, and Windows 7 Home Basic. - -- Customer Feedback and Hotfix Rollup: App-V 4.5 SP1 also includes a rollup of fixes to address issues found after the Microsoft Application Virtualization (App-V) 4.5 CU1 release. The updates result from a combination of known issues and customer feedback from our internal teams, partners, and customers who are using App-V 4.5. For a full list of the updates, see [article 976338](https://go.microsoft.com/fwlink/?LinkId=167121) in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=167121). - -## In This Section - - -[Microsoft Application Virtualization Management System Release Notes 4.5 SP1](microsoft-application-virtualization-management-system-release-notes-45-sp1.md) -Provides the most up-to-date information about known issues with Microsoft Application Virtualization (App-V) 4.5 SP1. - -  - -  - - - - - diff --git a/mdop/appv-v4/about-microsoft-application-virtualization-45-sp2.md b/mdop/appv-v4/about-microsoft-application-virtualization-45-sp2.md deleted file mode 100644 index 80134f7a39..0000000000 --- a/mdop/appv-v4/about-microsoft-application-virtualization-45-sp2.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: About Microsoft Application Virtualization 4.5 SP2 -description: About Microsoft Application Virtualization 4.5 SP2 -author: dansimp -ms.assetid: c498adbe-e331-42c8-99fe-29623fae2345 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# About Microsoft Application Virtualization 4.5 SP2 - - -This service pack contains the following changes: - -- Support for Office 2010: Microsoft Application Virtualization (App-V) 4.5 SP2 now supports the virtualization of Microsoft Office 2010. For prescriptive guidance for sequencing Office 2010 with App-V 4.5 SP2, see [Prescriptive guidance for sequencing Office 2010 in Microsoft App-V 4.6](https://go.microsoft.com/fwlink/?LinkId=191539) (https://go.microsoft.com/fwlink/?LinkId=191539). - -- Support for Database Mirroring: App-V 4.5 SP2 now supports Microsoft SQL Server Database Mirroring. For more information about configuring database mirroring in your App-V environment, see [How to Configure Microsoft SQL Server Mirroring Support for App-V](https://go.microsoft.com/fwlink/?LinkId=190880) (https://go.microsoft.com/fwlink/?LinkId=190880). - -- Customer Feedback and Hotfix Rollup: App-V 4.5 SP2 also includes a rollup of fixes to address issues found after the App-V  4.5 SP1 release. The updates address a combination of known issues and customer feedback from Microsoft internal teams, partners, and customers who are using App-V 4.5. For a full list of the updates, see article 980847 in the Microsoft Knowledge Base (KB) at [Description of Microsoft Application Virtualization 4.5 Service Pack 2](https://go.microsoft.com/fwlink/?LinkId=191540) (https://go.microsoft.com/fwlink/?LinkId=191540). - -## In This Section - - -[App-V 4.5 SP2 Release Notes](app-v-45-sp2-release-notes.md) -Provides the most up-to-date information about known issues with App-V 4.5 SP2. - -  - -  - - - - - diff --git a/mdop/appv-v4/about-microsoft-application-virtualization-45.md b/mdop/appv-v4/about-microsoft-application-virtualization-45.md deleted file mode 100644 index 40b58ca9d6..0000000000 --- a/mdop/appv-v4/about-microsoft-application-virtualization-45.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: About Microsoft Application Virtualization 4.5 -description: About Microsoft Application Virtualization 4.5 -author: dansimp -ms.assetid: 39f45a6f-ac55-4fd7-8a83-865e1a7034f8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About Microsoft Application Virtualization 4.5 - - -Formerly known as SoftGrid Application Virtualization, Microsoft Application Virtualization (App-V) 4.5 is the first Microsoft-branded release of the product. It includes new capabilities that make it easy for enterprise IT organizations to support large-scale, global application virtualization implementations. - -- Dynamic Virtualization: App-V 4.5 provides the flexibility to control virtual application interaction. Administrators who want to consolidate virtual environments and enable faster, easier administration, can use the product’s Dynamic Suite Composition, which sequences and manages packages for middleware applications separately from the main application. It shrinks potential package size by eliminating redundant packaging of middleware. This lets multiple Web applications communicate with the same single instance of a virtualized application of, for example, Microsoft .NET Framework or Sun Java Runtime Environment (JRE). Updates for the common virtual middleware are simplified and one virtual application is updated instead of several. This “many-to-one” capability greatly reduces the cost of updates. It also makes it easier to deploy and manage applications that use multiple plug-ins and add-ins, and improves management of plug-in distribution to different user groups. - -- Extended Scalability: Choose among three flexible deployment modes: - - 1. Application Virtualization Management Server, which ships as part of the Microsoft Desktop Optimization Pack and Microsoft Application Virtualization for Remote Desktop Services packages, enables dynamic streaming including package and active upgrades, and requires Microsoft Active Directory Domain Services and Microsoft SQL Server. - - 2. Application Virtualization Streaming Server, a lightweight version which also ships as part of the Microsoft Desktop Optimization Pack and Microsoft Application Virtualization for Remote Desktop Services packages, offers application streaming including package and active upgrades without the Active Directory Domain Services and database overheads, and enables administrators to deploy to existing servers or add streaming to Electronic Software Delivery (ESD) systems. - - 3. Standalone mode enables virtual applications to run without streaming and is interoperable with Microsoft Endpoint Configuration Manager and third-party ESD systems. - -- Globalization: The product is localized across 11 languages, includes support for foreign language applications that use special characters, and supports foreign language Active Directory and servers and runtime locale detection. - -- Microsoft Security Standards: Microsoft Application Virtualization (App-V) 4.5 complies with Microsoft security standards including Trustworthy Computing, Secure Windows Initiative and Security Development Lifecycle. It includes support for Internet-facing scenarios and provides Secure by Default configuration out of the box. - -## In This Section - - -[Microsoft Application Virtualization Management System Release Notes](microsoft-application-virtualization-management-system-release-notes.md) -Provides the most up-to-date information about known issues with Microsoft Application Virtualization (App-V) 4.5. - -  - -  - - - - - diff --git a/mdop/appv-v4/about-microsoft-application-virtualization-46-sp1.md b/mdop/appv-v4/about-microsoft-application-virtualization-46-sp1.md deleted file mode 100644 index f2d49596f4..0000000000 --- a/mdop/appv-v4/about-microsoft-application-virtualization-46-sp1.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -title: About Microsoft Application Virtualization 4.6 SP1 -description: About Microsoft Application Virtualization 4.6 SP1 -author: dansimp -ms.assetid: 20917eb6-c998-43f8-aefa-307eb322dc8d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About Microsoft Application Virtualization 4.6 SP1 - - -Microsoft Application Virtualization (App-V) 4.6 SP1 provides the following enhancements and new features: - -- Improved App-V sequencer – the App-V 4.6 SP1 sequencer has been updated to help improve the sequencing process. The enhancements include a more predictable packaging experience, and help at each step of the sequencing process. Click any of the following links for more information about the new version of the App-V sequencer. - - - App-V Package Accelerators can be used to automatically sequence large, complex applications. Additionally, when you apply an App-V Package Accelerator, you are not always required to manually install an application to create the virtual application package. For more information about App-V package accelerators, see [About App-V Package Accelerators (App-V 4.6 SP1)](about-app-v-package-accelerators--app-v-46-sp1-.md). - - - Enhanced support for sequencing different types of applications. For more information about the different types of applications, see [How to Determine Which Type of Application to Sequence (App-V 4.6 SP1)](how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md). - - - Enhanced support for using App-V project templates. For more information about App-V project templates, see [How to Create an App-V Project Template (App-V 4.6 SP1)](how-to-create-an-app-v-project-template--app-v-46-sp1-.md). - - - Step-by-step help during sequencing. For an example of the new step-by-step see [Type of Application Page (Learn More)](type-of-application-page--learn-more-.md). - - - Enhanced reporting to help identify sequencing issues. For an example of the new reporting, see [Files Excluded Page Dialog Box (App-V 4.6 SP1)](files-excluded-page-dialog-box--app-v-46-sp1-.md). - -- Support for using a read-only cache on RDS - App-V 4.6 SP1 now supports using a shared, read-only cache in both VDI and RDS environments. For more information about sharing a read-only cache on RDS, see [How to Configure a Read-only Cache on the App-V Client (RDS)](how-to-configure-a-read-only-cache-on-the-app-v-client--rds--sp1.md). - -- Support for sequencing the Microsoft .NET Framework 4 - App-V 4.6 SP1 now supports sequencing the Microsoft .NET Framework 4. - -- Customer Feedback and Hotfix Rollup – App-V 4.6 SP1 also includes a rollup up of fixes to address issues found since the App-V 4.6 release. - -## In This Section - - -[App-V 4.6 SP1 Release Notes](app-v-46-sp1-release-notes.md) -Provides the most up-to-date information about known issues with Microsoft Application Virtualization (App-V) 4.6 SP1. - -  - -  - - - - - diff --git a/mdop/appv-v4/about-microsoft-application-virtualization-46-sp2.md b/mdop/appv-v4/about-microsoft-application-virtualization-46-sp2.md deleted file mode 100644 index ece900187a..0000000000 --- a/mdop/appv-v4/about-microsoft-application-virtualization-46-sp2.md +++ /dev/null @@ -1,108 +0,0 @@ ---- -title: About Microsoft Application Virtualization 4.6 SP2 -description: About Microsoft Application Virtualization 4.6 SP2 -author: dansimp -ms.assetid: 1429e314-9c38-472b-8687-3bed6cf0015c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# About Microsoft Application Virtualization 4.6 SP2 - - -Microsoft Application Virtualization (App-V) 4.6 SP2 provides several enhancements and new features, which are described in this topic. - -**Caution**   -This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk. - - - -**Support for Windows 8 and Windows Server 2012** - -App-V 4.6 SP2 adds support for Windows 8 and Windows Server 2012 Remote Desktop Services. - -**Support for coexistence with App-V 5.0 client** - -App-V 4.6 SP2 provides support for coexistence with the Microsoft Application Virtualization 5.0 client. Review the App-V 5.0 documentation for instructions on how to configure the App-V 5.0 client for coexistence with the App-V 4.6 SP2 client. For more information about App-V 5.0, see [Application Virtualization 5](https://go.microsoft.com/fwlink/?LinkId=267599) on TechNet. - -**Ability to virtualize Adobe Reader X with Protected Mode** - -You can virtualize Adobe Reader X with its Protected Mode feature turned on by using the following procedures. Previously you had to disable Protected Mode in order to virtualize Adobe Reader X. - -Before launching the App-V Sequencer, create the following registry value under HKEY\_LOCAL\_MACHINE\\SOFTWARE \\Microsoft\\SoftGrid\\4.5\\SystemGuard\\Overrides: - - ------ - - - - - - - - - - - - - - -

Name

Type

Data

Description

EnableVFSPassthrough

DWORD

1

Set this value to 1 in order to start Adobe Reader X in Protected Mode during the launch phase.

- - - -**Note**   -On a computer running a 64-bit operating system, create the registry value under HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\SoftGrid\\4.5\\SystemGuard\\Overrides. - - - -For each OSD-file in your Adobe Reader X package, add the following items under the <POLICIES> element: - -`TRUE` - -`TRUE` - -`TRUE` - -**New Sequencer command-line parameter** - -When you create a Package Accelerator (PA) through the Sequencer GUI, you can select an RTF or TXT file that provides packaging and deployment guidance to the administrators who will apply the Package Accelerator. This functionality is now available using the Sequencer CLI. - -`/ACCELERATORDESCRIPTIONFILE:PathToDescriptionFile` - -Specify a path to an RTF or TXT file that provides packaging and deployment guidance when creating a Package Accelerator. - -**Microsoft Application Error Reporting no longer needs to be installed** - -When you are installing the App-V 4.6 SP2 client by using setup.msi, you no longer need to install Microsoft Application Error Reporting (dw20shared.msi). App-V 4.6 SP2 now uses Microsoft Error Reporting. For more information, see [How to Install the App-V Client by Using Setup.msi](https://go.microsoft.com/fwlink/?LinkId=267237). - -**Customer feedback and hotfix rollup** - -App-V 4.6 SP2 includes a rollup of fixes to address issues found since the App-V 4.6 SP1 release. App-V 4.6 SP2 contains the latest fixes up to and including Microsoft Application Virtualization 4.6 SP1 Hotfix 6. - -## In This Section - - -[App-V 4.6 SP2 Release Notes](https://go.microsoft.com/fwlink/?LinkId=267600) -Provides the most up-to-date information about known issues with App-V 4.6 SP2. - - - - - - - - - diff --git a/mdop/appv-v4/about-microsoft-application-virtualization-46-sp3.md b/mdop/appv-v4/about-microsoft-application-virtualization-46-sp3.md deleted file mode 100644 index ef4f01c277..0000000000 --- a/mdop/appv-v4/about-microsoft-application-virtualization-46-sp3.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: About Microsoft Application Virtualization 4.6 SP3 -description: About Microsoft Application Virtualization 4.6 SP3 -author: dansimp -ms.assetid: a6374fb0-1dfa-41f7-9a6a-3d2688492a8b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# About Microsoft Application Virtualization 4.6 SP3 - - -Microsoft Application Virtualization (App-V) 4.6 SP3 provides the following enhancements and new features, which are described in this topic. - -## Support for Windows Server 2012 R2 and Windows 8.1 - - -App-V 4.6 SP3 includes support for Windows Server 2012 R2 and Windows 8.1 - -## How to Get MDOP Technologies - - -App-V is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049). - -## Related topics - - -[App-V 4.6 SP3 Release Notes](app-v-46-sp3-release-notes.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/about-microsoft-application-virtualization-46.md b/mdop/appv-v4/about-microsoft-application-virtualization-46.md deleted file mode 100644 index 4e2161b45f..0000000000 --- a/mdop/appv-v4/about-microsoft-application-virtualization-46.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: About Microsoft Application Virtualization 4.6 -description: About Microsoft Application Virtualization 4.6 -author: dansimp -ms.assetid: 34150f34-ee74-45a6-957e-9ea6c5a497de -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About Microsoft Application Virtualization 4.6 - - -Microsoft Application Virtualization (App-V) 4.6 provides the following enhancements and new features for the App-V Desktop Client, Client for Remote Desktop Services and App-V Sequencer: - -- Support for 64-bit applications—provides the ability to sequence and run 32-bit and 64-bit applications on 64-bit versions of Windows 7, Windows Vista, Windows XP, Windows Server 2008, Windows Server 2008 R2, Windows Server 2003 and Windows Server 2003 R2. For more information about supported operating systems, see [Application Virtualization Deployment Requirements](application-virtualization-deployment-requirements.md). - -- Support for Windows 7 and Windows Server 2008 R2—provides support for Windows 7 and Windows Server 2008 R2, including support for Windows 7 features such as the taskbar, Jump Lists, AppLocker, BranchCache, and BitLocker To Go. - -- Expands globalization and localization—provides support for 12 additional languages. - -- Support for Virtual Desktop Infrastructure (VDI) systems—provides the capability for the read-only shared cache to help optimize server disk storage in VDI scenarios. - -- Improved sequencing experience—provides improvements to the sequencing wizard and support for sequencing 32-bit and 64-bit applications. - -**Note**   -The App-V Management Server and Streaming Server have not been updated to version 4.6. Until they are updated, use App-V Management Server and Streaming Server 4.5 with the most recent service pack. - - - -## In This Section - - -[App-V 4.6 Release Notes](app-v-46-release-notes.md) -Provides the most up-to-date information about known issues with Microsoft Application Virtualization (App-V) 4.6. - - - - - - - - - diff --git a/mdop/appv-v4/about-publishing.md b/mdop/appv-v4/about-publishing.md deleted file mode 100644 index 0aab27b334..0000000000 --- a/mdop/appv-v4/about-publishing.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: About Publishing -description: About Publishing -author: dansimp -ms.assetid: 295074d7-123f-4740-b938-e4a371ee72fd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About Publishing - - -You can centrally manage publishing applications to the Application Virtualization Client from the Application Virtualization Server Management Console. For example, you can assign access to applications and define when and how often the Application Virtualization Desktop Client and Client for Remote Desktop Services (formerly Terminal Services) need to refresh that information. You can set the clients to refresh this information on a set schedule or every time the user logs in to the client. Also, you can use the console's application publishing functionality to enable users to see which applications are published (or available) to the client. - -**Note**   -Before the client can refresh the publishing information, the client must know about the Application Virtualization Management Server. You configure the client with the necessary information about the server when you install the client. - - - -When a client contacts the server for application publishing information, the server provides the client with the list of applications that the user has permission to access and the location of the corresponding Open Software Descriptor (OSD) files. The server also provides the relevant information about icons, file type associations, and shortcuts. - -## Related topics - - -[About Application Licensing](about-application-licensing.md) - -[About Application Virtualization Applications](about-application-virtualization-applications.md) - - - - - - - - - diff --git a/mdop/appv-v4/about-sequencing-phases.md b/mdop/appv-v4/about-sequencing-phases.md deleted file mode 100644 index e9f821e89a..0000000000 --- a/mdop/appv-v4/about-sequencing-phases.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: About Sequencing Phases -description: About Sequencing Phases -author: dansimp -ms.assetid: c1cb7b6c-204c-48f2-848c-4bd5a3d5ecb6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About Sequencing Phases - - -Sequencing is the process by which you create a sequenced application package by using the Microsoft Application Virtualization (App-V) Sequencer. During sequencing, the Sequencer monitors and records all installation and setup processes for an application and creates the following files: ICO, OSD, SFT, and SPRJ. These files contain all the necessary information about an application, and they allow that application to run in a virtual environment. - -The four phases to sequencing an application and creating a virtual application package are installation, launch, customization, and save. The following list provides information about each of the phases: - -1. **Installation phase**—During the installation phase, you specify the package name and an optional associated comment that will be associated with the package. You can also configure advanced monitoring options during this phase. Advanced monitoring options include specifying the block size and whether you will install automatic updates during monitoring. The sequencer records all necessary information and configurations required to create a virtual application package and the associated file and registry settings. - - **Important**   - To view the advanced options select **Show Advanced Monitoring Options** on the **Package Information** page. - - - -2. **Launch phase**—During the launch phase, you can specify any required file associations and security descriptors that should be configured with the package. You should open the application as many times as necessary to ensure application functionality and stability. - -3. **Customization phase**—During the customization phase, you can configure your package by using the associated .osd files. You can specify whether any associated scripts should run inside or outside of the virtual environment, specify additional actions that should be performed, specify how associated scripts run (synchronously or asynchronously), and specify any additional scripts that should be run under the user context. - -4. **Save phase**—During the save phase, all required files for the virtual application package are created. The files created are .sprj, .sft, .osd, .ico, .xml manifest, and the Windows installer (.msi) file. - -## Related topics - - -[Application Virtualization Sequencer](application-virtualization-sequencer.md) - - - - - - - - - diff --git a/mdop/appv-v4/about-sharing-package-accelerators-page.md b/mdop/appv-v4/about-sharing-package-accelerators-page.md deleted file mode 100644 index 880688dd13..0000000000 --- a/mdop/appv-v4/about-sharing-package-accelerators-page.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: About Sharing Package Accelerators Page -description: About Sharing Package Accelerators Page -author: dansimp -ms.assetid: 9630cde0-e2c3-476f-8fa1-58b3c9f7d3f7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About Sharing Package Accelerators Page - - -This following information provides best practice information about how to share Package Accelerators. If you plan to share Package Accelerators files, information such as computer names, user account information, and information about applications included in the transforms might be included in the Package Accelerators file. You should review any settings or configuration files associated with the virtual application package to ensure the applications do not contain any personal information.This page contains the following elements. - -- **Username**. When you log on to the computer running the Microsoft App-V Sequencer, you should use a generic user account, such as the built-in **administrator** account. You should not use an account that is based on an existing user name. - -- **Computer Name**. Specify a general, non-identifying name of the computer running the Sequencer. - -- **Server URL**. In the App-V Sequencer console, on the **Deployment** tab, use the default settings for the server URL configuration information. - -- **Applications**. If you do not want to share the list of applications that were installed on the computer running the Sequencer when you created the Package Accelerator, you must delete the **appv\_manifest.xml** file. This file is located in the package root directory of the virtual application package. - -## Related topics - - -[Create Package Accelerator Wizard (AppV 4.6 SP1)](create-package-accelerator-wizard--appv-46-sp1-.md) - -[About App-V Package Accelerators (App-V 4.6 SP1)](about-app-v-package-accelerators--app-v-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/about-the-application-virtualization-sequencer.md b/mdop/appv-v4/about-the-application-virtualization-sequencer.md deleted file mode 100644 index c51d335407..0000000000 --- a/mdop/appv-v4/about-the-application-virtualization-sequencer.md +++ /dev/null @@ -1,100 +0,0 @@ ---- -title: About the Application Virtualization Sequencer -description: About the Application Virtualization Sequencer -author: dansimp -ms.assetid: bee193ca-58bd-40c9-b41a-310435633895 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About the Application Virtualization Sequencer - - -The Microsoft Application Virtualization (App-V) Sequencer monitors and records all installation and setup processes for an application and creates the following files: **ICO**, **OSD**, **SFT**, and **SPRJ**. These files contain all the necessary information about an application so the application can run in a virtual environment on target computers. You can use the Microsoft Application Virtualization (App-V) Sequencer to create virtual applications. After you sequence an application, it can be streamed to target computers, or target computers can run the virtual application by downloading the contents of the virtual application package and running the application locally. - -**Important**   -To run a virtual application package the target computer must be running the appropriate version of the App-V client. - - - -Virtual application packages run on target computers without interacting with the underlying operating system on the target computer because each application runs in a virtual environment and is isolated from other applications that are installed or running on the target computer. This isolation can reduce application conflicts and can help decrease the required amount of application pre-deployment testing. - -## Sequencer Terminology - - -Application Virtualization drive -The application virtualization drive is the default drive (Q:\) on the target computer from which sequenced applications are run. - -ICO file -The icon file on the client desktop which is used to launch a sequenced application. - -Installation directory -The directory used by the sequencer to place installation files during setup. - -Open Software Descriptor (OSD) file -An XML-based file that instructs the App-V client how to retrieve the sequenced application from the App-V streaming server and how to run the sequenced application in the virtual environment. - -Package root directory -The directory on the sequencing computer on which files for the sequenced application package are installed. This directory also exists virtually on the computer to which a sequenced application will be streamed. - -Sequenced application -An application that has been monitored by the sequencer, broken up into primary and secondary feature blocks, streamed to a target computer running the App-V client t, and runs a virtual environment. - -Sequenced application package -The files that comprise a virtual application and allow a virtual application to run. These files are created after sequencing and specifically include **.osd**, **.sft**, **.sprj**, and **.ico** files. - -Sequencing -The process of creating an application package using the App-V Sequencer. In this process, an application is monitored, its shortcuts are configured, and a sequenced application package is created. - -Sequencing computer -The computer used to sequence an application. - -Virtual application -An application packaged by the Sequencer to run in a self-contained, virtual environment. The virtual environment contains the information necessary to run the application on the client without installing the application locally. - -Primary feature block -The minimum content in a virtual application package that is necessary for an application to run on a target computer. The content in the primary feature block is identified during the application phase of sequencing and typically consists of the content for the most used application features. - -## Sequencing Applications - - -There are two methods to create and modify virtual application packages in your environment. The first method is by using the **Sequencing** wizard. The **Sequencing** wizard allows you to create new, or modify existing virtual application packages. For more information about using the **Sequencing** wizard see, [How to Sequence a New Application](how-to-sequence-a-new-application.md). The second method is by using the command-line. The command-line allows you to create new, or modify existing virtual application packages using the command prompt. For more information about using the command line see, [How to Manage Virtual Applications Using the Command Line](how-to-manage-virtual-applications-using-the-command-line.md). - -The **Sequencing** wizard provides the following functions for creating virtual application packages: - -1. **Package Configuration**: The **Sequencing** Wizard prompts for package configuration information necessary to complete the Open Software Descriptor (OSD) file, which is a required file for starting a sequenced application package. - -2. **Application Installation**: The **Sequencing** Wizard gathers information about an application’s installation and startup configurations. It monitors and records the installation and startup information associated with the application to create the files necessary for a virtual application package. - -3. **Application Startup**: The **Sequencing** Wizard gathers information for compiling and ordering the blocks of code necessary to perform the initial startup of the sequenced application package on the target computer. The compilation of the code block is referred to as the primary feature block. - -## Application Virtualization Sequencer Security Considerations - - -The App-V Sequencer runs all services detected at sequencing time using the Local System account and does not enforce security descriptors on service control requests. If the service was installed using a different user account or if the security descriptors are intended to grant different user groups specific service permissions, consider carefully whether the service should be virtualized. In some cases, you should install the service locally to ensure that the intended service security is preserved. - -**Important**   -You should always save virtual application packages in a secure location. - - - -## Related topics - - -[Application Virtualization Sequencer Overview](application-virtualization-sequencer-overview.md) - - - - - - - - - diff --git a/mdop/appv-v4/about-the-application-virtualization-server-management-console.md b/mdop/appv-v4/about-the-application-virtualization-server-management-console.md deleted file mode 100644 index e3654b07e0..0000000000 --- a/mdop/appv-v4/about-the-application-virtualization-server-management-console.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: About the Application Virtualization Server Management Console -description: About the Application Virtualization Server Management Console -author: dansimp -ms.assetid: 108d0e4b-08fa-47b4-a737-d2c36c2641de -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About the Application Virtualization Server Management Console - - -This section of the Application Virtualization Server Management Help describes some of the concepts you should understand while working with the Application Virtualization Server Management Console. - -## In This Section - - -[About Application Virtualization Applications](about-application-virtualization-applications.md) -Provides an overview of managing applications from the Application Virtualization Server Management Console. - -[About Application Virtualization Packages](about-application-virtualization-packages.md) -Provides an overview of managing packages from the Application Virtualization Server Management Console. - -[About Publishing](about-publishing.md) -Provides an overview of how you can publish applications from the Application Virtualization Server Management Console. - -[About Application Licensing](about-application-licensing.md) -Provides an overview of how you can manage application licensing from the Application Virtualization Server Management Console and the types of licenses available. - -## Reference - - -[Application Virtualization Server Management Console Reference](application-virtualization-server-management-console-reference.md) - -## Related Sections - - -[How to Perform Administrative Tasks in the Application Virtualization Server Management Console](how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/about-the-deployment-tab.md b/mdop/appv-v4/about-the-deployment-tab.md deleted file mode 100644 index 7a0a6c25b4..0000000000 --- a/mdop/appv-v4/about-the-deployment-tab.md +++ /dev/null @@ -1,154 +0,0 @@ ---- -title: About the Deployment Tab -description: About the Deployment Tab -author: dansimp -ms.assetid: 12891798-baa4-45a5-b845-b9505ab95633 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# About the Deployment Tab - - -Use the **Deployment** tab in the Application Virtualization Sequencer Console to change the information for an application you are about to sequence. This tab contains the following elements. - -## Server URL - - -Use the **Server URL** controls to specify the virtual application server configuration settings. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ControlDescription

Protocol

Enables you to select the protocol that will stream the sequenced application package from a virtual application server to an Application Virtualization Desktop Client. The following protocols are available:

-
    -

  • RTSP—The default, it specifies that the Real-Time Streaming Protocol controls the exchange of virtualization-enabled applications.

    • -

  • RTSPS—Specifies that the Real-Time Streaming Protocol with Transport Layer Security controls the exchange of a sequenced application package.

    • -

  • File—Specifies that the sequenced application will be streamed from a file share.

    • -

  • HTTPS—Specifies that Secure Hypertext Transport Protocol controls the exchange of a package.

    • -

Hostname

Enables you to select the virtual application server or the load balancer in front of a group of virtual application servers that will stream the software package to an Application Virtualization Desktop Client. You must complete this item to create a sequenced application package, but you can change from the default %SFT_SOFTGRIDSERVER% environment variable to the actual hostname or IP address of a virtual application server.

-
-Note

If you choose not to specify a static hostname or IP address, on each Application Virtualization Desktop Client you must set up an environment variable called SFT_SOFTGRIDSERVER. Its value must be the hostname or IP address of the virtual application server or load balancer that is this client's source of applications. You should make this environment variable a system variable rather than a user variable. Any Application Virtualization Desktop Client session that is running on this computer during your assignment of this variable must be closed and then opened so that the resumed session will be aware of its new application source.

-
-
- -

Port

Enables you to specify the port on which the virtual application server or the load balancer will listen for an Application Virtualization Desktop Client's request for the package. This information is required to create a package, but you can change it. The default port is 554.

Path

Enables you to specify the relative path on the virtual application server where the software package is stored and from which it will be streamed. This information is required to create a package if the SFT file will be stored in a subdirectory of CONTENT; otherwise, this information is not required.

- - - -## Operating Systems - - -Use the **Operating Systems** controls to specify the application's operating system requirements. If an Application Virtualization Desktop Client cannot support any of the selected operating systems, the application will not start. - - ---- - - - - - - - - - - - - - - - - -
ControlsDescription

Available Operating Systems

Displays a list of operating systems that can support the applications in the package.

Selected Operating Systems

Displays a list of selected operating systems that support the applications in the package.

- - - -## Output Options - - -Use the **Output Options** controls to specify the output options for the application to be installed. - - ---- - - - - - - - - - - - - - - - - - - - - -
ControlDescription

Compression Algorithm

Use to select the method for compressing the SFT file for streaming across a network. Select one of the following compression methods:

-
    -

  • Compressed—Specifies that the SFT file be compressed in the ZLIB format.

    • -

  • Not Compressed—The default; specifies that the SFT file not be compressed.

    • -

Enforce Security Descriptors

Select to enforce security descriptors of the applications in the package after it is deployed to the client.

Generate Microsoft Windows Installer (MSI) Package

Select to install or deploy a sequenced application package with the Windows Installer. If you have made any changes using the sequencer the changes will not be included with the Windows Installer file. The Windows Installer file will always be created using the .sft file saved on the hard disk.

- - - -## Related topics - - -[How to Change Deployment Properties](how-to-change-deployment-properties.md) - -[Sequencer Console](sequencer-console.md) - - - - - - - - - diff --git a/mdop/appv-v4/about-the-files-tab.md b/mdop/appv-v4/about-the-files-tab.md deleted file mode 100644 index 2281e4a415..0000000000 --- a/mdop/appv-v4/about-the-files-tab.md +++ /dev/null @@ -1,75 +0,0 @@ ---- -title: About the Files Tab -description: About the Files Tab -author: dansimp -ms.assetid: 3c20e720-4b0f-465b-b7c4-3013dae1c815 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About the Files Tab - - -The **Files** tab displays the complete list of files that are included in a sequenced application package. The left pane displays, in a standard file browse format, the complete list of files in the package that was created during the application sequencing. These files include the package root directory (the directory you specified during the application installation phase), the Virtual File System (VFS) folder, and the virtual environment files. The right pane displays the file name, file attributes, and the Sequencer attributes. - -## File Name and Short Name - - -**File Name** -The name of the file is in the left pane. The files displayed in the left pane are created during sequencing. - -**Short Name** -This is the name of a file selected in the left pane, written in the 8.3 format naming convention. - -## File Attributes - - -**File Size** -The size of the file in bytes. - -**File Version** -The version of the selected file. - -**Date Created** -The date and time the selected file was created. - -**Date Modified** -The date and time the selected file was last modified. - -**File ID** -The file GUID. - -## Sequencer Attributes - - -**User Data** -Select this attribute to specify that an application must retain the information of an individual user. - -**Application Data** -Select this attribute to specify that an application must retain the general information of a group of users. - -**Override** -When selected, the Application Virtualization Desktop Client overwrites the corresponding file when the sequenced application package is upgraded and streamed to the client. If this check box is not selected, the client determines whether or not to overwrite the selected file. - -## Related topics - - -[How to Modify the Files Included in a Package](how-to-modify-the-files-included-in-a-package.md) - -[Sequencer Console](sequencer-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/about-the-osd-tab.md b/mdop/appv-v4/about-the-osd-tab.md deleted file mode 100644 index cd15ddc088..0000000000 --- a/mdop/appv-v4/about-the-osd-tab.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: About the OSD Tab -description: About the OSD Tab -author: dansimp -ms.assetid: 7c78cd3a-91f2-4377-8c62-e52912906197 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About the OSD Tab - - -An OSD (Open Software Descriptor) file is produced after sequencing. It provides instructions for how a client is to retrieve and run a sequenced application package. Use the **OSD** tab to display and modify the OSD files in the sequenced application package. - -## Drop-Down List - - -**Drop down** -Displays a list of sequenced applications. Select a sequenced application package to modify the elements of an OSD file. - -## Navigation Pane - - -**Navigation Pane** -Displays a list of elements in the OSD file. - -## Results Pane - - -**Attribute** -Displays one or more attributes of an element. - -**Value** -Displays the value that corresponds to an attribute. - -**Element Text** -Displays an editable comment that corresponds to an element. - -## Related topics - - -[How to Edit an OSD File Using a Text Editor](how-to-edit-an-osd-file-using-a-text-editor.md) - -[How to Edit an OSD File](how-to-edit-an-osd-file.md) - -[OSD File Elements](osd-file-elements.md) - -[Sequencer Console](sequencer-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/about-the-properties-tab.md b/mdop/appv-v4/about-the-properties-tab.md deleted file mode 100644 index 49f24affb3..0000000000 --- a/mdop/appv-v4/about-the-properties-tab.md +++ /dev/null @@ -1,88 +0,0 @@ ---- -title: About the Properties Tab -description: About the Properties Tab -author: dansimp -ms.assetid: a6cf6f51-3778-4c8d-9632-3af4005775d2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About the Properties Tab - - -Use the **Properties** tab to view basic statistical information about a sequenced application package. The information is automatically generated unless otherwise noted. This tab contains the following elements. - -## Package Information - - -**Package Name** -The single name used for a sequenced application package that might contain one or more applications—for example, Microsoft Office could be used to label a sequenced application package that contains Microsoft Word and Microsoft Excel applications that run in the same virtual environment. - -**Comments** -Displays a short description of the software package that will appear in the Open Software Descriptor (OSD) file ABSTRACT element. This item is optional. - -**Package Version** -The sequenced application package version. - -**Package GUID** -The globally unique identifier (GUID) automatically assigned to the sequenced application package to distinguish it from other sequenced application packages that might be running on the computer to which a sequenced application package is streamed. - -**Package Version GUID** -The sequenced application package version GUID. - -**Root Directory** -The directory on the sequencing computer in which files for the sequenced application package are installed. This directory is also created on the computer to which a sequenced application package will be streamed. It is recommended for backwards compatibility that this be an 8.3 format directory name at the root of the Q drive, such as Q:\\MyApp.1\\. - -**Created** -The date and time the sequenced application package was created. - -**Modified** -The date and time the sequenced application package was last modified. - -**Package Size** -The size of the package in megabytes. - -**Launch Size** -The size in megabytes of the portion of the SFT file that is required to start the application. - -## Sequencing Parameters - - -**Block Size** -Specifies the size of the primary and secondary feature blocks into which the SFT file is divided for streaming across a network. All blocks equal the specified size; however, the last block might be smaller than specified. You will see one of the following values: - -- 4 KB - -- 16 KB - -- 32 KB - -- 64 KB - -**Note**   -After the initial package has been created, the block size value is not changeable. - - - -## Related topics - - -[How to Change Package Properties](how-to-change-package-properties.md) - -[Sequencer Console](sequencer-console.md) - - - - - - - - - diff --git a/mdop/appv-v4/about-the-sequencer-console.md b/mdop/appv-v4/about-the-sequencer-console.md deleted file mode 100644 index c9ade6aad8..0000000000 --- a/mdop/appv-v4/about-the-sequencer-console.md +++ /dev/null @@ -1,83 +0,0 @@ ---- -title: About the Sequencer Console -description: About the Sequencer Console -author: dansimp -ms.assetid: 36ecba89-a0f5-4d4d-981c-7f581aa43695 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About the Sequencer Console - - -Before you start using the Microsoft Application Virtualization (App-V) sequencer, you should be familiar with the following information about the App-V sequencer console. The following sections describe the tools available in the Sequencer console. - -## Application Virtualization Sequencer Console Menu Options - - -The following menu items are available in the App-V Sequencer Console: - -- **File** - Contains various commands to help create, open, modify, and save sequenced applications. - -- **Edit** - Contains various commands for editing existing virtual applications. - -- **View** - Contains various commands for viewing properties of a virtual application. - -- **Tools** - Contains various tools and diagnostics for configuring virtual applications. - -## Application Virtualization Sequencer Console Toolbar Options - - -The following toolbar buttons are available in the App-V Sequencer Console: - -- **New Package** - Click to create a new sequenced application. - -- **Open** - Click to open a sequenced application package in the App-V Sequencer Console. - -- **Open for Upgrade** - Click to open a sequenced application to upgrade or apply an update. - -- **Save** - Click to save a sequenced virtual application. - -- **Sequencing Wizard** - Click to open the Sequencing Wizard. You should use this button to start the Sequencing Wizard if you make any changes on the **General** tab under **Tools** / **Options**. - -## Virtual Application Tabs - - -The following tabs are displayed when you view a virtual application in the App-V Sequencer Console: - -- **Properties** - Displays information about the selected virtual application. You can update the Package Name and Comments associated with the virtual application. - -- **Deployment** - Displays information about how the virtual application will be accessed by target computers. You can configure the virtual application delivery method, and you can configure which operating systems must be running on the target computer. You can also configure the associated output options. If you plan to have clients access a virtual application from a file, use the following format when specifying the path: **File://server/share/path/.sft**. Select **Enforce Security Descriptors** to preserve security associated with the package during an upgrade, or the permissions will be reset during the upgrade. - -- **Change History** - Displays information about updates that have been made to the virtual application. - -- **Files** - Displays the files associated with the selected virtual application. You can make minor revisions to the associated file properties by using the appropriate fields. - -- **Virtual Registry** - Displays the virtual registry associated with the selected virtual application. You can add or delete registry keys by right-clicking the appropriate entry. - -- **Virtual File System** - Displays the virtual file systems associated with the selected virtual application. You can add, delete, or edit file system entries on this tab by right-clicking the appropriate entry and selecting the option. - -- **Virtual Services** - Displays the services associated with the selected virtual application. - -- **OSD** - Displays information about the Open Software Descriptor (OSD) associated with the virtual application. You can update the files associated with the OSD file by right-clicking the appropriate entry and selecting the action that you want. - -## Related topics - - -[Application Virtualization Sequencer Overview](application-virtualization-sequencer-overview.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/about-the-virtual-file-system-tab.md b/mdop/appv-v4/about-the-virtual-file-system-tab.md deleted file mode 100644 index c63df76467..0000000000 --- a/mdop/appv-v4/about-the-virtual-file-system-tab.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: About the Virtual File System Tab -description: About the Virtual File System Tab -author: dansimp -ms.assetid: 4d2e344d-3f3b-49fd-bbbd-fa5177e7af50 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# About the Virtual File System Tab - - -The virtual file system is created during sequencing. It maps directories and files that are added or modified outside the package root directory. The **Virtual File System** tab displays the entire virtual file system for a sequenced application package. It also allows you to add, edit, and delete file associations. - -For information about the virtual file system and its use, see the section “VFS Installs” of [Advanced Sequencing Topics](https://go.microsoft.com/fwlink/?LinkId=114543), at https://go.microsoft.com/fwlink/?LinkId=114543. - -## Columns - - -**From** -Displays the application's component files in the SFT file as they will be distributed on an Application Virtualization Desktop Client. - -**To** -Displays the application's component files as they have been distributed by the application installer on the Application Virtualization Sequencer. - -## Related topics - - -[How to Modify File-Mapping Information](how-to-modify-file-mapping-information.md) - -[Sequencer Console](sequencer-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/about-the-virtual-registry-tab.md b/mdop/appv-v4/about-the-virtual-registry-tab.md deleted file mode 100644 index 580a4456c0..0000000000 --- a/mdop/appv-v4/about-the-virtual-registry-tab.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: About the Virtual Registry Tab -description: About the Virtual Registry Tab -author: dansimp -ms.assetid: ca8d837f-8218-4f86-95fd-13a44dccd022 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About the Virtual Registry Tab - - -A virtual registry is created during sequencing. The **Virtual Registry** tab displays all the registry keys and values that are required for a sequenced application package to run. Use this tab to add, edit, and delete registry keys and registry values. - -You can also choose to ignore the hosting system’s keys by selecting **Override Local Key**, or you can create a merged view of the key from within the virtual environment by selecting **Merge with Local Key**. - -The changes to the virtual registry **Settings** tab affect applications that are part of the specific sequenced application package, but they do not affect the operation of other applications that are streamed to or locally installed on the Application Virtualization Desktop Client. - -**Note**   - Exercise caution when changing virtual registry keys and values. Changing these keys and values might render your sequenced application package inoperable. - - - -The left pane of the **Virtual Registry** tab displays the full list of virtual registries created during the sequencing of an application. - -## Columns - - -**Name** -The name for the entry in the virtual registry. - -**Type** -How the entry stores its data. - -**Data** -The value stored by the entry. - -**Attributes** -Displays the file attributes. - -## Related topics - - -[How to Modify Virtual Registry Key Information](how-to-modify-virtual-registry-key-information.md) - -[Sequencer Console](sequencer-console.md) - - - - - - - - - diff --git a/mdop/appv-v4/about-the-virtual-services-tab.md b/mdop/appv-v4/about-the-virtual-services-tab.md deleted file mode 100644 index 9da1a5c4f1..0000000000 --- a/mdop/appv-v4/about-the-virtual-services-tab.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: About the Virtual Services Tab -description: About the Virtual Services Tab -author: dansimp -ms.assetid: d31eea1b-9a37-42f1-8d7c-95881716e753 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About the Virtual Services Tab - - -During sequencing, a list of embedded services are identified and sequenced. Embedded services help an operating system run. The **Virtual Services** tab displays a list of embedded services. It also allows you to edit the properties of the individual services. - -## Columns - - -**Name** -The name of the service. - -**Description** -A description of the service. - -**Startup Type** -Indicates whether virtual services on the client are set to manual or automatic start-up. - -**Logon As** -Indicates the client log-on identity—for example, LocalSystem. - -**Services Type** -Indicates the type of service running on the Client. - -## Related topics - - -[How to Modify Attributes of Embedded Services](how-to-modify-attributes-of-embedded-services.md) - -[Sequencer Console](sequencer-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/about-using-the-sequencer-command-line.md b/mdop/appv-v4/about-using-the-sequencer-command-line.md deleted file mode 100644 index b54eeb6152..0000000000 --- a/mdop/appv-v4/about-using-the-sequencer-command-line.md +++ /dev/null @@ -1,58 +0,0 @@ ---- -title: About Using the Sequencer Command Line -description: About Using the Sequencer Command Line -author: dansimp -ms.assetid: 0fd5f81b-17f9-4065-bce2-8785e8aac7c7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About Using the Sequencer Command Line - - -You can use the command line to create sequenced application packages. Using the command line to create virtual applications is useful in the following scenarios: - -- You need to create a large number of sequenced application packages. - -- You need to create a sequenced application package on a recurring basis. - -**Important**   -Sequencing at the command prompt allows for default sequencing only. If you need to change default sequencing parameters, you must either manually modify a sequenced application package or re-sequence the application. - - - -All subsequent modifications to existing sequenced application packages must be made using the sequencing wizard. - -## Prerequisites - - -To sequence an application by using the command prompt, the following conditions must be met: - -- The application that is about to be sequenced must not require changes or workarounds made to it outside the installer or Windows Installer package. - -- Before sequencing, you must prepare a list of batch files for creating the sequenced application packages. - -- Review For more information about the command line parameters, see [Command-Line Parameters](command-line-parameters.md). - -- Review the errors that might be displayed when creating a sequenced application package by using the command line. For more information, see these errors, see [Command-Line Errors](command-line-errors.md). - -## Related topics - - -[How to Manage Virtual Applications Using the Command Line](how-to-manage-virtual-applications-using-the-command-line.md) - - - - - - - - - diff --git a/mdop/appv-v4/about-virtual-environments.md b/mdop/appv-v4/about-virtual-environments.md deleted file mode 100644 index 263e550a58..0000000000 --- a/mdop/appv-v4/about-virtual-environments.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: About Virtual Environments -description: About Virtual Environments -author: dansimp -ms.assetid: e03a8c72-56c1-4ae9-aa45-0283c50a154c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About Virtual Environments - - -Virtual applications run in virtual environments. Virtual environments enable each application to run on a desktop, laptop, or Remote Desktop Session Host (RD Session Host) server without installation and alteration of the host operating system. Each application carries its own configuration information in the virtual environment. As a result, many applications run side by side with other applications on the same computer without any conflicts. - -Virtual applications run locally, so they run with the full performance, functionality, and access to local services that you would expect from any application installed locally. - -Because each application runs in a virtual environment, the following problems are reduced: - -- Application conflicts—In environments that do not use Application Virtualization, you must thoroughly test every application to ensure that it does not interfere with other installed applications. - -- Regression testing—Because the application does not change the underlying operating system, lengthy regression testing is eliminated. - -- Version incompatibilities—Different versions of the same application can run simultaneously on the same computer. - -- Multiuser access—Applications that do not run in multiuser mode, and therefore cannot run within an RD Session Host, can now do so and function correctly for multiple users on a single RD Session Host. - -- Multitenancy issues—Two instances of the same application that use different configurations can run on the same computer at the same time. - -- Server siloing—The need for many separate server farms is eliminated. - -Virtual environments include a virtual registry for each application. Registry settings created by one application cannot be seen by other applications or utilities such as Regedit. Rather than copying the entire registry, the virtual registry uses an *overlay* method. Items in the client registry can be read by the application as long as a virtual copy of that registry item is not included in the virtual registry. All application writes to the registry are contained in the virtual registry. - -Virtual environments also include a virtual file system and other virtual components, including virtual services and virtual COM. - -## Related topics - - -[Application Virtualization Client Management Console Overview](application-virtualization-client-management-console-overview.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/add-app.md b/mdop/appv-v4/add-app.md deleted file mode 100644 index be8e8866ee..0000000000 --- a/mdop/appv-v4/add-app.md +++ /dev/null @@ -1,99 +0,0 @@ ---- -title: ADD APP -description: ADD APP -author: dansimp -ms.assetid: 329fd0c8-a795-49be-b0fd-1367c5b4a34b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# ADD APP - - -Adds an application record. - -`SFTMIME ADD APP:application /OSD osd-pathname [/ICON icon-pathname] [/LOG log-pathname | /CONSOLE | /GUI]` - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

APP:<application>

The name and version (optional) of the application.

/OSD <osd-pathname>

The path or URL for the OSD file.

/ICON <icon-pathname>

The path or URL for the icon file.

/LOG

If specified, output is logged to the specified path name.

/CONSOLE

If specified, output is presented in the active console window (default).

/GUI

If specified, output is presented in a Windows dialog box.

- - - -For version 4.6, the following option has been added. - - ---- - - - - - - -

/LOGU

If specified, output is logged to the specified path name in UNICODE format.

- - - -**Note**   -The resulting name of the application will be taken from the OSD file and not from the name provided in APP:<application>. - - - -## Related topics - - -[SFTMIME Command Reference](sftmime--command-reference.md) - - - - - - - - - diff --git a/mdop/appv-v4/add-package.md b/mdop/appv-v4/add-package.md deleted file mode 100644 index 80ed132da5..0000000000 --- a/mdop/appv-v4/add-package.md +++ /dev/null @@ -1,126 +0,0 @@ ---- -title: ADD PACKAGE -description: ADD PACKAGE -author: dansimp -ms.assetid: aa83928d-a234-4395-831e-2a7ef786ff53 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# ADD PACKAGE - - -Adds a package record. If the package already exists, this command will update the configuration of the existing package. - -`SFTMIME ADD PACKAGE:package-name /MANIFEST manifest-path [/OVERRIDEURL url [/AUTOLOADONREFRESH] [/AUTOLOADONLOGIN] [/AUTOLOADONLAUNCH] [/AUTOLOADTARGET {NONE|ALL|PREVUSED}] [/GLOBAL] [/LOG log-pathname | /CONSOLE | /GUI]` - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

PACKAGE:<package-name>

User-visible and user-friendly name for the package.

/MANIFEST <manifest-path>

The path of the manifest file that lists the applications included in the package and all of their publishing information.

/OVERRIDEURL <URL>

The location of the package's SFT file.

/AUTOLOADONREFRESH

Background loading is performed after a publishing refresh.

/AUTOLOADONLOGIN

Background loading is performed when a user logs in.

/AUTOLOADONLAUNCH

Background loading is performed after a user starts an application from the package.

/AUTOLOADTARGET target

Indicates which applications from the package will be autoloaded.

NONE

No autoloading will be performed, despite the presence of any /AUTOLOADONxxx flags.

ALL

If an autoload trigger is enabled, all applications in the package will be loaded into cache whether or not they have been previously started.

PREVUSED

If an autoload trigger is enabled, the package will load if any applications in this package have previously been started by a user.

/GLOBAL

If present, the package will be available for all users on this computer.

/LOG

If specified, output is logged to the specified path name.

/CONSOLE

If specified, output is presented in the active console window (default).

/GUI

If specified, output is presented in a Windows dialog box.

- -  - -For version 4.6, the following option has been added. - - ---- - - - - - - -

/LOGU

If specified, output is logged to the specified path name in UNICODE format.

- -  - -## Related topics - - -[SFTMIME Command Reference](sftmime--command-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/add-server.md b/mdop/appv-v4/add-server.md deleted file mode 100644 index 546c6c2e3a..0000000000 --- a/mdop/appv-v4/add-server.md +++ /dev/null @@ -1,110 +0,0 @@ ---- -title: ADD SERVER -description: ADD SERVER -author: dansimp -ms.assetid: 4be2ac2e-a410-4711-9f84-f305393c8fa7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# ADD SERVER - - -Adds a publishing server. - -`SFTMIME ADD SERVER:server-name /HOST hostname /TYPE {HTTP|RTSP} /PATH path [/PORT port] [/REFRESH {ON|OFF}] [/SECURE] [/LOG log-pathname | /CONSOLE | /GUI]` - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

SERVER:<server-name>

The display name for the publishing server.

/HOST <hostname>

The host name or IP address for the publishing server.

/TYPE {HTTP|RTSP}

Indicates whether the publishing server is a Web server ("HTTP") or an Application Virtualization Server ("RTSP").

/PORT <port>

The port on which the publishing server listens. Defaults to 80 for normal HTTP servers, 443 for HTTP servers using enhanced security, 554 for normal Application Virtualization Servers, and 322 for servers using enhanced security.

/PATH <path>

The path portion of the URL used in a publishing request. If the TYPE parameter is set to RTSP, the path is optional and defaults to "/".

/REFRESH

If set to ON, publishing information will be refreshed when the user logs in. Defaults to ON.

/SECURE

If present, indicates that a connection with enhanced security should be established to the publishing server.

/LOG

If specified, output is logged to the specified path name.

/CONSOLE

If specified, output is presented in the active console window (default).

/GUI

If specified, output is presented in a Windows dialog box.

- -  - -For version 4.6, the following option has been added. - - ---- - - - - - - -

/LOGU

If specified, output is logged to the specified path name in UNICODE format.

- -  - -## Related topics - - -[SFTMIME Command Reference](sftmime--command-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/add-type.md b/mdop/appv-v4/add-type.md deleted file mode 100644 index cfcbb9e6fb..0000000000 --- a/mdop/appv-v4/add-type.md +++ /dev/null @@ -1,126 +0,0 @@ ---- -title: ADD TYPE -description: ADD TYPE -author: dansimp -ms.assetid: 8f1d3978-9977-4851-9f46-fee6aefa3535 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# ADD TYPE - - -Adds the specified file type association. - -`SFTMIME ADD TYPE:file-extension /APP application [/ICON icon-pathname] [/DESCRIPTION type-desc] [/CONTENT-TYPE content-type] [/GLOBAL] [/PERCEIVED-TYPE perceived-type] [/PROGID progid] [/CONFIRMOPEN {YES|NO}] [/SHOWEXT {YES|NO}] [/NEWMENU {YES|NO}] [/LOG log-pathname | /CONSOLE | /GUI]` - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

TYPE:<file-extension>

The file name extension that will be associated with the application specified.

/APP <application>

The name and version (optional) of the application.

/ICON <icon-pathname>

The path or URL for the icon file.

/DESCRIPTION <type-desc>

The user-friendly name for the file type. Defaults to "EXTENSION File."

/CONTENT-TYPE <content-type>

The content type of the file. Defaults to "application/softricity-extension."

/GLOBAL

If present, the package will be available for all users on this computer.

/PERCEIVED-TYPE <perceived-type>

The perceived type of the file. Defaults to nothing.

/PROGID <progid>

The programmatic identifier for the file type. Defaults to App Virt.extension.File.

/CONFIRMOPEN

Indicates whether users downloading a file of this type should be asked whether to open or save the file. Defaults to YES.

/SHOWEXT

Indicates whether the file's extension should always be shown, even if the user has requested that all extensions be hidden. Defaults to NO.

/NEWMENU

Indicates whether an entry should be added to the shell's New menu. Defaults to NO.

/LOG

If specified, output is logged to the specified path name.

/CONSOLE

If specified, output is presented in the active console window (default).

/GUI

If specified, output is presented in a Windows dialog box.

- -  - -For version 4.6, the following option has been added. - - ---- - - - - - - -

/LOGU

If specified, output is logged to the specified path name in UNICODE format.

- -  - -## Related topics - - -[SFTMIME Command Reference](sftmime--command-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/administrators-node.md b/mdop/appv-v4/administrators-node.md deleted file mode 100644 index 633c1da358..0000000000 --- a/mdop/appv-v4/administrators-node.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Administrators Node -description: Administrators Node -author: dansimp -ms.assetid: 5f462a0d-af53-4464-9891-7b712193c7e8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Administrators Node - - -The **Administrators** node is one level below the Application Virtualization System node in the **Scope** pane in the Application Virtualization Server Management Console. When you select this node, the **Results** pane displays a list of administrator groups. Right-click the **Administrators** node to display a pop-up menu that contains the following elements. - -**Add Administrator Group** -Displays the **Select Groups** dialog to find and add the desired administrator group. Click **Finish** to add the group. - -**View** -Changes the appearance and content of the **Results** pane. - -**New Window from Here** -Opens a new management console with the selected node as the root node. - -**Refresh** -Refreshes the view of the server. - -**Help** -Displays the help system for the Application Virtualization Server Management Console. - -## Related topics - - -[How to Perform Administrative Tasks in the Application Virtualization Server Management Console](how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md) - -[Server Management Console: Administrators Node](server-management-console-administrators-node.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/administrators-results-pane-columns.md b/mdop/appv-v4/administrators-results-pane-columns.md deleted file mode 100644 index 57de6d3cde..0000000000 --- a/mdop/appv-v4/administrators-results-pane-columns.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: Administrators Results Pane Columns -description: Administrators Results Pane Columns -author: dansimp -ms.assetid: 2ac86625-15a8-471a-846b-a42eae37ed72 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Administrators Results Pane Columns - - -The **Administrators Results** pane in the Application Virtualization Server Management Console displays two columns that are described in the following table. - - ---- - - - - - - - - - - - - - - - - -
ColumnContents

Domain

Displays the name of the domain.

Group

Displays the name of the administrators group.

- -  - -## Related topics - - -[How to Perform Administrative Tasks in the Application Virtualization Server Management Console](how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md) - -[Server Management Console: Administrators Node](server-management-console-administrators-node.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/administrators-results-pane.md b/mdop/appv-v4/administrators-results-pane.md deleted file mode 100644 index 88516a4348..0000000000 --- a/mdop/appv-v4/administrators-results-pane.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -title: Administrators Results Pane -description: Administrators Results Pane -author: dansimp -ms.assetid: 92f4f924-c73b-45d6-8905-26f0f30aa189 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Administrators Results Pane - - -The **Administrators Results** pane in the Application Virtualization Server Management Console displays a list of the available administrator groups. - -## Related topics - - -[How to Perform Administrative Tasks in the Application Virtualization Server Management Console](how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md) - -[Server Management Console: Administrators Node](server-management-console-administrators-node.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/antivirus-running-dialog-box--app-v-46-sp1-.md b/mdop/appv-v4/antivirus-running-dialog-box--app-v-46-sp1-.md deleted file mode 100644 index 4eec31af83..0000000000 --- a/mdop/appv-v4/antivirus-running-dialog-box--app-v-46-sp1-.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: Antivirus Running Dialog Box (App-V 4.6 SP1) -description: Antivirus Running Dialog Box (App-V 4.6 SP1) -author: dansimp -ms.assetid: b720e308-8597-4470-a03e-fc36ffef84aa -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Antivirus Running Dialog Box (App-V 4.6 SP1) - - -Antivirus software is running on the computer running the App-V Sequencer. Running antivirus software during the creation of a virtual application package can interfere with the process by accessing required files that must to be added to the virtual application package or by adding extraneous data to the virtual application package. - -Use the following procedure to stop the antivirus software from running during sequencing: - -- On the computer running the App-V Sequencer, you must scan the computer and then stop the antivirus software from running. - - **Important**   - Remember to restart the antivirus software when you have finished sequencing the application. - - - -## Related topics - - -[Dialog Boxes (AppV 4.6 SP1)](dialog-boxes--appv-46-sp1-.md) - - - - - - - - - diff --git a/mdop/appv-v4/app-v-45-sp2-release-notes.md b/mdop/appv-v4/app-v-45-sp2-release-notes.md deleted file mode 100644 index ab0e856ca4..0000000000 --- a/mdop/appv-v4/app-v-45-sp2-release-notes.md +++ /dev/null @@ -1,222 +0,0 @@ ---- -title: App-V 4.5 SP2 Release Notes -description: App-V 4.5 SP2 Release Notes -author: dansimp -ms.assetid: 1b3a8a83-4523-4634-9f75-29bc22ca5815 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# App-V 4.5 SP2 Release Notes - - -To search these Release Notes, press CTRL+F. - -**Important**   -Read these Release Notes thoroughly before you install the Microsoft Application Virtualization Management System. These Release Notes contain information that you need to successfully install the Application Virtualization Management System. These Release Notes contain information that is not available in the product documentation. If there is a discrepancy between these Release Notes and other Application Virtualization Management System documentation, the latest change should be considered authoritative. - - - -For updated information about known issues, please visit the Microsoft TechNet Library at [App-V 4.5 SP2 Release Notes](https://go.microsoft.com/fwlink/?LinkId=184640) (https://go.microsoft.com/fwlink/?LinkId=184640). - -## About Microsoft Application Virtualization 4.5 Service Pack 2 - - -These Release Notes have been updated to reflect the changes introduced with Microsoft Application Virtualization (App-V) 4.5 Service Pack 2 (SP2). This service pack contains the following changes: - -- Support for Office 2010: App-V 4.5 SP2 now supports the virtualization of Microsoft Office 2010. For prescriptive guidance for sequencing Microsoft Office 2010 with App-V 4.5 SP2, see [Prescriptive guidance for sequencing Office 2010 in Microsoft App-V 4.6](https://go.microsoft.com/fwlink/?LinkId=191539) (https://go.microsoft.com/fwlink/?LinkId=191539). - -- Support for Database Mirroring: App-V 4.5 SP2 now supports Microsoft SQL Server Database Mirroring. For more information about configuring database mirroring in your App-V environment, see [How to Configure Microsoft SQL Server Mirroring Support for App-V](https://go.microsoft.com/fwlink/?LinkId=190880) (https://go.microsoft.com/fwlink/?LinkId=190880). - -- Customer Feedback and Hotfix Rollup: App-V 4.5 SP2 also includes a rollup of fixes to address issues found after the App-V  4.5 SP1 release. The updates address a combination of known issues and customer feedback from Microsoft internal teams, partners, and customers who are using App-V 4.5. For a full list of the updates, see article 980847 in the Microsoft Knowledge Base (KB) at [Description of Microsoft Application Virtualization 4.5 Service Pack 2](https://go.microsoft.com/fwlink/?LinkId=191540) (https://go.microsoft.com/fwlink/?LinkId=191540). - -## About the Product Documentation - - -Comprehensive documentation for Application Virtualization (App-V) is available on Microsoft TechNet in the [Application Virtualization TechCenter Library](https://go.microsoft.com/fwlink/?LinkId=122939) (https://go.microsoft.com/fwlink/?LinkId=122939). The TechNet documentation includes the online Help for the Application Virtualization Sequencer, the Application Virtualization Clients, and the Application Virtualization Server. It also includes the Application Virtualization Planning and Deployment Guide and the Application Virtualization Operations Guide. - -## Protect Against Security Vulnerabilities and Viruses - - -To help protect against security vulnerabilities and viruses, we recommend that you install the latest available security updates for any new software being installed. For more information, see [Microsoft Security](https://go.microsoft.com/fwlink/?LinkId=3482) (https://go.microsoft.com/fwlink/?LinkId=3482). - -## Provide Feedback - - -You can provide feedback, make a suggestion, or report an issue with the Microsoft Application Virtualization (App-V) Management System through the community forum on the Application Virtualization TechCenter [App-V Documentation Forum](https://go.microsoft.com/fwlink/?LinkId=122917) (https://go.microsoft.com/fwlink/?LinkId=122917). - -You can also send your documentation feedback directly to the App-V documentation team at . - -## Known Issues with Application Virtualization 4.5 SP2 - - -This section provides the most up-to-date information about issues with Microsoft Application Virtualization (App-V) 4.5 SP2. These issues do not appear in the product documentation and in some cases might contradict existing product documentation. Whenever possible, these issues will be addressed in later releases of the software. - -### Guidance for installing Server Management Console - -If you have to install management software on systems other than the primary Application Virtualization publishing and streaming server, the server installation supports installing the Application Virtualization Management Console and Application Virtualization Management Web service on separate servers from the primary App-V Management Server. To distribute the management components across multiple servers, Kerberos delegation must be enabled on the server where the Application Virtualization Web service is installed. For information about how to enable this support, see [How to Configure the Server to be Trusted for Delegation](https://go.microsoft.com/fwlink/?LinkId=166682) (https://go.microsoft.com/fwlink/?LinkId=166682). - -### Guidance for installing or upgrading clients to App-V 4.5 SP2 by using Setup.msi - -When installing or upgrading your App-V Clients to App-V 4.5 SP2 by using Setup.msi, the prerequisites are not installed automatically. - -WORKAROUND   You must manually install the prerequisites before installing or upgrading the App-V Clients to App-V 4.5 SP2. For detailed procedures about how to install the prerequisites and the App-V Client, see [How to Install the Client by Using the Command Line](https://go.microsoft.com/fwlink/?LinkId=144106) (https://go.microsoft.com/fwlink/?LinkId=144106). - -When this has been completed, install the App-V 4.5 SP2 Clients by using Setup.msi with administrative credentials. This file is available on the App-V 4.5 SP2 release media in the Installers\\Client folder. - -When installing Microsoft Application Error Reporting, use the following command if you are installing or upgrading to the App-V 4.5 SP2 Desktop Client: - -**msiexec /i dw20shared.msi APPGUID={C6FC75B9-7D86-4C44-8BDB-EAFE1F0E200D}  allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus** - -Alternatively, if you are installing or upgrading to the App-V 4.5 SP2 Client for Remote Desktop Services (formerly Terminal Services), use the following command: - -**msiexec /i dw20shared.msi APPGUID={ECF80BBA-CA07-4A74-9ED6-E064F38AF1F5} allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus** - -**Note**   -- The APPGUID parameter references the product code of the App-V Clients that you install or upgrade. The product code is unique for each Setup.msi. You can use the Orca Database Editor or a similar tool to examine Windows Installer files and determine the product code. This step is required for all installations or upgrades to App-V 4.5 SP2. - -- This step is not required if you are upgrading and have previously installed Dw20shared.msi. - - - -### Improving performance when sequencing the .NET Framework - -When sequencing the Microsoft .NET Framework, you might experience reduced system performance because the .NET Framework NGEN service attempts to precompile assemblies as a background task. - -WORKAROUND   When sequencing the .NET Framework, disable the .NET Framework NGEN service (Mscorsvw.exe) after completing the monitoring phase. You must use the **Virtual Services** tab in the App-V Sequencer and change the startup type to **Disabled**. - -### When you uninstall the Microsoft Application Virtualization Client, user settings associated with the user performing the uninstallation are deleted - -When you uninstall the App-V Client, the Windows Installer removes Application Virtualization settings from the current user's profile. If your computer uses roaming profiles, do not use your personal network account to uninstall the client because it will remove settings for your virtual applications on all of your computers. - -WORKAROUND   You must uninstall the App-V Client with an administrative account that is not used for running virtual applications. - -### Edits made on the virtual file system and virtual registry tabs must be saved while running the Sequencing wizard - -If you open a package to perform an upgrade, or if you have already run the Sequencing wizard with a new package and make changes to the package in the virtual file system or virtual registry tabs, those changes are not automatically saved. - -WORKAROUND   Save the changes before re-running the wizard, to ensure that they are reflected inside the wizard’s virtual environment. - -### Command-line Sequencer must be run from an elevated command prompt - -When you use the command-line Sequencer, it does not prompt for elevation. - -WORKAROUND   Run the command-line Sequencer by using an elevated command prompt. - -### Short path variable names in OSD files can cause errors - -If you receive error 450478-1F702339-0000010B "The directory name is invalid" when starting a virtual application on the client, it is possible that the variable in the OSD is set incorrectly. This can happen if the application’s installer sets a short path name during sequencing. - -WORKAROUND   Remove the trailing tilde from any CSIDL variable that exists in the OSD file. - -### Correct syntax for DECODEPATH parameter for command-line Sequencer - -In the command-line Sequencer, when opening a package for upgrade and decoding it to the root of drive Q, the syntax for the *DECODEPATH* parameter should not include a trailing slash. - -WORKAROUND   You can use **Q:** rather than **Q:\\** (omitting the trailing "\\" character). - -### When upgrading APP-V 4.2 packages, you encounter problems caused by Windows Installer files in the Virtual File System - -When upgrading a package from APP-V 4.2, you might experience issues relating to a mismatch of Windows Installer system files that were included by default in APP-V 4.2 and the Windows Installer libraries locally installed on your Sequencing workstation. The following files are located in CSIDL\_SYSTEM\\: - -Cabinet.dll - -Msi.dll - -Msiexec.exe - -Msihnd.dll - -Msimsg.dlll - -WORKAROUND   Delete all of the preceding files from the package. Delete the mappings on the **VFS** tab and the actual files in the CSIDL\_SYSTEM folder in your decode path. - -### On Windows XP, by default, client installation logging is not enabled - -When installing the client, to ensure that any install errors are captured for troubleshooting, you must enable logging by using the command line. - -WORKAROUND   Add the parameter */l\*vx! log.txt* to the command line, as shown in the following example: - -**setup.exe /s /v”/qn /l\*vx! log.txt”** - -**msiexec.exe /i setup.msi /qn /l\*vx! log.txt** - -Alternatively, you can set the registry key to the following value: - -**\[HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Installer\] "Logging"="voicewarmupx!"** - -### For Kerberos authentication to work, Service Principal Names (SPNs) must be registered for IIS - -When using Internet Information Services (IIS) 6.0 or IIS 7.0 for icon or OSD file retrieval and streaming of packages, to enable Kerberos authentication, the SPNs must be registered as follows: - -- On the IIS server, run the following commands by using the SETSPN.EXE Resource Kit tool. The server fully qualified domain name (FQDN) must be used. - - **Setspn -r SOFTGRID/<Server FQDN>** - - **Setspn -r HTTP/<Server FQDN>** - -For more information, see [Integrated Windows Authentication (IIS 6.0)](https://go.microsoft.com/fwlink/?LinkId=131407) (https://go.microsoft.com/fwlink/?LinkId=131407). - -### .NET compatibility changes - -Microsoft Application Virtualization (App-V) Cumulative Update 1 or later supports sequencing the .NET Framework on Windows XP SP2 or later. Sequencing routines for .NET applications that were written for SoftGrid 4.2 might have to be updated when used with the App-V 4.5 Sequencer. For details and workarounds, see the Application Virtualization TechCenter article at [Support for .NET in Microsoft Application Virtualization 4.5](https://go.microsoft.com/fwlink/?LinkId=123412) (https://go.microsoft.com/fwlink/?LinkId=123412). - -### After client upgrade from App-V 4.2, some applications are not shown - -Check for the following error in the log: "The Application Virtualization Client could not parse the OSD file". The App-V 4.5 Client filters out applications that have an OSD file that contains an empty OS tag (<OS></OS>). - -WORKAROUND   Delete the empty OS tag from the OSD file. - -### The App-V server requires exemptions in its firewall for certain processes - -For the server to stream applications correctly, the server's core processes, including the dispatcher, require access through the firewall. - -WORKAROUND   Set exemptions in the server's firewall for the following processes: Sghwsvr.exe and Sghwdsptr.exe. This applies to the App-V Management Server and App-V Streaming Server. - -### When the server installer is run in silent mode, it does not correctly check for MSXML6 - -The App-V Management Server depends on MSXML6. However, if you run the installer in silent mode—for example, by using the command **msiexec -i setup.msi /qn** on a system where MSXML6 is not already installed—the installer does not detect the missing dependency and installs anyway. Therefore, when clients attempt to refresh publishing information from the App-V Management Server, they will get errors. - -WORKAROUND   Verify that MSXML6 is installed on the system before attempting a silent installation of the App-V Management Server. - -### Error code 000C800 when attempting to connect to the Application Virtualization Management Console - -An Application Virtualization administrator who is not a local administrator on the App-V Management Web Service server receives an error (Error code: 000C800) when attempting to connect to the App-V Management Console, and the Sftmmc.log entry indicates that access to SftMgmt.udl is denied. To successfully connect to the App-V Management Console, an administrator who does not have local administrator rights on the App-V Management Web Service server must have at least Read and Execute permissions to the SftMgmt.udl file. - -Application Virtualization administrators must have Read and Execute permissions to the SftMgmt.UDL file in folder %systemdrive%\\Program Files\\Microsoft System Center App Virt Management Server\\App Virt Management Service. - -### Client installer command-line parameters are ignored when used in conjunction with KEEPCURRENTSETTINGS=1 - -When used in conjunction with KEEPCURRENTSETTINGS=1, the following client installer command-line parameters are ignored: SWICACHESIZE, MINFREESPACEMB, ALLOWINDEPENDENTFILESTREAMING, APPLICATIONSOURCEROOT, ICONSOURCEROOT, OSDSOURCEROOT, SYSTEMEVENTLOGLEVEL, SWIGLOBALDATA, DOTIMEOUTMINUTES, SWIFSDRIVE, AUTOLOADTARGET, AUTOLOADTRIGGERS, SWIUSERDATA, and REQUIRESECURECONNECTION. - -WORKAROUND   If you have settings you want to retain, use KEEPCURRENTSETTINGS=1, and then set the other parameters after deployment. The App-V ADM Template can be used to set the following client settings: APPLICATIONSOURCEROOT, ICONSOURCEROOT, OSDSOURCEROOT, AUTOLOADTARGET, AUTOLOADTRIGGERS, DOTIMEOUTMINUTES, and ALLOWINDEPENDENTFILESTREAMING. You can download the ADM Template from the Microsoft DownLoad Center at [Microsoft Application Virtualization Administrative Template (ADM Template)](https://go.microsoft.com/fwlink/?LinkId=121835) (https://go.microsoft.com/fwlink/?LinkId=121835). - -### Release Notes Copyright Information - -This document is provided "as-is". Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it. - -Some examples depicted herein are provided for illustration only and are fictitious.  No real association or connection is intended or should be inferred. - -This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes. You may modify this document for your internal, reference purposes. - - - -Microsoft, Active Directory, ActiveSync, MS-DOS, Windows, Windows Server, and Windows Vista are trademarks of the Microsoft group of companies. - -All other trademarks are property of their respective owners. - - - - - - - - - diff --git a/mdop/appv-v4/app-v-46-release-notes.md b/mdop/appv-v4/app-v-46-release-notes.md deleted file mode 100644 index 08a8ca5d64..0000000000 --- a/mdop/appv-v4/app-v-46-release-notes.md +++ /dev/null @@ -1,69 +0,0 @@ ---- -title: App-V 4.6 Release Notes -description: App-V 4.6 Release Notes -author: dansimp -ms.assetid: a3eba129-edac-48bf-a933-3bf43a9873e5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# App-V 4.6 Release Notes - - -To search these Release Notes, press CTRL+F. - -**Important**   -Read these Release Notes thoroughly before you install the Microsoft Application Virtualization (App-V) Management System. These Release Notes contain information that you need to successfully install Application Virtualization (App-V) 4.6. This document contains information that is not available in the product documentation. If there is a discrepancy between these Release Notes and other App-V documentation, the latest change should be considered authoritative. - - - -## Protect Against Security Vulnerabilities and Viruses - - -To help protect against security vulnerabilities and viruses, it is important to install the latest available security updates for any new software being installed. For more information, see the [Microsoft Security Web site](https://go.microsoft.com/fwlink/?LinkId=3482) (https://go.microsoft.com/fwlink/?LinkId=3482). - -## Known Issues with Application Virtualization 4.6 - - -This section provides the most up-to-date information about issues with Microsoft Application Virtualization (App-V) 4.6. These issues do not appear in the product documentation and in some cases might contradict existing product documentation. Whenever possible, these issues will be addressed in later releases. - -### Load/install error running a Windows Installer file generated by the App-V 4.5 Sequencer - -Running a Windows Installer file generated by the App-V 4.5 Sequencer produces a load/install error when trying to run it on an App-V 4.6 client. You will see the following message: "This package requires Microsoft Application Virtualization Client 4.5 or later". Please use the following workaround. - -WORKAROUND   Open the old package with either the App-V 4.5 SP1 Sequencer or the App-V 4.6 Sequencer and generate a new .msi file for the package. - -**Note**   -Alternatively, at the command prompt, the App-V Sequencer can generate the new .msi file by using the */OPEN* and */MSI* parameters, for example, `SFTSequencer /Open:”package.sprj” /MSI`. For more information, see [How to Upgrade a Virtual Application by Using the Command Line](how-to-upgrade-a-virtual-application-by-using-the-command-line.md). - - - -### Release Notes Copyright Information - -This document is provided “as-is”. Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it. - -Some examples depicted herein are provided for illustration only and are fictitious.  No real association or connection is intended or should be inferred. - -This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes. You may modify this document for your internal, reference purposes. - - - -Microsoft, Active Directory, ActiveSync, ActiveX, Excel, SQL Server, Windows, Windows PowerShell, Windows Server, and Windows Vista are trademarks of the Microsoft group of companies. - -All other trademarks are property of their respective owners. - - - - - - - - - diff --git a/mdop/appv-v4/app-v-46-sp1-release-notes.md b/mdop/appv-v4/app-v-46-sp1-release-notes.md deleted file mode 100644 index dd7fa73a1b..0000000000 --- a/mdop/appv-v4/app-v-46-sp1-release-notes.md +++ /dev/null @@ -1,108 +0,0 @@ ---- -title: App-V 4.6 SP1 Release Notes -description: App-V 4.6 SP1 Release Notes -author: dansimp -ms.assetid: aeb6784a-864a-4f4e-976b-40c34dcfd8d6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# App-V 4.6 SP1 Release Notes - - -To search these Release Notes, press CTRL+F. - -**Important**   -Read these Release Notes thoroughly before you install the Microsoft Application Virtualization (App-V) Management System. These Release Notes contain information that helps you successfully install Application Virtualization (App-V) 4.6 SP1. This document contains information that is not available in the product documentation. If there is a difference between these Release Notes and other App-V documentation, the latest change should be considered authoritative. - - - -## Protect Against Security Vulnerabilities and Viruses - - -To help protect against security vulnerabilities and viruses, it is important to install the latest available security updates for any new software being installed. For more information, see the [Microsoft Security website](https://go.microsoft.com/fwlink/?LinkId=3482) (https://go.microsoft.com/fwlink/?LinkId=3482). - -## Known Issues with Application Virtualization 4.6 SP1 - - -This section provides the most up-to-date information about issues with Microsoft Application Virtualization (App-V) 4.6 SP1. These issues do not appear in the product documentation and in some cases might contradict existing product documentation. When it is possible, these issues will be addressed in later releases. - -### Path from SPRT is lost if it does not end in forward slash ( / ) - -When the path in an HREF in a project template does not end with a forward slash (**/**), the generated HREF does not include the path. This occurs when the user manually manipulates the **.sprt** file. If you use the sequencer it always adds the forward slash (**/**) after the path. - -WORKAROUND Make sure that the HREF has a trailing forward slash (**/**). - -### User folder name do not correspond to the package name - -Folders that contain user and global .pkg files no longer include the package name. Previously, the App-V client used to use the package root folder 8.3 short name as part of the folder name. This lets you easily identify it. When you use the App-V 4.6 SP1 sequencer, the package root folder 8.3 short names are now random strings. This makes it difficult to identify the folders that contain the package’s **.pkg** files on the computer that is running the App-V client. - -WORKAROUND Use one of the following methods to more easily identify these package folders: - -1. When you create the package by using the Sequencer, specify a folder name that follows the 8.3 naming convention for the primary application folder. This name will then be used as part of the user folder name as was the case in App-V 4.6. - -2. The .sprj file now contains a tag that displays the string that is used as the beginning of the user folder name. You can use the **SHORTNAME** element of the **PACKAGEROOTFOLDER** element to determine the name. - -### Running App-V 4.6 SP1 on computers that have more than 64 processors - -When you run App-V 4.6 SP1 on computers that have more than 64 processors installed, the App-V client fails. - -WORKAROUND None. This configuration is not supported. You must run App-V 4.6 SP1on computers that have fewer than 64 processors. - -### Application Virtualization 4.6 SP1 update is not offered on all locales that use Microsoft Update - -When you use Microsoft Update, the update for App-V 4.6 SP1 is not available for the following language locales: - -- Kazakh - -- Hindi - -- Serbian-Cyrillic - -WORKAROUND If you are using Microsoft Windows Server Update Services (WSUS) use the English version of the update or download the update from the Microsoft Update Catalog. - -### After expanding the parent package, you cannot sequence a plug-in with side by side components - -When you expand a parent package by using **Tools** / **Expand Package to Local System** in the App-V Sequencer console and you sequence a plug-in with side by side components, an installation error is returned. For example: - -- **HRESULT 0x80073712** - -This is caused when the sequencer writes the side-by-side component to the registry but does not clear the value for the following registry key: - -HKEY\_LOCAL\_MACHINE\\COMPONENTS\\StoreDirty - -WORKAROUND After expanding the parent package on the computer that is running the sequencer, you have to delete the value for the following registry key: - -HKEY\_LOCAL\_MACHINE\\COMPONENTS\\StoreDirty - -After you have deleted the value, sequence the plug-in. - -### Release Notes Copyright Information - -This document is provided “as-is”. Information and views expressed in this document, such as URL and other Internet website references, may change without notice. You bear the risk of using it. - -Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should be inferred. - -This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes. You may modify this document for your internal, reference purposes. - - - -Microsoft, Active Directory, ActiveSync, ActiveX, Excel, SQL Server, Windows, Windows PowerShell, Windows Server, and Windows Vista are trademarks of the Microsoft group of companies. - -All other trademarks are property of their respective owners. - - - - - - - - - diff --git a/mdop/appv-v4/app-v-46-sp2-release-notes.md b/mdop/appv-v4/app-v-46-sp2-release-notes.md deleted file mode 100644 index 227967a34a..0000000000 --- a/mdop/appv-v4/app-v-46-sp2-release-notes.md +++ /dev/null @@ -1,114 +0,0 @@ ---- -title: App-V 4.6 SP2 Release Notes -description: App-V 4.6 SP2 Release Notes -author: dansimp -ms.assetid: abb536f0-e187-4c5b-952a-f837abd10ad2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# App-V 4.6 SP2 Release Notes - - -**To search these release notes, press CTRL+F.** - -Read these release notes thoroughly before you install Microsoft Application Virtualization (App-V) 4.6 SP2. - -These release notes contain information that is required to successfully install Application Virtualization 4.6 SP2. The release notes also contain information that is not available in the product documentation. If there is a difference between these release notes and other App-V 4.6 SP2 documentation, the latest change should be considered authoritative. These release notes supersede the content that is included with this product. - -## About the Product Documentation - - -For more information about documentation for App-V, see the [Application Virtualization](https://go.microsoft.com/fwlink/?LinkID=232982) page on Microsoft TechNet. - -## Providing feedback - - -We are interested in your feedback on App-V 4.6 SP2. You can send your feedback to . - -**Note**   -This email address is not a support channel, but your feedback will help us to plan future changes for our documentation and product releases. - - - -For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) page. - -For more information about new updates or to provide feedback, follow us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447). - -## Known Issues with App-V 4.6 SP2 - - -### Short file name support is disabled for non-system physical drives when you sequence - -When you sequence on Windows 8 or Windows Server 2012, support for short file names (8.3) is disabled by default for non-system physical drives. - -The underlying physical drive associated with the primary virtual application directory (for example, “Q:\\appname”) on the sequencing station must provide short file name (8.3) support in order for the App-V 4.6 SP2 Sequencer to generate short file names when creating virtual application packages. Short file name (8.3) support is disabled by default for non-system physical drives on Windows 8 or Windows Server 2012. - -**Workaround:** Enable short file name (8.3) support on non-system physical drives. You can use the following command to enable short file name support on Windows 8 or Windows Server 2012. - -``` syntax -fsutil 8dot3name set : -``` - -For example, use the following command if the drive letter is “Q:”: - -``` syntax -fsutil 8dot3name set Q: 0 -``` - -**Note**   -You do not need to change this setting on the App-V client because the App-V file system properly handles short paths on Windows 8 or Windows Server 2012. - - - -### App-V does not override the default handler for file type or protocol associations on Windows 8 - -If you select a default application by using **Default Programs** in **Control Panel** on Windows 8, App-V will not override the associated file type associations for that application. - -**Workaround:** None. - -### Virtualized Outlook 2010 is not offered as an option for mailto clickable links on Windows 8 - -The mailto shell extension does not offer virtualized Outlook 2010 on Windows 8. For example, if you click a mailto: link from virtualized Outlook 2010 that is running on Windows 8, a new email window is not created. This option works correctly on Windows 7 and earlier versions of the Windows operating system. - -**Workaround:** None. - -### Application Virtualization 4.6 SP2 update is not offered on all locales that use Microsoft Update - -When you use Microsoft Update, the update for App-V 4.6 SP2 is not available for the following language locales: - -- Kazakh - -- Hindi - -- Serbian-Cyrillic - -**Workaround:** If you are using Microsoft Windows Server Update Services (WSUS), use the English version of the update or download the update from the Microsoft Update Catalog. - -## Release Notes Copyright Information - - -Microsoft, Active Directory, ActiveX, Bing, Excel, Silverlight, SQL Server, Windows, Microsoft Intune, and Windows PowerShell are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners. - - - -## Related topics - - -[About Microsoft Application Virtualization 4.6 SP2](about-microsoft-application-virtualization-46-sp2.md) - - - - - - - - - diff --git a/mdop/appv-v4/app-v-46-sp3-release-notes.md b/mdop/appv-v4/app-v-46-sp3-release-notes.md deleted file mode 100644 index d62afda16b..0000000000 --- a/mdop/appv-v4/app-v-46-sp3-release-notes.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: App-V 4.6 SP3 Release Notes -description: App-V 4.6 SP3 Release Notes -author: dansimp -ms.assetid: 206fadeb-59cc-47b4-836f-191ab1c27ff8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# App-V 4.6 SP3 Release Notes - - -To search these Release Notes, press CTRL+F. - -Read these Release Notes thoroughly before you install the Microsoft Application Virtualization (App-V) Management System. These Release Notes contain information that helps you successfully install Application Virtualization (App-V) 4.6 SP3. This document contains information that is not available in the product documentation. If there is a difference between these Release Notes and other App-V documentation, the latest change should be considered authoritative. These release notes supersede the content that is included with this product. - -## Protect Against Security Vulnerabilities and Viruses - - -To help protect against security vulnerabilities and viruses, it is important to install the latest available security updates for any new software being installed. For more information, see the [Microsoft Security website](https://go.microsoft.com/fwlink/?LinkId=3482) (https://go.microsoft.com/fwlink/?LinkId=3482). - -## Known Issues with Application Virtualization 4.6 SP3 - - -This section provides the most up-to-date information about issues with Microsoft Application Virtualization (App-V) 4.6 SP3. These issues do not appear in the product documentation and in some cases might contradict existing product documentation. When it is possible, these issues will be addressed in later releases. - -### Unable to open hyperlinks using Internet Explorer 11 on Microsoft Windows 8.1 within the Virtual Environment - -Attempting to open hyperlinks from within a virtual environment will fail on Windows 8.1 using Internet Explorer 11. This is because Internet Explorer 11 now ships with the Enhanced Protection Mode (EPM) enabled by default and this causes App-V to be unable to access required registry keys, files and communication port objects. - -WORKAROUND: Disable EPM in Internet Explorer 11 before opening an App-V package. This will allow you to open Internet Explorer from within the virtual environment. - -## Related topics - - -[About Microsoft Application Virtualization 4.6 SP3](about-microsoft-application-virtualization-46-sp3.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/app-v-application-wmi-class.md b/mdop/appv-v4/app-v-application-wmi-class.md deleted file mode 100644 index 3567a8da0e..0000000000 --- a/mdop/appv-v4/app-v-application-wmi-class.md +++ /dev/null @@ -1,126 +0,0 @@ ---- -title: App-V Application WMI Class -description: App-V Application WMI Class -author: dansimp -ms.assetid: b79b0d5a-ba57-442f-8bb4-d7154fc056f9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# App-V Application WMI Class - - -In the Application Virtualization (App-V) Client, the **Application** class is a Windows Management Instrumentation (WMI) class that represents all the virtual applications on the client. - -The following syntax is simplified from Managed Object Format (MOF) code. The code includes all the inherited properties. - -## Syntax - - -``` syntax -class Application -{ - string Name; - string Version; - string PackageGUID; - datetime LastLaunchOnSystem; - uint32 GlobalRunningCount; - boolean Loading; - string OriginalOsdPath; - string CachedOsdPath; -}; -``` - -## Requirements - - -## Properties - - -**Name** -Data type: **String** - -Access type: Read-only - -Qualifiers: Key - -The display name of the virtual application. - -**Version** -Data type: **String** - -Access type: Read-only - -Qualifiers: Key - -The version of the virtual application. - -**PackageGUID** -Data type: **String** - -Access type: Read-only - -Qualifiers: None - -The GUID of the package that the virtual application is associated with. - -**LastLaunchOnSystem** -Data type: **DateTime** - -Access type: Read-only - -Qualifiers: None - -The last date and time that the virtual application was launched. - -**GlobalRunningCount** -Data type: **UInt32** - -Access type: Read-only - -Qualifiers: None - -A count of the running instances of the virtual application that were started directly. - -**Loading** -Data type: **Boolean** - -Access type: Read-only - -Qualifiers: None - -**true** if the virtual application is being started; otherwise **false**. - -**OriginalOsdPath** -Data type: **String** - -Access type: Read-only - -Qualifiers: None - -The original file path of the OSD file that was registered with the App-V Client. - -**CachedOsdPath** -Data type: **String** - -Access type: Read-only - -Qualifiers: None - -The file path of the OSD file if the App-V Client has cached the OSD file locally. - -  - -  - - - - - diff --git a/mdop/appv-v4/app-v-client-registry-values-sp1.md b/mdop/appv-v4/app-v-client-registry-values-sp1.md deleted file mode 100644 index 5edc5870e2..0000000000 --- a/mdop/appv-v4/app-v-client-registry-values-sp1.md +++ /dev/null @@ -1,826 +0,0 @@ ---- -title: App-V Client Registry Values -description: App-V Client Registry Values -author: dansimp -ms.assetid: 46af5209-9762-47b9-afdb-9a2947e013f7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# App-V Client Registry Values - - -The Microsoft Application Virtualization (App-V) client stores its configuration in the registry. You can gather some useful information about the client if you understand the format of data in the registry. You can also configure many client actions by changing registry entries. This topic lists all the Application Virtualization (App-V) client registry keys and explains their uses. - -**Important** -On a computer running a 64-bit operating system, the keys and values described in the following sections will be under HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\SoftGrid\\4.5\\Client. - - - -## Configuration Key - - -The following table provides information about the registry values associated with the HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Configuration key. - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeData (Examples)Description

ProductName

String

Microsoft Application Virtualization Desktop Client

Do not modify.

Version

String

4.5.0.xxx

Do not modify.

Drivers

String

Sftfs.sys

If this key value is present, it contains the name of the driver that caused a stop error the last time the core was starting. After you have fixed the stop error, you must delete this key value so that sftlist can start.

InstallPath

String

Default=C:\Program Files\Microsoft Application Virtualization Client

The location where the client is installed. Do not modify.

LogFileName

String

Default=CSIDL_COMMON_APPDATA\Microsoft\Application Virtualization Client\sftlog.txt

The path and name for the client log file.

-
-Note

If you are running an earlier version than App-V 4.6, SP1 and you modify the log file name or location, you must restart the sftlist service for the change to take effect.

-
-
- -
-

LogMinSeverity

DWORD

Default=4, Informational

Controls which messages are written to the log. The value indicates a threshold of what is logged—everything less than or equal to that value is logged. For example, a value of 0x3 (Warning) indicates that Warnings (0x3), Errors (0x2), and Critical Errors (0x1) are logged.

-

Value Range: 0x0 = None, 0x1 = Critical, 0x2 = Error, 0x3 = Warning, 0x4 = Information (Default), 0x5 = Verbose.

-

The log level is configurable from the Application Virtualization (App-V) client console and from the command prompt. At a command prompt, the command sftlist.exe /verboselog will increase the log level to verbose. For more information on command-line details see

-

https://go.microsoft.com/fwlink/?LinkId=141467https://go.microsoft.com/fwlink/?LinkId=141467

-

.

LogRolloverCount

DWORD

Default=4

Defines the number of backup copies of the log file that are kept when it is reset. The valid range is 0–9999. The default is 4. A value of 0 means no copies will be kept.

LogMaxSize

DWORD

Default=256

Defines the maximum size in megabytes (MB) that the log file can grow before being reset. The default size is 256 MB. When this size is reached, a log reset will be forced on the next write attempt.

SystemEventLogLevel

DWORD

Default=0x4 (App-V 4.5)

-

Default=0x3 (App-V 4.6)

Indicates the logging level at which log messages are written to the NT event log. The value indicates a threshold of what is logged—that is, everything equal to or less than that value is logged. For example, a value of 0x3 (Warning) indicates that Warnings (0x3), Errors (0x2), and Critical Errors (0x1) are logged.

-

Value Range

-

0x0 = None

-

0x1 = Critical

-

0x2 = Error

-

0x3 = Warning

-

0x4 = Information (Default)

-

0x5 = Verbose

AllowIndependentFileStreaming

DWORD

Default=0

Indicates whether streaming from file will be enabled regardless of how the client has been configured with the APPLICATIONSOURCEROOT parameter. If set to FALSE, the transport will not enable streaming from files even if the OSD HREF or the APPLICATIONSOURCEROOT parameter contains a file path.

-

0x0=False (default)

-

0x1=True

ApplicationSourceRoot

String

rtsps://mainserver:322/prodapps

-

https://mainserver:443/prodapps

-

file://\uncserver\share\prodapps

-

file://\uncserver\share

Enables an administrator or electronic software distribution (ESD) system to ensure application loading is performed according to the topology management scheme. Use this key value to override the OSD CODEBASE for the HREF element (for example, the source location) for an application. Application Source Root supports URLs and Universal Naming Convention (UNC) path formats.

-

The correct format for the URL path is protocol://servername:[port][/path][/], where port and path are optional. If a port is not specified, the default port for the protocol is used. Only the protocol://server:port portion of the OSD URL is replaced.

-

The correct format for the UNC path is \computername\sharefolder[folder][], where folder is optional. The computer name can be a fully qualified domain name (FQDN) or an IP address, and sharefolder can be a drive letter. Only the \computername\sharefolder or drive letter portion of the OSD path is replaced.

OSDSourceRoot

String

\computername\sharefolder\resource

-

\computername\content

-

C:\foldername

-

http://computername/productivity/

-

https://computername/productivity/

Enables an administrator to specify a source location for OSD file retrieval for a sequenced application package during publication. Acceptable formats for the OSDSourceRoot include UNC paths and URLs (http or https).

IconSourceRoot

String

\computername\sharefolder\resource

-

\computername\content

-

C:\foldername

-

http://computername/productivity/

-

https://computername/productivity/

Enables an administrator to specify a source location for icon file retrieval for a sequenced application package during publication. Acceptable formats for the IconSourceRoot include UNC paths and URLs (http or https).

AutoLoadTriggers

DWORD

Default=5

AutoLoad is a client runtime policy configuration parameter that enables the secondary feature block of a virtualized application to be streamed to the client automatically in the background. The AutoLoad triggers are flags to indicate events that initiate auto-loading of applications. AutoLoad implicitly uses background streaming to enable the application to be fully loaded into cache. The primary feature block will be loaded first, and the remaining feature blocks will be loaded in the background to enable foreground operations, such as user interaction with applications, to take place and provide optimal perceived performance.

-

Bit mask values:

-

(0) Never: No bits are set (value is 0), no auto loading will be performed, because there are no triggers set.

-

(1) OnLaunch: Loading starts when a user starts an application.

-

(2) OnRefresh: Loading starts when the application is published. This occurs whenever the package record is added or updated—for example, when a publishing refresh occurs.

-

(4) OnLogin: Loading starts when a user logs in.

-

(5) OnLaunch and OnLogin: Default.

AutoLoadTarget

DWORD

Default=1

Indicates what will be auto-loaded when any given AutoLoad triggers occur. Bit mask values:

-

(0) None: No auto-loading, regardless of what triggers may be set.

-

(1) PreviouslyUsed (default): If any AutoLoad trigger is enabled, load only the packages where at least one application in the package has been previously used—that is, started or precached.

-

(2) All: If any AutoLoad trigger is enabled, all applications in the package (per package) or all packages (set for client) will be automatically loaded, whether or not they have ever been started.

RequireAuthorizationIfCached

DWORD

Default=1

Indicates that authorization is always required, whether or not an application is already in cache. Possible values:

-

0=False: Always try to connect to the server. If a connection to the server cannot be established, the client still allows the user to launch an application that has previously been loaded into cache.

-

1=True (default): Application always must be authorized at startup. For RTSP streamed applications, the user authorization token is sent to the server for authorization. For file-based applications, file ACLs control whether a user may access the application.

-

Restart the sftlist service for the change to take effect.

UserDataDirectory

String

%APPDATA%

Location where the icon cache and user settings are stored.

GlobalDataDirectory

String

C:\Users\Public\Documents

Directory to use for global App-V data, including caches for OSD files, icon files, shortcut information, and SystemGuard resources such as .ini files.

AllowCrashes

DWORD

0 or 1

Default=0: A value of 0 means that the client tries to catch internal program exceptions so that other user applications can recover and continue when a crash happens. A value of 1 means that the client allows the internal program exceptions to occur so that they can be captured in a debugger.

CoreInternalTimeout

DWORD

60

Time-out in seconds for internal IPC requests between core and front-end. Do not modify.

DefaultSuiteCombineTime

DWORD

10

This value is used to indicate how soon after being started that a program can shut down and not generate any error messages when another application in the same suite is running.

SerializedSuiteLaunchTimeout

DWORD

Default=60000

Defines how long in milliseconds the client will wait as it tries to serialize program starts in the same suite. If the client times out, the program start will continue but it will not be serialized.

ScriptTimeout

DWORD

300

Default time-out in seconds for scripts in OSD file if WAIT=TRUE. You can specify per-script time-outs with TIMEOUT instead of WAIT. A value of 0 means no wait, and 0xFFFFFFFF means wait forever.

LaunchRecordLogPath

String

If, under either HKLM or HKCU, this value contains a valid path to a log file, SFTTray will write to this log when programs start, shut down, fail to launch, and enter or exit disconnected mode.

LaunchRecordMask

DWORD

0x1A (26) log launch errors and disconnected mode entry and exit activity.

-

0x1F (31) logs everything.

-

0x0 (0) logs nothing.

Specifies which of the five events are logged (bitmask values):

-

1 for program starts

-

2 for launch failure errors

-

4 for shutdowns

-

8 for entering disconnected mode

-

16 for exiting disconnected mode to reconnect to a server

-

Add any combination of those numbers to turn on the respective messages. Defaults to 0x1F if not in registry.

LaunchRecordWriteTimeout

DWORD

Default=3000

Specifies in milliseconds how long the tray will wait when trying to write to the launch record log if another process is using it.

ImportSearchPath

String

d:\files;C:\documents and settings\user1\SFTs

A semicolon delimited list of up to five directories to search for portable SFT files before prompting the user to select a directory. Trailing backslash in paths is optional. This value is not present by default and must be set manually.

UserImportPath

String

D:\SFTs\

Valid only under HKCU. The last location the user browsed to while finding a SFT file for package import. Set automatically if the SFT is found successfully. This is used on successive imports when trying to automatically locate SFT files.

- - - -## Shared Key - - -The HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Shared key controls values that are shared across App-V components. The following table provides information about the registry values associated with the Shared key. - - ------ - - - - - - - - - - - - - - - - - - - - - - -
Name Type Data (Examples) Description

DumpPath

String

Default=C:\

Default path to create dump files when generating a minidump on an exception. This defaults to C:\ if not specified. The Client installer sets this key to the <App Virtualization global data directory>\Dumps. The Sequencer installer sets this key to the installation directory.

DumpPathSizeLimit

DWORD

1000

Specifies the maximum total amount of disk space in megabytes that can be used to store minidumps. Default = 1000 MB.

- - - -## Network Key - - -The HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Network key controls a variety of network-related parameters. This key is primarily used by the network transport agent. The following table provides information about the registry values associated with the Network key. - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Name Type Data (Examples) Description

Online

DWORD

Default=1

Enables or disables offline mode. If set to 0, the client will not communicate with App-V Management Servers or publishing servers. In disconnected operations, the client can start a loaded application even when it is not connected to an App-V Management Server. In offline mode, the client does not attempt to connect to an App-V Management Server or publishing server. You must allow disconnected operations to be able to work offline. Default value is 1 enabled (online), and 0 is disabled (offline).

AllowDisconnectedOperation

DWORD

Default=1

Enables or disables disconnected operation. Default value is 1 enabled, and 0 is disabled. When disconnected operations are enabled, the App-V client can start a loaded application even when it is not connected to an App-V Management Server.

FastConnectTimeout

DWORD

Default=1000

This value specifies the TCP connect time-out in milliseconds to determine when to go into disconnected operations mode. This value can be used to override the default ConnectTimeout of 20 seconds (App-V connect time-out for network transactions) or the system’s TCP time-out of approximately 25 seconds. This brings the client into disconnected operations mode quickly. Applied on the next connect.

LimitDisconnectedOperation

DWORD

Default=1

Applicable only if AllowDisconnectedOperation is 1, enabled. This value determines whether there will be a time limit for how long the client will be allowed to operate in disconnected operations. 1=limited. 0=unlimited.

DOTimeoutMinutes

DWORD

Default=129,600

Indicates how many minutes an application may be used in disconnected operation mode.

The valid values are 1–999,999 in days expressed in minutes (1–1,439,998,560 minutes). The default value is 90 days or 129,600 minutes.

Protocol

DWORD

Default=8

Default protocol to use (TCP vs SSL). Configure in Options Dialog.

ReadTimeout

DWORD

20

Read time-out for network transactions, in seconds. Do not modify.

WriteTimeout

DWORD

20

Write time-out for network transactions, in seconds. Do not modify.

ConnectTimeout

DWORD

20

Connect time-out for network transactions, in seconds. Do not modify.

ReestablishmentRetries

DWORD

3

The number of times to try to reestablish a dropped session.

ReestablishmentInterval

DWORD

15

The number of seconds to wait between tries to reestablish a dropped session.

- - - -## Http Key - - -The HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Network\\Http key controls the parameters that are related to Http streaming. This key is used primarily by the network transport agent. The following table provides information about the registry values that are associated with the Http key. - - ------ - - - - - - - - - - - - - - - - - - - - - - -
Name Type Data (Examples) Description

LaunchIfNotFound

DWORD

Default=0

Controls the behavior of HTTP streaming when a connection to the HTTP server can be established and the package file no longer exists on the HTTP server. If the value does not exist or if it is not set to 1, the App-V client does not let you launch an application that has previously been loaded into cache.

1

If this value is set to 1, the App-V client lets you launch an application that has previously been loaded into cache.

- - - -## File System Key - - -The values that are contained under the HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\AppFS key control the file system parameters for App-V. The following table provides information about the registry values associated with the AppFS key. - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Name Type Data (Examples) Description

FileSize

DWORD

4096

Maximum size in megabytes of file system cache file. If you change this value in the registry, you must set State to 0 and reboot.

FileName

String

C:\Users\Public\Documents\SoftGrid Client\sftfs.fsd

Location of file system cache file. If you change this value in the registry, you must either leave FileSize the same and reboot or set State to 0 and reboot.

DriveLetter

String

Q:

Drive where App-V file system will be mounted, if it is available. This value is set either by the listener or the installer, and it is read by the file system.

State

DWORD

0x100

State of file system. Set to 0 and reboot to completely clear the file system cache.

FileSystemStorage

String

C:\Profiles\Joe\SG

Path for symlinks, set under HKCU. Do not modify (use data directory under Configuration to change).

GlobalFileSystemStorage

String

C:\Users\Public\Documents\SoftGrid Client\AppFS Storage

Path for global file system data. Do not modify.

MaxPercentToLockInCache

DWORD

Default=90

Specifies the maximum percentage of the file system cache file that can be locked. Do not modify.

UnloadLeastRecentlyUsed

DWORD

Default=1

The file system cache space management feature uses a Least Recently Used (LRU) algorithm and is enabled by default. If the space that is required for a new package would exceed the available free space in the cache, the App-V Client uses this feature to determine which, if any, existing packages it can delete from the cache to make room for the new package. The client deletes the package with the oldest last-accessed date if it is older than the value specified in the MinPkgAge registry value. Values are 0 (disabled) and 1 (default, enabled).

MinPackageAge

DWORD

1

To determine when the package can be selected for discard, set this registry value to equal the minimum number of days you want to elapse since the package was last accessed. Packages that have been used more recently are not discarded.

- - - -## Permissions Key - - -To help to prevent users from making mistakes, administrators can use the HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Permissions key to control access to some actions for non-administrative users—for example, to prevent users from accidentally unloading programs. Users with administrative rights can give themselves any of these permissions. On shared systems, such as a Remote Desktop Session Host (RD Session Host) server (formerly Terminal Server) system, be careful when granting additional permissions to users because some of these permissions would enable users to control the applications used by all users on the system. Possible values for these settings are 1 (allow) and 0 (disallow). - -The Permissions key settings control all interfaces that enable the named actions. This includes the Options Dialog, SFTTray, and SFTMime. These settings do not affect administrators. The following table provides information about the registry values associated with the Permissions key. - -Name -Type -Data (Examples) -Description -ChangeFSDrive - -DWORD - -Default=0 - -A value of 1 allows users to pick a different drive letter to be used as the file system drive. - -ChangeCacheSize - -DWORD - -Default=0 - -A value of 1 allows users to change the cache size. - -ChangeLogSettings - -DWORD - -Default=0 - -A value of 1 allows users to modify the log level, change its location, and reset it through the user interface. - -AddApp - -DWORD - -Default=0 - -A value of 1 allows users to add applications explicitly. This does not affect applications that are added through publishing refresh nor does it prevent users from starting (and thereby implicitly adding) applications that have not already been added. Values are 0 or 1. - -LoadApp - -DWORD - -0 - -Does not allow a user to load an application. This is the default for RD Session Hosts. If you are a mobile user, you might want to fully load your applications in the cache to use them during disconnected operation or offline mode. To stream applications from the App-V Management Server or the App-V Streaming Server, you must be connected to a server to load applications. - -1 - -Allows a user to load an application. This is the default for Windows desktops. - -UnloadApp - -DWORD - -0 - -Does not allow a user to unload an application. When you load or unload a package, all the applications in the package are loaded into or removed from cache. - -1 - -Allows a user to unload an application. - -LockApp - -DWORD - -0 - -Does not allow a user to lock and unlock an application. This is the default for RD Session Hosts. A locked application cannot be removed from the cache to make room for new applications. To remove a locked application from the App-V Desktop or Client for Remote Desktop Services (formerly Terminal Services) cache, you must unlock it. - -1 - -Allows a user to lock and unlock an application. This is the default for Windows Desktops. - -ManageTypes - -DWORD - -0 - -Does not allow a user to add, edit, or remove file type associations for that User alone. This is the default for RD Session Hosts. - -1 - -Allows a user to add, edit, and remove file type associations for that user only and not globally. This is the default for Windows Desktops. - -RefreshServer - -DWORD - -0 - -Does not allow a user to trigger a refresh of MIME settings. This is the default for RD Session Hosts. - -1 - -Enables a user to trigger a refresh of MIME settings. This is the default for Windows Desktops. - -UpdateOSDFile - -DWORD - -Default= 0 - -A value of 1 enables a user to use a modified OSD file. - -ImportApp - -DWORD - -0 - -Does not allow a user to import applications into cache. The difference between Load and Import is that when a Load is triggered, the client gets the package from the currently configured location contained in the OSD, ASR, or Override URL. When using Import, a location to get the package from must be specified. - -1 - -Allows a user to import applications into cache. - -ChangeRefreshSettings - -DWORD - -Default=0 - -A value of 1 allows users to modify the refresh settings for servers (refresh on login and periodic refresh). This does not imply that the user can modify other server settings (path, host, and so on). - -ManageServers - -DWORD - -Default=0 - -A value of 1 allows the user to add, edit, and remove servers, except for editing the refresh settings, which is controlled by the ChangeRefreshSettings permission. - -PublishShortcut - -DWORD - -Default=0 - -A value of 1 allows users to publish shortcuts through the user interface. This does not affect shortcuts that are published during a publishing refresh. - -ViewAllApplications - -DWORD - -Default=0 - -A value of 1 displays all applications through the user interface; otherwise, only the user’s applications are displayed. - -RepairApp - -DWORD - -Default=1 - -A value of 1 allows the user to use the Repair action on applications in SFTMime or the Client Management Console. When you repair an application, you remove any custom user settings and restore the default settings. This action does not change or delete shortcuts or file type associations, and it does not remove the application from cache. - -ClearApp - -DWORD - -Default=1 - -A value of 1 allows the user to use the Clear action on applications in SFTMime or the Client Management Console. When you clear an application from the console, you can no longer use that application. However, the application remains in cache and is still available to other users on the same system. After a publishing refresh, the cleared applications will again become available to you. - -DeleteApp - -DWORD - -Default=0 - -A value of 1 allows the user to use the Delete action on applications in SFTMime or the Client Management Console. When you delete an application, the selected application will no longer be available to any users on that client. Shortcuts and file type associations are deleted and the application is deleted from cache. However, if another application refers to data in the file system cache or settings data for the selected application, these items will not be deleted. - -After a publishing refresh, the deleted applications will again become available to you. - -ToggleOfflineMode - -DWORD - -A value of 1 allows the users to select to run the client in Offline Mode. In Offline Mode, the Application Virtualization client can start a loaded application even when it is not connected to an Application Virtualization Server. - - - -## Custom Settings - - -The HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\CustomSettings key contains values specific to front-end components. All custom settings are stored as strings. The following table provides information about the registry values associated with the CustomSettings key. - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Name Type Data (Examples) Description

TrayErrorDelay

DWORD

Default=30

Time in seconds that the Application Virtualization notification area will display error messages like "Launch failed". Minimum value of 1.

TraySuccessDelay

DWORD

Default=10

Time in seconds that the appvmed notification area will display success messages like "Word launched" or "Excel shut down". If 0, those messages will be suppressed.

TrayVisibility

DWORD

Default=0

0=Show Tray when virtualized applications are in use.

-

1=Show Tray always.

-

2=Never show Tray.

TrayShowRefresh

DWORD

When present and set to a value of 1, allows menu item Refresh Applications to be displayed on the Tray menu and is accessible by the user.

TrayShowLoad

DWORD

When present and set to a value of 1, allows menu item Load Applications to be displayed on the Tray menu and is accessible by the user.

- - - -## Reporting Settings - - -The HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Reporting key contains values specific to reporting to an App-V Management Server. The following table provides information about the registry values associated with the Reporting key. - - ------ - - - - - - - - - - - - - - - - - - - - - - -
Name Type Data (Examples) Description

DataCacheLimit

DWORD

Default=20

This value specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over. When a new record is added (bottom of the list), one or more of the oldest records (top of the list) will be deleted to make room. A warning will be logged to the Client log and the event log the first time this occurs, and it will not be logged again until after the cache has been successfully cleared on transmission and the log has filled up again.

DataBlockSize

DWORD

Default=65536

This value specifies the maximum size in bytes to transmit to the server at once on publishing refresh, to avoid permanent transmission failures when the log has reached a significant size. The default value is 65536. When transmitting report data to the server, one block of application records—less than or equal to the block size in bytes of XML data—will be removed from the cache and sent to the server. Each block will have the general Client data and global package list data prepended, and these will not factor into the block size calculations; the potential exists for an extremely large package list to result in transmission failures over low bandwidth or unreliable connections.

- - - -## Related topics - - -[Application Virtualization Client Reference](application-virtualization-client-reference.md) - - - - - - - - - diff --git a/mdop/appv-v4/app-v-desktop-client-security.md b/mdop/appv-v4/app-v-desktop-client-security.md deleted file mode 100644 index 2bf8723032..0000000000 --- a/mdop/appv-v4/app-v-desktop-client-security.md +++ /dev/null @@ -1,77 +0,0 @@ ---- -title: App-V Desktop Client Security -description: App-V Desktop Client Security -author: dansimp -ms.assetid: 216b9c16-7bb4-4f94-b9d8-810501285008 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# App-V Desktop Client Security - - -The App-V Desktop Client provides many security enhancements that were not available in previous versions of the product. These changes provide higher levels of security by default and through configuration of the client settings. - -**Note**   -When you install the App-V Desktop Client on a computer, the software defaults to the most secure settings. However, when upgrading, the previous settings of the client persist. - - - -By default, the App-V Desktop Client is configured only with the permissions required to allow a non-administrative user to perform a publishing refresh and stream applications. Additional security enhancements provided in the App-V Desktop Client include the following: - -- By default, an OSD cache update is allowed only by the publishing refresh process. - -- The log file (`sftlog.txt`) is accessible only by accounts with local administrative access to the client. - -- The log file now has a maximum size. - -- The log files are managed through archive settings. - -- System Event logging is now performed. - -## Permissions - - -After you install the Desktop Client, you can configure other security settings through the MMC, or on an individual client by using the registry or the ADM Template provided by Microsoft. The App-V Desktop Client has permissions that you can set to restrict non-administrative users from accessing all the features of the Desktop Client. For a full list of permissions, please see the App-V Client Help file or App-V Operations Guide. - -**Important**   -Carefully consider the consequences of changing access rights, especially on systems that are shared by multiple users, such as Terminal Servers. - - - -**Note**   -If users in the environment have local administrator privileges for their computers, the permissions are ignored. - - - -### ADM Template - -Microsoft Application Virtualization (App-V) introduces an ADM Template that you can use to configure the most common client settings through Group Policies. This template enables administrators to implement and change many of the client settings through a centralized administration model. Some of the settings available in the ADM Template are security settings. - -**Important**   -When using the ADM Template, remember that the settings are Group Policy preference settings and not fully managed Group Policies. - - - -For a full description of the ADM Template, the specific settings, and guidance to successfully deploy clients in your environment, see the App-V ADM Template white paper at [https://go.microsoft.com/fwlink/LinkId=122063](https://go.microsoft.com/fwlink/?LinkId=122063). - -## Removing OSD File Type Associations - - -If your organization does not require users to open applications directly from an OSD file, you can enhance security by removing the file type associations on the client. Remove the `HKEY_CURRENT_USERS` keys for OSD and `Softgird.osd.file` by using the registry editor. You can put this process into a logon script or into a post-installation script to automate these changes. - - - - - - - - - diff --git a/mdop/appv-v4/app-v-installation-checklist.md b/mdop/appv-v4/app-v-installation-checklist.md deleted file mode 100644 index 68208f051d..0000000000 --- a/mdop/appv-v4/app-v-installation-checklist.md +++ /dev/null @@ -1,90 +0,0 @@ ---- -title: App-V Installation Checklist -description: App-V Installation Checklist -author: dansimp -ms.assetid: b17efaab-cd6d-4c30-beb7-c6e7c9c87657 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# App-V Installation Checklist - - -The following checklist is intended to provide a high-level list of items to consider and outlines the steps you should take to install the Microsoft Application Virtualization (App-V) servers. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
StepReference

Install the App-V Management Server. If you are installing the Management Web Service, Management Console, or the Data Store on different servers, you can use the custom installation option.

How to Install Application Virtualization Management Server

Install the App-V Management Web Service. (Optional ¹)

How to Install the Management Web Service

Install the App-V Management Console. (Optional ¹)

How to Install the Management Console

Install the App-V Data Store. (Optional ¹)

How to Install a Database

Install the App-V client.

How to Manually Install the Application Virtualization Client

Install the App-V Sequencer.

How to Install the Application Virtualization Sequencer

Install the App-V Streaming Server. (This is optional and required only if you are installing the Streaming Server).

How to Install the Application Virtualization Streaming Server

Create Content directories on the servers that will be used for streaming applications to users’ computers.

How to Configure the Application Virtualization Management Servers

-

How to Configure the Application Virtualization Streaming Servers

-

How to Configure the Server for IIS

-

How to Configure the File Server

- - - -¹ This is required only if you are installing the App-V Management Web Service, Management Console, or the Data Store on a different computer. - -## Related topics - - -[Application Virtualization Deployment and Upgrade Checklists](application-virtualization-deployment-and-upgrade-checklists.md) - -[App-V Postinstallation Checklist](app-v-postinstallation-checklist.md) - - - - - - - - - diff --git a/mdop/appv-v4/app-v-interoperability-with-windows-applocker.md b/mdop/appv-v4/app-v-interoperability-with-windows-applocker.md deleted file mode 100644 index b4fc7f6ba0..0000000000 --- a/mdop/appv-v4/app-v-interoperability-with-windows-applocker.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: App-V Interoperability with Windows AppLocker -description: App-V Interoperability with Windows AppLocker -author: dansimp -ms.assetid: 9a488034-607d-411c-b495-ff184c726f49 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# App-V Interoperability with Windows AppLocker - - -Version 4.5 SP1 of the Microsoft Application Virtualization (App-V) client supports the AppLocker feature of Windows 7. The AppLocker feature enables IT administrators to specify which applications are restricted from running on computers. This document describes how to configure the AppLocker rules to work with the App-V virtual environment and virtualized applications. - -**Note**   -Windows AppLocker must first be enabled before configuring Windows AppLocker rules for virtual applications. For more information about enabling Windows AppLocker, [Windows AppLocker](https://go.microsoft.com/fwlink/?LinkId=156732) (https://go.microsoft.com/fwlink/?LinkId=156732). - - - -## Configuring Windows AppLocker Rules for Virtual Applications - - -Local administrators can create Windows AppLocker rules that restrict the running of program executables (.exe files), Windows Installer files (.msi and .msp files), and scripts (.ps, .bat, .cmd, .vbs and .js files). The administrator does this by using a reference computer that has the App-V client installed and that has all the relevant virtual applications streamed to the client cache. The administrator then uses the Windows AppLocker section of the Local Security Policy Microsoft Management Console (MMC) snap-in on the reference computer to create the rules. - -When you browse to find a directory path or specific file for which you want to create a rule, you can access the App-V drive by using the path to the hidden share. For example, you can browse to \\\\localhost\\Q$, where the App-V drive is drive Q. However, to create the rule, you must edit the path to remove the reference to \\\\localhost\\Q$ and use Q:\\ instead. You must start each application on the reference computer to access the application’s files, and administrative rights are required to browse to \\\\localhost\\Q$. - - - - - - - - - diff --git a/mdop/appv-v4/app-v-package-wmi-class.md b/mdop/appv-v4/app-v-package-wmi-class.md deleted file mode 100644 index f9efeee4ce..0000000000 --- a/mdop/appv-v4/app-v-package-wmi-class.md +++ /dev/null @@ -1,161 +0,0 @@ ---- -title: App-V Package WMI Class -description: App-V Package WMI Class -author: dansimp -ms.assetid: 0fc26c3b-9706-4804-be2d-645771dc33ae -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# App-V Package WMI Class - - -In the Application Virtualization (App-V) Client, the **Package** class is a Windows Management Instrumentation (WMI) class that represents all the virtual packages on the client. The virtual packages can contain many virtual applications. - -## Syntax - - -``` syntax -class Package -{ - string Name; - string Version; - string PackageGUID; - string SftPath; - uint64 TotalSize; - uint64 CachedSize; - uint64 LaunchSize; - uint64 CachedLaunchSize; - boolean InUse; - boolean Locked; - uint16 CachedPercentage; - string VersionGUID; - }; -``` - -## Properties - - -**Name** -Data type: **String** - -Access type: Read-only - -Qualifiers: None - -The user-friendly name of the virtual package. - -**Version** -Data type: **String** - -Access type: Read-only - -Qualifiers: None - -The version of the virtual package. - -**PackageGUID** -Data type: **String** - -Access type: Read-only - -Qualifiers: Key - -The GUID identifier of the package configuration and source files. - -**SftPath** -Data type: **String** - -Access type: Read-only - -Qualifiers: None - -The file path of the SFT file. - -**TotalSize** -Data type: **UInt64** - -Access type: Read-only - -Qualifiers: None - -The total size of the virtual package, in kilobytes. - -**CachedSize** -Data type: **UInt64** - -Access type: Read-only - -Qualifiers: None - -The total size of the cache for the virtual package, in kilobytes. - -**LaunchSize** -Data type: **UInt64** - -Access type: Read-only - -Qualifiers: None - -The total size of the virtual package’s primary feature block, in kilobytes. - -**CachedLaunchSize** -Data type: **UInt64** - -Access type: Read-only - -Qualifiers: None - -Total size of the virtual package’s primary feature block that has been cached, in kilobytes. - -**InUse** -Data type: **Boolean** - -Access type: Read-only - -Qualifiers: None - -**true** if any virtual application in the virtual package is running; otherwise **false**. - -**Locked** -Data type: **Boolean** - -Access type: Read-only - -Qualifiers: None - -**true** if the virtual package is locked; otherwise **false**. - -**CachedPercentage** -Data type: **UInt16** - -Access type: Read-only - -Qualifiers: None - -The percentage of the cache files. Based on the following formula: CachedSize / TotalSize × 100. - -**VersionGUID** -Data type: **String** - -Access type: Read-only - -Qualifiers: None - -The GUID identifier of the package version. - -  - -  - - - - - diff --git a/mdop/appv-v4/app-v-postinstallation-checklist.md b/mdop/appv-v4/app-v-postinstallation-checklist.md deleted file mode 100644 index 814811b75f..0000000000 --- a/mdop/appv-v4/app-v-postinstallation-checklist.md +++ /dev/null @@ -1,71 +0,0 @@ ---- -title: App-V Postinstallation Checklist -description: App-V Postinstallation Checklist -author: dansimp -ms.assetid: 74db297e-a744-4287-bcc6-0e096ca8b57a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# App-V Postinstallation Checklist - - -The following checklist provides a high-level list of items to consider and outlines the steps you should take after you have completed the installation of the Microsoft Application Virtualization (App-V) Management Server, App-V Streaming Server, and the App-V Desktop Client. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
StepReference

Create firewall exceptions for the App-V Management Server or Streaming Server services.

Configuring the Firewall for the App-V Servers

Verify that the App-V system is functioning correctly by publishing, streaming, and testing the default application.

How to Install and Configure the Default Application

Configure the App-V Client to use the App-V Streaming Server or other server for streaming by means of the ApplicationSourceRoot, IconSourceRoot, and OSDSourceRoot settings.

How to Configure the Client for Application Package Retrieval

Understand how to use the .msi file version of sequenced application packages for offline deployment.

How to Publish a Virtual Application on the Client

(Optional) Configure SQL Server database mirroring for the App-V database.

How to Configure Microsoft SQL Server Mirroring Support for App-V

- - - -## Related topics - - -[Application Virtualization Deployment and Upgrade Checklists](application-virtualization-deployment-and-upgrade-checklists.md) - - - - - - - - - diff --git a/mdop/appv-v4/app-v-pre-installation-checklist.md b/mdop/appv-v4/app-v-pre-installation-checklist.md deleted file mode 100644 index 4de02e6032..0000000000 --- a/mdop/appv-v4/app-v-pre-installation-checklist.md +++ /dev/null @@ -1,79 +0,0 @@ ---- -title: App-V Pre-Installation Checklist -description: App-V Pre-Installation Checklist -author: dansimp -ms.assetid: 3af609b1-2c09-4edb-b083-b913b6d5e8c4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# App-V Pre-Installation Checklist - - -The following checklist is intended to provide a high-level list of items to consider and outlines the steps you should take before you install the Microsoft Application Virtualization (App-V) servers. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
StepReference

Ensure your computing environment meets the supported configurations required for App-V.

Application Virtualization Deployment Requirements

Configure the necessary Active Directory groups and accounts.

Configuring Prerequisite Groups in Active Directory for App-V

Configure the Internet Information Services (IIS) settings on the server that is running IIS.

How to Configure Windows Server 2008 for App-V Management Servers

Configure the server that is running IIS to be trusted for delegation.

-
-Note

This is required only if you are installing the App-V Management Server by using a distributed system architecture, that is, if you install the App-V Management Console, the Management Web Service, and the database on different computers.

-
-
- -

How to Configure the Server to be Trusted for Delegation

Install Microsoft SQL Server 2008.

Install SQL Server 2008 (https://go.microsoft.com/fwlink/?LinkId=181924).

- - - -## Related topics - - -[Application Virtualization Deployment and Upgrade Checklists](application-virtualization-deployment-and-upgrade-checklists.md) - -[App-V Installation Checklist](app-v-installation-checklist.md) - - - - - - - - - diff --git a/mdop/appv-v4/app-v-upgrade-checklist.md b/mdop/appv-v4/app-v-upgrade-checklist.md deleted file mode 100644 index b81818e567..0000000000 --- a/mdop/appv-v4/app-v-upgrade-checklist.md +++ /dev/null @@ -1,213 +0,0 @@ ---- -title: App-V Upgrade Checklist -description: App-V Upgrade Checklist -author: dansimp -ms.assetid: 64e317d2-d260-4b67-8a49-ba9ac513087a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# App-V Upgrade Checklist - - -Before trying to upgrade to Microsoft Application Virtualization (App-V) 4.5 or later versions, any version earlier than App-V 4.1 must be upgraded to App-V 4.1. You should plan to upgrade clients first, and then upgrade the server components. App-V clients that have been upgraded to App-V 4.5 continue to work with App-V servers that have not yet been upgraded. Earlier versions of the client are not supported on servers that have been upgraded to App-V 4.5. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
StepReference

Upgrade the App-V clients.

How to Upgrade the Application Virtualization Client

Upgrade the App-V servers and database.

-
-Important

If you have more than one server sharing access to the App-V database, all those servers must be taken offline while the database is being upgraded. You should follow your regular business practices for the database upgrade, but we recommend that you test the database upgrade by using a backup copy of the database first on a test server. Then, you should select one of the servers for the first upgrade, which will upgrade the database schema. After the production database has been successfully upgraded, you can upgrade the App-V software on the other servers.

-
-
- -

How to Upgrade the Servers and System Components

Upgrade the App-V Management Web Service.

-

This step applies only if the Management Web Service is on a separate server, which would require that you run the server installer program on that separate server to upgrade the Management Web service. Otherwise, the previous server upgrade step will automatically upgrade the Management Web Service.

How to Upgrade the Servers and System Components

Upgrade the App-V Management Console.

-

This step applies only if the Management Console is on a separate computer, which would require that you run the server installer program on that separate computer to upgrade the console. Otherwise, the previous server upgrade step will upgrade the Management Console.

How to Upgrade the Servers and System Components

Upgrade the App-V Sequencer.

How to Upgrade the Application Virtualization Sequencer

- - - -## Additional Upgrade Considerations - - -- Any virtual application packages sequenced in version 4.2 will not have to be sequenced again for use with version 4.5. However, you should consider upgrading the virtual packages to the Microsoft Application Virtualization 4.5 format if you want to apply default access control lists (ACLs) or generate a Windows Installer file. This is a simple process and requires only that the existing virtual application package be opened and saved with the App-V 4.5 Sequencer. This can be automated by using the App-VSequencer command-line interface. For more information, see [How to Create or Upgrade Virtual Applications Using the App-V Sequencer](how-to-create-or-upgrade-virtual-applications-using--the-app-v-sequencer.md) - -- One of the features of the 4.5 Sequencer is the ability to create Windows Installer (.msi) files as control points for virtual application package interoperability with electronic software distribution (ESD) systems, such as Microsoft Endpoint Configuration Manager. Previous Windows Installer files created with the MSI tool for Application Virtualization that were installed on a App-V 4.1 or 4.2 client that is subsequently upgraded to App-V 4.5 will continue to work, although they cannot be installed on the App-V 4.5 client. However, they cannot be removed or upgraded unless they are upgraded in the App-V 4.5 Sequencer. The original App-V package earlier than 4.5 has to be opened in the App-V 4.5 Sequencer and then saved as a Windows Installer File. - - **Note** - If the App-V 4.2 Client has already been upgraded to App-V 4.5, it is possible to script a workaround to preserve the version 4.2 packages on version 4.5 clients and allow them to be managed. This script must copy two files, msvcp71.dll and msvcr71.dll, to the App-V installation folder and set the following registry key values under the registry key:\[HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Configuration\]: - - "ClientVersion"="4.2.1.20" - - "GlobalDataDirectory"="C:\\\\Documents and Settings\\\\All Users\\\\Documents\\\\" (a globally writeable location) - - - -- Windows Installer files generated by the App-V 4.5 Sequencer display the error message "This package requires Microsoft Application Virtualization Client 4.5 or later" when trying to run them on an App-V 4.6 Client. Open the old package with either the App-V 4.5 SP1 Sequencer or the App-V 4.6 Sequencer and generate a new .msi file for the package. - -- Any version 4.2 reports that were created and saved will be overwritten when the server is upgraded to version 4.5. If you have to keep these reports, you must save a backup copy of the SftMMC.msc file located in the SoftGrid Management Console folder on the server and use that copy to replace the new SftMMC.msc that is installed during the upgrade. - -- For additional information about upgrading from previous versions, see [Upgrading to Microsoft Application Virtualization 4.5 FAQ](https://go.microsoft.com/fwlink/?LinkId=120358) (https://go.microsoft.com/fwlink/?LinkId=120358). - -## App-V 4.6 Client Package Support - - -You can deploy packages created in previous versions of App-V to App-V 4.6 clients. However, you must modify the associated .osd file so that it includes the appropriate operating system and chip architecture information. The following values can be used: - - --- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
OS Value

<OS VALUE=”Win2003TS”/>

<OS VALUE=”Win2003TS64”/>

<OS VALUE=”Win2008TS”/>

<OS VALUE=”Win2008TS64”/>

<OS VALUE=”Win2008R2TS64”/>

<OS VALUE=”Win7”/>

<OS VALUE=”Win764”/>

<OS VALUE=”WinVista”/>

<OS VALUE=”WinVista64”/>

<OS VALUE=”WinXP”/>

<OS VALUE=”WinXP64”/>

- - - -To run a newly created 32-bit package, you must sequence the application on a computer running a 32-bit operating system with the App-V 4.6 Sequencer installed. After you have sequenced the application, in the Sequencer console, click the **Deployment** tab and then specify the appropriate operating system and chip architecture as required. - -**Important** -Applications sequenced on a computer running a 64-bit operating system must be deployed to computers running a 64-bit operating system. New 32-bit packages created by using the App-V 4.6 Sequencer do not run on computers running the App-V 4.5 client. - - - -To run new 64-bit packages on the App-V 4.6 Client, you must sequence the application on a computer running the App-V 4.6 Sequencer and that is running a 64-bit operating system. After you have sequenced the application, in the Sequencer console, click the **Deployment** tab, and then specify the appropriate operating system and chip architecture as required. - -The following table lists which client versions will run packages created by using the various versions of the sequencer. - - ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Sequenced by using the App-V 4.2 SequencerSequenced by using the App-V 4.5 SequencerSequenced by using the 32-bit App-V 4.6 SequencerSequenced by using the 64-bit App-V 4.6 Sequencer

4.2 Client

Yes

No

No

No

4.5 Client ¹

Yes

Yes

No

No

4.6 Client (32-bit)

Yes

Yes

Yes

No

4.6 Client (64-bit)

Yes

Yes

Yes

Yes

- - - -¹Applies to all versions of the App-V 4.5 client, including App-V 4.5, App-V 4.5 CU1, and App-V 4.5 SP1. - - - - - - - - - diff --git a/mdop/appv-v4/application-utilization-reportserver.md b/mdop/appv-v4/application-utilization-reportserver.md deleted file mode 100644 index 78ed55aaad..0000000000 --- a/mdop/appv-v4/application-utilization-reportserver.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -title: Application Utilization Report -description: Application Utilization Report -author: dansimp -ms.assetid: cb961969-c9a3-4d46-8303-121d737d76d8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Utilization Report - - -Use the Application Utilization Report to track usage information for a specified application defined in the database. You can use this report to determine how heavily a specific application is used. - -This report generates a graph that displays the total daily usage over time during the reporting period. - -This report also lists the following information: - -- Number of sessions—Number of times an application was used - -The Application Utilization Report also includes a summary of the total usage. - -When you create a report, you specify the parameters that are used for collecting the data when the report is run. - -Reports are not run automatically; you must run them explicitly to generate output data. The length of time it takes to run a report is determined by the amount of data collected in the data store. - -After you run a report and the output is displayed in the Application Virtualization Server Management Console, you can export the report into the following formats: - -- Adobe Acrobat (PDF) - -- Microsoft Office Excel - -## Related topics - - -[How to Create a Report](how-to-create-a-reportserver.md) - -[How to Delete a Report](how-to-delete-a-reportserver.md) - -[How to Export a Report](how-to-export-a-reportserver.md) - -[How to Print a Report](how-to-print-a-reportserver.md) - -[How to Run a Report](how-to-run-a-reportserver.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-client-hardware-and-software-requirements.md b/mdop/appv-v4/application-virtualization-client-hardware-and-software-requirements.md deleted file mode 100644 index e7bf14bd06..0000000000 --- a/mdop/appv-v4/application-virtualization-client-hardware-and-software-requirements.md +++ /dev/null @@ -1,274 +0,0 @@ ---- -title: Application Virtualization Client Hardware and Software Requirements -description: Application Virtualization Client Hardware and Software Requirements -author: dansimp -ms.assetid: 8b877a2c-5721-4b22-a47f-e2838d58ab12 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Application Virtualization Client Hardware and Software Requirements - - -This topic describes the recommended minimum hardware and software configuration for the installation of the Application Virtualization Desktop Client and the Application Virtualization Client for Remote Desktop Services (formerly Terminal Services). - -## Application Virtualization Desktop Client - - -The following list includes the recommended minimum hardware and software requirements for the Application Virtualization Desktop Client. The requirements are listed first for Microsoft Application Virtualization (App-V) 4.6 SP2, followed by the requirements for versions that preceded App-V 4.6 SP2. - -**Note**   -The Application Virtualization (App-V) Desktop Client requires no additional processor or RAM resources beyond the requirements of the host operating system. - - - -### Hardware Requirements - -The hardware requirements are applicable to all versions. - -- Processor—See recommended system requirements for the operating system you are using. - -- RAM—See recommended system requirements for the operating system you are using. - -- Disk—30 MB for installation and 6 GB for the cache. - -### Software Requirements for App-V 4.6 SP2 - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackArchitectural SKU

Windows XP

Professional Edition

SP3

x86

Windows Vista

Business, Enterprise, or Ultimate Edition

SP2

x86

Windows 7

Professional, Enterprise, or Ultimate Edition

No service pack or SP1

x86 and x64

Windows 8

Pro or Enterprise Edition

x86 and x64

- -The following software prerequisites are installed automatically if you are using the Setup.exe method. If you are using the Setup.msi installation program, the following products must be installed first. -- **Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2005 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=119961) (https://go.microsoft.com/fwlink/?LinkId=119961). For version 4.5 SP2 of the App-V client, download Vcredist\_x86.exe from [Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update](https://go.microsoft.com/fwlink/?LinkId=169360) (https://go.microsoft.com/fwlink/?LinkId=169360). - - **Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)**—For more information about installing Microsoft Core XML Services (MSXML) 6.0 SP1 (x86), see [Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)](https://go.microsoft.com/fwlink/?LinkId=63266) (https://go.microsoft.com/fwlink/?LinkId=63266). - -For the Application Virtualization (App-V) 4.6 Desktop Client, the following additional software prerequisite is installed automatically if you are using the Setup.exe method. If you are using the Setup.msi installation program, you must also install with the other prerequisites listed. - -- **Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=150700) (https://go.microsoft.com/fwlink/?LinkId=150700). - -### Software Requirements for Versions that Precede App-V 4.6 SP2 - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackArchitectural SKU

Windows XP

Professional Edition

SP2 or SP3

x86 and x64

Windows Vista

Business, Enterprise, or Ultimate Edition

No service pack, SP1, or SP2

x86 and x64

Windows 7¹

Professional, Enterprise, or Ultimate Edition

No service pack or SP1

x86 and x64

-¹Supported for App-V 4.5 SP1 and SP2, App-V 4.6 and 4.6 SP1 only - -The Application Virtualization (App-V) 4.6 Desktop Client supports x86 and x64 SKUs of these operating systems. - -The following software prerequisites are installed automatically if you are using the Setup.exe method. If you are using the Setup.msi installation program, the following products must be installed first. - -- Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)—For more information about installing Microsoft Visual C++ 2005 SP1 Redistributable Package (x86), see Microsoft Visual C++ 2005 SP1 Redistributable Package (x86) (https://go.microsoft.com/fwlink/?LinkId=119961). For version 4.5 SP2 of the App-V client, download Vcredist_x86.exe from Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update (https://go.microsoft.com/fwlink/?LinkId=169360). - -- Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)—For more information about installing Microsoft Core XML Services (MSXML) 6.0 SP1 (x86), see Microsoft Core XML Services (MSXML) 6.0 SP1 (x86) (https://go.microsoft.com/fwlink/?LinkId=63266). - -- Microsoft Application Error Reporting—The installation program for this software is included in the Support\Watson folder in the self-extracting archive file. - -For the Application Virtualization (App-V) 4.6 Desktop Client, the following additional software prerequisite is installed automatically if you are using the Setup.exe method. If you are using the Setup.msi installation program, you must also install with the other prerequisites listed. - -- Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)—For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see Microsoft Visual C++ 2008 SP1 Redistributable Package (x86) (https://go.microsoft.com/fwlink/?LinkId=150700). - -## Application Virtualization Client for Remote Desktop Services - -Following are the recommended hardware and software requirements for the Application Virtualization Client for Remote Desktop Services. The requirements are listed first for appv461_3, followed by the requirements for versions that preceded App-V 4.6 SP2. - -The Application Virtualization (App-V) Client for Remote Desktop Services requires no additional processor or RAM resources beyond the requirements of the host operating system. - -### Hardware Requirements - -The hardware requirements are applicable to all versions. - -- Processor—See recommended system requirements for the operating system you are using. - -- RAM—See recommended system requirements for the operating system you are using. These requirements also depend on the number of users and applications. - -- Disk—30 MB for installation and 6 GB for the cache. - -### Software Requirements for App-V 4.6 SP2 - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackArchitectural SKU

Windows Server 2003 R2

Standard Edition, Enterprise Edition, or Datacenter Edition

SP2

x86 and x64

Windows Server 2008

Standard, Enterprise, or Datacenter Edition

SP2

x86 and x64

Windows Server 2008 R2

Standard, Enterprise, or Datacenter Edition

No service pack or SP1

x64

Windows Server 2012

Standard, Enterprise, or Datacenter Edition

x64

- -The following software prerequisites are installed automatically if you are using the Setup.exe method. If you are using the Setup.msi installation program, the following products must be installed first. - -- **Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2005 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=119961) (https://go.microsoft.com/fwlink/?LinkId=119961). For version 4.5 SP2 of the App-V client, download Vcredist\_x86.exe from [Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update](https://go.microsoft.com/fwlink/?LinkId=169360) (https://go.microsoft.com/fwlink/?LinkId=169360). - -- **Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)**—For more information about installing Microsoft Core XML Services (MSXML) 6.0 SP1 (x86), see [Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)](https://go.microsoft.com/fwlink/?LinkId=63266) (https://go.microsoft.com/fwlink/?LinkId=63266). - -- **Microsoft Application Error Reporting**—The installation program for this software is included in the **Support\\Watson** folder in the self-extracting archive file. - -For the Application Virtualization (App-V) 4.6 Desktop Client, the following additional software prerequisite is installed automatically if you are using the Setup.exe method. If you are using the Setup.msi installation program, you must also install with the other prerequisites listed. - -- **Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=150700) (https://go.microsoft.com/fwlink/?LinkId=150700). - -### Software Requirements for Versions that Precede App-V 4.6 SP2 - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackArchitectural SKU

Windows Server 2003

Standard Edition, Enterprise Edition, or Datacenter Edition

SP1 or SP2

x86 and x64

Windows Server 2003 R2

Standard Edition, Enterprise Edition, or Datacenter Edition

No service pack or SP2

x86 and x64

Windows Server 2008

Standard, Enterprise, or Datacenter Edition

SP1 or SP2

x86 and x64

Windows Server 2008 R2

Standard, Enterprise, or Datacenter Edition

No service pack or SP1

x64

- -The Application Virtualization (App-V) 4.6 Client for Remote Desktop Services supports x86 and x64 SKUs of these operating systems. - -## Related topics -- [Application Virtualization Sequencer Hardware and Software Requirements](application-virtualization-sequencer-hardware-and-software-requirements.md) -- [Application Virtualization System Requirements](application-virtualization-system-requirements.md) -- [How to Install the Client by Using the Command Line](how-to-install-the-client-by-using-the-command-line-new.md) -- [How to Manually Install the Application Virtualization Client](how-to-manually-install-the-application-virtualization-client.md) -- [How to Upgrade the Application Virtualization Client](how-to-upgrade-the-application-virtualization-client.md) diff --git a/mdop/appv-v4/application-virtualization-client-installer-command-line-parameters.md b/mdop/appv-v4/application-virtualization-client-installer-command-line-parameters.md deleted file mode 100644 index 2f13cd29a0..0000000000 --- a/mdop/appv-v4/application-virtualization-client-installer-command-line-parameters.md +++ /dev/null @@ -1,311 +0,0 @@ ---- -title: Application Virtualization Client Installer Command-Line Parameters -description: Application Virtualization Client Installer Command-Line Parameters -author: dansimp -ms.assetid: 508fa404-52a5-4919-8788-2a3dfb00639b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Application Virtualization Client Installer Command-Line Parameters - - -The following table lists all available Microsoft Application Virtualization Client installer command-line parameters, their values, and a brief description of each parameter. Parameters are case-sensitive and must be entered as all-uppercase letters. All parameter values must be enclosed in double quotes. - -**Note** -- For App-V version 4.6, command-line parameters cannot be used during a client upgrade. - -- The *SWICACHESIZE* and *MINFREESPACEMB* parameters cannot be combined on the command line. If both are used, the *SWICACHESIZE* parameter will be ignored. - - - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterValuesDescription

ALLOWINDEPENDENTFILESTREAMING

TRUE

-

FALSE

Indicates whether streaming from file will be enabled regardless of how the client has been configured with the APPLICATIONSOURCEROOT parameter. If set to FALSE, the transport will not enable streaming from files even if the OSD HREF or the APPLICATIONSOURCEROOT parameter contains a file path.

-

Possible values:

-
    -

  • TRUE—Manually deployed application may be loaded from disk.

    • -

  • FALSE—All applications must come from source streaming server.

    • -

APPLICATIONSOURCEROOT

RTSP:// URL (for dynamic package delivery)

-

File:// URL or UNC (for load from file package delivery)

To enable an administrator or an electronic software distribution system to ensure that application loading is performed in compliance with the topology management scheme, allows an override of the OSD CODEBASE for the application HREF element (the source location). If the value is “”, which is the default value, the existing OSD file settings are used.

-

A URL has several parts:

-

<protocol>://<server>:<port>/<path>/<?query><#fragment>

-

A UNC path has three parts:

-

&lt;computername>&lt;share folder>&lt;resource>

-

If the APPLICATIONSOURCEROOT parameter is specified on a client, the client will break the URL or UNC path from an OSD file into its constituent parts and replace the OSD sections with the corresponding APPLICATIONSOURCEROOT sections.

-
-Important

Be sure to use the correct format when using file:// with a UNC path. The correct format is file://&lt;server>&lt;share>.

-
-
- -

ICONSOURCEROOT

UNC

-

HTTP://URL or HTTPS://URL

Enables an administrator to specify a source location for icon retrieval for a sequenced application package during publication. Icon source roots support UNC paths and URLs (HTTP or HTTPS). If the value is “”, which is the default value, the existing OSD file settings are used.

-

A URL has several parts:

-

<protocol>://<server>:<port>/<path>/<?query><#fragment>

-

A UNC path has three parts:

-

&lt;computername>&lt;share folder>&lt;resource>

-
-Important

Be sure to use the correct format when using a UNC path. Acceptable formats are &lt;server>&lt;share> or <drive letter>:&lt;folder>.

-
-
- -

OSDSOURCEROOT

UNC

-

HTTP://URL or HTTPS://URL

Enables an administrator to specify a source location for OSD file retrieval for an application package during publication. OSD source roots support UNC paths and URLs (HTTP or HTTPS). If the value is “”, which is the default value, the existing OSD file settings are used.

-

A URL has several parts:

-

<protocol>://<server>:<port>/<path>/<?query><#fragment>

-

A UNC path has three parts:

-

&lt;computername>&lt;share folder>&lt;resource>

-
-Important

Be sure to use the correct format when using a UNC path. Acceptable formats are &lt;server>&lt;share> or <drive letter>:&lt;folder>.

-
-
- -

AUTOLOADONLOGIN

-

AUTOLOADONLAUNCH

-

AUTOLOADONREFRESH

[0|1]

The AutoLoad triggers that define the events that initiate auto-loading of applications. AutoLoad implicitly uses background streaming to enable the application to be fully loaded into cache.

-

The primary feature block will be loaded as quickly as possible. Remaining feature blocks will be loaded in the background to enable foreground operations, such as user interaction with applications, to take priority and provide optimal performance.

-
-Note

The AUTOLOADTARGET parameter determines which applications are auto-loaded. By default, packages that have been used are auto-loaded unless AUTOLOADTARGET is set.

-
-
- -
-

Each parameter affects loading behavior as follows:

-
    -

  • AUTOLOADONLOGIN—Loading starts when the user logs in.

    • -

  • AUTOLOADONLAUNCH—Loading starts when the user starts an application.

    • -

  • AUTOLOADONREFRESH—Loading starts when a publishing refresh occurs.

    • -
-

The three values can be combined. In the following example, AutoLoad triggers are enabled both at user login and when publishing refresh occurs:

-

AUTOLOADONLOGIN AUTOLOADONREFRESH

-
-Note

If the client is configured with these values at first install, Autoload will not be triggered until the next time the user logs off and logs back on.

-
-
- -

AUTOLOADTARGET

NONE

-

ALL

-

PREVUSED

Indicates what will be auto-loaded when any given AutoLoad triggers occur.

-

Possible values:

-
    -

  • NONE—No auto-loading, regardless of what triggers might be set.

    • -

  • ALL—If any AutoLoad trigger is enabled, all packages are automatically loaded, whether or not they have ever been launched.

    -
    -Note

    This setting is configured for individual packages by using the SFTMIME ADD PACKAGE and CONFIGURE PACKAGE commands. For more information about these commands, see SFTMIME Command Reference.

    -
    -
    - -
    • -

  • PREVUSED—If any AutoLoad trigger is enabled, load only the packages where at least one application in the package has been previously used (that is, launched or precached).

    • -
-
-Note

When you install the App-V client to use a read-only cache, (for example, as a VDI server implementation), you must set the AUTOLOADTARGET parameter to NONE to prevent the client from trying to update applications in the read-only cache.

-
-
- -

DOTIMEOUTMINUTES

29600 (default)

-

1–1439998560 minutes (range)

Indicates how many minutes an application may be used in disconnected operation.

INSTALLDIR

<pathname>

Specifies the installation directory of the App-V Client.

-

Example: INSTALLDIR="C:\Program Files\Microsoft Application Virtualization Client"

OPTIN

“TRUE”

-

“”

Microsoft Application Virtualization Client components will be upgradable through Microsoft Update when updates are made available to the general public. The Microsoft Update Agent installed on Windows operating systems requires a user to explicitly opt-in to use the service. This opt-in is required only one time for all applications on the device. If you have already opted into Microsoft Update, the Microsoft Application Virtualization components on the device will automatically take advantage of the service.

-

For command-line installation, use of Microsoft Update is by default opt-out (unless a previous application already enabled the device to be opted in) due to the requirement for manually opting into Microsoft Update. Therefore, opting in must be explicit for command-line installations. Setting the command-line parameter OPTIN to TRUE forces the Microsoft Update opt-in to be set.

REQUIREAUTHORIZATIONIFCACHED

TRUE

-

FALSE

Indicates whether authorization is always required, whether or not an application is already in cache.

-

Possible values:

-
    -

  • TRUE—Application always must be authorized at startup. For RTSP streamed applications, the user authorization token is sent to the server for authorization. For file-based applications, file ACLs dictate whether a user may access the application.

    • -

  • FALSE—Always try to connect to the server. If a connection to the server cannot be established, the client still allows the user to launch an application that has previously been loaded into cache.

    • -

SWICACHESIZE

Cache size in MB

Specifies the size in megabytes of the client cache. The default size is 4096 MB, and the maximum size is 1,048,576 MB (1 TB). The system checks for the available space at installation time, but the space is not reserved.

-

Example: SWICACHESIZE="1024"

SWIPUBSVRDISPLAY

Display name

Specifies the displayed name of the publishing server; required when SWIPUBSVRHOST is used.

-

Example: SWIPUBSVRDISPLAY="PRODUCTION ENVIRONMENT"

SWIPUBSVRTYPE

[HTTP|RTSP]

Specifies the publishing server type. The default server type is Application Virtualization Server. The /secure switch is not case sensitive.

-
    -

  • HTTP—Standard HTTP Server

    • -

  • HTTP /secure—Enhanced Security HTTP Server

    • -

  • RTSP—Application Virtualization Server

    • -

  • RTSP /secure—Enhanced Security Application Virtualization Server

    • -
-

Example: SWIPUBSVRTYPE="HTTP /secure"

SWIPUBSVRHOST

IP address|host name

Specifies either the IP address of the Application Virtualization Server or a host name of the server that resolves into the server's IP address; required when SWIPUBSVRDISPLAY is used.

-

Example: SWIPUBSVRHOST="SERVER01"

SWIPUBSVRPORT

Port number

Specifies the logical port that is used by this Application Virtualization Server to listen for requests from the client (default = 554).

-
    -

  • Standard HTTP server—Default = 80.

    • -

  • Enhanced Security HTTP Server—Default = 443.

    • -

  • Application Virtualization Server—Default = 554.

    • -

  • Enhanced Security Application Virtualization Server—Default = 322.

    • -
-

Example: SWIPUBSVRPORT="443"

SWIPUBSVRPATH

Path name

Specifies the location on the publishing server of the file that defines file type associations (default = /); required when the SWIPUBSVRTYPE parameter value is HTTP.

-

Example: SWIPUBSVRPATH="/AppVirt/appsntypes.xml"

SWIPUBSVRREFRESH

[ON|OFF]

Specifies whether the client automatically queries the publishing server for file type associations and applications when a user logs in to the client (default = ON).

-

Example: SWIPUBSVRREFRESH="off"

SWIGLOBALDATA

Global data directory

Specifies the directory where data will be stored that is not specific to particular users (default = C:\Documents and Settings\All Users\Documents).

-

Example: SWIGLOBALDATA="D:\Microsoft Application Virtualization Client\Global"

SWIUSERDATA

User data directory

Specifies the directory where data will be stored that is specific to particular users (default = %APPDATA%).

-

Example: SWIUSERDATA="H:\Windows\Microsoft Application Virtualization Client"

SWIFSDRIVE

Preferred drive letter

Corresponds to the drive letter that you selected for the virtual drive.

-

Example: SWIFSDRIVE="S"

SYSTEMEVENTLOGLEVEL

0–4

Indicates the logging level at which log messages are written to the NT event Log. The value indicates a threshold of what is logged—that is, everything equal to or less than that value is logged. For example, a value of 0x3 (Warning) indicates that Warnings (0x3), Errors (0x2), and Critical Errors (0x1) are logged.

-

Possible values:

-
    -

  • 0 == None

    • -

  • 1 == Critical

    • -

  • 2 == Error

    • -

  • 3 == Warning

    • -

  • 4 == Information

    • -

MINFREESPACEMB

In MB

Specifies the amount of free space (in megabytes) that must be available on the host before the cache size can increase. The following example would configure the client to ensure at least 5 GB of free space on the disk before allowing the size of the cache to increase. The default is 5000 MB of free space available on disk at installation time.

-

Example: MINFREESPACEMB ="5000" (5 GB)

KEEPCURRENTSETTINGS

[0|1]

Used when you have applied registry settings prior to deploying a client—for example, by using Group Policy. When a client is deployed, set this parameter to a value of 1 so that it will not overwrite the registry settings.

-
-Important

If set to a value of 1, the following client installer command-line parameters are ignored:

-

SWICACHESIZE, MINFREESPACEMB, ALLOWINDEPENDENTFILESTREAMING, APPLICATIONSOURCEROOT, ICONSOURCEROOT, OSDSOURCEROOT, SYSTEMEVENTLOGLEVEL, SWIGLOBALDATA, DOTIMEOUTMINUTES, SWIFSDRIVE, AUTOLOADTARGET, AUTOLOADTRIGGERS, and SWIUSERDATA.

-

For further information about setting these values after installation, see “How to Configure the App-V Client Registry Settings by Using the Command Line” in the Application Virtualization (App-V) Operations Guide (https://go.microsoft.com/fwlink/?LinkId=122939).

-
-
- -
- - - -## Related topics - - -[How to Manually Install the Application Virtualization Client](how-to-manually-install-the-application-virtualization-client.md) - -[How to Upgrade the Application Virtualization Client](how-to-upgrade-the-application-virtualization-client.md) - -[SFTMIME Command Reference](sftmime--command-reference.md) - - - - - - - - - diff --git a/mdop/appv-v4/application-virtualization-client-management-console-overview.md b/mdop/appv-v4/application-virtualization-client-management-console-overview.md deleted file mode 100644 index 1f514c7ba3..0000000000 --- a/mdop/appv-v4/application-virtualization-client-management-console-overview.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: Application Virtualization Client Management Console Overview -description: Application Virtualization Client Management Console Overview -author: dansimp -ms.assetid: 21d648cc-eca5-475c-be42-228879b7a45a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Client Management Console Overview - - -The Microsoft Application Virtualization Client Management Console is a snap-in to the Microsoft Management Console. Administrators and users can use the Application Virtualization Management Console to configure the Desktop Client and Client for Remote Desktop Services (formerly Terminal Services) and manage applications. - -## In This Section - - -[About Application Virtualization Servers](about-application-virtualization-servers.md) -Provides a brief description of the Application Virtualization Management Servers. - -[User Access Permissions in Application Virtualization Client](user-access-permissions-in-application-virtualization-client.md) -Provides the list of user access permissions. - -[Disconnected Operation Mode](disconnected-operation-mode.md) -Describes the disconnected operation mode and circumstances that affect it. - -## Related topics - - -[Application Virtualization Client Management Console](application-virtualization-client-management-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-client-management-console-reference.md b/mdop/appv-v4/application-virtualization-client-management-console-reference.md deleted file mode 100644 index e13ceabe61..0000000000 --- a/mdop/appv-v4/application-virtualization-client-management-console-reference.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: Application Virtualization Client Management Console Reference -description: Application Virtualization Client Management Console Reference -author: dansimp -ms.assetid: aa27537d-e053-45b5-b0ee-cf6606849e0c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Client Management Console Reference - - -The topics in this section provide detailed information about each of the functional areas of the Application Virtualization Client Management Console. - -## In This Section - - -[Client Management Console: Application Virtualization Node](client-management-console-application-virtualization-node.md) -Describes the screens in the **Application Virtualization** node. - -[Client Management Console: About Dialog Boxes](client-management-console-about-dialog-boxes.md) -Describes the screens in the **About Dialog** node. - -[Client Management Console: Applications Node](client-management-console-applications-node.md) -Describes the screens in the **Applications** node. - -[Client Management Console: File Type Associations Node](client-management-console-file-type-associations-node.md) -Describes the screens in the **File Type Association** node. - -[Client Management Console: Publishing Servers Node](client-management-console-publishing-servers-node.md) -Describes the screens in the **Publishing Servers** node. - -[Client Management Console: Application Virtualization Properties](client-management-console-application-virtualization-properties.md) -Describes the screens for **Application Virtualization Properties**. - -## Related topics - - -[Application Virtualization Client Management Console](application-virtualization-client-management-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-client-management-console-roadmap.md b/mdop/appv-v4/application-virtualization-client-management-console-roadmap.md deleted file mode 100644 index a65de90286..0000000000 --- a/mdop/appv-v4/application-virtualization-client-management-console-roadmap.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: Application Virtualization Client Management Console Roadmap -description: Application Virtualization Client Management Console Roadmap -author: dansimp -ms.assetid: 3aca02c4-728c-4c34-b90f-4e6f188937b0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Client Management Console Roadmap - - -The Application Virtualization Client Management Console is a snap-in to the Microsoft Management Console. Administrators and users can use the Application Virtualization Client Management Console to configure the Desktop Client and Client for Remote Desktop Services (formerly Terminal Services) and manage desktops and applications. The following lists represent some of the available procedures in the Client Management Console. - -The following topics detail some general administrative tasks you can perform: - -- [How to Set Up Publishing Servers](how-to-set-up-publishing-servers.md) - -- [How to Refresh the Publishing Servers](how-to-refresh-the-publishing-servers.md) - -The following topics detail what you can do when configuring the Application Virtualization client: - -- [How to Change the Cache Size and the Drive Letter Designation](how-to-change-the-cache-size-and-the-drive-letter-designation.md) - -- [How to Change the Log Reporting Levels and Reset the Log Files](how-to-change-the-log-reporting-levels-and-reset-the-log-files.md) - -- [How to Change User Access Permissions](how-to-change-user-access-permissions.md) - -- [How to Change Import Search Paths](how-to-change-import-search-paths.md) - -- [How to Set Up Publishing Refresh on Login](how-to-set-up-publishing-refresh-on-login.md) - -- [How to Set Up Periodic Publishing Refresh](how-to-set-up-periodic-publishing-refresh.md) - -The following topics detail what you can do when managing applications: - -- [How to Delete an Application](how-to-delete-an-application.md) - -- [How to Load or Unload an Application](how-to-load-or-unload-an-application.md) - -- [How to Clear an Application](how-to-clear-an-application.md) - -- [How to Import an Application](how-to-import-an-application.md) - -- [How to Change an Application Icon](how-to-change-an-application-icon.md) - -- [How to Lock or Unlock an Application](how-to-lock-or-unlock-an-application.md) - -## Related topics - - -[About Virtual Environments](about-virtual-environments.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-client-management-console.md b/mdop/appv-v4/application-virtualization-client-management-console.md deleted file mode 100644 index e8e5980d13..0000000000 --- a/mdop/appv-v4/application-virtualization-client-management-console.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: Application Virtualization Client Management Console -description: Application Virtualization Client Management Console -author: dansimp -ms.assetid: 18635688-8cbe-40d1-894e-acb2749b4e69 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Client Management Console - - -The Microsoft Application Virtualization Client Management Console is a snap-in to the Microsoft Management Console. Administrators and users can use the Application Virtualization Management Console to configure the Desktop Client and Client for Remote Desktop Services (formerly Terminal Services) and manage applications. - -## In This Section - - -[Application Virtualization Client Management Console Overview](application-virtualization-client-management-console-overview.md) -Provides general information about the tasks you can perform by using the Virtualization Client Management Console. - -[How to Perform General Administrative Tasks in the Client Management Console](how-to-perform-general-administrative-tasks-in-the-client-management-console.md) -Provides procedures that you can use to set up the Publishing Server and to refresh applications. - -[How to Manage Applications in the Client Management Console](how-to-manage-applications-in-the-client-management-console.md) -Provides procedures that you can use to manage applications. - -[How to Configure the Client in the Application Virtualization Client Management Console](how-to-configure-the-client-in-the-application-virtualization-client-management-console.md) -Provides procedures that you can use to configure Desktop Client and Client for Remote Desktop Services. - -[How to Manually Manage Applications in the Client Management Console](how-to-manually-manage-applications-in-the-client-management-console.md) -Provides procedures that you can use to manually manage applications. - -## Related topics - - -[Application Virtualization Client Management Console Reference](application-virtualization-client-management-console-reference.md) - -[How to Use the Desktop Notification Area for Application Virtualization Client Management](how-to-use-the-desktop-notification-area-for-application-virtualization-client-management.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-client-reference.md b/mdop/appv-v4/application-virtualization-client-reference.md deleted file mode 100644 index bc3dbef0d8..0000000000 --- a/mdop/appv-v4/application-virtualization-client-reference.md +++ /dev/null @@ -1,58 +0,0 @@ ---- -title: Application Virtualization Client Reference -description: Application Virtualization Client Reference -author: dansimp -ms.assetid: 5107f567-9ac8-43e1-89c8-5e0762e3ddd8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Client Reference - - -This section provides reference information that is related to installing and managing the Application Virtualization (App-V) Client and the virtual application packages that are created by the Application Virtualization (App-V) Sequencer. - -## In This Section - - -[SFTMIME Command Reference](sftmime--command-reference.md) -Provides a detailed list of all SFTMIME parameters. - -[SFTTRAY Command Reference](sfttray-command-reference.md) -Lists and describes all SFTTRAY commands and command-line switches. - -[Application Virtualization Client WMI Provider](application-virtualization-client-wmi-provider.md) -Describes the Windows Management Instrumentation (WMI) classes that are available in the App-V Client WMI Provider. - -[Log File for the Application Virtualization Client](log-file-for-the-application-virtualization-client.md) -Provides information about the log file for the App-V Client. - -[App-V Client Registry Values](app-v-client-registry-values-sp1.md) -Provides a detailed list and descriptions of registry key values. - -[App-V Interoperability with Windows AppLocker](app-v-interoperability-with-windows-applocker.md) -Provides information on how to configure AppLocker rules for virtual applications. - -[Support for Client Reporting over HTTP](support-for-client-reporting-over-http.md) -Provides an overview of the Client Reporting process for HTTP publishing. - -## Related topics - - -[Application Virtualization Client](application-virtualization-client.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-client-wmi-provider.md b/mdop/appv-v4/application-virtualization-client-wmi-provider.md deleted file mode 100644 index dd3b3f8eae..0000000000 --- a/mdop/appv-v4/application-virtualization-client-wmi-provider.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Application Virtualization Client WMI Provider -description: Application Virtualization Client WMI Provider -author: dansimp -ms.assetid: 384e33e0-6689-4e28-af84-53acee8a5c24 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Client WMI Provider - - -This section contains detailed information about the Application Virtualization (App-V) Client Windows Management Instrumentation (WMI) Provider. All the classes that are described are in the WMI root\\microsoft\\appvirt\\client namespace. - -You can use a query tool such as wbemtest.exe or a scripting language such as Windows PowerShell or VBScript to retrieve key information about packages and applications from the clients for reporting purposes. The information available includes details on package status, cache size, and usage data. - -## In This Section - - -[App-V Application WMI Class](app-v-application-wmi-class.md) -Represents an individual application object in a package. - -[App-V Package WMI Class](app-v-package-wmi-class.md) -Represents an individual virtual package that can contain multiple applications. - -## Related topics - - -[Application Virtualization Client Reference](application-virtualization-client-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-client.md b/mdop/appv-v4/application-virtualization-client.md deleted file mode 100644 index 819dd8bed1..0000000000 --- a/mdop/appv-v4/application-virtualization-client.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -title: Application Virtualization Client -description: Application Virtualization Client -author: dansimp -ms.assetid: d9e1939b-eb9c-49a0-855d-f4c323b84c2f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Client - - -You can use the procedures in this section to configure and manage the Microsoft Application Virtualization (App-V) Client. Procedures are provided for manual interaction with the App-V Client by using the App-V Client Management Console and also by using the command line. - -## In This Section - - -[How to Use the Desktop Notification Area for Application Virtualization Client Management](how-to-use-the-desktop-notification-area-for-application-virtualization-client-management.md) -Includes information about using the features and commands that are available from the Windows desktop notification area. - -[How to Manage Virtual Applications Manually](how-to-manage-virtual-applications-manually.md) -Provides information about how to manage the virtual applications by using the App-V Client Management Console. - -[How to Configure the Application Virtualization Client Settings Manually](how-to-configure-the-application-virtualization-client-settings-manually.md) -Provides a set of procedures that you can use to configure App-V Client settings by using the App-V Client Management Console. - -[How to Manage Virtual Applications by Using the Command Line](how-to-manage-virtual-applications-by-using-the-command-line.md) -Provides important procedures you can use to manage virtual applications and packages by using the SFTMIME command-line language. - -[How to Configure the App-V Client Registry Settings by Using the Command Line](how-to-configure-the-app-v-client-registry-settings-by-using-the-command-line.md) -Provides a set of procedures you can use to change the configuration of the App-V Client. - -[Troubleshooting Information for the Application Virtualization Client](troubleshooting-information-for-the-application-virtualization-client.md) -Provides information about troubleshooting the App-V Client. - -[Application Virtualization Client Reference](application-virtualization-client-reference.md) -Contains detailed technical reference material related to installing and managing system components. - -## Related topics - - -[Application Virtualization Sequencer](application-virtualization-sequencer.md) - -[Application Virtualization Server](application-virtualization-server.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-deployment-and-upgrade-checklists.md b/mdop/appv-v4/application-virtualization-deployment-and-upgrade-checklists.md deleted file mode 100644 index 4bd4d4fe49..0000000000 --- a/mdop/appv-v4/application-virtualization-deployment-and-upgrade-checklists.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: Application Virtualization Deployment and Upgrade Checklists -description: Application Virtualization Deployment and Upgrade Checklists -author: dansimp -ms.assetid: 462e5119-cb83-4548-98f2-df668aa0958b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Deployment and Upgrade Checklists - - -The topics in this section provide checklists that you can use when installing the Microsoft Application Virtualization (App-V) system. - -## In This Section - - -[App-V Pre-Installation Checklist](app-v-pre-installation-checklist.md) -Describes the tasks that must be completed before starting the installation of the App-V system. - -[App-V Installation Checklist](app-v-installation-checklist.md) -Describes the tasks that must be completed while installing the App-V system. - -[App-V Postinstallation Checklist](app-v-postinstallation-checklist.md) -Describes the tasks that must be completed after the installation of the App-V system. - -[App-V Upgrade Checklist](app-v-upgrade-checklist.md) -Describes the tasks to be completed when upgrading the App-V system and the correct sequence for those tasks. - -## Related topics - - -[Application Virtualization Deployment Requirements](application-virtualization-deployment-requirements.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-deployment-and-upgrade-considerations-copy.md b/mdop/appv-v4/application-virtualization-deployment-and-upgrade-considerations-copy.md deleted file mode 100644 index d71379b47f..0000000000 --- a/mdop/appv-v4/application-virtualization-deployment-and-upgrade-considerations-copy.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: Application Virtualization Deployment and Upgrade Considerations -description: Application Virtualization Deployment and Upgrade Considerations -author: dansimp -ms.assetid: c3c38930-0da3-43e6-b240-945edfd00a01 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Deployment and Upgrade Considerations - - -Before you begin the deployment of Microsoft Application Virtualization (App-V), you might have to review your environment requirements that includes the hardware and software requirements for installing the various Application Virtualization components. Also, if you are upgrading from an earlier version, the topics in this section provide information about how to upgrade your current Sequencer, Server, and Client versions. - -## In This Section - - -[Application Virtualization Deployment Requirements](application-virtualization-deployment-requirements.md) -Provides general information about system requirements and upgrade considerations for your Application Virtualization deployment. - -[Application Virtualization Deployment and Upgrade Checklists](application-virtualization-deployment-and-upgrade-checklists.md) -Provides detailed lists of installation and upgrade tasks with links to the specific procedures. - -[How to Install the Servers and System Components](how-to-install-the-servers-and-system-components.md) -Describes how to install the Application Virtualization (App-V) platform components required for your server-based deployment. - -[How to Manually Install the Application Virtualization Client](how-to-manually-install-the-application-virtualization-client.md) -Describes how to install the Application Virtualization Client software. - -[How to Install the Application Virtualization Sequencer](how-to-install-the-application-virtualization-sequencer.md) -Describes how to install the Application Virtualization Sequencer. - -[How to Upgrade the Application Virtualization Client](how-to-upgrade-the-application-virtualization-client.md) -Describes how to upgrade the Application Virtualization Desktop Client or the Application Virtualization Client for Remote Desktop Services (formerly Terminal Services). - -[How to Upgrade the Servers and System Components](how-to-upgrade-the-servers-and-system-components.md) -Describes how to upgrade the software components installed on all Application Virtualization Management System computers. - -[How to Upgrade the Application Virtualization Sequencer](how-to-upgrade-the-application-virtualization-sequencer.md) -Describes how to upgrade the Sequencer on computers that are running Windows Vista or Windows XP. - -## Related topics - - -[Application Virtualization Reference](application-virtualization-reference.md) - -[Application Virtualization Server-Based Scenario](application-virtualization-server-based-scenario.md) - -[Electronic Software Distribution-Based Scenario](electronic-software-distribution-based-scenario.md) - -[Stand-Alone Delivery Scenario for Application Virtualization Clients](stand-alone-delivery-scenario-for-application-virtualization-clients.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-deployment-and-upgrade-considerations.md b/mdop/appv-v4/application-virtualization-deployment-and-upgrade-considerations.md deleted file mode 100644 index c09ced741d..0000000000 --- a/mdop/appv-v4/application-virtualization-deployment-and-upgrade-considerations.md +++ /dev/null @@ -1,58 +0,0 @@ ---- -title: Application Virtualization Deployment and Upgrade Considerations -description: Application Virtualization Deployment and Upgrade Considerations -author: dansimp -ms.assetid: adc562ee-7276-4b14-b10a-da17f05e1682 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Deployment and Upgrade Considerations - - -Before you begin the deployment of Microsoft Application Virtualization, you might need to review your environment requirements, including the hardware and software requirements for installing the various Application Virtualization components. Also, if you are upgrading from a previous version, the topics in this section provide information about upgrading your current Sequencer, server, and client versions. - -## In This Section - - -[Application Virtualization Deployment Requirements](application-virtualization-deployment-requirements.md) -Provides general information about system requirements and upgrade considerations for your Application Virtualization deployment. - -[How to Upgrade the Application Virtualization Client](how-to-upgrade-the-application-virtualization-client.md) -Provides step-by-step procedures for upgrading the Application Virtualization Desktop Client or the Application Virtualization Client for Remote Desktop Services (formerly Terminal Services). - -[How to Upgrade the Servers and System Components](how-to-upgrade-the-servers-and-system-components.md) -Provides a step-by-step procedure you can use to upgrade the software components installed on all Application Virtualization System computers. - -[How to Upgrade the Application Virtualization Sequencer](how-to-upgrade-the-application-virtualization-sequencer.md) -Provides step-by-step procedures for upgrading the Sequencer on computers running Windows Vista or Windows XP. - -[How to Install the Application Virtualization Sequencer](how-to-install-the-application-virtualization-sequencer.md) -Provides a step-by-step procedure for installing the Sequencer. - -## Related topics - - -[Application Virtualization Reference](application-virtualization-reference.md) - -[Application Virtualization Server-Based Scenario](application-virtualization-server-based-scenario.md) - -[Electronic Software Distribution-Based Scenario](electronic-software-distribution-based-scenario.md) - -[Stand-Alone Delivery Scenario for Application Virtualization Clients](stand-alone-delivery-scenario-for-application-virtualization-clients.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-deployment-requirements.md b/mdop/appv-v4/application-virtualization-deployment-requirements.md deleted file mode 100644 index 9baee67d59..0000000000 --- a/mdop/appv-v4/application-virtualization-deployment-requirements.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: Application Virtualization Deployment Requirements -description: Application Virtualization Deployment Requirements -author: dansimp -ms.assetid: 9564e974-a853-45ae-b605-0a2e3e5cf212 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Deployment Requirements - - -Before you deploy Microsoft Application Virtualization (App-V) in your environment, you should verify that you can meet the hardware and software requirements for the components you plan to deploy, according to your chosen deployment scenario. - -## In This Section - - -[Application Virtualization System Requirements](application-virtualization-system-requirements.md) -Describes the recommended hardware and software requirements for each of the Application Virtualization System components. - -[Application Virtualization Sequencer Hardware and Software Requirements](application-virtualization-sequencer-hardware-and-software-requirements.md) -Describes the minimum recommended hardware and software configuration for your Microsoft Application Virtualization Sequencer workstation. - -[Application Virtualization Client Hardware and Software Requirements](application-virtualization-client-hardware-and-software-requirements.md) -Describes the recommended minimum hardware and software configuration for your installation of the Application Virtualization Desktop Client and the Application Virtualization Client for Remote Desktop Services (formerly Terminal Services). - -[Configuring Prerequisite Groups in Active Directory for App-V](configuring-prerequisite-groups-in-active-directory-for-app-v.md) -Describes the objects that you must install in Active Directory groups before you install the App-V system. - -[How to Configure Windows Server 2008 for App-V Management Servers](how-to-configure-windows-server-2008-for-app-v-management-servers.md) -Describes how to configure the server running Windows Server 2008 by installing Internet Information Services (IIS) as a role so that you can install the App-V Management Web Service. - -[Application Virtualization Deployment and Upgrade Checklists](application-virtualization-deployment-and-upgrade-checklists.md) -Provides checklists of tasks to guide you through the correct sequence when installing or upgrading the App-V system. - -## Related topics - - -[Application Virtualization Deployment and Upgrade Considerations](application-virtualization-deployment-and-upgrade-considerations.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-glossary.md b/mdop/appv-v4/application-virtualization-glossary.md deleted file mode 100644 index 3669509527..0000000000 --- a/mdop/appv-v4/application-virtualization-glossary.md +++ /dev/null @@ -1,208 +0,0 @@ ---- -title: Application Virtualization Glossary -description: Application Virtualization Glossary -author: dansimp -ms.assetid: 9eb71774-e288-4f94-8f94-5b98e0d012a7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Glossary - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TermDefinition

active upgrade

An upgrade that enables a new version of an application to be added to an App-V Management Server or Streaming Server without affecting users currently running the application.

Application Source Root

Reference to a registry key that allows an override of the OSD CODEBASE for the HREF element (for example, the source location). This registry value enables an administrator or ESD system to ensure application loading is performed according to a planned topology management scheme.

Application Virtualization drive

The default virtual application client drive (Q:) from which sequenced applications are run.

Application Virtualization reporting

Virtual application information gathered for data analysis. Data is collected for assembly of custom views and interpretation.

AutoLoad configuration parameter

A client runtime policy configuration parameter that enables the secondary feature block of a virtualized application to be streamed to the client automatically in the background.

branch a package

To upgrade an existing sequenced application package and run it side-by-side with the original sequenced application package.

Dynamic Suite Composition

An Application Virtualization feature that enables a virtual application package to allow dependent plug-ins or middleware packages to use the virtual environment. This feature enables plug-ins and middleware packages to use the primary package's registry settings, and the packages behave and interact with one another in the same way as if they were installed locally on a comuter.

ICO file

The file for the icon on the client's desktop used to launch a sequenced application.

Icon Source Root

Reference to a registry key that allows specification of a source location for icon retrieval for a sequenced application package during publication. Icon Source Roots support UNC formats only (not URLs).

Installation directory

The directory where the installer for the application virtualization sequencer places its files.

Microsoft Application Virtualization Desktop Client

An application that resides on a Windows-based computer desktop and which communicates and authenticates with the Microsoft System Center Virtual Application Server to receive the application code and allow a sequenced application to be run locally.

Microsoft Application Virtualization for Terminal Services

The Application Virtualization feature, including both client and server components, running in a Terminal Services environment.

Microsoft Application Virtualization Management Console

Centralized snap-in to the Microsoft Management Console, which you use to administer the Application Virtualization Management System.

Microsoft Application Virtualization Management System

A specific deployment of the Application Virtualization platform that includes all of the components that are managed by a single data store.

Microsoft Application Virtualization Management Web Service

A service that acts as an intermediary between the Application Virtualization Management Console and the data store. First it authenticates its users, and then it allows authorized administrators to manipulate data in the data store.

Microsoft Application Virtualization platform

Name for the Microsoft products that are used to create, store, distribute, and run virtualized applications.

Microsoft Application Virtualization Sequencer

Application that monitors and records the installation and setup process for applications so that an application can be sequenced and run in the virtual environment.

Microsoft Application Virtualization Terminal Services Client

An application that resides on a Terminal Server and which communicates and authenticates with the Microsoft Virtual Application Server to receive the application code and allow a sequenced application to be run locally.

Microsoft System Center Application Virtualization Management Server

One of two Application Virtualization server types from which a sequenced application package can be streamed. In addition to streaming virtual application packages, the Application Virtualization Management Server offers other services such as publishing, management, reporting, and so on.

Microsoft System Center Application Virtualization Streaming Server

One of two Application Virtualization server types from which a sequenced application package can be streamed. The Streaming Server streams applications to the client computers only and does not offer other services such as publishing, management, reporting, and so on.

Open Software Descriptor (OSD) file

An XML-based file that instructs the client on how to retrieve the sequenced application from the Application Virtualization Management/Streaming Server and how to run the sequenced application in its virtual environment.

OSD Source Root

Reference to a registry key that allows specification of a source location for OSD file retrieval for an application package during publication. OSD Source Roots support UNC formats only (not URLs).

package root directory

The directory on the sequencing computer on which files for the sequenced application package are installed. This directory also exists virtually on the computer to which a sequenced application will be streamed.

primary feature block

The minimum content in an application package that is necessary for an application to run. The content in the primary feature block is identified during the application phase of sequencing and typically consists of the content for the most used application features.

secondary feature block

The remainder of the application package that is not contained in the primary feature block. This content is streamed to the client on demand as application features are used.

sequenced application

An application that has been monitored by the Sequencer, broken up into primary and secondary feature blocks, streamed to a computer running the Microsoft Application Virtualization Terminal Services Client or the Microsoft Application Virtualization Desktop Client, and can run inside of its own virtual environment.

sequenced application package

The files that comprise a virtual application and allow a virtual application to run. These files are created after sequencing and specifically include .osd, .sft, .sprj, and .ico files.

sequencing

The process of creating an application package by using the Application Virtualization Sequencer. In this process, an application is monitored, its shortcuts are configured, and a sequenced application package is created containing the .osd, .sft, .sprj, and .ico files.

sequencing computer

The computer used to perform sequencing and create a sequenced application package.

Sequencing Wizard

Step-by-step wizard that walks the user through sequencing an application, including package configuration, installing the application or applications to be sequenced, and sequencing the application package for streaming.

SFT

A file that contains one or more sequenced applications that the Sequencer has packaged into streaming blocks, as well as the associated delivery information. The SFT file is stored on each server that must stream the packaged applications to a client.

SFTMIME

A command-line interface for setting up and managing applications, file type associations, and desktop configuration servers managed by Application Virtualization Desktop and Terminal Services Clients.

SPRJ file

An XML-based Sequencer Project file, in which the Sequencer stores its Exclusion Items and Parse Items information. The SPRJ file is used heavily in the creation of application records as well as during an upgrade to a package.

virtual application

An application packaged by the Sequencer to run in a self-contained, virtual environment. The virtual environment contains the information necessary to run the application on the client without installing the application locally.

Virtual COM

The subsystem that manages COM objects created by application processes running in a virtual environment and prevents conflict with the same objects created outside the virtual environment.

virtual directory

An opaque directory where only files and subdirectories defined in the application package or created through interaction with an application in a virtual environment are visible. Any files in an identically named local directory are not visible to the application.

virtual environment

A runtime container that defines the resources available to application processes launched from a sequenced application package.

virtual file

A file name within the virtual environment that is mapped to an alternate target location. A virtual file appears alongside other files in the containing directory, regardless of whether that directory is virtual or local.

virtual file system

The subsystem that intercepts and redirects file system requests from application processes running in a virtual environment. These requests are processed based on the virtual files and directories defined in the application package and created or modified through interaction with a virtual application.

virtual registry

The subsystem that intercepts and redirects registry requests for keys and values from application processes running in a virtual environment. The redirection is based on the registry information defined in the application package and created or modified through interaction with a virtual application.

virtual services

The subsystem that acts as the Service Control Manager (SCM) for services running in a virtual environment.

- -  - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-properties-connectivity-tab.md b/mdop/appv-v4/application-virtualization-properties-connectivity-tab.md deleted file mode 100644 index 9b480ae5f3..0000000000 --- a/mdop/appv-v4/application-virtualization-properties-connectivity-tab.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Application Virtualization Properties Connectivity Tab -description: Application Virtualization Properties Connectivity Tab -author: dansimp -ms.assetid: e07c1352-a2be-4d99-9968-daba515bcde2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Properties: Connectivity Tab - - -Use the **Connectivity** tab of the **Application Virtualization Properties** dialog box to specify the connectivity settings. - -This tab contains the following elements. - -**Allow disconnected operation** -Use this check box to enable or disable disconnected operation. - -**Limit disconnected operation to \_\_\_\_ days** -Use this check box and field to set an expiration time-out for disconnected operation. The expiration length in days can be any number from 1–999999. - -**Work offline** -Use this check box to enable and disable offline operation. - -## Related topics - - -[Client Management Console: Application Virtualization Properties](client-management-console-application-virtualization-properties.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-properties-file-system-tab.md b/mdop/appv-v4/application-virtualization-properties-file-system-tab.md deleted file mode 100644 index fe4acb134a..0000000000 --- a/mdop/appv-v4/application-virtualization-properties-file-system-tab.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: Application Virtualization Properties File System Tab -description: Application Virtualization Properties File System Tab -author: dansimp -ms.assetid: c7d56d36-8c50-4dfc-afee-83dea06376d4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Properties: File System Tab - - -Use the **File System** tab of the **Application Virtualization Properties** dialog box to view and monitor file system settings. - -This tab contains the following elements. - -**Client Cache Configuration Settings** -This section enables you to configure the client cache settings. Click one of the following radio buttons to choose how to manage the cache space: - -- **Use maximum cache size** - - Enter a numeric value from 100 to 1,048,576 (1 TB) in the **Maximum size (MB)** field to specify the maximum size in MB of the cache. The value shown in **Reserved Cache Size** indicates the amount of cache in use. - -- **Use free disk space threshold** - - Enter a numeric value to specify the amount of free disk space, in MB, that the cache must leave available on the disk. This allows the cache to grow until the amount of free disk space reaches this limit. The value shown in **Free disk space remaining** indicates how much disk space is unused. - -**Drive Letter** -This field displays the current drive being used. To change the drive, select any drive letter from the drop-down list of available drives. This setting becomes effective when the computer is rebooted. - -## Related topics - - -[Client Management Console: Application Virtualization Properties](client-management-console-application-virtualization-properties.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-properties-general-tab.md b/mdop/appv-v4/application-virtualization-properties-general-tab.md deleted file mode 100644 index 375209e344..0000000000 --- a/mdop/appv-v4/application-virtualization-properties-general-tab.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: Application Virtualization Properties General Tab -description: Application Virtualization Properties General Tab -author: dansimp -ms.assetid: be7449d9-171a-4a11-9382-83b7008ccbdd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Properties: General Tab - - -Use the **General** tab of the **Application Virtualization Properties** dialog box to modify log settings and data locations. - -This tab contains the following elements. - -**Log Level** -Select the level from the drop-down list. The default level is **Information**. - -**Reset Log** -Click this button to back up the current log file and immediately start a new log file. - -**Location** -Enter or browse to the location where you want to save the log file sftlog.txt. The default locations are as follows: - -- For Windows XP, Windows Server 2003—*C:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\Application Virtualization Client* - -- For Windows Vista, Windows 7, Windows Server 2008—*C:\\ProgramData\\Microsoft\\Application Virtualization Client* - -**System Log Level** -Select the level from the drop-down list. The default level is **Warning**. - -**Note**   -The **System Log Level** setting controls the level of messages sent to the system event log. The logged messages are identical to the messages that get logged to the client event log, but they are stored in a different location that does not have the space limitations of the client event log. Because the system event log does not have space limitations, it is ideally suited for situations where verbose logging is necessary. - - - -**Global Data Directory** -Enter or browse to the location of the directory of the log file. The default locations are as follows: - -- For Windows XP, Windows Server 2003—*C:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\Application Virtualization Client* - -- For Windows Vista, Windows 7, Windows Server 2008—*C:\\ProgramData\\Microsoft\\Application Virtualization Client* - -**User Data Directory** -Enter or browse to the location of the directory where user-specific data is stored. The default is %APPDATA%. This path must be a valid environment variable on the client computer. - -## Related topics - - -[Client Management Console: Application Virtualization Properties](client-management-console-application-virtualization-properties.md) - - - - - - - - - diff --git a/mdop/appv-v4/application-virtualization-properties-import-search-path-tab.md b/mdop/appv-v4/application-virtualization-properties-import-search-path-tab.md deleted file mode 100644 index ada91ffa6f..0000000000 --- a/mdop/appv-v4/application-virtualization-properties-import-search-path-tab.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Application Virtualization Properties Import Search Path Tab -description: Application Virtualization Properties Import Search Path Tab -author: dansimp -ms.assetid: 7f94d472-1d0a-49d8-b307-330936071e13 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Properties: Import Search Path Tab - - -Use the **Import Search Path** tab of the **Application Virtualization Properties** dialog to view and manage the search paths for importing SFT files. - -This tab contains the following elements. - -**Path Window** -This window displays the SFT paths. - -**Add** and **Remove** -Use these buttons to add or remove SFT search paths. - -**Move up** and **Move Down** -Use these buttons to organize the SFT search paths. - -## Related topics - - -[Client Management Console: Application Virtualization Properties](client-management-console-application-virtualization-properties.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-properties-interface-tab.md b/mdop/appv-v4/application-virtualization-properties-interface-tab.md deleted file mode 100644 index fedbe93af5..0000000000 --- a/mdop/appv-v4/application-virtualization-properties-interface-tab.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Application Virtualization Properties Interface Tab -description: Application Virtualization Properties Interface Tab -author: dansimp -ms.assetid: bb9cb54e-315a-48bf-a396-b33e2cbd030a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Properties: Interface Tab - - -Use the **Interface** tab of the **Application Virtualization Properties** dialog box to control default settings for user-interface components. - -This tab contains the following elements. - -**Run Settings** radio buttons -Select **Always**, **Only**, or **Do not show** to determine when the Application Virtualization Client is visible in the Windows desktop notification area. - -**Error message display time** -Enter a duration (in seconds) to determine how long error messages are visible in the desktop notification area. The minimum allowable value is 10. - -**Information message display time** -Enter a duration (in seconds) to determine how long information messages are visible in the desktop notification area. If you set this value to zero, all messages except error messages are suppressed. - -## Related topics - - -[Client Management Console: Application Virtualization Properties](client-management-console-application-virtualization-properties.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-properties-permissions-tab.md b/mdop/appv-v4/application-virtualization-properties-permissions-tab.md deleted file mode 100644 index b830275c12..0000000000 --- a/mdop/appv-v4/application-virtualization-properties-permissions-tab.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -title: Application Virtualization Properties Permissions Tab -description: Application Virtualization Properties Permissions Tab -author: dansimp -ms.assetid: 5219bc7c-7c7a-4e2f-8fba-7039933d1124 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Properties: Permissions Tab - - -Use the **Permissions** tab of the **Application Virtualization Properties** dialog box to specify which activities are available for non-administrators on the local computer. Select the check boxes that correspond to the items you want to make available to all users. Users who do not have administrative rights can view this page and see which items are selected, but they cannot modify the list. - -## Related topics - - -[Client Management Console: Application Virtualization Properties](client-management-console-application-virtualization-properties.md) - -[User Access Permissions in Application Virtualization Client](user-access-permissions-in-application-virtualization-client.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-reference.md b/mdop/appv-v4/application-virtualization-reference.md deleted file mode 100644 index 11b374d4e3..0000000000 --- a/mdop/appv-v4/application-virtualization-reference.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: Application Virtualization Reference -description: Application Virtualization Reference -author: dansimp -ms.assetid: 5f994be7-41fa-416b-8a4c-6ed52fcd9b72 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Reference - - -This section provides reference information related to installing and managing the Microsoft Application Virtualization Client and the virtual application packages created by the Application Virtualization Sequencer. - -## In This Section - - -[Application Virtualization Client Installer Command-Line Parameters](application-virtualization-client-installer-command-line-parameters.md) -Provides details of all the command-line parameters that are available for use when installing the client. - -[SFTMIME Command Reference](sftmime--command-reference.md) -Provides a detailed list of all SFTMIME parameters. - -## Related topics - - -[Application Virtualization Server-Based Scenario](application-virtualization-server-based-scenario.md) - -[Electronic Software Distribution-Based Scenario](electronic-software-distribution-based-scenario.md) - -[Stand-Alone Delivery Scenario for Application Virtualization Clients](stand-alone-delivery-scenario-for-application-virtualization-clients.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-report-types.md b/mdop/appv-v4/application-virtualization-report-types.md deleted file mode 100644 index 3e81bdd8f6..0000000000 --- a/mdop/appv-v4/application-virtualization-report-types.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: Application Virtualization Report Types -description: Application Virtualization Report Types -author: dansimp -ms.assetid: 232ef25e-11a0-49fb-b4b3-54ac83577383 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Report Types - - -From the Application Virtualization Server Management Console, you can generate a variety of reports that provide information about the system. This information includes usage information for applications and system error tracking. - -## In This Section - - -[System Utilization Report](system-utilization-reportserver.md) -Graphs the total daily usage, to help you determine the load on your Application Virtualization System. - -[Software Audit Report](software-audit-reportserver.md) -Lists the usage information during the reporting period for all applications defined in the database, to help you determine which applications are the most heavily used. - -[Application Utilization Report](application-utilization-reportserver.md) -Tracks usage information for a specified application, to help you determine how heavily a specific application is used. - -[System Error Report](system-error-reportserver.md) -Tracks the number of errors and warnings logged over time during the specified reporting period for the specified server or for the specified server group. - -## Related topics - - -[How to Manage Reports in the Server Management Console](how-to-manage-reports-in-the-server-management-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-sequencer-command-line.md b/mdop/appv-v4/application-virtualization-sequencer-command-line.md deleted file mode 100644 index abbc660844..0000000000 --- a/mdop/appv-v4/application-virtualization-sequencer-command-line.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -title: Application Virtualization Sequencer Command Line -description: Application Virtualization Sequencer Command Line -author: dansimp -ms.assetid: a6d5ec9f-cc66-4869-9250-5c65d7e1e58e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Sequencer Command Line - - -You can use the Microsoft Application Virtualization (App-V) Sequencer to create virtual application packages using the command line. This method of sequencing is faster than sequencing using the **Sequencing** Wizard and is ideal if you are sequencing a large number of applications. - -## In This Section - - -[Command-Line Parameters](command-line-parameters.md) -Provides information about the Sequencer command line parameters. - -[Command-Line Errors](command-line-errors.md) -Provides information about common command line errors. - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-sequencer-console-overview.md b/mdop/appv-v4/application-virtualization-sequencer-console-overview.md deleted file mode 100644 index 1669e0fe12..0000000000 --- a/mdop/appv-v4/application-virtualization-sequencer-console-overview.md +++ /dev/null @@ -1,88 +0,0 @@ ---- -title: Application Virtualization Sequencer Console Overview -description: Application Virtualization Sequencer Console Overview -author: dansimp -ms.assetid: 681bb40d-2937-4645-82aa-4a44775232d8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Sequencer Console Overview - - -The Application Virtualization (App-V) Sequencer creates applications so that they can be run in a virtual environment, as virtual applications. After an application has been sequenced, it can run from an App-V Server to target computers that are running the App-V Desktop Client or the App-V Client for Remote Desktop Services (formerly Terminal Services) by using a process called streaming. The App-V Sequencer monitors the installation and setup process for applications, and it records all the information necessary for the application to run in the virtual environment. This process also determines which files and configurations are applicable to all users and which configurations users can customize. Virtual applications run on target computers and have no effect on the operating system running on the target computer or on any applications that are installed on the target computer. - -## Application Virtualization Sequencer Security Considerations - - -The App-V Sequencer runs all services detected at sequencing time using the Local System account and does not enforce security descriptors on service control requests. If the service was installed using a different user account or if the security descriptors are intended to grant different user groups specific service permissions, consider carefully whether the service should be virtualized. In some cases, you should install the service locally to ensure that the intended service security is preserved. - -## Application Virtualization Sequencer Console Menu Options - - -The following menu items are available in the App-V Sequencer Console: - -- **File**—Contains various commands to help create, open, modify, and save sequenced applications. - -- **Edit**—Contains various commands for editing existing virtual applications. - -- **View**—Contains various commands for viewing properties of a virtual application. - -- **Tools**—Contains various tools and diagnostics for configuring virtual applications. - -## Application Virtualization Sequencer Console Toolbar Options - - -The following toolbar buttons are available in the App-V Sequencer Console: - -- **New Package**—Click to create a new sequenced application. - -- **Open**—Click to open a sequenced application package in the App-V Sequencer Console. - -- **Open for Upgrade**—Click to open a sequenced application to upgrade or apply an update. - -- **Save**—Click to save a sequenced virtual application. - -- **Sequencing Wizard**—Click to open the Sequencing Wizard. You should use this button to start the Sequencing Wizard if you make any changes on the **General** tab under **Tools** / **Options**. - -## Virtual Application Tabs - - -The following tabs are displayed when you view a virtual application in the App-V Sequencer Console: - -- **Properties**—Displays information about the selected virtual application. You can update the **Package Name** and **Comments** associated with the virtual application. - -- **Deployment**—Displays information about how the virtual application will be accessed by target computers. You can configure the virtual application delivery method, and you can configure which operating systems must be running on the target computer. You can also configure the associated output options. If you plan to have clients access a virtual application from a file, use the following format when specifying the path: **File://server/share/path/.sft**. Select **Enforce Security Descriptors** to preserve security associated with the package during an upgrade, or the permissions will be reset during the upgrade. - -- **Change History**—Displays information about updates that have been made to the virtual application. - -- **Files**—Displays the files associated with the selected virtual application. You can make minor revisions to the associated file properties by using the appropriate fields. - -- **Virtual Registry**—Displays the virtual registry associated with the selected virtual application. You can add or delete registry keys by right-clicking the appropriate entry. - -- **Virtual File System**—Displays the virtual file systems associated with the selected virtual application. You can add, delete, or edit file system entries on this tab by right-clicking the appropriate entry and selecting the option. - -- **Virtual Services**—Displays the services associated with the selected virtual application. - -- **OSD**—Displays information about the Open Software Descriptor (OSD) associated with the virtual application. You can update the files associated with the OSD file by right-clicking the appropriate entry and selecting the action that you want. - -## Related topics - - -[Application Virtualization Sequencer](application-virtualization-sequencer.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-sequencer-hardware-and-software-requirements.md b/mdop/appv-v4/application-virtualization-sequencer-hardware-and-software-requirements.md deleted file mode 100644 index cc7fa3c205..0000000000 --- a/mdop/appv-v4/application-virtualization-sequencer-hardware-and-software-requirements.md +++ /dev/null @@ -1,282 +0,0 @@ ---- -title: Application Virtualization Sequencer Hardware and Software Requirements -description: Application Virtualization Sequencer Hardware and Software Requirements -author: dansimp -ms.assetid: c88a1b5b-23e1-4460-afa9-a5f37e32eb05 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Sequencer Hardware and Software Requirements - - -This topic describes the minimum recommended hardware and software requirements for the computer running the Microsoft Application Virtualization (App-V) Sequencer. - -**Important**   -You must run the App-V sequencer (**SFTSequencer.exe**) using an account that has administrator privileges because of the changes the sequencer makes to the local system. These changes can include writing files to the **C:\\Program Files** directory, making registry changes, starting and stopping services, updating security descriptors for files, and changing permissions. - - - -Before you install the Sequencer and after you sequence each application, you must restore a clean operating system image to the sequencing computer. You can use one of the following methods to restore the computer running the Sequencer: - -- Reformat the hard drive and reinstall the operating system. - -- Restore the hard drive on the computer running the Sequencer image by using another disk-imaging software. - -- Revert a virtual operating system image such as a Microsoft Virtual PC image. Using a virtual machine allows for clean sequencing environments to be easily reused with minimal administration. - -The following list outlines the recommended hardware requirements for running the App-V Sequencer. - -The requirements are listed first for Microsoft Application Virtualization (App-V) 4.6 SP2, followed by the requirements for versions that preceded App-V 4.6 SP2. - -### Hardware Requirements - -- Processor—Intel Pentium III, 1 GHz (32-bit or 64-bit). The sequencing process is a single-threaded process and does not take advantage of dual processors. - -- Memory—1 GB or above, 2 GB recommended. - -- Hard disk—40 gigabyte (GB) hard disk space with a minimum of 15 GB available hard disk space. We recommend that you have at least three times the hard disk space that the application you are sequencing requires. - - **Note**   - Sequencing requires heavy disk usage. A fast disk speed can decrease the sequencing time. - - - -### Software Requirements for App-V 4.6 SP2 - -The following list outlines the supported operating systems for running the App-V 4.6 SP2 Sequencer. - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackSystem Architecture

Windows XP

Professional

SP3

x86

Windows Vista

Business, Enterprise, or Ultimate

SP2

x86

Windows 7

Professional, Enterprise, or Ultimate

No service pack or SP1

x86 and x64

Windows 8

Pro or Enterprise Edition

x86 and x64

- - - -**Note**   -The Application Virtualization (App-V) 4.6 SP2 Sequencer supports 32-bit and 64-bit versions of these operating systems. - - - -You should configure computers running the Sequencer with the same applications that are installed on targeted computers. - -### Software Requirements for Versions that Precede App-V 4.6 SP2 - -The following list outlines the supported operating systems for running the Sequencer for versions that precede App-V 4.6 SP2. - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackSystem Architecture

Windows XP

Professional

SP2 or SP3

x86

Windows Vista

Business, Enterprise, or Ultimate

No service pack, SP1, or SP2

x86

Windows 7¹

Professional, Enterprise, or Ultimate

x86

- - - -¹Supported for App-V 4.5 with SP1 or SP2, and App-V 4.6 only - -**Note**   -The Application Virtualization (App-V) 4.6 Sequencer supports 32-bit and 64-bit versions of these operating systems. - - - -You should configure computers running the Sequencer with the same applications that are installed on targeted computers. - -### Software Requirements for Remote Desktop Services for App-V 4.6 SP2 - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackSystem Architecture

Windows Server 2003 R2

Standard Edition, Enterprise Edition, or Datacenter Edition

SP2

x86

Windows Server 2008

Standard, Enterprise, or Datacenter Edition

SP2

x86

Windows Server 2008 R2

Standard, Enterprise, or Datacenter Edition

No service pack or SP1

x64

Windows Server 2012

Standard, Enterprise, or Datacenter Edition

x86 or x64

- - - -**Note**   -Application Virtualization (App-V) 4.6 SP2 for Remote Desktop Services supports 32-bit and 64-bit versions of these operating systems. - - - -### Software Requirements for Remote Desktop Services for Versions that Precede App-V 4.6 SP2 - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackSystem Architecture

Windows Server 2003

Standard Edition, Enterprise Edition, or Datacenter Edition

SP1 or SP2

x86

Windows Server 2003 R2

Standard Edition, Enterprise Edition, or Datacenter Edition

No service pack or SP2

x86

Windows Server 2008

Standard, Enterprise, or Datacenter Edition

SP1 or SP2

x86

Windows Server 2008 R2

Standard, Enterprise, or Datacenter Edition

No service pack or SP1

x64

- - - -**Note**   -Application Virtualization (App-V) 4.6 SP2 for Remote Desktop Services supports 32-bit and 64-bit versions of these operating systems. - - - -## Related topics - - -[Application Virtualization Client Hardware and Software Requirements](application-virtualization-client-hardware-and-software-requirements.md) - -[Application Virtualization System Requirements](application-virtualization-system-requirements.md) - -[How to Install the Application Virtualization Sequencer](how-to-install-the-application-virtualization-sequencer.md) - -[How to Upgrade the Application Virtualization Sequencer](how-to-upgrade-the-application-virtualization-sequencer.md) - - - - - - - - - diff --git a/mdop/appv-v4/application-virtualization-sequencer-online-help.md b/mdop/appv-v4/application-virtualization-sequencer-online-help.md deleted file mode 100644 index 3164dedaf1..0000000000 --- a/mdop/appv-v4/application-virtualization-sequencer-online-help.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: Application Virtualization Sequencer Online Help -description: Application Virtualization Sequencer Online Help -author: dansimp -ms.assetid: 0ddeae59-314f-4c61-b85f-6b137b959fa6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Sequencer Online Help - - -The Microsoft Application Virtualization (App-V) Sequencer monitors and records the installation and setup processes for software applications. Use the Sequencer to create a sequenced application that runs inside a virtual environment. The Sequencer packages the sequenced application and creates a virtual application that can be distributed to target computers and that runs in a self-contained, virtual environment. The virtual environment contains the information necessary to run the virtual application on the target computer without interacting with the operating system installed on the target computer. - -For more information about the App-V Sequencer, see the following topics: - -- [Application Virtualization Sequencer Overview](application-virtualization-sequencer-overview.md) - -- [Sequencer Hardware and Software Requirements](sequencer-hardware-and-software-requirements.md) - -- [Configuring the Application Virtualization Sequencer](configuring-the-application-virtualization-sequencer.md) - -- [Tasks for the Application Virtualization Sequencer](tasks-for-the-application-virtualization-sequencer.md) - -- [Troubleshooting the Application Virtualization Sequencer](troubleshooting-the-application-virtualization-sequencer.md) - -- [Application Virtualization Sequencer Technical Reference](application-virtualization-sequencer-technical-reference-keep.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-sequencer-options-dialog-box.md b/mdop/appv-v4/application-virtualization-sequencer-options-dialog-box.md deleted file mode 100644 index 894504a132..0000000000 --- a/mdop/appv-v4/application-virtualization-sequencer-options-dialog-box.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Application Virtualization Sequencer Options Dialog Box -description: Application Virtualization Sequencer Options Dialog Box -author: dansimp -ms.assetid: f71eda8d-8270-439f-a093-867b3a43ebff -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Sequencer Options Dialog Box - - -Use the **Options** dialog box to configure and view the Microsoft Application Virtualization (App-V) settings. - -## In This Section - - -- [General Tab](general-tab-keep.md) - -- [Parse Items Tab](parse-items-tab-keep.md) - -- [Exclusion Items Tab](exclusion-items-tab-keep.md) - -- [Exclusion Item Dialog Box](exclusion-item-dialog-box.md) - -## Related topics - - -[Sequencer Dialog Boxes](sequencer-dialog-boxes.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-sequencer-overview.md b/mdop/appv-v4/application-virtualization-sequencer-overview.md deleted file mode 100644 index efe77f6f0e..0000000000 --- a/mdop/appv-v4/application-virtualization-sequencer-overview.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: Application Virtualization Sequencer Overview -description: Application Virtualization Sequencer Overview -author: dansimp -ms.assetid: e6422a28-633e-4dff-8abb-7cf6a5468112 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Sequencer Overview - - -The Microsoft Application Virtualization (App-V) Sequencer monitors and records all installation and setup processes for an application and creates the following files: **ICO**, **OSD**, **SFT**, and **SPRJ**. These files contain all the necessary information about an application so the application can run in a virtual environment. - -Click the associated link for more information about the App-V Sequencer: - -## In This Section - - -[About the Application Virtualization Sequencer](about-the-application-virtualization-sequencer.md) -Provides general information about the sequencer. - -[About the Sequencer Console](about-the-sequencer-console.md) -Provides information about the App-V sequencer console. - -[About Using the Sequencer Command Line](about-using-the-sequencer-command-line.md) -Provides information about using the command line to sequence applications. - -[Best Practices for the Application Virtualization Sequencer](best-practices-for-the-application-virtualization-sequencer-sp1.md) -Provides important security-related planning information about setting up the Application Virtualization Sequencer to sequence application packages. - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-sequencer-reference.md b/mdop/appv-v4/application-virtualization-sequencer-reference.md deleted file mode 100644 index 69240cc62a..0000000000 --- a/mdop/appv-v4/application-virtualization-sequencer-reference.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: Application Virtualization Sequencer Reference -description: Application Virtualization Sequencer Reference -author: dansimp -ms.assetid: a2aef256-98c0-4f81-83a2-af4b64208088 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Sequencer Reference - - -This section provides reference information related to managing the Application Virtualization (App-V) Sequencer. - -## In This Section - - -[Log Files for the Application Virtualization Sequencer](log-files-for-the-application-virtualization-sequencer.md) -Provides detailed information about the App-V Sequencer log files. - -[Sequencer Command-Line Parameters](sequencer-command-line-parameters.md) -Provides information about parameters you can use to sequence an application and to upgrade an existing virtual application. - -[Sequencer Command-Line Error Codes](sequencer-command-line-error-codes.md) -Provides a list of errors that are related to sequencing applications. - -## Related topics - - -[Application Virtualization Sequencer](application-virtualization-sequencer.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-sequencer-technical-reference-keep.md b/mdop/appv-v4/application-virtualization-sequencer-technical-reference-keep.md deleted file mode 100644 index 36c372bd1c..0000000000 --- a/mdop/appv-v4/application-virtualization-sequencer-technical-reference-keep.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Application Virtualization Sequencer Technical Reference -description: Application Virtualization Sequencer Technical Reference -author: dansimp -ms.assetid: 4aa515ce-64f0-4998-8100-f87dc77aed70 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Sequencer Technical Reference - - -The Microsoft Application Virtualization (App-V) Sequencer Reference section contains technical information that you might find helpful as you work with the App-V Sequencer. - -## In This Section - - -- [Sequencer Dialog Boxes](sequencer-dialog-boxes.md) - -- [Sequencing Wizard](sequencing-wizard.md) - -- [Sequencer Console](sequencer-console.md) - -- [Application Virtualization Sequencer Command Line](application-virtualization-sequencer-command-line.md) - -## Related topics - - -[Application Virtualization Sequencer Online Help](application-virtualization-sequencer-online-help.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-sequencer.md b/mdop/appv-v4/application-virtualization-sequencer.md deleted file mode 100644 index 3f31f87b42..0000000000 --- a/mdop/appv-v4/application-virtualization-sequencer.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: Application Virtualization Sequencer -description: Application Virtualization Sequencer -author: dansimp -ms.assetid: f078f3c9-7b5c-4ff1-b319-4c076b88bc39 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Sequencer - - -Sequencing is the process by which you create an application package using the Microsoft Application Virtualization (App-V) Sequencer. The App-V Sequencer monitors and records all installation and setup processes for an application and creates the following files: ICO, OSD, SFT, and SPRJ. These files contain all the necessary information about an application, and they allow that application to run in a virtual environment. - -## In This Section - - -[Application Virtualization Sequencer Console Overview](application-virtualization-sequencer-console-overview.md) -Provides information about the menu, toolbar, and tabs on the Application Virtualization Sequencer Console. - -[About Sequencing Phases](about-sequencing-phases.md) -Provides information about sequencing an application. - -[How to Configure the App-V Sequencer](how-to-configure-the-app-v-sequencer.md) -Provides a set of procedures you can use to configure the Application Virtualization Sequencer. - -[Configuring the Application Virtualization Sequencer (App-V 4.6 SP1)](configuring-the-application-virtualization-sequencer--app-v-46-sp1-.md) -Provides a set of procedures you can use to configure the Application Virtualization Sequencer. - -[How to Create or Upgrade Virtual Applications Using the App-V Sequencer](how-to-create-or-upgrade-virtual-applications-using--the-app-v-sequencer.md) -Provides step-by-step procedures for sequencing or upgrading virtual application, using either the user interface or the command line. - -[Tasks for the Application Virtualization Sequencer (App-V 4.6 SP1)](tasks-for-the-application-virtualization-sequencer--app-v-46-sp1-.md) -Provides step-by-step procedures for sequencing or upgrading virtual application. - -[Troubleshooting Application Virtualization Sequencer Issues](troubleshooting-application-virtualization-sequencer-issues.md) -Provides troubleshooting tips for a variety of issues that you might encounter when working with the App-V Sequencer. - -[Application Virtualization Sequencer Reference](application-virtualization-sequencer-reference.md) -Provides detailed technical reference material related to working with the Application Virtualization Sequencer. - -## Related topics - - -[Application Virtualization Client](application-virtualization-client.md) - -[Application Virtualization Server](application-virtualization-server.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-sequencing-wizard-add-application-dialog-box.md b/mdop/appv-v4/application-virtualization-sequencing-wizard-add-application-dialog-box.md deleted file mode 100644 index e3b9b48948..0000000000 --- a/mdop/appv-v4/application-virtualization-sequencing-wizard-add-application-dialog-box.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: Application Virtualization Sequencing Wizard-Add Application Dialog Box -description: Application Virtualization Sequencing Wizard-Add Application Dialog Box -author: dansimp -ms.assetid: 247eac0e-830d-4d72-be48-af7d1525eefd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Sequencing Wizard-Add Application Dialog Box - - -Use the **Add Application** dialog box to add an application to a sequenced application package for sequencing. This dialog box contains the following elements. - -**Application Path** -Specifies the path of the application. - -**Name** -Specifies the name of the application as listed in the OSD file. - -**Version** -Specifies the version of the application as listed in the OSD file. - -**OSD File Name** -Specifies the name of the OSD file that causes the application shortcut to open the application. - -## Related topics - - -[Sequencer Dialog Boxes](sequencer-dialog-boxes.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-sequencing-wizard-add-file-type-association-dialog-box.md b/mdop/appv-v4/application-virtualization-sequencing-wizard-add-file-type-association-dialog-box.md deleted file mode 100644 index 7d58727b72..0000000000 --- a/mdop/appv-v4/application-virtualization-sequencing-wizard-add-file-type-association-dialog-box.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: Application Virtualization Sequencing Wizard-Add File Type Association Dialog Box -description: Application Virtualization Sequencing Wizard-Add File Type Association Dialog Box -author: dansimp -ms.assetid: f7656053-3d92-448e-8759-b6b09cef6025 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Sequencing Wizard-Add File Type Association Dialog Box - - -Use the **Add File Type Association** dialog box to add a file type association for the application. To access this dialog box, click **File Type** associations on the **Configure Application** page and click **Add**. This dialog box contains the following elements. - -**Extension** -Use to specify the file name extension for the file type associated with the application. - -**File Type Description** -Use to specify a brief description of the file type. - -**Content Type** -Use to specify a brief description of the MIME type. - -**Perceived Type** -Use to select a file type. - -**Confirm open after download** -Select to confirm that the file is opened after a download. - -**Always show extension** -Select to display the extension with the file name. - -**Add to New menu** -Select to add the file type to the **New** menu. - -## Related topics - - -[Sequencer Dialog Boxes](sequencer-dialog-boxes.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-sequencing-wizard-add-files-to-virtual-file-system-page.md b/mdop/appv-v4/application-virtualization-sequencing-wizard-add-files-to-virtual-file-system-page.md deleted file mode 100644 index 1a7aceec55..0000000000 --- a/mdop/appv-v4/application-virtualization-sequencing-wizard-add-files-to-virtual-file-system-page.md +++ /dev/null @@ -1,79 +0,0 @@ ---- -title: Application Virtualization Sequencing Wizard Add Files to Virtual File System Page -description: Application Virtualization Sequencing Wizard Add Files to Virtual File System Page -author: dansimp -ms.assetid: 6b01333b-08bd-4b96-a123-a07a7aafddd1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Sequencing Wizard Add Files to Virtual File System Page - - -Use the **Add Files to Virtual File System** page of the Application Virtualization Sequencing Wizard to select files to add to the virtual file system. The page contains the elements described in the following table. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameDescription

Add the following files to the VFS

Select to add the listed files to the virtual file system.

Remove

Click to remove a selected file from the list so that it will not be added to the virtual file system.

Add

Click to add a file so that you can add a file to the virtual file system.

Reset

Click to restore the default list of files under Add the following files to the VFS.

Back

Accesses the Sequencing Wizard's previous page.

Next

Accesses the Sequencing Wizard's next page.

Cancel

Terminates operation of the Sequencing Wizard.

- -  - -## Related topics - - -[Sequencing Wizard](sequencing-wizard.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-sequencing-wizard-advanced-options-page.md b/mdop/appv-v4/application-virtualization-sequencing-wizard-advanced-options-page.md deleted file mode 100644 index c195624f90..0000000000 --- a/mdop/appv-v4/application-virtualization-sequencing-wizard-advanced-options-page.md +++ /dev/null @@ -1,130 +0,0 @@ ---- -title: Application Virtualization Sequencing Wizard Advanced Options Page -description: Application Virtualization Sequencing Wizard Advanced Options Page -author: dansimp -ms.assetid: 2c4c5d95-d55e-463d-a851-8486f6a724f2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Sequencing Wizard Advanced Options Page - - -Use the **Advanced Options** page of the Application Virtualization (App-V) Sequencing Wizard to specify advanced options for the application to be installed. The page contains the elements described in the following table. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameDescription

Block Size

Use to specify the size of blocks that the SFT file will be divided into when streamed across a network. All blocks equal the specified size; however, the last block might be smaller than specified. Select one of the following values:

-
    -

  • 4 KB

    • -

  • 16 KB

    • -

  • 32 KB

    • -

  • 64 KB

    • -
-
-Note

When you select a block size, consider the size of the SFT file and your network bandwidth. A file with a smaller block size takes longer to stream over the network but is less bandwidth-intensive. Files with larger block sizes might stream faster, but they use more network bandwidth. Through experimentation, you can discover the optimum block size for streaming applications on your network.

-
-
- -

Enable Microsoft Update During Monitoring

Enables installation of Microsoft Updates during the Sequencing Wizard's monitoring phase.

Rebase DLLs

Enables remapping of supported dynamic-link libraries to a contiguous space in RAM, saving memory and improving performance.

Back

Accesses the Sequencing Wizard's previous page.

Next

Accesses the Sequencing Wizard's next page.

Cancel

Terminates operation of the Sequencing Wizard.

- - - -\[Template Token Value\] - -Use the **Advanced Options** page of the App-V Sequencing Wizard to specify advanced options for the application you are sequencing. This page contains the elements described in the following table. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameDescription

Allow Microsoft Update to run during monitoring

Specifies whether software updates will be applied to the application during the monitoring phase of application sequencing. This option is helpful if updates are required to successfully complete the application installation. This option is not selected by default.

Rebase Dlls

Enables remapping of supported dynamic-link libraries to a contiguous space in RAM. Selecting this option can help manage memory and improve application performance. This option is not selected by default.

Back

Goes to the previous page of the wizard.

Next

Goes to the next page of the wizard.

Cancel

Discards the settings and exits the wizard.

- - - -\[Template Token Value\] - -## Related topics - - -[Sequencing Wizard](sequencing-wizard.md) - - - - - - - - - diff --git a/mdop/appv-v4/application-virtualization-sequencing-wizard-configure-application-page-keep.md b/mdop/appv-v4/application-virtualization-sequencing-wizard-configure-application-page-keep.md deleted file mode 100644 index 0fa1b9ca03..0000000000 --- a/mdop/appv-v4/application-virtualization-sequencing-wizard-configure-application-page-keep.md +++ /dev/null @@ -1,91 +0,0 @@ ---- -title: Application Virtualization Sequencing Wizard Configure Application Page -description: Application Virtualization Sequencing Wizard Configure Application Page -author: dansimp -ms.assetid: 2927debd-de4b-41d2-9e1c-e8927231f4cc -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Sequencing Wizard Configure Application Page - - -Use the **Configure Applications** page of the App-V Sequencing Wizard to add applications to a sequenced application package and to add or delete shortcuts and file type associations. The page contains the elements described in the following table. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameDescription

Application

Displays a list of applications, which can be expanded to add or edit file type associations.

Name

Displays the name of the application you are sequencing.

Version

Displays the version number for the application you are sequencing.

Command Line

Displays any command-line directive of the application you are sequencing.

Add

Adds a selected application to a package.

Remove

Deletes a selected application from a package.

Edit

Enables editing of the application path and OSD file properties of the selected application.

Back

Goes to the previous page of the wizard.

Next

Goes to the next page of the wizard

Cancel

Discards the settings and closes the wizard.

- -  - -## Related topics - - -[Sequencing Wizard](sequencing-wizard.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-sequencing-wizard-launch-applications-page.md b/mdop/appv-v4/application-virtualization-sequencing-wizard-launch-applications-page.md deleted file mode 100644 index 995ae0facc..0000000000 --- a/mdop/appv-v4/application-virtualization-sequencing-wizard-launch-applications-page.md +++ /dev/null @@ -1,79 +0,0 @@ ---- -title: Application Virtualization Sequencing Wizard Launch Applications Page -description: Application Virtualization Sequencing Wizard Launch Applications Page -author: dansimp -ms.assetid: 69b1d6e1-00ff-49e3-a245-a4aca225d681 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Sequencing Wizard Launch Applications Page - - -Use the **Launch Applications** page of the App-V sequencing wizard to run applications so that the Sequencer can optimize the package for streaming and you can configure how the application should be initially started on target computers. The page contains the elements described in the following table. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameDescription

Name

Displays the name of application you are sequencing.

Command Line

Displays any command-line directive for the application you are sequencing.

Launch All

Starts each application displayed, exercises each application sufficiently to cover the actions that users typically take immediately after they open the application, and then exits each application.

Launch

Starts a selected application and exercises the application sufficiently to cover the actions that users typically take immediately after they open the application.

Back

Goes to the previous page of the wizard.

Next

Goes to the next page of the wizard.

Cancel

Discards the settings and closes the wizard.

- -  - -## Related topics - - -[Sequencing Wizard](sequencing-wizard.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-sequencing-wizard-monitor-installation-page.md b/mdop/appv-v4/application-virtualization-sequencing-wizard-monitor-installation-page.md deleted file mode 100644 index 8f834f6d26..0000000000 --- a/mdop/appv-v4/application-virtualization-sequencing-wizard-monitor-installation-page.md +++ /dev/null @@ -1,126 +0,0 @@ ---- -title: Application Virtualization Sequencing Wizard Monitor Installation Page -description: Application Virtualization Sequencing Wizard Monitor Installation Page -author: dansimp -ms.assetid: b54b8145-a57e-4d0d-b776-b5319aadb78e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Sequencing Wizard Monitor Installation Page - - -Use the **Monitor Installation** page of the Application Virtualization Sequencing Wizard to start the sequencing process so that the Sequencer can monitor the application installation activities. The page contains the elements described in the following table. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameDescription

Begin Monitoring

Starts the monitoring of the sequencing process.

-
-Note

The Sequencer will minimize so that you can run your application's installer, except on Vista.

-
-
- -

Stop Monitoring

Stops the monitoring of the sequencing process.

-
-Note

The Stop Monitoring button is displayed only after the monitoring process starts.

-
-
- -

Back

Accesses the Sequencing Wizard's previous page.

Next

Accesses the Sequencing Wizard's next page.

Cancel

Terminates operation of the Sequencing Wizard.

- - - -\[Template Token Value\] - -Use the **Monitor Installation** page of the App-V sequencing wizard to monitor the installation of an application. The page contains the elements described in the following table. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameDescription

Begin Monitoring

Starts the monitoring of the application installation by the sequencer. This option enables the sequencer to record the installation process. After you click Start Monitoring, you must wait while sequencer prepares the computer for sequencing. All new and changed application components will be added to the virtual application package.

Stop Monitoring

Stops the sequencer from recording the installation process. This button is not available until you click Begin Monitoring.

Back

Goes to the previous page of the wizard.

Next

Goes to the next page of the wizard.

Cancel

Discards the settings and closes the wizard.

- - - -\[Template Token Value\] - -## Related topics - - -[Sequencing Wizard](sequencing-wizard.md) - - - - - - - - - diff --git a/mdop/appv-v4/application-virtualization-sequencing-wizard-package-information-page-keep.md b/mdop/appv-v4/application-virtualization-sequencing-wizard-package-information-page-keep.md deleted file mode 100644 index 996fff81b1..0000000000 --- a/mdop/appv-v4/application-virtualization-sequencing-wizard-package-information-page-keep.md +++ /dev/null @@ -1,71 +0,0 @@ ---- -title: Application Virtualization Sequencing Wizard Package Information Page -description: Application Virtualization Sequencing Wizard Package Information Page -author: dansimp -ms.assetid: e52efd08-1b05-4bd6-a6e7-5f6bdbde7df7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Sequencing Wizard Package Information Page - - -Use the **Package Information** page of the Application Virtualization (App-V) wizard to specify information that will be associated with the application you sequence. This page contains the following elements. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameDescription

Package Name

Specifies the name that will be associated with the virtual application package. This is a required field.

Comments

Specifies identifying information that will be associated with the package. The information will be added to OSD file ABSTRACT element. This field is optional.

Show Advanced Monitoring Options

Displays the Advanced Options page of the Sequencing Wizard.

Next

Goes to the next page of the wizard.

Cancel

Discards the settings and exits the wizard.

- -  - -## Related topics - - -[Sequencing Wizard](sequencing-wizard.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-sequencing-wizard-sequence-package-page.md b/mdop/appv-v4/application-virtualization-sequencing-wizard-sequence-package-page.md deleted file mode 100644 index 6a9437812a..0000000000 --- a/mdop/appv-v4/application-virtualization-sequencing-wizard-sequence-package-page.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: Application Virtualization Sequencing Wizard Sequence Package Page -description: Application Virtualization Sequencing Wizard Sequence Package Page -author: dansimp -ms.assetid: 4c603d6a-9139-4867-a085-c6d6b517917e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Sequencing Wizard Sequence Package Page - - -Use the **Sequence Package** page of the Application Virtualization Sequencing Wizard to create the sequenced package. After you click **Finish**, save the application by clicking **File / Save** in the Sequencer console. This page contains the elements described in the following table. - - ---- - - - - - - - - - - - - -
NameDescription

Finish

Closes the Sequencing Wizard and displays the virtual application package in the Sequence console.

- -  - -## Related topics - - -[Sequencing Wizard](sequencing-wizard.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-sequencing-wizard-shortcut-locations-dialog-box.md b/mdop/appv-v4/application-virtualization-sequencing-wizard-shortcut-locations-dialog-box.md deleted file mode 100644 index 87689f417f..0000000000 --- a/mdop/appv-v4/application-virtualization-sequencing-wizard-shortcut-locations-dialog-box.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: Application Virtualization Sequencing Wizard-Shortcut Locations Dialog Box -description: Application Virtualization Sequencing Wizard-Shortcut Locations Dialog Box -author: dansimp -ms.assetid: d79d7085-228e-4be2-abe6-2760b9b983d5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Sequencing Wizard-Shortcut Locations Dialog Box - - -Use the **Shortcut Locations** dialog box to specify where to publish application shortcuts on the Application Virtualization Desktop Client. This dialog box is found on the **Configure Applications** page of the Sequencing Wizard and contains the following elements. - -**Desktop** -Select to publish the application shortcut to the Application Virtualization Desktop Client. - -**Send To Menu** -Select to publish the application shortcut to the **Send To** menu. - -**Quick Launch Toolbar** -Select to publish the application shortcut to the Quick Launch toolbar. - -**Start Menu** -Select to publish the application shortcuts to a designated subfolder of the **Start** menu. - -**Advanced** -Click to publish application shortcuts to additional locations. - -## Related topics - - -[Sequencer Dialog Boxes](sequencer-dialog-boxes.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-server-based-scenario-overview.md b/mdop/appv-v4/application-virtualization-server-based-scenario-overview.md deleted file mode 100644 index 8a53cc64f2..0000000000 --- a/mdop/appv-v4/application-virtualization-server-based-scenario-overview.md +++ /dev/null @@ -1,178 +0,0 @@ ---- -title: Application Virtualization Server-Based Scenario Overview -description: Application Virtualization Server-Based Scenario Overview -author: dansimp -ms.assetid: 2d91392b-5085-4a5d-94f2-15eed1ed2928 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Server-Based Scenario Overview - - -If you plan to use a server-based deployment scenario for your Microsoft Application Virtualization environment, it is important to understand the differences between the *Application Virtualization Management Server* and the *Application Virtualization Streaming Server*. This topic describes those differences and also provides information about package delivery methods, transmission protocols, and external components that you will need to consider as you proceed with your deployment. - -## Application Virtualization Management Server - - -The Application Virtualization Management Server performs both the publishing function and the streaming function. The server publishes application icons, shortcuts, and file type associations to the App-V clients for authorized users. When user requests for applications are received the server streams that data on-demand to authorized users using RTSP or RTSPS protocols. In most configurations using this server, one or more Management Servers share a common data store for configuration and package information. - -The Application Virtualization Management Servers use Active Directory groups to manage user authorization. In addition to Active Directory Domain Services, these servers have SQL Server installed to manage the database and data store. The Management Server is controlled through the Application Virtualization Management Console, a snap-in to the Microsoft Management Console. - -Because the Application Virtualization Management Servers stream applications to end-users on demand, these servers are ideally suited for system configurations that have reliable, high-bandwidth LANs. - -## Application Virtualization Streaming Server - - -The Application Virtualization Streaming Server delivers the same streaming and package upgrade capabilities provided by the Management Server, but without its Active Directory or SQL Server requirements. However, the Streaming Server does not have a publishing service, nor does it have licensing or metering capabilities. The publishing service of a separate App-V Management Server is used in conjunction with the App-V Streaming Server. The App-V Streaming Server addresses the needs of businesses that want to use Application Virtualization in multiple locations with the streaming capabilities of the classic server configuration but might not have the infrastructure to support App-V Management Servers in every location. - -The Application Virtualization Streaming Server can also be used in environments with an existing electronic software distribution system (ESD). You use the ESD to manage streaming applications. Unlike the Application Virtualization Management Server, the Streaming Server does not use SQL or a management console. These servers use access control lists (ACLs) to grant user authorization. - -## Package Delivery Methods - - -If you plan to use an Application Virtualization Server as the publishing delivery method, you need to determine which of the following package delivery methods your scenario employs: - -- *Dynamic package delivery* - -- *Load from file package delivery* - -### Dynamic Package Delivery - -During dynamic package delivery, the server (Application Virtualization Management Server, Application Virtualization Streaming Server, or IIS server) delivers the virtualized applications to the end users through on-demand deployment. The server delivers the virtualized applications and packages to a client computer only when a user first attempts to launch an application (on demand). The server streams only the blocks needed to start the application (primary feature block). After the primary feature block is delivered to the client, the application runs; the client does not receive the complete application (incremental deployment) unless the client needs access to a part of the application that is not included in the primary feature block. When this occurs, the client performs an out-of-sequence request and the secondary feature block is streamed to the client. Dynamic package delivery allows for rapid application launch. - -### Load from File Package Delivery - -For load from file package delivery, the server delivers the entire virtualized application package to a client computer before the user launches the application. In this scenario, virtualized applications are delivered as a full package, rather than through the dynamic, incremental method used by the dynamic delivery model. - -**Note**   -For each delivery method, the initial virtual application delivery process and the virtual application update process are the same; the updated virtual application package replaces the original application package. - - - -The following table compares the advantages and disadvantages of each package delivery method. - - ------ - - - - - - - - - - - - - - - - - - - - - - -
MethodAdvantagesDisadvantagesComments

Dynamic package delivery

Applications are delivered and updated on demand.

-

Applications are delivered and updated incrementally to optimize launch time.

-

Updates are delivered automatically to the client desktop.

Larger footprint in enterprise topology because of server requirements.

-

Application streaming should be over a LAN; deployment scenarios over a WAN or that use an unreliable or intermittent connection between the server and client might be unusable.

Requires a streaming infrastructure.

-

Windows Installer used to deploy Application Virtualization Desktop Client software to end-user computers.

-

Large enterprises should use Application Virtualization Streaming Servers as distribution points.

Load from file package delivery

Consistent with typical enterprise management practices.

-

Supports stand-alone configuration scenario.

-

Provides solution to micro–branch office problem.

Application delivery and update is not possible on-demand.

-

Application delivery and update is not incremental; it increases resource consumption relative to dynamic delivery.

The IT organization is often responsible for managing application licenses, user authorization, and authentication.

- - - -## Server-Related Protocols and External Components - - -The following table lists the server types that can be used in an Application Virtualization Server-based scenarios, along with their corresponding transmission protocols and the external components needed to support the specific server configuration. The table also includes the reporting mechanism and the active upgrade mechanism for each server type. Because these scenarios all use the Application Virtualization Management Server, you can use the internal reporting functionality that is built into the system. If you use an Application Virtualization Management or an Application Virtualization Streaming Server to deliver packages to the client, packages on the server are automatically upgraded when a user logs into the client; if you use IIS servers or a file to deliver the packages to the client, the packages on the client must be upgraded manually. - - ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Server TypeProtocolsExternal Components NeededReportingActive Upgrade

Application Virtualization Management Server

RTSP

-

RTSPS

When using HTTPS, use an IIS server to download ICO and OSD files and a firewall to protect the server from exposure to the Internet.

Internal

Supported

Application Virtualization Streaming Server

RTSP

-

RTSPS

Use a mechanism to synchronize the content between the Management Server and the Streaming Server. When using HTTPS, use an IIS server to download ICO and OSD files and use a firewall to protect the server from exposure to the Internet.

Internal

Supported

IIS server

HTTP

-

HTTPS

Use a mechanism to synchronize the content between the Management Server and the Streaming Server. When using HTTP or HTTPS, use an IIS server to download ICO and OSD files and a firewall to protect the server from exposure to the Internet.

Internal

Not Supported

File

SMB

You need a way to synchronize the content between the Management Server and the Streaming Server. You need a client computer with file sharing or streaming capability.

Internal

Not Supported

- - - -## Related topics - - -[Electronic Software Distribution-Based Scenario](electronic-software-distribution-based-scenario.md) - -[How to Configure Servers for Server-Based Deployment](how-to-configure-servers-for-server-based-deployment.md) - -[How to Install the Servers and System Components](how-to-install-the-servers-and-system-components.md) - - - - - - - - - diff --git a/mdop/appv-v4/application-virtualization-server-based-scenario.md b/mdop/appv-v4/application-virtualization-server-based-scenario.md deleted file mode 100644 index 84336dad16..0000000000 --- a/mdop/appv-v4/application-virtualization-server-based-scenario.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: Application Virtualization Server-Based Scenario -description: Application Virtualization Server-Based Scenario -author: dansimp -ms.assetid: 10ed0b18-087d-470f-951b-5083f4cb076f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Server-Based Scenario - - -If you plan to use a server-based deployment scenario for your Microsoft Application Virtualization (App-V) environment, you should understand the differences between the Application Virtualization Management Server and the Application Virtualization Streaming Server. The topics in this section describe those differences and also provide information about package delivery methods, transmission protocols, and external components that you have to consider as you continue with your deployment. This section also provides step-by-step procedures for installing and configuring the App-V Management Server and the Application Virtualization Streaming Servers. - -## In This Section - - -[Application Virtualization Server-Based Scenario Overview](application-virtualization-server-based-scenario-overview.md) -Provides important deployment information about the Application Virtualization Management Server, the Application Virtualization Streaming Server, and the package delivery methods, protocols, and external components relevant to your server-based deployment plan. - -[How to Install the Servers and System Components](how-to-install-the-servers-and-system-components.md) -Describes how to install the Microsoft Application Virtualization platform components required for your server-based deployment. - -[How to Configure Servers for Server-Based Deployment](how-to-configure-servers-for-server-based-deployment.md) -Describes how to configure the Application Virtualization Management Server, the Application Virtualization Streaming Server, the Internet Information Integration (IIS) server, and the file server. - -[How to Configure a Read-only Cache on the App-V Client (VDI)](how-to-configure-a-read-only-cache-on-the-app-v-client--vdi-.md) -Describes how to configure the App-V client to use read-only cache. - -[How to Configure a Read-only Cache on the App-V Client (RDS)](how-to-configure-a-read-only-cache-on-the-app-v-client--rds--sp1.md) -Describes how to configure the App-V client to use read-only cache. - -[How to Configure Microsoft SQL Server Mirroring Support for App-V](how-to-configure-microsoft-sql-server-mirroring-support-for-app-v.md) -Describes how to configure database mirroring by using Microsoft SQL Server for your App-V system. - -## Reference - - -[Application Virtualization Client Installer Command-Line Parameters](application-virtualization-client-installer-command-line-parameters.md) - -## Related Sections - - -[Electronic Software Distribution-Based Scenario](electronic-software-distribution-based-scenario.md) - -## Related topics - - -[Application Virtualization Deployment and Upgrade Considerations](application-virtualization-deployment-and-upgrade-considerations.md) - -[Stand-Alone Delivery Scenario for Application Virtualization Clients](stand-alone-delivery-scenario-for-application-virtualization-clients.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-server-management-console-reference.md b/mdop/appv-v4/application-virtualization-server-management-console-reference.md deleted file mode 100644 index c36cd7f3fd..0000000000 --- a/mdop/appv-v4/application-virtualization-server-management-console-reference.md +++ /dev/null @@ -1,69 +0,0 @@ ---- -title: Application Virtualization Server Management Console Reference -description: Application Virtualization Server Management Console Reference -author: dansimp -ms.assetid: 7c9890f4-7230-44dd-bbe8-95a4b65dc796 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Server Management Console Reference - - -This section of the Application Virtualization Server Management Console Help provides detailed information about each of the functional areas of the interface. - -## In This Section - - -[Server Management Console: About Dialog Boxes](server-management-console-about-dialog-boxes.md) -Describes the available **About** dialog boxes and how to view them. - -[Server Management Console: Application Virtualization System Node](server-management-console-application-virtualization-system-node.md) -Describes the screens in the Application Virtualization System node. - -[Server Management Console: Applications Node](server-management-console-applications-node.md) -Describes the screens in the **Applications** node. - -[Server Management Console: File Type Associations Node](server-management-console-file-type-associations-node.md) -Describes the screens in the **File Type Association** node. - -[Server Management Console: Packages Node](server-management-console-packages-node.md) -Describes the screens in the **Packages** node. - -[Server Management Console: Application Licenses Node](server-management-console-application-licenses-node.md) -Describes the screens in the **Application Licenses** node. - -[Server Management Console: Server Groups Node](server-management-console-server-groups-node.md) -Describes the screens in the **Server Groups** node. - -[Server Management Console: Provider Policies Node](server-management-console-provider-policies-node.md) -Describes the screens in the **Provider Policies** node. - -[Server Management Console: Administrators Node](server-management-console-administrators-node.md) -Describes the screens in the **Administrators** node. - -[Server Management Console: Reports Node](server-management-console-reports-node.md) -Describes the screens in the **Reports** node. - -## Related topics - - -[About the Application Virtualization Server Management Console](about-the-application-virtualization-server-management-console.md) - -[How to Perform Administrative Tasks in the Application Virtualization Server Management Console](how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-server-management-help.md b/mdop/appv-v4/application-virtualization-server-management-help.md deleted file mode 100644 index 7ae7b3aab4..0000000000 --- a/mdop/appv-v4/application-virtualization-server-management-help.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: Application Virtualization Server Management Help -description: Application Virtualization Server Management Help -author: dansimp -ms.assetid: 4f67265c-58f5-4d77-bfff-95474d8f1bb6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Server Management Help - - -This help file supports the Application Virtualization Management Server. - -## In This Section - - -[About the Application Virtualization Server Management Console](about-the-application-virtualization-server-management-console.md) -Includes overview information about the Application Virtualization Management Server. - -[How to Perform Administrative Tasks in the Application Virtualization Server Management Console](how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md) -Includes an overview as well as step-by-step procedures for using the features and commands that are available in the Application Virtualization Server. - -[Application Virtualization Server Management Console Reference](application-virtualization-server-management-console-reference.md) -Includes reference information about the windows and dialogs that are available in the Application Virtualization Server Management Console. - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-server.md b/mdop/appv-v4/application-virtualization-server.md deleted file mode 100644 index db3ac34238..0000000000 --- a/mdop/appv-v4/application-virtualization-server.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: Application Virtualization Server -description: Application Virtualization Server -author: dansimp -ms.assetid: feea99b2-5e3d-42b1-ad41-157429e5fceb -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Server - - -This section provides important information and procedures that you can use to configure and manage the Microsoft Application Virtualization (App-V) Servers. - -## In This Section - - -[Monitoring Application Virtualization Servers](monitoring-application-virtualization-servers.md) -Provides information about monitoring the App-V Servers. - -[How to Load Files and Packages](how-to-load-files-and-packages.md) -Provides information about loading files and packages. - -[How to Perform Administrative Tasks in the Application Virtualization Server Management Console](how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md) -Provides detailed procedures for managing the App-V Servers by using the Server Management Console. - -[How to Configure the App-V System for Package Upgrade](how-to-configure-the-app-v-system-for-package-upgrade.md) -Provides detailed information about upgrading packages in different scenarios. - -[Troubleshooting Information for the Application Virtualization Server](troubleshooting-information-for-the-application-virtualization-server.md) -Provides information that you can use to troubleshoot various issues on the Application Virtualization (App-V) Server. - -[How to Migrate the App-V SQL Database to a Different SQL Server](how-to-migrate-the-app-v-sql-database-to-a-different-sql-server.md) -Provides detailed procedures for migrating the App-V SQL Database to a different SQL Server. - -## Related topics - - -[Application Virtualization Client](application-virtualization-client.md) - -[Application Virtualization Sequencer](application-virtualization-sequencer.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/application-virtualization-system-requirements.md b/mdop/appv-v4/application-virtualization-system-requirements.md deleted file mode 100644 index d912bfff73..0000000000 --- a/mdop/appv-v4/application-virtualization-system-requirements.md +++ /dev/null @@ -1,363 +0,0 @@ ---- -title: Application Virtualization System Requirements -description: Application Virtualization System Requirements -author: dansimp -ms.assetid: a2798dd9-168e-45eb-8103-e12e128fae7c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization System Requirements - - -This topic describes the minimum hardware and software requirements for the Microsoft Application Virtualization (App-V) Management Server and Streaming Server. - -## Application Virtualization Management and Streaming Servers - - -The following list includes the minimum recommended hardware and software requirements for the App-V Management Server and App-V Streaming Server. - -### Hardware Requirements - -- Processor—Intel Pentium III, 1 GHz - -- RAM—512 MB - -- Disk space—200 MB available hard disk space, not including the Content directory - -### Software Requirements - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackSystem Architecture

Windows Server 2003

Standard Edition

SP1 or SP2

x86 or x64

Windows Server 2003

Enterprise Edition or Datacenter Edition

SP1 or SP2

x86 or x64

Windows Server 2003 R2

Standard Edition

No service pack or SP2

x86 or x64

Windows Server 2003 R2

Enterprise Edition or Datacenter Edition

No service pack or SP2

x86 or x64

Windows Server 2008

Standard, Enterprise, or Datacenter Edition

SP1 or SP2

x86 or x64

Windows Server 2008 R2¹

Standard, Enterprise, or Datacenter Edition

x64

- - - -¹Applies to App-V 4.5 SP1 and SP2 only. - -## Data Store - - -The following list includes the minimum recommended hardware and software requirements for the computer that is used when you install the data store on a separate server. The data store is required only for the Application Virtualization Management Server. - -### Hardware Requirements - -- Processor—Intel Pentium III, 850 MHz - -- RAM—512 MB - -- Disk space—200 MB available hard disk space - -### Software Requirements - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackSystem Architecture

Windows Server 2003

Standard Edition

SP1 or SP2

x86 or x64

Windows Server 2003

Enterprise Edition or Datacenter Edition

SP1 or SP2

x86 or x64

Windows Server 2003 R2

Standard Edition

No service pack or SP2

x86 or x64

Windows Server 2003 R2

Enterprise Edition or Datacenter Edition

No service pack or SP2

x86 or x64

Windows Server 2008

Standard, Enterprise, or Datacenter Edition

SP1 or SP2

x86 or x64

Windows Server 2008 R2¹

Standard, Enterprise, or Datacenter Edition

x64

- - - -¹Applies to App-V 4.5 SP1 and SP2 only. - -- Database—Microsoft SQL Server 2000 SP3a or SP4, SQL Server 2005 SP1, SP2, or SP3, or SQL Server 2008, no service pack or SP1 or SQL Server 2008 R2 (32-bit or 64-bit) - -- Microsoft Data Access Components—MDAC 2.7 - -- Domain controller—Active Directory Domain Services or Windows NT 4.0-based primary domain controller (PDC) as the central authentication authority - -## Management Web Service - - -The following list includes the minimum recommended hardware and software requirements for the Application Virtualization Management Web Service when it is installed on a separate computer. - -### Hardware Requirements - -- Processor—Intel Pentium III, 800 MHz - -- RAM—256 MB - -- Disk space—50 MB available hard disk space - -### Software Requirements - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackSystem Architecture

Windows Server 2003

Standard Edition

SP1 or SP2

x86 or x64

Windows Server 2003

Enterprise Edition or Datacenter Edition

SP1 or SP2

x86 or x64

Windows Server 2003 R2

Standard Edition

No service pack or SP2

x86 or x64

Windows Server 2003 R2

Enterprise Edition or Datacenter Edition

No service pack or SP2

x86 or x64

Windows Server 2008

Standard, Enterprise, or Datacenter Edition

SP1 or SP2

x86 or x64

Windows Server 2008 R2¹

Standard, Enterprise, or Datacenter Edition

x64

- - - -¹Applies to App-V 4.5 SP1 and SP2 only. - -- Internet Information Services—Internet Information Services (IIS) 6.0 configured with Microsoft ASP.NET, IIS 7 - -- Microsoft .NET Framework 2.0 - -## Management Console - - -The following list includes the minimum recommended hardware and software requirements for the Application Virtualization Management Console when it is installed on a separate computer. - -### Hardware Requirements - -- Processor—Intel Pentium III, 450 MHz - -- RAM—256 MB - -- Disk space—200 MB available hard disk space - -### Software Requirements - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackSystem Architecture

Windows XP

Professional Edition

SP2 or SP3

x86 or x64

Windows Vista

Business, Enterprise, or Ultimate Edition

No service pack, SP1, or SP2

x86 or x64

Windows 7

Professional, Enterprise, or Ultimate Edition

x86 or x64

Windows Server 2003

Standard Edition, Enterprise Edition, or Datacenter Edition

SP1 or SP2

x86 or x64

Windows Server 2003 R2

Standard Edition, Enterprise Edition, or Datacenter Edition

No service pack or SP2

x86 or x64

Windows Server 2008

Standard, Enterprise, or Datacenter Edition

SP1 or SP2

x86 or x64

Windows Server 2008 R2¹

Standard, Enterprise, or Datacenter Edition

x64

- - - -¹Applies to App-V 4.5 SP1 and SP2 only. - -- Microsoft Management Console—MMC 3.0 or later - -- Microsoft .NET Framework 2.0 SP2 (minimum) - - **Important**   - The minimum requirement is .NET Framework 2.0 SP2 if you must install App-V hotfix KB980850 or subsequent App-V hotfixes on the computer that is running the App-V Management Console. - - - -## Related topics - - -[Application Virtualization Client Hardware and Software Requirements](application-virtualization-client-hardware-and-software-requirements.md) - -[Application Virtualization Sequencer Hardware and Software Requirements](application-virtualization-sequencer-hardware-and-software-requirements.md) - -[How to Configure Servers for Server-Based Deployment](how-to-configure-servers-for-server-based-deployment.md) - -[How to Install the Servers and System Components](how-to-install-the-servers-and-system-components.md) - -[How to Upgrade the Servers and System Components](how-to-upgrade-the-servers-and-system-components.md) - - - - - - - - - diff --git a/mdop/appv-v4/application-virtualization-technical-publications-white-papers.md b/mdop/appv-v4/application-virtualization-technical-publications-white-papers.md deleted file mode 100644 index 3420240770..0000000000 --- a/mdop/appv-v4/application-virtualization-technical-publications-white-papers.md +++ /dev/null @@ -1,34 +0,0 @@ ---- -title: Application Virtualization Technical Publications -description: Application Virtualization Technical Publications -author: dansimp -ms.assetid: 86606647-3b9b-4459-9638-64626051ac94 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization Technical Publications - - -In this section, you can find additional technical support information for Microsoft Application Virtualization. - -## Technical Publications - - -The following technical publications support Microsoft Application Virtualization. - -  - -  - - - - - diff --git a/mdop/appv-v4/applications-licenses-node.md b/mdop/appv-v4/applications-licenses-node.md deleted file mode 100644 index 3bc727a6b1..0000000000 --- a/mdop/appv-v4/applications-licenses-node.md +++ /dev/null @@ -1,126 +0,0 @@ ---- -title: Applications Licenses Node -description: Applications Licenses Node -author: dansimp -ms.assetid: 2b8752ff-aa56-483e-b844-966941af2d94 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Applications Licenses Node - - -The **Applications Licenses** node is one level below the Application Virtualization System node in the **Scope** pane in the Application Virtualization Server Management Console. When you select this node, the **Results** pane displays a list of licenses and license groups. The following license types are available: - -- **Unlimited License**—Provides access for any number of simultaneous users. This method of licensing is appropriate when you want to associate an enterprise-wide license with an application. - -- **Concurrent License**—Enables you to define the maximum number of concurrent users who are allowed to use the application. - -- **Named License**—Enables you to assign a license to an individual user. A named license can be used to ensure that a particular user will always be able to run the application. - -**Note**   -You can combine concurrent and named licenses for the same application. - - - -Right-click the **Applications Licenses** node to display a pop-up menu that contains the following elements. - -**New Unlimited License** -Displays the New Unlimited License Wizard. This wizard consists of the following pages: - -1. Enter the name of the license group in the **Applications License Group Name** field, and enter a value (in minutes) in the **License Expiration Warning** field. (You can enter any value from 0 through 100.) You can also use the up and down arrows to select the number of minutes. - -2. Enter brief descriptive text in the **License Description** field, and select the **Enabled** check box to enable the license. - - Optionally, you can use the **Expiration Date** field to specify an expiration date for the license. You can select the check box to use the displayed expiration date, or you can use the calendar utility to browse to the desired expiration date. - -3. Click **Finish** to add the new license. - -**New Concurrent License** -Displays the New Concurrent License Wizard. This wizard consists of the following three pages and is almost identical to the New Unlimited License Wizard: - -1. Enter the name of the license group in the **Applications License Group Name** field, and enter a value (in minutes) in the **License Expiration Warning** field. (You can enter any value from 0 through 100.) You can also use the up and down arrows to select the number of minutes. - -2. Enter brief descriptive text in the **License Description** field, and enter a value in the **Concurrent License Quantity** field. - - You can also use the up and down arrows to specify the number of concurrent licenses. Select the **Enabled** check box to enable the license. - - Optionally, you can use the **Expiration Date** field to specify an expiration date for the license. You can select the check box to use the displayed expiration date, or you can use the calendar utility to browse to the desired expiration date. - -3. Click **Finish** to add the new licenses. - -**New Named License** -Displays the New Named License Wizard. This wizard consists of the following four pages: - -1. Enter the name of the license group in the **Applications License Group Name** field, and enter a value (in minutes) in the **License Expiration Warning** field. (You can enter any value from 0 through 100). You can also use the up and down arrows to select the number of minutes. - -2. Enter brief descriptive text in the **License Description** field, and select the **Enabled** check box to enable the license. - - Optionally, you can use the **Expiration Date** field to specify an expiration date for the license. You can select the check box to use the displayed expiration date, or you can use the calendar utility to browse to the desired expiration date. - -3. Click **Add**, **Edit**, or **Remove** named users. - -4. Click **Finish** to add the new license. - -**View** -Changes the appearance and content of the **Results** pane. - -**New Window from Here** -Opens a new management console with the selected node as the root node. - -**Refresh** -Refreshes the view of the server. - -**Export List** -Creates a tab-delimited text file that contains the contents of the **Results** pane. This item displays a standard **File Save** dialog box where you specify the location for the text file you are creating. - -**Help** -Displays the help system for the Application Virtualization Server Management Console. - -If you click a license group or license that appears under the **Application Licenses** node in the **Scope** pane, the following elements are available. - -**View** -Changes the appearance and content of the **Results** pane. - -**New Window from Here** -Opens a new management console with the selected node as the root node. - -**Delete** -Deletes a package from the **Results** pane. - -**Rename** -Changes the name of a package in the **Results** pane. - -**Export List** -Creates a tab-delimited text file that contains the contents of the **Results** pane. This item displays a standard **File Save** dialog box where you specify the location for the text file you are creating. - -**Properties** -Displays the **Properties** dialog box for the selected license group. The **General** tab of the **Properties** dialog box displays information about the license group and lets you change the time value in the **License Expiration Warning** field. The **Applications** tab displays the list of applications associated with the license group. - -**Help** -Displays the help system for the Application Virtualization Server Management Console. - -## Related topics - - -[About Application Licensing](about-application-licensing.md) - -[How to Manage Application Licenses in the Server Management Console](how-to-manage-application-licenses-in-the-server-management-console.md) - -[Server Management Console: Application Licenses Node](server-management-console-application-licenses-node.md) - - - - - - - - - diff --git a/mdop/appv-v4/applications-licenses-results-pane-columns.md b/mdop/appv-v4/applications-licenses-results-pane-columns.md deleted file mode 100644 index 9fe5dbaaf8..0000000000 --- a/mdop/appv-v4/applications-licenses-results-pane-columns.md +++ /dev/null @@ -1,77 +0,0 @@ ---- -title: Applications Licenses Results Pane Columns -description: Applications Licenses Results Pane Columns -author: dansimp -ms.assetid: bd56b36a-655e-4fc4-9f83-d2ed68882402 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Applications Licenses Results Pane Columns - - -The **Results** pane in the Application Virtualization Server Management Console displays a variety of columns. These columns are visible when licenses are visible and when the **Results** pane displays licenses. - -You can use the standard Microsoft Windows **Add/Remove Columns** dialog box to select which columns are displayed in the **Results** pane. - -To see the **Add/Remove Columns** dialog box, expand the **Application Licenses** node, right-click a license and select **View > Add/Remove Columns** from the pop-up menu. - -The following table displays the column name and its contents. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ColumnContents

Description

Describes the license.

Type

Lists the type of license. The available types are Unlimited (any number or users), Concurrent (a specified number of concurrent users), and Named (licenses reserved for specific users).

Expiration Date

Displays the date the license is set to expire.

Enabled

Displays the enabled status of the license as true or false.

- -  - -## Related topics - - -[About Application Licensing](about-application-licensing.md) - -[How to Manage Application Licenses in the Server Management Console](how-to-manage-application-licenses-in-the-server-management-console.md) - -[Server Management Console: Application Licenses Node](server-management-console-application-licenses-node.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/applications-licenses-results-pane.md b/mdop/appv-v4/applications-licenses-results-pane.md deleted file mode 100644 index 3339644301..0000000000 --- a/mdop/appv-v4/applications-licenses-results-pane.md +++ /dev/null @@ -1,140 +0,0 @@ ---- -title: Applications Licenses Results Pane -description: Applications Licenses Results Pane -author: dansimp -ms.assetid: 8b519715-b2fe-451e-ad9b-e9b73f454961 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Applications Licenses Results Pane - - -The **Applications Licenses Results** pane in the Application Virtualization Server Management Console displays a list of the available application license groups and application licenses. - -Right-click any application license group to display a pop-up menu that contains the following elements. - -**New Unlimited License** -Displays the New Unlimited License Wizard. This option is available only when the license group has no licenses. This wizard consists of three pages: - -1. Enter a group name in the **Applications License Group Name** field and a value (in minutes) in the **License Expiration Warning** field. (You can enter any value from 0–100.) You can also use the up and down arrows to select the number of minutes. - -2. Enter brief descriptive text in the **License Description** field, and select the **Enabled** check box. Optionally, you can use the **Expiration Date** field to specify an expiration date for the license. You can select the default check box or use the calendar utility to browse to the desired expiration date. - -3. Click **Finish** to add the new license. - -**New Concurrent License** -Displays the New Concurrent License Wizard. This option is available only when the license group has no unlimited licenses. This wizard consists of the following pages and is almost identical to the New Unlimited License Wizard: - -1. Enter a group name in the **Applications License Group Name** field and a value (in minutes) in the **License Expiration Warning** field. (You can enter any value from 0–100.) You can also use the up and down arrows to select the number of minutes. - -2. Enter brief descriptive text in the **License Description** field, and enter a value in the **Concurrent License Quantity** field. You can also use the up and down arrows to specify the number of concurrent licenses. Select the **Enabled** check box to enable the license. Optionally, you can use the **Expiration Date** field to select an expiration date for the license. You can select the check box to use the displayed expiration date, or you can use the calendar utility to browse to the desired expiration date. - -3. Click **Finish** to add the new licenses. - -**New Named License** -Displays the New Named License Wizard. This option is available only when the license group has no unlimited licenses. This wizard consists of the following pages: - -1. Enter a group name in the **Applications License Group Name** field and a value (in minutes) in the **License Expiration Warning** field. (You can enter any value from 0–100.) You can also use the up and down arrows to select the number of minutes. - -2. Enter brief descriptive text in the **License Description**, and select the **Enabled** check box. Optionally, you can use the **Expiration Date** field to specify an expiration date for the license. You can select the check box to use the displayed expiration date, or use the calendar utility to browse to the desired expiration date. - -3. Click **Add**, **Edit**, or **Remove** named users. - -4. Click **Finish** to add the new license. - -**New Window from Here** -Opens a new management console with the selected node as the root node. - -**Delete** -Deletes the license group from the list. - -**Rename** -Changes the name of the applications license group. - -**Properties** -Displays the **Properties** dialog box for the selected application license groups. This dialog box has the following tabs: - -- **General** tab—Displays general information about the license group. From this tab, you can change the time value (in minutes) in the **License Expiration Warning** field. You can enter any value from 0–100. - -- **Applications** tab—Displays the list of applications associated with the license group. - -**Help** -Displays the Application Virtualization Server Management Console help system. - -When the **Results** pane displays application license groups, right-click anywhere in the **Results** pane, except on a license group, to display a pop-up menu that contains the following elements. - -**Refresh** -Refreshes the view of the server. - -**Export List** -Creates a tab-delimited text file that contains the contents of the **Results** pane. This item displays a standard **File Save** dialog box where you specify the location for the text file you are creating. - -**View** -Changes the appearance and content of the **Results** pane. - -**Arrange/Line Up Icons** -Changes how the icons are displayed in the **Results** pane. - -**Help** -Displays the help system for the Application Virtualization Server Management Console. - -When the **Results** pane displays licenses, right-click any application license to display a pop-up menu that contains the following elements. - -**Delete** -Deletes the license from the list. - -**Rename** -Changes the name of the license. - -**Properties** -Displays the **Properties** dialog box for the selected application license. - -The **General** tab of the **Properties** dialog box displays information about the license and lets you change the enabled status, license expiration date, and license key information. - -**Help** -Displays the server management console help system. - -When the **Results** pane displays licenses, right-click anywhere in the **Results** pane, except on a license, to display a pop-up menu that contains the following elements. - -**Export List** -Creates a tab-delimited text file that contains the contents of the **Results** pane. This item displays a standard **File Save** dialog box where you specify the location for the text file you are creating. - -**View** -Changes the appearance and content of the **Results** pane. - -**Arrange/Line Up Icons** -Changes how the icons are displayed in the **Results** pane. - -**Properties** -Displays the **Properties** dialog box for the selected license. - -The **General** tab of the **Properties** dialog box displays information about the license and lets you change the enabled status, license expiration date, and license key information. - -**Help** -Displays the help system for the Application Virtualization Server Management Console. - -## Related topics - - -[About Application Licensing](about-application-licensing.md) - -[How to Manage Application Licenses in the Server Management Console](how-to-manage-application-licenses-in-the-server-management-console.md) - -[Server Management Console: Application Licenses Node](server-management-console-application-licenses-node.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/applications-node-in-server-management-console.md b/mdop/appv-v4/applications-node-in-server-management-console.md deleted file mode 100644 index 0dd4066e35..0000000000 --- a/mdop/appv-v4/applications-node-in-server-management-console.md +++ /dev/null @@ -1,74 +0,0 @@ ---- -title: Applications Node in Server Management Console -description: Applications Node in Server Management Console -author: dansimp -ms.assetid: 27edbd83-0fc2-4a40-9834-d5db5be06681 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Applications Node in Server Management Console - - -The **Applications** node is one level below the Application Virtualization System node in the **Scope** pane. When you select this node, the **Results** pane displays a list of applications. Right-click the **Applications** node to display a pop-up menu that contains the following elements: - -**New Application Group** -Displays the New Application Group Wizard. - -**New Application** -Displays the New Application Wizard. - -**Import Applications** -Imports Open Software Descriptor (OSD) files or Sequencer Project (SPRJ) files. - -**New Window from Here** -Opens a new management console with the selected node as the root node. - -**Refresh** -Refreshes the view of the server. - -**Help** -Displays the help system for the Application Virtualization Management Console. - -When you right-click any application group that appears under the **Applications** node in the **Scope** pane, the following additional elements are available. - -**View** -Changes the appearance and content of the **Results** pane. - -**Move** -Moves the application to another application group. - -**Copy** -Copies an application to a new Application Virtualization System. - -**Delete** -Deletes an application. - -**Rename** -Renames an application. - -**Export List** -Creates a tab-delimited text file that contains the contents of the **Results** pane. This item displays a standard **File Save** dialog box where you specify the location for the text file you are creating. - -## Related topics - - -[How to Manually Add an Application](how-to-manually-add-an-application.md) - -[Server Management Console: Applications Node](server-management-console-applications-node.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/applications-node.md b/mdop/appv-v4/applications-node.md deleted file mode 100644 index 760ebc733a..0000000000 --- a/mdop/appv-v4/applications-node.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Applications Node -description: Applications Node -author: dansimp -ms.assetid: ded79569-8a3f-47ab-b135-0836bbb039f3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Applications Node - - -The **Applications** node is one level below the **Application Virtualization** node in the **Scope** pane of the Application Virtualization Client Management Console. When you select this node, the **Results** pane displays a list of applications. Right-click the **Applications** node to display a pop-up menu that contains the following elements. - -**New Application** -This menu item displays the New Application Wizard. This wizard consists of one page where you can select an icon for the application and browse to or enter a URL or a path to the Open Software Descriptor (OSD) file. - -- **Change Icon**—Displays a standard Windows icon browser. Browse to and select the desired icon. - -- **OSD File Path or URL**—Enter a local absolute path, a full Universal Naming Convention (UNC) path, or an HTTP URL. - -- **... (OSD browse button)**—Displays the standard Windows **Open File** dialog box. Browse to find the desired file. - -**New Window from Here** -Select this menu item to open a new management console with the selected node as the root node. - -**Export List** -You can use this menu item to create a tab-delimited text file that contains the contents of the **Results** pane. This item displays a standard **File Save** dialog box where you specify the location for the text file you are creating. - -**View** -This pop-up list of menu items enables you to change the appearance and content of the **Results** pane. - -**Refresh** -Select this item to refresh the management console. - -**Help** -This item displays the help system for the management console. - -## Related topics - - -[Applications Results Pane](applications-results-pane.md) - -[Applications Results Pane Columns](applications-results-pane-columns.md) - -[Application Virtualization Client Management Console Reference](application-virtualization-client-management-console-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/applications-results-pane-columns-in-server-management-console.md b/mdop/appv-v4/applications-results-pane-columns-in-server-management-console.md deleted file mode 100644 index 55a7172da2..0000000000 --- a/mdop/appv-v4/applications-results-pane-columns-in-server-management-console.md +++ /dev/null @@ -1,93 +0,0 @@ ---- -title: Applications Results Pane Columns in Server Management Console -description: Applications Results Pane Columns in Server Management Console -author: dansimp -ms.assetid: 8757e3bc-450b-4550-81d2-624906523147 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Applications Results Pane Columns in Server Management Console - - -The **Applications Results** pane in the Application Virtualization Management Console displays a variety of columns. - -You can use the standard Microsoft Windows **Add/Remove Columns** dialog box to select which columns are displayed in the **Results** pane. - -To see the **Add/Remove Columns** dialog box, right-click in the **Results** pane and select **View > Add/Remove Columns** from the pop-up menu. - -The following table displays the column name and its contents. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ColumnContents

Name

Displays the application name.

Version

Displays the application version.

Package

Displays the name of the package.

OSD Path

Displays the full original path or URL to the Open Software Descriptor (OSD) file.

Icon File

Displays the complete path to the icon file.

Enabled

Displays the enabled status of the file; the status is either true or false.

Application License

Displays the name of the application license.

Type

Displays the application or application group type.

Description

Displays a brief description of the application.

- -  - -## Related topics - - -[Server Management Console: Applications Node](server-management-console-applications-node.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/applications-results-pane-columns.md b/mdop/appv-v4/applications-results-pane-columns.md deleted file mode 100644 index c7c7c41ec3..0000000000 --- a/mdop/appv-v4/applications-results-pane-columns.md +++ /dev/null @@ -1,137 +0,0 @@ ---- -title: Applications Results Pane Columns -description: Applications Results Pane Columns -author: dansimp -ms.assetid: abae5ce2-40df-4f47-8062-f5eb6295c88c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Applications Results Pane Columns - - -The **Results** pane of the **Applications** node in the Application Virtualization Client Management Console can display a variety of columns. **Application**, **Running**, **Locked**, and **Package Status** are shown by default. - -**Note**   -You can add or remove columns by right-clicking in the **Results** pane, selecting **View**, and then selecting **Add/Remove Columns**. - - - -The list can be sorted by any column. Columns that contain dates and times are sorted in chronological order, not alphabetical. For columns that contain a mix of dates and times and text, dates and times are considered to come before any other text. - -The following columns are available. - -**Application** -The application name and version, separated by a space. - -**Application In Use** -Displays **Yes** or **No** depending on whether any user is using the application (that is, running it or loading it). - -**App Virt Server** -The Application Virtualization server from which the package was streamed. - -**Cached Icon File** -The name of the icon files in cache (a GUID in the current implementation). - -**Cached Icon Path** -The full path to the icon files in cache. - -**Cached Launch Percent** -The percentage of the application’s launch data currently in cache. - -**Cached Launch Size (MB)** -The amount of the application’s launch data currently in cache. - -**Cached OSD File** -The name of the OSD file in the cache (which is a GUID in the current implementation). - -**Cached OSD Path** -The full path to the OSD file in the cache. - -**Cached Package Percent** -The percentage of the package currently in cache. - -**Cached Package Size (MB)** -The size of the portion of the package currently in cache. - -**Icon File** -The original name of the icon file. - -**Icon Path** -The original path or URL for the icon file. - -**Last System Launch** -The last time the application was launched by the system. - -**Last User Launch** -The last time the application was launched by the user. - -**Launch Size (MB)** -The uncompressed size of the package data needed to launch the application. - -**Locked** -Displays **Yes** or **No** depending on whether the application’s package is locked in the cache. - -**Name** -The application name. - -**OSD File** -The original name of the Open Software Descriptor (OSD) file. - -**OSD Path** -The full original path or URL to the OSD file. - -**Package Name** -The name of the package. - -**Package GUID** -The GUID for the package. - -**Package Size (MB)** -The total size of the uncompressed data in the package. - -**Package Status** -The current operational status of the package. - -**Package URL** -The URL for the package. - -**Package Version** -The version for the package. - -**Package Version GUID** -The GUID for the package version. - -**Running** -Displays **Yes** or **No** depending on whether the current user is running the application. - -**Source** -Where the application came from—either the name of an application publishing server or "Local" for applications added from OSD files directly. - -**Version** -The application version. - -## Related topics - - -[Applications Node](applications-node.md) - -[Applications Results Pane](applications-results-pane.md) - -[Application Virtualization Client Management Console Reference](application-virtualization-client-management-console-reference.md) - - - - - - - - - diff --git a/mdop/appv-v4/applications-results-pane-in-server-management-console.md b/mdop/appv-v4/applications-results-pane-in-server-management-console.md deleted file mode 100644 index ea36979d73..0000000000 --- a/mdop/appv-v4/applications-results-pane-in-server-management-console.md +++ /dev/null @@ -1,149 +0,0 @@ ---- -title: Applications Results Pane in Server Management Console -description: Applications Results Pane in Server Management Console -author: dansimp -ms.assetid: 686218bc-6156-40e2-92aa-90981c3d112a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Applications Results Pane in Server Management Console - - -The **Applications Results** pane displays a list of the available applications. - -Right-click anywhere in the **Results** pane, except on an application or application group, to display a pop-up menu that contains the following elements. - -**Refresh** -Refreshes the list of applications. - -**Export List** -Creates a tab-delimited text file that contains the contents of the **Results** pane. This item displays a standard **File Save** dialog box where you specify the location for the text file you are creating. For more information about the **Export List** feature, refer to the documentation for the Microsoft Management Console. - -**View** -Changes the appearance and content of the **Results** pane. - -**Arrange/Line up Icons** -Organizes the icons in the **Results** pane. - -**Help** -Displays the help system for the Application Virtualization Management Console. - -Right-click any application in the **Results** pane to display a pop-up menu that contains the following elements. - -**Move** -Moves the applications into and out of application groups. - -**Copy** -Copies the application to another Application Virtualization System. - -**Duplicate** -Duplicates the application in the **Results** pane. - -**Delete** -Removes the application from the Application Virtualization System. - -**Rename** -Enables you to change the name of the application. - -**Properties** -Displays the **Properties** dialog box for the selected application. This dialog box has the following tabs: - -- **General** tab—Displays the application icon, application name, and package name. This tab also displays the following specific information about the application that you can change: - - - **Version**—Enables you to enter the appropriate version number. Select the **Enable** check box to enable version numbering. - - - **Description**—Enables you to enter a brief description of the application. - - - **OSD Path**—Enables you to enter or browse to the location of the appropriated Open Software Descriptor (OSD) file. - - - **Icon Path**—Enables you to enter or browse to the location of the icon file that you want to associate with the application. - - - **Application License Group**—Enables you to select the license group from the drop-down list of license groups. - - - **Server Group**—Enables you to select the server group from the drop-down list of server groups. - -- **Shortcuts** tab—Displays the check boxes that correspond to the locations where the shortcuts are published. You can select or clear check boxes from this tab. - -- **File Type Associations** tab—Displays a list of the file types associated with the selected application. From this tab, you can add, edit, or delete the file type association. - -- **Access Permissions** tab—Displays the list of groups that have access permission to the selected application. From this tab, you can add, edit, or delete groups. - -**Help** -Displays the help system for the Application Virtualization Management Console. - -Right-click any application group to display a pop-up menu that contains the following elements. - -**New Application Group** -Displays the New Application Group Wizard. Add the name of the new application group in the appropriate field, and then click **Finish**. - -**New Application** -Displays the New Application Wizard. Navigate through the wizard to add applications. - -**Import Applications** -Displays a browse dialog box that you can use to import existing applications into the Application Virtualization Management Console. You can import an OSD file or a Sequencer Project (SPRJ) file. - -**Move** -Moves the application group into and out of application groups. - -**Copy** -Copies the application group to a new server. - -**New Window from Here** -Opens a new management console with the selected node as the root node. - -**Delete** -Removes the application group from the server. - -**Rename** -Changes the name of the application group. - -**Refresh** -Refreshes the application group. If the **Results** pane is displaying the entire application node, the pane will switch to display the contents of the application group. - -**Properties** -Displays the **Properties** dialog box for the selected application group. This dialog box has the following tabs: - -- **General** tab—Displays the application group icon and application group name. This tab also displays the following, limited information about the application group that you can change. - - - **Version**—Enables you to enter a version number for the application group. - - - **Description**—Enables you to enter a brief description of the application group. - - - **OSD Path**—Enables you to enter or browse to the location where the OSD file is located. - - - **Icon Path**—Enables you to enter or browse to the location where the icon file is located. - - - **Application License Group**—Enables you to select the license group from the drop-down list of license groups. - - - **Server Group**—Enables you to select the server group from the drop-down list of server groups. - -- **Shortcuts** tab—Displays the check boxes that correspond to the locations where the shortcuts are published. You can select or clear check boxes from this tab. - -- **File Associations** tab—Displays the list of file type associations. You can add, edit, or delete file type associations from this tab. - -- **Access Permissions** tab—Displays the list of groups that have access permission to the selected application group. From this tab, you can add, edit, or delete groups. - -**Help** -Displays the help system for the Application Virtualization Management Console. - -## Related topics - - -[Server Management Console: Applications Node](server-management-console-applications-node.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/applications-results-pane.md b/mdop/appv-v4/applications-results-pane.md deleted file mode 100644 index ad52fe65d1..0000000000 --- a/mdop/appv-v4/applications-results-pane.md +++ /dev/null @@ -1,142 +0,0 @@ ---- -title: Applications Results Pane -description: Applications Results Pane -author: dansimp -ms.assetid: 977a4d35-5344-41fa-af66-14957b38ed47 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Applications Results Pane - - -The **Applications Results** pane in the Application Virtualization Client Management Console displays a list of the available applications. Users can see a list of applications for which they have been granted access privileges. - -For more information about the procedures you can perform from this pane, see [How to Manage Applications in the Client Management Console](how-to-manage-applications-in-the-client-management-console.md). - -Right-click any application to display a pop-up menu that contains the following elements. - -**New Shortcut** -This menu item displays the New Shortcut Wizard. This wizard consists of three pages: - -1. Select an icon, and specify a name for the shortcut: - - 1. **Change Icon**—Displays a standard Windows icon browser. Browse to and select the desired icon. - - 2. **Shortcut Title**—Enter the name you want to give the shortcut. This field defaults to the existing name and version of the application. - -2. Determine the location of the published shortcut. - - 1. **Location of shortcut**—Select a location by selecting one of the check boxes. The available locations are **Desktop**, **Quick Launch Toolbar**, **Send to Menu**, **Start Menu**, and **Another location**. - - 2. **Programs in the Start Menu**—When you select the **Start Menu** check box, this field becomes active. Leave this field blank to publish the shortcut directly to the root of the Programs folder, or enter a folder name or hierarchy—for example, "My\_Computer\\Office Applications." Shortcuts created this way are available only for the current user. - - 3. **Another location** and browse button—When you select the **Another location** check box, this field becomes active. Enter any valid location on the computer or any available Universal Naming Convention (UNC) path(shared file or directory on a network). The browse button displays a standard Windows **File Open** dialog box. - -3. Enter the desired command-line parameters, and then click **Finish** to exit the wizard. - -**New Association** -This menu item displays the New Association Wizard. This wizard consists of two pages: - -1. Enter a file name extension, and associate the extension with a file type. - - 1. **Extension**—Enter a file name extension. This field is blank by default. - - 2. **Create a new file type with this description**—Select this radio button to enter a new file type description in the active field. This button is selected by default, and the active field is blank. - - 3. **Apply this file type to all users**—Select this check box when you want this association to be global for all users. By default, this box is not selected. - - 4. **Link this extension with an existing file type**—Select this radio button to associate the extension with an existing file type. Choose a file type from the drop-down list. When you choose this option, **Next** is changed to **Finish**. - -2. Select the application that will open files with the specified extension: - - 1. **Open files with the selected application**—Select this radio button to open the file with an existing application. Choose an application from the drop-down list of available applications. - - 2. **Open file with the association described in this OSD file**—Select this radio button to specify an Open Software Descriptor (OSD) file that determines the application used to open the file. Use the browse button to select an existing location, or enter a path or HTTP-formatted URL in this field. - -**Repair** -Resets the application default settings and eliminates all user-defined settings for the selected application. - -**Load** or **Unload** -Loads or unloads the selected application into the cache. This command is not available if 100 percent of the application is in the cache. - -**Clear** -Removes the user's settings, shortcuts, and file type associations for the selected application. This item is not available if a user is running any application from a suite of applications. Displays a confirmation prompt. - -**Lock** or **Unlock** -Locks or unlocks an application in the cache. When an application is locked, it cannot be deleted or overwritten. - -**Import** -Imports an application into the cache directly from this command in the **Applications** node. - -**Delete** -Deletes an application from the **Results** pane and from the computer, and clears the application from cache. - -**Refresh** -Refreshes the contents of the **Results** pane. - -**Properties** -Displays the **Properties** dialog box for the selected application. This dialog box has two tabs: - -1. The **General** tab displays the application icon and name, the location from where the application was streamed, and the path to the local OSD file. From this tab, you can change the icon for the application or you can clear the settings (which removes the shortcuts and the file type associations). - -2. The **Package** tab displays information about the application package, and you can **Lock**, **Unlock**, **Load**, **Unload**, and **Import** applications. - -**Help** -Displays the Client Management Console help system. - -## Displaying General Options for the Results pane - - -Right-click anywhere in the **Results** pane to display a pop-up menu that contains the following elements. - -**New Application** -This menu item displays the New Application Wizard. This wizard consists of one page where you can select an icon for the application and browse to or enter a URL or a path to the OSD file: - -1. **Change Icon**—Displays a standard Windows icon browser. Browse to and select the desired icon. - -2. **OSD File Path or URL**—Enter a local absolute path, a full UNC path, or an HTTP URL. - -3. **... (OSD browse button)**—Displays the standard Windows **Open File** dialog box. Browse to find the desired file. - -**Refresh** -Refreshes the **Results** pane. - -**Export List** -You can use this menu item to create a tab-delimited text file that contains the contents of the **Results** pane. This item displays a standard **File Save** dialog box where you specify the location for the text file you are creating. - -**View** -This pop-up list of menu items lets you change the appearance and content of the **Results** pane. - -**Arrange/Line Up Icons** -These menu items can be used to change how the icons are displayed in the **Results** pane. - -**Help** -Displays the help system for the management console. - -## Related topics - - -[Applications Node](applications-node.md) - -[Applications Results Pane Columns](applications-results-pane-columns.md) - -[Application Virtualization Client Management Console Reference](application-virtualization-client-management-console-reference.md) - -[How to Manage Applications in the Client Management Console](how-to-manage-applications-in-the-client-management-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/best-practices-for-the-application-virtualization-sequencer-sp1.md b/mdop/appv-v4/best-practices-for-the-application-virtualization-sequencer-sp1.md deleted file mode 100644 index 8ac9a89ec9..0000000000 --- a/mdop/appv-v4/best-practices-for-the-application-virtualization-sequencer-sp1.md +++ /dev/null @@ -1,105 +0,0 @@ ---- -title: Best Practices for the Application Virtualization Sequencer -description: Best Practices for the Application Virtualization Sequencer -author: dansimp -ms.assetid: 95e5e216-864f-41a1-90d4-b8d7e1eb42a0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Best Practices for the Application Virtualization Sequencer - - -This topic provides best practices for running the Microsoft Application Virtualization (App-V) Sequencer. Review and consider the following recommendations when planning and using the Sequencer in your environment. - -## Sequencing Computer Configuration Best Practices - - -The following best practices should be considered when configuring the computer running the App-V Sequencer: - -- **Sequence on a computer that has a similar configuration and that is running an earlier version of the operating system than the target computers.** - - Ensure that the computer that is running the Sequencer is running an earlier version of the operating system than the target computers. This includes the service pack and update versions. For example, if the target computers are running Windows Vista and Windows XP, you should sequence applications on a computer that is running Windows XP. The ability to sequence on one operating system and run the virtualized application on a different operating system is not guaranteed, and depends on the particular application and operating system. If you encounter issues, you may be required to sequence on the same operating system environment as the one on which the App-V client is running. - -- **Configure the computer running the Sequencer with multiple partitions.** - - You should configure the computer running the Sequencer with at least two primary partitions. The first partition (**C:**) should contain the operating system, and it should be formatted using the NTFS file system. The second partition (**Q:**) is used as the destination path for the virtual application installation and should also be formatted using the NTFS file system. - -- **Configure the temp directory with enough free disk space.** - - The Sequencer uses the **%TMP%** or **%TEMP%** directory and the **Scratch** directory to store temporary files during sequencing. You should configure these directories on the computer running the Sequencer with free disk space equivalent to the estimated application installation requirements. You can verify the location of the **Scratch** directory by opening the Sequencer console and selecting **Tools**, **Options**, and then selecting the **Paths** tab. Configuring the temp directories and the **Scratch** directory on different hard drive partitions can improve performance during sequencing. - -- **Sequence applications by using Microsoft Virtual PC.** - - You will sequence most applications more than once. To help facilitate this, you should consider sequencing on a computer running in a virtual environment. This will allow you to sequence an application and revert to a clean state, with minimal reconfiguration, on the computer that is running the Sequencer. - - If you are running Microsoft Hyper-V in your environment the App-V sequencer will run when the Hyper-V virtual computer it is running on is: - - - paused and resumed. - - - has its state saved and restored. - - - saved as a snapshot and is restored. - - - migrated to different hardware as part of a live migration. - -- **Before you sequence a new application, shut down other running programs.** - - Processes and scheduled tasks that normally run on the sequencing computer can slow down the sequencing process and cause irrelevant data to be gathered during sequencing. All unnecessary applications and programs should be shut down before you begin sequencing. - -- **Sequence on a computer that is running Terminal Services** - - You should not configure the install mode on a computer that is running Terminal Services before you install the sequencer. - -## Sequencing Best Practices - - -The following best practices should be considered when sequencing a new application: - -- - - **Note**   - If you are running App-V 4.6 SP1 you do not need to sequence to a directory that follows the 8.3 naming convention. - - - -- **Sequence to a unique directory that follows the 8.3 naming convention.** - - You should sequence all applications to a directory that follows the 8.3 naming convention. The specified directory name cannot contain more than eight characters, followed by a three-character file name extension—for example, **Q:\\MYAPP.ABC**. - -- **Sequence to a destination folder on the root of the drive, not to a subdirectory.** - - If the application suite has multiple parts, install each application to a subdirectory of the main directory. For example, if a package contains an application along with a client, use **Q:\\AppSuite** as the main directory and sequence the main application to **Q:\\AppSuite\\Main**, and sequence the client to **Q:\\AppSuite\\Client**. - -- **Configure and test the application during the installation phase.** - - Completing the installation of an application often requires performing several manual steps that are not part of the application installation process. These steps can involve configuring a connection to a database or copying updated files. You should perform these configurations during the installation phase and then run the application to make sure it works. - -- **Run the application, multiple times if necessary, until the program is stable.** - - You should run the application multiple times during the installation to ensure all associated registration and dialog box configurations have been completed. Opening the application multiple times during installation will ensure that only the relevant application features are loaded into the **primary feature block**. - -- **Disable all automatic update features associated with the application.** - - Some applications have the ability to check for the latest updates automatically during installation. To assist with versioning of virtual application packages, you should disable this feature during sequencing. If there are required updates, you should sequence a new virtual application package with the associated updates installed. - -## Related topics - - -[Planning for Application Virtualization System Deployment](planning-for-application-virtualization-system-deployment.md) - - - - - - - - - diff --git a/mdop/appv-v4/change-history-tab-keep.md b/mdop/appv-v4/change-history-tab-keep.md deleted file mode 100644 index 7de068d479..0000000000 --- a/mdop/appv-v4/change-history-tab-keep.md +++ /dev/null @@ -1,108 +0,0 @@ ---- -title: Change History Tab -description: Change History Tab -author: dansimp -ms.assetid: 652ef2f0-3a3e-4844-a472-9fa99ec5ee32 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Change History Tab - - -After you sequence an application and before you save it, you can use the **Change History** tab to view the historical information about a sequenced application package. This tab is read only and cannot be modified. It contains the following elements. - -## Modification Date - - -**Modification Date** -The date a sequenced application package was modified. - -## Package Information - - -**Package Version GUID** -The GUID for the version of the sequenced application package that is loaded, which can be used during deployment to specify a particular version of the package. - -## Sequencer Information - - -This section of the **Change History** tab displays specific information about the Application Virtualization Sequencer (the Sequencer) that was used to create the sequenced application package. It contains the following elements. - -**Sequencer Version** -The version of the Sequencer used to create the package. - -**Sequenced By** -The name of the sequencing engineer. - -**Sequencing Station** -The sequencing computer used to create the sequenced application package. - -**Package Upgrade** -Indicates whether the sequenced application package was upgraded and saved. - -**Save Mode** -Indicates the method used to save the application package. - -## Windows Information - - -**Windows Version** -The version of Windows used to create a sequenced application package. - -**System Folder** -The path on the Sequencing computer of its System folder. - -**Windows Folder** -The location on the sequencing computer of its Windows folder. - -**User Folder** -The location on the sequencing computer of its User folder. - -**System Type** -The type of operating system on the sequencing computer. - -## System Information - - -**Processor** -The processor of the sequencing computer system. - -**Last Boot Normal** -Indicates whether or not the sequencing computer's most recent boot-up was normal. - -**Terminal Services** -Indicates whether Terminal Services are operant on the sequencing computer system. - -**Remote Desktop** -Indicates whether Remote Desktop is operant on the sequencing computer. - -**.NET Framework Version** -Indicates the availability of any version of the .NET Framework on the sequencing computer. - -**Internet Explorer Version** -Indicates the availability of any version of Internet Explorer on the sequencing computer. - -**Windows Media Player Version** -Indicates the availability of any version of Windows Media Player on the sequencing computer. - -## Related topics - - -[Sequencer Console](sequencer-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/clear-app.md b/mdop/appv-v4/clear-app.md deleted file mode 100644 index ce8c9d4c5f..0000000000 --- a/mdop/appv-v4/clear-app.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: CLEAR APP -description: CLEAR APP -author: dansimp -ms.assetid: c2e63031-5941-45e4-9863-127231cfa25b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# CLEAR APP - - -Clears the current user's settings and publishing configurations for an application. - -`SFTMIME CLEAR APP:application [/LOG log-pathname | /CONSOLE | /GUI]` - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

APP:<application>

The name and version (optional) of the application.

/LOG

If specified, output is logged to the specified path name.

/CONSOLE

If specified, output is presented in the active console window (default).

/GUI

If specified, output is presented in a Windows dialog box.

- -  - -For version 4.6, the following option has been added. - - ---- - - - - - - -

/LOGU

If specified, output is logged to the specified path name in UNICODE format.

- -  - -## Related topics - - -[SFTMIME Command Reference](sftmime--command-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/clear-obj.md b/mdop/appv-v4/clear-obj.md deleted file mode 100644 index 33dfd04705..0000000000 --- a/mdop/appv-v4/clear-obj.md +++ /dev/null @@ -1,82 +0,0 @@ ---- -title: CLEAR OBJ -description: CLEAR OBJ -author: dansimp -ms.assetid: 1e50b33f-6324-4eae-8573-75c153f786cd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# CLEAR OBJ - - -Clears the settings and publishing configurations for all of your applications. - -`SFTMIME CLEAR OBJ:APP [/LOG log-pathname | /CONSOLE | /GUI]` - - ---- - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

/LOG

If specified, output is logged to the specified path name.

/CONSOLE

If specified, output is presented in the active console window (default).

/GUI

If specified, output is presented in a Windows dialog box.

- -  - -For version 4.6, the following option has been added. - - ---- - - - - - - -

/LOGU

If specified, output is logged to the specified path name in UNICODE format.

- -  - -## Related topics - - -[SFTMIME Command Reference](sftmime--command-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/client-management-console-about-dialog-boxes.md b/mdop/appv-v4/client-management-console-about-dialog-boxes.md deleted file mode 100644 index 67b7ff9eaa..0000000000 --- a/mdop/appv-v4/client-management-console-about-dialog-boxes.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -title: Client Management Console About Dialog Boxes -description: Client Management Console About Dialog Boxes -author: dansimp -ms.assetid: eaf4a05e-513d-4eac-a549-76e63a70893d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Client Management Console: About Dialog Boxes - - -The **About** dialog boxes display information about the specific version of the Microsoft Management Console or the specific version of the Application Virtualization Desktop Client or Client for Remote Desktop Services (formerly Terminal Services) Management Console. - -To display these dialog boxes, click **Help** and select **About Microsoft Management Console** or **About Application Virtualization Client Management Console**. - -## Related topics - - -[Application Virtualization Client Management Console Reference](application-virtualization-client-management-console-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/client-management-console-application-virtualization-node.md b/mdop/appv-v4/client-management-console-application-virtualization-node.md deleted file mode 100644 index 9ea64120a9..0000000000 --- a/mdop/appv-v4/client-management-console-application-virtualization-node.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: Client Management Console Application Virtualization Node -description: Client Management Console Application Virtualization Node -author: dansimp -ms.assetid: cf74e112-ddff-4e30-a3cc-7f4c643366c6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Client Management Console: Application Virtualization Node - - -The **Application Virtualization** node is the top-level node in the **Scope** pane of the Application Virtualization Client Management Console. This node displays the name of the computer the console is currently controlling, or it displays "Local" if the console is connected to the local computer. - -By right-clicking the **Application Virtualization** node, you can display the **Properties** dialog box to configure the Application Virtualization Desktop Client or Client for Remote Desktop Services (formerly Terminal Services). - -The **Properties** dialog box contains the following elements: - -[Application Virtualization Properties: General Tab](application-virtualization-properties-general-tab.md) - -[Application Virtualization Properties: Interface Tab](application-virtualization-properties-interface-tab.md) - -[Application Virtualization Properties: File System Tab](application-virtualization-properties-file-system-tab.md) - -[Application Virtualization Properties: Permissions Tab](application-virtualization-properties-permissions-tab.md) - -[Application Virtualization Properties: Connectivity Tab](application-virtualization-properties-connectivity-tab.md) - -[Application Virtualization Properties: Import Search Path Tab](application-virtualization-properties-import-search-path-tab.md) - -## Related topics - - -[Application Virtualization Client Management Console Reference](application-virtualization-client-management-console-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/client-management-console-application-virtualization-properties.md b/mdop/appv-v4/client-management-console-application-virtualization-properties.md deleted file mode 100644 index 85513a0959..0000000000 --- a/mdop/appv-v4/client-management-console-application-virtualization-properties.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: Client Management Console Application Virtualization Properties -description: Client Management Console Application Virtualization Properties -author: dansimp -ms.assetid: 70319e4c-5032-4cb3-bbb8-4292809dcea2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Client Management Console: Application Virtualization Properties - - -You can display the **Properties** dialog simply by right-clicking the **Application Virtualization** node in the Application Virtualization Client Management Console and selecting **Properties** from the pop-up menu. - -## In This Section - - -[Application Virtualization Properties: General Tab](application-virtualization-properties-general-tab.md) -Use the **General** tab of the **Properties** dialog box to modify log settings and data locations. - -[Application Virtualization Properties: Interface Tab](application-virtualization-properties-interface-tab.md) -Use the **Interface** tab of the **Properties** dialog box to control default settings for user-interface components. - -[Application Virtualization Properties: File System Tab](application-virtualization-properties-file-system-tab.md) -Use the **File System** tab of the **Properties** dialog box to view and monitor file system settings. - -[Application Virtualization Properties: Import Search Path Tab](application-virtualization-properties-import-search-path-tab.md) -Use the **Import Search Path** tab of the **Properties** dialog box to add, view, or change import search paths. - -[Application Virtualization Properties: Connectivity Tab](application-virtualization-properties-connectivity-tab.md) -Use the **Connectivity** tab of the **Properties** dialog box to specify the connectivity settings. - -[Application Virtualization Properties: Permissions Tab](application-virtualization-properties-permissions-tab.md) -Use the **Permissions** tab of the **Properties** dialog box to specify which activities are available for non-administrators on the local computer. - -## Related topics - - -[Application Virtualization Client Management Console Reference](application-virtualization-client-management-console-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/client-management-console-applications-node.md b/mdop/appv-v4/client-management-console-applications-node.md deleted file mode 100644 index 6661141ad2..0000000000 --- a/mdop/appv-v4/client-management-console-applications-node.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: Client Management Console Applications Node -description: Client Management Console Applications Node -author: dansimp -ms.assetid: 20cf533c-e0b0-4b81-af4b-b5b519594d1e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Client Management Console: Applications Node - - -The topics in this section provide information about the screen reference for the **Applications** node in the Application Virtualization Client Management Console. - -## In This Section - - -[Applications Node](applications-node.md) -Describes the features and commands available from the **Applications** node. - -[Applications Results Pane](applications-results-pane.md) -Describes the features and commands available from the **Applications** node **Results** pane. - -[Applications Results Pane Columns](applications-results-pane-columns.md) -Describes the columns available in the **Applications** node **Results** pane. - -## Related topics - - -[Application Virtualization Client Management Console Reference](application-virtualization-client-management-console-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/client-management-console-file-type-associations-node.md b/mdop/appv-v4/client-management-console-file-type-associations-node.md deleted file mode 100644 index f0c5570f3c..0000000000 --- a/mdop/appv-v4/client-management-console-file-type-associations-node.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: Client Management Console File Type Associations Node -description: Client Management Console File Type Associations Node -author: dansimp -ms.assetid: f0bc05ce-2cb2-4b06-961b-6c42d0274d28 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Client Management Console: File Type Associations Node - - -The topics in this section provide information about the screen reference for the **File Associations** node in the Application Virtualization Client Management Console. - -## In This Section - - -[File Type Associations Node](file-type-associations-node-client.md) -Describes the features and commands available from the **File Associations** node. - -[File Type Association Results Pane](file-type-association-results-pane.md) -Describes the features and commands available from the **File Associations** node **Results** pane. - -[File Type Association Results Pane Columns](file-type-association-results-pane-columns.md) -Describes the columns available in the **File Associations** node **Results** pane. - -## Related topics - - -[Application Virtualization Client Management Console Reference](application-virtualization-client-management-console-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/client-management-console-publishing-servers-node.md b/mdop/appv-v4/client-management-console-publishing-servers-node.md deleted file mode 100644 index f863e5d717..0000000000 --- a/mdop/appv-v4/client-management-console-publishing-servers-node.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: Client Management Console Publishing Servers Node -description: Client Management Console Publishing Servers Node -author: dansimp -ms.assetid: 03f2038f-b5f7-4e5b-a8f0-98f5e9d5f644 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Client Management Console: Publishing Servers Node - - -The topics in this section provide information about the screen reference for the **Publishing Servers** node in the Application Virtualization Client Management Console. - -## In This Section - - -[Publishing Servers Node](publishing-servers-node.md) -Describes the features and commands available from the **Publishing Servers** node. - -[Publishing Servers Results Pane](publishing-servers-results-pane.md) -Describes the features and commands available from the **Publishing Servers** node **Results** pane. - -[Publishing Servers Results Pane Columns](publishing-servers-results-pane-columns.md) -Describes the columns available in the **Publishing Servers** node **Results** pane. - -## Related topics - - -[Application Virtualization Client Management Console Reference](application-virtualization-client-management-console-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/command-line-errors.md b/mdop/appv-v4/command-line-errors.md deleted file mode 100644 index 3da8e0d9f9..0000000000 --- a/mdop/appv-v4/command-line-errors.md +++ /dev/null @@ -1,101 +0,0 @@ ---- -title: Command-Line Errors -description: Command-Line Errors -author: dansimp -ms.assetid: eea62568-4e90-4877-9cc7-e27ef5c05068 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Command-Line Errors - - -Use the following list of errors to identify the reasons why command-line sequencing is not working properly. You can also see these errors by viewing the sequencer log file. - -**Note**   -More than one error might be displayed when sequencing. Furthermore, the error code displayed might be the sum of two error codes. For example, if the */InstallPath* and */OutputFile* parameters are missing, the Microsoft System Center Application Virtualization Sequencer will return 96—the sum of the two error codes. - - - -01 -There is an unspecified error. - -02 -The specified installation directory (/INSTALLPACKAGE) specified is not valid. - -04 -The specified package root directory (/INSTALLPATH) is not valid. - -08 -The */OutputFile* parameter that was specified is not valid. - -16 -The installation directory (/INSTALLPACKAGE) was not specified. - -32 -The package root directory (/INSTALLPATH) was not specified. - -64 -The */OutputFile* parameter was not specified. - -128 -The specified application virtualization drive is not valid. - -256 -The installer failed. - -512 -Sequencing the application failed. - -1024 -Evaluating installed shortcuts failed. - -2048 -The sequenced application package cannot be saved. - -4096 -The specified package name (/PACKAGENAME) is not valid. - -8192 -The specified block size (/BLOCKSIZE) is not valid. - -16384 -The specified compression type (/COMPRESSION) is not valid. - -32768 -The specified project path is not valid. - -65536 -The specified upgrade parameter is not valid. - -131072 -The specified upgrade project parameter is not valid. - -262144 -The specified decode path parameter is not valid. - -525288 -The package name was not specified. - -## Related topics - - -[About Using the Sequencer Command Line](about-using-the-sequencer-command-line.md) - -[Command-Line Parameters](command-line-parameters.md) - - - - - - - - - diff --git a/mdop/appv-v4/command-line-parameters.md b/mdop/appv-v4/command-line-parameters.md deleted file mode 100644 index 2c67aced2f..0000000000 --- a/mdop/appv-v4/command-line-parameters.md +++ /dev/null @@ -1,97 +0,0 @@ ---- -title: Command-Line Parameters -description: Command-Line Parameters -author: dansimp -ms.assetid: d90a0591-f1ce-4cb8-b244-85cc70461922 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Command-Line Parameters - - -Use the following Application Virtualization Sequencer parameters to sequence an application and to upgrade a sequenced application package at the command prompt. In the Microsoft Application Virtualization Sequencer directory, you would enter **SFTSequencer**, followed by the appropriate parameter. - -*/HELP* or */?* -Use to display the list of parameters available for command-line sequencing. - -*/INSTALLPACKAGE* or */I* -Use to specify the installer or a batch file for the application to be sequenced. - -*/INSTALLPATH* or */P* -Use to specify the package root directory. - -*/OUTPUTFILE* or */O* -Use to specify the path and file name of the SPRJ file that will be generated. - -**Important**   -The */OUTPUTFILE* parameter is not available when opening a package that you do not intend to upgrade. - - - -*/FULLLOAD* or */F* -Use to specify whether to put everything in the primary feature block. - -*/PACKAGENAME* or */K* -Use to specify the package name of the sequenced application. - -*/BLOCKSIZE* -Specifies the SFT file block size that will be used to stream the package to client computers. You can select one of the following values: - -- 4 KB - -- 16 KB - -- 32 KB - -- 64 KB - -You should consider the size of the SFT file when you specify the block size. A file with a smaller block size takes longer to stream over the network but is less bandwidth-intensive. Files with larger block sizes use more network bandwidth. - -*/COMPRESSION* -Use to specify the method for compressing the SFT file as it is streamed to the client. - -*/MSI* or */M* -Use to specify generating a Microsoft Windows Installer package for the sequenced application. - -*/DEFAULT* -Specifies the default SPRJ file that will be used when creating a virtual application package. This file is used as the .sprj template when the application is sequenced for the first time. - -*/UPGRADE* -Specifies the path and file name of the SPRJ file that will be upgraded. - -*/DECODEPATH* -Specifies the directory on the sequencing computer where the files associated with the sequenced application package are installed. Use one of the following formats when specifying the directory: - -- /decodepath:Q: - -- /decodepath:Q:. - -- /decodepath:”Q:.” - -- /decodepath:”Q:” - -## Related topics - - -[About Using the Sequencer Command Line](about-using-the-sequencer-command-line.md) - -[How to Open a Sequenced Application Using the Command Line](how-to-open-a-sequenced-application-using-the-command-line.md) - -[How to Upgrade a Package Using the Open Package Command](how-to-upgrade-a-package-using-the-open-package-command.md) - - - - - - - - - diff --git a/mdop/appv-v4/completion-page-package-accelerator.md b/mdop/appv-v4/completion-page-package-accelerator.md deleted file mode 100644 index 7542c71906..0000000000 --- a/mdop/appv-v4/completion-page-package-accelerator.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -title: Completion Page -description: Completion Page -author: dansimp -ms.assetid: b2c7776c-2c35-4d25-92b4-6cd8c2bdff42 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Completion Page - - -Use the **Completion** page to review the package completion report. Any issues experienced during sequencing are displayed in the **Successful Virtual Application Package Report** pane. This information is also available in the directory where the package is saved in a file named Report.xml. - -This page contains the following elements: - -**Close** -Closes the **Create New Package Wizard**. - -## Related topics - - -[Sequencer Wizard - Package Accelerator (AppV 4.6 SP1)](sequencer-wizard---package-accelerator--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/completion-page.md b/mdop/appv-v4/completion-page.md deleted file mode 100644 index c733a56d5d..0000000000 --- a/mdop/appv-v4/completion-page.md +++ /dev/null @@ -1,34 +0,0 @@ ---- -title: Completion Page -description: Completion Page -author: dansimp -ms.assetid: b284d362-b9e1-4d04-88cd-fe9980652188 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Completion Page - - -Always save App-V Package Accelerators and any associated installation media in a secure location on the network to protect App-V Package Accelerators and the installation files from being tampered with or becoming corrupted. Transforms can also contain password and user-specific information so that you must save App-V Package Accelerators in a secure location. You must also digitally sign the Package Accelerator after you create it so the publisher can be verified when the Package Accelerator is applied. A digital signature is an electronic security mark that can help indicate the publisher of the software and whether the package has been tampered with, after the transform was originally signed. - -## Related topics - - -[Create Package Accelerator Wizard (AppV 4.6 SP1)](create-package-accelerator-wizard--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/configure-app.md b/mdop/appv-v4/configure-app.md deleted file mode 100644 index 407824e6a0..0000000000 --- a/mdop/appv-v4/configure-app.md +++ /dev/null @@ -1,90 +0,0 @@ ---- -title: CONFIGURE APP -description: CONFIGURE APP -author: dansimp -ms.assetid: fcfb4f86-8b7c-4208-bca3-955fd067079f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# CONFIGURE APP - - -Enables the user to change the icon associated with an application but does not update the icon on existing shortcuts or file type associations. - -`SFTMIME CONFIGURE APP:application /ICON icon-pathname [/LOG log-pathname | /CONSOLE | /GUI]` - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

APP:<application>

The name and version (optional) of the application.

/ICON <icon-pathname>

The path or URL for the icon file.

/LOG

If specified, output is logged to the specified path name.

/CONSOLE

If specified, output is presented in the active console window (default).

/GUI

If specified, output is presented in a Windows dialog box.

- -  - -For version 4.6, the following option has been added. - - ---- - - - - - - -

/LOGU

If specified, output is logged to the specified path name in UNICODE format.

- -  - -## Related topics - - -[SFTMIME Command Reference](sftmime--command-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/configure-package.md b/mdop/appv-v4/configure-package.md deleted file mode 100644 index 2bccdbf61d..0000000000 --- a/mdop/appv-v4/configure-package.md +++ /dev/null @@ -1,149 +0,0 @@ ---- -title: CONFIGURE PACKAGE -description: CONFIGURE PACKAGE -author: dansimp -ms.assetid: acc7eaa8-6ada-47b9-a655-2ca2537605b9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# CONFIGURE PACKAGE - - -Enables the user to change a package manifest file, package source, load trigger types, or load target for a package. - -`SFTMIME CONFIGURE PACKAGE:package-name [/MANIFEST manifest-path] [/OVERRIDEURL url] [/AUTOLOADNEVER] [/AUTOLOADONREFRESH] [/AUTOLOADONLOGIN] [/AUTOLOADONLAUNCH] [/AUTOLOADTARGET {NONE|ALL|PREVUSED}] [/LOG log-pathname | /CONSOLE | /GUI] [/NO-UPDATE-FTA-SHORTCUT {TRUE|FALSE} {/GLOBAL}]` - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

PACKAGE:<package-name>

User-visible and user-friendly name for the package.

/MANIFEST <manifest-path>

The path or URL of the manifest file that lists the applications included in the package and all of their publishing information.

/OVERRIDEURL <URL>

The location of the package's SFT file.

/AUTOLOADNEVER

Background loading is turned off for the package.

/AUTOLOADONREFRESH

Background loading is performed after a publishing refresh.

/AUTOLOADONLOGIN

Background loading is performed when a user logs in.

/AUTOLOADONLAUNCH

Background loading is performed after a user starts an application from the package.

/AUTOLOADTARGET <target>

Indicates which applications from the package will be autoloaded.

NONE

No autoloading will be performed despite the presence of any /AUTOLOADONxxx flags.

ALL

If an autoload trigger is enabled, all applications in the package will be loaded into cache regardless of whether they have ever been launched.

PREVUSED

If an autoload trigger is enabled, the package will load if any applications in this package have previously been started by a user.

/LOG

If specified, output is logged to the specified path name.

/CONSOLE

If specified, output is presented in the active console window (default).

/GUI

If specified, output is presented in a Windows dialog box.

- -  - -For version 4.6, the following option has been added. - - ---- - - - - - - -

/LOGU

If specified, output is logged to the specified path name in UNICODE format.

- -  - -For version 4.6 SP2, the following option has been added. - - ---- - - - - - - - - - - -

[/NO-UPDATE-FTA-SHORTCUT {TRUE|FALSE} {/GLOBAL}]

If set to TRUE, a registry value is created for the package, either per user, or globally if the /GLOBAL flag is specified.

-

If set to FALSE, the registry value is removed and the file type associations (FTA) for the package are reinstalled.

-

If not specified, normal FTA and shortcut publishing behavior occurs. If you perform any subsequent publishing refresh operations on the App-V 4.6 SP2 client, the shortcuts and FTAs for packages that have this registry value set will not be changed, and the shortcuts and FTAs will not be registered at system startup or user login unless you reset the flag.

/GLOBAL

Works in conjunction with the /NO-UPDATE-FTA-SHORTCUT flag. If the /GLOBAL flag is present, it indicates that a registry value will be created for that package for all users. By default, the registry value is created only for this user.

- -  - -## Related topics - - -[SFTMIME Command Reference](sftmime--command-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/configure-server.md b/mdop/appv-v4/configure-server.md deleted file mode 100644 index ed7f5ca4d8..0000000000 --- a/mdop/appv-v4/configure-server.md +++ /dev/null @@ -1,114 +0,0 @@ ---- -title: CONFIGURE SERVER -description: CONFIGURE SERVER -author: dansimp -ms.assetid: c916eddd-74f2-46e4-953d-120b23284e37 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# CONFIGURE SERVER - - -Enables a user to change the setup of a server; any settings not specified will not be modified. - -`SFTMIME CONFIGURE SERVER:server-name [/NAME display-name] [/HOST hostname] [/PORT port] [/PATH path] [/TYPE {HTTP|RTSP}] [/REFRESH {ON|OFF}] [/SECURE] [/LOG log-pathname | /CONSOLE | /GUI]` - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

SERVER:<server-name>

The display name for the publishing server.

/NAME <display-name>

New display name for the server.

/HOST <hostname>

The host name or IP address for the publishing server.

/PORT <port>

The port on which the publishing server listens. Defaults to 80 for normal HTTP servers, 443 for HTTP servers using enhanced security, 554 for normal Application Virtualization Servers, and 322 for servers using enhanced security.

/PATH <path>

The path portion of the URL used in a publishing request. If the TYPE parameter is set to RTSP, the path is optional and defaults to "/".

/TYPE

Indicates whether the publishing server is a Web server ("HTTP") or an Application Virtualization Server ("RTSP").

/REFRESH

If set to ON, publishing information will be refreshed when the user logs in. Defaults to ON.

/SECURE

If present, indicates that a connection with enhanced security should be established to the publishing server.

/LOG

If specified, output is logged to the specified path name.

/CONSOLE

If specified, output is presented in the active console window (default).

/GUI

If specified, output is presented in a Windows dialog box.

- -  - -For version 4.6, the following option has been added. - - ---- - - - - - - -

/LOGU

If specified, output is logged to the specified path name in UNICODE format.

- -  - -## Related topics - - -[SFTMIME Command Reference](sftmime--command-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/configure-software-page--learn-more-.md b/mdop/appv-v4/configure-software-page--learn-more-.md deleted file mode 100644 index 87abcb67dd..0000000000 --- a/mdop/appv-v4/configure-software-page--learn-more-.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Configure Software Page (Learn More) -description: Configure Software Page (Learn More) -author: dansimp -ms.assetid: 9a0cd4a5-88da-4897-a13a-5d21fc04afda -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configure Software Page (Learn More) - - -Use the **Configure Software** page to run each program to complete any configuration tasks after the installation. For example, this step helps configure any associated application license agreements. - -This page contains the following elements: - -**Run Selected** -Opens only the selected programs associated with the application. - -**Run All** -Opens all programs associated with the application. - -## Related topics - - -[Create New Package Wizard (AppV 4.6 SP1)](create-new-package-wizard---appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/configure-software-page-app-v-46-sp1.md b/mdop/appv-v4/configure-software-page-app-v-46-sp1.md deleted file mode 100644 index 7d201afb8d..0000000000 --- a/mdop/appv-v4/configure-software-page-app-v-46-sp1.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Configure Software Page -description: Configure Software Page -author: dansimp -ms.assetid: 50596eba-ce20-4d36-8e57-bd4b6c6cf92e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configure Software Page - - -Use the **Configure Software** page to manage the application first-use tasks. - -This page contains the following elements: - -**Configure Software** -Click **Configure Software** to manually configure application first-use tasks. Selecting this option can increase the overall sequencing time depending on the size of the package you are creating. - -**Skip this step** -Click **Skip this step** to skip configuring the application. If you choose to skip this step, end users have to perform any required first-use tasks such as accepting any license agreements and first-use questions. - -## Related topics - - -[Sequencer Wizard - Package Accelerator (AppV 4.6 SP1)](sequencer-wizard---package-accelerator--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/configure-type.md b/mdop/appv-v4/configure-type.md deleted file mode 100644 index 42307e58cb..0000000000 --- a/mdop/appv-v4/configure-type.md +++ /dev/null @@ -1,126 +0,0 @@ ---- -title: CONFIGURE TYPE -description: CONFIGURE TYPE -author: dansimp -ms.assetid: 2caf9433-5449-486f-ab94-83ee8e44d7f1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# CONFIGURE TYPE - - -Enables the user to change settings for a file type association. - -`SFTMIME CONFIGURE TYPE:file-extension [/GLOBAL] [/APP application] [/ICON icon-pathname] [/DESCRIPTION type-desc] [/CONTENT-TYPE content-type] [/PERCEIVED-TYPE perceived-type] [/PROGID progid] [/CONFIRMOPEN {YES|NO}] [/SHOWEXT {YES|NO}] [/NEWMENU {YES|NO}] [/LOG log-pathname | /CONSOLE | /GUI]` - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

TYPE:<file-extension>

The file name extension to be configured.

/APP <application>

The name and version (optional) of the application to associate this file type with. Cannot be specified with PROGID.

/ICON <icon-pathname>

The path or URL for the icon file.

/DESCRIPTION <type-desc>

The user-friendly name for the file type.

/CONTENT-TYPE <content-type>

The content type of the file.

/GLOBAL

If present, indicates that the association that applies to all users should be edited, not the user-specific one.

/PERCEIVED-TYPE <perceived-type>

The perceived type of the file.

/PROGID <progid>

Indicates that the extension should be associated with a different file type. The previous file type is not deleted. Cannot be specified with APP, ICON, DESCRIPTION, CONFIRMOPEN, or SHOWEXT.

/CONFIRMOPEN

Indicates whether users downloading a file of this type should be asked whether to open or save the file.

/SHOWEXT

Indicates whether the file's extension should always be shown, even if the user has requested that all extensions be hidden.

/NEWMENU

Indicates whether an entry should be added to the shell's New menu.

/LOG

If specified, output is logged to the specified path name.

/CONSOLE

If specified, output is presented in the active console window (default).

/GUI

If specified, output is presented in a Windows dialog box.

- -  - -For version 4.6, the following option has been added. - - ---- - - - - - - -

/LOGU

If specified, output is logged to the specified path name in UNICODE format.

- -  - -## Related topics - - -[SFTMIME Command Reference](sftmime--command-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/configuring-app-v-administration-for-a-distributed-environment.md b/mdop/appv-v4/configuring-app-v-administration-for-a-distributed-environment.md deleted file mode 100644 index 1fe3f100c5..0000000000 --- a/mdop/appv-v4/configuring-app-v-administration-for-a-distributed-environment.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: Configuring App-V Administration for a Distributed Environment -description: Configuring App-V Administration for a Distributed Environment -author: dansimp -ms.assetid: 53971fa9-8319-435c-be74-c37feb9af1da -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Configuring App-V Administration for a Distributed Environment - - -When designing the infrastructure for your specific organization, you can install the App-V Management Web Service on a computer other than the computer where you install the App-V Management Server. Common reasons for separating these App-V components include the following: - -- Performance - -- Reliability - -- Availability - -- Scalability - -Separating the Management Server and Management Web Service requires additional configuration for the infrastructure to operate correctly. When you separate these two features but do not complete the procedures described in this topic, the Management Console will connect to the Management Web Service but will not be able to properly authenticate with the data store. The Management Console will not load properly, and the administrator will not be able to complete any administrative tasks. - -This behavior occurs because the Management Web Service cannot use the credentials, passed to it from the Management Console, to access the data store. The solution is to configure the Management Web Service server to be “Trusted for delegation.” - -## Configuring Active Directory Domain Services - - -It is also necessary to configure Active Directory Domain Services properly to work in a distributed environment. This section includes the information you need configure Active Directory Domain Services. - -### When SQL Service Uses Local System account - -To set up the environment where the SQL Service uses the local system account, change the properties of the machine account of the Management Web Service to be trusted for delegation. For detailed procedures about how to do this, see [How to Configure the Server to be Trusted for Delegation](how-to-configure-the-server-to-be-trusted-for-delegation.md) - -### When SQL Service Uses Domain-Based Account - -To set up the environment where SQL Servers use domain-based service accounts, you need to consider whether or not a variety of factors apply, including the following: - -- Clustering of SQL Server - -- Replication - -- Automated tasks - -- Linked servers - -For information about configuring Active Directory Domain Services when the SQL service uses a domain-based account, see . - -  - -  - - - - - diff --git a/mdop/appv-v4/configuring-app-v-for-secure-administration.md b/mdop/appv-v4/configuring-app-v-for-secure-administration.md deleted file mode 100644 index a71fffa3c7..0000000000 --- a/mdop/appv-v4/configuring-app-v-for-secure-administration.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Configuring App-V for Secure Administration -description: Configuring App-V for Secure Administration -author: dansimp -ms.assetid: 4543fa81-c8cc-4b10-83b7-060778eb1349 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configuring App-V for Secure Administration - - -In an environment where securing administrative operations is important, App-V allows for secure communication between the App-V Web Management Service and the App-V Management Console. Because the Management Service is a Web-based application, it requires securing the App-V Management Server application on the Web server that hosts the Management Service. As shown in the following illustration, this process includes using HTTPS for communication and configuring the IIS server to allow only Windows Integrated Authentication. - -![app-v web service network configuration](images/appvmgmtwebservice.gif) - -The App-V Web Management Service is installed as a Web-based application on IIS. For the Web Management Service to support secure (SSL) connections between the App-V Management Console and the Web Management Service, you will need to configure the IIS server where the Web Management Service is installed and configure the App-V Management Console. - -## In This Section - - -[Configuring Certificates to Support the App-V Web Management Service](configuring-certificates-to-support-the-app-v-web-management-service.md) -Provides helpful information about configuring certificates to support SSL-based connections, to help secure communication for the App-V Web Management Service. - -[How to Install and Configure the App-V Management Console for a More Secure Environment](how-to-install-and-configure-the-app-v-management-console-for-a-more-secure-environment.md) -Provides a step-by-step procedure for connecting to an App-V Web Management Service by using a secure connection. - -  - -  - - - - - diff --git a/mdop/appv-v4/configuring-certificates-to-support-app-v-management-server-or-streaming-server.md b/mdop/appv-v4/configuring-certificates-to-support-app-v-management-server-or-streaming-server.md deleted file mode 100644 index fe8ec7d8bc..0000000000 --- a/mdop/appv-v4/configuring-certificates-to-support-app-v-management-server-or-streaming-server.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: Configuring Certificates to Support App-V Management Server or Streaming Server -description: Configuring Certificates to Support App-V Management Server or Streaming Server -author: dansimp -ms.assetid: 2f24e550-585e-4b7e-b486-22a3f181f543 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Configuring Certificates to Support App-V Management Server or Streaming Server - - -After you complete the certificate provisioning process and change the private key permissions to support the App-V installation, you can launch the setup of the Management Server or the Streaming Server. During setup, if a certificate is provisioned before running the setup program, the wizard displays the certificate in the **Connection Security Mode** screen and, by default, the **Use enhanced security** check box is selected. - -**Note**   -Select the certificate that was configured for App-V if there is more than one certificate provisioned for this server. - - - -**Important**   -When upgrading from version  4.2 to version  4.5, the setup has an option for **Use enhanced security**; however, selecting this option will not disable streaming over RTSP. You must use the Management Console to disable RTSP after installation. - - - -Select the TCP port that the service will use for client communications. The default port is TCP 322; however, you can change the port to a custom port for your environment. - -The remaining steps of the wizard are the same as if you were deploying an App-V Management or Streaming Server without using the **Enhanced security** feature. - -## Configuring Certificates for NLB Environments - - -To support large enterprises, often the Management Server is placed into a Network Load Balancing (NLB) cluster to support the large number of connections. This requires at least two Management Servers that appear to be a single Management Server. When your environment uses an NLB cluster with several Management Servers, you need an advanced configuration of the certificate used for the NLB cluster. - -The App-V certificate is submitted to a certification authority (CA) that is configured on a computer running Windows Server 2003. The SAN lets you connect to a specific Management Server NLB cluster host name by using a Domain Name System (DNS) name that might differ from the actual computer names, because there can be up to 32 servers that comprise the NLB cluster. - -This configuration is necessary only when using an NLB cluster. When the client connects to the server, it will connect using the fully qualified domain name (FQDN) of the NLB cluster and not the FQDN of an individual server. If you do not add the SAN property with the FQDN of the server nodes in the cluster, all client connections are refused because the common name of the certificate won’t match the server name. - -For more detailed information about configuring certificates with the SAN attribute, see . - -## Related topics - - -[Configuring Certificates to Support Secure Streaming](configuring-certificates-to-support-secure-streaming.md) - -[How to Modify Private Key Permissions to Support Management Server or Streaming Server](how-to-modify-private-key-permissions-to-support-management-server-or-streaming-server.md) - - - - - - - - - diff --git a/mdop/appv-v4/configuring-certificates-to-support-secure-streaming.md b/mdop/appv-v4/configuring-certificates-to-support-secure-streaming.md deleted file mode 100644 index 86f2485e5c..0000000000 --- a/mdop/appv-v4/configuring-certificates-to-support-secure-streaming.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: Configuring Certificates to Support Secure Streaming -description: Configuring Certificates to Support Secure Streaming -author: dansimp -ms.assetid: 88dc76d8-7745-4729-92a1-af089c921244 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Configuring Certificates to Support Secure Streaming - - -By default, the App-V service runs under the Network Service account. However, you can create a service account in Active Directory Domain Services and replace the Network Service account with the Active Directory Domain account. - -The security context under which the service runs is important for configuring enhanced secure communications. This security context must have read permissions for the certificate private key. When a PKCS\#10 *Certificate Signing Request* (CSR) is generated for the App-V server, the Windows *Cryptographic Service Provider* is called and a private key is generated. The private key is secured with permissions given to the System and Administrator accounts only. - -You must modify the access control lists (ACLs) on the private key to let the App-V Management or Streaming Server access the private key required for successful TLS secured communication. - -## Obtaining and Installing a Certificate - - -The scenarios for obtaining and installing a certificate for App-V are as follows: - -- Internal public key infrastructure (PKI). - -- Third-party certificate issuing certification authority (CA). - - **Note**   - If you need to obtain a certificate from a third-party CA, follow the documentation available on that CA’s Web site. - - - -If a PKI infrastructure has been deployed, consult with the PKI administrators to acquire a certificate that complies with the requirements described in this topic. If a PKI infrastructure is not available, use a third-party CA to obtain a valid certificate. - -For step-by-step guidance for obtaining and installing a certificate, see . - -## Related topics - - -Configuring Certificates to Support Secure Streaming -[How to Modify Private Key Permissions to Support Management Server or Streaming Server](how-to-modify-private-key-permissions-to-support-management-server-or-streaming-server.md) - - - - - - - - - diff --git a/mdop/appv-v4/configuring-certificates-to-support-the-app-v-web-management-service.md b/mdop/appv-v4/configuring-certificates-to-support-the-app-v-web-management-service.md deleted file mode 100644 index 7999d55e32..0000000000 --- a/mdop/appv-v4/configuring-certificates-to-support-the-app-v-web-management-service.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Configuring Certificates to Support the App-V Web Management Service -description: Configuring Certificates to Support the App-V Web Management Service -author: dansimp -ms.assetid: b7960161-2c19-4cbf-a98a-d4b06f547dce -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Configuring Certificates to Support the App-V Web Management Service - - -The App-V Web Management Service must be configured to support SSL-based connections to help secure the communication. This process requires that the Web server or computer on which the Management Service is installed has a certificate issued to the service or computer. - -The following scenarios illustrate how to obtain a certificate for this purpose: - -1. The company infrastructure already has a public key infrastructure (PKI) in place that automatically issues certificates to computers. - -2. The company infrastructure already has a PKI in place, although it does not automatically issue certificates to computers. - -3. The company infrastructure has no PKI in place. - -In each of the preceding scenarios, the method for obtaining a certificate is different, but the end result is the same. The administrator must assign a certificate to the IIS Default Web Site and configure the App-V Web Management Service to require secure communications. - -**Important**   -The name of the certificate must match the name of the server. It is a best practice to use fully qualified domain names (FQDNs) for the common name of the certificate. - - - -App-V can use IIS servers to support different infrastructure configurations. For more information about configuring IIS servers to support HTTPS, see . - -## Related topics - - -[How to Install and Configure the App-V Management Console for a More Secure Environment](how-to-install-and-configure-the-app-v-management-console-for-a-more-secure-environment.md) - - - - - - - - - diff --git a/mdop/appv-v4/configuring-iis-for-secure-streaming.md b/mdop/appv-v4/configuring-iis-for-secure-streaming.md deleted file mode 100644 index 1e5c0be5b8..0000000000 --- a/mdop/appv-v4/configuring-iis-for-secure-streaming.md +++ /dev/null @@ -1,65 +0,0 @@ ---- -title: Configuring IIS for Secure Streaming -description: Configuring IIS for Secure Streaming -author: dansimp -ms.assetid: 9a80a703-4642-4bec-b7af-dc7cb6b76925 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Configuring IIS for Secure Streaming - - -With the release of Microsoft Application Virtualization (App-V) version 4.5, you can use HTTP and HTTPS as protocols for streaming application packages to the App-V clients. This option enables organizations to leverage the additional scalability that IIS typically offers. When you use IIS as a streaming server, you can help secure the communications between the client and server by using HTTPS instead of HTTP. - -**Note**   -If you want to stream applications from a file server, you should enhance the security of the communications to the application packages. This can be achieved using IPsec. For more information see the following topics in the TechNet Library: - -- For Windows Server 2003, - -- For Windows Server 2008, - - - -## MIME Types - - -When you use IIS to stream virtual applications with HTTP or HTTPS, to support App-V, the following MIME types must be added to the IIS server: - -- .OSD=TXT - -- .SFT=Binary - -Use the following KB articles as guidance for adding MIME types: - -IIS 6.0: - -IIS 7.0: - -## Kerberos Authentication - - -When you use HTTP or HTTPS and Kerberos authentication to stream ICO, OSD, or SFT files, you are enhancing the security of your environment. However, for IIS to support Kerberos authentication, you must configure a proper Service Principal Name (SPN). The `setspn.exe` tool is available for Windows Server 2003 from the Support Tools on the installation CD and is built-in to Windows Server 2008. - -To create an SPN, run `setspn.exe` from a command prompt while logged in as a member of Domain Administrators—for example, `setspn.exe –A HTTP/FQDN of Server ServerName`. - -## Related topics - - -[Configuring Management or Streaming Server for Secure Communications Post-Installation](configuring-management-or-streaming-server-for-secure-communications-post-installation.md) - - - - - - - - - diff --git a/mdop/appv-v4/configuring-management-or-streaming-server-for-secure-communications-post-installation.md b/mdop/appv-v4/configuring-management-or-streaming-server-for-secure-communications-post-installation.md deleted file mode 100644 index 022b096208..0000000000 --- a/mdop/appv-v4/configuring-management-or-streaming-server-for-secure-communications-post-installation.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: Configuring Management or Streaming Server for Secure Communications Post-Installation -description: Configuring Management or Streaming Server for Secure Communications Post-Installation -author: dansimp -ms.assetid: 1062a213-470b-4ae2-b12f-b3e28a6ab745 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configuring Management or Streaming Server for Secure Communications Post-Installation - - -If the proper certificate was not provisioned before the installation of the App-V Management Server or the App-V Streaming Server, App-V can be configured for enhanced security after the initial installation. You can configure the App-V Management Server through the App-V Management Console. However, the App-V Streaming Server is managed through the registry. In either case, the certificate must include the proper *extended key usage* (EKU) for Server authentication and the Network Service must have read access to the private key. - -## In This Section - - -[How to Configure Management Server Security Post-Installation](how-to-configure-management-server-security-post-installation.md) -Provides a procedure that can be performed post-installation, using the App-V Management Console, to add the certificate and configure the App-V Management Server for enhanced security. - -[How to Configure Streaming Server Security Post-Installation](how-to-configure-streaming-server-security-post-installation.md) -Provides a procedure that can be performed post-installation, to add the certificate and configure the App-V Streaming Server for enhanced security. - -[Troubleshooting Certificate Permission Issues](troubleshooting-certificate-permission-issues.md) -Provides troubleshooting guidance for when the private key has not been configured with the proper ACL for the Network Service. - -  - -  - - - - - diff --git a/mdop/appv-v4/configuring-prerequisite-groups-in-active-directory-for-app-v.md b/mdop/appv-v4/configuring-prerequisite-groups-in-active-directory-for-app-v.md deleted file mode 100644 index 92700f1f2a..0000000000 --- a/mdop/appv-v4/configuring-prerequisite-groups-in-active-directory-for-app-v.md +++ /dev/null @@ -1,74 +0,0 @@ ---- -title: Configuring Prerequisite Groups in Active Directory for App-V -description: Configuring Prerequisite Groups in Active Directory for App-V -author: dansimp -ms.assetid: 0010d534-46c0-44a3-b5c1-621b4d5e2c31 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configuring Prerequisite Groups in Active Directory for App-V - - -Before you install the Microsoft Application Virtualization (App-V) Management Server, you must create the following objects in Active Directory. App-V uses Active Directory groups to control access to applications and administrative functions. You will use these groups during the server installation process and when publishing applications. - -## Configuring Prerequisite Groups in Active Directory for Application Virtualization - - -This table lists the Active Directory groups that are required for installing App-V. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ObjectDescription

Organizational Unit (OU)

Create an OU in Active Directory for the specific groups required for App-V.

App-V Administrative Group

During installation of the App-V Management Server, you must select an Active Directory group to use as the App-V Administrators group to control administrative access to the Management Console. Create a security group for App-V administrators, and add to this group every user who needs to use the Management Console. You cannot create this group directly from the App-V Management Server installer.

App-V Users Group

App-V requires that every User account that accesses App-V functions be a member of a provider policy associated with a single group for general platform access. Use an existing group; for example, Domain Users, if all users are to have access to App-V, or create a new group.

Application Groups

App-V associates the right to use an individual application with an Active Directory group. Create an Active Directory group for each application, and assign users to these groups as needed to control user access to the applications.

- -  - -## Related topics - - -[Application Virtualization Deployment Requirements](application-virtualization-deployment-requirements.md) - -[How to Configure Windows Server 2008 for App-V Management Servers](how-to-configure-windows-server-2008-for-app-v-management-servers.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/configuring-the-application-virtualization-sequencer--app-v-46-sp1-.md b/mdop/appv-v4/configuring-the-application-virtualization-sequencer--app-v-46-sp1-.md deleted file mode 100644 index f8ec256bdd..0000000000 --- a/mdop/appv-v4/configuring-the-application-virtualization-sequencer--app-v-46-sp1-.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: Configuring the Application Virtualization Sequencer (App-V 4.6 SP1) -description: Configuring the Application Virtualization Sequencer (App-V 4.6 SP1) -author: dansimp -ms.assetid: af775165-5b99-4c74-807f-f504377c7be4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configuring the Application Virtualization Sequencer (App-V 4.6 SP1) - - -Use any of the following links for more information about configuring the App-V Sequencer. - -## In This Section - - -[How to Install the Sequencer (App-V 4.6 SP1)](how-to-install-the-sequencer---app-v-46-sp1-.md) -Describes how to install the App-V Sequencer. - -[How to Create an App-V Project Template (App-V 4.6 SP1)](how-to-create-an-app-v-project-template--app-v-46-sp1-.md) -Describes how to create a project template. - -## Related topics - - -[Tasks for the Application Virtualization Sequencer (App-V 4.6 SP1)](tasks-for-the-application-virtualization-sequencer--app-v-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/configuring-the-application-virtualization-sequencer.md b/mdop/appv-v4/configuring-the-application-virtualization-sequencer.md deleted file mode 100644 index 571b263abc..0000000000 --- a/mdop/appv-v4/configuring-the-application-virtualization-sequencer.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Configuring the Application Virtualization Sequencer -description: Configuring the Application Virtualization Sequencer -author: dansimp -ms.assetid: cae1c368-9fcd-454e-8fc9-0893345d55bf -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configuring the Application Virtualization Sequencer - - -To configure your environment for the Microsoft Application Virtualization (App-V) Sequencer, you need to perform certain tasks. - -Click any link in the following section for information about configuring your environment for running the Sequencer. - -## In This Section - - -[How to Install the Sequencer](how-to-install-the-sequencer.md) -Contains the steps for installing the App-V Sequencer. - -[How to Create the Package Root Directory](how-to-create-the-package-root-directory.md) -Contains the steps necessary to configure the directory where sequenced applications will be installed. - -[How to Modify the Location of the Log Directory](how-to-modify-the-location-of-the-log-directory.md) -Contains the steps necessary to configure where the Sequencer logs will be saved. - -[How to Modify the Location of the Scratch Directory](how-to-modify-the-location-of-the-scratch-directory.md) -Contains the steps necessary to configure the location where the Sequencer temporarily stores files during sequencing. - -## Related topics - - -[Application Virtualization Sequencer Online Help](application-virtualization-sequencer-online-help.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/configuring-the-firewall-for-the-app-v-servers.md b/mdop/appv-v4/configuring-the-firewall-for-the-app-v-servers.md deleted file mode 100644 index 688c137ae2..0000000000 --- a/mdop/appv-v4/configuring-the-firewall-for-the-app-v-servers.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: Configuring the Firewall for the App-V Servers -description: Configuring the Firewall for the App-V Servers -author: dansimp -ms.assetid: f779c450-6c6f-46a8-ac66-5e82e0689d55 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configuring the Firewall for the App-V Servers - - -After you install the Microsoft Application Virtualization (App-V) Management Server or Streaming Server and configure it to use the RTSP or RTSPS protocol, you must create firewall exceptions for the App-V programs. - -## Configuring Firewall Exceptions for Application Virtualization Management Server - - -Create a firewall exception for **sghwdsptr.exe** and **sghwsvr.exe**. These programs are found in the folder C:\\Program Files\\Microsoft System Center App Virt Management Server\\App Virt Management Server\\bin on a 32-bit operating system. If you are using a 64-bit operating system version, the folder is located under C:\\Program Files (x86)\\Microsoft System Center App Virt Management Server\\App Virt Management Server\\bin. - -## Configuring Firewall Exceptions for Application Virtualization Streaming Server - - -Create a firewall exception for **sglwdsptr.exe** and **sglwsvr.exe**. These programs are found in the folder C:\\Program Files\\Microsoft System Center App Virt Streaming Server\\App Virt Streaming Server\\bin on a 32-bit operating system. If you are using a 64-bit operating system version, the folder is located under C:\\Program Files (x86)\\Microsoft System Center App Virt Streaming Server\\App Virt Streaming Server\\bin. - -## Related topics - - -[How to Configure Servers for Server-Based Deployment](how-to-configure-servers-for-server-based-deployment.md) - -[How to Install and Configure the Default Application](how-to-install-and-configure-the-default-application.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/configuring-windows-firewall-for-app-v.md b/mdop/appv-v4/configuring-windows-firewall-for-app-v.md deleted file mode 100644 index f97d412295..0000000000 --- a/mdop/appv-v4/configuring-windows-firewall-for-app-v.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -title: Configuring Windows Firewall for App-V -description: Configuring Windows Firewall for App-V -author: dansimp -ms.assetid: 6b5e253c-473f-4afc-a48b-631eda11d9ca -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configuring Windows Firewall for App-V - - -Securing the communication between components in an App-V infrastructure is only one element in securing the environment. Using a firewall program on the server can help reduce the attack surface area. The topics in this section provide procedures for configuring Windows built-in firewall capabilities that support App-V. These procedures assume that you installed a Management Server and that it has been configured for RTSPS communication. Notes are included in the procedures for Streaming Servers and environments where RTSP is being used for communication. - -## In This Section - - -[How to Configure Windows Server 2003 Firewall for App-V](how-to-configure-windows-server-2003-firewall-for-app-v.md) -Provides a procedure you can use to configure the Windows Server 2003 firewall for App-V. - -[How to Configure Windows Server 2008 Firewall for App-V](how-to-configure-windows-server-2008-firewall-for-app-v.md) -Provides a procedure you can use to configure the Windows Server 2008 firewall for App-V. - -  - -  - - - - - diff --git a/mdop/appv-v4/create-new-package-wizard---appv-46-sp1-.md b/mdop/appv-v4/create-new-package-wizard---appv-46-sp1-.md deleted file mode 100644 index 11cb5f957c..0000000000 --- a/mdop/appv-v4/create-new-package-wizard---appv-46-sp1-.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: Create New Package Wizard (AppV 4.6 SP1) -description: Create New Package Wizard (AppV 4.6 SP1) -author: dansimp -ms.assetid: 1f73d044-b364-4c95-8ae1-daedd316d87e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Create New Package Wizard (AppV 4.6 SP1) - - -Use any of the following links for more information about the App-V Create New Package wizard. - -## In This Section - - -[Packaging Method Page (Learn More)](packaging-method-page--learn-more-.md) - -[Prepare Computer Page (Learn More)](prepare-computer-page--learn-more-.md) - -[Type of Application Page (Learn More)](type-of-application-page--learn-more-.md) - -[Select Installer Page (Learn More)](select-installer-page--learn-more-.md) - -[Package Name Page (Learn More)](package-name-page---learn-more-.md) - -[Installation Page (Learn More)](installation-page--learn-more-.md) - -[Configure Software Page (Learn More)](configure-software-page--learn-more-.md) - -[Installation Files Page](installation-files-page.md) - -[Installation Report Page (Learn More)](installation-report-page--learn-more-.md) - -[Customize Page (Learn More)](customize-page--learn-more-.md) - -[Select Primary Page (Learn More)](select-primary-page--learn-more-.md) - -## Related topics - - -[Wizard Pages (AppV 4.6 SP1)](wizard-pages--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/create-package-accelerator--review-errors--page.md b/mdop/appv-v4/create-package-accelerator--review-errors--page.md deleted file mode 100644 index 63cdf9f7e1..0000000000 --- a/mdop/appv-v4/create-package-accelerator--review-errors--page.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -title: Create Package Accelerator (Review Errors) Page -description: Create Package Accelerator (Review Errors) Page -author: dansimp -ms.assetid: ea3f531d-1887-4b42-a30f-b875d0ccb916 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Create Package Accelerator (Review Errors) Page - - -Use the **Completion** page to review the Package Accelerator completion report. Any issues experienced during sequencing are displayed. - -This page contains the following elements: - -**Close** -Closes the **Create Package Accelerator** wizard. - -## Related topics - - -[Sequencer Wizard - Package Accelerator (AppV 4.6 SP1)](sequencer-wizard---package-accelerator--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/create-package-accelerator-page.md b/mdop/appv-v4/create-package-accelerator-page.md deleted file mode 100644 index 2d86172bf5..0000000000 --- a/mdop/appv-v4/create-package-accelerator-page.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -title: Create Package Accelerator Page -description: Create Package Accelerator Page -author: dansimp -ms.assetid: 51cdc262-beda-4a4f-bb3e-66458062a7bd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Create Package Accelerator Page - - -Use the **Create Package Accelerator** page to specify the location where to save the Package Accelerator. - -This page contains the following elements: - -**Browse** -Click **Browse** to specify the location where to save the Package Accelerator. - -## Related topics - - -[Create Package Accelerator Wizard (AppV 4.6 SP1)](create-package-accelerator-wizard--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/create-package-accelerator-wizard--appv-46-sp1-.md b/mdop/appv-v4/create-package-accelerator-wizard--appv-46-sp1-.md deleted file mode 100644 index 65aba0176a..0000000000 --- a/mdop/appv-v4/create-package-accelerator-wizard--appv-46-sp1-.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: Create Package Accelerator Wizard (AppV 4.6 SP1) -description: Create Package Accelerator Wizard (AppV 4.6 SP1) -author: dansimp -ms.assetid: 976d84e1-86d7-4a9b-a747-2b6eef790c1f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Create Package Accelerator Wizard (AppV 4.6 SP1) - - -Use any of the following links for more information about the use of page elements in the App-V Create Package Accelerator wizard. - -## In This Section - - -[About Sharing Package Accelerators Page](about-sharing-package-accelerators-page.md) - -[Select Package (Learn More) Page](select-package--learn-more--page.md) - -[Installation Files Page](installation-files-page.md) - -[Gathering Information Page (Learn More)](gathering-information-page--learn-more-.md) - -[Select Files Page](select-files-page.md) - -[Verify Applications Page (Package Accelerators)](verify-applications-page--package-accelerators-.md) - -[Select Guidance Page (Package Accelerators)](select-guidance-page--package-accelerators-.md) - -[Create Package Accelerator Page](create-package-accelerator-page.md) - -[Completion Page](completion-page.md) - -[Create Package Accelerator (Review Errors) Page](create-package-accelerator--review-errors--page.md) - -## Related topics - - -[Wizard Pages (AppV 4.6 SP1)](wizard-pages--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/create-package-page--app-v-46-sp1.md b/mdop/appv-v4/create-package-page--app-v-46-sp1.md deleted file mode 100644 index cfd5f7b2fc..0000000000 --- a/mdop/appv-v4/create-package-page--app-v-46-sp1.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: Create Package Page -description: Create Package Page -author: dansimp -ms.assetid: dd7a8709-74cc-459a-88ac-b63d8dcf2ddf -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Create Package Page - - -Use the **Create Package** page to add optional comments and to specify where the package will be saved. You can also specify whether the package should be compressed. After you have configured the options on this page, click **Create** to create the new virtual application package. - -This page contains the following elements: - -**Comments** -Add optional comments that will be associated with the new virtual application package. The comments that you add help identify the purpose or version of the virtual application package. - -**Save Location** -Click **Browse** and specify to which location you want to save the package (.**sprj** file). - -**Compress Package** -Select the **Compress Package** check box to compress the package, which can help enhance package streaming to target computers. We recommend that you select this option for packages that are larger than 4 GB. The current uncompressed package size is also displayed. - -**Note**   -If the original package size is more than 4 GB and compressed, by default, the checkbox is checked and cannot be changed. If the original package is compressed and less than 4 GB, the check box is checked, but can be cleared. - - - -## Related topics - - -[Sequencer Wizard - Package Accelerator (AppV 4.6 SP1)](sequencer-wizard---package-accelerator--appv-46-sp1-.md) - - - - - - - - - diff --git a/mdop/appv-v4/customize-page--learn-more-.md b/mdop/appv-v4/customize-page--learn-more-.md deleted file mode 100644 index 0bed35f090..0000000000 --- a/mdop/appv-v4/customize-page--learn-more-.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: Customize Page (Learn More) -description: Customize Page (Learn More) -author: dansimp -ms.assetid: 893df614-7058-4fcf-ba34-d0f16c856374 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Customize Page (Learn More) - - -Use the **Customize** page to finish creating the virtual application package or to configure the virtual application package further. - -This page contains the following elements: - -**Stop Now** -Creates a basic virtual application package. If you select this option, the package creation will finish, and the package will be available in the Sequencer console. - -**Customize** -Enables you to configure the virtual application package further. You can perform the following configuration items: - -- **Edit Shortcuts**. Add, remove, or change the shortcuts, and configure the file type associations associated with the virtual application package that will be created on target computers. - -- **Prepare virtual application package for streaming to improve the initial end user experience**. Optimize the virtual application package for streaming across the network. - -- **Restrict operating systems that can run this package**. Specify the operating systems that can run the virtual application package. - -## Related topics - - -[Create New Package Wizard (AppV 4.6 SP1)](create-new-package-wizard---appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/defender-running-dialog-box--app-v-46-sp1-.md b/mdop/appv-v4/defender-running-dialog-box--app-v-46-sp1-.md deleted file mode 100644 index a4d6ce5126..0000000000 --- a/mdop/appv-v4/defender-running-dialog-box--app-v-46-sp1-.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Defender Running Dialog Box (App-V 4.6 SP1) -description: Defender Running Dialog Box (App-V 4.6 SP1) -author: dansimp -ms.assetid: 716ec7f9-ddad-45dd-a3c7-4a9d81cfcfd0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Defender Running Dialog Box (App-V 4.6 SP1) - - -Microsoft Windows Defender is running. You should stop Windows Defender before continuing with the installation. Windows Defender can interfere with creation of a package by accessing files that must be added to the virtual application package or by adding extraneous data to the virtual application package. - -Use the following procedure to stop Microsoft Windows Defender from running during sequencing. - -1. On the computer running the App-V Sequencer, click **Start**, right-click **Computer**, and then click **Manage**. - -2. In the **Computer Management** console, double click **Services and Applications**, and then double-click **Services** to expand **Services**. - -3. Locate it in the list. Right-click Windows Defender, click **Stop** to stop Microsoft Windows Defender, and then click **Ok**. - -## Related topics - - -[Dialog Boxes (AppV 4.6 SP1)](dialog-boxes--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/defrag-running-dialog-box--app-v-46-sp1-.md b/mdop/appv-v4/defrag-running-dialog-box--app-v-46-sp1-.md deleted file mode 100644 index 0fc1fd41be..0000000000 --- a/mdop/appv-v4/defrag-running-dialog-box--app-v-46-sp1-.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Defrag Running Dialog Box (App-V 4.6 SP1) -description: Defrag Running Dialog Box (App-V 4.6 SP1) -author: dansimp -ms.assetid: 0ceb0897-377e-4754-a7ab-3bc2b5af1452 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Defrag Running Dialog Box (App-V 4.6 SP1) - - -The Disk Defragmenter service is running. The Disk Defragmenter service uses system resources and can cause degradation in performance or increase the time it takes to create virtual application package. - -Use the following procedure to stop the Disk Defragmenter service from running during sequencing. - -1. On the computer running the App-V Sequencer, click **Start**, right-click **Computer**, and then click **Manage**. - -2. In the **Computer Management** console, double-click **Services and Applications**, and then double-click **Services** to expand **Services**,. - -3. Locate it in the list. Right-click **Disk Defragmenter**, click **More Actions**, click **Stop** to stop Disk Defragmenter, and then click **OK**. - -## Related topics - - -[Dialog Boxes (AppV 4.6 SP1)](dialog-boxes--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/delete-app.md b/mdop/appv-v4/delete-app.md deleted file mode 100644 index a5a5189fe4..0000000000 --- a/mdop/appv-v4/delete-app.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: DELETE APP -description: DELETE APP -author: dansimp -ms.assetid: 2f89c0c0-373b-4389-a26d-67b3f9712957 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# DELETE APP - - -Removes an application record from the file system cache to make it no longer visible. Users’ shortcuts and file type associations are hidden but not deleted. No user settings are removed. - -`SFTMIME DELETE APP:application [/LOG log-pathname | /CONSOLE | /GUI]` - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

APP:<application>

The name and version (optional) of the application to be removed.

/LOG

If specified, output is logged to the specified path name.

/CONSOLE

If specified, output is presented in the active console window (default).

/GUI

If specified, output is presented in a Windows dialog box.

- -  - -For version 4.6, the following option has been added. - - ---- - - - - - - -

/LOGU

If specified, output is logged to the specified path name in UNICODE format.

- -  - -## Related topics - - -[SFTMIME Command Reference](sftmime--command-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/delete-obj.md b/mdop/appv-v4/delete-obj.md deleted file mode 100644 index e0e1085ae9..0000000000 --- a/mdop/appv-v4/delete-obj.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: DELETE OBJ -description: DELETE OBJ -author: dansimp -ms.assetid: fb17a261-f378-4ce6-a538-ab2f0ada0f2d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# DELETE OBJ - - -Removes all of your application records. - -`SFTMIME DELETE OBJ:APP [/GLOBAL] [/LOG log-pathname | /CONSOLE | /GUI]` - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

/GLOBAL

If specified, all applications are removed. By default, only applications the current user has access to are removed.

/LOG

If specified, output is logged to the specified path name.

/CONSOLE

If specified, output is presented in the active console window (default).

/GUI

If specified, output is presented in a Windows dialog box.

- -  - -For version 4.6, the following option has been added. - - ---- - - - - - - -

/LOGU

If specified, output is logged to the specified path name in UNICODE format.

- -  - -## Related topics - - -[SFTMIME Command Reference](sftmime--command-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/delete-package.md b/mdop/appv-v4/delete-package.md deleted file mode 100644 index f89b69d461..0000000000 --- a/mdop/appv-v4/delete-package.md +++ /dev/null @@ -1,93 +0,0 @@ ---- -title: DELETE PACKAGE -description: DELETE PACKAGE -author: dansimp -ms.assetid: 8f7a4598-610d-490e-a224-426acce01a9f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# DELETE PACKAGE - - -Removes a package record and the applications associated with it. - -`SFTMIME DELETE PACKAGE:package-name [/LOG log-pathname | /CONSOLE | /GUI]` - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

PACKAGE:<package-name>

The name of the package to be removed.

/LOG

If specified, output is logged to the specified path name.

/CONSOLE

If specified, output is presented in the active console window (default).

/GUI

If specified, output is presented in a Windows dialog box.

- - - -For version 4.6, the following option has been added. - - ---- - - - - - - -

/LOGU

If specified, output is logged to the specified path name in UNICODE format.

- - - -**Important**   -The DELETE PACKAGE command always performs a global delete of the package and deletes only global file types and shortcuts. - -If the package is global, this command must be run as local Administrator; otherwise, only **DeleteApp** permission is needed. - - - -## Related topics - - -[SFTMIME Command Reference](sftmime--command-reference.md) - - - - - - - - - diff --git a/mdop/appv-v4/delete-server.md b/mdop/appv-v4/delete-server.md deleted file mode 100644 index 7425b0751b..0000000000 --- a/mdop/appv-v4/delete-server.md +++ /dev/null @@ -1,91 +0,0 @@ ---- -title: DELETE SERVER -description: DELETE SERVER -author: dansimp -ms.assetid: 4c929639-1c1d-47c3-9225-cc4d7a8736f0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# DELETE SERVER - - -Removes a publishing server. - -**Note**   -This command does not remove any applications or packages published to the client by the server. For each application, use the SFTMIME **CLEAR APP** command followed by the **DELETE PACKAGE** command to completely remove those applications and packages from the client. - - - -`SFTMIME DELETE SERVER:server-name [/LOG log-pathname | /CONSOLE | /GUI]` - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

SERVER:<server-name>

The display name of the publishing server.

/LOG

If specified, output is logged to the specified path name.

/CONSOLE

If specified, output is presented in the active console window (default).

/GUI

If specified, output is presented in a Windows dialog box.

- - - -For version 4.6, the following option has been added. - - ---- - - - - - - -

/LOGU

If specified, output is logged to the specified path name in UNICODE format.

- - - -## Related topics - - -[SFTMIME Command Reference](sftmime--command-reference.md) - - - - - - - - - diff --git a/mdop/appv-v4/delete-type.md b/mdop/appv-v4/delete-type.md deleted file mode 100644 index 62cbd9b1c7..0000000000 --- a/mdop/appv-v4/delete-type.md +++ /dev/null @@ -1,90 +0,0 @@ ---- -title: DELETE TYPE -description: DELETE TYPE -author: dansimp -ms.assetid: f2852723-c894-49f3-a3c5-56f9648bb9ca -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# DELETE TYPE - - -Removes the specified file type association. - -`SFTMIME DELETE TYPE:file-extension [/GLOBAL] [/LOG log-pathname | /CONSOLE | /GUI]` - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

TYPE:<file-extension>

The file name extension to be removed.

/GLOBAL

If specified, indicates that the global association for the file name extension should be removed.

/LOG

If specified, output is logged to the specified path name.

/CONSOLE

If specified, output is presented in the active console window (default).

/GUI

If specified, output is presented in a Windows dialog box.

- -  - -For version 4.6, the following option has been added. - - ---- - - - - - - -

/LOGU

If specified, output is logged to the specified path name in UNICODE format.

- -  - -## Related topics - - -[SFTMIME Command Reference](sftmime--command-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/deployment-tab.md b/mdop/appv-v4/deployment-tab.md deleted file mode 100644 index 0b872aa0ce..0000000000 --- a/mdop/appv-v4/deployment-tab.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: Deployment Tab -description: Deployment Tab -author: dansimp -ms.assetid: 4510188b-eade-445d-a90f-b9127dd479a7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deployment Tab - - -The **Deployment** tab in the Application Virtualization Sequencer Console enables you to specify parameters for the deployment of a sequenced application package. - -## In This Section - - -[About the Deployment Tab](about-the-deployment-tab.md) -Provides general information about the **Deployment** tab. - -[How to Change Deployment Properties](how-to-change-deployment-properties.md) -Provides procedures for changing package properties by using the **Deployment** tab. - -## Related topics - - -[Sequencer Console](sequencer-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/determine-your-publishing-method.md b/mdop/appv-v4/determine-your-publishing-method.md deleted file mode 100644 index 683549aa16..0000000000 --- a/mdop/appv-v4/determine-your-publishing-method.md +++ /dev/null @@ -1,102 +0,0 @@ ---- -title: Determine Your Publishing Method -description: Determine Your Publishing Method -author: dansimp -ms.assetid: 1f2d0d39-5d65-457a-b826-4f45b00c8c85 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Determine Your Publishing Method - - -After you sequence an application by using the Application Virtualization Sequencer, you need to *publish* that application to your users. Publishing the application consists of delivering the icons, package definition information, and content source location to each computer where the Application Virtualization Client has been installed. The following table describes publishing methods that are supported when you deploy Application Virtualization by using an electronic software distribution (ESD) system. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
MethodAdvantagesDisadvantages

Generate a Windows Installer file during sequencing, as a stand-alone solution.

    -

  • Very simple to use.

    • -

  • Package loaded into cache locally on each computer.

    • -

  • Icons displayed to user.

    • -

  • Similar to traditional software deployment.

    • -

  • No need for streaming servers.

    • -
    -

  • No flexibility in location of package contents on computers—same location on all computers.

    • -

  • Must use only Add/Remove Programs or msiexec to remove applications.

    • -

  • Removal and replacement with new version required for package updating.

    • -

Generate a Windows Installer file during sequencing, used with MODE, LOAD, and OVERRIDEURL command-line properties and the package manifest.

    -

  • Simple to use but with added flexibility.

    • -

  • Icons displayed to user.

    • -

  • SFT file containing the applications can be placed on a streaming source location, with clients configured to use that location.

    • -
    -

  • Limited flexibility—only the location of the package content can be controlled at run time.

    • -

  • Must use only Add/Remove Programs or msiexec to remove the application.

    • -

  • Removal and replacement with new version required for package updating, unless using streaming server.

    • -

Run SFTMIME commands.

    -

  • Complete flexibility—full control of all package management functions.

    • -
    -

  • Commands must be scripted for use with the ESD system.

    • -

  • Commands must be run on each computer in correct sequence.

    • -

  • Detailed understanding of command language and careful planning required.

    • -
- -  - -For more information about using these publishing methods, see [How to Publish a Virtual Application on the Client](how-to-publish-a-virtual-application-on-the-client.md). - -## Related topics - - -[Determine Your Streaming Method](determine-your-streaming-method.md) - -[Electronic Software Distribution-Based Scenario](electronic-software-distribution-based-scenario.md) - -[Electronic Software Distribution-Based Scenario Overview](electronic-software-distribution-based-scenario-overview.md) - -[How to Publish a Virtual Application on the Client](how-to-publish-a-virtual-application-on-the-client.md) - -[SFTMIME Command Reference](sftmime--command-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/determine-your-streaming-method.md b/mdop/appv-v4/determine-your-streaming-method.md deleted file mode 100644 index 0033aa3003..0000000000 --- a/mdop/appv-v4/determine-your-streaming-method.md +++ /dev/null @@ -1,116 +0,0 @@ ---- -title: Determine Your Streaming Method -description: Determine Your Streaming Method -author: dansimp -ms.assetid: 50d5e0ec-7f48-4cea-8711-5882bd89153b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Determine Your Streaming Method - - -The first time that a user double-clicks the icon that has been placed on a computer through the publishing process, the Application Virtualization client will obtain the virtual application package content from a streaming source location. - -**Note**   -*Streaming* is the term used to describe the process of obtaining content from a sequenced application package, starting with the primary feature block and then obtaining additional blocks as needed. - - - -The streaming source location is usually a server that is accessible by the user’s computer; however, some electronic distribution systems, such as Microsoft Endpoint Configuration Manager, can distribute the SFT file to the user’s computer and then stream the virtual application package locally from that computer’s cache. - -**Note**   -A streaming source location for virtual packages can be set up on a computer that is not a server. This is especially useful in a small branch office that has no server. - - - -The streaming sources that can be used to store sequenced applications are described in the following table. - - ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Server TypeProtocolAdvantagesDisadvantagesLinks

File server

File

    -

  • Simple low-cost solution to configure existing file server with \CONTENT share

    • -
    -

  • No active upgrade

    • -

How to Configure the File Server

IIS server

HTTP/ HTTPS

    -

  • Supports enhanced security using HTTPS protocol.

    • -

  • Supports streaming to remote computers across the Internet

    • -

  • Only one port in firewall to open

    • -

  • Highly scalable

    • -

  • Familiar protocol

    • -
    -

  • Need to manage IIS

    • -

  • No active upgrade

    • -

How to Configure the Server for IIS

Application Virtualization Streaming Server

RTSP/ RTSPS

    -

  • Active upgrade

    • -

  • Supports enhanced security using RTSPS protocol

    • -

  • Only one port in firewall to open (RTSPS only)

    • -
    -

  • Dual infrastructure

    • -

  • Server administration requirement

    • -

How to Configure the Application Virtualization Management Servers

- - - -## Related topics - - -[Electronic Software Distribution-Based Scenario](electronic-software-distribution-based-scenario.md) - -[Electronic Software Distribution-Based Scenario Overview](electronic-software-distribution-based-scenario-overview.md) - -[Determine Your Publishing Method](determine-your-publishing-method.md) - - - - - - - - - diff --git a/mdop/appv-v4/dialog-boxes--appv-46-sp1-.md b/mdop/appv-v4/dialog-boxes--appv-46-sp1-.md deleted file mode 100644 index a61b7c716f..0000000000 --- a/mdop/appv-v4/dialog-boxes--appv-46-sp1-.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: Dialog Boxes (AppV 4.6 SP1) -description: Dialog Boxes (AppV 4.6 SP1) -author: dansimp -ms.assetid: f76b95df-cba4-4a69-8cd8-a888edf437be -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Dialog Boxes (AppV 4.6 SP1) - - -Use any of the following links for more information about the App-V Sequencer dialog boxes. - -## In This Section - - -[Incompatible Installer Dialog Box (App-V 4.6 SP1)](incompatible-installer-dialog-box--app-v-46-sp1-.md) - -[Failed Launch Dialog Box (App-V 4.6 SP1)](failed-launch-dialog-box--app-v-46-sp1-.md) - -[Oversized Package Dialog Box (App-V 4.6 SP1)](oversized-package-dialog-box--app-v-46-sp1-.md) - -[Restart Task Failure Dialog Box (App-V 4.6 SP1)](restart-task-failure-dialog-box--app-v-46-sp1-.md) - -[Side-by-side Privatization Failed Dialog Box (App-V 4.6 SP1)](side-by-side-privatization-failed-dialog-box--app-v-46-sp1-.md) - -[SXS Conflict Detected Dialog Box (App-V 4.6 SP1)](sxs-conflict-detected-dialog-box--app-v-46-sp1-.md) - -[Files Excluded Page Dialog Box (App-V 4.6 SP1)](files-excluded-page-dialog-box--app-v-46-sp1-.md) - -[Defender Running Dialog Box (App-V 4.6 SP1)](defender-running-dialog-box--app-v-46-sp1-.md) - -[Defrag Running Dialog Box (App-V 4.6 SP1)](defrag-running-dialog-box--app-v-46-sp1-.md) - -[Antivirus Running Dialog Box (App-V 4.6 SP1)](antivirus-running-dialog-box--app-v-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/disconnected-operation-mode.md b/mdop/appv-v4/disconnected-operation-mode.md deleted file mode 100644 index b123b249f9..0000000000 --- a/mdop/appv-v4/disconnected-operation-mode.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -title: Disconnected Operation Mode -description: Disconnected Operation Mode -author: dansimp -ms.assetid: 3f9849ea-ba53-4c68-85d3-87a4218f59c6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Disconnected Operation Mode - - -The disconnected operation mode settings—accessible by right-clicking the **Application Virtualization** node, selecting **Properties**, and clicking the **Connectivity** tab—enables the Application Virtualization Desktop Client or Client for Remote Desktop Services (formerly Terminal Services) to run applications that are stored in the file system cache of the client when the client is unable to connect to the Application Virtualization Management Server. - -Reasons for failure to connect to the server include server failure, network outage, or disconnection from the network. If any failure occurs, the client will automatically switch to disconnected operation. After it is disconnected, if the client needs additional data from the server to continue to run an application or if the disconnected operation time-out expires, the client will attempt to reconnect to the server. If this connection attempt fails, the application will be shut down. - -By default, disconnected operation is enabled and the time-out is set to 90 days. The time-out value is specified as the number of days you want to limit disconnected operation mode, and you can enter a value from 1–999. - -## Related topics - - -[How to Disable or Modify Disconnected Operation Mode Settings](how-to-disable-or-modify-disconnected-operation-mode-settings.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/domain-joined-and-non-domain-joined-clients.md b/mdop/appv-v4/domain-joined-and-non-domain-joined-clients.md deleted file mode 100644 index 7abf4bd3a7..0000000000 --- a/mdop/appv-v4/domain-joined-and-non-domain-joined-clients.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: Domain-Joined and Non-Domain-Joined Clients -description: Domain-Joined and Non-Domain-Joined Clients -author: dansimp -ms.assetid: a935dc98-de60-45f3-ab74-2444ce082e88 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Domain-Joined and Non-Domain-Joined Clients - - -The App-V Desktop Client can be configured to allow connection to a network regardless of whether the client is domain joined or non-domain joined. - -## Domain-Joined Clients - - -Clients that are domain joined, but outside the internal network, can communicate with the App-V infrastructure by using a VPN connection. When you want to provide users the ability to leave the internal network but still communicate in an App-V infrastructure, your environment requires very little setup. Because the users are already part of the domain, you simply need to ensure that Cached Credentials are supported on the client. This is the default configuration, and any changes to this setting can be accomplished from Group Policies. - -As mentioned in the App-V Security Best Practices Guide, the user will attempt to send their user ticket to the App-V infrastructure for authentication. If the ticket is expired, it will revert to using NTLM and the cached credentials on the computer. To allow roaming, administrators must ensure that the publishing server being accessed internally is available at the same name externally for the names to resolve properly. - -## Non-Domain-Joined Clients - - -Clients that are non-domain joined but need to communicate in the App-V infrastructure must be configured to ensure that authentication to the App-V infrastructure is successful. The App-V Desktop Client does not permit prompting for the publishing refresh process, so the client must be configured to present the proper credentials to the App-V Management Server. - -The publishing server, which is configured for publishing refresh from the non-domain joined client, requires that the external name that clients access is configured as the common name or a subject alternate name (SAN) on the publishing server’s certificate. - -## Related topics - - -[How to Assign the Proper Credentials for Windows Vista](how-to-assign--the-proper-credentials-for-windows-vista.md) - -[How to Assign the Proper Credentials for Windows XP](how-to-assign--the-proper-credentials-for-windows-xp.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/edit-shortcuts-learn-more.md b/mdop/appv-v4/edit-shortcuts-learn-more.md deleted file mode 100644 index 830abacbd3..0000000000 --- a/mdop/appv-v4/edit-shortcuts-learn-more.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Edit Shortcuts -description: Edit Shortcuts -author: dansimp -ms.assetid: a0ca75aa-1059-4d0c-894c-2e3474e9f519 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Edit Shortcuts - - -Use the **Edit Shortcuts** page to configure the shortcuts and file type associations (FTA) that are installed when you deploy the virtual application package to target computers. - -This page contains the following elements: - -**Add** -Adds an icon or specifies an FTA for the package. Click **Browse** to specify the file or program to add. - -**Remove** -Removes an icon or FTA from the package. - -**Edit** -Enables you to configure the properties associated with an icon or FTA in the package. You can update the associated **Application Path**, **Name**, **Version**, and **OSD File Name**. - -## Related topics - - -[Create New Package Wizard (AppV 4.6 SP1)](create-new-package-wizard---appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/electronic-software-distribution-based-scenario-overview.md b/mdop/appv-v4/electronic-software-distribution-based-scenario-overview.md deleted file mode 100644 index ebdfacc6c9..0000000000 --- a/mdop/appv-v4/electronic-software-distribution-based-scenario-overview.md +++ /dev/null @@ -1,85 +0,0 @@ ---- -title: Electronic Software Distribution-Based Scenario Overview -description: Electronic Software Distribution-Based Scenario Overview -author: dansimp -ms.assetid: e9e94b8a-6cba-4de8-9b57-73897796b6a0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Electronic Software Distribution-Based Scenario Overview - - -If you plan to use an electronic software distribution (ESD) solution to deploy virtual applications, it is important to understand the factors that go into and are affected by that decision. This topic describes the benefits of using an ESD-based scenario and provides information about the publishing and package streaming methods that you will need to consider as you proceed with your deployment. - -**Important**   -Whichever ESD solution you use, you must be familiar with the requirements of your particular solution. If you are using Microsoft Endpoint Configuration Manager, see the Configuration Manager documentation at . - - - -Using an existing ESD system provides you with the following benefits: - -- Eliminates dual management infrastructures - -- Reduces the cost of additional hardware - -- Reduces the cost of additional operating system and database licenses - -## Publishing Methods - - -When using an ESD-based scenario, you have the following choices for publishing the application to the clients: - -- **Stand-alone Windows Installer.** The Windows Installer file contains the manifest and the OSD and ICO files the clients use to configure a package. The Windows Installer file also copies the SFT file to the client because this scenario does not use a server. - -- **Windows Installer with the package manifest.** The Windows Installer file contains the manifest and the OSD and ICO files the clients use to configure a package. The SFT file is stored on a server. A command-line parameter directs the client to the location of the SFT file. - -- **SFTMIME commands.** SFTMIME commands are used with the manifest, OSD, ICO, and SFT files to add packages to the client. The manifest file must be on the client computer, or it must be accessible through a UNC path. Depending on the client configuration and the command-line options, the OSD, ICO, and SFT files can be on the client computer or on a server. - -For more detailed information about the preceding publishing methods, see [Determine Your Publishing Method](determine-your-publishing-method.md). - -## Package Streaming Methods - - -You will need to determine the method your Application Virtualization System will use to stream the virtual application packages, or SFT files, from the server to the clients. The following streaming options are available: - -- **Application Virtualization Streaming Server.** If you use an Application Virtualization Streaming Server in your configuration, the SFT files are streamed to the clients from that server using RTSP or RTSPS protocols. You must install the server software on a computer and you must configure it through the registry, but this configuration does not depend on services such as SQL or Active Directory Domain Services. The SFT files are stored on the server at a location accessible by the clients. Publishing information can be distributed to the clients through any distribution mechanism. However, when configured, the client receives package upgrades automatically and active upgrade is supported. - -- **Application Virtualization Management Server.** If you use an Application Virtualization Management Server in your configuration, the SFT files are streamed to the clients from that server using RTSP or RTSPS protocols. You manage this server through the Application Virtualization Management Console. This configuration uses a SQL database and Active Directory services. The server can distribute publishing information to the clients, so additional publishing mechanisms are not needed. - -- **File server.** If you use a file server in your configuration, the SFT files are streamed to the other client computers by using SMB protocols. File servers used in this configuration are managed by creating access control lists (ACLs) on the file shares and SFT files. Care must be taken to direct the clients to the correct files on the file server. - -- **IIS server.** If you use an IIS server in your configuration, the SFT files are streamed to the clients from that server using HTTP or HTTPS protocols. The IIS server is easy to configure and manage. Care must be taken to direct the clients to the correct files on the IIS server. - -For more detailed information about the preceding streaming methods, see [Determine Your Streaming Method](determine-your-streaming-method.md). - -## Related topics - - -[Application Virtualization Client Installer Command-Line Parameters](application-virtualization-client-installer-command-line-parameters.md) - -[Application Virtualization Server-Based Scenario](application-virtualization-server-based-scenario.md) - -[Determine Your Publishing Method](determine-your-publishing-method.md) - -[Determine Your Streaming Method](determine-your-streaming-method.md) - -[Electronic Software Distribution-Based Scenario](electronic-software-distribution-based-scenario.md) - -[SFTMIME Command Reference](sftmime--command-reference.md) - - - - - - - - - diff --git a/mdop/appv-v4/electronic-software-distribution-based-scenario.md b/mdop/appv-v4/electronic-software-distribution-based-scenario.md deleted file mode 100644 index d99c4ce90f..0000000000 --- a/mdop/appv-v4/electronic-software-distribution-based-scenario.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: Electronic Software Distribution-Based Scenario -description: Electronic Software Distribution-Based Scenario -author: dansimp -ms.assetid: 18be0f8d-60ee-449b-aa83-93c86d1a908e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Electronic Software Distribution-Based Scenario - - -If you plan to use an electronic software distribution (ESD) deployment scenario for your Microsoft Application Virtualization environment, it is important to understand the factors that go into and are affected by that decision. The topics in this section describe the ESD scenario and provide information about package delivery methods, transmission protocols, and external components that you will need to consider in your deployment strategy. You can also use the procedures in this section to complete your deployment, from the server configuration phase through the deployment verification phase. - -## In This Section - - -[Electronic Software Distribution-Based Scenario Overview](electronic-software-distribution-based-scenario-overview.md) -Provides important information about the publishing and streaming methods you can use for an ESD-based deployment. - -[How to Configure Servers for ESD-Based Deployment](how-to-configure-servers-for-esd-based-deployment.md) -This section provides procedures you can use to configure the Application Virtualization Streaming Servers, the IIS server, and the file server for your electronic software distribution–based deployment strategy. - -[How to Install the Client by Using the Command Line](how-to-install-the-client-by-using-the-command-line-new.md) -Provides command-line procedures for installing the Application Virtualization Client, using either the setup.exe or the setup.msi file. - -[How to Uninstall the App-V Client](how-to-uninstall-the-app-v-client.md) -Provides a step-by-step procedure you can use to confirm that the Application Virtualization Client has been installed and is functioning correctly. - -[How to Publish a Virtual Application on the Client](how-to-publish-a-virtual-application-on-the-client.md) -Provides command-line procedures for publishing an application package, using either Windows Installer or SFTMIME. - -## Reference - - -[Application Virtualization Client Installer Command-Line Parameters](application-virtualization-client-installer-command-line-parameters.md) - -## Related Sections - - -[Application Virtualization Server-Based Scenario](application-virtualization-server-based-scenario.md) - -## Related topics - - -[Application Virtualization Deployment and Upgrade Considerations](application-virtualization-deployment-and-upgrade-considerations.md) - -[Stand-Alone Delivery Scenario for Application Virtualization Clients](stand-alone-delivery-scenario-for-application-virtualization-clients.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/exclusion-item-dialog-box.md b/mdop/appv-v4/exclusion-item-dialog-box.md deleted file mode 100644 index 250a430862..0000000000 --- a/mdop/appv-v4/exclusion-item-dialog-box.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Exclusion Item Dialog Box -description: Exclusion Item Dialog Box -author: dansimp -ms.assetid: 5523c6d4-95f2-47af-8c06-3ab18004a207 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Exclusion Item Dialog Box - - -Use the **Exclusion Item** dialog box to assign or change a mapping rule and to assign or change an expression for exclusion. This dialog box contains the following elements. - -**Important**   -Adding files from an excluded directory to the virtual files system is not supported. - - - -**Exclude Path** -Use to specify variable name that the Application Virtualization Sequencer will exclude if encountered while parsing virtual file system items or virtual registry items. - -**Mapping Type** -Use to select the mapping rules the Application Virtualization Sequencer will apply to parse items in the virtual file system or virtual registry. One of the following values can occur: - -- VRG—Specifies that this mapping rule applies when parsing an item in the virtual registry. - -- VFS—Specifies that this mapping rule applies when parsing an item in the virtual file system. - -- VRG & VFS—Specifies that this mapping rule applies when parsing an item in either the virtual file system or the virtual registry. - -## Related topics - - -[Sequencer Dialog Boxes](sequencer-dialog-boxes.md) - - - - - - - - - diff --git a/mdop/appv-v4/exclusion-items-tab-keep.md b/mdop/appv-v4/exclusion-items-tab-keep.md deleted file mode 100644 index e4dcff97c2..0000000000 --- a/mdop/appv-v4/exclusion-items-tab-keep.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: Exclusion Items Tab -description: Exclusion Items Tab -author: dansimp -ms.assetid: 864e46dd-3d6e-4a1b-acf4-9dc00548117e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Exclusion Items Tab - - -The **Exclusion Items** tab displays the expressions that the Application Virtualization Sequencer excludes from the virtual file system or virtual registry. These expressions are excluded to ensure that the sequenced application package can run on Application Virtualization Desktop Clients. You can also exclude non-standard installation directories that might be unwanted in the sequencing. - -This tab contains the following elements. - -**Exclude Path** -Displays variable names that the Sequencer excludes if encountered while parsing virtual file system items or virtual registry items. - -**Resolves To** -Displays the actual paths that correspond to the Sequencer variables. - -**Map Type** -Displays mapping rules that the Sequencer applies to parse items in the virtual file system or virtual registry. One of the following values can occur: - -**New** -Click to enter a new exclusion item. - -**Edit** -Click to edit a selected exclusion. - -**Delete** -Click to remove a selected exclusion. - -**Save As Default** -Click to save the current exclusion items as your default. - -**Restore Defaults** -Click to restore default-assigned exclusion items and remove any items you added. - -**OK** -Click to accept the displayed exceptions. - -**Cancel** -Click to cancel any changes you have made. - -## Related topics - - -[Application Virtualization Sequencer Options Dialog Box](application-virtualization-sequencer-options-dialog-box.md) - -[Exclusion Item Dialog Box](exclusion-item-dialog-box.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/failed-launch-dialog-box--app-v-46-sp1-.md b/mdop/appv-v4/failed-launch-dialog-box--app-v-46-sp1-.md deleted file mode 100644 index a08aea1e5d..0000000000 --- a/mdop/appv-v4/failed-launch-dialog-box--app-v-46-sp1-.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Failed Launch Dialog Box (App-V 4.6 SP1) -description: Failed Launch Dialog Box (App-V 4.6 SP1) -author: dansimp -ms.assetid: 55669552-51b4-48aa-8bd0-6d78c2c930d9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Failed Launch Dialog Box (App-V 4.6 SP1) - - -The application did not start successfully. - -Use the following list to help identify why the application did not run successfully. - -1. Verify that all required prerequisites have been installed on the computer running the App-V Sequencer. - -2. Verify that any resources required by the application are available and not in use by another process. - -3. Verify that the application you are installing is supported by the operating system running on the computer that is running the App-V Sequencer. - -## Related topics - - -[Dialog Boxes (AppV 4.6 SP1)](dialog-boxes--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/file-type-association-results-pane-columns.md b/mdop/appv-v4/file-type-association-results-pane-columns.md deleted file mode 100644 index 1cdc78f1cc..0000000000 --- a/mdop/appv-v4/file-type-association-results-pane-columns.md +++ /dev/null @@ -1,96 +0,0 @@ ---- -title: File Type Association Results Pane Columns -description: File Type Association Results Pane Columns -author: dansimp -ms.assetid: eab48e20-9c92-459d-a06b-8e20202d73f6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# File Type Association Results Pane Columns - - -In the Application Virtualization Client Management Console, the **Results** pane of the **File Associations** node can display a variety of columns. **Extension**, **Description**, and **Application** are shown by default. - -**Note**   -You can add or remove a column simply by right-clicking in the **Results** pane, selecting **View**, then selecting **Add/Remove Columns**. - - - -The list can be sorted by any of the columns. Columns that contain dates and times are sorted in chronological order, not alphabetical. For columns that contain a mix of dates and times and text, dates and times are considered to come before any other text. - -The available column names contain the following elements. - -**Extension** -The extension, such as DOC or HTML. This is the field by which the list is organized, so each extension is displayed once on the list. - -**Description** -The description or user-friendly name. - -**Application** -The name and version of the application associated with the default action of this file type. - -**Parameters** -The parameters for the default action. - -**Default Action** -The name of the default action. - -**DDE** -Displays **Enabled** or **Disabled** depending on whether Dynamic Data Exchange (DDE) is enabled for the default action. - -**Linked Extensions** -A comma-separated list of other extensions that are associated with the same type. - -**Confirm Open** -Displays **Yes** or **No** depending on whether **Confirm open after download** is selected. - -**Always Show** -Displays **Yes** or **No** depending on whether **Always show extension** is selected. - -**Shell New** -Displays **Yes** or **No** depending on whether the extension is added to the shell’s **New** menu. - -**Applies To** -Displays **User** or **Computer** depending on whether this is a user-specific or computer-wide association. - -**Icon File** -The original name of the icon file. - -**Icon Path** -The original path or URL for the icon file. - -**Cached Icon File** -The name of the icon files in cache (which is a GUID in the current implementation). - -**Cached Icon Path** -The full path to the icon files in cache. - -**Content Type** -The content type. - -**Perceived Type** -The perceived type or blank. - -## Related topics - - -[File Type Associations Node](file-type-associations-node-client.md) - -[File Type Association Results Pane](file-type-association-results-pane.md) - - - - - - - - - diff --git a/mdop/appv-v4/file-type-association-results-pane.md b/mdop/appv-v4/file-type-association-results-pane.md deleted file mode 100644 index 3b6a32eb71..0000000000 --- a/mdop/appv-v4/file-type-association-results-pane.md +++ /dev/null @@ -1,117 +0,0 @@ ---- -title: File Type Association Results Pane -description: File Type Association Results Pane -author: dansimp -ms.assetid: bc5ceb48-1b9f-45d9-a770-1bac90629c76 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# File Type Association Results Pane - - -The **File Association** **Results** pane is one level below the **System** pane in the Application Virtualization Client Management Console, and it displays a list of the available file type associations. Users can see a list of file type extensions and the applications to which they correspond. - -To display specific options for file types, right-click any application extension to display a pop-up menu that contains the following elements. - -**Delete** -Deletes the file name extension from the list and removes the association to the file type. - -**Properties** -Displays the **Properties** dialog box for the selected application extension. This dialog box has two tabs: - -- The **General** tab displays general information about the file type association, including the application icon and name: - - - **Icon**—Displays the selected icon for the associated file type. - - - **Association Name**—Displays the name of the file type. - - - **Change Icon**—Click this button to change the icon for the file type association. - - - **Extension**—Displays the extension or extensions associated with a particular file type. - - - **Unlink**—This button is enabled when more than one extension is associated with an application. Click **Unlink** to manage the file type extension separately from the extension it is currently linked with. - - - **Specified application**—Select this radio button, and choose an application from the drop-down list of available applications. You are changing the application that is used by the default action. You can also browse to find an application if it isn't available on the drop-down list. - - - **OSD file**—Select this radio button, and specify a path to an Open Software Descriptor (OSD) file. You can also browse to an OSD file. - -- The **Advanced** tab displays detailed information about the file type association: - - - **Action**—Displays a list of the available actions for the associated file type. - - - **Content Type**—Displays a description of the contents of the file type. If this field is left blank, the client will fill it. - - - **Perceived Type**—Displays the file type. You can select one of the options from the drop-down list or add your own. - - - **Confirm open after download**—Select this check box to display a confirmation message after a file is loaded. If this box is selected, when you attempt to open a file of this type by downloading it into a Web browser, the browser prompts you to see whether you want to save the file rather than open it directly into the browser without confirmation. - - - **Always show extension**—Select this check box to specify that extensions should be shown even when the user requests that the system should hide extensions for known file types. - - - **Add to new menu**—Select this check box to specify that the extension or extensions should be listed in the shell's **New** context menu. - - - **Apply to all users**—Select this check box to specify that extensions should be available to all users. - -**Help** -Displays the Client Management Console help system. - -To display general options for the **Results** pane, right-click anywhere in the **Results** pane to display a pop-up menu that contains the following elements. - -**New Association** -This menu item displays the New Association Wizard. This wizard consists of two pages: - -1. Enter a new or existing file name extension, and associate the extension with a file type: - - - **Extension**—Enter a new file name extension. This field is blank by default. - - - **Create a new file type with this description**—Select this radio button to enter a new file type description in the active field. This button is selected by default, and the active field is blank. - - - **Apply this file type to all users**—Select this check box when you want this association to be global for all users. By default, this box is not selected. - - - **Link this extension with an existing file type**—Select this radio button to associate the extension with an existing file type. Pick a file type from the drop-down list. When you choose this option, **Next** is changed to **Finish**. - -2. Select the application that will open files with the specified extension: - - - **Open files with the selected application**—Select this radio button to open the file with an existing application. Choose an application from the drop-down list of available applications. - - - **Open file with the association described in this OSD file**—Select this radio button to specify an OSD file that determines the application used to open the file. Use the browse button to select an existing location, or enter a path or HTTP-formatted URL in this field. - -**Refresh** -This item refreshes the **Results** pane. - -**Export List** -With this menu item, you can create a tab-delimited text file that contains the contents of the **Results** pane. This item displays a standard **File Save** dialog box where you specify the location for the text file you are creating. - -**View** -This pop-up list of menu item lets you change the appearance and content of the **Results** pane. - -**Arrange/Line Up Icons** -These menu items can be used to change how the icons are displayed in the **Results** pane. - -**Help** -This item displays the help system for the management console. - -## Related topics - - -[How to Change an Application Icon](how-to-change-an-application-icon.md) - -[File Type Associations Node](file-type-associations-node-client.md) - -[File Type Association Results Pane Columns](file-type-association-results-pane-columns.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/file-type-associations-node-client.md b/mdop/appv-v4/file-type-associations-node-client.md deleted file mode 100644 index 4182a0dbbf..0000000000 --- a/mdop/appv-v4/file-type-associations-node-client.md +++ /dev/null @@ -1,72 +0,0 @@ ---- -title: File Type Associations Node -description: File Type Associations Node -author: dansimp -ms.assetid: 48e4d9eb-00bd-4231-a68a-f8597ab683ff -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# File Type Associations Node - - -The **File Type Associations** node is one level below the **Application Virtualization** node in the **Scope** pane of the Application Virtualization Client Management Console. When you select this node, the **Results** pane displays a list of file type associations. - -Right-click the **File Type Associations** node to display a pop-up menu that contains the following elements. - -**New Association** -This menu item displays the New Association Wizard. This wizard consists of two pages: - -1. Enter a new or existing file name extension, and associate the extension with a file type: - - - **Extension**—Enter a new or existing file name extension. This field is blank by default. - - - **Create a new file type with this description**—Select this radio button to enter a new file type description in the active field. This button is selected by default, and the active field is blank. - - - **Apply this file type to all users**—Select this check box when you want this association to be global for all users. By default, this box is not selected. - - - **Link this extension with an existing file type**—Select this radio button to associate the extension with an existing file type. Choose a file type from the drop-down list. When you choose this option, **Next** is changed to **Finish**. - -2. Select the application that will open files with the specified extension: - - - **Open files with the selected application**—Select this radio button to open the file with an existing application. Choose an application from the drop-down list of available applications. - - - **Open files with the application described in this OSD file**—Select this radio button to specify an Open Software Descriptor (OSD) file that determines the application used to open the file. Browse to select an existing location, or enter a path or HTTP-formatted URL in this field. - -**New Window from Here** -Select this menu item to open a new management console with the selected node as the root node. - -**Export List** -You can use this menu item to create a tab-delimited text file that contains the contents of the **Results** pane. This item displays a standard **File Save** dialog box where you specify the location for the text file you are creating. - -**View** -This pop-up list of menu items enables you to change the appearance and content of the **Results** pane. - -**Refresh** -Select this item to refresh the management console. - -**Help** -With this menu item, you can display the help system for the management console. - -## Related topics - - -[File Type Association Results Pane](file-type-association-results-pane.md) - -[File Type Association Results Pane Columns](file-type-association-results-pane-columns.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/file-type-associations-node.md b/mdop/appv-v4/file-type-associations-node.md deleted file mode 100644 index f739cf0208..0000000000 --- a/mdop/appv-v4/file-type-associations-node.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -title: File Type Associations Node -description: File Type Associations Node -author: dansimp -ms.assetid: a3f35562-32d0-4a43-8604-3a54189ade92 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# File Type Associations Node - - -The **File Type Associations** node is one level below the Application Virtualization System node in the **Scope** pane in the Application Virtualization Server Management Console. When you select this node, the **Results** pane displays a list of file type associations. Right-click the **File Type Association** node to display a pop-up menu that contains the following elements. - -**New File Type Association** -Displays the New File Type Association Wizard. This wizard consists of the following two pages: - -1. Enter a new or existing file name extension, and associate the extension with a file type. - - 1. **Extension**—Enables you to enter a new or existing file name extension. This field is blank by default. - - 2. **Create a new file type with this description**—Select this radio button to enter a new file type description in the active field. This button is selected by default, and the active field is blank. - - 3. **Link this extension with an existing file type**—Select this radio button to associate the extension with an existing file type. Pick a file type from the drop-down list. - -2. Select the application that will open files with the specified extension. - - 1. **Open files with the selected application**—Enables you to choose an application from the drop-down list of available applications. - - 2. **Icon Path**—Enables you to enter the complete path to the ICO file or to browse for the ICO file. - -**View** -Changes the appearance and content of the **Results** pane. - -**New Window from Here** -Opens a new management console with the selected node as the root node. - -**Refresh** -Refreshes the view of the server. - -**Export List** -Creates a tab-delimited text file that contains the contents of the **Results** pane. This item displays a standard **File Save** dialog box where you specify the location for the text file you are creating. - -**Help** -Displays the help system. - -## Related topics - - -[Server Management Console: File Type Associations Node](server-management-console-file-type-associations-node.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/file-type-associations-results-pane-columns.md b/mdop/appv-v4/file-type-associations-results-pane-columns.md deleted file mode 100644 index 1458316d50..0000000000 --- a/mdop/appv-v4/file-type-associations-results-pane-columns.md +++ /dev/null @@ -1,65 +0,0 @@ ---- -title: File Type Associations Results Pane Columns -description: File Type Associations Results Pane Columns -author: dansimp -ms.assetid: 8cbb63e4-f93b-4066-ba06-30103e6d0c3e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# File Type Associations Results Pane Columns - - -The **Results** pane in the Application Virtualization Server Management Console displays two columns. - -You can use the standard Microsoft Windows **Add/Remove Columns** dialog box to select which columns are displayed in the **Results** pane. - -To see the **Add/Remove Columns** dialog box, right-click in the **Results** pane and select **View > Add/Remove Columns** from the pop-up menu. - -The following table displays the column name and its contents. - - ---- - - - - - - - - - - - - - - - - -
ColumnDescription

Extension

Displays the extension, such as DOC or HTML. This is the field by which the list is organized, so each extension is displayed once on the list.

File Type

Displays the file type.

- -  - -## Related topics - - -[Server Management Console: File Type Associations Node](server-management-console-file-type-associations-node.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/file-type-associations-results-pane.md b/mdop/appv-v4/file-type-associations-results-pane.md deleted file mode 100644 index b1f2badd96..0000000000 --- a/mdop/appv-v4/file-type-associations-results-pane.md +++ /dev/null @@ -1,88 +0,0 @@ ---- -title: File Type Associations Results Pane -description: File Type Associations Results Pane -author: dansimp -ms.assetid: 881d7fa7-ecde-4a05-b6ee-132fe2c09900 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# File Type Associations Results Pane - - -The **File Type Associations Results** pane in the Application Virtualization Server Management Console displays a list of the available file type associations. Users can see a list of file type extensions and the applications to which they correspond. - -Right-click any application extension to display a pop-up menu that contains the following elements. - -**Delete** -Deletes the file name extension from the list. - -**Properties** -Displays the **Properties** dialog box for the selected application extension. This dialog box has the following tabs: - -- **General** tab—Displays general information about the file type association, including the application icon and name. - - - **Icon**—Displays the selected icon for the associated file type. - - - **Extension**—Displays the extension for the file type. - - - **File Type Description**—Displays a brief description of the file type. You can edit this field. - - - **Open files with this application**—Enables you to choose an application from the drop-down list of available applications. - - - **Icon Path**—Enables you to enter the complete path to the icon file (ICO) or to browse for the ICO file. - -- **Advanced** tab—Displays detailed information about the file type. - - - **Action**—Displays a list of the available actions for the associated file type. You can add new actions, edit existing actions, set an action as a default, or delete actions. - - - **Content Type**—Displays a description of the contents of the file type. If this field is left blank, the client will fill it. - - - **Perceived Type**—Displays the kind of file type. You can select one of the options from the drop-down list or add your own. - - - **Confirm open after download**—Select this check box to display a confirmation message after an application is loaded. - - - **Always show extension**—Select this check box to specify that extensions should be shown even when the user requests that the system hide the extensions for known file types. - - - **Add to new menu**—Select this check box to specify that the extension or extensions should be listed in the shell's **New Extensions** list. - -**Help** -Displays the Application Virtualization Server Management Console help system. - -Right-click anywhere in the **Results** pane that is not on an extension to display a pop-up menu that contains the following elements. - -**Refresh** -Refreshes the **Results** pane. - -**Export List** -Creates a tab-delimited text file that contains the contents of the **Results** pane. This item displays a standard **File Save** dialog box where you specify the location for the text file you are creating. - -**View** -Changes the appearance and content of the **Results** pane. - -**Arrange/Line up Icons** -Organizes the icons in the **Results** pane. - -**Help** -Displays the help system. - -## Related topics - - -[Server Management Console: File Type Associations Node](server-management-console-file-type-associations-node.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/files-excluded-page-dialog-box--app-v-46-sp1-.md b/mdop/appv-v4/files-excluded-page-dialog-box--app-v-46-sp1-.md deleted file mode 100644 index c994c8d5e0..0000000000 --- a/mdop/appv-v4/files-excluded-page-dialog-box--app-v-46-sp1-.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: Files Excluded Page Dialog Box (App-V 4.6 SP1) -description: Files Excluded Page Dialog Box (App-V 4.6 SP1) -author: dansimp -ms.assetid: 9718c7bf-7ed2-44d8-bdac-df013cd0d6c6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Files Excluded Page Dialog Box (App-V 4.6 SP1) - - -All required files were not added to the package because they are located in excluded paths. Use the following steps to remove the files from the exclusion list. - -1. Open the package in the App-V Sequencer console. - -2. Click **Tools** / **Options**, and then click the **Exclusion Items** tab. - -3. Select the **Exclude Path** entry, and then click **Delete**. - -4. Click **Ok**. - -You must then add the file to the package. You can use the following steps to add files: - -1. In the App-V Sequencer console, click the **Virtual File System** tab. - -2. To add a new virtual file system mapping, right-click, and then click **Add**. - -3. In the **New Virtual File System Mapping** dialog box, to specify the file, click **Browse** and select the file. Click **OK**. To save the package, click **File** / **Save**. - -## Related topics - - -[Dialog Boxes (AppV 4.6 SP1)](dialog-boxes--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/files-tab-keep.md b/mdop/appv-v4/files-tab-keep.md deleted file mode 100644 index aaeebd7805..0000000000 --- a/mdop/appv-v4/files-tab-keep.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: Files Tab -description: Files Tab -author: dansimp -ms.assetid: 14191e51-11a2-40ab-8855-3408a4bc5a9d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Files Tab - - -Use the **Files** tab to specify whether a file in a sequenced application package will be available to a specific user or to all users in the community. - -## In This Section - - -[About the Files Tab](about-the-files-tab.md) -Provides general information about the **Files** tab. - -[How to Modify the Files Included in a Package](how-to-modify-the-files-included-in-a-package.md) -Provides the procedure to modify the files included in a package. - -## Related topics - - -[Sequencer Console](sequencer-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/g b/mdop/appv-v4/g deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/mdop/appv-v4/gathering-information-page--learn-more-.md b/mdop/appv-v4/gathering-information-page--learn-more-.md deleted file mode 100644 index 2fb6c6cc6f..0000000000 --- a/mdop/appv-v4/gathering-information-page--learn-more-.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Gathering Information Page (Learn More) -description: Gathering Information Page (Learn More) -author: dansimp -ms.assetid: f8d5ec6b-a3d3-4e80-b1c2-3f8441b04aaa -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Gathering Information Page (Learn More) - - -Use the **Gathering Information** page to review the installation files that could not be located in the directory specified on the **Installation Files** page of this wizard. You must either locate the missing files and then click **Previous** to recreate the Package Accelerator, or select the **Remove these files** check box before you advance to the next page of this wizard. - -This page contains the following elements: - -**Review Missing Files** -Displays a list of the installation files that were not found in the specified directory. - -**Remove these files** -Specifies whether the missing installation files should be removed from the package. Only select this option if the files displayed in the **Review Missing Files** pane are not required to successfully run the application. All files that are removed will not be part of the Package Accelerator and also will not be part of any virtual application packages created by using the Package Accelerator. Ensure that removing these files will not cause the package to fail when running on target computers. - -## Related topics - - -[Create Package Accelerator Wizard (AppV 4.6 SP1)](create-package-accelerator-wizard--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/general-tab-keep.md b/mdop/appv-v4/general-tab-keep.md deleted file mode 100644 index 58ae9340d1..0000000000 --- a/mdop/appv-v4/general-tab-keep.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: General Tab -description: General Tab -author: dansimp -ms.assetid: aeefae39-60cd-4ad4-9575-c07d7e2b1e59 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# General Tab - - -Use the **General** tab to configure options for Microsoft Application Virtualization (App-V) Sequencer. - -**Scratch Directory** -Specifies the path to the location where the Sequencer will temporarily save files generated during sequencing. The default path is C:\\Program Files\\Microsoft Application Virtualization Sequencer\\Scratch. To specify a new path, click **Browse**. - -**Log Directory** -Specifies the path to the directory where the Sequencer will save log files. The default path is C:\\Program Files\\Microsoft Application Virtualization Sequencer\\Logs. To specify a new path, click **Browse** - -**Allow Use of MSI Installer** -Select this option to allow interaction between the Sequencer and the application installer. This option is selected by default. - -**Allow Virtualization of Events** -Select this option to allow low-level operating system activities of the application to be virtualized when a sequenced application package is run on App-V Desktop Clients. This option is selected by default. - -**Allow Virtualization of Services** -Select this option to allow services required by the application to be virtualized when the application is run on App-V Desktop Clients. This option is selected by default. - -**Append Package Version to Filename** -Select this option to automatically append the sequenced application package version number to the file name. This option is selected by default. - -**OK** -Saves changes and closes the dialog box. - -**Cancel** -Exits the dialog box without saving any changes. - -**Apply** -Saves the changes and remains in the dialog box. - -## Related topics - - -[Application Virtualization Sequencer Options Dialog Box](application-virtualization-sequencer-options-dialog-box.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/guidance-page-app-v-46-sp1.md b/mdop/appv-v4/guidance-page-app-v-46-sp1.md deleted file mode 100644 index 6af524a1e1..0000000000 --- a/mdop/appv-v4/guidance-page-app-v-46-sp1.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -title: Guidance Page -description: Guidance Page -author: dansimp -ms.assetid: 2d461f7e-bde0-4f20-bfc1-46d52feb701e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Guidance Page - - -Use the **Guidance** page to review the publishing guidance associated with the Package Accelerator. This information was created with the Package Accelerator and includes information about creating and publishing a new virtual application package based on the specified Package Accelerator. - -This page contains the following elements: - -**Export** -Click **Export** to export the guidance information to a Rich Text Format (.rtf) or text (.txt) file. Exporting the information is helpful if you have to review the guidance information later in the sequencing process. - -## Related topics - - -[Sequencer Wizard - Package Accelerator (AppV 4.6 SP1)](sequencer-wizard---package-accelerator--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/help.md b/mdop/appv-v4/help.md deleted file mode 100644 index 1b14a81bf2..0000000000 --- a/mdop/appv-v4/help.md +++ /dev/null @@ -1,174 +0,0 @@ ---- -title: HELP -description: HELP -author: dansimp -ms.assetid: 0ddb5f18-0c0a-45ea-b7c7-2d4749e3d35d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# HELP - - -Displays information about the various SFTMIME commands that can be used in Application Virtualization (App-V). - -## HELP - - -`SFTMIME [/? | /HELP [VERB:]]` - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

/?, /HELP

Displays usage information.

verb

The command to run, such as ADD, REFRESH, HELP or REMOVE.

object

What the command applies to, such as APP:"Default Application."

parameters

Optional parameters for the specified verb and object.

/LOG

Log output to the specified path name.

/CONSOLE

Displays output in the active console window (default).

/GUI

Displays errors in a dialog box (not valid for queries).

- -  - -For version 4.6, the following option has been added. - - ---- - - - - - - -

/LOGU

If specified, output is logged to the specified path name in UNICODE format.

- -  - -The verbs described in the following table are supported. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

ADD

Adds a new application, package, file type association, or publishing server to the App-V Client.

CONFIGURE

Changes the configuration of an application, a package, a file type association, or a publishing server.

DELETE

Removes applications, packages, file type associations, or servers.

LOAD

Loads a package into the file system cache.

REPAIR

Resets your personal settings for an application.

REFRESH

Triggers a publishing server refresh.

PUBLISH

Publishes an application shortcut to the user's Start menu, desktop, or other specified location, or can be used to publish the contents of an entire package.

UNPUBLISH

Removes the shortcuts and file types for an entire package.

QUERY

Gets a current list of applications, packages, file type associations, or publishing servers.

CLEAR

Removes your personal settings and desktop configurations for one or more applications.

UNLOAD

Unloads a package from the file system cache.

LOCK

Locks the application specified in the file system cache.

UNLOCK

Unlocks the application specified in the file system cache.

- -  - -For more information about the preceding actions, use the following command: - -`SFTMIME /HELP VERB:verb` - -For example, the following command will display information for the ADD verb: - -`SFTMIME /HELP VERB:ADD` - -## Related topics - - -[SFTMIME Command Reference](sftmime--command-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-add-a-file-type-association.md b/mdop/appv-v4/how-to-add-a-file-type-association.md deleted file mode 100644 index bd5e1a7cb5..0000000000 --- a/mdop/appv-v4/how-to-add-a-file-type-association.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -title: How to Add a File Type Association -description: How to Add a File Type Association -author: dansimp -ms.assetid: cccfbd00-51ba-4a60-a598-ee97f5ea1215 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Add a File Type Association - - -You can use the following procedure to add a file type association, using the **File Type Associations** node in the Application Virtualization Client Management Console. - -**To add a file type association** - -1. Right-click the **File Type Associations** node, and select **New Association** from the pop-up menu. - -2. Complete the first step of the dialog box by completing the following information, and then click **Next**: - - 1. **Extension**—Enter a new file name extension. This field is blank by default. - - 2. **Create a new file type with this description**—Select this radio button to enter a new file type description in the active field. This button is selected by default, and the active field is blank. - - 3. **Apply this file type to all users**—Select this check box when you want this association to be global for all users. By default, this box is cleared. - - 4. **Link this extension with an existing file type**—Select this radio button to associate the extension with an existing file type. Pick a file type from the drop-down list. When you choose this option, **Next** is changed to **Finish**. - -3. Complete the second step of the dialog box by completing the following information, and then click **Finish** to return to the Client Management Console: - - 1. **Change Icon**—Click this button to change the application icon. Select one of the available icons, or browse to a new location and select an icon. - - 2. **Open files with the selected application**—Select this radio button to open the file with an existing application. Choose an application from the drop-down list of available applications. - - 3. **Open file with the association described in this OSD file**—Select this radio button to specify an Open Software Descriptor (OSD) file that determines the application used to open the file. Use the browse button to select an existing location, or enter a path or HTTP-formatted URL in this field. - -## Related topics - - -[How to Add an Application](how-to-add-an-application.md) - -[How to Publish Application Shortcuts](how-to-publish-application-shortcuts.md) - -[How to Delete a File Type Association](how-to-delete-a-file-type-association.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-add-a-package-by-using-the-command-line.md b/mdop/appv-v4/how-to-add-a-package-by-using-the-command-line.md deleted file mode 100644 index 6b9c002b72..0000000000 --- a/mdop/appv-v4/how-to-add-a-package-by-using-the-command-line.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: How to Add a Package by Using the Command Line -description: How to Add a Package by Using the Command Line -author: dansimp -ms.assetid: e75af49e-811a-407a-a7f0-6de8562b9188 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Add a Package by Using the Command Line - - -The following procedures list the steps that are necessary to add a virtual application package to the Application Virtualization (App-V) Client on a specific computer. - -**To add a virtual application package for a specific user** - -- Run the following command under the user account of the person who is to get the package. The command adds and publishes the package for that user. - - `SFTMIME ADD PACKAGE:”name” /MANIFEST ` - -**To add a virtual application package for all users** - -- Run the following command under an account that has administrator rights. The package is added and published for all users on the computer. - - `SFTMIME ADD PACKAGE:”name” /MANIFEST /GLOBAL` - -**To add a package using an electronic software distribution system** - -1. If you are using an electronic software distribution system that runs the commands under the computer’s **SYSTEM** account, the package is published for that account only, unless you use the /GLOBAL switch. Run the following command to add and publish the package for all users on the computer: - - `SFTMIME ADD PACKAGE:”name” /MANIFEST /GLOBAL` - -2. - - If you want to add the package for specific users only, run the **ADD PACKAGE** command, and then explicitly publish the package for each user by running the following **PUBLISH PACKAGE** command under each person’s user account: - - `SFTMIME ADD PACKAGE:”name” /MANIFEST ` - - `SFTMIME PUBLISH PACKAGE:”name” /MANIFEST ` - - Publishing the package without the GLOBAL parameter grants the user access to the applications in the package and publishes the file types and shortcuts that are listed in the manifest to the user’s profile. Permissions required are “Manage file type associations” (**ManageTypes**) and “Publish shortcuts” (**PublishShortcut**). - -## Related topics - - -[How to Delete All Virtual Applications by Using the Command Line](how-to-delete-all-virtual-applications-by-using-the-command-line.md) - -[How to Remove a Package by Using the Command Line](how-to-remove-a-package-by-using-the-command-line.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-add-a-package-version.md b/mdop/appv-v4/how-to-add-a-package-version.md deleted file mode 100644 index 6a4b7c4372..0000000000 --- a/mdop/appv-v4/how-to-add-a-package-version.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: How to Add a Package Version -description: How to Add a Package Version -author: dansimp -ms.assetid: dbb829c1-e5cb-4a2f-bc17-9a9bb50c671c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Add a Package Version - - -In the Application Virtualization Server Management Console, when you resequence a package, you can use the following procedure to add the new version to your servers for streaming. - -**Note**   -When you upgrade a package with a new version, you can leave the existing version in place or delete it and leave only the newest one. You might want to leave the old version in place for compatibility with legacy documents or so that you can test the new version before making it available to all users. - - - -**To add a package version** - -1. Copy the new SFT file to the application server's content folder. If resequencing did not add changes to the Open Software Descriptor (OSD), icon (ICO), or Sequencer Project (SPRJ) files, you do not need to copy those. You can include those files if you want all the files to display the same date. - -2. In left pane of the Application Virtualization Server Management Console, expand the **Packages** node. - -3. Right-click the package you want to upgrade, and choose **Add Version**. - -4. In the **Add Package Version** dialog box, browse for or type the path name for the new application file in the **Full path for package file** field. This must be an SFT file. - -5. Click **Next**. - -6. The **Summary** dialog box shows the file location and prompts you to copy the file there if you have not already done so. Click **Finish** after you have verified the information. - - The new version is now complete and ready to stream. - -## Related topics - - -[How to Delete a Package](how-to-delete-a-packageserver.md) - -[How to Manage Packages in the Server Management Console](how-to-manage-packages-in-the-server-management-console.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-add-a-package.md b/mdop/appv-v4/how-to-add-a-package.md deleted file mode 100644 index b9f409c2cb..0000000000 --- a/mdop/appv-v4/how-to-add-a-package.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -title: How to Add a Package -description: How to Add a Package -author: dansimp -ms.assetid: 5407fdbe-e658-44f6-a9b8-a566b81dedce -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Add a Package - - -You can add a package from the Application Virtualization Server Management Console in the following ways: - -- Import an application, which creates the package automatically in the process. - -- Add a package manually. - -It is recommended that you import applications instead of adding them manually. For more information about importing applications, see [How to Import an Application](how-to-import-an-applicationserver.md). - -**To add a package manually** - -1. In the Application Virtualization Server Management Console, right-click the **Packages** node in the left pane and choose **New Package**. - -2. In the **New Package** dialog box, type a name in the **Package Name** field. - -3. Browse for or type a path name in the **Full path for package file** field. This must be an SFT file. - - **Note**   - If you browse to the SFT file, replace the local path (such as C:\\Program Files\\User\_Apps\\Virtual\_App\_Server\\content) with the server's static host name or IP address. Using the variable *%SFT\_SOFTGRIDSERVER%* requires per-client computer configuration. - - In dialog boxes that refer to Virtual Application Servers, you must use a network location, such as the server's static host name or IP address, that your users can access. The application's Open Software Descriptor (OSD) file can replace the placeholder variable *%SFT\_SOFTGRIDSERER%* with the server's static host name or IP address. If you leave the placeholder variable, you must set this variable on each client computer that will access that server. Set a User or System variable on each computer for SFT\_SOFTGRIDSERVER. The variable value must be the server's static host name or IP address. If you set a variable, exit the Client session, log out of and back into Microsoft Windows, and then restart the session on each computer that had a session running and had the variable set. - - - -4. Click **Next**. - -5. The **Summary** dialog box shows the file location and prompts you to copy the file to the location if you have not already done so. Click **Finish** after you have verified the information. - - **Note**   - If you are managing applications on a remote server, in the next dialog box, type only the path of the file relative to the server's content root. - - - -## Related topics - - -[How to Import an Application](how-to-import-an-applicationserver.md) - -[How to Manage Packages in the Server Management Console](how-to-manage-packages-in-the-server-management-console.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-add-a-server.md b/mdop/appv-v4/how-to-add-a-server.md deleted file mode 100644 index 0fb467e68f..0000000000 --- a/mdop/appv-v4/how-to-add-a-server.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: How to Add a Server -description: How to Add a Server -author: dansimp -ms.assetid: 1f31678a-8edf-4d35-a812-e4a2abfd979b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Add a Server - - -To help you manage your Application Virtualization Management Servers more efficiently, organize them into server groups. After you create a server group in the Application Virtualization Server Management Console, you can use the following procedure to add a server to the group. - -**Note**   -All servers in a server group must be connected to the same data store. - - - -**To add a server to a group** - -1. Click the **Server Groups** node in the left pane to expand the list of server groups. - -2. Right-click the desired server group, and select **New Application Virtualization Management Server**. - -3. In the **New Server Group Wizard**, enter the **Display Name** and the **DNS Host Name**. - -4. Leave the default values in the **Maximum Memory Allocation** field for the server cache and the **Warn Memory Allocation** field to specify the threshold warning level. - -5. Click **Next**. - -6. In the **Connection Security Mode** dialog, check the **Use enhanced security** box to select enhanced security mode, if desired. If necessary, complete the **Certificate Wizard** or view existing certificates. - -7. Click **Next**. - -8. In the **App Virt Port Setting** dialog, select the **Use Default Port** or the **User Custom Port** radio button and enter the custom port number. - -9. Click **Finish**. - -## Related topics - - -[How to Create a Server Group](how-to-create-a-server-group.md) - -[How to Remove a Server](how-to-remove-a-server.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-add-an-administrator-group.md b/mdop/appv-v4/how-to-add-an-administrator-group.md deleted file mode 100644 index 27067fbc52..0000000000 --- a/mdop/appv-v4/how-to-add-an-administrator-group.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: How to Add an Administrator Group -description: How to Add an Administrator Group -author: dansimp -ms.assetid: 2611f33e-6082-4269-b0ba-394174701492 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Add an Administrator Group - - -From the **Administrators** node of the Application Virtualization Server Management Console, you can use the following procedure to add an administrator group. - -**To add an administrator group** - -1. In the left pane of the Application Virtualization Server Management Console, right-click the **Administrators** node and select **Add Administrator Group**. - -2. Complete the **Select Groups** dialog box to add groups. - - **Important**   - When completing the **Select Groups** dialog box, you might see the **Multiple Names Found** dialog box, which can display multiple group names. To add more than one group at a time, press **Ctrl** and click the name of each group you want to add. Click **OK** to exit the **Multiple Names Found** dialog box. - - - -3. Click **OK**. - - **Note**   - To add administrator groups to the Application Virtualization Management Server, you must have system administrator or security administrator privileges on the associated data store. If you attempt to create a group without sufficient privileges, the system generates an error message. - - - -## Related topics - - -[How to Customize an Application Virtualization System in the Server Management Console](how-to-customize-an-application-virtualization-system-in-the-server-management-console.md) - -[How to Delete an Administrator Group](how-to-delete-an-administrator-group.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-add-an-application.md b/mdop/appv-v4/how-to-add-an-application.md deleted file mode 100644 index 760c7f8540..0000000000 --- a/mdop/appv-v4/how-to-add-an-application.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: How to Add an Application -description: How to Add an Application -author: dansimp -ms.assetid: 0147233d-f369-4796-8e34-fb1d894af732 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Add an Application - - -You can use the following procedure to add an application directly from the **Results** pane of the **Application** node in the Application Virtualization Client Management Console. - -**To add an application** - -1. In the **Results** pane, right-click and select **New Application** from the pop-up menu. - -2. On the wizard page, you can perform the following tasks: - - 1. **Change Icon**—Displays a standard Windows icon browser. Browse to and select the desired icon. - - 2. **OSD File Path or URL**—Enter a local absolute path, a full UNC path (shared file or directory on a network), or an HTTP URL. - - 3. **(OSD browse button)**—Displays the standard Windows **Open File** dialog box. Browse to find the desired file. - -3. Click **Finish** to add the application to the **Results** pane. - -## Related topics - - -[How to Add a File Type Association](how-to-add-a-file-type-association.md) - -[How to Publish Application Shortcuts](how-to-publish-application-shortcuts.md) - -[How to Delete a File Type Association](how-to-delete-a-file-type-association.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-apply-a-package-accelerator-to-create-a-virtual-application-package---app-v-46-sp1-.md b/mdop/appv-v4/how-to-apply-a-package-accelerator-to-create-a-virtual-application-package---app-v-46-sp1-.md deleted file mode 100644 index 2616fee08d..0000000000 --- a/mdop/appv-v4/how-to-apply-a-package-accelerator-to-create-a-virtual-application-package---app-v-46-sp1-.md +++ /dev/null @@ -1,110 +0,0 @@ ---- -title: How to Apply a Package Accelerator to Create a Virtual Application Package (App-V 4.6 SP1) -description: How to Apply a Package Accelerator to Create a Virtual Application Package (App-V 4.6 SP1) -author: dansimp -ms.assetid: ca0bd514-2bbf-4130-8c77-98d991cbe016 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Apply a Package Accelerator to Create a Virtual Application Package (App-V 4.6 SP1) - - -You can use App-V Package Accelerators to automatically generate a new virtual application package. For more information about Package Accelerators, see [About App-V Package Accelerators (App-V 4.6 SP1)](about-app-v-package-accelerators--app-v-46-sp1-.md). - -**Important** -Disclaimer: The Application Virtualization Sequencer does not give you any license rights to the software application you are using to create a Package Accelerator. You must abide by all end user license terms for such application. It is your responsibility to make sure the software application’s license terms allow you to create a Package Accelerator using Application Virtualization Sequencer. - - - -**Note** -Before starting this procedure, copy the required Package Accelerator locally to the computer running the App-V Sequencer. You should also copy all required installation files for the package to a local directory on the computer running the Sequencer. This is the directory that you have to specify in step 5 of this procedure. - - - -Use the following procedure to create a virtual application package by using a Package Accelerator. - -**To create a virtual application package by using an App-V Package Accelerator** - -1. To start the App-V Sequencer, on the computer that is running the App-V Sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. - -2. To start the **Create New Package Wizard**, click **Create a New Virtual Application Package**. To create the package, select the **Create Package using a Package Accelerator** check box, and then click **Next**. - -3. On the **Select Package Accelerator** page, to specify the Package Accelerator that will be used to create the new virtual application package, click **Browse** to locate the Package Accelerator that you want to use. Click **Next**. - - **Important** - If the publisher of the Package Accelerator cannot be verified and does not contain a valid digital signature, in the **Security Warning** dialog box, you must confirm that you trust the source of the Package Accelerator before you click **Run**. - - - -4. On the **Guidance** page, review the publishing guidance information displayed in the information pane. The information displayed was added when the Package Accelerator was created and contains information about creating and publishing the package. To export the guidance information to a text (.txt) file, click **Export** and specify the location where the file should be saved, and then click **Next**. - -5. On the **Select Installation Files** page, to create a local folder that contains all required installation files for the package, click **Make New Folder** and specify where the folder should be saved. You must also specify a name to be assigned to the folder. You must then copy all required installation files to the location that you specified. If the folder that contains the installation files already exists on the computer running the Sequencer, click **Browse** to select the folder. - - Alternatively, if you have already copied the installation files to a directory on this computer, click **Make New Folder**, browse to the folder that contains the installation files, and then click **Next**. - - **Note** - You can specify the following types of supported installation files: - - - Windows Installer files(**.msi** - - - .cab files - - - Compressed files with a .zip file name extension - - - The actual application files - - The following file types are not supported: **.msp** and.exe files. If you specify an **.exe** file you must extract the installation files manually. - - - -~~~ -If the Package Accelerator requires an application be installed prior to applying the Package Accelerator and you have installed the application, on the **Local Installation** page, select the check box **I have installed all applications**, and then click **Next**. -~~~ - -6. On the **Package Name** page, specify a name that will be associated with the package. The name specified identifies the package in the App-V Management Console. Click **Next**. - -7. On the **Create Package** page, provide comments that will be associated with the package. The comments should contain identifying information about the package you are creating. To confirm the location where the package is created, review the information displayed in **Save Location**. To compress the package, select **Compress Package**. Select the **Compress Package** check box if the package will be streamed across the network, or when the package size exceeds 4 GB. - - To create the package, click **Create**. After the package has been created, click **Next**. - -8. On the **Configure Software** page, to enable the Sequencer to configure the applications contained in the package, select **Configure Software**. This step is useful for configuring any associated tasks that must be completed to run the application on target computers, such as configuring any associated license agreements. - - If you select **Configure Software**, the following items are configured by the Sequencer as part of this step: - - - **Load Package**. The Sequencer loads the files associated with the package. It can take several seconds to up to an hour to decode the package. - - - **Run Each Program**. Optionally run the programs contained in the package. This step is helpful for completing any associated license or configuration tasks that are required to run the application before you deploy and run the package on target computers. To run all the programs at one time, select at least one program, and then click **Run All**. To run specific programs, select the program or programs you want to run, and then click **Run Selected**. Complete the required configuration tasks, and then close the applications. It can take several minutes for all programs to run. Click **Next**. - - - **Save Package**. The Sequencer saves the package. - - - **Primary Feature Block**. The Sequencer optimizes the package for streaming by rebuilding the primary feature block. - - If you do not want to configure the applications, click **Skip this step**, and to go to step 9 of this procedure, and then click **Next**. - -9. On the **Completion** page, after you have reviewed the information displayed in the **Virtual Application Package Report** pane, click **Close**. - - The package is now available in the Sequencer. To edit the package properties, click **Edit \[Package Name\]**. For more information about modifying a package, see [How to Modify an Existing Virtual Application Package (App-V 4.6 SP1)](how-to-modify-an-existing-virtual-application-package--app-v-46-sp1-.md). - -## Related topics - - -[Configuring the Application Virtualization Sequencer (App-V 4.6 SP1)](configuring-the-application-virtualization-sequencer--app-v-46-sp1-.md) - -[How to Create App-V Package Accelerators (App-V 4.6 SP1)](how-to-create-app-v-package-accelerators--app-v-46-sp1-.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-apply-an-app-v-project-template--app-v-46-sp1-.md b/mdop/appv-v4/how-to-apply-an-app-v-project-template--app-v-46-sp1-.md deleted file mode 100644 index ca8c706037..0000000000 --- a/mdop/appv-v4/how-to-apply-an-app-v-project-template--app-v-46-sp1-.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -title: How to Apply an App-V Project Template (App-V 4.6 SP1) -description: How to Apply an App-V Project Template (App-V 4.6 SP1) -author: dansimp -ms.assetid: 8ef120ab-8cfb-438c-8136-671167b7bd9d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Apply an App-V Project Template (App-V 4.6 SP1) - - -You can use an App-V project template to apply common settings associated with an existing virtual application package to a new virtual application package. Using App-V project templates can help streamline the process of creating virtual application packages by configuring common settings before you begin sequencing an application. - -**Note**   -You can only apply an App-V project template when you are creating a new virtual application package. Applying project templates to existing virtual application packages is not supported. Additionally, you cannot use a project template in conjunction with a Package Accelerator. - - - -For more information about creating App-V project templates, see [How to Create an App-V Project Template (App-V 4.6 SP1)](how-to-create-an-app-v-project-template--app-v-46-sp1-.md). - -**To apply an App-V project template** - -1. To start the Microsoft Application Virtualization Sequencer, on the computer on which App-V Sequencer is installed, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. - -2. To create a new virtual application package by using an App-V project template, click **File** / **New From Template**. - -3. To select the project template that you want to use, browse to the directory where the project template is saved, select the project template, and then click **Open**. - -4. Create the new virtual application package. The settings saved with the specified template will be applied to the new virtual application package that you are creating. For more information about creating a new virtual application package, see [How to Determine Which Type of Application to Sequence (App-V 4.6 SP1)](how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md), and select the appropriate procedure. - -## Related topics - - -[Tasks for the Application Virtualization Sequencer (App-V 4.6 SP1)](tasks-for-the-application-virtualization-sequencer--app-v-46-sp1-.md) - -[How to Create an App-V Project Template (App-V 4.6 SP1)](how-to-create-an-app-v-project-template--app-v-46-sp1-.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-assign--the-proper-credentials-for-windows-vista.md b/mdop/appv-v4/how-to-assign--the-proper-credentials-for-windows-vista.md deleted file mode 100644 index f24d17b75f..0000000000 --- a/mdop/appv-v4/how-to-assign--the-proper-credentials-for-windows-vista.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: How to Assign the Proper Credentials for Windows Vista -description: How to Assign the Proper Credentials for Windows Vista -author: dansimp -ms.assetid: cc11d2af-a350-4d16-ba7b-f9c1d89e14b4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Assign the Proper Credentials for Windows Vista - - -Use the following procedure to configure the App-V Desktop Client for proper Windows Vista credentials. - -**Note**   -This procedure must be completed on each non-domain joined computer. Depending on the number of non-domain joined computers in your environment, this could be a very tedious operation. You can use scripts and the command-line interface for Credential Manager to help administrators automate this process. - - - -**To assign the proper credentials for App-V clients running Windows Vista** - -1. With administrator privileges on the App-V Desktop Client running Windows Vista, open the **User Accounts** control panel (Classic Control Panel). - -2. Select **Manage your network passwords** from **User Accounts** in the left tasks pane. - -3. Select **Add** on the **Stored User Names and Passwords** screen. - -4. On the **Stored Credential Properties** screen, provide the information for the App-V infrastructure: - - 1. **Log on to:** External name of the publishing server. - - 2. **User name:** User name for the external user in the form Domain\\Username. - - 3. **Password:** Password for the user account entered in the **User name** field. - - 4. Leave **Credential Type** selected, and click **OK**. - -5. Click **Close**. The credentials are stored in the credential store for proper authentication to the App-V infrastructure. - -## Related topics - - -[Domain-Joined and Non-Domain-Joined Clients](domain-joined-and-non-domain-joined-clients.md) - -[How to Assign the Proper Credentials for Windows XP](how-to-assign--the-proper-credentials-for-windows-xp.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-assign--the-proper-credentials-for-windows-xp.md b/mdop/appv-v4/how-to-assign--the-proper-credentials-for-windows-xp.md deleted file mode 100644 index 9e1d52e3fc..0000000000 --- a/mdop/appv-v4/how-to-assign--the-proper-credentials-for-windows-xp.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: How to Assign the Proper Credentials for Windows XP -description: How to Assign the Proper Credentials for Windows XP -author: dansimp -ms.assetid: cddbd556-d8f9-4981-a947-6e8e3f552b70 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Assign the Proper Credentials for Windows XP - - -Use the following procedure to configure the App-V Desktop Client for proper Windows XP credentials. - -**Note**   -After finishing this procedure, the non-domain joined client can perform a publishing refresh without being joined to a domain. - - - -**To assign the proper credentials for App-V clients running Windows XP** - -1. With administrator privileges on the App-V Client running Windows XP, open the **User Accounts** control panel (Classic Control Panel). - -2. Click the **Advanced Tab**, and select **Manage Passwords**. - -3. On the **Stored User Names and Passwords** screen, click **Add**. - -4. On the **Logon Information Properties** screen, fill out the following fields with information from the App-V infrastructure: - - 1. **Server:** Name of publishing server external name. - - 2. **User name:** User name for external user in the form Domain\\username. - - 3. **Password:** Password for the user account entered in the **User name** field. - -5. Click **OK**. The credentials will be stored on the client. - -## Related topics - - -[Domain-Joined and Non-Domain-Joined Clients](domain-joined-and-non-domain-joined-clients.md) - -[How to Assign the Proper Credentials for Windows Vista](how-to-assign--the-proper-credentials-for-windows-vista.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-associate-an-application-with-a-license-group.md b/mdop/appv-v4/how-to-associate-an-application-with-a-license-group.md deleted file mode 100644 index 84d62ca579..0000000000 --- a/mdop/appv-v4/how-to-associate-an-application-with-a-license-group.md +++ /dev/null @@ -1,58 +0,0 @@ ---- -title: How to Associate an Application with a License Group -description: How to Associate an Application with a License Group -author: dansimp -ms.assetid: 85639db3-5751-497e-a9e7-ce4770c0b55f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Associate an Application with a License Group - - -You can enforce licensing restrictions on an application by associating the application with a license group in the Application Virtualization Server Management Console. Depending on the type of license group, you control who has access to the application and how many users can access an application at a time. You can also access license compliance reports for the application. - -**Important**   -One or more application license groups must exist for you to associate an application with a license group. - - - -**To associate an application with a license group** - -1. In the left pane of the management console, expand the **Applications** node. - -2. Right-click the application you want to add to a license group, and choose **Properties**. - -3. On the **General** tab, use the **Application License Group** pull-down menu to choose the group. - -4. Click **OK**. - - **Note**   - You can alter the **Properties** tab of one application at a time. - - - -## Related topics - - -[How to Create an Application License Group](how-to-create-an-application-license-group.md) - -[How to Manage Application Licenses in the Server Management Console](how-to-manage-application-licenses-in-the-server-management-console.md) - -[How to Manage Reports in the Server Management Console](how-to-manage-reports-in-the-server-management-console.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-branch-a-package.md b/mdop/appv-v4/how-to-branch-a-package.md deleted file mode 100644 index 9b2ab8c069..0000000000 --- a/mdop/appv-v4/how-to-branch-a-package.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: How to Branch a Package -description: How to Branch a Package -author: dansimp -ms.assetid: bfe46a8a-f0ee-4a71-9e9c-64ac08aac9c1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Branch a Package - - -Use this procedure to modify an existing sequenced application package so you can run it side-by-side with the original sequenced application package. This process is called branching. When you branch a virtual application package you are able to run two versions of the same package. For example, you can apply a service pack to an existing package, and run it side-by-side with the original sequenced virtual application package. - -Use the following procedure to branch a sequenced virtual application package. - -**To branch a sequenced virtual application package** - -1. Open the Microsoft Application Virtualization (App-V) Sequencer. To specify the destination directory that contains the package (.sprj) you want to branch select **File**, **Open**. - -2. Navigate to the directory that contains the sequenced application you plan to branch and click **Open**. - -3. To save a copy of the package, in the App-V Sequencer, select **File**, **Save As**. Specify a new, unique name, and specify a new unique package root directory for the copy of the package. Click **Save**. - - **Important** - You must specify a new package name or you will overwrite the existing version of the package. - - - -~~~ -The sequencer will automatically generate new GUID files for the new package. The version number associated with the package will also be automatically appended to the OSD file name. -~~~ - -4. After you save the new version you can apply the required configuration changes and save the associated ICO, OSD, SFT, and SPRJ files to correct location on the Application Virtualization (App-V) server. - -## Related topics - - -[Tasks for the Application Virtualization Sequencer](tasks-for-the-application-virtualization-sequencer.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-cancel-loading-of-virtual-applications-from-the-desktop-notification-area.md b/mdop/appv-v4/how-to-cancel-loading-of-virtual-applications-from-the-desktop-notification-area.md deleted file mode 100644 index 32dfc28858..0000000000 --- a/mdop/appv-v4/how-to-cancel-loading-of-virtual-applications-from-the-desktop-notification-area.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: How to Cancel Loading of Virtual Applications from the Desktop Notification Area -description: How to Cancel Loading of Virtual Applications from the Desktop Notification Area -author: dansimp -ms.assetid: 4420a091-a344-48e9-a354-93bc0e2470eb -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Cancel Loading of Virtual Applications from the Desktop Notification Area - - -From the desktop notification area, you can cancel the loading of applications into the cache. Applications are loaded one application at a time; the progress bar shows you the application name, the percentage of application loaded, and the number of applications already processed compared to the total number of the applications queued. You can cancel any application load in progress before it is 100% loaded. You can skip the loading of all remaining applications as well. - -**To cancel loading applications** - -1. Right-click the Application Virtualization System icon in the notification area. - -2. Select **Cancel** and **Load All** from the pop-up menu. - -3. Click one of the following buttons in the **Microsoft App Virt - Confirm Cancel** dialog to achieve the desired results: - - 1. **Skip**—To skip the currently loading application. - - 2. **Skip All**—To skip all remaining applications. - - 3. **Continue**—To cancel the dialog box and continue loading applications. - -## Related topics - - -[How to Use the Desktop Notification Area for Application Virtualization Client Management](how-to-use-the-desktop-notification-area-for-application-virtualization-client-management.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-change-an-application-icon.md b/mdop/appv-v4/how-to-change-an-application-icon.md deleted file mode 100644 index 9e9dbf95b0..0000000000 --- a/mdop/appv-v4/how-to-change-an-application-icon.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -title: How to Change an Application Icon -description: How to Change an Application Icon -author: dansimp -ms.assetid: bd6cfb22-086b-43fd-b6f9-1907b5f16e83 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Change an Application Icon - - -You can use the following procedure to change an icon associated with the selected application directly from the **Results** pane of the **Application** node in the Application Virtualization Client Management Console. - -**To change an application icon** - -1. Move the cursor to the **Results** pane, and right-click the desired application. - -2. Select **Properties**. - -3. On the **General** tab, click **Change Icon**. - -4. Select the desired icon, or browse to another location to select the icon. After you've selected the icon, click **OK**. The new icon appears in the **Results** pane. - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-change-an-application-iconserver.md b/mdop/appv-v4/how-to-change-an-application-iconserver.md deleted file mode 100644 index 19445774d2..0000000000 --- a/mdop/appv-v4/how-to-change-an-application-iconserver.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: How to Change an Application Icon -description: How to Change an Application Icon -author: dansimp -ms.assetid: 52c870eb-4a54-410b-8abf-79395a53f846 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Change an Application Icon - - -You can use the following procedure to change an icon associated with the selected application directly from the **Results** pane of the **Application** node in the Application Virtualization Server Management Console. - -**To change an application icon** - -1. Right-click the application, and select **Properties** from the pop-up menu. - -2. On the **General** tab, click the **Browse** button next to **Icon Path**. - -3. Select the desired icon, or browse to another location to select the icon. After you've selected the icon, click **Open**. Click **OK** to apply. - - The new icon appears in the **Results** pane. The new icon is also displayed in the menus and in the client desktop notification area. - -## Related topics - - -[How to Manage Applications in the Server Management Console](how-to-manage-applications-in-the-server-management-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-change-deployment-properties.md b/mdop/appv-v4/how-to-change-deployment-properties.md deleted file mode 100644 index f9eb0b5d3f..0000000000 --- a/mdop/appv-v4/how-to-change-deployment-properties.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: How to Change Deployment Properties -description: How to Change Deployment Properties -author: dansimp -ms.assetid: 0a214a7a-cc83-4d04-89f9-5727153be918 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Change Deployment Properties - - -You can use the following procedures to change the **Deployment** tab information for an application you are sequencing, including the Application Virtualization server URL, the operating systems required by the virtualized applications, and the output options for the virtual application to be installed. - -**To change the server URL** - -1. Select the streaming protocol from the drop-down list box. - -2. Enter the host name of the virtual application server or the server group's load balancer. You can use the actual host name or IP address. - -3. Specify the port number on which the virtual application server or load balancer will listen for an Application Virtualization Desktop Client request for the streamed application. - -4. Specify the relative path on the virtual application server where the software package is stored. - -**To change the application operating systems requirements** - -1. To add the required operating system(s), select it in the **Available** list and click the arrow button pointing to the **Selected** operating systems list control. - -2. To remove an operating system, select it in the **Selected** list control, and click the arrow button pointing to the **Available** operating systems list control. - -**To change the application output options** - -1. From the **Compression Algorithm** drop-down list, select the compression method to use when streaming the application. - -2. Select the **Enforce Security Descriptors** check box to ensure security descriptors of the packaged applications are enforced when deployed. - -3. Select **Generate Difference File** to generate a difference file for the application from the previous sequenced version. - -4. Select **Generate Microsoft Windows Installer (MSI) Package** to create an installer package. - -## Related topics - - -[About the Deployment Tab](about-the-deployment-tab.md) - -[Sequencer Console](sequencer-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-change-import-search-paths.md b/mdop/appv-v4/how-to-change-import-search-paths.md deleted file mode 100644 index fef1c273d9..0000000000 --- a/mdop/appv-v4/how-to-change-import-search-paths.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: How to Change Import Search Paths -description: How to Change Import Search Paths -author: dansimp -ms.assetid: 0125f2bf-4958-4854-a5a4-a63afe5bb986 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Change Import Search Paths - - -You can use the following procedure to change the import search path directly from the **Application Virtualization** node in the Application Virtualization Client Management Console. The import search path is used by the client to find the SFT file when you use the console to import an SFT file. If it can find the file in this search path, it will not need to prompt you for a path. - -**To change the import search path** - -1. Right-click the **Application Virtualization** node, and select **Properties** from the pop-up menu. - -2. On the **Import Search Path** tab in the **Properties** dialog box, click **Add** to display a standard **Browse** dialog box and browse to the desired location. - -3. Highlight a path, and click **Remove** to delete this path. - -4. Use the **Move Up** and **Move Down** buttons to control the order in which the paths will be searched. - -5. Click **OK** or **Apply** to change the setting. - -## Related topics - - -[How to Configure the Client in the Application Virtualization Client Management Console](how-to-configure-the-client-in-the-application-virtualization-client-management-console.md) - -[How to Import an Application](how-to-import-an-application.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-change-package-properties.md b/mdop/appv-v4/how-to-change-package-properties.md deleted file mode 100644 index 565e4c27e9..0000000000 --- a/mdop/appv-v4/how-to-change-package-properties.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: How to Change Package Properties -description: How to Change Package Properties -author: dansimp -ms.assetid: 6050916a-d4fe-4dac-8f2a-47308dbbf481 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Change Package Properties - - -You can use the following procedures to modify an Application Virtualization package name and its associated comments. - -If this is the first time the package has been created, you can also change the sequencing parameter block size, which determines how a sequenced application package is streamed from an Application Virtualization Server to an Application Virtualization Desktop Client. - -**Note**   -When selecting a block size, consider the size of the SFT file and your network bandwidth. A file with a smaller block size takes longer to stream over the network, but it is less bandwidth intensive. Files with larger block sizes might stream faster, but they use more network bandwidth. Through experimentation, you can discover the optimum block size for streaming applications on your network. - - - -The remainder of the package properties on the **Properties** tab is automatically generated and cannot be modified on this tab. - -**To change the package name or comments** - -1. Click the **Properties** tab. - -2. In the **Package Name** text box, enter or edit the single name used for the package, which can contain multiple applications. - -3. In the **Comments** text box, optionally enter or edit any comments. The suggested best practice is to provide detail information about the package and sequencing. - -4. From the **File** menu, select **Save**. - -**To change the block size** - -1. Click the **Properties** tab. - -2. On the **Block Size** drop-down list, select **4 KB**, **16 KB**, **32 KB**, or **64 KB**. - -3. From the **File** menu, select **Save**. - -## Related topics - - -[About the Properties Tab](about-the-properties-tab.md) - -[Sequencer Console](sequencer-console.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-change-the-cache-size-and-the-drive-letter-designation.md b/mdop/appv-v4/how-to-change-the-cache-size-and-the-drive-letter-designation.md deleted file mode 100644 index 0aed8a88e3..0000000000 --- a/mdop/appv-v4/how-to-change-the-cache-size-and-the-drive-letter-designation.md +++ /dev/null @@ -1,70 +0,0 @@ ---- -title: How to Change the Cache Size and the Drive Letter Designation -description: How to Change the Cache Size and the Drive Letter Designation -author: dansimp -ms.assetid: e7d7b635-079e-41aa-a5e6-655f33b4e317 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Change the Cache Size and the Drive Letter Designation - - -You can change the cache size and drive letter designation directly from the **Application Virtualization** node in the Application Virtualization Client Management Console. - -**Note** -After the cache size has been set, it cannot be made smaller. - - - -**To change the cache size** - -1. Right-click the **Application Virtualization** node, and select **Properties** from the pop-up menu. - -2. Select the **File System** tab on the **Properties** dialog box. In the **Client Cache Configuration Settings** section, click one of the following radio buttons to choose how to manage the cache space: - - **Important** - If you select the **Use free disk space threshold** setting, the value you enter will set the cache size to the total disk size minus the free disk space threshold number you entered. If you then want revert to using the **Use maximum cache size** setting, you must specify a larger number than the existing cache size. Otherwise, the error “New size must be larger than the existing cache size” will appear. - - - -~~~ -- **Use maximum cache size** - - Enter a numeric value from 100 to 1,048,576 (1 TB) in the **Maximum size (MB)** field to specify the maximum size of the cache. The value shown in **Reserved Cache Size** indicates the amount of cache in use. - -- **Use free disk space threshold** - - Enter a numeric value to specify the amount of free disk space, in MB, that the cache must leave available on the disk. This allows the cache to grow until the amount of free disk space reaches this limit. The value shown in **Free disk space remaining** indicates how much disk space is unused. -~~~ - -3. Click **OK** or **Apply** to change the setting. - -**To change the drive letter designation** - -1. Right-click the **Application Virtualization** node, and select **Properties** from the pop-up menu. - -2. On the **File System** tab in the **Properties** dialog box, in the **Drive to use** field, select the desired drive letter from the drop-down list of available drive letters. This setting becomes effective when the computer is rebooted. - -3. Click **OK** or **Apply** to change the setting. - -## Related topics - - -[How to Configure the Client in the Application Virtualization Client Management Console](how-to-configure-the-client-in-the-application-virtualization-client-management-console.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-change-the-log-reporting-levels-and-reset-the-log-files.md b/mdop/appv-v4/how-to-change-the-log-reporting-levels-and-reset-the-log-files.md deleted file mode 100644 index 4c3247ee57..0000000000 --- a/mdop/appv-v4/how-to-change-the-log-reporting-levels-and-reset-the-log-files.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: How to Change the Log Reporting Levels and Reset the Log Files -description: How to Change the Log Reporting Levels and Reset the Log Files -author: dansimp -ms.assetid: 9561d6fb-b35c-491b-a355-000064583194 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Change the Log Reporting Levels and Reset the Log Files - - -You can use the following procedure to change the log reporting level from the **Application Virtualization** node in the Application Virtualization Management Console. When the log file reaches the maximum size (default is 256 MB), a reset is forced when the next write to the log occurs. A reset causes a new log file to be created, and the old file is renamed as a backup. - -**To change the log reporting level** - -1. Right-click the **Application Virtualization** node, and select **Properties** from the pop-up menu. - -2. On the **General** tab in the **Properties** dialog box, from the **Log Level** drop-down list, select the desired log level. - - **Note**   - If you choose **Verbose** as the logging level, the log files will grow large very quickly. This might inhibit client performance, so best practice is to use this log level only for diagnosing specific problems. - - - -3. On the **General** tab in the **Properties** dialog box, from the **System Log Level** drop-down list, select the desired log level. - - **Note**   - The **System Log Level** setting controls the level of messages sent to the system event log. The logged messages are identical to the messages that get logged to the client event log, but they are stored in a different location. - - - -4. Click **OK** or **Apply** to change the setting. - -**To reset the log file** - -1. Right-click the **Application Virtualization** node, and select **Properties** from the pop-up menu. - -2. On the **General** tab in the **Properties** dialog box, click **Reset Log** to back up the current log file and immediately start a new log file. The backup log files are stored in the same folder. - -3. Click **OK** or **Apply** to change the setting. - -## Related topics - - -[How to Configure the Client in the Application Virtualization Client Management Console](how-to-configure-the-client-in-the-application-virtualization-client-management-console.md) - -[User Access Permissions in Application Virtualization Client](user-access-permissions-in-application-virtualization-client.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-change-the-server-cache-size.md b/mdop/appv-v4/how-to-change-the-server-cache-size.md deleted file mode 100644 index 5b61e12a03..0000000000 --- a/mdop/appv-v4/how-to-change-the-server-cache-size.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: How to Change the Server Cache Size -description: How to Change the Server Cache Size -author: dansimp -ms.assetid: 24e63744-21c3-458e-b137-9592f4fe785c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Change the Server Cache Size - - -You can use the following procedure to change the cache size for any server directly from the Application Virtualization Server Management Console. - -**Note**   -Although you can change the cache size, unless your configuration specifically requires you to change the size, it is recommended that you leave the cache size set to the default values. - - - -**To change the server cache size** - -1. Click the **Server Groups** node in the left pane to expand the list of server groups. - -2. In the **Results** pane, double-click the desired server group to display the list of servers in the group. - -3. In the **Results** pane, right-click the desired server and select **Properties**. - -4. Select the **Advanced** tab. - -5. Enter a value in the **Maximum Memory Allocation** field for the server cache, and enter a value for the threshold warning level in the **Warn Memory Allocation** field. - -6. Enter a value in the **Maximum Block Size** field. This number must be greater than or equal to the maximum block size of the largest package that will be streamed from the server. - -7. Click **OK**. - -## Related topics - - -[How to Change the Server Port](how-to-change-the-server-port.md) - -[How to Manage Servers in the Server Management Console](how-to-manage-servers-in-the-server-management-console.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-change-the-server-logging-level-and-the-database-parameters.md b/mdop/appv-v4/how-to-change-the-server-logging-level-and-the-database-parameters.md deleted file mode 100644 index baeeef43e1..0000000000 --- a/mdop/appv-v4/how-to-change-the-server-logging-level-and-the-database-parameters.md +++ /dev/null @@ -1,142 +0,0 @@ ---- -title: How to Change the Server Logging Level and the Database Parameters -description: How to Change the Server Logging Level and the Database Parameters -author: dansimp -ms.assetid: e3ebaee5-6c4c-4aa8-9766-c5aeb00f477a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Change the Server Logging Level and the Database Parameters - - -You can use the following procedures to change the logging level and the database log parameters from the Application Virtualization Server Management Console. - -The following logging levels are available: - -- Transaction Only - -- Fatal Errors - -- Errors - -- Warnings/Errors - -- Info/Warnings/Errors - -- Verbose - -**Note**   -Because of the size of the log file produced when you use **Verbose** mode, the recommendation is that you do not run production servers with this level of logging set. - - - -The database logging parameters determine the database driver type, access credentials, and location of the logging database. - -**To change the logging level for Management Servers** - -1. Click the **Server Groups** node to display the server groups. - -2. Right-click the server group, and select **Properties**. - -3. In the **Properties** dialog box, select the **Logging** tab. - -4. In the **Server Group Properties** dialog box, select the server and then click **Edit**. - -5. In the **Add/Edit Log Module** dialog box, select the logging level from the **Event Type** drop-down list. - -6. Click **OK**. - -7. In the **Server Group Properties** dialog box, click **OK** or **Apply**. - -**To change the logging level for Streaming Servers** - -1. Edit the following registry key value to change the logging level: - - - HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\DistributionServer\\LogLevel - -2. Select one of the following values to set the logging level. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ValueLogging Level

0

Transactions Only

1

Fatal Errors

2

Errors

3

Warnings/Errors

4

Information/ Warnings/Errors

5

Verbose

- - - -**To change database log parameters** - -1. Click the **Server Groups** node to display the server groups. - -2. Right-click the server group, and select **Properties**. - -3. In the **Properties** dialog box, select the **Logging** tab. - -4. In the **Server Group Properties** dialog box, select the server and then click **Edit**. - -5. In the **Add/Edit Log Module** dialog box, select a database driver from the **Database Driver** drop-down list. - -6. Enter a **DNS Host Name**. - -7. Click the **Dynamically Determine Port** check box, or enter a port number in the **Port** field. - -8. Enter a **Service Name** in the corresponding field. - -9. Click **OK**. - -10. On the **Server Group Properties** dialog box, click **OK** or **Apply**. - -## Related topics - - -[How to Customize an Application Virtualization System in the Server Management Console](how-to-customize-an-application-virtualization-system-in-the-server-management-console.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-change-the-server-port.md b/mdop/appv-v4/how-to-change-the-server-port.md deleted file mode 100644 index 14d1933fb9..0000000000 --- a/mdop/appv-v4/how-to-change-the-server-port.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: How to Change the Server Port -description: How to Change the Server Port -author: dansimp -ms.assetid: 0b4a262c-4816-48d0-b7c6-e496bb0d7370 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Change the Server Port - - -From the Application Virtualization Server Management Console, you can use the following procedure to change the server communication port for any server. - -**To change the server port** - -1. Click the **Server Groups** node in the left pane to expand the list of server groups. - -2. In the **Results** pane, double-click the desired server group to display the list of servers in the group. - -3. In the **Results** pane, right-click the desired server and select **Properties.** - -4. Select the **Ports** tab. - -5. Enter the **Port** number. - - **Note**   - The port number can be any value between 1 and 65,535. The default values are 554 for RTSP and 322 for RTSPS. - - - -6. Click **OK** to change the port number. - -7. Click **OK** to exit the dialog box. - -8. Click **OK** at the prompt. - -## Related topics - - -[How to Change the Server Cache Size](how-to-change-the-server-cache-size.md) - -[How to Manage Servers in the Server Management Console](how-to-manage-servers-in-the-server-management-console.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-change-the-size-of-the-filesystem-cache.md b/mdop/appv-v4/how-to-change-the-size-of-the-filesystem-cache.md deleted file mode 100644 index db72c07843..0000000000 --- a/mdop/appv-v4/how-to-change-the-size-of-the-filesystem-cache.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: How to Change the Size of the FileSystem Cache -description: How to Change the Size of the FileSystem Cache -author: dansimp -ms.assetid: 6ed17ba3-293b-4482-b3fa-31e5f606dad6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Change the Size of the FileSystem Cache - - -You can change the size of the FileSystem cache by using the command line. This action requires a complete reset of the cache, and it requires administrative rights. - -**To change the size of the FileSystem cache** - -1. Set the following registry value to 0 (zero): - - HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\AppFS\\State - -2. Set the following registry value to the maximum cache size, in MB, that is necessary to hold the packages—for example, 8192 MB: - - HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\AppFS\\FileSize - -3. Restart the computer. - -## Related topics - - -[How to Configure the App-V Client Registry Settings by Using the Command Line](how-to-configure-the-app-v-client-registry-settings-by-using-the-command-line.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-change-user-access-permissions.md b/mdop/appv-v4/how-to-change-user-access-permissions.md deleted file mode 100644 index e935af3cad..0000000000 --- a/mdop/appv-v4/how-to-change-user-access-permissions.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: How to Change User Access Permissions -description: How to Change User Access Permissions -author: dansimp -ms.assetid: 21b60cc7-5395-401e-a374-6ef0d58872b7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Change User Access Permissions - - -Use the following procedure to change user access permissions in the Application Virtualization Client Management Console. - -**Note**   -Before changing users access permissions, ensure that any permissions changes are consistent with the organization's guidelines for granting user access. - - - -**To change user access permissions** - -1. Right-click the **Application Virtualization** node, and select **Properties** from the pop-up menu. - -2. On the **Permissions** tab on the **Properties** dialog box, scroll through the list of permissions and select the check boxes that correspond to the permissions you want to grant to users of this computer. Administrators have access to all the permissions regardless of the settings on this tab. - -3. Click **OK** or **Apply** to change the setting. - -## Related topics - - -[How to Configure the Client in the Application Virtualization Client Management Console](how-to-configure-the-client-in-the-application-virtualization-client-management-console.md) - -[User Access Permissions in Application Virtualization Client](user-access-permissions-in-application-virtualization-client.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-clear-an-application.md b/mdop/appv-v4/how-to-clear-an-application.md deleted file mode 100644 index 2fba3e47a3..0000000000 --- a/mdop/appv-v4/how-to-clear-an-application.md +++ /dev/null @@ -1,40 +0,0 @@ ---- -title: How to Clear an Application -description: How to Clear an Application -author: dansimp -ms.assetid: 247b8f40-531c-413e-a2e5-fc990ed0a51a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Clear an Application - - -You can clear an application from the console directly from the **Results** pane of the **Application** node in the Application Virtualization Client Management Console. When you clear an application, the system removes the settings, shortcuts, and file type associations that correspond to the application and also removes the application from the user’s list of applications. - -**Note**   -When you clear an application from the console, you can no longer use that application. However, the application remains in cache and is still available to other users on the same system. After a publishing refresh, the cleared applications will again become available to you. If there are multiple applications in a package, the user's settings are not removed until all of the applications are cleared. - - - -**To clear an application from the console** - -1. Move the cursor to the **Results** pane, right-click the desired application, and select **Clear** from the pop-up menu. - -2. At the confirmation prompt, click **Yes** to remove the application or click **No** to cancel the operation. - - - - - - - - - diff --git a/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--rds--sp1.md b/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--rds--sp1.md deleted file mode 100644 index 0a694a6795..0000000000 --- a/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--rds--sp1.md +++ /dev/null @@ -1,186 +0,0 @@ ---- -title: How to Configure a Read-only Cache on the App-V Client (RDS) -description: How to Configure a Read-only Cache on the App-V Client (RDS) -author: dansimp -ms.assetid: b6607fe2-6f92-4567-99f1-d8e3c8a591e0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Configure a Read-only Cache on the App-V Client (RDS) - - -**Important**   -You must be running App-V 4.6, SP1 to use this procedure. - - - -You can deploy the App-V client by using a shared cache that is populated with all the applications required for all users. Then you configure the App-V Remote Desktop Services (RDS) Clients to use the same cache file. Users are granted access to specific applications by using the App-V publishing process. Because the cache is already preloaded with all applications, no streaming occurs when a user starts an application. However, the packages used to prepopulate the cache must be put on an App-V server that supports Real Time Streaming Protocol (RTSP) streaming and that grants access permissions to the App-V Clients. If you publish the applications by using an App-V Management Server, you can use it to provide this streaming function. - -**Note**   -The details outlined in these procedures are intended as examples only. You might use different methods to complete the overall process. - - - -## Deploying the App-V Client in an RDS Scenario - - -The deployment process consists of four primary tasks: - -- Creating and populating the master shared cache file - -- Copying the shared cache file to the server storage - -- Configuring the App-V client software - -- Managing the update deployment cycle for the shared cache file after the initial deployment - -These tasks require careful planning. We recommend that you prepare and document a methodical, reproducible process for your organization to follow. This is especially important for the preparation and deployment of the master shared cache file, and for the ongoing management of application updates, each of which require an update to the master shared cache. Use the following procedures to complete these primary tasks. - -**Note**   -Although you can publish the applications by using several different methods, the following procedures are based on your using an App-V Management Server for publishing. - - - -**To configure the read-only cache for initial deployment** - -1. Set up and configure an App-V Management Server to provide user authentication and publishing support. - -2. Populate the Content folder of this Management Server with all the application packages required for all users. - -3. Set up a staging computer that has the App-V Client installed. Log on to the staging computer by using an account that has access to all applications so that the complete set of applications are published to the computer, and then stream the applications to cache so that they are fully loaded. - - **Important** - The staging computer must use the same operating system type and system architecture as those used by the VMs on which the App-V Client will run. - - - -4. Restart the staging computer in safe mode to make sure that the drivers are not started, because this would lock the cache file. - - **Note** - Or, you can stop and disable the Application Virtualization service, and then restart the computer. After the file is copied, remember to enable and start the service again. - - - -5. Copy the Sftfs.fsd cache file to a SAN where all the RDS servers can access it, such as in a shared folder. Set the folder access permissions to Read-only for the group Everyone and to Full Control for administrators who will manage the cache file updates. The location of the cache file can be obtained from the registry AppFS\\FileName. - - **Important** - You must put the FSD file in a location that has the responsiveness and reliability equal to locally attached storage performance, for example, a SAN. - - - -6. Install the App-V RDS Client on each RDS server, and then configure it to use the read-only cache by adding the following registry key values to the AppFS key on the client. The AppFS key is located at HKEY\_LOCAL\_MACHINE\\SOFTWARE\\\]Microsoft\\SoftGrid\\4.5\\Client\\AppFS for 32-bit computers and at HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\SoftGrid\\4.5\\Client\\AppFS for 64-bit computers. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
KeyTypeValuePurpose

FileName

String

path of FSD

Specifies the path of the shared cache file, for example, \RDSServername\Sharefolder\SFTFS.FSD (Required).

ReadOnlyFSD

DWORD

1

Configures the client to operate in Read-Only mode. This ensures that the client will not try to stream updates to the package cache. (Required)

ErrorLogLocation

String

path of error log (.etl) file

Entry used to specify the path of the error log. (Recommended. Use a local path such as C:\Logs\Sftfs.etl).

- - - -7. Configure each RDS server in the farm to use the publishing server and to use publishing update when users log on. As users log on to the RDS servers, a publishing update cycle occurs and publishes all the applications for which their account is authorized. These applications are run from the shared cache. - -**To configure the RDS client for package upgrade** - -1. Complete the upgrade and testing of the application package. - -2. Upgrade the package on the App-V server. Then, publish and stream the new version of the applications to the client on the staging computer so that they are fully loaded into cache. - -3. Restart the staging computer in safe mode to ensure the drivers are not started. - - **Note**   - Or, you can first stop and then disable the Application Virtualization service in the Services.msc, and restart the computer. After the file has been copied, remember to enable and start the service again. - - - -4. Copy the Sftfs.fsd cache file to a SAN where all the RDS servers can access it, such as in a shared folder. You can use a different file name, for example, SFTFS\_V2.FSD, to distinguish the new version. - -5. To configure the App-V RDS Client on each RDS server in the farm to use the updated shared cache file, change the AppFS registry key FILENAME value to point to the location of the updated file, for example, \\\\RDSServername\\Sharefolder\\SFTFS\_V2.FSD. This guarantees that each RDS server receives the updated copy of the cache when the App-Vclient drivers restart. - - **Important**   - You must restart the RDS servers in order to use the updated shared cache file. - - - -## How to Use Symbolic Links when Upgrading the Cache - - -Instead of changing the AppFS key FILENAME value every time that a new cache file is deployed that contains new or upgraded packages, you can use a symbolic link in the following operating systems: Windows Vista, Windows 7, and Windows Server 2008. For more information about symbolic links, see [Symbolic Links](https://go.microsoft.com/fwlink/?LinkId=157626) (https://go.microsoft.com/fwlink/?LinkId=157626). In contrast, Windows XP does not support the use of symbolic links, and you must use junction points instead. For more information about junctions, see [article 205524](https://go.microsoft.com/fwlink/?LinkId=182553) in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=182553), and also the tool [Junction v1.05](https://go.microsoft.com/fwlink/?LinkId=182554) (https://go.microsoft.com/fwlink/?LinkId=182554). - -**To configure a symbolic link to reference the cache** - -1. During the initial deployment stage, open a Command Prompt window as a local administrator on the RDS server host operating system. - -2. Create a symbolic link by using the MKLINK command, and then configure it to point to the Sftfs.fsd file. - - **     mklink symlinkname \\\\rdshostserver\\sharefolder\\sftfs.fsd** - -3. On the VDI Master VM Image, open a Command Prompt window by using the **Run as administrator** option and grant remote link permissions so that the VM can access the symbolic link on the VDI Host operating system. By default, remote link permissions are disabled. - - **fsutil behavior set SymlinkEvaluation R2R:1** - - **Note**   - On the storage server, appropriate link permissions must be enabled. Depending on the location of link and the Sftfs.fsd file, the permissions are **L2L:1** or **L2R:1** or **R2L:1** or **R2R:1**. - - - -4. When you configure the App-V RDS Client, set the AppFS key FILENAME value equal to the UNC path of the FSD file that is using the symbolic link. For example, set the file name to \\\\VDIHostserver\\Symlinkname. When the App-V client first accesses the cache, the symbolic link passes to the client a handle to the cache file. The client continues to use that handle as long as the client is running. The value of the symbolic link can safely be updated even if existing clients have the old shared cache open. - -5. When you must upgrade a package or to add a new package to the cache, follow steps 1 through 4 of the upgrade procedure. Then, delete the symbolic link and re-create it to point to the new version of the shared cache file. This guarantees that each RDS server receives the updated copy of the cache when the App-V client drivers restart. When the RDS server is restarted, the App-V client receives a handle to the updated copy of the cache because the client uses the path that contains the updated symbolic link. Then, the users have access to the new and updated applications. - -## Related topics - - -[How to Install Application Virtualization Management Server](how-to-install-application-virtualization-management-server.md) - -[How to Manually Install the Application Virtualization Client](how-to-manually-install-the-application-virtualization-client.md) - -[How to Install the Client by Using the Command Line](how-to-install-the-client-by-using-the-command-line-new.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--vdi-.md b/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--vdi-.md deleted file mode 100644 index 8fd997eafd..0000000000 --- a/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--vdi-.md +++ /dev/null @@ -1,197 +0,0 @@ ---- -title: How to Configure a Read-only Cache on the App-V Client (VDI) -description: How to Configure a Read-only Cache on the App-V Client (VDI) -author: dansimp -ms.assetid: 7a41e017-9e23-4a6a-a659-04d23f008b83 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Configure a Read-only Cache on the App-V Client (VDI) - - -In Microsoft Application Virtualization (App-V) 4.6 the Client supports using a shared read-only cache. The shared read-only cache enables the Client to use disk space efficiently in a Virtual Desktop Infrastructure (VDI) system, where users run applications on Virtual Machines (VM) that are hosted in a data center server environment and share network storage on a Storage Area Network (SAN). The following procedures provide an overview of the process that is required to implement the App-V Client in either of the primary VDI architectures, known as “Pooled VM” or “Static VM”. It is assumed that you are familiar with the planning, deployment, and operation of the App-V system and its components, and also the operation and management of the VDI server. For more information about App-V, see [Application Virtualization](https://go.microsoft.com/fwlink/?LinkId=122939) (https://go.microsoft.com/fwlink/?LinkId=122939) - -**Note**   -The details outlined in these procedures are intended as examples only. You might use different methods to complete the overall process. - - - -## Deploying the App-V Client in a VDI Scenario - - -You can deploy the App-V Client in a VDI scenario by using a shared read-only cache that has been populated with all the applications required for all users. You then configure the VDI Master VM Image so that all the App-V Clients use the same cache file. Users are granted access to specific applications by using the App-V publishing process. Since the cache is already preloaded with all applications, no streaming occurs when a user starts an application. However, the packages used to prepopulate the cache must be put on an App-V server that supports Real Time Streaming Protocol (RTSP) streaming and that grants access permissions to the App-V Clients. If you publish the applications by using an App-V Management Server, you can use it to provide this streaming function. - -The deployment process consists of four primary tasks: - -- Creating and populating the master shared cache file - -- Copying the shared cache file to the VDI server storage - -- Configuring the App-V client software on the VDI Master Image - -- Managing the update deployment cycle for the shared cache file after the initial deployment - -These tasks require careful planning. We recommend that you prepare and document a methodical, reproducible process for your organization to follow. This is especially important for the initial preparation and deployment of the master shared cache file, and for the on-going management of application updates, each of which require an update to the master shared cache. Use the following procedures to complete these primary tasks. - -**Note**   -Although you can publish the applications by using several different methods, the following procedures are based on the use of an App-V Management Server for publishing. - - - -**To configure the read-only cache for initial deployment in a Pooled VM VDI or Static VM VDI scenario** - -1. Set up and configure an App-V Management Server in a VM on the VDI server to provide user authentication and publishing support. - -2. Populate the Content folder of this Management Server with all the application packages required for all users. - -3. Set up a staging computer that has the App-V Client installed. Log on to the staging computer with an account that has access to all applications so that the complete set of applications are published to the computer, and then stream the applications to cache so that they are fully loaded. - - **Important** - The staging computer must use the same operating system type and system architecture as those used by the VMs on which the App-V Client will run. - - - -4. Restart the staging computer in Safe Mode to ensure the drivers are not started, which would lock the cache file. - - **Note** - Alternatively, you can stop and disable the Application Virtualization service, and then restart the computer. After the file has been copied, remember to enable and start the service again. - - - -5. Copy the Sftfs.fsd cache file to the VDI server’s SAN where all the VMs can access it, such as in a shared folder. Set the folder access permissions to Read-only for the group Everyone and to Full Control for administrators who will manage the cache file updates. The location of the cache file can be obtained from the registry AppFS\\FileName. - - **Important** - You must put the FSD file in a location that has the responsiveness and reliability equivalent to locally attached storage performance, for example, a SAN. - - - -6. Install the App-V Desktop Client on the VDI Master VM Image, and then configure it to use the read-only cache by adding the following registry key values to the AppFS key on the client. The AppFS key is located at HKEY\_LOCAL\_MACHINE\\SOFTWARE\\\[Wow6432Node\\\]Microsoft\\SoftGrid\\4.5\\Client\\AppFS. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
KeyTypeValuePurpose

FileName

String

path to FSD

Specifies the path to the shared cache file, for example, \VDIServername\Sharefolder\SFTFS.FSD (Required).

ReadOnlyFSD

DWORD

1

Configures the client to operate in Read-Only mode. This ensures that the client will not attempt to stream updates to the package cache. (Required)

ErrorLogLocation

String

path to error log (.etl) file

Entry used to specify the path to the error log. (Recommended. Use a local path such as C:\Logs\Sftfs.etl).

- - - -7. Configure the Master VM Image client to use the publishing server and to use publishing refresh at logon. As users log on to the VDI system and their VM is built from the Master VM Image, a publishing refresh cycle occurs and publishes all the applications for which their account is authorized. These applications are run from the shared cache. - -**To configure the client for package upgrade in a Pooled VM scenario** - -1. Complete the upgrade and testing of the application package. - -2. Upgrade the package on the App-V server. Then, publish and stream the new version of the applications to the client on the staging computer so that they are fully loaded into cache. - -3. Restart the staging computer in Safe Mode to ensure the drivers are not started. - - **Note**   - Alternatively, you can stop and disable the Application Virtualization service in the Services.msc, and then restart the computer. After the file has been copied, remember to enable and start the service again. - - - -4. Copy the Sftfs.fsd cache file to the VDI server’s SAN where all the VMs can access it, such as in a shared folder. You can use a different filename, for example, SFTFS\_V2.FSD, to distinguish the new version. - -5. To configure the App-V Desktop Client on the VDI Master VM Image to use the updated shared cache file, change the AppFS registry key FILENAME value to point to the location of the updated file, for example, \\\\VDIServername\\Sharefolder\\SFTFS\_V2.FSD. When users log off and then log on again, a new VM is created for them by using the updated Master Image. All their user settings will be retained and applied to the new VM. Then they have access to the updated applications. - -**To configure the client for package upgrade in a Static VM scenario** - -1. Complete the upgrade and testing of the application package. - -2. Upgrade the package on the App-V server. Then, publish and stream the new version of the applications to the client on the staging computer so that the applications are fully loaded into cache. - -3. Restart the staging computer in Safe Mode to ensure that the drivers are not started. - - **Note**   - Alternatively, you can stop and disable the Application Virtualization service in the Services.msc, and then restart the computer. After the file has been copied, remember to enable and start the service again. - - - -4. Copy the Sftfs.fsd cache file to the VDI server’s SAN where all the VMs can access it, such as in a shared folder. You can use a different filename, for example, SFTFS\_V2.FSD, to distinguish the new version. - -5. To configure the App-V Desktop Client on the VDI Master VM Image to use the updated shared cache file, change the AppFS registry key FILENAME value to point to the location of the updated file, for example, \\\\VDIServername\\Sharefolder\\SFTFS\_V2.FSD. This ensures that new users get the new version. - -6. Create a script that edits the AppFS key FILENAME value to set it to the location of the updated cache, for example, \\\\VDIServername\\Sharefolder\\SFTFS\_V2.FSD. Configure this script to run when the user logs off or logs on so that it runs before the App-V client drivers start, for example, by using Group Policy settings. When users log off and log on again, their existing VM is updated, and they will use the updated copy of the cache. Then, they have access to the updated applications. - -## How to Use Symbolic Links when Upgrading the Cache - - -Instead of modifying the AppFS key FILENAME value every time that a new cache file is deployed that contains new or upgraded packages, you can use a symbolic link in the following operating systems: Windows Vista, Windows 7, and Windows Server 2008. For more information about symbolic links, see [Symbolic Links](https://go.microsoft.com/fwlink/?LinkId=157626) (https://go.microsoft.com/fwlink/?LinkId=157626). In contrast, Windows XP does not support the use of symbolic links, and you must use junction points instead. For more information about junctions, see [article 205524](https://go.microsoft.com/fwlink/?LinkId=182553) in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=182553), and also the tool [Junction v1.05](https://go.microsoft.com/fwlink/?LinkId=182554) (https://go.microsoft.com/fwlink/?LinkId=182554). - -**To configure a symbolic link to reference the cache** - -1. During the initial deployment stage, open a Command Prompt window as a local administrator on the VDI server host operating system. - -2. Create a symbolic link by using the MKLINK command, and then configure it to point to the Sftfs.fsd file. - - **     mklink symlinkname \\\\vdihostserver\\sharefolder\\sftfs.fsd** - -3. On the VDI Master VM Image, open a Command Prompt window by using the **Run as administrator** option and grant remote link permissions so that the VM can access the symbolic link on the VDI Host operating system. By default, remote link permissions are disabled. - - **fsutil behavior set SymlinkEvaluation R2R:1** - - **Note**   - On the storage server, appropriate link permissions must be enabled. Depending on the location of link and the Sftfs.fsd file, the permissions are **L2L:1** or **L2R:1** or **R2L:1** or **R2R:1**. - - - -4. When you configure the App-V Desktop Client on the VDI Master VM Image, set the AppFS key FILENAME value equal to the UNC path of the FSD file that is using the symbolic link; for example, set it to \\\\VDIHostserver\\Symlinkname. When the App-V client first accesses the cache, the symbolic link passes to the client a handle to the cache file. The client continues to use that handle as long as the client is running. The value of the symbolic link can safely be updated even if existing clients have the old shared cache open. - -5. When you must upgrade a package or to add a new package to the cache, follow steps 1 through 5 of the upgrade procedure for either the Static VM or Pooled VM scenario. Then, delete the symbolic link and re-create it to point to the new version of the shared cache file. When the VM is restarted, the client receives a handle to the updated copy of the cache because the VM uses the path that contains the updated symbolic link. Then, the users have access to the new and updated applications. - -## Related topics - - -[How to Install Application Virtualization Management Server](how-to-install-application-virtualization-management-server.md) - -[How to Manually Install the Application Virtualization Client](how-to-manually-install-the-application-virtualization-client.md) - -[How to Install the Client by Using the Command Line](how-to-install-the-client-by-using-the-command-line-new.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-configure-management-server-security-post-installation.md b/mdop/appv-v4/how-to-configure-management-server-security-post-installation.md deleted file mode 100644 index c14a8c48a6..0000000000 --- a/mdop/appv-v4/how-to-configure-management-server-security-post-installation.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: How to Configure Management Server Security Post-Installation -description: How to Configure Management Server Security Post-Installation -author: dansimp -ms.assetid: 71979fa6-3d0b-4a8b-994e-cb728d013090 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure Management Server Security Post-Installation - - -Use the App-V Management Console to add the certificate and configure the App-V Management Server for enhanced security. You can use the following procedure to configure security post-installation. - -**To configure Management Server security post-installation** - -1. Open the App-V Management Console, and connect to the **Management Service** with App-V administrator privileges. - -2. Expand the server, expand **Server Groups**, and then select the appropriate server group with which the Management Server was registered. - -3. Right-click the Management Server object, and select **Properties**. - -4. On the **Ports** tab, click **Server Certificate** and complete the wizard to select the properly provisioned certificate. - - **Note**   - If no certificates are displayed in the wizard, a certificate has not been provisioned or the certificate does meet the requirements of App-V. - - - -5. Click **Next** to continue on to the **Welcome To Certificate Wizard** page. - -6. Select the correct certificate in the **Available Certificates** screen. - -7. Click **Finish**. - -8. After completing the wizard, clear **RTSP** as an available listening port. This prevents connections from being made over a non-secure communication channel. - -9. Click **Apply**, and restart the **Microsoft Virtual Application Server** service. Use the service’s MMC snap-in to accomplish this task. - -## Related topics - - -[How to Configure Streaming Server Security Post-Installation](how-to-configure-streaming-server-security-post-installation.md) - -[Troubleshooting Certificate Permission Issues](troubleshooting-certificate-permission-issues.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-configure-microsoft-sql-server-mirroring-support-for-app-v.md b/mdop/appv-v4/how-to-configure-microsoft-sql-server-mirroring-support-for-app-v.md deleted file mode 100644 index 2b4a53819a..0000000000 --- a/mdop/appv-v4/how-to-configure-microsoft-sql-server-mirroring-support-for-app-v.md +++ /dev/null @@ -1,92 +0,0 @@ ---- -title: How to Configure Microsoft SQL Server Mirroring Support for App-V -description: How to Configure Microsoft SQL Server Mirroring Support for App-V -author: dansimp -ms.assetid: 6d069eb5-109f-460a-836a-de49473b7035 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Configure Microsoft SQL Server Mirroring Support for App-V - - -You can use the following procedure to configure your Microsoft Application Virtualization (App-V) environment to use Microsoft SQL Server database mirroring. Configuring database mirroring can help with disaster recovery and failover scenarios. App-V 4.5 SP2 supports all modes of database mirroring currently available for Microsoft SQL Server 2005 and SQL Server 2008. - -**Note** -This procedure is written for administrators who are familiar with setting up and configuring SQL Server databases and database mirroring with Microsoft SQL Server, and therefore covers only the specific configuration settings that are unique to App-V. - - - -**To configure your App-V environment to use Microsoft SQL Server database mirroring** - -1. Set up SQL Server database mirroring of the App-V database following your standard business practices for database mirroring. Use the following links for general information about implementing Microsoft SQL Server database mirroring: - - - **Microsoft SQL 2005**—[Setting Up Database Mirroring](https://go.microsoft.com/fwlink/?LinkId=187478) (https://go.microsoft.com/fwlink/?LinkId=187478) - - - **Microsoft SQL 2008**—[Setting Up Database Mirroring](https://go.microsoft.com/fwlink/?LinkId=187477) (https://go.microsoft.com/fwlink/?LinkId=187477) - - In addition, you can find Best Practices information in [Database Mirroring Best Practices and Performance Considerations](https://go.microsoft.com/fwlink/?LinkId=190270) (https://go.microsoft.com/fwlink/?LinkId=190270). - -2. After mirroring has been set up, verify that the App-V database shows a status of **(Principal, Synchronized)**, and the mirrored database shows a status of **(Mirror, Synchronized / Restoring)**. Resolve any mirroring issues before proceeding to the next step. For additional information about monitoring the status, see [Monitoring Mirroring Status](https://go.microsoft.com/fwlink/?LinkId=190279) (https://go.microsoft.com/fwlink/?LinkId=190279). - -3. On the SQL Server computer that hosts the mirror of the App-V database, create the SQL Server Login for the network service account of the App-V Management Server by using the account name **<domain>\\<ManagementServerHostName>$**. - -4. Install the Microsoft SQL Server Native Client on the App-V Management Server, and on the computer running the App-V Management Web Service if installed on a different computer. If you plan to have additional App-V Management Servers connect to the mirrored SQL database for load balancing, you must install the Microsoft SQL Server Native Client on those computers as well. You can download the Microsoft SQL Server Native Client from the [Microsoft SQL Server 2008 Feature Pack](https://go.microsoft.com/fwlink/?LinkId=187479) page in the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=187479). - -5. Check the registry key **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Softgrid\\4.5\\Server\\SQLServerName** and make sure that it contains only the host name of the SQL Server. If it includes an instance name, for example *serverhostname\\instancename*, the instance name must be removed. - - **Important** - The App-V Management Server uses the TCP/IP networking library to communicate with the SQL Server when database mirroring is enabled, and therefore instance names cannot be used. The port numbers must be specified in the registry keys instead. - - - -6. Check the registry key **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Softgrid\\4.5\\Server\\SQLServerPort** and make sure that it contains the port number that is used for SQL on the SQL Server computer. If you are using a named instance this key value must be set to the port that is used for the named instance. - -7. Create the registry key **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Softgrid\\4.5\\Server\\SQLFailoverServerName** as REG\_SZ and then set the value to the host name of the SQL Server that hosts the mirror. - -8. Create the registry key **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Softgrid\\4.5\\Server\\SQLFailoverServerPort** as DWORD and then set the value to the port number that is used for SQL on the computer that is running SQL Server to host the mirror. If you are using a named instance for the mirror this key value must be set to the port number that is used for the named instance. - -9. On the computer that is running the App-V Management Web Service, configure the Universal Data Link (UDL) text file. In the directory where App-V is installed, double-click **SftMgmt.udl** and specify the following values: - - - On the **Provider** tab, select the OLE DB provider **SQL Server Native Client 10.0**. - - - Click **Next** to select the **Connection** tab. In the **Server Name** box, enter the server name of the SQL Server. Next, select **Use Windows NT Integrated Security**. Finally, click the list **Select the database**, and then select the App-V database name. - - - Click the **All** tab, and then select the entry **Failover Partner**. Click **Edit Value**, and then enter the server name of the failover SQL Server. Click **OK**. - - **Important** - The App-V system uses Kerberos authentication. Therefore, when you configure SQL mirroring where Kerberos Authentication is enabled on the SQL Server and the SQL Server service runs under a domain user account, you must manually configure an SPN. For more information, see “When SQL Service Uses Domain-Based Account” in the article [Configuring App-V Administration for a Distributed Environment](https://go.microsoft.com/fwlink/?LinkId=203186) (https://go.microsoft.com/fwlink/?LinkId=203186). - - - -10. To verify that database mirroring is running correctly, test the failover and confirm that the App-V Management Server continues to function correctly. - - **Important** - Proceed with care, and follow your standard business practices to ensure that system operations are not disrupted in the event of a failure. - - - -~~~ -After the failover has occurred successfully, as verified by using the SQL Server status monitoring information, right-click the **Applications** node in the App-V Management Console, and then select **Refresh**. The list of applications should display normally if the system is working correctly. -~~~ - -## Related topics - - -[How to Perform Administrative Tasks in the Application Virtualization Server Management Console](how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-configure-servers-for-esd-based-deployment.md b/mdop/appv-v4/how-to-configure-servers-for-esd-based-deployment.md deleted file mode 100644 index 1c79254fd6..0000000000 --- a/mdop/appv-v4/how-to-configure-servers-for-esd-based-deployment.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: How to Configure Servers for ESD-Based Deployment -description: How to Configure Servers for ESD-Based Deployment -author: dansimp -ms.assetid: 96208522-3a0c-4606-a10b-fc0ec0a12021 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure Servers for ESD-Based Deployment - - -This section provides procedures you can use to configure the Application Virtualization Streaming Servers, the IIS server, and the file server for your electronic software distribution–based deployment strategy. - -## In This Section - - -[How to Configure the Application Virtualization Streaming Servers](how-to-configure-the-application-virtualization-streaming-servers.md) -Provides a step-by-step procedure for configuring the Application Virtualization Streaming Servers. - -[How to Configure the Server for IIS](how-to-configure-the-server-for-iis.md) -Provides a step-by-step procedure for configuring the IIS server for your electronic software distribution deployment. - -[How to Configure the File Server](how-to-configure-the-file-server.md) -Provides a step-by-step procedure for configuring a local computer that is used as a file share and that streams applications to the Application Virtualization Desktop Client and the Client for Remote Desktop Services (formerly Terminal Services), for a deployment strategy where your site does not have server-class hardware installed. - -## Related topics - - -[Electronic Software Distribution-Based Scenario](electronic-software-distribution-based-scenario.md) - -[How to Install the Servers and System Components](how-to-install-the-servers-and-system-components.md) - -[How to Upgrade the Servers and System Components](how-to-upgrade-the-servers-and-system-components.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-configure-servers-for-server-based-deployment.md b/mdop/appv-v4/how-to-configure-servers-for-server-based-deployment.md deleted file mode 100644 index 5a4d8e1932..0000000000 --- a/mdop/appv-v4/how-to-configure-servers-for-server-based-deployment.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: How to Configure Servers for Server-Based Deployment -description: How to Configure Servers for Server-Based Deployment -author: dansimp -ms.assetid: 6371c37a-46eb-44e8-ad6b-4430c866c8b4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure Servers for Server-Based Deployment - - -This section provides procedures you can use to configure the Microsoft System Center Application Virtualization (App-V) Management Servers and Microsoft System Center Application Virtualization Streaming Servers, and the Internet Information Services (IIS) and file servers, as appropriate for your Application Virtualization Server-based deployment strategy. - -## In This Section - - -[How to Configure the Application Virtualization Management Servers](how-to-configure-the-application-virtualization-management-servers.md) -Provides a step-by-step procedure for configuring the Application Virtualization Management Servers. - -[How to Configure the Application Virtualization Streaming Servers](how-to-configure-the-application-virtualization-streaming-servers.md) -Provides a step-by-step procedure for configuring the Application Virtualization Streaming Servers. - -[How to Configure the Server for IIS](how-to-configure-the-server-for-iis.md) -Provides a step-by-step procedure for configuring the IIS server for your server-based deployment. - -[How to Configure the Server to be Trusted for Delegation](how-to-configure-the-server-to-be-trusted-for-delegation.md) -Provides detailed instructions about how to configure the server to be trusted for delegation. - -[Configuring the Firewall for the App-V Servers](configuring-the-firewall-for-the-app-v-servers.md) -Describes the firewall settings required for the App-V servers. - -[How to Install and Configure the Default Application](how-to-install-and-configure-the-default-application.md) -Describes how to install and configure the default application for testing the App-V system. - -## Related topics - - -[Application Virtualization Server-Based Scenario Overview](application-virtualization-server-based-scenario-overview.md) - -[Electronic Software Distribution-Based Scenario](electronic-software-distribution-based-scenario.md) - -[How to Install the Servers and System Components](how-to-install-the-servers-and-system-components.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-configure-shortcut-and-file-type-association-behavior-46-only.md b/mdop/appv-v4/how-to-configure-shortcut-and-file-type-association-behavior-46-only.md deleted file mode 100644 index c668b902eb..0000000000 --- a/mdop/appv-v4/how-to-configure-shortcut-and-file-type-association-behavior-46-only.md +++ /dev/null @@ -1,80 +0,0 @@ ---- -title: How to Configure Shortcut and File Type Association Behavior -description: How to Configure Shortcut and File Type Association Behavior -author: dansimp -ms.assetid: d6fd1728-4de6-4066-b36b-d4837d593d40 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure Shortcut and File Type Association Behavior - - -Shortcut and File Type Association (FTA) publishing policy is defined and controlled by the publishing XML file, which is sent to clients by a publishing server during a publishing refresh operation. When the client receives this information, it adds any newly published data about applications such as the icons and FTAs. Then, it removes any outdated publishing data. - -In App-V version 4.6, two registry key values have been defined to enable administrators to control this behavior. By default, shortcuts that are created locally by using the client console are now retained. - -## How to Change Shortcut and FTA Behavior - - -Two new DWORD registry values have been defined for the client Configuration registry key, “FileTypePolicy” and “ShortcutPolicy”. These DWORD registry values are not present by default, but they can be added manually. The Configuration registry key is located at HKEY\_LOCAL\_MACHINE\\SOFTWARE\\\[Wow6432Node\\\]Microsoft\\SoftGrid\\4.5\\Client\\Configuration. - -There are four policy values defined in the following table and these apply to both registry key values. The following list shows the numeric values for the registry settings, and the behavior applied to file types or shortcuts on a publishing refresh operation. - - ------ - - - - - - - - - - - - - - - - - - - - -

Name

Type

Data (Examples)

Description

FileTypePolicy

DWORD

Default=0x2 (App-V 4.6)

(0x0) – “ClientOnly”- remove any existing items from the same publishing information source, and keep only items that are added locally

-

(0x1) – “ServerOnly” - remove any outdated items from the same publishing information source and any items that are added locally, and add the new items

-

(0x2) – “ClientAndServer”- remove any outdated items from the same publishing information source, keep items added locally, and add the new items (default if not present for App-V 4.6)

-

(0x3) – “NoChange” - make no changes to file types or shortcuts

ShortcutPolicy

DWORD

Default=0x2

(0x0) – “ClientOnly”- remove any existing items from the same publishing information source, and keep only items added locally

-

(0x1) – “ServerOnly” - remove any outdated items from the same publishing information source and any items added locally, and add the new items

-

(0x2) – “ClientAndServer”- remove any outdated items from the same publishing information source, keep items added locally, and add the new items (default if not present)

-

(0x3) – “NoChange” - make no changes to file types or shortcuts

- - - -**Note**   -The text values refer to the values for the XML attributes in the publishing XML file.  You can set these values manually if you have implemented a custom HTTP publishing solution. - - - - - - - - - - - diff --git a/mdop/appv-v4/how-to-configure-streaming-server-security-post-installation.md b/mdop/appv-v4/how-to-configure-streaming-server-security-post-installation.md deleted file mode 100644 index afe7d0a2da..0000000000 --- a/mdop/appv-v4/how-to-configure-streaming-server-security-post-installation.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: How to Configure Streaming Server Security Post-Installation -description: How to Configure Streaming Server Security Post-Installation -author: dansimp -ms.assetid: 9bde3677-d1aa-4dcc-904e-bb49a268d748 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure Streaming Server Security Post-Installation - - -Configure the App-V Streaming Server for enhanced security through the registry. As with the App-V Management Server, a certificate must be correctly provisioned with the correct EKU identifier for Server Authentication before you complete the following post-installation procedure. - -**To configure Streaming Server security post-installation** - -1. Create an MMC, add the **Certificates** snap-in, and select **Local Machine certificate store**. - -2. Open the **Personal** certificates for the computer, and open the certificate provisioned for App-V. - -3. On the **Details** tab, scroll down to the thumbprint and copy the hash in the details pane. - -4. Open the registry editor, and navigate to `HKLM\Software\Microsoft\SoftGrid\4.5\Distribution server`. - -5. Edit the `X509CertHash` value, paste the thumbprint hash in the value field, and remove all spaces. Click **OK** to accept the edit. - -6. In the registry editor, navigate to `HKLM\Software\Microsoft\SoftGrid\4.5\Distribution server\RtspsPorts`. - -7. Create a new **DWORD** value named "322," and then enter the decimal value as 322 or the hexadecimal value as 142. - -8. Restart the streaming service. - -## Related topics - - -[How to Configure Management Server Security Post-Installation](how-to-configure-management-server-security-post-installation.md) - -[Troubleshooting Certificate Permission Issues](troubleshooting-certificate-permission-issues.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-configure-the-app-v-client-registry-settings-by-using-the-command-line.md b/mdop/appv-v4/how-to-configure-the-app-v-client-registry-settings-by-using-the-command-line.md deleted file mode 100644 index 03e3ac7409..0000000000 --- a/mdop/appv-v4/how-to-configure-the-app-v-client-registry-settings-by-using-the-command-line.md +++ /dev/null @@ -1,79 +0,0 @@ ---- -title: How to Configure the App-V Client Registry Settings by Using the Command Line -description: How to Configure the App-V Client Registry Settings by Using the Command Line -author: dansimp -ms.assetid: 3e3d873f-13d2-402f-97b4-f62d0c399171 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Configure the App-V Client Registry Settings by Using the Command Line - - -After the Application Virtualization (App-V) Client has been deployed and configured during the installation by using the command line, it might be necessary to change one or more client configuration settings. This is accomplished by editing the appropriate registry keys, using one of the following methods: - -- Using the Registry Editor directly - -- Using a .reg file - -- Using a scripting language such as VBScript or Windows PowerShell - -There is also an ADM template that you can use. For more information about the ADM template, see . - -**Caution**   -Use care when you edit the registry because errors can leave the computer in an unusable state. Be sure to follow your standard business practices that relate to registry edits. Thoroughly test all proposed changes in a test environment before you deploy them to production computers. - - - -## In This Section - - -**Important**   -On a 64-bit computer, the keys and values described in the following sections will be under HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\SoftGrid\\4.5\\Client. - - - -[How to Reset the FileSystem Cache](how-to-reset-the-filesystem-cache.md) -Provides the information that is required to reset the FileSystem cache. - -[How to Change the Size of the FileSystem Cache](how-to-change-the-size-of-the-filesystem-cache.md) -Explains how you can change the size of the cache. - -[How to Use the Cache Space Management Feature](how-to-use-the-cache-space-management-feature.md) -Describes how you can configure the cache space management feature. - -[How to Configure the Client Log File](how-to-configure-the-client-log-file.md) -Describes the various registry key values that control the client log file and how you can change them. - -[How to Configure User Permissions](how-to-configure-user-permissions.md) -Identifies the registry key that controls the user permissions and gives examples of how you can change some permissions. - -[How to Configure the Client for Application Package Retrieval](how-to-configure-the-client-for-application-package-retrieval.md) -Explains how to configure the client to retrieve package content, icons, and file type associations from different sources, and provides several examples of the correct path format. - -[How to Configure the Client for Disconnected Operation Mode](how-to-configure-the-client-for-disconnected-operation-mode.md) -Provides information about how to configure the various settings associated with disconnected operations mode. - -[How to Configure Shortcut and File Type Association Behavior](how-to-configure-shortcut-and-file-type-association-behavior-46-only.md) -Describes the registry key values that control shortcuts and file type associations in the App-V client, and provides details on how to configure them. - -## Related topics - - -[Application Virtualization Client](application-virtualization-client.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-configure-the-app-v-sequencer.md b/mdop/appv-v4/how-to-configure-the-app-v-sequencer.md deleted file mode 100644 index 615d3a60b6..0000000000 --- a/mdop/appv-v4/how-to-configure-the-app-v-sequencer.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: How to Configure the App-V Sequencer -description: How to Configure the App-V Sequencer -author: dansimp -ms.assetid: 0f43f618-80b0-4715-af17-90f5c673d838 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure the App-V Sequencer - - -The topics in this section provide detailed information about the associated Application Virtualization (App-V) Sequencer configuration tasks. - -## In This Section - - -[How to Modify the Log Directory Location](how-to-modify-the-log-directory-location.md) -Provides a step-by-step procedure you can use to modify the location of the log directory. - -[How to Create the Sequencer Package Root Directory](how-to-create-the-sequencer-package-root-directory.md) -Provides a step-by-step procedure you can use to create the package root directory. - -[How to Modify the Scratch Directory Location](how-to-modify-the-scratch-directory-location.md) -Provides a step-by-step procedure you can use to modify the location of scratch directory. - -## Related topics - - -[Application Virtualization Sequencer](application-virtualization-sequencer.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-configure-the-app-v-system-for-package-upgrade.md b/mdop/appv-v4/how-to-configure-the-app-v-system-for-package-upgrade.md deleted file mode 100644 index 85ccb5fd59..0000000000 --- a/mdop/appv-v4/how-to-configure-the-app-v-system-for-package-upgrade.md +++ /dev/null @@ -1,126 +0,0 @@ ---- -title: How to Configure the App-V System for Package Upgrade -description: How to Configure the App-V System for Package Upgrade -author: dansimp -ms.assetid: de133898-f887-46c1-9bc9-fbb03feac66a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure the App-V System for Package Upgrade - - -When you deploy a new version of an existing application package that has been upgraded in the App-V Sequencer, you can deploy it so that the App-V clients automatically stream the new version to the local cache. Depending on the streaming solution you use, there are different procedures for configuring the package upgrade. The following sections describe the most typical scenarios for publishing and streaming, and include the procedures necessary for configuring the package upgrade for each scenario. - -## Using a Management Server for both publishing and streaming - - -In this scenario, a single App-V Management Server is used for both publishing and streaming of packages and applications, and the RTSP(S) protocol is required. When the original package is imported to the App-V Management Server, the administrator copies the package folder that contains the files created by the sequencer to the CONTENT folder, for example, to \\\\server\\CONTENT\\packagename. The administrator also edits the HREF entry in the OSD file to point to the SFT file in the package folder, and then imports the package to the server. - -When a user is authenticated by the Management Server, the server publishes the user’s applications by sending the applist.xml file to the client. The client then retrieves the OSD files and icons for the applications from the Management Server. When the user double-clicks an application icon, the application content is streamed to the client cache from the path that is specified in the OSD file, and the application is started. - -### To upgrade the package - -To add a new version of an application that has been upgraded in the App-V Sequencer, the administrator must copy the new SFT file and any other modified files to the same folder as the original version of the application. The administrator will then use **Add Version** in the server management console to add the new version of the package. - -When the user next starts the application, the server streams the new version to the client automatically. This specific method of upgrading a package was formerly known as an active upgrade. - -## Using a Management Server for publishing and a Streaming Server for streaming - - -In this scenario, the App-V Management Server is used for publishing the packages, and the Streaming Server is used for streaming packages and applications. The RTSP(S) protocol is required. When the original package is imported to the Management Server, the administrator copies the package folder that contains the files created by the sequencer to the CONTENT folder, for example, to \\\\server\\CONTENT\\packagename. The administrator edits the HREF entry in the OSD file to point to the SFT file on the Streaming Server, and then imports the package to the Management Server. - -To set up the Streaming Server, the administrator copies the package folder from the Management Server to the CONTENT folder on the Streaming Server. This folder must have the same name and relative path under the Streaming Server’s CONTENT folder as on the Management Server, for example, \\\\streamingserver\\CONTENT\\packagename. - -If the client’s Application Source Root (ASR) setting is configured to point to the Streaming Server, the client uses this setting instead of the server name in the HREF entry in the OSD file. The ISR and OSR fields on the client can optionally be configured to point to either the Management Server or the Streaming Server, depending on the specific system architecture that is used. - -When a user is authenticated by the Management Server, the server publishes the user’s applications by sending the applist.xml file to the client. The client retrieves the OSD files and icons for the applications from either the Streaming Server or the Management Server, depending on the settings in the OSR and ISR fields. - -When the user double-clicks an application icon, the client uses the path to the package content file (SFT) that is contained in the OSD file HREF element. If the ASR is used the client replaces the server name (and port and protocol, if used) in the HREF element with the path to the Streaming Server that is specified in the ASR. The application is then streamed from the Streaming Server to the client cache and is started. - -### To upgrade the package - -To add a new version of an application that has been upgraded in the App-V Sequencer, the administrator must copy the new version of the SFT file and any other modified files to the same folder as the original version of the application on the Streaming Server. - -For consistency, we recommend that you copy new files to the folder on the Management Server as well. In particular, if you use the client’s OSR or ISR fields, copy the updated OSD file and icons to the server that is specified in the OSR and ISR fields. - -After the Streaming Server detects the new version, the next time the user starts the application, the server streams the new version to the client automatically. - -## Using a Management Server for publishing and an IIS Server for streaming - - -In this scenario, the App-V Management Server is used for publishing the packages, and the IIS server is used for streaming packages and applications. When the original package is imported to the Management Server, the administrator copies the package folder that contains the files created by the sequencer to the CONTENT folder, for example, to \\\\server\\CONTENT\\packagename. The administrator edits the HREF entry in the OSD file so it points to the SFT file on the IIS server, and then imports the package to the Management Server. - -To set up the IIS server for streaming, the administrator copies the package folder from the Management Server to the CONTENT folder on the IIS Server. This folder must have the same name and relative path under the IIS server’s Web Content folder as on the Management Server; for example, the URL on the IIS Server can be accessed by using http://IISserver/CONTENT/packagename or https://IISserver/CONTENT/packagename. - -If the client’s Application Source Root (ASR) setting is configured to point to the IIS Server, the client uses the ASR instead of the server name in the HREF entry in the OSD file. You can optionally configure the ISR and OSR fields on the client to point to either the Management Server or the IIS Server, depending on the specific system architecture that you use. - -When the Management Server authenticates the user, the server publishes the user’s applications by sending the applist.xml file to the client. The client retrieves the OSD files and icons for the applications from either the IIS Server or the Management Server, depending on the settings in the ISR and OSR fields. - -When the user double-clicks an application icon, the client uses the path to the package content file (SFT) that is contained in the OSD file HREF element. If the ASR is used the client replaces the server name (and port and protocol, if used) in the HREF element with the path to the IIS Server that is specified in the ASR. The application is then streamed from the IIS server to the client cache by using the HTTP(S) protocol and is started. - -### To upgrade the package - -The procedure to upgrade the package is as follows: - -- Copy the new version of the OSD file to the original version’s folder under the Management Server’s CONTENT folder, for example \\\\server\\CONTENT\\packagename, and replace the existing OSD file. For consistency, copy any other modified files, too. If the client’s OSR or ISR fields are used, then also copy the updated OSD file and icons to the server that is specified in the OSR and ISR fields. - -- Copy the new version of the SFT file to the package folder under the Web Content folder on the IIS server; for example, the URL on the IIS Server can be accessed by using http://IISserver/CONTENT/packagename or https://IISserver/CONTENT/packagename. - -At the next publishing refresh, the client is updated with the new version of the OSD file. This file now points to the new version of the SFT file; therefore, when the user next double-clicks an application icon, the new version is started. - -## Using a Management Server for publishing and a File Share for Streaming - - -In this scenario, the App-V Management Server is used for publishing the packages, and the file server is used for streaming packages and applications. When the original package is imported to the Management Server, the administrator copies the package folder that contains the files created by the sequencer to the CONTENT folder, for example, to \\\\server\\CONTENT\\packagename. The administrator edits the HREF entry in the OSD file so that it points to the SFT file on the file server, and imports the package to the Management Server. - -To set up the file server for streaming, the administrator copies the package folder from the Management Server to the CONTENT folder on the file server. This folder must have the same name and relative path under the file server’s CONTENT folder as on the Management Server, for example \\\\fileserver\\CONTENT\\packagename. - -If the client’s Application Source Root (ASR) setting is configured to point to the file server by using a UNC path, for example \\\\fileserver\\content, the client uses this setting instead of the server name in the HREF entry in the OSD file. The administrator can optionally configure the ISR and OSR fields on the client to point to either the Management Server or the file server, depending on the specific system architecture being used. - -When the Management Server authenticates the user, the server publishes the user’s applications by sending the applist.xml file to the client. The client retrieves the OSD files and icons for the applications from either the file server or the Management Server, depending on the settings in the ISR and OSR fields. - -When the user double-clicks an application icon, the client uses the path to the package content file (SFT) that is contained in the OSD file HREF element. If the ASR is used, the client replaces the server name (and port and protocol, if used) in the HREF element with the path to the file server that is specified in the ASR. The application is then streamed from the file server to the client cache and is started. - -### To upgrade the package - -The procedure to upgrade the package is as follows: - -- Copy the new version of the OSD file to the original version’s folder under the Management Server’s CONTENT folder, for example \\\\server\\CONTENT\\packagename, replacing the existing OSD file. Any other modified files should be copied as well for consistency. If the client’s OSR or ISR fields are used, then also copy the updated OSD file and icons to the server that is specified in the OSR and ISR fields. - -- Copy the new version of the SFT file to the package folder under the CONTENT folder on the file server, for example \\\\fileserver\\CONTENT\\packagename. Copy the V2 SFT file to the folder under the CONTENT share on the file server, for example \\\\fileserver\\CONTENT\\packagename\\V1. - -At the next publishing refresh the client is updated with the new version of the OSD file. This file now points to new version of the SFT file, so when the user next double-clicks an application icon, the new version is started. - -## Upgrading the package by using MSI Streaming mode - - -When you generate a Windows Installer (MSI) file during sequencing a package, the sequencer creates a .MSI file that contains all the necessary publishing information. The administrator must copy the .MSI file to the client and the .SFT file containing the package content to a network share accessible by the client computer. - -To publish the application to the client, run the following command on the client computer: - -   **Msiexec.exe /i \\\\PathToMsi\\packagename.msi MODE=STREAMING OVERRIDEURL=\\\\\\\\server\\share\\package.sft** - -The .MSI file publishes the applications to the client and then streams the .SFT file to the client cache. - -### To upgrade the package - -To add a new version, an administrator must deploy a new .MSI file to the client and a new .SFT file to the network share. The administrator must then run the same command used to deploy the package, but use the new .MSI file and the new .SFT file, for example: - -   **Msiexec.exe /i \\\\PathToMsi\\packagename\_2.msi MODE=STREAMING OVERRIDEURL=\\\\\\\\server\\share\\package\_2.sft** - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-configure-the-application-virtualization-client-settings-manually.md b/mdop/appv-v4/how-to-configure-the-application-virtualization-client-settings-manually.md deleted file mode 100644 index 5dab5d7b35..0000000000 --- a/mdop/appv-v4/how-to-configure-the-application-virtualization-client-settings-manually.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: How to Configure the Application Virtualization Client Settings Manually -description: How to Configure the Application Virtualization Client Settings Manually -author: dansimp -ms.assetid: 53bd21d8-49eb-4c77-9692-c093ffe4c17c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure the Application Virtualization Client Settings Manually - - -This section contains procedures that administrators can use to configure the Application Virtualization (App-V) Desktop Client and the Application Virtualization (App-V) Client for Remote Desktop Services (formerly Terminal Services) and to manage applications by using the App-V Client Management Console. - -## In This Section - - -[How to Perform General Administrative Tasks in the App-V Client Management Console](how-to-perform-general-administrative-tasks-in-the-app-v-client-management-console.md) -Provides procedures that you can use to set up the Publishing Server and to refresh applications. - -[How to Configure the Client in the Application Virtualization Client Management Console](how-to-configure-the-client-in-the-application-virtualization-client-management-console.md) -Provides procedures that you can use to configure App-V Desktop Client and the App-V Client for Remote Desktop Services. - -## Related topics - - -[Application Virtualization Client](application-virtualization-client.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-configure-the-application-virtualization-management-servers.md b/mdop/appv-v4/how-to-configure-the-application-virtualization-management-servers.md deleted file mode 100644 index 8225fe37da..0000000000 --- a/mdop/appv-v4/how-to-configure-the-application-virtualization-management-servers.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -title: How to Configure the Application Virtualization Management Servers -description: How to Configure the Application Virtualization Management Servers -author: dansimp -ms.assetid: a9f96148-bf2d-486f-98c2-23409bfb0935 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure the Application Virtualization Management Servers - - -Before virtualized applications can be streamed to the Application Virtualization Desktop Client or the Client for Remote Desktop Services (formerly Terminal Services), the Application Virtualization Management Server must be configured. When you configure the server, you are setting up the *content directory* where the SFT files are loaded and stored. The SFT files contain the virtualized application (or applications). - -**Important**   -Application Virtualization Servers stream SFT files to the Desktop Client and the Client for Remote Desktop Services using only RTSP or RTSPS protocols. The ICO (icon) file and the OSD (open software descriptor) file can be configured to stream from a different file or HTTP server. - - - -**To configure the Application Virtualization Management Server** - -1. Complete the following procedure: - - [How to Install Application Virtualization Management Server](how-to-install-application-virtualization-management-server.md) - - **Note**   - During the installation procedure, you specify the location of the \\Content directory on the **Content Path** screen. - - - -2. Navigate to the location that you specified for the \\Content directory, and if necessary, create the directory. - -3. When the content directory is created, configure this directory as a standard file share. - -## Related topics - - -[Application Virtualization Server-Based Scenario](application-virtualization-server-based-scenario.md) - -[Application Virtualization System Requirements](application-virtualization-system-requirements.md) - -[Electronic Software Distribution-Based Scenario](electronic-software-distribution-based-scenario.md) - -[How to Configure Servers for Server-Based Deployment](how-to-configure-servers-for-server-based-deployment.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-configure-the-application-virtualization-streaming-servers.md b/mdop/appv-v4/how-to-configure-the-application-virtualization-streaming-servers.md deleted file mode 100644 index 8671c8e401..0000000000 --- a/mdop/appv-v4/how-to-configure-the-application-virtualization-streaming-servers.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: How to Configure the Application Virtualization Streaming Servers -description: How to Configure the Application Virtualization Streaming Servers -author: dansimp -ms.assetid: 3e2dde35-9d72-40ba-9fdf-d0338bd4d561 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure the Application Virtualization Streaming Servers - - -Before virtual applications can be streamed to the Application Virtualization Desktop Client or the Client for Remote Desktop Services (formerly Terminal Services), the Application Virtualization Streaming Servers must be configured. When you configure the servers, you are setting up the *content directory* where the SFT files are loaded and stored. The SFT files contain the virtual application (or applications). - -**Important**   -Application Virtualization Servers stream SFT files to the Desktop Client and the Client for Remote Desktop Services using only RTSP or RTSPS protocols. The ICO (icon) file and the OSD (open software descriptor) file can be configured to stream from a different file or HTTP server. - - - -**To configure the Application Virtualization Streaming Servers** - -1. Complete the installation procedure for the Application Virtualization Streaming Server. During the installation procedure, you specify the location of the \\Content directory on the **Content Path** screen. - -2. Navigate to the location that you specified for the \\Content directory, and if you have to, create the directory. - -3. When the Content directory is created, configure this directory as a standard file share. - -4. Configure the NTFS file system permissions to the Content directory and the package folders under the Content directory. You should use Security Groups in Active Directory Domain Services that define which users can access each application. - -## Related topics - - -[Application Virtualization Server-Based Scenario](application-virtualization-server-based-scenario.md) - -[Electronic Software Distribution-Based Scenario](electronic-software-distribution-based-scenario.md) - -[How to Configure the Application Virtualization Management Servers](how-to-configure-the-application-virtualization-management-servers.md) - -[How to Configure the File Server](how-to-configure-the-file-server.md) - -[How to Configure the Server for IIS](how-to-configure-the-server-for-iis.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-configure-the-client-for-application-package-retrieval.md b/mdop/appv-v4/how-to-configure-the-client-for-application-package-retrieval.md deleted file mode 100644 index 04f4c05542..0000000000 --- a/mdop/appv-v4/how-to-configure-the-client-for-application-package-retrieval.md +++ /dev/null @@ -1,169 +0,0 @@ ---- -title: How to Configure the Client for Application Package Retrieval -description: How to Configure the Client for Application Package Retrieval -author: dansimp -ms.assetid: 891f2739-da7a-46da-b452-b8c0af075525 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure the Client for Application Package Retrieval - - -When the client is configured with an Application Virtualization (App-V) Management Server as its publishing server, by default at the next publishing refresh cycle, the client retrieves from the server the Open Software Descriptor (OSD) and package manifest files for each package that the user is authorized to use. The client uses the package source information that is defined in these files to determine where to find the package content, icons, and file type associations. - -If you want the client to obtain the package content (SFT file) from a local App-V Streaming Server or other alternate source such as a Web server or file server, instead of from the App-V Management Server, you can configure the ApplicationSourceRoot registry key value on the computer to point to the local content share on the other server. The OSD file still defines the original source path for the package content. However the client uses the value of the ApplicationSourceRoot setting in place of the server and share that are specified in the content path in the OSD file. This redirects the client to retrieve the content from the other server. - -You can also configure the OSDSourceRoot and IconSourceRoot registry key values if you want to override those settings in the package manifest file or in the paths sent by a publishing server. The OSDSourceRoot specifies a source location for OSD file retrieval for an application package during publication. The IconSourceRoot specifies a source location for icon retrieval for an application package during publication. - -**Note** -- The IconSourceRoot and OSDSourceRoot settings override the values in the package manifest file, so if you try to deploy a package by using the Windows Installer (.msi) file method, it will also override the values in the package manifest file that is contained within that .msi file. - -- During both the publishing and HTTP(S) streaming operations,App-V 4.5 SP1 clients use the proxy server settings that are configured in Internet Explorer on the user’s computer. - - - -**To configure the ApplicationSourceRoot registry key value** - -- Configure the ApplicationSourceRoot in the following registry key value with either a UNC path or a URL: - - HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Configuration\\ApplicationSourceRoot - - The correct format for the Universal Naming Convention (UNC) path is **\\\\computername\\sharefolder\\\[folder\]\[\\\]**, where **folder** is optional. The **computername** can be a Fully Qualified Domain Name (FQDN) or an IP address, and **sharefolder** can be a drive letter. Only the **\\\\computername\\sharedfolder** or drive letter portion of the OSD path is replaced. - - The correct format for the URL path is **protocol://servername:\[port\]\[/path\]\[/\]**, where **port** and **path** are optional. If **port** is not specified, the default port for the protocol is used. Only the **protocol://server:port** portion of the OSD URL is replaced. - - **Important** - Environment variables are not supported in the ApplicationSourceRoot definition. - - - -~~~ -The following table lists examples of acceptable URL and UNC path formats. - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ApplicationSourceRootOSD File HREF PathResultComments

rtsps://mainserver:322

rtsp://appserver/productivity/office2k3.sft?customer=seq

rtsps://mainserver:322/productivity/office2k3.sft?customer=seq

rtsps://mainserver:322/prodapps

rtsp://appserver/productivity/office2k3.sft?customer=seq

rtsps://mainserver:322/prodapps/productivity/office2k3.sft?customer=seq

https://mainserver:443/prodapps

rtsp://appserver/productivity/office2k3.sft?customer=seq

https://mainserver:443/prodapps/productivity/office2k3.sft?customer=seq

rtsps://mainserver:322/prodapps

rtsp://%SFT_APPVSERVER%:554/productivity/office2k3.sft?customer=seq

rtsps://mainserver:322/prodapps/productivity/office2k3.sft?customer=seq

rtsps://mainserver:322

\\uncserver\share\productivity\office2k3.sft

rtsps://mainserver:322/productivity/office2k3.sft

‘\’ converted to ‘/’

rtsps://mainserver:322

file://\\uncserver\share\productivity\office2k3.sft

rtsps://mainserver:322/productivity/office2k3.sft

‘\’ converted to ‘/’

\\uncserver\share

rtsp://appserver/productivity/office2k3.sft?customer=seq

\\uncserver\share\productivity\office2k3.sft

‘/’ converted to ‘\’ and parameter dropped when converting to UNC path

\\uncserver\share\prodapps

rtsp://appserver/productivity/office2k3.sft?customer=seq

\\uncserver\share\prodapps\productivity\office2k3.sft

‘/’ converted to ‘\’ and parameter dropped when converting to UNC path

M:

\\uncserver\share\productivity\office2k3.sft

M:\productivity\office2k3.sft

M:\prodapps

\\uncserver\share\productivity\office2k3.sft

M:\prodapps\productivity\office2k3.sft

-~~~ - - - -**To configure the OSDSourceRoot value** - -- Configure the OSDSourceRoot in the following registry key value with either a UNC path or a URL: - - HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Configuration\\OSDSourceRoot - - Acceptable formats for the OSDSourceRoot include UNC paths and URLs, as in the following example: - - **\\\\computername\\sharefolder\\resource** or **\\\\computername\\content** or **<drive>:\\foldername** - - **http://computername/productivity/** or **https://computername/productivity/** - -**To configure the IconSourceRoot value** - -- Configure the IconSourceRoot in the following registry key value with either a UNC path or a URL: - - HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Configuration\\IconSourceRoot - - Acceptable formats for the IconSourceRoot include UNC paths and URLs, as in the following example: - - **\\\\computername\\sharefolder\\resource** or **\\\\computername\\content** or **<drive>:\\foldername** - - **http://computername/productivity/** or **https://computername/productivity/** - -## Related topics - - -[How to Configure the App-V Client Registry Settings by Using the Command Line](how-to-configure-the-app-v-client-registry-settings-by-using-the-command-line.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-configure-the-client-for-disconnected-operation-mode.md b/mdop/appv-v4/how-to-configure-the-client-for-disconnected-operation-mode.md deleted file mode 100644 index fe5c5331d3..0000000000 --- a/mdop/appv-v4/how-to-configure-the-client-for-disconnected-operation-mode.md +++ /dev/null @@ -1,69 +0,0 @@ ---- -title: How to Configure the Client for Disconnected Operation Mode -description: How to Configure the Client for Disconnected Operation Mode -author: dansimp -ms.assetid: 3b48464a-b8b4-494b-93e3-9a6d9bd74652 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure the Client for Disconnected Operation Mode - - -The disconnected operation mode enables the Application Virtualization (App-V) Desktop Client or the Application Virtualization (App-V) Client for Remote Desktop Services (formerly Terminal Services) to run applications that are stored in the file system cache of the client when the client cannot connect to the App-V Management Server. - -**Important**   -In a large organization where multiple Remote Desktop Session Host (RD°Session Host) servers (formerly Terminal Servers) are linked in a farm to support many users, using a single App-V Management Server to support the farm represents a single point of failure. To provide high availability to support the RD Session Host farm, consider linking two or more App-V Management Servers to use the same database. - - - -**To enable disconnected operation mode** - -- Set the following registry key value equal to 1 to enable disconnected operation mode: - - HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Network\\AllowDisconnectedOperation - -**To set a time limit on disconnected operation mode use** - -1. Set the following registry key value to 1: - - HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Network\\LimitDisconnectedOperation - -2. Set the following registry key value to the number of minutes you want to limit disconnected operation mode. The valid range of values is 1–999999. The default value is 90 days or 129,600 minutes. - - HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Network\\DOTimeoutMinutes - -**To configure the Client for Remote Desktop Services for disconnected operation mode** - -1. Set the following registry key value to 1 to enable disconnected operation mode: - - HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Network\\AllowDisconnectedOperation - -2. Set the following registry key value to 0 (zero) to allow unlimited use of disconnected operation mode: - - HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Network\\LimitDisconnectedOperation - -3. Ensure that all packages are preloaded into the cache to improve performance. - -## Related topics - - -[Disconnected Operation Mode](disconnected-operation-mode.md) - -[How to Configure the App-V Client Registry Settings by Using the Command Line](how-to-configure-the-app-v-client-registry-settings-by-using-the-command-line.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-configure-the-client-for-mit-kerberos-realm-support.md b/mdop/appv-v4/how-to-configure-the-client-for-mit-kerberos-realm-support.md deleted file mode 100644 index ee1c92f759..0000000000 --- a/mdop/appv-v4/how-to-configure-the-client-for-mit-kerberos-realm-support.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: How to Configure the Client for MIT Kerberos Realm Support -description: How to Configure the Client for MIT Kerberos Realm Support -author: dansimp -ms.assetid: 46102f4c-270c-4115-8eb4-7ff5ae3be32d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure the Client for MIT Kerberos Realm Support - - -In Application Virtualization (App-V) 4.5 SP1, support was added for MIT Kerberos realms. This topic provides detailed information on how to enable that support. - -**To enable support for MIT Kerberos Realms** - -- Create a new registry key named **UseMitKerberos** of type DWORD, as follows, and then set it to a value of 1. - - HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Network\\UseMitKerberos - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-configure-the-client-in-the-application-virtualization-client-management-console.md b/mdop/appv-v4/how-to-configure-the-client-in-the-application-virtualization-client-management-console.md deleted file mode 100644 index 951cbbb2d7..0000000000 --- a/mdop/appv-v4/how-to-configure-the-client-in-the-application-virtualization-client-management-console.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: How to Configure the Client in the Application Virtualization Client Management Console -description: How to Configure the Client in the Application Virtualization Client Management Console -author: dansimp -ms.assetid: d0868c9f-8fe9-442f-a9ad-ef30efb0f6b1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure the Client in the Application Virtualization Client Management Console - - -You can use the Application Virtualization Client Management Console to configure the Application Virtualization Desktop Client and the Client for Remote Desktop Services (formerly Terminal Services). - -## In This Section - - -[How to Change the Cache Size and the Drive Letter Designation](how-to-change-the-cache-size-and-the-drive-letter-designation.md) -Provides procedures you can use to change the cache size and the drive designation letter that represents the virtual drive. - -[How to Change the Log Reporting Levels and Reset the Log Files](how-to-change-the-log-reporting-levels-and-reset-the-log-files.md) -Provides procedures you can use to change the log reporting levels and to reset the log files. - -[How to Change User Access Permissions](how-to-change-user-access-permissions.md) -Provides a procedure you can use to change the user access permissions. - -[How to Change Import Search Paths](how-to-change-import-search-paths.md) -Provides a procedure you can use to set up client import search paths. - -[How to Set Up Periodic Publishing Refresh](how-to-set-up-periodic-publishing-refresh.md) -Provides a procedure you can use to establish a schedule for Application Virtualization Server refresh. - -[How to Set Up Publishing Refresh on Login](how-to-set-up-publishing-refresh-on-login.md) -Provides a procedure you can use to force Application Virtualization Server refresh on system login. - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-configure-the-client-log-file.md b/mdop/appv-v4/how-to-configure-the-client-log-file.md deleted file mode 100644 index e4a46cd129..0000000000 --- a/mdop/appv-v4/how-to-configure-the-client-log-file.md +++ /dev/null @@ -1,110 +0,0 @@ ---- -title: How to Configure the Client Log File -description: How to Configure the Client Log File -author: dansimp -ms.assetid: dd79f8ce-61e2-4dc8-af03-2a353554a1b2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure the Client Log File - - -You can use the following procedures to configure the Application Virtualization (App-V) Client log file. - -**To change the log file location** - -- Edit the following registry key value to specify the new path for the log file. You must restart the **sftlist** service after changing this value. This location can also be changed interactively after installation. - - HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Configuration\\LogFileName - -**To change the log reporting level** - -- By default, the type of messages that are written to the log include all events of severity level 4 (Informational) or higher. The severity level is stored in the following key value. Set this key value to 5 to enable verbose logging. Use verbose logging only for short periods during troubleshooting because it will generate a very large volume of messages and cause the log to fill up quickly. - - HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Configuration\\LogMinSeverity - -**To change the log size** - -- In Application Virtualization (App-V) 4.5, the log size is controlled by the following registry key value. This value defaults to 256 MB and defines the maximum size, in MB, that the log can grow to before being reset. - - HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Configuration\\LogMaxSize - - **Caution**   - This registry key value must be set to a value greater than zero to ensure the log file does get reset. - - - -**To change the number of backup copies** - -- When the log file reaches the maximum size, a reset is forced when the next write to the log occurs. A reset causes a new log file to be created, and the old file is renamed as a backup. The following registry setting controls the number of backup copies of the log file that are kept when the file is reset. The default value is 4. - - HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Configuration\\LogRolloverCount - - The format of the backup log file names is: **sftlog\_YYYYMMDD\_hhmmss-uuu.txt** and is based on the reset time, in Universal Coordinated Time (UTC). The following table lists the symbols used in creating the file names and their descriptions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SymbolDescription

YYYY

4-digit year

MM

2-digit month (01–12)

DD

2-digit day of the month (01–31)

hh

hour (00–23)

mm

minutes (00–59)

ss

seconds (00–59)

uuu

milliseconds (000–999)

- - - -## Related topics - - -[How to Configure the App-V Client Registry Settings by Using the Command Line](how-to-configure-the-app-v-client-registry-settings-by-using-the-command-line.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-configure-the-file-server.md b/mdop/appv-v4/how-to-configure-the-file-server.md deleted file mode 100644 index c9d01b4dba..0000000000 --- a/mdop/appv-v4/how-to-configure-the-file-server.md +++ /dev/null @@ -1,69 +0,0 @@ ---- -title: How to Configure the File Server -description: How to Configure the File Server -author: dansimp -ms.assetid: 0977554c-1741-411b-85e7-7e1cd017542f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure the File Server - - -You can use the following procedure to configure a local computer that is used as a file share and streams applications to the Application Virtualization Desktop Client and the Client for Remote Desktop Services (formerly Terminal Services). This scenario is used when you do not want to add an additional server infrastructure to your existing hardware environment. - -If you are using an Application Virtualization Management Server as a distribution point to the file share installed in local offices, you must configure this server before virtual applications can be streamed to the computers that are used as file shares. When you configure the servers and the file shares, you are setting up the content directory where the SFT files are loaded and stored. The SFT files contain the virtual application (or applications). - -**Important**   -For applications to stream properly to the Application Virtualization Desktop Client and the Client for Remote Desktop Services, the SFT file streams from the content directory on the server where you store the virtual application; the ICO (icon) file and the OSD (open software descriptor) file can be configured to stream from a different server. - - - -**To configure the Application Virtualization file server** - -1. Complete the following installation procedure to configure the server that is used as the distribution point: - - [How to Install Application Virtualization Management Server](how-to-install-application-virtualization-management-server.md) - - **Note**   - During the installation procedure, you specify the location of the \\Content directory on the **Content Path** screen. - - - -2. Create a \\Content directory, which corresponds to the directory you specified when you installed the server, on each computer that you are using as a file share. - - **Important**   - Configure the Application Virtualization Desktop Clients to stream applications from the computer you are using as a file share rather than from an Application Virtualization Server or IIS server. - - - -3. When the \\Content directory is created, configure this directory as a standard file share. - -## Related topics - - -[Application Virtualization Server-Based Scenario](application-virtualization-server-based-scenario.md) - -[Electronic Software Distribution-Based Scenario](electronic-software-distribution-based-scenario.md) - -[How to Configure the Application Virtualization Management Servers](how-to-configure-the-application-virtualization-management-servers.md) - -[How to Configure the Application Virtualization Streaming Servers](how-to-configure-the-application-virtualization-streaming-servers.md) - -[How to Configure the Server for IIS](how-to-configure-the-server-for-iis.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-configure-the-server-for-iis.md b/mdop/appv-v4/how-to-configure-the-server-for-iis.md deleted file mode 100644 index 4290cc9bf5..0000000000 --- a/mdop/appv-v4/how-to-configure-the-server-for-iis.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: How to Configure the Server for IIS -description: How to Configure the Server for IIS -author: dansimp -ms.assetid: 1fcfc583-322f-4a38-90d0-e64bfa9ee3d8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure the Server for IIS - - -Before virtual applications can be streamed to the Application Virtualization Desktop Client and the Client for Remote Desktop Services (formerly Terminal Services), the IIS servers must be configured. When you configure the servers, you are setting up the content directory where the SFT files are loaded and stored. The SFT files contain the virtual application (or applications). - -**To configure the content directory on the IIS server** - -1. On the server that is running IIS, locate the directory that you want to use as the content directory, or create the directory if it does not exist. Configure this directory as a standard file share. - -2. On the server that is running IIS, open **IIS Manager**, and under the default website, create a virtual directory that corresponds to the content directory that you created on the server. Make sure that **Read** is checked. - -3. Give the newly created virtual directory the alias **Content**. - -4. Accept all other default settings for this virtual directory. - -5. Configure the NTFS file system permissions to the content directory and the package folders under the content directory by using the Security Groups in Active Directory Domain Services that you defined earlier. - -**Note**   -If you are using IIS to publish the ICO and OSD files, you must configure a MIME type for OSD=TXT; otherwise, IIS will not serve the ICO and OSD files to clients. If you are using IIS to publish packages (SFT files), you must configure a MIME type for SFT=Binary; otherwise, IIS will not serve the SFT files to clients. - - - -## Related topics - - -[Application Virtualization Server-Based Scenario](application-virtualization-server-based-scenario.md) - -[Electronic Software Distribution-Based Scenario](electronic-software-distribution-based-scenario.md) - -[How to Configure the Application Virtualization Management Servers](how-to-configure-the-application-virtualization-management-servers.md) - -[How to Configure the Application Virtualization Streaming Servers](how-to-configure-the-application-virtualization-streaming-servers.md) - -[How to Configure the File Server](how-to-configure-the-file-server.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-configure-the-server-to-be-trusted-for-delegation.md b/mdop/appv-v4/how-to-configure-the-server-to-be-trusted-for-delegation.md deleted file mode 100644 index fec2c858fe..0000000000 --- a/mdop/appv-v4/how-to-configure-the-server-to-be-trusted-for-delegation.md +++ /dev/null @@ -1,136 +0,0 @@ ---- -title: How to Configure the Server to be Trusted for Delegation -description: How to Configure the Server to be Trusted for Delegation -author: dansimp -ms.assetid: d8d11588-17c0-4bcb-a7e6-86b5e4ba7e1c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure the Server to be Trusted for Delegation - - -When you install the Microsoft Application Virtualization (App-V) Management Server software, you can choose to install it by using a distributed system architecture. If you install the console, the Management Web Service, and the database on different computers, you must configure the Internet Information Services (IIS) server to be trusted for delegation. This is necessary because the Management Web Service will attempt to connect to the App-V data store by using the credentials of the App-V administrator who is using the console. The database server on which the data store is installed will not accept the administrator’s credentials from the IIS server unless the IIS server is configured to be trusted for delegation, and so the Management Web Service will not be able to connect to the App-V data store. - -**Note**   -If you install the App-V Management Server software on a single server and place the data store on a separate server, there is one situation in which you must still configure the server to be trusted for delegation even though the Management Web Service and Management Console are on the same server. This situation occurs if you need to connect to the Management Web Service in the console by using the **Use Alternate Credentials** option. - - - -The type of delegation that you can use depends on the Domain Functional Level that you have configured in your Active Directory Domain Services (AD DS) infrastructure. The following table lists the types of delegation that can be configured for each Domain Functional Level for App-V. Detailed instructions follow the table. - - ---- - - - - - - - - - - - - - - - - -
Domain Functional LevelDelegation Levels Available

Windows 2000 native

    -

  • No delegation (default)

    • -

  • Unconstrained delegation

    • -

Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2

    -

  • No delegation (default)

    • -

  • Unconstrained delegation¹

    • -

  • Constrained delegation (Use Kerberos Only Protocols)

    • -

  • Constrained delegation (Use any authentication protocol) ¹

    • -
- - - -¹ Not recommended. - -## To configure unconstrained delegation when the Domain Functional Level is Windows 2000 native - - -On the domain controller for your Web server’s domain, complete the following steps. - -**** - -1. Click **Start**, **Administrative Tools**, and then click **Active Directory Users and Computers**. - -2. Expand domain, and then expand the Computers folder. - -3. In the right pane, right-click the computer name for the Web server, and then click **Properties**. - -4. On the **General** tab, ensure that the **Trust computer for delegation** check box is selected. - -5. Click **OK**. - -## To configure unconstrained delegation when the Domain Functional Level is Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2 - - -On the domain controller for your Web server’s domain, complete the following steps. - -**** - -1. Click **Start**, click **Administrative Tools**, and then click **Active Directory Users and Computers**. - -2. Expand domain, and expand the Computers folder. - -3. In the right pane, right-click the computer name for the Web server, select **Properties**, and then click the **Delegation** tab. - -4. Click to select **Trust this computer for delegation to any service (Kerberos only)**. - -5. Click **OK**. - -## To configure constrained delegation when the Domain Functional Level is Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2 - - -On the domain controller for your Web server’s domain, complete the following steps. - -**** - -1. Click **Start**, click **Administrative Tools**, and then click **Active Directory Users and Computers**. - -2. Expand domain, and then expand the Computers folder. - -3. In the right pane, right-click the computer name for the Web server, select **Properties**, and then click the **Delegation** tab. - -4. Click to select **Trust this computer for delegation to specified services only**. - -5. Ensure that **Use Kerberos only** is selected, and then click **OK**. - -6. Click the **Add** button. In the **Add Services** dialog box, click **Users or Computers**, and then browse to or type the name of the Microsoft SQL server that has the App-V data store and is to receive the users credentials from IIS. Click **OK**. - -7. In the **Available Services** list, select the MSSQLSvc service that lists port number on which the Microsoft SQL Server is accepting connections for the App-V database (the default port is 1433). Click **OK**. - -### Additional steps to configure IIS 7 for constrained delegation - -If you are running the Management Web Service on an IIS 7 server, you must complete the following steps to set the IIS 7 *useAppPoolCredentials* variable to True. - -1. Open an elevated Command Prompt window. To open an elevated Command Prompt window, click **Start**, click **All Programs**, click **Accessories**, right-click **Command Prompt**, and then click **Run as administrator**. - -2. Navigate to %windir%\\system32\\inetsrv. - -3. Type **appcmd.exe set config -section:system.webServer/security/authentication/windowsAuthentication -useAppPoolCredentials:true**, and then press ENTER. - - - - - - - - - diff --git a/mdop/appv-v4/how-to-configure-user-permissions.md b/mdop/appv-v4/how-to-configure-user-permissions.md deleted file mode 100644 index 88e1049577..0000000000 --- a/mdop/appv-v4/how-to-configure-user-permissions.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: How to Configure User Permissions -description: How to Configure User Permissions -author: dansimp -ms.assetid: 54e69f46-b028-4ad1-9b80-f06ef5c8f559 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Configure User Permissions - - -You can enable and disable some actions for users who do not have administrative rights by editing the key values under the **Permissions** registry key (HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Permissions). This key is primarily designed to help prevent users from making mistakes rather than to provide any special security, because users with administrative rights can edit any of these key values. The following procedures are examples of how to change the key values. For more information about the Application Virtualization (App-V) Client registry keys and values, see . - -**To change user permissions** - -1. To enable the users to choose to run the client in offline mode, set the following key value to 1: - - HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Permissions\\ToggleOfflineMode - -2. To enable the users to view all applications through the user interface, set the following key value to 1. Setting the value to 0 (zero) allows the users to see only the applications that are available to them. - - HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Permissions\\ViewAllApplications - -## Related topics - - -[How to Configure the App-V Client Registry Settings by Using the Command Line](how-to-configure-the-app-v-client-registry-settings-by-using-the-command-line.md) - -[User Access Permissions in Application Virtualization Client](user-access-permissions-in-application-virtualization-client.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-configure-windows-server-2003-firewall-for-app-v.md b/mdop/appv-v4/how-to-configure-windows-server-2003-firewall-for-app-v.md deleted file mode 100644 index 3ec2889648..0000000000 --- a/mdop/appv-v4/how-to-configure-windows-server-2003-firewall-for-app-v.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: How to Configure Windows Server 2003 Firewall for App-V -description: How to Configure Windows Server 2003 Firewall for App-V -author: dansimp -ms.assetid: 2c0e80f8-41e9-4164-ac83-b23b132b489a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure Windows Server 2003 Firewall for App-V - - -Use the following procedure to configure the Windows Server 2003 firewall for App-V. - -**To configure Windows Server 2003 firewall for App-V** - -1. In **Control Panel**, open the **Windows Firewall**. - - **Note**   - If the server has not been configured to run the firewall service before this step, you will be prompted to start the firewall service. - - - -2. If ICO and OSD files are published through SMB, ensure that **File and Printer Sharing** is enabled on the **Exceptions** tab. - - **Note**   - If ICO and OSD files are published through HTTP/HTTPS on the Management Server, you might need to add an exception for HTTP or HTTPS. If the IIS server hosting the ICO and OSD files is hosted on a computer separate from the Management Server, you need to add the exception to that computer. To maximize performance, it is recommended that you host the ICO and OSD files on a separate server from the Management Server. - - - -3. Add a program exception for `sghwdsptr.exe`, which is the Management Server service executable. The default path to this executable is `%ProgramFiles%\Microsoft System Center App Virt Management Server\App Virt Management Server\bin`. - - **Note**   - If the Management Server uses RTSP for communication, you must also add a program exception for `sghwsvr.exe`. - - The App-V Streaming Server requires a program exception `sglwdsptr.exe` for RTSPS communication. The App-V Streaming Server that uses RTSP for communication also requires a program exception for `sglwsvr.exe`. - - - -4. Ensure that the proper scope is configured for each exception. To reduce risk, remove any computer and strictly limit the IP addresses to which the server will respond. - -## Related topics - - -[How to Configure Windows Server 2008 Firewall for App-V](how-to-configure-windows-server-2008-firewall-for-app-v.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-configure-windows-server-2008-firewall-for-app-v.md b/mdop/appv-v4/how-to-configure-windows-server-2008-firewall-for-app-v.md deleted file mode 100644 index 7e516a89fd..0000000000 --- a/mdop/appv-v4/how-to-configure-windows-server-2008-firewall-for-app-v.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: How to Configure Windows Server 2008 Firewall for App-V -description: How to Configure Windows Server 2008 Firewall for App-V -author: dansimp -ms.assetid: 57f4ed17-0651-4a3c-be1e-29d9520c6aeb -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Configure Windows Server 2008 Firewall for App-V - - -With the introduction of Windows Server 2008, the firewall and IPsec components were merged into one service, and the capabilities of this service were enhanced. The new firewall service supports incoming and outgoing stateful inspection. Also, you can configure specific firewall rules and IPsec policies through group policies. For additional information about the Windows firewall in Windows Server 2008, see . - -The following procedure does not include adding an exception for ICO and OSD publishing through SMB or HTTP/HTTPS. Those exceptions are automatically added based on the network profile and roles installed on the Windows Server 2008 firewall. - -**Note**   -If the Management Server is configured to use RTSP, repeat this procedure to add the `sghwsvr.exe` program as an exception. - -The App-V Streaming Server requires the program exception `sglwdsptr.exe` for RTSPS communication. An App-V Streaming Server that uses RTSP for communication also requires a program exception for `sglwsvr.exe`. - - - -**To configure Windows Server 2008 firewall for App-V** - -1. Open the **Windows Firewall with Advanced Security** management console through the Control Panel or by typing `wf.msc` on the Run line. - -2. Create a new inbound rule, and select **Program**. - -3. Select the program path, and browse to `sghwdsptr.exe`, which is located by default at `%ProgramFiles%\Microsoft System Center App Virt Management Server\App Virt Management Server\bin`. - -4. Click **Next**. - -5. On the **Action** page, select **Allow the connection**, and then click **Next**. - -6. Select the appropriate **Profiles** to apply to the inbound rule. - -7. Provide a name and description for the rule, and click **Finish**. - -## Related topics - - -[How to Configure Windows Server 2003 Firewall for App-V](how-to-configure-windows-server-2003-firewall-for-app-v.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-configure-windows-server-2008-for-app-v-management-servers.md b/mdop/appv-v4/how-to-configure-windows-server-2008-for-app-v-management-servers.md deleted file mode 100644 index 8368dd56f8..0000000000 --- a/mdop/appv-v4/how-to-configure-windows-server-2008-for-app-v-management-servers.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: How to Configure Windows Server 2008 for App-V Management Servers -description: How to Configure Windows Server 2008 for App-V Management Servers -author: dansimp -ms.assetid: 38b4016f-de82-4209-9159-387d20ddee25 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure Windows Server 2008 for App-V Management Servers - - -The Windows Server 2008 server on which you install the Microsoft Application Virtualization (App-V) Management Web Service requires Internet Information Services (IIS) to be installed as a role on the server. Use the following procedure to configure Windows Server 2008 to support App-V server installation. - -**To install IIS on a Windows Server 2008 computer** - -1. On the Windows Server 2008 computer, click **Start**, click **All Programs**, click **Administrative Tools**, and then click **Server Manager** to start Server Manager. In Server Manager, right-click the **Roles** node, and click **Add Roles** to start the **Add Roles Wizard**. - -2. In the **Add Roles Wizard**, on the **Select Server Roles** page, select **Web Server (IIS)**. When prompted, click **Add Required Features** to add the dependent features. - -3. On the **Select Server Roles** page, Click **Next**, and then click **Next** again. - -4. In the **Add Roles Wizard**, on the **Select Role Services** page: - - 1. Under **Application Development**, select **ASP.NET** and, when prompted, click **Add Required Role Services** to add the dependent roles services and features. - - 2. Under **Security**, select **Windows Authentication**. - - 3. In the **Management Tools** node, select **IIS Management Scripts and Tools**. Under **IIS 6 Management Compatibility**, ensure that both **IIS 6 Metabase Compatibility** and **IIS 6 WMI Compatibility** are selected, and then click **Next**. - -5. On the **Confirm Installation Selections** page, click **Install**, and then complete the rest of the wizard. - -6. Click **Close** to exit the **Add Roles Wizard**, and then close Server Manager. - -## Related topics - - -[Application Virtualization Deployment Requirements](application-virtualization-deployment-requirements.md) - -[Application Virtualization Deployment and Upgrade Checklists](application-virtualization-deployment-and-upgrade-checklists.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-connect-to-an-application-virtualization-system.md b/mdop/appv-v4/how-to-connect-to-an-application-virtualization-system.md deleted file mode 100644 index 169761167e..0000000000 --- a/mdop/appv-v4/how-to-connect-to-an-application-virtualization-system.md +++ /dev/null @@ -1,71 +0,0 @@ ---- -title: How to Connect to an Application Virtualization System -description: How to Connect to an Application Virtualization System -author: dansimp -ms.assetid: ac38216c-5464-4c0b-a4d3-3949ba6358ac -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Connect to an Application Virtualization System - - -You must connect the Application Virtualization Server Management Console to an Application Virtualization System before you can use the management console to manage applications, file type associations, packages, application licenses, server groups, provider policies and administrators. The following procedure outlines the steps you must follow to connect the console to an Application Virtualization System. - -**To connect to an Application Virtualization System** - -1. Right-click the Application Virtualization System node in the **Scope** pane, and select **Connect to Application Virtualization System** from the pop-up menu. - - **Note** - There are three components to Application Virtualization server management: the Application Virtualization Management Console, the Management Web Service, and the SQL Datastore. If these components are distributed across different physical machines, you must configure security properly for the components to communicate across the system. For more information, see the following manuals and articles: - - [How to Configure the Server to be Trusted for Delegation](https://go.microsoft.com/fwlink/?LinkID=166682) (https://go.microsoft.com/fwlink/?LinkID=166682) - - [Planning and Deployment Guide for the Application Virtualization System](https://go.microsoft.com/fwlink/?LinkID=122063) (https://go.microsoft.com/fwlink/?LinkID=122063) - - [Operations Guide for the Application Virtualization System](https://go.microsoft.com/fwlink/?LinkID=133129) (https://go.microsoft.com/fwlink/?LinkID=133129) - - [Article 930472](https://go.microsoft.com/fwlink/?LinkId=114647) in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=114647) - - [Article 930565](https://go.microsoft.com/fwlink/?LinkId=114648) in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=114648) - - - -2. Complete the fields in the **Connect to Application Virtualization System** dialog box: - - 1. **Web Service Host Name**—Enter the name of the Application Virtualization System to which you want to connect, or enter **localhost** to connect to the local server. - - 2. **Use Secure Connection**—Select this check box if you want to connect to the server with a secure connection. - - 3. **Port**—Enter the port number you want to use for the connection. **80** is the default regular port number, and **443** is the secure-port number. - - 4. **Use Current Windows Account**—Select this radio button to use the current Windows account credentials. - - 5. **Specify Windows Account**—Select this radio button when you want to connect to the server as a different user. - - 6. **Name**—Enter the name of the new user by using either the *DOMAIN\\username* or the username@domain format. - - 7. **Password**—Enter the password that corresponds to the new user. - -3. Click **OK**. - -## Related topics - - -[How to Perform Administrative Tasks in the Application Virtualization Server Management Console](how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-create-a-reportserver.md b/mdop/appv-v4/how-to-create-a-reportserver.md deleted file mode 100644 index abdfd7298e..0000000000 --- a/mdop/appv-v4/how-to-create-a-reportserver.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: How to Create a Report -description: How to Create a Report -author: dansimp -ms.assetid: 70938167-d3b9-45ce-b459-a953c93769b0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Create a Report - - -The process for creating a report from the Application Virtualization Server Management Console is the same regardless of the report type. When you select a report type, the window displays a brief description of the selected report. - -**Note**   - When you create a report, you specify the parameters that are used for collecting the data when the report is run. Until you run a report, no data is collected. - - - -**To create a report** - -1. Run the New Report Wizard by right-clicking the **Reports** node and selecting **New Report** from the pop-up menu. - -2. On the first page of the New Report Wizard, enter a name in the **Report Name** field and select the **Report Type** from the drop-down list of reports. Depending on which report you select, the remaining pages in the wizard change according the requirements of that report type. Scan the following list of pages to find the pages that refer to your report: - - 1. **Report Period**—Select a radio button to specify the frequency for running the report. - - 2. **Server**—Select the **Server**, **Server Group**, or **Enterprise** radio button, and then select the server group and server from the corresponding drop-down list and field as enabled. - - 3. **Application**—Select an application from the drop-down list of available applications. - -3. Click **Finish**. - -## Related topics - - -[Application Virtualization Report Types](application-virtualization-report-types.md) - -[How to Delete a Report](how-to-delete-a-reportserver.md) - -[How to Export a Report](how-to-export-a-reportserver.md) - -[How to Print a Report](how-to-print-a-reportserver.md) - -[How to Run a Report](how-to-run-a-reportserver.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-create-a-server-group.md b/mdop/appv-v4/how-to-create-a-server-group.md deleted file mode 100644 index bc12c0bd0a..0000000000 --- a/mdop/appv-v4/how-to-create-a-server-group.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: How to Create a Server Group -description: How to Create a Server Group -author: dansimp -ms.assetid: 29ada98b-1024-483d-a3ee-67d4bb263df7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Create a Server Group - - -To help you manage your Application Virtualization Management Servers more efficiently, you can use the Application Virtualization Server Management Console to organize them into server groups. - -**To create a server group** - -1. Click the **Server Groups** node in the left pane, and choose **New Server Group**. - -2. In the **New Server Group Wizard**, enter a name in the **Server Group Name** field, and select the default provider policy from the drop-down list of provider policies. - -3. Be sure the **Enabled** check box is selected to enable the server group. - -4. Click **Finish**. - -## Related topics - - -[How to Add a Server](how-to-add-a-server.md) - -[How to Remove a Server Group](how-to-remove-a-server-group.md) - -[How to Remove a Server](how-to-remove-a-server.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-create-a-virtual-environment-for-a-web-based-application.md b/mdop/appv-v4/how-to-create-a-virtual-environment-for-a-web-based-application.md deleted file mode 100644 index 23e2b3570b..0000000000 --- a/mdop/appv-v4/how-to-create-a-virtual-environment-for-a-web-based-application.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: How to Create a Virtual Environment for a Web-Based Application -description: How to Create a Virtual Environment for a Web-Based Application -author: dansimp -ms.assetid: d2b16e9d-369c-4bd6-b2a0-16dd24c0e32c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Create a Virtual Environment for a Web-Based Application - - -You can create separate virtual environments for web applications you want to isolate. Creating separate web environments is useful if the web-based applications require plug-ins of have configurations that conflict with each other. - -**To create a virtual environment for a Web-based application** - -1. Open the sequencing wizard. For more information about sequencing an application see [How to Sequence a New Application](how-to-sequence-a-new-application.md). - -2. On the **Monitor Installation** page, to start monitoring the installation of the application, click **Begin Monitoring**. Open a web browser and navigate to the installer file associated with the application. Install the application, and perform any required post installation configuration tasks. - -3. To ensure the applications starts, open the application three times. - -4. Install and configure any additional applications that need to reside in the same virtual environment. - -5. Complete the remainder of the Sequencing Wizard. - -6. To save the application, select **File**, and click **Save**. - -## Related topics - - -[Tasks for the Application Virtualization Sequencer](tasks-for-the-application-virtualization-sequencer.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-create-an-app-v-project-template--app-v-46-sp1-.md b/mdop/appv-v4/how-to-create-an-app-v-project-template--app-v-46-sp1-.md deleted file mode 100644 index 26aae4b1ea..0000000000 --- a/mdop/appv-v4/how-to-create-an-app-v-project-template--app-v-46-sp1-.md +++ /dev/null @@ -1,65 +0,0 @@ ---- -title: How to Create an App-V Project Template (App-V 4.6 SP1) -description: How to Create an App-V Project Template (App-V 4.6 SP1) -author: dansimp -ms.assetid: 7e87fba2-b72a-4bc9-92b8-220e25aae99a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Create an App-V Project Template (App-V 4.6 SP1) - - -You can use an App-V project template to save commonly applied settings associated with an existing virtual application package. These settings can then be applied when you create new virtual application packages in your environment which can help streamline the process of creating virtual application packages. - -**Note**   -You can only apply an App-V project template when you are creating a new virtual application package. Applying project templates to existing virtual application packages is not supported. - - - -For more information about applying an App-V project template, see [How to Apply an App-V Project Template (App-V 4.6 SP1)](how-to-apply-an-app-v-project-template--app-v-46-sp1-.md). - -App-V project templates differ from App-V Application Accelerators because App-V Application Accelerators are application-specific, and App-V project templates can be applied to multiple applications. Additionally, you cannot use a project template when you use a Package Accelerator to create a virtual application package. - -The following general settings are saved with an App-V project template: - -- **Advanced Monitoring Options**. Enables Microsoft Update to run during monitoring, Rebase **.dll’s**. - -- **Package Deployment Settings**. Contains **Protocol**, **Host Name**, **Port**, **Path**, **Operating Systems**, **Enforce Security Descriptors**, **Create MSI**, **Compress Package**. - -- **General Options**. Allows you to **Generate Microsoft Windows Installer (MSI)** package, **Allow Virtualization of Events**, **Allow Virtualization of Services**, **Append Package Version to Filename**. - -- **Exclusion Items**. Contains the Exclusion pattern list. - -**To create a project template** - -1. To start the App-V Sequencer, on the computer that is running the App-V Sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. - -2. If the virtual application package is currently open in the App-V Sequencer, skip to step 3 of this procedure. To open the existing virtual application package that contains the settings you want to save with the App-V project template, click **File** / **Open** and click **Edit** **Package**. On the **Select Package** page, click **Browse** and locate the virtual application package that you want to open. Click **Edit**. - -3. In the App-V Sequencer console, click **File** / **Save As Template**. After you have reviewed the settings that will be saved with the new template, click **OK**. Specify a name that will be associated with the new App-V project template. Click **Save**. - - The new App-V project template is saved in the directory specified in step 3 of this procedure. - -## Related topics - - -[Tasks for the Application Virtualization Sequencer (App-V 4.6 SP1)](tasks-for-the-application-virtualization-sequencer--app-v-46-sp1-.md) - -[How to Apply an App-V Project Template (App-V 4.6 SP1)](how-to-apply-an-app-v-project-template--app-v-46-sp1-.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-create-an-application-group.md b/mdop/appv-v4/how-to-create-an-application-group.md deleted file mode 100644 index ac2fba82be..0000000000 --- a/mdop/appv-v4/how-to-create-an-application-group.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: How to Create an Application Group -description: How to Create an Application Group -author: dansimp -ms.assetid: 32751511-3d1e-40e5-b21f-d88ea39c76a3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Create an Application Group - - -In the Application Virtualization Server Management Console, you can use the following procedure to create application groups to organize your applications. - -**To create an application group** - -1. In the Application Virtualization Server Management Console, click the **Applications** node in the left pane or expand it and highlight an existing application group. - -2. Right-click the **Applications** node or the existing application group where you want to put the new group, and choose **New Application Group**. - -3. In the **New Application Group Wizard**, type the name for the group and click **OK**. - - Now you can populate the new group by importing applications. You can also move applications between groups. For more information about moving applications, see [How to Move an Application](how-to-move-an-application.md). - -## Related topics - - -[How to Grant Access to an Application](how-to-grant-access-to-an-application.md) - -[How to Import an Application](how-to-import-an-applicationserver.md) - -[How to Manually Add an Application](how-to-manually-add-an-application.md) - -[How to Move an Application](how-to-move-an-application.md) - -[How to Move an Application Group](how-to-move-an-application-group.md) - -[How to Remove an Application Group](how-to-remove-an-application-group.md) - -[How to Rename an Application Group](how-to-rename-an-application-group.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-create-an-application-license-group.md b/mdop/appv-v4/how-to-create-an-application-license-group.md deleted file mode 100644 index 76da2668b9..0000000000 --- a/mdop/appv-v4/how-to-create-an-application-license-group.md +++ /dev/null @@ -1,58 +0,0 @@ ---- -title: How to Create an Application License Group -description: How to Create an Application License Group -author: dansimp -ms.assetid: b385324a-8a11-41ee-86e8-8f809235454c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Create an Application License Group - - -The Application Virtualization Server Management Console enables you to organize and manage application licenses. Depending on the type of license group, you can control who has access to the application and how many users can access an application at a time. You can use the following procedure to create an application license group. - -**To create an application license group** - -1. In the left pane of the Application Virtualization Server Management Console, right-click the **Application Licenses** node. - -2. Select one of the following menu items that corresponds to the type of license group you want to create, and complete the pages in the associated **New License Wizard**: - - 1. **New Unlimited License** - - 2. **New Concurrent License** - - 3. **New Named License** - -3. Click **Finish**. - -## Related topics - - -[How to Associate an Application with a License Group](how-to-associate-an-application-with-a-license-group.md) - -[How to Remove an Application from a License Group](how-to-remove-an-application-from-a-license-group.md) - -[How to Remove an Application License Group](how-to-remove-an-application-license-group.md) - -[How to Set Up a Concurrent License Group](how-to-set-up-a-concurrent-license-group.md) - -[How to Set Up a Named License Group](how-to-set-up-a-named-license-group.md) - -[How to Set Up an Unlimited License Group](how-to-set-up-an-unlimited-license-group.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-create-app-v-package-accelerators--app-v-46-sp1-.md b/mdop/appv-v4/how-to-create-app-v-package-accelerators--app-v-46-sp1-.md deleted file mode 100644 index bf6769fb47..0000000000 --- a/mdop/appv-v4/how-to-create-app-v-package-accelerators--app-v-46-sp1-.md +++ /dev/null @@ -1,103 +0,0 @@ ---- -title: How to Create App-V Package Accelerators (App-V 4.6 SP1) -description: How to Create App-V Package Accelerators (App-V 4.6 SP1) -author: dansimp -ms.assetid: 585e692e-cebb-48ac-93ab-b2e7eb7ae7ad -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Create App-V Package Accelerators (App-V 4.6 SP1) - - -You can use App-V Package Accelerators to automatically generate a new virtual application package. After you have successfully created a Package Accelerator, you can reuse and share the Package Accelerator. For more information about Package Accelerators, see [About App-V Package Accelerators (App-V 4.6 SP1)](about-app-v-package-accelerators--app-v-46-sp1-.md). Creating App-V Package Accelerators is an advanced task. Package Accelerators can contain password and user-specific information. Therefore you must save Package Accelerators and the associated installation media in a secure location, and you should digitally sign the Package Accelerator after you create it so that the publisher can be verified when the App-V Package Accelerator is applied. - -In some situations, to create the Package Accelerator, you might have to install the application locally on the computer running the Sequencer. First try to create the Package Accelerator by using the installation media, and if there are a number of missing files that are required, install the application locally to the computer running the Sequencer, and then create the Package Accelerator. - -**Important** -Before you begin the following procedure, you should do the following: - -- Copy the virtual application package that you must use to create the Package Accelerator locally to the computer running the Sequencer. - -- Copy all required installation files associated with the virtual application package to the computer running the Sequencer. - - - -**Important** -Disclaimer: The Microsoft Application Virtualization Sequencer does not give you any license rights to the software application you are using to create a Package Accelerator. You must abide by all end user license terms for such application. It is your responsibility to make sure the software application’s license terms allow you to create a Package Accelerator using Application Virtualization Sequencer. - - - -**To create an App-V Package Accelerator** - -1. To start the App-V Sequencer, on the computer that is running the App-V Sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. - -2. To start the App-V **Create Package Accelerator** wizard, in the App-V Sequencer, click **Tools** / **Create Package Accelerator**. - -3. On the **Select Package** page, to specify an existing virtual application package to use to create the Package Accelerator, click **Browse**, and locate the existing virtual application package (.sprj file). - - **Tip** - Copy the files associated with the virtual application package you plan to use locally to the computer running the Sequencer. - - - -~~~ -Click **Next**. -~~~ - -4. On the **Installation Files** page, to specify the folder that contains the installation files that you used to create the original virtual application package, click **Browse**, and then select the directory that contains the installation files. - - **Tip** - Copy the folder that contains the required installation files to the computer running the Sequencer. - - - -~~~ -If the application is already installed on the computer running the Sequencer, to specify the installation file, select **Files installed on local system**. To use this option, the application must already be installed in the default installation location. -~~~ - -5. On the **Gathering Information** page, review the files that were not found in the location specified on the **Installation Files** page of this wizard. If the files displayed are not required, select **Remove these files**, and then click **Next**. If the files are required, click **Previous** and copy the required files to the directory specified on the **Installation Files** page. - - **Note** - You must either remove the unrequired files, or click **Previous** and locate the required files to advance to the next page of this wizard. - - - -6. On the **Select Files** page, carefully review the files that were detected, and clear any file that should be removed from the Package Accelerator. Select only files that are required for the application to run successfully, and then click **Next**. - -7. On the **Verify Applications** page, confirm that all installation files that are required to build the package are displayed. When the Package Accelerator is used to create a new package, all installation files displayed in the **Applications** pane are required to create the package. - - If necessary, to add additional Installer files, click **Add**. To remove unnecessary installation files, select the Installer file, and then click **Delete**. To edit the properties associated with an installer, click **Edit**. The installation files specified in this step will be required when the Package Accelerator is used to create a new virtual application package. After you have confirmed the information displayed, click **Next**. - -8. On the **Select Guidance** page, to specify a file that contains information about how the Package Accelerator, click **Browse**. For example, this file can contain information about how the computer running the Sequencer should be configured, application prerequisite information for target computers, and general notes. You should provide all required information for the Package Accelerator to be successfully applied. The file you select must be in rich text (.rtf) or text file (.txt) format. Click **Next**. - -9. On the **Create Package Accelerator** page, to specify where to save the Package Accelerator, click **Browse** and select the directory. - -10. On the **Completion** page, to close the **Create Package Accelerator** wizard, click **Close**. - - **Important** - To help ensure that the Package Accelerator is as secure as possible, and so that the publisher can be verified when the Package Accelerator is applied, you should always digitally sign the Package Accelerator. - - - -## Related topics - - -Configuring the Application Virtualization Sequencer (App-V 4.6 SP1) -[How to Apply a Package Accelerator to Create a Virtual Application Package (App-V 4.6 SP1)](how-to-apply-a-package-accelerator-to-create-a-virtual-application-package---app-v-46-sp1-.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-create-or-upgrade-virtual-applications-using--the-app-v-sequencer.md b/mdop/appv-v4/how-to-create-or-upgrade-virtual-applications-using--the-app-v-sequencer.md deleted file mode 100644 index c4db220dcf..0000000000 --- a/mdop/appv-v4/how-to-create-or-upgrade-virtual-applications-using--the-app-v-sequencer.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: How to Create or Upgrade Virtual Applications Using the App-V Sequencer -description: How to Create or Upgrade Virtual Applications Using the App-V Sequencer -author: dansimp -ms.assetid: 661d4f8c-2527-4654-9d92-15ecc652c0db -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Create or Upgrade Virtual Applications Using the App-V Sequencer - - -The following topics provide detailed information about the associated Application Virtualization (App-V) Sequencer task. - -## In This Section - - -[How to Sequence an Application](how-to-sequence-an-application.md) -Provides a step-by-step procedure you can use to sequence an application. - -[How to Sequence a New Application (App-V 4.6)](how-to-sequence-a-new-application--app-v-46-.md) -Provides a step-by-step procedure you can use to sequence an application. - -[How to Upgrade an Existing Virtual Application](how-to-upgrade-an-existing-virtual-application.md) -Provides a step-by-step procedure you can use to upgrade an existing virtual application to a new version. - -[How to Upgrade a Virtual Application Package (App-V 4.6)](how-to-upgrade-a-virtual-application-package--app-v-46-.md) -Provides a step-by-step procedure you can use to upgrade an existing virtual application to a new version. - -[How to Modify a Virtual Application Package (App-V 4.6)](how-to-modify-a-virtual-application-package--app-v-46-.md) -Provides a step-by-step procedure you can use to modify an existing virtual application package. - -[How to Sequence a New Application by Using the Command Line](how-to-sequence-a-new-application-by-using-the-command-line.md) -Provides a step-by-step procedure you can use to sequence a new application by using a command line. - -[How to Upgrade a Virtual Application by Using the Command Line](how-to-upgrade-a-virtual-application-by-using-the-command-line.md) -Provides a step-by-step procedure you can use to upgrade a virtual application by using a command line. - -[How To Use Dynamic Suite Composition](how-to-use-dynamic-suite-composition.md) -Provides information about how to define an application as being dependent on another application such as middleware or a plug-in. - -[How to Use the Differential SFT File](how-to-use-the-differential-sft-file.md) -Provides a step-by-step procedure you can use to create and deploy the Differential SFT file. - -## Related topics - - -[Application Virtualization Sequencer](application-virtualization-sequencer.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-create-the-package-root-directory.md b/mdop/appv-v4/how-to-create-the-package-root-directory.md deleted file mode 100644 index 8e00793ee2..0000000000 --- a/mdop/appv-v4/how-to-create-the-package-root-directory.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: How to Create the Package Root Directory -description: How to Create the Package Root Directory -author: dansimp -ms.assetid: bcfe3bd4-6c60-409a-8ffa-cc22f27194b1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Create the Package Root Directory - - -The package root directory is the directory on the computer running the App-V Sequencer where files for the sequenced application are installed. This directory also exists virtually on the computer to which a sequenced application will be streamed. You should create the package root directory before you monitor the installation of a new application. - -After you have created the package root directory, you can begin sequencing applications. For more information about sequencing a new application, see [How to Install the Sequencer](how-to-install-the-sequencer.md). - -**To create the package root directory** - -1. To create the package root directory, on the computer running the App-V Sequencer, map the Q:\\ drive to the specified network location. The location you specify should have sufficient space to save the application you are sequencing. - -2. To create a directory that you can use for a new virtual application, create a folder on the Q:\\ drive and assign it a name. - - **Important**   - The name you assign to virtual application files that will be saved in the package root directory should use the 8.3 naming format. The file names should be no longer than 8 characters with a three-character file name extension. - - - -## Related topics - - -[Tasks for the Application Virtualization Sequencer](tasks-for-the-application-virtualization-sequencer.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-create-the-sequencer-package-root-directory.md b/mdop/appv-v4/how-to-create-the-sequencer-package-root-directory.md deleted file mode 100644 index b745ddf86a..0000000000 --- a/mdop/appv-v4/how-to-create-the-sequencer-package-root-directory.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: How to Create the Sequencer Package Root Directory -description: How to Create the Sequencer Package Root Directory -author: dansimp -ms.assetid: 23fe28f1-c284-43ee-b8b7-1dfbed94eea5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Create the Sequencer Package Root Directory - - -The package root directory is the directory on the computer running the App-V Sequencer where files for the sequenced application are installed. This directory also exists virtually on the computer to which a sequenced application will be streamed. You should create the package root directory before you monitor the installation of a new application. - -After you have created the package root directory, you can begin sequencing applications. For more information about sequencing a new application, see [How to Sequence an Application](how-to-sequence-an-application.md). - -**To create the package root directory** - -1. To create the package root directory, on the computer running the App-V Sequencer, map the Q:\\ drive to the specified network location. The location you specify should have sufficient space to save the application you are sequencing. - -2. To create a directory that you can use for a new virtual application, create a folder on the Q:\\ drive and assign it a name. - - **Important**   - The name you assign to virtual application files that will be saved in the package root directory should use the 8.3 naming format. The file names should be no longer than 8 characters with a three-character file name extension. - - - -## Related topics - - -[Application Virtualization Sequencer](application-virtualization-sequencer.md) - -[How to Modify the Log Directory Location](how-to-modify-the-log-directory-location.md) - -[How to Modify the Scratch Directory Location](how-to-modify-the-scratch-directory-location.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-customize-an-application-virtualization-system-in-the-server-management-console.md b/mdop/appv-v4/how-to-customize-an-application-virtualization-system-in-the-server-management-console.md deleted file mode 100644 index f1e04f6d1e..0000000000 --- a/mdop/appv-v4/how-to-customize-an-application-virtualization-system-in-the-server-management-console.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: How to Customize an Application Virtualization System in the Server Management Console -description: How to Customize an Application Virtualization System in the Server Management Console -author: dansimp -ms.assetid: e3a51d1d-451d-46a5-8ae5-f5792d49495b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Customize an Application Virtualization System in the Server Management Console - - -You can choose a variety of options to customize an Application Virtualization System. These options are available through the user interface of the Application Virtualization Server Management Console. - -## In This Section - - -[How to Set Up and Enable or Disable Authentication](how-to-set-up-and-enable-or-disable-authentication.md) -Provides procedures you can use to establish the levels of authentication for defining who has access to the system. - -[How to Set Up or Disable Usage Reporting](how-to-set-up-or-disable-usage-reporting.md) -Provides procedures for setting up or disabling usage reporting. - -[How to Set Up or Disable Database Size](how-to-set-up-or-disable-database-size.md) -Provides procedures for setting up the database size limits and determining when the server will clean up the database. - -[How to Set Up or Disable Application Licensing](how-to-set-up-or-disable-application-licensing.md) -Provides procedures for setting up or disabling application licensing. - -[How to Add an Administrator Group](how-to-add-an-administrator-group.md) -Provides a procedure for adding an administrator group. - -[How to Delete an Administrator Group](how-to-delete-an-administrator-group.md) -Provides a procedure for deleting an administrator group. - -## Related topics - - -[How to Perform Administrative Tasks in the Application Virtualization Server Management Console](how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-delete-a-file-type-association.md b/mdop/appv-v4/how-to-delete-a-file-type-association.md deleted file mode 100644 index 16c96b8513..0000000000 --- a/mdop/appv-v4/how-to-delete-a-file-type-association.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: How to Delete a File Type Association -description: How to Delete a File Type Association -author: dansimp -ms.assetid: bb2dd1cf-9a5d-45a9-aca1-3c53144b73ec -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Delete a File Type Association - - -You can use the following procedure to delete a file type association. The **File Type Associations** node is one level below the **Application Virtualization** node in the **Scope** pane. When you select this node, the **Results** pane displays a list of file type associations. - -**To remove a file type association** - -1. In the **Results** pane, right-click the extension of the file type association you want to delete. - -2. Select **Delete** from the pop-up menu. - -3. Click **Yes** to delete the association, or click **No** to return to the **Results** pane. - -## Related topics - - -[How to Add a File Type Association](how-to-add-a-file-type-association.md) - -[How to Add an Application](how-to-add-an-application.md) - -[How to Publish Application Shortcuts](how-to-publish-application-shortcuts.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-delete-a-package-version.md b/mdop/appv-v4/how-to-delete-a-package-version.md deleted file mode 100644 index c1d92e1264..0000000000 --- a/mdop/appv-v4/how-to-delete-a-package-version.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: How to Delete a Package Version -description: How to Delete a Package Version -author: dansimp -ms.assetid: a55adb9d-ffa6-4df3-a2d1-5e0c73c35e1b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Delete a Package Version - - -From the Application Virtualization Server Management Console, for a package that has multiple versions, you can use the following procedure to delete one or more versions and still stream the remaining versions of the package. You might do this to more effectively manage files on the server or to remove an obsolete version. - -**Note**   -When you choose to delete a version, a confirmation box reminds you that client computers might still be using it. You should advise users to exit and unload any applications before you remove a version that is in use. - - - -**To delete a package version** - -1. In the left panel of the Application Virtualization Server Management Console, expand **Packages**. - -2. Click the package that contains the version you want to delete. - -3. In the center pane, right-click the version of the package you want to delete and choose **Delete**. - -4. Read the confirmation window, and click **Yes** to complete the action. - - **Note**   - If you have users in disconnected operation, their applications will be replaced with the new versions the next time they connect to the servers. After you are sure all users have updated applications, you can delete old versions. - - - -## Related topics - - -[How to Delete a Package](how-to-delete-a-packageserver.md) - -[How to Manage Packages in the Server Management Console](how-to-manage-packages-in-the-server-management-console.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-delete-a-packageserver.md b/mdop/appv-v4/how-to-delete-a-packageserver.md deleted file mode 100644 index 7f2bd13bae..0000000000 --- a/mdop/appv-v4/how-to-delete-a-packageserver.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: How to Delete a Package -description: How to Delete a Package -author: dansimp -ms.assetid: 23f9c0e9-8910-47df-9fc0-7bbb5bbf2dc9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Delete a Package - - -You can use the following procedure to delete a package, including all versions of the package, from the Application Virtualization Server Management Console. You might do this for easier management of files on the server or to remove a package and replace it with a more stable one. - -**Important**   -When you choose to delete a package, a confirmation box reminds you that this action deletes all its versions. The server will no longer be able to stream the application. - - - -**To delete a package** - -1. In the left pane of the Application Virtualization Server Management Console, expand **Packages**. - -2. In the menu tree pane, right-click the package you want to delete and choose **Delete**. - -3. Read the confirmation window, and click **Yes** to complete the action. - -## Related topics - - -[How to Delete a Package Version](how-to-delete-a-package-version.md) - -[How to Manage Packages in the Server Management Console](how-to-manage-packages-in-the-server-management-console.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-delete-a-reportserver.md b/mdop/appv-v4/how-to-delete-a-reportserver.md deleted file mode 100644 index 14ac327bbf..0000000000 --- a/mdop/appv-v4/how-to-delete-a-reportserver.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: How to Delete a Report -description: How to Delete a Report -author: dansimp -ms.assetid: 53350b71-1fb5-4f7e-a684-9ea1116c5c3f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Delete a Report - - -From the Application Virtualization Server Management Console, the process for deleting a report is the same regardless of the report type. - -**To delete a report** - -1. Click the **Reports** node to expand the list of reports. - -2. Right-click the desired report (either in the **Reports** node or the **Results** pane), and select **Delete**. - -## Related topics - - -[Application Virtualization Report Types](application-virtualization-report-types.md) - -[How to Create a Report](how-to-create-a-reportserver.md) - -[How to Export a Report](how-to-export-a-reportserver.md) - -[How to Print a Report](how-to-print-a-reportserver.md) - -[How to Run a Report](how-to-run-a-reportserver.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-delete-all-virtual-applications-by-using-the-command-line.md b/mdop/appv-v4/how-to-delete-all-virtual-applications-by-using-the-command-line.md deleted file mode 100644 index 1fdb2c31c6..0000000000 --- a/mdop/appv-v4/how-to-delete-all-virtual-applications-by-using-the-command-line.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: How to Delete All Virtual Applications by Using the Command Line -description: How to Delete All Virtual Applications by Using the Command Line -author: dansimp -ms.assetid: bfe13b5c-825a-4eb1-a979-6c4b8d8b2a9c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Delete All Virtual Applications by Using the Command Line - - -You can use the following procedure to delete all virtual applications from a specific computer. - -**Note**   -When all applications are deleted from a package, the Application Virtualization (App-V) Client also deletes the package. - - - -**To delete all applications** - -- Run the following command to delete all applications for the user account under which the command is run. If you run the command with the optional /GLOBAL switch, using an account with administrative rights, all applications are deleted for all users. - - `SFTMIME DELETE OBJ:APP [/GLOBAL]` - - **Note**   - When all applications are deleted from a package, the Application Virtualization (App-V) Client also deletes the package. - - - -## Related topics - - -[How to Add a Package by Using the Command Line](how-to-add-a-package-by-using-the-command-line.md) - -[How to Remove a Package by Using the Command Line](how-to-remove-a-package-by-using-the-command-line.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-delete-an-administrator-group.md b/mdop/appv-v4/how-to-delete-an-administrator-group.md deleted file mode 100644 index d538220e01..0000000000 --- a/mdop/appv-v4/how-to-delete-an-administrator-group.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: How to Delete an Administrator Group -description: How to Delete an Administrator Group -author: dansimp -ms.assetid: 398a8028-e128-4020-bbe2-59ba63b5cd48 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Delete an Administrator Group - - -From the **Administrators** node of the Application Virtualization Server Management Console, you can use the following procedure to delete an administrator group. - -**To delete an administrator group** - -1. Click the **Administrators** node to display the list of administrator groups in the **Results** pane. - -2. In the **Actions** pane (far right pane), click **Delete**. - -3. Click **Yes**. - -## Related topics - - -[How to Add an Administrator Group](how-to-add-an-administrator-group.md) - -[How to Customize an Application Virtualization System in the Server Management Console](how-to-customize-an-application-virtualization-system-in-the-server-management-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-delete-an-application-server.md b/mdop/appv-v4/how-to-delete-an-application-server.md deleted file mode 100644 index 55f77b412f..0000000000 --- a/mdop/appv-v4/how-to-delete-an-application-server.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: How to Delete an Application -description: How to Delete an Application -author: dansimp -ms.assetid: 421e7df0-fea3-4cb2-a884-3d04f2223da7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Delete an Application - - -You can delete an application through the Application Virtualization Server Management Console. This does not delete its Open Software Descriptor (.osd) file for other files from the Application Virtualization Server. After it is deleted, however, the application no longer streams to end users. - -**Note**   -If this is the only application in a package, deleting it also removes related package data and file associations. - - - -**To delete an application** - -1. In the left pane of the management console, click the **Applications** node. - -2. In the right pane, highlight one or more applications you want to delete. You can use CTRL or Shift key combinations to highlight multiple applications. - -3. Right-click the application or applications, and choose **Delete**. - -4. In the **Remove Application** confirmation prompt, click **Yes** to complete the action. - -## Related topics - - -[How to Import an Application](how-to-import-an-applicationserver.md) - -[How to Manage Applications in the Server Management Console](how-to-manage-applications-in-the-server-management-console.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-delete-an-application.md b/mdop/appv-v4/how-to-delete-an-application.md deleted file mode 100644 index c1e441347c..0000000000 --- a/mdop/appv-v4/how-to-delete-an-application.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: How to Delete an Application -description: How to Delete an Application -author: dansimp -ms.assetid: 03b0912d-b14a-4522-916d-71f8b77a8a82 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Delete an Application - - -When you select the **Application** node in the Application Virtualization Client Management Console, the **Results** pane displays a list of applications. You can use the following procedure to delete an application from the **Results** pane, which also removes the application from the cache. - -**Note**   -When you delete an application, the selected application will no longer be available to any users on that client. Shortcuts and file type associations are hidden, and the application is deleted from cache. However, if another application refers to data in the file system cache data for the selected application, these items will not be deleted. - -After a publishing refresh, the deleted applications will again become available to you. - - - -**To delete an application** - -1. Move the cursor to the **Results** pane, right-click the desired application, and select **Delete** from the pop-up menu. - -2. At the confirmation prompt, click **Yes** to remove the application or click **No** to cancel the operation. - - - - - - - - - diff --git a/mdop/appv-v4/how-to-deny-access-to-an-application.md b/mdop/appv-v4/how-to-deny-access-to-an-application.md deleted file mode 100644 index 1dd6b7fdf5..0000000000 --- a/mdop/appv-v4/how-to-deny-access-to-an-application.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -title: How to Deny Access to an Application -description: How to Deny Access to an Application -author: dansimp -ms.assetid: 14f5e201-7265-462c-b738-57938dc3fc30 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Deny Access to an Application - - -Users must be in an application's **Access Permissions** list to load and use the application. Although the Application Virtualization Server Management Console does not support explicitly denying a user group access to an application, you can remove the user groups from an application’s properties to achieve this. - -**To deny access to an application** - -1. For an existing application, click the **Applications** node in the left pane. - -2. Right-click an application in the right pane, and choose **Properties**. Then select the **Access Permissions** tab. - -3. To remove access for a user group, highlight the user group and click **Remove**. - -4. Click **OK**. - - **Note**   - To control access to applications, you can also limit the application licenses. Setting up the proper user groups in Active Directory Domain Services provides the easiest way to grant and deny access to specific sets of users. - - - -## Related topics - - -[How to Grant Access to an Application](how-to-grant-access-to-an-application.md) - -[How to Manage Application Licenses in the Server Management Console](how-to-manage-application-licenses-in-the-server-management-console.md) - -[How to Manage Applications in the Server Management Console](how-to-manage-applications-in-the-server-management-console.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-determine-whether-to-edit-or-upgrade-a-virtual-application-package.md b/mdop/appv-v4/how-to-determine-whether-to-edit-or-upgrade-a-virtual-application-package.md deleted file mode 100644 index 6fda63581a..0000000000 --- a/mdop/appv-v4/how-to-determine-whether-to-edit-or-upgrade-a-virtual-application-package.md +++ /dev/null @@ -1,160 +0,0 @@ ---- -title: How to Determine Whether to Edit or Upgrade a Virtual Application Package -description: How to Determine Whether to Edit or Upgrade a Virtual Application Package -author: dansimp -ms.assetid: 33dd5332-6802-46e0-9748-43fcc8f80aa3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Determine Whether to Edit or Upgrade a Virtual Application Package - - -Use the following table to help determine whether a virtual application package can be opened for edit, whether you need to create a new version of the package, or whether either option is available, using the App-V Sequencer. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ActionOpen for editOpen for upgrade

View package properties.

Yes

Yes

View package change history.

Yes

Yes

View associated package files.

Yes

Yes

Edit registry settings.

Yes

Yes

Review additional package settings (except operating system file properties).

Yes

Yes

Create associated Windows Installer (MSI).

Yes

Yes

Modify OSD file.

Yes

Yes

Compress and uncompress package.

Yes

Yes

Add file type associations.

Yes

Yes

Rename shortcuts.

Yes

Yes

Set virtualized registry key state (override / merge).

Yes

Yes

Set virtualized folder state.

Yes

Yes

Edit virtual file system mappings.

Yes

Yes

Review all associated operating system file properties for a package.

No

Yes

Add additional services.

No

Yes

Add additional files.

No

Yes

Collect and configure associated security descriptors.

No

Yes

Apply security updates or upgrade to a new version.

No

Yes

Add an additional application.

No

Yes

Apply updates that require the application to open.

No

Yes

Apply updates that require the computer to restart.

No

Yes

- -  - -## Related topics - - -[How to Edit an Existing Virtual Application](how-to-edit-an-existing-virtual-application.md) - -[How to Upgrade an Existing Virtual Application](how-to-upgrade-an-existing-virtual-application.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md b/mdop/appv-v4/how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md deleted file mode 100644 index 5394ec7bb3..0000000000 --- a/mdop/appv-v4/how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: How to Determine Which Type of Application to Sequence (App-V 4.6 SP1) -description: How to Determine Which Type of Application to Sequence (App-V 4.6 SP1) -author: dansimp -ms.assetid: 936abee2-98f1-45fb-9f0d-786e1d7464b1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Determine Which Type of Application to Sequence (App-V 4.6 SP1) - - -You can sequence three basic types of applications by using Microsoft Application Virtualization (App-V) Sequencer. - -## To determine which type of application to sequence - - -Use the following table to determine which type of application you should sequence and to obtain more information about how to sequence the application. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
Application TypeDescriptionMore Information

Standard

Select this option to create a package that contains an application or a suite of applications. You should select this option for most applications that you plan to sequence.

How to Sequence a New Standard Application (App-V 4.6 SP1)

Add-on or Plug-in

Select this option to create a package that extends the functionality of a standard application, for example, a plug-in for Microsoft Excel. Additionally, you can use plug-ins for natively installed applications, or another package that is linked by using Dynamic Suite Composition. For more information about Dynamic Suite Composition, see How To Use Dynamic Suite Composition (https://go.microsoft.com/fwlink/?LinkId=203804).

How to Sequence a New Add-on or Plug-in Application (App-V 4.6 SP1)

Middleware

Select this option to create a package that is required by a standard application, for example, the Microsoft .NET Framework. Middleware packages are used for linking to other packages by using Dynamic Suite Composition. For more information about Dynamic Suite Composition, see How To Use Dynamic Suite Composition (https://go.microsoft.com/fwlink/?LinkId=203804).

How to Sequence a New Middleware Application (App-V 4.6 SP1)

- - - -## Related topics - - -[Tasks for the Application Virtualization Sequencer (App-V 4.6 SP1)](tasks-for-the-application-virtualization-sequencer--app-v-46-sp1-.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-disable-or-modify-disconnected-operation-mode-settings.md b/mdop/appv-v4/how-to-disable-or-modify-disconnected-operation-mode-settings.md deleted file mode 100644 index fc1d34c067..0000000000 --- a/mdop/appv-v4/how-to-disable-or-modify-disconnected-operation-mode-settings.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: How to Disable or Modify Disconnected Operation Mode Settings -description: How to Disable or Modify Disconnected Operation Mode Settings -author: dansimp -ms.assetid: 39f166d7-2d25-4899-8405-b45f051facb8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Disable or Modify Disconnected Operation Mode Settings - - -Use the following procedures in Application Virtualization Client to disable or modify disconnected operation mode settings. - -**To disable disconnected operation** - -1. Right-click the **Application Virtualization** node in the console, and select **Properties** from the pop-up menu. - -2. Click the **Connectivity** tab, and then clear **Allow disconnected operation** check box. - -3. Click **OK** to accept the change. - -**To change the time-out** - -1. Right-click the **Application Virtualization** node in the console, and select **Properties** from the pop-up menu. - -2. Click the **Connectivity** tab, and then select the **Limit disconnected operation to** check box. - -3. In the field, enter a value from 1–999999 (representing days). The default value is 90 days. - -4. Click **OK** to accept the change. - -**To work offline** - -1. Right-click the **Application Virtualization** node in the console, and select **Properties** from the pop-up menu. - -2. Click the **Connectivity** tab, and then select the **Work offline** check box. - -3. Click **OK** to accept the change. - -## Related topics - - -[Disconnected Operation Mode](disconnected-operation-mode.md) - -[How to Work Offline or Online with Application Virtualization](how-to-work-offline-or-online-with-application-virtualization.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-edit-an-existing-virtual-application.md b/mdop/appv-v4/how-to-edit-an-existing-virtual-application.md deleted file mode 100644 index 822fe72dd9..0000000000 --- a/mdop/appv-v4/how-to-edit-an-existing-virtual-application.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: How to Edit an Existing Virtual Application -description: How to Edit an Existing Virtual Application -author: dansimp -ms.assetid: 358b9a69-5695-4c6f-92e1-7ed2b69a2def -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Edit an Existing Virtual Application - - -You can use the following procedure to edit the properties associated with an existing virtual application package by using the Application Virtualization (App-V) Sequencer. You must open the existing virtual application, make the necessary updates, and then save the updated virtual application package. - -**To modify an existing virtual application** - -1. To start the App-V Sequencer Console, on the computer running the App-V Sequencer, select **Start**/**Programs**/**Microsoft Application Virtualization**/**Microsoft Application Virtualization Sequencer**. - -2. To open the existing virtual application, in the App-V Console, select **File**/**Open**. Use the **Open** dialog box to locate the associated SPRJ file you want to modify. - -3. Modify the virtual application package. For more information about what properties can be modified, see [How to Determine Whether to Edit or Upgrade a Virtual Application Package](how-to-determine-whether-to-edit-or-upgrade-a-virtual-application-package.md). - -4. To save the modifications, select **File** / **Save**. - -## Related topics - - -[How to Create or Upgrade Virtual Applications Using the App-V Sequencer](how-to-create-or-upgrade-virtual-applications-using--the-app-v-sequencer.md) - -[How to Upgrade an Existing Virtual Application](how-to-upgrade-an-existing-virtual-application.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-edit-an-osd-file-using-a-text-editor.md b/mdop/appv-v4/how-to-edit-an-osd-file-using-a-text-editor.md deleted file mode 100644 index 41b7631eb1..0000000000 --- a/mdop/appv-v4/how-to-edit-an-osd-file-using-a-text-editor.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: How to Edit an OSD File Using a Text Editor -description: How to Edit an OSD File Using a Text Editor -author: dansimp -ms.assetid: f4263a1b-824f-49b9-8060-b8229c9d9960 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Edit an OSD File Using a Text Editor - - -Use the following procedure to edit an Open Software Descriptor (OSD) file by using a text editor. - -**To edit an OSD file by using a text editor** - -1. Open the OSD file using any XML or ASCII text editor—for example, Microsoft Notepad. - - **Note**   - Before modifying the OSD file, read the schema prescribed by the XSD file in the install directory. Failing to follow this schema might introduce errors that prevent a sequenced application from starting successfully. - - - -2. Edit the OSD file using your XML or ASCII text editor of choice, adhering to the prescribed schema and the following guidelines: - - 1. Ensure that named elements are nested within the <SOFTPKG> root element. - - 2. Ensure that element names are in all uppercase letters. - - 3. Be aware that attribute values are case sensitive. - - 4. Type carefully, and observe the XML specifications. - -## Related topics - - -[About the OSD Tab](about-the-osd-tab.md) - -[How to Edit an OSD File](how-to-edit-an-osd-file.md) - -[OSD File Elements](osd-file-elements.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-edit-an-osd-file.md b/mdop/appv-v4/how-to-edit-an-osd-file.md deleted file mode 100644 index 6f19e9a7b7..0000000000 --- a/mdop/appv-v4/how-to-edit-an-osd-file.md +++ /dev/null @@ -1,92 +0,0 @@ ---- -title: How to Edit an OSD File -description: How to Edit an OSD File -author: dansimp -ms.assetid: 0d126ba7-72fb-42ce-982e-90ed01a852c8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Edit an OSD File - - -Use the following procedures to modify a sequenced application package's Open Software Descriptor (OSD) file by adding or deleting an element or an attribute. - -**Note**   - Some elements do not have an attribute, so it is not possible to add an attribute to every element. - - - -**Important**   -If you use the OSD editor to change the .sft file name, the HREF attribute of the CODEBASE element in the OSD file, you must use the **Save As** command to save the change to the project files. - - - -**To add an element** - -1. Click the **OSD File** tab. - -2. In the navigation pane, select the sequenced application package's OSD file you want to modify. - -3. In the navigation pane, right-click the element that you want to modify. On the menu, select **Element** and select **Add**. - -4. From the menu, select the element you want to add—for example, **Codebase**. - -5. From the **File** menu, select **Save**. - -**To delete an element** - -1. Click the **OSD File** tab. - -2. In the navigation pane, select the sequenced application package's OSD file you want to modify. - -3. In the navigation pane, right-click the element that you want to delete. On the menu, select **Element** and select **Delete**. - -4. From the **File** menu, select **Save**. - -**To add an attribute** - -1. Click the **OSD File** tab. - -2. In the navigation pane, select the sequenced application package's OSD file you want to modify. - -3. In the left pane, right-click the element to which you want to add an attribute. On the menu, select **Attribute** and select **Add**, choosing from the listed available attributes. - -4. From the **File** menu, select **Save**. - -**To delete an attribute** - -1. Click the **OSD File** tab. - -2. In the navigation pane, select the sequenced application package's OSD file you want to modify. - -3. In the navigation pane, right-click the element from which you want to delete an attribute. On the menu, select **Attribute** and then select **Delete**, choosing the attribute you wish to delete. - -4. From the **File** menu, select **Save**. - -## Related topics - - -[About the OSD Tab](about-the-osd-tab.md) - -[How to Edit an OSD File Using a Text Editor](how-to-edit-an-osd-file-using-a-text-editor.md) - -[OSD File Elements](osd-file-elements.md) - -[Sequencer Console](sequencer-console.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-exit-the-app-v-client-from-the-notification-area.md b/mdop/appv-v4/how-to-exit-the-app-v-client-from-the-notification-area.md deleted file mode 100644 index 480c2d8d34..0000000000 --- a/mdop/appv-v4/how-to-exit-the-app-v-client-from-the-notification-area.md +++ /dev/null @@ -1,40 +0,0 @@ ---- -title: How to Exit the App-V Client from the Notification Area -description: How to Exit the App-V Client from the Notification Area -author: dansimp -ms.assetid: 71ebf88b-ef51-41a5-ae34-4e197d9d6ee6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Exit the App-V Client from the Notification Area - - -You can use the following procedure to exit the Application Virtualization Desktop Client or Client for Remote Desktop Services. - -**To exit the client** - -- Right-click the Application Virtualization System icon in the notification area, and select **Exit** from the pop-up menu. - - If you choose to exit from the client while virtual applications are open, the system displays a prompt telling you that you will lose unsaved data. Select **OK** or **Cancel** to acknowledge and close the prompt. - -## Related topics - - -[How to Use the Desktop Notification Area for Application Virtualization Client Management](how-to-use-the-desktop-notification-area-for-application-virtualization-client-management.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-export-a-reportserver.md b/mdop/appv-v4/how-to-export-a-reportserver.md deleted file mode 100644 index f7eb70e1aa..0000000000 --- a/mdop/appv-v4/how-to-export-a-reportserver.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: How to Export a Report -description: How to Export a Report -author: dansimp -ms.assetid: 2f917130-db02-4c72-a45a-7928e51e689e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Export a Report - - -The process for exporting a report, using the Application Virtualization Console, is the same regardless of the report type. - -**To export a report** - -1. Right-click the report displayed in the **Results** pane, and select **Export** from the drop down menu. - -2. Select the report type from the list of types. - -3. In the **Save As** dialog box, navigate to the location where you want to save the output. - -4. Enter a name for the report in the **File Name** field, or select a file from the drop-down list of files. - -5. Select an output type from the **Save as Type** drop-down list of types. - -6. Click the **Save** button to save the file. - -## Related topics - - -[Application Virtualization Report Types](application-virtualization-report-types.md) - -[How to Create a Report](how-to-create-a-reportserver.md) - -[How to Delete a Report](how-to-delete-a-reportserver.md) - -[How to Print a Report](how-to-print-a-reportserver.md) - -[How to Run a Report](how-to-run-a-reportserver.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-grant-access-to-an-application.md b/mdop/appv-v4/how-to-grant-access-to-an-application.md deleted file mode 100644 index 89a6cf8277..0000000000 --- a/mdop/appv-v4/how-to-grant-access-to-an-application.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: How to Grant Access to an Application -description: How to Grant Access to an Application -author: dansimp -ms.assetid: e54d9e84-21f5-488f-b040-25f374d9289f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Grant Access to an Application - - -As the administrator, you can use the Application Virtualization Server Management Console to determine which users can access which applications. You can do this when you import the Sequencer Project (SPRJ) or Open Software Descriptor (OSD) file or at anytime using the application's **Properties** dialog box. With both methods, use the **Access Permissions** options to add users. - -**To grant access to an application** - -1. For an existing application, click the **Applications** node in the left pane. Right-click an application in the right pane, and choose **Properties**. - -2. Select the **Access Permissions** tab. - -3. To add user groups, click **Add**. - -4. In the **Add/Edit User Group** dialog box, navigate to the user group. You can also enter the domain and group by typing the information in the respective fields. - -5. Click **OK**. You can add other groups with the same pages. - -6. When the wizard reappears, click **OK**. - - **Note**   - You must set up your groups in Active Directory Domain Services before you attempt to grant access to applications. - - - -## Related topics - - -[How to Deny Access to an Application](how-to-deny-access-to-an-application.md) - -[How to Manage Application Groups in the Server Management Console](how-to-manage-application-groups-in-the-server-management-console.md) - -[How to Manage Application Licenses in the Server Management Console](how-to-manage-application-licenses-in-the-server-management-console.md) - -[How to Manually Add an Application](how-to-manually-add-an-application.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-import-an-application.md b/mdop/appv-v4/how-to-import-an-application.md deleted file mode 100644 index 2fc950a033..0000000000 --- a/mdop/appv-v4/how-to-import-an-application.md +++ /dev/null @@ -1,40 +0,0 @@ ---- -title: How to Import an Application -description: How to Import an Application -author: dansimp -ms.assetid: 85aaf5d8-489c-4929-996f-f15d2dab1ad8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Import an Application - - -You can use the following procedure to import an application into the cache directly from the **Results** pane of the **Application** node in the Application Virtualization Client Management Console. - -**To import an application** - -1. Move the cursor to the **Results** pane, right-click the desired application, and select **Import** from the pop-up menu. - -2. From the **Browse** window, navigate to the location of the package file for the desired application, and then click **OK**. - - **Note**   - If you have already configured an import search path or if the SFT file is in the same path as the last successful import, step 2 is not required. - - - - - - - - - - - diff --git a/mdop/appv-v4/how-to-import-an-applicationserver.md b/mdop/appv-v4/how-to-import-an-applicationserver.md deleted file mode 100644 index 66852c68c1..0000000000 --- a/mdop/appv-v4/how-to-import-an-applicationserver.md +++ /dev/null @@ -1,102 +0,0 @@ ---- -title: How to Import an Application -description: How to Import an Application -author: dansimp -ms.assetid: ab40acad-1025-478d-8e13-0e1ff1bd37e4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Import an Application - - -Typically, you import applications to make them available to stream from an Application Virtualization Management Server. You can also add an application manually, but you must provide precise, detailed information about the application to do so. For more information, see [How to Manually Add an Application](how-to-manually-add-an-application.md). - -**Note**   -To import an application, you must have its sequenced Open Software Descriptor (OSD) file or its Sequencer Project (SPRJ) file available on the server. - - - -When importing an application, you should make sure the server is configured with a value in the **Default Content Path** field on the **General** tab of the **System Options** dialog (accessible by right-clicking the **Application Virtualization System** node in the App-V Server Console). The default content path value defines where the applications will be imported, and during the import process, this value is used to modify the paths defined in the OSD file for the SFT file and for the icon shortcuts. In the OSD file, the path for the SFT file is specified in the CODEBASE HREF entry and the path for the icons is specified in the SHORTCUTS entry. - -During the import process, the protocol, server, and, if present, port specified in these two paths in the OSD file will be replaced with the value from the default content path. The following table provides an example of how the import path will be affected. - - ----- - - - - - - - - - - - - - - -
Default Content PathOSD File CODEBASE HREFResulting Value

\server\content</p>

http://WebServer/myFolder/package.sft

\server\content\myFolder\package.sft

- - - -**To import an application** - -1. Right-click the **Applications** node in the left pane, and choose **Import Applications**. - -2. In the **Open** dialog box, navigate to the application's SPRJ or OSD file. Highlight the file and click **Open**. - -3. In the **New Application Wizard**, be sure the **Enabled** box is selected for applications you want to stream. There you can also enter a description and verify the server and file paths. Also, if you have set up license and server groups, you can select those. - -4. Click **Next**. - -5. On the **Published Shortcuts** screen, select the boxes for the locations where you would like the application shortcuts to appear on the client computers. - -6. Click **Next**. - -7. In the **File Associations** screen, you can add new file associations to this application. To do so, click **Add**, enter the extension (without a preceding dot), enter a description, and click **OK**. - - **Note**   - Applications sequenced with Sequencer 4.0 populate the **File Associations** dialog box when you import or create them through the management console. Applications with previous Sequencer version packages do not. - - - -8. Click **Next**. - -9. In the **Access Permissions** screen, click **Add**. - -10. Complete the **Select Groups** dialog box. When you finish, click **OK**. - -11. Click **Next**. - -12. On the **Summary** screen, you can review the import settings. Click **Finish**, or click **Back** to change the import or click **Cancel** to cancel the import. - -## Related topics - - -[How to Manage Application Groups in the Server Management Console](how-to-manage-application-groups-in-the-server-management-console.md) - -[How to Manage Applications in the Server Management Console](how-to-manage-applications-in-the-server-management-console.md) - -[How to Manually Add an Application](how-to-manually-add-an-application.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-install-a-database.md b/mdop/appv-v4/how-to-install-a-database.md deleted file mode 100644 index da440a18ff..0000000000 --- a/mdop/appv-v4/how-to-install-a-database.md +++ /dev/null @@ -1,95 +0,0 @@ ---- -title: How to Install a Database -description: How to Install a Database -author: dansimp -ms.assetid: 52e3a19d-b7cf-4f2c-8268-0f8361cc9766 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Install a Database - - -You can use the following procedure to install a database for your server-based deployment of Application Virtualization if a database is not already available. Typically, in a production environment, you will connect to an existing database. - -**Important**   -To install the database, you must use a network account with the appropriate permissions. If your organization requires that only database administrators are allowed to create and conduct database upgrades, scripts are available that allow this task to be performed. - - - -**To install a database** - -1. Navigate to the location of the Application Virtualization System setup program on the network, either run this program from the network or copy its directory to the target computer, and then double-click **Setup.exe**. - -2. On the **Welcome Page**, click **Next**. - -3. On the **License Agreement** page, to accept the license agreement, select **I accept the license terms and conditions**, and click **Next**. - -4. On the **Registering Information** page, specify the **User Name** and **Organization** information, and then click **Next**. - -5. On the **Setup Type** page, select **Custom** and then click **Next**. - -6. On the **Custom Setup** page, deselect all Application Virtualization System components except **Application Virtualization Server**, and then click **Next**. - - **Note**   - If a component is already installed on the computer, by deselecting it on the **Custom Setup** screen it will automatically be uninstalled. - - - -7. On the **Database Server** page, type the passwords, assign an installation path, save the information, and click **Next**. - -8. Select a name for the database, and then click **Next**. - - **Note**   - If error 25109 is displayed when you try to complete this step, you have incorrectly set up the permissions necessary to install the database. For details on setting up the necessary SQL permissions, please see . - - - -9. On the **Directory Server** screen, enter a domain name and credentials that Application Virtualization Servers and the Management Web Service will use to access your domain controller, save this information, and then click **Next**. - - **Note**   - The installation will default to the domain of the current computer. - - - -10. On the **Administrator Group** page, enter the name of a group that will have Administrator privileges, save this information, and then click **Next**. - - **Note**   - You can also enter the first few characters of the name of a group that will have Administration privileges, click **Next**, and on the **Select Administrator Group** screen, select the group from the resulting list. Then save this information and click **Next**. - - - -11. On the **Default Provider Group** page, enter the complete name of a group that will control access to applications, save this information, and then click **Next**. - - **Note**   - You can also enter the first few characters of the name of a group that will control access to applications, click **Next**, and on the **Select Default Provider Group** screen, select the group in the list. Then save this information and click **Next**. - - - -12. On the **Installation Wizard Completed** page, to close the wizard, click **Finish**. - - **Important**   - The installation can take a few minutes to finish. A status message will flash above the Windows desktop notification area, indicating whether the installation succeeded. - - - -## Related topics - - -[How to Install the Servers and System Components](how-to-install-the-servers-and-system-components.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-install-and-configure-the-app-v-management-console-for-a-more-secure-environment.md b/mdop/appv-v4/how-to-install-and-configure-the-app-v-management-console-for-a-more-secure-environment.md deleted file mode 100644 index ba2ed5bf33..0000000000 --- a/mdop/appv-v4/how-to-install-and-configure-the-app-v-management-console-for-a-more-secure-environment.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: How to Install and Configure the App-V Management Console for a More Secure Environment -description: How to Install and Configure the App-V Management Console for a More Secure Environment -author: dansimp -ms.assetid: 9d89ef09-cdbf-48fc-99da-b24fc987ef8f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Install and Configure the App-V Management Console for a More Secure Environment - - -The default installation of the App-V Management Console includes support for secure communications. Each Management Console is configured on a per-connection basis when the console is started for the first time or when connecting to an additional App-V Web Management Service. The default configuration uses SSL over TCP port 443. You can change the port number if the port number was modified on the server. You can use the following procedure to connect to an App-V Web Management Service by using a secure connection. - -**How to Connect to an App-V Management Service by Using an SSL Connection** - -1. Start the Application Virtualization Management Console. - -2. Click **Configure Connection** in the actions pane of the console. - -3. Type the **Web Service Host Name**, and ensure that **Use Secure Connection** is selected. - - **Important**   - The name provided in the Web Service Host Name must match the common name on the certificate, or the connection will fail. - - - -4. Select the appropriate login credentials, and click **OK**. - -## Related topics - - -[Configuring Certificates to Support the App-V Web Management Service](configuring-certificates-to-support-the-app-v-web-management-service.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-install-and-configure-the-default-application.md b/mdop/appv-v4/how-to-install-and-configure-the-default-application.md deleted file mode 100644 index 529a24aadc..0000000000 --- a/mdop/appv-v4/how-to-install-and-configure-the-default-application.md +++ /dev/null @@ -1,105 +0,0 @@ ---- -title: How to Install and Configure the Default Application -description: How to Install and Configure the Default Application -author: dansimp -ms.assetid: 5c5d5ad1-af40-4f83-8234-39e972f2c29a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Install and Configure the Default Application - - -The default application is provided as part of the installation and is automatically copied to the Microsoft Application Virtualization (App-V) Management Server during installation. It is used to verify that the Management Server was installed and configured correctly, but it has to be published to the Microsoft Application Virtualization (App-V) Client so that the user can access it. - -Use the following procedures to publish the default application and to stream it. - -**To publish the default application** - -1. Log on to the App-V Management Server by using an account that is a member of the App-V Administrators group specified during installation. - -2. On the App-V Management Server, click **Start**, click **Administrative Tools**, and then click **Application Virtualization Management Console**. - -3. In the App-V Management Console, click **Actions**, and then click **Connect to Application Virtualization System**. - -4. On the **Configure Connection** page, clear the **Use Secure Connection** check box. - -5. In the **Web Service Host Name** box, type the fully qualified domain name (FQDN) of the App-V Management Server, and then click **OK**. - - **Note**   - You can also use **localhost** for the Web Service Host name if it is installed on the Management Server. - - - -6. In the App-V Management Console, right-click the **Server** node, and click **System Options**. - -7. On the **General** tab, in the **Default Content Path** box, enter the Universal Naming Convention (UNC) path to the Content folder you created on the server during installation; for example, \\\\<Server Name>\\Content, and then click **OK**. - - **Important**   - Use the FQDN for the server name so that the client can resolve the name correctly. - - - -8. In the App-V Management Console, in the navigation pane, expand the **Server** node, and then click **Applications**. - -9. In the topic pane, click **Default Application**, and then, in the **Actions** pane, click **Properties**. - -10. In the **Properties** dialog box, next to the **OSD Path** box, click **Browse**. - -11. In the **Open** dialog box, enter the UNC path to the Content folder you created on the server during installation; for example, \\\\<Server Name>\\Content, and press ENTER. You must use the actual server name and cannot use the **localhost** here. - - **Important**   - Ensure that the values in both the **OSD Path** and **Icon Path** boxes are in UNC format (for example, \\\\<Server Name>\\Content\\DefaultApp.ico), and point to the Content folder you created when installing the server. Do not use **localhost** or a file path containing a drive letter such as C:\\Program Files\\..\\..\\Content. - - - -12. Select the DefaultApp.osd file, and click **Open**. - -13. Repeat the previous steps to configure the icon path. - -14. Click the **Access Permissions** tab, and confirm that the App-V Users group has access permissions to the application. - -15. Click the **Shortcuts** tab, and then click **Publish to User’s Desktop**. Click **OK**. - -16. Open Windows Explorer, and locate the Content directory. - -17. Double-click the DefaultApp.osd file, and open it with Notepad. - -18. Locate the line that contains the **HREF** tag, and change it to the following code: - - `CODEBASEHREF=”RTSP://:554/DefaultApp.sft”` - - Or, if you are using RTSPS: - - `CODEBASEHREF=”RTSPS://:322/DefaultApp.sft”` - -19. Close the DefaultApp.osd file, and save the changes. - -**To stream the default application** - -1. On the computer that has the App-V Client installed, log on as a user who is a member of the Application Virtualization Users group specified during server installation. - -2. On the desktop, the **Default Application Virtualization Application** shortcut appears. Double-click the shortcut to start the application. - -3. A status bar, displayed above the Windows notification area, reports that the application is starting. If the application startup is successful, the title screen for the default application is displayed. Click **OK** to close the dialog box. You have now confirmed that the App-V system is running correctly. - -## Related topics - - -[How to Configure Servers for Server-Based Deployment](how-to-configure-servers-for-server-based-deployment.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-install-application-virtualization-management-server.md b/mdop/appv-v4/how-to-install-application-virtualization-management-server.md deleted file mode 100644 index 9fff92bc25..0000000000 --- a/mdop/appv-v4/how-to-install-application-virtualization-management-server.md +++ /dev/null @@ -1,123 +0,0 @@ ---- -title: How to Install Application Virtualization Management Server -description: How to Install Application Virtualization Management Server -author: dansimp -ms.assetid: 8184be79-8c27-4328-a3c1-183791b5556c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Install Application Virtualization Management Server - - -The Application Virtualization Management Server publishes its applications to clients. In a load-balanced environment, which is typical of large deployments, all servers in a server group should stream the same applications. If Application Virtualization Management Servers are to publish different applications, assign the servers to different server groups. In this case, you also might need to increase a server group's capacity. - -If you have designated a target computer on the network, with a login account having local Administrator privileges, you can use the following procedure to install the Application Virtualization Management Server and assign it to the appropriate server group. - -**Note** -The Installation Wizard can create a server group record, if one does not exist, as well as a record of the Application Virtualization Management Server's membership in this group. - - - -After you complete the installation process, reboot the server. - -**To install an Application Virtualization Management Server** - -1. Verify and, if necessary, uninstall previous versions of the Application Virtualization Management Server that are installed on the target computer. - -2. To open the **Microsoft Application Virtualization Management Server installation** wizard, navigate to the location of the Application Virtualization System **setup.exe** program on the network, either run this program from the network or copy its directory to the target computer, and then double-click the **Setup.exe** file. - -3. On the **Welcome** page, click **Next**. - -4. On the **License Agreement** page, read the license agreement and, to accept the license agreement, select **I accept the license terms and conditions**. Click **Next**. - -5. On the **Registering Information** page, you must enter the user name and the **Organization**. Click **Next**. - -6. On the **Setup Type** page, select **Custom**. Click **Next**. On the **Custom Setup** page, deselect all Application Virtualization System components except **Application Virtualization Server**, and then click **Next**. - - **Caution** - If a component is already installed on the computer, when you deselect it in the **Custom Setup** window, the component is automatically uninstalled. - - - -7. On the **Configuration Database** page, select a database server from the list of available servers or add a server by selecting **Use the following host name** and specifying the **Server Name** and **Port Number** data. Click **Next**. - - **Note** - The Application Virtualization Management Server does not support case sensitive SQL. - - - -~~~ -If a database is available, click the radio button, select the database from the list, and then click **Next**. Setup will upgrade it to this newer version. If the name does not appear in the list, enter the name in the space provided. - -**Note** -When naming a server, do not use the backslash character (/) in the server name. - -If you need to install a database, see [How to Install a Database](how-to-install-a-database.md). If you would like to create a new database for this version, select **Create a new database** and specify the name that will be assigned to the new database. You can also specify a new location for the database by selecting the check box and entering the path. -~~~ - - - -8. On the **Connection Security Mode** page, select the desired certificate from the drop-down list. Click **Next**. - - **Note** - The **Secure Connection Mode** setting requires the server to have a server certificate provisioned to it from a public key infrastructure. If a server certificate is not installed on the server, this option is unavailable and cannot be selected. You must grant the Network Service account read access to the certificate being used. - - - -9. On the **TCP Port Configuration** page, to use the default port (554), select **Use default port (554)**. To specify a custom port, select **Use custom port** and specify the port number that will be used. Click **Next**. - - **Note** - When you install the server in a nonsecure environment, you can use the default port (554) or you can define a custom port. - - - -10. On the **Administrator Group** page, specify the name of the security group authorized to manage this server in **Group Name**. Click **Next**. Confirm the group specified and click **Next**. - -11. On the **Default Provider Group** page, specify the name of the default provider group, and then click **Next**. - -12. On the **Content Path** page, specify the location on the target computer where SFT files will be saved, and then click **Next**. - - **Note** - If the HTTP or RTSP port for the Management Server is already allocated, you will be prompted to choose a new port. Select the desired port, and then click **Next**. - - - -13. On the **Ready to Install the Program** page, to install the Application Virtualization Management Server, click **Install**. - - **Note** - If error 25120 is displayed when you try to complete this step, you need to enable IIS **Management Scripts and Tools**. To enable this Windows feature, open the **Programs and Features** control panel, select **Turn Windows features on or off**, and navigate to **Internet Information Services.** - - Under **Web Management Tools**, enable **IIS Management Scripts and Tools**. - - - -14. On the **Installation Wizard Completed** screen, to close the wizard, click **Finish**. - - **Important** - The installation can take a few minutes to finish. A status message will flash above the Windows desktop notification area, indicating that the installation succeeded. - - It is not necessary to reboot the computer when prompted. However, to optimize system performance, a reboot is recommended. - - - -## Related topics - - -[How to Install the Servers and System Components](how-to-install-the-servers-and-system-components.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-install-the-app-v-client-by-using-setupexe-new.md b/mdop/appv-v4/how-to-install-the-app-v-client-by-using-setupexe-new.md deleted file mode 100644 index 37596836cd..0000000000 --- a/mdop/appv-v4/how-to-install-the-app-v-client-by-using-setupexe-new.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: How to Install the App-V Client by Using Setup.exe -description: How to Install the App-V Client by Using Setup.exe -author: dansimp -ms.assetid: 106a5d97-b5f6-4a16-bf52-a84f4d558c74 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Install the App-V Client by Using Setup.exe - - -This topic describes how to install the App-V client by using the setup.exe program. When you install the App-V client using the setup.exe program, the installer determines which prerequisite software is needed and installs it automatically before it installs the client. - -**To install the Application Virtualization Client by Using Setup.exe** - -1. Make sure you are logged on with an account that has administrator rights on the computer. - -2. Open a Command Prompt window, and then change the directory to the folder that contains the setup files. When installing version 4.6 or a later version of the App-V client, you must use the correct installer for the computer’s operating system, 32-bit or 64-bit. The installation will fail and an error message will be displayed if you use the wrong installer. - -3. Enter the install command string at the command prompt. Alternatively, you can create a command file and run it from the command prompt. You can also use a scripting language such as VBScript or Windows PowerShell to run the command. - -4. The following command-line example shows how setup.exe can be used with a number of optional parameters. For more information about these parameters, see [Application Virtualization Client Installer Command-Line Parameters](application-virtualization-client-installer-command-line-parameters.md). - - **"setup.exe" /s /v"/qn SWICACHESIZE=\\"10240\\" SWIPUBSVRDISPLAY=\\"Production System\\" SWIPUBSVRTYPE=\\"HTTP /secure\\" SWIPUBSVRHOST=\\"PRODSYS\\" SWIPUBSVRPORT=\\"443\\" SWIPUBSVRPATH=\\"/AppVirt/appsntype.xml\\" SWIPUBSVRREFRESH=\\"on\\" SWIGLOBALDATA=\\"D:\\AppVirt\\Global\\" SWIUSERDATA=\\"^% LOCALAPPDATA ^%\\Windows\\Application Virtualization Client\\" SWIFSDRIVE=\\"Q\\""** - - **Important**   - - The quotation marks that appear in the "**/v**" section must be treated as special characters and entered with a preceding "**\\**". The quotation marks are required only when the value contains a space; however, for consistency, all the instances in the preceding example are shown as having quotation marks. - - - The "**%**" characters in "**%HomeDrive%**" must be preceded by the "**^**" escape character. Otherwise, the Windows command shell sets the value to that of the user who is performing the installation. - - - The **InstallShield** switches **/s** and **/qn** are needed to make this a silent install. The **/qn** switch must follow the **/v** switch, separated by only a quote character with no intervening spaces. - - - The folder specified in the **SWIGLOBALDATA** value must already exist. - -   - -5. When the installation is complete, we recommend that you run a Microsoft Update scan to ensure the latest updates are installed. - -## Related topics - - -[How to Install the Client by Using the Command Line](how-to-install-the-client-by-using-the-command-line-new.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-install-the-app-v-client-by-using-setupmsi-new.md b/mdop/appv-v4/how-to-install-the-app-v-client-by-using-setupmsi-new.md deleted file mode 100644 index 5485cfe6f6..0000000000 --- a/mdop/appv-v4/how-to-install-the-app-v-client-by-using-setupmsi-new.md +++ /dev/null @@ -1,187 +0,0 @@ ---- -title: How to Install the App-V Client by Using Setup.msi -description: How to Install the App-V Client by Using Setup.msi -author: dansimp -ms.assetid: 7221f384-36d6-409a-94a2-86f54fd75322 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Install the App-V Client by Using Setup.msi - - -This topic describes how to install the App-V client by using the setup.msi program. Before you install the App-V client using the setup.msi program, you must first determine if any prerequisite software must be installed, and then you must install it. To install the prerequisite software, see the [Installing Prerequisite Software](#prereq-sw) section of this topic. To install the client software, see the [Installing the App-V Client Using the Setup.msi Program](#msi-setup) section of this topic. - -## Installing Prerequisite Software - - -You can use the following procedures to install the prerequisite software. You can create a command file and run the commands from the command prompt, or you can use a scripting language such as VBScript or Windows PowerShell to run the commands. - -**Note**   -The x86 versions of the following software are required for both x86 and x64 versions of the App-V client. - - - -**To install Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)** - -1. Download the [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=119961) software package from the Microsoft Download Center (). \[Template Token Value\] For version 4.5 SP2 and later of the App-V client, download vcredist\_x86.exe from [Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update](https://go.microsoft.com/fwlink/?LinkId=169360) (https://go.microsoft.com/fwlink/?LinkId=169360).\[Template Token Value\] - -2. To install silently, use the command-line option “/Q” with vcredist\_x86.exe—for example, **vcredist\_x86.exe /Q**. - -3. To install the software by using the vcredist\_x86.msi file, use the command-line option “/C /T:<fullpathtofolder>” to extract the files vcredist.msi and vcredis1.cab from vcredist\_x86.exe to a temporary folder. To install silently, use the command-line option /quiet—for example, **msiexec /i vcredist.msi** /quiet. - -### To install Microsoft Visual C++ 2008 SP1 Redistributable Package (x86) - -**Important**   -For version 4.6 and later of the App-V client, you must also install the Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package ATL Security Update. - - - -**** - -1. Download the [Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package ATL Security Update](https://go.microsoft.com/fwlink/?LinkId=150700) software package from the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=150700). - -2. To install silently, use the command-line option “/Q” with vcredist\_x86.exe—for example, **vcredist\_x86.exe /Q**. - -### To install Microsoft Core XML Services (MSXML) 6.0 SP1 (x86) - -**** - -1. Download the [Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)](https://go.microsoft.com/fwlink/?LinkId=63266) software package from the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=63266). - -2. To install silently, use the command-line option /quiet—for example, **msiexec /i msxml6\_x86.msi /quiet**. - -### To install Microsoft Application Error Reporting - -When installing Microsoft Application Error Reporting, you must use the *APPGUID* parameter to specify the App-V product code. The product code is unique for each App-V client type and version. Select the correct product code from the following table. - -**Important**   -For App-V 4.6 SP2 and later, you no longer need to install Microsoft Application Error Reporting (dw20shared.msi). App-V now uses Microsoft Error Reporting. - - - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
VersionProduct Code for Desktop ClientProduct Code for Client for Remote Desktop Services

App-V 4.5 CU1

FE495DBC-6D42-4698-B61F-86E655E0796D

8A97C241-D92A-47DC-B360-E716C1AAA929

App-V 4.5 SP1

93468B43-C19D-44F9-8BCC-114076DB0443

0042AD3C-99A4-4E58-B5F0-744D5AD96E1C

App-V 4.5 SP2

C6FC75B9-7D86-4C44-8BDB-EAFE1F0E200D

ECF80BBA-CA07-4A74-9ED6-E064F38AF1F5

App-V 4.6 x86

9E9D30B2-2065-4FDE-B756-8F1A6EABAFC3

439FAC21-B423-41D4-8126-54F9FCB70039

App-V 4.6 x64

E569E45F-7BA6-4C7F-B6BA-3FFCBE92FC22

D2977C18-D88A-47CB-AFD8-652DD36F4D0D

App-V 4.6 x86 ¹

40C3258B-F9D1-46DF-AE97-72C1F86F2427

9915D911-CC73-4122-AF4F-564F89454655

App-V 4.6 x64 ¹

1650E31F-23B8-40B5-A60A-C5934F557E3B

7580D918-C621-49E7-9877-3CC59F9BD1DA

App-V 4.6 x86 SP1

DB9F70CD-29BC-480B-8BA2-C9C2232C4553

1354855A-2298-4C73-9022-EF0686C65991

App-V 4.6 x64 SP1

342C9BB8-65A0-46DE-AB7A-8031E151AF69

B2C6C8D5-FE76-4056-A326-EE5D633EA175

- - - -¹ App-V “Languages” release. - -**Note**   -If you need to find the product code, you can use the Orca.exe database editor or a similar tool to examine Windows Installer files to find the value of the *ProductCode* property. For more information about using Orca.exe, see [Windows Installer Development Tools](https://go.microsoft.com/fwlink/?LinkId=150008) (https://go.microsoft.com/fwlink/?LinkId=150008). - - - -**** - -1. Locate the Microsoft Application Error Reporting install program, dw20shared.msi, which can be found in the **Support\\Watson** folder on the release media. - -2. To install the software, run the following command: - - **msiexec /i dw20shared.msi APPGUID={valuefromtable} REBOOT=Suppress REINSTALL=ALL REINSTALLMODE=vomus** - -## Installing the App-V Client by Using the Setup.msi Program - - -Use the following procedure to install the App-V client. Ensure that any necessary prerequisite software has been installed. \[Template Token Value\] For version 4.6 and later of the App-V client, the setup.msi program checks the system and if prerequisite software is not installed, it generates an error message indicating that installation cannot continue. \[Template Token Value\] - -**To install the Application Virtualization Client by Using Setup.msi** - -1. Make sure you are logged on with an account that has administrator rights on the computer. - -2. Open a Command Prompt window by using elevated rights, and then change the directory to the folder that contains the setup files. When installing version 4.6 or a later version of the App-V client, you must use the correct installer for the computer’s operating system, 32-bit or 64-bit. The installation will fail and an error message will be displayed if you use the wrong installer. - -3. Enter the install command string at the command prompt. Alternatively, you can create a command file and run it from the command prompt. You can also use a scripting language such as VBScript or Windows PowerShell to run the command. - -4. The following command-line example shows how setup.msi can be used with a number of optional parameters. For more information about these parameters, see [Application Virtualization Client Installer Command-Line Parameters](application-virtualization-client-installer-command-line-parameters.md). - - **msiexec.exe /i "setup.msi" SWICACHESIZE="10240" SWIPUBSVRDISPLAY="Production System" SWIPUBSVRTYPE="HTTP /secure" SWIPUBSVRHOST="PRODSYS" SWIPUBSVRPORT="443" SWIPUBSVRPATH="/AppVirt/appsntype.xml" SWIPUBSVRREFRESH="on" SWIGLOBALDATA="D:\\AppVirt\\Global" SWIUSERDATA="^% LOCALAPPDATA^%\\Windows\\Application Virtualization Client" SWIFSDRIVE="S" /q** - - **Important**   - - The Windows Installer switch "**/q**" is used to make this a silent installation. - - - The "**%**" characters in "**%HomeDrive%**" must be preceded by the "**^**" escape character. Otherwise, the Windows command shell sets the value to that of the user who is performing the installation. - - - To turn on installation logging, use the msiexec switch **/l\*v filename.log**. - - - -## Related topics - - -[How to Install the Client by Using the Command Line](how-to-install-the-client-by-using-the-command-line-new.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-install-the-application-virtualization-sequencer.md b/mdop/appv-v4/how-to-install-the-application-virtualization-sequencer.md deleted file mode 100644 index 5cf9e908d7..0000000000 --- a/mdop/appv-v4/how-to-install-the-application-virtualization-sequencer.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: How to Install the Application Virtualization Sequencer -description: How to Install the Application Virtualization Sequencer -author: dansimp -ms.assetid: 89cdf60d-18b0-4204-aa9f-b402610f8f0e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Install the Application Virtualization Sequencer - - -The Microsoft Application Virtualization Sequencer monitors and records the installation and setup process for applications so that the application can be run as a virtual application. You should install the Sequencer on a computer that has only the operating system installed. Alternatively, you can install the Sequencer on a computer running a virtual environment—for example, Microsoft Virtual PC. This method is useful because it is easier to maintain a clean sequencing environment that can be reused with minimal additional configuration. - -You must have administrative rights on the computer you are using to sequence the application and the computer must not be running any version of the Application Virtualization (App-V) client. Creating a virtual application by using the Sequencer is very resource intensive, so it is important that you install the Sequencer on a computer that meets or exceeds the recommended requirements. Running the App-V sequencer in Safe Mode is not supported. For more information about the system requirements, see [Application Virtualization System Requirements](application-virtualization-system-requirements.md). - -**Important**   -After you have sequenced an application, before you can properly sequence a new application you must reinstall the operating system and the Sequencer on the computer you are using to sequence applications. - - - -**To install the Microsoft Application Virtualization Sequencer** - -1. Copy the Microsoft Application Virtualization Sequencer installation files to the computer that you want to install it on. - -2. To start the Microsoft Application Virtualization Sequencer installation wizard, select **setup.exe**. If the **Microsoft Visual C++ SP1 Redistributable Package (x86)** is not detected prior to installation, **setup.exe** will install it. - -3. On the **Welcome** page, click **Next**. - -4. On the **License Agreement** page, to accept the terms of the license agreement, select **I accept the terms in the license agreement**. Click **Next**. - -5. On the **Destination Folder** page, to accept the default installation folder, click **Next**. To specify a different destination folder, click **Change** and specify the installation folder that will be used for the installation. Click **Next**. - -6. On the **Ready to Install the Program** page, to start the installation, click **Install**. - -7. On the **InstallShield Wizard Completed** page, to close the installation wizard and open the Sequencer, click **Finish**. To close the installation wizard without opening the Sequencer, deselect **Launch the program** and click **Finish**. - -## Related topics - - -[How to Upgrade the Application Virtualization Sequencer](how-to-upgrade-the-application-virtualization-sequencer.md) - -[Application Virtualization Deployment Requirements](application-virtualization-deployment-requirements.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-install-the-application-virtualization-streaming-server.md b/mdop/appv-v4/how-to-install-the-application-virtualization-streaming-server.md deleted file mode 100644 index b6facad249..0000000000 --- a/mdop/appv-v4/how-to-install-the-application-virtualization-streaming-server.md +++ /dev/null @@ -1,123 +0,0 @@ ---- -title: How to Install the Application Virtualization Streaming Server -description: How to Install the Application Virtualization Streaming Server -author: dansimp -ms.assetid: a3065257-fb5a-4d92-98f8-7ef996c61db9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Install the Application Virtualization Streaming Server - - -The Application Virtualization Streaming Server publishes its applications to clients. In a load-balanced environment, which is typical of large deployments, all servers in a server group should stream the same applications. If Application Virtualization Streaming Servers are to stream different applications, assign the servers to different server groups. In this case, you might also have to increase a server group's capacity. - -If you have designated a target computer on the network, with a logon account having local administrative privileges, you can use the following procedure to install the Application Virtualization Streaming Server and assign it to the appropriate server group. - -**Note**   -The Installation Wizard can create a server group record, if one does not exist, and a record of the Application Virtualization Streaming Server membership in this group. - - - -After you complete the installation process, restart the server. - -**To install an Application Virtualization Streaming Server** - -1. Verify that no earlier versions of the Application Virtualization Streaming Server are installed on your target computer. - - **Important**   - Make sure that the App-V Management Server is not installed on this computer. The two products cannot be installed on the same computer. - - - -2. Navigate to the location of the Application Virtualization System Setup program on the network, either run this program from the network or copy its directory to the target computer, and then double-click the **Setup.exe** file. - -3. On the **Welcome** page, click **Next**. - -4. On the **License Agreement** page, to accept the license terms, select **I accept the licensing terms and conditions**, and then click **Next**. - -5. On the **Customer Information** page, specify the **User name** and the organization, and then click **Next**. - -6. On the **Installation Path** page, click **Browse**, specify the location where you want to install the Streaming Server, and then click **Next**. - -7. On the **Connection Security Mode** page, select the desired certificate from the drop-down list, and then click **Next**. - - **Note**   - The **Secure Connection Mode** setting requires the server to have a server certificate provisioned to it from a public key infrastructure. If a server certificate is not installed on the server, this option is unavailable and cannot be selected. You must grant the Network Service account read access to the certificate being used. - - - -8. On the **TCP Port Configuration** page, to use the standard port (554), select **Use default port (554)**. To specify a custom port, select **Use custom port**, specify the port number in the field provided, and then click **Next**. - - **Note**   - When you install the server in a nonsecure scenario, you can use the default port (554), or you can define a custom port. - - - -9. On the **Content Root** page, specify the location on the target computer where SFT files will be saved, and then click **Next**. - - **Note**   - If the HTTP or RTSP port for the Virtual Application Streaming Server is already allocated, you will be prompted to select a new port. Specify the desired port, and then click **Next**. - - - -10. On the **Advanced Setting** screen, enter the following information: - - 1. **Max client connections** - - 2. **Connection timeout (sec)** - - 3. **RTSP thread pool size** - - 4. **RTSP timeout (sec)** - - 5. **Number of core processes** - - 6. **Core timeout (sec)** - - 7. **Enable User authentication** - - 8. **Enable User authorization** - - 9. **Cache block size (KB)** - - 10. **Maximum cache size (MB)** - - **Note**   - The App-V Streaming Server uses NTFS file system permissions to control access to the applications under the Content share. Use **Enable User authentication** and **Enable User authorization** to control whether the server checks and enforces those access control lists (ACLs) or not. - - - -11. On the **Ready to Install the Program** page, to start the installation, click **Install**. - -12. On the **Installation Wizard Completed** screen, to close the wizard, click **Finish**. - - **Important**   - The installation can take several minutes to finish. A status message will flash above the Windows desktop notification area, indicating that the installation succeeded. - - It is not required to restart the computer when you are prompted. However, to optimize system performance, we recommend a restart. - - - -13. Repeat Steps 1–12 for each Virtual Application Server that you have to install. - -## Related topics - - -[How to Install the Servers and System Components](how-to-install-the-servers-and-system-components.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-install-the-client-by-using-the-command-line-new.md b/mdop/appv-v4/how-to-install-the-client-by-using-the-command-line-new.md deleted file mode 100644 index 69e3331059..0000000000 --- a/mdop/appv-v4/how-to-install-the-client-by-using-the-command-line-new.md +++ /dev/null @@ -1,74 +0,0 @@ ---- -title: How to Install the Client by Using the Command Line -description: How to Install the Client by Using the Command Line -author: dansimp -ms.assetid: ed372403-64ff-48ff-a3cd-a46cad04a4d5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Install the Client by Using the Command Line - - -The topics in this section include procedures to install either the Application Virtualization (App-V) Desktop Client or the App-V Client for Remote Desktop Services (formerly Terminal Services) by using either setup.exe or setup.msi. Administrative rights are required to run either setup program. - -You can use optional command-line parameters to apply specific configuration settings to the App-V client during the installation. For more information about using parameters, see [Application Virtualization Client Installer Command-Line Parameters](application-virtualization-client-installer-command-line-parameters.md). If you have applied registry settings to a computer before deploying a client—for example, by using Group Policy—these settings are retained and any additional command line parameters are applied. Command line parameter values will replace any existing value for the same setting. - -**Note**   -When you install the App-V client to use with a read-only cache, for example with a VDI server implementation, you must set the *AUTOLOADTARGET* parameter to NONE to prevent the client from trying to update applications when the cache is read-only. - - - -For more information about setting these parameter values after installation, see [How to Configure the App-V Client Registry Settings by Using the Command Line](https://go.microsoft.com/fwlink/?LinkId=169355) (https://go.microsoft.com/fwlink/?LinkId=169355) in the Application Virtualization (App-V) Operations Guide. - -**Note**   -If a configuration setting on the user’s computer depends on the client installation path, note that the Application Virtualization (App-V) 4.5 client copies its installation files to a different folder than previous versions did. By default, a new installation of the App-V 4.5 client will copy its installation files to the \\Program Files\\Microsoft Application Virtualization Client folder. If an earlier version of the client is already installed, running the App-V 4.5 client installer will perform an upgrade of the existing client using the existing installation folder. - - - -\[Template Token Value\] - -**Note**   -For App-V version 4.6 and later, when the App-V client is installed, SFTLDR.DLL is copied to the Windows\\system32 directory. If the App-V client is installed on a 64-bit system, SFTLDR\_WOW64.DLL is copied to the Windows\\SysWOW64 directory. - - - -\[Template Token Value\] - -## In This Section - - -The following topics describe how to install either the Application Virtualization (App-V) Desktop Client or the App-V Client for Remote Desktop Services (formerly Terminal Services) by using either setup.exe or setup.msi. - -[How to Install the App-V Client by Using Setup.exe](how-to-install-the-app-v-client-by-using-setupexe-new.md) -Provides a step-by-step procedure for installing the App-V client by using the setup.exe program. - -[How to Install the App-V Client by Using Setup.msi](how-to-install-the-app-v-client-by-using-setupmsi-new.md) -Provides step-by-step procedures for installing any prerequisite software and also the App-V client by using the setup.msi program. - -## Related topics - - -[Application Virtualization Client Installer Command-Line Parameters](application-virtualization-client-installer-command-line-parameters.md) - -[How to Manually Install the Application Virtualization Client](how-to-manually-install-the-application-virtualization-client.md) - -[How to Publish a Virtual Application on the Client](how-to-publish-a-virtual-application-on-the-client.md) - -[How to Uninstall the App-V Client](how-to-uninstall-the-app-v-client.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-install-the-management-console.md b/mdop/appv-v4/how-to-install-the-management-console.md deleted file mode 100644 index df74e0f969..0000000000 --- a/mdop/appv-v4/how-to-install-the-management-console.md +++ /dev/null @@ -1,74 +0,0 @@ ---- -title: How to Install the Management Console -description: How to Install the Management Console -author: dansimp -ms.assetid: 586d99c8-bca6-42e2-a39c-a696053142f1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Install the Management Console - - -You can use the following procedure to install the Application Virtualization Management Console on a target computer on the network. You must use a network account that has administrator privileges on the target computer. You can use the console to configure and manage the Application Virtualization System Platform. - -Before you can complete this procedure, you must install the Application Virtualization Management Web Service on this or a different computer. The Management Web Service allows you to access the data store and the domain controller. For more information about installing the Web service, see [How to Install the Management Web Service](how-to-install-the-management-web-service.md). - -**To install the Management Console** - -1. Verify that no previous versions of the Management Console are installed on the target computer. - -2. Navigate to the location of the Application Virtualization System setup program on the network, either run this program from the network or copy its directory to the target computer, and then double-click **Setup.exe**. - -3. On the **Welcome Page**, click **Next**. - -4. On the **License Agreement** page, to accept the license agreement, select **I accept the license terms and conditions**, and then click **Next**. - -5. On the **Registration Information** page, specify the **User Name** and **Organization** information, and then click **Next**. - -6. On the **Setup Type** page, click **Custom** and then click **Next**. - -7. On the **Custom Setup** page, deselect all Application Virtualization System components except **Management Console**, and then click **Next**. - - **Note**   - If a component is already installed on the computer, by deselecting it on the Custom Setup screen, it will automatically be uninstalled. - - - -8. On the **Ready to Modify the Program** screen, click **Install**. - - **Note**   - If this is the first component you install, the **Ready to Install the Program** page is displayed. To start the installation, click **Install**. - - - -9. On the **Installation Wizard Completed** screen, click **Finish**. Click **Okay** to restart the computer and complete the installation. - -10. In the Windows Control Panel, double-click **Administrative Tools** and then click **Application Virtualization Management Console** to display the Management Console. - -11. Click the **Connect** icon, or right-click the **Application Virtualization Systems** container, and then click **Connect to Application Virtualization System**. - -12. On the **Connect to Application Virtualization System** screen, enter the host name and port of the Management Web Service computer, change the security information and login credentials if necessary, and then click **OK**. - -13. After connecting to the Management Web Service computer, click **File** on the **Console** menu, and then click **Exit**. Click **Yes** to save console settings. - -## Related topics - - -[How to Install the Servers and System Components](how-to-install-the-servers-and-system-components.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-install-the-management-web-service.md b/mdop/appv-v4/how-to-install-the-management-web-service.md deleted file mode 100644 index 72f0d59456..0000000000 --- a/mdop/appv-v4/how-to-install-the-management-web-service.md +++ /dev/null @@ -1,84 +0,0 @@ ---- -title: How to Install the Management Web Service -description: How to Install the Management Web Service -author: dansimp -ms.assetid: cac296f5-8ca0-4ce7-afdb-859ae207d2f1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Install the Management Web Service - - -Use the following procedure to install the Application Virtualization Management Web Service on a target computer on the network, with a logon account having local administrative privileges. Although it is not required, we recommended that you install this component on your Web server. - -**To install the Management Web Service** - -1. Verify that no previous versions of the Application Virtualization Web Service are installed on your target computer. - -2. Navigate to the location of the Application Virtualization System setup program on the network, either run this program from the network or copy its directory to the target computer, and then double-click **Setup.exe**. - -3. After the Installation Wizard opens, on the **Welcome** page, click **Next**. - -4. On the **License Agreement** page, to accept the license agreement, select **I accept the license terms and conditions**, and then click **Next**. - -5. On the **Registration Information** page, specify the **User Name** and organization information, and then click **Next**. - -6. On the **Setup Type** page, click **Custom**, and then click **Next**. - - **Note**   - If this is not the first component you installed on this computer, the **Program Maintenance** page is displayed. On the **Program Maintenance** page, click **Modify**. - - - -7. On the **Custom Setup** page, clear all Application Virtualization System components except **App Virt Management Service**, and then click **Next**. - - **Note**   - If a component is already installed on the computer, by clearing it on the **Custom Setup** page, you will automatically uninstall it. - - - -8. On the **Database Server** page, click **Connect to available database**, and then click **Next**. - - **Note**   - In a production environment, Microsoft assumes that you will connect to an existing database. If you want to install a database, see [How to Install a Database](how-to-install-a-database.md). After installing the database, continue with step 13. - - - -9. On the **Database Server Type** page, select a database type from the list, and then click **Next**. - -10. On the **Database Server Location** page, select a database server from the list of available servers or add a server by selecting the **Use the following host name** check box and entering information in the **Server Name** and **Port Number** boxes, and then click **Next**. - -11. On the **Select Database** page, select the database you want, and then click **Next**. - -12. On the **Database User Configuration** page, enter the credentials that the Management Web Service will use to access the data store, and then click **Next**. - -13. On the **Ready to Modify the Program** page, click **Install**. - - **Note**   - If this is the first component you install, the **Ready to Install the Program** page is displayed. On the page, click **Install**. - - - -14. On the **Installation Wizard Completed** page, click **Finish**. - -## Related topics - - -[How to Install the Servers and System Components](how-to-install-the-servers-and-system-components.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-install-the-sequencer---app-v-46-sp1-.md b/mdop/appv-v4/how-to-install-the-sequencer---app-v-46-sp1-.md deleted file mode 100644 index ea900036a2..0000000000 --- a/mdop/appv-v4/how-to-install-the-sequencer---app-v-46-sp1-.md +++ /dev/null @@ -1,81 +0,0 @@ ---- -title: How to Install the Sequencer (App-V 4.6 SP1) -description: How to Install the Sequencer (App-V 4.6 SP1) -author: dansimp -ms.assetid: fe8eb876-28fb-46ae-b592-da055107e639 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Install the Sequencer (App-V 4.6 SP1) - - -The Microsoft Application Virtualization (App-V) Sequencer monitors and records the installation and setup process for applications so that the application can be run as a virtual application. You should install the App-V Sequencer on a computer that has only the operating system installed. Alternatively, you can install the Sequencer on a computer running in a virtual environment, for example, a virtual computer. This method is useful because it is easier to maintain a clean sequencing environment that you can reuse with minimal additional configuration. - -You must have administrative credentials on the computer you are using to sequence the application, and the computer must not be running any version of App-V client. Creating a virtual application by using the App-V Sequencer requires multiple operations, so it is important that you install the Sequencer on a computer that meets or exceeds the [Application Virtualization Sequencer Hardware and Software Requirements](application-virtualization-sequencer-hardware-and-software-requirements.md). - -**Note** -Running the App-V sequencer in Safe Mode is not supported. - - - -**To install the Microsoft Application Virtualization Sequencer** - -1. Copy the Microsoft Application Virtualization Sequencer installation files to the computer on which you want to install it. - -2. To start the Microsoft Application Virtualization Sequencer installation wizard, double-click **Setup.exe**. If the **Microsoft Visual C++ SP1 Redistributable Package (x86)** is not detected prior to installation, click **Install** to install the required prerequisite. - -3. To continue the installation, on the **Welcome** page, click **Next**. - -4. On the **License Agreement** page, to accept the terms of the license agreement, click **I accept the terms in the license agreement**, and then click **Next**. - -5. On the **Destination Folder** page, to accept the default installation folder, click **Next**. To specify a different destination folder, click **Change** and specify the installation folder that will be used for the installation. Click **Next**. - -6. On the **Virtual Drive** page, to configure the Application Virtualization default drive **Q:\\** (default) as the drive that all sequenced applications will run from, click **Next**. If you want to specify a different drive letter, use the list and select the drive letter that you want to use by selecting the appropriate drive letter, and then click **Next**. - - **Important** - The Application Virtualization drive letter specified with this step is the drive letter that virtual applications will be run from on target computers. The drive letter specified must be available, and not currently in use on the computers running the App-V client. If the specified drive is already in use, the virtual application fails on the target computer. - - - -7. On the **Ready to Install the Program** page, to start the installation, click **Install**. - -8. On the **InstallShield Wizard Completed** page, to close the installation wizard and open the App-V Sequencer, click **Finish**. To close the installation wizard without opening the Sequencer, clear **Launch the program**, and then click **Finish**. - - **Note** - If you installed the App-V Sequencer on a computer running a virtual environment, for example a virtual machine, you must now take a snapshot. After you sequence an application, you can revert to this image, so you can sequence the next application. - - - -~~~ -When you uninstall the Sequencer, the following registry keys are not removed from the computer that the Sequencer was installed on. Additionally, you must restart the computer after you have uninstalled the Sequencer so that all associated drivers can be stopped and the operation can be completed. - -- **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\SoftGrid** - -- **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\SoftGrid\\4.5** - -- **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\SoftGrid\\4.5\\SystemGuard** - -- **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\SoftGrid\\4.5\\SystemGuard\\SecKey** -~~~ - -## Related topics - - -[Configuring the Application Virtualization Sequencer (App-V 4.6 SP1)](configuring-the-application-virtualization-sequencer--app-v-46-sp1-.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-install-the-sequencer.md b/mdop/appv-v4/how-to-install-the-sequencer.md deleted file mode 100644 index decce9699a..0000000000 --- a/mdop/appv-v4/how-to-install-the-sequencer.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: How to Install the Sequencer -description: How to Install the Sequencer -author: dansimp -ms.assetid: 2cd16427-a0ba-4870-82d1-3e3c79e1959b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Install the Sequencer - - -The Microsoft Application Virtualization (App-V) Sequencer monitors and records the installation and setup process for applications so that the application can be run as a virtual application. You should install the Sequencer on a computer that has only the operating system installed. Alternatively, you can install the Sequencer on a computer running a virtual environment—for example, Microsoft Virtual PC. This method is useful because it is easier to maintain a clean sequencing environment that can be reused with minimal additional configuration. - -You must have administrative rights on the computer you are using to sequence the application and the computer must be connected to the network. The computer must not be running any version of the Application Virtualization (App-V) client. Creating a virtual application using the Sequencer is very resource intensive, so it is important that you install the Sequencer on a computer that meets or exceeds the recommended requirements. For more information about the system requirements, see [Sequencer Hardware and Software Requirements](sequencer-hardware-and-software-requirements.md).. - -**To install the Microsoft Application Virtualization Sequencer** - -1. Copy the Microsoft Application Virtualization Sequencer installation files to the computer that you want to install it on. - -2. To start the Microsoft Application Virtualization Sequencer installation wizard, select **setup.exe**. If the **Microsoft Visual C++ SP1 Redistributable Package (x86)** is not detected prior to installation, **setup.exe** will install it. - -3. On the **Welcome** page, click **Next**. - -4. On the **License Agreement** page, to accept the terms of the license agreement, select **I accept the terms in the license agreement**. Click **Next**. - -5. On the **Destination Folder** page, to accept the default installation folder, click **Next**. To specify a different destination folder, click **Change** and specify the installation folder that will be used for the installation. Click **Next**. - -6. On the **Ready to Install the Program** page, to start the installation, click **Install**. - -7. On the **InstallShield Wizard Completed** page, to close the installation wizard and open the Sequencer, click **Finish**. To close the installation wizard without opening the Sequencer, deselect **Launch the program** and click **Finish**. - -## Related topics - - -[Configuring the Application Virtualization Sequencer](configuring-the-application-virtualization-sequencer.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-install-the-servers-and-system-components.md b/mdop/appv-v4/how-to-install-the-servers-and-system-components.md deleted file mode 100644 index d8d537d0e8..0000000000 --- a/mdop/appv-v4/how-to-install-the-servers-and-system-components.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: How to Install the Servers and System Components -description: How to Install the Servers and System Components -author: dansimp -ms.assetid: c6f5fef0-522a-4ef1-8585-05b292d0289b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Install the Servers and System Components - - -Before you can deliver applications to users, you must install the Microsoft Application Virtualization Platform components. The topics in this section provide the information required to install the Application Virtualization Servers and the other Application Virtualization System components. - -**Note**   -The procedures in this section take you through a customized installation, where you pick and choose components to install on separate computers, as recommended in a production environment. However, your operating procedures might dictate a different approach, and during the installation process you might want to group components together. Regardless of where you install the components, you can install them in any order. - - - -## In This Section - - -[How to Install Application Virtualization Management Server](how-to-install-application-virtualization-management-server.md) -Provides a step-by-step procedure for installing the Application Virtualization Management Server and assigning it to the appropriate server group. - -[How to Install the Application Virtualization Streaming Server](how-to-install-the-application-virtualization-streaming-server.md) -Provides a step-by-step procedure for installing the Application Virtualization Streaming Server and assigning it to the appropriate server group. - -[How to Install the Management Web Service](how-to-install-the-management-web-service.md) -Provides a step-by-step procedure for installing the Application Virtualization Management Web Service on a target computer on your network. - -[How to Install the Management Console](how-to-install-the-management-console.md) -Provides a step-by-step procedure for installing the Application Virtualization Management Console on a target computer on your network. - -[How to Install a Database](how-to-install-a-database.md) -Provides a step-by-step procedure for installing a database for your server-based deployment of Application Virtualization, if a database is not already available. - -[How to Remove the Application Virtualization System Components](how-to-remove-the-application-virtualization-system-components.md) -Provides step-by-step procedures to remove all or selected Application Virtualization software components from a target computer. - -## Related topics - - -[Application Virtualization Server-Based Scenario Overview](application-virtualization-server-based-scenario-overview.md) - -[How to Configure Servers for Server-Based Deployment](how-to-configure-servers-for-server-based-deployment.md) - -[How to Upgrade the Servers and System Components](how-to-upgrade-the-servers-and-system-components.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-load-files-and-packages.md b/mdop/appv-v4/how-to-load-files-and-packages.md deleted file mode 100644 index f70cbf6dc3..0000000000 --- a/mdop/appv-v4/how-to-load-files-and-packages.md +++ /dev/null @@ -1,58 +0,0 @@ ---- -title: How to Load Files and Packages -description: How to Load Files and Packages -author: dansimp -ms.assetid: f86f5bf1-99a4-44d7-ae2f-e6049c482f68 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Load Files and Packages - - -You can use the following procedure to load files and packages on Application Virtualization Servers. - -**Note**   -During the installation process, you specified the location of the \\Content directory on the **Content Path** page. This directory should be created and configured as a standard file share before you point to its location. - - - -**To load files and packages** - -1. On the computer from which you will stream applications, navigate to the location that you specified for the \\Content directory. If necessary, create the directory and configure it as a standard file share. - -2. Move the SFT files for the virtual applications and packages to the \\Content directory. To keep the SFT files organized and to avoid confusion, put applications and packages in dedicated subfolders. - -3. Load the applications and packages according to the requirements of your scenario and configuration, considering the following conditions: - - - If your applications and packages are stored on an Application Virtualization (App-V) Management Server, load them through the Management Console. For more information, see [How to Load or Unload an Application](how-to-load-or-unload-an-application.md) or [How to Load Virtual Applications from the Desktop Notification Area](how-to-load-virtual-applications-from-the-desktop-notification-area.md). - - - If your applications are stored on an App-V Streaming Server, a Web server, or a computer configured as a file server, the applications can be automatically loaded. - - **Note**   - The App-V Streaming Server automatically polls the \\Content directory for applications and packages and puts this information in RAM to service application requests. - - The App-V Clients must be properly configured to retrieve applications and packages from Web servers and file servers. For more information, see [How to Configure the Client for Application Package Retrieval](how-to-configure-the-client-for-application-package-retrieval.md). - - - -## Related topics - - -[Application Virtualization Server](application-virtualization-server.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-load-or-unload-an-application.md b/mdop/appv-v4/how-to-load-or-unload-an-application.md deleted file mode 100644 index 5dd97091a1..0000000000 --- a/mdop/appv-v4/how-to-load-or-unload-an-application.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: How to Load or Unload an Application -description: How to Load or Unload an Application -author: dansimp -ms.assetid: 8c149761-c591-433f-972b-91793a69c654 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Load or Unload an Application - - -You can use the following procedures to load or unload an application from the cache, directly from the **Results** pane of the **Application** node in the Application Virtualization Client Management Console. When you select this node, the **Results** pane displays a list of applications. - -**Note**   -When you load or unload a package, all the applications in the package are loaded into or removed from cache. When loading a package, if you do not have adequate space in cache to load the applications, increase your cache size. For more information about cache size, see [How to Change the Cache Size and the Drive Letter Designation](how-to-change-the-cache-size-and-the-drive-letter-designation.md). - - - -**To load an application** - -1. Move the cursor to the **Results** pane, right-click the desired application, and select **Load** from the pop-up menu. - -2. The application is automatically loaded. The progress is tracked in the column labeled **Package Status**. You must refresh the view to see that the load is complete or to see the progress. - -**To unload an application** - -1. Move the cursor to the **Results** pane, right-click the desired application, and select **Unload** from the pop-up menu. - -2. The application is automatically unloaded, and the **Package Status** column is updated to reflect the change. - -## Related topics - - -[How to Change the Cache Size and the Drive Letter Designation](how-to-change-the-cache-size-and-the-drive-letter-designation.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-load-virtual-applications-from-the-desktop-notification-area.md b/mdop/appv-v4/how-to-load-virtual-applications-from-the-desktop-notification-area.md deleted file mode 100644 index c089ce97ab..0000000000 --- a/mdop/appv-v4/how-to-load-virtual-applications-from-the-desktop-notification-area.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: How to Load Virtual Applications from the Desktop Notification Area -description: How to Load Virtual Applications from the Desktop Notification Area -author: dansimp -ms.assetid: f52758eb-8b81-4b3c-9bc3-adcf7c00c238 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Load Virtual Applications from the Desktop Notification Area - - -If you are a mobile user, you might want to fully load your applications in the cache to use them during disconnected operation or offline mode. To stream applications from the Application Virtualization (App-V) Server or the Application Virtualization (App-V) Streaming Server, you must be connected to a server to load applications. If you are not connected to the server when you attempt to load applications, your system will generate an appropriate error message. You can also stream applications to the client from a file or disk. - -The applications are loaded one application at a time. The progress bar shows you the application name, the percentage of application loaded, and the number of applications already processed compared to the total number of the applications queued. You can skip any application in progress before it is 100% loaded. You can skip the loading of all remaining applications as well. - -**Note**   -If your system encounters an error while loading an application, it reports the error to you. You must dismiss the error dialog before it will load the next application. - - - -**To load all applications** - -1. Right-click the Application Virtualization System icon in the notification area. - -2. Select **Load Applications** from the pop-up menu. - -**To skip applications** - -1. Click the progress bar to display the dialog box. - -2. Select one of the following buttons to achieve the desired results: - - 1. **Skip**—To skip the currently loading application. - - 2. **Skip All**—To skip all remaining applications. - - 3. **Continue**—To cancel the dialog box and continue loading applications. - -## Related topics - - -[How to Use the Desktop Notification Area for Application Virtualization Client Management](how-to-use-the-desktop-notification-area-for-application-virtualization-client-management.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-lock-or-unlock-an-application.md b/mdop/appv-v4/how-to-lock-or-unlock-an-application.md deleted file mode 100644 index 1b2b033d69..0000000000 --- a/mdop/appv-v4/how-to-lock-or-unlock-an-application.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: How to Lock or Unlock an Application -description: How to Lock or Unlock an Application -author: dansimp -ms.assetid: 8c65d4fd-f336-447f-8c0a-6d65aec9fd00 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Lock or Unlock an Application - - -You can use the following procedures to lock or unlock any application in the Application Virtualization Desktop Client cache or the Client for Remote Desktop Services (formerly Terminal Services) cache. A locked application cannot be removed from the cache to make room for new applications. To remove a locked application from the Application Virtualization Desktop Client cache or the Client for Remote Desktop Services cache, you must first unlock it. - -**To lock an application** - -1. Move the cursor to the **Results** pane. - -2. Right-click the desired application, and select **Lock** from the pop-up menu. The selected application is locked in the cache. - -**To unlock an application** - -1. Move the cursor to the **Results** pane. - -2. Right-click the desired application, and select **Unlock** from the pop-up menu. The selected application is unlocked in the cache and can be removed. - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-manage-application-groups-in-the-server-management-console.md b/mdop/appv-v4/how-to-manage-application-groups-in-the-server-management-console.md deleted file mode 100644 index a48df6078f..0000000000 --- a/mdop/appv-v4/how-to-manage-application-groups-in-the-server-management-console.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: How to Manage Application Groups in the Server Management Console -description: How to Manage Application Groups in the Server Management Console -author: dansimp -ms.assetid: 46997971-bdc8-4565-aefd-f47e90d6d7a6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Manage Application Groups in the Server Management Console - - -You can display and manage one or more applications in application groups in the Application Virtualization Server Management Console. This can be useful when you want to do the following: - -- Organize many applications into more manageable subgroups. - -- Create groups of applications specific to a department or other company division. - -- Group similar types of applications, such as financial software. - -- Simplify access permissions or license management by group. - -- Change the properties of applications and application groups within a group simultaneously. - -You can create a group, place it where you would like in the console's **Applications** tree, and import applications to the group. Then you can configure and manage the group's properties to affect all of its applications. You can also move applications among groups. - -**Note**   -Moving applications into groups does not affect the locations of their files (SFT, OSD, or SPRJ) on the server's file system. - - - -## In This Section - - -[How to Create an Application Group](how-to-create-an-application-group.md) -Provides step-by-step instructions for creating an application group. - -[How to Move an Application Group](how-to-move-an-application-group.md) -Provides step-by-step instructions for moving an application group. - -[How to Rename an Application Group](how-to-rename-an-application-group.md) -Provides step-by-step instructions for renaming an application group. - -[How to Remove an Application Group](how-to-remove-an-application-group.md) -Provides step-by-step instructions for removing or deleting an application group. - -## Related topics - - -[How to Manage Applications in the Server Management Console](how-to-manage-applications-in-the-server-management-console.md) - -[How to Perform Administrative Tasks in the Application Virtualization Server Management Console](how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-manage-application-licenses-in-the-server-management-console.md b/mdop/appv-v4/how-to-manage-application-licenses-in-the-server-management-console.md deleted file mode 100644 index 89c0f06825..0000000000 --- a/mdop/appv-v4/how-to-manage-application-licenses-in-the-server-management-console.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: How to Manage Application Licenses in the Server Management Console -description: How to Manage Application Licenses in the Server Management Console -author: dansimp -ms.assetid: 48503b04-0de7-48de-98ee-4623a712a341 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Manage Application Licenses in the Server Management Console - - -The Application Virtualization Server Management Console is the interface you use to manage the Application Virtualization platform. From it, you can add, remove, configure, and control application license groups. - -**Important**   -If the App-V client Application Source Root (ASR) setting is configured to use any type of streaming source other than the Management Server, for example a Streaming Server, an IIS server, or a File server, then the Management Server is unable to enforce its licensing policy. - - - -## In This Section - - -[How to Create an Application License Group](how-to-create-an-application-license-group.md) -Provides a procedure for creating a new application in a license group. - -[How to Associate an Application with a License Group](how-to-associate-an-application-with-a-license-group.md) -Provides a procedure for adding an application to a license group. - -[How to Remove an Application from a License Group](how-to-remove-an-application-from-a-license-group.md) -Provides a procedure for removing an application from a license group. - -[How to Remove an Application License Group](how-to-remove-an-application-license-group.md) -This section includes the steps necessary to delete an application license group. - -[How to Set Up an Unlimited License Group](how-to-set-up-an-unlimited-license-group.md) -Provides a procedure for creating a new unlimited license group, allowing an unlimited number of users to access the applications in the group. - -[How to Set Up a Concurrent License Group](how-to-set-up-a-concurrent-license-group.md) -Provides a procedure for creating a new concurrent license group, allowing a specific number of concurrent users to access the applications in the group. - -[How to Set Up a Named License Group](how-to-set-up-a-named-license-group.md) -Provides a procedure for creating a new unlimited license group, allowing specific users to access the applications in the group. - -## Related topics - - -[How to Perform Administrative Tasks in the Application Virtualization Server Management Console](how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-manage-applications-in-the-client-management-console.md b/mdop/appv-v4/how-to-manage-applications-in-the-client-management-console.md deleted file mode 100644 index caa426f56a..0000000000 --- a/mdop/appv-v4/how-to-manage-applications-in-the-client-management-console.md +++ /dev/null @@ -1,58 +0,0 @@ ---- -title: How to Manage Applications in the Client Management Console -description: How to Manage Applications in the Client Management Console -author: dansimp -ms.assetid: 15cb5133-539b-499d-adca-ed02da20194a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Manage Applications in the Client Management Console - - -You can use the Application Virtualization Client Management Console to manage virtual applications in the Application Virtualization Desktop Client or Client for Remote Desktop Services (formerly Terminal Services) cache. In the context of application virtualization, the cache is the area on the client computer reserved to store virtual applications. - -## In This Section - - -[How to Load or Unload an Application](how-to-load-or-unload-an-application.md) -Provides procedures for loading or unloading an application into or from the client cache. - -[How to Clear an Application](how-to-clear-an-application.md) -Provides a procedure you can use to clear the settings, file type associations, and shortcuts from the Application Virtualization Desktop Client or Client for Remote Desktop Services. - -[How to Repair an Application](how-to-repair-an-application.md) -Provides a procedure for repairing an application from the Application Virtualization Desktop Client or Client for Remote Desktop Services. - -[How to Import an Application](how-to-import-an-application.md) -Provides a procedure you can use to add a new application to the Application Virtualization Desktop Client or Client for Remote Desktop Services. - -[How to Lock or Unlock an Application](how-to-lock-or-unlock-an-application.md) -Provides procedures for locking or unlocking an application in the cache. - -[How to Delete an Application](how-to-delete-an-application.md) -Provides a procedure you can use to remove an application from the file system cache. - -[How to Change an Application Icon](how-to-change-an-application-icon.md) -Provides a procedure you can use to change the icon associated with the selected application. - -## Related topics - - -[Application Virtualization Client Management Console](application-virtualization-client-management-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-manage-applications-in-the-server-management-console.md b/mdop/appv-v4/how-to-manage-applications-in-the-server-management-console.md deleted file mode 100644 index bfae14c37b..0000000000 --- a/mdop/appv-v4/how-to-manage-applications-in-the-server-management-console.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: How to Manage Applications in the Server Management Console -description: How to Manage Applications in the Server Management Console -author: dansimp -ms.assetid: 21139a77-9f0f-4787-8173-a7766966ff7f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Manage Applications in the Server Management Console - - -From the Application Virtualization Server Management Console, you can add, remove, configure, and control all applications, for one or multiple Application Virtualization Servers. - -## In This Section - - -[How to Import an Application](how-to-import-an-applicationserver.md) -Provides step-by-step instructions for importing an application by importing the Open Software Descriptor (OSD) or Sequencer Project (SPRJ) file. - -[How to Rename an Application](how-to-rename-an-application.md) -Provides step-by-step instructions for renaming an existing application. - -[How to Delete an Application](how-to-delete-an-application-server.md) -Provides step-by-step instructions for removing or deleting an application. - -[How to Manually Add an Application](how-to-manually-add-an-application.md) -Provides step-by-step instructions for manually adding an application to the servers. - -[How to Move an Application](how-to-move-an-application.md) -Provides step-by-step instructions for moving an application from one application group to another application group. - -[How to Grant Access to an Application](how-to-grant-access-to-an-application.md) -Provides step-by-step instructions for giving users access permission to applications. - -[How to Deny Access to an Application](how-to-deny-access-to-an-application.md) -Provides step-by-step instructions for denying users access permission to applications. - -[How to Change an Application Icon](how-to-change-an-application-iconserver.md) -Provides step-by-step instructions for changing the application icon. - -## Related topics - - -[How to Perform Administrative Tasks in the Application Virtualization Server Management Console](how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-manage-packages-in-the-server-management-console.md b/mdop/appv-v4/how-to-manage-packages-in-the-server-management-console.md deleted file mode 100644 index 920445161f..0000000000 --- a/mdop/appv-v4/how-to-manage-packages-in-the-server-management-console.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: How to Manage Packages in the Server Management Console -description: How to Manage Packages in the Server Management Console -author: dansimp -ms.assetid: d13d3896-8575-4d2a-8bb4-1fe15d79c390 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Manage Packages in the Server Management Console - - -Application Virtualization packages, accessible via the **Packages** node in the Application Virtualization Server Management Console, enable you to control virtual application versions on your Application Virtualization Management Servers. - -## In This Section - - -[How to Add a Package](how-to-add-a-package.md) -Provides a step-by-step procedure for adding a package to the Application Virtualization Server Management Console. - -[How to Add a Package Version](how-to-add-a-package-version.md) -Provides a step-by-step procedure for adding a new version of the package to the Application Virtualization Server Management Console. - -[How to Delete a Package](how-to-delete-a-packageserver.md) -Provides a step-by-step procedure for deleting a package from the Application Virtualization Server Management Console. - -[How to Delete a Package Version](how-to-delete-a-package-version.md) -Provides a step-by-step procedure for deleting a specific version of a package from the Application Virtualization Server Management Console. - -[How to Upgrade a Package](how-to-upgrade-a-package.md) -Provides a step-by-step procedure for upgrading a package version on the Application Virtualization Server Management Console. - -## Related topics - - -[How to Perform Administrative Tasks in the Application Virtualization Server Management Console](how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-manage-reports-in-the-server-management-console.md b/mdop/appv-v4/how-to-manage-reports-in-the-server-management-console.md deleted file mode 100644 index cfd2debb42..0000000000 --- a/mdop/appv-v4/how-to-manage-reports-in-the-server-management-console.md +++ /dev/null @@ -1,70 +0,0 @@ ---- -title: How to Manage Reports in the Server Management Console -description: How to Manage Reports in the Server Management Console -author: dansimp -ms.assetid: 28d99620-6339-43f6-9288-4aa958607c59 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Manage Reports in the Server Management Console - - -To effectively manage the Application Virtualization System, you can use the Application Virtualization Server Management Console to generate a variety of reports that provide information about the system. This information includes daily usage information for a specific application or all applications, and system error tracking. - -**Note**   -- During installation, the installation script installs only the English language version of report viewer. For the report viewer to display the correct information in other languages, it is necessary to install a language pack from the following location: . - -- When you add or edit an application in the Server Management Console, you must make sure that the application names and versions exactly match those in the OSD files. The reporting feature uses the application names and versions data fields when it identifies application usage data on which to report. If the data fields do not match, the usage records will be skipped. - -  - -## In This Section - - -[Application Virtualization Report Types](application-virtualization-report-types.md) -Contains information about the available report types. - -[How to Create a Report](how-to-create-a-reportserver.md) -Provides a step-by-step process for creating a report. - -[How to Run a Report](how-to-run-a-reportserver.md) -Provides a step-by-step process for running a report. - -[How to Print a Report](how-to-print-a-reportserver.md) -Provides a step-by-step process for printing a report. - -[How to Export a Report](how-to-export-a-reportserver.md) -Provides a step-by-step process for exporting a report. - -[How to Delete a Report](how-to-delete-a-reportserver.md) -Provides a step-by-step process for deleting a report. - -## Related topics - - -[Application Utilization Report](application-utilization-reportserver.md) - -[How to Perform Administrative Tasks in the Application Virtualization Server Management Console](how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md) - -[Software Audit Report](software-audit-reportserver.md) - -[System Error Report](system-error-reportserver.md) - -[System Utilization Report](system-utilization-reportserver.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-manage-servers-in-the-server-management-console.md b/mdop/appv-v4/how-to-manage-servers-in-the-server-management-console.md deleted file mode 100644 index 9287af4caa..0000000000 --- a/mdop/appv-v4/how-to-manage-servers-in-the-server-management-console.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: How to Manage Servers in the Server Management Console -description: How to Manage Servers in the Server Management Console -author: dansimp -ms.assetid: 6e851c74-ea86-4fef-bb0c-e690e8e7e7eb -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Manage Servers in the Server Management Console - - -The Application Virtualization Server Management Console is your interface to manage the servers in the Application Virtualization Platform. From it, you can add, configure, and control all the Application Virtualization Management Servers. - -## In This Section - - -[How to Create a Server Group](how-to-create-a-server-group.md) -Provides a procedure for creating server groups, to help you more effectively manage your servers. - -[How to Remove a Server Group](how-to-remove-a-server-group.md) -Provides a procedure for removing server groups from the Application Virtualization System. - -[How to Add a Server](how-to-add-a-server.md) -Provides a procedure for adding servers to a server group. - -[How to Remove a Server](how-to-remove-a-server.md) -Provides a procedure for removing servers from a server group. - -[How to Change the Server Cache Size](how-to-change-the-server-cache-size.md) -Provides a procedure for changing the cache size of a server. - -[How to Change the Server Port](how-to-change-the-server-port.md) -Provides a procedure for changing the server ports. - -## Related topics - - -[How to Perform Administrative Tasks in the Application Virtualization Server Management Console](how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-manage-the-app-v-client-cache-using-performance-counters.md b/mdop/appv-v4/how-to-manage-the-app-v-client-cache-using-performance-counters.md deleted file mode 100644 index b3050789b3..0000000000 --- a/mdop/appv-v4/how-to-manage-the-app-v-client-cache-using-performance-counters.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: How to Manage the App-V Client Cache Using Performance Counters -description: How to Manage the App-V Client Cache Using Performance Counters -author: dansimp -ms.assetid: 49d6c3f2-68b8-4c69-befa-7598a8737d05 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Manage the App-V Client Cache Using Performance Counters - - -You can use the following procedure to determine how much free space is available in the Application Virtualization (App-V) client cache by using Performance Monitor to display the information graphically. This information is captured on the client computer by a performance counter called “App Virt Client Cache,” and it includes the following counters: “Cache size (MB),” “Cache free space (MB),” and “% free space.” - -**To determine client cache space usage** - -1. Open a command prompt as administrator, or click **Start**, **Run**, type **perfmon.exe**, and click **OK**. - -2. Depending on the Windows operating system being used, click the Performance Monitor or System Monitor tool after the MMC window opens. - -3. To add counters, right-click the graph area and select **Add Counters**. - -4. Click the drop-down to display the list of available counters, scroll to find **App Virt Client Cache**, and then add the three counters. - - **Important**   - The App-V performance counters are implemented in a 32-bit DLL, so to see them, you must use the following command to start the 32-bit version of Performance Monitor: **mmc /32 perfmon.msc**. This command must be run directly on the computer being monitored and cannot be used to monitor a remote computer running a 64-bit operating system. - - - -## Related topics - - -[How to Manage Virtual Applications by Using the Command Line](how-to-manage-virtual-applications-by-using-the-command-line.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-manage-virtual-applications-by-using-the-command-line.md b/mdop/appv-v4/how-to-manage-virtual-applications-by-using-the-command-line.md deleted file mode 100644 index c88c2c0a2e..0000000000 --- a/mdop/appv-v4/how-to-manage-virtual-applications-by-using-the-command-line.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: How to Manage Virtual Applications by Using the Command Line -description: How to Manage Virtual Applications by Using the Command Line -author: dansimp -ms.assetid: 88c61c20-5243-4862-83eb-5b30825f8bbf -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Manage Virtual Applications by Using the Command Line - - -This section provides information about using the SFTMIME command-line language to manage applications and packages on computers. - -## In This Section - - -[How to Add a Package by Using the Command Line](how-to-add-a-package-by-using-the-command-line.md) -Describes how to add a package to a specific computer by using SFTMIME. - -[How to Remove a Package by Using the Command Line](how-to-remove-a-package-by-using-the-command-line.md) -Describes how to remove a package from a specific computer by using SFTMIME. - -[How to Delete All Virtual Applications by Using the Command Line](how-to-delete-all-virtual-applications-by-using-the-command-line.md) -Describes how to remove all applications from a specific computer by using SFTMIME. - -[How to Manage the App-V Client Cache Using Performance Counters](how-to-manage-the-app-v-client-cache-using-performance-counters.md) -Describes how to determine free space in the client cache using the performance counters. - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-manage-virtual-applications-manually.md b/mdop/appv-v4/how-to-manage-virtual-applications-manually.md deleted file mode 100644 index 1e5aa136e6..0000000000 --- a/mdop/appv-v4/how-to-manage-virtual-applications-manually.md +++ /dev/null @@ -1,241 +0,0 @@ ---- -title: How to Manage Virtual Applications Manually -description: How to Manage Virtual Applications Manually -author: dansimp -ms.assetid: 583c5255-d3f4-4197-85cd-2a59868d85de -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Manage Virtual Applications Manually - - -You can use the Application Virtualization (App-V) Client Management Console to manage virtual applications in the App-V Desktop Client or the App-V Client for Remote Desktop Services (formerly Terminal Services). App-V administrators can use perform the following tasks: - -## How to Load or Unload an App-V Application - - -You can use the following procedures to load or unload an application from the cache, directly from the **Results** pane of the **Application** node in the Application Virtualization Client Management Console. When you select this node, the **Results** pane displays a list of applications. - -**Note**   -When you load or unload a package, all the applications in the package are loaded into or removed from cache. When loading a package, if you do not have adequate space in cache to load the applications, increase your cache size. For more information about cache size, see [How to Change the Cache Size and the Drive Letter Designation](how-to-change-the-cache-size-and-the-drive-letter-designation.md). - - - -**To load an App-V application** - -1. Move the cursor to the **Results** pane, right-click the desired application, and select **Load** from the pop-up menu. - -2. The application is automatically loaded. The progress is tracked in the column labeled **Package Status**. You must refresh the view to see that the load is complete or to see the progress. - -**To unload an App-V application** - -1. Move the cursor to the **Results** pane, right-click the desired application, and select **Unload** from the pop-up menu. - -2. The application is automatically unloaded, and the **Package Status** column is updated to reflect the change. - -## How to clear an App-V application - - -You can clear an application from the console directly from the **Results** pane of the **Application** node in the Application Virtualization Client Management Console. When you clear an application, the system removes the settings, shortcuts, and file type associations that correspond to the application and also removes the application from the user’s list of applications. - -**Note**   -When you clear an application from the console, you can no longer use that application. However, the application remains in cache and is still available to other users on the same system. After a publishing refresh, the cleared applications will again become available to you. If there are multiple applications in a package, the user's settings are not removed until all of the applications are cleared. - - - -**To clear an application from the console** - -1. Move the cursor to the **Results** pane, right-click the desired application, and select **Clear** from the pop-up menu. - -2. At the confirmation prompt, click **Yes** to remove the application or click **No** to cancel the operation. - -## How to Repair an App-V application - - -To repair a selected application, you can perform the following procedure directly from the **Results** pane of the **Application** node in the Application Virtualization Client Management Console. When you repair an application, you remove any custom user settings and restore the default settings. This action does not change or delete shortcuts or file type associations, and it does not remove the application from cache. - -**To repair an App-V application** - -1. Move the cursor to the **Results** pane. - -2. Right-click the desired application, and select **Repair** from the pop-up menu. - -3. At the confirmation prompt, click **Yes** to repair the application or **No** to cancel. - -## How to import an App-V application - - -You can use the following procedure to import an application into the cache directly from the **Results** pane of the **Application** node in the Application Virtualization Client Management Console. - -**To import an App-V application** - -1. Move the cursor to the **Results** pane, right-click the desired application, and select **Import** from the pop-up menu. - -2. From the **Browse** window, navigate to the location of the package file for the desired application, and then click **OK**. - - **Note**   - If you have already configured an import search path or if the SFT file is in the same path as the last successful import, step 2 is not required. - - - -## How to lock or unlock an App-V application - - -You can use the following procedures to lock or unlock any application in the Application Virtualization Desktop Client cache or the Client for Remote Desktop Services (formerly Terminal Services) cache. A locked application cannot be removed from the cache to make room for new applications. To remove a locked application from the Application Virtualization Desktop Client cache or the Client for Remote Desktop Services cache, you must first unlock it. - -**To lock an application** - -1. Move the cursor to the **Results** pane. - -2. Right-click the desired application, and select **Lock** from the pop-up menu. The selected application is locked in the cache. - -**To unlock an application** - -1. Move the cursor to the **Results** pane. - -2. Right-click the desired application, and select **Unlock** from the pop-up menu. The selected application is unlocked in the cache and can be removed. - -## How to delete an App-V application - - -When you select the **Application** node in the Application Virtualization Client Management Console, the **Results** pane displays a list of applications. You can use the following procedure to delete an application from the **Results** pane, which also removes the application from the cache. - -**Note**   -When you delete an application, the selected application will no longer be available to any users on that client. Shortcuts and file type associations are hidden, and the application is deleted from cache. However, if another application refers to data in the file system cache data for the selected application, these items will not be deleted. - -After a publishing refresh, the deleted applications will again become available to you. - - - -**To delete an application** - -1. Move the cursor to the **Results** pane, right-click the desired application, and select **Delete** from the pop-up menu. - -2. At the confirmation prompt, click **Yes** to remove the application or click **No** to cancel the operation. - -## How to change an App-V application icon - - -You can use the following procedure to change an icon associated with the selected application directly from the **Results** pane of the **Application** node in the Application Virtualization Client Management Console. - -**To change an application icon** - -1. Move the cursor to the **Results** pane, and right-click the desired application. - -2. Select **Properties**. - -3. On the **General** tab, click **Change Icon**. - -4. Select the desired icon, or browse to another location to select the icon. After you've selected the icon, click **OK**. The new icon appears in the **Results** pane. - -## How to add an App-V application - - -You can use the following procedure to add an application directly from the **Results** pane of the **Application** node in the Application Virtualization Client Management Console. - -**To add an application** - -1. In the **Results** pane, right-click and select **New Application** from the pop-up menu. - -2. On the wizard page, you can perform the following tasks: - - 1. **Change Icon**—Displays a standard Windows icon browser. Browse to and select the desired icon. - - 2. **OSD File Path or URL**—Enter a local absolute path, a full UNC path (shared file or directory on a network), or an HTTP URL. - - 3. **(OSD browse button)**—Displays the standard Windows **Open File** dialog box. Browse to find the desired file. - -3. Click **Finish** to add the application to the **Results** pane. - -## How to publish an App-V application shortcut - - -You can use the following procedure to publish shortcuts to an application directly from the **Results** pane of the **Application** node in the Application Virtualization Client Management Console. - -**To publish application shortcuts** - -1. Move the cursor to the **Results** pane, right-click the desired application, and select **New Shortcut** from the pop-up menu to display the New Shortcut Wizard. - -2. On the first page of the New Shortcut Wizard, select an icon and specify a name for the shortcut. - - 1. **Change Icon**—Displays a standard Windows icon browser. Browse to and select the desired icon. - - 2. **Shortcut Title**—Enter the name you want to give the shortcut. This field defaults to the existing name and version of the application. - -3. On the second page of the wizard, determine the location of the published shortcut. - - 1. **The Desktop**—Select this check box to publish the shortcut to the desktop. - - 2. **The Quick Launch Toolbar**—Select this check box to publish the shortcut to the Quick Launch toolbar. - - 3. **The Send To Menu**—Select this check box to publish the shortcut to the **Send To** menu. - - 4. **Programs in the Start Menu**—When you select the **Start Menu** check box, this field becomes active. Leave this field blank to publish the shortcut directly to the root of the Programs folder, or enter a folder name or hierarchy—for example, "My\_Computer\\Office Applications." Shortcuts created this way are available only for the current user. - - 5. **Another location** and **Browse** button—When you select the **Another location** check box, this field becomes active. Enter any valid location on the computer or any available UNC path (shared file or directory on a network). The **Browse** button displays a standard Windows **File Open** dialog box. - -4. On the third page of the wizard, enter desired command-line parameters. - -5. Click **Finish** to publish the shortcuts and exit to the **Results** pane. - -## How to add a file type association for an App-V application - - -You can use the following procedure to add a file type association, using the **File Type Associations** node in the Application Virtualization Client Management Console. - -**To add a file type association** - -1. Right-click the **File Type Associations** node, and select **New Association** from the pop-up menu. - -2. Complete the first step of the dialog box by completing the following information, and then click **Next**: - - 1. **Extension**—Enter a new file name extension. This field is blank by default. - - 2. **Create a new file type with this description**—Select this radio button to enter a new file type description in the active field. This button is selected by default, and the active field is blank. - - 3. **Apply this file type to all users**—Select this check box when you want this association to be global for all users. By default, this box is cleared. - - 4. **Link this extension with an existing file type**—Select this radio button to associate the extension with an existing file type. Pick a file type from the drop-down list. When you choose this option, **Next** is changed to **Finish**. - -3. Complete the second step of the dialog box by completing the following information, and then click **Finish** to return to the Client Management Console: - - 1. **Change Icon**—Click this button to change the application icon. Select one of the available icons, or browse to a new location and select an icon. - - 2. **Open files with the selected application**—Select this radio button to open the file with an existing application. Choose an application from the drop-down list of available applications. - - 3. **Open file with the association described in this OSD file**—Select this radio button to specify an Open Software Descriptor (OSD) file that determines the application used to open the file. Use the browse button to select an existing location, or enter a path or HTTP-formatted URL in this field. - -## How to delete a file type association for an App-V application - - -You can use the following procedure to delete a file type association. The **File Type Associations** node is one level below the **Application Virtualization** node in the **Scope** pane. When you select this node, the **Results** pane displays a list of file type associations. - -**To remove a file type association** - -1. In the **Results** pane, right-click the extension of the file type association you want to delete. - -2. Select **Delete** from the pop-up menu. - -3. Click **Yes** to delete the association, or click **No** to return to the **Results** pane. - -## Related topics - - -[Application Virtualization Client](application-virtualization-client.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-manage-virtual-applications-using-the-command-line.md b/mdop/appv-v4/how-to-manage-virtual-applications-using-the-command-line.md deleted file mode 100644 index 49b1512034..0000000000 --- a/mdop/appv-v4/how-to-manage-virtual-applications-using-the-command-line.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: How to Manage Virtual Applications Using the Command Line -description: How to Manage Virtual Applications Using the Command Line -author: dansimp -ms.assetid: 9394f34d-2b1e-4ea7-bf6f-1f56101ab4de -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Manage Virtual Applications Using the Command Line - - -Click any of the following links for more information about managing virtual applications using the command line. - -## In This Section - - -[How to Open a Sequenced Application Using the Command Line](how-to-open-a-sequenced-application-using-the-command-line.md) -Specifies how to open a virtual application using the command line. - -[How to Upgrade a Sequenced Application Package Using the Command Line](how-to-upgrade-a-sequenced-application-package-using-the-command-line.md) -Specifies how to sequence a virtual application using the command line. - -[How to Upgrade a Package Using the Open Package Command](how-to-upgrade-a-package-using-the-open-package-command.md) -Specifies how to upgrade a virtual application package using the command line. - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-manually-add-an-application.md b/mdop/appv-v4/how-to-manually-add-an-application.md deleted file mode 100644 index b503780e0d..0000000000 --- a/mdop/appv-v4/how-to-manually-add-an-application.md +++ /dev/null @@ -1,74 +0,0 @@ ---- -title: How to Manually Add an Application -description: How to Manually Add an Application -author: dansimp -ms.assetid: c635b07a-5c7f-4ab2-ba18-366457146cb9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Manually Add an Application - - -When adding an application to the Application Virtualization Management Server, it is recommended that you import it. You can add an application manually, but you must provide the precise, detailed information about the application called for in this section. - -**To manually add a new application** - -1. In the left pane, right-click the **Applications** node and choose **New Application**. - -2. In the **New Application Wizard**, complete the **General Information** dialog box: - - 1. **Application Name**—Type the name you want the users to see. - - 2. **Version**—Type the application version. - - 3. **Enabled**—This box must be selected to stream the application after you create it. - - 4. **Description**—Type an optional description for administrative use. - - 5. **OSD Path**—Browse the network to the application's Open Software Descriptor (OSD) file. This file must be in a shared network folder. - - 6. **Icon Path**—Browse to the application's ICO file. - - 7. **Application License Group**—If you have set up license groups, you can assign the application to one by selecting it in the pull-down list. - - 8. **Server Group**—If you have multiple Application Virtualization Servers, you can assign the application to one by selecting it in the pull-down list. - -3. Click **Next**. - -4. In the **Select Package** dialog box, select the related package and click **Next**. - -5. On the **Published Shortcuts** screen, select the boxes for the locations where you would like the application shortcuts to appear on the client computers and click **Next**. - -6. In the **File Associations** screen, you can add new type file associations to this application. To do so, click **Add**, enter the extension (without a preceding dot), enter a description, and click **OK**. - -7. Click **Next**. - -8. In the **Access Permissions** dialog box, click **Add**. - -9. In the **Add/Edit User Group** dialog box, navigate to the user group. You can also enter the domain and group by typing the information in the respective fields. When you finish, click **OK**. You can add other groups with the same pages. - -10. Click **Next**. - -11. On the **Summary** screen, you can review the import settings. Click **Finish** to add the application, click **Back** to change the information, or click **Cancel**. - -## Related topics - - -[How to Manage Applications in the Server Management Console](how-to-manage-applications-in-the-server-management-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-manually-install-the-application-virtualization-client.md b/mdop/appv-v4/how-to-manually-install-the-application-virtualization-client.md deleted file mode 100644 index 3df7f2a0ee..0000000000 --- a/mdop/appv-v4/how-to-manually-install-the-application-virtualization-client.md +++ /dev/null @@ -1,131 +0,0 @@ ---- -title: How to Manually Install the Application Virtualization Client -description: How to Manually Install the Application Virtualization Client -author: dansimp -ms.assetid: bb67f70b-d525-4317-b254-e4f084c717ab -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - -# How to Manually Install the Application Virtualization Client - -There are two types of Application Virtualization Client components: the Application Virtualization Desktop Client, which is designed for installation on desktop computers, and the Application Virtualization Client for Remote Desktop Services (formerly Terminal Services), which you can install on Remote Desktop Session Host (RD Session Host) servers . Although the two client installer programs are different, you can use the following procedure to manually install either the Application Virtualization Desktop Client on a single desktop computer or the Application Virtualization Client for Remote Desktop Services on a single RD Session Host server. In a production environment, you most likely will install the Application Virtualization Desktop Client on multiple desktop computers with an automated scripted installation process. For information about how to install multiple clients by using a scripted installation process, see [How to Install the Client by Using the Command Line](how-to-install-the-client-by-using-the-command-line-new.md). - -**Note** -1. If you are installing the Application Virtualization Client for Remote Desktop Services software on a RD Session Host server, advise users who have an open RDP or ICA client session with the RD Session Host server that they must save their work and close their sessions. In a Remote Desktop session, you can install the client the client manually. For more information about upgrading the client, see [How to Upgrade the Application Virtualization Client](how-to-upgrade-the-application-virtualization-client.md). - -2. If you have any configuration on the user’s computer that depends on the client install path, note that the Application Virtualization (App-V) 4.5 client uses a different install folder than previous versions. By default, a new install of the Application Virtualization (App-V) 4.5 client will install to the \\Program Files\\Microsoft Application Virtualization Client folder. If an earlier version of the client is already installed, installing the App-V client will perform an upgrade into the existing installation folder. - -**Note** -For App-V version 4.6 and later, when the App-V client is installed, SFTLDR.DLL is installed in the Windows\\system32 directory. If the App-V client is installed on a 64-bit system, SFTLDR\_WOW64.DLL is installed in the Windows\\SysWOW64 directory. - -**To manually install Application Virtualization Desktop Client** - -1. After you have obtained the correct installer archive file and saved it to your computer, make sure you are logged on with an account having administrator rights on the computer and double-click the file to expand the archive. - -2. Choose the folder in which to save the files, and then open the folder after the files have been copied to it. - -3. Review the Release Notes if appropriate. - -4. Browse to find the setup.exe file, and double-click setup.exe to start the installation. - -5. The wizard checks the system to ensure that all prerequisite software is installed, and if any of the following are missing, the wizard will automatically prompt you to install them: - - - Microsoft Visual C++ 2005 SP1 Redistributable Package (x86) - - - Microsoft Core XML Services (MSXML) 6.0 SP1 (x86) - - - Microsoft Application Error Reporting - - **Note** - For App-V version 4.6 and later, the wizard will also install Microsoft Visual C++ 2008 SP1 Redistributable Package (x86). - - For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see [https://go.microsoft.com/fwlink/?LinkId=150700](https://go.microsoft.com/fwlink/?LinkId=150700). - - If prompted, click **Install**. Installation progress is displayed, and the status changes from **Pending** to **Installing**. Installation status changes to **Succeeded** as each step is completed successfully. - -6. When the **Microsoft Application Virtualization Desktop Client – InstallShield Wizard** is displayed, click **Next**. - -7. The **License Agreement** screen is displayed. Read the license agreement, and if you agree, click **I accept the terms in the license agreement** and then click **Next**. - - Optionally, you can click the button to read the Privacy Statement. You must be connected to the Internet to access the Privacy Statement. - -8. On the **Setup Type** screen, select the setup type. Click **Typical** to use the default program values, or click **Custom** if you want to configure the program settings during installation. - -9. If you choose **Typical**, the next screen displays **Ready to Install the Program**. Click **Install** to begin the installation. - -10. If you choose **Custom**, the **Destination Folder** screen appears. - -11. On the **Destination Folder** screen, click **Next** to accept the default folder or click **Change** to display the **Change Current Destination Folder** screen. Browse to or, in the **Folder Name** field, enter the destination folder, click **OK**, and then click **Next**. - -12. On the **Application Virtualization Data Location** screen, click **Next** to accept the default data locations or complete the following actions to change where the data is stored: - - 1. Click **Change**, and then browse to or, in the **Global Data Location** field, enter the destination folder for the global data location, and click **OK**. The Global Data Directory is where the Application Virtualization Desktop Client caches data shared by all users on the computer, like OSD files and SFT file data. - - 2. If you want to change the drive letter to be used, select the preferred drive letter from the drop-down list. - - 3. Enter a new path to store the user-specific data in the **User-specific Data Location** field if you want to change the data location. The User Data Directory is where the Application Virtualization Desktop Client stores user-specific information, like personal settings for virtualized applications. - - **Note** - This path must be different for every user, so it should include a user-specific environment variable or a mapped drive or something else that will resolve to a unique path for each user. - - 4. When you have finished making the changes, click **Next**. - -13. On the **Cache Size Settings** screen, you can accept or change the default cache size. Click one of the following radio buttons to choose how to manage the cache space: - - 1. **Use maximum cache size**. Enter a numeric value from 100–1,048,576 (1 TB) in the **Maximum size (MB)** field to specify the maximum size of the cache. - - 2. **Use free disk space threshold**. Enter a numeric value to specify the amount of free disk space, in MB, that the Application Virtualization Client must leave available on the disk. This allows the cache to grow until the amount of free disk space reaches this limit. The value shown in **Free disk space remaining** indicates how much disk space is currently unused. - - **Important** - To ensure that the cache has sufficient space allocated for all packages that might be deployed, use the **Use free disk space threshold** setting when you configure the client so that the cache can grow as needed. Alternatively, determine in advance how much disk space will be needed for the App-V cache, and at installation time, set the cache size accordingly. For more information about the cache space management feature, in the Microsoft Application Virtualization (App-V) Operations Guide, see **How to Use the Cache Space Management Feature**. - - Click **Next** to continue. - -14. In the following sections of the **Runtime Package Policy Configuration** screen, you can change the parameters that affect how the Application Virtualization client behaves during runtime: - - 1. **Application Source Root**. Specifies the location of SFT files. If used, overrides the protocol, server, and port portions of the CODEBASE HREF URL in the OSD file. - - 2. **Application Authorization**. When **Require User authorization even when cached** is checked, users are required to connect to a server and validate their credentials at least once before they are allowed to start each virtual application. - - 3. **Allow streaming from file**. Indicates whether streaming from file will be enabled, regardless of how the **Application Source Root** field is used. If not checked, streaming from files is disabled. This must be checked if **Application Source Root** contains a UNC path in the form \\\\server\\share. - - 4. **Automatically Load Application**. Controls when and how automatic background loading of applications occurs. - - **Note** - When you install the App-V client to use with a read-only cache, for example, with a VDI server implementation, set **What applications to Auto Load** to **Do not automatically load applications** to prevent the client from trying to update applications in the read-only cache. - - Click **Next** to continue. - -15. On the **Publishing Server** screen, select the **Set up a Publishing Server now** check box if you want to define a publishing server, or click **Next** if you want to complete this later. To define a publishing server, specify the following information: - - 1. **Display Name**—Enter the name you want to display for the server. - - 2. **Type**—Select the server type from the drop-down list of server types. - - 3. **Host Name** and **Port**—Enter the host name and the port in the corresponding fields. When you select a server type in the drop-down list, the port field will automatically fill with the standard port numbers. To change a port number, click the server type in the list and change the port number according to your needs. - - 4. **Path**—If you have selected either **Standard HTTP Server** or **Enhanced Security HTTP Server**, you must enter the complete path to the XML file containing publishing data in this field. If you select either **Application Virtualization Server** or **Enhanced Security Application Virtualization Server**, this field is not active. - - 5. **Automatically contact this server to update settings when a user logs in**—Select this check box if you want this server to be queried automatically when users log in to their account on the Application Virtualization Client. - - 6. When finished with the configuration steps, click **Next**. - -16. On the **Ready to Install the Program** screen, click **Install**. A screen is displayed that shows the progress of the installation. - -17. On the **Install Wizard Completed** screen, click **Finish**. - - **Note** - If the installation fails for any reason, you might need to restart the computer before trying the install again. - -## Related topics - -[How to Install the Client by Using the Command Line](how-to-install-the-client-by-using-the-command-line-new.md) - -[Stand-Alone Delivery Scenario Overview](stand-alone-delivery-scenario-overview.md) diff --git a/mdop/appv-v4/how-to-manually-manage-applications-in-the-client-management-console.md b/mdop/appv-v4/how-to-manually-manage-applications-in-the-client-management-console.md deleted file mode 100644 index 4302487ce2..0000000000 --- a/mdop/appv-v4/how-to-manually-manage-applications-in-the-client-management-console.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: How to Manually Manage Applications in the Client Management Console -description: How to Manually Manage Applications in the Client Management Console -author: dansimp -ms.assetid: e29caa22-325d-457b-a177-a11f8a8ad57c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Manually Manage Applications in the Client Management Console - - -This section provides procedures for using the Application Virtualization Client Management Console to manually manage your virtual applications. - -## In This Section - - -[How to Add an Application](how-to-add-an-application.md) -Provides a procedure you can use to add an application to the cache directly from the Application Virtualization Client Management Console. - -[How to Publish Application Shortcuts](how-to-publish-application-shortcuts.md) -Provides a procedure you can use to publish application shortcuts to the desktop, menus, and tool bar directly from the Application Virtualization Client Management Console. - -[How to Add a File Type Association](how-to-add-a-file-type-association.md) -Provides a procedure you can use to add a file type association to an application. - -[How to Delete a File Type Association](how-to-delete-a-file-type-association.md) -Provides a procedure you can use to delete a file type association. - -## Related topics - - -[Application Virtualization Client Management Console](application-virtualization-client-management-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-migrate-the-app-v-sql-database-to-a-different-sql-server.md b/mdop/appv-v4/how-to-migrate-the-app-v-sql-database-to-a-different-sql-server.md deleted file mode 100644 index f4e1e2a14e..0000000000 --- a/mdop/appv-v4/how-to-migrate-the-app-v-sql-database-to-a-different-sql-server.md +++ /dev/null @@ -1,120 +0,0 @@ ---- -title: How to Migrate the App-V SQL Database to a Different SQL Server -description: How to Migrate the App-V SQL Database to a Different SQL Server -author: dansimp -ms.assetid: 353892a1-9327-4489-a19c-4ec7bd1b736f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Migrate the App-V SQL Database to a Different SQL Server - - -The following procedures describe in detail how to migrate the SQL database of the Microsoft Application Virtualization (App-V) Management Server to a different SQL Server. - -**Important**   -This procedure requires that the App-V server service is stopped and this will prevent end-users from using their applications. - - - -**To back up the App-V SQL database** - -1. Open the Services.msc program and stop the App-V Management Server service on all Management Servers that use the database to be migrated. - -2. On the computer where the App-V database is located, open SQL Server Management Studio. - -3. Expand the **Databases** node and locate the App-V database (default name is APPVIRT). - -4. Right-click the database and select **Tasks** and then select **Back Up**. - -5. Verify that **Recovery model** is set to **SIMPLE** and the **Backup type** is set to **Full**. Change the **Backup set** and **Destination** settings if it is necessary. - -6. Click **OK** to back up the database. After the backup has completed successfully, click **OK**. - -7. Open Windows Explorer and browse to the folder that contains the database backup file, for example APPVIRT.BAK. Copy the database backup file to the destination computer that is running SQL Server. - -**To restore the App-V SQL database to the destination computer** - -1. On the destination computer, open SQL Server Management Studio, right-click the **Databases** node and select **Restore Database**. - -2. Under **Source for Restore**, choose **From device** and then click the “**…**” button. - -3. In the **Specify Backup** dialog box, make sure that the **Backup Media** is set to **File** and then click **Add**. - -4. Select the backup file that you copied from the original computer that is running SQL Server, and then click **OK**. - -5. Click **OK** and then click to select the backup set to restore. - -6. Under **Destination for restore**, click the drop-down for **To database** and select the App-V database name, for example APPVIRT. - -7. Click **OK** to start the restore. After the restore has completed successfully, click **OK**. - -8. Expand the **Security** node, right-click **Logins** and select **New Login**. - -9. In the **Login Name** field, enter the Network Service account details for the App-V Management Server in the format of DOMAIN\\SERVERNAME$. - -10. On the **General** page under **Default database** select the App-V database name, for example, APPVIRT, and then click **OK**. - -11. Under **Select a page**, click to select the **User Mapping** page. Under **Users mapped to this login**, click the check box in the **Map** column to select the App-V database. - -12. Under **Database role membership for: <appvdatabasename>**, click to select **SFTEveryone** and then click **OK**. - -13. Make sure that the Windows Firewall on the new computer that is running SQL Server is configured to allow the App-V Management Server to access the system. Under **Administrative Tools**, use the **Windows Firewall with Advanced Security** program to create an **Inbound Rule** for the port that is used by SQL Server (default is port 1433). - -**To migrate the App-V SQL Server Agent jobs** - -1. On the original computer that is running SQL Server, in SQL Server Management Studio, expand the **SQL Server Agent** node, and then expand the **Jobs** node. - -2. Right-click the following four App-V jobs and select **Script Job as | CREATE to | File**, and save each script to a folder and give each script a descriptive name. - - - **Softgrid Database (appvdbname) Check Usage History** - - - **Softgrid Database (appvdbname) Close Orphaned Sessions** - - - **Softgrid Database (appvdbname) Enforce Size Limit** - - - **Softgrid Database (appvdbname) Monitor Alert/Job Status** - -3. Copy the four script files (.sql) to the destination computer that is running SQL Server and open SQL Server Management Studio. - -4. In Windows Explorer, right-click each .sql file and then click **Run**. Each script will open in a query window in SQL Server Management Studio. Click **Execute** for each script and verify that each is completed successfully. - -5. Refresh the **Jobs** node under the **SQL Server Agent** node and confirm that the four jobs are created successfully. - -**To update the configuration of the App-V Management Server** - -1. On the App-V Management Server, modify the following registry keys: - - - **SQLServerName** = <newservername> - - - **SQLServerPort** = <newserverport> - - Then restart the App-V server service. - -2. Browse to find the file SftMgmt.udl under the App-V Management Server installation directory (default is C:\\Program Files\\Microsoft System Center App Virt Management Server\\App Virt Management Service). Right-click the file and select **Open**. - -3. On the **Connection** tab, enter the name of the destination computer that is running SQL Server, and then click **Test Connection**. When the test is successful, click **OK** and then click **OK** again. - -4. For App-V Management Server versions before 4.5 SP2, you must update the SQL Logging settings. Under **Server Groups**, right-click the server group the server is a member of and select **Properties**. - -5. On the **Logging** tab click to select the **SQL Database** entry and then click **Edit**. - -6. Change the **DNS Host Name** to the host name of the new computer that is running SQL Server and then click **OK**. Click **OK** two times more, and then restart the App-V server service. - -7. Open the App-V Management Console, right-click the **Applications** node and select **Refresh**. The list of applications should be displayed as before. - - - - - - - - - diff --git a/mdop/appv-v4/how-to-modify-a-virtual-application-package--app-v-46-.md b/mdop/appv-v4/how-to-modify-a-virtual-application-package--app-v-46-.md deleted file mode 100644 index 98641cae37..0000000000 --- a/mdop/appv-v4/how-to-modify-a-virtual-application-package--app-v-46-.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: How to Modify a Virtual Application Package (App-V 4.6) -description: How to Modify a Virtual Application Package (App-V 4.6) -author: dansimp -ms.assetid: 346ec470-3822-48a7-95e7-61f46eb38dc2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Modify a Virtual Application Package (App-V 4.6) - - -The following procedure uses the Application Virtualization (App-V) Sequencer to edit the properties associated with an existing virtual application package. - -**To modify a virtual application package** - -1. To start the App-V Sequencer Console, on the computer running the Sequencer, select **Start** / **Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. - -2. In the Sequencer console select **Edit a Package**. In the **Open** dialog box, locate and select the package you want to modify. - -3. Modify the application package. For more information about what properties can be modified, see [How to Determine Whether to Edit or Upgrade a Virtual Application Package](how-to-determine-whether-to-edit-or-upgrade-a-virtual-application-package.md). - -4. To save the modifications to the package, select **File** / **Save**. - -## Related topics - - -[How to Upgrade a Virtual Application Package (App-V 4.6)](how-to-upgrade-a-virtual-application-package--app-v-46-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-modify-an-existing-virtual-application-package--app-v-46-sp1-.md b/mdop/appv-v4/how-to-modify-an-existing-virtual-application-package--app-v-46-sp1-.md deleted file mode 100644 index 9ef7b06355..0000000000 --- a/mdop/appv-v4/how-to-modify-an-existing-virtual-application-package--app-v-46-sp1-.md +++ /dev/null @@ -1,174 +0,0 @@ ---- -title: How to Modify an Existing Virtual Application Package (App-V 4.6 SP1) -description: How to Modify an Existing Virtual Application Package (App-V 4.6 SP1) -author: dansimp -ms.assetid: f43a9927-4325-4b2d-829f-3068e4e84349 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Modify an Existing Virtual Application Package (App-V 4.6 SP1) - - -Use the following procedures to modify an existing virtual application package. You can use these procedures to: - -- Update an application that is part of an existing virtual application package. To perform this task, use the procedure **"To update an application in an existing application package"** in this document. - -- Modify the properties associated with an existing virtual application package. To perform this task, use the procedure **"To modify the properties associated with an existing virtual application package"** in this document. - -- Add a new application to an existing virtual application package. To perform this task, use the procedure **"To add a new application to an existing virtual application package"** in this document. - -You must have the App-V Sequencer installed to modify a virtual application package. For more information about installing the App-V Sequencer, see [How to Install the Sequencer (App-V 4.6 SP1)](how-to-install-the-sequencer---app-v-46-sp1-.md). - -**To update an application in an existing virtual application package** - -1. To start the App-V Sequencer, on the computer that is running the App-V Sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. - -2. In the App-V Sequencer, click **Modify an Existing Virtual Application Package**, and then click **Next**. - -3. On the **Select Task** page, click **Update Application in Existing Package**, and then click **Next**. - -4. On the **Select Package** page, click **Browse** to locate the virtual application package that contains the application that you want to update, and then click **Next**. - -5. On the **Prepare Computer** page, review the issues that could cause the application update to fail, or for the application update to contain unnecessary data. We strongly recommend that you resolve all potential issues before you continue. After you have fixed the conflicts, to update the information that is displayed, click **Refresh**. After you have resolved all potential issues, click **Next**. - - **Important**   - If you are required to disable virus scanning software, scan the computer running the sequencer to ensure that no unwanted or malicious files are added to the package. - - - -6. On the **Select Installer** page, click **Browse** and specify the update installation file for the application. If the update does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**. - -7. On the **Installation** page, when the sequencer and application installer are ready, install the application update so the sequencer can monitor the installation process. If additional installation files must be run as part of the installation, click **Run** and locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**. Click **Next**. - - **Note**   - The sequencer monitors all changes and installations to the computer running the sequencer, including the changes and installations that are performed outside of the sequencing wizard. - - - -8. On the **Installation Report** page, you can review information about the virtual application you just updated. For a more detailed explanation about the information displayed in **Additional Information**, double-click the event. After you have reviewed the information, click **Next**. - -9. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all the applications to run. After all applications have run, close each of the applications, and then click **Next**. - - **Note**   - If you want to stop an application from loading during this step, in the **Application Launch** dialog box, click **Stop**, and then click one of the following options, **Stop all applications** or **Stop this application only**, depending on what you want. - - - -10. On the **Create Package** page, to modify the package without saving it, select the **Continue to modify package without saving using the package editor** check box. When you select this option, the package in the Sequencer console opens so that you can modify the package before it is saved. Click **Next**. - - To save the package immediately, select the default **Save the package now**. Add optional **Comments** that will be associated with the package. Comments are useful for identifying version and other information about the package. The default **Save Location** is also displayed. To change the default location, click **Browse** and specify the new location. The uncompressed package size is displayed. If the package size exceeds 4 GB (uncompressed) and you plan to stream the package to target computers, you must select **Compress Package**, and then click **Create**. - -11. On the **Completion** page, click **Close** to close the wizard. The package is now available in the sequencer. - -**To modify the properties associated with an existing virtual application package** - -1. To start the App-V Sequencer, on the computer that is running the App-V Sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. - -2. In the App-V Sequencer, click **Modify an Existing Virtual Application Package**, and then click **Next**. - -3. On the **Select Task** page, click **Edit Package**, and then click **Next**. - -4. On the **Select Package** page, click **Browse** to locate the virtual application package that contains the application properties that you want to modify, and then click **Edit**. - -5. In the Sequencer console, you can perform any of the following tasks: - - - View package properties. - - - View package change history. - - - View associated package files. - - - Edit registry settings. - - - Review additional package settings (except operating system file properties). - - - Create an associated Windows Installer (MSI). - - - Modify OSD file. - - - Compress and uncompress package. - - - Add file type associations. - - - Set virtualized registry key state (override or merge). - - - Set virtualized folder state. - - - Edit virtual file system mappings. - -6. When you have finished modifying the package properties, click **File** / **Save** to save the package,. - -**To add a new application to an existing virtual application package** - -1. To start the App-V Sequencer, on the computer that is running the App-V Sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. - -2. In the App-V Sequencer, click **Modify an Existing Virtual Application Package**, and then click **Next**. - -3. On the **Select Task** page, click **Add New Application**, and then click **Next**. - -4. On the **Select Package** page, click **Browse** to locate the virtual application package that you want to add the application to, and then click **Next**. - -5. On the **Prepare Computer** page, review the issues that could cause the package creation to fail, or for the update to contain unnecessary data. We strongly recommend that you resolve all potential issues before you continue. After you have fixed the conflicts, to update the information that is displayed, click **Refresh**. After you have resolved all potential issues, click **Next**. - - **Important**   - If you are required to disable virus scanning software, scan the computer running the sequencer to ensure that no unwanted or malicious files can be added to the package. - - - -6. On the **Select Installer** page, click **Browse** and specify the installation file for the application. If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**. - -7. On the **Installation** page, when the sequencer and application installer are ready, install the application so the sequencer can monitor the installation process. If additional installation files must be run as part of the installation, click **Run**, and locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**. Click **Next**. In the **Browse for Folder** dialog box, specify the primary directory where the application will be installed. This should be a new location so that you do not overwrite the existing version of the virtual application package. - - **Note**   - All changes and installations to the computer running the sequencer are monitored by the sequencer, including the changes and installations that are performed outside of the sequencing wizard. - - - -8. On the **Configure Software** page, optionally run the programs contained in the package. This step helps complete any associated license or configuration tasks that are required to run the application before you deploy and run the package on target computers. To run all the programs at the same time, select at least one program, and then click **Run All**. To run specific programs, select the program or programs you want to run, and then click **Run Selected**. Complete the required configuration tasks and then close the applications. It can take several minutes for all programs to run. Click **Next**. - -9. On the **Installation Report** page, you can review information about the virtual application you just updated. For a more detailed explanation about the information displayed in **Additional Information**, double-click the event. After you have reviewed the information, click **Next**. - -10. On the **Customize** page, if you are finished installing and configuring the virtual application, select **Stop now** and skip to step 14 of this procedure. If you want to customize any of the items in the following list, click **Customize**. - - - Edit the file type associations associated with an application. - - - Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers. - - Click **Next**. - -11. On the **Edit Shortcuts** page, you can optionally configure the file type associations (FTA) that will be associated with the various applications in the package. To create a new FTA, select and expand the application that you want to customize in the left pane, and then click **Add**. In the **Add File Type Association** dialog box, provide the necessary information for the new FTA. To review the shortcut information associated with an application, under the application, select the **Shortcuts** check box, and in the **Location** pane, you can review the icon file information. To edit an existing FTA, click **Edit**. To remove an FTA, select the FTA, and then click **Remove**. Click **Next**. - -12. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all the applications to run. After all applications have run, close each of the applications, and then click **Next**. - - **Note**   - If you want to stop an application from loading during this step, in the **Application Launch** dialog box, click **Stop** and select either the **Stop all applications** or the **Stop this application only** check box, depending on what you want. - - - -13. On the **Create Package** page, select the **Continue to modify package without saving using the package editor** check box, to modify the package without saving it. When you select this option, the package in the sequencer console opens so that you can modify the package before it is saved. Click **Next**. - - Select the default **Save the package now**, to save the package immediately. Add optional **Comments** that will be associated with the package. Comments are useful for identifying version and other information about the package. The default **Save Location** is also displayed. To change the default location, click **Browse** and specify the new location. The uncompressed package size is displayed. If the package size exceeds 4 GB (uncompressed) and you plan to stream the package to target computers, you must select **Compress Package**. Click **Create**. - -14. On the **Completion** page, click **Close**. The package is now available in the sequencer. - -## Related topics - - -[Tasks for the Application Virtualization Sequencer (App-V 4.6 SP1)](tasks-for-the-application-virtualization-sequencer--app-v-46-sp1-.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-modify-attributes-of-embedded-services.md b/mdop/appv-v4/how-to-modify-attributes-of-embedded-services.md deleted file mode 100644 index 98cb2e695d..0000000000 --- a/mdop/appv-v4/how-to-modify-attributes-of-embedded-services.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: How to Modify Attributes of Embedded Services -description: How to Modify Attributes of Embedded Services -author: dansimp -ms.assetid: b4057d3f-2e8f-4b1f-9ed5-b65f3da8631a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Modify Attributes of Embedded Services - - -After you sequence an application but before you save it, you can use the following procedure to manually modify the sequenced application package. - -**To remove an embedded service** - -1. Click the **Virtual Services** tab. - -2. Right-click the service you want to remove, and select **Remove**. - -3. In the **Sequencer** dialog box, click **Yes**. - -**To modify the properties of an embedded service** - -1. Click the **Virtual Services** tab. - -2. Right-click the service whose properties you want to modify, and select **Properties**. - -3. In the **Office Source Engine Properties** dialog box, complete the following tasks: - - 1. In the **Display Name** text box, type the name of the service. - - 2. In the **Description** text box, type a description of the service. - - 3. In the **Path to Executable** text box, enter the path to the executable file. - - 4. From the **Startup Type** drop down list, select how the service is to start up—manually, automatically, or not. - - 5. Click **OK**. - -## Related topics - - -[About the Virtual Services Tab](about-the-virtual-services-tab.md) - -[Sequencer Console](sequencer-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-modify-file-mapping-information.md b/mdop/appv-v4/how-to-modify-file-mapping-information.md deleted file mode 100644 index 8fdeaaf6cd..0000000000 --- a/mdop/appv-v4/how-to-modify-file-mapping-information.md +++ /dev/null @@ -1,78 +0,0 @@ ---- -title: How to Modify File-Mapping Information -description: How to Modify File-Mapping Information -author: dansimp -ms.assetid: d3a9d10a-6cc8-4399-9479-b20f729c4dd9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Modify File-Mapping Information - - -After you sequence an application but before you save it, you can manually modify the virtual file system. Use the following procedures to add, delete, or edit a file in the virtual file system. - -**To add a file in the file system** - -1. Click the **Virtual File System** tab. - -2. Right-click a file under the virtual file system root in the left pane. On the menu, select **Add**. - -3. Complete the following tasks in the **New Virtual File System Mapping** dialog box: - - 1. To specify the new file association type the full network path to the new file. - - 2. Click **OK**. - -4. To override the local directory, right-click the file you just added and, on the menu, select **Override Local Directory**; or to merge with the local directory, select **Merge with Local Directory**. - -5. On the **File** menu, select **Save** to save this change. - -**To delete a file in the file system** - -1. Click the **Virtual File System** tab. - -2. Right-click a file in the virtual file system, and select **Delete**. - -3. Accept the confirmation message by clicking **OK**. - -4. On the **File** menu, select **Save** to save this change. - -**To edit a file in the file system** - -1. Click the **Virtual File System** tab. - -2. Right-click a file in the virtual file system. On the menu, select **Edit**. - -3. Complete the following tasks in the **Edit Virtual File System Mapping** dialog box: - - 1. To edit the file association, specify the full network path to the new file. - - 2. Click **OK**. - -4. To override the local directory, right-click the file you just edited and, on the menu, select **Override Local Directory**. - -5. On the **File** menu, select **Save** to save this change. - -## Related topics - - -[About the Virtual File System Tab](about-the-virtual-file-system-tab.md) - -[Sequencer Console](sequencer-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-modify-private-key-permissions-to-support-management-server-or-streaming-server.md b/mdop/appv-v4/how-to-modify-private-key-permissions-to-support-management-server-or-streaming-server.md deleted file mode 100644 index f4c26c1e0a..0000000000 --- a/mdop/appv-v4/how-to-modify-private-key-permissions-to-support-management-server-or-streaming-server.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: How to Modify Private Key Permissions to Support Management Server or Streaming Server -description: How to Modify Private Key Permissions to Support Management Server or Streaming Server -author: dansimp -ms.assetid: 1ebe86fa-0fbc-4512-aebc-0a5da991cd43 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Modify Private Key Permissions to Support Management Server or Streaming Server - - -To support a more secure App-V installation, you can use the following procedures to modify private keys in either Windows Server 2003 or Windows Server 2008. To modify the permissions of the private key, you can use the Windows Server 2003 Resource Kit tool `WinHttpCertCfg.exe`. - -For Windows Server 2003, the procedure requires that a certificate that meets the prerequisites listed in this document is installed on the computer or computers on which you will install the App-V Management or Streaming Server. Additional information about using the `WinHttpCertCfg.exe` tool is available at . - -In Windows Server 2008, the process of changing the ACLs on the private key is much simpler. The certificate’s user interface can be used to manage private key permissions. - -**Note**   -The default security context is Network Service; however, a domain account can be used instead. - - - -**To manage private keys in Windows Server 2003** - -1. On the computer that will become the App-V Management or Streaming Server, type the following command in a command prompt to list the current permissions assigned to a specific certificate: - - `winhttpcertcfg -l -c LOCAL_MACHINE\My -s Name_of_cert` - -2. If necessary, modify the permissions of the certificate to provide read access to the security context that will be used for Management or Streaming Service: - - `winhttpcertcfg -g -c LOCAL_MACHINE\My -s Name_of_cert -a NetworkService` - -3. Verify that the security context was properly added by listing the permissions on the certificate: - - `winhttpcertcfg –l –c LOCAL_MACHINE\My –s Name_of_cert` - -**To manage private keys in Windows Server 2008** - -1. Create a Microsoft Management Console (MMC) with the *Certificates* snap-in that targets the *Local Machine* certificate store. - -2. Expand the MMC and select **Manage Private Keys**. - -3. On the **Security** tab, add the **Network Service** account with **Read** access. - -## Related topics - - -[Configuring Certificates to Support App-V Management Server or Streaming Server](configuring-certificates-to-support-app-v-management-server-or-streaming-server.md) - -[Configuring Certificates to Support Secure Streaming](configuring-certificates-to-support-secure-streaming.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-modify-the-files-included-in-a-package.md b/mdop/appv-v4/how-to-modify-the-files-included-in-a-package.md deleted file mode 100644 index 2b1f6f9355..0000000000 --- a/mdop/appv-v4/how-to-modify-the-files-included-in-a-package.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: How to Modify the Files Included in a Package -description: How to Modify the Files Included in a Package -author: dansimp -ms.assetid: e331ac85-1c9c-49be-9d96-5444de38fd56 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Modify the Files Included in a Package - - -After you sequence an application but before you save it, you can manually modify a sequenced application package to specify how it will retain its settings. Use the Sequencer attributes section to specify whether a file in a sequenced application package will be available to a specific user or to all users in the community. - -**To modify Sequencer attributes** - -1. Click the **Files** tab. - -2. Select **User Data** or **Application Data**, depending on how you want an application to retain its settings, and select **Override** to enable the client to overwrite the cached application. - -3. Click **Apply**. - -## Related topics - - -[About the Files Tab](about-the-files-tab.md) - -[Sequencer Console](sequencer-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-modify-the-location-of-the-log-directory.md b/mdop/appv-v4/how-to-modify-the-location-of-the-log-directory.md deleted file mode 100644 index 884b299f77..0000000000 --- a/mdop/appv-v4/how-to-modify-the-location-of-the-log-directory.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: How to Modify the Location of the Log Directory -description: How to Modify the Location of the Log Directory -author: dansimp -ms.assetid: 8e222d29-6f58-43bb-9ea7-da9a2ebfa48c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Modify the Location of the Log Directory - - -The log directory location is where the Application Virtualization (App-V) Sequencer writes information about the sequencing of an application. - -Use the following procedure to change the location of the directory where the App-V Sequencer will save associated logs. - -**To modify the log directory location** - -1. To open the App-V Sequencer Console, on the computer running the App-V Sequencer, select **Start** / **Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. - -2. To access the App-V Sequencer **Options** dialog box, select **Tools** / **Options**. On the **General** tab, specify the new directory location where you want the App-V Sequencer log file information to be saved. Alternatively, you can click **Browse** and use the **Browse For Folder** dialog box to specify a new location. - -3. To save the new location and close the **Options** dialog box, click **OK**. - -## Related topics - - -[Configuring the Application Virtualization Sequencer](configuring-the-application-virtualization-sequencer.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-modify-the-location-of-the-scratch-directory.md b/mdop/appv-v4/how-to-modify-the-location-of-the-scratch-directory.md deleted file mode 100644 index db5ae76ad1..0000000000 --- a/mdop/appv-v4/how-to-modify-the-location-of-the-scratch-directory.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: How to Modify the Location of the Scratch Directory -description: How to Modify the Location of the Scratch Directory -author: dansimp -ms.assetid: 25ebc2fa-d532-4800-9825-9d08306fc2e0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Modify the Location of the Scratch Directory - - -The scratch directory is used by the App-V Sequencer to save temporary files during the sequencing of an application. - -**To modify the scratch directory location** - -1. To open the App-V Sequencer Console, on the computer running the App-V Sequencer, select **Start** / **Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. - -2. To access the App-V Sequencer **Options** dialog box, select **Tools** / **Options**. On the **General** tab, specify the new scratch directory location where you want the App-V Sequencer temporary files to be saved. Alternatively, you can click **Browse** and use the **Browse For Folder** dialog box to specify a new location. - -3. To save the new location and close the **Options** dialog box, click **OK**. - -## Related topics - - -[Configuring the Application Virtualization Sequencer](configuring-the-application-virtualization-sequencer.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-modify-the-log-directory-location.md b/mdop/appv-v4/how-to-modify-the-log-directory-location.md deleted file mode 100644 index 59765268ac..0000000000 --- a/mdop/appv-v4/how-to-modify-the-log-directory-location.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: How to Modify the Log Directory Location -description: How to Modify the Log Directory Location -author: dansimp -ms.assetid: 203c674f-8d46-4d42-9af0-245a2681fc0f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Modify the Log Directory Location - - -The log directory location is where the Application Virtualization (App-V) Sequencer writes information about the sequencing of an application. - -**Important**   -The log location directory must be located on the computer running the App-V Sequencer. - - - -Use the following procedure to change the location of the directory where the App-V Sequencer will save associated logs. - -**To modify the log directory location** - -1. To open the App-V Sequencer Console, on the computer running the App-V Sequencer, select **Start** / **Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. - -2. To access the App-V Sequencer **Options** dialog box, select **Tools** / **Options**. On the **General** tab, specify the new directory location where you want the App-V Sequencer log file information to be saved. Alternatively, you can click **Browse** and use the **Browse For Folder** dialog box to specify a new location. - -3. To save the new location and close the **Options** dialog box, click **OK**. - -## Related topics - - -[Application Virtualization Sequencer](application-virtualization-sequencer.md) - -[How to Configure the App-V Sequencer](how-to-configure-the-app-v-sequencer.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-modify-the-operating-systems-associated-with-an-existing-windows-installer-file.md b/mdop/appv-v4/how-to-modify-the-operating-systems-associated-with-an-existing-windows-installer-file.md deleted file mode 100644 index 910e66507f..0000000000 --- a/mdop/appv-v4/how-to-modify-the-operating-systems-associated-with-an-existing-windows-installer-file.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: How to Modify the Operating Systems Associated With an Existing Windows Installer File -description: How to Modify the Operating Systems Associated With an Existing Windows Installer File -author: dansimp -ms.assetid: 0633f7e2-aebf-4e00-be02-35bc59dec420 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Modify the Operating Systems Associated With an Existing Windows Installer File - - -Use the following procedure to modify the operating system versions associated with an existing Windows Installer (**MSI**) file that was created by using the App-V Sequencer. - -**To modify the operating systems of an existing Windows Installer file** - -1. Install the App-V Sequencer on a computer in your environment that has only the operating system installed. Alternatively, you can install the Sequencer on a computer running a virtual environment—for example, Microsoft Virtual PC. This method is useful because it is easier to maintain a clean sequencing environment that you can reuse with minimal additional configuration. For more information about installing the App-V Sequencer, see [How to Install the Sequencer](how-to-install-the-sequencer.md). - -2. Copy the entire virtual application package that contains the Windows Installer file you want to modify to the computer running the Sequencer. - -3. To modify the Windows Installer file, open the Sequencer console, select **Package** / **Open**, and then browse to the location where the virtual application package associated with the Windows Installer file is saved. - -4. To add or remove operating systems, select the **Deployment** tab in the Sequencer console. To specify additional operating systems that will be associated with the Windows Installer file, select the desired operating system, and then click the arrow that points to the **Selected** operating system list control. - - To remove an operating system association, select the operating system you want to remove, and then click the arrow that points to the **Available** operating system list control. - -5. To create a new Windows Installer that will be associated with the virtual application package, select **Generate Microsoft Windows Installer (MSI) Package**. Alternatively, you can select **Tools** / **Create MSI**. - - **Note**   - If you select **Tools** / **Create MSI** to create a new Windows Installer file, you can skip **Step 6** of this procedure. - - - -6. To save the virtual application package, select **Package** / **Save**. - -## Related topics - - -[Tasks for the Application Virtualization Sequencer](tasks-for-the-application-virtualization-sequencer.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-modify-the-scratch-directory-location.md b/mdop/appv-v4/how-to-modify-the-scratch-directory-location.md deleted file mode 100644 index 55a1689ba0..0000000000 --- a/mdop/appv-v4/how-to-modify-the-scratch-directory-location.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -title: How to Modify the Scratch Directory Location -description: How to Modify the Scratch Directory Location -author: dansimp -ms.assetid: 61ecb379-85be-4316-8023-a2c1811504e5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Modify the Scratch Directory Location - - -The scratch directory is used by the App-V Sequencer to save temporary files during the sequencing of an application. - -**Important**   -The specified scratch directory location should be located on the computer running the App-V Sequencer. - - - -Use the following procedure to modify the scratch directory location. - -**To modify the scratch directory location** - -1. To open the App-V Sequencer Console, on the computer running the App-V Sequencer, select **Start** / **Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. - -2. To access the App-V Sequencer **Options** dialog box, select **Tools** / **Options**. On the **General** tab, specify the new scratch directory location where you want the App-V Sequencer temporary files to be saved. Alternatively, you can click **Browse** and use the **Browse For Folder** dialog box to specify a new location. - -3. To save the new location and close the **Options** dialog box, click **OK**. - -## Related topics - - -[Application Virtualization Sequencer](application-virtualization-sequencer.md) - -[How to Create the Sequencer Package Root Directory](how-to-create-the-sequencer-package-root-directory.md) - -[How to Modify the Log Directory Location](how-to-modify-the-log-directory-location.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-modify-virtual-registry-key-information.md b/mdop/appv-v4/how-to-modify-virtual-registry-key-information.md deleted file mode 100644 index 717a3d0b0b..0000000000 --- a/mdop/appv-v4/how-to-modify-virtual-registry-key-information.md +++ /dev/null @@ -1,70 +0,0 @@ ---- -title: How to Modify Virtual Registry Key Information -description: How to Modify Virtual Registry Key Information -author: dansimp -ms.assetid: cf2559f2-a8cc-4fc7-916e-8368843c7ebc -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Modify Virtual Registry Key Information - - -After you sequence an application but before you save it, you can modify its registry settings. Use the following procedures to modify a sequenced application package's registry values and registry keys. - -**To modify a registry key** - -1. Click the **Virtual Registry Key** tab. - -2. Double-click the **Registry** folder to expand its contents. - -3. In the left pane, right-click the folder you want to modify and select **Key**. - -4. To create a new registry key, on the menu, select **New**. A new registry key will appear in the folder you selected. - -5. To rename a registry key, on the menu, select **Rename**. Type a new value name in the text box. - -6. To delete a registry key, on the menu, select **Delete**. - -7. To override the local key, on the menu, select **Override Local Key**, or to merge with the local key, select **Merge with Local Key**. - -**To modify a registry value** - -1. Click the **Virtual Registry Value** tab. - -2. Double-click the **Registry** folder to expand its contents. - -3. In the left pane, right-click the folder you want to modify and select **Value**. - -4. To add a string, on the menu, select **Add String**. - -5. To add a binary, on the menu, select **Add Binary**. - -6. To add a DWORD, on the menu, select **Add DWORD**. - -7. To delete a registry value, right-click a value and select **Delete**. - -8. To rename a registry value, right-click a registry value and select **Rename**. - -## Related topics - - -[About the Virtual Registry Tab](about-the-virtual-registry-tab.md) - -[Sequencer Console](sequencer-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-move-an-application-group.md b/mdop/appv-v4/how-to-move-an-application-group.md deleted file mode 100644 index 8ea5ba9d04..0000000000 --- a/mdop/appv-v4/how-to-move-an-application-group.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: How to Move an Application Group -description: How to Move an Application Group -author: dansimp -ms.assetid: 7f9f9f2e-f394-4ad3-8615-4237a7dcfb95 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Move an Application Group - - -In the Application Virtualization Server Management Console, you can use the following procedure to move an application group, which enables you to arrange your applications to suit your operations. You also can group them so that you can change the properties of nested groups simultaneously. - -**To move an application group** - -1. In the left pane of the Application Virtualization Server Management Console, expand **Applications** so that you can see the **Application** group you want to move. - -2. Right-click the group and choose **Move**. - -3. In the **Select Target** window, navigate to the application group under which you want to place this group. - -4. Click **OK**. - - The group, all its subgroups, and its existing applications now appear under the target group. This move does not change the properties of the group or its applications. - - **Note**   - You can select and move multiple application groups simultaneously. In the right pane, use the **CTRL**-click or **Shift**-click key combinations to select more than one group. - - - -## Related topics - - -[How to Create an Application Group](how-to-create-an-application-group.md) - -[How to Manage Application Groups in the Server Management Console](how-to-manage-application-groups-in-the-server-management-console.md) - -[How to Manage Applications in the Server Management Console](how-to-manage-applications-in-the-server-management-console.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-move-an-application.md b/mdop/appv-v4/how-to-move-an-application.md deleted file mode 100644 index 09e30ae09f..0000000000 --- a/mdop/appv-v4/how-to-move-an-application.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -title: How to Move an Application -description: How to Move an Application -author: dansimp -ms.assetid: 3ebbf30c-b435-4a69-a0ba-2313aaf0017c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Move an Application - - -If you have application groups under the **Applications** node in the Application Virtualization Server Management Console, you can move an application between groups or from the main node to a group. You can move the applications to suit your operations. You also can group them so that you can change the properties of nested groups simultaneously. - -**Important**   -You must have one or more application groups under the **Applications** node to move applications. - - - -**To move an application** - -1. In the left pane of the Application Virtualization Server Management Console, expand **Applications**. - -2. Highlight the application you want to move. - -3. Right-click the application and choose **Move**. - -4. In the **Select Target** window, navigate to the group in which you want to place this group. - -5. Click **OK**. - - The applications now appear under the target group. This move does not change the properties of the group or its applications, and it does not move any of the application's files on the server. - - **Note**   - You can select and move multiple application groups simultaneously. In the right pane, use the **CTRL**-click or **Shift**-click key combinations to select more than one group. - - - -## Related topics - - -[How to Create an Application Group](how-to-create-an-application-group.md) - -[How to Manage Applications in the Server Management Console](how-to-manage-applications-in-the-server-management-console.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-open-a-sequenced-application-using-the-command-line.md b/mdop/appv-v4/how-to-open-a-sequenced-application-using-the-command-line.md deleted file mode 100644 index 21dbdb2640..0000000000 --- a/mdop/appv-v4/how-to-open-a-sequenced-application-using-the-command-line.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: How to Open a Sequenced Application Using the Command Line -description: How to Open a Sequenced Application Using the Command Line -author: dansimp -ms.assetid: dc23ee65-8aea-470e-bb3f-a2f2b06cb241 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Open a Sequenced Application Using the Command Line - - -You can open virtual application packages using the command line. You must run the **cmd** prompt as an administrator. - -Use the following procedure to open sequenced application packages using the command line - -**To open a sequenced application using the command line** - -1. To open the command prompt, click **Start**, and select **Run**, type **cmd**, and click **OK**. - -2. At a command prompt, type **cd\\** and specify the path to the directory where the Sequencer is installed and then press **Enter.** - -3. At the command prompt, type the following command, replacing the italicized text with your values: - - SFTSequencer /OPEN:*”specifies the .sprj file to open"* - - Press **Enter**. - -4. You can also specify the following optional parameters. At the command prompt, type the following commands, replacing the italicized text with your values: - - /PACKAGENAME:"*specifies the package name"* - - /MSI - specifies generating an associated Microsoft Windows Installer. - - /COMPRESS – specifies if the package will be compressed. By default, packages are not compressed. - - Press **Enter**. - - **Note**   - If the installer or Windows Installer package has a graphical user interface, it will be displayed after you specify the command-line parameters. - - - -## Related topics - - -[How to Manage Virtual Applications Using the Command Line](how-to-manage-virtual-applications-using-the-command-line.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md b/mdop/appv-v4/how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md deleted file mode 100644 index 9c58f5b780..0000000000 --- a/mdop/appv-v4/how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: How to Perform Administrative Tasks in the Application Virtualization Server Management Console -description: How to Perform Administrative Tasks in the Application Virtualization Server Management Console -author: dansimp -ms.assetid: b80e39eb-4b2a-4f66-8c85-dd5712efed33 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Perform Administrative Tasks in the Application Virtualization Server Management Console - - -You have a wide range of configuration and control operations for one or more Application Virtualization Management Servers. The Application Virtualization Server Management Console provides local or remote access to your servers. - -## In This Section - - -[How to Connect to an Application Virtualization System](how-to-connect-to-an-application-virtualization-system.md) -Provides steps for connecting to an Application Virtualization System in the Application Virtualization Management Server Management Console. - -[How to Manage Applications in the Server Management Console](how-to-manage-applications-in-the-server-management-console.md) -Provides procedures for managing applications in the Application Virtualization Server Management Console. - -[How to Manage Application Groups in the Server Management Console](how-to-manage-application-groups-in-the-server-management-console.md) -Provides procedures for managing application groups in the Application Virtualization Server Management Console. - -[How to Manage Packages in the Server Management Console](how-to-manage-packages-in-the-server-management-console.md) -Provides procedures for managing packages in the Application Virtualization Server Management Console. - -[How to Manage Reports in the Server Management Console](how-to-manage-reports-in-the-server-management-console.md) -Provides procedures for managing reports in the Application Virtualization Server Management Console. - -[How to Manage Servers in the Server Management Console](how-to-manage-servers-in-the-server-management-console.md) -Provides procedures for managing Application Virtualization Management Servers in the Application Virtualization Server Management Console. - -[How to Manage Application Licenses in the Server Management Console](how-to-manage-application-licenses-in-the-server-management-console.md) -Provides procedures for managing licenses in the Application Virtualization Server Management Console. - -[How to Customize an Application Virtualization System in the Server Management Console](how-to-customize-an-application-virtualization-system-in-the-server-management-console.md) -Provides procedures for customizing an Application Virtualization System in the Application Virtualization Server Management Console. - -[How to Change the Server Logging Level and the Database Parameters](how-to-change-the-server-logging-level-and-the-database-parameters.md) -Provides procedures for changing the logging level and the database log parameters in the Application Virtualization Server Management Console. - -[How to Configure Microsoft SQL Server Mirroring Support for App-V](how-to-configure-microsoft-sql-server-mirroring-support-for-app-v.md) -Describes how to configure database mirroring by using Microsoft SQL Server for your App-V system. - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-perform-general-administrative-tasks-in-the-app-v-client-management-console.md b/mdop/appv-v4/how-to-perform-general-administrative-tasks-in-the-app-v-client-management-console.md deleted file mode 100644 index 343308dd05..0000000000 --- a/mdop/appv-v4/how-to-perform-general-administrative-tasks-in-the-app-v-client-management-console.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: How to Perform General Administrative Tasks in the App-V Client Management Console -description: How to Perform General Administrative Tasks in the App-V Client Management Console -author: dansimp -ms.assetid: 22abdb1e-ab35-440d-bf74-d358dd1a6558 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Perform General Administrative Tasks in the App-V Client Management Console - - -The App-V Client Management Console enables users who are local administrators to manage their applications. - -## In This Section - - -[How to Set Up Publishing Servers](how-to-set-up-publishing-servers.md) -Provides procedures for setting up App-V Servers and for adding more App-V Servers to both the App-V Desktop Client and the App-V Client for Remote Desktop Services (formerly Terminal Services). - -[How to Refresh the Publishing Servers](how-to-refresh-the-publishing-servers.md) -Provides a procedure for refreshing the App-V Servers from the App-V Client Management Console. - -[How to Disable or Modify Disconnected Operation Mode Settings](how-to-disable-or-modify-disconnected-operation-mode-settings.md) -Provides procedures for disabling or modifying disconnected operation mode settings. - -[User Access Permissions in Application Virtualization Client](user-access-permissions-in-application-virtualization-client.md) -Provides the list of user access permissions. - -[Disconnected Operation Mode](disconnected-operation-mode.md) -Describes the disconnected operation mode and circumstances that affect it. - -## Related topics - - -[Application Virtualization Client](application-virtualization-client.md) - -[How to Configure the Client in the Application Virtualization Client Management Console](how-to-configure-the-client-in-the-application-virtualization-client-management-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-perform-general-administrative-tasks-in-the-client-management-console.md b/mdop/appv-v4/how-to-perform-general-administrative-tasks-in-the-client-management-console.md deleted file mode 100644 index 6680c9eb75..0000000000 --- a/mdop/appv-v4/how-to-perform-general-administrative-tasks-in-the-client-management-console.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: How to Perform General Administrative Tasks in the Client Management Console -description: How to Perform General Administrative Tasks in the Client Management Console -author: dansimp -ms.assetid: 90bb7101-1075-4654-8a5e-ad08374e381f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Perform General Administrative Tasks in the Client Management Console - - -The Application Virtualization Client Management Console enables users who are local administrators to manage their applications. - -## In This Section - - -[How to Set Up Publishing Servers](how-to-set-up-publishing-servers.md) -Provides procedures for adding more Application Virtualization Servers to the Application Virtualization Desktop Client or Client for Remote Desktop Services (formerly Terminal Services) and for setting up those servers. - -[How to Refresh the Publishing Servers](how-to-refresh-the-publishing-servers.md) -Provides a procedure for refreshing the Application Virtualization Servers from the Client Management Console. - -[How to Disable or Modify Disconnected Operation Mode Settings](how-to-disable-or-modify-disconnected-operation-mode-settings.md) -Provides procedures you can use to disable or modify disconnected operation mode settings. - -## Related topics - - -[Application Virtualization Client Management Console Overview](application-virtualization-client-management-console-overview.md) - -[How to Configure the Client in the Application Virtualization Client Management Console](how-to-configure-the-client-in-the-application-virtualization-client-management-console.md) - -[How to Manage Applications in the Client Management Console](how-to-manage-applications-in-the-client-management-console.md) - -[How to Manually Manage Applications in the Client Management Console](how-to-manually-manage-applications-in-the-client-management-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-print-a-reportserver.md b/mdop/appv-v4/how-to-print-a-reportserver.md deleted file mode 100644 index b5032610a5..0000000000 --- a/mdop/appv-v4/how-to-print-a-reportserver.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: How to Print a Report -description: How to Print a Report -author: dansimp -ms.assetid: 9cb3a2f1-69bf-47b2-b2cf-8afdcd77138f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Print a Report - - -The process for printing a report for the Application Virtualization Server Management Console is the same regardless of the report type. - -**To print a report** - -1. After the report output is displayed in the **Results** pane, click the **Printer** button (at the top of the **Results** pane) or right-click the desired report under the **Reports** node and select **Print** from the pop-up menu. - -2. Follow the printing prompts, and click **OK**. - -## Related topics - - -[Application Virtualization Report Types](application-virtualization-report-types.md) - -[How to Create a Report](how-to-create-a-reportserver.md) - -[How to Delete a Report](how-to-delete-a-reportserver.md) - -[How to Export a Report](how-to-export-a-reportserver.md) - -[How to Run a Report](how-to-run-a-reportserver.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-publish-a-virtual-application-on-the-client.md b/mdop/appv-v4/how-to-publish-a-virtual-application-on-the-client.md deleted file mode 100644 index 50cea0dd3a..0000000000 --- a/mdop/appv-v4/how-to-publish-a-virtual-application-on-the-client.md +++ /dev/null @@ -1,71 +0,0 @@ ---- -title: How to Publish a Virtual Application on the Client -description: How to Publish a Virtual Application on the Client -author: dansimp -ms.assetid: 90af843e-b5b3-4a71-a3a1-fa5f4c087f28 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Publish a Virtual Application on the Client - - -When you deploy Application Virtualization by using an electronic software distribution system, you can use one of the following procedures to publish an application package to your users. - -**To publish a package using a stand-alone Windows Installer file** - -1. The client should be installed with the *REQUIREAUTHORIZATIONIFCACHED* parameter set to 0 (zero). For more information about setting this parameter, see [Application Virtualization Client Installer Command-Line Parameters](application-virtualization-client-installer-command-line-parameters.md) - -2. Copy the Windows Installer file and the SFT file to same folder on the target computer. - -3. Run the following command on the computer: - - `Msiexec.exe /I "packagename.msi" /q` - -**To publish a package using Windows Installer and the package manifest** - -1. Copy the Windows Installer file to the target computer and the SFT file to the CONTENT share on the streaming server. - -2. Run the following command on each user’s computer: - - `Msiexec.exe /I "\\pathtomsi\packagename.msi" MODE=STREAMING OVERRIDEURL="\\\\server\\share\\package.sft" LOAD=TRUE /q` - - **Important**   - For OVERRIDEURL all backslash characters must be escaped using a preceding backslash, or the OVERRIDEURL path will not be parsed correctly. Also, properties and values must be entered as uppercase except where the value is a path to a file. - - - -**To publish a package using SFTMIME** - -- For an example of how to publish an application for all users on a computer, run the following command on the user’s computer: - - `SFTMIME ADD PACKAGE:package-name /MANIFEST manifest-path [/GLOBAL] [/LOG log-pathname | /CONSOLE | /GUI]` - - For additional details about these and other SFTMIME commands, see [SFTMIME Command Reference](sftmime--command-reference.md). - -## Related topics - - -[Determine Your Publishing Method](determine-your-publishing-method.md) - -[Electronic Software Distribution-Based Scenario](electronic-software-distribution-based-scenario.md) - -[SFTMIME Command Reference](sftmime--command-reference.md) - -[Stand-Alone Delivery Scenario for Application Virtualization Clients](stand-alone-delivery-scenario-for-application-virtualization-clients.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-publish-application-shortcuts.md b/mdop/appv-v4/how-to-publish-application-shortcuts.md deleted file mode 100644 index 6d4a244cfe..0000000000 --- a/mdop/appv-v4/how-to-publish-application-shortcuts.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: How to Publish Application Shortcuts -description: How to Publish Application Shortcuts -author: dansimp -ms.assetid: fc5efe86-1bbe-438b-b7d8-4f9b815cc58e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Publish Application Shortcuts - - -You can use the following procedure to publish shortcuts to an application directly from the **Results** pane of the **Application** node in the Application Virtualization Client Management Console. - -**To publish application shortcuts** - -1. Move the cursor to the **Results** pane, right-click the desired application, and select **New Shortcut** from the pop-up menu to display the New Shortcut Wizard. - -2. On the first page of the New Shortcut Wizard, select an icon and specify a name for the shortcut. - - 1. **Change Icon**—Displays a standard Windows icon browser. Browse to and select the desired icon. - - 2. **Shortcut Title**—Enter the name you want to give the shortcut. This field defaults to the existing name and version of the application. - -3. On the second page of the wizard, determine the location of the published shortcut. - - 1. **The Desktop**—Select this check box to publish the shortcut to the desktop. - - 2. **The Quick Launch Toolbar**—Select this check box to publish the shortcut to the Quick Launch toolbar. - - 3. **The Send To Menu**—Select this check box to publish the shortcut to the **Send To** menu. - - 4. **Programs in the Start Menu**—When you select the **Start Menu** check box, this field becomes active. Leave this field blank to publish the shortcut directly to the root of the Programs folder, or enter a folder name or hierarchy—for example, "My\_Computer\\Office Applications." Shortcuts created this way are available only for the current user. - - 5. **Another location** and **Browse** button—When you select the **Another location** check box, this field becomes active. Enter any valid location on the computer or any available UNC path (shared file or directory on a network). The **Browse** button displays a standard Windows **File Open** dialog box. - -4. On the third page of the wizard, enter desired command-line parameters. - -5. Click **Finish** to publish the shortcuts and exit to the **Results** pane. - -## Related topics - - -[How to Add a File Type Association](how-to-add-a-file-type-association.md) - -[How to Add an Application](how-to-add-an-application.md) - -[How to Delete a File Type Association](how-to-delete-a-file-type-association.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-refresh-the-publishing-servers.md b/mdop/appv-v4/how-to-refresh-the-publishing-servers.md deleted file mode 100644 index a0e9a2926b..0000000000 --- a/mdop/appv-v4/how-to-refresh-the-publishing-servers.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: How to Refresh the Publishing Servers -description: How to Refresh the Publishing Servers -author: dansimp -ms.assetid: 92e1d7b0-10ee-4531-9049-1056b44934e2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Refresh the Publishing Servers - - -After you request access to additional applications and permission is granted by the system administrator, you must refresh the publishing information from the Application Virtualization Servers before the applications appear on your desktop. You can accomplish this directly from the Windows desktop notification area. - -**Note**   -By default, publishing information is refreshed on user log in. - - - -**To refresh the publishing information** - -1. Right-click the Application Virtualization System icon in the notification area. - -2. Select **Refresh Applications** from the pop-up-menu. The new shortcuts appear where designated by the system administrator—for example, on your desktop, **Start** menu, or **Quick Launch** menu, depending on the configuration of the Application Virtualization Server and your desktop. - - **Note**   - Following are additional ways you can refresh the publishing information from the servers: - - - Right-click the server in the **Results** pane, and select **Refresh Server** from the pop-up menu. - - - Right-click the server in the **Results** pane, and then select **Properties** from the pop-up menu. Select the **Refresh** tab, and then click the **Refresh** button. - - - -## Related topics - - -[How to Set Up Periodic Publishing Refresh](how-to-set-up-periodic-publishing-refresh.md) - -[How to Set Up Publishing Refresh on Login](how-to-set-up-publishing-refresh-on-login.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-refresh-virtual-applications-from-the-desktop-notification-area.md b/mdop/appv-v4/how-to-refresh-virtual-applications-from-the-desktop-notification-area.md deleted file mode 100644 index 7933691955..0000000000 --- a/mdop/appv-v4/how-to-refresh-virtual-applications-from-the-desktop-notification-area.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: How to Refresh Virtual Applications from the Desktop Notification Area -description: How to Refresh Virtual Applications from the Desktop Notification Area -author: dansimp -ms.assetid: 801610d9-e89c-48bb-972c-20e37b945a02 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Refresh Virtual Applications from the Desktop Notification Area - - -To refresh the list of available applications and the associated shortcuts and file type associations, you must refresh the publishing information from the Application Virtualization (App-V) Management Server or the Application Virtualization (App-V) Streaming Server before the applications appear on your desktop. You can accomplish this directly from the notification area on your desktop. - -**To refresh the virtual applications from the client desktop** - -1. Right-click the Application Virtualization System icon in the notification area. - -2. Select **Refresh Applications** from the pop-up-menu. - - Your desktop is updated, and the client reflects any changes in applications, shortcuts, and file type associations. This applies only when a publishing server has been defined. - -## Related topics - - -[How to Use the Desktop Notification Area for Application Virtualization Client Management](how-to-use-the-desktop-notification-area-for-application-virtualization-client-management.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-remove-a-package-by-using-the-command-line.md b/mdop/appv-v4/how-to-remove-a-package-by-using-the-command-line.md deleted file mode 100644 index d0f45a1774..0000000000 --- a/mdop/appv-v4/how-to-remove-a-package-by-using-the-command-line.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: How to Remove a Package by Using the Command Line -description: How to Remove a Package by Using the Command Line -author: dansimp -ms.assetid: 47697ec7-20e5-4258-8865-a0a710d41d5a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Remove a Package by Using the Command Line - - -You can use the following command-line procedures to delete a virtual application package from the Application Virtualization (App-V) Client on a specific computer. - -**To delete a virtual application package for all users** - -- If the package was previously added for all users by using the /GLOBAL switch, use the following command to delete the package and the global file types and shortcuts. Administrator rights are required. The /GLOBAL switch is not needed in this case because the command always performs a global deletion of the package. - - `SFTMIME DELETE PACKAGE:”name”` - -**To delete a package previously added for individual users** - -1. If the package was previously added for individual users, you have several options. - - Run the following command once under the user account of each person the package was published to. This denies the user access to the applications if they roam to another computer. It deletes the specific user’s settings, shortcuts, and file types from the profile, and it stops background loads under the user’s context. - - `SFTMIME UNPUBLISH PACKAGE:”name”` - -2. Alternatively, run the following command under the user account of each person the package was published to. - - `SFTMIME UNPUBLISH PACKAGE:”name”` - - Then run this command for the package. - - `SFTMIME DELETE PACKAGE:”name”` - - This completely removes the package, and it deletes all user settings, shortcuts, and file types from their profiles. If the package is subsequently re-added, the users will have to specify their settings again. Only “Delete applications” (**DeleteApp**) permission is needed to run this command. - -3. As a third alternative, you can simply run the **DELETE PACKAGE** command without using the **UNPUBLISH PACKAGE** command. In this case, file types and shortcuts for each user are hidden rather than deleted, and the user settings are retained. This means that if the package is subsequently re-added for the user, the file types and shortcuts are restored, and the user settings are reapplied. - -## Related topics - - -[How to Add a Package by Using the Command Line](how-to-add-a-package-by-using-the-command-line.md) - -[How to Delete All Virtual Applications by Using the Command Line](how-to-delete-all-virtual-applications-by-using-the-command-line.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-remove-a-server-group.md b/mdop/appv-v4/how-to-remove-a-server-group.md deleted file mode 100644 index e7575feff4..0000000000 --- a/mdop/appv-v4/how-to-remove-a-server-group.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: How to Remove a Server Group -description: How to Remove a Server Group -author: dansimp -ms.assetid: 3017f4f4-614b-4db4-834c-b6fd9b45f10c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Remove a Server Group - - -You can use the following procedure in the Application Virtualization Server Management Console to remove server groups, including all the servers in the group, from your Application Virtualization System. - -**To remove a server group** - -1. Click the **Server Groups** node in the left pane to expand the list of server groups. - -2. Right-click the desired server group, and select **Delete**. - -3. At the prompt, click **Yes**. - -## Related topics - - -[How to Add a Server](how-to-add-a-server.md) - -[How to Create a Server Group](how-to-create-a-server-group.md) - -[How to Remove a Server](how-to-remove-a-server.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-remove-a-server.md b/mdop/appv-v4/how-to-remove-a-server.md deleted file mode 100644 index bccd5fb64d..0000000000 --- a/mdop/appv-v4/how-to-remove-a-server.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: How to Remove a Server -description: How to Remove a Server -author: dansimp -ms.assetid: afb2a889-733c-4058-9a50-caa2ca10bd58 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Remove a Server - - -To help you manage your servers more efficiently, organize them into server groups. After you create a server group in the Application Virtualization Server Management Console, you can remove servers from the group. - -**To remove a server from a group** - -1. Click the **Server Groups** node in the left pane to expand the list of server groups. - -2. In the right pane, right-click the desired server and select **Delete**. - -3. At the prompt, click **Yes**. - -## Related topics - - -[How to Add a Server](how-to-add-a-server.md) - -[How to Create a Server Group](how-to-create-a-server-group.md) - -[How to Remove a Server Group](how-to-remove-a-server-group.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-remove-an-application-from-a-license-group.md b/mdop/appv-v4/how-to-remove-an-application-from-a-license-group.md deleted file mode 100644 index 8d0d072de5..0000000000 --- a/mdop/appv-v4/how-to-remove-an-application-from-a-license-group.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: How to Remove an Application from a License Group -description: How to Remove an Application from a License Group -author: dansimp -ms.assetid: 973dfb11-b4d1-4b79-8f6a-aaea3e52b04f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Remove an Application from a License Group - - -You can use the following procedure to remove an application from its assigned license group in the Application Virtualization Server Management Console. After you do this, you cannot apply license controls or use reports to track the license usage for this application. - -**To remove an application from a license group** - -1. In the left pane of the management console, click and expand the **Applications** node. - -2. Right-click the desired application, and choose **Properties**. - -3. On the **General** tab, use the **Application License Group** pull-down menu to choose **<none>**. - -4. Click **OK**. - - **Note**   - You can alter the **Properties** tab of one application at a time. - - - -## Related topics - - -[How to Associate an Application with a License Group](how-to-associate-an-application-with-a-license-group.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-remove-an-application-group.md b/mdop/appv-v4/how-to-remove-an-application-group.md deleted file mode 100644 index 04c1069006..0000000000 --- a/mdop/appv-v4/how-to-remove-an-application-group.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: How to Remove an Application Group -description: How to Remove an Application Group -author: dansimp -ms.assetid: 3016b373-f5a0-4c82-96e8-e5e7960f0cc4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Remove an Application Group - - -You can use the following procedures to remove an application group in the Application Virtualization Server Management Console in one of two ways: - -**Caution**   -Deleting a group with its applications deletes those applications from the Application Virtualization Management Server. When you try to do this, you must confirm the deletion in a pop-up window. - - - -**To empty and then delete an application group** - -1. In the Application Virtualization Server Management Console, expand **Applications** in the left pane and select the **Application** group you want to remove. - -2. In the right pane, select the applications and application groups you want to keep. You can use the **CTRL** and **Shift** keys to select multiple applications and application groups. - -3. Right-click the selected applications, and choose **Move**. - -4. In the **Select Target** window, navigate to the new location and click **OK**. Repeat this step if you want to move different applications to more than one group. - -5. When you finish moving the applications you want to keep, right-click the application group and choose **Delete**. - -6. Click **Yes** to confirm. - -**To delete the group, with all its child groups and its applications** - -1. In the Application Virtualization Server Management Console, expand **Applications** in the left pane. - -2. Right-click the application group you want to remove, and choose **Delete**. - -3. Click **Yes** to confirm. - - **Note**   - You can select and remove multiple application groups simultaneously. In the right pane, use the **CTRL**-click or **Shift**-click key combinations to select more than one group. - - - -## Related topics - - -[How to Manage Application Groups in the Server Management Console](how-to-manage-application-groups-in-the-server-management-console.md) - -[How to Manage Applications in the Server Management Console](how-to-manage-applications-in-the-server-management-console.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-remove-an-application-license-group.md b/mdop/appv-v4/how-to-remove-an-application-license-group.md deleted file mode 100644 index 6e686e7f7b..0000000000 --- a/mdop/appv-v4/how-to-remove-an-application-license-group.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: How to Remove an Application License Group -description: How to Remove an Application License Group -author: dansimp -ms.assetid: 35830916-7015-44cd-829b-23599a5029a7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Remove an Application License Group - - -In the Application Virtualization Server Management Console, you can use the following procedure to remove an application license group. After you do this, you will be unable to apply license controls or use reports to track the licenses. - -**Important**   -Before you can remove a license group, you must remove any licenses associated with the group. - - - -**To remove a license group** - -1. In the left pane of the Application Virtualization Server Management Console, click and expand the **Applications Licenses** node. - -2. Click the desired **License Group**. - -3. In the right pane, right-click the license and select **Delete**. - -4. Click **Yes** at the prompt. - -5. In the left pane, right-click the desired license group and select **Delete**. - -## Related topics - - -[How to Associate an Application with a License Group](how-to-associate-an-application-with-a-license-group.md) - -[How to Create an Application License Group](how-to-create-an-application-license-group.md) - -[How to Remove an Application from a License Group](how-to-remove-an-application-from-a-license-group.md) - -[How to Set Up a Concurrent License Group](how-to-set-up-a-concurrent-license-group.md) - -[How to Set Up a Named License Group](how-to-set-up-a-named-license-group.md) - -[How to Set Up an Unlimited License Group](how-to-set-up-an-unlimited-license-group.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-remove-the-application-virtualization-system-components.md b/mdop/appv-v4/how-to-remove-the-application-virtualization-system-components.md deleted file mode 100644 index 40b1a72de1..0000000000 --- a/mdop/appv-v4/how-to-remove-the-application-virtualization-system-components.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: How to Remove the Application Virtualization System Components -description: How to Remove the Application Virtualization System Components -author: dansimp -ms.assetid: 45bb1e43-8708-48b7-9169-e3659f32686f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Remove the Application Virtualization System Components - - -You can use the following procedures to remove all or selected Application Virtualization software components from a target computer. - -**To remove all components from a single computer** - -1. From the Windows desktop, click **Start > Settings > Control Panel**. - -2. In the Control Panel window, double-click **Add or Remove Programs**. - -3. On the **Add or Remove Programs** page, select **Microsoft System Center Application Virtual Management Server** or **Microsoft System Center Application Streaming Server**, click **Remove**, and then click **Yes** at the prompt to remove all Application Virtualization software components from the computer. - -**To remove one or more components from a computer** - -1. Navigate to the location of the Application Virtualization System setup program on the network, either run this program from the network or copy its directory to the target computer, and then double-click **Setup.exe**. - -2. On the **Welcome** page, click **Next**. - -3. On the **Program Maintenance** page, select **Modify** and then click **Next**. - -4. On the **Custom Setup** page, deselect the Application Virtualization component or components you want to remove, and then click **Next**. - -5. On the **Ready to Modify the Program** page, to remove the selected components, click **Install**. - -6. On the **Installation Wizard Completed** page, to close the wizard click **Finish**. Click **Yes** to restart the computer. - -## Related topics - - -[How to Install the Servers and System Components](how-to-install-the-servers-and-system-components.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-rename-an-application-group.md b/mdop/appv-v4/how-to-rename-an-application-group.md deleted file mode 100644 index a1ee2619d3..0000000000 --- a/mdop/appv-v4/how-to-rename-an-application-group.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: How to Rename an Application Group -description: How to Rename an Application Group -author: dansimp -ms.assetid: 4dfd3336-ea9a-4a56-91e1-7e9d742c7b9a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Rename an Application Group - - -From the Application Virtualization Server Management Console, you can use the following procedure to rename an application group without affecting any of its properties or those of the applications in it. - -**To rename an application group** - -1. In the management console, expand **Applications** in the left pane. - -2. Right-click the **Applications** group, and choose **Rename**. - -3. Type the new name for the group, and press **Enter**. - - Alternately, you can highlight the group and press **F2**. Then type the new name, and press **Enter** - -## Related topics - - -[How to Manage Application Groups in the Server Management Console](how-to-manage-application-groups-in-the-server-management-console.md) - -[How to Manage Applications in the Server Management Console](how-to-manage-applications-in-the-server-management-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-rename-an-application.md b/mdop/appv-v4/how-to-rename-an-application.md deleted file mode 100644 index d039ae22e5..0000000000 --- a/mdop/appv-v4/how-to-rename-an-application.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: How to Rename an Application -description: How to Rename an Application -author: dansimp -ms.assetid: 983136b7-66bf-49f6-8dea-8933b622072d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Rename an Application - - -You can rename an application through the Application Virtualization Server Management Console. - -**To rename an application** - -1. In the left pane of the management console, click **Applications**. - -2. Right-click the application and choose **Rename**. - -3. Enter the new name and press **Enter**, or click outside of the box to cancel. - - **Note**   - You can also highlight the application in the right pane and press **F2**. - - - -## Related topics - - -[How to Manage Applications in the Server Management Console](how-to-manage-applications-in-the-server-management-console.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-repair-an-application.md b/mdop/appv-v4/how-to-repair-an-application.md deleted file mode 100644 index a6a164f1df..0000000000 --- a/mdop/appv-v4/how-to-repair-an-application.md +++ /dev/null @@ -1,37 +0,0 @@ ---- -title: How to Repair an Application -description: How to Repair an Application -author: dansimp -ms.assetid: 80b08416-ad86-4ed6-966a-b943e3efb951 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Repair an Application - - -To repair a selected application, you can perform the following procedure directly from the **Results** pane of the **Application** node in the Application Virtualization Client Management Console. When you repair an application, you remove any custom user settings and restore the default settings. This action does not change or delete shortcuts or file type associations, and it does not remove the application from cache. - -**To repair an application** - -1. Move the cursor to the **Results** pane. - -2. Right-click the desired application, and select **Repair** from the pop-up menu. - -3. At the confirmation prompt, click **Yes** to repair the application or **No** to cancel. - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-reset-the-filesystem-cache.md b/mdop/appv-v4/how-to-reset-the-filesystem-cache.md deleted file mode 100644 index f419abda81..0000000000 --- a/mdop/appv-v4/how-to-reset-the-filesystem-cache.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: How to Reset the FileSystem Cache -description: How to Reset the FileSystem Cache -author: dansimp -ms.assetid: 7777259d-8c21-4c06-9384-9599b69f9828 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Reset the FileSystem Cache - - -Resetting the FileSystem cache is not something that should usually be necessary. However if you need to completely reset the FileSystem cache, perhaps for troubleshooting purposes, you can use the following procedure. Administrative rights are required to perform this action. - -**To reset the FileSystem cache** - -1. Set the following registry value to 0 (zero): - - HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\AppFS\\State - -2. Restart the computer. - -## Related topics - - -[How to Configure the App-V Client Registry Settings by Using the Command Line](how-to-configure-the-app-v-client-registry-settings-by-using-the-command-line.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-run-a-reportserver.md b/mdop/appv-v4/how-to-run-a-reportserver.md deleted file mode 100644 index 989628b502..0000000000 --- a/mdop/appv-v4/how-to-run-a-reportserver.md +++ /dev/null @@ -1,65 +0,0 @@ ---- -title: How to Run a Report -description: How to Run a Report -author: dansimp -ms.assetid: 72a5419b-aa65-4e60-b23e-3751186b7aed -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Run a Report - - -The process for running a report is the same regardless of the report type. When you select a report type in the Application Virtualization Server Management Console, the window displays a brief description of the selected report. - -**Note**   -Reports are not run automatically; you must run them explicitly to generate output data. The length of time it takes to run a report is determined by the amount of data collected in the data store. - - - -**To run a report** - -1. Click the **Reports** node in the navigation pane. - -2. Right-click the desired report, and select **Run Report** from the pop-up menu. - -3. The pages you must complete to run a report vary depending on the type of report. To run a report, complete the appropriate pages from the following list: - - 1. Select a **Report Period** radio button to specify the frequency for running the report. - - 2. Specify the start date and end date in the respective fields to determine the range of dates included in the report. You can enter these dates manually or use the calendar function and select the dates. - - 3. Select the **Server**, **Server Group**, or **Enterprise** radio button, and then select the server group and server from the corresponding drop-down list and field as enabled. - - 4. Select the desired application from the drop-down list of applications. - -4. Click **Finish**. - -## Related topics - - -[Application Virtualization Report Types](application-virtualization-report-types.md) - -[How to Create a Report](how-to-create-a-reportserver.md) - -[How to Delete a Report](how-to-delete-a-reportserver.md) - -[How to Export a Report](how-to-export-a-reportserver.md) - -[How to Print a Report](how-to-print-a-reportserver.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-sequence-a-new-add-on-or-plug-in-application--app-v-46-sp1-.md b/mdop/appv-v4/how-to-sequence-a-new-add-on-or-plug-in-application--app-v-46-sp1-.md deleted file mode 100644 index 71f9b1e3fe..0000000000 --- a/mdop/appv-v4/how-to-sequence-a-new-add-on-or-plug-in-application--app-v-46-sp1-.md +++ /dev/null @@ -1,128 +0,0 @@ ---- -title: How to Sequence a New Add-on or Plug-in Application (App-V 4.6 SP1) -description: How to Sequence a New Add-on or Plug-in Application (App-V 4.6 SP1) -author: dansimp -ms.assetid: 2c018215-66e5-4301-8481-159891a6b35b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Sequence a New Add-on or Plug-in Application (App-V 4.6 SP1) - - -Use the following procedure to create a new add-on or plug-in virtual application package by using the Application Virtualization (App-V) Sequencer. An add-on or plug-in application is an application that extends the functionality of an application, for example, a plug-in for Microsoft Excel. For more information about the types of applications you can sequence, see [How to Determine Which Type of Application to Sequence (App-V 4.6 SP1)](how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md). - -**Important** -Before performing the following procedure, install the parent application locally on the computer that is running the sequencer. For example, if you are sequencing a plug-in for Microsoft Excel, install Microsoft Excel locally on the computer that is running the sequencer. Also install the parent application in the same directory where the application is installed on target computers. If the plug-in or add-on is going to be used with an existing virtual application package, install the application on the same virtual application drive that was used when you created the parent virtual application package. - - - -You can also use an existing virtual application package as the parent application. To use an existing virtual application package, use the following procedure before sequencing the new add-on or plug-in. - -1. To start the App-V Sequencer, on the computer that is running the App-V Sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. - -2. To expand an existing package to the computer running the sequencer, click **Tools** / **Expand Package to Local System**. - -3. Browse to and select the package (**.sprj** file) that you want to expand, and then click **Open**. Continue with the following procedure. - -**To sequence a new add-on or plug-in application** - -1. To start the App-V Sequencer, on the computer that is running the App-V Sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. - -2. To start the **Create New Package Wizard**, click **Create a New Virtual Application Package**. To create the package, select **Create Package (default)**, and click then **Next**. - -3. On the **Prepare Computer** page, review the issues that might cause the package creation to fail, or for the package to contain unnecessary data. We strongly recommend that you resolve all potential issues before you continue. After you have fixed the conflicts, to update the information displayed, click **Refresh**. After you have resolved all potential issues, click **Next**. - - **Important** - If you are required to disable virus scanning software, scan the computer running the sequencer to ensure that no unwanted or malicious files could be added to the package. - - - -4. On the **Type of Application** page, select **Add-on or Plug-in**, and then click **Next**. - - For more information about the types of applications that you can sequence, see [How to Determine Which Type of Application to Sequence (App-V 4.6 SP1)](how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md). - -5. On the **Select Installer** page, click **Browse** and specify the installation file for the add-on or plug-in. If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**. - -6. On the **Select Primary** page, click **Browse** and specify the parent application. - - **Important** - If the parent application that the add-on or plug-in you are installing is going to support has not been installed locally, stop here and install the application on the computer running the sequencer. For example, the **Excel.exe** program file must be installed locally for a Microsoft Excel plug-in. - - - -~~~ -Click **Next**. -~~~ - -7. On the **Package Name** page, specify a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name will also be displayed in the App-V management console. The **Installation Location** displays the Application Virtualization path where the application will be installed. To edit this location, select **Edit (Advanced)**. - - **Important** - Editing the Application Virtualization path is an advanced configuration task. You should fully understand the implications of changing the path. For most applications, we recommend the default path. - - - -~~~ -Click **Next**. -~~~ - -8. On the **Installation** page, when the sequencer and application installer are ready, install the plug-in or add-in application so the sequencer can monitor the installation process. Perform the installation by using the application’s installation process. If additional installation files must be run as part of the installation, click **Run** and locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**, and then click **Next**. - -9. On the **Installation Report** page, you can review information about the virtual application package that you just sequenced. For a more detailed explanation about the information displayed in **Additional Information**, double-click the event. After you have reviewed the information, click **Next**. - -10. On the **Customize** page, if you are finished installing and configuring the virtual application, select **Stop now** and skip to step 14 of this procedure. If you want to customize any of the items in the following list, select **Customize**. - - - Edit the file type associations associated with an application. - - - Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers. - - - Specify the operating systems that can run this package. - - Click **Next**. - -11. On the **Edit Shortcuts** page, you can optionally configure the file type associations (FTA) that will be associated with the various applications in the package. To create a new FTA, in the left pane, select and expand the application that you want to customize, and then click **Add**. In the **Add File Type Association** dialog box, provide the necessary information for the new FTA. Under the application, select **Shortcuts** to review the shortcut information associated with an application. In the **Location** pane, you can review the icon file information. To edit an existing FTA, click **Edit**. To remove an FTA, select the FTA, and then click **Remove**. Click **Next**. - -12. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all the applications to run. After all applications have run, close each of the applications, and then click **Next**. - - **Note** - If you want to stop an application from loading during this step, in the **Application Launch** dialog box, click **Stop** and select one of the check boxes, **Stop all applications** or **Stop this application only**. - - - -13. On the **Target OS** page, specify the operating systems that can run this package. To enable all supported operating systems in your environment to run this package, select the **Allow this package to run on any operating system** check box. To configure this package to run only on specific operating systems, select the **Allow this package to run only on the following operating systems** check box, and then select the operating systems that can run this package. Click **Next**. - -14. On the **Create Package** page, to modify the package without saving it, select **Continue to modify package without saving using the package editor** check box. Selecting this option opens the package in the Sequencer console so that you can modify the package before it is saved. Click **Next**. - - To save the package immediately, select the default **Save the package now**. Optionally, select **Comments** to add comments that will be associated with the package. Comments are useful for identifying version and other information about the package. The default **Save Location** is also displayed. To change the default location, click **Browse** and specify the new location. The uncompressed package size is displayed. If the package size exceeds 4 GB (uncompressed) and you plan to stream the package to target computers, you must select **Compress Package**. Click **Create**. - -15. On the **Completion** page, after you have reviewed the information that is displayed in the **Successful Virtual Application Package Report** pane, click **Close**. The information displayed in the **Successful Virtual Application Package Report** pane is also available in the directory specified in step 14 of this procedure, in a file named **Reports.xml**. - - The package is now available in the sequencer. Click **Edit \[Package Name\]** to edit the package properties. For more information about modifying a package, see [How to Modify an Existing Virtual Application Package (App-V 4.6 SP1)](how-to-modify-an-existing-virtual-application-package--app-v-46-sp1-.md). - - **Important** - After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the sequencer. - - - -## Related topics - - -[Tasks for the Application Virtualization Sequencer (App-V 4.6 SP1)](tasks-for-the-application-virtualization-sequencer--app-v-46-sp1-.md) - -[How to Determine Which Type of Application to Sequence (App-V 4.6 SP1)](how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-sequence-a-new-application--app-v-46-.md b/mdop/appv-v4/how-to-sequence-a-new-application--app-v-46-.md deleted file mode 100644 index d519abb772..0000000000 --- a/mdop/appv-v4/how-to-sequence-a-new-application--app-v-46-.md +++ /dev/null @@ -1,78 +0,0 @@ ---- -title: How to Sequence a New Application (App-V 4.6) -description: How to Sequence a New Application (App-V 4.6) -author: dansimp -ms.assetid: f2c398c6-9200-4be3-b502-e00386fcd150 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Sequence a New Application (App-V 4.6) - - -Use the following procedure to create a new virtual application by using the Application Virtualization (App-V) Sequencer. You can also use the App-V Sequencer to configure which files and configurations are applicable to all users and which files and configurations users can customize. After you successfully sequence the application, it is available in the App-V Sequencer. - -**Important** -During sequencing, if the computer running the sequencer is running Windows Vista or Windows 7, and a restart is initiated outside of the virtual environment, for example, by clicking **Start** / **Shut Down**, you must click **Cancel** when prompted to close the program that is preventing Windows from shutting down. If you click **Force shut down**, the package creation will fail, and the computer will restart. When you click **Cancel**, the sequencer successfully records the restart while the application is being sequenced. - - - -**To sequence a new application** - -1. To create the App-V drive, configure drive Q as the location that can be used to save files while you are sequencing an application. You must then create individual directories for each application that you plan to sequence on drive Q. You can create the virtual application targeted folders before you sequence an application, or you can create them in step 5 of this procedure. - - **Note** - The App-V drive you specify must be accessible on targeted computers. If drive Q is not accessible, you can choose a different drive letter. - - - -2. To start the App-V Sequencer Console, on the computer that is running the App-V Sequencer, select **Start** / **Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. To start the Sequencing Wizard, click **Create a Package**. - -3. On the **Package Information** page, specify the **Package Name** that will be assigned to the virtual application. The package name is required for generating the associated Windows Installer file. You should also add an optional comment that will be assigned to the package and that provides detailed information about the virtual application. To display the **Advanced Options** page, select **Show Advanced Monitoring Options**, and then click **Next**; otherwise, proceed to step 5. - -4. On the **Advanced Options** page, to allow Microsoft Update to update the application as it is being sequenced, select **Allow Microsoft Update to run during monitoring**. If you select this option, Microsoft Updates can be installed during the monitoring phase, and you have to accept the associated updates for them to be installed. To remap the supported dynamic link library (.dll) files so that they use a contiguous space of RAM, select **Rebase DLLs**. Selecting this option can conserve memory and help improve performance. Many applications do not support this option, but it is useful in environments with limited RAM such as in Terminal Server scenarios. Click **Next**. - -5. On the **Monitor Installation** page, when you are ready to install the application, click **Begin Monitoring**, and in the **Browse for Folder** dialog box, specify the directory on drive Q where the application will be installed. If you did not configure drive Q and used a different drive letter for the application virtualization drive, select the drive letter you specified in step 1 of this procedure. To install the application to a folder that has not been created on the application virtualization drive, click **Make New Folder**. After you specify the folder, wait while the Sequencer configures the computer for sequencing. - - **Important** - You must install each application that you sequence into a separate directory on the virtual application drive, and the associated folder name must not be longer than eight characters. - - - -~~~ -After the computer has been configured for sequencing, install the application so that the App-V Sequencer can monitor the installation; when you are finished, click **Stop Monitoring**, and then click **Next**. -~~~ - -6. On the **Configure Applications** page, if necessary, configure the shortcuts and file type associations that will be associated with the virtual application. To add a new file type association or shortcut, click **Add**, and in the **Add Application** dialog box, specify the new element. To remove an existing shortcut or file type association, click **Remove**. To edit an existing element, select the element you want to modify, and then click **Edit**. Specify the configurations in the **Edit Application** dialog box. Click **Save**, and then click **Next**. - -7. On the **Launch Applications** page, to start the application to ensure that the package has been installed correctly and is optimized for streaming, select the package, and then click **Launch**. This step is useful for configuring how the application initially runs on targeted computers and for accepting any associated license agreements before the package becomes available to App-V clients. If multiple applications are associated with this package, you can select **Launch All** to open all of the applications. To sequence the package, click **Next**. - -8. After you have successfully created the package, in the App-V Sequencer Console, select **File** / **Save** and specify the name and the virtual drive location where the package will be saved. - - You can optionally create an associated Windows Installer file (**.msi**) to install the virtual application package on targeted computers. To create a Windows Installer file, open the package in the Sequencer and select **Tools** / **Create MSI**. The Windows Installer file will be created and saved in the directory where the virtual application package is saved. - - **Important** - After you have successfully created a virtual application package, you cannot run the virtual application package on the computer running the sequencer. - - - -## Related topics - - -[How to Upgrade a Virtual Application Package (App-V 4.6)](how-to-upgrade-a-virtual-application-package--app-v-46-.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-sequence-a-new-application-by-using-the-command-line.md b/mdop/appv-v4/how-to-sequence-a-new-application-by-using-the-command-line.md deleted file mode 100644 index 493a114518..0000000000 --- a/mdop/appv-v4/how-to-sequence-a-new-application-by-using-the-command-line.md +++ /dev/null @@ -1,95 +0,0 @@ ---- -title: How to Sequence a New Application by Using the Command Line -description: How to Sequence a New Application by Using the Command Line -author: dansimp -ms.assetid: c3b5c842-6a91-4d0a-9a22-c7b8d1aeb09a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Sequence a New Application by Using the Command Line - - -You can use a command line to sequence a new application. Using a command line is useful when you have to create a large number of virtual applications or when you need to create sequenced applications on a recurring basis. - -**Important** -Command-line sequencing allows for default sequencing only. If you need to change default installation settings for the application you are sequencing, you must either manually modify the virtual application or update the virtual application by using the Application Virtualization (App-V) Sequencer. For more information about updating a virtual application by using the App-V Sequencer, see [How to Upgrade an Existing Virtual Application](how-to-upgrade-an-existing-virtual-application.md). - - - -Use the following procedure to create a virtual application by using the command line. - -**To sequence an application by using the command line** - -1. On the computer that is running the App-V Sequencer, open the command prompt by selecting **Start**, **Run**, and then type **cmd**. Click **OK**. - -2. Use the command prompt to specify the location of where the App-V Sequencer is installed. For example, at the command prompt, you could type the following: **cd C:\\Program Files\\Microsoft Application Virtualization Sequencer**. - -3. At the command prompt, type the following command, replacing the text in quotation marks with your values: - - `SFTSequencer /INSTALLPACKAGE:"pathtoMSI" /INSTALLPATH:"pathtopackageroot" /OUTPUTFILE:"pathtodestinationSPRJ"` - - **Note** - You can specify additional parameters by using the command line, depending on the complexity of the application you are sequencing. For a complete list of parameters that are available for use with the App-V Sequencer, see [Sequencer Command-Line Parameters](sequencer-command-line-parameters.md). - - - -~~~ -Use the value descriptions in the following table to help you determine the actual text you will use in the preceding command. - - ---- - - - - - - - - - - - - - - - - - - - - -
ValueDescription

pathtoMSI

Specifies the Windows Installer or a batch file that will be used to install an application so that it can be sequenced.

pathtopackageroot

Specify the package root directory.

pathtodestinationSPRJ

Specifies the path and file name of the SPRJ file that will be created.

-~~~ - - - -4. Press **Enter**. - -## Related topics - - -[How to Create or Upgrade Virtual Applications Using the App-V Sequencer](how-to-create-or-upgrade-virtual-applications-using--the-app-v-sequencer.md) - -[Sequencer Command-Line Error Codes](sequencer-command-line-error-codes.md) - -[Sequencer Command-Line Parameters](sequencer-command-line-parameters.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-sequence-a-new-application-package-using-the-command-line.md b/mdop/appv-v4/how-to-sequence-a-new-application-package-using-the-command-line.md deleted file mode 100644 index 3271202faa..0000000000 --- a/mdop/appv-v4/how-to-sequence-a-new-application-package-using-the-command-line.md +++ /dev/null @@ -1,91 +0,0 @@ ---- -title: How to Sequence a New Application Package Using the Command Line -description: How to Sequence a New Application Package Using the Command Line -author: dansimp -ms.assetid: de72912b-d9e7-45b5-a601-12528f1a4cac -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Sequence a New Application Package Using the Command Line - - -You can use a command line to sequence a new application. Using a command line is useful when you have to create a large number of virtual applications or when you need to create sequenced applications on a recurring basis. - -**Important** -Command-line sequencing allows for default sequencing only. If you need to change default installation settings for the application you are sequencing, you must either manually modify the virtual application or update the virtual application by using the Application Virtualization (App-V) Sequencer. For more information about updating a virtual application by using the App-V Sequencer, see [How to Upgrade an Existing Virtual Application](how-to-upgrade-an-existing-virtual-application.md). - - - -Use the following procedure to create a virtual application by using the command line. - -**To sequence an application by using the command line** - -1. On the computer that is running the App-V Sequencer, open the command prompt by selecting **Start**, **Run**, and then type **cmd**. Click **OK**. - -2. Use the command prompt to specify the location of where the App-V Sequencer is installed. For example, at the command prompt, you could type the following: **cd C:\\Program Files\\Microsoft Application Virtualization Sequencer**. - -3. At the command prompt, type the following command, replacing the text in quotation marks with your values: - - `SFTSequencer /INSTALLPACKAGE:"pathtoMSI" /INSTALLPATH:"pathtopackageroot" /OUTPUTFILE:"pathtodestinationSPRJ"` - - **Note** - You can specify additional parameters by using the command line, depending on the complexity of the application you are sequencing. For a complete list of parameters that are available for use with the App-V Sequencer, see [Application Virtualization Sequencer Command Line](application-virtualization-sequencer-command-line.md). - - - -~~~ -Use the value descriptions in the following table to help you determine the actual text you will use in the preceding command. - - ---- - - - - - - - - - - - - - - - - - - - - -
ValueDescription

pathtoMSI

Specifies the Windows Installer or a batch file that will be used to install an application so that it can be sequenced.

pathtopackageroot

Specifies the package root directory.

pathtodestinationSPRJ

Specifies the path and file name of the SPRJ file that will be created.

-~~~ - - - -4. Press **Enter**. - -## Related topics - - -[How to Manage Virtual Applications Using the Command Line](how-to-manage-virtual-applications-using-the-command-line.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-sequence-a-new-application.md b/mdop/appv-v4/how-to-sequence-a-new-application.md deleted file mode 100644 index 8897653dba..0000000000 --- a/mdop/appv-v4/how-to-sequence-a-new-application.md +++ /dev/null @@ -1,74 +0,0 @@ ---- -title: How to Sequence a New Application -description: How to Sequence a New Application -author: dansimp -ms.assetid: e01e98cd-2378-478f-9739-f72c465bf79a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Sequence a New Application - - -The Application Virtualization (App-V) Sequencer creates applications that can be run in a virtual environment. The App-V Sequencer monitors the installation and setup process for an application, and it records the information necessary for the application to run in a virtual environment. You can also use the App-V Sequencer to configure which files and configurations are applicable to all users and which files and configurations users can customize. When you sequence an application, you should save the package to a drive that is local to the computer you are sequencing on. - -A sequenced application does not interact with the operating system because each application runs in a virtual environment and is isolated from other applications that might be installed or running on the target computer. This isolation dramatically reduces application conflicts and decreases the required amount of application pre-deployment testing. - -After you successfully sequence the application, it is available in the App-V Sequencer Console. Running the App-V sequencer in Safe Mode is not supported. - -**To sequence a new application** - -1. You must create the Application Virtualization drive to sequence a new virtual application. To create the Application Virtualization drive, map the Q:\\ drive to a location that can be used to save files while you are sequencing an application. You must then create individual directories for each application you plan to sequence on the Q:\\ drive. You can create the virtual application target folders before you sequence an application, or you can create it in step 5 of this procedure. - -2. To start the App-V Sequencer Console, on the computer that is running the App-V Sequencer, select **Start** / **Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. To start the **Sequencing Wizard**, select **File** / **New Package**. - -3. On the **Package Information** page, specify the **Package Name** that will be assigned to the virtual application. The package name is required for generating the associated Windows Installer file. You should also add an optional comment that will be assigned to the package and that provides detailed information about the virtual application. To display the **Advanced Options** page, select **Show Advanced Monitoring Options**. Click **Next**. - - **Note** - To display the **Advanced Options** page, you must select **Show Advanced Monitoring Options**. If you do not require the **Advanced Options** page, skip to step 4. - - - -4. On the **Advanced Options** page, to specify the **Block Size** for the virtual application, select the size you want. The block size determines how the **.sft** file will be divided for streaming the package across the network to target computers. To allow Microsoft Update to update the application as it is being sequenced; select **Allow Microsoft Update to run during monitoring**. If you select this option, Microsoft Updates are allowed to be installed during the monitoring phase and you will need to accept the associated updates for them to be installed. To remap the supported dynamic link library (.dll) files so that they use a contiguous space of RAM, select **Rebase DLLs**. Selecting this option can conserve memory and help improve performance. Many applications do not support this option, but it is useful in environments with limited RAM such as in Terminal Server scenarios. Click **Next**. - -5. On the **Monitor Installation** page, to monitor the installation of an application, click **Begin Monitoring**. After you click **Begin Monitoring**, specify the directory on the Q:\\ drive where the application will be installed. To install the application to a folder that has not been created, click **Make New Folder**. You must install each application that you sequence into a separate directory. - - **Important** - The folder name you specify must not be longer than 8 characters. - - - -~~~ -Wait for the virtual environment to load, and then install the application so that the App-V Sequencer can monitor the process. When you have completed the installation, click **Stop Monitoring** and then click **Next**. -~~~ - -6. On the **Additional Files to Map to Virtual File System (VFS)** page, to specify additional files to be added to the Virtual File System (VFS), click **Add**. Browse to the file you want to add, and click **Open**. To clear existing files that have been added, click **Reset** and then click **Next**. - -7. On the **Configure Applications** page, configure the shortcuts and file type associations that will be associated with the virtual application. Select the element you want to update, and then click **Edit Locations**. Specify the configurations in the **Shortcut Locations** dialog box. Click **OK** and then click **Next**. - -8. On the **Launch Applications** page, to start the application to ensure that the package is optimized for streaming, select the package and click **Launch**. This step is useful for configuring how the application initially runs on target computers and for accepting any associated license agreements before the package is made available to clients. If there are multiple applications associated with this package, you can select **Launch All** to open all of the applications. To sequence the package, click **Next**. - -9. On the **Sequence Package** page, to close the wizard, click **Finish**. - -10. After you have successfully created the package, to save the package, in the App-V Sequencer Console, select **File** / **Save** and specify the name and the location where the package will be saved. - -## Related topics - - -[Tasks for the Application Virtualization Sequencer](tasks-for-the-application-virtualization-sequencer.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-sequence-a-new-middleware-application--app-v-46-sp1-.md b/mdop/appv-v4/how-to-sequence-a-new-middleware-application--app-v-46-sp1-.md deleted file mode 100644 index 70ccc6f38a..0000000000 --- a/mdop/appv-v4/how-to-sequence-a-new-middleware-application--app-v-46-sp1-.md +++ /dev/null @@ -1,94 +0,0 @@ ---- -title: How to Sequence a New Middleware Application (App-V 4.6 SP1) -description: How to Sequence a New Middleware Application (App-V 4.6 SP1) -author: dansimp -ms.assetid: 304045c2-5e5e-4c91-b59e-a91fdf2500fb -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Sequence a New Middleware Application (App-V 4.6 SP1) - - -Use the following procedure to create a new middleware virtual application package using the Application Virtualization (App-V) Sequencer. A middleware application is software that connects software modules or applications. For more information about the types of applications that you can sequence, see [How to Determine Which Type of Application to Sequence (App-V 4.6 SP1)](how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md). - -Use this type of package by using Dynamic Suite Composition in App-V. Dynamic Suite Composition enables you to define a virtual application package as being dependent on another virtual application package. The dependency enables the application to interact with the middleware or plug-in in the virtual environment, where typically this interaction is prevented. This is useful because a secondary application package can be used with several other primary applications, which enables each primary application to reference the same secondary package. For more information about how to use Dynamic Suite Composition, see [How To Use Dynamic Suite Composition](https://go.microsoft.com/fwlink/?LinkID=203804&clcid=0x409) in the Microsoft Technical Library (https://go.microsoft.com/fwlink/?LinkID=203804&clcid=0x409). - -**Important** -During sequencing, if the computer running the App-V Sequencer is running Windows Vista or Windows 7 and a restart is initiated outside of the virtual environment, for example, **Start** / **Shut Down**, you must click **Cancel** when prompted to close the program that is preventing Windows from shutting down. If you click **Force shut down**, the package creation fails. When you click **Cancel**, App-V Sequencer successfully records the restart while the application is being sequenced. - - - -**To sequence a new middleware application** - -1. To start App-V Sequencer, on the computer that is running App-V Sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. - -2. To start the **Create New Package Wizard**, click **Create a New Virtual Application Package**. To create the package, select **Create Package (default)**, and then click **Next**. - -3. On the **Prepare Computer** page, review the issues that might cause the package creation to fail, or for the package to contain unnecessary data. We strongly recommend that you resolve all potential issues before you continue. After you have fixed the conflicts, to update the information displayed, click **Refresh**. After you have resolved all potential issues, click **Next**. - - **Important** - If you are required to disable virus scanning software, you must scan the computer running the App-VSequencer to ensure that no unwanted or malicious files can be added to the package. - - - -4. On the **Type of Application** page, select **Middleware**, and then click **Next**. - - For more information about the types of applications that you can sequence, see [How to Determine Which Type of Application to Sequence (App-V 4.6 SP1)](how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md). - -5. On the **Select Installer** page, click **Browse** and specify the installation file for the application. If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**. - -6. On the **Package Name** page, specify a name that will be associated with the package. The name helps identify the purpose and version of the application that will be added to the package. The package name is also displayed in the App-V Management Console. The **Installation Location** displays the application virtualization path where the application will be installed. To edit this location, select **Edit (Advanced)**. - - **Important** - Editing the Application Virtualization path is an advanced configuration task. You should fully understand the implications of changing the path. For most applications, we recommend the default path. - - - -~~~ -Click **Next**. -~~~ - -7. On the **Installation** page, when the Sequencer and middleware application installer are ready, install the application so that the Sequencer can monitor the installation process. Perform the installation by using the application’s installation process. If additional installation files must be run as part of the installation, click **Run**, to locate and run the additional installation files. When you are finished with the installation, select the **I am finished installing** check box, and then click **Next**. - -8. On the **Installation** page, wait while the Sequencer configures the virtual application package. - -9. On the **Installation Report** page, you can review information about the virtual application package that you just sequenced. For a more detailed explanation about the information displayed in **Additional Information**, double-click the event. After you have reviewed the information, click **Next**. - -10. On the **Target OS** page, specify the operating systems that can run this package. To enable all supported operating systems in your environment to run this package, select the **Allow this package to run on any operating system** check box. To configure this package to run only on specific operating systems, select the **Allow this package to run only on the following operating systems** check box and select the operating systems that can run this package. Click **Next**. - -11. On the **Create Package** page, to modify the package without saving it, select the **Continue to modify package without saving using the package editor** check box. Selecting this option opens the package in the Sequencer console so that you can modify the package before it is saved. Click **Next**. - - To save the package immediately, select the default, the **Save the package now** check box. Add optional comments in the **Comments** box that will be associated with the package. Comments are useful for identifying version and other information about the package. The default **Save Location** is also displayed. To change the default location, click **Browse**, and then specify the new location. The uncompressed package size is displayed. If the package size exceeds 4 GB (uncompressed) and you plan to stream the package to target computers, you must select **Compress Package**. Click **Create**. - -12. On the **Completion** page, after you have reviewed the information displayed in the **Virtual Application Package Report** pane, click **Close**. The information displayed in the **Virtual Application Package Report** pane is also available in the directory specified in step 11 of this procedure, in a file named **Report.xml**. - - The package is now available in the Sequencer. To edit the package properties, click **Edit \[Package Name\]**. For more information about modifying a package, see [How to Modify an Existing Virtual Application Package (App-V 4.6 SP1)](how-to-modify-an-existing-virtual-application-package--app-v-46-sp1-.md) - - **Important** - After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the Sequencer. - - - -## Related topics - - -[Tasks for the Application Virtualization Sequencer (App-V 4.6 SP1)](tasks-for-the-application-virtualization-sequencer--app-v-46-sp1-.md) - -[How to Determine Which Type of Application to Sequence (App-V 4.6 SP1)](how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-sequence-a-new-standard-application--app-v-46-sp1-.md b/mdop/appv-v4/how-to-sequence-a-new-standard-application--app-v-46-sp1-.md deleted file mode 100644 index 91c5c8dae1..0000000000 --- a/mdop/appv-v4/how-to-sequence-a-new-standard-application--app-v-46-sp1-.md +++ /dev/null @@ -1,123 +0,0 @@ ---- -title: How to Sequence a New Standard Application (App-V 4.6 SP1) -description: How to Sequence a New Standard Application (App-V 4.6 SP1) -author: dansimp -ms.assetid: c4a2eb33-def8-4535-b93a-3d2de21ce29f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Sequence a New Standard Application (App-V 4.6 SP1) - - -Use the following procedure to create a new standard virtual application package by using the Application Virtualization (App-V) Sequencer. This procedure applies to most applications that you sequence. For more information about the types of applications you can sequence, see [How to Determine Which Type of Application to Sequence (App-V 4.6 SP1)](how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md). You must run the sequencer (**SFTSequencer.exe**) using an account that has administrator privileges because of the changes the sequencer makes to the local system. These changes can include writing files to the **C:\\Program Files** directory, making registry changes, starting and stopping services, updating security descriptors for files, and changing permissions. - -**Important** -During sequencing, if the computer running the Sequencer is running Windows Vista or Windows 7 and a restart is initiated outside of the virtual environment, for example, **Start** / **Shut Down**, you must click **Cancel** when prompted to close the program that is preventing Windows Vista or Windows from shutting down. If you click **Force shut down**, the package creation fails. When you click **Cancel**, the Sequencer successfully records the restart while the application is being sequenced. - - - -**Note** -Running the App-V sequencer in Safe Mode is not supported. - - - -**To sequence a new standard application** - -1. To start the App-V Sequencer, on the computer that is running the App-V Sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. - -2. To start the **Create New Package Wizard**, click **Create a New Virtual Application Package**. To create the package, select **Create Package (default)**, and then click **Next**. - -3. On the **Prepare Computer** page, review the issues that could cause the package creation to fail, or for the package to contain unnecessary data. We strongly recommend that you resolve all potential issues before you continue. After you have fixed the conflicts, to update the information that is displayed, click **Refresh**. After you have resolved all potential issues, click **Next**. - - **Important** - If you are required to disable virus scanning software, scan the computer running the Sequencer to ensure that no unwanted or malicious files could be added to the package. - - - -4. On the **Type of Application** page, click **Standard Application (default)** check box, and then click **Next**. - - For more information about the types of applications that you can sequence, see [How to Determine Which Type of Application to Sequence (App-V 4.6 SP1)](how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md). - -5. On the **Select Installer** page, click **Browse** and specify the installation file for the application. If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Perform a Custom Installation** check box, and then Click **Next**. - -6. On the **Package Name** page, specify a name that will be associated with the package. The name helps identify the purpose and version of the application that are added to the package. The package name is also displayed in the App-V management console. The **Primary Virtual Application Directory** displays the Application Virtualization path where the application will be installed on target computers. To edit this location, select **Edit (Advanced)**. - - **Important** - Editing the Application Virtualization path is an advanced configuration task. You should fully understand the implications of changing the path. For most applications, the default path is recommended. - - - -~~~ -Click **Next**. -~~~ - -7. On the **Installation** page, when the Sequencer and application installer are ready, install the application so that the Sequencer can monitor the installation process. Perform the installation by using the application’s installation process. If additional installation files must be run as part of the installation, click **Run** to locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**. Click **Next**. - -8. On the **Installation** page, wait while the Sequencer configures the virtual application package. - -9. On the **Configure Software** page, optionally run the programs contained in the package. This step helps complete any associated license or configuration tasks that are required to run the application before you deploy and run the package on target computers. To run all the programs at one time, select at least one program, and then click **Run All**. To run specific programs, select the program or programs you want to run, and then click **Run Selected**. Complete the required configuration tasks and then close the applications. It can take several minutes for all programs to run. Click **Next**. - -10. On the **Installation Report** page, you can review information about the virtual application package you just sequenced. For a more detailed explanation about the information displayed in **Additional Information**, double-click the event. After you have reviewed the information, click **Next**. - -11. On the **Customize** page, if you are finished installing and configuring the virtual application, select **Stop now** and skip to step 15 of this procedure. If you want to customize any of the items in the following list, select **Customize**. - - - Edit the file type associations and the icons associated with an application. - - - Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers. - - - Specify the operating systems that can run this package. - - Click **Next**. - -12. On the **Edit Shortcuts** page, you can optionally configure the file type associations (FTA) and shortcut locations that will be associated with the various applications in the package. To create a new FTA, in the left pane, select and expand the application you want to customize, and then click **Add**. In the **Add File Type Association** dialog box, provide the necessary information for the new FTA. To review the shortcut information associated with an application, under the application, select **Shortcuts**, and in the **Location** pane, you can edit the icon file information. To edit an existing FTA, click **Edit**. To remove an FTA, select the FTA, and then click **Remove**. Click **Next**. - -13. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all the applications to run. After all applications have run, close each of the applications, and then click **Next**. - - **Note** - If you want to stop an application from loading during this step, in the **Application Launch** dialog box, click **Stop**, and select one of the check boxes, **Stop all applications** or **Stop this application only**, depending on what you want. - - - -14. On the **Target OS** page, specify the operating systems that can run this package. To enable all supported operating systems in your environment to run this package, select **Allow this package to run on any operating system**. To configure this package to run only on specific operating systems, select **Allow this package to run only on the following operating systems** and specify the operating systems that can run this package. Click **Next**. - - **Important** - The operating systems specified during this step reflect the operating systems on target computers that are enabled to run the package. You must ensure that the operating systems specified are supported by the application you are sequencing. - - - -15. On the **Create Package** page, to modify the package without saving it, select **Continue to modify package without saving using the package editor**. Selecting this option opens the package in the Sequencer console so that you can modify the package before it is saved. Click **Next**. - - To save the package immediately, select the default **Save the package now**. Add optional **Comments** that will be associated with the package. Comments are useful for identifying version and other information about the package. The default **Save Location** is also displayed. To change the default location, click **Browse** and specify the new location. The uncompressed package size is displayed. If the package size exceeds 4 GB (uncompressed) and you plan to stream the package to target computers, you must select **Compress Package**. Click **Create**. - -16. On the **Completion** page, after you have reviewed the information displayed in the **Virtual Application Package Report** pane, click **Close**. The information displayed in the **Virtual Application Package Report** pane is also available in the directory specified in step 15 of this procedure, in a file named **Report.xml**. - - The package is now available in the Sequencer. To edit the package properties, click **Edit \[Package Name\]**. For more information about modifying a package, see [How to Modify an Existing Virtual Application Package (App-V 4.6 SP1)](how-to-modify-an-existing-virtual-application-package--app-v-46-sp1-.md) - - **Important** - After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the Sequencer. - - - -## Related topics - - -[Tasks for the Application Virtualization Sequencer (App-V 4.6 SP1)](tasks-for-the-application-virtualization-sequencer--app-v-46-sp1-.md) - -[How to Determine Which Type of Application to Sequence (App-V 4.6 SP1)](how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-sequence-an-application.md b/mdop/appv-v4/how-to-sequence-an-application.md deleted file mode 100644 index c920cb5280..0000000000 --- a/mdop/appv-v4/how-to-sequence-an-application.md +++ /dev/null @@ -1,76 +0,0 @@ ---- -title: How to Sequence an Application -description: How to Sequence an Application -author: dansimp -ms.assetid: bd643dd6-dbf6-4469-bc70-c43ad9c69da9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Sequence an Application - - -The Application Virtualization (App-V) Sequencer creates applications that can be run in a virtual environment. The App-V Sequencer monitors the installation and setup process for an application, and it records the information necessary for the application to run in a virtual environment. You can also use the App-V Sequencer to configure which files and configurations are applicable to all users and which files and configurations users can customize. When you sequence an application, you should save the package to a drive that is local to the computer you are sequencing on. - -A sequenced application does not interact with the operating system because each application runs in a virtual environment and is isolated from other applications that might be installed or running on the target computer. This isolation dramatically reduces application conflicts and decreases the required amount of application pre-deployment testing. - -After you successfully sequence the application, it is available in the App-V Sequencer Console. - -**To sequence a new application** - -1. You must create the Application Virtualization drive to sequence a new virtual application. To create the Application Virtualization drive, map the Q:\\ drive to a location that can be used to save files while you are sequencing an application. You must then create individual directories for each application you plan to sequence on the Q:\\ drive. You can create the virtual application target folders before you sequence an application, or you can create it in step 5 of this procedure. - -2. To start the App-V Sequencer Console, on the computer that is running the App-V Sequencer, select **Start** / **Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. To start the **Sequencing Wizard**, select **File** / **New Package**. - -3. On the **Package Information** page, specify the **Package Name** that will be assigned to the virtual application. The package name is required for generating the associated Windows Installer file. You should also add an optional comment that will be assigned to the package and that provides detailed information about the virtual application. To display the **Advanced Options** page, select **Show Advanced Monitoring Options**. Click **Next**. - - **Note** - To display the **Advanced Options** page, you must select **Show Advanced Monitoring Options**. If you do not require the **Advanced Options** page, skip to step 4. - - - -4. On the **Advanced Options** page, to specify the **Block Size** for the virtual application, select the size you want. The block size determines how the **.sft** file will be divided for streaming the package across the network to target computers. To allow Microsoft Update to update the application as it is being sequenced; select **Allow Microsoft Update to run during monitoring**. If you select this option, Microsoft Updates are allowed to be installed during the monitoring phase and you will need to accept the associated updates for them to be installed. To remap the supported dynamic link library (.dll) files so that they use a contiguous space of RAM, select **Rebase DLLs**. Selecting this option can conserve memory and help improve performance. Many applications do not support this option, but it is useful in environments with limited RAM such as in Remote Desktop Session Host (RD Session Host) Server scenarios. Click **Next**. - -5. On the **Monitor Installation** page, to monitor the installation of an application, click **Begin Monitoring**. After you click **Begin Monitoring**, specify the directory on the Q:\\ drive where the application will be installed. To install the application to a folder that has not been created, click **Make New Folder**. You must install each application that you sequence into a separate directory. - - **Important** - The folder name you specify must not be longer than 8 characters. - - - -~~~ -Wait for the virtual environment to load, and then install the application so that the App-V Sequencer can monitor the process. When you have completed the installation, click **Stop Monitoring**, and then click **Next**. -~~~ - -6. On the **Additional Files to Map to Virtual File System (VFS)** page, to specify additional files to be added to the Virtual File System (VFS), click **Add**. Browse to the file you want to add and click **Open**. To clear existing files that have been added, click **Reset**, and then click **Next**. - -7. On the **Configure Applications** page, configure the shortcuts and file type associations that will be associated with the virtual application. Select the element that you want to update, and then click **Edit Locations**. Specify the configurations in the Shortcut Locations dialog box. Click **OK**, and then click **Next**. - -8. On the **Launch Applications** page, to start the application to ensure that the package is optimized for streaming, select the package and click **Launch**. This step is useful for configuring how the application initially runs on target computers and for accepting any associated license agreements before the package is made available to clients. If there are multiple applications associated with this package, you can select **Launch All** to open all of the applications. To sequence the package, click **Next**. - -9. On the **Sequence Package** page, to close the wizard, click **Finish**. - -10. After you have successfully created the package, to save the package, in the App-V Sequencer Console, select **File** / **Save** and specify the name and the location where the package will be saved. - -## Related topics - - -[Application Virtualization Sequencer](application-virtualization-sequencer.md) - -[How to Sequence a New Application by Using the Command Line](how-to-sequence-a-new-application-by-using-the-command-line.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-set-up-a-concurrent-license-group.md b/mdop/appv-v4/how-to-set-up-a-concurrent-license-group.md deleted file mode 100644 index 6a4304627f..0000000000 --- a/mdop/appv-v4/how-to-set-up-a-concurrent-license-group.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -title: How to Set Up a Concurrent License Group -description: How to Set Up a Concurrent License Group -author: dansimp -ms.assetid: 031abcf6-d8ed-49be-bddb-91b2c695d411 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Set Up a Concurrent License Group - - -You can use the following procedure in the Application Virtualization Server Management Console to set up a concurrent license group. When you set up a concurrent license group, you can limit access to applications to a specific number of concurrent users. - -**To set up a concurrent license group** - -1. In the left pane of the Application Virtualization Server Management Console, right-click the **Application Licenses** node. - -2. Select **New Concurrent License**. - -3. Enter a name in the **Application License Group Name** field. - -4. Enter a value (in minutes) in the **License Expiration Warning** field. - -5. Click **Next**. - -6. Enter descriptive text in the **License Description** field. - -7. Enter a value in the **Concurrent License Quantity** field. - -8. Select the **Enabled** check box to enable the license. - -9. Select the **Expiration Date** check box (if you want to set an expiration date), and enter the expiration date or use the calendar utility to select a date. - -10. If you need to associate a key with the license, enter the license key information in the **License Key** field. - -11. Click **Finish**. - -## Related topics - - -[How to Associate an Application with a License Group](how-to-associate-an-application-with-a-license-group.md) - -[How to Create an Application License Group](how-to-create-an-application-license-group.md) - -[How to Remove an Application from a License Group](how-to-remove-an-application-from-a-license-group.md) - -[How to Set Up a Named License Group](how-to-set-up-a-named-license-group.md) - -[How to Set Up an Unlimited License Group](how-to-set-up-an-unlimited-license-group.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-set-up-a-named-license-group.md b/mdop/appv-v4/how-to-set-up-a-named-license-group.md deleted file mode 100644 index 4077c745cd..0000000000 --- a/mdop/appv-v4/how-to-set-up-a-named-license-group.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: How to Set Up a Named License Group -description: How to Set Up a Named License Group -author: dansimp -ms.assetid: 8ef6716c-0cb7-4706-ad3b-ac6f27b2e7ad -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Set Up a Named License Group - - -You can use the following procedure in the Application Virtualization Server Management Console to set up a named license group. When you set up a named license group, you are giving specific users access to the selected application. - -**To set up a Named License Group** - -1. In the left pane of the Application Virtualization Server Management Console, right-click the **Application Licenses** node. - -2. Select **New Named License**. - -3. Enter a name in the **Application License Group Name** field. - -4. Enter a value (in minutes) in the **License Expiration Warning** field. - -5. Click **Next**. - -6. Enter descriptive text in the **License Description** field. - -7. Select the **Enabled** check box to enable the license. - -8. Select the **Expiration Date** check box (if you want to set an expiration date), and enter the expiration date or use the calendar utility to select a date. - -9. Click **Next**. - -10. Use the **Named License User Wizard** to add, edit, or remove specific users from the license group. - -11. Click **Finish**. - -## Related topics - - -[How to Associate an Application with a License Group](how-to-associate-an-application-with-a-license-group.md) - -[How to Create an Application License Group](how-to-create-an-application-license-group.md) - -[How to Remove an Application from a License Group](how-to-remove-an-application-from-a-license-group.md) - -[How to Remove an Application License Group](how-to-remove-an-application-license-group.md) - -[How to Set Up a Concurrent License Group](how-to-set-up-a-concurrent-license-group.md) - -[How to Set Up an Unlimited License Group](how-to-set-up-an-unlimited-license-group.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-set-up-an-unlimited-license-group.md b/mdop/appv-v4/how-to-set-up-an-unlimited-license-group.md deleted file mode 100644 index 4da9b85aa9..0000000000 --- a/mdop/appv-v4/how-to-set-up-an-unlimited-license-group.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: How to Set Up an Unlimited License Group -description: How to Set Up an Unlimited License Group -author: dansimp -ms.assetid: 0c37c7b7-aba9-4c03-9e0e-94c966f874cf -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Set Up an Unlimited License Group - - -You can use the following procedure in the Application Virtualization Server Management Console to set up an unlimited license group. When you set up an unlimited license group, you let an unlimited number of users access an application simultaneously. - -**To set up an unlimited license group** - -1. In the left pane of the Application Virtualization Server Management Console, right-click the **Application Licenses** node. - -2. Select **New Unlimited License**. - -3. Enter the name of the new group in the **Application License Group Name** field. - -4. Enter a value (in minutes) in the **License Expiration Warning** field. - -5. Click **Next**. - -6. Enter descriptive text in the **License Description** field. - -7. Select the **Enabled** check box to enable the license. - -8. Select the **Expiration Date** check box (if you want to set an expiration date), and enter the expiration date or use the calendar utility to select a date. - -9. If you need to associate a key with the license, enter the license key information in the **License Key** field. - -10. Click **Finish**. - -## Related topics - - -[How to Associate an Application with a License Group](how-to-associate-an-application-with-a-license-group.md) - -[How to Create an Application License Group](how-to-create-an-application-license-group.md) - -[How to Remove an Application from a License Group](how-to-remove-an-application-from-a-license-group.md) - -[How to Set Up a Concurrent License Group](how-to-set-up-a-concurrent-license-group.md) - -[How to Set Up a Named License Group](how-to-set-up-a-named-license-group.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-set-up-and-enable-or-disable-authentication.md b/mdop/appv-v4/how-to-set-up-and-enable-or-disable-authentication.md deleted file mode 100644 index 66c1796f86..0000000000 --- a/mdop/appv-v4/how-to-set-up-and-enable-or-disable-authentication.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: How to Set Up and Enable or Disable Authentication -description: How to Set Up and Enable or Disable Authentication -author: dansimp -ms.assetid: 1e43d0c5-a467-4a8b-b656-93f75d7deb82 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Set Up and Enable or Disable Authentication - - -The Application Virtualization Server Management Console lets you enable or disable Windows authentication, which lets you to define who has access to the system. You can use the following procedures to set up and disable authentication from the **Provider Policies Results** pane of the console. - -**Note**   - Normally, you set up authentication when you add a provider policy through the New Provider Policy Wizard. - - - -**To set up authentication** - -1. Click the **Provider Policies** node to display the list of provider policies in the **Results** pane. - -2. Right-click the provider policy, and select **Properties**. - -3. Select the **Provider Pipeline** tab. - -4. Make sure the **Authentication** check box is selected. - -5. Select the authentication level from the drop-down list. - -6. Click **Apply** or **OK**. - -**To enable or disable authentication** - -1. Click the **Provider Policies** node to display the list of provider policies in the **Results** pane. - -2. Right-click the provider policy, and select **Properties**. - -3. Select the **Provider Pipeline** tab. - -4. Select the **Authentication** check box to enable authentication. Clear the box to disable it. - -## Related topics - - -[How to Customize an Application Virtualization System in the Server Management Console](how-to-customize-an-application-virtualization-system-in-the-server-management-console.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-set-up-or-disable-application-licensing.md b/mdop/appv-v4/how-to-set-up-or-disable-application-licensing.md deleted file mode 100644 index 9e7b1e615b..0000000000 --- a/mdop/appv-v4/how-to-set-up-or-disable-application-licensing.md +++ /dev/null @@ -1,58 +0,0 @@ ---- -title: How to Set Up or Disable Application Licensing -description: How to Set Up or Disable Application Licensing -author: dansimp -ms.assetid: 7c00b531-ec41-4970-b0fc-d84225ce3bb2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Set Up or Disable Application Licensing - - -You can use the following procedures to set up or disable application licensing in the Application Virtualization Server Management Console. - -**To set up application licensing** - -1. Click the **Provider Policies** node to display the provider policies in the **Results** pane. - -2. Right-click the provider policy, and select **Properties**. - -3. Select the **Provider Pipeline** tab. - -4. Select the **Licensing** check box, and select a licensing option from the drop-down menu. - -5. Click **Apply** or **OK**. - -**To disable application licensing** - -1. Click the **Provider Policies** node to display the provider policies in the **Results** pane. - -2. Right-click the provider policy, and select **Properties**. - -3. Select the **Provider Pipeline** tab. - -4. Clear the **Licensing** check box. - -5. Click **Apply** or **OK**. - -## Related topics - - -[How to Customize an Application Virtualization System in the Server Management Console](how-to-customize-an-application-virtualization-system-in-the-server-management-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-set-up-or-disable-database-size.md b/mdop/appv-v4/how-to-set-up-or-disable-database-size.md deleted file mode 100644 index f6db631033..0000000000 --- a/mdop/appv-v4/how-to-set-up-or-disable-database-size.md +++ /dev/null @@ -1,65 +0,0 @@ ---- -title: How to Set Up or Disable Database Size -description: How to Set Up or Disable Database Size -author: dansimp -ms.assetid: 4abaf349-132d-4186-8873-a0e515593b93 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Set Up or Disable Database Size - - -You can use the following procedures in the Application Virtualization Server Management Console to specify the size (in MB) of Application Virtualization System usage that you want to store in the database. - -When the size of the stored data reaches 95% (the high watermark) of the specified limit, the system will delete 10% of the usage data, leaving 85% of the data. Package and application usage data will be deleted. When the database grows large enough and approaches the high watermark, a warning message is sent to the SQL Server log to inform you that this limit has been reached. This warning is necessary because the cleanup action can affect the output of the reports. It will also help you decide whether you need to increase the maximum database size, reduce the number of months of usage data to be kept, or turn down the logging level. - -**Note**   -The **No Size Limit** and **Keep All Usage** options are provided so that you can disable usage reporting and database cleanup. Selecting these items will clean up the database transaction log as well. (All committed Microsoft SQL Server transactions will be removed from the database log.) - - - -**To set up database size** - -1. Right-click the Application Virtualization System node in the left pane, and select **System Options**. - -2. Select the **Database** tab. - -3. Select the **Maximum Database Size (MB)** or **No Size Limit** radio button. - -4. If you choose to specify a database size, best practices recommend that you enter a number between 512 and 4096 MB. The default size is 1024 MB and if you need to increase the database size, the maximum value you can enter is 2,147,483,647. If you select **No Size Limit**, the database will grow until it reaches the disk size limit. - -5. Click **Apply** or **OK**. - -**To disable database size limits** - -1. Right-click the Application Virtualization System node in the **Scope** pane, and select **System Options**. - -2. Select the **Database** tab. - -3. Select the **No Size Limit** and **Keep All Usage** radio buttons. - -4. Click **Apply** or **OK**. - -## Related topics - - -[How to Customize an Application Virtualization System in the Server Management Console](how-to-customize-an-application-virtualization-system-in-the-server-management-console.md) - -[How to Set Up or Disable Usage Reporting](how-to-set-up-or-disable-usage-reporting.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-set-up-or-disable-usage-reporting.md b/mdop/appv-v4/how-to-set-up-or-disable-usage-reporting.md deleted file mode 100644 index 1dc1ac12a1..0000000000 --- a/mdop/appv-v4/how-to-set-up-or-disable-usage-reporting.md +++ /dev/null @@ -1,65 +0,0 @@ ---- -title: How to Set Up or Disable Usage Reporting -description: How to Set Up or Disable Usage Reporting -author: dansimp -ms.assetid: 8587003a-128d-4b5d-ac70-5b9eddddd3dc -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Set Up or Disable Usage Reporting - - -You can use the following procedures in the Application Virtualization Server Management Console to specify the duration (in months) of Application Virtualization System usage information you want to store in the database. - -**Note**   - To store usage information, you must select the **Log Usage Information** check box on the **Provider Pipeline** tab. To display this tab, right-click the provider policy in the **Provider Policies Results** pane and select **Properties**. - - - -**To set up usage reporting** - -1. Right-click the Application Virtualization System node in the left pane, and select **System Options**. - -2. Select the **Database** tab. - -3. Select the **Keep Usage For (Months)** or **Keep All Usage** radio button. - -4. If you choose to specify usage duration in months, enter a number from 1 to 120 (default value is 6 months). If you select **Keep All Usage**, the database will grow until it reaches the specified size limit. - -5. Click **Apply** or **OK**. - -**To disable usage reporting** - -1. Click the **Provider Policies** node. - -2. Right-click **Provider Policy** and select **Properties**. - -3. Select the **Provider Pipeline** tab. - -4. Clear the **Log Usage Information** check box. - -5. Click **Apply** or **OK**. - -## Related topics - - -[How to Customize an Application Virtualization System in the Server Management Console](how-to-customize-an-application-virtualization-system-in-the-server-management-console.md) - -[How to Set Up or Disable Database Size](how-to-set-up-or-disable-database-size.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-set-up-periodic-publishing-refresh.md b/mdop/appv-v4/how-to-set-up-periodic-publishing-refresh.md deleted file mode 100644 index 4aaf75708f..0000000000 --- a/mdop/appv-v4/how-to-set-up-periodic-publishing-refresh.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: How to Set Up Periodic Publishing Refresh -description: How to Set Up Periodic Publishing Refresh -author: dansimp -ms.assetid: c358c765-cb88-4881-b4e7-0a2e87304870 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Set Up Periodic Publishing Refresh - - -You can use the following procedure to configure the client to periodically refresh the publishing information from the App-V servers. After the client is configured, the refresh operation is automatic. These settings configure the default settings for the client so that all users on this computer will see the same settings. - -**Note**   -After you have performed this procedure, the publishing information will be refreshed according to the new settings after the first refresh at login. When this first refresh occurs, the server might override the computer settings with different settings, depending on how it is configured. The **Refresh** tab in the **Properties** dialog box shows the locally configured client computer settings and any settings that might have been configured for the user by the publishing server. - - - -**To periodically refresh the publishing information from the Application Virtualization Servers** - -1. Click **Publishing Servers** in the **Scope** pane. - -2. In the **Results** pane, right-click the desired server and select **Properties** from the pop-up-menu. - -3. In the **Properties** dialog box, on the **Refresh** tab, select the **Refresh configuration every** check box and enter a number that represents the frequency in the field. Then select **Minutes**, **Hours**, **Days** from the drop-down menu. - - **Note**   - This setting will cause the client to refresh publishing information every time the configured period elapses. If the user is not logged in when it's time to do a refresh, the refresh will take place when the user next logs in. The timer is then started again for the next period. - - - -4. Click **Apply** to change the configuration. - -5. When you finish configuring the server, click **OK** to exit the dialog box and return to the Application Virtualization Client Management Console. - -## Related topics - - -[How to Configure the Client in the Application Virtualization Client Management Console](how-to-configure-the-client-in-the-application-virtualization-client-management-console.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-set-up-publishing-refresh-on-login.md b/mdop/appv-v4/how-to-set-up-publishing-refresh-on-login.md deleted file mode 100644 index 0c4fc3c8e1..0000000000 --- a/mdop/appv-v4/how-to-set-up-publishing-refresh-on-login.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: How to Set Up Publishing Refresh on Login -description: How to Set Up Publishing Refresh on Login -author: dansimp -ms.assetid: 196448db-7645-4fd5-a854-ef6405b15db4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Set Up Publishing Refresh on Login - - -You can use the following procedure to configure the Application Virtualization (App-V) Client to refresh the publishing information from the server each time you log in to the computer. After the client is configured, the refresh operation is automatic. - -**To refresh the publishing information on login** - -1. Click **Publishing Servers** in the **Scope** pane. - -2. In the **Results** pane, right-click the desired server and select **Properties** from the pop-up-menu. - -3. In the **Properties** dialog box, on the **Refresh** tab, select the **Refresh configuration server on user login** check box. - -4. Click **Apply** to change the configuration. - -5. When you finish configuring the settings, click **OK** to exit the dialog box and return to the Application Virtualization Management Console. - - The publishing information will now be refreshed each time you log in to the system. - -## Related topics - - -[How to Configure the Client in the Application Virtualization Client Management Console](how-to-configure-the-client-in-the-application-virtualization-client-management-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-set-up-publishing-servers.md b/mdop/appv-v4/how-to-set-up-publishing-servers.md deleted file mode 100644 index 08ed01a0ed..0000000000 --- a/mdop/appv-v4/how-to-set-up-publishing-servers.md +++ /dev/null @@ -1,58 +0,0 @@ ---- -title: How to Set Up Publishing Servers -description: How to Set Up Publishing Servers -author: dansimp -ms.assetid: 2111f079-c202-4c49-b2a6-f4237068b2dc -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Set Up Publishing Servers - - -You can use the following procedures to add and configure Application Virtualization Servers directly from the Client Management Console. - -**To add an application publishing server** - -1. In the **Results** pane, right-click and select **New Server** from the pop-up-menu to start the New Application Virtualization Server Wizard, or alternatively, right-click the **Publishing Server** node and select **New Server** from the pop-up-menu. - -2. On page one of the wizard, enter the name of the server in the **Display Name** field and select the server type from the **Type** drop-down list. You can choose **Application Virtualization Server**, **Enhanced Security Application Virtualization Server**, **Standard HTTP Server**, or **Enhanced Security HTTP Server** from the drop-down list of server types. - -3. Click **Next**. - -4. On page two of the wizard, type the appropriate information into the **Host Name** and **Port** fields. The **Path** field is not editable for Application Virtualization Servers. You must enter a path for Standard HTTP Server or Enhanced Security HTTP Server. - -5. Click **Finish** to add the server. - -**To set up an application publishing server** - -1. In the **Results** pane, right-click the desired server and select **Properties** from the pop-up menu. - -2. Click the **General** tab, where you can change the server name, select a type from the drop-down list of server types, and specify the host name and port. When the server type is Standard HTTP Server or Enhanced Security HTTP Server, the **Path** field is also editable. - -3. Click the **Refresh** tab, where the **Refresh publishing on user login** check box is selected by default. To change the refresh rate, select the **Refresh publishing every** check box and enter a number that represents the frequency in the field. Then select **Minutes**, **Hours**, **Days** from the drop-down menu. (The minimum amount of time you can enter is 30 minutes.) - -4. Click **Apply** to change the configuration. - -5. When you are finished publishing, click **OK** to exit the dialog box and return to the Client Management Console. - -## Related topics - - -[How to Disable or Modify Disconnected Operation Mode Settings](how-to-disable-or-modify-disconnected-operation-mode-settings.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-uninstall-the-app-v-client.md b/mdop/appv-v4/how-to-uninstall-the-app-v-client.md deleted file mode 100644 index 6a88f59a7d..0000000000 --- a/mdop/appv-v4/how-to-uninstall-the-app-v-client.md +++ /dev/null @@ -1,71 +0,0 @@ ---- -title: How to Uninstall the App-V Client -description: How to Uninstall the App-V Client -author: dansimp -ms.assetid: 07591270-9651-4bb5-a5b3-e0fc009bd9e2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Uninstall the App-V Client - - -Use the following procedure to uninstall the Application Virtualization Client from the computer. - -**To uninstall the Application Virtualization Desktop Client** - -1. In Control Panel, double-click **Add or Remove Programs** (or in Windows Vista, **Programs and Features**), and then double-click **Microsoft Application Virtualization Desktop Client**. - -2. In the dialog box that appears, click **Yes** to continue with the uninstall process. - - **Important**   - The uninstall process cannot be canceled or interrupted. - - - -3. When a message stating that the Microsoft Application Virtualization Client Tray application must be closed before continuing appears, right-click the App-V icon in the notification area and select **Exit** to close the application. Then click **Retry** to continue with the uninstall process. - - **Important**   - You might see a message stating that one or more virtual applications are in use. Close any open applications and save your data before you continue. Then click **OK** to continue with the uninstall process. - - - -4. A progress bar shows the time remaining. When this step finishes, you must restart the computer so that all associated drivers can be stopped to complete the uninstall process. - - **Note**   - The following registry keys remain after the uninstall process is complete: - - - HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\SoftGrid - - - HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\SoftGrid\\4.5 - - - HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\SoftGrid\\4.5\\SystemGuard "Client"=dword:00000000 - - - HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\SoftGrid\\4.5\\SystemGuard\\SecKey - - - -## Related topics - - -[How to Install the Client by Using the Command Line](how-to-install-the-client-by-using-the-command-line-new.md) - -[How to Manually Install the Application Virtualization Client](how-to-manually-install-the-application-virtualization-client.md) - -[How to Publish a Virtual Application on the Client](how-to-publish-a-virtual-application-on-the-client.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-upgrade-a-package-using-the-open-package-command.md b/mdop/appv-v4/how-to-upgrade-a-package-using-the-open-package-command.md deleted file mode 100644 index a5bf655e68..0000000000 --- a/mdop/appv-v4/how-to-upgrade-a-package-using-the-open-package-command.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: How to Upgrade a Package Using the Open Package Command -description: How to Upgrade a Package Using the Open Package Command -author: dansimp -ms.assetid: 67c10440-de8a-4547-a34b-f83206d0cc3b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Upgrade a Package Using the Open Package Command - - -Use the Open Package command to upgrade or apply an update to a sequenced application package. When you upgrade an existing virtual application package using the command line, the original version of the .sft file is deleted. You should backup the associated .sft file before upgrading the package using the command line. - -**To upgrade a package using the Open Package command** - -1. To open the package that will be upgraded, in the Application Virtualization (App-V) console select **File**, **Open Package for Upgrade**. In the **Open** dialog box, select the package that will be upgraded. - -2. To start the **Sequencing** wizard, select **Tools**, **Sequencing Wizard**. Complete the wizard applying the configuration changes, to save the new sequenced application, select **File**, **Save**. - -3. To append the version number to the package name, in the Sequencer console, select **Tools**, **Options**. Select **Append Package Version to Filename**. Click **OK**. - - **Important**   - Updating the file name with the package version is essential to successfully completing the upgrade. - - - -## Related topics - - -[How to Manage Virtual Applications Using the Command Line](how-to-manage-virtual-applications-using-the-command-line.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-upgrade-a-package.md b/mdop/appv-v4/how-to-upgrade-a-package.md deleted file mode 100644 index 5c88a1bf32..0000000000 --- a/mdop/appv-v4/how-to-upgrade-a-package.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: How to Upgrade a Package -description: How to Upgrade a Package -author: dansimp -ms.assetid: 831c7556-6f6c-4b3a-aefb-26889094dc1a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Upgrade a Package - - -The process for an automatic upgrade is the same as for adding a package version in the Application Virtualization Server Management Console. An automatic upgrade is performed when you resequence the application in an existing package. Then you can add this new version to your servers for streaming. - -When you upgrade a package with a new version, you can leave the existing version in place or delete it and leave only the newest one. You might want to leave the old version in place for compatibility with legacy documents or so that you can test the new version before making it available to all users. - -**To upgrade a package automatically** - -1. Copy the new SFT file to the Application Virtualization Server's content folder. - - **Note**   - If resequencing did not add features that changed the Open Software Descriptor (OSD), icon (ICO), or Sequencer Project (SPRJ) files, you do not need to copy those. You can include these files if you want all these files to display the same date. - - - -2. In left pane of the Application Virtualization Server Management Console, expand **Packages**. - -3. Right-click the package you want to upgrade, and select **Add Version**. - -4. In the **Add Package Version** dialog box, browse for or type the full path name for the new application version in the **Full Path for the file** field. This must be an SFT file. - -5. Click **Next**. - -6. The **Summary** dialog box shows the file location and prompts you to copy the file there if you have not already done so. Click **Finish** after you have verified the information. - - The new version is now complete and ready to stream. - -## Related topics - - -[How to Manage Packages in the Server Management Console](how-to-manage-packages-in-the-server-management-console.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-upgrade-a-sequenced-application-package-using-the-command-line.md b/mdop/appv-v4/how-to-upgrade-a-sequenced-application-package-using-the-command-line.md deleted file mode 100644 index 0ac6b50d84..0000000000 --- a/mdop/appv-v4/how-to-upgrade-a-sequenced-application-package-using-the-command-line.md +++ /dev/null @@ -1,88 +0,0 @@ ---- -title: How to Upgrade a Sequenced Application Package Using the Command Line -description: How to Upgrade a Sequenced Application Package Using the Command Line -author: dansimp -ms.assetid: 682fac46-c71d-4731-831b-81bfd5032764 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Upgrade a Sequenced Application Package Using the Command Line - - -Use the following procedure to upgrade a virtual application by using a command line. When you upgrade an existing virtual application package by using the command line, the original version of the .sft file is deleted. You should back up the associated .sft file before upgrading the package by using the command line. - -**To upgrade a virtual application** - -1. On the computer that is running the Application Virtualization (App-V) Sequencer, to open the command prompt, select **Start**, **Run**, and type **cmd**. Click **OK**. - -2. At the command prompt, specify the location where the App-V Sequencer is installed. For example, at the command prompt, you could type the following: **cd C:\\Program Files\\Microsoft Application Virtualization Sequencer**. - -3. At the command prompt, type the following command, replacing the text in quotation marks with your values: - - `SFTSequencer /UPGRADE:"pathtosourceSPRJ" /INSTALLPACKAGE:"pathtoUpgradeInstaller" /DECODEPATH:"pathtodecodefolder" /OUTPUTFILE:"pathtodestinationSPRJ"` - - **Note** - You can specify additional parameters by using the command line, depending on the complexity of the application you are upgrading. For a complete list of parameters that are available for use with the App-V Sequencer, see [Command-Line Parameters](command-line-parameters.md). - - - -~~~ -Use the value descriptions in the following table to help you determine the actual text you will use in the preceding command. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ValueDescription

pathtosourceSPRJ

Specifies the directory location of the virtual application to be upgraded.

pathtoUpgradeInstaller

Specifies the Windows Installer or a batch file that will be used to install an upgrade to the application.

pathtodecodefolder

Specify the directory in which to unpack the SFT file.

pathtodestinationSPRJ

Specifies the path and file name of the SPRJ file that will be created.

-~~~ - - - -4. Press **Enter**. - -## Related topics - - -[How to Manage Virtual Applications Using the Command Line](how-to-manage-virtual-applications-using-the-command-line.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-upgrade-a-sequenced-virtual-application-package.md b/mdop/appv-v4/how-to-upgrade-a-sequenced-virtual-application-package.md deleted file mode 100644 index 131400d266..0000000000 --- a/mdop/appv-v4/how-to-upgrade-a-sequenced-virtual-application-package.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: How to Upgrade a Sequenced Virtual Application Package -description: How to Upgrade a Sequenced Virtual Application Package -author: dansimp -ms.assetid: ffa989f3-6621-4c59-9599-e3c3b3332f67 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Upgrade a Sequenced Virtual Application Package - - -You can upgrade an existing virtual application to a new version by using the Application Virtualization (App-V) Sequencer. The upgrade process is similar to creating a new virtual application. You must open the existing virtual application for an upgrade, make the necessary updates, and then save the updated virtual application to a new location in the package root directory. You can also use the App-V Sequencer Console to make changes to an existing virtual application without performing an upgrade. However, you cannot make modifications to the virtual application’s file system by using this method because the App-V Sequencer does not actually decode the associated .sft file. For example; you can open an existing virtual application in the App-V Sequencer Console by selecting **Open** on the **File** menu. You can update the **Package Name** and the associated **Comments**, and you can make changes to the virtual file system and virtual registry. You can also create a Windows Installer file. - -**Caution**   -You should not reference a previous version of the Windows Installer (.msi) file when you upgrade an existing virtual application package because the previous version of the .sft file will be modified during the upgrade. - - - -Use the following procedure to upgrade an existing virtual application. - -**To upgrade an existing virtual application** - -1. To start the App-V Sequencer Console, on the computer running the App-V Sequencer, select **Start**/**Programs**/**Microsoft Application Virtualization**/**Microsoft Application Virtualization Sequencer**. - -2. To open the existing virtual application, in the App-V Console, select **File**/**Open for Package Upgrade**. Use the **Open For Package Upgrade** dialog box to locate the associated SPRJ file you want to open for upgrade. - -3. To specify the location of where the updated package will be decoded, browse to the location by using the **Browse For Folder** dialog box. This is the location where the package root directory will be created as specified in the associated SFT file. The directory that you specify must be a different location from where the original version of the virtual application is saved. You can click **Make New Folder** if the new target folder has not been created yet. You should select the root of the Application Virtualization drive to create the folder. When you create the updated version of the package, it will be denoted with a sequential addition to the directory name—for example, “**.1**” will be added to the directory name located on the Q:\\ drive. - - **Important**   - The directory that you specify must be located in the package root directory on the Q:\\ drive. You can create a new folder, or you can create a subfolder under the directory where the original virtual application is saved. The name assigned to the new folder must not be longer than 8 eight characters. - - - -4. To open the Sequencing Wizard, select **Tools**/**Sequencing Wizard**. On the **Package Information** page, optionally specify the new **Package Name** and add optional comments that will be associated with the updated virtual application. Click **Next**. - -5. On the **Monitor Installation** page, to begin monitoring the new installation, click **Begin Monitoring**. After the virtual environment has finished loading, install the updated version of the application, or apply updates to the existing application. After you have finished updating the virtual application, click **Stop Monitoring**, and then click **Next**. - -6. On the **Additional Files to Map to Virtual File System (VFS)** page, to specify additional files to be added to the Virtual File System (VFS), click **Add**. Browse to the file you want to add, and click **Open**. To clear existing files that have been added, click **Reset**, and then click **Next**. - -7. On the **Configure Applications** page, configure the shortcuts and file type associations that will be associated with the updated virtual application. Select the element you want to update, and then click **Edit Locations**. Specify the configurations in the **Shortcut Locations** dialog box, and then click **Next**. - -8. On the **Launch Applications** page, to start the application to ensure that the package is optimized for streaming, select the package and click **Launch**. This step is useful for configuring how the application initially runs on target computers and for accepting any associated license agreements before the package is made available to clients. If there are multiple applications associated with this package, you can select **Launch All** to open all of the applications. To sequence the new version of the virtual application, click **Next**. - -9. To finish and to close the Sequencing Wizard, on the **Sequence Package** page, click **Finish**. - -10. After you have successfully updated the virtual application, to save the package, in the App-V Sequencer Console, on the **File** menu, select **Save**. The virtual application can be accessed in the directory specified in step 3. - -## Related topics - - -[Tasks for the Application Virtualization Sequencer](tasks-for-the-application-virtualization-sequencer.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-upgrade-a-virtual-application-by-using-the-command-line.md b/mdop/appv-v4/how-to-upgrade-a-virtual-application-by-using-the-command-line.md deleted file mode 100644 index 8557a608b7..0000000000 --- a/mdop/appv-v4/how-to-upgrade-a-virtual-application-by-using-the-command-line.md +++ /dev/null @@ -1,92 +0,0 @@ ---- -title: How to Upgrade a Virtual Application by Using the Command Line -description: How to Upgrade a Virtual Application by Using the Command Line -author: dansimp -ms.assetid: 83c97767-6ea1-42aa-b411-ccc9fa61cf81 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Upgrade a Virtual Application by Using the Command Line - - -Use the following procedure to upgrade a virtual application by using a command line. - -**To upgrade a virtual application** - -1. On the computer that is running the Application Virtualization (App-V) Sequencer, to open the command prompt, select **Start**, **Run**, and type **cmd**. Click **OK**. - -2. At the command prompt, specify the location where the App-V Sequencer is installed. For example, at the command prompt, you could type the following: **cd C:\\Program Files\\Microsoft Application Virtualization Sequencer**. - -3. At the command prompt, type the following command, replacing the text in quotation marks with your values: - - `SFTSequencer /UPGRADE:"pathtosourceSPRJ" /INSTALLPACKAGE:"pathtoUpgradeInstaller" /DECODEPATH:"pathtodecodefolder" /OUTPUTFILE:"pathtodestinationSPRJ"` - - **Note** - You can specify additional parameters by using the command line, depending on the complexity of the application you are upgrading. For a complete list of parameters that are available for use with the App-V Sequencer, see [Sequencer Command-Line Parameters](sequencer-command-line-parameters.md). - - - -~~~ -Use the value descriptions in the following table to help you determine the actual text you will use in the preceding command. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ValueDescription

pathtosourceSPRJ

Specifies the directory location of the virtual application to be upgraded.

pathtoUpgradeInstaller

Specifies the Windows Installer or a batch file that will be used to install an upgrade to the application.

pathtodecodefolder

Specify the directory in which to unpack the SFT file.

pathtodestinationSPRJ

Specifies the path and file name of the SPRJ file that will be created.

-~~~ - - - -4. Press **Enter**. - -## Related topics - - -[How to Create or Upgrade Virtual Applications Using the App-V Sequencer](how-to-create-or-upgrade-virtual-applications-using--the-app-v-sequencer.md) - -[Sequencer Command-Line Error Codes](sequencer-command-line-error-codes.md) - -[Sequencer Command-Line Parameters](sequencer-command-line-parameters.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-upgrade-a-virtual-application-package--app-v-46-.md b/mdop/appv-v4/how-to-upgrade-a-virtual-application-package--app-v-46-.md deleted file mode 100644 index 043776bf7d..0000000000 --- a/mdop/appv-v4/how-to-upgrade-a-virtual-application-package--app-v-46-.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: How to Upgrade a Virtual Application Package (App-V 4.6) -description: How to Upgrade a Virtual Application Package (App-V 4.6) -author: dansimp -ms.assetid: 3566227e-f3dc-4c32-af1f-e0211588118c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Upgrade a Virtual Application Package (App-V 4.6) - - -Use the following procedure to upgrade an existing virtual application by using the Application Virtualization (App-V) Sequencer. You can also use the App-V Sequencer Console to make changes to an existing virtual application without performing an upgrade, but you cannot make modifications to the virtual application’s file system by using this method because the App-V Sequencer does not actually decode the associated .sft file. For more information about editing an existing package, see [How to Modify a Virtual Application Package (App-V 4.6)](how-to-modify-a-virtual-application-package--app-v-46-.md). - -**To upgrade an existing virtual application** - -1. To start the App-V Sequencer Console, on the computer running the App-V Sequencer, select **Start** / **Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. - -2. To open the existing virtual application package and start the **Sequencing Wizard**, select **Upgrade a Package**. Locate the package you want to upgrade, and click **Open**. In the **Browse For Folder** dialog box, specify the location where the upgraded version of the package will be placed. This location specified must be located on the drive specified as the application virtualization drive, which is typically the Q:\\ drive. To create a new folder, select **Make New Folder**. - - **Warning**   - You must specify the root folder of the existing virtual application. Do not manually create a subfolder or the upgrade will fail. - - - -3. On the **Package Information** page, specify the **Package Name** that will be assigned to the updated package. The package name is required for generating the associated Windows Installer file. You should also add an optional comment that will be assigned to the package and that provides detailed information about the virtual application—for example, a version number. To display the **Advanced Options** page, select **Show Advanced Monitoring Options** and click **Next**; otherwise, proceed to step 5. - -4. On the **Advanced Options** page, to allow Microsoft Update to update the application as it is being sequenced, select **Allow Microsoft Update to run during monitoring**. If you select this option, Microsoft Updates are allowed to be installed during the monitoring phase and you will need to accept the associated updates for them to be installed. To remap the supported dynamic-link library (.dll) files so that they use a contiguous space of RAM, select **Rebase DLLs**. Selecting this option can conserve memory and help improve performance. Click **Next**. - -5. On the **Monitor Installation** page, when you are ready to update the application, click **Begin Monitoring**. - - When the updates to the application have been applied, click **Stop Monitoring**. Click **Next**. - -6. On the **Configure Applications** page, if necessary, configure the shortcuts and file type associations that will be associated with the virtual application. To add a new file type association or shortcut, click **Add**, and in the **Add Application** dialog box, specify the new element. To remove an existing shortcut or file type association, click **Remove**. To edit an existing element, select the element you want to modify, and then click **Edit**. Specify the configurations in the **Edit Application** dialog box. Click **Save**. Click **Next**. - -7. On the **Launch Applications** page, to start the application to ensure that the package has been installed correctly and is optimized for streaming, select the package and click **Launch**. This step is useful for configuring how the application initially runs on target computers and for accepting any associated license agreements before the package is made available to App-V clients. If multiple applications are associated with this package, you can select **Launch All** to open all of the applications. To sequence the package, click **Next**. - -8. To close the Sequencing Wizard, click **Finish**. To save the updated package, in the Sequencer Console, select **File** / **Save**. - - If you plan to deploy the updated package by using a Windows Installer file (.msi), you must create new one as follows: in the Sequencer Console, select **Tools** / **Create MSI**. The new Windows Installer file will be created and saved in the directory where the updated virtual application package is saved. - -## Related topics - - -[How to Sequence a New Application (App-V 4.6)](how-to-sequence-a-new-application--app-v-46-.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-upgrade-an-existing-virtual-application.md b/mdop/appv-v4/how-to-upgrade-an-existing-virtual-application.md deleted file mode 100644 index f56ab1c22a..0000000000 --- a/mdop/appv-v4/how-to-upgrade-an-existing-virtual-application.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: How to Upgrade an Existing Virtual Application -description: How to Upgrade an Existing Virtual Application -author: dansimp -ms.assetid: ec531576-2423-4c2c-9b9f-da74174a6858 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Upgrade an Existing Virtual Application - - -You can upgrade an existing virtual application to a new version by using the Application Virtualization (App-V) Sequencer. The upgrade process is similar to creating a new virtual application. You must open the existing virtual application for an upgrade, make the necessary updates, and then save the updated virtual application to a new location in the package root directory. - -You can also use the App-V Sequencer Console to make changes to an existing virtual application without performing an upgrade. However, you cannot make modifications to the virtual application’s file system by using this method because the App-V Sequencer does not actually decode the associated .sft file. For example; you can open an existing virtual application in the App-V Sequencer Console by selecting **Open** on the **File** menu. You can update the **Package Name** and the associated **Comments**, and you can make changes to the virtual file system and virtual registry. You can also create a Windows Installer file. - -Use the following procedure to upgrade an existing virtual application. - -**To upgrade an existing virtual application** - -1. To start the App-V Sequencer Console, on the computer running the App-V Sequencer, select **Start**/**Programs**/**Microsoft Application Virtualization**/**Microsoft Application Virtualization Sequencer**. - -2. To open the existing virtual application, in the App-V Console, select **File**/**Open for Package Upgrade**. Use the **Open For Package Upgrade** dialog box to locate the associated SPRJ file you want to open for upgrade. - -3. To specify the location of where the package will be decoded, click **Browse For Folder** and specify the Q:\\. This is the location where the package root directory will be created as specified in the associated SFT file. When you create the updated version of the package, it will be denoted with a sequential addition to the directory name—for example, “**.1**” will be added to the directory name located on the Q:\\ drive. - -4. To open the Sequencing Wizard, select **Tools**/**Sequencing Wizard**. On the **Package Information** page, optionally specify the new **Package Name** and add optional comments that will be associated with the updated virtual application. Click **Next**. - -5. On the **Monitor Installation** page, to begin monitoring the new installation, click **Begin Monitoring**. After the virtual environment has finished loading, install the updated version of the application, or apply updates to the existing application. After you have finished updating the virtual application, click **Stop Monitoring**, and then click **Next**. - -6. On the **Additional Files to Map to Virtual File System (VFS)** page, to specify additional files to be added to the Virtual File System (VFS), click **Add**. Browse to the file you want to add, and click **Open**. To clear existing files that have been added, click **Reset**, and then click **Next**. - -7. On the **Configure Applications** page, configure the shortcuts and file type associations that will be associated with the updated virtual application. Select the element you want to update, and then click **Edit Locations**. Specify the configurations in the **Shortcut Locations** dialog box, and then click **Next**. - -8. On the **Launch Applications** page, to start the application to ensure that the package is optimized for streaming, select the package and click **Launch**. This step is useful for configuring how the application initially runs on target computers and for accepting any associated license agreements before the package is made available to clients. If there are multiple applications associated with this package, you can select **Launch All** to open all of the applications. To sequence the new version of the virtual application, click **Next**. - -9. To finish and to close the Sequencing Wizard, on the **Sequence Package** page, click **Finish**. - -10. After you have successfully updated the virtual application, to save the package, in the App-V Sequencer Console, on the **File** menu, select **Save**. The virtual application can be accessed in the directory specified in step 3. - -## Related topics - - -[Application Virtualization Sequencer](application-virtualization-sequencer.md) - -[How to Upgrade a Virtual Application by Using the Command Line](how-to-upgrade-a-virtual-application-by-using-the-command-line.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-upgrade-the-application-virtualization-client.md b/mdop/appv-v4/how-to-upgrade-the-application-virtualization-client.md deleted file mode 100644 index 2441e92fe0..0000000000 --- a/mdop/appv-v4/how-to-upgrade-the-application-virtualization-client.md +++ /dev/null @@ -1,127 +0,0 @@ ---- -title: How to Upgrade the Application Virtualization Client -description: How to Upgrade the Application Virtualization Client -author: dansimp -ms.assetid: 2a75d8b5-da88-456c-85bb-f5bd3d470f7f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Upgrade the Application Virtualization Client - - -You can use the following procedures to upgrade the Application Virtualization (App-V) Desktop Client or the App-V Client for Remote Desktop Services (formerly Terminal Services). You upgrade the client by installing a new version over the previously installed older version. When you upgrade the clients, the installer software automatically preserves and migrates the user’s settings for virtual applications. Administrative rights are required to run the setup program. - -**Note**   -During the upgrade to Application Virtualization (App-V) 4.5 or later versions, the permissions to the HKCU registry key are changed. Because of this, users will lose user configurations that were set previously, such as user-configured Disconnected Mode settings. If the user is not actively restricted from configuring client user interface behavior through a permission lockdown, the user can reset these preferences after a publishing refresh. - - - -**Important**   -When upgrading to version 4.6 or a later version of the App-V Client, you must use the correct installer for the computer’s operating system, 32-bit or 64-bit. The installation will fail and an error message will be displayed if you use the wrong installer. - - - -**To upgrade the Application Virtualization Desktop Client** - -1. Shut down all virtual applications, right-click the App-V Desktop Client icon displayed in the Windows desktop notification area, and select **Exit** to shut down the existing client. - -2. After you have obtained the correct installer archive file and saved it to your computer, double-click it to expand the archive. - -3. Browse to find the setup.exe file, and double-click setup.exe to start the installation. - -4. The wizard checks the system to ensure that all prerequisite software is installed and will prompt you to install any of the following, if missing: - - - Microsoft Visual C++ 2005 SP1 Redistributable Package (x86) - - - Microsoft Core XML Services (MSXML) 6.0 SP1 (x86) - - - Microsoft Application Error Reporting - - **Note**   - For version 4.6 and higher, the wizard will also install the following software prerequisite: - - - Microsoft Visual C++ 2008 SP1 Redistributable Package (x86) - - - -5. Click **Install**. Installation progress is displayed, and the status changes from **Pending** to **Installing**. Installation status changes to **Succeeded** as each step is completed successfully. - -6. When the **Application Virtualization Desktop Client** dialog appears and displays a message stating that an older version of the client has been found on the computer, click **Next** to upgrade to the new version. - -7. When the **License Agreement** screen is displayed, read the license agreement, and if you agree, click **I accept the terms in the license agreement**, and then click **Next**. - -8. When the InstallShield Wizard displays the **Ready to Upgrade the Program** dialog screen, click **Upgrade** to begin the upgrade. The next screen indicates that the client is being installed. - - **Warning**   - If you did not shut down the client program in step 1, you might see a **Files In Use** warning displayed. If this happens, right-click the App-V Client icon displayed in the desktop notification area and select **Exit** to shut down the existing client. Then click **Retry** to continue. - - - -9. When the installation completes successfully, you will be prompted to restart the computer. You need to restart the computer to complete the installation. - - **Caution**   - If the upgrade fails for any reason, you will need to restart the computer before attempting the upgrade again. - - - -**To upgrade the Application Virtualization Client by Using the Command Line** - -1. If upgrading the App-V client using the setup.msi program, ensure that any necessary prerequisite software has been installed. - - **Important**   - - For version 4.6 and later of the App-V client, the setup.msi program checks the system and will fail with an error message indicating that installation cannot continue if prerequisite software is not installed. - - - For App-V version 4.6, command-line parameters cannot be used during an upgrade and will be ignored. - - - -2. The following command-line example uses the setup.msi file to upgrade the App-V Client. You will need to use the correct client installer program depending on whether you are upgrading the App-V Desktop Client or the App-V Client for Remote Desktop Services (formerly Terminal Services). - - **msiexec.exe /i "setup.msi"** - - **Important**   - The quotation marks are required only when the value contains a space. For consistency, all instances in the preceding example are shown as having quotation marks. - - - -**To upgrade the Application Virtualization Client for Remote Desktop Services** - -1. Follow your organization’s standard policies for installing or upgrading applications on the Remote Desktop Session Host (RD Session Host) server. If the system is part of a farm, remove the RD Session Host from the server farm. - -2. To upgrade the App-V Client for Remote Desktop Services (formerly Terminal Services), you must use the command line because you cannot upgrade the client manually on the RD Session Host. - - **Note**   - In App-V version 4.6 and later, in addition to using the command line to upgrade the client, you can also use a Remote Desktop session. No special parameters are required to start the Remote Desktop session. - - - -3. After the Client for Remote Desktop Services upgrade is complete, restart and log in to the RD Session Host. - -4. After the system is restarted, add the server to the server farm. - - **Caution**   - If the upgrade fails for any reason, you will need to restart the computer before attempting the upgrade again. - - - -## Related topics - - -[Application Virtualization Deployment and Upgrade Considerations](application-virtualization-deployment-and-upgrade-considerations.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-upgrade-the-application-virtualization-sequencer.md b/mdop/appv-v4/how-to-upgrade-the-application-virtualization-sequencer.md deleted file mode 100644 index 2842d352f7..0000000000 --- a/mdop/appv-v4/how-to-upgrade-the-application-virtualization-sequencer.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: How to Upgrade the Application Virtualization Sequencer -description: How to Upgrade the Application Virtualization Sequencer -author: dansimp -ms.assetid: 7f85f140-5034-4227-85ef-81f205e722ef -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Upgrade the Application Virtualization Sequencer - - -Upgrading from previous versions of the Sequencer is not supported. You must uninstall any previous versions of the Sequencer and then install Microsoft Application Virtualization Sequencer 4.5. However, Virtual applications created using an earlier version of the Sequencer can be opened and edited using Sequencer 4.5. - -**To upgrade the Sequencer on computers running Windows Vista** - -1. To uninstall previous installations of the Sequencer, open Control Panel and select **Programs and Features**. Select the older version from the list, and then click **Uninstall**. To confirm the uninstall, click **Yes** in the **Programs and Features** dialog box. - -2. After you have completed uninstalling the previous Sequencer version, install Application Virtualization Sequencer 4.5. For more information about installing Sequencer 4.5, see [How to Install the Application Virtualization Sequencer](how-to-install-the-application-virtualization-sequencer.md). - -**To upgrade the Sequencer on computers running Windows XP** - -1. To uninstall previous installations of the Sequencer, open Control Panel and select **Add or Remove Programs**. Select the older version from the list, and then click **Remove**. To confirm the uninstall, click **Yes** in the **Add or Remove Programs** dialog box. - -2. After you have completed uninstalling the previous Sequencer version, install Application Virtualization Sequencer 4.5. For more information about installing Sequencer 4.5, see [How to Install the Application Virtualization Sequencer](how-to-install-the-application-virtualization-sequencer.md). - -## Related topics - - -[Application Virtualization Deployment and Upgrade Considerations](application-virtualization-deployment-and-upgrade-considerations.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-upgrade-the-servers-and-system-components.md b/mdop/appv-v4/how-to-upgrade-the-servers-and-system-components.md deleted file mode 100644 index 924c233ee0..0000000000 --- a/mdop/appv-v4/how-to-upgrade-the-servers-and-system-components.md +++ /dev/null @@ -1,80 +0,0 @@ ---- -title: How to Upgrade the Servers and System Components -description: How to Upgrade the Servers and System Components -author: dansimp -ms.assetid: 7d8374fe-5897-452e-923e-556a854b2024 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Upgrade the Servers and System Components - - -Use the following procedure to upgrade software components installed on all Application Virtualization System computers. Application Virtualization System services will be restarted automatically on each computer after it has been upgraded. - -**Note**   -- The upgrade process stops all Application Virtualization System services, thereby taking the system out of service. User sessions should be shut down before you begin the upgrade process, and you should stop all Application Virtualization Server services in your environment. - -- If you have more than one server that is sharing access to the Application Virtualization database, all those servers must be taken offline while the database is being upgraded. You should follow your normal business practices for the database upgrade, but it is highly advisable that you test the database upgrade by using a backup copy of the database first on a test server. Then, you should select one of the servers for the first upgrade, which will upgrade the database schema. After the production database has been successfully upgraded, you can upgrade the other servers. - -- You can upgrade to Microsoft Application Virtualization (App-V) 4.5 only from Microsoft Application Virtualization (App-V) 4.1 or 4.1 SP1. App-V 4.0 and earlier must be uninstalled or upgraded to 4.1 or 4.1 SP1 before upgrading to App-V 4.5. - - - -**To upgrade software components on Application Virtualization System computers** - -1. Navigate to the location of the Setup program on the network, either run this program from the network or copy its directory to the target computer, and then double-click the Setup.exe file. - -2. On the **Welcome** page of the Installation Wizard, click **Next**. - -3. On the **License Agreement** page, read the license agreement, check **I accept the terms in the license agreement**, and click **Next**. - -4. When the **Installed Software** page opens and displays a list of the installed Application Virtualization System components and the version of each component, click **Next**. - -5. On the **Session Loss Warning** page, read the displayed message and click **Next**. - -6. On the **Connect to Configuration Database** page, review the content on the page and click **Next**. - -7. If the **Database Upgrade Required** page is displayed, a database upgrade is required. Enter the database administrative credentials, and then click **Next**. If this page is not displayed, skip to Step 9. - -8. On the **Backup Configuration Database** page, check the appropriate boxes to perform the backup and export it to an existing location, and then click **Next**. - - **Important**   - If you want to be able to roll back to the previous version in the event of an upgrade failure, make sure you check the **Perform a backup of the configuration database** box, or you will lose the configuration data. - - When you want to restore a database with VSS, you must first stop the App-V Server Service on the Management Server. This should be done on every Management server if there is more than one server connected to the same database. - - - -9. On the first **Package Validation** page, read the content and then click **Next**. - -10. On the second **Package Validation** page, you have the option of displaying the details of the package validation in a Notepad window. To see the details, click **Details**; otherwise, click **Next**. - -11. On the **Ready to Upgrade the Program** page, click **Next**. - -12. On the **Installation Wizard Completed** page, click **Finish**. - -13. Repeat steps 1–12 on all other computers where you installed the Application Virtualization Management Console or the Application Virtualization Server software component. - - After upgrading the data store, you can resume normal operation. (The data store is upgraded when you upgrade any server or the App-V Management Web Service.) - -## Related topics - - -[Application Virtualization Deployment and Upgrade Considerations](application-virtualization-deployment-and-upgrade-considerations.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-use-dynamic-suite-composition.md b/mdop/appv-v4/how-to-use-dynamic-suite-composition.md deleted file mode 100644 index e6841ce254..0000000000 --- a/mdop/appv-v4/how-to-use-dynamic-suite-composition.md +++ /dev/null @@ -1,144 +0,0 @@ ---- -title: How To Use Dynamic Suite Composition -description: How To Use Dynamic Suite Composition -author: dansimp -ms.assetid: 24147feb-a0a8-4791-a8e5-cbe5fe13c762 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How To Use Dynamic Suite Composition - - -Dynamic Suite Composition in Application Virtualization enables you to define an application as being dependent on another application, such as middleware or a plug-in. This enables the application to interact with the middleware or plug-in in the virtual environment, where typically this is prevented. This is useful because a secondary application package can be used with several other applications, referred to as the *primary applications*, which enables each primary application to reference the same secondary package. - -You can use Dynamic Suite Composition when you sequence applications that depend on plug-ins such as ActiveX controls or for applications that depend on middleware such as OLE DB or the Java Runtime Environment (JRE). If each application that used these dependent components required sequencing, including the components, updates to those components would require re-sequencing all the primary applications. If you sequence the primary applications without the components and then sequence the middleware or plug-in as a secondary package, then only the secondary package must be updated. - -One advantage of this approach is that it reduces the size of the primary packages. Another advantage is that it provides you with better control of access permissions on the secondary applications. Note that the secondary application can be streamed in the regular way and does not have to be fully cached to run. - -A primary package can have more than one secondary package. However, only one level of dependency is supported, so you cannot define a secondary package as dependent on another secondary package. Also the secondary application can only be middleware or a plug-in and cannot be another full software product. - -If you plan to make several primary applications dependent on a single middleware product, make sure that you test this configuration to determine the potential effect on system performance before you deploy it. - -**Important**   -Package dependencies can be specified as mandatory for a primary application. If a secondary package is flagged as mandatory and it cannot be accessed for some reason during loading, the load of the secondary package will fail. Also, the primary application will fail when the user tries to start it. - - - -You can use the following procedures to create a secondary package, for either a plug-in or a middleware component, and then you can use the final procedure to define the dependency in the OSD file of the secondary package. - -**To create a secondary package for a plug-in by using Dynamic Suite Composition** - -1. On a sequencing computer that is set up with a clean image, install Application Virtualization Sequencer and save the computer state. - -2. Sequence the primary application, and save the package to the Content folder on the server. - -3. Restore the sequencing computer to its saved state from step 1. - -4. Install and configure the primary application locally on the sequencing computer. - - **Important**   - You must specify a new package root for the secondary package. - - - -5. Start the sequencer monitoring phase. - -6. Install the plug-in on the sequencing computer and configure it as needed. - -7. Open the primary application, and confirm that the plug-in is working correctly. - -8. In the sequencer console, create a dummy application to represent the secondary package that will contain the plug-in and select an icon. - -9. Save the package to the Content folder on the server. - - **Note**   - To assist with management of secondary packages, it is recommended that the package name include the term “Secondary package” to emphasize that this is a package that will not function as a stand-alone application—for example, **\[Plug In Name\] Secondary package**. - - - -**To create a secondary package for middleware by using Dynamic Suite Composition** - -1. On a sequencing computer that is set up with a clean image, install Application Virtualization Sequencer and save the computer state. - -2. Install the middleware locally on the sequencing computer, and configure it. - -3. Sequence the primary application, and save the package to the Content folder on the server. - -4. Restore the sequencing computer to its saved state from step 1. - -5. Start the sequencer to create a new package. - -6. Start the sequencer monitoring phase. - -7. Install the middleware application on the sequencing computer, and configure it as in a typical installation. - -8. Complete the sequencing process. - -9. Save the package to the Content folder on the server. - - **Note**   - To assist with management of secondary packages, it is recommended that the package name include the term “Secondary package” to emphasize that this is a package that will not function as a stand-alone application—for example, **\[Middleware Name\] Secondary package**. - - - -**To define the dependency in the primary package** - -1. On the server, open the OSD file of the secondary package for editing. (It is a good idea to use an XML editor to make changes to the OSD file; however, you can use Notepad as an alternative.) - -2. Copy the **CODEBASE HREF** line from that file. - -3. Open the OSD file of the primary package for editing. - -4. Insert the <DEPENDENCIES>tag after the close of **</ENVLIST>** tag at the end of the **<VIRTUALENV>** section just before the **</VIRTUALENV>** tag. - -5. Paste the **CODEBASE HREF** line from the secondary package after the **<DEPENDENCIES>** tag you just created. - -6. If the secondary package is a mandatory package, which means that it must be started before the primary package is started, add the **MANDATORY=”TRUE”** property inside the **CODEBASE** tag. If it is not mandatory, the property can be omitted. - -7. Close the **<DEPENDENCIES>** tag by inserting the following: - - **</DEPENDENCIES>** - -8. Review the changes that you made to the OSD file, and then save and close the file. The following example shows how the added section should appear. The tag values shown here are for example only. - - **<VIRTUALENV>** - - **<ENVLIST>** - - **…** - - **</ENVLIST>** - - **<DEPENDENCIES>** - - **<CODEBASE HREF="rtsp://virt\_apps/package.1/package.1.sft" GUID="D54C80FA-9DFF-459D-AA33-DD852C9FBFBA" SYSGUARDFILE="package.1\\osguard.cp"/>** - - **<CODEBASE HREF="rtsp://sample\_apps/package.2/sample.sft" GUID="D54C80FA-9DFF-459D-AA33-DD852C9FBFBA" SYSGUARDFILE="package.2\\osguard.cp" MANDATORY="TRUE" />** - - **</DEPENDENCIES>** - - **</VIRTUALENV>** - -9. If the secondary package has any entries in the **<ENVLIST>** section of the OSD file, you must copy those entries to the same section in the primary package. - -## Related topics - - -[How to Create or Upgrade Virtual Applications Using the App-V Sequencer](how-to-create-or-upgrade-virtual-applications-using--the-app-v-sequencer.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-use-the-cache-space-management-feature.md b/mdop/appv-v4/how-to-use-the-cache-space-management-feature.md deleted file mode 100644 index a457af6266..0000000000 --- a/mdop/appv-v4/how-to-use-the-cache-space-management-feature.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -title: How to Use the Cache Space Management Feature -description: How to Use the Cache Space Management Feature -author: dansimp -ms.assetid: 60965660-c015-46a8-88ac-54cbc050fe33 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Use the Cache Space Management Feature - - -The FileSystem cache space management feature uses a Least Recently Used (LRU) algorithm and is enabled by default. If the space that is required for a new package would exceed the available free space in the cache, the Application Virtualization (App-V) Client uses this feature to determine which, if any, existing packages it can delete from the cache to make room for the new package. The client deletes the package with the oldest last-accessed date if it is older than the value specified in the MinPkgAge registry value. Use of the FileSystem cache space management feature can also help to avoid low cache space problems. - -More than one package is deleted if necessary. Packages that are locked are not deleted. - -**Note**   -To ensure that the cache has sufficient space allocated for all packages that might be deployed, use the **Use free disk space threshold** setting when you configure the client so that the cache can grow as needed. Alternatively, determine in advance how much disk space will be needed for the App-V cache, and at installation time, set the cache size accordingly. - - - -The cache space management feature is controlled by the UnloadLeastRecentlyUsed registry value. A value of 1 enables the feature, and a value of 0 (zero) disables it. - -**To enable or disable the cache space management feature** - -- Set the following registry value to 1 to enable the LRU algorithm. Set it to 0 (zero) to disable the feature. - - HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\AppFS\\UnloadLeastRecentlyUsed - -**To control which packages can be discarded** - -- To determine when the package can be selected for discard, set the following registry value to equal the minimum number of days you want to elapse since the package was last accessed. Packages that have been used more recently are not discarded. - - HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\AppFS\\MinPkgAge - - **Caution**   - The maximum value for this registry key is 0x00011111. Larger values will prevent the correct operation of the cache space management feature. - - - -## Related topics - - -[How to Configure the App-V Client Registry Settings by Using the Command Line](how-to-configure-the-app-v-client-registry-settings-by-using-the-command-line.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-use-the-desktop-notification-area-for-application-virtualization-client-management.md b/mdop/appv-v4/how-to-use-the-desktop-notification-area-for-application-virtualization-client-management.md deleted file mode 100644 index a8943af3a2..0000000000 --- a/mdop/appv-v4/how-to-use-the-desktop-notification-area-for-application-virtualization-client-management.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: How to Use the Desktop Notification Area for Application Virtualization Client Management -description: How to Use the Desktop Notification Area for Application Virtualization Client Management -author: dansimp -ms.assetid: 75b2e636-7669-4e1e-8368-8b9fca567a84 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Use the Desktop Notification Area for Application Virtualization Client Management - - -The notification area is a standard Windows feature that, by default, appears in the lower-right corner of the desktop. You can exercise some Application Virtualization Client functionality from the notification area without starting the Application Virtualization Client Management Console. - -## In This Section - - -[How to Refresh Virtual Applications from the Desktop Notification Area](how-to-refresh-virtual-applications-from-the-desktop-notification-area.md) -Provides a simple procedure you can use to refresh the list of virtualized applications authorized for the client. - -[How to Load Virtual Applications from the Desktop Notification Area](how-to-load-virtual-applications-from-the-desktop-notification-area.md) -Provides procedures for loading virtualized applications into the cache. - -[How to Cancel Loading of Virtual Applications from the Desktop Notification Area](how-to-cancel-loading-of-virtual-applications-from-the-desktop-notification-area.md) -Provides procedures for cancelling the loading of virtual applications. - -[How to Work Offline or Online with Application Virtualization](how-to-work-offline-or-online-with-application-virtualization.md) -Provides procedures you can use to toggle between offline and online operation. - -[How to Exit the App-V Client from the Notification Area](how-to-exit-the-app-v-client-from-the-notification-area.md) -Provides a simple procedure you can use to exit the application from the desktop notification area. - -  - -  - - - - - diff --git a/mdop/appv-v4/how-to-use-the-differential-sft-file.md b/mdop/appv-v4/how-to-use-the-differential-sft-file.md deleted file mode 100644 index 963df8c7b7..0000000000 --- a/mdop/appv-v4/how-to-use-the-differential-sft-file.md +++ /dev/null @@ -1,72 +0,0 @@ ---- -title: How to Use the Differential SFT File -description: How to Use the Differential SFT File -author: dansimp -ms.assetid: 607e30fd-2f0e-4e2f-b669-0b3f010aebb0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Use the Differential SFT File - - -When sequencing an application, the Microsoft Application Virtualization (App-V) Sequencer creates SFT files (.sft) to store all of the virtual application’s files content and configuration information. In version 4.5 of App-V, the Differential SFT (.dsft) file has been introduced. After using the Sequencer to create an upgrade for an existing package, you can choose to generate this file to store only the differences between the original sequenced application package and the new version. It is therefore much smaller than the full SFT file would be for the new version of the application and reduces the impact of sending package updates over low-bandwidth network connections. However, its use is supported only in certain restricted situations. This feature was intended to be used specifically where you are using an electronic software distribution (ESD) system to manage a group of users with a local file server over a low-bandwidth connection and you are not using App-V streaming servers. - -You do not need to use the Differential SFT file if you are using Configuration Manager 2007 to manage the users, because Configuration Manager has support for low-bandwidth deployments already built in. It is also not required if you are using Application Virtualization (App-V) Management or Streaming Servers with Active Upgrade because the client will retrieve only the differences between the old and new package versions. - -The following procedure shows how to use the mkdiffpkg.exe that is included in the Sequencer installation to create the Differential SFT file, after completing the upgrade of the virtual application package, and to deploy the Differential SFT file. Completing this procedure helps ensure that if the package is somehow unloaded from the client computer, the next time the user tries to run the application, the client will fall back to the override URL, which is set to stream the full package V2.sft from the local file share. This will avoid any failure for the user when starting the application. If the entire client becomes corrupted or is uninstalled, it is recommended that the ESD system be configured to deploy the full version of the upgraded package, V2.sft, to the client. - -For more information about upgrading a package, see “How to Upgrade an Existing Virtual Application” in the App-V 4.5 Operations Guide at - -**Note**   -As a prerequisite, all user computers being targeted by the ESD must have the V1.sft file fully loaded into their local cache, and file streaming must be enabled on all computers. - - - -**To use the Differential SFT file** - -1. Log on to the Sequencer computer by using an account with administrator rights. Open the original package (V1) for upgrade in the Sequencer, and then upgrade the package to the new version (V2) and save it as a new V2.sft. - -2. Open a command window in the App-V 4.5 Sequencer installation folder, and run the following command: - - `“mkdiffpkg.exe V2.sft V2.dsft”` - -3. Using the ESD system or other file copy process, copy the full V2 package content file, V2.sft, to a local file share that is accessible to the user computers on a well-connected network connection. - -4. Using the ESD system, place a copy of the Differential SFT file, V2.dsft, on each user computer. - -5. To import the V2.dsft file, run the following SFTMIME command on each user computer: - - `“SFTMIME load package: /SFTPATH ”` - -6. Run the following SFTMIME command on each user computer to set the override URL to point to the V2.sft file: - - `“SFTMIME configure package: /OverrideURL FILE://”` - -**Note**   -- Differential SFT files must be applied to clients in the correct order. For example, V2.dsft must be applied to a V1 application before V3.dsft is applied. - -- The **Generate Microsoft Windows Installer (MSI) Package** capability in the Sequencer cannot be used with the Differential SFT file. - - - -## Related topics - - -[How to Create or Upgrade Virtual Applications Using the App-V Sequencer](how-to-create-or-upgrade-virtual-applications-using--the-app-v-sequencer.md) - - - - - - - - - diff --git a/mdop/appv-v4/how-to-work-offline-or-online-with-application-virtualization.md b/mdop/appv-v4/how-to-work-offline-or-online-with-application-virtualization.md deleted file mode 100644 index 06576c4ec4..0000000000 --- a/mdop/appv-v4/how-to-work-offline-or-online-with-application-virtualization.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: How to Work Offline or Online with Application Virtualization -description: How to Work Offline or Online with Application Virtualization -author: dansimp -ms.assetid: aa532b37-8a00-4db4-9b51-e1e8354b2495 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Work Offline or Online with Application Virtualization - - -If you plan to be disconnected from the network for an extended period of time, you can work in offline mode to eliminate possible delays when the Application Virtualization client attempts to communicate with the server. In offline mode, the Application Virtualization client will not attempt to communicate with the publishing server, so applications must be fully cached before enabling offline mode. Applications will not be retrieved from the content share even if they are on the local disk on the computer. You can use the following Application Virtualization Client procedure to toggle between working offline and online. - -**Note**   -By default, **Work Offline** is disabled for the Client for Remote Desktop Services (formerly Terminal Services). Your system administrator must change your user permissions to allow you to use this setting on a Client for Remote Desktop Services. - - - -**To work offline** - -- Right-click the Application Virtualization System icon in the notification area, and select **Work Offline** from the pop-up menu. - -**To work online** - -- Right-click the Application Virtualization System icon in the notification area, and select **Work Online** from the pop-up menu. - -## Related topics - - -[How to Use the Desktop Notification Area for Application Virtualization Client Management](how-to-use-the-desktop-notification-area-for-application-virtualization-client-management.md) - - - - - - - - - diff --git a/mdop/appv-v4/i b/mdop/appv-v4/i deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/mdop/appv-v4/images/appvbranchoffices.gif b/mdop/appv-v4/images/appvbranchoffices.gif deleted file mode 100644 index 57ece467d2..0000000000 Binary files a/mdop/appv-v4/images/appvbranchoffices.gif and /dev/null differ diff --git a/mdop/appv-v4/images/appvfirewalls.gif b/mdop/appv-v4/images/appvfirewalls.gif deleted file mode 100644 index e72ffc5c0f..0000000000 Binary files a/mdop/appv-v4/images/appvfirewalls.gif and /dev/null differ diff --git a/mdop/appv-v4/images/appvmgmtwebservice.gif b/mdop/appv-v4/images/appvmgmtwebservice.gif deleted file mode 100644 index 303643d098..0000000000 Binary files a/mdop/appv-v4/images/appvmgmtwebservice.gif and /dev/null differ diff --git a/mdop/appv-v4/images/appvperimeternetworkfirewall.gif b/mdop/appv-v4/images/appvperimeternetworkfirewall.gif deleted file mode 100644 index b4f5a8d453..0000000000 Binary files a/mdop/appv-v4/images/appvperimeternetworkfirewall.gif and /dev/null differ diff --git a/mdop/appv-v4/improving-security-during-app-v-sequencing.md b/mdop/appv-v4/improving-security-during-app-v-sequencing.md deleted file mode 100644 index 2336ea5569..0000000000 --- a/mdop/appv-v4/improving-security-during-app-v-sequencing.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: Improving Security During App-V Sequencing -description: Improving Security During App-V Sequencing -author: dansimp -ms.assetid: f30206dd-5749-4a27-bbaf-61fc21b9c663 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Improving Security During App-V Sequencing - - -Packaging applications for sequencing is the largest ongoing task in an App-V infrastructure. Because this task is ongoing, you should carefully consider creating policies and procedures to follow when sequencing applications. In App-V 4.5, during sequencing, you can capture Access Control Lists (ACLs) on the file assets of the virtualized application. - -## Virus Scanning on the Sequencer - - -It is a best practice to install the scanning software on the sequencing computer and then scan the computer for viruses and malware. After the sequencing computer is scanned and free of any viruses or malware, disable the scanning software, including all antivirus and malware detection software, on the sequencing computer before sequencing any applications. This speeds the sequencing process and prevents the scanning software components from being detected during sequencing and included in the virtual application package. - -## Capturing ACLs on Files (NTFS) - - -The Sequencer captures NTFS permissions (the ACLs) for the files that are monitored during the sequencing installation phase. (Before the release of App-V 4.5, ACLs were not captured as part of the sequencing process.) This new feature enables certain applications to run for users with a low level of permission that would normally require Administrative privileges. - -This feature also enables the sequencing engineer to capture the security settings identified by the vendor. Failing to apply the settings recommended by the vendor could leave the application open to attack or misuse by users. For information about whether or not you should deploy an application with open ACLs, refer to your application support group or the software vendor. - -**Important**   -Although the sequencer captures the NTFS ACLs while monitoring the installation phase of sequencing, it does not capture the ACLs for the registry. Users have full access to all registry keys for virtual applications except for services. However, if a user modifies the registry of a virtual application, that change is stored in a specific location (`uservol_sftfs_v1.pkg`) and won’t affect other users. - - - -During the installation phase, a sequencing engineer can modify the default permissions of the files if necessary. After the sequencing process is complete, but before saving the package, the sequencing engineer can then choose to enforce security descriptors that were captured during the installation phase. It is a best practice to enforce security descriptors if no other solution allows the application to run properly once virtualized. - - - - - - - - - diff --git a/mdop/appv-v4/incompatible-installer-dialog-box--app-v-46-sp1-.md b/mdop/appv-v4/incompatible-installer-dialog-box--app-v-46-sp1-.md deleted file mode 100644 index fd19796eb2..0000000000 --- a/mdop/appv-v4/incompatible-installer-dialog-box--app-v-46-sp1-.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Incompatible Installer Dialog Box (App-V 4.6 SP1) -description: Incompatible Installer Dialog Box (App-V 4.6 SP1) -author: dansimp -ms.assetid: 45d465b1-ee49-4274-8234-71dd031a07b6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Incompatible Installer Dialog Box (App-V 4.6 SP1) - - -The application did not install correctly. - -Use the following procedure to verify that the application you are trying to sequence is compatible with the computer running the sequencer. - -1. Close the App-V Sequencer. - -2. Install the application on the computer running the Sequencer without monitoring the installation. - -3. Verify that the application is compatible and can be installed successfully. - -## Related topics - - -[Dialog Boxes (AppV 4.6 SP1)](dialog-boxes--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/index.md b/mdop/appv-v4/index.md deleted file mode 100644 index 02747f94e3..0000000000 --- a/mdop/appv-v4/index.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: Application Virtualization 4 -description: Application Virtualization 4 -author: dansimp -ms.assetid: 9da557bc-f433-47d3-8af7-68ec4ff9bd3f -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Virtualization 4 - - -Microsoft Application Virtualization provides the administrative capability to make applications available to end user computers without having to install the applications directly on those computers. - -## Technical Documentation - - -The technical documentation for Application Virtualization in the TechNet Library contains the following sections: - -- [Microsoft Application Virtualization Getting Started Guide](microsoft-application-virtualization-getting-started-guide.md) - -- [Planning and Deployment Guide for the Application Virtualization System](planning-and-deployment-guide-for-the-application-virtualization-system.md) - -- [Operations Guide for the Application Virtualization System](operations-guide-for-the-application-virtualization-system.md) - -- [Online Help for Application Virtualization](online-help-for-application-virtualization.md) - -- [Application Virtualization Glossary](application-virtualization-glossary.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/installation-files-page.md b/mdop/appv-v4/installation-files-page.md deleted file mode 100644 index 0825e6eddc..0000000000 --- a/mdop/appv-v4/installation-files-page.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: Installation Files Page -description: Installation Files Page -author: dansimp -ms.assetid: b0aad26f-b143-4f09-87a1-9f016a23cb62 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Installation Files Page - - -Use the **Installation Files** page to specify the installation files that were used to create the virtual application package specified on the **Select Package** page of this wizard. If you created a virtual application package that contains multiple applications, you should copy all required installation files to a single folder on the computer running the Microsoft Application Virtualization Sequencer. - -This page contains the following elements: - -**Original Installation Files** -Click **Browse** to specify the installation files that were originally used to create the virtual application package. The parent directory you specify should be saved locally to the computer running the Sequencer and must contain all required installation files or subfolders that contain the installation files. The installation files can be contained in the parent folder or in any of the subfolders of the specified parent folder. - -**Files installed on local system** -Click **Browse** to specify the installation files that have been installed locally on the computer running the Sequencer. You can only select this option if the application installation files have been installed to the application’s default location. - -**Note**   -The default installation location you provide depends on the following conditions: - - - -- The package root specified when the package was originally created. - -- The installation location specified in the Windows Installer when the package was originally created. - -- The default application installation path. - -For example, if the package root specified is **Q:\\Office12** and during installation, the default installation location is changed from **C:\\Program Files\\Office12** to **Q:\\Office12**, then the path specified during dehydration must be **C:\\Program Files\\Office 12**. - -If the package root specified is **Q:\\Microsoft** and during installation, the default installation location is changed from **C:\\Program Files\\Office12** to **Q:\\Microsoft\\Office12**, then the path specified during dehydration must be **C:\\Program Files**. - -When you create a package using a package accelerator, each file in the package, for example **Q:\\Office12\\file.txt** is found on the local computer by replacing the package root **Q:\\Office12** with the default location specified when the Package Accelerator was created, for example, **C:\\Program Files\\Office12**. In the previous example, the file should be located in **C:\\Program Files\\Office12\\file.txt**. - -## Related topics - - -[Create Package Accelerator Wizard (AppV 4.6 SP1)](create-package-accelerator-wizard--appv-46-sp1-.md) - - - - - - - - - diff --git a/mdop/appv-v4/installation-page--learn-more-.md b/mdop/appv-v4/installation-page--learn-more-.md deleted file mode 100644 index 2979a1cb34..0000000000 --- a/mdop/appv-v4/installation-page--learn-more-.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Installation Page (Learn More) -description: Installation Page (Learn More) -author: dansimp -ms.assetid: a53b8330-dfc3-4540-b147-7c10529f403a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Installation Page (Learn More) - - -Use the **Installation** page to run additional installation files that are required to complete the application installation. - -This page contains the following elements: - -**Run** -Opens the **Select installation file** dialog box. Specify the location of the additional installation files, Windows Installer and executable program files, and then click **Open**. - -**I am finished installing** -Enables the **Next** button. Select this option if no additional installation files are associated with this application. - -## Related topics - - -[Create New Package Wizard (AppV 4.6 SP1)](create-new-package-wizard---appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/installation-report-page--learn-more-.md b/mdop/appv-v4/installation-report-page--learn-more-.md deleted file mode 100644 index b35a3f1345..0000000000 --- a/mdop/appv-v4/installation-report-page--learn-more-.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -title: Installation Report Page (Learn More) -description: Installation Report Page (Learn More) -author: dansimp -ms.assetid: 499cf4db-a39c-4dcf-b1cf-85fd7da11701 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Installation Report Page (Learn More) - - -Use the **Installation Report** page to review the results of the sequencing process. These reports can help diagnose common problems that can occur during sequencing. - -This page contains the following elements: - -**Information Pane** -Displays problems and additional information about the overall sequencing process. - -## Related topics - - -[Create New Package Wizard (AppV 4.6 SP1)](create-new-package-wizard---appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/installing-app-v-management-server-or-streaming-server-securely.md b/mdop/appv-v4/installing-app-v-management-server-or-streaming-server-securely.md deleted file mode 100644 index c7ef697fc2..0000000000 --- a/mdop/appv-v4/installing-app-v-management-server-or-streaming-server-securely.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: Installing App-V Management Server or Streaming Server Securely -description: Installing App-V Management Server or Streaming Server Securely -author: dansimp -ms.assetid: d2a51a81-a80f-427c-a727-611e1eb74f02 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Installing App-V Management Server or Streaming Server Securely - - -The topics in this section provide information for installing an enhanced security version of the App-V Management Server or the App-V Streaming Server. - -**Note**   -Installing or configuring an App-V Management or Streaming Server to use enhanced security (for example, Transport Layer Security, or TLS) requires that an X.509 V3 certificate has been provisioned to the App-V server. - - - -When you prepare to install or configure a secure Management or Streaming Server, consider the following technical requirements: - -- The certificate must be valid. If the certificate is not valid, the client ends the connection. - -- The certificate must contain the correct *Enhanced Key Usage* (EKU)—Server Authentication (OID 1.3.6.1.5.5.7.3.1). If the certificate does not contain this EKU, the client ends the connection. - -- The certificate fully qualified domain name (FQDN) must match the server on which it is installed. For example, if the client is calling `RTSPS://Myserver.mycompany.com/content/MyApp.sft` and the certificate **Issued To** field is set to `Server1.mycompany.com`, the client will not connect to the server and the session ends. The failure is reported to the user. - - **Note**   - If you are using App-V in a Network Load Balancing cluster, you must configure the certificate with Subject Alternate Names (SANs) to support RTSPS. For information about configuring the certification authority (CA) and creating certificates with SANs, see . - - - -- The client and the server need to trust the root CA—The CA issuing the certificate to the App-V server must by trusted by the client connecting to the server. If not, the client ends the connection. - -- The certificate’s private key must have permissions changed to allow the App-V Service account to access the certificate. By default, App-V uses the Network Service account, and by default, the Network Service account does not have permission to access the private key, which will prevent secure connections. - -## In This Section - - -[Configuring Certificates to Support Secure Streaming](configuring-certificates-to-support-secure-streaming.md) -Provides information about obtaining, configuring, and installing certificates to support secure streaming. - -[How to Modify Private Key Permissions to Support Management Server or Streaming Server](how-to-modify-private-key-permissions-to-support-management-server-or-streaming-server.md) -Provides procedures you can use to modify keys in Windows Server 2003 and Windows Server 2008. - -[Configuring Certificates to Support App-V Management Server or Streaming Server](configuring-certificates-to-support-app-v-management-server-or-streaming-server.md) -Provides information about configuring certificates for the App-V Management or Streaming Servers, including information about configuring certificates for Network Load Balancing environments. - - - - - - - - - diff --git a/mdop/appv-v4/internet-facing-considerations-for-app-v-clients.md b/mdop/appv-v4/internet-facing-considerations-for-app-v-clients.md deleted file mode 100644 index 9821a7ba66..0000000000 --- a/mdop/appv-v4/internet-facing-considerations-for-app-v-clients.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: Internet-Facing Considerations for App-V Clients -description: Internet-Facing Considerations for App-V Clients -author: dansimp -ms.assetid: 261acde3-7112-492e-8b11-934ae45adc5f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Internet-Facing Considerations for App-V Clients - - -The topics in this section includes information about Internet-facing configurations for domain-joined and non-domain joined clients, as well as procedures you can use to assign the proper credentials to your App-V Desktop Clients. - -## In This Section - - -[Domain-Joined and Non-Domain-Joined Clients](domain-joined-and-non-domain-joined-clients.md) -Provides general information about configuring domain-joined or non-domain-joined clients for successful network access. - -[How to Assign the Proper Credentials for Windows XP](how-to-assign--the-proper-credentials-for-windows-xp.md) -Provides a step-by-step procedure for assigning credentials on an App-V Desktop Client running Windows XP. - -[How to Assign the Proper Credentials for Windows Vista](how-to-assign--the-proper-credentials-for-windows-vista.md) -Provides a step-by-step procedure for assigning credentials on an App-V Desktop Client running Windows Vista. - -  - -  - - - - - diff --git a/mdop/appv-v4/internet-facing-server-scenarios-for-perimeter-networks.md b/mdop/appv-v4/internet-facing-server-scenarios-for-perimeter-networks.md deleted file mode 100644 index 5d2b394c68..0000000000 --- a/mdop/appv-v4/internet-facing-server-scenarios-for-perimeter-networks.md +++ /dev/null @@ -1,129 +0,0 @@ ---- -title: Internet-Facing Server Scenarios for Perimeter Networks -description: Internet-Facing Server Scenarios for Perimeter Networks -author: dansimp -ms.assetid: 8a4da6e6-82c7-49e5-b9b1-1666cba02f65 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Internet-Facing Server Scenarios for Perimeter Networks - - -App-V 4.5 supports Internet-facing server scenarios, in which users who are not connected to the corporate network or who disconnect from the network can still use App-V. As shown in the following illustration, only the use of secure protocols on the Internet (RTSPS and HTTPS) is supported. - -![app-v firewall positioning diagram](images/appvfirewalls.gif) - -You can set up an Internet-facing solution, using an ISA Server, where the App-V infrastructure is on the internal network in the following ways: - -- Create a Web Publishing rule for the IIS server that is hosting the ICO and OSD files—and optionally, the packages for streaming—located on the internal network. Detailed steps are provided at . - -- Create a Server Publishing rule for the App-V Web Management Server (RTSPS). Detailed steps are provided at [https://go.microsoft.com/fwlink/?LinkId=151983&](https://go.microsoft.com/fwlink/?LinkId=151983). - -As shown in the following illustration, if the infrastructure has implemented other firewalls between the client and the ISA Server or between the ISA Server and the internal network, both RTSPS (TCP 322) and HTTPS (TCP 443) firewall rules must be created to support the flow of traffic. Also, if firewalls have been implemented between the ISA Server and the internal network, the default traffic required for domain members must be permitted to tunnel through the firewall (DNS, LDAP, Kerberos, SMB/CIFS). - -![app-v perimeter network firewall diagram](images/appvperimeternetworkfirewall.gif) - -Because the firewall solutions vary from environment to environment, the guidance provided in this topic describes the traffic that would be required to configure an Internet-facing App-V environment in the perimeter network. This information also includes the recommended internal network servers. - -Place the following servers in the perimeter network: - -- App-V Management Server - -- IIS server for publishing and streaming - -**Note**   -It is a best practice to place the Management Server and IIS server on separate computers. - - - -Place the following servers in the internal network: - -- Content server - -- Data store (SQL Server) - -- Active Directory Domain Controller - -## Traffic Requirements - - -The following tables list the traffic requirements for communication from the Internet and the perimeter network and from the perimeter network to the internal network. - - ---- - - - - - - - - - - - - - - - - -
Traffic Requirements from Internet to Perimeter NetworkDetails

RTSPS (publishing refresh and streaming packages)

TCP 322 by default; this can be changed in App-V Management Server.

HTTPS (publishing ICO and OSD files and streaming packages)

TCP 443 by default; this can be changed in the IIS configuration.

- - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Traffic Requirements from Perimeter Network to Internal NetworkDetails

SQL Server

TCP 1433 is the default but can be configured in SQL Server.

SMB/CIFS

If the content directory is located remotely from the Management Server(s) or IIS server (recommended).

Kerberos

TCP and UDP 88

LDAP

TCP and UDP 389

DNS

For name resolution of internal resources (can be eliminated with the use of host’s file on perimeter network servers)

- - - - - - - - - - - diff --git a/mdop/appv-v4/introduction-to-the-application-virtualization-security-guide.md b/mdop/appv-v4/introduction-to-the-application-virtualization-security-guide.md deleted file mode 100644 index b621871cef..0000000000 --- a/mdop/appv-v4/introduction-to-the-application-virtualization-security-guide.md +++ /dev/null @@ -1,85 +0,0 @@ ---- -title: Introduction to the Application Virtualization Security Guide -description: Introduction to the Application Virtualization Security Guide -author: dansimp -ms.assetid: 50e1d220-7a95-45b8-933b-3dadddebe26f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Introduction to the Application Virtualization Security Guide - - -This Microsoft Application Virtualization (App-V) security guide provides instructions for administrators who are responsible for configuring the security features that were selected for the App-V deployment. - -**Note**   -This documentation does not provide guidance for choosing the specific security options. That information is provided in the App-V Security Best Practices white paper available at . - - - -As an App-V administrator using this guide, you should be familiar with the following security-related technologies: - -- Active Directory Domain Services - -- Public key infrastructure (PKI) - -- Internet Protocol Security (IPsec) - -- Group Policies - -- Internet Information Services (IIS) - -## APP-V Infrastructure Components - - -When planning an enhanced security App-V environment, you can consider several different infrastructure models. - -**Note**   -For more information about App-V infrastructure models, see the following documentation: - -- [App-V Planning and Deployment Guide](https://go.microsoft.com/fwlink/?LinkId=122063) - -- [Infrastructure Planning and Design Guide Series](https://go.microsoft.com/fwlink/?LinkId=151986) - - - -These models utilize some but possibly not all of the App-V components depicted in the following illustration. - -![app-v branch office diagram](images/appvbranchoffices.gif) - -Application Virtualization (App-V) Management Server -The App-V Management Server streams the package content and publishes the shortcuts and file-type associations to the App-V Client. The App-V Management Server also supports active upgrade, license management, and a database that can be used for reporting. - -Application Virtualization (App-V) Streaming Server -The App-V Streaming Server hosts the packages for streaming to App-V Clients in environments such as branch offices, where the bandwidth of the connection to the App-V Management Server is insufficient for streaming package content to clients. The Streaming Server contains only streaming functionality and does not provide you with the App-V Management Console or the App-V Management Web Service. - -Application Virtualization (App-V) Data Store -The App-V data store, in the SQL database, retains information related to the App-V infrastructure. The information in the App-V data store includes all application records, application assignments, and which groups manage the Application Virtualization environment. - -Application Virtualization (App-V) Management Service -The App-V Management Service communicates read/write requests to the Application Virtualization data store. This component can be installed on the same computer as the App-V Management Server or on a separate computer with IIS installed. - -Application Virtualization (App-V) Management Console -The App-V Management Console is a snap-in management utility for App-V Server administration. This component can be installed on the same computer as the App-V Server or on a separate workstation that has MMC 3.0 and .NET 2.0 installed. - -Application Virtualization (App-V) Sequencer -The App-V Sequencer monitors and captures the installation of applications and creates virtual application packages. The output of the Sequencer consists of the application icon, the OSD file containing application definition information, a package manifest file, and an SFT file containing the application’s content files. Optionally, a Windows Installer file can be created for installing the package without using the App-V infrastructure. - -Application Virtualization (App-V) Client -The App-V Client is installed on the App-V Desktop Client computer or on the App-V Terminal Services Client computer. It provides the virtual environment for the virtual application packages. The App-V Client manages the package streaming to the cache, virtual application publishing refresh, and interaction with the Application Virtualization Servers. - - - - - - - - - diff --git a/mdop/appv-v4/load-app.md b/mdop/appv-v4/load-app.md deleted file mode 100644 index 8b07665623..0000000000 --- a/mdop/appv-v4/load-app.md +++ /dev/null @@ -1,87 +0,0 @@ ---- -title: LOAD APP -description: LOAD APP -author: dansimp -ms.assetid: 7b727d0c-5423-419d-92ef-7ebbc6343e79 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# LOAD APP - - -Loads the specified application and all other applications in the package into the file system cache. - -**Note**   -The **LOAD APP** command starts the load process and a progress bar is displayed in the Desktop Notification Area. The command exits immediately after starting this process, so any load errors are displayed in the same location. Use the **LOAD PACKAGE** command if you want to start the load process from the command line without using the Desktop Notification Area. - - - -`SFTMIME LOAD APP:application [/LOG log-pathname | /GUI]` - - ---- - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

APP:<application>

The name and version (optional) of the application to load.

/LOG

If specified, output is logged to the specified path name.

/GUI

If specified, output is presented in a Windows dialog box.

- - - -For version 4.6, the following option has been added. - - ---- - - - - - - -

/LOGU

If specified, output is logged to the specified path name in UNICODE format.

- - - -## Related topics - - -[SFTMIME Command Reference](sftmime--command-reference.md) - - - - - - - - - diff --git a/mdop/appv-v4/load-package.md b/mdop/appv-v4/load-package.md deleted file mode 100644 index 025e980fda..0000000000 --- a/mdop/appv-v4/load-package.md +++ /dev/null @@ -1,97 +0,0 @@ ---- -title: LOAD PACKAGE -description: LOAD PACKAGE -author: dansimp -ms.assetid: eb19116d-e5d0-445c-b2f0-3116a09384d7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# LOAD PACKAGE - - -Loads the specified package into the file system cache. - -`SFTMIME LOAD PACKAGE:package-name [/SFTPATH sft-pathname] [/LOG log-pathname | /CONSOLE | /GUI]` - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

PACKAGE:<package-name>

The name of the package to load.

/SFTPATH <sft-pathname>

If specified, the path to an SFT file to load from.

/LOG

If specified, output is logged to the specified path name.

/CONSOLE

If specified, output is presented in the active console window (default).

/GUI

If specified, output is presented in a Windows dialog box.

- - - -For version 4.6, the following option has been added. - - ---- - - - - - - -

/LOGU

If specified, output is logged to the specified path name in UNICODE format.

- - - -**Note**   -If no SFTPATH is specified, the client will load the package by using the path it has been configured to use, based on the OSD file, the ApplicationSourceRoot registry key value, or the OverrideURL setting. - -The **LOAD PACKAGE** command performs a synchronous load and will not be complete until the package is fully loaded or until it encounters an error condition. - - - -## Related topics - - -[SFTMIME Command Reference](sftmime--command-reference.md) - - - - - - - - - diff --git a/mdop/appv-v4/lock-app.md b/mdop/appv-v4/lock-app.md deleted file mode 100644 index 1032c581d6..0000000000 --- a/mdop/appv-v4/lock-app.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: LOCK APP -description: LOCK APP -author: dansimp -ms.assetid: 30673433-4364-499f-8116-cb135fe2716f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# LOCK APP - - -Locks the application specified in the file system cache. - -`SFTMIME LOCK APP:application [/LOG log-pathname | /CONSOLE | /GUI]` - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

APP:<application>

The name and version (optional) of the application to lock.

/LOG

If specified, output is logged to the specified path name.

/CONSOLE

If specified, output is presented in the active console window (default).

/GUI

If specified, output is presented in a Windows dialog box.

- -  - -For version 4.6, the following option has been added. - - ---- - - - - - - -

/LOGU

If specified, output is logged to the specified path name in UNICODE format.

- -  - -## Related topics - - -[SFTMIME Command Reference](sftmime--command-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/log-file-for-the-application-virtualization-client.md b/mdop/appv-v4/log-file-for-the-application-virtualization-client.md deleted file mode 100644 index 1dec527a68..0000000000 --- a/mdop/appv-v4/log-file-for-the-application-virtualization-client.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Log File for the Application Virtualization Client -description: Log File for the Application Virtualization Client -author: dansimp -ms.assetid: ac4b3e4a-a220-4c06-bd60-af7dc318b3a9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Log File for the Application Virtualization Client - - -The log file for the Application Virtualization (App-V) Client captures detailed information about operations and error conditions. You can use it when you are verifying functionality and when you are troubleshooting issues. - -When the App-V Client is first installed, the log file is created by default in the location shown in the following table. The location of the log file is new for Application Virtualization (App-V) 4.5, although the location will not be changed if the client is upgraded from an earlier version. - - ---- - - - - - - - - - - - - -
Log File NameDescription

sftlog.txt

Provides general information about App-V Client operations and errors. Use this log as a starting point for troubleshooting App-V Client errors.

-

Log file location for either the Desktop Client or the Client for Remote Desktop Services (formerly Terminal Services):

-
    -

  • C:\Documents and Settings\All Users\Application Data\Microsoft\Application Virtualization Client: Windows XP, Windows Server 2003

    • -

  • C:\ProgramData\Microsoft\Application Virtualization Client: Windows Vista, Windows Server 2008

    • -
- -  - -## Related topics - - -[Application Virtualization Client Reference](application-virtualization-client-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/log-files-for-the-application-virtualization-sequencer.md b/mdop/appv-v4/log-files-for-the-application-virtualization-sequencer.md deleted file mode 100644 index fd8062d829..0000000000 --- a/mdop/appv-v4/log-files-for-the-application-virtualization-sequencer.md +++ /dev/null @@ -1,71 +0,0 @@ ---- -title: Log Files for the Application Virtualization Sequencer -description: Log Files for the Application Virtualization Sequencer -author: dansimp -ms.assetid: 1a296544-eab4-46f9-82ce-3136f8b578af -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Log Files for the Application Virtualization Sequencer - - -The log files for the Application Virtualization (App-V) Sequencer provide detailed information about sequencing applications, and they can be helpful when you are verifying functionality or when you are troubleshooting issues. - -The following table provides information about the log files and their default locations, which are created when using the Sequencer. - - ---- - - - - - - - - - - - - - - - - - - - - -
Log File NameDescription

sft-seq-log.txt

Provides general information about sequencing an application. Use this log as a starting point for troubleshooting Sequencer errors.

-

Log file location: %windir%\Microsoft Application Virtualization Sequencer\Logs

-

[Template Token Value] App-V 4.6 log file location: %windir%\Program Files\Microsoft Application Virtualization Sequencer\Logs[Template Token Value]

sftbt.txt

Provides information about computer restart tasks that occur during the Sequencer’s simulated restart.

-

Log file location: %windir%\Microsoft Application Virtualization Sequencer\Logs

-

[Template Token Value] App-V 4.6 log file location: %windir%\Program Files\Microsoft Application Virtualization Sequencer\Logs[Template Token Value]

SftCallBack.txt

Provides general information about processes used during sequencing.

-

Log file location: %windir%\Microsoft Application Virtualization Sequencer\Logs

-

[Template Token Value] App-V 4.6 log file location: %windir%\Program Files\Microsoft Application Virtualization Sequencer\Logs[Template Token Value]

- -  - -## Related topics - - -[Application Virtualization Sequencer Reference](application-virtualization-sequencer-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-1-privacy-statement.md b/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-1-privacy-statement.md deleted file mode 100644 index fe711b15c3..0000000000 --- a/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-1-privacy-statement.md +++ /dev/null @@ -1,146 +0,0 @@ ---- -title: Microsoft Application Virtualization 4.6 Service Pack 1 Privacy Statement -description: Microsoft Application Virtualization 4.6 Service Pack 1 Privacy Statement -author: dansimp -ms.assetid: e82c57ea-885d-4761-96db-4d80b1c3e1ae -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Microsoft Application Virtualization 4.6 Service Pack 1 Privacy Statement - - -Microsoft is committed to protecting your privacy, while delivering software that brings you the performance, power, and convenience you desire in your personal computing. This privacy statement explains many of the data collection and use practices of Microsoft Application Virtualization, 4.6 Service Pack 1 (“App-V”).  Specifically, the privacy statement describes the features in Service Pack 1 that send information to others, including Microsoft. It does not apply to other online or offline Microsoft sites, products, or services. - -App-V transforms applications into virtualized, network-available services resulting in dynamic delivery of software that is never installed, does not conflict, and minimizes costly application compatibility testing. Users and their application environments are no longer machine-specific, and the machines themselves are no longer user-specific, enabling IT to be flexible and responsive to business needs, and significantly reducing the cost of PC management, including application and operating system (OS) migrations. - -## Collection and Use of Your Information - - -The information we collect from you will be used by Microsoft and its controlled subsidiaries and affiliates to enable the features you are using and provide the service(s) or carry out the transaction(s) you have requested or authorized.  It may also be used to analyze and improve Microsoft products and services. - -We may send certain mandatory service communications such as welcome letters, billing reminders, information on technical service issues, and security announcements.  Some Microsoft services may send periodic member letters that are considered part of the service. We may occasionally request your feedback, invite you to participate in surveys, or send you promotional mailings to inform you of other products or services available from Microsoft and its affiliates. - -In order to offer you a more consistent and personalized experience in your interactions with Microsoft, information collected through one Microsoft service may be combined with information obtained through other Microsoft services. We may also supplement the information we collect with information obtained from other companies. For example, we may use services from other companies that enable us to derive a general geographic area based on your IP address in order to customize certain services to your geographic area. - -Except as described in this statement, personal information you provide will not be transferred to third parties without your consent. We occasionally hire other companies to provide limited services on our behalf, such as packaging, sending and delivering purchases and other mailings, answering customer questions about products or services, processing event registration, or performing statistical analysis of our services. We will only provide those companies the personal information they need to deliver the service, and they are prohibited from using that information for any other purpose. - -Microsoft may access or disclose information about you, including the content of your communications, in order to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft or our customers, including the enforcement of our agreements or policies governing your use of the services; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers, or the public. We may also disclose personal information as part of a corporate transaction such as a merger or sale of assets. - -Information that is collected by or sent to Microsoft App-V may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries, or service providers maintain facilities. Microsoft abides by the safe harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union, the European Economic Area, and Switzerland. - -## Collection and Use of Information about Your Computer - - -When you use software with Internet-enabled features, information about your computer ("standard computer information") is sent to the Web sites you visit and online services you use. Microsoft uses standard computer information to provide you Internet-enabled services, to help improve our products and services, and for statistical analysis. Standard computer information typically includes information such as your IP address, operating system version, browser version, and regional and language settings. In some cases, standard computer information may also include hardware ID, which indicates the device manufacturer, device name, and version. If a particular feature or service sends information to Microsoft, standard computer information will be sent as well.  - -The privacy details for each App-V feature, software or service listed in this privacy statement describe what additional information is collected and how it is used. - -## Security of your information - - -Microsoft is committed to helping protect the security of your information. We use a variety of security technologies and procedures to help protect your information from unauthorized access, use, or disclosure. For example, we store the information you provide on computer systems with limited access, which are located in controlled facilities. - -## Changes to this privacy statement - - -We will occasionally update this privacy statement to reflect changes in our products, services, and customer feedback. When we post changes, we will revise the "last updated" date at the top of this statement. If there are material changes to this statement or in how Microsoft will use your personal information, we will notify you either by posting a notice of such changes prior to implementing the change or by directly sending you a notification. We encourage you to periodically review this statement to be informed of how Microsoft is protecting your information. - -## For More Information - - -Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement or believe that we have not adhered to it, please contact us at: - -Microsoft Privacy - -Microsoft Corporation - -One Microsoft Way - -Redmond, Washington 98052 USA - -## Specific features - - -The remainder of this document will address the following specific features: - -## Customer Experience Improvement Program - - -### What This Feature Does: - -The Customer Experience Improvement Program (“CEIP”) collects basic information about your hardware configuration and how you use our software and services in order to identify trends and usage patterns. CEIP also collects the type and number of errors you encounter, software and hardware performance, and the speed of services.  We will not collect your name, address, or other contact information. - -### Information Collected, Processed, or Transmitted: - -For more information about the information collected, processed, or transmitted by CEIP, see the CEIP privacy statement at . - -### Use of Information: - -We use this information to improve the quality, reliability, and performance of Microsoft software and services. - -### Choice/Control: - -You are offered the opportunity to participate in CEIP during setup. If you choose to participate and later change your mind, you can turn off CEIP at any time by: - -1. Select “Help” on the main toolbar. - -2. Select “Customer Feedback Options”. - -## Microsoft Error Reporting - - -### What This Feature Does: - -Microsoft Error Reporting provides a service that allows you to report problems you may be having with App-V to Microsoft and to receive information that may help you avoid or solve such problems. - -### Information Collected, Processed, or Transmitted: - -For information about the information collected, processed, or transmitted by Microsoft Error Reporting, see the Microsoft Error Reporting privacy statement at . - -### Use of Information: - -We use the error reporting data to solve customer problems and improve our software and services. - -### Important Information: - -App-V does not change your Microsoft Error Reporting settings. If you previously turned on error reporting, it will send the information described above. Enterprise customers can use Group Policy to configure how Microsoft Error Reporting behaves on their computers. Configuration options include the ability to turn off Microsoft Error Reporting. If you are an administrator and wish to configure Group Policy for Microsoft Error Reporting, technical details are available at [https://go.microsoft.com/fwlink/?LinkId=35776](https://go.microsoft.com/fwlink/?LinkID=35776). - -## Application Package Accelerators - - -### What This Feature Does: - -Customers can use Application Package Accelerators to automatically package complex applications without installing the application. The App-V sequencer allows you to create package accelerators for each virtual package. You can then use these package accelerators to automatically re-create the same virtual package in the future. You may also use package accelerators released by Microsoft or other third parties to simplify and automate packaging of complex applications. - -### Information Collected, Processed, or Transmitted: - -Application Package Accelerators may contain information such as computer names, user account information, and information about applications included in the Package Accelerator file. - -If you plan to share Application Package Accelerators with anyone outside your organization you should review all the settings and ensure the Package Accelerators do not contain any personal or company information. You can view the contents by opening the Package Accelerator files using any XML viewer. The following are ways you can view and remove any computer or user information from the Package Accelerator files before sharing with anyone outside your company: - -- **Username** - When you log on to the computer running the App-V sequencer you should use a generic user account, such as **administrator**. You should not use an account that is based on an existing username. - -- **Computer Name**– Specify a general, non-identifying name for the computer that is running the App-V Sequencer. - -- **Server URL**– Use the default settings for the server URL configuration information on the **Deployment** tab in the App-V Sequencer console. - -- **Applications** – If you do not want to share the list of applications that were installed on the computer running the sequencer when you created the Package Accelerator you must delete the **appv\_manifest.xml** file. This file is located in the package root directory of the virtual application package. - -No information is sent to Microsoft through customers’ use of the Application Package Accelerator feature. - -  - -  - - - - - diff --git a/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-2-privacy-statement.md b/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-2-privacy-statement.md deleted file mode 100644 index 55db6ca874..0000000000 --- a/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-2-privacy-statement.md +++ /dev/null @@ -1,227 +0,0 @@ ---- -title: Microsoft Application Virtualization 4.6 Service Pack 2 Privacy Statement -description: Microsoft Application Virtualization 4.6 Service Pack 2 Privacy Statement -author: dansimp -ms.assetid: 4ee569b2-7711-475a-9f17-70247f00b1b7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Microsoft Application Virtualization 4.6 Service Pack 2 Privacy Statement - - -Microsoft is committed to protecting your privacy, while delivering software that brings you the performance, power, and convenience you desire in your personal computing. This privacy statement explains many of the data collection and use practices of Microsoft Application Virtualization (App-V). Specifically, the privacy statement describes the features that send information to others, including Microsoft. It does not apply to other online or offline Microsoft sites, products, or services. - -App-V transforms applications into virtualized, network-available services resulting in dynamic delivery of software that is never installed, does not conflict, and minimizes costly application compatibility testing. Users and their application environments are no longer machine-specific, and the machines themselves are no longer user-specific, enabling IT to be flexible and responsive to business needs, and significantly reducing the cost of PC management, including application and operating system (OS) migrations. - -## Collection and Use of Your Information - - -The information we collect from you will be used by Microsoft and its controlled subsidiaries and affiliates to enable the features you are using and provide the service(s) or carry out the transaction(s) you have requested or authorized. It may also be used to analyze and improve Microsoft products and services. - -We may send certain mandatory service communications such as welcome letters, billing reminders, information on technical service issues, and security announcements. Some Microsoft services may send periodic member letters that are considered part of the service. We may occasionally request your feedback, invite you to participate in surveys, or send you promotional mailings to inform you of other products or services available from Microsoft and its affiliates. - -In order to offer you a more consistent and personalized experience in your interactions with Microsoft, information collected through one Microsoft service may be combined with information obtained through other Microsoft services. We may also supplement the information we collect with information obtained from other companies. For example, we may use services from other companies that enable us to derive a general geographic area based on your IP address in order to customize certain services to your geographic area. - -Except as described in this statement, personal information you provide will not be transferred to third parties without your consent. We occasionally hire other companies to provide limited services on our behalf, such as packaging, sending and delivering purchases and other mailings, answering customer questions about products or services, processing event registration, or performing statistical analysis of our services. We will only provide those companies the personal information they need to deliver the service, and they are prohibited from using that information for any other purpose. - -Microsoft may access or disclose information about you, including the content of your communications, in order to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft or our customers, including the enforcement of our agreements or policies governing your use of the services; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers, or the public. We may also disclose personal information as part of a corporate transaction such as a merger or sale of assets. - -Information that is collected by or sent to Microsoft by App-V may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries, or service providers maintain facilities. Microsoft abides by the safe harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union, the European Economic Area, and Switzerland. - -## Collection and Use of Information about Your Computer - - -When you use software with Internet-enabled features, information about your computer ("standard computer information") is sent to the Web sites you visit and online services you use. Microsoft uses standard computer information to provide you Internet-enabled services, to help improve our products and services, and for statistical analysis. Standard computer information typically includes information such as your IP address, operating system version, browser version, and regional and language settings. In some cases, standard computer information may also include hardware ID, which indicates the device manufacturer, device name, and version. If a particular feature or service sends information to Microsoft, standard computer information will be sent as well. - -Because this is a pre-release version of the software, some of these Internet-enabled features are turned on by default so that we can collect enough information about how the software is working in order to improve the commercially released software. The default settings in this pre-release software do not necessarily reflect how these features will be configured in the commercially released software. - -The privacy details for each App-V feature, software or service listed in this privacy statement describe what additional information is collected and how it is used. - -## Security of your information - - -Microsoft is committed to helping protect the security of your information. We use a variety of security technologies and procedures to help protect your information from unauthorized access, use, or disclosure. For example, we store the information you provide on computer systems with limited access, which are located in controlled facilities. - -## Changes to this privacy statement - - -We will occasionally update this privacy statement to reflect changes in our products, services, and customer feedback. When we post changes, we will revise the "last updated" date at the top of this statement. If there are material changes to this statement or in how Microsoft will use your personal information, we will notify you either by posting a notice of such changes prior to implementing the change or by directly sending you a notification. We encourage you to periodically review this statement to be informed of how Microsoft is protecting your information. - -## For More Information - - -Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement or believe that we have not adhered to it, please contact us at . - -## Specific features - - -The remainder of this document will address the following specific features: - -**Note**   -This section is divided into two parts: (1) features in all versions of App-V and (2) features in App-V 4.6 SP1 and later. - - - -### Microsoft Error Reporting - -**What This Feature Does:** - -Microsoft Error Reporting provides a service that allows you to report problems you may be having with App-V to Microsoft and to receive information that may help you avoid or solve such problems. - -**Information Collected, Processed, or Transmitted:** - -For information about the information collected, processed, or transmitted by Microsoft Error Reporting, see the Microsoft Error Reporting privacy statement at . - -**Use of Information:** - -We use the error reporting data to solve customer problems and improve our software and services. - -**Choice/Control:** - -App-V does not change your Microsoft Error Reporting settings. If you previously turned on error reporting, it will send Microsoft the information about the errors you encountered. When Microsoft needs additional data to analyze the problem, you will be prompted to review the data and choose whether or not to send it.  App-V will always respect your Microsoft Error Reporting settings. - -**Important Information:** - -Enterprise customers can use Group Policy to configure how Microsoft Error Reporting behaves on their computers. Configuration options include the ability to turn off Microsoft Error Reporting. If you are an administrator and wish to configure Group Policy for Microsoft Error Reporting, technical details are available at . - -### Microsoft Update - -**What This Feature Does:** - -Microsoft Update is a service that provides Windows updates as well as updates for other Microsoft software, including App-V.  For details about what information is collected, how it is used and how to change your settings, see the Update Services Privacy Statement at . - -**Choice/Control:** - -If Microsoft Update is not enabled, you can opt-in during setup and subsequent checks for updates will follow the machine-wide schedule. You can update this option from the Microsoft Update Control Panel item. - -### Collection/Transmission of Configuration Data - -**What This Feature Does:** - -The product will collect various configuration items, including UserID, MachineID and SecurityGroup details, to be able to enforce settings on managed nodes. The data is stored in the App-V SQL database and transmitted across the App-V server and client components to enforce the configuration on the managed node. - -**Information Collected, Processed, or Transmitted:** - -User and machine information and configuration content - -**Use of Information:** - -The information is used to enforce the application access configuration on the managed nodes within the enterprise. The information does not leave the enterprise. - -**Choice/Control:** - -By default, the product does not have any data. All data is entered and enabled by the admin and can be viewed in the Management console. The feature cannot be disabled as this is the product functionality. To disable this, App-V will need to be uninstalled. - -**Important Information:** - -None of this information is sent out of the enterprise. - -### Package History Information - -**What This Feature Does:** - -It captures package history and asset information as part of the package. - -**Information Collected, Processed, or Transmitted:** - -Information about the package and the sequencing environment is collected and stored in the package manifest during sequencing. - -**Use of Information:** - -The information will be used by the admin to track the updates done to a package during its lifecycle. It will also be used by software deployment systems to track the package deployments within the organization. - -**Choice/Control:** - -This feature is always enabled and cannot be turned off. - -**Important Information:** - -This administrator information will be stored in the package and can be viewed by the end users if they access the XML associated with the application. - -### Collection and Transmission of Reporting Data - -**What This Feature Does:** - -The product will collect a variety of reporting data points, including the username, to allow reporting on the usage of the product. - -**Information Collected, Processed, or Transmitted:** - -Information about the machine, package and application usage are collected from every machine that reporting is enabled on. - -**Use of Information:** - -The information is used to report on application usage within the enterprise. The information does not leave the enterprise. - -**Choice/Control:** - -By default, the product does not have any data. Data is only collected once the reporting feature is enabled on the App-V Client. To disable the collection of reporting data, the reporting feature must be disabled on all clients. - -**Important Information:** - -None of this information is sent out of the enterprise. - -### Features in App-V 4.6 SP1 and later - -This section addresses specific features available in App-V 4.6 SP1 and later. - -### Customer Experience Improvement Program - -**What This Feature Does:** - -The Customer Experience Improvement Program (“CEIP”) collects basic information about your hardware configuration and how you use our software and services in order to identify trends and usage patterns. CEIP also collects the type and number of errors you encounter, software and hardware performance, and the speed of services. We will not collect your name, address, or other contact information. - -**Information Collected, Processed, or Transmitted:** - -For more information about the information collected, processed, or transmitted by CEIP, see the CEIP privacy statement at . - -**Use of Information:** - -We use this information to improve the quality, reliability, and performance of Microsoft software and services. - -**Choice/Control:** - -CEIP is optional and the opt-in status can be updated during install or post install from the GUI.   - -### Application Package Accelerators - -**What This Feature Does:** - -Customers can use Application Package Accelerators to automatically package complex applications without installing the application. The App-V sequencer allows you to create package accelerators for each virtual package. You can then use these package accelerators to automatically re-create the same virtual package in the future. You may also use package accelerators released by Microsoft or other third parties to simplify and automate packaging of complex applications. - -**Information Collected, Processed, or Transmitted:** - -Application Package Accelerators may contain information such as computer names, user account information, and information about applications included in the Package Accelerator file. - -If you plan to share Application Package Accelerators with anyone outside your organization you should review all the settings and ensure the Package Accelerators do not contain any personal or company information. You can view the contents by opening the Package Accelerator files using any XML viewer. The following are ways you can view and remove any computer or user information from the Package Accelerator files before sharing with anyone outside your company: - -- **Username** - When you log on to the computer running the App-V sequencer you should use a generic user account, such as **administrator**. You should not use an account that is based on an existing username. - -- **Computer Name**– Specify a general, non-identifying name for the computer that is running the App-V Sequencer. - -- **Server URL**– Use the default settings for the server URL configuration information on the **Deployment** tab in the App-V Sequencer console. - -- **Applications** – If you do not want to share the list of applications that were installed on the computer running the sequencer when you created the Package Accelerator you must delete the **appv\_manifest.xml** file. This file is located in the package root directory of the virtual application package. - -No information is sent to Microsoft through customers’ use of the Application Package Accelerator feature. - -## Related topics - - -[About Microsoft Application Virtualization 4.6 SP2](about-microsoft-application-virtualization-46-sp2.md) - - - - - - - - - diff --git a/mdop/appv-v4/microsoft-application-virtualization-client-management-help.md b/mdop/appv-v4/microsoft-application-virtualization-client-management-help.md deleted file mode 100644 index c0c55aa648..0000000000 --- a/mdop/appv-v4/microsoft-application-virtualization-client-management-help.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Microsoft Application Virtualization Client Management Help -description: Microsoft Application Virtualization Client Management Help -author: dansimp -ms.assetid: 449eebda-70eb-48b7-855a-db965a680923 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Microsoft Application Virtualization Client Management Help - - -The Microsoft Application Virtualization Desktop Client and the Client for Remote Desktop Services (formerly Terminal Services) provide the interface you can use to manage virtual applications on your computer. Through the user interface, you can manage applications and file type associations, and you can refresh applications from the Application Virtualization Management Servers (also referred to as application publishing servers). - -This help documentation supports the Application Virtualization Desktop Client and Client for Remote Desktop Services. It includes conceptual information, step-by-step procedures, and a user interface reference. - -For the latest updates to this help documentation, please visit the Microsoft TechNet Library at . - -## In This Section - - -[Application Virtualization Client Management Console Roadmap](application-virtualization-client-management-console-roadmap.md) -Includes overview information about the Client Management Console. - -[About Virtual Environments](about-virtual-environments.md) -Describes virtual environments and the way virtual applications affect the environment. - -[How to Use the Desktop Notification Area for Application Virtualization Client Management](how-to-use-the-desktop-notification-area-for-application-virtualization-client-management.md) -Includes information about using the features and commands that are available from the Windows desktop notification area. - -[Application Virtualization Client Management Console](application-virtualization-client-management-console.md) -Includes an overview as well as step-by-step procedures for using the features and commands that are available in the Application Virtualization Client. - -[Application Virtualization Client Management Console Reference](application-virtualization-client-management-console-reference.md) -Includes reference information about the screen elements and dialog boxes that are available in the Application Virtualization Desktop Client and the Client for Remote Desktop Services. - -  - -  - - - - - diff --git a/mdop/appv-v4/microsoft-application-virtualization-getting-started-guide.md b/mdop/appv-v4/microsoft-application-virtualization-getting-started-guide.md deleted file mode 100644 index 6f19e8f359..0000000000 --- a/mdop/appv-v4/microsoft-application-virtualization-getting-started-guide.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: Microsoft Application Virtualization Getting Started Guide -description: Microsoft Application Virtualization Getting Started Guide -author: dansimp -ms.assetid: 6cd9a212-e270-4d7c-bd0a-bd6af9a5c3ba -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Microsoft Application Virtualization Getting Started Guide - - -This Getting Started Guide provides essential information that will help you design your Microsoft Application Virtualization (App-V) system and assist in your deployment and upgrade planning. - -## In This Section - - -[Overview of Application Virtualization](overview-of-application-virtualization.md) -Provides a summary of the App-V system features. - -[Planning for Application Virtualization System Deployment](planning-for-application-virtualization-system-deployment.md) -Provides the guidance necessary to plan the implementation and deployment of your Application Virtualization system, and to migrate from previous versions. - -[Application Virtualization Deployment and Upgrade Considerations](application-virtualization-deployment-and-upgrade-considerations-copy.md) -Provides information about hardware and software requirements for installing the various Application Virtualization components and upgrade information. - -[About Microsoft Application Virtualization 4.5](about-microsoft-application-virtualization-45.md) -Describes the features introduced in App-V 4.5 and also includes the App-V 4.5 release notes documentation. - -[About Microsoft Application Virtualization 4.5 SP1](about-microsoft-application-virtualization-45-sp1.md) -Describes the changes introduced in App-V 4.5 with SP1 and also includes the App-V 4.5 SP1 release notes documentation. - -[About Microsoft Application Virtualization 4.5 SP2](about-microsoft-application-virtualization-45-sp2.md) -Describes what’s new in App-V 4.5 with SP2 and also includes the App-V 4.5 SP2 release notes documentation. - -[About Microsoft Application Virtualization 4.6](about-microsoft-application-virtualization-46.md) -Describes what’s new in App-V 4.6 and also includes the App-V 4.6 release notes documentation. - -[About Microsoft Application Virtualization 4.6 SP1](about-microsoft-application-virtualization-46-sp1.md) -Describes what’s new in App-V 4.6 SP1 and also includes the App-V 4.6 release notes documentation. - -[About Microsoft Application Virtualization 4.6 SP3](about-microsoft-application-virtualization-46-sp3.md) -Describes what’s new in App-V 4.6 SP3 and also includes the App-V 4.6 release notes documentation. - -  - -  - - - - - diff --git a/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes-45-sp1.md b/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes-45-sp1.md deleted file mode 100644 index 2add0e46ac..0000000000 --- a/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes-45-sp1.md +++ /dev/null @@ -1,221 +0,0 @@ ---- -title: Microsoft Application Virtualization Management System Release Notes 4.5 SP1 -description: Microsoft Application Virtualization Management System Release Notes 4.5 SP1 -author: dansimp -ms.assetid: 5d6b11ea-7b87-4084-9a7c-0d831f247aa3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Microsoft Application Virtualization Management System Release Notes 4.5 SP1 - - -To search these Release Notes, press CTRL+F. - -**Important**   -Read these Release Notes thoroughly before you install the Application Virtualization Management System. These Release Notes contain information that you need to successfully install the Application Virtualization Management System. These Release Notes contain information that is not available in the product documentation. If there is a discrepancy between these Release Notes and other Application Virtualization Management System documentation, the latest change should be considered authoritative. - - - -For updated information about known issues, please visit the Microsoft TechNet Library at . - -## About Microsoft Application Virtualization 4.5 Service Pack 1 - - -These Release Notes have been updated to reflect the changes introduced with Microsoft Application Virtualization (App-V) 4.5 Service Pack 1 (SP1). This service pack contains the following changes: - -- Support for Windows 7 and Windows Server 2008 R2: App-V 4.5 SP1 provides support for Windows 7 and Windows Server 2008 R2, including support for Windows 7 features such as the taskbar, AppLocker, BranchCache, and BitLocker To Go.  Windows Server 2008 R2 support is for the Application Virtualization Server only. For more information on AppLocker support in Windows 7, see . - -- Support for 3rd Party Kerberos Realms: App-V 4.5 SP1 provides support for environments that have a trust relationship and mapped user accounts between a Windows domain and an MIT Kerberos realm, which is a scenario that is common at many universities. For information on how to enable this support, please visit the Microsoft TechNet Library at . - -- Improved support for application publishing and streaming via HTTP/HTTPS: App-V 4.5 SP1 provides support for application publishing and streaming via the HTTP/HTTPS protocols for Windows XP Home Edition, Windows Vista Home Basic, and Windows 7 Home Basic. - -- Customer Feedback and Hotfix Rollup: App-V 4.5 SP1 also includes a rollup up of fixes to address issues found since the Microsoft Application Virtualization (App-V) 4.5 CU1 release. The updates are a result of a combination of known issues and customer feedback from our internal teams, partners, and customers who are using App-V 4.5. For a full list of the updates, see the KB article at . - -## About the Product Documentation - - -Comprehensive documentation for Application Virtualization (App-V) is available on Microsoft TechNet in the Application Virtualization (App-V) TechCenter at . The TechNet documentation includes the online Help for the Application Virtualization Sequencer, the Application Virtualization Client, and the Application Virtualization Server. It also includes the Application Virtualization Planning and Deployment Guide and the Application Virtualization Operations Guide. - -## Protect Against Security Vulnerabilities and Viruses - - -To help protect against security vulnerabilities and viruses, we recommend that you install the latest available security updates for any new software being installed. For more information, see the Microsoft Security Web site at . - -## Providing Feedback - - -You can provide feedback, make a suggestion, or report an issue with the Microsoft Application Virtualization (App-V) Management System via a community forum on the Microsoft Application Virtualization TechCenter (). - -You can also provide your feedback on the documentation directly to the App-V documentation team. Send your documentation feedback to appvdocs@microsoft.com. - -## Known Issues with Application Virtualization 4.5 SP1 - - -This section provides the most up-to-date information about issues with Microsoft Application Virtualization (App-V) 4.5 SP1. These issues do not appear in the product documentation and in some cases might contradict existing product documentation. Whenever possible, these issues will be addressed in later releases of the software. - -### Guidance for installing Server Management Console - -If you need to install management software onto systems other than the primary Application Virtualization publishing and streaming server, the server install supports installing the Management Console and Management Web service on separate servers from the primary App-V Management Server. To distribute the management components across multiple servers, Kerberos delegation must be enabled on the server where the Web service is installed. For information on how to enable this support, please visit the Microsoft TechNet Library at - -### Guidance for installing or upgrading clients to App-V 4.5 SP1 using setup.msi - -When installing or upgrading your App-V clients to App-V 4.5 SP1 by using setup.msi, the prerequisites are not installed automatically. - -WORKAROUND   You must manually install the prerequisites before installing or upgrading the App-V client to App-V 4.5 SP1. For detailed procedures for installing the prerequisites and the App-V client, see . - -When this has been completed, install the App-V 4.5 SP1 client by using setup.msi with elevated privileges. This file is available on the App-V 4.5 SP1 release media in the Installers\\Client folder. - -When installing Microsoft Application Error Reporting, use the following command if you are installing or upgrading to the App-V 4.5 SP1 Desktop client: - - msiexec /i dw20shared.msi APPGUID={93468B43-C19D-44F9-8BCC-114076DB0443}  allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus - -Alternatively, if you are installing or upgrading to the App-V 4.5 SP1 Client for Remote Desktop Services (formerly Terminal Services), use the following command: - - msiexec /i dw20shared.msi APPGUID={0042AD3C-99A4-4E58-B5F0-744D5AD96E1C} allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus - -**Note**   -The APPGUID parameter references the product code of the App-V client that you install or upgrade. The product code is unique for each setup.msi. You can use the Orca database editor or a similar tool to examine Windows Installer files and determine the product code. This step is required for all installations or upgrades to App-V 4.5 SP1. - - - -### Improving performance when sequencing the .NET Framework - -When sequencing the .NET Framework, you might experience reduced system performance because the Microsoft .NET Framework NGEN service attempts to precompile assemblies as a background task. - -WORKAROUND   When sequencing the .NET Framework, disable the Microsoft .NET Framework NGEN service (mscorsvw.exe) after completing the monitoring phase. You must use the **Virtual Services** tab in the Sequencer and change the startup type to disabled. - -### When you uninstall the Microsoft Application Virtualization Client, user settings associated with the user performing the uninstall will be deleted - -When you uninstall the App-V Client, the Windows Installer will remove Application Virtualization settings from the current user's profile. If your computer uses roaming profiles, do not use your personal network account to uninstall the client because it will remove settings for your virtual applications on all of your computers. - -WORKAROUND   You should perform the App-V Client uninstall with an administrative account that is not used for running virtual applications. - -### Edits made on the virtual file system and virtual registry tabs must be saved while running the Sequencing wizard - -If you open a package to perform an upgrade, or if you have already run the Sequencing wizard with a new package and make changes to the package in the virtual file system or virtual registry tabs, those changes are not automatically saved. - -WORKAROUND   Save the changes before re-running the wizard, to ensure that they are reflected inside the wizard’s virtual environment. - -### Command-line Sequencer must be run from an elevated command prompt - -When you use the command-line Sequencer, it does not prompt for elevation. - -WORKAROUND   Run the command-line Sequencer using an elevated command prompt. - -### Short path variable names in OSD files can cause errors - -If you receive error 450478-1F702339-0000010B “The directory name is invalid” when starting a virtual application on the client, it is possible that the variable in the OSD is set incorrectly. This can happen if the application’s installer sets a short path name during sequencing. - -WORKAROUND   Remove the trailing tilde from any CSIDL variable that exists in the OSD file. - -### Correct syntax for DECODEPATH parameter for command-line Sequencer - -In the command-line Sequencer, when opening a package for upgrade and decoding it to the root of the Q drive, the syntax for the *DECODEPATH* parameter should not include a trailing slash. - -WORKAROUND   You can use **Q:** rather than **Q:\\** (omitting the trailing “\\” character). - -### When upgrading 4.2 packages, you encounter problems caused by Windows Installer files in the Virtual File System - -When upgrading a package from 4.2, you might experience issues relating to a mismatch of Windows Installer system files that were included by default in 4.2 and the Windows Installer libraries locally installed on your Sequencing workstation. The following files are located in CSIDL\_SYSTEM\\: - -cabinet.dll - -msi.dll - -msiexec.exe - -msihnd.dll - -msimsg.dlll - -WORKAROUND   Delete all of the preceding files from the package. Delete the mappings on the **VFS** tab as well as the actual files in the CSIDL\_SYSTEM folder in your decode path. - -### On Windows XP, client install logging is not enabled by default - -When installing the client, to ensure that any install errors are captured for troubleshooting purposes, you should enable logging by using the command line. - -WORKAROUND   Add the parameter */l\*vx! log.txt* to the command line, as shown in the following example: - -setup.exe /s /v”/qn /l\*vx! log.txt” - -msiexec.exe /i setup.msi /qn /l\*vx! log.txt - -Alternatively, you can set the registry key to the following value: - -\[HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Installer\] "Logging"="voicewarmupx!" - -### For Kerberos authentication to work, Service Principal Names (SPNs) must be registered for IIS - -When using IIS 6.0 or 7.0 for icon or OSD file retrieval and streaming of packages, for Kerberos authentication to be enabled, the SPNs must be registered as follows: - -- On the IIS server, run the following commands by using the SETSPN.EXE Resource Kit tool. The server fully qualified domain name (FQDN) must be used. - - Setspn -r SOFTGRID/<Server FQDN> - - Setspn -r HTTP/<Server FQDN> - -For more information, see . - -### .NET compatibility changes - -Microsoft Application Virtualization (App-V) Cumulative Update 1 or later supports sequencing the .NET Framework on Windows XP (SP2 or later). Sequencing routines for .NET applications that were written for SoftGrid 4.2 might need to be updated when used with the App-V 4.5 Sequencer. For details and workarounds, please refer to the Knowledge Base article at . - -### After client upgrade from App-V 4.2, some applications are not shown - -Check for the following error in the log: ”The Application Virtualization Client could not parse the OSD file”. The App-V 4.5 client filters out applications that have an OSD file containing an empty OS tag (<OS></OS>). - -WORKAROUND   Delete the empty OS tag from the OSD file. - -### The App-V server requires exemptions in its firewall for certain processes - -For the server to stream applications correctly, the server's core processes, including the dispatcher, need access through the firewall. - -WORKAROUND   Set exemptions in the server's firewall for the following processes: sghwsvr.exe and sghwdsptr.exe. This applies to the App-V Management Server and App-V Streaming Server. - -### When the server installer is run in silent mode, it does not correctly check for MSXML6 - -The App-V Management Server depends on MSXML6. However, if you run the installer in silent mode—for example, by using the command “msiexec -i setup.msi /qn” on a system where MSXML6 is not already installed—the installer does not detect the missing dependency and installs anyway. Therefore, when clients attempt to refresh publishing information from the App-V Management Server, they will see failures. - -WORKAROUND   Verify that MSXML6 is installed on the system before attempting a silent install of the App-V Management Server. - -### Error code 000C800 when attempting to connect to the Application Virtualization Management Console - -An Application Virtualization administrator who is not a local administrator on the App-V Management Web Service server will receive an error (Error code: 000C800) when attempting to connect to the App-V Management Console, and the sftmmc.log entry will indicate that access to SftMgmt.udl is denied. To successfully connect to the App-V Management Console, an administrator who does not have local administrator rights on the App-V Management Web Service server must have at least read and execute permissions to the SftMgmt.udl file. - -The Application Virtualization administrators must be given read and execute permissions to the SftMgmt.UDL file under %systemdrive%\\Program Files\\Microsoft System Center App Virt Management Server\\App Virt Management Service. - -### Client installer command-line parameters are ignored when used in conjunction with KEEPCURRENTSETTINGS=1 - -When used in conjunction with KEEPCURRENTSETTINGS=1, the following client installer command-line parameters are ignored: SWICACHESIZE, MINFREESPACEMB, ALLOWINDEPENDENTFILESTREAMING, APPLICATIONSOURCEROOT, ICONSOURCEROOT, OSDSOURCEROOT, SYSTEMEVENTLOGLEVEL, SWIGLOBALDATA, DOTIMEOUTMINUTES, SWIFSDRIVE, AUTOLOADTARGET, AUTOLOADTRIGGERS, SWIUSERDATA, and REQUIRESECURECONNECTION. - -WORKAROUND   If you have settings you want to retain, use KEEPCURRENTSETTINGS=1 and then set the other parameters after deployment. The App-V ADM Template can be used to set the following client settings: APPLICATIONSOURCEROOT, ICONSOURCEROOT, OSDSOURCEROOT, AUTOLOADTARGET, AUTOLOADTRIGGERS, DOTIMEOUTMINUTES, and ALLOWINDEPENDENTFILESTREAMING. The ADM Template can be found at . - -## Release Notes Copyright Information - - -Information in this document, including URL and other Internet Web site references, is subject to change without notice and is provided for informational purposes only. The entire risk of the use or results from the use of this document remains with the user, and Microsoft Corporation makes no warranties, either express or implied. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. - -Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. - - - -Microsoft, Active Directory, ActiveSync, MS-DOS, Windows, Windows Server, and Windows Vista are trademarks of the Microsoft group of companies. - -All other trademarks are property of their respective owners. - - - - - - - - - diff --git a/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes.md b/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes.md deleted file mode 100644 index c97f47acca..0000000000 --- a/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes.md +++ /dev/null @@ -1,287 +0,0 @@ ---- -title: Microsoft Application Virtualization Management System Release Notes -description: Microsoft Application Virtualization Management System Release Notes -author: dansimp -ms.assetid: e1a4d5ee-53c7-4b48-814c-a34ce0e698dc -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Microsoft Application Virtualization Management System Release Notes - - -To search these Release Notes, press CTRL+F. - -**Important**   -Read these Release Notes thoroughly before you install the Application Virtualization Management System. These Release Notes contain information that you need to successfully install the Application Virtualization Management System. This document contains information that is not available in the product documentation. If there is a discrepancy between these Release Notes and other Application Virtualization Management System documentation, the latest change should be considered authoritative. These Release Notes supersede the content included with this product. - - - -For updated information about known issues, please visit the Microsoft TechNet Library at . - -## About Microsoft Application Virtualization 4.5 Cumulative Update 1 - - -These Release Notes have been updated to reflect the changes introduced with Microsoft Application Virtualization 4.5 Cumulative Update 1 (App-V 4.5 CU1), which provides the latest updates to Application Virtualization (App-V) 4.5. This cumulative update contains the following changes: - -- Support for Windows 7 Beta and Windows Server 2008 R2 Beta: App-V 4.5 CU1 addresses compatibility issues with Windows 7 Beta and Windows Server 2008 R2 Beta. Support will be provided for blocking issues that prevent App-V 4.5 CU1 running in a test environment on pre-RTM versions of Windows 7. This will help ensure that your virtual applications can run successfully in a test environment where compatibility between App-V 4.5 Client and Windows 7 Beta is required. - - **Important**   - Running App-V 4.5 CU1 on any version of Windows 7 or Windows Server 2008 R2 in a live operating environment is not supported. - - - -- Improved support for sequencing the .NET Framework: App-V 4.5 CU1 addresses previous issues with sequencing the .NET Framework 3.5 and earlier on Windows XP (SP2 or later). For more information about the new capabilities, see the TechNet article at . - -- Customer Feedback and Hotfix Rollup: App-V 4.5 CU1 also includes a rollup up of fixes to address issues found since the App-V 4.5 RTM release. This includes a combination of known issues and customer feedback from our internal teams, partners, and customers who are using App-V 4.5. For a full list of the included updates, see the KB article at . - -## About the Product Documentation - - -Comprehensive documentation for Application Virtualization (App-V) is available on Microsoft TechNet in the Application Virtualization (App-V) TechCenter at . The TechNet documentation includes the online Help for the Application Virtualization Sequencer, the Application Virtualization Client, and the Application Virtualization Server. It also includes the Application Virtualization Planning and Deployment Guide and the Application Virtualization Operations Guide. - -## Protect Against Security Vulnerabilities and Viruses - - -To help protect against security vulnerabilities and viruses, it is important to install the latest available security updates for any new software being installed. For more information, see the Microsoft Security Web site at . - -## Providing Feedback - - -You can provide feedback, make a suggestion, or report an issue with the Microsoft Application Virtualization (App-V) Management System via a community forum on the Microsoft Application Virtualization TechCenter (). - -You can also provide your feedback on the documentation directly to the App-V documentation team. Send your documentation feedback to appvdocs@microsoft.com. - -## Known Issues with Application Virtualization 4.5 CU1 - - -This section provides the most up-to-date information about issues with Microsoft Application Virtualization (App-V) 4.5 CU1. These issues do not appear in the product documentation and in some cases might contradict existing product documentation. Whenever possible, these issues will be addressed in later releases. - -### Guidance for installing or upgrading clients to App-V 4.5 CU1 using setup.msi - -When installing or upgrading your App-V clients to App-V 4.5 CU1 by using setup.msi, the prerequisites are not installed automatically. - -WORKAROUND   You must manually install the prerequisites before installing or upgrading the App-V client to 4.5 CU1. For detailed procedures for installing the prerequisites and the App-V client, see . - -When this has been completed, install the App-V 4.5 CU1 client by using setup.msi with elevated privileges. This file is available on the App-V 4.5 CU1 release media in the Installers\\Client folder. - -When installing Microsoft Application Error Reporting, use the following command if you are installing or upgrading to the App-V 4.5 CU1 Desktop client: - - msiexec /i dw20shared.msi APPGUID={FE495DBC-6D42-4698-B61F-86E655E0796D}  allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus - -Alternatively, if you are installing or upgrading to the App-V 4.5 CU1 Terminal Services client, use the following command: - - msiexec /i dw20shared.msi APPGUID={8A97C241-D92A-47DC-B360-E716C1AAA929} allusers=1 reboot=suppress REINSTALL=all REINSTALLMODE=vomus - -**Note**   -The APPGUID parameter references the product code of the App-V client that you install or upgrade to. The product code is unique for each setup.msi. You can use the Orca database editor or similar tool to examine Windows Installer files and determine the product code. This step is required for all installs or upgrades to App-V 4.5 CU1. - - - -### Some applications might fail to install during the monitoring phase when sequencing on Windows 7 Beta - -When sequencing on Windows 7 Beta or on a computer with Windows Installer 5.0, some applications might fail to install during the monitoring phase. - -WORKAROUND   You must manually grant the Everyone group Full Control permissions to the following registry key: - - HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\SystemGuard - -**Important**   -You must use the **Advanced** button to set the “Include inheritable permissions from this object’s parent” option. - - - -### Unable to save packages when sequencing on Windows 7 Beta - -When sequencing on Windows 7 Beta, you might be unable to save your sequenced package because of a sharing violation. - -WORKAROUND   As specified in the best practices section of the Microsoft Application Virtualization 4.5 Sequencing Guide (see ), you must shutdown and disable the following software programs before you begin sequencing: - -- Windows Defender - -- Antivirus software - -- Disk defragmentation software - -- Windows Search - -- Any open Windows Explorer session - -In addition, if you have Microsoft Update running on the sequencing station to capture updates during the package update process, you will need to add “C:\\Windows\\SoftwareDistribution” as a VFS exclusion before you start sequencing. - -### Improving performance when sequencing the .NET Framework - -When sequencing the .NET Framework, you might experience reduced system performance because the Microsoft .NET Framework NGEN service attempts to precompile assemblies as a background task. - -WORKAROUND   When sequencing the .NET Framework, disable the Microsoft .NET Framework NGEN service (mscorsvw.exe) after completing the monitoring phase. You must use the **Virtual Services** tab in the Sequencer and change the startup type to disabled. - -### Interoperability issues with the Windows 7 Taskbar - -When you run the Application Virtualization Client on Windows 7, the Windows 7 taskbar does not collapse multiple instances of a virtual application into a single taskbar button. In addition, jump Lists do not appear when you right-click a taskbar button of a virtual application, unless the application has been pinned to the Windows 7 taskbar. - -### When you uninstall the Microsoft Application Virtualization Client, user settings associated with the user performing the uninstall will be deleted - -When you uninstall the Microsoft Application Virtualization Client, the Windows Installer will remove Application Virtualization settings from the current user's profile. If your computer uses roaming profiles, do not use your personal network account to uninstall the client because it will remove settings for your virtual applications on all of your computers. - -WORKAROUND   You should perform the App-V Client uninstall with an administrative account that is not used for running virtual applications. - -### Edits made on the virtual file system and virtual registry tabs must be saved while running the Sequencing wizard - -If you open a package to perform an upgrade or have already run the Sequencing wizard with a new package and you make changes to the package in the virtual file system or virtual registry tabs, those changes are not automatically saved. - -WORKAROUND   Save the changes before re-running the wizard, to ensure that they are reflected inside the wizard’s virtual environment. - -### Command-line Sequencer must be run from an elevated command prompt - -When you use the command-line Sequencer, it does not prompt for elevation. - -WORKAROUND   Run the command-line Sequencer using an elevated command prompt. - -### Server Management Console configuration in distributed environments - -If you need to install management components onto systems other than the primary Application Virtualization publishing and streaming server, the server install supports installing our management console and Web service on separate servers from the primary Application Virtualization Server when properly configured. - -To distribute the management components across multiple servers, Kerberos delegation must be enabled on the server where the Web service is installed. - -### Short path variable names in OSD files can cause errors - -If you receive error 450478-1F702339-0000010B “The directory name is invalid” when starting a virtual application on the client, it is possible that the variable in the OSD is set incorrectly. This can happen if the application’s installer sets a short path name during sequencing. - -WORKAROUND   Remove the trailing tilde from any CSIDL variable that exists in the OSD file. - -### Correct syntax for DECODEPATH parameter for command-line Sequencer - -In the command-line Sequencer, when opening a package for upgrade and decoding it to the root of the Q drive, the syntax for the *DECODEPATH* parameter should not include a trailing slash. - -WORKAROUND   You can use **Q:** rather than **Q:\\** (omitting the trailing “\\” character). - -### When upgrading 4.2 packages, you encounter problems caused by Windows Installer files in the Virtual File System - -When upgrading a package from 4.2, you might experience issues relating to a mismatch of Windows Installer system files that were included by default in 4.2 and the Windows Installer libraries locally installed on your Sequencing workstation. The following files are located in CSIDL\_SYSTEM\\: - -cabinet.dll - -msi.dll - -msiexec.exe - -msihnd.dll - -msimsg.dlll - -WORKAROUND   Delete all of the preceding files from the package. Delete the mappings on the **VFS** tab as well as the actual files in the CSIDL\_SYSTEM folder in your decode path. - -### On Windows XP, client install logging is not enabled by default - -When installing the client, to ensure that any install errors are captured for troubleshooting purposes, you should enable logging by using the command line. - -WORKAROUND   Add the parameter */l\*vx! log.txt* to the command line, as shown in the following example: - -setup.exe /s /v”/qn /l\*vx! log.txt” - -msiexec.exe /i setup.msi /qn /l\*vx! log.txt - -Alternatively, you can set the registry key to the following value: - -\[HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Installer\] "Logging"="voicewarmupx!" - -### For Kerberos authentication to work, Service Principal Names (SPNs) must be registered for IIS - -When using IIS 6.0 or 7.0 for icon or OSD file retrieval and streaming of packages, for Kerberos authentication to be enabled, the SPNs must be registered as follows: - -- On the IIS server, run the following commands by using the SETSPN.EXE Resource Kit tool. The server fully qualified domain name (FQDN) must be used. - - Setspn -r SOFTGRID/<Server FQDN> - - Setspn -r HTTP/<Server FQDN> - -For more information, see . - -### On upgrade from RC, the default permissions on client logs do not allow for non-admin users to access the logs for troubleshooting and support - -The default permissions on client logs for the Application Virtualization RC client did not allow for non-admin access to log files, and manual changes to these log permissions were reverted when clients were restarted. This has been corrected in the RTM release for new client installs, but on upgrade from RC, the custom permissions on existing log files are not reset. However, when any new logs are created or after a log reset, the files will have the new default permissions. - -WORKAROUND   After the upgrade, reset existing client logs or manually change their permissions. - -### .NET compatibility changes - -Microsoft Application Virtualization Cumulative Update 1 supports sequencing the .NET Framework on Windows XP (SP2 or later). Sequencing routines for .NET applications that were written for SoftGrid 4.2 might need to be updated when used with the App-V 4.5 Sequencer. For details and workarounds, please refer to the Knowledge Base article at . - -### After client upgrade from App-V 4.2, some applications are not shown - -Check for the following error in the log: ”The Application Virtualization Client could not parse the OSD file”. The Microsoft Application Virtualization 4.5 client filters out applications that have an OSD file containing an empty OS tag (<OS></OS>). - -WORKAROUND   Delete the empty OS tag from the OSD file. - -### The App-V server requires exemptions in its firewall for certain processes - -For the server to stream applications correctly, the server's core processes, including the dispatcher, need access through the firewall. - -WORKAROUND   Set exemptions in the server's firewall for the following processes: sghwsvr.exe and sghwdsptr.exe. This applies to the App-V Management Server and App-V Streaming Server. - -### Sequencing packages that require new Visual Basic runtimes might fail - -If you sequence a package that uses a newer version of a Visual Basic (VB) runtime on a system where an older version of the VB runtime is installed, you might see a crash or other unexpected behavior when you try to use your package. For example, if you try to sequence Microsoft Money 2007, which uses version 6.00.9782 of the VB runtime, on a Windows XP system with version 6.00.9690 of the VB runtime, you might see a crash in the Invoice Designer when you try to run it on another Windows XP system with that older VB runtime. - -WORKAROUND   After installing the application on the sequencing computer, while still monitoring, copy the correct (newer) VB runtime to the directory in the package from where the executable is started. This allows the sequenced application to find the expected version of the VB runtime when it is started. - -**Important**   -This issue has been fixed in Microsoft Application Virtualization 4.5 Cumulative Update 1. - - - -### When the server installer is run in silent mode, it does not correctly check for MSXML6 - -The App-V Management Server depends on MSXML6. However, if you run the installer in silent mode—for example, by using the command “msiexec -i setup.msi /qn” on a system where MSXML6 is not already installed—the installer does not notice the missing dependency and installs anyway. The most common result is that when clients attempt to refresh publishing information from the App-V Management Server, they will see failures. - -WORKAROUND   Verify that MSXML6 is installed on the system before attempting a silent install of the App-V Management Server. - -### Error code 000C800 when attempting to connect to the Application Virtualization Management Console - -An Application Virtualization administrator who is not a local admin on the Application Virtualization Management Service server will receive an error (Error code: 000C800) when attempting to connect to the Application Virtualization Management Console, and the sftmmc.log entry will indicate that access to SftMgmt.udl is denied. To successfully connect to the Application Virtualization Management Console, an Application Virtualization administrator who is not a local admin on the Application Virtualization Management Service server must have at least read and execute access to the SftMgmt.udl file. - -The Application Virtualization administrators must be given read and execute permissions to the SftMgmt.UDL file under %systemdrive%\\Program Files\\Microsoft System Center App Virt Management Server\\App Virt Management Service. - -### Client installer command-line parameters are ignored when used in conjunction with KEEPCURRENTSETTINGS=1 - -When used in conjunction with KEEPCURRENTSETTINGS=1, the following client installer command-line parameters are ignored: SWICACHESIZE, MINFREESPACEMB, ALLOWINDEPENDENTFILESTREAMING, APPLICATIONSOURCEROOT, ICONSOURCEROOT, OSDSOURCEROOT, SYSTEMEVENTLOGLEVEL, SWIGLOBALDATA, DOTIMEOUTMINUTES, SWIFSDRIVE, AUTOLOADTARGET, AUTOLOADTRIGGERS, SWIUSERDATA, and REQUIRESECURECONNECTION. - -WORKAROUND   If you have settings you want to retain, use KEEPCURRENTSETTINGS=1 and then set the other parameters after deployment. The App-V ADM Template can be used to set the following client settings: APPLICATIONSOURCEROOT, ICONSOURCEROOT, OSDSOURCEROOT, AUTOLOADTARGET, AUTOLOADTRIGGERS, DOTIMEOUTMINUTES, and ALLOWINDEPENDENTFILESTREAMING. The ADM Template can be found at . - -### Error initializing virtual applications with Symantec Endpoint Protection - -When using Symantec Endpoint Protection with the Application and Device Control feature enabled, virtual applications might fail to start, with the error “The application failed to initialize properly (0xc000007b)”. For details and workarounds, please refer to the Knowledge Base article at . - -**Important**   -This issue has been fixed in Microsoft Application Virtualization 4.5 Cumulative Update 1. - - - -## Release Notes Copyright Information - - -Information in this document, including URL and other Internet Web site references, is subject to change without notice, and is provided for informational purposes only. The entire risk of the use or results of the use of this document remains with the user, and Microsoft Corporation makes no warranties, either express or implied. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. - -Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. - - - -Microsoft, MS-DOS, Windows, Windows Server, Windows Vista, Active Directory, and ActiveSync are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries. - -The names of actual companies and products mentioned herein may be the trademarks of their respective owners. - - - - - - - - - diff --git a/mdop/appv-v4/microsoft-application-virtualization-security-guide.md b/mdop/appv-v4/microsoft-application-virtualization-security-guide.md deleted file mode 100644 index 8b8cf618b5..0000000000 --- a/mdop/appv-v4/microsoft-application-virtualization-security-guide.md +++ /dev/null @@ -1,29 +0,0 @@ ---- -title: Microsoft Application Virtualization Security Guide -description: Microsoft Application Virtualization Security Guide -author: dansimp -ms.assetid: 5e794316-cc4f-459e-90ef-79fc9841ba4e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Microsoft Application Virtualization Security Guide - - -This documentation introduces you to important information about deployment decisions that can affect the security of your system. It also provides you with the necessary steps to configure the Microsoft Application Virtualization (App-V) security settings to enhance the security of your environment based on the recommendations presented in the Security Best Practices Whitepaper. If the security settings are specific to Windows but not to App-V, the documentation includes the appropriate links to that information. - -  - -  - - - - - diff --git a/mdop/appv-v4/monitoring-application-virtualization-servers.md b/mdop/appv-v4/monitoring-application-virtualization-servers.md deleted file mode 100644 index c778742dcd..0000000000 --- a/mdop/appv-v4/monitoring-application-virtualization-servers.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: Monitoring Application Virtualization Servers -description: Monitoring Application Virtualization Servers -author: dansimp -ms.assetid: d84355ae-4fe4-41d9-ac3a-3eaa32d9a61f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Monitoring Application Virtualization Servers - - -To simplify Application Virtualization (App-V) Server management, you can use the System Center Operations Manager 2007 Management Pack. This Management Pack supports only Application Virtualization (App-V) 4.5 servers; it does not support previous server versions. The Management Pack maximizes App-V Server availability for handling App-V Client requests. - -## Status Indicators - - -The App-V Server health status indicators are color-coded. The colors represent the following status values: - -- No color indicates that the server is running without non-recoverable errors. - -- Yellow indicates that one of the components is not functioning correctly. The overall functionality of the server is degraded, but the server is still available. - -- Red indicates that the server is not available and that it cannot provide key services or communicate with external service dependencies. - -## Monitoring Criteria - - -The Management Pack monitors the following aspects of server health: - -- Server Status—monitors server events to validate that the server is providing its expected services. - -- Data Store Access—tracks the ability of one or more of the App-V Management Servers to access and communicate with the App-V data store. - -- Content Data Access—monitors access to the \\Content directory, which might be a local directory or a network share, and the ability to read the requested files. - -- Security—reports errors with the App-V Server’s certificate and secure communications. - -- Client Request Handling—monitors the ability of one or more of the App-V Servers to handle and correctly respond to client requests. These requests include publishing such items as configuration requests, package load requests, and out of sequence requests. - -- Server Configuration—checks the configuration settings of the App-V Server. These configuration settings include the settings in the registry and in the App-V data store. - -## Server Differences - - -The main differences between the App-V Management Server and the App-V Streaming Server are as follows: - -- App-V Management Servers can provide publishing, streaming, management, and reporting services. Therefore, the Management Pack can manage more aspects of the App-V Management Server than it can manage on the App-V Streaming Server, which provides only package streaming. - -- The App-V Streaming Server does not have an App-V data store, so data store access is not monitored. The configuration information for the App-V Streaming Server is managed in the registry. - -- The App-V Streaming Server does not use the App-V Server Management Console interface; use other tools to manage the configuration. - -## Related topics - - -[Application Virtualization Server](application-virtualization-server.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/online-help-for-application-virtualization.md b/mdop/appv-v4/online-help-for-application-virtualization.md deleted file mode 100644 index 91d7d2784f..0000000000 --- a/mdop/appv-v4/online-help-for-application-virtualization.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: Online Help for Application Virtualization -description: Online Help for Application Virtualization -author: dansimp -ms.assetid: 261ede48-976f-473c-84bc-452577efdcdf -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Online Help for Application Virtualization - - -The Microsoft Application Virtualization (App-V) system provides the capability to make applications available to end user computers without having to install the applications directly on those computers. The following online help documentation provides step-by-step procedures for interacting with and using the key system components. - -## In This Section - - -[Microsoft Application Virtualization Client Management Help](microsoft-application-virtualization-client-management-help.md) -Includes conceptual information, step-by-step procedures, and a user interface reference for the Application Virtualization (App-V) Desktop Client and Terminal Services Client. - -[Application Virtualization Server Management Help](application-virtualization-server-management-help.md) -Provides overview information about the Application Virtualization (App-V) Servers, as well as step-by-step procedures for using the available features and commands. A reference section includes information about the windows and dialogs that are available in the Server Management Console. - -[Application Virtualization Sequencer Online Help](application-virtualization-sequencer-online-help.md) -Includes information about the user interface and the Sequencing Wizard and provides detailed step-by-step procedures for sequencing applications. - -  - -  - - - - - diff --git a/mdop/appv-v4/open-package-wizard---appv-46-sp1-.md b/mdop/appv-v4/open-package-wizard---appv-46-sp1-.md deleted file mode 100644 index 0bf23f9812..0000000000 --- a/mdop/appv-v4/open-package-wizard---appv-46-sp1-.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Open Package Wizard (AppV 4.6 SP1) -description: Open Package Wizard (AppV 4.6 SP1) -author: dansimp -ms.assetid: 26bdef59-2ea3-4e30-9095-0ee0d0085b2d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Open Package Wizard (AppV 4.6 SP1) - - -Use any of the following links for more information about the App-V Open Package wizard. - -## In This Section - - -[Select Task Page (Learn More)](select-task-page--learn-more-.md) -Describes the options on the **Select Task** page to modify an existing virtual application package. - -[Packaging Method (Learn More)](packaging-method--learn-more-.md) - -## Related topics - - -[Wizard Pages (AppV 4.6 SP1)](wizard-pages--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/operations-guide-for-the-application-virtualization-system.md b/mdop/appv-v4/operations-guide-for-the-application-virtualization-system.md deleted file mode 100644 index fa836b09a6..0000000000 --- a/mdop/appv-v4/operations-guide-for-the-application-virtualization-system.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: Operations Guide for the Application Virtualization System -description: Operations Guide for the Application Virtualization System -author: dansimp -ms.assetid: 686f2b75-7fba-4410-89b2-a539984b6ef2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Operations Guide for the Application Virtualization System - - -The Microsoft Application Virtualization Operations Guide provides information and step-by-step procedures to help you administer the Microsoft Application Virtualization (App-V) system and its components. This information will be valuable for system administrators who manage large installations with many servers and clients and for support personnel who interact directly with the computers or the end users. - -## In This Section - - -[Application Virtualization Client](application-virtualization-client.md) -Provides information about operational tasks for administering the Application Virtualization (App-V) Client. - -[Application Virtualization Server](application-virtualization-server.md) -Provides information about operational tasks for administering the Application Virtualization (App-V) Servers. - -[Application Virtualization Sequencer](application-virtualization-sequencer.md) -Provides information about operational tasks for using the Application Virtualization (App-V) Sequencer. - -## Reference - - -For more information about general App-V sequencing best practices, see the following Microsoft Web sites: - -MCS Sequencing Guidelines at - -Best Practices for Sequencing at - -  - -  - - - - - diff --git a/mdop/appv-v4/osd-file-elements.md b/mdop/appv-v4/osd-file-elements.md deleted file mode 100644 index 96422a7568..0000000000 --- a/mdop/appv-v4/osd-file-elements.md +++ /dev/null @@ -1,81 +0,0 @@ ---- -title: OSD File Elements -description: OSD File Elements -author: dansimp -ms.assetid: 8211b562-7549-4331-8321-144f52574e99 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# OSD File Elements - - -The Sequencer installation directory contains an XML schema file, **Softricity.xsd**, which defines the valid structure of an Open Software Descriptor (OSD) file. Following are some of the more frequently used OSD elements. - -SOFTPKG -The root element of the OSD file containing all elements defining the software package. - -CODEBASE -Information about the .sft file for this package, including the HREF, FILENAME, and GUID attributes. You can edit the HREF attribute if you change the distribution point of this particular package. - -OS -Defines on what operating systems this application can run based on values that are initially set in the Sequencing Wizard. This value can contain only the values defined in **Softricity.xsd**. - -LOCAL\_INTERACTION\_ALLOWED -Set to TRUE, this enables creation of named objects (events, mutexes, semaphores, file mappings, and mailslots) and COM objects in the global namespace rather than isolated inside a particular virtual environment, which allows virtual applications to interact with the host operating system's applications. - -Example:<SOFTPKG><IMPLEMENTATION> - -<VIRTUALENV><POLICIES> - -<LOCAL\_INTERACTION\_ALLOWED>TRUE - -</LOCAL\_INTERACTION\_ALLOWED> - -</POLICIES></VIRTUALENV> - -</IMPLEMENTATION></SOFTPKG> - -DEPENDENCIES -Defines Dynamic Suite Composition (dependencies on other packages) by using a CODEBASE tag from another package. - -Example:<DEPENDENCIES><CODEBASE HREF="rtsps://server/package.sft" GUID="7579F4DF-2461-4219-BD43-494E1FDC69E3" SYSGUARDFILE="pkg.1\\osguard.cp" SIZE="6572748" MANDATORY="FALSE"/></DEPENDENCIES> - -PACKAGE NAME -A common name for the package entered into the Sequencing Wizard **Package Information** page, which enables you to specify a single name used for a sequenced application containing multiple applications. - -TITLE -Optional descriptive name of the application you are sequencing. - -ABSTRACT -Short description of the software package entered in the **Comments** field in the Sequencing Wizard **Package Information** page. A best practice is to specify information such as the operating system and service-pack level of the Sequencer workstation, Sequencer version, and the sequencing engineer’s name. - -SCRIPT -Defines specific scripted events to occur during startup, shutdown, or streaming. - -MGMT\_SHORTCUTLIST -List of all shortcuts defined in the wizard. - -MGMT\_FILEASSOCIATIONS -List of the file types specified in the wizard. - -## Related topics - - -[About the OSD Tab](about-the-osd-tab.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/osd-tab-keep.md b/mdop/appv-v4/osd-tab-keep.md deleted file mode 100644 index dd06e42a12..0000000000 --- a/mdop/appv-v4/osd-tab-keep.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: OSD Tab -description: OSD Tab -author: dansimp -ms.assetid: e66f1384-1753-4216-b9ee-77e99af93c74 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# OSD Tab - - -Use the **OSD** tab to edit and customize the Open Software Descriptor (OSD) file. - -## In This Section - - -[About the OSD Tab](about-the-osd-tab.md) -Provides general information about the **OSD** tab. - -[How to Edit an OSD File](how-to-edit-an-osd-file.md) -Provides the procedure to edit the OSD file by using the **Virtual Services** tab. - -[How to Edit an OSD File Using a Text Editor](how-to-edit-an-osd-file-using-a-text-editor.md) -Provides the procedure to customize an OSD file by using a text editor. - -## Related topics - - -[Sequencer Console](sequencer-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/oversized-package-dialog-box--app-v-46-sp1-.md b/mdop/appv-v4/oversized-package-dialog-box--app-v-46-sp1-.md deleted file mode 100644 index 6a802d1959..0000000000 --- a/mdop/appv-v4/oversized-package-dialog-box--app-v-46-sp1-.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Oversized Package Dialog Box (App-V 4.6 SP1) -description: Oversized Package Dialog Box (App-V 4.6 SP1) -author: dansimp -ms.assetid: 8973a493-6509-4d52-afb6-a9f47d1c5c26 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Oversized Package Dialog Box (App-V 4.6 SP1) - - -The uncompressed package size exceeds the recommended 4 GB package size limit. To reduce the size of the package, package compression has been enabled. - -In the **Oversized Package** dialog box, use the following procedure to configure package compression. - -1. In the App-V Sequencer console, click the **Deployment** tab. - -2. To enable package compression, select the **Compress Package** check box. To disable package compression, clear the **Compress Package** check box. - -3. To save the package, click **File** / **Save**. - -## Related topics - - -[Dialog Boxes (AppV 4.6 SP1)](dialog-boxes--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/overview-of-application-virtualization.md b/mdop/appv-v4/overview-of-application-virtualization.md deleted file mode 100644 index 356e53e996..0000000000 --- a/mdop/appv-v4/overview-of-application-virtualization.md +++ /dev/null @@ -1,97 +0,0 @@ ---- -title: Overview of Application Virtualization -description: Overview of Application Virtualization -author: dansimp -ms.assetid: 80545ef4-cf4c-420c-88d6-48e9f226051f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Overview of Application Virtualization - - -Microsoft Application Virtualization (App-V) can make applications available to end user computers without having to install the applications directly on those computers. This is made possible through a process known as *sequencing the application*, which enables each application to run in its own self-contained virtual environment on the client computer. The sequenced applications are isolated from each other. This eliminates application conflicts, but the applications can still interact with the client computer. - -The App-V client is the feature that lets the end user interact with the applications after they have been published to the computer. The client manages the virtual environment in which the virtualized applications run on each computer. After the client has been installed on a computer, the applications must be made available to the computer through a process known as *publishing*, which enables the end user to run the virtual applications. The publishing process copies the virtual application icons and shortcuts to the computer—typically on the Windows desktop or on the **Start** menu—and also copies the package definition and file type association information to the computer. Publishing also makes the application package content available to the end user’s computer. - -The virtual application package content can be copied onto one or more Application Virtualization servers so that it can be streamed down to the clients on demand and cached locally. File servers and Web servers can also be used as streaming servers, or the content can be copied directly to the end user’s computer—for example, if you are using an electronic software distribution system, such as Microsoft Endpoint Configuration Manager. In a multi-server implementation, maintaining the package content and keeping it up to date on all the streaming servers requires a comprehensive package management solution. Depending on the size of your organization, you might need to have many virtual applications available to end users located all over the world. Managing the packages to ensure that the appropriate applications are available to all users where and when they need access to them is therefore an important requirement. - -## Microsoft Application Virtualization System Features - - -The following table describes the primary features of the Microsoft Application Virtualization Management System. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FeatureFunctionAdditional Information

Microsoft Application Virtualization Management Server

Responsible for streaming the package content and publishing the shortcuts and file type associations to the Application Virtualization client.

The Application Virtualization Management Server supports active upgrade, License Management, and a database that can be used for reporting.

Content folder

Indicates the location of the Application Virtualization packages for streaming.

This folder can be located on a share on or off the Application Virtualization Management Server.

Microsoft Application Virtualization Management Console

This console is an MMC 3.0 snap-in management tool used for Microsoft Application Virtualization Server administration.

This tool can be installed on the Microsoft Application Virtualization server or located on a separate workstation that has Microsoft Management Console (MMC) 3.0 and Microsoft .NET Framework 2.0 installed.

Microsoft Application Virtualization Management Web Service

Responsible for communicating any read and write requests to the Application Virtualization data store.

The Management Web Service can be installed on the Microsoft Application Virtualization Management server or on a separate computer that has Microsoft Internet Information Services (IIS) installed.

Microsoft Application Virtualization Data Store

The App-V SQL Server database responsible for storing all information related to the Application Virtualization infrastructure.

This information includes all application records, application assignments, and which groups have responsibility for managing the Application Virtualization environment.

Microsoft Application Virtualization Streaming Server

Responsible for hosting the Application Virtualization packages for streaming to clients in a branch office, where the link back to the Application Virtualization Management Server is considered a wide area networks (WAN) connection.

This server contains streaming functionality only and provides neither the Application Virtualization Management Console nor the Application Virtualization Management Web Service.

Microsoft Application Virtualization Sequencer

The sequencer is used to monitor and capture the installation of applications to create virtual application packages.

The output consists of the application’s icons, an .osd file that contains package definition information, a package manifest file, and the .sft file that contains the application program’s content files.

Microsoft Application Virtualization Client

The Application Virtualization Desktop Client and the Application Virtualization Client for Remote Desktop Services provide and manage the virtual environment for the virtualized applications.

The Microsoft Application Virtualization client manages the package streaming into cache, publishing refresh, transport, and all interaction with the Application Virtualization servers.

- -  - -  - -  - - - - - diff --git a/mdop/appv-v4/overview-of-the-application-virtualization-system-components.md b/mdop/appv-v4/overview-of-the-application-virtualization-system-components.md deleted file mode 100644 index d0436a2494..0000000000 --- a/mdop/appv-v4/overview-of-the-application-virtualization-system-components.md +++ /dev/null @@ -1,97 +0,0 @@ ---- -title: Overview of the Application Virtualization System Components -description: Overview of the Application Virtualization System Components -author: dansimp -ms.assetid: 75d88ef7-44d8-4fa7-b7f5-9153f37e570d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Overview of the Application Virtualization System Components - - -The following table describes the primary components of the Microsoft Application Virtualization Management System. For more information about deploying these system components, see [Application Virtualization Server-Based Scenario](application-virtualization-server-based-scenario.md). - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ComponentFunctionAdditional Information

Microsoft Application Virtualization Management Server

The component responsible for streaming the package content and publishing the shortcuts and file type associations to the Application Virtualization Client.

The Application Virtualization Management Server supports active upgrade, License Management, and a database that can be used for reporting.

Content folder

The location of the Application Virtualization packages for streaming.

This folder can be located on a share on or off the Application Virtualization Management Server. The folder can also be located on a Storage Area Network (SAN).

Microsoft Application Virtualization Management Console

An MMC 3.0 snap-in management utility for Microsoft Application Virtualization Server administration.

This component can be installed on the Microsoft Application Virtualization server or located on a separate workstation that has MMC 3.0 and .NET 2.0 installed.

Microsoft Application Virtualization Management Web Service

The component responsible for communicating any read/write requests to the Application Virtualization data store.

This component can installed on the Microsoft Application Virtualization Server or on a separate computer with IIS installed.

Microsoft Application Virtualization Data Store

The component stored in the SQL database and responsible for storing all information related to the Application Virtualization infrastructure.

This information includes all application records, application assignments, and which groups have responsibility for managing the Application Virtualization environment.

Microsoft Application Virtualization Streaming Server

The component responsible for hosting the Application Virtualization packages for streaming to clients in a branch office, where the link back to the Application Virtualization Management Server is considered a WAN.

This server contains streaming functionality only and provides neither the Application Virtualization Management Console nor the Application Virtualization Management Web Service.

Microsoft Application Virtualization Sequencer

The component used to monitor and capture the installation of applications to create virtual application packages.

Output consists of the application’s icons, an OSD file containing package definition information, a package manifest file, and the SFT file containing the application program’s content files.

Microsoft Application Virtualization Client

The component installed on the Application Virtualization Desktop Client or on the Application Virtualization Client for Remote Desktop Services (formerly Terminal Services) and that provides the virtual environment for the virtualized applications.

The Microsoft Application Virtualization Client manages the package streaming into cache, publishing refresh, transport, and all interaction with the Application Virtualization Servers.

- -  - -## Related topics - - -[Application Virtualization Server-Based Scenario](application-virtualization-server-based-scenario.md) - -[Planning Your Streaming Solution in an Application Virtualization Server-Based Implementation](planning-your-streaming-solution-in-an-application-virtualization-server-based-implementation.md) - -[Publishing Virtual Applications Using Application Virtualization Management Servers](publishing-virtual-applications-using-application-virtualization-management-servers.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/package-name-page---learn-more-.md b/mdop/appv-v4/package-name-page---learn-more-.md deleted file mode 100644 index 5a371c35ca..0000000000 --- a/mdop/appv-v4/package-name-page---learn-more-.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: Package Name Page (Learn More) -description: Package Name Page (Learn More) -author: dansimp -ms.assetid: ee75b8f0-bd9d-4460-a256-016ff97c2386 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Package Name Page (Learn More) - - -Use the **Package Name** page to specify a name for the virtual application package. You can also configure where the package will reside on the target computers. - -**Note**   -Editing the primary virtual application directory is an advanced task. - - - -This page contains the following elements: - -**Virtual Application Package Name** -Specifies the name that will be associated with virtual application package. The name specified should help identify the purpose and version of the application. The package name is also displayed in the App-V management console. - -**Edit (Advanced)** -Select this option to change the location of where the virtual application will be installed on target computers. Editing the Application Virtualization path is an advanced configuration task. You should fully understand the implications of changing the path. For most applications, we recommend the default path. Only select this option, if you prefer to generate your own file name. - -## Related topics - - -[Create New Package Wizard (AppV 4.6 SP1)](create-new-package-wizard---appv-46-sp1-.md) - - - - - - - - - diff --git a/mdop/appv-v4/package-name-page--app-v-46-sp1.md b/mdop/appv-v4/package-name-page--app-v-46-sp1.md deleted file mode 100644 index 18593c1fbe..0000000000 --- a/mdop/appv-v4/package-name-page--app-v-46-sp1.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -title: Package Name Page -description: Package Name Page -author: dansimp -ms.assetid: 1cea36b7-737d-4c5e-9294-5feba02a3e7d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Package Name Page - - -Use the **Package Name** page to specify a name to associate with the new virtual application package. - -This page contains the following elements: - -**Virtual Application Package Name** -Specify a name that describes the new virtual application package. The name also identifies the virtual application package in the App-V Management Console. - -## Related topics - - -[Sequencer Wizard - Package Accelerator (AppV 4.6 SP1)](sequencer-wizard---package-accelerator--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/package-results-pane-columns.md b/mdop/appv-v4/package-results-pane-columns.md deleted file mode 100644 index 65f4510c3f..0000000000 --- a/mdop/appv-v4/package-results-pane-columns.md +++ /dev/null @@ -1,77 +0,0 @@ ---- -title: Package Results Pane Columns -description: Package Results Pane Columns -author: dansimp -ms.assetid: 4ed3a06a-656d-497a-b62d-21684396e2b0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Package Results Pane Columns - - -The **Packages Results** pane in the Application Virtualization Server Management Console displays a variety of columns. - -You can use the standard Windows **Add/Remove Columns** dialog box to select which columns are displayed in the **Results** pane. - -To see the **Add/Remove Columns** dialog box, right-click a package in the **Results** pane and select **View > Add/Remove Columns** from the pop-up menu. - -The following table displays the column name and its contents. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ColumnContents

Number

Displays the package icon and the version number.

Package File

Displays the name of the application file (SFT).

Date Added

Displays the date and time the package was added to the server.

Version GUID

Displays the version GUID.

- -  - -## Related topics - - -[About Application Virtualization Packages](about-application-virtualization-packages.md) - -[How to Manage Packages in the Server Management Console](how-to-manage-packages-in-the-server-management-console.md) - -[Server Management Console: Packages Node](server-management-console-packages-node.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/package-results-pane.md b/mdop/appv-v4/package-results-pane.md deleted file mode 100644 index ed92ee0b14..0000000000 --- a/mdop/appv-v4/package-results-pane.md +++ /dev/null @@ -1,81 +0,0 @@ ---- -title: Package Results Pane -description: Package Results Pane -author: dansimp -ms.assetid: 07b7f737-f26f-4feb-88aa-3d8009c5622d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Package Results Pane - - -The **Packages Results** pane in the Application Virtualization Server Management Console displays a list of the available packages. - -Right-click any package in the **Results** pane to display a pop-up menu that contains the following elements. - -**Add Version** -Starts the Add Package Version wizard. On the **Add Package Version** page, in **Full path for package file**, you can enter or browse to the correct path. On the **Enter Relative path for package file** page, you can enter the relative path in the **Relative path for package file** field. - -**New Window from Here** -Opens a new management console with the selected node as the root node. - -**Delete** -Deletes a package from the **Results** pane. - -**Rename** -Changes the name of a package in the **Results** pane. - -**Refresh** -Refreshes the view of the server. - -**Properties** -Displays the **Properties** dialog box for the selected package. The **Properties** dialog box displays the GUID information, the package name, and a list of applications (including version number and enabled status) associated with the package. - -**Help** -Displays the help system for the Application Virtualization Server Management Console. - -Right-click anywhere in the **Results** pane to display a pop-up menu that contains the following elements. - -**Refresh** -Refreshes the **Results** pane. - -**Export List** -Creates a tab-delimited text file that contains the contents of the **Results** pane. This item displays a standard **File Save** dialog box where you specify the location for the text file you are creating. - -**View** -Changes the appearance and content of the **Results** pane. - -**Arrange Icons** -Changes how the icons are displayed in the **Results** pane. - -**Line Up Icons** -Changes how the icons are displayed in the **Results** pane. - -**Help** -Displays the help system for the Application Virtualization Server Management Console. - -## Related topics - - -[About Application Virtualization Packages](about-application-virtualization-packages.md) - -[How to Manage Packages in the Server Management Console](how-to-manage-packages-in-the-server-management-console.md) - -[Server Management Console: Packages Node](server-management-console-packages-node.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/packages-node.md b/mdop/appv-v4/packages-node.md deleted file mode 100644 index b293c3d8b7..0000000000 --- a/mdop/appv-v4/packages-node.md +++ /dev/null @@ -1,91 +0,0 @@ ---- -title: Packages Node -description: Packages Node -author: dansimp -ms.assetid: 3465168c-012f-4e9f-905d-611418d2975a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Packages Node - - -The **Packages** node is one level below the Application Virtualization System node in the **Scope** pane of the Application Virtualization Server Management Console. When you select this node, the **Results** pane displays a list of packages. Right-click the **Packages** node to display a pop-up menu that contains the following elements. - -**New Package** -Displays the New Package Wizard. This wizard consists of the following three pages: - -1. Enter the package name and path to the corresponding package file (SFT). - -2. Enter the relative path to the SFT file. This path must be relative to the Server Content root. - -3. View the summary screen, and click **Finish** to add the new package. - -**View** -Changes the appearance and content of the **Results** pane. - -**New Window from Here** -Opens a new management console with the selected node as the root node. - -**Refresh** -Refreshes the view of the server. - -**Export List** -Creates a tab-delimited text file that contains the contents of the **Results** pane. This item displays a standard **File Save** dialog box where you specify the location for the text file you are creating. - -**Help** -Displays the help system for the Application Virtualization Server Management Console. - -If you right-click any package that appears under the **Packages** node in the **Scope** pane, the following elements are available. - -**Add Version** -Displays the Add Package Version Wizard. Use this wizard to enter the full path to a new SFT file, or browse to the location of a new SFT file. This wizard also has a summary screen. - -**View** -Changes the appearance and content of the **Results** pane. - -**New Window from Here** -Opens a new management console with the selected node as the root node. - -**Delete** -Deletes a package from the **Results** pane. - -**Rename** -Changes the name of a package in the **Results** pane. - -**Refresh** -Refreshes the view of the server. - -**Export List** -Creates a tab-delimited text file that contains the contents of the **Results** pane. This item displays a standard **File Save** dialog box where you specify the location for the text file you are creating. - -**Properties** -Displays the **Properties** dialog box for the selected package. The **Properties** dialog box displays the GUID information, the package name, and a list of applications (including version number and enabled status) associated with the package. - -**Help** -Displays the help system for the Application Virtualization Server Management Console. - -## Related topics - - -[About Application Virtualization Packages](about-application-virtualization-packages.md) - -[How to Manage Packages in the Server Management Console](how-to-manage-packages-in-the-server-management-console.md) - -[Server Management Console: Packages Node](server-management-console-packages-node.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/packaging-method--learn-more-.md b/mdop/appv-v4/packaging-method--learn-more-.md deleted file mode 100644 index 8fd5449b82..0000000000 --- a/mdop/appv-v4/packaging-method--learn-more-.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Packaging Method (Learn More) -description: Packaging Method (Learn More) -author: dansimp -ms.assetid: 3975a640-1ffd-4b4c-95fd-608469f4c205 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Packaging Method (Learn More) - - -Use the **Packaging Method** page to specify the method you want to use to create a new virtual application package. - -This page contains the following elements: - -**Create Package (default)** -Select this option to create a virtual application package by installing an application to the computer running the App-V Sequencer while the App-V Sequencer monitors the installation. You should also copy all the required installation files to a local directory on the computer running the Sequencer. - -**Create Package using a Package Accelerator** -Select this option to create a package by using a Package Accelerator. The App-V Sequencer uses a Package Accelerator to create a virtual application package without having to manually install the application. For more information about Package Accelerators, see [About App-V Package Accelerators (App-V 4.6 SP1)](about-app-v-package-accelerators--app-v-46-sp1-.md). - -## Related topics - - -[Open Package Wizard (AppV 4.6 SP1)](open-package-wizard---appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/packaging-method-page--learn-more-.md b/mdop/appv-v4/packaging-method-page--learn-more-.md deleted file mode 100644 index 41103433f7..0000000000 --- a/mdop/appv-v4/packaging-method-page--learn-more-.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Packaging Method Page (Learn More) -description: Packaging Method Page (Learn More) -author: dansimp -ms.assetid: f405a293-bcd4-48a1-b4d9-b5e4cf73c5f4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Packaging Method Page (Learn More) - - -Use the **Packaging Method** page to specify the method you want to use to create a new virtual application package. - -This page contains the following elements. - -**Create Package (default)** -Select this option to create a virtual application package by installing an application on the computer running the App-V Sequencer while the App-V Sequencer monitors the installation. You should also copy all the required installation files to a local directory on the computer running the Sequencer. - -**Create Package using a Package Accelerator** -Select this option to create a package by using a Package Accelerator. The App-V Sequencer uses a Package Accelerator to create a virtual application package. A Package Accelerator enables you to create a virtual application package without performing all of the required manual steps during installation. For more information about Package Accelerators, see [About App-V Package Accelerators (App-V 4.6 SP1)](about-app-v-package-accelerators--app-v-46-sp1-.md). - -## Related topics - - -[Open Package Wizard (AppV 4.6 SP1)](open-package-wizard---appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/parse-items-tab-keep.md b/mdop/appv-v4/parse-items-tab-keep.md deleted file mode 100644 index e4f0a9b72f..0000000000 --- a/mdop/appv-v4/parse-items-tab-keep.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: Parse Items Tab -description: Parse Items Tab -author: dansimp -ms.assetid: bdf3fe0d-404a-4745-af52-f415fa321564 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Parse Items Tab - - -The **Parse Items** tab displays the mapping rules that the Sequencer uses to accommodate differences that exist between configurations on the sequencing computer and the App-V Desktop Client. This tab contains the following elements. - -## UI Elements List - - -**Parse From** -Displays read-only variable names evaluated by the Application Virtualization Sequencer to determine important operating system locations on the sequencing computer. - -**Parse To** -Displays read-only variable names that the Application Virtualization Sequencer substitutes when encountering variable names in the associated **Parse From** column, while parsing items in the virtual file system or virtual registry. - -**Map Type** -Displays read-only mapping rules that the Application Virtualization Sequencer applies to parse items in the virtual file system or virtual registry. One of the following values can occur: - -**OK** -Saves the changes and exits the dialog box. - -**Cancel** -Exits the dialog box without saving any changes. - -**Apply** -Saves the changes and remains in the dialog box. - -## Related topics - - -[Application Virtualization Sequencer Options Dialog Box](application-virtualization-sequencer-options-dialog-box.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/planning-and-deployment-guide-for-the-application-virtualization-system.md b/mdop/appv-v4/planning-and-deployment-guide-for-the-application-virtualization-system.md deleted file mode 100644 index a3718091a0..0000000000 --- a/mdop/appv-v4/planning-and-deployment-guide-for-the-application-virtualization-system.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: Planning and Deployment Guide for the Application Virtualization System -description: Planning and Deployment Guide for the Application Virtualization System -author: dansimp -ms.assetid: 6c012e33-9ac6-4cd8-84ff-54f40973833f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning and Deployment Guide for the Application Virtualization System - - -Microsoft Application Virtualization Management provides the capability to make applications available to end user computers without having to install the applications directly on those computers. This is made possible through a process known as *sequencing the application*, which enables each application to run in its own self-contained virtual environment on the client computer. The sequenced applications are isolated from one another, eliminating application conflicts, yet can still interact with the client computer. - -The Application Virtualization Client is the Application Virtualization system component that enables the end user to interact with the applications after they have been published to the computer. The client manages the virtual environment in which the virtualized applications run on each computer. After the client has been installed on a computer, the applications must be made available to the computer through a process known as *publishing*, which enables the end user to run the virtual applications. The publishing process places the virtual application icons and shortcuts on the computer—typically on the Windows desktop or on the **Start** menu—and also places the package definition and file type association information on the computer. Publishing also makes the application package content available to the end user’s computer. - -The virtual application package content can be placed on one or more Application Virtualization servers so that it can be streamed down to the clients on demand and cached locally. File servers and Web servers can also be used as streaming servers, or the content can be placed directly on the end user’s computer—for example, if you are using an electronic software distribution system, such as Microsoft Endpoint Configuration Manager. In a multi-server implementation, maintaining the package content and keeping it up to date on all the streaming servers requires a comprehensive package management solution. Depending on the size of your organization, you might need to have many virtual applications accessible to end users located all over the world. Managing the packages to ensure that the right applications are available to all users where and when they need access to them is therefore an essential requirement. - -The Application Virtualization Planning and Deployment Guide provides information to help you better understand and deploy the Microsoft Application Virtualization application and its components. It also provides step-by-step procedures for implementing the key deployment scenarios. - -## In This Section - - -[Planning for Application Virtualization System Deployment](planning-for-application-virtualization-system-deployment.md) -Provides the guidance necessary to plan the implementation and deployment of your Application Virtualization system. - -[Application Virtualization Deployment and Upgrade Considerations](application-virtualization-deployment-and-upgrade-considerations.md) -Provides information about hardware and software requirements for installing the various Application Virtualization components, as well as upgrade information. - -[Electronic Software Distribution-Based Scenario](electronic-software-distribution-based-scenario.md) -Provides information about deploying Application Virtualization using an electronic software distribution (ESD) system. - -[Application Virtualization Server-Based Scenario](application-virtualization-server-based-scenario.md) -Provides information about deploying Application Virtualization using the Application Virtualization Management Server. - -[Stand-Alone Delivery Scenario for Application Virtualization Clients](stand-alone-delivery-scenario-for-application-virtualization-clients.md) -Describes how to deploy Application Virtualization in a stand-alone mode, without the use of ESD or server-based resources. - -[Application Virtualization Reference](application-virtualization-reference.md) -Contains detailed technical reference material related to installing and managing system components. - -  - -  - - - - - diff --git a/mdop/appv-v4/planning-for-application-virtualization-client-deployment.md b/mdop/appv-v4/planning-for-application-virtualization-client-deployment.md deleted file mode 100644 index 4b56a86f3a..0000000000 --- a/mdop/appv-v4/planning-for-application-virtualization-client-deployment.md +++ /dev/null @@ -1,71 +0,0 @@ ---- -title: Planning for Application Virtualization Client Deployment -description: Planning for Application Virtualization Client Deployment -author: dansimp -ms.assetid: a352f80f-f0f9-4fbf-ac10-24c510b2d6be -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning for Application Virtualization Client Deployment - - -After you have decided how you will publish and deploy virtual application packages to your end user computers, you should plan the deployment of the Application Virtualization Client software. - -The Application Virtualization Client is the component that actually runs the virtual applications. The Application Virtualization Client enables users to interact with icons and to double-click file types to start a virtual application. It also handles streaming of the application content from a streaming server and caches it before starting the application. The application content is structured such that all the content needed to start the application and handle initial user interaction is streamed to the end user computer first. There are two different types of Application Virtualization Client software: the Application Virtualization Client for Remote Desktop Services (formerly Terminal Services), which is used on Remote Desktop Session Host (RD Session Host) server systems, and the Application Virtualization Desktop Client, which is used for all other computers. - -The Application Virtualization Client should be configured at installation time, either in the Application Virtualization Management Console or via the installer command line, with a number of important settings, including the following: - -- Locations of the icons for all the applications. - -- The location of the OSD file that contains the package definition information. - -- The application content source. - -- The communications protocol to be used when retrieving the preceding items. - -- The cache size and cache size management method to be used. - -To expedite the deployment of the Application Virtualization Client software when using an electronic software distribution (ESD) solution, the preceding settings must be defined carefully in advance. This is especially important when you have computers in different offices, where their clients would need to be configured to use different source locations. - -**Note**   -- The icon location and OSD file values are an important factor to consider when choosing your publishing method, whether using Windows Installer or SFTMIME. The setting for the application content source is defined by your choice of streaming method. - -- To ensure that the cache has sufficient space allocated for all packages that might be deployed, use the **Use free disk space threshold** setting when you configure the client so that the cache can grow as needed. Alternatively, determine in advance how much disk space will be needed for the App-V cache, and at installation time, set the cache size accordingly. For more information about the cache space management feature, see **How to Use the Cache Space Management Feature** in the Microsoft Application Virtualization (App-V) Operations Guide. - -- During both the publishing and HTTP(S) streaming operations,App-V 4.5 SP1 clients use the proxy server settings that are configured in Internet Explorer on the user’s computer. - -For more information about configuring the client installation parameters, see [Application Virtualization Client Installer Command-Line Parameters](application-virtualization-client-installer-command-line-parameters.md). - -  - -Finally, you need to determine how to deploy the Application Virtualization Desktop Client software for the desktop clients. Although it is possible to deploy the Application Virtualization Desktop Client manually on each computer, most organizations would need to do this through some automated process. A medium or large organization might have an ESD system in operation, and that would be an ideal way to deploy the client. If no ESD system exists, you can use your standard method of installing software in your organization. Choices include Group Policy or various scripting techniques. Depending on the number and size of the offices you have, this deployment process can be complex, and it is essential that you take a structured approach to ensure all computers get a client installed with the correct configuration. - -## Related topics - - -[Planning for Application Virtualization System Deployment](planning-for-application-virtualization-system-deployment.md) - -[How to Install the Client by Using the Command Line](how-to-install-the-client-by-using-the-command-line-new.md) - -[How to Publish a Virtual Application on the Client](how-to-publish-a-virtual-application-on-the-client.md) - -[How to Upgrade the Application Virtualization Client](how-to-upgrade-the-application-virtualization-client.md) - -[How to Uninstall the App-V Client](how-to-uninstall-the-app-v-client.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/planning-for-application-virtualization-system-deployment.md b/mdop/appv-v4/planning-for-application-virtualization-system-deployment.md deleted file mode 100644 index 7ac4ec4db2..0000000000 --- a/mdop/appv-v4/planning-for-application-virtualization-system-deployment.md +++ /dev/null @@ -1,72 +0,0 @@ ---- -title: Planning for Application Virtualization System Deployment -description: Planning for Application Virtualization System Deployment -author: dansimp -ms.assetid: 8215269f-c083-468a-bf0b-886b0d2dd69e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning for Application Virtualization System Deployment - - -This section provides important information to help you plan your deployment of Microsoft Application Virtualization. - -## In This Section - - -[Best Practices for the Application Virtualization Sequencer](best-practices-for-the-application-virtualization-sequencer-sp1.md) -Provides important security-related planning information about setting up the Application Virtualization Sequencer to sequence application packages. - -[Planning the Application Virtualization Sequencer Implementation](planning-the-application-virtualization-sequencer-implementation.md) -Provides planning guidance for implementing the App-V sequencer. - -[Using Electronic Software Distribution as a Package Management Solution](using-electronic-software-distribution-as-a-package-management-solution.md) -Provides planning guidance for using an electronic software distribution system to manage application package content, including setting up publishing and streaming. - -[Using Application Virtualization Servers as a Package Management Solution](using-application-virtualization-servers-as-a-package-management-solution.md) -Provides the planning information necessary for managing application package content in an Application Virtualization Server-based deployment. - -[Planning for Application Virtualization Client Deployment](planning-for-application-virtualization-client-deployment.md) -Provides important planning considerations for deploying the Application Virtualization Client. - -[Planning for Migration from Previous Versions](planning-for-migration-from-previous-versions.md) -Identifies the steps for upgrading from a previous version and lists several important factors to consider. - -[Planning for Security and Protection](planning-for-security-and-protection.md) -Provides information about enhanced security features in Application Virtualization 4.5. - -## Reference - - -[Application Virtualization Reference](application-virtualization-reference.md) - -## Related Sections - - -[Application Virtualization Deployment and Upgrade Considerations](application-virtualization-deployment-and-upgrade-considerations.md) - -## Related topics - - -[Application Virtualization Server-Based Scenario](application-virtualization-server-based-scenario.md) - -[Electronic Software Distribution-Based Scenario](electronic-software-distribution-based-scenario.md) - -[Stand-Alone Delivery Scenario for Application Virtualization Clients](stand-alone-delivery-scenario-for-application-virtualization-clients.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/planning-for-client-security.md b/mdop/appv-v4/planning-for-client-security.md deleted file mode 100644 index e47a871c34..0000000000 --- a/mdop/appv-v4/planning-for-client-security.md +++ /dev/null @@ -1,109 +0,0 @@ ---- -title: Planning for Client Security -description: Planning for Client Security -author: dansimp -ms.assetid: 4840a60f-4c91-489c-ad0b-6671882abf9b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Planning for Client Security - - -The App-V Client provides several security enhancements that were not present in previous versions of the product. These changes provide improved security after installation and through later configuration of the client settings. This topic describes some of those enhancements and identifies several important security-related configuration settings that you should consider during your planning process. It is important to remember that virtual applications are still executables, so you must ensure that these assets cannot be tampered with by unauthorized people. For this reason, the Open Software Descriptor (OSD) file cache is protected as described later in this topic, and we strongly recommend that you use RTSPS, HTTPS, and IPsec to protect publishing and streaming. - -## App-V Client Security - - -By default, at installation the App-V client is configured with the minimum permissions required to allow a user to perform a publishing refresh and to start applications. Other security enhancements provided in the App-V client include the following: - -- By default, the OSD file cache can be updated only by administrators and by using the publishing refresh process. - -- The log file (sftlog.txt) is accessible only by accounts with local administrative access to the client. - -- The log file now has a maximum size. - -### File Type Associations - -By default, the installation of the client registers file type associations (FTAs) for OSD files, which enables users to start applications directly from OSD files instead of the published shortcuts. If a user with local administrator rights receives an OSD file containing malicious code, either in e-mail or downloaded from a Web site, the user can open the OSD file and start the application even if the client has been set to restrict the **Add Application** permission. You can unregister the FTAs for the OSD to reduce this risk. Also, consider blocking this extension in the e-mail system and at the firewall. For more information about configuring Outlook to block extensions, see . - -**Security Note:** - -Starting with App-V version 4.6, the file type association is no longer created for OSD files during a new installation of the client, although the existing settings will be maintained during an upgrade from version 4.2 or 4.5 of the App-V client. If for any reason it is essential to create the file type association, you can create the following registry keys and set their values as shown: - - Create HKEY\_CLASSES\_ROOT\\.osd with a default value of SoftGrid.osd.File - - Under HKEY\_LOCAL\_MACHINE\\software\\classes\\Softgrid.osd.file, create a string value named AppUserModelID with a data value of Microsoft.AppV.Client.Tray - -### Authorization - -During installation, you can use the **RequireAuthorizationIfCached** parameter to configure the client to require authorization from the server when the user tries to start an application. You should consider carefully how to set this parameter. If the App-V server is unavailable for any reason, the application will use the most recent stored state of this parameter to control user access to the application. If the user has not launched the application successfully before the App-V server becomes unavailable, they will not be able to launch the application until they can communicate with the server and receive authorization. However, if you set the parameter so that the client does not require authorization and if the server is unavailable, all previously cached applications can be started whether authorized or not. Also, if the user has permission to change the client to Work Offline mode through permissions or if the user is a local administrator, the user would be able to open all cached packages as if the App-V infrastructure was unavailable. - -### Antivirus Scanning - -Antivirus software running on an App-V Client computer can detect and report an infected file in the virtual environment. However, it cannot disinfect the file. If a virus is detected in the virtual environment, the antivirus software would perform the configured quarantine or repair operation in the cache, not in the actual package. Configure the antivirus software with an exception for the sftfs.fsd file. This file is the cache file that stores packages on the App-V Client. - -**Security Note:** - -If a virus is detected in an application or package deployed in the production environment, replace the application or package with a virus-free version. - -## Communication Between Client and Server - - -Publishing refreshes and package streaming are also areas where security considerations relating to client-server communication are important. - -### Publishing Refresh - -When the client communicates with the server to perform a publishing refresh, it uses the credentials of the logged on user to request information about the application packages. You should secure the communication that occurs between the App-V client and App-V Management Server to ensure that none of the publishing information can be tampered with in transit. This is done by using the Enhanced Security option, which will use RTSPS/HTTPS. Communication between the Client and the location where the ICO and OSD files are stored should use IPsec for SMB/CIFS shares and HTTPS for an IIS server. - -**Note**   -If you are using IIS to publish the ICO and OSD files, configure a MIME type for OSD=TXT; otherwise, IIS will refuse to serve the ICO and OSD files to clients. - - - -### Package Streaming - -When a user launches an application for the first time, or if auto-loading parameters have been set on the client, the application package is streamed from a server to the client cache. This process supports the RTSP/RTSPS, HTTP/HTTPS, and SMB/CIFS protocols. The OSD files control which protocols are used, unless the **ApplicationSourceRoot** or **OverrideURL** setting has been configured on the clients. You should configure communication to occur over RTSPS, HTTPS, or IPsec for SMB/CIFS to achieve higher levels of security. For more information about choosing which communication method to use, see the App-V Planning and Deployment Guide at . - -**Note**   -If you are using IIS to publish packages (SFT files), configure a MIME type for SFT=Binary; otherwise, IIS will refuse to serve the SFT files to clients. - - - -### Roaming Profiles and Folder Redirection - -The App-V system stores user-specific changes to packages in the usrvol\_sftfs\_v1.pkg file. This file is located in the Application Data folder of a user’s profile. Because the profile or a redirected Application Data folder is transferred between the client and the server, use IPsec to secure the communication. - -## Considerations for Internet-Facing Clients - - -For Internet-facing clients, it is important to consider whether the client is domain joined or non-domain joined. - -### Domain Joined Client - -By default, App-V Clients use Kerberos tickets that were issued by Active Directory Domain Services for authentication and authorization on the intranet. These Kerberos tickets are valid for 10 hours by default. The client will use this ticket to access the App-V server for as long as the ticket is valid, even if the computer is unable to connect to the domain controller to refresh the ticket. If the Kerberos ticket expires, the App-V client will revert to NTLM authentication and use the user’s cached credentials. - -### Non-Domain Joined Client - -If a user is home-based and the computer is not joined to the company domain, App-V can still support delivering applications. To authenticate and authorize a user to perform a publishing refresh and to start applications, configure the user account on the client computer to store the user name and password that has access to the App-V environment and to provide appropriate permissions to the applications. - -## Related topics - - -[Planning for Security and Protection](planning-for-security-and-protection.md) - - - - - - - - - diff --git a/mdop/appv-v4/planning-for-migration-from-previous-versions.md b/mdop/appv-v4/planning-for-migration-from-previous-versions.md deleted file mode 100644 index 2e96c0f008..0000000000 --- a/mdop/appv-v4/planning-for-migration-from-previous-versions.md +++ /dev/null @@ -1,218 +0,0 @@ ---- -title: Planning for Migration from Previous Versions -description: Planning for Migration from Previous Versions -author: dansimp -ms.assetid: 62967bf1-542f-41b0-838f-c62f3430ac73 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Planning for Migration from Previous Versions - - -Before attempting to upgrade to Microsoft Application Virtualization 4.5 or later versions, any version prior to 4.1 must be upgraded to version 4.1. You should plan to upgrade your clients first, and then upgrade the server components. Clients that have been upgraded to 4.5 will continue to work with Application Virtualization servers that have not yet been upgraded. Earlier versions of the client are not supported on servers that have been upgraded to 4.5. For more information about upgrading the system components, see [Application Virtualization Deployment and Upgrade Considerations](application-virtualization-deployment-and-upgrade-considerations.md). - -To help ensure a successful migration, the Application Virtualization system components should be upgraded in the following order: - -1. **Microsoft Application Virtualization Clients.** For step-by-step upgrade instructions, see [How to Upgrade the Application Virtualization Client](how-to-upgrade-the-application-virtualization-client.md). - -2. **Microsoft Application Virtualization Servers and Database.** For step-by-step upgrade instructions, see [How to Upgrade the Servers and System Components](how-to-upgrade-the-servers-and-system-components.md). - - **Note**   - If you have more than one server sharing access to the Application Virtualization database, all those servers must be taken offline while the database is being upgraded. You should follow your normal business practices for the database upgrade, but it is highly advisable that you test the database upgrade by using a backup copy of the database first on a test server. Then, you should select one of the servers for the first upgrade, which will upgrade the database schema. After the production database has been successfully upgraded, you can upgrade the other servers. - - - -3. **Microsoft Application Virtualization Management Web Service.** This step applies only if the Management Web Service is on a separate server, which would require that you run the server installer program on that separate server to upgrade the Web service. Otherwise, the previous server upgrade step will automatically upgrade the Management Web Service. - -4. **Microsoft Application Virtualization Management Console.** This step applies only if the Management Console is on a separate computer, which would require that you run the server installer program on that separate computer to upgrade the console. Otherwise, the previous server upgrade step will upgrade the Management Console. - -5. **Microsoft Application Virtualization Sequencer.** For step-by-step instructions, see [How to Install the Application Virtualization Sequencer](how-to-install-the-application-virtualization-sequencer.md). Any virtual application packages sequenced in version 4.2 will not have to be re-sequenced for use with version 4.5. However, you should consider upgrading the virtual packages to the Microsoft Application Virtualization 4.5 format if you would like to apply default access control lists (ACLs) or generate a Windows Installer file. This is a simple process and requires only that the existing virtual application package be opened and saved with the 4.5 Sequencer. This can be automated by using the Application Virtualization Sequencer command-line interface. - -## App-V 4.6 Client Package Support - - -You can deploy packages created in previous versions of App-V to App-V 4.6 Clients. However, you must modify the associated **.osd** file so that it includes the appropriate operating system and chip architecture information. Use the following values. - - --- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
OS Value

<OS VALUE=”Win2003TS”/>

<OS VALUE=”Win2003TS64”/>

<OS VALUE=”Win2008TS”/>

<OS VALUE=”Win2008TS64”/>

<OS VALUE=”Win2008R2TS64”/>

<OS VALUE=”Win7”/>

<OS VALUE=”Win764”/>

<OS VALUE=”WinVista”/>

<OS VALUE=”WinVista64”/>

<OS VALUE=”WinXP”/>

<OS VALUE=”WinXP64”/>

- - - -To run a newly created 32-bit package, you must sequence the application on a computer running a 32-bit operating system with the App-V 4.6 Sequencer installed. After you have sequenced the application, in the Sequencer console, select the **Deployment** tab and then specify the appropriate operating system and chip architecture as required. - -**Important**   -Applications sequenced on a computer running a 64-bit operating system must be deployed to computers running a 64-bit operating system. New 32-bit packages created by using the App-V 4.6 Sequencer will not run on computers running the App-V 4.5 Client. - - - -To run new 64-bit packages on the App-V 4.6 Client, you must sequence the application on a computer running the App-V 4.6 Sequencer and that is running a 64-bit operating system. After you have sequenced the application, in the Sequencer console, select the **Deployment** tab and then specify the appropriate operating system and chip architecture as required. - -The following table lists which client versions will run packages created by using the various versions of the Sequencer. - - --------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Sequenced by using the App-V 4.2 SequencerSequenced by using the App-V 4.5 SequencerSequenced by using the 32-bit App-V 4.6 SequencerSequenced by using the 64-bit App-V 4.6 SequencerSequenced by using the 32-bit App-V 4.6 SP1 SequencerSequenced by using the 64-bit App-V 4.6 SP1 Sequencer

4.2 Client

Yes

No

No

No

No

No

4.5 Client ¹

Yes

Yes

No

No

No

No

4.6 Client (32-bit)

Yes

Yes

Yes

No

Yes

No

4.6 Client (64-bit)

Yes

Yes

Yes

Yes

Yes

Yes

4.6 SP1 Client

Yes

Yes

Yes

No

Yes

No

4.6 SP1 Client (64-bit)

Yes

Yes

Yes

Yes

Yes

Yes

- - - -¹Applies to all versions of the App-V 4.5 Client, including App-V 4.5, App-V 4.5 CU1 and App-V 4.5 SP1. - -## Additional Migration Considerations - - -One of the features of the App-V 4.5 Sequencer is the ability to create Windows Installer files (.msi) as control points for virtual application package interoperability with electronic software distribution (ESD) systems such as Microsoft Endpoint Configuration Manager. Previous Windows Installer files created with the .msi tool for Application Virtualization that were installed on a App-V 4.1 or 4.2 Client that is subsequently upgraded to 4.5 continue to work, although they cannot be installed on the 4.5 Client. However, they cannot be removed or upgraded unless they are upgraded in the 4.5 Sequencer. The original pre-4.5 virtual application package would need to be opened in the 4.5 Sequencer and then saved as a Windows Installer File. - -**Note**   -If the App-V 4.2 Client has already been upgraded to 4.5, it is possible to use script as a workaround to preserve the 4.2 packages on 4.5 clients and allow them to be managed. This script must copy two files, msvcp71.dll and msvcr71.dll, to the App-V installation folder and set the following registry key values under the registry key \[HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Configuration\]: - -"ClientVersion"="4.2.1.20" - -"GlobalDataDirectory"="C:\\\\Documents and Settings\\\\All Users\\\\Documents\\\\" (a globally writeable location) - - - -Windows Installer files generated by the App-V 4.5 Sequencer display the error message "This package requires Microsoft Application Virtualization Client 4.5 or later" when you try to run them on an App-V 4.6 Client. Open the old package with either the App-V 4.5 SP1 Sequencer or the App-V 4.6 Sequencer and generate a new .msi for the package. - -Any 4.2 reports that were created and saved will be overwritten when the server is upgraded to 4.5. If you need to keep these reports, you must save a backup copy of the SftMMC.msc file located in the SoftGrid Management Console folder on the server and use that copy to replace the new SftMMC.msc that is installed during the upgrade. - -For additional information about upgrading from previous versions, see [Upgrading to Microsoft Application Virtualization 4.5 FAQ](https://go.microsoft.com/fwlink/?LinkId=120358) (https://go.microsoft.com/fwlink/?LinkId=120358). - -## Related topics - - -[Planning for Application Virtualization System Deployment](planning-for-application-virtualization-system-deployment.md) - - - - - - - - - diff --git a/mdop/appv-v4/planning-for-security-and-protection.md b/mdop/appv-v4/planning-for-security-and-protection.md deleted file mode 100644 index dd42746a18..0000000000 --- a/mdop/appv-v4/planning-for-security-and-protection.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: Planning for Security and Protection -description: Planning for Security and Protection -author: dansimp -ms.assetid: d0e2ef81-c197-4020-ad85-8d66fe5c178f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning for Security and Protection - - -As an infrastructure administrator, you must provide a secure, productive, and supportable, environment. Security for the Microsoft Application Virtualization (App-V) system relies on proper setup of the software and the environment in which it operates. This section of the Planning and Deployment Guide provides guidance for configuring the various App-V components to enhance the security of your environment. You should carefully consider the exposure and attack surface of your App-V environment before deciding to deploy a system without applying the security recommendations outlined in this section. - -## In This Section - - -[Security and Protection Overview](security-and-protection-overview.md) -Provides overview information about the security and protection of your App-V system. - -[Planning for Server Security](planning-for-server-security.md) -Provides information you can use to configure the Application Virtualization Management Server and Application Virtualization Streaming Server. - -[Planning for Client Security](planning-for-client-security.md) -Provides information you can use to configure the Application Virtualization Management Desktop Client. - -[Planning for Sequencer Security](planning-for-sequencer-security.md) -Provides information you can use to configure the Application Virtualization Sequencer. - -## Related topics - - -[Planning for Application Virtualization System Deployment](planning-for-application-virtualization-system-deployment.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/planning-for-sequencer-security.md b/mdop/appv-v4/planning-for-sequencer-security.md deleted file mode 100644 index 63b4815f06..0000000000 --- a/mdop/appv-v4/planning-for-sequencer-security.md +++ /dev/null @@ -1,70 +0,0 @@ ---- -title: Planning for Sequencer Security -description: Planning for Sequencer Security -author: dansimp -ms.assetid: 8043cb02-476d-4c28-a850-903a8ac5b2d3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning for Sequencer Security - - -Incorporate recommended implementation practices as early as possible when configuring Application Virtualization (App-V) so that your Sequencer implementation is functional and more secure. If you have already configured the Sequencer, use the following best-practice guidelines to revisit your design decisions and analyze them from a security perspective. - -**Important** -The App-V Sequencer collects and deploys all application information recorded on the computer running the sequencer. You should ensure that all users accessing the computer running the Sequencer have administrative credentials. Users with user account credentials should not have access to control package contents and package files. If you are sequencing on a computer running Remote Desktop Services (formerly Terminal Services), make sure it is a computer that is dedicated to sequencing and that users with user account credentials are not connected to it during sequencing. - - - -## Sequencer Security Best Practices - - -Consider the following scenarios and the associated best practices when implementing and using the Application Virtualization (App-V) Sequencer: - -- **Virus scanning on the computer running the Sequencer**—It is recommended that you scan the computer running the Sequencer for viruses and then disable all antivirus and malware detection software on the computer running the Sequencer during the sequencing process. This will speed the sequencing process and prevent the antivirus and anti-malware software components from interfering with the sequencing process. Next install the sequenced package on a computer not running the Sequencer, and after successful installation, scan that computer for viruses. If viruses are found, the manufacturer of the software should be contacted to inform them of the infected source files and request an updated installation source without viruses. Optionally, the Sequencer could be scanned after the installation phase and if a virus is found, the software manufacturer should be contacted as mentioned above. - - **Note** - If a virus is detected in an application, the application should not be deployed to target computers. - - - -- **Capturing access control lists (ACLs) on NTFS files**—The App-V Sequencer captures NTFS file system permissions for the files that are monitored during the installation of the product. This capability allows you to more accurately replicate the intended behavior of the application, as if it were installed locally and not virtualized. In some scenarios, an application might store information that users were not intended to access within the application files. For example, an application could store credentials information in a file inside of the application. If ACLs are not enforced on the package, a user could potentially view and then use this information outside of the application. - - **Note** - You should not sequence applications that store unencrypted security-specific information, such as passwords, and so on. - - - -~~~ -During the installation phase, you can modify the default permissions of the files if necessary. After completion of the sequencing process, but before saving the package, you can choose whether to enforce security descriptors that were captured during the installation of the application. By default, App-V will enforce the security descriptors specified during the installation of the application. If you turn off security descriptor enforcement, you should test the application to ensure the removal of associated Access Control Lists (ACL) will not cause the application to perform unexpectedly. -~~~ - -- **Sequencer doesn’t capture registry ACLs**—Although the Sequencer captures the NTFS file system ACLs during the installation phase of sequencing, it does not capture the ACLs for the registry. Users will have full access to all registry keys for virtual applications except for services. However, if a user modifies the registry of a virtual application, the change will be stored in a specific store (**uservol\_sftfs\_v1.pkg**) and will not affect other users. - -- **Application services**—App-V provides support for application services that are part of a virtualized application. However, in the virtual environment, the security context that they will run as is limited. The only security contexts supported in a virtual environment are Local System, Local Service, and Network Service. During sequencing, if a security context is specified for an application service other than the three supported, the Local System security context will be applied in the virtual environment. If the application service is configured to use either Local Service or Network Service, it will be honored in the virtual environment. Configuring the service account can be done during the sequencing process using these three security contexts. - -- **Persisted security information**—When sequencing applications, you can install the application as a user would or you can develop an automated method for installing the application while being monitored. Everything that is not being excluded from the package will be captured as part of that package so that the application will have the necessary assets to run in a virtualized environment. Some applications store sensitive security information (such as passwords) during the installation; if persisted unprotected, this security information could be accessed by other users with access to the package. During installation, if an application installation asks for a password or other security-sensitive information, check with the documentation to ensure that it is either not persisted (removed after installation) or, if persisted, that it is protected (encrypted). - -- **Securing virtual application packages**—Always save virtual application packages in a secure location on the network to protect the package from being tampered with or corrupted. - -## Related topics - - -[Planning for Security and Protection](planning-for-security-and-protection.md) - - - - - - - - - diff --git a/mdop/appv-v4/planning-for-server-security.md b/mdop/appv-v4/planning-for-server-security.md deleted file mode 100644 index 289d44d508..0000000000 --- a/mdop/appv-v4/planning-for-server-security.md +++ /dev/null @@ -1,125 +0,0 @@ ---- -title: Planning for Server Security -description: Planning for Server Security -author: dansimp -ms.assetid: c7cd8227-b359-41e7-a8ae-d0d5718a76a2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Planning for Server Security - - -To enhance the security of an environment, you must look at the exposure to any potential threats in the environment. Providing security for an App-V infrastructure requires you to use the specific App-V security features as well as the security practices and features for the underlying infrastructure. Securing the underlying infrastructure for services such as Internet Information Services (IIS), Active Directory Domain Services, and SQL Server will improve the overall security for your App-V system. - -The default settings for the server installation provide the highest levels of security. However, some of the components rely on underlying infrastructure that is not configured as part of the installation. Following up with post-installation steps will enhance the security of the App-V infrastructure. - -The content directory contains all of the packages that are to be streamed to clients. These resources need to be as secure as possible to eliminate many possible security threats. The following list offers some additional guidance: - -- UNC-based publishing and/or streaming—The permissions for this item should be the most restrictive in the environment. Use NTFS permissions to implement the most restrictive access control lists (ACLs) for the content directory (Users=Read, Administrators=Read and Write). - -- IIS used for publishing and/or streaming—Configure IIS to support only Windows Integrated authentication. Remove anonymous access to the IIS server, and restrict access to the directory with NTFS permissions. - -- RTSP/RTSPS to stream application packages—Configure the App-V Provider Policy to require authentication, enforce access permissions, and enable only required groups to have access to the provider policy. Configure applications with the appropriate permissions in the database. - -Keep the number of users with administrative privileges to a minimum to reduce possible threats to the data in the data store and to avoid publishing malicious applications into the infrastructure. - -## Application Virtualization Security - - -App-V uses several methods of communication between the various components of the infrastructure. When you plan your App-V infrastructure, securing the communications between servers can reduce the security risks that might already be present on the existing network. - -### Data Store - -The Application Virtualization Management Server and Application Virtualization Management Service communicate with the data store by using an SQL connection over TCP port 1433. The Management Server uses the data store to retrieve application and configuration data, and it writes usage information to the database. The Management Service communicates with the data store on behalf of an administrator who is configuring the App-V infrastructure. Because the data store contains critical information, it is important to minimize threats to this data. - -It is recommended that communications between App-V Management Server, Management Service and the data store be secured with Internet Protocol Security (IPsec). Specifically, create policies that secure the communication channel between the data store (SQL) and the Management Server and the data store and the Management Service. You can also deploy server and domain isolation with IPsec, ensuring all App-V infrastructure components communicate only with secure channels. For information about implementing IPsec, refer to the following documentation: - -- For Windows Server 2003, see (https://go.microsoft.com/fwlink/?LinkId=133226). - -- For Windows Server 2008, see (https://go.microsoft.com/fwlink/?LinkId=133227). - -### Content Directory - -The App-V Management Server installation configures a location for the content directory. This directory is the storage location for virtualized application packages. This location can be local to the server, or it can be placed on a remote network share. Therefore, implement IPsec to help secure the communication with a remote location for the content directory. - -You can also use a virtual directory on an IIS server to stream packages to the clients. If the virtual directory that is created for content is located on a remote source, use IPsec to help secure the communication between the IIS server and the remote storage location. - -The content directory contains all of the packages that are streamed to clients. These resources need to be as secure as possible to eliminate many possible security threats. - -### Security Protocols - -You can use RTSPS or HTTPS for enhanced secure communications. RTSPS is the protocol used by App-V servers, and HTTPS is the protocol used by IIS servers. These protocols are used when publishing applications from the server to the Application Virtualization Desktop Client. After you determine the desired protocol, add a publishing server that uses that protocol. - -### Configuring App-V Servers for RTSPS - -Installing or configuring an App-V Management Server or Streaming Server to use Enhanced Security (for example, TLS) requires that an X.509 V3 certificate be provisioned to the App-V server. When you prepare to install or configure security for a server, you must fulfill some specific requirements. Technical requirements for deploying and configuring certificates for a more secure App-V Management Server or Streaming Server include the following: - -- Certificate must be valid. Otherwise, the client terminates the connection. - -- Certificate must contain the correct Enhanced Key Usage (EKU) - Server Authentication (OID 1.3.6.1.5.5.7.3.1). Otherwise, the client terminates the connection. - -- Certificate fully qualified domain name (FQDN) must match the server on which it is installed. For example, if the client is calling `RTSPS://Myserver.mycompany.com/content/MyApp.sft`, but the certificate **Issued To** field contains `Myserver1.mycompany.com`, the client will not connect to the server and the session is terminated, even if `Myserver.mycompany.com` and `Myserver1.mycompany.com` resolve to the same IP address. - - **Note**   - If you use App-V in a network load balanced cluster, the certificate must be configured with *Subject Alternate Names* (SANs) to support RTSPS. For information about configuring the certification authority (CA) and creating certificates with SANs, see (https://go.microsoft.com/fwlink/?LinkId=133228). - - - -- The CA issuing the certificate to the App-V server must be trusted by the client connecting to the server. Otherwise, the client terminates the connection. - -- You must change the permissions for the *Certificate Private Key* to enable access by the Server App-V Service. By default, the App-V Management Server and Streaming Server services run under the Network Service account. When a PKCS\#10 is generated on the server, a private key is created. Only the Local System and Administrators groups have access to this key. These default ACLs prevent the App-V server from accepting secure connections. - - **Note**   - For information about configuring a public key infrastructure (PKI), see (https://go.microsoft.com/fwlink/?LinkId=133229). - - - -### Configuring IIS Servers with HTTPS - -App-V might use IIS servers in certain infrastructure configurations. For more information about configuring IIS servers, see (https://go.microsoft.com/fwlink/?LinkId=133230). - -**Note**   -If you are using IIS to publish the ICO and OSD files, configure a MIME type for OSD=TXT; otherwise, IIS will refuse to serve the ICO and OSD files to clients. - - - -### Application-Level Security - -You can configure the servers to stream specific applications to a user’s desktop. However, access permission actually is granted at the package level, not at the application level. Although a specific application might not be published to the user’s desktop, if the user has permission to add applications or is an administrator on the client computer, the user can create and use a shortcut on the client to run all the applications in a package. - -## Configuring App-V Administration for a Distributed Environment - - -When designing the infrastructure for your specific organization, you can install the App-V Management Web Service on a computer other than the computer where you install the App-V Management Server. Common reasons for separating these App-V components include the following: - -- Performance - -- Reliability - -- Availability - -- Scalability - -For the infrastructure to operate correctly, separating the App-V Management Console, Management Server and Management Web Service requires additional configuration. For detailed information about how to configure the server, see [How to Configure the Server to be Trusted for Delegation](how-to-configure-the-server-to-be-trusted-for-delegation.md). - -## Related topics - - -[Planning for Security and Protection](planning-for-security-and-protection.md) - - - - - - - - - diff --git a/mdop/appv-v4/planning-the-application-virtualization-sequencer-implementation.md b/mdop/appv-v4/planning-the-application-virtualization-sequencer-implementation.md deleted file mode 100644 index f330eaca98..0000000000 --- a/mdop/appv-v4/planning-the-application-virtualization-sequencer-implementation.md +++ /dev/null @@ -1,74 +0,0 @@ ---- -title: Planning the Application Virtualization Sequencer Implementation -description: Planning the Application Virtualization Sequencer Implementation -author: dansimp -ms.assetid: 052f32fe-ad13-4921-a8ce-4a657eb2b2bf -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning the Application Virtualization Sequencer Implementation - - -Sequencing, the process used by Application Virtualization to create virtual applications and application packages, requires the use of a computer with the Application Virtualization Sequencer software installed. - -During the sequencing process, the Sequencer is placed in monitor mode, and the application to be sequenced is installed on the sequencing computer. Next, the sequenced application is started, and its most important and commonly used functions are exercised so that the monitoring process can configure the primary feature block, which contains the minimum content in an application package that is necessary for an application to run. When these steps are complete, monitoring mode is stopped and the sequenced application is saved and tested to verify correct operation. - -When deciding which applications to choose for sequencing, remember that certain applications cannot be sequenced. These include certain parts of the Windows operating system, such as Internet Explorer, device drivers, and applications that start services at boot time. - -For step-by-step information about installing the Sequencer, see [How to Install the Application Virtualization Sequencer](how-to-install-the-application-virtualization-sequencer.md). - -**Important**   -The entire sequencing process plan should be reviewed and approved by your corporate security team. Sequencer operations would usually be kept separate from the production environment in a lab. This can be as simple or as comprehensive as necessary, based on your business requirements. The sequencing computers will need connectivity to the corporate network to copy finished packages over to the production servers. However, because they are typically operated without antivirus protection, they must not be on the corporate network unprotected—for example, you might be able to operate behind a firewall or on an isolated network segment. Using Virtual Machines configured to share an isolated virtual network might also be an acceptable approach. Follow your corporate security policies to safely address this situation. - - - -Key steps for planning the sequencing process include the following: - -- Consider the number of applications you expect to process each month, the size of those applications, and add an allowance for sequencing future updates. Packages can be up to 4 GB in size, compressed or uncompressed. - -- Prepare and document a methodical, repeatable process for your organization to follow when sequencing each application. This should include the use of a checklist for each run, as well as a version control process. The use of a tracking log for each sequenced application is also very helpful when investigating possible technical issues with a package. - -- For sequencing applications, use high-performing computers that are optimized for processing throughput, with at least 4 GB of RAM and a fast CPU (3 GHz or faster). Fast hard disks and the use of separate disk volumes can also improve performance. Virtual Machines are ideal for sequencing because they can easily be reset, or you can use a physical computer with a clean image on a local partition to enable rapid re-imaging after each package sequencing operation has been completed. - - **Important**   - Running the App-V sequencer in Safe Mode is not supported. - - - -- Verify that you understand the sequenced application’s operating environment, including integration elements such as Microsoft Office or the Java Runtime Environment, because this will often determine whether anything has to be installed on the sequencing computer prior to sequencing the application. - -- Ensure that each new sequencing operation always starts with a clean base image. Make sure that the sequencing computer has been reset, either by restoring the saved image to a physical computer or by restarting a virtual machine after discarding all changes. The base image should have the latest updates applied from Windows Update before saving. - -- Turn off anything on the sequencing computer that can interfere with the install monitoring process, such antivirus scanners and Windows Update, because having a stable platform during the sequencing process is essential. Because this step incurs significant security risks, ensure that the correct precautions are taken to protect the computer and network as well as the sequenced application package. We recommend that you do an antivirus scan of application packages before sequencing them. - -- Include a detailed process for testing each application after sequencing. Testing the sequenced application will determine whether it functions correctly and is an essential part of the process prior to deploying the virtualized application to end users. As the final step in testing prior to wide-scale deployment to end users, you should also plan for a pilot deployment to a test group. - -- When testing sequenced applications, choose computer equipment of the same type and running the same operating systems that are in use in the company production environment. As long as they are configured properly, either virtual machines or physical machines can be used. - -## Related topics - - -[Application Virtualization Sequencer Hardware and Software Requirements](application-virtualization-sequencer-hardware-and-software-requirements.md) - -[How to Install the Application Virtualization Sequencer](how-to-install-the-application-virtualization-sequencer.md) - -[How to Upgrade the Application Virtualization Sequencer](how-to-upgrade-the-application-virtualization-sequencer.md) - -[Security and Protection Overview](security-and-protection-overview.md) - - - - - - - - - diff --git a/mdop/appv-v4/planning-your-streaming-solution-in-an-application-virtualization-server-based-implementation.md b/mdop/appv-v4/planning-your-streaming-solution-in-an-application-virtualization-server-based-implementation.md deleted file mode 100644 index 6a03d508c0..0000000000 --- a/mdop/appv-v4/planning-your-streaming-solution-in-an-application-virtualization-server-based-implementation.md +++ /dev/null @@ -1,123 +0,0 @@ ---- -title: Planning Your Streaming Solution in an Application Virtualization Server-Based Implementation -description: Planning Your Streaming Solution in an Application Virtualization Server-Based Implementation -author: dansimp -ms.assetid: 3a57306e-5c54-4fde-8593-fe3b788f18d3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning Your Streaming Solution in an Application Virtualization Server-Based Implementation - - -If you want to use Application Virtualization Streaming Servers in conjunction with your Application Virtualization Management Server-based implementation, you can choose from several alternatives, taking advantage of whatever infrastructure is already in place. For example, if you already have servers in your field branch offices, you can place the Application Virtualization \\CONTENT share on those servers and then configure the clients to use that content share as their application content source. If you choose to use only Application Virtualization Management Servers—for example, because you have only a single office—the clients can stream content from that server. - -The supported options include using a file server, an IIS server, or an Application Virtualization Streaming Server. You could also install the Application Virtualization Streaming Server on an existing file server or IIS server. The characteristics of these different options are summarized in the following table. - -**Note**   -The active upgrade feature enables a new version of an application to be added to an App-V Management Server or Streaming Server without affecting users currently running the application. The App-V clients will automatically receive the latest version of the application from the App-V Management Server or Streaming Server the next time the user starts the application. Use of the RTSP(S) protocol is required for this feature. - - - - ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Server TypeProtocolAdvantagesDisadvantagesLinks

File server

SMB

    -

  • Simple low-cost solution to configure existing file server with \CONTENT share

    • -
    -

  • No active upgrade

    • -

How to Configure the File Server

IIS server

HTTP/ HTTPS

    -

  • Supports enhanced security using HTTPS protocol

    • -

  • Supports streaming to remote computers across the Internet

    • -

  • Only one port in firewall to open

    • -

  • Scalable

    • -

  • Familiar protocol

    • -
    -

  • Need to manage IIS

    • -

  • No active upgrade

    • -

How to Configure the Server for IIS

Application Virtualization Streaming Server

RTSP/ RTSPS

    -

  • Active upgrade

    • -

  • Supports enhanced security using RTSPS protocol

    • -

  • Only one port in firewall to open

    • -
    -

  • Dual infrastructure

    • -

  • Server administration requirement

    • -

How to Configure the Application Virtualization Streaming Servers

Application Virtualization Management Server

RTSP/ RTSPS

    -

  • Active upgrade

    • -

  • Supports enhanced security using RTSPS protocol

    • -

  • Only one port in firewall to open

    • -
    -

  • Dual infrastructure

    • -

  • Server administration requirement

    • -

How to Configure the Application Virtualization Management Servers

- - - -## Related topics - - -[Application Virtualization Server-Based Scenario](application-virtualization-server-based-scenario.md) - -[Overview of the Application Virtualization System Components](overview-of-the-application-virtualization-system-components.md) - -[Publishing Virtual Applications Using Application Virtualization Management Servers](publishing-virtual-applications-using-application-virtualization-management-servers.md) - - - - - - - - - diff --git a/mdop/appv-v4/planning-your-streaming-solution-in-an-electronic-software-distribution-implementation.md b/mdop/appv-v4/planning-your-streaming-solution-in-an-electronic-software-distribution-implementation.md deleted file mode 100644 index f0e61dd69e..0000000000 --- a/mdop/appv-v4/planning-your-streaming-solution-in-an-electronic-software-distribution-implementation.md +++ /dev/null @@ -1,111 +0,0 @@ ---- -title: Planning Your Streaming Solution in an Electronic Software Distribution Implementation -description: Planning Your Streaming Solution in an Electronic Software Distribution Implementation -author: dansimp -ms.assetid: bc18772a-f169-486f-adb1-7af1a31845aa -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning Your Streaming Solution in an Electronic Software Distribution Implementation - - -If you decide to use streaming servers in conjunction with your ESD system to make application content available to your end user computers, you can choose from several alternatives, taking advantage of whatever infrastructure is already in place. For example, if your ESD system has software distribution shares on servers in your field branch offices, you can place the Application Virtualization \\CONTENT share on those servers and then configure the clients to use that content share as their application content source. The supported options include using a file server or an IIS server. You could also install the Application Virtualization Streaming Server on an existing file server or IIS server. - -The Application Virtualization Streaming Server provides support for the active upgrade feature in Application Virtualization. The active upgrade feature enables a new version of an application to be added to an App-V Management Server or Streaming Server without affecting users currently running the application. The App-V clients will automatically receive the latest version of the application from the App-V Management Server or Streaming Server the next time the user starts the application. Use of the RTSP(S) protocol is required for this feature. If you choose not to use the Application Virtualization Streaming Server, you will need to explicitly manage application package upgrades by using the ESD system. - -**Note**   -Access to the applications is controlled by means of Security Groups in Active Directory Domain Services, so you will need to plan a process for setting up a security group for each virtual application and for managing which users are added to each group. The Application Virtualization system administrator configures each streaming server to use these Active Directory groups by applying ACLs to the application directories under the CONTENT share, which controls access to the packages based on Active Directory group membership. - - - -The characteristics of the available streaming options are summarized in the following table. - - ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Server TypeProtocolAdvantagesDisadvantagesLinks

File server

SMB

    -

  • Simple low-cost solution to configure existing file server with \CONTENT share

    • -
    -

  • No active upgrade

    • -

How to Configure the File Server

IIS server

HTTP/ HTTPS

    -

  • Supports enhanced security using HTTPS protocol

    • -

  • Supports streaming to remote computers across the Internet

    • -

  • Only one port in firewall to open

    • -

  • Scalable

    • -

  • Familiar protocol

    • -
    -

  • Need to manage IIS

    • -

  • No active upgrade

    • -

How to Configure the Server for IIS

Application Virtualization Streaming Server

RTSP/ RTSPS

    -

  • Active upgrade

    • -

  • Supports enhanced security using RTSPS protocol

    • -

  • Only one port in firewall to open

    • -
    -

  • Dual infrastructure

    • -

  • Server administration requirement

    • -

How to Configure the Application Virtualization Management Servers

- - - -## Related topics - - -[How to Configure Servers for ESD-Based Deployment](how-to-configure-servers-for-esd-based-deployment.md) - -[Security and Protection Overview](security-and-protection-overview.md) - -[Publishing Virtual Applications Using Electronic Software Distribution](publishing-virtual-applications-using-electronic-software-distribution.md) - - - - - - - - - diff --git a/mdop/appv-v4/prepare-computer-page--learn-more-.md b/mdop/appv-v4/prepare-computer-page--learn-more-.md deleted file mode 100644 index ae4493a4e7..0000000000 --- a/mdop/appv-v4/prepare-computer-page--learn-more-.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Prepare Computer Page (Learn More) -description: Prepare Computer Page (Learn More) -author: dansimp -ms.assetid: a401ce3d-b8f7-4b3f-9be9-ecf6d8b544fd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Prepare Computer Page (Learn More) - - -Use the **Prepare Computer** to review the issues that might cause the virtual application package creation to fail, or for the package to contain unnecessary data. We strongly recommend that you resolve all potential issues before you continue. After you have fixed the conflicts, to update the information displayed, click **Refresh**. After you have resolved all potential issues, you can proceed to the next step. - -This page contains the following elements. - -**Description** -Displays the potential conflicting applications or programs that are currently running on the computer running the App-V Sequencer. - -**Resolution** -Displays the recommended action to ensure that the computer running the Sequencer has been optimized to create the virtual application package. - -**Refresh** -Refreshes the information displayed in the **Description** pane. After you performed the suggested steps, click **Refresh**. - -## Related topics - - -[Create New Package Wizard (AppV 4.6 SP1)](create-new-package-wizard---appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/properties-tab-keep.md b/mdop/appv-v4/properties-tab-keep.md deleted file mode 100644 index 3631579f1f..0000000000 --- a/mdop/appv-v4/properties-tab-keep.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: Properties Tab -description: Properties Tab -author: dansimp -ms.assetid: 6ff20678-6766-4f0d-8bbb-f19b224682a1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Properties Tab - - -The **Properties** tab provides basic statistical information about a sequenced application package. - -## In This Section - - -[About the Properties Tab](about-the-properties-tab.md) -Provides general information about the **Properties** tab. - -[How to Change Package Properties](how-to-change-package-properties.md) -Provides the procedure to change package properties using the **Properties** tab. - -## Related topics - - -[Sequencer Console](sequencer-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/provider-policies-node.md b/mdop/appv-v4/provider-policies-node.md deleted file mode 100644 index bbe803ac9f..0000000000 --- a/mdop/appv-v4/provider-policies-node.md +++ /dev/null @@ -1,72 +0,0 @@ ---- -title: Provider Policies Node -description: Provider Policies Node -author: dansimp -ms.assetid: 89b47076-7732-4128-93cc-8e6d5b671c8e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Provider Policies Node - - -The **Provider Policies** node is one level below the Application Virtualization System node in the **Scope** pane in the Application Virtualization Server Management Console. When you select this node, the **Results** pane displays a list of provider policies. Right-click the **Provider Policies** node to display a pop-up menu that contains the following elements. - -**New Provider Policy** -Displays the New Provider Policy Wizard. This wizard consists of the following pages: - -1. Enter a name in the **Provider Policy Name** field. Select the **Manage client desktop using the Management Console** check box if you want that capability. Select one or both of the following check boxes if you want the associated functionality: - - - **Refresh publishing configuration when a user logs in** - - - **Refresh configuration every**. After selecting this option, enter a number and select the unit from the drop-down menu. Valid entries range from a minimum of **30 minutes** to a maximum of **999 days**. - -2. Click **Add** or **Remove** to add or remove a group assignment. Use the standard **Windows Browse** dialog box to find a user group. - -3. Select one of the following check boxes on the **Provider Pipeline Configuration** dialog box to enable the associated feature: - - - **Authentication**—Select the type of authentication from the drop-down list. - - - **Enforce Access Permission Settings** - - - **Log Usage Information** - - - **Licensing**—Select an enforcement scheme from the drop-down list. - -4. Click **Finish** to add the new provider policy. - -**View** -Changes the appearance and content of the **Results** pane. - -**New Window from Here** -Opens a new management console with the selected node as the root node. - -**Refresh** -Refreshes the view of the server. - -**Export List** -Creates a tab-delimited text file that contains the contents of the **Results** pane. This item displays a standard **File Save** dialog box where you specify the location for the text file you are creating. - -**Help** -Displays the help system for the Application Virtualization Server Management Console. - -## Related topics - - -[Server Management Console: Provider Policies Node](server-management-console-provider-policies-node.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/provider-policies-results-pane-columns.md b/mdop/appv-v4/provider-policies-results-pane-columns.md deleted file mode 100644 index 984d407ee3..0000000000 --- a/mdop/appv-v4/provider-policies-results-pane-columns.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: Provider Policies Results Pane Columns -description: Provider Policies Results Pane Columns -author: dansimp -ms.assetid: f9456f17-3106-4e5a-9a8c-df3af66986e1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Provider Policies Results Pane Columns - - -The **Results** pane in the Application Virtualization Server Management Console displays one column for the provider policies. If there are additional columns available, you can add and remove them. - -You can use the standard Microsoft Windows **Add/Remove Columns** dialog box to select which columns are displayed in the **Results** pane. - -To see the **Add/Remove Columns** dialog box, right-click in the **Results** pane and select **View > Add/Remove Columns** from the pop-up menu. - -The following table displays the column name and its contents. - - ---- - - - - - - - - - - - - -
ColumnContents

Name

This column displays the name of the provider policy.

- -  - -## Related topics - - -[Server Management Console: Provider Policies Node](server-management-console-provider-policies-node.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/provider-policies-results-pane.md b/mdop/appv-v4/provider-policies-results-pane.md deleted file mode 100644 index efb2984428..0000000000 --- a/mdop/appv-v4/provider-policies-results-pane.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: Provider Policies Results Pane -description: Provider Policies Results Pane -author: dansimp -ms.assetid: 17ea0836-bfb5-4966-8778-155444d81e64 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Provider Policies Results Pane - - -The **Provider Policies Results** pane in the Application Virtualization Server Management Console displays a list of the available provider policies. - -Right-click any provider policy to display the following elements. - -**Delete** -This menu item enables you to delete a provider policy from the **Results** pane. - -**Rename** -This menu item enables you to change the name of a provider policy in the **Results** pane. - -**Properties** -This menu item displays the **Properties** dialog box for the selected provider policy. The **Properties** dialog box has the following tabs: - -- **General**—Enables you to select the **Manage client desktop using the** **Management Console** check box if you want to centrally manage shortcuts on the client desktops from the Application Virtualization Server Management Console. If you choose to manage shortcuts from the console, you can select check boxes to refresh the desktop every time a user logs in and at intervals you specify. - -- **Group Assignment**—Enables you to add and remove user groups assigned to the provider policy. - -- **Provider Pipeline**—Enables you to specify the authentication required. - - - Select the desired check boxes for **Enforce Access Permission Settings**, **Log Usage Information**, and **Licensing**. If you select the **Licensing** check box, select **Audit License Usage Only** or **Enforce License Policies** from the drop-down list. The first option monitors license usage, while the second option strictly enforces your licensing policy. Click **Finish**, and then read the prompt and click **OK** to continue. - -**Help** -Displays the help system for the Application Virtualization Server Management Console. - -Right-click anywhere in the **Results** pane, except on a provider policy, to display a pop-up menu that contains the following elements. - -**Refresh** -Select this menu item to refresh the view of the provider policies. - -**Export List** -With this menu item, you can create a tab-delimited text file that contains the contents of the **Results** pane. This item displays a standard **File Save** dialog box where you specify the location for the text file you are creating. - -**View** -This menu item lets you change the appearance and content of the **Results** pane. - -**Arrange/Line Up Icons** -These menu items can be used to change how the icons are displayed in the **Results** pane. - -**Help** -Displays the help system of the Application Virtualization Server Management Console. - -## Related topics - - -[Server Management Console: Provider Policies Node](server-management-console-provider-policies-node.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/publish-app.md b/mdop/appv-v4/publish-app.md deleted file mode 100644 index 3248daad68..0000000000 --- a/mdop/appv-v4/publish-app.md +++ /dev/null @@ -1,110 +0,0 @@ ---- -title: PUBLISH APP -description: PUBLISH APP -author: dansimp -ms.assetid: f25f06a8-ca23-435b-a0c2-16a5f39b6b97 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# PUBLISH APP - - -Publishes an application shortcut to the user's Start menu, desktop, or other specified location. - -`SFTMIME PUBLISH APP:application {/DESKTOP | /START | /TARGET target-path} [/ICON icon-pathname] [/DISPLAY display-name] [/ARGS command-args...] [/LOG log-pathname | /CONSOLE | /GUI]` - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

APPLICATION:<application>

The name and version (optional) of the application.

/DESKTOP

Publishes a shortcut to the user's desktop.

/START

Publishes a shortcut to the Application Virtualization Applications folder in the Programs folder of the Start menu.

/TARGET <target-path>

The absolute path where the shortcut should be published.

/ICON <icon-pathname>

The path or URL for the icon file.

/DISPLAY <display-name>

The display name for the shortcut.

/ARGS <command-args>

Parameters to be passed to the application.

/LOG

If specified, output is logged to the specified path name.

/CONSOLE

If specified, output is presented in the active console window (default).

/GUI

If specified, output is presented in a Windows dialog box.

- -  - -For version 4.6, the following option has been added. - - ---- - - - - - - -

/LOGU

If specified, output is logged to the specified path name in UNICODE format.

- -  - -## Related topics - - -[SFTMIME Command Reference](sftmime--command-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/publish-package.md b/mdop/appv-v4/publish-package.md deleted file mode 100644 index facdb61e5c..0000000000 --- a/mdop/appv-v4/publish-package.md +++ /dev/null @@ -1,107 +0,0 @@ ---- -title: PUBLISH PACKAGE -description: PUBLISH PACKAGE -author: dansimp -ms.assetid: a33e72dd-194f-4283-8e99-4584ab13de53 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# PUBLISH PACKAGE - - -Publishes the contents of an entire package. - -`SFTMIME PUBLISH PACKAGE:package-name /MANIFEST manifest-path [/GLOBAL] [/LOG log-pathname | /CONSOLE | /GUI]` - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

PACKAGE:<package-name>

User-visible and user-friendly name for the package.

/MANIFEST <manifest-path>

The path or URL of the manifest file that lists the applications included in the package and all of their publishing information.

/GLOBAL

If present, the package will be available for all users on this computer.

/LOG

If specified, output is logged to the specified path name.

/CONSOLE

If specified, output is presented in the active console window (default).

/GUI

If specified, output is presented in a Windows dialog box.

- - - -For version 4.6, the following option has been added. - - ---- - - - - - - -

/LOGU

If specified, output is logged to the specified path name in UNICODE format.

- - - -**Important**   -The package must already have been added to the Application Virtualization Client, and the manifest file is required. - -To use the **GLOBAL** parameter, the PUBLISH PACKAGE command must be run as local Administrator; otherwise, only **ManageTypes** and **PublishShortcut** permissions are needed. - -Publishing without the **GLOBAL** parameter grants the user access to the applications in the package and publishes the file types and shortcuts listed in the manifest to the user’s profile. - -Publishing with the **GLOBAL** parameter adds the file types and shortcuts listed in the manifest to the “All Users” profile. - -If the package is not global before the call and the **GLOBAL** parameter is used, the package is made global and available to all users. - - - -## Related topics - - -[SFTMIME Command Reference](sftmime--command-reference.md) - - - - - - - - - diff --git a/mdop/appv-v4/publishing-servers-node.md b/mdop/appv-v4/publishing-servers-node.md deleted file mode 100644 index 980c07416d..0000000000 --- a/mdop/appv-v4/publishing-servers-node.md +++ /dev/null @@ -1,70 +0,0 @@ ---- -title: Publishing Servers Node -description: Publishing Servers Node -author: dansimp -ms.assetid: b5823c6c-15bc-4e8d-aeeb-acc366ffedd1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Publishing Servers Node - - -The **Publishing Servers** node is one level below the **Application Virtualization** node in the **Scope** pane of the Application Virtualization Client Management Console. When you select this node, the **Results** pane displays a list of publishing servers. - -Right-click the **Publishing Servers** node to display a pop-up menu that contains the following elements. - -**New Server** -This menu item displays the New Server Wizard. This wizard consists of two pages: - -1. Enter a server display name and server type: - - - **Display Name**—Enter a name that you want displayed for the server. This field is blank by default. - - - **Type**—Choose the server type from the drop-down list of server types. - -2. Specify the connection settings for the server: - - - **Host Name**—Enter the name or IP address for the server. - - - **Port**—Enter a numeric value that corresponds to the port number. The default value is 554 if the server type is "Application Virtualization Server" and 80 if the server type is "Standard HTTP Server." - - - **Path**—This field defaults to "/" and is read-only when the server type is "Application Virtualization Server" or “Enhanced Security Application Virtualization Server”. When the server type is “Standard HTTP Server” or “Enhanced Security HTTP Server”, the **Path** field is also editable. - -**New Window from Here** -Select this menu item to open a new management console with the selected node as the root node. - -**Export List** -You can use this menu item to create a tab-delimited text file that contains the contents of the **Results** pane. This item displays a standard **File Save** dialog box where you specify the location for the text file you are creating. - -**View** -This pop-up list of menu items enables you to change the appearance and content of the **Results** pane. - -**Refresh** -Select this item to refresh the management console. - -**Help** -This item displays the help system for the management console. - -## Related topics - - -[Publishing Servers Results Pane](publishing-servers-results-pane.md) - -[Publishing Servers Results Pane Columns](publishing-servers-results-pane-columns.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/publishing-servers-results-pane-columns.md b/mdop/appv-v4/publishing-servers-results-pane-columns.md deleted file mode 100644 index 42862c4a61..0000000000 --- a/mdop/appv-v4/publishing-servers-results-pane-columns.md +++ /dev/null @@ -1,75 +0,0 @@ ---- -title: Publishing Servers Results Pane Columns -description: Publishing Servers Results Pane Columns -author: dansimp -ms.assetid: ad875715-50b3-4881-a6b3-586238d12527 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Publishing Servers Results Pane Columns - - -The **Publishing Servers Results** pane can display a variety of columns. **Name**, **URL**, and **Next Refresh** are shown by default. - -**Note**   -You can add or remove a column simply by right-clicking in the **Results** pane, selecting **View**, then selecting **Add/Remove Columns**. - - - -The list can be sorted by any of the columns. Columns that contain dates and times are sorted in chronological order, not alphabetical. For columns that contain a mix of dates and times and text (for example, **Next Refresh**), dates and times are considered to come before any other text. - -The available column names contain the following elements. - -**Name** -The display name for the server. - -**URL** -The protocol, server name, server port, and path combined into a URL. - -**Next User Refresh** -The next time a refresh is scheduled for the current user. Displays the time if periodic refreshes are set up. Displays **On Login** if the server is set to refresh only on login. Displays **Manual** if automatic refresh is not enabled. - -**Default Refresh Policy** -Displays **Manual**, **On Login**, or **Periodic** to describe how the server is configured. - -**Host** -The name or IP address for the server. - -**Type** -Displays **HTTP** or **Virtual Application** to indicate the server type. - -**Port** -The port on the server to be used. - -**Path** -The path on the server (generally just "/" for Application Virtualization Servers). - -**Last User Refresh** -The time the last refresh occurred for the current user. - -**Last System Refresh** -The last time a refresh happened from this server for any user. - -## Related topics - - -[Publishing Servers Node](publishing-servers-node.md) - -[Publishing Servers Results Pane](publishing-servers-results-pane.md) - - - - - - - - - diff --git a/mdop/appv-v4/publishing-servers-results-pane.md b/mdop/appv-v4/publishing-servers-results-pane.md deleted file mode 100644 index 27745a94ba..0000000000 --- a/mdop/appv-v4/publishing-servers-results-pane.md +++ /dev/null @@ -1,77 +0,0 @@ ---- -title: Publishing Servers Results Pane -description: Publishing Servers Results Pane -author: dansimp -ms.assetid: ee0662e8-9623-4a7c-b6dc-657fa3f56161 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Publishing Servers Results Pane - - -The **Publishing Servers** **Results** pane is one level below the **System** pane in the Application Virtualization Client Management Console, and it displays a list of the available application publishing servers. - -To display specific options for the application publishing servers, right-click any server to display a pop-up menu that contains the following elements. - -**Refresh Server** -Refreshes the application and file type associations from the selected application publishing server. - -**Delete** -Deletes the server from the list. - -**Refresh** -Refreshes the contents of the **Results** pane. - -**Properties** -- Click the **General** tab, where you can change the server name, select a type from the drop-down list of server types, and specify the host name and port. When the server type is Standard HTTP Server or Enhanced Security HTTP Server, the **Path** field is also editable. - -- Click the **Refresh** tab, where the **Refresh publishing on user login** check box is selected by default. To change the refresh rate, select the **Refresh publishing every** check box and enter a number that represents the frequency in the field. Then select **Minutes**, **Hours**, **Days** from the drop-down menu. (The minimum amount of time you can enter is 30 minutes.) - -**Help** -Displays the help system for the management console. - -To display general options for the **Result** pane, right-click anywhere in the **Result** pane to display a pop-up menu that contains the following elements. - -**New Server** -- On page one of the wizard, enter the name of the server in the **Display Name** field and select the server type from the **Type** drop-down list. You can choose **Application Virtualization Server**, **Enhanced Security Application Virtualization Server**, **Standard HTTP Server**, or **Enhanced Security HTTP Server** from the drop-down list of server types. - -- On page two of the wizard, type the appropriate information into the **Host Name** and **Port** fields. The **Path** field is not editable for Application Virtualization Servers. You must enter a path for Standard HTTP Server or Enhanced Security HTTP Server. - -**Refresh** -Refreshes the contents of the **Results** pane. - -**Export List** -Can be used to create a tab-delimited text file that contains the contents of the **Results** pane. This item displays a standard **File Save** dialog box where you specify the location for the text file you are creating. - -**View** -Enables you to change the appearance and content of the **Results** pane. - -**Arrange/Line Up Icons** -Can be used to change how the icons are displayed in the **Results** pane. - -**Help** -Displays the help system for the management console. - -## Related topics - - -[Publishing Servers Node](publishing-servers-node.md) - -[Publishing Servers Results Pane Columns](publishing-servers-results-pane-columns.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/publishing-virtual-applications-using-application-virtualization-management-servers.md b/mdop/appv-v4/publishing-virtual-applications-using-application-virtualization-management-servers.md deleted file mode 100644 index 53570b3732..0000000000 --- a/mdop/appv-v4/publishing-virtual-applications-using-application-virtualization-management-servers.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: Publishing Virtual Applications Using Application Virtualization Management Servers -description: Publishing Virtual Applications Using Application Virtualization Management Servers -author: dansimp -ms.assetid: f3d79284-3f82-4ca3-b741-1a80b61490da -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Publishing Virtual Applications Using Application Virtualization Management Servers - - -In an Application Virtualization Server-based deployment, virtual application packages that have been sequenced, tested, and found deployable are copied to the main CONTENT share to be used by the Application Virtualization Management Server. After the packages are imported on the Application Virtualization Management Server, they can be published to the end users. - -**Note**   -The CONTENT share should be located on the server’s attached disk storage. Using a network storage device such as a SAN or a DFS share should be considered carefully because of the network impact. - - - -Applications are provisioned to Active Directory groups. Typically, the Application Virtualization administrator will create Active Directory groups for each virtual application to be published and then add the appropriate users to those groups. When the users log on to their workstations, the Application Virtualization Client, by default, performs a publishing refresh using the credentials of the logged on user. The user can then start applications from wherever the shortcuts have been placed. The Application Virtualization administrator determines where and how many shortcuts are located on the client system during the sequencing of the application. - -**Note**   -A *publishing refresh* is a call to the Application Virtualization Server that is defined on the Application Virtualization Client, to determine which virtual application shortcuts are sent to the client for use by the end user. - - - -## Related topics - - -[Application Virtualization Server-Based Scenario](application-virtualization-server-based-scenario.md) - -[How to Publish a Virtual Application on the Client](how-to-publish-a-virtual-application-on-the-client.md) - -[Overview of the Application Virtualization System Components](overview-of-the-application-virtualization-system-components.md) - -[Planning Your Streaming Solution in an Application Virtualization Server-Based Implementation](planning-your-streaming-solution-in-an-application-virtualization-server-based-implementation.md) - - - - - - - - - diff --git a/mdop/appv-v4/publishing-virtual-applications-using-electronic-software-distribution.md b/mdop/appv-v4/publishing-virtual-applications-using-electronic-software-distribution.md deleted file mode 100644 index 5a56209bc5..0000000000 --- a/mdop/appv-v4/publishing-virtual-applications-using-electronic-software-distribution.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: Publishing Virtual Applications Using Electronic Software Distribution -description: Publishing Virtual Applications Using Electronic Software Distribution -author: dansimp -ms.assetid: 295fbc1d-ed1c-43b4-aeee-0df384d4e630 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Publishing Virtual Applications Using Electronic Software Distribution - - -An electronic software distribution (ESD) system is designed to efficiently move software to many different computers over slow or fast network connections. With Application Virtualization, using an ESD system, you can use one of the following methods to distribute your virtual application packages: - -- Configure your ESD system to distribute the packages directly to each client computer by using the Windows Installer version of the package generated by the Application Virtualization Sequencer. The Windows Installer file contains the icons, package definition information, and the content, and when you use Windows Installer, it publishes the icons to the Windows desktop and Start menu and loads the package content into the Application Virtualization Client cache. The user can immediately start using the applications without any further setup requirements. Upgrading a package to a newer version is accomplished by using Windows Installer to uninstall the package.msi file and then to install the new version. - -- Place the package content on a software distribution point or Application Virtualization Streaming Server that is readily accessible to the client computers over a network connection with good bandwidth, such as a LAN. For example, you might use the existing ESD system distribution point computers in each branch office. Using command-line parameters to define the streaming source from which clients will stream the virtual application package, the ESD system would deploy the Windows Installer version of the package to each client. The ESD system could also be used to copy the SFT file that contains the package content to the file share on all streaming servers. Upgrading a package to a newer version is accomplished by using Windows Installer to uninstall the package.msi file and then install the new version. - -- As an alternative to using the self-contained Windows Installer file in either of the preceding modes to deploy the packages, you can control the deployment in a much more detailed way by using the Application Virtualization command-line language SFTMIME. This provides many commands to control all aspects of managing the packages. While SFTMIME is powerful, it is also complex, so administrators should plan to create all commands as scripts and thoroughly test them in a test environment prior to production use. For more information about available SFTMIME commands, see [SFTMIME Command Reference](sftmime--command-reference.md). - -## Related topics - - -[Electronic Software Distribution-Based Scenario](electronic-software-distribution-based-scenario.md) - -[Planning for Application Virtualization System Deployment](planning-for-application-virtualization-system-deployment.md) - -[Planning Your Streaming Solution in an Electronic Software Distribution Implementation](planning-your-streaming-solution-in-an-electronic-software-distribution-implementation.md) - -[SFTMIME Command Reference](sftmime--command-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/query-obj.md b/mdop/appv-v4/query-obj.md deleted file mode 100644 index a137e1cbda..0000000000 --- a/mdop/appv-v4/query-obj.md +++ /dev/null @@ -1,142 +0,0 @@ ---- -title: QUERY OBJ -description: QUERY OBJ -author: dansimp -ms.assetid: 55abf0d1-c779-4172-8357-552ab010933b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# QUERY OBJ - - -Returns a tab-delimited list of current applications, packages, file type associations, or publishing servers. - -`SFTMIME QUERY OBJ:{APP|PACKAGE|TYPE|SERVER} [/SHORT] [/GLOBAL] [/LOG log-pathname | /CONSOLE ]` - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

APP

Returns a list of applications.

PACKAGE

Returns a list of packages.

TYPE

Returns a list of file type associations.

SERVER

Returns a list of publishing servers.

/SHORT

Without displaying the full properties of each, returns a list of application names, packages, associations, or server names.

/GLOBAL

For applications, returns all known applications instead of only the ones the current user has access to. For packages, returns all known packages instead of only the ones the current user has access to. For associations, returns only associations that apply to all users, not user-specific ones. Not valid for servers.

/LOG

If specified, output is logged to the specified path name.

/CONSOLE

If specified, output is presented in the active console window (default).

- - - -For version 4.6, the following option has been added. - - ---- - - - - - - -

/LOGU

If specified, output is logged to the specified path name in UNICODE format.

- - - -**Note**   -In version 4.6, a new column has been added to the output of SFTMIME QUERY OBJ:APP \[/GLOBAL\]. The last column of the output is a numeric value that indicates whether an application is published or not. - -PUBLISHED=1 means the application was published by a Publishing Server refresh, by installing the application by using a Windows Installer file (.MSI), or by running an SFTMIME ADD PACKAGE, CONFIGURE PACKAGE or PUBLISH PACKAGE command by using a package manifest. - -PUBLISHED=0 means the application has not been published or it is no longer published as a result of performing a Clear operation or running an SFTMIME UNPUBLISH command. - -If you use the /GLOBAL parameter, the PUBLISHED state will be 1 for applications that were published globally and 0 for those applications that were published under user contexts. Without the /GLOBAL parameter, a PUBLISHED state of 1 is returned for applications published in the context of the user running the command, and a state of 0 is returned for those applications that are published globally. - - - -The SFTMIME QUERY OBJ command can be used to query for information on all of the objects shown above—applications, packages, file type associations, and servers. To show how you might use the SFTMIME QUERY OBJ command in your normal operations tasks, the following example demonstrates the process you would follow if you wanted to set the OVERRIDEURL parameter value for a specific package to specify a new path to the package content.  - -1. To find the package that you want to configure, run the following command: - - `SFTMIME QUERY OBJ:PACKAGE` - - This command returns each discovered package name as a GUID in the first column of output—for example, {AF78ABE1-57D4-4297-89DE-C308684AEDD6}. - -2. To set the OVERRIDEURL parameter value, you use the SFTMIME [CONFIGURE PACKAGE](configure-package.md) command. For example, to set the OVERRIDEURL value for this package to a value of *\\\\server\\share\\mypackage.sft*, use the SFTMIME CONFIGURE PACKAGE command and give it the selected package GUID from the output of the SFTMIME QUERY OBJ command in step 1, followed by the OVERRIDEURL parameter and its new value, as follows: - - `SFTMIME CONFIGURE PACKAGE:"{AF78ABE1-57D4-4297-89DE-C308684AEDD6}" /OVERRIDEURL "\\\\server\\share\\mypackage.sft "` - -For version 4.6 SP2, the following option has been added. - - ---- - - - - - - -

/NO-UPDATE-FTA-SHORTCUT

Indicates the current state of the /NO-UPDATE-FTA-SHORTCUT flag.

- - - -## Related topics - - -[SFTMIME Command Reference](sftmime--command-reference.md) - - - - - - - - - diff --git a/mdop/appv-v4/refresh-server.md b/mdop/appv-v4/refresh-server.md deleted file mode 100644 index 8cbd8928df..0000000000 --- a/mdop/appv-v4/refresh-server.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: REFRESH SERVER -description: REFRESH SERVER -author: dansimp -ms.assetid: 232df842-a160-46cd-b60b-f464cd9a0086 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# REFRESH SERVER - - -This command updates publishing information from a server. - -`SFTMIME REFRESH SERVER:server-name [/LOG log-pathname | /CONSOLE | /GUI]` - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

SERVER:<server-name>

The display name of the server.

/LOG

If specified, output is logged to the specified path name.

/CONSOLE

If specified, output is presented in the active console window (default).

/GUI

If specified, output is presented in a Windows dialog box.

- -  - -For version 4.6, the following option has been added. - - ---- - - - - - - -

/LOGU

If specified, output is logged to the specified path name in UNICODE format.

- -  - -## Related topics - - -[SFTMIME Command Reference](sftmime--command-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/repair-app.md b/mdop/appv-v4/repair-app.md deleted file mode 100644 index 2b9e6f53f2..0000000000 --- a/mdop/appv-v4/repair-app.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: REPAIR APP -description: REPAIR APP -author: dansimp -ms.assetid: 892b556b-612d-4531-890e-4cfc2ac88d9f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# REPAIR APP - - -This command resets your personal settings for an application. - -`SFTMIME REPAIR APP:application [/LOG log-pathname | /CONSOLE | /GUI]` - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

APP:<application>

The name and version (optional) of the application.

/LOG

If specified, output is logged to the specified path name.

/CONSOLE

If specified, output is presented in the active console window (default).

/GUI

If specified, output is presented in a Windows dialog box.

- -  - -For version 4.6, the following option has been added. - - ---- - - - - - - -

/LOGU

If specified, output is logged to the specified path name in UNICODE format.

- -  - -## Related topics - - -[SFTMIME Command Reference](sftmime--command-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/reports-node.md b/mdop/appv-v4/reports-node.md deleted file mode 100644 index d691eb3d1c..0000000000 --- a/mdop/appv-v4/reports-node.md +++ /dev/null @@ -1,77 +0,0 @@ ---- -title: Reports Node -description: Reports Node -author: dansimp -ms.assetid: b7fdc52d-f112-4a65-af25-134398810e9b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Reports Node - - -The **Reports** node is one level below the Application Virtualization System node in the **Scope** pane in the Application Virtualization Server Management Console. When you select this node, the **Results** pane displays a list of reports. Right-click the node to display a pop-up menu that contains the following elements. - -**New Report** -Displays the New Report Wizard. The wizard has several pages. Depending on which report you select, the remaining pages in the wizard change for the requirements of that report type. Scan the following list of pages to find the pages that refer to your report: - -- **Report Name**—Enables you to select a report type from the **Report Type** drop-down list. For more information, see [Application Virtualization Report Types](application-virtualization-report-types.md). - -- **Report Period**—Enables you to select a radio button to specify the frequency for running the report. - -- **Server**—Enables you to select the **Server**, **Server Group**, or **Enterprise** radio button, and to select the server from the **Server** field and the server group from the **Server Group** drop-down list. - -- **Application**—Enables you to select an application from the drop-down list of available applications. - -- When prompted, click **Finish** to add the report. - -**View** -Changes the appearance and content of the **Results** pane. - -**New Window from Here** -Opens a new management console with the selected node as the root node. - -**Export List** -Creates a tab-delimited text file that contains the contents of the **Results** pane. This item displays a standard **File Save** dialog box where you specify the location for the text file you are creating. - -**Help** -Displays the help system for the Application Virtualization Server Management Console. - -Right-click any report displayed under the **Reports** node to display a pop-up menu that contains the following elements. - -**New Window from Here** -Opens a new management console with the selected node as the root node. - -**Delete** -Deletes the report from the **Reports** node. - -**Rename** -Highlights the report name so that it becomes editable text. - -**Help** -Displays the help system for the Application Virtualization Server Management Console. - -## Related topics - - -[Application Virtualization Report Types](application-virtualization-report-types.md) - -[How to Manage Reports in the Server Management Console](how-to-manage-reports-in-the-server-management-console.md) - -[Server Management Console: Reports Node](server-management-console-reports-node.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/reports-results-pane-columns.md b/mdop/appv-v4/reports-results-pane-columns.md deleted file mode 100644 index a7abb0ae55..0000000000 --- a/mdop/appv-v4/reports-results-pane-columns.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: Reports Results Pane Columns -description: Reports Results Pane Columns -author: dansimp -ms.assetid: 907360ca-6a55-4e42-88d2-db1a24cd2a28 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Reports Results Pane Columns - - -The **Results** pane in the Application Virtualization Server Management Console displays three columns for reports. If there are additional columns available, you can add and remove them. - -You can use the standard Windows **Add/Remove Columns** dialog box to select which columns are displayed in the **Results** pane. - -To see the **Add/Remove Columns** dialog box, right-click in the **Results** pane and select **View > Add/Remove Columns** from the pop-up menu. - -The following table displays the column name and its contents. - - ---- - - - - - - - - - - - - - - - - - - - - -
ColumnContents

Report Name

This column displays the report name.

Report Type

This column displays the report type.

Period Type

This column displays the frequency with which Application Virtualization generates the report.

- -  - -## Related topics - - -[Application Virtualization Report Types](application-virtualization-report-types.md) - -[How to Manage Reports in the Server Management Console](how-to-manage-reports-in-the-server-management-console.md) - -[Server Management Console: Reports Node](server-management-console-reports-node.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/reports-results-pane.md b/mdop/appv-v4/reports-results-pane.md deleted file mode 100644 index 77e23a88cc..0000000000 --- a/mdop/appv-v4/reports-results-pane.md +++ /dev/null @@ -1,69 +0,0 @@ ---- -title: Reports Results Pane -description: Reports Results Pane -author: dansimp -ms.assetid: 66beac62-fa55-4ab9-ac19-b9e1772e2d20 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Reports Results Pane - - -The **Reports Results** pane in the Application Virtualization Server Management Console displays a list of the available reports. - -To display specific options for reports, right-click any report to view the following elements. - -**Run Report** -Runs the selected report regardless of the specified value in the **Report Period** field. - -**New Window From Here** -Opens a new management console with the selected node as the root node. - -**Delete** -Deletes the selected report from the **Results** pane. - -**Rename** -Changes the name of the selected report. - -**Help** -Displays the help system for the Application Virtualization Server Management Console. - -Right-click anywhere in the **Results** pane to display a pop-up menu that contains the following elements. - -**Export List** -Creates a tab-delimited text file that contains the contents of the **Results** pane. This item displays a standard **File Save** dialog box where you specify the location for the text file you are creating. - -**View** -Changes the appearance and content of the **Results** pane. - -**Arrange/Line Up Icons** -These menu items can be used to change how the icons are displayed in the **Results** pane. - -**Help** -Displays the help system for the Application Virtualization Server Management Console. - -## Related topics - - -[Application Virtualization Report Types](application-virtualization-report-types.md) - -[How to Manage Reports in the Server Management Console](how-to-manage-reports-in-the-server-management-console.md) - -[Server Management Console: Reports Node](server-management-console-reports-node.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/restart-task-failure-dialog-box--app-v-46-sp1-.md b/mdop/appv-v4/restart-task-failure-dialog-box--app-v-46-sp1-.md deleted file mode 100644 index 2a2fbe0e8d..0000000000 --- a/mdop/appv-v4/restart-task-failure-dialog-box--app-v-46-sp1-.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -title: Restart Task Failure Dialog Box (App-V 4.6 SP1) -description: Restart Task Failure Dialog Box (App-V 4.6 SP1) -author: dansimp -ms.assetid: 1933fe71-8aa0-4e43-b6f7-060050001edd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Restart Task Failure Dialog Box (App-V 4.6 SP1) - - -A restart task associated with the application that you are trying sequence failed. - -Complete the installation and then manually restart the computer running Microsoft Application Virtualization (App-V) Sequencer. - -## Related topics - - -[Dialog Boxes (AppV 4.6 SP1)](dialog-boxes--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/run-each-program-page-app-v-46-sp1.md b/mdop/appv-v4/run-each-program-page-app-v-46-sp1.md deleted file mode 100644 index 2a93fe0947..0000000000 --- a/mdop/appv-v4/run-each-program-page-app-v-46-sp1.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Run Each Program Page -description: Run Each Program Page -author: dansimp -ms.assetid: 4f09a64e-9545-47aa-bc43-fda0089f7adb -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Run Each Program Page - - -Use the **Run Each Program** page to run each program to complete any configuration tasks after installation. For example, this step helps configure any associated application license agreements. Select the application in the **Application Pane** and select one of the following options. - -This page contains the following elements: - -**Run Selected** -Runs only the selected applications. - -**Run All** -Runs all applications contained in the package. - -## Related topics - - -[Sequencer Wizard - Package Accelerator (AppV 4.6 SP1)](sequencer-wizard---package-accelerator--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/security-and-protection-overview.md b/mdop/appv-v4/security-and-protection-overview.md deleted file mode 100644 index 99c0632836..0000000000 --- a/mdop/appv-v4/security-and-protection-overview.md +++ /dev/null @@ -1,76 +0,0 @@ ---- -title: Security and Protection Overview -description: Security and Protection Overview -author: dansimp -ms.assetid: a43e1c53-7936-4d48-a110-0be26c8e9d97 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Security and Protection Overview - - -Microsoft Application Virtualization 4.5 provides the following enhanced security features to help you plan and implement a more secure deployment strategy: - -- Application Virtualization now supports Transport Layer Security (TLS) using X.509 V3 certificates. Provided that a server certificate has been provisioned to the planned Application Virtualization Management or Streaming Server, the installation will default to secure, using the RTSPS protocol over port 322. Using RTSPS ensures that communication between the Application Virtualization Servers and the Application Virtualization Clients is signed and encrypted. If no certificate is assigned to the server during the Application Virtualization Server installation, the communication will be set to RTSP over port 554. - - **Security Note:** - - To help provide a secure setup of the server, you must make sure that RTSP ports are disabled even if you have all packages configured to use RTSPS. - - If you add security certificates to the server after installing the server, the server might not detect the certificates. To help ensure security certificate detection, restart the server after adding the certificates. - -- The client must be configured to use the same protocol and port as the server, or it will not be able to communicate with the server. The client must also trust the issuer of the certificate and ships with several of the primary providers in its Trusted Root Store. You can use self-signed certificates, but you will need to update the clients. - -- When configuring IIS servers to use the HTTPS protocol for streaming, you will need to set up Secure Sockets Layer (SSL) on the IIS server and provision the certificate for the server. The clients will also need to be configured to trust the root certification authority that issued the server certificate. - -- Kerberos authentication has been added to Microsoft Application Virtualization as the default authentication mechanism. Earlier versions relied upon NTLM V2 for authentication. Using Kerberos Authentication strengthens the security of the communication between the client and the Application Virtualization server. When a connection has been initiated from the client, the Application Virtualization Server verifies the session ticket with the Key Distribution Center (KDC). - -- Because of the support for using server certificates and using the RTSPS or HTTPS protocols, you can now support clients outside of the corporate network. This can help eliminate the need for mobile users to set up a secure connection to the corporate network (VPN, RAS, and so on) prior to launching Application Virtualization provisioned applications. - -Other important security considerations to consider include the following: - -- Always keep servers fully updated and protected. - -- To add a certificate to enable more secure communications to the Application Virtualization Management Server, the following criteria must be met: - - - The user who will be adding the certificate must be an administrator on the server where the certificate store is located. - - - The server service must be started. - - - Port 139 on the Management Server must be open to the Web Service server’s IP. - -- Use access control lists (ACLs) to ensure that the application packages and all package files are protected and cannot be tampered. ACLs restrict access to the location or folder where you store the packages, allowing access only to certain accounts. - -- Make sure that the channel between the Application Virtualization Management Server and the database is secured—for example, by using IPsec. - -- If packages are stored on a SAN or NAS, ensure the connection between the central storage device and the Application Virtualization Servers is protected. - -- All communication channels to the client should be protected—including connections to the publishing server, the Application Virtualization Server, and the path to the OSD and ICO files—by using a protocol such as HTTPS or IPsec.  - -- Client permissions should be configured to help ensure that packages cannot be tampered with by users. It is especially important that you do not grant users permission to add or update packages on systems, such as Remote Desktop Session Host (RD Session Host) servers, that are shared with multiple users. - -- Kerberos authentication must be permitted across domain or forest environments for the Server Management Console to work correctly. - -- This release of the software does not support hosting a Kerberos-based RTSP server and a Microsoft NTLM-only-based IIS server on the same computer. To host an RTSP server and an IIS server on the same computer, remove the SPN from the IIS server and use NTLM authentication. - -## Related topics - - -[Planning for Application Virtualization System Deployment](planning-for-application-virtualization-system-deployment.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/select-files-page.md b/mdop/appv-v4/select-files-page.md deleted file mode 100644 index f68466b525..0000000000 --- a/mdop/appv-v4/select-files-page.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -title: Select Files Page -description: Select Files Page -author: dansimp -ms.assetid: 6d1524ca-6306-4a28-b65f-3ded9d487e75 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Select Files Page - - -Use the **Select Files** page to review the files that will be saved with the Package Accelerator. Some of these files are displayed because they were not located on the specified media or on the local computer. In some scenarios the displayed files should be saved with the Package Accelerator so that the virtual application package can be fully recreated when the Package Accelerator is applied. - -This page contains the following elements: - -**Select Files Pane** -Displays a list of the files that were discovered in the Package Accelerator. Carefully review the files, and clear any file that should be removed from the Package Accelerator. Select only files that are required by the application to run successfully. - -## Related topics - - -[Create Package Accelerator Wizard (AppV 4.6 SP1)](create-package-accelerator-wizard--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/select-guidance-page--package-accelerators-.md b/mdop/appv-v4/select-guidance-page--package-accelerators-.md deleted file mode 100644 index 387de4bfaf..0000000000 --- a/mdop/appv-v4/select-guidance-page--package-accelerators-.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -title: Select Guidance Page (Package Accelerators) -description: Select Guidance Page (Package Accelerators) -author: dansimp -ms.assetid: 608b8823-6eac-40c0-a6dc-2f0bfc0d42a1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Select Guidance Page (Package Accelerators) - - -Use the **Select Guidance** page to specify a file that contains prescriptive guidance about how to use the Package Accelerator to create a new virtual application package. The file you select must be in rich text (.rtf) (recommended) or text (.txt) format. You should provide detailed information about all the necessary instructions for the Package Accelerator to create a virtual application package. For example, if you are performing a media installation, you can include information about how to extract files from any self-extracting executable programs. You should also provide information about all the dependent packages or any applications that must be installed for the package to run on target computers. - -This page contains the following elements: - -**Browse** -Click **Browse** to specify the file that contains information about how to apply the Package Accelerator. - -## Related topics - - -[Create Package Accelerator Wizard (AppV 4.6 SP1)](create-package-accelerator-wizard--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/select-installation-files-page-app-v-46-sp1.md b/mdop/appv-v4/select-installation-files-page-app-v-46-sp1.md deleted file mode 100644 index 08bd4bf267..0000000000 --- a/mdop/appv-v4/select-installation-files-page-app-v-46-sp1.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: Select Installation Files Page -description: Select Installation Files Page -author: dansimp -ms.assetid: 4c8cd49e-ba39-4918-9863-5b3c315d14a5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Select Installation Files Page - - -Use the **Select Installation Files** page to select installation files that the selected Package Accelerator requires. The installation files you specify should be located on the computer running the App-V Sequencer. The required installation files are also displayed on this page. - -This page contains the following elements: - -**Browse** -Click **Browse** to specify the directory that contains required installation files for the selected Package Accelerator to create the virtual application package. The directory should be located on the computer running the Sequencer. You can specify installation files of the following types of media and format: - -- Compressed files - -- Windows Installer files - -- .cab files - -- Local files and directories - -## Related topics - - -[Sequencer Wizard - Package Accelerator (AppV 4.6 SP1)](sequencer-wizard---package-accelerator--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/select-installer-page--learn-more-.md b/mdop/appv-v4/select-installer-page--learn-more-.md deleted file mode 100644 index 6a57a0227a..0000000000 --- a/mdop/appv-v4/select-installer-page--learn-more-.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Select Installer Page (Learn More) -description: Select Installer Page (Learn More) -author: dansimp -ms.assetid: da05e756-d23e-4557-8ff6-313d695a78a1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Select Installer Page (Learn More) - - -Use the **Select Installer** page to specify the installation (**.msi**, **.exe**) files or programs for the application that you are sequencing. The files specified on this page must be the actual files that will be used to install the application you are sequencing. - -This page contains the following elements: - -**Select the installer for the application.** -Specifies the installation file or files that the sequencer runs and records while creating the virtual application package. You must specify a valid Windows Installer or an executable (**.exe**) program. - -**Select this option to perform a custom installation.** -If the application you are installing does not have an associated Windows Installer or executable program, select this option to manually install the application by using a custom set of installation files. - -## Related topics - - -[Create New Package Wizard (AppV 4.6 SP1)](create-new-package-wizard---appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/select-package--learn-more--page.md b/mdop/appv-v4/select-package--learn-more--page.md deleted file mode 100644 index 24f631fd1d..0000000000 --- a/mdop/appv-v4/select-package--learn-more--page.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -title: Select Package (Learn More) Page -description: Select Package (Learn More) Page -author: dansimp -ms.assetid: 0b3d4ca4-ff65-4aa5-87a9-61cbe2ffc8be -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Select Package (Learn More) Page - - -Use the **Select Package** page to select the source virtual application package you want to use to create the Package Accelerator. Copy the package you specify on this page to the computer running the sequencer. - -This page contains the following elements: - -**Browse** -Click **Browse** to specify the existing virtual application package that you will use to create the Package Accelerator. Save the package you specify locally on the computer running the sequencer. - -## Related topics - - -[Create Package Accelerator Wizard (AppV 4.6 SP1)](create-package-accelerator-wizard--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/select-package-accelerator--learn-more--page.md b/mdop/appv-v4/select-package-accelerator--learn-more--page.md deleted file mode 100644 index 18ce0df5a2..0000000000 --- a/mdop/appv-v4/select-package-accelerator--learn-more--page.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: Select Package Accelerator (Learn More) Page -description: Select Package Accelerator (Learn More) Page -author: dansimp -ms.assetid: 2db51514-8695-4b5e-b3e5-1e96e3ee4cc7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Select Package Accelerator (Learn More) Page - - -Only run Package Accelerators from publishers that you trust. Package Accelerators usually include a digital signature. A digital signature is an electronic security mark that can help indicate the publisher of the software, and that the package has not been tampered with after the transform was originally signed. If you use a transform that has been digitally signed by a publisher and the publisher has verified its identity with a certification authority, you can be more confident that the transform comes from that specific publisher and has not been altered. - -The sequencer notifies you if any of the following conditions are true: - -- The selected transform has not been digitally signed. - -- The selected transform is signed by a publisher that has not verified its identity with a certification authority. - -- The selected transform has been altered after it was digitally signed and released. - -If any of these messages are displayed when using a Package Accelerator, visit the Package Accelerators publisher’s website to get a digitally signed version of the transform. - -## Related topics - - -[Sequencer Wizard - Package Accelerator (AppV 4.6 SP1)](sequencer-wizard---package-accelerator--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/select-package-accelerator-page.md b/mdop/appv-v4/select-package-accelerator-page.md deleted file mode 100644 index b1b04254d7..0000000000 --- a/mdop/appv-v4/select-package-accelerator-page.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Select Package Accelerator Page -description: Select Package Accelerator Page -author: dansimp -ms.assetid: 865c2702-4dfd-41ae-8cfc-3514d5f41f76 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Select Package Accelerator Page - - -Use the **Select Package Accelerator** page to select the Package Accelerator that will be used to create the new virtual application package. You must copy the Package Accelerator to a folder on the computer running the App-V Sequencer. For more information, see [About App-V Package Accelerators (App-V 4.6 SP1)](about-app-v-package-accelerators--app-v-46-sp1-.md). - -Only run Package Accelerators from publishers that you trust. Package Accelerators usually include a digital signature. A digital signature is an electronic security mark that can help indicate the publisher of the software, and whether the package has been tampered with after the transform was originally signed. If you use a transform that has been digitally signed by a publisher and the publisher has verified its identity with a certification authority, you can be more confident that the transform comes from that specific publisher and has not been altered. - -The App-V Sequencer notifies you if any of the following conditions are true: - -- The selected transform has not been digitally signed. - -- The selected transform is signed by a publisher that has not verified its identity with a certification authority. - -- The selected transform has been altered after it was digitally signed and released. - -If any of these messages are displayed when using a Package Accelerators, visit the Package Accelerators publisher’s website to get a digitally signed version of the transform. - -This page contains the following elements: - -**Browse** -Click **Browse** to specify the Package Accelerator that you will use to create the virtual application package. Save the Package Accelerator you specified locally on the computer that is running the Sequencer. - -## Related topics - - -[Sequencer Wizard - Package Accelerator (AppV 4.6 SP1)](sequencer-wizard---package-accelerator--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/select-primary-page--learn-more-.md b/mdop/appv-v4/select-primary-page--learn-more-.md deleted file mode 100644 index cf6a9e41a9..0000000000 --- a/mdop/appv-v4/select-primary-page--learn-more-.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: Select Primary Page (Learn More) -description: Select Primary Page (Learn More) -author: dansimp -ms.assetid: 17c779da-f683-4967-b136-94fe65373c1b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Select Primary Page (Learn More) - - -Use the **Select Primary** page to specify the installation file of the program that the add-on or plug-in will be associated with. If the parent application is not already installed on the computer running the App-V Sequencer, you must stop this procedure and install it now. - -For example, if you are installing a plug-in that is designed to operate with Microsoft Excel, you must specify **Excel.exe**. - -You can also use an existing virtual application package as the parent application. To use an existing virtual application package, use the following procedure before sequencing the new add-on or plug-in. - -1. To start the App-V Sequencer, on the computer that is running the App-V Sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. - -2. To expand an existing package to the computer running the Sequencer, click **Tools** / **Expand Package to Local System**. - -3. Browse to, and select the package (**.sprj** file) that you want to expand, and then click **Open**. - -This page contains the following elements: - -**Browse** -Click **Browse** to specify the program that the add-in or plug-in you are sequencing will be associated with. - -## Related topics - - -[Create New Package Wizard (AppV 4.6 SP1)](create-new-package-wizard---appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/select-task-page--learn-more-.md b/mdop/appv-v4/select-task-page--learn-more-.md deleted file mode 100644 index 60b28a83fa..0000000000 --- a/mdop/appv-v4/select-task-page--learn-more-.md +++ /dev/null @@ -1,71 +0,0 @@ ---- -title: Select Task Page (Learn More) -description: Select Task Page (Learn More) -author: dansimp -ms.assetid: 09534c40-bf6c-4b3f-be9a-8624965c9c18 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Select Task Page (Learn More) - - -Use the **Select Task** page to modify an existing virtual application package. For more information about modifying an existing virtual application package, see [How to Modify an Existing Virtual Application Package (App-V 4.6 SP1)](how-to-modify-an-existing-virtual-application-package--app-v-46-sp1-.md). - -This page contains the following elements: - -**Update Application in Existing Package** -Select this option to apply an update to an application or program that is part of an existing virtual application package. If you select this option, you should have the associated installation files saved locally to the computer running the App-V Sequencer. You must also have access to the location where the package that contains the application or program that you want to modify is saved. - -**Edit Package** -Select this option to modify the properties associated with an existing virtual application package. To edit a package, you must have access to the location where the virtual application package is saved. The following list displays the package properties that can be updated if you select **Edit Package**: - -- View package properties. - -- View package change history. - -- View associated package files. - -- Edit registry settings. - -- Review additional package settings (except operating system file properties). - -- Create associated Windows Installer. - -- Modify OSD file. - -- Compress and uncompress package. - -- Add file type associations. - -- Rename shortcuts. - -- Set virtualized registry key state (override / merge). - -- Set virtualized folder state. - -- Edit virtual file system mappings. - -**Add New Application** -Select this option to add a new application or program to an existing virtual application package. For example, you can add Microsoft Excel to an existing Microsoft Office virtual application package. To add a new application, you must have access to the location where the virtual application package is saved. You can also edit file type associations associated with an existing package. - -## Related topics - - -[Open Package Wizard (AppV 4.6 SP1)](open-package-wizard---appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/sequencer-command-line-error-codes.md b/mdop/appv-v4/sequencer-command-line-error-codes.md deleted file mode 100644 index 73d55eebce..0000000000 --- a/mdop/appv-v4/sequencer-command-line-error-codes.md +++ /dev/null @@ -1,101 +0,0 @@ ---- -title: Sequencer Command-Line Error Codes -description: Sequencer Command-Line Error Codes -author: dansimp -ms.assetid: 3d491314-4923-45fd-9839-c541c5e620bd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Sequencer Command-Line Error Codes - - -Use the following list to help identify errors that are related to sequencing applications by using the command line. You can also see this information by viewing the associated App-V Sequencer log file. - -**Note**   -Multiple errors can occur during sequencing, and if this happens, the error code that is displayed might be the sum of two error codes. For example, if the */InstallPath* and */OutputFile* parameters are missing, the App-V Sequencer will return **96**—the sum of the two error codes. - - - -01 -There is an unspecified error. - -02 -The specified installation directory (/INSTALLPACKAGE) is not valid. - -04 -The specified package root directory (/INSTALLPATH) is not valid. - -08 -The specified */OutputFile* parameter is not valid. - -16 -The installation directory (/INSTALLPACKAGE) is not specified. - -32 -The package root directory (/INSTALLPATH) is not specified. - -64 -The */OutputFile* parameter is not specified. - -128 -The specified application virtualization drive is not valid. - -256 -The installer failed. - -512 -Sequencing the application failed. - -1024 -Evaluating installed shortcuts failed. - -2048 -The sequenced application package cannot be saved. - -4096 -The specified package name (/PACKAGENAME) is not valid. - -8192 -The specified block size (/BLOCKSIZE) is not valid. - -16384 -The specified compression type (/COMPRESSION) is not valid. - -32768 -The specified project path is not valid. - -65536 -The specified upgrade parameter is not valid. - -131072 -The specified upgrade project parameter is not valid. - -262144 -The specified decode path parameter is not valid. - -525288 -The package name is not specified. - -## Related topics - - -[Application Virtualization Sequencer Reference](application-virtualization-sequencer-reference.md) - -[Sequencer Command-Line Parameters](sequencer-command-line-parameters.md) - - - - - - - - - diff --git a/mdop/appv-v4/sequencer-command-line-parameters.md b/mdop/appv-v4/sequencer-command-line-parameters.md deleted file mode 100644 index 11ecdb06c4..0000000000 --- a/mdop/appv-v4/sequencer-command-line-parameters.md +++ /dev/null @@ -1,93 +0,0 @@ ---- -title: Sequencer Command-Line Parameters -description: Sequencer Command-Line Parameters -author: dansimp -ms.assetid: 28fb875a-c302-4d95-b2e0-8dc0c5dbb0f8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Sequencer Command-Line Parameters - - -You can use the following Application Virtualization (App-V) Sequencer parameters to sequence an application and to upgrade an existing virtual application by using a command line. For more information about sequencing an application by using a command line, see [How to Sequence a New Application by Using the Command Line](how-to-sequence-a-new-application-by-using-the-command-line.md). - -## Sequencer Command-Line Parameters - - -**/HELP or /?** -Displays information about parameters that are available for using a command line to sequence applications. - -**/INSTALLPACKAGE or /I** -Specifies the Windows Installer or a batch file that will be used to install an application so that it can be sequenced. - -**/INSTALLPATH or /P** -Specifies the package root directory for an application. - -**/OUTPUTFILE or /O** -Specifies the path and file name of the SPRJ file that will be generated. - -**/FULLLOAD or /F** -Specifies whether all files will be contained in the primary feature block. If the **/FULLLOAD** parameter is specified on the command line, all of the associated application data is added to primary feature block. If the **/FULLLOAD** parameter is not specified on the command line, then none of the associated application data is added to the primary feature block. - -**/PACKAGENAME or /K** -Specifies the package name that will be assigned to the sequenced application. - -**/BLOCKSIZE** -Specifies the SFT file block size that will be used to stream the package to client computers. You can select one of the following values: - -- 4 KB - -- 16 KB - -- 32 KB - -- 64 KB - -You should consider the size of the SFT file when you specify the block size. A file with a smaller block size takes longer to stream over the network but is less bandwidth-intensive. Files with larger block sizes use more network bandwidth. - -**/COMPRESSION** -Specifies the method for compressing the SFT file that will be streamed to the client. - -**/MSI or /M** -Specifies whether a Windows Installer for the sequenced application should be created. - -**/DEFAULT** -Specifies the default SPRJ file that will be used when creating a virtual application package. This file is used as the .sprj template when the application is sequenced for the first time. - -**/UPGRADE** -Specifies the path and file name of the SPRJ file that will be upgraded. - -**/DECODEPATH** -Specifies the directory on the sequencing computer where the files associated with the sequenced application package are installed. Use one of the following formats when specifying the directory: - -- /decodepath:Q: - -- /decodepath:Q:. - -- /decodepath:”Q:.” - -- /decodepath:”Q:” - -## Related topics - - -[Application Virtualization Sequencer](application-virtualization-sequencer.md) - -[Sequencer Command-Line Error Codes](sequencer-command-line-error-codes.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/sequencer-console.md b/mdop/appv-v4/sequencer-console.md deleted file mode 100644 index 661a880497..0000000000 --- a/mdop/appv-v4/sequencer-console.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: Sequencer Console -description: Sequencer Console -author: dansimp -ms.assetid: 69e0202d-be2c-41cc-99cb-2a08a034e804 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Sequencer Console - - -The Application Virtualization Sequencer Console enables you to perform a variety of tasks, including sequencing an application, modifying a sequenced application package, configuring the Application Virtualization Sequencer, and more. - -## In This Section - - -[Properties Tab](properties-tab-keep.md) -Provides general information about the **Properties** tab, along with related procedures you can perform. - -[Deployment Tab](deployment-tab.md) -Provides general information about the **Deployment** tab, along with related procedures you can perform. - -[Change History Tab](change-history-tab-keep.md) -Provides general information about the **Change History** tab. - -[Files Tab](files-tab-keep.md) -Provides general information about the **Files** tab, along with related procedures you can perform. - -[Virtual Registry Tab](virtual-registry-tab-keep.md) -Provides general information about the **Virtual Registry** tab, along with related procedures you can perform. - -[Virtual File System Tab](virtual-file-system-tab-keep.md) -Provides general information about the **Virtual File System** tab, along with related procedures you can perform. - -[Virtual Services Tab](virtual-services-tab-keep.md) -Provides general information about the **Virtual Services** tab, along with related procedures you can perform. - -[OSD Tab](osd-tab-keep.md) -Provides general information about the **OSD** tab, along with related procedures you can perform. - -  - -  - - - - - diff --git a/mdop/appv-v4/sequencer-dialog-boxes.md b/mdop/appv-v4/sequencer-dialog-boxes.md deleted file mode 100644 index deba694e0e..0000000000 --- a/mdop/appv-v4/sequencer-dialog-boxes.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: Sequencer Dialog Boxes -description: Sequencer Dialog Boxes -author: dansimp -ms.assetid: f660d56b-0244-4167-b077-96ad482e6b36 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Sequencer Dialog Boxes - - -## In This Section - - -- [Application Virtualization Sequencer Options Dialog Box](application-virtualization-sequencer-options-dialog-box.md) - -- [Application Virtualization Sequencing Wizard-Add Application Dialog Box](application-virtualization-sequencing-wizard-add-application-dialog-box.md) - -- [Application Virtualization Sequencing Wizard-Add File Type Association Dialog Box](application-virtualization-sequencing-wizard-add-file-type-association-dialog-box.md) - -- [Application Virtualization Sequencing Wizard-Shortcut Locations Dialog Box](application-virtualization-sequencing-wizard-shortcut-locations-dialog-box.md) - -## Related topics - - -[Sequencing Wizard](sequencing-wizard.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/sequencer-hardware-and-software-requirements.md b/mdop/appv-v4/sequencer-hardware-and-software-requirements.md deleted file mode 100644 index 40fe62a7a2..0000000000 --- a/mdop/appv-v4/sequencer-hardware-and-software-requirements.md +++ /dev/null @@ -1,153 +0,0 @@ ---- -title: Sequencer Hardware and Software Requirements -description: Sequencer Hardware and Software Requirements -author: dansimp -ms.assetid: 36084e12-831d-452f-a4a4-45f07f9ce471 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Sequencer Hardware and Software Requirements - - -This topic describes the minimum recommended hardware and software requirements for the computer running the Microsoft Application Virtualization (App-V) Sequencer. - -Before you install the Sequencer and after you sequence each application, you must restore a clean operating system image to the sequencing computer. You can use one of the following methods to restore the computer running the Sequencer: - -- Reformat the hard drive and reinstall the operating system. - -- Restore the hard drive on the computer running the Sequencer image by using another disk-imaging software. - -The following list outlines the recommended hardware requirements for running the App-V Sequencer. - -### Hardware Requirements - -- Processor—Intel Pentium III, 1 GHz (32-bit or 64-bit). The sequencing process is a single-threaded process and does not take advantage of dual processors. - -- Memory—1 GB or above, 2 GB recommended. - -- Hard Disk—40 gigabyte (GB) hard disk space with a minimum of 15 GB available hard disk space. We recommend that you have at least three times the hard disk space that the application you are sequencing requires. - - **Note**   - Sequencing requires heavy disk usage. A fast disk speed can decrease the sequencing time. - - - -### Software Requirements - -The following list outlines the supported operating systems for running the Sequencer. - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackSystem Architecture

Windows XP

Professional

SP2 or SP3

x86

Windows Vista

Business, Enterprise, or Ultimate

No service pack, SP1, or SP2

x86

Windows 7¹

Professional, Enterprise, or Ultimate

x86

- - - -¹Supported for App-V 4.5 with SP1 or SP2, and App-V 4.6 only - -**Note**   -The Application Virtualization (App-V) 4.6 Sequencer supports 32-bit and 64-bit versions of these operating systems. - - - -You should configure computers running the Sequencer with the same applications that are installed on target computers. - -### Software Requirements for Remote Desktop Services - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackSystem Architecture

Windows Server 2003

Standard Edition, Enterprise Edition, or Datacenter Edition

SP1 or SP2

x86

Windows Server 2003 R2

Standard Edition, Enterprise Edition, or Datacenter Edition

x86

Windows Server 2008

Standard, Enterprise, or Datacenter

SP1 or SP2

x86

- - - -**Note**   -Application Virtualization (App-V) 4.6 for Remote Desktop Services supports 32-bit and 64-bit versions of these operating systems. - - - -## Related topics - - -[Application Virtualization Sequencer Overview](application-virtualization-sequencer-overview.md) - - - - - - - - - diff --git a/mdop/appv-v4/sequencer-wizard---package-accelerator--appv-46-sp1-.md b/mdop/appv-v4/sequencer-wizard---package-accelerator--appv-46-sp1-.md deleted file mode 100644 index 6da8f78d45..0000000000 --- a/mdop/appv-v4/sequencer-wizard---package-accelerator--appv-46-sp1-.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: Sequencer Wizard - Package Accelerator (AppV 4.6 SP1) -description: Sequencer Wizard - Package Accelerator (AppV 4.6 SP1) -author: dansimp -ms.assetid: 1f75f5ba-0707-48fb-b0b8-ba94a5159e36 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Sequencer Wizard - Package Accelerator (AppV 4.6 SP1) - - -Use any of the following links for more information about the App-V Package Accelerator wizard. - -## In This Section - - -[Select Package Accelerator Page](select-package-accelerator-page.md) - -[Select Package Accelerator (Learn More) Page](select-package-accelerator--learn-more--page.md) - -[Guidance Page](guidance-page-app-v-46-sp1.md) - -[Select Installation Files Page](select-installation-files-page-app-v-46-sp1.md) - -[Package Name Page](package-name-page--app-v-46-sp1.md) - -[Create Package Page](create-package-page--app-v-46-sp1.md) - -[Configure Software Page](configure-software-page-app-v-46-sp1.md) - -[Run Each Program Page](run-each-program-page-app-v-46-sp1.md) - -[Completion Page](completion-page-package-accelerator.md) - -## Related topics - - -[Wizard Pages (AppV 4.6 SP1)](wizard-pages--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/sequencing-wizard.md b/mdop/appv-v4/sequencing-wizard.md deleted file mode 100644 index 4db54af6bc..0000000000 --- a/mdop/appv-v4/sequencing-wizard.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Sequencing Wizard -description: Sequencing Wizard -author: dansimp -ms.assetid: 81e2f4fa-b06e-4cbe-aeb8-6ceb8f0543a5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Sequencing Wizard - - -Use the Sequencing Wizard to create applications that can run in a virtual environment. The topics in this section provide detailed information about each wizard page in the Sequencing Wizard. - -## In This Section - - -- [Application Virtualization Sequencing Wizard Package Information Page](application-virtualization-sequencing-wizard-package-information-page-keep.md) - -- [Application Virtualization Sequencing Wizard Advanced Options Page](application-virtualization-sequencing-wizard-advanced-options-page.md) - -- [Application Virtualization Sequencing Wizard Monitor Installation Page](application-virtualization-sequencing-wizard-monitor-installation-page.md) - -- [Application Virtualization Sequencing Wizard Add Files to Virtual File System Page](application-virtualization-sequencing-wizard-add-files-to-virtual-file-system-page.md) - -- [Application Virtualization Sequencing Wizard Configure Application Page](application-virtualization-sequencing-wizard-configure-application-page-keep.md) - -- [Application Virtualization Sequencing Wizard Launch Applications Page](application-virtualization-sequencing-wizard-launch-applications-page.md) - -- [Application Virtualization Sequencing Wizard Sequence Package Page](application-virtualization-sequencing-wizard-sequence-package-page.md) - -## Related topics - - -[Sequencer Dialog Boxes](sequencer-dialog-boxes.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/server-groups-node.md b/mdop/appv-v4/server-groups-node.md deleted file mode 100644 index 95137d7733..0000000000 --- a/mdop/appv-v4/server-groups-node.md +++ /dev/null @@ -1,83 +0,0 @@ ---- -title: Server Groups Node -description: Server Groups Node -author: dansimp -ms.assetid: 6b2ed086-9100-47d0-be7f-0c5fb4fa55c6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Server Groups Node - - -The **Server Groups** node is one level below the Application Virtualization System node in the **Scope** pane in the Application Virtualization Server Management Console. When you select this node, the **Results** pane displays a list of server groups. Right-click the node to display a pop-up menu that contains the following elements. - -**New Server Group** -Displays the New Server Group Wizard. This wizard consists of a single page, where you can specify a name for the server group in the **Server Group Name** field and then select the default provider policy from the drop-down menu of available provider policies. Select the **Enable** check box to enable the server group. Click **Finish** to add the new server group. - -**View** -Changes the appearance and content of the **Results** pane. - -**New Window from Here** -Opens a new management console with the selected node as the root node. - -**Refresh** -Refreshes the view of the server. - -**Export List** -Creates a tab-delimited text file that contains the contents of the **Results** pane. This item displays a standard **File Save** dialog box where you specify the location for the text file you are creating. - -**Help** -Displays the help system for the Application Virtualization Server Management Console. - -If you click any server group that appears under the **Server Groups** node in the **Scope** pane, the following elements are available. - -**New Virtual Application Server** -Displays the New Virtual Application Server Wizard. Use this wizard to add a new Application Virtualization Management Server. This wizard has one page, in which you specify the server name in the **Display Name** field and enter a name in the **DNS Host Name** field. From this wizard, you can also specify a value for the server cache in the **Maximum Memory Allocation (MB)** field and a value for the threshold warning level in the **Warn Memory Allocation (MB)** field. - -**New Window from Here** -Opens a new management console with the selected node as the root node. - -**Delete** -Deletes a package from the **Results** pane. - -**Rename** -Changes the name of a package in the **Results** pane. - -**Refresh** -Refreshes the view of the server. - -**Properties** -Displays the **Properties** dialog box for the selected server group. The **Properties** dialog box has the following tabs: - -- **General**—Enables you to select the provider policy from the drop-down list of Provider Policies. You can also enable or disable the server by selecting or clearing the **Enable** check box. - -- **Logging**—Enables you to add, edit, and remove logging modules. When you add or edit a logging module, you can also set or change the logging level. - -- **Applications**—Lists the applications that are associated with the selected server group. The displayed information includes the application name, version number, and enable status. - -**Help** -Displays the help system for the Application Virtualization Server Management Console. - -## Related topics - - -[How to Manage Servers in the Server Management Console](how-to-manage-servers-in-the-server-management-console.md) - -[Server Management Console: Server Groups Node](server-management-console-server-groups-node.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/server-groups-results-pane-columns.md b/mdop/appv-v4/server-groups-results-pane-columns.md deleted file mode 100644 index 9a40ac8e31..0000000000 --- a/mdop/appv-v4/server-groups-results-pane-columns.md +++ /dev/null @@ -1,90 +0,0 @@ ---- -title: Server Groups Results Pane Columns -description: Server Groups Results Pane Columns -author: dansimp -ms.assetid: e91b1b9b-e58c-4274-ad18-8b157936b9be -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Server Groups Results Pane Columns - - -The **Results** pane in the Application Virtualization Server Management Console displays a variety of columns. If there are additional columns available, you can add and remove them. - -You can use the standard Microsoft Windows **Add/Remove Columns** dialog box to select which columns are displayed in the **Results** pane. - -To see the **Add/Remove Columns** dialog box, right-click in the **Results** pane and select **View > Add/Remove Columns** from the pop-up menu. - -When the **Results** pane displays server groups, the column name and contents that appear are described in the following table. - - ---- - - - - - - - - - - - - -
ColumnContents

Name

Displays the name of the server group.

- -  - -When the **Results** pane displays virtual application servers, the column name and contents that appear are described in the following table. - - ---- - - - - - - - - - - - - - - - - -
ColumnContents

Name

Displays the name of the virtual application server.

Host Name

Displays the DNS host name for the virtual application server.

- -  - -## Related topics - - -[How to Manage Servers in the Server Management Console](how-to-manage-servers-in-the-server-management-console.md) - -[Server Management Console: Server Groups Node](server-management-console-server-groups-node.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/server-groups-results-pane.md b/mdop/appv-v4/server-groups-results-pane.md deleted file mode 100644 index e8558e68c8..0000000000 --- a/mdop/appv-v4/server-groups-results-pane.md +++ /dev/null @@ -1,131 +0,0 @@ ---- -title: Server Groups Results Pane -description: Server Groups Results Pane -author: dansimp -ms.assetid: ac7b0525-5946-4728-9cf1-c65007852ebe -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Server Groups Results Pane - - -The **Server Groups Results** pane in the Application Virtualization Server Management Console displays a list of the available server groups and Application Virtualization Management Servers. - -When you right-click any server group, the following elements are displayed. - -**New Application Virtualization Management Server** -Displays the New Server Wizard. Use this wizard to add a new Application Virtualization Management Server. This wizard has one page, in which you specify a name for the server in the **Display Name** field, and enter a name in the **DNS Host Name** field. From this wizard, you can also specify a maximum memory allocation for the server cache and a memory threshold warning level. - -**New Window from Here** -Opens a new management console with the selected node as the root node. - -**Delete** -Deletes a server group. - -**Rename** -Changes the name of a server group. - -**Refresh** -Refreshes the **Results** pane. - -**Properties** -Displays the **Properties** dialog box for the selected server group. The **Properties** dialog box has the following tabs: - -- **General Tab**—Enables you to select the provider policy from the drop-down list of provider policies and to enable or disable the server by selecting or clearing the **Enable** check box. - -- **Logging Tab**—Displays the list of logging modules. You can add, edit, and remove logging modules from this tab. When you add or edit a logging module, you can also set or change the logging level. - -- **Applications Tab**—Lists the applications that are associated with the selected server group. The displayed information includes the application name, version number, and enable status. - -**Help** -Displays the help system for the Application Virtualization Server Management Console. - -When the **Results** pane displays **Server Groups**, right-click anywhere in the **Results** pane, except on a server group, to display a pop-up menu that contains the following elements. - -**Refresh** -Refreshes the view of the server. - -**Export List** -Creates a tab-delimited text file that contains the contents of the **Results** pane. This item displays a standard **File Save** dialog box where you specify the location for the text file you are creating. - -**View** -Changes the appearance and content of the **Results** pane. - -**Arrange/Line Up Icons** -Changes how the icons are displayed in the **Results** pane. - -**Help** -Displays the help system for the Application Virtualization Server Management Console. - -When the **Results** pane displays **Application Virtualization Management** **Servers**, right-click a server to display a pop-up menu that contains the following elements. - -**Duplicate** -Duplicates an Application Virtualization Management Server. - -**Delete** -Deletes an Application Virtualization Management Server. - -**Rename** -Changes the name of an Application Virtualization Management Server. - -**Properties** -Displays the **Properties** dialog box for the selected server. The **Properties** dialog box has the following tabs: - -- **General**—Enables you to select the provider policy from the **Provider Policies** drop-down list and to enable or disable the server by selecting or clearing the **Enable** check box. - -- **Logging**—Displays the **Logging Modules** list. You can add, edit, and remove logging modules from this tab. When you add or edit a logging module, you can also set or change the logging level. - -- **Applications**—Lists the applications that are associated with the selected server group. The displayed information includes the application name, version number, and enable status. - -**Help** -Displays the help system for the Application Virtualization Server Management Console. - -When the **Results** pane displays **Application Virtualization Management** **Servers**, right-click anywhere, except on a server, to display a pop-up menu that contains the following elements. - -**Refresh** -Refreshes the **Results** pane. - -**Export List** -Creates a tab-delimited text file that contains the contents of the **Results** pane. This item displays a standard **File Save** dialog box where you specify the location for the text file you are creating. - -**View** -Changes the appearance and content of the **Results** pane. - -**Arrange/Line Up Icons** -Changes how the icons are displayed in the **Results** pane. - -**Properties** -Displays the **Properties** dialog box for the most recently selected server. The **Properties** dialog box has the following tabs: - -- **General**—Enables you to select the provider policy from the **Provider Policies** drop-down list and to enable or disable the server by selecting or clearing the **Enable** check box. - -- **Logging**—Displays the **Logging Modules** list. You can add, edit, and remove logging modules from this tab. When you add or edit a logging module, you can also set or change the logging level. - -- **Applications**—Lists the applications that are associated with the selected server group. The displayed information includes the application name, version number, and enable status. - -**Help** -Displays the help system for the Application Virtualization Server Management Console. - -## Related topics - - -[How to Manage Servers in the Server Management Console](how-to-manage-servers-in-the-server-management-console.md) - -[Server Management Console: Server Groups Node](server-management-console-server-groups-node.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/server-management-console-about-dialog-boxes.md b/mdop/appv-v4/server-management-console-about-dialog-boxes.md deleted file mode 100644 index c40139a8da..0000000000 --- a/mdop/appv-v4/server-management-console-about-dialog-boxes.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -title: Server Management Console About Dialog Boxes -description: Server Management Console About Dialog Boxes -author: dansimp -ms.assetid: b5fdee0b-4269-4a48-98a0-ed3f06cff041 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Server Management Console: About Dialog Boxes - - -The **About** dialog boxes display information about the specific version of the Microsoft Management Console or the specific version of the Application Virtualization Server Management Console. - -To display these dialog boxes, click **Help** and select **About Microsoft Management Console** or **About Application Virtualization Server Management Console**. - -## Related topics - - -[Application Virtualization Server Management Console Reference](application-virtualization-server-management-console-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/server-management-console-administrators-node.md b/mdop/appv-v4/server-management-console-administrators-node.md deleted file mode 100644 index 0ed24e294f..0000000000 --- a/mdop/appv-v4/server-management-console-administrators-node.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: Server Management Console Administrators Node -description: Server Management Console Administrators Node -author: dansimp -ms.assetid: ab421454-69d1-4c10-8f58-2a35ae89c8b1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Server Management Console: Administrators Node - - -The topics in this section provide information about the screen reference for the **Administrators** node in the Application Virtualization Server Management Console. - -## In This Section - - -[Administrators Node](administrators-node.md) -Describes the features and commands available from the **Administrators** node. - -[Administrators Results Pane](administrators-results-pane.md) -Describes the features and commands available in the **Administrators** node **Results** pane. - -[Administrators Results Pane Columns](administrators-results-pane-columns.md) -Describes the columns available in the **Administrators** node **Results** pane. - -## Related topics - - -[Application Virtualization Server Management Console Reference](application-virtualization-server-management-console-reference.md) - -[How to Perform Administrative Tasks in the Application Virtualization Server Management Console](how-to-perform-administrative-tasks-in-the-application-virtualization-server-management-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/server-management-console-application-licenses-node.md b/mdop/appv-v4/server-management-console-application-licenses-node.md deleted file mode 100644 index 9d37dd63fa..0000000000 --- a/mdop/appv-v4/server-management-console-application-licenses-node.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: Server Management Console Application Licenses Node -description: Server Management Console Application Licenses Node -author: dansimp -ms.assetid: ad3fa486-2b3c-4efd-91f5-507e9c5057d5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Server Management Console: Application Licenses Node - - -The topics in this section provide information about the screen reference for the **Application Licenses** node in the Application Virtualization Server Management Console. - -## In This Section - - -[Applications Licenses Node](applications-licenses-node.md) -Describes the features and commands available from the **Application Licenses** node. - -[Applications Licenses Results Pane](applications-licenses-results-pane.md) -Describes the features and commands available in the **Application Licenses** node **Results** pane. - -[Applications Licenses Results Pane Columns](applications-licenses-results-pane-columns.md) -Describes the columns available in the **Application Licenses** node **Results** pane. - -## Related topics - - -[About Application Licensing](about-application-licensing.md) - -[Application Virtualization Server Management Console Reference](application-virtualization-server-management-console-reference.md) - -[How to Manage Application Licenses in the Server Management Console](how-to-manage-application-licenses-in-the-server-management-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/server-management-console-application-virtualization-system-node.md b/mdop/appv-v4/server-management-console-application-virtualization-system-node.md deleted file mode 100644 index b52204a63d..0000000000 --- a/mdop/appv-v4/server-management-console-application-virtualization-system-node.md +++ /dev/null @@ -1,72 +0,0 @@ ---- -title: Server Management Console Application Virtualization System Node -description: Server Management Console Application Virtualization System Node -author: dansimp -ms.assetid: 9450832e-335c-41e7-af24-fddb8ffc327c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Server Management Console: Application Virtualization System Node - - -The Application Virtualization System node is the top-level node in the **Scope** pane. This node displays the name of the server the console is currently controlling, or it displays the name of the local computer (if you are connected by the name) or "local" when the console is connected to the local computer. From the Application Virtualization System node, you can connect to another computer or you can connect to the current computer with a different set of credentials. - -You can right-click the Application Virtualization System node to display the following elements. - -**Configure Connection** -In this dialog box, you can modify the following settings: - -- **Web Service Host Name**—Enables you to enter the name of the Application Virtualization System to which you want to connect, or you can enter **localhost** to connect to the local computer. - -- **Use Secure Connection**—Select if you want to connect to the server with a secure connection. - -- **Port**—Enables you to enter the port number you want to use for the connection. 80 is the default regular port number, and 443 is default secure port number. - -- **Use Current Windows Account**—Select to use the current Windows account credentials. - -- **Specify Windows Account**—Select when you want to connect to the server as a different user. - -- **Name**—Enables you to enter the name of the new user by using either the *DOMAIN\\username* or the username@domain format. - -- **Password**—Enables you to enter the password that corresponds to the new user. - -**System Options** -On the following tabs on this dialog box, you can modify the associated settings: - -- **General Tab**—Enables you to specify the **Default Content Path** where the OSD and icon files are stored. - -- **Database Tab**—Enables you to specify the maximum **Database Size** and the **Usage History**. - -**View** -Changes the appearance of the Application Virtualization Server Management Console. For more information about changing the appearance of the console, refer to the help files for the Microsoft Management Console. - -**New Window from Here** -Opens a new management console window. - -**Export List** -Creates a tab-delimited text file that contains the contents of the **Results** pane. This item displays a standard **File Save** dialog box where you specify the location for the text file you are creating. - -**Help** -Starts the management console help file. - -## Related topics - - -[Application Virtualization Server Management Console Reference](application-virtualization-server-management-console-reference.md) - - - - - - - - - diff --git a/mdop/appv-v4/server-management-console-applications-node.md b/mdop/appv-v4/server-management-console-applications-node.md deleted file mode 100644 index 4b72b9cea2..0000000000 --- a/mdop/appv-v4/server-management-console-applications-node.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: Server Management Console Applications Node -description: Server Management Console Applications Node -author: dansimp -ms.assetid: e465f816-032d-4824-9924-f2dcf30f2a2c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Server Management Console: Applications Node - - -The topics in this section provide information about the screen reference for the **Applications** node in the Application Virtualization Server Management Console. - -## In This Section - - -[Applications Node in Server Management Console](applications-node-in-server-management-console.md) -Describes the features and commands available from the **Applications** node. - -[Applications Results Pane in Server Management Console](applications-results-pane-in-server-management-console.md) -Describes the features and commands available in the **Applications** node **Results** pane. - -[Applications Results Pane Columns in Server Management Console](applications-results-pane-columns-in-server-management-console.md) -Describes the columns available in the **Applications** node **Results** pane. - -## Related topics - - -[Application Virtualization Server Management Console Reference](application-virtualization-server-management-console-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/server-management-console-file-type-associations-node.md b/mdop/appv-v4/server-management-console-file-type-associations-node.md deleted file mode 100644 index 30911041dd..0000000000 --- a/mdop/appv-v4/server-management-console-file-type-associations-node.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: Server Management Console File Type Associations Node -description: Server Management Console File Type Associations Node -author: dansimp -ms.assetid: c22168be-6601-4154-b36b-9ca0fa87e5e0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Server Management Console: File Type Associations Node - - -The topics in this section provide information about the screen reference for the **File Type Associations** node in the Application Virtualization Server Management Console. - -## In This Section - - -[File Type Associations Node](file-type-associations-node.md) -Describes the features and commands available from the **File Type Associations** node. - -[File Type Associations Results Pane](file-type-associations-results-pane.md) -Describes the features and commands available in the **File Type Associations** node **Results** pane. - -[File Type Associations Results Pane Columns](file-type-associations-results-pane-columns.md) -Describes the columns available in the **File Type Associations** node **Results** pane. - -## Related topics - - -[Application Virtualization Server Management Console Reference](application-virtualization-server-management-console-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/server-management-console-packages-node.md b/mdop/appv-v4/server-management-console-packages-node.md deleted file mode 100644 index dc6de0a83f..0000000000 --- a/mdop/appv-v4/server-management-console-packages-node.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: Server Management Console Packages Node -description: Server Management Console Packages Node -author: dansimp -ms.assetid: 458424f6-d586-4fa8-bf61-44c5028a4490 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Server Management Console: Packages Node - - -The topics in this section provide information about the screen reference for the **Packages** node in the Application Virtualization Server Management Console. - -## In This Section - - -[Packages Node](packages-node.md) -Describes the features and commands available from the **Packages** node. - -[Package Results Pane](package-results-pane.md) -Describes the features and commands available in the **Packages** node **Results** pane. - -[Package Results Pane Columns](package-results-pane-columns.md) -Describes the columns available in the **Packages** node **Results** pane. - -## Related topics - - -[About Application Virtualization Packages](about-application-virtualization-packages.md) - -[Application Virtualization Server Management Console Reference](application-virtualization-server-management-console-reference.md) - -[How to Manage Packages in the Server Management Console](how-to-manage-packages-in-the-server-management-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/server-management-console-provider-policies-node.md b/mdop/appv-v4/server-management-console-provider-policies-node.md deleted file mode 100644 index e48e539846..0000000000 --- a/mdop/appv-v4/server-management-console-provider-policies-node.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: Server Management Console Provider Policies Node -description: Server Management Console Provider Policies Node -author: dansimp -ms.assetid: a5b99158-9af8-45bb-b3b8-61e220529e14 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Server Management Console: Provider Policies Node - - -The topics in this section provide information about the screen reference for the **Provider Policies** node in the Application Virtualization Server Management Console. - -## In This Section - - -[Provider Policies Node](provider-policies-node.md) -Describes the features and commands available from the **Provider Policies** node. - -[Provider Policies Results Pane](provider-policies-results-pane.md) -Describes the features and commands available in the **Provider Policies** node **Results** pane. - -[Provider Policies Results Pane Columns](provider-policies-results-pane-columns.md) -Describes the columns available in the **Provider Policies** node **Results** pane. - -## Related topics - - -[Application Virtualization Server Management Console Reference](application-virtualization-server-management-console-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/server-management-console-reports-node.md b/mdop/appv-v4/server-management-console-reports-node.md deleted file mode 100644 index 5cda771115..0000000000 --- a/mdop/appv-v4/server-management-console-reports-node.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: Server Management Console Reports Node -description: Server Management Console Reports Node -author: dansimp -ms.assetid: 9dde6332-5882-40dd-8a8f-857216df80ed -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Server Management Console: Reports Node - - -The topics in this section provide information about the screen reference for the **Reports** node in the Application Virtualization Server Management Console. - -## In This Section - - -Reports Node -Describes the features and commands available from the **Reports** node. - -[Reports Results Pane](reports-results-pane.md) -Describes the features and commands available in the **Reports** node **Results** pane. - -[Reports Results Pane Columns](reports-results-pane-columns.md) -Describes the columns available in the **Reports** node **Results** pane. - -## Related topics - - -[Application Utilization Report](application-utilization-reportserver.md) - -[Application Virtualization Server Management Console Reference](application-virtualization-server-management-console-reference.md) - -[Software Audit Report](software-audit-reportserver.md) - -[System Error Report](system-error-reportserver.md) - -[System Utilization Report](system-utilization-reportserver.md) - -[How to Manage Reports in the Server Management Console](how-to-manage-reports-in-the-server-management-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/server-management-console-server-groups-node.md b/mdop/appv-v4/server-management-console-server-groups-node.md deleted file mode 100644 index 4b657466b4..0000000000 --- a/mdop/appv-v4/server-management-console-server-groups-node.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: Server Management Console Server Groups Node -description: Server Management Console Server Groups Node -author: dansimp -ms.assetid: 83b86fc5-3f77-4470-985a-cf0bb8686067 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Server Management Console: Server Groups Node - - -The topics in this section provide information about the screen reference for the **Server Groups** node in the Application Virtualization Server Management Console. - -## In This Section - - -[Server Groups Node](server-groups-node.md) -Describes the features and commands available from the **Server Groups** node. - -[Server Groups Results Pane](server-groups-results-pane.md) -Describes the features and commands available in the **Server Groups** node **Results** pane. - -[Server Groups Results Pane Columns](server-groups-results-pane-columns.md) -Describes the columns available in the **Server Groups** node **Results** pane. - -## Related topics - - -[Application Virtualization Server Management Console Reference](application-virtualization-server-management-console-reference.md) - -[How to Manage Servers in the Server Management Console](how-to-manage-servers-in-the-server-management-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/sftmime--command-reference.md b/mdop/appv-v4/sftmime--command-reference.md deleted file mode 100644 index 732b47bafc..0000000000 --- a/mdop/appv-v4/sftmime--command-reference.md +++ /dev/null @@ -1,101 +0,0 @@ ---- -title: SFTMIME Command Reference -description: SFTMIME Command Reference -author: dansimp -ms.assetid: a4a69228-9dd3-4623-b773-899d03c0cf10 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# SFTMIME Command Reference - - -SFTMIME is a command-line interface used by Application Virtualization (App-V) that enables you to manage many client configuration details. This section contains all the commands and their parameters, with a brief description of each. - -**Important**   -- All backslash characters must be escaped using a preceding backslash, or the path will not be parsed correctly. - -- If you are using a calling program to invoke SFTMIME with **CreateProcess**, you must ensure that the first parameter is the path to sftmime.exe. - -- The output of the SFTMIME **QUERY OBJ** command cannot be piped to the **findstr** command to search for a string. - -- Use of the **GLOBAL** switch requires local administrator rights. - -- Use of short paths and relative paths can lead to unexpected results and should be avoided. Always use full paths. - -  - -## In This Section - - -[ADD APP](add-app.md) - -[ADD PACKAGE](add-package.md) - -[ADD SERVER](add-server.md) - -[ADD TYPE](add-type.md) - -[CLEAR APP](clear-app.md) - -[CLEAR OBJ](clear-obj.md) - -[CONFIGURE APP](configure-app.md) - -[CONFIGURE PACKAGE](configure-package.md) - -[CONFIGURE SERVER](configure-server.md) - -[CONFIGURE TYPE](configure-type.md) - -[DELETE APP](delete-app.md) - -[DELETE OBJ](delete-obj.md) - -[DELETE PACKAGE](delete-package.md) - -[DELETE SERVER](delete-server.md) - -[DELETE TYPE](delete-type.md) - -[HELP](help.md) - -[LOAD APP](load-app.md) - -[LOAD PACKAGE](load-package.md) - -[LOCK APP](lock-app.md) - -[PUBLISH APP](publish-app.md) - -[PUBLISH PACKAGE](publish-package.md) - -[QUERY OBJ](query-obj.md) - -[REFRESH SERVER](refresh-server.md) - -[REPAIR APP](repair-app.md) - -[UNLOAD APP](unload-app.md) - -[UNLOAD PACKAGE](unload-package.md) - -[UNLOCK APP](unlock-app.md) - -[UNPUBLISH PACKAGE](unpublish-package.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/sfttray-command-reference.md b/mdop/appv-v4/sfttray-command-reference.md deleted file mode 100644 index 9e7dc93e91..0000000000 --- a/mdop/appv-v4/sfttray-command-reference.md +++ /dev/null @@ -1,145 +0,0 @@ ---- -title: SFTTRAY Command Reference -description: SFTTRAY Command Reference -author: dansimp -ms.assetid: 6fa3a939-b047-4d6c-bd1d-dfb93e065eb2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# SFTTRAY Command Reference - - -The Microsoft Application Virtualization (App-V) Client Tray application, sfttray.exe, is the main user interface element of the App-V Client that users will interact with during normal use. This program controls the streaming and starting of all virtual applications and is accessed by right-clicking the icon displayed in the notification area to display the menu of client functions. The menu enables the user to load applications, start a publishing refresh, cancel a request, or change the client to offline mode. The user can also close the Application Virtualization Client Tray application and all active applications by clicking **Exit**. - -By default, the icon is displayed whenever a virtual application is started, although you can control this behavior by using SFTTRAY commands. The Application Virtualization Client Tray application also displays a progress bar for each application that is started, as well as status messages about active applications. Clicking the progress bar displays a message that allows you to cancel the loading or starting of an application. - -## SFTTRAY Commands - - -The list of commands and command-line switches can be displayed by running the following command from a command window. - -**Note** -There is only one Application Virtualization Client Tray instance for each user context, so if you start a new SFTTRAY command, it will be passed to the program that is already running. - - - -`Sfttray.exe /?` - -### Command Usage - -`Sfttray.exe [/HIDE | /SHOW]` - -`Sfttray.exe [/HIDE | /SHOW] [/QUIET] [/EXE alternate-exe] /LAUNCH app [args]` - -`Sfttray.exe [/HIDE | /SHOW] [/QUIET] /LOAD app [/SFTFILE sft]` - -`Sfttray.exe [/HIDE | /SHOW] [/QUIET] /LOADALL` - -`Sfttray.exe [/HIDE | /SHOW] [/QUIET] /REFRESHALL` - -`Sfttray.exe [/HIDE | /SHOW] [/QUIET] /LAUNCHRESULT /LAUNCH app [args]` - -`Sfttray.exe /EXIT` - -### Command-Line Switches - -The SFTTRAY command-line switches are described in the following table. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SwitchDescription

/HIDE

Hides the SFTTRAY icon in the Windows notification area.

/SHOW

Displays the SFTTRAY icon in the Windows notification area.

/QUIET

Supports unattended usage by preventing errors from displaying message boxes that require user acknowledgement.

/EXE <alternate-exe>

Used with /LAUNCH to specify that an executable program is to be started in the virtual environment when a virtual application is started in place of the target file specified in the OSD.

-
-Note

For example, use “SFTTRAY.EXE /EXE REGEDIT.EXE /LAUNCH <app>” to enable you to examine the registry of the virtual environment in which the application is running.

-
-
- -

/LAUNCH <app> [<args>]

Starts a virtual application. Specify the name and version of an application or the path to an OSD file. Optionally, command-line arguments can be passed to the virtual application.

-
-Note

Use the command “SFTMIME.EXE /QUERY OBJ:APP /SHORT” to obtain a list of the names and versions of available virtual applications.

-
-
- -

/LOAD

Loads or imports a virtual application.

/LOADALL

Loads all applications into cache.

/REFRESHALL

Starts a publishing refresh for all applications.

/LAUNCHRESULT <UNIQUE ID>

Returns the launch result code to the process that launches sfttray.exe by using a global event and a memory mapped file that are based on the specified root name for the UNIQUE ID.¹

/SFTFILE <sft>

Optional switch used with /LOAD to specify the path to the application’s SFT file. If specified, the application is imported rather than loaded.

/EXIT

Closes the SFTTRAY program and all active virtual applications and removes the icon from the Windows notification area.

- - - -**Note** -¹ The */LAUNCHRESULT* command line parameter provides a means for the process that launches sfttray.exe to specify the root name for a global event and a memory mapped file that are used to return the launch result code to the process. The unique identifier name should start with “SFT-” to prevent the event name from getting virtualized when the launching process is invoked within a virtual environment. The memory mapped region will be 64 bits in size. - -To use this parameter, the launching process creates an event with the name “<UNIQUE ID>-result\_event”, a memory mapped file with the name “<UNIQUE ID>-result\_value”, and optionally an event with the name “<UNIQUE ID>-shutdown\_event”, and then the launching process launches sfttray.exe and waits on the event to be signaled. After the event “<UNIQUE ID>-result\_event” is signaled, the launching process retrieves the 64-bit return code from the memory mapped region. - -If the optional event “<UNIQUE ID>-shutdown\_event” exists when the virtual application exits, sfttray.exe opens and signals the event. The launching process waits on this shutdown event if it needs to determine when the virtual application exits. - - - - - - - - - - - diff --git a/mdop/appv-v4/side-by-side-privatization-failed-dialog-box--app-v-46-sp1-.md b/mdop/appv-v4/side-by-side-privatization-failed-dialog-box--app-v-46-sp1-.md deleted file mode 100644 index ced6882390..0000000000 --- a/mdop/appv-v4/side-by-side-privatization-failed-dialog-box--app-v-46-sp1-.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -title: Side-by-side Privatization Failed Dialog Box (App-V 4.6 SP1) -description: Side-by-side Privatization Failed Dialog Box (App-V 4.6 SP1) -author: dansimp -ms.assetid: bcdb9b82-b53d-4a36-9f5d-71c021d4be28 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Side-by-side Privatization Failed Dialog Box (App-V 4.6 SP1) - - -The Side-by-side assembly privatization failed. You can find more information about the side-by-side assemblies in the Sequencer log file which is located in the following directory: - -<App-V Sequencer installation drive> \\**Program Files** \\ **Microsoft Application Virtualization Sequencer** \\ **Logs** - -Install public versions of the required assemblies on the computer running the App-V Sequencer before you sequence the application. The same assemblies must also be installed on all computers running the App-V client before you deploy the package. - -## Related topics - - -[Dialog Boxes (AppV 4.6 SP1)](dialog-boxes--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/software-audit-reportserver.md b/mdop/appv-v4/software-audit-reportserver.md deleted file mode 100644 index 9efbb49955..0000000000 --- a/mdop/appv-v4/software-audit-reportserver.md +++ /dev/null @@ -1,58 +0,0 @@ ---- -title: Software Audit Report -description: Software Audit Report -author: dansimp -ms.assetid: 55a49ed2-f331-40d3-add6-8e5fcd6816fd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Software Audit Report - - -Use the Software Audit Report to list the usage information during the reporting period for all applications defined in the database. You can use this report to determine which applications are the most heavily used. - -For each application, the Software Audit Report lists the following information: - -- Number of sessions—Number of times an application was used - -The Software Audit Report also includes a summary of the total usage per application. - -When you create a report, you specify the parameters that are used for collecting the data when the report is run. - -Reports are not run automatically; you must run them explicitly to generate output data. The length of time it takes to run this report is determined by the amount of data collected in the data store. - -After you run a report and the output is displayed in the Application Virtualization Server Management Console, you can export the report into the following formats: - -- Adobe Acrobat (PDF) - -- Microsoft Office Excel - -## Related topics - - -[How to Create a Report](how-to-create-a-reportserver.md) - -[How to Delete a Report](how-to-delete-a-reportserver.md) - -[How to Export a Report](how-to-export-a-reportserver.md) - -[How to Print a Report](how-to-print-a-reportserver.md) - -[How to Run a Report](how-to-run-a-reportserver.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/stand-alone-delivery-scenario-for-application-virtualization-clients.md b/mdop/appv-v4/stand-alone-delivery-scenario-for-application-virtualization-clients.md deleted file mode 100644 index 224b3b7a04..0000000000 --- a/mdop/appv-v4/stand-alone-delivery-scenario-for-application-virtualization-clients.md +++ /dev/null @@ -1,58 +0,0 @@ ---- -title: Stand-Alone Delivery Scenario for Application Virtualization Clients -description: Stand-Alone Delivery Scenario for Application Virtualization Clients -author: dansimp -ms.assetid: 7545b468-f58a-4504-a6d5-3c2d303731c4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Stand-Alone Delivery Scenario for Application Virtualization Clients - - -The Stand-Alone Delivery Scenario enables you to realize the benefits of Microsoft Application Virtualization in situations where no servers are available to support other methods of deploying your virtual applications. - -**Note**   -It is assumed that you have already installed the Application Virtualization Sequencer in preparation for the stand-alone scenario. For more information, see [How to Install the Application Virtualization Sequencer](how-to-install-the-application-virtualization-sequencer.md). - - - -## In This Section - - -[Stand-Alone Delivery Scenario Overview](stand-alone-delivery-scenario-overview.md) -Provides a general overview of the benefits of a stand-alone Application Virtualization deployment scenario. - -[How to Manually Install the Application Virtualization Client](how-to-manually-install-the-application-virtualization-client.md) -Provides a step-by-step procedure for installing the Application Virtualization Client software. - -[How to Publish a Virtual Application on the Client](how-to-publish-a-virtual-application-on-the-client.md) -Provides command-line procedures for publishing an application package, using either Windows Installer or SFTMIME. - -## Reference - - -[Application Virtualization Client Installer Command-Line Parameters](application-virtualization-client-installer-command-line-parameters.md)[SFTMIME Command Reference](sftmime--command-reference.md) - -## Related topics - - -[Application Virtualization Client Hardware and Software Requirements](application-virtualization-client-hardware-and-software-requirements.md) - -[How to Install the Application Virtualization Sequencer](how-to-install-the-application-virtualization-sequencer.md) - - - - - - - - - diff --git a/mdop/appv-v4/stand-alone-delivery-scenario-overview.md b/mdop/appv-v4/stand-alone-delivery-scenario-overview.md deleted file mode 100644 index d01a132c43..0000000000 --- a/mdop/appv-v4/stand-alone-delivery-scenario-overview.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: Stand-Alone Delivery Scenario Overview -description: Stand-Alone Delivery Scenario Overview -author: dansimp -ms.assetid: b109f309-f3c1-43af-996f-2a9b138dd171 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Stand-Alone Delivery Scenario Overview - - -The stand-alone delivery scenario is an ideal application virtualization solution for environments where either low bandwidth connectivity or no connectivity limits the ability of the Application Virtualization Desktop Client to stream applications from centralized servers. In these environments, users often work remotely and device owners install applications by using Windows Installer files. - -You can use the Application Virtualization Sequencer to create sequenced applications that include Windows Installer files. These packages include the virtualized applications, publication information, and the necessary installer routines for installing the packages on the client systems. The installer adds the virtual application package to the Microsoft Application Virtualization Desktop Client. The publication information is configured to load applications from a local location rather than stream them across a WAN. Users can temporarily connect to a network to retrieve the Windows Installer files or can run them from a DVD. - -The stand-alone delivery scenario provides users the following benefits: - -- Simple deployment operation. - -- Network and servers not needed at runtime. - -- Applications pre-cached and available to all users. - -The stand-alone delivery scenario has the following limitations: - -- Built-in, automated reporting is unavailable; reports must be generated with external reporting tools. - -- Applications must be delivered to the client manually like the original Windows Installer files. - -## Related topics - - -[How to Manually Install the Application Virtualization Client](how-to-manually-install-the-application-virtualization-client.md) - -[How to Publish a Virtual Application on the Client](how-to-publish-a-virtual-application-on-the-client.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/streaming-page-learn-more.md b/mdop/appv-v4/streaming-page-learn-more.md deleted file mode 100644 index f46ecd595d..0000000000 --- a/mdop/appv-v4/streaming-page-learn-more.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: Streaming Page -description: Streaming Page -author: dansimp -ms.assetid: a69a57a0-1bbe-4604-840d-bfa87ec463e1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Streaming Page - - -Use the **Streaming** page to optimize the virtual application package. During this step, the App-V Sequencer evaluates and configures the virtual application package so that it runs more efficiently when the package is deployed to target computers. - -**Note**   -You only have to perform the following tasks if you plan to stream the package across the network. - - - -This page contains the following elements: - -**Run Selected** -Runs and optimizes only the specified programs saved in the virtual application package. - -**Run All** -Runs all the programs saved in the virtual application package. - -## Related topics - - -[Create New Package Wizard (AppV 4.6 SP1)](create-new-package-wizard---appv-46-sp1-.md) - - - - - - - - - diff --git a/mdop/appv-v4/support-for-client-reporting-over-http.md b/mdop/appv-v4/support-for-client-reporting-over-http.md deleted file mode 100644 index 23aa56eca5..0000000000 --- a/mdop/appv-v4/support-for-client-reporting-over-http.md +++ /dev/null @@ -1,108 +0,0 @@ ---- -title: Support for Client Reporting over HTTP -description: Support for Client Reporting over HTTP -author: dansimp -ms.assetid: 4a26ac80-1fb5-4c05-83de-4d06793f7bf2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Support for Client Reporting over HTTP - - -Version 4.6 of the App-V client now supports the use of HTTP communication when sending client reporting data to the publishing server. This feature supports scenarios where a customer has implemented a custom HTTP(S) publishing server that is configured to collect and process client data. - -For more information on HTTP publishing servers, see - -## Client Reporting over HTTP - - -The client starts collecting data when it receives a “REPORTING=”TRUE””attribute in the publishing refresh response XML from the publishing server. When this attribute is received, the client sends any accumulated data to the publishing server that sent the publishing refresh. The details of this process are as follows: - -- The client sends an HTTP GET request to the publishing server for a publishing refresh. The header of this message contains an “AppV-Op:Refresh” custom header that the custom HTTP(S) publishing server uses to identify the message type. - -- The publishing server then sends the publishing refresh response XML that contains a “REPORTING=”TRUE”” value. - -- The client then sends an HTTP POST request to the publishing server along with the reporting data that has been gathered since the previous refresh. The header of this message contains an “AppV-Op:Report” custom header that the custom HTTP(S) publishing server uses to identify the message type. - -The following schema gives specific details of the package and the application data that is sent to the server. - -```xml - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -``` - -  - -  - - - - - diff --git a/mdop/appv-v4/sxs-conflict-detected-dialog-box--app-v-46-sp1-.md b/mdop/appv-v4/sxs-conflict-detected-dialog-box--app-v-46-sp1-.md deleted file mode 100644 index 8e3965c0c2..0000000000 --- a/mdop/appv-v4/sxs-conflict-detected-dialog-box--app-v-46-sp1-.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -title: SXS Conflict Detected Dialog Box (App-V 4.6 SP1) -description: SXS Conflict Detected Dialog Box (App-V 4.6 SP1) -author: dansimp -ms.assetid: 7cbb67ba-cc11-4f10-b903-4a6af233eacb -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# SXS Conflict Detected Dialog Box (App-V 4.6 SP1) - - -The application you are installing requires 64-bit assemblies. You can find more information about the side-by-side assemblies in the Sequencer log file which is located in the following directory: - -<App-V Sequencer installation drive> \\**Program Files** \\ **Microsoft Application Virtualization Sequencer** \\ **Logs** - -Install public versions of the required 64-bit assemblies on the computer running the App-V Sequencer before sequencing this application. You must also install the assemblies on the computer running the App-V client before you deploy this package. - -## Related topics - - -[Dialog Boxes (AppV 4.6 SP1)](dialog-boxes--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/system-error-reportserver.md b/mdop/appv-v4/system-error-reportserver.md deleted file mode 100644 index b94b419d2f..0000000000 --- a/mdop/appv-v4/system-error-reportserver.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: System Error Report -description: System Error Report -author: dansimp -ms.assetid: 4081db2f-92a6-4928-a26b-757048159094 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# System Error Report - - -Generate the System Error Report to track the number of errors and warnings logged over time during the specified reporting period for the specified server, for the specified server group. - -This report generates a bar graph that displays the fatal errors, errors, and log warnings in ascending order based on the time the messages were logged. - -When you create a report, you specify the parameters that are used for collecting the data when the report is run. - -Reports are not run automatically; you must run them explicitly to generate output data. The length of time it takes to run this report is determined by the amount of data collected in the data store. - -After you run a report and the output is displayed in the Application Virtualization Server Management Console, you can export the report into the following formats: - -- Adobe Acrobat (PDF) - -- Microsoft Office Excel - -## Related topics - - -[How to Create a Report](how-to-create-a-reportserver.md) - -[How to Delete a Report](how-to-delete-a-reportserver.md) - -[How to Export a Report](how-to-export-a-reportserver.md) - -[How to Print a Report](how-to-print-a-reportserver.md) - -[How to Run a Report](how-to-run-a-reportserver.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/system-utilization-reportserver.md b/mdop/appv-v4/system-utilization-reportserver.md deleted file mode 100644 index 5bccc4c9ab..0000000000 --- a/mdop/appv-v4/system-utilization-reportserver.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: System Utilization Report -description: System Utilization Report -author: dansimp -ms.assetid: 4d490d15-2d1f-4f2c-99bb-0685447c0672 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# System Utilization Report - - -Use the System Utilization Report to graph the total daily system usage. You can use this report to determine the load on your Application Virtualization System. - -This report tracks the usage over time during the reporting period for the specified server or for the server group. - -The System Utilization Report also graphs the following system usage: - -- Usage by day of the week - -- Usage by hour of the day - -The System Utilization Report also includes a summary of the total system usage for specific users and total session counts. - -When you create a report, you specify the parameters that are used for collecting the data when the report is run. - -Reports are not run automatically; you must run them explicitly to generate output data. The length of time it takes to run this report is determined by the amount of data collected in the data store. - -After you run a report and the output is displayed in the Application Virtualization Server Management Console, you can export the report into the following formats: - -- Adobe Acrobat (PDF) - -- Microsoft Office Excel - -**Note**   -The App-V server name reported from the clients must be part of the Default Server Group in order for the System Utilization report to show data. For example, if you are using multiple servers with a Network Load Balancer (NLB), you must add the NLB cluster name to the Default Server Group. - - - -## Related topics - - -[How to Create a Report](how-to-create-a-reportserver.md) - -[How to Delete a Report](how-to-delete-a-reportserver.md) - -[How to Export a Report](how-to-export-a-reportserver.md) - -[How to Print a Report](how-to-print-a-reportserver.md) - -[How to Run a Report](how-to-run-a-reportserver.md) - - - - - - - - - diff --git a/mdop/appv-v4/target-os-page-learn-more.md b/mdop/appv-v4/target-os-page-learn-more.md deleted file mode 100644 index 34db517496..0000000000 --- a/mdop/appv-v4/target-os-page-learn-more.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: Target OS Page -description: Target OS Page -author: dansimp -ms.assetid: 003fd992-0a7e-494e-9e75-4dd5e0927e15 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Target OS Page - - -Use the **Target OS** page to specify which operating systems in your environment can run this virtual application package. - -**Note**   -The operating systems specified on this page can only run this virtual application package if the application you are sequencing supports the operating systems specified. Review the supported operating systems for the application you are sequencing to ensure compatibility. - - - -This page contains the following elements: - -**Allow this package to run on any operating system** -Enables the virtual application package to be installed and run on all supported operating systems. - -**Allow this package to only run on the following operating systems** -Enables the virtual application package to be installed and run only on the selected supported operating systems. - -## Related topics - - -[Create New Package Wizard (AppV 4.6 SP1)](create-new-package-wizard---appv-46-sp1-.md) - - - - - - - - - diff --git a/mdop/appv-v4/tasks-for-the-application-virtualization-sequencer--app-v-46-sp1-.md b/mdop/appv-v4/tasks-for-the-application-virtualization-sequencer--app-v-46-sp1-.md deleted file mode 100644 index f3df4eb7f8..0000000000 --- a/mdop/appv-v4/tasks-for-the-application-virtualization-sequencer--app-v-46-sp1-.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: Tasks for the Application Virtualization Sequencer (App-V 4.6 SP1) -description: Tasks for the Application Virtualization Sequencer (App-V 4.6 SP1) -author: dansimp -ms.assetid: 58597af9-6a62-4588-ab41-dbf6b7026267 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Tasks for the Application Virtualization Sequencer (App-V 4.6 SP1) - - -Use any of the following links for more information about using the App-V Sequencer. - -## In This Section - - -[How to Determine Which Type of Application to Sequence (App-V 4.6 SP1)](how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md) -Describes how to determine the type of application you want to sequence. - -[How to Sequence a New Standard Application (App-V 4.6 SP1)](how-to-sequence-a-new-standard-application--app-v-46-sp1-.md) -Describes how to sequence a new standard application. - -[How to Sequence a New Add-on or Plug-in Application (App-V 4.6 SP1)](how-to-sequence-a-new-add-on-or-plug-in-application--app-v-46-sp1-.md) -Describes how to sequence a new add-on or plug-in application. - -[How to Sequence a New Middleware Application (App-V 4.6 SP1)](how-to-sequence-a-new-middleware-application--app-v-46-sp1-.md) -Describes how to sequence a new middleware application. - -[How to Modify an Existing Virtual Application Package (App-V 4.6 SP1)](how-to-modify-an-existing-virtual-application-package--app-v-46-sp1-.md) -Describes how to modify an existing virtual application package. - -[How to Apply a Package Accelerator to Create a Virtual Application Package (App-V 4.6 SP1)](how-to-apply-a-package-accelerator-to-create-a-virtual-application-package---app-v-46-sp1-.md) -Describes how to use a Package Accelerator to create a new virtual application package. - -[How to Apply an App-V Project Template (App-V 4.6 SP1)](how-to-apply-an-app-v-project-template--app-v-46-sp1-.md) -Describes how to use a project template to apply standard package settings to a new virtual application package. - -[How to Create App-V Package Accelerators (App-V 4.6 SP1)](how-to-create-app-v-package-accelerators--app-v-46-sp1-.md) -Describes how create a new Package Accelerator. - -## Related topics - - -[Application Virtualization Sequencer](application-virtualization-sequencer.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/tasks-for-the-application-virtualization-sequencer.md b/mdop/appv-v4/tasks-for-the-application-virtualization-sequencer.md deleted file mode 100644 index 88d5d425f0..0000000000 --- a/mdop/appv-v4/tasks-for-the-application-virtualization-sequencer.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: Tasks for the Application Virtualization Sequencer -description: Tasks for the Application Virtualization Sequencer -author: dansimp -ms.assetid: 398018f4-297a-440d-b614-23f0ab03e7bd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Tasks for the Application Virtualization Sequencer - - -The links in this section provide the necessary information to complete each associated Microsoft Application Virtualization (App-V) task. - -## In This Section - - -[How to Sequence a New Application](how-to-sequence-a-new-application.md) -Specifies the tasks associated with sequencing a new application. - -[How to Create a Virtual Environment for a Web-Based Application](how-to-create-a-virtual-environment-for-a-web-based-application.md) -Specifies how to create separate web environments for virtual applications. - -[How to Upgrade a Sequenced Virtual Application Package](how-to-upgrade-a-sequenced-virtual-application-package.md) -Specifies how to upgrade an existing virtual application package. - -[How to Branch a Package](how-to-branch-a-package.md) -Specifies how to branch an existing virtual application package so you can run multiple versions of the same package. - -[How to Upgrade a Package Using the Open Package Command](how-to-upgrade-a-package-using-the-open-package-command.md) -Specifies how to upgrade an existing virtual application package using the command line. - -[How to Manage Virtual Applications Using the Command Line](how-to-manage-virtual-applications-using-the-command-line.md) -Specifies how to manage virtual applications using the command line. - -## Related topics - - -[Application Virtualization Sequencer Online Help](application-virtualization-sequencer-online-help.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/troubleshooting-application-virtualization-sequencer-issues.md b/mdop/appv-v4/troubleshooting-application-virtualization-sequencer-issues.md deleted file mode 100644 index c7285083d5..0000000000 --- a/mdop/appv-v4/troubleshooting-application-virtualization-sequencer-issues.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: Troubleshooting Application Virtualization Sequencer Issues -description: Troubleshooting Application Virtualization Sequencer Issues -author: dansimp -ms.assetid: 2712094b-a0bc-4643-aced-5415535f3fec -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Troubleshooting Application Virtualization Sequencer Issues - - -This topic includes information that you can use to help troubleshoot general issues on the Application Virtualization (App-V) Sequencer. - -## Creating an SFTD File by Using the App-V Sequencer Increases the Version Number Unexpectedly - - -Use the command line to generate a new .sft file. To create the .sft file by using the command line, enter the following at a command prompt: - -**mkdiffpkg.exe <base SFT file name> <diff SFT file name>** - -## File Name in OSD File Is Not Correct After Package Upgrade - - -When you open a package for upgrade, you should specify the root Q:\\ drive as the output location for the package. Do not specify an associated file name with the output location. - -## Microsoft Word 2003 Default Install Results in an Error When Streamed to a Client - - -When you stream Microsoft Word 2003 to a client, an error is returned, but Microsoft Word continues to run. - -**Solution** - -Resequence the virtual application package and select **Full Install**. - -## Active Upgrade Does Not Work When You Create a Dependent Package - - -When you create a dependent package by using active upgrade and add new registry entries, it appears to function correctly, but the updated registry entries are not available. - -**Solution** - -Registry settings are always stored with the original version of the package, so updates to the package will not appear to be available unless you repair the original package. - -## Detailed information is not visible for Microsoft Office 2007 documents by using the properties page - - -When you try to view detailed information associated with a Microsoft Office 2007 document by using the properties page, the detailed information is not visible. - -**Solution** - -App-V does not support the required shell extensions for these property pages. - -## Some registry keys are not captured when you sequence 16-bit applications - - -In App-V 4.5, registry hooking has been moved from kernel mode to user mode. If you want to sequence a 16-bit application or an application that uses a 16-bit installer, you must first configure the sequencer computer so that the process runs in its own copy of the Windows NT Virtual DOS Machine (NTVDM). - -**Solution** - -Before you sequence the application, set the following global REGSZ registry key value to "yes" on the sequencing computer: - -HKLM\\SYSTEM\\CurrentControlSet\\Control\\WOW\\DefaultSeparateVDM - -You must restart the computer before this takes effect. - -## Related topics - - -[Application Virtualization Sequencer](application-virtualization-sequencer.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/troubleshooting-certificate-permission-issues.md b/mdop/appv-v4/troubleshooting-certificate-permission-issues.md deleted file mode 100644 index 9b05d6624b..0000000000 --- a/mdop/appv-v4/troubleshooting-certificate-permission-issues.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: Troubleshooting Certificate Permission Issues -description: Troubleshooting Certificate Permission Issues -author: dansimp -ms.assetid: 06b8cbbc-93fd-44aa-af39-2d780792d3c3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Troubleshooting Certificate Permission Issues - - -After the installation of App-V 4.5, if the private key has not been configured with the proper ACL for the Network Service, an event is logged in the NT Event Log and an entry is placed in the `Sft-server.log` file. - -## Error Messages - - -### Windows Server 2003 - -Event ID 36870—A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x80090016. - -### Windows Server 2008 - -Event ID 36870—A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. - -## Sft-server.log - - -The following error is placed in the `sft-server.log` file located in the `%ProgramFiles%\Microsoft System Center App Virt Management Server\App Virt Management Server\logs` directory: - -Certificate could not be loaded. Error code \[-2146893043\]. Make sure that the Network Service account has proper access to the certificate and its corresponding private key file. - -  - -  - - - - - diff --git a/mdop/appv-v4/troubleshooting-information-for-the-application-virtualization-client.md b/mdop/appv-v4/troubleshooting-information-for-the-application-virtualization-client.md deleted file mode 100644 index a8b8781132..0000000000 --- a/mdop/appv-v4/troubleshooting-information-for-the-application-virtualization-client.md +++ /dev/null @@ -1,98 +0,0 @@ ---- -title: Troubleshooting Information for the Application Virtualization Client -description: Troubleshooting Information for the Application Virtualization Client -author: dansimp -ms.assetid: 260a8dad-847f-4ec0-b7dd-6e6bc52017ed -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Troubleshooting Information for the Application Virtualization Client - - -This topic includes information that you can use to troubleshoot various issues on the Application Virtualization (App-V) Client. - -## Publishing Refresh Is Very Slow - - -If publishing refresh on a specific computer takes much longer than expected and if the client is configured to use the **IconSourceRoot** setting, determine whether **IconSourceRoot** contains a nonvalid URL. A nonvalid URL will cause very long delays during publishing refresh. - -## Users Cannot Connect to the Server and Go into Disconnected Operations Mode - - -When you are using an App-V Management Server configured with the RTSPS protocol, if the users are unable to connect and they go into disconnected operations mode, determine whether the certificate that is being used on the server is valid. A nonvalid certificate will prevent users from connecting and will cause them to go into disconnected operations mode. - -## Users Experience Slow Performance When Applications Are Not Fully Cached - - -When applications are not fully cached, users might occasionally experience temporary slow or intermittent performance when they start or use the application. There are several possible reasons this can occur—for example, when the App-V Client is in the process of auto-loading an application or when an Out Of Sequence request is being processed. When the applications are fully cached, these problems will no longer occur. - -## Error Displayed After an Update Is Removed - - -You must use the correct Windows Installer 3.1 command format to remove an update from the App-V Client, as follows: - -`Msiexec /I {F82584A0-D706-4D2D-9BC1-7E6D8BE3BB0F} MSIPATCHREMOVE={BE3DD018-9A1F-40FD-9538-C0A995CBD254} /qb /l*v "Uninstall.log"` - -Using the older command format `msiexec /package /uninstall ` will cause error 6003 "Application Virtualization client could not be started". - -## Error Code 0A-0000E01E Occurs When You Try to Start an Application - - -Error code 0A-0000E01E indicates that the sequenced application package might be corrupt. The solution is to resequence the package. - -## Users Cannot Access Files They Have Created on the Q: Drive - - -If users save files to the **Q:** drive, they cannot retrieve them because they do not have read rights to the drive. Users should not save files to the **Q:** drive. - -## User Is Prompted with a 1D1 Error - - -When the file streaming URL is incorrectly set in the Open Software Descriptor (OSD) file, the App-V Client returns a 1d1 error instead of a “file not found” error. This error indicates that the application start failed and the user has been forced into disconnected operations mode. Correct the file streaming URL. - -## Incorrect Icons Associated with Some Applications - - -When an icon is to be used in a publishing operation, the App-V Client first determines whether it already has a cached copy of the icon, by looking in the icon cache for an item whose original source path matches the path of the icon given to the publishing operation. If the App-V Client finds a match, it will use the already-cached icon; otherwise, it will download the new icon into the cache. If the path to the icon is a scratch directory or if it gets reused for new icons or packages, the lookup in the cache might pick the wrong icon from a previous operation. - -## Users Are Prompted for Credentials When Starting an Application - - -If a user attempts to start a virtual application to which the system administrator has restricted access, the user might be prompted to enter credentials. The user should type the user name and password for an account that has permission to launch the application and then press ENTER. - -## Publishing Refresh Fails After Upgrading the App-V Client to Version 4.5 - - -If the user data directory was previously placed in a non-standard location (%*AllUsersProfile*%\\Documents\\SoftGrid Client\\Users\\%*username*%), users who do not have administrator privileges on the computer will find that publishing refresh fails after the App-V Client is upgraded. During the upgrade, the App-V Client global data directory and all its subdirectories are configured with restricted access rights for administrators only. You can avoid this problem by changing the user data directory before upgrading so that it is not a subdirectory of the global data directory. - -## Reboot Required After Install Failure - - -If the client install fails for any reason and if subsequent attempts to install the client also fail, check the Windows Installer log to see whether it shows an error “sftplay failed, error=1072”. If so, restart the computer before trying to install the client again. - -## Repairing a Corrupted Virtual Application - - -If for any reason a virtual application package installed using a Windows Installer Package (MSI) file becomes corrupted, reinstall the package. The Repair function available in the Windows Installer will not update the user volumes. - -## Related topics - - -[Application Virtualization Client Reference](application-virtualization-client-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/troubleshooting-information-for-the-application-virtualization-server.md b/mdop/appv-v4/troubleshooting-information-for-the-application-virtualization-server.md deleted file mode 100644 index df335aaec7..0000000000 --- a/mdop/appv-v4/troubleshooting-information-for-the-application-virtualization-server.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: Troubleshooting Information for the Application Virtualization Server -description: Troubleshooting Information for the Application Virtualization Server -author: dansimp -ms.assetid: e9d43d9b-84f2-4d1b-bb90-a13740151e0c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Troubleshooting Information for the Application Virtualization Server - - -This topic includes information that you can use to troubleshoot various issues on the Application Virtualization (App-V) Servers. - -## Warning Message 25017 in Setup Log After Installing the Server - - -You might find the following message in the server setup log after installation. - -*Warning 25017. The installation Program could not create the Active Directory marker object for the server. The account used to install did not have the sufficient rights to write to Active Directory or Active Directory was unavailable.* - -The App-V Management or Streaming Server installer creates a Service Connection Point entry under the Computer object in Active Directory Domain Services (AD DS) that corresponds to the computer on which the server is installed if the account used to run the installer has the appropriate rights. Failure to create this entry will not cause the install to fail and this should not otherwise affect the functioning of the product. The likely cause of any failure is that the user account used to run the install did not have sufficient rights to write to AD DS. Although registering the App-V server in AD DS is optional, one benefit of doing so enables centralized management tools to locate the App-V server for inventory and management purposes. - -## Related topics - - -[Application Virtualization Server](application-virtualization-server.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/troubleshooting-the-application-virtualization-sequencer.md b/mdop/appv-v4/troubleshooting-the-application-virtualization-sequencer.md deleted file mode 100644 index c832ebe830..0000000000 --- a/mdop/appv-v4/troubleshooting-the-application-virtualization-sequencer.md +++ /dev/null @@ -1,81 +0,0 @@ ---- -title: Troubleshooting the Application Virtualization Sequencer -description: Troubleshooting the Application Virtualization Sequencer -author: dansimp -ms.assetid: 12ea8367-0b84-44e1-a885-e0539486556b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Troubleshooting the Application Virtualization Sequencer - - -This topic includes information that you can use to help troubleshoot general issues on the Application Virtualization (App-V) Sequencer. - -## Creating an SFTD File by Using the App-V Sequencer Increases the Version Number Unexpectedly - - -The version number associated with an SFTD file increases unexpectedly. - -**Solution** - -Use the command line to generate a new .sft file. To create the .sft file by using the command line, enter the following at a command prompt: - -**mkdiffpkg.exe <base SFT file name> <diff SFT file name>** - -## File Name in OSD File Is Not Correct After Package Upgrade - - -After you upgrade an existing package, the file name is not correct. - -**Solution** - -When you open a package for upgrade, you should specify the root Q:\\ drive as the output location for the package. Do not specify an associated file name with the output location. - -## Microsoft Word 2003 Default Install Results in an Error When Streamed to a Client - - -When you stream Microsoft Word 2003 to a client, an error is returned but Microsoft Word continues to run. - -**Solution** - -Resequence the virtual application package, and select **Full Install**. - -## Package Upgrade Does Not Work When You Create a Dependent Package - - -When you create a dependent package by using package upgrade and add new registry entries, it appears to function correctly but the updated registry entries are not available. - -**Solution** - -Registry settings are always stored with the original version of the package, so updates to the package will not appear to be available unless you repair the original package. - -## Error When Trying to Sequence .NET 2.0 - - -When you sequence a package that requires .NET 2.0, you get an error. - -**Solution** - -Sequencing packages that require .NET 2.0 is not supported. - -## Related topics - - -[Application Virtualization Sequencer](application-virtualization-sequencer.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/type-of-application-page--learn-more-.md b/mdop/appv-v4/type-of-application-page--learn-more-.md deleted file mode 100644 index 529c2aac7d..0000000000 --- a/mdop/appv-v4/type-of-application-page--learn-more-.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Type of Application Page (Learn More) -description: Type of Application Page (Learn More) -author: dansimp -ms.assetid: d1262d16-7b14-441e-8500-7974bf68d196 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Type of Application Page (Learn More) - - -Use the **Type of Application** page to specify the type of application you are sequencing. It is important to understand and select the correct type of application you are sequencing so you can ensure you take the correct steps toward successful package creation. - -This page contains the following elements: - -**Standard Application (default)** -Select this option to create a package that contains an application or a suite of applications. You should select this option for most applications you plan to sequence. - -**Add-on or Plug-in** -Select this option to create a package that extends the functionality of a standard application; for example, a plug-in for Microsoft Excel. - -**Middleware** -Select this option to create a package that is required by a standard application, for example, the Microsoft .NET Framework. - -## Related topics - - -[Create New Package Wizard (AppV 4.6 SP1)](create-new-package-wizard---appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/unload-app.md b/mdop/appv-v4/unload-app.md deleted file mode 100644 index e9b1a2c013..0000000000 --- a/mdop/appv-v4/unload-app.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: UNLOAD APP -description: UNLOAD APP -author: dansimp -ms.assetid: f0d729ae-8772-498b-be11-1a4b35499c53 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# UNLOAD APP - - -Unloads the application and all other applications in the package from the file system cache. - -`SFTMIME UNLOAD APP:application [/LOG log-pathname | /CONSOLE | /GUI]` - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

APP:<application>

The name and version (optional) of the application to unload.

/LOG

If specified, output is logged to the specified path name.

/CONSOLE

If specified, output is presented in the active console window (default).

/GUI

If specified, output is presented in a Windows dialog box.

- -  - -For version 4.6, the following option has been added. - - ---- - - - - - - -

/LOGU

If specified, output is logged to the specified path name in UNICODE format.

- -  - -## Related topics - - -[SFTMIME Command Reference](sftmime--command-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/unload-package.md b/mdop/appv-v4/unload-package.md deleted file mode 100644 index 8c8678569e..0000000000 --- a/mdop/appv-v4/unload-package.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: UNLOAD PACKAGE -description: UNLOAD PACKAGE -author: dansimp -ms.assetid: a076eb5a-ce3d-49e4-ac7a-4d4df10e3477 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# UNLOAD PACKAGE - - -Unloads the package from the file system cache. - -`SFTMIME UNLOAD PACKAGE:package-name [/LOG log-pathname | /CONSOLE | /GUI]` - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

PACKAGE:<package-name>

The name of the package to unload.

/LOG

If specified, output is logged to the specified path name.

/CONSOLE

If specified, output is presented in the active console window (default).

/GUI

If specified, output is presented in a Windows dialog box.

- -  - -For version 4.6, the following option has been added. - - ---- - - - - - - -

/LOGU

If specified, output is logged to the specified path name in UNICODE format.

- -  - -## Related topics - - -[SFTMIME Command Reference](sftmime--command-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/unlock-app.md b/mdop/appv-v4/unlock-app.md deleted file mode 100644 index 91940cb378..0000000000 --- a/mdop/appv-v4/unlock-app.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: UNLOCK APP -description: UNLOCK APP -author: dansimp -ms.assetid: 91fc8ceb-b4f5-4a06-8193-05189f830943 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# UNLOCK APP - - -Unlocks the application specified in the file system cache. - -`SFTMIME UNLOCK APP:application [/LOG log-pathname | /CONSOLE | /GUI]` - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

APP:<application>

The name and version (optional) of the application to unlock.

/LOG

If specified, output is logged to the specified path name.

/CONSOLE

If specified, output is presented in the active console window (default).

/GUI

If specified, output is presented in a Windows dialog box.

- -  - -For version 4.6, the following option has been added. - - ---- - - - - - - -

/LOGU

If specified, output is logged to the specified path name in UNICODE format.

- -  - -## Related topics - - -[SFTMIME Command Reference](sftmime--command-reference.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/unpublish-package.md b/mdop/appv-v4/unpublish-package.md deleted file mode 100644 index 34f5a16083..0000000000 --- a/mdop/appv-v4/unpublish-package.md +++ /dev/null @@ -1,109 +0,0 @@ ---- -title: UNPUBLISH PACKAGE -description: UNPUBLISH PACKAGE -author: dansimp -ms.assetid: 1651427c-72a5-4701-bb57-71e14a7a3803 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# UNPUBLISH PACKAGE - - -Enables you to remove the shortcuts and file types for an entire package. - -`SFTMIME UNPUBLISH PACKAGE:package-name [/CLEAR] [/GLOBAL] [/LOG log-pathname | /CONSOLE | /GUI]` - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

PACKAGE:<package-name>

The name of the package.

/CLEAR

If present, user settings will also be removed. (For more information, see the Important note later in this topic.)

/GLOBAL

If present, the package will be unpublished for all users on this computer.

/LOG

If specified, output is logged to the specified path name.

/CONSOLE

If specified, output is presented in the active console window (default).

/GUI

If specified, output is presented in a Windows dialog box.

- - - -For version 4.6, the following option has been added. - - ---- - - - - - - -

/LOGU

If specified, output is logged to the specified path name in UNICODE format.

- - - -**Important**   -Before you can run the **UNPUBLISH PACKAGE** command, the package must already have been added to the Application Virtualization Client. - -To use **GLOBAL**, **UNPUBLISH PACKAGE** must be run as local Administrator; otherwise, only **ClearApp** permission is needed. - -Using **UNPUBLISH PACKAGE** with **GLOBAL** removes any global file types and shortcuts for the package. **CLEAR** is not applicable. - -Using **UNPUBLISH PACKAGE** without **GLOBAL** removes the user shortcuts and file types for the package and, if **CLEAR** is set, also removes user settings and stops background loads under the user’s context. - -**UNPUBLISH PACKAGE** works on applications from the same package name or GUID that was used as the source ID for **ADD**, **EDIT**, and **PUBLISH PACKAGE**. - -**UNPUBLISH PACKAGE** always clears all the user settings, shortcuts, and file types regardless of the use of the /CLEAR switch. - - - -## Related topics - - -[SFTMIME Command Reference](sftmime--command-reference.md) - - - - - - - - - diff --git a/mdop/appv-v4/user-access-permissions-in-application-virtualization-client.md b/mdop/appv-v4/user-access-permissions-in-application-virtualization-client.md deleted file mode 100644 index b5823c5aa0..0000000000 --- a/mdop/appv-v4/user-access-permissions-in-application-virtualization-client.md +++ /dev/null @@ -1,134 +0,0 @@ ---- -title: User Access Permissions in Application Virtualization Client -description: User Access Permissions in Application Virtualization Client -author: dansimp -ms.assetid: 7459374c-810c-45e3-b205-fdd1f8514f80 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# User Access Permissions in Application Virtualization Client - - -On the **Permissions** tab on the **Properties** dialog box, accessible by right-clicking the **Application Virtualization** node in the Application Virtualization Client Management Console, administrators can grant users permissions to use the various client functions. - -**Note**   -Before changing users permissions, ensure that any permissions changes are consistent with the organization's guidelines for granting user permissions. - - - -The following table lists and describes the permissions that can be granted to users. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Permission NameDescription

Add applications

Register new applications by passing a new OSD file to the client by using sfttray.exe, sftmime.exe or the MMC.

Change file system cache size

Increase the size of the file system cache.

Change file system drive

Select a different preferred drive letter for the file system.

Change log settings

Change the log level or the log path for the client log file.

Change OSD files

Modify OSD files for registered applications and pass them into the client. This does not affect publishing refresh.

Clear application settings

Delete file types, shortcuts and any configurations for the current user.

Delete applications

Remove all references to an application from the file system and OSD cache for all users on the computer.

Import applications into the cache

Load application data directly from a specified SFT file into the file system cache. This affects all users.

Load applications into the cache

Start a load of the SFT file for an application from the configured source, such as an App-V Streaming Server. This loads the application for all users on the computer.

Lock and unlock applications in the cache

Prevent or allow applications from being unloaded from the file system cache. This affects all users on the computer.

Manage file type associations

Add, modify, or delete file type associations for the current user only.

Manage publishing refresh settings

Change settings that control the timing of publishing refreshes for all users on the computer.

Manage publishing servers

Add, modify, or delete publishing servers for all users on the computer. This permission implicitly includes permission to manage publishing refresh settings.

Publish shortcuts

Create new shortcuts to registered applications. The user must also have permission to create files in the local file system.

Repair applications

Remove application specific configurations for the current user without removing shortcuts or file type associations.

Start a publishing refresh

Start an unscheduled publishing refresh for the current user.

Toggle offline mode

Change the entire client from online to offline mode for all users.

Unload applications from the cache

Clear application data from the file system cache for all users without removing user-specific settings, shortcuts, or file type associations.

View all applications

Allow the user to see the virtual applications for all users registered on the computer.

- - - -## Related topics - - -[How to Change User Access Permissions](how-to-change-user-access-permissions.md) - - - - - - - - - diff --git a/mdop/appv-v4/using-application-virtualization-servers-as-a-package-management-solution.md b/mdop/appv-v4/using-application-virtualization-servers-as-a-package-management-solution.md deleted file mode 100644 index e41d0cb21b..0000000000 --- a/mdop/appv-v4/using-application-virtualization-servers-as-a-package-management-solution.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -title: Using Application Virtualization Servers as a Package Management Solution -description: Using Application Virtualization Servers as a Package Management Solution -author: dansimp -ms.assetid: 41597355-e7bb-45e2-b300-7b1724419975 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Using Application Virtualization Servers as a Package Management Solution - - -If you do not have an existing ESD system to deploy your Application Virtualization solution or do not wish to use one, you will need to install one or more Application Virtualization Management Servers as the core of your system architecture. The Application Virtualization Management Server requires a dedicated server computer and needs a Microsoft SQL Server database. The database can be on the same server, or it can be configured on a corporate database server that is accessible to the Application Virtualization Management Server over a high-speed LAN connection. In addition, you will need to install the Microsoft Application Virtualization Management Console, on either the Application Virtualization Management Server or on a designated management workstation, and you will need to install the Microsoft Application Virtualization Management Web Service, which can also be installed on the Application Virtualization Management Server or on a separate IIS server. The Application Virtualization Management Console is used to connect to the Application Virtualization Management Web Service, enabling the system administrator to interact with the Application Virtualization Management Server. - -**Note**   -Access to the applications is controlled by means of Security Groups in Active Directory Domain Services, so you will need to plan a process to set up a security group for each virtualized application and for managing which users are added to each group. The Application Virtualization Management Server administrator configures the server to use these Active Directory groups, and the server then automatically controls access to the packages based on Active Directory group membership. - - - -## In This Section - - -[Overview of the Application Virtualization System Components](overview-of-the-application-virtualization-system-components.md) -Lists and describes the primary components of the Microsoft Application Virtualization Management System. - -[Publishing Virtual Applications Using Application Virtualization Management Servers](publishing-virtual-applications-using-application-virtualization-management-servers.md) -Provides a brief overview of how virtual applications are published in an Application Virtualization Server-based deployment scenario. - -[Planning Your Streaming Solution in an Application Virtualization Server-Based Implementation](planning-your-streaming-solution-in-an-application-virtualization-server-based-implementation.md) -Describes available options for using Application Virtualization Streaming Servers in conjunction with your Application Virtualization Management Server-based implementation. - -## Related topics - - -[Application Virtualization Server-Based Scenario](application-virtualization-server-based-scenario.md) - -[Planning for Application Virtualization System Deployment](planning-for-application-virtualization-system-deployment.md) - - - - - - - - - diff --git a/mdop/appv-v4/using-electronic-software-distribution-as-a-package-management-solution.md b/mdop/appv-v4/using-electronic-software-distribution-as-a-package-management-solution.md deleted file mode 100644 index 7106bf01e0..0000000000 --- a/mdop/appv-v4/using-electronic-software-distribution-as-a-package-management-solution.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: Using Electronic Software Distribution as a Package Management Solution -description: Using Electronic Software Distribution as a Package Management Solution -author: dansimp -ms.assetid: 7d96ea70-3e7e-49fa-89cc-586804a10657 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Using Electronic Software Distribution as a Package Management Solution - - -In Application Virtualization, after you have sequenced and tested a package, you need to deploy the virtual application package to the target computers. To accomplish this, you will need to determine where to put the package content and how to deliver it to the end user computers. An efficient, effective electronic software distribution–based deployment plan will help you avoid the situation where large numbers of end users computers need to retrieve the package content over slow network connections. - -If you currently have an electronic software distribution (ESD) system in daily operation, you can use it to handle all necessary management tasks in Application Virtualization. This means that you can effectively use your existing infrastructure to the best advantage, without the need to add new servers and application software or incur the additional administrative overhead that these would require. Ideally, if you have Microsoft Endpoint Configuration Manager deployed and operational, you will find that Configuration Manager has built-in capability for performing the Application Virtualization management tasks. - -For in-depth information about performing an ESD-based deployment, [Electronic Software Distribution-Based Scenario](electronic-software-distribution-based-scenario.md). - -## In This Section - - -[Publishing Virtual Applications Using Electronic Software Distribution](publishing-virtual-applications-using-electronic-software-distribution.md) -Describes the available ESD-based methods for distributing your sequenced applications to clients. - -[Planning Your Streaming Solution in an Electronic Software Distribution Implementation](planning-your-streaming-solution-in-an-electronic-software-distribution-implementation.md) -Describes available options for using a streaming server to deploy your sequenced applications to clients. - -## Related topics - - -[Electronic Software Distribution-Based Scenario](electronic-software-distribution-based-scenario.md) - -[Planning for Application Virtualization System Deployment](planning-for-application-virtualization-system-deployment.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/verify-applications-page--package-accelerators-.md b/mdop/appv-v4/verify-applications-page--package-accelerators-.md deleted file mode 100644 index fa38068d5e..0000000000 --- a/mdop/appv-v4/verify-applications-page--package-accelerators-.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: Verify Applications Page (Package Accelerators) -description: Verify Applications Page (Package Accelerators) -author: dansimp -ms.assetid: e58a37db-d042-453f-aa0d-2f324600a35b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Verify Applications Page (Package Accelerators) - - -Use the **Verify Applications** page to review the installer file dependencies that are saved with the package. These files are required when the Package Accelerator is used to create a new virtual application package. - -You can add or edit the following types of information. Only the application **Name** is required; however, you should provide as much information as possible to help ensure that a new virtual application package is created successfully when you use a package accelerator: - -- **Name**. You must specify a name. - -- **Publisher**. Optionally specify information about the application publisher. - -- **Version**. Optionally specify application version information. - -- **Language**. Optionally specify language information. - -This page contains the following elements: - -**Add** -Adds a new installation file dependency that will be required when the Package Accelerator is applied. - -**Delete** -Deletes a selected dependency file that is currently part of the Package Accelerator. - -**Edit** -Enables you to edit the properties associated with the selected installer file’s dependency. - -## Related topics - - -[Create Package Accelerator Wizard (AppV 4.6 SP1)](create-package-accelerator-wizard--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/virtual-application-package-additional-components.md b/mdop/appv-v4/virtual-application-package-additional-components.md deleted file mode 100644 index 8fe48620bc..0000000000 --- a/mdop/appv-v4/virtual-application-package-additional-components.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: Virtual Application Package Additional Components -description: Virtual Application Package Additional Components -author: dansimp -ms.assetid: 476b0f40-ebd6-4296-92fa-61fa9495c03c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Virtual Application Package Additional Components - - -The App-V Sequencer has detected a directory that contains 64-bit and 32-bit executables and/or dynamic-link library (.dll) files that depend on the same side-by-side assembly. Typically, the Sequencer creates private side-by-side assemblies for all public assemblies that are used by the package; however, it is not possible to create 32-bit and 64-bit versions of the private assemblies in the same directory. - -If the Sequencer detects a single conflict, it will perform the following actions: - -- Remove all of the existing 64-bit private assemblies in the entire package, whether or not the directory has a conflict. - -- Create only 32-bit versions of the private side-by-side assemblies. - -You should natively install public versions of all the required 64-bit assemblies on the computer running the Sequencer and on all App-V client computers. - -To locate the required existing public assemblies, open the directory where the package is saved and look in the **VFS** folder. For example, if the package root is **Q:\\MyApp**, when you sequence the application, look in **Q:\\MyApp\\VFS\\CSIDL\_Windows\\WinSxS\\Manifests** and locate all of the existing public assemblies. The 64-bit versions of these files will always start with the following text at the beginning of the manifest name: **amd64…**. The exact name and version of the assembly can be found in the associated manifest file. - -Use any of the following links to download and install the correct version of the required prerequisites: - -- [Microsoft Visual C++ 2005 Redistributable Package (x64)](https://go.microsoft.com/fwlink/?LinkId=152697) - -- [Microsoft Visual C++ 2005 SP1 Redistributable Package (x64)](https://go.microsoft.com/fwlink/?LinkId=152698) - -- [Microsoft Visual C++ 2008 Redistributable Package (x64)](https://go.microsoft.com/fwlink/?LinkId=152699) - -- [Microsoft Visual C++ 2008 SP1 Redistributable Package (x64)](https://go.microsoft.com/fwlink/?LinkId=152700) - -  - -  - - - - - diff --git a/mdop/appv-v4/virtual-file-system-tab-keep.md b/mdop/appv-v4/virtual-file-system-tab-keep.md deleted file mode 100644 index 290e0a1d2a..0000000000 --- a/mdop/appv-v4/virtual-file-system-tab-keep.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: Virtual File System Tab -description: Virtual File System Tab -author: dansimp -ms.assetid: 9d084e2a-720d-4a25-9cd5-d0d70868b413 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Virtual File System Tab - - -The **Virtual File System** tab allows you to view and modify the file-mapping information. - -## In This Section - - -[About the Virtual File System Tab](about-the-virtual-file-system-tab.md) -Provides general information about the **Virtual File System** tab. - -[How to Modify File-Mapping Information](how-to-modify-file-mapping-information.md) -Provides the procedure to modify the file-mapping information by using the **Virtual File System** tab. - -## Related topics - - -[Sequencer Console](sequencer-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/virtual-registry-tab-keep.md b/mdop/appv-v4/virtual-registry-tab-keep.md deleted file mode 100644 index cd9e9a01da..0000000000 --- a/mdop/appv-v4/virtual-registry-tab-keep.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: Virtual Registry Tab -description: Virtual Registry Tab -author: dansimp -ms.assetid: 25833383-24c4-40a1-b34c-73b2bd3f11e1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Virtual Registry Tab - - -Use the **Virtual Registry** tab to view and modify the virtual registry key information. - -## In This Section - - -[About the Virtual Registry Tab](about-the-virtual-registry-tab.md) -Provides general information about the **Virtual Registry** tab. - -[How to Modify Virtual Registry Key Information](how-to-modify-virtual-registry-key-information.md) -Provides the procedure to modify the virtual registry key information by using the **Virtual Registry** tab. - -## Related topics - - -[Sequencer Console](sequencer-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/virtual-services-tab-keep.md b/mdop/appv-v4/virtual-services-tab-keep.md deleted file mode 100644 index 360df6d0a5..0000000000 --- a/mdop/appv-v4/virtual-services-tab-keep.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: Virtual Services Tab -description: Virtual Services Tab -author: dansimp -ms.assetid: 9fc4679d-ccb5-4df7-99de-dd7d3a367ecc -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Virtual Services Tab - - -Use the **Virtual Services** tab to view and edit the attributes of embedded services. - -## In This Section - - -[About the Virtual Services Tab](about-the-virtual-services-tab.md) -Provides general information about the **Virtual Services** tab. - -[How to Modify Attributes of Embedded Services](how-to-modify-attributes-of-embedded-services.md) -Provides the procedure to modify the attributes of embedded services by using the **Virtual Services** tab. - -## Related topics - - -[Sequencer Console](sequencer-console.md) - -  - -  - - - - - diff --git a/mdop/appv-v4/wizard-pages--appv-46-sp1-.md b/mdop/appv-v4/wizard-pages--appv-46-sp1-.md deleted file mode 100644 index a0a4219295..0000000000 --- a/mdop/appv-v4/wizard-pages--appv-46-sp1-.md +++ /dev/null @@ -1,40 +0,0 @@ ---- -title: Wizard Pages (AppV 4.6 SP1) -description: Wizard Pages (AppV 4.6 SP1) -author: dansimp -ms.assetid: dadab8cf-fe6d-4cff-8f6c-e9676f244872 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Wizard Pages (AppV 4.6 SP1) - - -Use any of the following links for more information about the App-V wizards. - -## In This Section - - -[Create Package Accelerator Wizard (AppV 4.6 SP1)](create-package-accelerator-wizard--appv-46-sp1-.md) - -[Create New Package Wizard (AppV 4.6 SP1)](create-new-package-wizard---appv-46-sp1-.md) - -[Open Package Wizard (AppV 4.6 SP1)](open-package-wizard---appv-46-sp1-.md) - -[Sequencer Wizard - Package Accelerator (AppV 4.6 SP1)](sequencer-wizard---package-accelerator--appv-46-sp1-.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/TOC.md b/mdop/appv-v5/TOC.md deleted file mode 100644 index 6f2058280a..0000000000 --- a/mdop/appv-v5/TOC.md +++ /dev/null @@ -1,223 +0,0 @@ -# [Application Virtualization 5](index.md) -## [Application Virtualization 5.1](microsoft-application-virtualization-51-administrators-guide.md) -### [Getting Started with App-V 5.1](getting-started-with-app-v-51.md) -#### [About App-V 5.1](about-app-v-51.md) -##### [Release Notes for App-V 5.1](release-notes-for-app-v-51.md) -#### [Evaluating App-V 5.1](evaluating-app-v-51.md) -#### [High Level Architecture for App-V 5.1](high-level-architecture-for-app-v-51.md) -#### [Accessibility for App-V 5.1](accessibility-for-app-v-51.md) -### [Planning for App-V 5.1](planning-for-app-v-51.md) -#### [Preparing Your Environment for App-V 5.1](preparing-your-environment-for-app-v-51.md) -##### [App-V 5.1 Prerequisites](app-v-51-prerequisites.md) -##### [App-V 5.1 Security Considerations](app-v-51-security-considerations.md) -#### [Planning to Deploy App-V 5.1](planning-to-deploy-app-v51.md) -##### [App-V 5.1 Supported Configurations](app-v-51-supported-configurations.md) -##### [App-V 5.1 Capacity Planning](app-v-51-capacity-planning.md) -##### [Planning for High Availability with App-V 5.1](planning-for-high-availability-with-app-v-51.md) -##### [Planning to Deploy App-V 5.1 with an Electronic Software Distribution System](planning-to-deploy-app-v-51-with-an-electronic-software-distribution-system.md) -##### [Planning for the App-V 5.1 Server Deployment](planning-for-the-app-v-51-server-deployment.md) -##### [Planning for the App-V 5.1 Sequencer and Client Deployment](planning-for-the-app-v-51-sequencer-and-client-deployment.md) -##### [Planning for Migrating from a Previous Version of App-V](planning-for-migrating-from-a-previous-version-of-app-v51.md) -##### [Planning for Using App-V with Office 5.1](planning-for-using-app-v-with-office51.md) -##### [Planning to Use Folder Redirection with App-V 5.1](planning-to-use-folder-redirection-with-app-v51.md) -#### [App-V 5.1 Planning Checklist](app-v-51-planning-checklist.md) -### [Deploying App-V 5.1](deploying-app-v-51.md) -#### [Deploying the App-V 5.1 Sequencer and Client](deploying-the-app-v-51-sequencer-and-client.md) -##### [How to Deploy the App-V Client](how-to-deploy-the-app-v-client-51gb18030.md) -##### [About Client Configuration Settings 5.1](about-client-configuration-settings51.md) -##### [How to Deploy the App-V 4.6 and the App-V 5.1 Client on the Same Computer](how-to-deploy-the-app-v-46-and-the-app-v--51-client-on-the-same-computer.md) -##### [How to Install the App-V 5.1 Client for Shared Content Store Mode](how-to-install-the-app-v-51-client-for-shared-content-store-mode.md) -##### [How to Install the Sequencer](how-to-install-the-sequencer-51beta-gb18030.md) -##### [How to Modify App-V 5.1 Client Configuration Using the ADMX Template and Group Policy](how-to-modify-app-v-51-client-configuration-using-the-admx-template-and-group-policy.md) -##### [How to Uninstall the App-V 5.1 Client](how-to-uninstall-the-app-v-51-client.md) -#### [Deploying the App-V 5.1 Server](deploying-the-app-v-51-server.md) -##### [How to Deploy the App-V 5.1 Server](how-to-deploy-the-app-v-51-server.md) -##### [How to Deploy the App-V 5.1 Server Using a Script](how-to-deploy-the-app-v-51-server-using-a-script.md) -##### [How to Deploy the App-V Databases by Using SQL Scripts 5.1](how-to-deploy-the-app-v-databases-by-using-sql-scripts51.md) -##### [How to Install the Publishing Server on a Remote Computer](how-to-install-the-publishing-server-on-a-remote-computer51.md) -##### [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services 5.1](how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services51.md) -##### [How to install the Management Server on a Standalone Computer and Connect it to the Database 5.1](how-to-install-the-management-server-on-a-standalone-computer-and-connect-it-to-the-database51.md) -##### [About App-V 5.1 Reporting](about-app-v-51-reporting.md) -##### [How to install the Reporting Server on a Standalone Computer and Connect it to the Database 5.1](how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database51.md) -#### [App-V 5.1 Deployment Checklist](app-v-51-deployment-checklist.md) -#### [Deploying Microsoft Office 2016 by Using App-V 5.1](deploying-microsoft-office-2016-by-using-app-v51.md) -#### [Deploying Microsoft Office 2013 by Using App-V 5.1](deploying-microsoft-office-2013-by-using-app-v51.md) -#### [Deploying Microsoft Office 2010 by Using App-V 5.1](deploying-microsoft-office-2010-by-using-app-v51.md) -### [Operations for App-V 5.1](operations-for-app-v-51.md) -#### [Creating and Managing App-V 5.1 Virtualized Applications](creating-and-managing-app-v-51-virtualized-applications.md) -##### [How to Sequence a New Application with App-V 5.1](how-to-sequence-a-new-application-with-app-v-51-beta-gb18030.md) -##### [How to Modify an Existing Virtual Application Package 5.1](how-to-modify-an-existing-virtual-application-package-51.md) -##### [How to Create and Use a Project Template 5.1](how-to-create-and-use-a-project-template51.md) -##### [How to Create a Package Accelerator 5.1](how-to-create-a-package-accelerator51.md) -##### [How to Create a Virtual Application Package Using an App-V Package Accelerator 5.1](how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator51.md) -#### [Administering App-V 5.1 Virtual Applications by Using the Management Console](administering-app-v-51-virtual-applications-by-using-the-management-console.md) -##### [About App-V 5.1 Dynamic Configuration](about-app-v-51-dynamic-configuration.md) -##### [How to Connect to the Management Console 5.1](how-to-connect-to-the-management-console-51.md) -##### [How to Add or Upgrade Packages by Using the Management Console](how-to-add-or-upgrade-packages-by-using-the-management-console-51-gb18030.md) -##### [How to Configure Access to Packages by Using the Management Console 5.1](how-to-configure-access-to-packages-by-using-the-management-console-51.md) -##### [How to Publish a Package by Using the Management Console 5.1](how-to-publish-a-package-by-using-the-management-console-51.md) -##### [How to Delete a Package in the Management Console 5.1](how-to-delete-a-package-in-the-management-console-51.md) -##### [How to Add or Remove an Administrator by Using the Management Console 5.1](how-to-add-or-remove-an-administrator-by-using-the-management-console51.md) -##### [How to Register and Unregister a Publishing Server by Using the Management Console 5.1](how-to-register-and-unregister-a-publishing-server-by-using-the-management-console51.md) -##### [How to Create a Custom Configuration File by Using the App-V 5.1 Management Console](how-to-create-a-custom-configuration-file-by-using-the-app-v-51-management-console.md) -##### [How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console 5.1](how-to-transfer-access-and-configurations-to-another-version-of-a-package-by-using-the-management-console51.md) -##### [How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console 5.1](how-to-customize-virtual-applications-extensions-for-a-specific-ad-group-by-using-the-management-console51.md) -##### [Configure Applications and Default Virtual Application Extensions in Management Console](configure-applications-and-default-virtual-application-extensions-in-management-console.md) -#### [Managing Connection Groups 5.1](managing-connection-groups51.md) -##### [About the Connection Group Virtual Environment 5.1](about-the-connection-group-virtual-environment51.md) -##### [About the Connection Group File 5.1](about-the-connection-group-file51.md) -##### [How to Create a Connection Group 5.1](how-to-create-a-connection-group51.md) -##### [How to Create a Connection Group with User-Published and Globally Published Packages 5.1](how-to-create-a-connection-group-with-user-published-and-globally-published-packages51.md) -##### [How to Delete a Connection Group 5.1](how-to-delete-a-connection-group51.md) -##### [How to Publish a Connection Group 5.1](how-to-publish-a-connection-group51.md) -##### [How to Use Optional Packages in Connection Groups 5.1](how-to-use-optional-packages-in-connection-groups51.md) -##### [How to Make a Connection Group Ignore the Package Version 5.1](how-to-make-a-connection-group-ignore-the-package-version51.md) -##### [How to Allow Only Administrators to Enable Connection Groups 5.1](how-to-allow-only-administrators-to-enable-connection-groups51.md) -#### [Deploying App-V 5.1 Packages by Using Electronic Software Distribution (ESD)](deploying-app-v-51-packages-by-using-electronic-software-distribution--esd-.md) -##### [How to deploy App-V 5.1 Packages Using Electronic Software Distribution](how-to-deploy-app-v-51-packages-using-electronic-software-distribution.md) -##### [How to Enable Only Administrators to Publish Packages by Using an ESD 5.1](how-to-enable-only-administrators-to-publish-packages-by-using-an-esd51.md) -#### [Using the App-V 5.1 Client Management Console](using-the-app-v-51-client-management-console.md) -##### [How to Access the Client Management Console 5.1](how-to-access-the-client-management-console51.md) -##### [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server 5.1](how-to-configure-the-client-to-receive-package-and-connection-groups-updates-from-the-publishing-server-51.md) -#### [Migrating to App-V 5.1 from a Previous Version](migrating-to-app-v-51-from-a-previous-version.md) -##### [Check Registry Keys before installing App-V 5.x Server](check-reg-key-svr.md) -##### [How to Convert a Package Created in a Previous Version of App-V 5.1](how-to-convert-a-package-created-in-a-previous-version-of-app-v51.md) -##### [How to Migrate Extension Points From an App-V 4.6 Package to a Converted App-V 5.1 Package for All Users on a Specific Computer](how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-51-package-for-all-users-on-a-specific-computer.md) -##### [How to Migrate Extension Points From an App-V 4.6 Package to App-V 5.1 for a Specific User](how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-51-for-a-specific-user.md) -##### [How to Revert Extension Points from an App-V 5.1 Package to an App-V 4.6 Package For All Users on a Specific Computer](how-to-revert-extension-points-from-an-app-v-51-package-to-an-app-v-46-package-for-all-users-on-a-specific-computer.md) -##### [How to Revert Extension Points From an App-V 5.1 Package to an App-V 4.6 Package for a Specific User](how-to-revert-extension-points-from-an-app-v-51-package-to-an-app-v-46-package-for-a-specific-user.md) -#### [Maintaining App-V 5.1](maintaining-app-v-51.md) -##### [How to Move the App-V Server to Another Computer 5.1](how-to-move-the-app-v-server-to-another-computer51.md) -#### [Administering App-V 5.1 by Using PowerShell](administering-app-v-51-by-using-powershell.md) -##### [How to Load the PowerShell Cmdlets and Get Cmdlet Help 5.1](how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-51.md) -##### [How to Manage App-V 5.1 Packages Running on a Stand-Alone Computer by Using PowerShell](how-to-manage-app-v-51-packages-running-on-a-stand-alone-computer-by-using-powershell.md) -##### [How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell 5.1](how-to-manage-connection-groups-on-a-stand-alone-computer-by-using-powershell51.md) -##### [How to Modify Client Configuration by Using PowerShell 5.1](how-to-modify-client-configuration-by-using-powershell51.md) -##### [How to Apply the User Configuration File by Using PowerShell 5.1](how-to-apply-the-user-configuration-file-by-using-powershell51.md) -##### [How to Apply the Deployment Configuration File by Using PowerShell 5.1](how-to-apply-the-deployment-configuration-file-by-using-powershell51.md) -##### [How to Sequence a Package by Using PowerShell 5.1](how-to-sequence-a-package--by-using-powershell-51.md) -##### [How to Create a Package Accelerator by Using PowerShell 5.1](how-to-create-a-package-accelerator-by-using-powershell51.md) -##### [How to Enable Reporting on the App-V 5.1 Client by Using PowerShell](how-to-enable-reporting-on-the-app-v-51-client-by-using-powershell.md) -##### [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell 5.1](how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell51.md) -### [Troubleshooting App-V 5.1](troubleshooting-app-v-51.md) -### [Technical Reference for App-V 5.1](technical-reference-for-app-v-51.md) -#### [Performance Guidance for Application Virtualization 5.1](performance-guidance-for-application-virtualization-51.md) -#### [Application Publishing and Client Interaction 5.1](application-publishing-and-client-interaction51.md) -#### [Viewing App-V Server Publishing Metadata 5.1](viewing-app-v-server-publishing-metadata51.md) -#### [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications 5.1](running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications51.md) -## [Application Virtualization 5.0](microsoft-application-virtualization-50-administrators-guide.md) -### [Getting Started with App-V 5.0](getting-started-with-app-v-50--rtm.md) -#### [About App-V 5.0](about-app-v-50.md) -##### [What's New in App-V 5.0](whats-new-in-app-v-50.md) -##### [Release Notes for App-V 5.0](release-notes-for-app-v-50.md) -#### [About App-V 5.0 SP1](about-app-v-50-sp1.md) -##### [What's new in App-V 5.0 SP1](whats-new-in-app-v-50-sp1.md) -##### [Release Notes for App-V 5.0 SP1](release-notes-for-app-v-50-sp1.md) -#### [About App-V 5.0 SP2](about-app-v-50-sp2.md) -##### [Release Notes for App-V 5.0 SP2](release-notes-for-app-v-50-sp2.md) -#### [About App-V 5.0 SP3](about-app-v-50-sp3.md) -##### [Release Notes for App-V 5.0 SP3](release-notes-for-app-v-50-sp3.md) -#### [Evaluating App-V 5.0](evaluating-app-v-50.md) -#### [High Level Architecture for App-V 5.0](high-level-architecture-for-app-v-50.md) -#### [Accessibility for App-V 5.0](accessibility-for-app-v-50.md) -### [Planning for App-V 5.0](planning-for-app-v-50-rc.md) -#### [Preparing Your Environment for App-V 5.0](preparing-your-environment-for-app-v-50.md) -##### [App-V 5.0 Prerequisites](app-v-50-prerequisites.md) -##### [App-V 5.0 SP3 Prerequisites](app-v-50-sp3-prerequisites.md) -##### [App-V 5.0 Security Considerations](app-v-50-security-considerations.md) -#### [Planning to Deploy App-V](planning-to-deploy-app-v.md) -##### [App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md) -##### [App-V 5.0 SP3 Supported Configurations](app-v-50-sp3-supported-configurations.md) -##### [App-V 5.0 Capacity Planning](app-v-50-capacity-planning.md) -##### [Planning for High Availability with App-V 5.0](planning-for-high-availability-with-app-v-50.md) -##### [Planning to Deploy App-V 5.0 with an Electronic Software Distribution System](planning-to-deploy-app-v-50-with-an-electronic-software-distribution-system.md) -##### [Planning for the App-V 5.0 Server Deployment](planning-for-the-app-v-50-server-deployment.md) -##### [Planning for the App-V 5.0 Sequencer and Client Deployment](planning-for-the-app-v-50-sequencer-and-client-deployment.md) -##### [Planning for Migrating from a Previous Version of App-V](planning-for-migrating-from-a-previous-version-of-app-v.md) -##### [Planning for Using App-V with Office](planning-for-using-app-v-with-office.md) -##### [Planning to Use Folder Redirection with App-V](planning-to-use-folder-redirection-with-app-v.md) -#### [App-V 5.0 Planning Checklist](app-v-50-planning-checklist.md) -### [Deploying App-V 5.0](deploying-app-v-50.md) -#### [Deploying the App-V 5.0 Sequencer and Client](deploying-the-app-v-50-sequencer-and-client.md) -##### [How to Deploy the App-V Client](how-to-deploy-the-app-v-client-gb18030.md) -##### [About Client Configuration Settings](about-client-configuration-settings.md) -##### [How to Deploy the App-V 4.6 and the App-V 5.0 Client on the Same Computer](how-to-deploy-the-app-v-46-and-the-app-v--50-client-on-the-same-computer.md) -##### [How to Install the App-V 5.0 Client for Shared Content Store Mode](how-to-install-the-app-v-50-client-for-shared-content-store-mode.md) -##### [How to Install the Sequencer](how-to-install-the-sequencer-beta-gb18030.md) -##### [How to Modify App-V 5.0 Client Configuration Using the ADMX Template and Group Policy](how-to-modify-app-v-50-client-configuration-using-the-admx-template-and-group-policy.md) -##### [How to Uninstall the App-V 5.0 Client](how-to-uninstall-the-app-v-50-client.md) -#### [Deploying the App-V 5.0 Server](deploying-the-app-v-50-server.md) -##### [How to Deploy the App-V 5.0 Server](how-to-deploy-the-app-v-50-server-50sp3.md) -##### [How to Deploy the App-V 5.0 Server Using a Script](how-to-deploy-the-app-v-50-server-using-a-script.md) -##### [How to Deploy the App-V Databases by Using SQL Scripts](how-to-deploy-the-app-v-databases-by-using-sql-scripts.md) -##### [How to Install the Publishing Server on a Remote Computer](how-to-install-the-publishing-server-on-a-remote-computer.md) -##### [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services.md) -##### [How to install the Management Server on a Standalone Computer and Connect it to the Database](how-to-install-the-management-server-on-a-standalone-computer-and-connect-it-to-the-database.md) -##### [About App-V 5.0 Reporting](about-app-v-50-reporting.md) -##### [How to install the Reporting Server on a Standalone Computer and Connect it to the Database](how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database.md) -#### [App-V 5.0 Deployment Checklist](app-v-50-deployment-checklist.md) -#### [Deploying Microsoft Office 2016 by Using App-V](deploying-microsoft-office-2016-by-using-app-v.md) -#### [Deploying Microsoft Office 2013 by Using App-V](deploying-microsoft-office-2013-by-using-app-v.md) -#### [Deploying Microsoft Office 2010 by Using App-V](deploying-microsoft-office-2010-by-using-app-v.md) -### [Operations for App-V 5.0](operations-for-app-v-50.md) -#### [Creating and Managing App-V 5.0 Virtualized Applications](creating-and-managing-app-v-50-virtualized-applications.md) -##### [How to Sequence a New Application with App-V 5.0](how-to-sequence-a-new-application-with-app-v-50-beta-gb18030.md) -##### [How to Modify an Existing Virtual Application Package](how-to-modify-an-existing-virtual-application-package-beta.md) -##### [How to Create and Use a Project Template](how-to-create-and-use-a-project-template.md) -##### [How to Create a Package Accelerator](how-to-create-a-package-accelerator.md) -##### [How to Create a Virtual Application Package Using an App-V Package Accelerator](how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator.md) -#### [Administering App-V 5.0 Virtual Applications by Using the Management Console](administering-app-v-50-virtual-applications-by-using-the-management-console.md) -##### [About App-V 5.0 Dynamic Configuration](about-app-v-50-dynamic-configuration.md) -##### [How to Connect to the Management Console](how-to-connect-to-the-management-console-beta.md) -##### [How to Add or Upgrade Packages by Using the Management Console](how-to-add-or-upgrade-packages-by-using-the-management-console-beta-gb18030.md) -##### [How to Configure Access to Packages by Using the Management Console](how-to-configure-access-to-packages-by-using-the-management-console-50.md) -##### [How to Publish a Package by Using the Management Console](how-to-publish-a-package-by-using-the-management-console-50.md) -##### [How to Delete a Package in the Management Console](how-to-delete-a-package-in-the-management-console-beta.md) -##### [How to Add or Remove an Administrator by Using the Management Console](how-to-add-or-remove-an-administrator-by-using-the-management-console.md) -##### [How to Register and Unregister a Publishing Server by Using the Management Console](how-to-register-and-unregister-a-publishing-server-by-using-the-management-console.md) -##### [How to Create a Custom Configuration File by Using the App-V 5.0 Management Console](how-to-create-a-custom-configuration-file-by-using-the-app-v-50-management-console.md) -##### [How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console](how-to-transfer-access-and-configurations-to-another-version-of-a-package-by-using-the-management-console.md) -##### [How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console](how-to-customize-virtual-applications-extensions-for-a-specific-ad-group-by-using-the-management-console.md) -##### [How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console](how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-beta.md) -#### [Managing Connection Groups](managing-connection-groups.md) -##### [About the Connection Group Virtual Environment](about-the-connection-group-virtual-environment.md) -##### [About the Connection Group File](about-the-connection-group-file.md) -##### [How to Create a Connection Group](how-to-create-a-connection-group.md) -##### [How to Create a Connection Group with User-Published and Globally Published Packages](how-to-create-a-connection-group-with-user-published-and-globally-published-packages.md) -##### [How to Delete a Connection Group](how-to-delete-a-connection-group.md) -##### [How to Publish a Connection Group](how-to-publish-a-connection-group.md) -##### [How to Use Optional Packages in Connection Groups](how-to-use-optional-packages-in-connection-groups.md) -##### [How to Make a Connection Group Ignore the Package Version](how-to-make-a-connection-group-ignore-the-package-version.md) -##### [How to Allow Only Administrators to Enable Connection Groups](how-to-allow-only-administrators-to-enable-connection-groups.md) -#### [Deploying App-V 5.0 Packages by Using Electronic Software Distribution (ESD)](deploying-app-v-50-packages-by-using-electronic-software-distribution--esd-.md) -##### [How to deploy App-V 5.0 Packages Using Electronic Software Distribution](how-to-deploy-app-v-50-packages-using-electronic-software-distribution.md) -##### [How to Enable Only Administrators to Publish Packages by Using an ESD](how-to-enable-only-administrators-to-publish-packages-by-using-an-esd.md) -#### [Using the App-V 5.0 Client Management Console](using-the-app-v-50-client-management-console.md) -##### [How to Access the Client Management Console](how-to-access-the-client-management-console.md) -##### [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](how-to-configure-the-client-to-receive-package-and-connection-groups-updates-from-the-publishing-server-beta.md) -#### [Migrating from a Previous Version](migrating-from-a-previous-version-app-v-50.md) -##### [How to Convert a Package Created in a Previous Version of App-V](how-to-convert-a-package-created-in-a-previous-version-of-app-v.md) -##### [How to Migrate Extension Points From an App-V 4.6 Package to a Converted App-V 5.0 Package for All Users on a Specific Computer](how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-50-package-for-all-users-on-a-specific-computer.md) -##### [How to Migrate Extension Points From an App-V 4.6 Package to App-V 5.0 for a Specific User](how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-50-for-a-specific-user.md) -##### [How to Revert Extension Points from an App-V 5.0 Package to an App-V 4.6 Package For All Users on a Specific Computer](how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-all-users-on-a-specific-computer.md) -##### [How to Revert Extension Points From an App-V 5.0 Package to an App-V 4.6 Package for a Specific User](how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md) -#### [Maintaining App-V 5.0](maintaining-app-v-50.md) -##### [How to Move the App-V Server to Another Computer](how-to-move-the-app-v-server-to-another-computer.md) -#### [Administering App-V by Using PowerShell](administering-app-v-by-using-powershell.md) -##### [How to Load the PowerShell Cmdlets and Get Cmdlet Help](how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-50-sp3.md) -##### [How to Manage App-V 5.0 Packages Running on a Stand-Alone Computer by Using PowerShell](how-to-manage-app-v-50-packages-running-on-a-stand-alone-computer-by-using-powershell.md) -##### [How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell](how-to-manage-connection-groups-on-a-stand-alone-computer-by-using-powershell.md) -##### [How to Modify Client Configuration by Using PowerShell](how-to-modify-client-configuration-by-using-powershell.md) -##### [How to Apply the User Configuration File by Using PowerShell](how-to-apply-the-user-configuration-file-by-using-powershell.md) -##### [How to Apply the Deployment Configuration File by Using PowerShell](how-to-apply-the-deployment-configuration-file-by-using-powershell.md) -##### [How to Sequence a Package by Using PowerShell](how-to-sequence-a-package--by-using-powershell-50.md) -##### [How to Create a Package Accelerator by Using PowerShell](how-to-create-a-package-accelerator-by-using-powershell.md) -##### [How to Enable Reporting on the App-V 5.0 Client by Using PowerShell](how-to-enable-reporting-on-the-app-v-50-client-by-using-powershell.md) -##### [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell](how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell.md) -### [Troubleshooting App-V 5.0](troubleshooting-app-v-50.md) -### [Technical Reference for App-V 5.0](technical-reference-for-app-v-50.md) -#### [Performance Guidance for Application Virtualization 5.0](performance-guidance-for-application-virtualization-50.md) -#### [Application Publishing and Client Interaction](application-publishing-and-client-interaction.md) -#### [Viewing App-V Server Publishing Metadata](viewing-app-v-server-publishing-metadata.md) -#### [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications.md) - diff --git a/mdop/appv-v5/about-app-v-50-dynamic-configuration.md b/mdop/appv-v5/about-app-v-50-dynamic-configuration.md deleted file mode 100644 index 03301519d2..0000000000 --- a/mdop/appv-v5/about-app-v-50-dynamic-configuration.md +++ /dev/null @@ -1,889 +0,0 @@ ---- -title: About App-V 5.0 Dynamic Configuration -description: About App-V 5.0 Dynamic Configuration -author: dansimp -ms.assetid: 88afaca1-68c5-45c4-a074-9371c56b5804 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About App-V 5.0 Dynamic Configuration - - -You can use the dynamic configuration to customize an App-V 5.0 package for a user. Use the following information to create or edit an existing dynamic configuration file. - -When you edit the dynamic configuration file it customizes how an App-V 5.0 package will run for a user or group. This helps to provide a more convenient method for package customization by removing the need to re-sequence packages using the desired settings, and provides a way to keep package content and custom settings independent. - -## Advanced: Dynamic Configuration - - -Virtual application packages contain a manifest that provides all the core information for the package. This information includes the defaults for the package settings and determines settings in the most basic form (with no additional customization). If you want to adjust these defaults for a particular user or group, you can create and edit the following files: - -- User Configuration file - -- Deployment configuration file - -The previous .xml files specify package settings and allow for packages to be customized without directly affecting the packages. When a package is created, the sequencer automatically generates default deployment and user configuration .xml files using the package manifest data. Therefore, these automatically generated configuration files simply reflect the default settings that the package innately as from how things were configured during sequencing. If you apply these configuration files to a package in the form generated by the sequencer, the packages will have the same default settings that came from their manifest. This provides you with a package-specific template to get started if any of the defaults must be changed. - -**Note**   -The following information can only be used to modify sequencer generated configuration files to customize packages to meet specific user or group requirements. - - - -### Dynamic Configuration file contents - -All of the additions, deletions, and updates in the configuration files need to be made in relation to the default values specified by the package's manifest information. Review the following table: - - --- - - - - - - - - - - - -

User Configuration .xml file

Deployment Configuration .xml file

Package Manifest

- - - -The previous table represents how the files will be read. The first entry represents what will be read last, therefore, its content takes precedence. Therefore, all packages inherently contain and provide default settings from the package manifest. If a deployment configuration .xml file with customized settings is applied, it will override the package manifest defaults. If a user configuration .xml file with customized settings is applied prior to that, it will override both the deployment configuration and the package manifest defaults. - -The following list displays more information about the two file types: - -- **User Configuration File (UserConfig)** – Allows you to specify or modify custom settings for a package. These settings will be applied for a specific user when the package is deployed to a computer running the App-V 5.0 client. - -- **Deployment Configuration File (DeploymentConfig)** – Allows you to specify or modify the default settings for a package. These settings will be applied for all users when a package is deployed to a computer running the App-V 5.0 client. - -To customize the settings for a package for a specific set of users on a computer or to make changes that will be applied to local user locations such as HKCU, the UserConfig file should be used. To modify the default settings of a package for all users on a machine or to make changes that will be applied to global locations such as HKEY\_LOCAL\_MACHINE and the all users folder, the DeploymentConfig file should be used. - -The UserConfig file provides configuration settings that can be applied to a single user without affecting any other users on a client: - -- Extensions that will be integrated into the native system per user:- shortcuts, File-Type associations, URL Protocols, AppPaths, Software Clients and COM - -- Virtual Subsystems:- Application Objects, Environment variables, Registry modifications, Services and Fonts - -- Scripts (User context only) - -- Managing Authority (for controlling co-existence of package with App-V 4.6) - -The DeploymentConfig file provides configuration settings in two sections, one relative to the machine context and one relative to the user context providing the same capabilities listed in the UserConfig list above: - -- All UserConfig settings above - -- Extensions that can only be applied globally for all users - -- Virtual Subsystems that can be configured for global machine locations e.g. registry - -- Product Source URL - -- Scripts (Machine context only) - -- Controls to Terminate Child Processes - -### File structure - -The structure of the App-V 5.0 Dynamic Configuration file is explained in the following section. - -### Dynamic User Configuration file - -**Header** - the header of a dynamic user configuration file is as follows: - -<?xml version="1.0" encoding="utf-8"?><UserConfiguration **PackageId**="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns="; - -The **PackageId** is the same value as exists in the Manifest file. - -**Body** - the body of the Dynamic User Configuration file can include all the app extension points that are defined in the Manifest file, as well as information to configure virtual applications. There are four subsections allowed in the body: - -1. **Applications** - All app-extensions that are contained in the Manifest file within a package are assigned with an Application ID, which is also defined in the manifest file. This allows you to enable or disable all the extensions for a given application within a package. The **Application ID** must exist in the Manifest file or it will be ignored. - - <UserConfiguration **PackageId**="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns="; - - <Applications> - - <!-- No new application can be defined in policy. AppV Client will ignore any application ID that is not also in the Manifest file --> - - <Application Id="{a56fa627-c35f-4a01-9e79-7d36aed8225a}" Enabled="false"> - - </Application> - - </Applications> - - … - - </UserConfiguration> - -2. **Subsystems** - AppExtensions and other subsystems are arranged as subnodes under the <Subsystems>: - - <UserConfiguration **PackageId**="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns="; - - <Subsystems> - - .. - - </Subsystems> - - .. - - </UserConfiguration> - - Each subsystem can be enabled/disabled using the “**Enabled**” attribute. Below are the various subsystems and usage samples. - - **Extensions:** - - Some subsystems (Extension Subsystems) control Extensions. Those subsystems are:- shortcuts, File-Type associations, URL Protocols, AppPaths, Software Clients and COM - - Extension Subsystems can be enabled and disabled independently of the content. Thus if Shortcuts are enabled, The client will use the shortcuts contained within the manifest by default. Each Extension Subsystem can contain an <Extensions> node. If this child element is present, the client will ignore the content in the Manifest file for that subsystem and only use the content in the configuration file. - - Example using the shortcuts subsystem: - - 1. If the user defined this in either the dynamic or deployment config file: - - **<Shortcuts Enabled="true">** - - **<Extensions>** - - ... - - **</Extensions>** - - **</Shortcuts>** - - Content in the manifest will be ignored. - - 2. If the user defined only the following: - - **<Shortcuts Enabled="true"/>** - - Then the content in the Manifest will be integrated during publishing. - - 3. If the user defines the following - - **<Shortcuts Enabled="true">** - - **<Extensions/>** - - **</Shortcuts>** - - Then all the shortcuts within the manifest will still be ignored. There will be no shortcuts integrated. - - The supported Extension Subsystems are: - - **Shortcuts:** This controls shortcuts that will be integrated into the local system. Below is a sample with 2 shortcuts: - - <Subsystems> - - <Shortcuts Enabled="true"> - - <Extensions> - - <Extension Category="AppV.Shortcut"> - - <Shortcut> - - <File>\[{Common Programs}\]\\Microsoft Contoso\\Microsoft ContosoApp Filler 2010.lnk</File> - - <Target>\[{PackageRoot}\]\\Contoso\\ContosoApp.EXE</Target> - - <Icon>\[{Windows}\]\\Installer\\{90140000-0011-0000-0000-0000000FF1CE}\\inficon.exe</Icon> - - <Arguments /> - - <WorkingDirectory /> - - <AppUserModelId>ContosoApp.Filler.3</AppUserModelId> - - <Description>Fill out dynamic forms to gather and reuse information throughout the organization using Microsoft ContosoApp.</Description> - - <Hotkey>0</Hotkey> - - <ShowCommand>1</ShowCommand> - - <ApplicationId>\[{PackageRoot}\]\\Contoso\\ContosoApp.EXE</ApplicationId> - - </Shortcut> - - </Extension> - - <Extension Category="AppV.Shortcut"> - - <Shortcut> - - <File>\[{AppData}\]\\Microsoft\\Contoso\\Recent\\Templates.LNK</File> - - <Target>\[{AppData}\]\\Microsoft\\Templates</Target> - - <Icon /> - - <Arguments /> - - <WorkingDirectory /> - - <AppUserModelId /> - - <Description /> - - <Hotkey>0</Hotkey> - - <ShowCommand>1</ShowCommand> - - <!-- Note the ApplicationId is optional --> - - </Shortcut> - - </Extension> - - </Extensions> - - </Shortcuts> - - **File-Type Associations:** Associates File-types with programs to open by default as well as setup the context menu. (MIME types can also be setup using this susbsystem). Sample File-type Association is below: - - <FileTypeAssociations Enabled="true"> - - <Extensions> - - <Extension Category="AppV.FileTypeAssociation"> - - <FileTypeAssociation> - - <FileExtension MimeAssociation="true"> - - <Name>.docm</Name> - - <ProgId>contosowordpad.DocumentMacroEnabled.12</ProgId> - - <PerceivedType>document</PerceivedType> - - <ContentType>application/vnd.ms-contosowordpad.document.macroEnabled.12</ContentType> - - <OpenWithList> - - <ApplicationName>wincontosowordpad.exe</ApplicationName> - - </OpenWithList> - - <OpenWithProgIds> - - <ProgId>contosowordpad.8</ProgId> - - </OpenWithProgIds> - - <ShellNew> - - <Command /> - - <DataBinary /> - - <DataText /> - - <FileName /> - - <NullFile>true</NullFile> - - <ItemName /> - - <IconPath /> - - <MenuText /> - - <Handler /> - - </ShellNew> - - </FileExtension> - - <ProgId> - - <Name>contosowordpad.DocumentMacroEnabled.12</Name> - - <DefaultIcon>\[{Windows}\]\\Installer\\{90140000-0011-0000-0000-0000000FF1CE}\\contosowordpadicon.exe,15</DefaultIcon> - - <Description>Blah Blah Blah</Description> - - <FriendlyTypeName>\[{FOLDERID\_ProgramFilesX86}\]\\Microsoft Contoso 14\\res.dll,9182</FriendlyTypeName> - - <InfoTip>\[{FOLDERID\_ProgramFilesX86}\]\\Microsoft Contoso 14\\res.dll,1424</InfoTip> - - <EditFlags>0</EditFlags> - - <ShellCommands> - - <DefaultCommand>Open</DefaultCommand> - - <ShellCommand> - - <ApplicationId>{e56fa627-c35f-4a01-9e79-7d36aed8225a}</ApplicationId> - - <Name>Edit</Name> - - <FriendlyName>&Edit</FriendlyName> - - <CommandLine>"\[{PackageRoot}\]\\Contoso\\WINcontosowordpad.EXE" /vu "%1"</CommandLine> - - </ShellCommand> - - </ShellCommand> - - <ApplicationId>{e56fa627-c35f-4a01-9e79-7d36aed8225a}</ApplicationId> - - <Name>Open</Name> - - <FriendlyName>&Open</FriendlyName> - - <CommandLine>"\[{PackageRoot}\]\\Contoso\\WINcontosowordpad.EXE" /n "%1"</CommandLine> - - <DropTargetClassId /> - - <DdeExec> - - <Application>mscontosowordpad</Application> - - <Topic>ShellSystem</Topic> - - <IfExec>\[SHELLNOOP\]</IfExec> - - <DdeCommand>\[SetForeground\]\[ShellNewDatabase "%1"\]</DdeCommand> - - </DdeExec> - - </ShellCommand> - - </ShellCommands> - - </ProgId> - - </FileTypeAssociation> - - </Extension> - - </Extensions> - - </FileTypeAssociations> - - **URL Protocols**: This controls the URL Protocols that are integrated into the local registry of the client machine e.g. “mailto:”. - - <URLProtocols Enabled="true"> - - <Extensions> - - <Extension Category="AppV.URLProtocol"> - - <URLProtocol> - - <Name>mailto</Name> - - <ApplicationURLProtocol> - - <DefaultIcon>\[{ProgramFilesX86}\]\\Microsoft Contoso\\Contoso\\contosomail.EXE,-9403</DefaultIcon> - - <EditFlags>2</EditFlags> - - <Description /> - - <AppUserModelId /> - - <FriendlyTypeName /> - - <InfoTip /> - - <SourceFilter /> - - <ShellFolder /> - - <WebNavigableCLSID /> - - <ExplorerFlags>2</ExplorerFlags> - - <CLSID /> - - <ShellCommands> - - <DefaultCommand>open</DefaultCommand> - - <ShellCommand> - - <ApplicationId>\[{ProgramFilesX86}\]\\Microsoft Contoso\\Contoso\\contosomail.EXE</ApplicationId> - - <Name>open</Name> - - <CommandLine>\[{ProgramFilesX86}\\Microsoft Contoso\\Contoso\\contosomail.EXE" -c OEP.Note /m "%1"</CommandLine> - - <DropTargetClassId /> - - <FriendlyName /> - - <Extended>0</Extended> - - <LegacyDisable>0</LegacyDisable> - - <SuppressionPolicy>2</SuppressionPolicy> - - <DdeExec> - - <NoActivateHandler /> - - <Application>contosomail</Application> - - <Topic>ShellSystem</Topic> - - <IfExec>\[SHELLNOOP\]</IfExec> - - <DdeCommand>\[SetForeground\]\[ShellNewDatabase "%1"\]</DdeCommand> - - </DdeExec> - - </ShellCommand> - - </ShellCommands> - - </ApplicationURLProtocol> - - </URLProtocol> - - </Extension> - - </Extension> - - </URLProtocols> - - **Software Clients**: Allows the app to register as an Email client, news reader, media player and makes the app visible in the Set Program Access and Computer Defaults UI. In most cases you should only need to enable and disable it. There is also a control to enable and disable the email client specifically if you want the other clients still enabled except for that client. - - <SoftwareClients Enabled="true"> - - <ClientConfiguration EmailEnabled="false" /> - - </SoftwareClients> - - AppPaths:- If an application for example contoso.exe is registered with an apppath name of “myapp”, it allows you type “myapp” under the run menu and it will open contoso.exe. - - <AppPaths Enabled="true"> - - <Extensions> - - <Extension Category="AppV.AppPath"> - - <AppPath> - - <ApplicationId>\[{ProgramFilesX86}\]\\Microsoft Contoso\\Contoso\\contosomail.EXE</ApplicationId> - - <Name>contosomail.exe</Name> - - <ApplicationPath>\[{ProgramFilesX86}\]\\Microsoft Contoso\\Contoso\\contosomail.EXE</ApplicationPath> - - <PATHEnvironmentVariablePrefix /> - - <CanAcceptUrl>false</CanAcceptUrl> - - <SaveUrl /> - - </AppPath> - - </Extension> - - </Extensions> - - </AppPaths> - - **COM**: Allows an Application register Local COM servers. Mode can be Integration, Isolated or Off. When Isol. - - <COM Mode="Isolated"/> - - **Other Settings**: - - In addition to Extensions, other subsystems can be enabled/disabled and edited: - - **Virtual Kernel Objects**: - - <Objects Enabled="false" /> - - **Virtual Registry**: Used if you want to set a registry in the Virtual Registry within HKCU - - <Registry Enabled="true"> - - <Include> - - <Key Path="\\REGISTRY\\USER\\\[{AppVCurrentUserSID}\]\\Software\\ABC"> - - <Value Type="REG\_SZ" Name="Bar" Data="NewValue" /> - - </Key> - - <Key Path="\\REGISTRY\\USER\\\[{AppVCurrentUserSID}\]\\Software\\EmptyKey" /> - - </Include> - - <Delete> - - </Registry> - - **Virtual File System** - - <FileSystem Enabled="true" /> - - **Virtual Fonts** - - <Fonts Enabled="false" /> - - **Virtual Environment Variables** - - <EnvironmentVariables Enabled="true"> - - <Include> - - <Variable Name="UserPath" Value="%path%;%UserProfile%" /> - - <Variable Name="UserLib" Value="%UserProfile%\\ABC" /> - - </Include> - - <Delete> - - <Variable Name="lib" /> - - </Delete> - - </EnvironmentVariables> - - **Virtual services** - - <Services Enabled="false" /> - -3. **UserScripts** – Scripts can be used to setup or alter the virtual environment as well as execute scripts at time of deployment or removal, before an application executes, or they can be used to “clean up” the environment after the application terminates. Please reference a sample User configuration file that is output by the sequencer to see a sample script. The Scripts section below provides more information on the various triggers that can be used. - -4. **ManagingAuthority** – Can be used when 2 versions of your package are co-existing on the same machine, one deployed to App-V 4.6 and the other deployed on App-V 5.0. To Allow App-V vNext to take over App-V 4.6 extension points for the named package enter the following in the UserConfig file (where PackageName is the Package GUID in App-V 4.6: - - <ManagingAuthority TakeoverExtensionPointsFrom46="true" PackageName="032630c0-b8e2-417c-acef-76fc5297fe81" /> - -### Dynamic Deployment Configuration file - -**Header** - The header of a Deployment Configuration file is as follows: - -<?xml version="1.0" encoding="utf-8"?><DeploymentConfiguration **PackageId**="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns="; - -The **PackageId** is the same value as exists in the manifest file. - -**Body** - The body of the deployment configuration file includes two sections: - -- User Configuration section –allows the same content as the User Configuration file described in the previous section. When the package is published to a user, any appextensions configuration settings in this section will override corresponding settings in the Manifest within the package unless a user configuration file is also provided. If a UserConfig file is also provided, it will be used instead of the User settings in the deployment configuration file. If the package is published globally, then only the contents of the deployment configuration file will be used in combination with the manifest. - -- Machine Configuration section–contains information that can be configured only for an entire machine, not for a specific user on the machine. For example, HKEY\_LOCAL\_MACHINE registry keys in the VFS. - -<DeploymentConfiguration **PackageId**="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns="; - -<UserConfiguration> - - .. - -</UserConfiguration> - -<MachineConfiguration> - -.. - -</MachineConfiguration> - -.. - -</MachineConfiguration> - -</DeploymentConfiguration> - -**User Configuration** - use the previous **Dynamic User Configuration file** section for information on settings that are provided in the user configuration section of the Deployment Configuration file. - -Machine Configuration - the Machine configuration section of the Deployment Configuration File is used to configure information that can be set only for an entire machine, not for a specific user on the computer. For example, HKEY\_LOCAL\_MACHINE registry keys in the Virtual Registry. There are four subsections allowed in under this element - -1. **Subsystems** - AppExtensions and other subsystems are arranged as subnodes under <Subsystems>: - - <MachineConfiguration> - - <Subsystems> - - .. - - </Subsystems> - - .. - - </MachineConfiguration> - - The following section displays the various subsystems and usage samples. - - **Extensions**: - - Some subsystems (Extension Subsystems) control Extensions which can only apply to all users. The subsystem is application capabilities. Because this can only apply to all users, the package must be published globally in order for this type of extension to be integrated into the local system. The same rules for controls and settings that apply to the Extensions in the User Configuration also apply to those in the MachineConfiguration section. - - **Application Capabilities**: Used by default programs in windows operating system Interface. Allows an application to register itself as capable of opening certain file extensions, as a contender for the start menu internet browser slot, as capable of opening certain windows MIME types.  This extension also makes the virtual application visible in the Set Default Programs UI.: - - <ApplicationCapabilities Enabled="true"> - - <Extensions> - - <Extension Category="AppV.ApplicationCapabilities"> - - <ApplicationCapabilities> - - <ApplicationId>\[{PackageRoot}\]\\LitView\\LitViewBrowser.exe</ApplicationId> - - <Reference> - - <Name>LitView Browser</Name> - - <Path>SOFTWARE\\LitView\\Browser\\Capabilities</Path> - - </Reference> - - <CapabilityGroup> - - <Capabilities> - - <Name>@\[{ProgramFilesX86}\]\\LitView\\LitViewBrowser.exe,-12345</Name> - - <Description>@\[{ProgramFilesX86}\]\\LitView\\LitViewBrowser.exe,-12346</Description> - - <Hidden>0</Hidden> - - <EMailSoftwareClient>Lit View E-Mail Client</EMailSoftwareClient> - - <FileAssociationList> - - <FileAssociation Extension=".htm" ProgID="LitViewHTML" /> - - <FileAssociation Extension=".html" ProgID="LitViewHTML" /> - - <FileAssociation Extension=".shtml" ProgID="LitViewHTML" /> - - </FileAssociationList> - - <MIMEAssociationList> - - <MIMEAssociation Type="audio/mp3" ProgID="LitViewHTML" /> - - <MIMEAssociation Type="audio/mpeg" ProgID="LitViewHTML" /> - - </MIMEAssociationList> - - <URLAssociationList> - - <URLAssociation Scheme="http" ProgID="LitViewHTML.URL.http" /> - - </URLAssociationList> - - </Capabilities> - - </CapabilityGroup> - - </ApplicationCapabilities> - - </Extension> - - </Extensions> - - </ApplicationCapabilities> - - **Other Settings**: - - In addition to Extensions, other subsystems can be edited: - - **Machine Wide Virtual Registry**: Used when you want to set a registry key in the virtual registry within HKEY\_Local\_Machine - - <Registry> - - <Include> - - <Key Path="\\REGISTRY\\Machine\\Software\\ABC"> - - <Value Type="REG\_SZ" Name="Bar" Data="Baz" /> - - </Key> - - <Key Path="\\REGISTRY\\Machine\\Software\\EmptyKey" /> - - </Include> - - <Delete> - - </Registry> - - **Machine Wide Virtual Kernel Objects** - - <Objects> - - <NotIsolate> - - <Object Name="testObject" /> - - </NotIsolate> - - </Objects> - -2. **ProductSourceURLOptOut**: Indicates whether the URL for the package can be modified globally through PackageSourceRoot (to support branch office scenarios). Default is false and the setting change takes effect on the next launch.   - - <MachineConfiguration> - - ..  - - <ProductSourceURLOptOut Enabled="true" /> - - .. - - </MachineConfiguration> - -3. **MachineScripts** – Package can be configured to execute scripts at time of deployment, publishing or removal. Please reference a sample deployment configuration file that is generated by the sequencer to see a sample script. The Scripts section below provides more information on the various triggers that can be used - -4. **TerminateChildProcess**:- An application executable can be specified, whose child processes will be terminated when the application exe process is terminated. - - <MachineConfiguration> - - ..    - - <TerminateChildProcesses> - - <Application Path="\[{PackageRoot}\]\\Contoso\\ContosoApp.EXE" /> - - <Application Path="\[{PackageRoot}\]\\LitView\\LitViewBrowser.exe" /> - - <Application Path="\[{ProgramFilesX86}\]\\Microsoft Contoso\\Contoso\\contosomail.EXE" /> - - </TerminateChildProcesses> - - .. - - </MachineConfiguration> - -### Scripts - -The following table describes the various script events and the context under which they can be run. - - -------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Script Execution TimeCan be specified in Deployment ConfigurationCan be specified in User ConfigurationCan run in the Virtual Environment of the packageCan be run in the context of a specific applicationRuns in system/user context: (Deployment Configuration, User Configuration)

AddPackage

X

(SYSTEM, N/A)

PublishPackage

X

X

(SYSTEM, User)

UnpublishPackage

X

X

(SYSTEM, User)

RemovePackage

X

(SYSTEM, N/A)

StartProcess

X

X

X

X

(User, User)

ExitProcess

X

X

X

(User, User)

StartVirtualEnvironment

X

X

X

(User, User)

TerminateVirtualEnvironment

X

X

(User, User)

- - - -### Create a Dynamic Configuration file using an App-V 5.0 Manifest file - -You can create the Dynamic Configuration file using one of three methods: either manually, using the App-V 5.0 Management Console or sequencing a package, which will be generated with 2 sample files. - -For more information about how to create the file using the App-V 5.0 Management Console see, [How to Create a Custom Configuration File by Using the App-V 5.0 Management Console](how-to-create-a-custom-configuration-file-by-using-the-app-v-50-management-console.md). - -To create the file manually, the information above in previous sections can be combined into a single file. We recommend you use files generated by the sequencer. - - - - - - -## Related topics - - -[How to Apply the Deployment Configuration File by Using PowerShell](how-to-apply-the-deployment-configuration-file-by-using-powershell.md) - -[How to Apply the User Configuration File by Using PowerShell](how-to-apply-the-user-configuration-file-by-using-powershell.md) - -[Operations for App-V 5.0](operations-for-app-v-50.md) - - - - - - - - - diff --git a/mdop/appv-v5/about-app-v-50-reporting.md b/mdop/appv-v5/about-app-v-50-reporting.md deleted file mode 100644 index f5bce3e29a..0000000000 --- a/mdop/appv-v5/about-app-v-50-reporting.md +++ /dev/null @@ -1,327 +0,0 @@ ---- -title: About App-V 5.0 Reporting -description: About App-V 5.0 Reporting -author: dansimp -ms.assetid: 27c33dda-f017-41e3-8a78-1b681543ec4f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# About App-V 5.0 Reporting - - -Microsoft Application Virtualization (App-V) 5.0 includes a built-in reporting feature that helps you collect information about computers running the App-V 5.0 client as well as information about virtual application package usage. You can use this information to generate reports from a centralized database. - -## App-V 5.0 Reporting Overview - - -The following list displays the end–to-end high-level workflow for reporting in App-V 5.0. - -1. The Microsoft Application Virtualization (App-V) 5.0 Reporting server has the following prerequisites: - - - Internet Information Service (IIS) web server role - - - Windows Authentication role (under **IIS / Security**) - - - SQL Server installed and running with SQL Server Reporting Services (SSRS) - - To confirm SQL Server Reporting Services is running, view `http://localhost/Reports` in a web browser as administrator on the server that will host App-V 5.0 Reporting. The SQL Server Reporting Services Home page should display. - -2. Install the App-V 5.0 reporting server and associated database. For more information about installing the reporting server see [How to install the Reporting Server on a Standalone Computer and Connect it to the Database](how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database.md). Configure the time when the computer running the App-V 5.0 client should send data to the reporting server. - -3. If you are not using an electronic software distribution system such as Configuration Manager to view reports then you can define reports in SQL Server Reporting Service. Download predefined appvshort Reports from the Download Center at . - - **Note**   - If you are using the Configuration Manager integration with App-V 5.0, most reports are generated from Configuration Manager rather than from App-V 5.0. - - - -4. After importing the App-V 5.0 PowerShell module using `Import-Module AppvClient` as administrator, enable the App-V 5.0 client. This sample PowerShell cmdlet enables App-V 5.0 reporting: - - ``` syntax - Set-AppvClientConfiguration –reportingserverurl : -reportingenabled 1 – ReportingStartTime <0-23> - ReportingRandomDelay <#min> - ``` - - To immediately send App-V 5.0 report data, run `Send-AppvClientReport` on the App-V 5.0 client. - - For more information about installing the App-V 5.0 client with reporting enabled see [About Client Configuration Settings](about-client-configuration-settings.md). To administer App-V 5.0 Reporting with Windows PowerShell, see [How to Enable Reporting on the App-V 5.0 Client by Using PowerShell](how-to-enable-reporting-on-the-app-v-50-client-by-using-powershell.md). - -5. After the reporting server receives the data from the App-V 5.0 client it sends the data to the reporting database. When the database receives and processes the client data, a successful reply is sent to the reporting server and then a notification is sent to the App-V 5.0 client. - -6. When the App-V 5.0 client receives the success notification, it empties the data cache to conserve space. - - **Note**   - By default the cache is cleared after the server confirms receipt of data. You can manually configure the client to save the data cache. - - - -~~~ -If the App-V 5.0 client device does not receive a success notification from the server, it retains data in the cache and tries to resend data at the next configured interval. Clients continue to collect data and add it to the cache. -~~~ - -### App-V 5.0 reporting server frequently asked questions - -The following table displays answers to common questions about App-V 5.0 reporting - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
QuestionMore Information

What is the frequency that reporting information is sent to the reporting database?

The frequency depends on how the reporting task is configured on the computer running the App-V 5.0 client. You must configure the frequency / interval for sending the reporting data. App-V 5.0 Reporting is not enabled by default.

What information is stored in the reporting server database?

The following list displays what is stored in the reporting database:

-
    -

  • The operating system running on the computer running the App-V 5.0 client: host name, version, service pack, type - client/server, processor architecture.

    • -

  • App-V 5.0 Client information: version.

    • -

  • Published package list: GUID, version GUID, name.

    • -

  • Application usage information: name, version, streaming server, user (domain\alias), package version GUID, launch status and time, shutdown time.

    • -

What is the average volume of information that is sent to the reporting server?

It depends. The following list displays the three sets of the data sent to the reporting server:

-
    -

  1. Operating system, and App-V 5.0 client information. ~150 Bytes, every time this data is sent.

    2. -

  2. Published package list. ~7 KB for 30 packages. This is sent only when the package list is updated with a publishing refresh, which is done infrequently; if there is no change, this information is not sent.

    3. -

  3. Virtual application usage information – about 0.25KB per event. Opening and closing count as one event if both occur before sending the information. When sending using a scheduled task, only the data since the last successful upload is sent to the server. If sending manually through the PowerShell cmdlet, there is an optional argument that controls if the data needs to be re-sent next time around – that argument is DeleteOnSuccess.

    -

    -

    So for example, if twenty applications are opened and closed and reporting information is scheduled to be sent daily, the typical daily traffic should be about 0.15KB + 20 x 0.25KB, or about 5KB/user

    4. -

Can reporting be scheduled?

Yes. Besides manually sending reporting using PowerShell Cmdlets (Send-AppvClientReport), the task can be scheduled so it will happen automatically. There are two ways to schedule the reporting:

-
    -

  1. Using PowerShell cmdlets - Set-AppvClientConfiguration. For example:

    -

    Set-AppvClientConfiguration -ReportingEnabled 1 - ReportingServerURL http://any.com/appv-reporting

    -

    -

    For a complete list of client configuration settings see About Client Configuration Settings and look for the following entries: ReportingEnabled, ReportingServerURL, ReportingDataCacheLimit, ReportingDataBlockSize, ReportingStartTime, ReportingRandomDelay, ReportingInterval.

    -

    2. -

  2. By using Group Policy. If distributed using the domain controller, the settings are the same as previously listed.

    -
    -Note

    Group Policy settings override local settings configured using PowerShell.

    -
    -
    - -
    3. -
- - - -## App-V 5.0 Client Reporting - - -To use App-V 5.0 reporting you must install and configure the App-V 5.0 client. After the client has been installed, use the **Set-AppVClientConfiguration** PowerShell cmdlet or the **ADMX Template** to configure reporting. The reporting feature cmdlets are available by using the following link and are prefaced by **Reporting**. For a complete list of client configuration settings see [About Client Configuration Settings](about-client-configuration-settings.md). The following section provides examples of App-V 5.0 client reporting configuration using PowerShell. - -### Configuring App-V Client reporting using PowerShell - -The following examples show how PowerShell parameters can configure the reporting features of the App-V 5.0 client. - -**Note** -The following configuration task can also be configured using Group Policy settings in the App-V 5.0 ADMX template. For more information about using the ADMX template, see [How to Modify App-V 5.0 Client Configuration Using the ADMX Template and Group Policy](how-to-modify-app-v-50-client-configuration-using-the-admx-template-and-group-policy.md). - - - -**To enable reporting and to initiate data collection on the computer running the App-V 5.0 client**: - -`Set-AppVClientConfiguration –ReportingEnabled 1` - -**To configure the client to automatically send data to a specific reporting server**: - -``` syntax -Set-AppVClientConfiguration –ReportingServerURL http://MyReportingServer:MyPort/ -ReportingStartTime 20 -ReportingInterval 1 -ReportingRandomDelay 30 -``` - -`-ReportingInterval 1 -ReportingRandomDelay 30` - -This example configures the client to automatically send the reporting data to the reporting server URL http://MyReportingServer:MyPort/. Additionally, the reporting data will be sent daily between 8:00 and 8:30 PM, depending on the random delay generated for the session. - -**To limit the size of the data cache on the client**: - -`Set-AppvClientConfiguration –ReportingDataCacheLimit 100` - -Configures the maximum size of the reporting cache on the computer running the App-V 5.0 client to 100 MB. If the cache limit is reached before the data is sent to the server, then the log rolls over and data will be overwritten as necessary. - -**To configure the data block size transmitted across the network between the client and the server**: - -`Set-AppvClientConfiguration –ReportingDataBlockSize 10240` - -Specifies the maximum data block that the client sends to 10240 MB. - -### Types of data collected - -The following table displays the types of information you can collect by using App-V 5.0 reporting. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Client InformationPackage InformationApplication Usage

Host Name

Package Name

Start and End Times

App-V 5.0 Client Version

Package Version

Run Status

Processor Architecture

Package Source

Shutdown State

Operating System Version

Percent Cached

Application Name

Service Pack Level

Application Version

Operating System Type

Username

Connection Group

- - - -The client collects and saves this data in an **.xml** format. The data cache is hidden by default and requires administrator rights to open the XML file. - -### Sending data to the server - -You can configure the computer that is running the App-V 5.0 client to automatically send data to the specified reporting server. To specify the server use the **Set-AppvClientConfiguration** cmdlet with the following settings: - -- ReportingEnabled - -- ReportingServerURL - -- ReportingStartTime - -- ReportingInterval - -- ReportingRandomDelay - -After you configure the previous settings, you must create a scheduled task. The scheduled task will contact the server specified by the **ReportingServerURL** setting and will initiate the transfer. If you want to manually send data outside of the scheduled times, use the following PowerShell cmdlet: - -`Send-AppVClientReport –URL http://MyReportingServer:MyPort/ -DeleteOnSuccess` - -If the reporting server has been previously configured, then the **–URL** parameter can be omitted. Alternatively, if the data should be sent to an alternate location, specify a different URL to override the configured **ReportingServerURL** for this data collection. - -The **-DeleteOnSuccess** parameter indicates that if the transfer is successful, then the data cache is cleared. If this is not specified, then the cache will not be cleared. - -### Manual Data Collection - -You can also use the **Send-AppVClientReport** cmdlet to manually collect data. This solution is helpful with or without an existing reporting server. The following list displays information about collecting data with or without a reporting server. - - ---- - - - - - - - - - - - - -
With a Reporting ServerWithout a Reporting Server

If you have an existing App-V 5.0 reporting Server, create a customized scheduled task or script. Specify that the client send the data to the specified location with the desired frequency.

If you do not have an existing App-V 5.0 reporting Server, use the –URL parameter to send the data to a specified share. For example:

-

Send-AppVClientReport –URL \Myshare\MyData\ -DeleteOnSuccess

-

The previous example will send the reporting data to \MyShare\MyData</strong> location indicated by the -URL parameter. After the data has been sent, the cache is cleared.

-
-Note

If a location other than the Reporting Server is specified, the data is sent using .xml format with no additional processing.

-
-
- -
- - - -### Creating Reports - -To retrieve report information and create reports using App-V 5.0 you must use one of the following methods: - -- **Microsoft SQL Server Reporting Services (SSRS)** - Microsoft SQL Server Reporting Services is available with Microsoft SQL Server. SSRS is not installed when you install the App-V 5.0 reporting server. It must be deployed separately to generate the associated reports. - - Use the following link for more information about using [Microsoft SQL Server Reporting Services](https://go.microsoft.com/fwlink/?LinkId=285596). - -- **Scripting** – You can generate reports by scripting directly against the App-V 5.0 reporting database. For example: - - **Stored Procedure:** - - **spProcessClientReport** is scheduled to run at midnight or 12:00 AM. - - To run the Microsoft SQL Server Scheduled Stored procedure, the Microsoft SQL Server Agent must be running. You should ensure that the Microsoft SQL Server Agent is set to **AutoStart**. For more information see [Autostart SQL Server Agent (SQL Server Management Studio)](https://go.microsoft.com/fwlink/?LinkId=287045). - - The stored procedure is also created when using the App-V 5.0 database scripts. - -You should also ensure that the reporting server web service’s **Maximum Concurrent Connections** is set to a value that the server will be able to manage without impacting availability. The recommended number of **Maximum Concurrent Connections** for the **Reporting Web Service** is **10,000**. - - - - - - -## Related topics - - -[Deploying the App-V 5.0 Server](deploying-the-app-v-50-server.md) - -[How to install the Reporting Server on a Standalone Computer and Connect it to the Database](how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database.md) - - - - - - - - - diff --git a/mdop/appv-v5/about-app-v-50-sp1.md b/mdop/appv-v5/about-app-v-50-sp1.md deleted file mode 100644 index 2222333447..0000000000 --- a/mdop/appv-v5/about-app-v-50-sp1.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: About App-V 5.0 SP1 -description: About App-V 5.0 SP1 -author: dansimp -ms.assetid: 2848a51b-452e-4c70-b465-f6717cfa667f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# About App-V 5.0 SP1 - - -This service pack contains the following changes: - -- The App-V 5.0 sequencer and App-V 5.0 client now support twenty-four languages. You can download the additional language packs using the **Volume Licensing Service Center**. - -- The App-V 5.0 server now supports eleven languages. You can download the additional language packs using the **Volume Licensing Service Center**. - -- Support has been added for the App-V 5.0 Volume Shadow Copy Service (VSS) Writer feature. - - **Important**   - To use VSS and App-V 5.0 you must modify the values for the following server registry keys with the updated database names: - - - Management - **HKEY\_LOCAL\_MACHINE** \\ **SOFTWARE** \\ **Microsoft** \\ **AppV** \\ **Server** \\ **ManagementService** \\ **MANAGEMENT\_DB\_NAME** - - - Reporting - **HKEY\_LOCAL\_MACHINE** \\ **SOFTWARE** \\ **Microsoft** \\ **AppV** \\ **Server** \\ **ReportingService** \\ **REPORTING\_DB\_NAME** - - - -## How to Get MDOP Technologies - - -App-V 5.0 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049). - - - - - - -## Related topics - - -[What's new in App-V 5.0 SP1](whats-new-in-app-v-50-sp1.md) - -[Release Notes for App-V 5.0 SP1](release-notes-for-app-v-50-sp1.md) - - - - - - - - - diff --git a/mdop/appv-v5/about-app-v-50-sp2.md b/mdop/appv-v5/about-app-v-50-sp2.md deleted file mode 100644 index f3f167d10a..0000000000 --- a/mdop/appv-v5/about-app-v-50-sp2.md +++ /dev/null @@ -1,183 +0,0 @@ ---- -title: About App-V 5.0 SP2 -description: About App-V 5.0 SP2 -author: dansimp -ms.assetid: 16ca8452-cef2-464e-b4b5-c10d4630fa6a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# About App-V 5.0 SP2 - - -App-V 5.0 SP2 provides an improved integrated platform, more flexible virtualization, and powerful management for virtualized applications. For more information see, [App-V 5.0 Overview](https://go.microsoft.com/fwlink/p/?LinkId=325265) (https://go.microsoft.com/fwlink/?LinkId=325265). - -## Changes in Standard App-V 5.0 SP2 Functionality - - -The following sections contain information about the changes in standard functionality for App-V 5.0 SP2. - -### Support for Windows Server 2012 R2 and Windows 8.1 - -App-V 5.0 includes support for Windows Server 2012 R2 and Windows 8.1 - -### App-V 5.0 SP2 now supports folder redirection for the user’s roaming AppData directory - -App-V 5.0 SP2 supports roaming AppData (%AppData%) folder redirection. For more information, see the [Planning to Use Folder Redirection with App-V](planning-to-use-folder-redirection-with-app-v.md). - -### Package upgrade improvements and pending tasks - -In App-V 5.0 SP2, you are no longer prompted to close a running virtual application when a newer version of the package or connection group is published. If a package or connection group is in use when you try to perform a related task, a message displays to indicate that the object is in use, and that the operation will be attempted at a later time. - -Tasks that have been placed in a pending state will be performed according to the following rules: - - ---- - - - - - - - - - - - - - - - - -
Task typeApplicable rule

User-based task, e.g., publishing a package to a user

The pending task will be performed after the user logs off and then logs back on.

Globally based task, e.g., enabling a connection group globally

The pending task will be performed when the computer is shut down and then restarted.

- - - -When a task is placed in a pending state, the App-V client also generates a registry key for the pending task, as follows: - - ---- - - - - - - - - - - - - - - - - -
User-based or globally based taskWhere the registry key is generated

User-based tasks

KEY_CURRENT_USER\Software\Microsoft\AppV\Client\PendingTasks

Globally based tasks

HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\PendingTasks

- - - -### Virtualizing Microsoft Office 2013 and Microsoft Office 2010 using App-V 5.0 - -Use the following link for more information about App-V 5.0 supported Microsoft Office scenarios. - -[Virtualizing Microsoft Office 2013 for Application Virtualization (App-V) 5.0](../solutions/virtualizing-microsoft-office-2013-for-application-virtualization--app-v--50-solutions.md) - -**Note**   -This document focuses on creating a Microsoft Office 2013 App-V 5.0 Package. However, it also provides information about scenarios for Microsoft Office 2010 with App-V 5.0. - - - -### App-V 5.0 Client Management User Interface Application - -In previous versions of App-V 5.0 the Client Management User Interface (UI) was provided with the App-V 5.0 Client installation. With App-V 5.0 SP2 this is no longer the case. Administrators now have the option to deploy the App-V 5.0 Client UI as a Virtual Application (using all supported App-V deployment configurations) or as an installed application. - -For more information see [Microsoft Application Virtualization 5.0 Client UI Application](https://go.microsoft.com/fwlink/p/?LinkId=386345) (https://go.microsoft.com/fwlink/?LinkId=386345). - -### Side-by-Side (SxS) Assembly Automatic Packaging and Deployment - -App-V 5.0 SP2 now automatically detects side-by-side (SxS) assemblies, and deployment on the computer running the App-V 5.0 SP2 client. A SxS assembly primarily consists of VC++ run-time dependencies or MSXML. In previous versions of App-V, virtual applications that had dependencies on VC run-times required these dependencies to be locally on the computer running the App-V 5.0 SP2 client. - -The following functionality is now supported: - -- The App-V 5.0 sequencer automatically captures the SxS assembly in the package regardless of whether the VC run-time has already been installed on the computer running the sequencer. - -- The App-V 5.0 client automatically installs the required SxS assembly to the computer running the client as required at publishing time. - -- The App-V 5.0 sequencer reports the VC run-time dependency using the sequencer reporting mechanism. - -- The App-V 5.0 sequencer now allows you to exclude the VC run-time dependency in the event that the dependency is already available on the computer running the sequencer. - -### Publishing Refresh Improvements - -App-V 5.0 supports several features were added to improve the overall experience of refreshing a set of applications for a specific user. - -The following list displays the publishing refresh enhancements: - -The following list contains more information about how to enable the new publishing refresh improvements. - -- **EnablePublishingRefreshUI** - Enables the publishing refresh progress bar for the computer running the App-V 5.0 Client. - -- **HideUI** - Hides the publishing refresh progress bar during a manual sync. - -### New Client Configuration Setting - -The following new client configuration setting is available with App-V 5.0 SP2: - -**EnableDynamicVirtualization** - Enables supported Shell Extensions, Browser Helper Objects, and Active X controls to be virtualized and run with virtual applications. - -For more information, see [About Client Configuration Settings](about-client-configuration-settings.md). - -### App-V 5.0 Shell extensions - -App-V 5.0 SP2 now supports shell extensions. - -For more information see the **App-V 5.0 SP2 shell extension support** section of [Creating and Managing App-V 5.0 Virtualized Applications](creating-and-managing-app-v-50-virtualized-applications.md). - -## App-V 5.0 documentation updates - - -App-V 5.0 SP2 provides updated documentation for the following scenarios: - -- [Migrating from a Previous Version](migrating-from-a-previous-version-app-v-50.md) - -- [About App-V 5.0](about-app-v-50.md) - -- [About App-V 5.0 Reporting](about-app-v-50-reporting.md) (frequently asked questions section) - -## How to Get MDOP Technologies - - -App-V 5.0 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049). - - - - - - -## Related topics - - -[Release Notes for App-V 5.0 SP2](release-notes-for-app-v-50-sp2.md) - - - - - - - - - diff --git a/mdop/appv-v5/about-app-v-50-sp3.md b/mdop/appv-v5/about-app-v-50-sp3.md deleted file mode 100644 index a784b0b574..0000000000 --- a/mdop/appv-v5/about-app-v-50-sp3.md +++ /dev/null @@ -1,839 +0,0 @@ ---- -title: About App-V 5.0 SP3 -description: About App-V 5.0 SP3 -author: dansimp -ms.assetid: 67b5268b-edc1-4027-98b0-b3937dd70a6b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 11/02/2016 ---- - - -# About App-V 5.0 SP3 - - -Use the following sections to review information about significant changes that apply to Microsoft Application Virtualization (App-V) 5.0 SP3: - -- [App-V 5.0 SP3 software prerequisites and supported configurations](#bkmk-sp3-prereq-configs) - -- [Migrating to App-V 5.0 SP3](#bkmk-migrate-to-50sp3) - -- [Manually created connection group xml file requires update to schema](#bkmk-update-schema-cg) - -- [Improvements to connection groups](#bkmk-cg-improvements) - -- [Administrators can publish and unpublish packages for a specific user](#bkmk-usersid-pub-pkgs-specf-user) - -- [Enable only administrators to publish and unpublish packages](#bkmk-admins-only-pub-unpub-pkgs) - -- [RunVirtual registry key supports packages that are published to the user](#bkmk-runvirtual-reg-key) - -- [New PowerShell cmdlets and updateable cmdlet help](#bkmk-posh-cmdlets-help) - -- [Primary virtual application directory (PVAD) is hidden but can be turned on](#bkmk-pvad-hidden) - -- [ClientVersion is required to view App-V publishing metadata](#bkmk-pub-metadata-clientversion) - -- [App-V event logs have been consolidated](#bkmk-event-logs-moved) - -## App-V 5.0 SP3 software prerequisites and supported configurations - - -See the following links for the App-V 5.0 SP3 software prerequisites and supported configurations. - - ---- - - - - - - - - - - - - - - - - -
Links to prerequisites and supported configurationsDescription

App-V 5.0 SP3 Prerequisites

Prerequisite software that you must install before starting the App-V 5.0 SP3 installation

App-V 5.0 SP3 Supported Configurations

Supported operating systems and hardware requirements for the App-V Server, Sequencer, and Client components

- - - -## Migrating to App-V 5.0 SP3 - - -Use the following information to upgrade to App-V 5.0 SP3 from earlier versions. - -### Before you start the upgrade - -Review the following information before you start the upgrade: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
Items to review before upgradingDescription

Components to upgrade

    -

  1. App-V Server

    2. -

  2. Sequencer

    3. -

  3. App-V client or App-V Remote Desktop Services (RDS) client

    4. -

  4. Connection groups

    5. -
-
-Note

To use the App-V client user interface, download the existing version from Microsoft Application Virtualization 5.0 Client UI Application.

-
-
- -

Upgrading from App-V 4.x

You must first upgrade to App-V 5.0. You cannot upgrade directly from App-V 4.x to App-V 5.0 SP3.

-

For more information, see:

- -

Upgrading from App-V 5.0 or later

You can upgrade to App-V 5.0 SP3 directly from any of the following versions:

-
    -

  • App-V 5.0

    • -

  • App-V 5.0 SP1

    • -

  • App-V 5.0 SP2

    • -
-

To upgrade to App-V 5.0 SP3, follow the steps in the remaining sections of this article.

Required changes to packages and connection groups after upgrade

None. Packages and connection groups will continue to work as they currently do.

- - - -### Steps to upgrade the App-V infrastructure - -Complete the following steps to upgrade each component of the App-V infrastructure to App-V 5.0 SP3. - - ---- - - - - - - - - - - - - - - - - - - - - -
StepFor more information

Step 1: Upgrade the App-V Server.

-

If you are not using the App-V Server, skip this step and go to the next step.

-
-Note

The App-V 5.0 SP3 client is compatible with the App-V 5.0 SP1 Server.

-
-
- -

Follow these steps:

-
    -

  1. Review the Release Notes for App-V 5.0 SP3 for issues that may affect the App-V Server installation.

    2. -

  2. Do one of the following, depending on the method you are using to upgrade the Management database and/or Reporting database:

    - ---- - - - - - - - - - - - - - - - - -
    Database upgrade methodStep

    Windows Installer

    Skip this step and go to step 3, “If you are upgrading the App-V Server...”

    SQL scripts

    		 ---- - - - - - - - - - - -

    Management database

    To install or upgrade, see SQL scripts to install or upgrade the App-V 5.0 SP3 Management Server database fail.

    Reporting database

    Follow the steps in How to Deploy the App-V Databases by Using SQL Scripts.

    -

    -

    3. -

  3. If you are upgrading the App-V Server from App-V 5.0 SP1 Hotfix Package 3 or later, complete the steps in section Check registry keys after installing the App-V 5.0 SP3 Server.

    4. -

  4. Follow the steps in How to Deploy the App-V 5.0 Server.

    5. -

Step 2: Upgrade the App-V Sequencer.

See How to Install the Sequencer.

Step 3: Upgrade the App-V client or App-V RDS client.

See How to Deploy the App-V Client.

- - - -### Check registry keys before installing the App-V 5.0 SP3 Server - -This is step 3 from the previous table. - - ---- - - - - - - - - - - - - - - - - - - -

When this step is required

You are upgrading from App-V SP1 with any subsequent Hotfix Packages that you installed by using an .msp file.

Which components require that you do this step

Only the App-V Server components that you are upgrading.

When you need to do this step

Before you upgrade the App-V Server to App-V 5.0 SP3

What you need to do

Using the information in the following tables, update each registry key value under HKLM\Software\Microsoft\AppV\Server with the value that you provided in your original server installation. Completing this step restores registry values that may have been removed when App-V SP1 Hotfix Packages were installed.

- - - -**ManagementDatabase key** - -If you are installing the Management database, set these registry keys under `HKLM\Software\Microsoft\AppV\Server\ManagementDatabase`. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Key nameDescription

IS_MANAGEMENT_DB_PUBLIC_ACCESS_ACCOUNT_REQUIRED

Describes whether a public access account is required to access non-local management databases. Value is set to “1” if it is required.

MANAGEMENT_DB_NAME

Name of the Management database.

MANAGEMENT_DB_PUBLIC_ACCESS_ACCOUNT

Account used for read (public) access to the Management database.

-

Used when IS_MANAGEMENT_DB_PUBLIC_ACCESS_ACCOUNT_REQUIRED is set to 1.

MANAGEMENT_DB_PUBLIC_ACCESS_ACCOUNT_SID

Secure identifier (SID) of the account used for read (public) access to the Management database.

-

Used when IS_MANAGEMENT_DB_PUBLIC_ACCESS_ACCOUNT_REQUIRED is set to 1.

MANAGEMENT_DB_SQL_INSTANCE

SQL Server instance for the Management database.

-

If the value is blank, the default database instance is used.

MANAGEMENT_DB_WRITE_ACCESS_ACCOUNT

Account used for write (administrator) access to the Management database.

MANAGEMENT_DB_WRITE_ACCESS_ACCOUNT_SID

Secure identifier (SID) of the account used for write (administrator) access to the Management database.

MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT

Management server remote computer account (domain\account).

MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT

Installation administrator login for the Management server (domain\account).

MANAGEMENT_SERVER_MACHINE_USE_LOCAL

Valid values are:

-
    -

  • 1 – the Management service is on the local computer, that is, MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT is blank.

    • -

  • 0 - the Management service is on a different computer from the local computer.

    • -
- - - -**ManagementService key** - -If you are installing the Management server, set these registry keys under `HKLM\Software\Microsoft\AppV\Server\ManagementService`. - - ---- - - - - - - - - - - - - - - - - - - - - -
Key nameDescription

MANAGEMENT_ADMINACCOUNT

Active Directory Domain Services (AD DS) group or account that is authorized to manage App-V (domain\account).

MANAGEMENT_DB_SQL_INSTANCE

SQL server instance that contains the Management database.

-

If the value is blank, the default database instance is used.

MANAGEMENT_DB_SQL_SERVER_NAME

Name of the remote SQL server with the Management database.

-

If the value is blank, the local computer is used.

- - - -**ReportingDatabase key** - -If you are installing the Reporting database, set these registry keys under `HKLM\Software\Microsoft\AppV\Server\ReportingDatabase`. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Key nameDescription

IS_REPORTING_DB_PUBLIC_ACCESS_ACCOUNT_REQUIRED

Describes whether a public access account is required to access non-local reporting databases. Value is set to “1” if it is required.

REPORTING_DB_NAME

Name of the Reporting database.

REPORTING_DB_PUBLIC_ACCESS_ACCOUNT

Account used for read (public) access to the Reporting database.

-

Used when IS_REPORTING_DB_PUBLIC_ACCESS_ACCOUNT_REQUIRED is set to 1.

REPORTING_DB_PUBLIC_ACCESS_ACCOUNT_SID

Secure identifier (SID) of the account used for read (public) access to the Reporting database.

-

Used when IS_REPORTING_DB_PUBLIC_ACCESS_ACCOUNT_REQUIRED is set to 1.

REPORTING_DB_SQL_INSTANCE

SQL Server instance for the Reporting database.

-

If the value is blank, the default database instance is used.

REPORTING_DB_WRITE_ACCESS_ACCOUNT

REPORTING_DB_WRITE_ACCESS_ACCOUNT_SID

REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT

Reporting server remote computer account (domain\account).

REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT

Installation administrator login for the Reporting server (domain\account).

REPORTING_SERVER_MACHINE_USE_LOCAL

Valid values are:

-
    -

  • 1 – the Reporting service is on the local computer, that is, REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT is blank.

    • -

  • 0 - the Reporting service is on a different computer from the local computer.

    • -
- - - -**ReportingService key** - -If you are installing the Reporting server, set these registry keys under `HKLM\Software\Microsoft\AppV\Server\ReportingService`. - - ---- - - - - - - - - - - - - - - - - -
Key nameDescription

REPORTING_DB_SQL_INSTANCE

SQL Server instance for the Reporting database.

-

If the value is blank, the default database instance is used.

REPORTING_DB_SQL_SERVER_NAME

Name of the remote SQL server with the Reporting database.

-

If the value is blank, the local computer is used.

- - - -## Manually created connection group xml file requires update to schema - - -If you are manually creating the connection group XML file, and want to use the new “optional packages” and “use any version” features that are described in [Improvements to connection groups](#bkmk-cg-improvements), you must specify the following schema in the XML file: - -`xmlns="http://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup"` - -For examples and more information, see [About the Connection Group File](about-the-connection-group-file.md). - -## Improvements to connection groups - - -You can manage connection groups more easily by using optional packages and other improvements that have been added in App-V 5.0 SP3. The following table summarizes the tasks that you can perform by using the new connection group features, and links to more detailed information about each task. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Task/featureDescriptionLinks to more information

Enable a connection group to include optional packages

Including optional packages in a connection group enables you to dynamically determine which applications will be included in the connection group’s virtual environment, based on the applications that users are entitled to.

-

You don’t need to manage as many connection groups because you can mix optional and non-optional packages in the same connection group. Mixing packages allows different groups of users to use the same connection group, even though users might have only one package in common.

-

Example: You can enable a package with Microsoft Office for all users, but enable different optional packages, which contain different Office plug-ins, to different subsets of users.

How to Use Optional Packages in Connection Groups

Unpublish or delete an optional package without changing the connection group

Unpublish or delete, or unpublish and republish an optional package, which is in a connection group, without having to disable or re-enable the connection group on the App-V client.

How to Use Optional Packages in Connection Groups

Publish connection groups that contain user-published and globally published packages

Create a user-published connection group that contains user-published and globally published packages.

How to Create a Connection Group with User-Published and Globally Published Packages

Make a connection group ignore the package version

Configure a connection group to accept any version of a package, which enables you to upgrade a package without having to disable the connection group. In addition, if there is an optional package with an incorrect version in the connection group, the package is ignored and won’t block the connection group’s virtual environment from being created.

How to Make a Connection Group Ignore the Package Version

Limit end users’ publishing capabilities

Enable only administrators (not end users) to publish packages and to enable connection groups.

For information about connection groups, see How to Allow Only Administrators to Enable Connection Groups

-

For information about packages, see the following articles:

- ---- - - - - - - - - - - - - - - - - - - - - -
MethodLink to more information

Management console

How to Publish a Package by Using the Management Console

PowerShell

How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell

Third-party electronic software delivery system

How to Enable Only Administrators to Publish Packages by Using an ESD

-

Enable or disable a connection group for a specific user

Administrators can enable or disable a connection group for a specific user by using the optional –UserSID parameter with the following cmdlets:

-
    -

  • Enable-AppVClientConnectionGroup

    • -

  • Disable-AppVClientConnectionGroup

    • -

How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell

Merging identical package paths into one virtual directory in connection groups

If two or more packages in a connection group contain identical directory paths, the paths are merged into a single virtual directory inside the connection group virtual environment.

-

This merging of paths allows an application in one package to access files that are in a different package.

About the Connection Group Virtual Environment

- - - -## Administrators can publish and unpublish packages for a specific user - - -Administrators can use the following cmdlets to publish or unpublish packages for a specific user. To use the cmdlets, enter the **–UserSID** parameter, followed by the user’s security identifier (SID). For more information, see: - -- [How to Manage App-V 5.0 Packages Running on a Stand-Alone Computer by Using PowerShell](how-to-manage-app-v-50-packages-running-on-a-stand-alone-computer-by-using-powershell.md#bkmk-pub-pkg-a-user-standalone-posh) - -- [How to Manage App-V 5.0 Packages Running on a Stand-Alone Computer by Using PowerShell](how-to-manage-app-v-50-packages-running-on-a-stand-alone-computer-by-using-powershell.md#bkmk-unpub-pkg-specfc-use) - - ---- - - - - - - - - - - - - - - - - -
CmdletExamples

Publish-AppvClientPackage

Publish-AppvClientPackage “ContosoApplication” -UserSID S-1-2-34-56789012-3456789012-345678901-2345

Unpublish-AppvClientPackage

Unpublish-AppvClientPackage “ContosoApplication” -UserSID S-1-2-34-56789012-3456789012-345678901-2345

- - - -## Enable only administrators to publish and unpublish packages - - -You can enable only administrators (not end users) to publish and unpublish packages by using one of the following methods: - - ---- - - - - - - - - - - - - - - - - -
MethodMore information

Group Policy setting

Navigate to the following Group Policy Object node:

-

Computer Configuration > Policies > Administrative Templates > System > App-V > Publishing.

-

Enable the Require publish as administrator Group Policy setting.

PowerShell

How to Manage App-V 5.0 Packages Running on a Stand-Alone Computer by Using PowerShell

- - - -## RunVirtual registry key supports packages that are published to the user - - -App-V 5.0 SP3 adds support for using the **RunVirtual** registry key with virtualized applications that are in user-published packages. The **RunVirtual** registry key lets you run a locally installed application in a virtual environment, along with applications that have been virtualized by using App-V. - -Previously, the virtualized applications in App-V packages had to be published globally. For more about **RunVirtual** and about other methods of running locally installed applications in a virtual environment with virtualized applications, see [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications.md). - -## New PowerShell cmdlets and updateable cmdlet help - - -New PowerShell cmdlets and updateable cmdlet help are included in App-V 5.0 SP3. To download the cmdlet modules, see [How to Load the PowerShell Cmdlets and Get Cmdlet Help](how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-50-sp3.md#bkmk-load-cmdlets). - -### New App-V 5.0 SP3 Server PowerShell cmdlets - -New Windows PowerShell cmdlets for the App-V Server have been added to help you manage connection groups. - - ---- - - - - - - - - - - - - - - - - - - - - -
CmdletDescription

Add-AppvServerConnectionGroupPackage

Appends a package to the end of a connection group's package list and enables you to configure the package as optional and/or with no version within the connection group.

Set-AppvServerConnectionGroupPackage

Enables you to edit details about the connection group package, such as whether it is optional.

Remove-AppvServerConnectionGroupPackage

Removes a package from a connection group.

- - - -### Getting help for the PowerShell cmdlets - -Cmdlet help is available in the following formats: - - ---- - - - - - - - - - - - - - - - - -
FormatDescription

As a downloadable module

To get the latest help after downloading the cmdlet module:

-
    -

  1. Open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE).

    2. -

  2. Type one of the following commands to load the cmdlets for the module you want:

    3. -
- ---- - - - - - - - - - - - - - - - - - - - - -
App-V componentCommand to type

App-V Server

Update-Help-Module AppvServer

App-V Sequencer

Update-Help-Module AppvSequencer

App-V client

Update-Help-Module AppvClient

-

On TechNet as web pages

See the App-V node under Microsoft Desktop Optimization Pack Automation with Windows PowerShell.

- - - -For more information, see [How to Load the PowerShell Cmdlets and Get Cmdlet Help](how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-50-sp3.md). - -## Primary virtual application directory (PVAD) is hidden but can be turned on - - -The primary virtual application directory (PVAD) is hidden in App-V 5.0 SP3, but you can turn it back on and make it visible by using one of the following methods: - - ---- - - - - - - - - - - - - - - - - -
MethodSteps

Use a command line parameter

Pass the –EnablePVADControl parameter to the Sequencer.exe.

Create a registry subkey

    -

  1. In the Registry Editor, navigate to: HKLM\SOFTWARE\Microsoft\AppV\Sequencer\Compatibility

    -
    -Note

    If the Compatibility subkey doesn’t exist, you must create it.

    -
    -
    - -
    2. -

  2. Create a DWORD Value named EnablePVADControl, and set the value to 1.

    -

    A value of 0 means that PVAD is hidden.

    3. -
- - - -**More about PVAD:** When you use the Sequencer to create a package, you can enter any installation path for the package. In past versions of App-V, you were required to specify the primary virtual application directory (PVAD) of the application as the path. PVAD is the directory to which you would typically install an application on your local computer if you weren’t using App-V. For example, if you were installing Office on a computer, the PVAD typically would be C:\\Program Files\\Microsoft Office\\. - -## ClientVersion is required to view App-V publishing metadata - - -In App-V 5.0 SP3, you must provide the following values in the address when you query the App-V Publishing server for metadata: - - ---- - - - - - - - - - - - - - - - - -
ValueAdditional details

ClientVersion

If you omit the ClientVersion parameter from the query, the metadata excludes the new App-V 5.0 SP3 features.

ClientOS

You have to provide this value only if you select specific client operating systems when you sequence the package. If you select the default (all operating systems), do not specify this value in the query.

-

If you omit the ClientOS parameter from the query, only the packages that were sequenced to support any operating system appear in the metadata.

- - - -For syntax and examples of this query, see [Viewing App-V Server Publishing Metadata](viewing-app-v-server-publishing-metadata.md). - -## App-V event logs have been consolidated - - -The following event logs, previously located at **Applications and Services Logs/Microsoft/AppV/<App-V component>**, have been moved to **Applications and Services Logs/Microsoft/AppV/ServiceLog**. - -To view the logs, select **View** > **Show Analytic and Debug Logs** in the Event Viewer application. - -Client-Catalog Client-Integration Client-Orchestration Client-PackageConfig Client-Scripting Client-Service Client-Vemgr Client-VFSC FilesystemMetadataLibrary ManifestLibrary PolicyLibrary Subsystems-ActiveX Subsystems-AppPath Subsystems-Com Subsystems-fta - -## How to Get MDOP Technologies - - -App-V is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049). - - - - - - -## Related topics - - -[Release Notes for App-V 5.0 SP3](release-notes-for-app-v-50-sp3.md) - - - - - - - - - diff --git a/mdop/appv-v5/about-app-v-50.md b/mdop/appv-v5/about-app-v-50.md deleted file mode 100644 index a81421348c..0000000000 --- a/mdop/appv-v5/about-app-v-50.md +++ /dev/null @@ -1,113 +0,0 @@ ---- -title: About App-V 5.0 -description: About App-V 5.0 -author: dansimp -ms.assetid: 5799141b-44bc-4033-afcc-212235e15f00 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# About App-V 5.0 - - -App-V 5.0 provides an improved integrated platform, more flexible virtualization, and powerful management for virtualized applications. For more information see the [App-V 5.0 Overview](https://go.microsoft.com/fwlink/?LinkId=325265) (https://go.microsoft.com/fwlink/?LinkId=325265). - -## What’s new? - - -The following list displays what is new with App-V 5.0: - -- **IT Diagnostics and Monitoring** - App-V 5.0 enhances the ability to generate reporting information about computers running the App-V 5.0 client and virtualized packages. - -- **End-to-End Programmability** - Leveraging PowerShell 3.0, App-V 5.0 offers a complete programmability solution for packaging, client and server operations. - -- **Simple and Effective Client Console** - App-V 5.0 offers a modern client console designed to simplify the top end user and Tier 1 support engineer scenarios. - -- **Virtual Application Extensions** - App-V 5.0 virtual application extensions enable virtual packages to run as if they are installed locally. - -- **Local Drive Creation** - App-V 5.0 no longer requires a dedicated local drive letter for virtual application deployment. - -- **Shared Content Store** – The App-V 5.0 shared content store offers similar functionality to the streaming server available in previous versions of App-V. It also requires less disk space and updates to virtual applications are available as soon as the new version is ready. - -- **Connection Groups** - App-V 5.0 connection groups allow you to connect and run virtual applications interactively. - -## Differences between App-V 4.6 and App-V 5.0 - - -The following table displays some of the differences between App-V 4.6 and App-V 5.0: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
App-V 4.6App-V 5.0

Must Use a dedicated drive letter (Q:</strong>).

No dedicated drive letter required.

4 GB package size limit requirement.

No 4 GB package size limit requirement.

Virtual applications are isolated from locally installed applications.

Virtual applications can be extended to support local application interaction.

Dynamic Suite Composition enabled interaction with middleware applications.

Peer applications are shared using connection groups. For more information about connection groups see, Managing Connection Groups.

VDI/RDS environments required a read-only shared cache.

You can update the shared content store using the standard workflow.

Limited command-line scripting.

Supports robust PowerShell scripting for the sequencer, client, and server components.

Provides web-based management capabilities.

- - - -## How to Get MDOP Technologies - - -App-V 5.0 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049). - - - - - - -## Related topics - - -[Getting Started with App-V 5.0](getting-started-with-app-v-50--rtm.md) - - - - - - - - - diff --git a/mdop/appv-v5/about-app-v-51-dynamic-configuration.md b/mdop/appv-v5/about-app-v-51-dynamic-configuration.md deleted file mode 100644 index 663c596d68..0000000000 --- a/mdop/appv-v5/about-app-v-51-dynamic-configuration.md +++ /dev/null @@ -1,953 +0,0 @@ ---- -title: About App-V 5.1 dynamic configuration -description: You can use the dynamic configuration to customize an App-V 5.1 package for a user. Use the following information to create or edit an existing dynamic configuration file. -author: dansimp -ms.assetid: 35bc9908-d502-4a9c-873f-8ee17b6d9d74 -ms.reviewer: -manager: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/28/2018 -ms.author: dansimp ---- - -# About App-V 5.1 dynamic configuration -With dynamic configuration, you can edit the dynamic configuration file to customize how an App-V 5.1 package runs for a user or group. Package customization removes the need to resequence packages using the desired settings. It also provides a way to keep package content and custom settings independent. - -Virtual application packages contain a manifest that provides all the core information for the package. This information includes the defaults for the package settings and determines settings in the most basic form (with no additional customization). - -When a package gets created, the sequencer generates default deployment and user configuration .xml files automatically using the package manifest data. Therefore, these generated files reflect the default settings configured during sequencing. If you apply these files to a package in the form generated by the sequencer, the packages have the same default settings that came from their manifest. - -Use these generated files to make changes, if necessary, which doesn’t directly affect the package. If you want to add, delete or update the configuration files, make your changes about the default values in the manifest information. - ->[!TIP] ->The order in which the files read are:
  • UserConfig.xml
  • DeploymentConfig.xml
  • Manifest

The first entry represents what gets read last. Therefore, its content takes precedence, and all packages inherently contain and provide default settings from the package manifest.

  1. If customizing the DeploymentConfig.xml file and apply the customized settings, the default settings in the package manifest get overridden.
  2. If customizing the UserConfig.xml and apply the customized settings, the default settings for both the deployment configuration and the package manifest get overridden.
- -## User configuration file contents (UserConfig.xml) -The UserConfig file provides configuration settings that get applied for a specific user when deploying the package to a computer running the App-V 5.1 client. These settings don’t affect any other users on the client. - -Use the UserConfig file to specify or modify custom settings for a package: - -- Extensions integrated into the native system per user: shortcuts, file-type associations, URL protocols, AppPaths, software clients and COM -- Virtual subsystems: application objects, environment variables, registry modifications, services and fonts -- Scripts (user context only) -- Managing authority (for controlling co-existence of package with App-V 4.6) - -### Header - -The header of a dynamic user configuration file looks like: - -```xml - -``` - -The **PackageId** is the same value as exists in the manifest file. - - -### Body - -The body of the dynamic user configuration file can include all the app extension points defined in the manifest file, as well as information to configure virtual applications. There are four subsections allowed in the body: - -1. **[Applications](#applications)** -2. **[Subsystems](#subsystems)** -3. **[UserScripts](#userscripts)** -4. **[ManagingAuthority](#managingauthority)** - -#### Applications - -All app-extensions contained in the manifest file within a package have an Application ID assigned, which you find in the manifest file. The Application ID lets you enable or disable all extensions for a given application within a package. The Application ID must exist in the manifest file, or it gets ignored. - -```XML - - - - - - - - - - - - -.. - - -``` - -#### Subsystems - -AppExtensions and other subsystems arranged as subnodes. - -```XML - - - - -.. - - - -.. - - -``` - -You can enable or disable each subsystem using the **Enabled** attribute. - -**Extensions** - -Some subsystems (extension subsystems) control extensions. Those subsystems are Shortcuts, File-Type associations, URL Protocols, AppPaths, Software Clients, and COM. - -Extension subsystems can be enabled and disabled independently of the content. For example, if you enable Shortcuts, the client uses the Shortcuts contained within the manifest by default. Each extension subsystem can contain an \ node. If this child element is present, the client ignores the content in the manifest file for that subsystem and only use the content in the configuration file. - -_**Examples:**_ - -- If you define this in either the user or deployment config file, the content in the manifest gets ignored. - - ```XML - - - - - - ... - - - - - ``` -- If you define only the following, the content in the manifest gets integrated during publishing. - - ```XML - - - ``` - -- If you define the following, all Shortcuts within the manifest still get ignored. In other words, no Shortcuts get integrated. - - ```XML - - - - - - - ``` - -_**Supported extension subsystems:**_ - -**Shortcuts** extension subsystem controls what shortcuts get integrated into the local system. - -```XML - - - - - - - - - - - - [{Common Programs}]\Microsoft Contoso\Microsoft ContosoApp Filler 2010.lnk - - [{PackageRoot}]\Contoso\ContosoApp.EXE - - - [{Windows}]\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe - - - - - - ContosoApp.Filler.3 - - Fill out dynamic forms to gather and reuse information throughout the organization using Microsoft ContosoApp. - - 0 - - 1 - - [{PackageRoot}]\Contoso\ContosoApp.EXE - - - - - - - - - - [{AppData}]\Microsoft\Contoso\Recent\Templates.LNK - - [{AppData}]\Microsoft\Templates - - - - - - - - - - - - 0 - - 1 - - - - - - - - - - -``` - -**File-Type Associates** extension subsystem associates file types with programs to open by default as well as set up the context menu. - ->[!TIP] ->You can set up the subsystem with MIME types. - -```XML - - - - - - - - - - - - .docm - - contosowordpad.DocumentMacroEnabled.12 - - document - - application/vnd.ms-contosowordpad.document.macroEnabled.12 - - - - wincontosowordpad.exe - - - - - - contosowordpad.8 - - - - - - - - - - - - - - true - - - - - - - - - - - - - - - - contosowordpad.DocumentMacroEnabled.12 - - [{Windows}]\Installer\{90140000-0011-0000-0000-000000FF1CE}\contosowordpadicon.exe,15 - - Blah Blah Blah - - [{FOLDERID_ProgramFilesX86}]\Microsoft Contoso 14\res.dll,9182 - - [{FOLDERID_ProgramFilesX86}]\Microsoft Contoso 14\res.dll,1424 - - 0 - - - - Open - - - - {e56fa627-c35f-4a01-9e79-7d36aed8225a} - - Edit - - &Edit - - "[{PackageRoot}]\Contoso\WINcontosowordpad.EXE" /vu "%1" - - - - - - {e56fa627-c35f-4a01-9e79-7d36aed8225a} - - Open - - &Open - - "[{PackageRoot}]\Contoso\WINcontosowordpad.EXE" /n "%1" - - - - - - mscontosowordpad - - ShellSystem - - [SHELLNOOP] - - [SetForeground][ShellNewDatabase"%1"] - - - - - - - - - - - - - - - - -``` - -**URL Protocols** extension subsystem controls the URL protocols integrated into the local registry of the client machine, for example, _mailto:_. - -```XML - - - - - - - - - - mailto - - - - [{ProgramFilesX86}]\MicrosoftContoso\Contoso\contosomail.EXE,-9403 - - 2 - - - - - - - - - - - - - - - - 2 - - - - - - open - - - - [{ProgramFilesX86}]\Microsoft Contoso\Contoso\contosomail.EXE - - open - - [{ProgramFilesX86}\Microsoft Contoso\Contoso\contosomail.EXE" -c OEP.Note /m "%1" - - - - - - 0 - - 0 - - 2 - - - - - - contosomail - - ShellSystem - - [SHELLNOOP] - - [SetForeground][ShellNewDatabase "%1"] - - - - - - - - - - - - - - - - -``` - -**Software Clients** extension subsystem allows the app to register as an email client, news reader, media player and makes the app visible in the Set program access and Computer defaults UI. In most cases, you should only need to enable and disable it. There is also a control to enable and disable the email client specifically if you want the other clients still enabled except for that client. - -```XML - - - - - - -``` - -**AppPaths** extension subsystem opens apps registered with an application path. For example, if contoso.exe has an apppath name of _myapp_, users can type _myapp_ from the run menu, opening contoso.exe. - -```XML - - - - - - - - - - [{ProgramFilesX86}]\Microsoft Contoso\Contoso\contosomail.EXE - - contosomail.exe - - [{ProgramFilesX86}]\Microsoft Contoso\Contoso\contosomail.EXE - - - - false - - - - - - - - - - -``` - -**COM** extensions subsystem allows an application registered to local COM servers. The mode can be: - -- Integration -- Isolated -- Off - -```XML - - -``` - -**Virtual Kernel Objects** - -```XML - - -``` - -**Virtual Registry** sets a registry in the virtual registry within HKCU. - -```XML - - - - - - - - - - - - - - - - - - -``` - -**Virtual File System** - -```XML - - -``` - -**Virtual Fonts** - -```XML - - -``` - -**Virtual Environment Variables** - -```XML - - - - - - - - - - - - - - - - - - -``` - -**Virtual services** - -```XML - - -``` - -#### UserScripts - -Use UserScripts to set up or alter the virtual environment. You can also execute scripts at the time of deployment or to clean up the environment after the application terminates. To see a sample script, refer to the user configuration file generated by the sequencer. -The Scripts section below provides more information on the various triggers that can be used. - -#### ManagingAuthority - -Use ManagingAuthority when two versions of your package co-exist on the same machine, one deployed to App-V 4.6 and another deployed on App-V 5.0. To allow App-V vNext to take over App-V 4.6 extension points for the named package enter the following in the UserConfig file (where PackageName is the Package GUID in App-V 4.6: - -```XML - - -``` - -## Deployment configuration file (DeploymentConfig.xml) - -The DeploymentConfig file provides configuration settings for machine context and user context, providing the same capabilities listed in the UserConfig file. The setting get applied when deploying the package to a computer running the App-V 5.1 client. - -Use the DeploymentConfig file to specify or modify custom settings for a package: - -- All UserConfig settings -- Extensions that can only be applied globally for all users -- Virtual subsystems for global machine locations, for example, registry -- Product source URL -- Scripts (machine context only) -- Controls to terminate child processes - -### Header - -The header of a dynamic deployment configuration file looks like: - -```XML - -``` - -The **PackageId** is the same value as exists in the manifest file. - -### Body - -The body of the dynamic deployment configuration file includes two sections: - -- **UserConfiguration:** allows the same content as the user configuration file described in the previous section. When publishing the package to a user, any appextensions configuration settings in this section override corresponding settings in the manifest within the package, unless you provide a user configuration file. If also providing a UserConfig file, it gets used instead of the User settings in the deployment configuration file. If publishing the package globally, then only the contents of the deployment configuration file get used in combination with the manifest. For more details, see [User configuration file contents (UserConfig.xml)](#user-configuration-file-contents-userconfigxml). - -- **MachineConfiguration:** contains information that can be configured only for an entire machine, not for a specific user on the machine. For example, HKEY_LOCAL_MACHINE registry keys in the VFS. - -```XML - - - - - -... - - - - - -... - - - -... - - - - -``` - -### UserConfiguration - -Refer to [User configuration file contents (UserConfig.xml)](#user-configuration-file-contents-userconfigxml) for information on the settings provided for this section. - -### MachineConfiguration - -Use the MachineConfiguration section to configure information for an entire machine; not for a specific user on the computer. For example, HKEY_LOCAL_MACHINE registry keys in the virtual registry. There are four subsections allowed in under this element: - -1. **[Subsystems](#subsystems-1)** -2. **[ProductSourceURLOptOut](#productsourceurloptout)** -3. **[MachineScripts](#machinescripts)** -4. **[TerminateChildProcess](#terminatechildprocess)** - -#### Subsystems - -AppExtensions and other subsystems arranged as subnodes. - -```XML - - - - - - … - - - -… - - -``` - -You can enable or disable each subsystem using the **Enabled** attribute. - -**Extensions** - -Some subsystems (extension subsystems) control extensions. The subsystem is Application Capabilities that default programs use. For this type of extension, the package must be published globally for integration into the local system. The same rules for controls and settings that apply to the Extensions in the User Configuration also, apply to those in the MachineConfiguration section. - -**Application Capabilities**: Used by default programs that allow an application to register itself as: - -- Capable of opening specific file extensions -- A contender for the start menu internet browser slot -- Capable of opening specific windows MIME types - -This extension also makes the virtual application visible in the Set default programs UI. - -```XML - - - - - - - - - - - [{PackageRoot}]\LitView\LitViewBrowser.exe - - - - LitView Browser - - SOFTWARE\LitView\Browser\Capabilities - - - - - - - - - @[{ProgramFilesX86}]\LitView\LitViewBrowser.exe,-12345 - - - @[{ProgramFilesX86}]\LitView\LitViewBrowser.exe,-12346 - - 0 - - Lit View E-Mail Client - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -``` - -_**Supported extension subsystems:**_ - -**Machine Wide Virtual Registry** extension subsystem sets a registry key in the virtual registry within HKEY_Local_Machine. - -```XML - - - - - - - - - - - - - - - - - - -``` - -**Machine Wide Virtual Kernel Objects** - -```XML - - - - - - - - - - -``` - -#### ProductSourceURLOptOut - -Use ProductSourceURLOptOut to indicate that the URL for the package can be modified globally through _PackageSourceRoot_ (to support branch office scenarios). Changes take effect on the next launch. - -```XML - - - - ... - - - - ... - - -``` - -#### MachineScripts - -The package can be configured to execute scripts at time of deployment, publishing or removal. To see a sample script, refer to the deployment configuration file generated by the sequencer. - -The Scripts section below provides more information on the various triggers that can be used. - -#### TerminateChildProcess - -An application executable can be specified, whose child processes get terminated when the application exe process terminates. - -```XML - - - - ... - - - - - - - - - - - - ... - - -``` - - - -## Scripts - -The following table describes the various script events and the context under which they can be run. - -| Script Execution Time | Can be specified in Deployment Configuration | Can be specified in User Configuration | Can run in the Virtual Environment of the package | Can be run in the context of a specific application | Runs in system/user context: (Deployment Configuration, User Configuration) | -|-----------------------------|----------------------------------------------|----------------------------------------|---------------------------------------------------|-----------------------------------------------------|-----------------------------------------------------------------------------| -| AddPackage | X | | | | (SYSTEM, N/A) | -| PublishPackage | X | X | | | (SYSTEM, User) | -| UnpublishPackage | X | X | | | (SYSTEM, User) | -| RemovePackage | X | | | | (SYSTEM, N/A) | -| StartProcess | X | X | X | X | (User, User) | -| ExitProcess | X | X | | X | (User, User) | -| StartVirtualEnvironment | X | X | X | | (User, User) | -| TerminateVirtualEnvironment | X | X | | | (User, User) | - -### Using multiple scripts on a single event trigger - -App-V 5.1 supports the use of multiple scripts on a single event trigger for -App-V packages, including packages that you convert from App-V 4.6 to App-V 5.0 -or later. To enable the use of multiple scripts, App-V 5.1 uses a script -launcher application, named ScriptRunner.exe, which is installed as part of the -App-V client installation. - -### How to use multiple scripts on a single event trigger - -For each script that you want to run, pass that script as an argument to the -ScriptRunner.exe application. The application then runs each script separately, -along with the arguments that you specify for each script. Use only one script -(ScriptRunner.exe) per trigger. - -> [!NOTE] -> -> We recommended that you run the multi-script line from a command prompt -> first to make sure that all arguments are built correctly before adding them to -> the deployment configuration file. - -### Example script and parameter descriptions - -Using the following example file and table, modify the deployment or user -configuration file to add the scripts that you want to run. - -```XML - - - ScriptRunner.exe - - -appvscript script1.exe arg1 arg2 –appvscriptrunnerparameters –wait –timeout=10 - -appvscript script2.vbs arg1 arg2 - -appvscript script3.bat arg1 arg2 –appvscriptrunnerparameters –wait –timeout=30 –rollbackonerror - - - - -``` - - -**Parameters in the example file include:** - -#### \ - -Name of the event trigger for which you are running a script, such as adding a package or publishing a package. - -#### \ScriptRunner.exe\ - -The script launcher application that is installed as part of the App-V client installation. - -> [!NOTE] -> -> Although ScriptRunner.exe is installed as part of the App-V client, the location of the App-V client must be in %path% or ScriptRunner will not run. ScriptRunner.exe is typically located in the C:FilesApplication Virtualizationfolder. - -#### \ - -`-appvscript` - Token that represents the actual script that you want to run. - -`script1.exe` – Name of the script that you want to run. - -`arg1 arg2` – Arguments for the script that you want to run. - -`-appvscriptrunnerparameters` – Token that represents the execution options for script1.exe. - -`-wait` – Token that informs ScriptRunner to wait for execution of script1.exe to complete before proceeding to the next script. - -`-timeout=x` – Token that informs ScriptRunner to stop running the current script after x number of seconds. All other specified scripts still runs. - -`-rollbackonerror` – Token that informs ScriptRunner to stop running all scripts that haven't yet run and to roll back an error to the App-V client. - -#### \ - -Waits for overall completion of ScriptRunner.exe. - -Set the timeout value for the overall runner to be greater than or equal to the sum of the timeout values on the individual scripts. - -If any individual script reported an error and rollbackonerror was set to true, then ScriptRunner would report the error to App-V client. - -ScriptRunner runs any script whose file type is associated with an application installed on the computer. If the associated application is missing, or the script’s file type is not associated with any application on the computer, the script does not run. - -### Create a dynamic configuration file using an App-V 5.1 manifest file - -You can create the dynamic configuration file using one of three methods: either manually, using the App-V 5.1 Management Console or sequencing a package, which generates two sample files. For more information about how to create the file using the App-V 5.1 Management Console see, [How to create a custom configuration File by using the App-V 5.1 Management Console](how-to-create-a-custom-configuration-file-by-using-the-app-v-51-management-console.md). - -To create the file manually, the information above in previous sections can be combined into a single file. We recommend you use files generated by the sequencer. - - - -- Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). -- For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - -- [How to Apply the Deployment Configuration File by Using PowerShell](how-to-apply-the-deployment-configuration-file-by-using-powershell51.md) - -- [How to Apply the User Configuration File by Using PowerShell](how-to-apply-the-user-configuration-file-by-using-powershell51.md) - -- [Operations for App-V 5.1](operations-for-app-v-51.md) - ---- diff --git a/mdop/appv-v5/about-app-v-51-reporting.md b/mdop/appv-v5/about-app-v-51-reporting.md deleted file mode 100644 index 381a1231a7..0000000000 --- a/mdop/appv-v5/about-app-v-51-reporting.md +++ /dev/null @@ -1,253 +0,0 @@ ---- -title: About App-V 5.1 Reporting -description: About App-V 5.1 Reporting -author: dansimp -ms.assetid: 385dca00-7178-4e35-8d86-c58867ebd65c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# About App-V 5.1 Reporting - -Microsoft Application Virtualization (App-V) 5.1 includes a built-in reporting feature that helps you collect information about computers running the App-V 5.1 client as well as information about virtual application package usage. You can use this information to generate reports from a centralized database. - -## App-V 5.1 Reporting Overview - -The following list displays the end–to-end high-level workflow for reporting in App-V 5.1. - -1. The App-V 5.1 Reporting server has the following prerequisites: - - - Internet Information Service (IIS) web server role - - - Windows Authentication role (under **IIS / Security**) - - - SQL Server installed and running with SQL Server Reporting Services (SSRS) - - To confirm SQL Server Reporting Services is running, view `http://localhost/Reports` in a web browser as administrator on the server that will host App-V 5.1 Reporting. The SQL Server Reporting Services Home page should display. - -2. Install the App-V 5.1 reporting server and associated database. For more information about installing the reporting server see [How to install the Reporting Server on a Standalone Computer and Connect it to the Database](how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database51.md). Configure the time when the computer running the App-V 5.1 client should send data to the reporting server. - -3. If you are not using an electronic software distribution system such as Configuration Manager to view reports then you can define reports in SQL Server Reporting Service. Download predefined SSRS Reports from the [Download Center](https://go.microsoft.com/fwlink/?LinkId=397255). - - > [!NOTE] - > If you are using the Configuration Manager integration with App-V 5.1, most reports are generated from Configuration Manager rather than from App-V 5.1. - -4. After importing the App-V 5.1 PowerShell module using `Import-Module AppvClient` as administrator, enable the App-V 5.1 client. This sample PowerShell cmdlet enables App-V 5.1 reporting: - - ```powershell - Set-AppvClientConfiguration –reportingserverurl : -reportingenabled 1 – ReportingStartTime <0-23> - ReportingRandomDelay <#min> - ``` - - To immediately send App-V 5.1 report data, run `Send-AppvClientReport` on the App-V 5.1 client. - - For more information about installing the App-V 5.1 client with reporting enabled see [About Client Configuration Settings](about-client-configuration-settings51.md). To administer App-V 5.1 Reporting with Windows PowerShell, see [How to Enable Reporting on the App-V 5.1 Client by Using PowerShell](how-to-enable-reporting-on-the-app-v-51-client-by-using-powershell.md). - -5. After the reporting server receives the data from the App-V 5.1 client it sends the data to the reporting database. When the database receives and processes the client data, a successful reply is sent to the reporting server and then a notification is sent to the App-V 5.1 client. - -6. When the App-V 5.1 client receives the success notification, it empties the data cache to conserve space. - - > [!NOTE] - > By default the cache is cleared after the server confirms receipt of data. You can manually configure the client to save the data cache. - -If the App-V 5.1 client device does not receive a success notification from the server, it retains data in the cache and tries to resend data at the next configured interval. Clients continue to collect data and add it to the cache. - -### App-V 5.1 reporting server frequently asked questions - -The following table displays answers to common questions about App-V 5.1 reporting - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
QuestionMore Information

What is the frequency that reporting information is sent to the reporting database?

The frequency depends on how the reporting task is configured on the computer running the App-V 5.1 client. You must configure the frequency / interval for sending the reporting data. App-V 5.1 Reporting is not enabled by default.

What information is stored in the reporting server database?

The following list displays what is stored in the reporting database:

-
    -

  • The operating system running on the computer running the App-V 5.1 client: host name, version, service pack, type - client/server, processor architecture.

    • -

  • App-V 5.1 Client information: version.

    • -

  • Published package list: GUID, version GUID, name.

    • -

  • Application usage information: name, version, streaming server, user (domain\alias), package version GUID, launch status and time, shutdown time.

    • -

What is the average volume of information that is sent to the reporting server?

It depends. The following list displays the three sets of the data sent to the reporting server:

-
    -

  1. Operating system, and App-V 5.1 client information. ~150 Bytes, every time this data is sent.

    2. -

  2. Published package list. ~7 KB for 30 packages. This is sent only when the package list is updated with a publishing refresh, which is done infrequently; if there is no change, this information is not sent.

    3. -

  3. Virtual application usage information – about 0.25KB per event. Opening and closing count as one event if both occur before sending the information. When sending using a scheduled task, only the data since the last successful upload is sent to the server. If sending manually through the PowerShell cmdlet, there is an optional argument that controls if the data needs to be re-sent next time around – that argument is DeleteOnSuccess.

    -

    -

    So for example, if twenty applications are opened and closed and reporting information is scheduled to be sent daily, the typical daily traffic should be about 0.15KB + 20 x 0.25KB, or about 5KB/user

    4. -

Can reporting be scheduled?

Yes. Besides manually sending reporting using PowerShell Cmdlets (Send-AppvClientReport), the task can be scheduled so it will happen automatically. There are two ways to schedule the reporting:

-
    -

  1. Using PowerShell cmdlets - Set-AppvClientConfiguration. For example:

    -

    Set-AppvClientConfiguration -ReportingEnabled 1 - ReportingServerURL http://any.com/appv-reporting

    -

    -

    For a complete list of client configuration settings see About Client Configuration Settings and look for the following entries: ReportingEnabled, ReportingServerURL, ReportingDataCacheLimit, ReportingDataBlockSize, ReportingStartTime, ReportingRandomDelay, ReportingInterval.

    -

    2. -

  2. By using Group Policy. If distributed using the domain controller, the settings are the same as previously listed.

    -
    -Note

    Group Policy settings override local settings configured using PowerShell.

    -
    -
    -
    3. -
- -## App-V 5.1 Client Reporting - -To use App-V 5.1 reporting you must install and configure the App-V 5.1 client. After the client has been installed, use the **Set-AppVClientConfiguration** PowerShell cmdlet or the **ADMX Template** to configure reporting. The reporting feature cmdlets are available by using the following link and are prefaced by **Reporting**. For a complete list of client configuration settings see [About Client Configuration Settings](about-client-configuration-settings51.md). The following section provides examples of App-V 5.1 client reporting configuration using PowerShell. - -### Configuring App-V Client reporting using PowerShell - -The following examples show how PowerShell parameters can configure the reporting features of the App-V 5.1 client. - -> [!NOTE] -> The following configuration task can also be configured using Group Policy settings in the App-V 5.1 ADMX template. For more information about using the ADMX template, see [How to Modify App-V 5.1 Client Configuration Using the ADMX Template and Group Policy](how-to-modify-app-v-51-client-configuration-using-the-admx-template-and-group-policy.md). - -**To enable reporting and to initiate data collection on the computer running the App-V 5.1 client**: - -```powershell -Set-AppVClientConfiguration –ReportingEnabled 1 -``` - -**To configure the client to automatically send data to a specific reporting server**: - -```powershell -Set-AppVClientConfiguration –ReportingServerURL http://MyReportingServer:MyPort/ -ReportingStartTime 20 -ReportingInterval 1 -ReportingRandomDelay 30 -ReportingInterval 1 -ReportingRandomDelay 30 -``` - -This example configures the client to automatically send the reporting data to the reporting server URL **http://MyReportingServer:MyPort/**. Additionally, the reporting data will be sent daily between 8:00 and 8:30 PM, depending on the random delay generated for the session. - -**To limit the size of the data cache on the client**: - -```powershell -Set-AppvClientConfiguration –ReportingDataCacheLimit 100 -``` - -Configures the maximum size of the reporting cache on the computer running the App-V 5.1 client to 100 MB. If the cache limit is reached before the data is sent to the server, then the log rolls over and data will be overwritten as necessary. - -**To configure the data block size transmitted across the network between the client and the server**: - -```powershell -Set-AppvClientConfiguration –ReportingDataBlockSize 10240 -``` - -Specifies the maximum data block that the client sends to 10240 MB. - -### Types of data collected - -The following table displays the types of information you can collect by using App-V 5.1 reporting. - -|Client Information |Package Information |Application Usage | -|---------|---------|---------| -|Host Name |Package Name|Start and End Times| -|App-V 5.1 Client Version |Package Version|Run Status| -|Processor Architecture |Package Source|Shutdown State| -|Operating System Version|Percent Cached|Application Name| -|Service Pack Level| |Application Version| -|Operating System Type| |Username| -| | |Connection Group| - -The client collects and saves this data in an **.xml** format. The data cache is hidden by default and requires administrator rights to open the XML file. - -### Sending data to the server - -You can configure the computer that is running the App-V 5.1 client to automatically send data to the specified reporting server. To specify the server use the **Set-AppvClientConfiguration** cmdlet with the following settings: - -- ReportingEnabled -- ReportingServerURL -- ReportingStartTime -- ReportingInterval -- ReportingRandomDelay - -After you configure the previous settings, you must create a scheduled task. The scheduled task will contact the server specified by the **ReportingServerURL** setting and will initiate the transfer. If you want to manually send data outside of the scheduled times, use the following PowerShell cmdlet: - -```powershell -Send-AppVClientReport –URL http://MyReportingServer:MyPort/ -DeleteOnSuccess -``` - -If the reporting server has been previously configured, then the **–URL** parameter can be omitted. Alternatively, if the data should be sent to an alternate location, specify a different URL to override the configured **ReportingServerURL** for this data collection. - -The **-DeleteOnSuccess** parameter indicates that if the transfer is successful, then the data cache is cleared. If this is not specified, then the cache will not be cleared. - -### Manual Data Collection - -You can also use the **Send-AppVClientReport** cmdlet to manually collect data. This solution is helpful with or without an existing reporting server. The following list displays information about collecting data with or without a reporting server. - - ---- - - - - - - - - - - - - -
With a Reporting ServerWithout a Reporting Server

If you have an existing App-V 5.1 reporting Server, create a customized scheduled task or script. Specify that the client send the data to the specified location with the desired frequency.

If you do not have an existing App-V 5.1 reporting Server, use the –URL parameter to send the data to a specified share. For example:

-

Send-AppVClientReport –URL \Myshare\MyData\ -DeleteOnSuccess

-

The previous example will send the reporting data to \MyShare\MyData</strong> location indicated by the -URL parameter. After the data has been sent, the cache is cleared.

-
-Note

If a location other than the Reporting Server is specified, the data is sent using .xml format with no additional processing.

-
-
-
- -### Creating Reports - -To retrieve report information and create reports using App-V 5.1 you must use one of the following methods: - -- **Microsoft SQL Server Reporting Services (SSRS)** - Microsoft SQL Server Reporting Services is available with Microsoft SQL Server. SSRS is not installed when you install the App-V 5.1 reporting server. It must be deployed separately to generate the associated reports. - - Use the following link for more information about using [Microsoft SQL Server Reporting Services](https://go.microsoft.com/fwlink/?LinkId=285596). - -- **Scripting** – You can generate reports by scripting directly against the App-V 5.1 reporting database. For example: - - **Stored Procedure:** - - **spProcessClientReport** is scheduled to run at midnight or 12:00 AM. - - To run the Microsoft SQL Server Scheduled Stored procedure, the Microsoft SQL Server Agent must be running. You should ensure that the Microsoft SQL Server Agent is set to **AutoStart**. For more information see [Autostart SQL Server Agent (SQL Server Management Studio)](https://go.microsoft.com/fwlink/?LinkId=287045). - - The stored procedure is also created when using the App-V 5.1 database scripts. - -You should also ensure that the reporting server web service's **Maximum Concurrent Connections** is set to a value that the server will be able to manage without impacting availability. The recommended number of **Maximum Concurrent Connections** for the **Reporting Web Service** is **10,000**. - -## Related topics - -[Deploying the App-V 5.1 Server](deploying-the-app-v-51-server.md) - -[How to install the Reporting Server on a Standalone Computer and Connect it to the Database](how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database51.md) diff --git a/mdop/appv-v5/about-app-v-51.md b/mdop/appv-v5/about-app-v-51.md deleted file mode 100644 index f52bcf1b64..0000000000 --- a/mdop/appv-v5/about-app-v-51.md +++ /dev/null @@ -1,527 +0,0 @@ ---- -title: About App-V 5.1 -description: About App-V 5.1 -author: dansimp -ms.assetid: 35bc9908-d502-4a9c-873f-8ee17b6d9d74 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# About App-V 5.1 - - -Use the following sections to review information about significant changes that apply to Application Virtualization (App-V) 5.1: - -[App-V 5.1 software prerequisites and supported configurations](#bkmk-51-prereq-configs) - -[Migrating to App-V 5.1](#bkmk-migrate-to-51) - -[What’s New in App-V 5.1](#bkmk-whatsnew) - -[App-V support for Windows 10](#bkmk-win10support) - -[App-V Management Console Changes](#bkmk-mgmtconsole) - -[Sequencer Improvements](#bkmk-seqimprove) - -[Improvements to Package Converter](#bkmk-pkgconvimprove) - -[Support for multiple scripts on a single event trigger](#bkmk-supmultscripts) - -[Hardcoded path to installation folder is redirected to virtual file system root](#bkmk-hardcodepath) - -## App-V 5.1 software prerequisites and supported configurations - - -See the following links for the App-V 5.1 software prerequisites and supported configurations. - - ---- - - - - - - - - - - - - - - - - -
Links to prerequisites and supported configurationsDescription

App-V 5.1 Prerequisites

Prerequisite software that you must install before starting the App-V 5.1 installation

App-V 5.1 Supported Configurations

Supported operating systems and hardware requirements for the App-V Server, Sequencer, and Client components

- - - -**Support for using Configuration Manager with App-V:** App-V 5.1 supports System Center 2012 R2 Configuration Manager SP1. See [Planning for App-V Integration with Configuration Manager](https://technet.microsoft.com/library/jj822982.aspx) for information about integrating your App-V environment with Configuration Manager and Configuration Manager. - -## Migrating to App-V 5.1 - - -Use the following information to upgrade to App-V 5.1 from earlier versions. See [Migrating to App-V 5.1 from a Previous Version](migrating-to-app-v-51-from-a-previous-version.md) for more information. - -### Before you start the upgrade - -Review the following information before you start the upgrade: - - ---- - - - - - - - - - - - - - - - - - - - - -
Items to review before upgradingDescription

Components to upgrade, in any order

    -

  1. App-V Server

    2. -

  2. Sequencer

    3. -

  3. App-V Client or App-V Remote Desktop Services (RDS) Client

    4. -
-
-Note

Prior to App-V 5.0 SP2, the Client Management User Interface (UI) was provided with the App-V Client installation. For App-V 5.0 SP2 installations (or later), you can use the Client Management UI by downloading from Application Virtualization 5.0 Client UI Application.

-
-
- -

Upgrading from App-V 4.x

You must first upgrade to App-V 5.0. You cannot upgrade directly from App-V 4.x to App-V 5.1. For more information, see:

- -

Upgrading from App-V 5.0 or later

You can upgrade to App-V 5.1 directly from any of the following versions:

-
    -

  • App-V 5.0

    • -

  • App-V 5.0 SP1

    • -

  • App-V 5.0 SP2

    • -

  • App-V 5.0 SP3

    • -
-

To upgrade to App-V 5.1, follow the steps in the remaining sections of this topic.

-

Packages and connection groups will continue to work with App-V 5.1 as they currently do.

- - - -### Steps to upgrade the App-V infrastructure - -Complete the following steps to upgrade each component of the App-V infrastructure to App-V 5.1. The following order is only a suggestion; you may upgrade components in any order. - - ---- - - - - - - - - - - - - - - - - - - - - -
StepFor more information

Step 1: Upgrade the App-V Server.

-
-Note

If you are not using the App-V Server, skip this step and go to the next step.

-
-
- -

Follow these steps:

-
    -

  1. Do one of the following, depending on the method you are using to upgrade the Management database and/or Reporting database:

    - ---- - - - - - - - - - - - - - - - - -
    Database upgrade methodStep

    Windows Installer

    Skip this step and go to step 2, “If you are upgrading the App-V Server...”

    SQL scripts

    Follow the steps in How to Deploy the App-V Databases by Using SQL Scripts.

    -

  2. If you are upgrading the App-V Server from App-V 5.0 SP1 Hotfix Package 3 or later, complete the steps in section Check registry keys after installing the App-V 5.0 SP3 Server.

    3. -

  3. Follow the steps in How to Deploy the App-V 5.1 Server

    4. -

    -

Step 2: Upgrade the App-V Sequencer.

See How to Install the Sequencer.

Step 3: Upgrade the App-V Client or App-V RDS Client.

See How to Deploy the App-V Client.

- - - -### Converting packages created using a prior version of App-V - -Use the package converter utility to upgrade virtual application packages created using versions of App-V prior to App-V 5.0. The package converter uses PowerShell to convert packages and can help automate the process if you have many packages that require conversion. - -**Note** -App-V 5.1 packages are exactly the same as App-V 5.0 packages. There has been no change in the package format between the versions and so there is no need to convert App-V 5.0 packages to App-V 5.1 packages. - - - -## What’s New in App-V 5.1 - - -These sections are for users who are already familiar with App-V and want to know what has changed in App-V 5.1. If you are not already familiar with App-V, you should start by reading [Planning for App-V 5.1](planning-for-app-v-51.md). - -### App-V support for Windows 10 - -The following table lists the Windows 10 support for App-V. Windows 10 is not supported in versions of App-V prior to App-V 5.1. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
ComponentApp-V 5.1App-V 5.0

App-V Client

Yes

No

App-V RDS Client

Yes

No

App-V Sequencer

Yes

No

- - - -### App-V Management Console Changes - -This section compares the App-V Management Console’s current and previous functionality. - -### Silverlight is no longer required - -The Management Console UI no longer requires Silverlight. The 5.1 Management Console is built on HTML5 and Javascript. - -### Notifications and messages are displayed individually in a dialog box - - ---- - - - - - - - - - - - - - - - - - - - - -
New in App-V 5.1Prior to App-V 5.1

Number of messages indicator:

-

On the title bar of the App-V Management Console, a number is now displayed next to a flag icon to indicate the number of messages that are waiting to be read.

You could see only one message or error at a time, and you were unable to determine how many messages there were.

Message appearance:

-
    -

  • Messages that require user input appear in a separate dialog box that displays on top of the current page that you were viewing, and require a response before you can dismiss them.

    • -

  • Messages and errors appear in a list, with one beneath the other.

    • -

You could see only one message or error at a time.

Dismissing messages:

-

Use the Dismiss All link to dismiss all messages and errors at one time, or dismiss them one at a time.

You could dismiss messages and errors only one at a time.

- - - -### Console pages are now separate URLs - - ---- - - - - - - - - - - - - -
New in App-V 5.1Prior to App-V 5.1

Each page in the console has a different URL, which enables you to bookmark specific pages for quick access in the future.

-

The number that appears in some URLs indicates the specific package. These numbers are unique.

All console pages are accessed through the same URL.

- - - -### New, separate CONNECTION GROUPS page and menu option - - ---- - - - - - - - - - - - - -
New in App-V 5.1Prior to App-V 5.1

The CONNECTION GROUPS page is now part of the main menu, at the same level as the PACKAGES page.

To open the CONNECTION GROUPS page, you navigate through the PACKAGES page.

- - - -### Menu options for packages have changed - - ---- - - - - - - - - - - - - - - - - -
New in App-V 5.1Prior to App-V 5.1

The following options are now buttons that appear at the bottom of the PACKAGES page:

-
    -

  • Add or Upgrade

    • -

  • Publish

    • -

  • Unpublish

    • -

  • Delete

    • -
-

The following options will still appear when you right-click a package to open the drop-down context menu:

-
    -

  • Publish

    • -

  • Unpublish

    • -

  • Edit AD Access

    • -

  • Edit Deployment Config

    • -

  • Transfer deployment configuration from…

    • -

  • Transfer access and configuration from…

    • -

  • Delete

    • -
-

When you click Delete to remove a package, a dialog box opens and asks you to confirm that you want to delete the package.

The Add or Upgrade option was a button at the top right of the PACKAGES page.

-

The Publish, Unpublish, and Delete options were available only if you right-clicked a package name in the packages list.

The following package operations are now buttons on the package details page for each package:

-
    -

  • Transfer (drop-down menu with the following options):

    -
      -

    • Transfer deployment configuration from…

      • -

    • Transfer access and configuration from…

      • -
    • -

  • Edit (connection groups and AD Access)

    • -

  • Unpublish

    • -

  • Delete

    • -

  • Edit Default Configuration

    • -

These package options were available only if you right-clicked a package name in the packages list.

- - - -### Icons in left pane have new colors and text - -The colors of the icons in the left pane have been changed, and text added, to make the icons consistent with other Microsoft products. - -### Overview page has been removed - -In the left pane of the Management Console, the OVERVIEW menu option and its associated OVERVIEW page have been removed. - -### Sequencer Improvements - -The following improvements have been made to the package editor in the App-V 5.1 Sequencer. - -### Import and export the manifest file - -You can import and export the AppxManifest.xml file. To export the manifest file, select the **Advanced** tab and in the Manifest File box, click **Export...**. You can make changes to the manifest file, such as removing shell extensions or editing file type associations. - -After you make your changes, click **Import...** and select the file you edited. After you successfully import it back in, the manifest file is immediately updated within the package editor. - -**Caution** -When you import the file, your changes are validated against the XML schema. If the file is not valid, you will receive an error. Be aware that it is possible to import a file that is validated against the XML schema, but that might still fail to run for other reasons. - - - -### Addition of Windows 10 to operating systems list - -In the Deployment tab, Windows 10 32-bit and Windows 10-64 bit have been added to the list of operating systems for which you can sequence a package. If you select **Any Operating System**, Windows 10 is automatically included among the operating systems that the sequenced package will support. - -### Current path displays at bottom of virtual registry editor - -In the Virtual Registry tab, the path now displays at the bottom of the virtual registry editor, which enables you to determine the currently selected key. Previously, you had to scroll through the registry tree to find the currently selected key. - -### Combined “find and replace” dialog box and shortcut keys added in virtual registry editor - -In the virtual registry editor, shortcut keys have been added for the Find option (Ctrl+F), and a dialog box that combines the “find” and “replace” tasks has been added to enable you to find and replace values and data. To access this combined dialog box, select a key and do one of the following: - -- Press **Ctrl+H** - -- Right-click a key and select **Replace**. - -- Select **View** > **Virtual Registry** > **Replace**. - -Previously, the “Replace” dialog box did not exist, and you had to make changes manually. - -### Rename registry keys and package files successfully - -You can rename virtual registry keys and files without experiencing Sequencer issues. Previously, the Sequencer stopped working if you tried to rename a key. - -### Import and export virtual registry keys - -You can import and export virtual registry keys. To import a key, right-click the node under which to import the key, navigate to the key you want to import, and then click **Import**. To export a key, right-click the key and select **Export**. - -### Import a directory into the virtual file system - -You can import a directory into the VFS. To import a directory, click the **Package Files** tab, and then click **View** > **Virtual File System** > **Import Directory**. If you try to import a directory that contains files that are already in the VFS, the import fails, and an explanatory message is displayed. Prior to App-V 5.1, you could not import directories. - -### Import or export a VFS file without having to delete and then add it back to the package - -You can import files to or export files from the VFS without having to delete the file and then add it back to the package. For example, you might use this feature to export a change log to a local drive, edit the file using an external editor, and then re-import the file into the VFS. - -To export a file, select the **Package Files** tab, right-click the file in the VFS, click **Export**, and choose an export location from which you can make your edits. - -To import a file, select the **Package Files** tab and right-click the file that you had exported. Browse to the file that you edited, and then click **Import**. The imported file will overwrite the existing file. - -After you import a file, you must save the package by clicking **File** > **Save**. - -### Menu for adding a package file has moved - -The menu option for adding a package file has been moved. To find the Add option, select the **Package Files** tab, then click **View** > **Virtual File System** > **Add File**. Previously, you right-clicked a folder under the VFS node, and chose **Add File**. - -### Virtual registry node expands MACHINE and USER hives by default - -When you open the virtual registry, the MACHINE and USER hives are shown below the top-level REGISTRY node. Previously, you had to expand the REGISTRY node to show the hives beneath. - -### Enable or disable Browser Helper Objects - -You can enable or disable Browser Helper Objects by selecting a new check box, Enable Browser Helper Objects, on the Advanced tab of the Sequencer user interface. If Browser Helper Objects: - -- Exist in the package and are enabled, the check box is selected by default. - -- Exist in the package and are disabled, the check box is clear by default. - -- Exist in the package, with one or more enabled and one or more disabled, the check box is set to indeterminate by default. - -- Do not exist in the package, the check box is disabled. - -### Improvements to Package Converter - -You can now use the package converter to convert App-V 4.6 packages that contain scripts, and registry information and scripts from source .osd files are now included in package converter output. - -For more information including examples, see [Migrating to App-V 5.1 from a Previous Version](migrating-to-app-v-51-from-a-previous-version.md). - -### Support for multiple scripts on a single event trigger - -App-V 5.1 supports the use of multiple scripts on a single event trigger for App-V packages, including packages that you are converting from App-V 4.6 to App-V 5.0 or later. To enable the use of multiple scripts, App-V 5.1 uses a script launcher application, named ScriptRunner.exe, which is installed as part of the App-V client installation. - -For more information, including a list of event triggers and the context under which scripts can be run, see the Scripts section in [About App-V 5.1 Dynamic Configuration](about-app-v-51-dynamic-configuration.md). - -### Hardcoded path to installation folder is redirected to virtual file system root - -When you convert packages from App-V 4.6 to 5.1, the App-V 5.1 package can access the hardcoded drive that you were required to use when you created 4.6 packages. The drive letter will be the drive you selected as the installation drive on the 4.6 sequencing machine. (The default drive letter is Q:\\.) - -Previously, the 4.6 root folder was not recognized and could not be accessed by App-V 5.0 packages. App-V 5.1 packages can access hardcoded files by their full path or can programmatically enumerate files under the App-V 4.6 installation root. - -**Technical Details:** The App-V 5.1 package converter will save the App-V 4.6 installation root folder and short folder names in the FilesystemMetadata.xml file in the Filesystem element. When the App-V 5.1 client creates the virtual process, it will map requests from the App-V 4.6 installation root to the virtual file system root. - -## How to Get MDOP Technologies - - -App-V is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049). - - - - - - -## Related topics - - -[Release Notes for App-V 5.1](release-notes-for-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/about-client-configuration-settings.md b/mdop/appv-v5/about-client-configuration-settings.md deleted file mode 100644 index 9ba08f850a..0000000000 --- a/mdop/appv-v5/about-client-configuration-settings.md +++ /dev/null @@ -1,473 +0,0 @@ ---- -title: About Client Configuration Settings -description: About Client Configuration Settings -author: dansimp -ms.assetid: cc7ae28c-b2ac-4f68-b992-5ccdbd5316a4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About Client Configuration Settings - - -The Microsoft Application Virtualization (App-V) 5.0 client stores its configuration in the registry. You can gather some useful information about the client if you understand the format of data in the registry. You can also configure many client actions by changing registry entries. This topic lists the App-V 5.0 Client configuration settings and explains their uses. You can use PowerShell to modify the client configuration settings. For more information about using PowerShell and App-V 5.0 see [Administering App-V by Using PowerShell](administering-app-v-by-using-powershell.md). - -## App-V 5.0 Client Configuration Settings - - -The following table displays information about the App-V 5.0 client configuration settings: - - -------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Setting NameSetup FlagDescriptionSetting OptionsRegistry Key ValueDisabled Policy State Keys and Values

PackageInstallationRoot

PACKAGEINSTALLATIONROOT

Specifies directory where all new applications and updates will be installed.

String

Streaming\PackageInstallationRoot

Policy value not written (same as Not Configured)

PackageSourceRoot

PACKAGESOURCEROOT

Overrides source location for downloading package content.

String

Streaming\PackageSourceRoot

Policy value not written (same as Not Configured)

AllowHighCostLaunch

Not available.

This setting controls whether virtualized applications are launched on Windows 8 machines connected via a metered network connection (For example, 4G).

True (enabled); False (Disabled state)

Streaming\AllowHighCostLaunch

0

ReestablishmentRetries

Not available.

Specifies the number of times to retry a dropped session.

Integer (0-99)

Streaming\ReestablishmentRetries

Policy value not written (same as Not Configured)

ReestablishmentInterval

Not available.

Specifies the number of seconds between attempts to reestablish a dropped session.

Integer (0-3600)

Streaming\ReestablishmentInterval

Policy value not written (same as Not Configured)

AutoLoad

AUTOLOAD

Specifies how new packages should be loaded automatically by App-V on a specific computer.

(0x0) None; (0x1) Previously used; (0x2) All

Streaming\AutoLoad

Policy value not written (same as Not Configured)

LocationProvider

Not available.

Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface.

String

Streaming\LocationProvider

Policy value not written (same as Not Configured)

CertFilterForClientSsl

Not available.

Specifies the path to a valid certificate in the certificate store.

String

Streaming\CertFilterForClientSsl

Policy value not written (same as Not Configured)

VerifyCertificateRevocationList

Not available.

Verifies Server certificate revocation status before steaming using HTTPS.

True(enabled); False(Disabled state)

Streaming\VerifyCertificateRevocationList

0

SharedContentStoreMode

SHAREDCONTENTSTOREMODE

Specifies that streamed package contents will be not be saved to the local hard disk.

True(enabled); False(Disabled state)

Streaming\SharedContentStoreMode

0

Name

-
-Note

This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.

-
-
- -

PUBLISHINGSERVERNAME

Displays the name of publishing server.

String

Publishing\Servers{serverId}\FriendlyName

Policy value not written (same as Not Configured)

URL

-
-Note

This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.

-
-
- -

PUBLISHINGSERVERURL

Displays the URL of publishing server.

String

Publishing\Servers{serverId}\URL

Policy value not written (same as Not Configured)

GlobalRefreshEnabled

-
-Note

This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.

-
-
- -

GLOBALREFRESHENABLED

Enables global publishing refresh (Boolean)

True(enabled); False(Disabled state)

Publishing\Servers{serverId}\GlobalEnabled

False

GlobalRefreshOnLogon

-
-Note

This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.

-
-
- -

GLOBALREFRESHONLOGON

Triggers a global publishing refresh on logon. ( Boolean)

True(enabled); False(Disabled state)

Publishing\Servers{serverId}\GlobalLogonRefresh

False

GlobalRefreshInterval

-
-Note

This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.

-
-
- -

GLOBALREFRESHINTERVAL

Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.

Integer (0-744

Publishing\Servers{serverId}\GlobalPeriodicRefreshInterval

0

GlobalRefreshIntervalUnit

-
-Note

This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.

-
-
- -

GLOBALREFRESHINTERVALUNI

Specifies the interval unit (Hour 0-23, Day 0-31).

0 for hour, 1 for day

Publishing\Servers{serverId}\GlobalPeriodicRefreshIntervalUnit

1

UserRefreshEnabled

-
-Note

This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.

-
-
- -

USERREFRESHENABLED

Enables user publishing refresh (Boolean)

True(enabled); False(Disabled state)

Publishing\Servers{serverId}\UserEnabled

False

UserRefreshOnLogon

-
-Note

This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.

-
-
- -

USERREFRESHONLOGON

Triggers a user publishing refresh onlogon. ( Boolean)

-

Word count (with spaces): 60

True(enabled); False(Disabled state)

Publishing\Servers{serverId}\UserLogonRefresh

False

UserRefreshInterval

-
-Note

This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.

-
-
- -

USERREFRESHINTERVAL

Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.

-

Word count (with spaces): 85

Integer (0-744 Hours)

Publishing\Servers{serverId}\UserPeriodicRefreshInterval

0

UserRefreshIntervalUnit

-
-Note

This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.

-
-
- -

USERREFRESHINTERVALUNIT

Specifies the interval unit (Hour 0-23, Day 0-31).

0 for hour, 1 for day

Publishing\Servers{serverId}\UserPeriodicRefreshIntervalUnit

1

MigrationMode

MIGRATIONMODE

Migration mode allows the App-V client to modify shortcuts and FTA’s for packages created using a previous version of App-V.

True(enabled state); False (disabled state)

Coexistence\MigrationMode

CEIPOPTIN

CEIPOPTIN

Allows the computer running the App-V 5.0 Client to collect and return certain usage information to help allow us to further improve the application.

0 for disabled; 1 for enabled

SOFTWARE/Microsoft/AppV/CEIP/CEIPEnable

0

EnablePackageScripts

ENABLEPACKAGESCRIPTS

Enables scripts defined in the package manifest of configuration files that should run.

True(enabled); False(Disabled state)

\Scripting\EnablePackageScripts

RoamingFileExclusions

ROAMINGFILEEXCLUSIONS

Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /ROAMINGFILEEXCLUSIONS='desktop;my pictures'

RoamingRegistryExclusions

ROAMINGREGISTRYEXCLUSIONS

Specifies the registry paths that do not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\classes;software\clients

String

Integration\RoamingRegistryExclusions

Policy value not written (same as Not Configured)

IntegrationRootUser

Not available.

Specifies the location to create symbolic links associated with the current version of a per-user published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %localappdata%\Microsoft\AppV\Client\Integration.

String

Integration\IntegrationRootUser

Policy value not written (same as Not Configured)

IntegrationRootGlobal

Not available.

Specifies the location to create symbolic links associated with the current version of a globally published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %allusersprofile%\Microsoft\AppV\Client\Integration

String

Integration\IntegrationRootGlobal

Policy value not written (same as Not Configured)

VirtualizableExtensions

Not available.

A comma -delineated list of file name extensions that can be used to determine if a locally installed application can be run in the virtual environment.

-

When shortcuts, FTAs, and other extension points are created during publishing, App-V will compare the file name extension to the list if the application that is associated with the extension point is locally installed. If the extension is located, the RunVirtual command line parameter will be added, and the application will run virtually.

-

For more information about the RunVirtual parameter, see Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications.

String

Integration\VirtualizableExtensions

Policy value not written

ReportingEnabled

Not available.

Enables the client to return information to a reporting server.

True (enabled); False (Disabled state)

Reporting\EnableReporting

False

ReportingServerURL

Not available.

Specifies the location on the reporting server where client information is saved.

String

Reporting\ReportingServer

Policy value not written (same as Not Configured)

ReportingDataCacheLimit

Not available.

Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over. Set between 0 and 1024.

Integer [0-1024]

Reporting\DataCacheLimit

Policy value not written (same as Not Configured)

ReportingDataBlockSize

Not available.

Specifies the maximum size in bytes to transmit to the server for reporting upload requests. This can help avoid permanent transmission failures when the log has reached a significant size. Set between 1024 and unlimited.

Integer [1024 - Unlimited]

Reporting\DataBlockSize

Policy value not written (same as Not Configured)

ReportingStartTime

Not available.

Specifies the time to initiate the client to send data to the reporting server. You must specify a valid integer between 0-23 corresponding to the hour of the day. By default the ReportingStartTime will start on the current day at 10 P.M.or 22.

-
-Note

You should configure this setting to a time when computers running the App-V 5.0 client are least likely to be offline.

-
-
- -

Integer (0 – 23)

Reporting\ StartTime

Policy value not written (same as Not Configured)

ReportingInterval

Not available.

Specifies the retry interval that the client will use to resend data to the reporting server.

Integer

Reporting\RetryInterval

Policy value not written (same as Not Configured)

ReportingRandomDelay

Not available.

Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and ReportingRandomDelay and will wait the specified duration before sending data. This can help to prevent collisions on the server.

Integer [0 - ReportingRandomDelay]

Reporting\RandomDelay

Policy value not written (same as Not Configured)

EnableDynamicVirtualization

-
-Important

This setting is available only with App-V 5.0 SP2 or later.

-
-
- -

Not available.

Enables supported Shell Extensions, Browser Helper Objects, and Active X controls to be virtualized and run with virtual applications.

1 (Enabled), 0 (Disabled)

HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Virtualization

EnablePublishingRefreshUI

-
-Important

This setting is available only with App-V 5.0 SP2.

-
-
- -

Not available.

Enables the publishing refresh progress bar for the computer running the App-V 5.0 Client.

1 (Enabled), 0 (Disabled)

HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Publishing

HideUI

-
-Important

This setting is available only with App-V 5.0 SP2.

-
-
- -

Not available.

Hides the publishing refresh progress bar.

1 (Enabled), 0 (Disabled)

ProcessesUsingVirtualComponents

Not available.

Specifies a list of process paths (that may contain wildcards), which are candidates for using dynamic virtualization (supported shell extensions, browser helper objects, and ActiveX controls). Only processes whose full path matches one of these items can use dynamic virtualization.

String

Virtualization\ProcessesUsingVirtualComponents

Empty string.

- - - - - - - - -## Related topics - - -[Deploying the App-V 5.0 Sequencer and Client](deploying-the-app-v-50-sequencer-and-client.md) - -[How to Modify App-V 5.0 Client Configuration Using the ADMX Template and Group Policy](how-to-modify-app-v-50-client-configuration-using-the-admx-template-and-group-policy.md) - -[How to Deploy the App-V Client](how-to-deploy-the-app-v-client-gb18030.md) - - - - - - - - - diff --git a/mdop/appv-v5/about-client-configuration-settings51.md b/mdop/appv-v5/about-client-configuration-settings51.md deleted file mode 100644 index 0ea5586f2b..0000000000 --- a/mdop/appv-v5/about-client-configuration-settings51.md +++ /dev/null @@ -1,89 +0,0 @@ ---- -title: About Client Configuration Settings -description: About Client Configuration Settings -author: dansimp -ms.assetid: 18bb307a-7eda-4dd6-a83e-6afaefd99470 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About Client Configuration Settings - - -The Microsoft Application Virtualization (App-V) 5.1 client stores its configuration in the registry. You can gather some useful information about the client if you understand the format of data in the registry. You can also configure many client actions by changing registry entries. This topic lists the App-V 5.1 Client configuration settings and explains their uses. You can use PowerShell to modify the client configuration settings. For more information about using PowerShell and App-V 5.1 see [Administering App-V 5.1 by Using PowerShell](administering-app-v-51-by-using-powershell.md). - -## App-V 5.1 Client Configuration Settings - - -The following table displays information about the App-V 5.1 client configuration settings: - -|Setting name | Setup Flag | Description | Setting Options | Registry Key Value | Disabled Policy State Keys and Values | -|-------------|------------|-------------|-----------------|--------------------|--------------------------------------| -| PackageInstallationRoot | PACKAGEINSTALLATIONROOT | Specifies directory where all new applications and updates will be installed. | String | Streaming\PackageInstallationRoot | Policy value not written (same as Not Configured) | -| PackageSourceRoot | PACKAGESOURCEROOT | Overrides source location for downloading package content. | String | Streaming\PackageSourceRoot | Policy value not written (same as Not Configured) | -| AllowHighCostLaunch | Not available. |This setting controls whether virtualized applications are launched on Windows 10 machines connected via a metered network connection (For example, 4G). | True (enabled); False (Disabled state) | Streaming\AllowHighCostLaunch | 0 | -| ReestablishmentRetries | Not available. | Specifies the number of times to retry a dropped session. | Integer (0-99) | Streaming\ReestablishmentRetries | Policy value not written (same as Not Configured) | -| ReestablishmentInterval | Not available. | Specifies the number of seconds between attempts to reestablish a dropped session. | Integer (0-3600) | Streaming\ReestablishmentInterval | Policy value not written (same as Not Configured) | -| LocationProvider | Not available. | Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface. | String | Streaming\LocationProvider | Policy value not written (same as Not Configured) | -| CertFilterForClientSsl | Not available. | Specifies the path to a valid certificate in the certificate store. | String | Streaming\CertFilterForClientSsl | Policy value not written (same as Not Configured) | -| VerifyCertificateRevocationList | Not available. | Verifies Server certificate revocation status before steaming using HTTPS. | True(enabled); False(Disabled state) | Streaming\VerifyCertificateRevocationList | 0 | -| SharedContentStoreMode | SHAREDCONTENTSTOREMODE | Specifies that streamed package contents will be not be saved to the local hard disk. | True(enabled); False(Disabled state) | Streaming\SharedContentStoreMode | 0 | -| Name
**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | PUBLISHINGSERVERNAME | Displays the name of publishing server. | String | Publishing\Servers\{serverId}\FriendlyName | Policy value not written (same as Not Configured) | -| URL
**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | PUBLISHINGSERVERURL | Displays the URL of publishing server. | String | Publishing\Servers\{serverId}\URL | Policy value not written (same as Not Configured) | -| GlobalRefreshEnabled
**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | GLOBALREFRESHENABLED | Enables global publishing refresh (Boolean) | True(enabled); False(Disabled state) | Publishing\Servers\{serverId}\GlobalEnabled | False | -| GlobalRefreshOnLogon
**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | GLOBALREFRESHONLOGON | Triggers a global publishing refresh on logon. ( Boolean) | True(enabled); False(Disabled state) | Publishing\Servers\{serverId}\GlobalLogonRefresh | False | -| GlobalRefreshInterval
**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | GLOBALREFRESHINTERVAL | Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0. | Integer (0-744) | Publishing\Servers\{serverId}\GlobalPeriodicRefreshInterval | 0 | -| GlobalRefreshIntervalUnit
**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | GLOBALREFRESHINTERVALUNI | Specifies the interval unit (Hour 0-23, Day 0-31). | 0 for hour, 1 for day | Publishing\Servers\{serverId}\GlobalPeriodicRefreshIntervalUnit | 1 | -| UserRefreshEnabled
**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | USERREFRESHENABLED | Enables user publishing refresh (Boolean) | True(enabled); False(Disabled state) | Publishing\Servers\{serverId}\UserEnabled | False | -| UserRefreshOnLogon
**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | USERREFRESHONLOGON | Triggers a user publishing refresh onlogon. ( Boolean)
Word count (with spaces): 60 | True(enabled); False(Disabled state) | Publishing\Servers\{serverId}\UserLogonRefresh | False | -| UserRefreshInterval
**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | USERREFRESHINTERVAL | Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0. | Word count (with spaces): 85
Integer (0-744 Hours) | Publishing\Servers\{serverId}\UserPeriodicRefreshInterval | 0 | -| UserRefreshIntervalUnit
**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | USERREFRESHINTERVALUNIT | Specifies the interval unit (Hour 0-23, Day 0-31). | 0 for hour, 1 for day | Publishing\Servers\{serverId}\UserPeriodicRefreshIntervalUnit | 1 | -| MigrationMode | MIGRATIONMODE | Migration mode allows the App-V client to modify shortcuts and FTA’s for packages created using a previous version of App-V. | True(enabled state); False (disabled state) | Coexistence\MigrationMode | | -| CEIPOPTIN | CEIPOPTIN | Allows the computer running the App-V 5.1 Client to collect and return certain usage information to help allow us to further improve the application. | 0 for disabled; 1 for enabled | SOFTWARE/Microsoft/AppV/CEIP/CEIPEnable | 0 | -| EnablePackageScripts | ENABLEPACKAGESCRIPTS | Enables scripts defined in the package manifest of configuration files that should run. | True(enabled); False(Disabled state) | \Scripting\EnablePackageScripts | | -| RoamingFileExclusions | ROAMINGFILEEXCLUSIONS | Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage:  /ROAMINGFILEEXCLUSIONS='desktop;my pictures' | | | | -| RoamingRegistryExclusions | ROAMINGREGISTRYEXCLUSIONS | Specifies the registry paths that do not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\\classes;software\\clients | String | Integration\RoamingRegistryExclusions | Policy value not written (same as Not Configured) | -| IntegrationRootUser | Not available. | Specifies the location to create symbolic links associated with the current version of a per-user published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %localappdata%\Microsoft\AppV\Client\Integration.| String | Integration\IntegrationRootUser | Policy value not written (same as Not Configured) | -|IntegrationRootGlobal | Not available.| Specifies the location to create symbolic links associated with the current version of a globally published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %allusersprofile%\Microsoft\AppV\Client\Integration | String | Integration\IntegrationRootGlobal | Policy value not written (same as Not Configured) | -| VirtualizableExtensions | Not available. | A comma -delineated list of file name extensions that can be used to determine if a locally installed application can be run in the virtual environment.
When shortcuts, FTAs, and other extension points are created during publishing, App-V will compare the file name extension to the list if the application that is associated with the extension point is locally installed. If the extension is located, the **RunVirtual** command line parameter will be added, and the application will run virtually.
For more information about the **RunVirtual** parameter, see [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications51.md). | String | Integration\VirtualizableExtensions | Policy value not written | -| ReportingEnabled | Not available. | Enables the client to return information to a reporting server. | True (enabled); False (Disabled state) | Reporting\EnableReporting | False | -| ReportingServerURL | Not available. | Specifies the location on the reporting server where client information is saved. | String | Reporting\ReportingServer | Policy value not written (same as Not Configured) | -| ReportingDataCacheLimit | Not available. | Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over. Set between 0 and 1024. | Integer [0-1024] | Reporting\DataCacheLimit | Policy value not written (same as Not Configured) | -| ReportingDataBlockSize| Not available. | Specifies the maximum size in bytes to transmit to the server for reporting upload requests. This can help avoid permanent transmission failures when the log has reached a significant size. Set between 1024 and unlimited. | Integer [1024 - Unlimited] | Reporting\DataBlockSize | Policy value not written (same as Not Configured) | -| ReportingStartTime | Not available. | Specifies the time to initiate the client to send data to the reporting server. You must specify a valid integer between 0-23 corresponding to the hour of the day. By default the **ReportingStartTime** will start on the current day at 10 P.M.or 22.
**Note** You should configure this setting to a time when computers running the App-V 5.1 client are least likely to be offline. | Integer (0 – 23) | Reporting\ StartTime | Policy value not written (same as Not Configured) | -| ReportingInterval | Not available. | Specifies the retry interval that the client will use to resend data to the reporting server. | Integer | Reporting\RetryInterval | Policy value not written (same as Not Configured) | -| ReportingRandomDelay | Not available. | Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and **ReportingRandomDelay** and will wait the specified duration before sending data. This can help to prevent collisions on the server. | Integer [0 - ReportingRandomDelay] | Reporting\RandomDelay | Policy value not written (same as Not Configured) | -| EnableDynamicVirtualization
**Important** This setting is available only with App-V 5.0 SP2 or later. | Not available. | Enables supported Shell Extensions, Browser Helper Objects, and Active X controls to be virtualized and run with virtual applications. | 1 (Enabled), 0 (Disabled) | HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Virtualization | | -| EnablePublishingRefreshUI
**Important** This setting is available only with App-V 5.0 SP2. | Not available. | Enables the publishing refresh progress bar for the computer running the App-V 5.1 Client. | 1 (Enabled), 0 (Disabled) | HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Publishing | | -| HideUI
**Important**  This setting is available only with App-V 5.0 SP2.| Not available. | Hides the publishing refresh progress bar. | 1 (Enabled), 0 (Disabled) | | | -| ProcessesUsingVirtualComponents | Not available. | Specifies a list of process paths (that may contain wildcards), which are candidates for using dynamic virtualization (supported shell extensions, browser helper objects, and ActiveX controls). Only processes whose full path matches one of these items can use dynamic virtualization. | String | Virtualization\ProcessesUsingVirtualComponents | Empty string. | - - - - - - -## Related topics - - -[Deploying the App-V 5.1 Sequencer and Client](deploying-the-app-v-51-sequencer-and-client.md) - -[How to Modify App-V 5.1 Client Configuration Using the ADMX Template and Group Policy](how-to-modify-app-v-51-client-configuration-using-the-admx-template-and-group-policy.md) - -[How to Deploy the App-V Client](how-to-deploy-the-app-v-client-51gb18030.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/about-the-connection-group-file.md b/mdop/appv-v5/about-the-connection-group-file.md deleted file mode 100644 index 49785fcb96..0000000000 --- a/mdop/appv-v5/about-the-connection-group-file.md +++ /dev/null @@ -1,338 +0,0 @@ ---- -title: About the Connection Group File -description: About the Connection Group File -author: dansimp -ms.assetid: bfeb6013-a7ca-4e36-9fe3-229702e83f0d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About the Connection Group File - - -**In this topic:** - -- [Connection group file purpose and location](#bkmk-cg-purpose-loc) - -- [Structure of the connection group XML file](#bkmk-define-cg-5-0sp3) - -- [Configuring the priority of packages in a connection group](#bkmk-config-pkg-priority-incg) - -- [Supported virtual application connection configurations](#bkmk-va-conn-configs) - -## Connection group file purpose and location - - - ---- - - - - - - - - - - - - - - -

Connection group purpose

A connection group is an App-V feature that enables you to group packages together to create a virtual environment in which the applications in those packages can interact with each other.

-

Example: You want to use plug-ins with Microsoft Office. You can create a package that contains the plug-ins, and create another package that contains Office, and then add both packages to a connection group to enable Office to use those plug-ins.

How the connection group file works

When you apply an Application Virtualization 5.0 connection group file, the packages that are enumerated in the file will be combined at runtime into a single virtual environment. Use the Microsoft Application Virtualization (App-V) 5.0 connection group file to configure existing Application Virtualization 5.0 connection groups.

Example file path

%APPDATA%\Microsoft\AppV\Client\Catalog\PackageGroups{6CCC7575-162E-4152-9407-ED411DA138F4}{4D1E16E1-8EF8-41ED-92D5-8910A8527F96}.

- - - -## Structure of the connection group XML file - - -**In this section:** - -- [Parameters that define the connection group](#bkmk-params-define-cg) - -- [Parameters that define the packages in the connection group](#bkmk-params-define-pkgs-incg) - -- [App-V 5.0 SP3 example connection group XML file](#bkmk-50sp3-exp-cg-xml) - -- [App-V 5.0 through App-V 5.0 SP2 example connection group XML file](#bkmk-50thru50sp2-exp-cg-xm) - -### Parameters that define the connection group - -The following table describes the parameters in the XML file that define the connection group itself, not the packages. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription

Schema name

Name of the schema.

-

Applicable starting in App-V 5.0 SP3: If you want to use the new “optional packages” and “use any version” features that are described in this table, you must specify the following schema in the XML file:

-

xmlns="https://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup";

AppConnectionGroupId

Unique GUID identifier for this connection group. The connection group state is associated with this identifier. Specify this identifier only when you create the connection group.

-

You can create a new GUID by typing: [Guid]::NewGuid().

VersionId

Version GUID identifier for this version of the connection group.

-

When you update a connection group (for example, by adding or updating a new package), you must update the version GUID to reflect the new version.

DisplayName

Display name of the connection group.

Priority

Optional priority field for the connection group.

-

“0” - indicates the highest priority.

-

If a priority is required, but has not been configured, the package will fail because the correct connection group to use cannot be determined.

- - - -### Parameters that define the packages in the connection group - -In the <Packages> section of the connection group XML file, you list the member packages in the connection group by specifying each package’s unique package identifier and version identifier, as described in the following table. The first package in the list has the highest precedence. - - ---- - - - - - - - - - - - - - - - - - - - - -
FieldDescription

PackageId

Unique GUID identifier for this package. This GUID doesn’t change when newer versions of the package are published.

VersionId

Unique GUID identifier for the version of the package.

-

Applicable starting in App-V 5.0 SP3: If you specify “*” for the package version, the GUID of the latest available package version is dynamically inserted.

IsOptional

Applicable starting in App-V 5.0 SP3: Parameter that enables you to make a package optional within the connection group. Valid entries are:

-
    -

  • “true” – package is optional in the connection group

    • -

  • “false” – package is required in the connection group

    • -
-

See How to Use Optional Packages in Connection Groups.

- - - -### App-V 5.0 SP3 example connection group XML file - -The following example connection group XML file shows examples of the fields in the previous tables and highlights the items that are new for App-V 5.0 SP3. - -```XML - - - - - - - -``` - -### App-V 5.0 through App-V 5.0 SP2 example connection group XML file - -The following example connection group XML file applies to App-V 5.0 through App-V 5.0 SP2. It shows examples of the fields in the previous table, but it excludes the changes described above for App-V 5.0 SP3. - -```XML - - - - - - -Configuring the priority of packages in a connection group - - -Package precedence is configured using the package list order. The first package in the document has the highest precedence. Subsequent packages in the list have descending priority. - -Package precedence is the resolution for otherwise inevitable resource collisions during virtual environment initialization. For example, if two packages that are opening in the same virtual environment define the same registry DWORD value, the package with the highest precedence determines the value that is set. - -You can use the connection group file to configure each connection group by using the following methods: - -- Specify runtime priorities for connection groups. - - **Note**   - Priority is required only if the package is associated with more than one connection group. - - - -- Specify package precedence within the connection group. - -The priority field is required when a running virtual application initiates from a native application request, for example, Microsoft Windows Explorer. The App-V client uses the priority to determine which connection group virtual environment the application should run in. This situation occurs if a virtual application is part of multiple connection groups. - -If a virtual application is opened using another virtual application the virtual environment of the original virtual application will be used. The priority field is not used in this case. - -**Example:** - -The virtual application Microsoft Outlook is running in virtual environment **XYZ**. When you open an attached Microsoft Word document, a virtualized version Microsoft Word opens in the virtual environment **XYZ**, regardless of the virtualized Microsoft Word’s associated connection groups or runtime priorities. - -## Supported virtual application connection configurations - - - ---- - - - - - - - - - - - - - - - - - - - - -
ConfigurationExample scenario

An. exe file and plug-in (.dll)

    -

  • You want to distribute Microsoft Office to all users, but distribute a Microsoft Excel plug-in to only a subset of users.

    • -

  • Enable the connection group for the appropriate users.

    • -

  • Update each package individually as required.

    • -

An. exe file and a middleware application

    -

  • You have an application requires a middleware application, or several applications that all depend on the same middleware runtime version.

    • -

  • All computers that require one or more of the applications receive the connection groups with the application and middleware application runtime.

    • -

  • You can optionally combine multiple middleware applications into a single connection group.

    - ---- - - - - - - - - - - - - - - - - -
    ExampleExample description

    Virtual application connection group for the financial division

      -

    • Middleware application 1

      • -

    • Middleware application 2

      • -

    • Middleware application 3

      • -

    • Middleware application runtime

      • -

    Virtual application connection group for HR division

      -

    • Middleware application 5

      • -

    • Middleware application 6

      • -

    • Middleware application runtime

      • -
    -

     

    • -

An. exe file and an .exe file

You have an application that relies on another application, and you want to keep the packages separate for operational efficiencies, licensing restrictions, or rollout timelines.

-

Example:

-

If you are deploying Microsoft Lync 2010, you can use three packages:

-
    -

  • Microsoft Office 2010

    • -

  • Microsoft Communicator 2007

    • -

  • Microsoft Lync 2010

    • -
-

You can manage the deployment using the following connection groups:

-
    -

  • Microsoft Office 2010 and Microsoft Communicator 2007

    • -

  • Microsoft Office 2010 and Microsoft Lync 2010

    • -
-

When the deployment has completed, you can either create a single new Microsoft Office 2010 + Microsoft Lync 2010 package, or keep and maintain them as separate packages and deploy them by using a connection group.

- - - - - - - - -## Related topics - - -[Managing Connection Groups](managing-connection-groups.md) - - - - - - - - - diff --git a/mdop/appv-v5/about-the-connection-group-file51.md b/mdop/appv-v5/about-the-connection-group-file51.md deleted file mode 100644 index c135acab7f..0000000000 --- a/mdop/appv-v5/about-the-connection-group-file51.md +++ /dev/null @@ -1,338 +0,0 @@ ---- -title: About the Connection Group File -description: About the Connection Group File -author: dansimp -ms.assetid: 1f4df515-f5f6-4b58-91a8-c71598cb3ea4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About the Connection Group File - - -**In this topic:** - -- [Connection group file purpose and location](#bkmk-cg-purpose-loc) - -- [Structure of the connection group XML file](#bkmk-define-cg-5-0sp3) - -- [Configuring the priority of packages in a connection group](#bkmk-config-pkg-priority-incg) - -- [Supported virtual application connection configurations](#bkmk-va-conn-configs) - -## Connection group file purpose and location - - - ---- - - - - - - - - - - - - - - -

Connection group purpose

A connection group is an App-V feature that enables you to group packages together to create a virtual environment in which the applications in those packages can interact with each other.

-

Example: You want to use plug-ins with Microsoft Office. You can create a package that contains the plug-ins, and create another package that contains Office, and then add both packages to a connection group to enable Office to use those plug-ins.

How the connection group file works

When you apply an App-V 5.1 connection group file, the packages that are enumerated in the file will be combined at runtime into a single virtual environment. Use the Microsoft Application Virtualization (App-V) 5.1 connection group file to configure existing App-V 5.1 connection groups.

Example file path

%APPDATA%\Microsoft\AppV\Client\Catalog\PackageGroups{6CCC7575-162E-4152-9407-ED411DA138F4}{4D1E16E1-8EF8-41ED-92D5-8910A8527F96}.

- - - -## Structure of the connection group XML file - - -**In this section:** - -- [Parameters that define the connection group](#bkmk-params-define-cg) - -- [Parameters that define the packages in the connection group](#bkmk-params-define-pkgs-incg) - -- [App-V example connection group XML file](#bkmk-50sp3-exp-cg-xml) - -- [App-V 5.0 through App-V 5.0 SP2 example connection group XML file](#bkmk-50thru50sp2-exp-cg-xm) - -### Parameters that define the connection group - -The following table describes the parameters in the XML file that define the connection group itself, not the packages. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription

Schema name

Name of the schema.

-

Applicable starting in App-V 5.0 SP3: If you want to use the new “optional packages” and “use any version” features that are described in this table, you must specify the following schema in the XML file:

-

xmlns="https://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup";

AppConnectionGroupId

Unique GUID identifier for this connection group. The connection group state is associated with this identifier. Specify this identifier only when you create the connection group.

-

You can create a new GUID by typing: [Guid]::NewGuid().

VersionId

Version GUID identifier for this version of the connection group.

-

When you update a connection group (for example, by adding or updating a new package), you must update the version GUID to reflect the new version.

DisplayName

Display name of the connection group.

Priority

Optional priority field for the connection group.

-

“0” - indicates the highest priority.

-

If a priority is required, but has not been configured, the package will fail because the correct connection group to use cannot be determined.

- - - -### Parameters that define the packages in the connection group - -In the <Packages> section of the connection group XML file, you list the member packages in the connection group by specifying each package’s unique package identifier and version identifier, as described in the following table. The first package in the list has the highest precedence. - - ---- - - - - - - - - - - - - - - - - - - - - -
FieldDescription

PackageId

Unique GUID identifier for this package. This GUID doesn’t change when newer versions of the package are published.

VersionId

Unique GUID identifier for the version of the package.

-

Applicable starting in App-V 5.0 SP3: If you specify “*” for the package version, the GUID of the latest available package version is dynamically inserted.

IsOptional

Applicable starting in App-V 5.0 SP3: Parameter that enables you to make a package optional within the connection group. Valid entries are:

-
    -

  • “true” – package is optional in the connection group

    • -

  • “false” – package is required in the connection group

    • -
-

See How to Use Optional Packages in Connection Groups.

- - - -### App-V example connection group XML file - -The following example connection group XML file shows examples of the fields in the previous tables and highlights the items that are new starting in App-V 5.0 SP3. - -```XML - - - - - - - -``` - -### App-V 5.0 through App-V 5.0 SP2 example connection group XML file - -The following example connection group XML file applies to App-V 5.0 through App-V 5.0 SP2. It shows examples of the fields in the previous table, but it excludes the changes described above for App-V 5.0 SP3. - -```XML - - - - - - - -``` - -## Configuring the priority of packages in a connection group - - -Package precedence is configured using the package list order. The first package in the document has the highest precedence. Subsequent packages in the list have descending priority. - -Package precedence is the resolution for otherwise inevitable resource collisions during virtual environment initialization. For example, if two packages that are opening in the same virtual environment define the same registry DWORD value, the package with the highest precedence determines the value that is set. - -You can use the connection group file to configure each connection group by using the following methods: - -- Specify runtime priorities for connection groups. To edit priority by using the App-V Management Console, click the connection group and then click **Edit**. - - **Note**   - Priority is required only if the package is associated with more than one connection group. - - - -- Specify package precedence within the connection group. - -The priority field is required when a running virtual application initiates from a native application request, for example, Microsoft Windows Explorer. The App-V client uses the priority to determine which connection group virtual environment the application should run in. This situation occurs if a virtual application is part of multiple connection groups. - -If a virtual application is opened using another virtual application the virtual environment of the original virtual application will be used. The priority field is not used in this case. - -**Example:** - -The virtual application Microsoft Outlook is running in virtual environment **XYZ**. When you open an attached Microsoft Word document, a virtualized version Microsoft Word opens in the virtual environment **XYZ**, regardless of the virtualized Microsoft Word’s associated connection groups or runtime priorities. - -## Supported virtual application connection configurations - - - ---- - - - - - - - - - - - - - - - - - - - - -
ConfigurationExample scenario

An. exe file and plug-in (.dll)

    -

  • You want to distribute Microsoft Office to all users, but distribute a Microsoft Excel plug-in to only a subset of users.

    • -

  • Enable the connection group for the appropriate users.

    • -

  • Update each package individually as required.

    • -

An. exe file and a middleware application

    -

  • You have an application requires a middleware application, or several applications that all depend on the same middleware runtime version.

    • -

  • All computers that require one or more of the applications receive the connection groups with the application and middleware application runtime.

    • -

  • You can optionally combine multiple middleware applications into a single connection group.

    - ---- - - - - - - - - - - - - - - - - -
    ExampleExample description

    Virtual application connection group for the financial division

      -

    • Middleware application 1

      • -

    • Middleware application 2

      • -

    • Middleware application 3

      • -

    • Middleware application runtime

      • -

    Virtual application connection group for HR division

      -

    • Middleware application 5

      • -

    • Middleware application 6

      • -

    • Middleware application runtime

      • -
    -

     

    • -

An. exe file and an .exe file

You have an application that relies on another application, and you want to keep the packages separate for operational efficiencies, licensing restrictions, or rollout timelines.

-

Example:

-

If you are deploying Microsoft Lync 2010, you can use three packages:

-
    -

  • Microsoft Office 2010

    • -

  • Microsoft Communicator 2007

    • -

  • Microsoft Lync 2010

    • -
-

You can manage the deployment using the following connection groups:

-
    -

  • Microsoft Office 2010 and Microsoft Communicator 2007

    • -

  • Microsoft Office 2010 and Microsoft Lync 2010

    • -
-

When the deployment has completed, you can either create a single new Microsoft Office 2010 + Microsoft Lync 2010 package, or keep and maintain them as separate packages and deploy them by using a connection group.

- - - - - - - - -## Related topics - - -[Managing Connection Groups](managing-connection-groups51.md) - - - - - - - - - diff --git a/mdop/appv-v5/about-the-connection-group-virtual-environment.md b/mdop/appv-v5/about-the-connection-group-virtual-environment.md deleted file mode 100644 index 5b7e566fae..0000000000 --- a/mdop/appv-v5/about-the-connection-group-virtual-environment.md +++ /dev/null @@ -1,114 +0,0 @@ ---- -title: About the Connection Group Virtual Environment -description: About the Connection Group Virtual Environment -author: dansimp -ms.assetid: 535fa640-cbd9-425e-8437-94650a70c264 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About the Connection Group Virtual Environment - - -**In this topic:** - -- [How package priority is determined](#bkmk-pkg-priority-deter) - -- [Merging identical package paths into one virtual directory in connection groups](#bkmk-merged-root-ve-exp) - -## How package priority is determined - - -The virtual environment and its current state are associated with the connection group, not with the individual packages. If an App-V package is removed from the connection group, the state that existed as part of the connection group will not migrate with the package. - -If the same package is a part of two different connection groups, you have to indicate which connection group App-V should use. For example, you might have two packages in a connection group that each define the same registry DWORD value. - -The connection group that is used is based on the order in which a package appears inside the **AppConnectionGroup** XML document: - -- The first package has the highest precedence. - -- The second package has the second highest precedence. - -Consider the following example section: - -```xml - -``` - -Assume that same DWORD value ABC (HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region) is defined in the first and third package, such as: - -- Package 1 (A8731008-4523-4713-83A4-CD1363907160): HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region=5 - -- Package 3 (04220DCA-EE77-42BE-A9F5-96FD8E8593F2): HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region=10 - -Since Package 1 appears first, the AppConnectionGroup's virtual environment will have the single DWORD value of 5 (HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region=5). This means that the virtual applications in Package 1, Package 2, and Package 3 will all see the value 5 when they query for HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region. - -Other virtual environment resources are resolved similarly, but the usual case is that the collisions occur in the registry. - -## Merging identical package paths into one virtual directory in connection groups - - -If two or more packages in a connection group contain identical directory paths, the paths are merged into a single virtual directory inside the connection group virtual environment. This merging of paths allows an application in one package to access files that are in a different package. - -When you remove a package from a connection group, the applications in that removed package are no longer able to access files in the remaining packages in the connection group. - -The order in which App-V looks up a file’s name in the connection group is specified by the order in which the App-V packages are listed in the connection group manifest file. - -The following example shows the order and relationship of a file name lookup in a connection group for **Package A** and **Package B**. - - ---- - - - - - - - - - - - - - - - - -
Package APackage B

C:\Windows\System32

C:\Windows\System32

C:\AppTest

C:\AppTest

- -  - -In the example above, when a virtualized application tries to find a specific file, Package A is searched first for a matching file path. If a matching path is not found, Package B is searched, using the following mapping rules: - -- If a file named **test.txt** exists in the same virtual folder hierarchy in both application packages, the first matching file is used. - -- If a file named **bar.txt** exists in the virtual folder hierarchy of one application package, but not in the other, the first matching file is used. - - - - - - -## Related topics - - -[Managing Connection Groups](managing-connection-groups.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/about-the-connection-group-virtual-environment51.md b/mdop/appv-v5/about-the-connection-group-virtual-environment51.md deleted file mode 100644 index 3acd54097c..0000000000 --- a/mdop/appv-v5/about-the-connection-group-virtual-environment51.md +++ /dev/null @@ -1,114 +0,0 @@ ---- -title: About the Connection Group Virtual Environment -description: About the Connection Group Virtual Environment -author: dansimp -ms.assetid: b7bb0e3d-8cd5-45a9-b84e-c9ab4196a18c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About the Connection Group Virtual Environment - - -**In this topic:** - -- [How package priority is determined](#bkmk-pkg-priority-deter) - -- [Merging identical package paths into one virtual directory in connection groups](#bkmk-merged-root-ve-exp) - -## How package priority is determined - - -The virtual environment and its current state are associated with the connection group, not with the individual packages. If an App-V package is removed from the connection group, the state that existed as part of the connection group will not migrate with the package. - -If the same package is a part of two different connection groups, you have to indicate which connection group App-V should use. For example, you might have two packages in a connection group that each define the same registry DWORD value. - -The connection group that is used is based on the order in which a package appears inside the **AppConnectionGroup** XML document: - -- The first package has the highest precedence. - -- The second package has the second highest precedence. - -Consider the following example section: - -```xml - -``` - -Assume that same DWORD value ABC (HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region) is defined in the first and third package, such as: - -- Package 1 (A8731008-4523-4713-83A4-CD1363907160): HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region=5 - -- Package 3 (04220DCA-EE77-42BE-A9F5-96FD8E8593F2): HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region=10 - -Since Package 1 appears first, the AppConnectionGroup's virtual environment will have the single DWORD value of 5 (HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region=5). This means that the virtual applications in Package 1, Package 2, and Package 3 will all see the value 5 when they query for HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region. - -Other virtual environment resources are resolved similarly, but the usual case is that the collisions occur in the registry. - -## Merging identical package paths into one virtual directory in connection groups - - -If two or more packages in a connection group contain identical directory paths, the paths are merged into a single virtual directory inside the connection group virtual environment. This merging of paths allows an application in one package to access files that are in a different package. - -When you remove a package from a connection group, the applications in that removed package are no longer able to access files in the remaining packages in the connection group. - -The order in which App-V looks up a file’s name in the connection group is specified by the order in which the App-V packages are listed in the connection group manifest file. - -The following example shows the order and relationship of a file name lookup in a connection group for **Package A** and **Package B**. - - ---- - - - - - - - - - - - - - - - - -
Package APackage B

C:\Windows\System32

C:\Windows\System32

C:\AppTest

C:\AppTest

- -  - -In the example above, when a virtualized application tries to find a specific file, Package A is searched first for a matching file path. If a matching path is not found, Package B is searched, using the following mapping rules: - -- If a file named **test.txt** exists in the same virtual folder hierarchy in both application packages, the first matching file is used. - -- If a file named **bar.txt** exists in the virtual folder hierarchy of one application package, but not in the other, the first matching file is used. - - - - - - -## Related topics - - -[Managing Connection Groups](managing-connection-groups51.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/accessibility-for-app-v-50.md b/mdop/appv-v5/accessibility-for-app-v-50.md deleted file mode 100644 index 4cc6cd8431..0000000000 --- a/mdop/appv-v5/accessibility-for-app-v-50.md +++ /dev/null @@ -1,153 +0,0 @@ ---- -title: Accessibility for App-V 5.0 -description: Accessibility for App-V 5.0 -author: dansimp -ms.assetid: 56696523-6332-4bbe-8ddf-32b1dfe38131 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Accessibility for App-V 5.0 - - -Microsoft is committed to making its products and services easier for everyone to use. This section provides information about features and services that make this product and its corresponding documentation more accessible for people with disabilities. - -## Access Any Command with a Few Keystrokes - - -**Important**   -The information in this section only applies to the App-V 5.0 sequencer. For specific information about the App-V 5.0 server, see the Keyboard Shortcuts for the App-V 5.0 Management Server section of this document. - - - -Access keys let you quickly use a command by pressing a few keys. You can get to most commands by using two keystrokes. To use an access key: - -1. Press ALT. - - The keyboard shortcuts are displayed over each feature that is available in the current view. - -2. Press the letter shown in the keyboard shortcut over the feature that you want to use. - -**Note**   -To cancel the action that you are taking and hide the keyboard shortcuts, press ALT. - - - -## Keyboard Shortcuts for the App-V 5.0 Management Server - - -Keyboard Shortcuts for the App-V 5.0 Management Server: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
To do thisPress

Rename App-V 5.0 connection groups or the App-V 5.0 publishing server description.

F2

Transfer access and configuration information from an existing App-V 5.0 package.

CTRL + Shift + A

Transfer default configurations from an existing App-V 5.0 package.

CTRL + Shift + C

Refresh the current page of the App-V 5.0 client console.

F5

On the Connections Groups page of the client management console, copies as a new version.

CTRL + Shift + C

- - - -## Documentation in Alternative Formats - - -If you have difficulty reading or handling printed materials, you can obtain the documentation for many Microsoft products in more accessible formats. You can view an index of accessible product documentation on the Microsoft Accessibility website. In addition, you can obtain additional Microsoft publications from Learning Ally (formerly Recording for the Blind & Dyslexic, Inc.). Learning Ally distributes these documents to registered, eligible members of their distribution service. - -For information about the availability of Microsoft product documentation and books from Microsoft Press, contact: - - ---- - - - - - - - - - - - - - - - - - - - - - - -

Learning Ally (formerly Recording for the Blind & Dyslexic, Inc.)

-

20 Roszel Road

-

Princeton, NJ 08540

Telephone number from within the United States:

(800) 221-4792

Telephone number from outside the United States and Canada:

(609) 452-0606

Fax:

(609) 987-8116

http://www.learningally.org/

Web addresses can change, so you might be unable to connect to the website or sites mentioned here.

- - - -## Customer Service for People with Hearing Impairments - - -If you are deaf or hard-of-hearing, complete access to Microsoft product and customer services is available through a text telephone (TTY/TDD) service: - -- For customer service, contact Microsoft Sales Information Center at (800) 892-5234 between 6:30 AM and 5:30 PM Pacific Time, Monday through Friday, excluding holidays. - -- For technical assistance in the United States, contact Microsoft Product Support Services at (800) 892-5234 between 6:00 AM and 6:00 PM Pacific Time, Monday through Friday, excluding holidays. In Canada, dial (905) 568-9641 between 8:00 AM and 8:00 PM Eastern Time, Monday through Friday, excluding holidays. - -Microsoft Support Services are subject to the prices, terms, and conditions in place at the time the service is used. - -## For More Information - - -For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431). - -## Related topics - - -[Getting Started with App-V 5.0](getting-started-with-app-v-50--rtm.md) - - - - - - - - - diff --git a/mdop/appv-v5/accessibility-for-app-v-51.md b/mdop/appv-v5/accessibility-for-app-v-51.md deleted file mode 100644 index 30d29b8cd1..0000000000 --- a/mdop/appv-v5/accessibility-for-app-v-51.md +++ /dev/null @@ -1,174 +0,0 @@ ---- -title: Accessibility for App-V 5.1 -description: Accessibility for App-V 5.1 -author: dansimp -ms.assetid: ef3f7742-f2e9-4748-ad60-74e0961b1bd9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Accessibility for App-V 5.1 - - -Microsoft is committed to making its products and services easier for everyone to use. This section provides information about features and services that make this product and its corresponding documentation more accessible for people with disabilities. - -## Keyboard Shortcuts for the App-V 5.1 Management Server - - -Following are the keyboard Shortcuts for the App-V 5.1 Management Server: - - ---- - - - - - - - - - - - - - - - - - - - - -
To do thisPress

Close a dialog box.

Esc

Perform the default action of a dialog box.

Enter

Refresh the current page of the App-V 5.1 client console.

F5

- - - -## Keyboard Shortcuts for the App-V 5.1 Sequencer - - -Following are the keyboard shortcuts for the Virtual Registry tab in the package editor in the App-V 5.1 Sequencer: - - ---- - - - - - - - - - - - - - - - - -
To do thisPress

Open the Find dialog box.

CTRL + F

Open the Replace dialog box.

CTRL + H

- - - -### Access Any Command with a Few Keystrokes - -**Important**   -The information in this section only applies to the App-V 5.1 sequencer. For specific information about the App-V 5.1 server, see the Keyboard Shortcuts for the App-V 5.1 Management Server section of this document. - - - -Access keys let you quickly use a command by pressing a few keys. You can get to most commands by using two keystrokes. To use an access key: - -1. Press ALT. - - An underline appears beneath the keyboard shortcut for each feature that is available in the current view. - -2. Press the letter underlined in the keyboard shortcut for the feature that you want to use. - -**Note**   -To cancel the action that you are taking and hide the keyboard shortcuts, press ALT. - - - -## Documentation in Alternative Formats - - -If you have difficulty reading or handling printed materials, you can obtain the documentation for many Microsoft products in more accessible formats. You can view an index of accessible product documentation on the Microsoft Accessibility website. In addition, you can obtain additional Microsoft publications from Learning Ally (formerly Recording for the Blind & Dyslexic, Inc.). Learning Ally distributes these documents to registered, eligible members of their distribution service. - -For information about the availability of Microsoft product documentation and books from Microsoft Press, contact: - - ---- - - - - - - - - - - - - - - - - - - - - - - -

Learning Ally (formerly Recording for the Blind & Dyslexic, Inc.)

-

20 Roszel Road

-

Princeton, NJ 08540

Telephone number from within the United States:

(800) 221-4792

Telephone number from outside the United States and Canada:

(609) 452-0606

Fax:

(609) 987-8116

http://www.learningally.org/

Web addresses can change, so you might be unable to connect to the website or sites mentioned here.

- - - -## Customer Service for People with Hearing Impairments - - -If you are deaf or hard-of-hearing, complete access to Microsoft product and customer services is available through a text telephone (TTY/TDD) service: - -- For customer service, contact Microsoft Sales Information Center at (800) 892-5234 between 6:30 AM and 5:30 PM Pacific Time, Monday through Friday, excluding holidays. - -- For technical assistance in the United States, contact Microsoft Product Support Services at (800) 892-5234 between 6:00 AM and 6:00 PM Pacific Time, Monday through Friday, excluding holidays. In Canada, dial (905) 568-9641 between 8:00 AM and 8:00 PM Eastern Time, Monday through Friday, excluding holidays. - -Microsoft Support Services are subject to the prices, terms, and conditions in place at the time the service is used. - -## For More Information - - -For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431). - -## Related topics - - -[Getting Started with App-V 5.1](getting-started-with-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/administering-app-v-50-virtual-applications-by-using-the-management-console.md b/mdop/appv-v5/administering-app-v-50-virtual-applications-by-using-the-management-console.md deleted file mode 100644 index 50214f1054..0000000000 --- a/mdop/appv-v5/administering-app-v-50-virtual-applications-by-using-the-management-console.md +++ /dev/null @@ -1,119 +0,0 @@ ---- -title: Administering App-V 5.0 Virtual Applications by Using the Management Console -description: Administering App-V 5.0 Virtual Applications by Using the Management Console -author: dansimp -ms.assetid: e9280dbd-782b-493a-b495-daab25247795 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 10/03/2016 ---- - - -# Administering App-V 5.0 Virtual Applications by Using the Management Console - - -Use the Microsoft Application Virtualization (App-V) 5.0 management server to manage packages, connection groups, and package access in your environment. The server publishes application icons, shortcuts, and file type associations to authorized computers that run the App-V 5.0 client. One or more management servers typically share a common data store for configuration and package information. - -The management server uses Active Directory Domain Services (AD DS) groups to manage user authorization and has SQL Server installed to manage the database and data store. - -Because the management servers stream applications to end users on demand, these servers are ideally suited for system configurations that have reliable, high-bandwidth LANs. The management server consists of the following components: - -- Management Server – Use the management server to manage packages and connection groups. - -- Publishing Server – Use the publishing server to deploy packages to computers that run the App-V 5.0 client. - -- Management Database - Use the management database to manage the package access and to publish the server’s synchronization with the management server. - -## Management Console tasks - - -The most common tasks that you can perform with the App-V 5.0 Management console are: - -- [How to Connect to the Management Console](how-to-connect-to-the-management-console-beta.md) - -- [How to Add or Upgrade Packages by Using the Management Console](how-to-add-or-upgrade-packages-by-using-the-management-console-beta-gb18030.md) - -- [How to Configure Access to Packages by Using the Management Console](how-to-configure-access-to-packages-by-using-the-management-console-50.md) - -- [How to Publish a Package by Using the Management Console](how-to-publish-a-package-by-using-the-management-console-50.md) - -- [How to Delete a Package in the Management Console](how-to-delete-a-package-in-the-management-console-beta.md) - -- [How to Add or Remove an Administrator by Using the Management Console](how-to-add-or-remove-an-administrator-by-using-the-management-console.md) - -- [How to Register and Unregister a Publishing Server by Using the Management Console](how-to-register-and-unregister-a-publishing-server-by-using-the-management-console.md) - -- [How to Create a Custom Configuration File by Using the App-V 5.0 Management Console](how-to-create-a-custom-configuration-file-by-using-the-app-v-50-management-console.md) - -- [How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console](how-to-transfer-access-and-configurations-to-another-version-of-a-package-by-using-the-management-console.md) - -- [How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console](how-to-customize-virtual-applications-extensions-for-a-specific-ad-group-by-using-the-management-console.md) - -- [Configure Applications and Default Virtual Application Extensions in Management Console](configure-applications-and-default-virtual-application-extensions-in-management-console.md) - -The main elements of the App-V 5.0 Management Console are: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
Management Console tabDescription

Overview

-
    -

  • App-V Sequencer - Select this option to review general information about using the App-V 5.0 sequencer.

    • -

  • Application Packages Library – Select this option to open the PACKAGES page of the Management Console. Use this page to review packages that have been added to the server. You can also manage the connection groups, as well as add or upgrade packages.

    • -

  • SERVERS – Select this option to open the SERVERS page of the Management Console. Use this page to review the list of servers that have been registered with your App-V 5.0 infrastructure.

    • -

  • CLIENTS – Select this option to review general information about App-V 5.0 clients.

    • -

Packages tab

Use the PACKAGES tab to add or upgrade packages. You can also manage connection groups by clicking CONNECTION GROUPS.

Servers tab

Use the SERVERS tab to register a new server.

Administrators tab

Use the ADMINISTRATORS tab to register, add, or remove administrators in your App-V 5.0 environment.

- -  - - - - - - -## Other resources for this App-V 5.0 deployment - - -- [Microsoft Application Virtualization 5.0 Administrator's Guide](microsoft-application-virtualization-50-administrators-guide.md) - -- [Operations for App-V 5.0](operations-for-app-v-50.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/administering-app-v-51-by-using-powershell.md b/mdop/appv-v5/administering-app-v-51-by-using-powershell.md deleted file mode 100644 index be798c4983..0000000000 --- a/mdop/appv-v5/administering-app-v-51-by-using-powershell.md +++ /dev/null @@ -1,143 +0,0 @@ ---- -title: Administering App-V 5.1 by Using PowerShell -description: Administering App-V 5.1 by Using PowerShell -author: dansimp -ms.assetid: 9e10ff07-2cd9-4dc1-9e99-582f90c36081 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Administering App-V 5.1 by Using PowerShell - - -Microsoft Application Virtualization (App-V) 5.1 provides Windows PowerShell cmdlets, which can help administrators perform various App-V 5.1 tasks. The following sections provide more information about using PowerShell with App-V 5.1. - -## How to administer App-V 5.1 by using PowerShell - - -Use the following PowerShell procedures to perform various App-V 5.1 tasks. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameDescription

How to Load the PowerShell Cmdlets and Get Cmdlet Help

Describes how to install the PowerShell cmdlets and find cmdlet help and examples.

How to Manage App-V 5.1 Packages Running on a Stand-Alone Computer by Using PowerShell

Describes how to manage the client package lifecycle on a stand-alone computer using PowerShell.

How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell

Describes how to manage connection groups using PowerShell.

How to Modify Client Configuration by Using PowerShell

Describes how to modify the client using PowerShell.

How to Apply the User Configuration File by Using PowerShell

Describes how to apply a user configuration file using PowerShell.

How to Apply the Deployment Configuration File by Using PowerShell

Describes how to apply a deployment configuration file using PowerShell.

How to Sequence a Package by Using PowerShell

Describes how to create a new package using PowerShell.

How to Create a Package Accelerator by Using PowerShell

Describes how to create a package accelerator using PowerShell. You can use package accelerators automatically sequence large, complex applications.

How to Enable Reporting on the App-V 5.1 Client by Using PowerShell

Describes how to enable the computer running the App-V 5.1 to send reporting information.

How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell

Describes how to take an array of account names and to convert each of them to the corresponding SID in standard and hexadecimal formats.

- - - -**Important**   -Make sure that any script you execute with your App-V packages matches the execution policy that you have configured for PowerShell. - - - -## PowerShell Error Handling - - -Use the following table for information about App-V 5.1 PowerShell error handling. - - ---- - - - - - - - - - - - - - - - - -
EventAction

Using the RollbackOnError attribute with embedded scripts

When you use the RollbackOnError attribute with embedded scripts, the attribute is ignored for the following events:

-
    -

  • Removing a package

    • -

  • Unpublishing a package

    • -

  • Terminating a virtual environment

    • -

  • Terminating a process

    • -

Package name contains $

If a package name contains the character ( $ ), you must use a single-quote ( ), for example,

-

Add-AppvClientPackage ‘Contoso$App.appv’

- - - - - - - - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/administering-app-v-51-virtual-applications-by-using-the-management-console.md b/mdop/appv-v5/administering-app-v-51-virtual-applications-by-using-the-management-console.md deleted file mode 100644 index 26ff07008e..0000000000 --- a/mdop/appv-v5/administering-app-v-51-virtual-applications-by-using-the-management-console.md +++ /dev/null @@ -1,118 +0,0 @@ ---- -title: Administering App-V 5.1 Virtual Applications by Using the Management Console -description: Administering App-V 5.1 Virtual Applications by Using the Management Console -author: dansimp -ms.assetid: a4d078aa-ec54-4fa4-9463-bfb3b971d724 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Administering App-V 5.1 Virtual Applications by Using the Management Console - - -Use the Microsoft Application Virtualization (App-V) 5.1 management server to manage packages, connection groups, and package access in your environment. The server publishes application icons, shortcuts, and file type associations to authorized computers that run the App-V 5.1 client. One or more management servers typically share a common data store for configuration and package information. - -The management server uses Active Directory Domain Services (AD DS) groups to manage user authorization and has SQL Server installed to manage the database and data store. - -Because the management servers stream applications to end users on demand, these servers are ideally suited for system configurations that have reliable, high-bandwidth LANs. The management server consists of the following components: - -- Management Server – Use the management server to manage packages and connection groups. - -- Publishing Server – Use the publishing server to deploy packages to computers that run the App-V 5.1 client. - -- Management Database - Use the management database to manage the package access and to publish the server’s synchronization with the management server. - -## Management Console tasks - - -The most common tasks that you can perform with the App-V 5.1 Management console are: - -- [How to Connect to the Management Console](how-to-connect-to-the-management-console-51.md) - -- [How to Add or Upgrade Packages by Using the Management Console](how-to-add-or-upgrade-packages-by-using-the-management-console-51-gb18030.md) - -- [How to Configure Access to Packages by Using the Management Console](how-to-configure-access-to-packages-by-using-the-management-console-51.md) - -- [How to Publish a Package by Using the Management Console](how-to-publish-a-package-by-using-the-management-console-51.md) - -- [How to Delete a Package in the Management Console](how-to-delete-a-package-in-the-management-console-51.md) - -- [How to Add or Remove an Administrator by Using the Management Console](how-to-add-or-remove-an-administrator-by-using-the-management-console51.md) - -- [How to Register and Unregister a Publishing Server by Using the Management Console](how-to-register-and-unregister-a-publishing-server-by-using-the-management-console51.md) - -- [How to Create a Custom Configuration File by Using the App-V 5.1 Management Console](how-to-create-a-custom-configuration-file-by-using-the-app-v-51-management-console.md) - -- [How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console](how-to-transfer-access-and-configurations-to-another-version-of-a-package-by-using-the-management-console51.md) - -- [How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console](how-to-customize-virtual-applications-extensions-for-a-specific-ad-group-by-using-the-management-console51.md) - -- [How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console](how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-beta.md) - -The main elements of the App-V 5.1 Management Console are: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
Management Console tabDescription

Packages tab

Use the PACKAGES tab to add or upgrade packages.

Connection Groups tab

Use the CONNECTION GROUPS tab to manage connection groups.

Servers tab

Use the SERVERS tab to register a new server.

Administrators tab

Use the ADMINISTRATORS tab to register, add, or remove administrators in your App-V 5.1 environment.

- - - -**Important**   -JavaScript must be enabled on the browser that opens the Web Management Console. - - - - - - - - -## Other resources for this App-V 5.1 deployment - - -- [Microsoft Application Virtualization 5.1 Administrator's Guide](microsoft-application-virtualization-51-administrators-guide.md) - -- [Operations for App-V 5.1](operations-for-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/administering-app-v-by-using-powershell.md b/mdop/appv-v5/administering-app-v-by-using-powershell.md deleted file mode 100644 index 8d6b8071a3..0000000000 --- a/mdop/appv-v5/administering-app-v-by-using-powershell.md +++ /dev/null @@ -1,138 +0,0 @@ ---- -title: Administering App-V by Using PowerShell -description: Administering App-V by Using PowerShell -author: dansimp -ms.assetid: 1ff4686a-1e19-4eff-b648-ada091281094 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Administering App-V by Using PowerShell - - -Microsoft Application Virtualization (App-V) 5.0 provides Windows PowerShell cmdlets, which can help administrators perform various App-V 5.0 tasks. The following sections provide more information about using PowerShell with App-V 5.0. - -## How to administer App-V 5.0 by using PowerShell - - -Use the following PowerShell procedures to perform various App-V 5.0 tasks. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameDescription

How to Load the PowerShell Cmdlets and Get Cmdlet Help

Describes how to install the PowerShell cmdlets and find cmdlet help and examples.

How to Manage App-V 5.0 Packages Running on a Stand-Alone Computer by Using PowerShell

Describes how to manage the client package lifecycle on a stand-alone computer using PowerShell.

How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell

Describes how to manage connection groups using PowerShell.

How to Modify Client Configuration by Using PowerShell

Describes how to modify the client using PowerShell.

How to Apply the User Configuration File by Using PowerShell

Describes how to apply a user configuration file using PowerShell.

How to Apply the Deployment Configuration File by Using PowerShell

Describes how to apply a deployment configuration file using PowerShell.

How to Sequence a Package by Using PowerShell

Describes how to create a new package using PowerShell.

How to Create a Package Accelerator by Using PowerShell

Describes how to create a package accelerator using PowerShell. You can use package accelerators automatically sequence large, complex applications.

How to Enable Reporting on the App-V 5.0 Client by Using PowerShell

Describes how to enable the computer running the App-V 5.0 to send reporting information.

How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell

Describes how to take an array of account names and to convert each of them to the corresponding SID in standard and hexadecimal formats.

- - - -## PowerShell Error Handling - - -Use the following table for information about App-V 5.0 PowerShell error handling. - - ---- - - - - - - - - - - - - - - - - -
EventAction

Using the RollbackOnError attribute with embedded scripts

When you use the RollbackOnError attribute with embedded scripts, the attribute is ignored for the following events:

-
    -

  • Removing a package

    • -

  • Unpublishing a package

    • -

  • Terminating a virtual environment

    • -

  • Terminating a process

    • -

Package name contains $

If a package name contains the character ( $ ), you must use a single-quote ( ), for example,

-

Add-AppvClientPackage ‘Contoso$App.appv’

- - - - - - - - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - - - - - - - - - diff --git a/mdop/appv-v5/app-v-50-capacity-planning.md b/mdop/appv-v5/app-v-50-capacity-planning.md deleted file mode 100644 index 3fe507eacf..0000000000 --- a/mdop/appv-v5/app-v-50-capacity-planning.md +++ /dev/null @@ -1,963 +0,0 @@ ---- -title: App-V 5.0 Capacity Planning -description: App-V 5.0 Capacity Planning -author: dansimp -ms.assetid: 56f48b00-cd91-4280-9481-5372a0e2e792 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# App-V 5.0 Capacity Planning - - -The following recommendations can be used as a baseline to help determine capacity planning information that is appropriate to your organization’s App-V 5.0 infrastructure. - -**Important**   -Use the information in this section only as a general guide for planning your App-V 5.0 deployment. Your system capacity requirements will depend on the specific details of your hardware and application environment. Additionally, the performance numbers displayed in this document are examples and your results may vary. - - - -## Determine the Project Scope - - -Before you design the App-V 5.0 infrastructure, you must determine the project’s scope. The scope consists of determining which applications will be available virtually and to also identify the target users, and their locations. This information will help determine what type of App-V 5.0 infrastructure should be implemented. Decisions about the scope of the project must be based on the specific needs of your organization. - - ---- - - - - - - - - - - - - - - - - -
TaskMore Information

Determine Application Scope

Depending on the applications to be virtualized, the App-V 5.0 infrastructure can be set up in different ways. The first task is to define what applications you want to virtualize.

Determine Location Scope

Location scope refers to the physical locations (for example, enterprise-wide or a specific geographic location) where you plan to run the virtualized applications. It can also refer to the user population (for example, a single department) who will run the virtual applications. You should obtain a network map that includes the connection paths as well as available bandwidth to each location and the number of users using virtualized applications and the WAN link speed.

- - - -## Determine Which App-V 5.0 Infrastructure is Required - - -**Important**   -Both of the following models require the App-V 5.0 client to be installed on the computer where you plan to run virtual applications. - -You can also manage your App-V 5.0 environment using an Electronic Software Distribution (ESD) solution such as Microsoft Systems Center Configuration Manager. For more information see [Deploying App-V 5.0 Packages by Using Electronic Software Distribution (ESD)](deploying-app-v-50-packages-by-using-electronic-software-distribution--esd-.md). - - - -- **Standalone Model** - The standalone model allows virtual applications to be Windows Installer-enabled for distribution without streaming. App-V 5.0 in Standalone Mode consists of the sequencer and the client; no additional components are required. Applications are prepared for virtualization using a process called sequencing. For more information see, [Planning for the App-V 5.0 Sequencer and Client Deployment](planning-for-the-app-v-50-sequencer-and-client-deployment.md). The stand-alone model is recommended for the following scenarios: - - - With disconnected remote users who cannot connect to the App-V 5.0 infrastructure. - - - When you are running a software management system, such as Configuration Manager 2012. - - - When network bandwidth limitations inhibit electronic software distribution. - -- **Full Infrastructure Model** - The full infrastructure model provides for software distribution, management, and reporting capabilities; it also includes the streaming of applications across the network. The App-V 5.0 Full Infrastructure Model consists of one or more App-V 5.0 management servers. The Management Server can be used to publish applications to all clients. The publishing process places the virtual application icons and shortcuts on the target computer. It can also stream applications to local users. For more information about installing the management server see, [Planning for the App-V 5.0 Server Deployment](planning-for-the-app-v-50-server-deployment.md). The full infrastructure model is recommended for the following scenarios: - - **Important**   - The App-V 5.0 full infrastructure model requires Microsoft SQL Server to store configuration data. For more information see [App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md). - - - - - When you want to use the Management Server to publish the application to target computers. - - - For rapid provisioning of applications to target computers. - - - When you want to use App-V 5.0 reporting. - -## End-to-end Server Sizing Guidance - - -The following section provides information about end-to-end App-V 5.0 sizing and planning. For more specific information, refer to the subsequent sections. - -**Note**   -Round trip response time on the client is the time taken by the computer running the App-V 5.0 client to receive a successful notification from the publishing server. Round trip response time on the publishing server is the time taken by the computer running the publishing server to receive a successful package metadata update from the management server. - - - -- 20,000 clients can target a single publishing server to obtain the package refreshes in an acceptable round trip time. (<3 seconds) - -- A single management server can support up to 50 publishing servers for package metadata refreshes in an acceptable round trip time. (<5 seconds) - -## App-V 5.0 Management Server Capacity Planning Recommendations - - -The App-V 5.0 publishing servers require the management server for package refresh requests and package refresh responses. The management server then sends the information to the management database to retrieve information. For more information about App-V 5.0 management server supported configurations see [App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md). - -**Note**   -The default refresh time on the App-V 5.0 publishing server is ten minutes. - - - -When multiple simultaneous publishing servers contact a single management server for package metadata refreshes, the following three factors influence the round trip response time on the publishing server: - -1. Number of publishing servers making simultaneous requests. - -2. Number of connection groups configured on the management server. - -3. Number of access groups configured on the management server. - -The following table displays more information about each factor that impacts round trip time. - -**Note**   -Round trip response time is the time taken by the computer running the App-V 5.0 publishing server to receive a successful package metadata update from the management server. - - - - ---- - - - - - - - - - - - - - - - - - - - - -
Factors impacting round trip response timeMore Information

The number of publishing servers simultaneously requesting package metadata refreshes.

-
    -

  • A single management server can respond to up to 320 publishing servers requesting publishing metadata simultaneously.

    • -

  • Round trip response time for 320 pub servers is ~40 seconds.

    • -

  • For <50 publishing servers requesting metadata simultaneously, the round trip response time is <5 seconds.

    • -

  • From 50 to 320 publishing servers, the response time increases linearly (approximately 2x).

    • -

The number of connection groups configured on the management server.

-

-
    -

  • For up to 100 connection groups, there is no significant change in the round trip response time on the publishing server.

    • -

  • For 100 - 400 connection groups, there is a minor linear increase in the round trip response time.

    • -

The number of access groups configured on the management server.

-

-
    -

  • For up to 40 access groups, there is a linear (approximately 3x) increase in the round trip response time on the publishing server.

    • -
- - - -The following table displays sample values for each of the previous factors. In each variation, 120 packages are refreshed from the App-V 5.0management server. - - ---------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ScenarioVariationNumber of connection groupsNumber of access groupsNumber of publishing serversNetwork connection type publishing server / management serverRound trip response time on the publishing server (in seconds)CPU utilization on management server

Publishing servers simultaneously contacting management server for publishing metadata.

Number of publishing servers

-
    -

  • 0

    • -

  • 0

    • -

  • 0

    • -

  • 0

    • -

  • 0

    • -

  • 0

    • -

-
    -

  • 1

    • -

  • 1

    • -

  • 1

    • -

  • 1

    • -

  • 1

    • -

  • 1

    • -

-
    -

  • 50

    • -

  • 100

    • -

  • 200

    • -

  • 300

    • -

  • 315

    • -

  • 320

    • -

-
    -

  • LAN

    • -

  • LAN

    • -

  • LAN

    • -

  • LAN

    • -

  • LAN

    • -

  • LAN

    • -

-
    -

  • 5

    • -

  • 10

    • -

  • 19

    • -

  • 32

    • -

  • 30

    • -

  • 37

    • -

-
    -

  • 17

    • -

  • 17

    • -

  • 17

    • -

  • 15

    • -

  • 17

    • -

  • 15

    • -

Publishing metadata contains connection groups

Number of connection groups

-
    -

  • 10

    • -

  • 50

    • -

  • 100

    • -

  • 150

    • -

  • 300

    • -

  • 400

    • -

-
    -

  • 1

    • -

  • 1

    • -

  • 1

    • -

  • 1

    • -

  • 1

    • -

  • 1

    • -

-
    -

  • 100

    • -

  • 100

    • -

  • 100

    • -

  • 100

    • -

  • 100

    • -

  • 100

    • -

-
    -

  • LAN

    • -

  • LAN

    • -

  • LAN

    • -

  • LAN

    • -

  • LAN

    • -

  • LAN

    • -

-
    -

  • 10

    • -

  • 11

    • -

  • 11

    • -

  • 16

    • -

  • 22

    • -

  • 25

    • -

-
    -

  • 17

    • -

  • 19

    • -

  • 22

    • -

  • 19

    • -

  • 20

    • -

  • 20

    • -

Publishing metadata contains access groups

Number of access groups

-
    -

  • 0

    • -

  • 0

    • -

  • 0

    • -

  • 0

    • -

-
    -

  • 1

    • -

  • 10

    • -

  • 20

    • -

  • 40

    • -

-
    -

  • 100

    • -

  • 100

    • -

  • 100

    • -

  • 100

    • -

-
    -

  • LAN

    • -

  • LAN

    • -

  • LAN

    • -

  • LAN

    • -

-
    -

  • 10

    • -

  • 43

    • -

  • 153

    • -

  • 535

    • -

-
    -

  • 17

    • -

  • 26

    • -

  • 24

    • -

  • 24

    • -
- - - -The CPU utilization of the computer running the management server is around 25% irrespective of the number of publishing servers targeting it. The Microsoft SQL Server database transactions/sec, batch requests/sec and user connections are identical irrespective of the number of publishing servers. For example: Transactions/sec is ~30, batch requests ~200, and user connects ~6. - -Using a geographically distributed deployment, where the management server & publishing servers utilize a slow link network between them, the round trip response time on the publishing servers is within acceptable time limits (<5 seconds), even for 100 simultaneous requests on a single management server. - - ---------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ScenarioVariationNumber of connection groupsNumber of access groupsNumber of publishing serversNetwork connection type publishing server / management serverRound trip response time on the publishing server (in seconds)CPU utilization on management server

Network connection between the publishing server and management server

1.5 Mbps Slow link Network

-
    -

  • 0

    • -

  • 0

    • -

-
    -

  • 1

    • -

  • 1

    • -

-
    -

  • 50

    • -

  • 100

    • -

-
    -

  • 1.5Mbps Cable DSL

    • -

  • 1.5Mbps Cable DSL

    • -

-
    -

  • 4

    • -

  • 5

    • -

-
    -

  • 1

    • -

  • 2

    • -

Network connection between the publishing server and management server

LAN / WIFI Network

-
    -

  • 0

    • -

  • 0

    • -

-
    -

  • 1

    • -

  • 1

    • -

-
    -

  • 100

    • -

  • 200

    • -

-
    -

  • Wifi

    • -

  • Wifi

    • -

-
    -

  • 11

    • -

  • 20

    • -

-
    -

  • 15

    • -

  • 17

    • -
- - - -Whether the management server and publishing servers are connected over a slow link network, or a high speed network, the management server can handle approximately 15,000 package refresh requests in 30 minutes. - -## App-V 5.0 Reporting Server Capacity Planning Recommendations - - -App-V 5.0 clients send reporting data to the reporting server. The reporting server then records the information in the Microsoft SQL Server database and returns a successful notification back to the computer running App-V 5.0 client. For more information about App-V 5.0 Reporting Server supported configurations see [App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md). - -**Note**   -Round trip response time is the time taken by the computer running the App-V 5.0 client to send the reporting information to the reporting server and receive a successful notification from the reporting server. - - - - ---- - - - - - - - - - - - - - - - - - - - - -
ScenarioSummary

Multiple App-V 5.0 clients send reporting information to the reporting server simultaneously.

-
    -

  • Round trip response time from the reporting server is 2.6 seconds for 500 clients.

    • -

  • Round trip response time from the reporting server is 5.65 seconds for 1000 clients.

    • -

  • Round trip response time increases linearly depending on number of clients.

    • -

Requests per second processed by the reporting server.

-

-
    -

  • A single reporting server and a single database, can process a maximum of 139 requests per second. The average is 121 requests/second.

    • -

  • Using two reporting servers reporting to the same Microsoft SQL Server database, the average requests/second is similar to a single reporting server = ~127, with a max of 278 requests/second.

    • -

  • A single reporting server can process 500 concurrent/active connections.

    • -

  • A single reporting server can process a maximum 1500 concurrent connections.

    • -

Reporting Database.

-

-
    -

  • Lock contention on the computer running Microsoft SQL Server is the limiting factor for requests/second.

    • -

  • Throughput and response time are independent of database size.

    • -
- - - -**Calculating random delay**: - -The random delay specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between **0** and **ReportingRandomDelay** and will wait the specified duration before sending data. - -Random delay = 4 \* number of clients / average requests per second. - -Example: For 500 clients, with 120 requests per second, the Random delay is, 4 \* 500 / 120 = ~17 minutes. - -## App-V 5.0 Publishing Server Capacity Planning Recommendations - - -Computers running the App-V 5.0 client connect to the App-V 5.0 publishing server to send a publishing refresh request and to receive a response. Round trip response time is measured on the computer running the App-V 5.0 client. Processor time is measured on the publishing server. For more information about App-V 5.0 Publishing Server supported configurations see [App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md). - -**Important**   -The following list displays the main factors to consider when setting up the App-V 5.0 publishing server: - -- The number of clients connecting simultaneously to a single publishing server. - -- The number of packages in each refresh. - -- The available network bandwidth in your environment between the client and the App-V 5.0 publishing server. - - - - ---- - - - - - - - - - - - - - - - - - - - - -
ScenarioSummary

Multiple App-V 5.0 clients connect to a single publishing server simultaneously.

-
    -

  • A publishing server running dual core processors can respond to at most 5000 clients requesting a refresh simultaneously.

    • -

  • For 5000-10000 clients, the publishing server requires a minimum quad core.

    • -

  • For 10000-20000 clients, the publishing server should have dual quad cores for more efficient response times.

    • -

  • A publishing server with a quad core can refresh up to 10000 packages within 3 seconds. (Supporting 10000 simultaneous clients)

    • -

Number of packages in each refresh.

-

-
    -

  • Increasing number of packages will increase response time by ~40% (up to 1000 packages).

    • -

Network between the App-V 5.0 client and the publishing server.

-

-
    -

  • Across a slow network (1.5 Mbps bandwidth), there is a 97% increase in response time compared to LAN (up to 1000 users).

    • -
- - - -**Note**   -The publishing server CPU usage is always high during the time interval when it has to process simultaneous requests (>90% in most cases). The publishing server can handle ~1500 client requests in 1 second. - - - - ---------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ScenarioVariationNumber of App-V 5.0 clientsNumber of packagesProcessor configuration on the publishing serverNetwork connection type publishing server / App-V 5.0 clientRound trip time on the App-V 5.0 client (in seconds)CPU utilization on publishing server (in %)

App-V 5.0 client sends publishing refresh request & receives response, each request containing 120 packages

Number of clients

-
    -

  • 100

    • -

  • 1000

    • -

  • 5000

    • -

  • 10000

    • -

-
    -

  • 120

    • -

  • 120

    • -

  • 120

    • -

  • 120

    • -

-
    -

  • Dual Core

    • -

  • Dual Core

    • -

  • Quad Core

    • -

  • Quad Core

    • -

-
    -

  • LAN

    • -

  • LAN

    • -

  • LAN

    • -

  • LAN

    • -

-
    -

  • 1

    • -

  • 2

    • -

  • 2

    • -

  • 3

    • -

-
    -

  • 100

    • -

  • 99

    • -

  • 89

    • -

  • 77

    • -

Multiple packages in each refresh

Number of packages

-
    -

  • 1000

    • -

  • 1000

    • -

-
    -

  • 500

    • -

  • 1000

    • -

-
    -

  • Quad Core

    • -

  • Quad Core

    • -

-
    -

  • LAN

    • -

  • LAN

    • -

-
    -

  • 2

    • -

  • 3

    • -

-
    -

  • 92

    • -

  • 91

    • -

Network between client and publishing server

1.5 Mbps Slow link network

-
    -

  • 100

    • -

  • 500

    • -

  • 1000

    • -

-
    -

  • 120

    • -

  • 120

    • -

  • 120

    • -

-
    -

  • Quad Core

    • -

  • Quad Core

    • -

  • Quad Core

    • -

-
    -

  • 1.5 Mbps Intra-Continental Network

    • -

-
    -

  • 3

    • -

  • 10 (with 0.2% failure rate)

    • -

  • 17 (with 1% failure rate)

    • -

- - - -## App-V 5.0 Streaming Capacity Planning Recommendations - - -Computers running the App-V 5.0 client stream the virtual application package from the streaming server. Round trip response time is measured on the computer running the App-V 5.0 client, and is the time taken to stream the entire package. - -**Important**   -The following list identifies the main factors to consider when setting up the App-V 5.0 streaming server: - -- The number of clients streaming application packages simultaneously from a single streaming server. - -- The size of the package being streamed. - -- The available network bandwidth in your environment between the client and the streaming server. - - - - ---- - - - - - - - - - - - - - - - - - - - - -
ScenarioSummary

Multiple App-V 5.0 clients stream applications from a single streaming server simultaneously.

-
    -

  • If the number of clients simultaneously streaming from the same server increases, there is a linear relationship with the package download/streaming time.

    • -

Size of the package being streamed.

-

-
    -

  • The package size has a significant impact on the streaming/download time only for larger packages with a size ~ 1GB. For package sizes ranging from 3 MB to 100 MB, the streaming time ranges from 20 seconds to 100 seconds, with 100 simultaneous clients.

    • -

Network between the App-V 5.0 client and the streaming server.

-

-
    -

  • Across a slow network (1.5 Mbps bandwidth), there is a 70-80% increase in response time compared to LAN (up to 100 users).

    • -
- - - -The following table displays sample values for each of the factors in the previous list: - - -------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ScenarioVariationNumber of App-V 5.0 clientsSize of each packageNetwork connection type streaming server / App-V 5.0 clientRound trip time on the App-V 5.0 client (in seconds)

Multiple App-V 5.0 clients streaming virtual application packages from a streaming server.

Number of clients.

-
    -

  • 100

    • -

  • 200

    • -

  • 1000

    • -

    • -

  • 100

    • -

  • 200

    • -

  • 1000

    • -

-
    -

  • 3.5 MB

    • -

  • 3.5 MB

    • -

  • 3.5 MB

    • -

    • -

  • 5 MB

    • -

  • 5 MB

    • -

  • 5 MB

    • -

-
    -

  • LAN

    • -

  • LAN

    • -

  • LAN

    • -

    • -

  • LAN

    • -

  • LAN

    • -

  • LAN

    • -

-
    -

  • 29

    • -

  • 39

    • -

  • 391

    • -

    • -

  • 35

    • -

  • 68

    • -

  • 461

    • -

Size of each package being streamed.

Size of each package.

-
    -

  • 100

    • -

  • 200

    • -

    • -

  • 100

    • -

  • 200

    • -

-
    -

  • 21 MB

    • -

  • 21 MB

    • -

    • -

  • 109

    • -

  • 109

    • -

-
    -

  • LAN

    • -

  • LAN

    • -

    • -

  • LAN

    • -

  • LAN

    • -

-

33

-

83

-

-

100

-

160

Network connection between client and App-V 5.0 streaming server.

1.5 Mbps Slow link network.

-
    -

  • 100

    • -

    • -

  • 100

    • -

-
    -

  • 3.5 MB

    • -

    • -

  • 5 MB

    • -

-
    -

  • 1.5 Mbps Intra-Continental Network

    • -

-

102

-

-

121

- - - -Each App-V 5.0 streaming server should be able to handle a minimum of 200 clients concurrently streaming virtualized applications. - -**Note**   -The actual time to it will take to stream is determined primarily by the number of clients streaming simultaneously, number of packages, package size, the server’s network activity, and network conditions. - - - -For example, an average user can stream a 100 MB package in less than 2 minutes, when 100 simultaneous clients are streaming from the server. However, a package of size 1 GB could take up to 30 minutes. In most real world environments streaming demand is not uniformly distributed, you will need to understand the approximate peak streaming requirements present in your environment in order to properly size the number of required streaming servers. - -The number of clients a streaming server can support can be significantly increased and the peak streaming requirements reduced if you pre-cache your applications. You can also increase the number of clients a streaming server can support by using on-demand streaming delivery and stream optimized packages. - -## Combining App-V 5.0 Server Roles - - -Discounting scaling and fault-tolerance requirements, the minimum number of servers needed for a location with connectivity to Active Directory is one. This server will host the management server, management server service, and Microsoft SQL Server roles. Server roles, therefore, can be arranged in any desired combination since they do not conflict with one another. - -Ignoring scaling requirements, the minimum number of servers necessary to provide a fault-tolerant implementation is four. The management server, and Microsoft SQL Server roles support being placed in fault-tolerant configurations. The management server service can be combined with any of the roles, but remains a single point of failure. - -Although there are a number of fault-tolerance strategies and technologies available, not all are applicable to a given service. Additionally, if App-V 5.0 roles are combined, certain fault-tolerance options may no longer apply due to incompatibilities. - - - - - - -## Related topics - - -[App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md) - -[Planning for High Availability with App-V 5.0](planning-for-high-availability-with-app-v-50.md) - -[Planning to Deploy App-V](planning-to-deploy-app-v.md) - - - - - - - - - diff --git a/mdop/appv-v5/app-v-50-deployment-checklist.md b/mdop/appv-v5/app-v-50-deployment-checklist.md deleted file mode 100644 index 2b84226c10..0000000000 --- a/mdop/appv-v5/app-v-50-deployment-checklist.md +++ /dev/null @@ -1,94 +0,0 @@ ---- -title: App-V 5.0 Deployment Checklist -description: App-V 5.0 Deployment Checklist -author: dansimp -ms.assetid: d6d93152-82b4-4b02-8b11-ed21d3331f00 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# App-V 5.0 Deployment Checklist - - -This checklist can be used to help you during Microsoft Application Virtualization (App-V) 5.0 deployment. - -**Note** -This checklist outlines the recommended steps and a high-level list of items to consider when deploying App-V 5.0 features. It is recommended that you copy this checklist into a spreadsheet program and customize it for your use. - - - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TaskReferencesNotes
Checklist box

Complete the planning phase to prepare the computing environment for App-V 5.0 deployment.

App-V 5.0 Planning Checklist

Checklist box

Review the App-V 5.0 supported configurations information to make sure selected client and server computers are supported for App-V 5.0 feature installation.

App-V 5.0 Supported Configurations

Checklist box

Run App-V 5.0 Setup to deploy the required App-V 5.0 features for your environment.

-
-Note

Keep track of the names of the servers and associated URL’s created during installation. This information will be used throughout the installation process.

-
-
- -

-

- - - - - - - - -## Related topics - - -[Deploying App-V 5.0](deploying-app-v-50.md) - - - - - - - - - diff --git a/mdop/appv-v5/app-v-50-planning-checklist.md b/mdop/appv-v5/app-v-50-planning-checklist.md deleted file mode 100644 index 3eeb21f0b8..0000000000 --- a/mdop/appv-v5/app-v-50-planning-checklist.md +++ /dev/null @@ -1,101 +0,0 @@ ---- -title: App-V 5.0 Planning Checklist -description: App-V 5.0 Planning Checklist -author: dansimp -ms.assetid: 81d3fa62-3c9e-4de7-a9da-cd13112b0862 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# App-V 5.0 Planning Checklist - - -This checklist can be used to help you plan for preparing your computing environment for Microsoft Application Virtualization (App-V) 5.0 deployment. - -**Note**   -This checklist outlines the recommended steps and a high-level list of items to consider when planning for an App-V 5.0 deployment. It is recommended that you copy this checklist into a spreadsheet program and customize it for your use. - - - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TaskReferencesNotes
Checklist box

Review the getting started information about App-V 5.0 to gain a basic understanding of the product before beginning deployment planning.

Getting Started with App-V 5.0

Checklist box

Plan for App-V 5.0 1.0 Deployment Prerequisites and prepare your computing environment.

App-V 5.0 Prerequisites

Checklist box

If you plan to use the App-V 5.0 management server, plan for the required roles.

Planning for the App-V 5.0 Server Deployment

Checklist box

Plan for the App-V 5.0 sequencer and client so you to create and run virtualized applications.

Planning for the App-V 5.0 Sequencer and Client Deployment

Checklist box

If applicable, review the options and steps for migrating from a previous version of App-V.

Planning for Migrating from a Previous Version of App-V

Checklist box

Plan for running App-V 5.0 clients using in shared content store mode.

How to Install the App-V 5.0 Client for Shared Content Store Mode

- - - - - - - - -## Related topics - - -[Planning for App-V 5.0](planning-for-app-v-50-rc.md) - - - - - - - - - diff --git a/mdop/appv-v5/app-v-50-prerequisites.md b/mdop/appv-v5/app-v-50-prerequisites.md deleted file mode 100644 index 428a2cf5f8..0000000000 --- a/mdop/appv-v5/app-v-50-prerequisites.md +++ /dev/null @@ -1,391 +0,0 @@ ---- -title: App-V 5.0 Prerequisites -description: App-V 5.0 Prerequisites -author: dansimp -ms.assetid: 9756b571-c785-4ce6-a95c-d4e134e89429 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# App-V 5.0 Prerequisites - -Before you begin the Microsoft Application Virtualization (App-V) 5.0 Setup, you should make sure that you have met the prerequisites to install the product. This topic contains information to help you successfully plan for preparing your computing environment before you deploy the App-V 5.0 features. - -> [!Important] -> **The prerequisites in this article apply only to App-V 5.0**. For additional prerequisites that apply to App-V 5.0 Service Packs, see the following web pages: - -- [What's new in App-V 5.0 SP1](whats-new-in-app-v-50-sp1.md) - -- [About App-V 5.0 SP2](about-app-v-50-sp2.md) - -- [App-V 5.0 SP3 Prerequisites](app-v-50-sp3-prerequisites.md) - -The following table lists prerequisite information that pertains to specific operating systems. - - ---- - - - - - - - - - - - - - - - - -
Operating systemsPrerequisite description

Computers that are running:

-
    -

  • Windows 8

    • -

  • Windows Server 2012

    • -

The following prerequisites are already installed:

-
    -

  • Microsoft .NET Framework 4.5 – you do not need Microsoft .NET Framework 4

    • -

  • Windows PowerShell 3.0

    • -

Computers that are running:

-
    -

  • Windows 7

    • -

  • Windows Server 2008

    • -

You may want to download the following KB:

-

Microsoft Security Advisory: Insecure library loading could allow remote code execution

-

Be sure to check for subsequent KBs that have superseded this one, and note that some KBs may require that you uninstall previous updates.

- -## Installation prerequisites for App-V 5.0 - -> [!Note] -> The following prerequisites are already installed for computers that run Windows 8. - -Each of the App-V 5.0 features have specific prerequisites that must be met before the App-V 5.0 features can be successfully installed. - -### Prerequisites for the App-V 5.0 client - -The following table lists the installation prerequisites for the App-V 5.0 client: - - ---- - - - - - - - - - - - - -
PrerequisiteDetails

Software requirements

- -### Prerequisites for the App-V 5.0 Remote Desktop Services client - -> [!Note] -> The following prerequisites are already installed for computers that run Windows Server 2012. - -The following table lists the installation prerequisites for the App-V 5.0 Remote Desktop Services client: - - ---- - - - - - - - - - - - - -
PrerequisiteDetails

Software requirements

- -### Prerequisites for the App-V 5.0 Sequencer - -> [!Note] -> The following prerequisites are already installed for computers that run Windows 8 and Windows Server 2012. - -The following table lists the installation prerequisites for the App-V 5.0 Sequencer. If possible, the computer that runs the Sequencer should have the same hardware and software configurations as the computers that will run the virtual applications. - -> [!Note] -> If the system requirements of a locally installed application exceed the requirements of the Sequencer, you must meet the requirements of that application. Additionally, because the sequencing process is system resource-intensive, we recommend that the computer that runs the Sequencer has plenty of memory, a fast processor, and a fast hard drive. For more information see [App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md). - - ---- - - - - - - - - - - - - -
PrerequisiteDetails

Software requirements

- -### Prerequisites for the App-V 5.0 server - -> [!Note] -> The following prerequisites are already installed for computers that run Windows Server 2012: - -- Microsoft .NET Framework 4.5. This eliminates the Microsoft .NET Framework 4 requirement. - -- Windows PowerShell 3.0 - -- Download and install [KB2533623](https://support.microsoft.com/kb/2533623) (https://support.microsoft.com/kb/2533623) - - > [!Important] - > You can still download install the previous KB. However, it may have been replaced with a more recent version. - -The following table lists the installation prerequisites for the App-V 5.0 server. The account that you use to install the server components must have administrative rights on the computer that you are installing on. This account must also have the ability to query Active Directory Directory Services. Before you install and configure the App-V 5.0 servers, you must specify a port where each component will be hosted. You must also add the associated firewall rules to allow incoming requests to the specified ports. - -> [!Note] -> Web Distributed Authoring and Versioning (WebDAV) is automatically disabled for the Management Service. - -The App-V 5.0 server is supported for a standalone deployment, where all the components are deployed on the same server, and a distributed deployment. Depending on the topology that you use to deploy the App-V 5.0 server, the data that you will need for each component will slightly change. - -> [!Important] -> The installation of the App-V 5.0 server on a computer that runs any previous version or component of App-V is not supported. Additionally, the installation of the server components on a computer that runs Server Core or a Domain Controller is also not supported. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PrerequisiteDetails

Management Server

 -

The App-V 5.0 server components are dependent but they have varying requirements and installation options that must be deployed. Use the following information to prepare your environment to run the App-V 5.0 management server.

-
    -

  • Installation location - by default this component will be installed to: %PROGRAMFILES%\Microsoft Application Virtualization Server.

    • -

  • Location of the App-V 5.0 management database - SQL Server Name, SQL Instance Name, Database Name.

    • -

  • Access rights for the App-V 5.0 management console - This is the user or the group that should be granted access to the management console at the end of the deployment. After the deployment, only these users will have access to the management console until additional administrators are added through the management console.

    -
    -Note

    Security groups and single users are not supported. You must specify an AD DS group.

    -
    -
    - -
    • -

  • App-V 5.0 management service website name – specify a name for the website or use the default name.

    • -

  • App-V 5.0 management service port binding - this should be a unique port number that is not used by another website on the computer.

    • -

  • Support for Microsoft Silverlight– Microsoft Silverlight must be installed before the management console is available. While this is not a requirement for the deployment, the server must be able to support Microsoft Silverlight.

    • -

Management Database

-
-Note

The database is required only when using the App-V 5.0 management server.

-
-
- -
- -

The App-V 5.0 server components are dependent but they have varying requirements and installation options that must be deployed. Use the following information to prepare your environment to run the App-V 5.0 management database.

-
    -

  • Installation location - by default this component will be installed to %PROGRAMFILES%\Microsoft Application Virtualization Server.

    • -

  • Custom SQL Server instance name (if applicable) – the format should be INSTANCENAME, because the installation assumes that it is on the local machine. If you specify the name with the following format, SVR\INSTANCE will fail.

    • -

  • Custom App-V 5.0 database name (if applicable) – you must specify a unique database name. The default value for the management database is AppVManagement.

    • -

  • App-V 5.0 management server location – specifies the machine account on which the management server is deployed. This should be specified in the following format Domain\MachineAccount.

    • -

  • App-V 5.0 management server installation administrator - specifies the account that will be used to install the App-V 5.0 management server. You should use the following format: Domain\AdministratorLoginName.

    • -

  • Microsoft SQL Server Service Agent - configure the computer running the App-V 5.0 Management Database so that Microsoft SQL Server Agent service is restarted automatically. For more information see Configure SQL Server Agent to Restart Services Automatically

    • -

Reporting Server

    -

  • Microsoft .NET Framework 4 (Full Package)

    • -

  • Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)

    • -
  • -Note

    To help reduce the risk of unwanted or malicious data being sent to the reporting server, you should restrict access to the Reporting Web Service per your corporate security policy.

    -
    -
    - -
    -

    Windows Web Server with the IIS role with the following features: Common HTTP Features (static content and default document), Application Development (ASP.NET, .NET Extensibility, ISAPI Extensions and ISAPI Filters), Security (Windows Authentication, Request Filtering), Security (Windows Authentication, Request Filtering), Management Tools (IIS Management Console)

    • -

  • 64-bit ASP.NET registration

    • -

  • Installation location - by default this component is installed to %PROGRAMFILES%\Microsoft Application Virtualization Server.

    • -

  • App-V 5.0 reporting service website name – specifies the name of the website or the default name that will be used.

    • -

  • App-V 5.0 reporting service port binding - This should be a unique port number that is not already used by another website that runs on the computer.

    • -

Reporting Database

-
-Note

The database is required only when using the App-V 5.0 reporting server.

-
-
- -
- -

The App-V 5.0 server components are dependent but they have varying requirements and installation options that must be deployed. Use the following information to prepare your environment to run the App-V 5.0 reporting database.

-
    -

  • Installation location - by default this component will be installed to %PROGRAMFILES%\Microsoft Application Virtualization Server.

    • -

  • Custom SQL Server instance name (if applicable) – the format should be INSTANCENAME, because the installation assumes that it is on the local machine. If you specify the name with the following format, SVR\INSTANCE will fail.

    • -

  • Custom App-V 5.0 database name (if applicable) – you must specify a unique database name. The default value for the reporting database is AppVReporting.

    • -

  • App-V 5.0 reporting server location – specifies the machine account on which the reporting server is deployed. This should be specified in the following format Domain\MachineAccount.

    • -

  • App-V 5.0 reporting server installation administrator - specifies the account that will be used to install the App-V 5.0 reporting server. You should use the following format: Domain\AdministratorLoginName.

    • -

  • Microsoft SQL Server Service and the Microsoft SQL Server Agent Service – these services must be associated with user accounts that have access to query AD.

    • -

Publishing Server

    -

  • Microsoft .NET Framework 4 (Full Package)

    • -

  • Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)

    • -

  • Windows Web Server with the IIS role with the following features: Common HTTP Features (static content and default document), Application Development (ASP.NET, .NET Extensibility, ISAPI Extensions and ISAPI Filters), Security (Windows Authentication, Request Filtering), Security (Windows Authentication, Request Filtering), Management Tools (IIS Management Console)

    • -

  • 64-bit ASP.NET registration

    • -
-

The App-V 5.0 server components are dependent but they have varying requirements and installation options that must be deployed. Use the following information to prepare your environment to run the App-V 5.0 publishing server.

-
    -

  • Installation location - by default this component is installed to %PROGRAMFILES%\Microsoft Application Virtualization Server.

    • -

  • App-V 5.0 management service URL – specifies the URL of the App-V 5.0 management service. This is the port that the publishing server communicates with, and it should be specified using the following format: http://localhost:12345.

    • -

  • App-V 5.0 publishing service website name – specifies the name of the website or the default name that will be used.

    • -

  • App-V 5.0 publishing service port binding - This should be a unique port number that is not already used by another website that runs on the computer.

    • -
- -## Related topics - -[Planning to Deploy App-V](planning-to-deploy-app-v.md) - -[App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md) diff --git a/mdop/appv-v5/app-v-50-security-considerations.md b/mdop/appv-v5/app-v-50-security-considerations.md deleted file mode 100644 index 3425e93637..0000000000 --- a/mdop/appv-v5/app-v-50-security-considerations.md +++ /dev/null @@ -1,128 +0,0 @@ ---- -title: App-V 5.0 Security Considerations -description: App-V 5.0 Security Considerations -author: dansimp -ms.assetid: 1e7292a0-7972-4b4f-85a9-eaf33f6c563a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# App-V 5.0 Security Considerations - - -This topic contains a brief overview of the accounts and groups, log files, and other security-related considerations for App-V 5.0. - -**Important** -App-V 5.0 is not a security product and does not provide any guarantees for a secure environment. - - - -## PackageStoreAccessControl (PSAC) feature has been deprecated - - -Effective as of June, 2014, the PackageStoreAccessControl (PSAC) feature that was introduced in Microsoft Application Virtualization (App-V) 5.0 Service Pack 2 (SP2) has been deprecated in both single-user and multi-user environments. - -## General security considerations - - -**Understand the security risks.** The most serious risk to App-V 5.0 is that its functionality could be hijacked by an unauthorized user who could then reconfigure key data on App-V 5.0 clients. The loss of App-V 5.0 functionality for a short period of time due to a denial-of-service attack would not generally have a catastrophic impact. - -**Physically secure your computers**. Security is incomplete without physical security. Anyone with physical access to an App-V 5.0 server could potentially attack the entire client base. Any potential physical attacks must be considered high risk and mitigated appropriately. App-V 5.0 servers should be stored in a physically secure server room with controlled access. Secure these computers when administrators are not physically present by having the operating system lock the computer, or by using a secured screen saver. - -**Apply the most recent security updates to all computers**. To stay informed about the latest updates for operating systems, Microsoft SQL Server, and App-V 5.0, subscribe to the Security Notification service (). - -**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all App-V 5.0 and App-V 5.0 administrator accounts. Never use blank passwords. For more information about password concepts, see the “Account Passwords and Policies” white paper on TechNet (). - -## Accounts and groups in App-V 5.0 - - -A best practice for user account management is to create domain global groups and add user accounts to them. Then, add the domain global accounts to the necessary App-V 5.0 local groups on the App-V 5.0 servers. - -**Note** -App-V client computer accounts that need to connect to the publishing server must be part of the publishing server’s **Users** local group. By default, all computers in the domain are part of the **Authorized Users** group, which is part of the **Users** local group. - - - -### App-V 5.0 server security - -No groups are created automatically during App-V 5.0 Setup. You should create the following Active Directory Domain Services global groups to manage App-V 5.0 server operations. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
Group nameDetails

App-V Management Admin group

Used to manage the App-V 5.0 management server. This group is created during the App-V 5.0 Management Server installation.

-
-Important

There is no method to create the group using the management console after you have completed the installation.

-
-
- -

Database read/write for Management Service account

Provides read/write access to the management database. This account should be created during the App-V 5.0 management database installation.

App-V Management Service install admin account

-
-Note

This is only required if management database is being installed separately from the service.

-
-
- -

Provides public access to schema-version table in management database. This account should be created during the App-V 5.0 management database installation.

App-V Reporting Service install admin account

-
-Note

This is only required if reporting database is being installed separately from the service.

-
-
- -

Public access to schema-version table in reporting database. This account should be created during the App-V 5.0 reporting database installation.

- - - -Consider the following additional information: - -- Access to the package shares - If a share exists on the same computer as the management Server, the **Network** service requires read access to the share. In addition, each App-V client computer must have read access to the package share. - - **Note** - In previous versions of App-V, package share was referred to as content share. - - - -- Registering publishing servers with Management Server - A publishing server must be registered with the Management server. For example, it must be added to the database, so that the Publishing server machine accounts are able to call into the Management service API. - -### App-V 5.0 package security - -The following will help you plan how to ensure that virtualized packages are secure. - -- If an application installer applies an access control list (ACL) to a file or directory, then that ACL is not persisted in the package. When the package is deployed, if the file or directory is modified by a user it will either inherit the ACL in the **%userprofile%** or inherit the ACL of the target computer’s directory. The former case occurs if the file or directory does not exist in a virtual file system location; the latter case occurs if the file or directory exists in a virtual file system location, for example **%windir%**. - -## App-V 5.0 log files - - -During App-V 5.0 Setup, setup log files are created in the **%temp%** folder of the installing user. diff --git a/mdop/appv-v5/app-v-50-sp3-prerequisites.md b/mdop/appv-v5/app-v-50-sp3-prerequisites.md deleted file mode 100644 index 4b92ce66e0..0000000000 --- a/mdop/appv-v5/app-v-50-sp3-prerequisites.md +++ /dev/null @@ -1,659 +0,0 @@ ---- -title: App-V 5.0 SP3 Prerequisites -description: App-V 5.0 SP3 Prerequisites -author: dansimp -ms.assetid: fa8d5578-3a53-4e8a-95c7-e7a5f6e4a31c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# App-V 5.0 SP3 Prerequisites - - -Before installing Microsoft Application Virtualization (App-V) 5.0 SP3, ensure that you have installed all of the following required prerequisite software. - -For a list of supported operating systems and hardware requirements for the App-V Server, Sequencer, and Client, see [App-V 5.0 SP3 Supported Configurations](app-v-50-sp3-supported-configurations.md). - -## Summary of software preinstalled on each operating system - - -The following table indicates the software that is already installed for different operating systems. - - ---- - - - - - - - - - - - - - - - - - - - - -
Operating systemPrerequisite description

Windows 8.1

All of the prerequisite software is already installed.

Windows 8

-

Windows Server 2012

The following prerequisite software is already installed:

-
    -

  • Microsoft .NET Framework 4.5

    • -

  • Windows PowerShell 3.0

    -
    -Note

    Installing PowerShell 3.0 requires a restart.

    -
    -
    - -
    • -

Windows 7

The prerequisite software is not already installed. You must install it before you can install App-V.

- - - -## App-V Server prerequisite software - - -Install the required prerequisite software for the App-V 5.0 SP3 Server components. - -### What to know before you start - - ---- - - - - - - - - - - - - - - - - - - - - - - -

Account for installing the App-V Server

The account that you use to install the App-V Server components must have:

-
    -

  • Administrative rights on the computer on which you are installing the components.

    • -

  • The ability to query Active Directory Domain Services.

    • -

Port and firewall

    -

  • Specify a port where each component will be hosted.

    • -

  • Add the associated firewall rules to allow incoming requests to the specified ports.

    • -
-

Web Distributed Authoring and Versioning (WebDAV)

WebDAV is automatically disabled for the Management Service.

Supported deployment scenarios

    -

  • A stand-alone deployment, where all components are deployed on the same server.

    • -

  • A distributed deployment.

    • -

Unsupported deployment scenarios

    -

  • Installing the App-V Server on a computer that runs any previous version or component of App-V.

    • -

  • Installing the App-V server components on a computer that runs server core or domain controller.

    • -
- - - -### Management server prerequisite software - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Prerequisites and required settingsDetails

Supported version of SQL Server

For supported versions, see App-V 5.0 SP3 Supported Configurations.

Microsoft .NET Framework 4.5.1 (Web Installer)

Windows PowerShell 3.0

Installing PowerShell 3.0 requires a restart.

Download and install KB2533623

Applies to Windows 7 only.

Visual C++ Redistributable Packages for Visual Studio 2013

64-bit ASP.NET registration

Windows Server Web Server Role

This role must be added to a server operating system that is supported for the Management server.

Web Server (IIS) Management Tools

Click IIS Management Scripts and Tools.

Web Server Role Services

Common HTTP Features:

-
    -

  • Static Content

    • -

  • Default Document

    • -
-

Application Development:

-
    -

  • ASP.NET

    • -

  • .NET Extensibility

    • -

  • ISAPI Extensions

    • -

  • ISAPI Filters

    • -
-

Security:

-
    -

  • Windows Authentication

    • -

  • Request Filtering

    • -
-

Management Tools:

-
    -

  • IIS Management Console

    • -

Default installation location

%PROGRAMFILES%\Microsoft Application Virtualization Server

Location of the Management database

SQL Server database name, SQL Server database instance name, and database name.

Management console and Management database permissions

A user or group that can access the Management console and database after the deployment is complete. Only these users or groups will have access to the Management console and database unless additional administrators are added by using the Management console.

Management service website name

Name for the Management console website.

Management service port binding

Unique port number for the Management service. This port cannot be used by another process on the computer.

Microsoft Silverlight 5

The Management console is available only if Silverlight is installed.

- - - -### Management server database prerequisite software - -The Management database is required only if you are using the App-V 5.0 SP3 Management server. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Prerequisites and required settingsDetails

Microsoft .NET Framework 4.5.1 (Web Installer)

Visual C++ Redistributable Packages for Visual Studio 2013

Default installation location

%PROGRAMFILES%\Microsoft Application Virtualization Server

Custom SQL Server instance name (if applicable)

Format to use: INSTANCENAME

-

This format is based on the assumption that the installation is on the local computer.

-

If you specify the name with the format SVR\INSTANCE, the installation will fail.

Custom database name (if applicable)

Unique database name.

-

Default: AppVManagement

Management server location

Machine account on which the Management server is deployed.

-

Format to use: Domain\MachineAccount

Management server installation administrator

Account used to install the Management server.

-

Format to use: Domain\AdministratorLoginName

Microsoft SQL Server Service Agent

Configure the Management database computer so that the Microsoft SQL Server Agent service is restarted automatically. For instructions, see Configure SQL Server Agent to Restart Services Automatically.

- - - -### Publishing server prerequisite software - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Prerequisites and required settingsDetails

Microsoft .NET Framework 4.5.1 (Web Installer)

Visual C++ Redistributable Packages for Visual Studio 2013

64-bit ASP.NET registration

Windows Server Web Server Role

This role must be added to a server operating system that is supported for the Management server.

Web Server (IIS) Management Tools

Click IIS Management Scripts and Tools.

Web Server Role Services

Common HTTP Features:

-
    -

  • Static Content

    • -

  • Default Document

    • -
-

Application Development:

-
    -

  • ASP.NET

    • -

  • .NET Extensibility

    • -

  • ISAPI Extensions

    • -

  • ISAPI Filters

    • -
-

Security:

-
    -

  • Windows Authentication

    • -

  • Request Filtering

    • -
-

Management Tools:

-
    -

  • IIS Management Console

    • -

Default installation location

%PROGRAMFILES%\Microsoft Application Virtualization Server

Management service URL

URL of the App-V Management service. This is the port with which the Publishing server communicates.

- ---- - - - - - - - - - - - - - - - - -
Installation architectureFormat to use for the URL

Management server and Publishing server are installed on the same server

http://localhost:12345

Management server and Publishing server are installed on different servers

http://MyAppvServer.MyDomain.com

-

-

Publishing service website name

Name for the Publishing website.

Publishing service port binding

Unique port number for the Publishing service. This port cannot be used by another process on the computer.

- - - -### Reporting server prerequisite software - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Prerequisites and required settingsDetails

Supported version of SQL Server

For supported versions, see App-V 5.0 SP3 Supported Configurations.

Microsoft .NET Framework 4.5.1 (Web Installer)

Visual C++ Redistributable Packages for Visual Studio 2013

64-bit ASP.NET registration

Windows Server Web Server Role

This role must be added to a server operating system that is supported for the Management server.

Web Server (IIS) Management Tools

Click IIS Management Scripts and Tools.

Web Server Role Services

To reduce the risk of unwanted or malicious data being sent to the Reporting server, you should restrict access to the Reporting Web Service per your corporate security policy.

-

Common HTTP Features:

-
    -

  • Static Content

    • -

  • Default Document

    • -
-

Application Development:

-
    -

  • ASP.NET

    • -

  • .NET Extensibility

    • -

  • ISAPI Extensions

    • -

  • ISAPI Filters

    • -
-

Security:

-
    -

  • Windows Authentication

    • -

  • Request Filtering

    • -
-

Management Tools:

-
    -

  • IIS Management Console

    • -

Default installation location

%PROGRAMFILES%\Microsoft Application Virtualization Server

Reporting service website name

Name for the Reporting website.

Reporting service port binding

Unique port number for the Reporting service. This port cannot be used by another process on the computer.

- - - -### Reporting database prerequisite software - -The Reporting database is required only if you are using the App-V 5.0 SP3 Reporting server. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Prerequisites and required settingsDetails

Microsoft .NET Framework 4.5.1 (Web Installer)

Visual C++ Redistributable Packages for Visual Studio 2013

Default installation location

%PROGRAMFILES%\Microsoft Application Virtualization Server

Custom SQL Server instance name (if applicable)

Format to use: INSTANCENAME

-

This format is based on the assumption that the installation is on the local computer.

-

If you specify the name with the format SVR\INSTANCE, the installation will fail.

Custom database name (if applicable)

Unique database name.

-

Default: AppVReporting

Reporting server location

Machine account on which the Reporting server is deployed.

-

Format to use: Domain\MachineAccount

Reporting server installation administrator

Account used to install the Reporting server.

-

Format to use: Domain\AdministratorLoginName

Microsoft SQL Server Service and Microsoft SQL Server Service Agent

Configure these services to be associated with user accounts that have access to query AD DS.

- - - -## App-V client prerequisite software - - -Install the following prerequisite software for the App-V client. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
PrerequisiteDetails

Microsoft .NET Framework 4.5.1 (Web Installer)

Windows PowerShell 3.0

-

Installing PowerShell 3.0 requires a restart.

KB2533623

Applies to Windows 7 only: Download and install the KB.

Visual C++ Redistributable Packages for Visual Studio 2013

- - - -## Remote Desktop Services client prerequisite software - - -Install the following prerequisite software for the App-V Remote Desktop Services client. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
PrerequisiteDetails

Microsoft .NET Framework 4.5.1 (Web Installer)

Windows PowerShell 3.0

-

Installing PowerShell 3.0 requires a restart.

KB2533623

Applies to Windows 7 only: Download and install the KB.

Visual C++ Redistributable Packages for Visual Studio 2013

- - - -## Sequencer prerequisite software - - -**What to know before installing the prerequisites:** - -- Best practice: The computer that runs the Sequencer should have the same hardware and software configurations as the computers that will run the virtual applications. - -- The sequencing process is resource intensive, so make sure that the computer that runs the Sequencer has plenty of memory, a fast processor, and a fast hard drive. The system requirements of locally installed applications cannot exceed those of the Sequencer. For more information, see [App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md). - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
PrerequisiteDetails

Microsoft .NET Framework 4.5.1 (Web Installer)

Windows PowerShell 3.0

-

Installing PowerShell 3.0 requires a restart.

KB2533623

Applies to Windows 7 only: Download and install the KB.

Visual C++ Redistributable Packages for Visual Studio 2013

- - - - - - - - -## Related topics - - -[Planning for App-V 5.0](planning-for-app-v-50-rc.md) - -[App-V 5.0 SP3 Supported Configurations](app-v-50-sp3-supported-configurations.md) - - - - - - - - - diff --git a/mdop/appv-v5/app-v-50-sp3-supported-configurations.md b/mdop/appv-v5/app-v-50-sp3-supported-configurations.md deleted file mode 100644 index 8341bc668d..0000000000 --- a/mdop/appv-v5/app-v-50-sp3-supported-configurations.md +++ /dev/null @@ -1,467 +0,0 @@ ---- -title: App-V 5.0 SP3 Supported Configurations -description: App-V 5.0 SP3 Supported Configurations -author: dansimp -ms.assetid: 08ced79a-0ed3-43c3-82e7-de01c1f33e81 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# App-V 5.0 SP3 Supported Configurations - - -This topic specifies the requirements to install and run Microsoft Application Virtualization (App-V) 5.0 SP3 in your environment. - -## App-V Server system requirements - - -This section lists the operating system and hardware requirements for all of the App-V Server components. - -### Unsupported App-V 5.0 SP3 Server scenarios - -The App-V 5.0 SP3 Server does not support the following scenarios: - -- Deployment to a computer that runs Microsoft Windows Server Core. - -- Deployment to a computer that runs a previous version of App-V 5.0 SP3 Server components. You can install App-V 5.0 SP3 side by side with the App-V 4.5 Lightweight Streaming Server (LWS) server only. Deployment of App-V side by side with the App-V 4.5 Application Virtualization Management Service (HWS) server is not supported. - -- Deployment to a computer that runs Microsoft SQL Server Express edition. - -- Remote deployment of the management server database or the reporting database. You must run the installer directly on the computer that is running Microsoft SQL Server. - -- Deployment to a domain controller. - -- Short paths. If you plan to use a short path, you must create a new volume. - -### Management server operating system requirements - -The following table lists the operating systems that are supported for the App-V 5.0 SP3 Management server installation. - -**Note**   -Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). See [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976) for more information. - - - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
Operating systemService PackSystem architecture

Microsoft Windows Server 2012 R2

64-bit

Microsoft Windows Server 2012

64-bit

Microsoft Windows Server 2008 R2

SP1

64-bit

- - - -**Important**   -Deployment of the Management server role to a computer with Remote Desktop Sharing (RDS) enabled is not supported. - - - -### Management server hardware requirements - -- Processor—1.4 GHz or faster, 64-bit (x64) processor - -- RAM—1 GB RAM (64-bit) - -- Disk space—200 MB available hard disk space, not including the content directory - -### Management server database requirements - -The following table lists the SQL Server versions that are supported for the App-V 5.0 SP3 Management database installation. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
SQL Server versionService packSystem architecture

Microsoft SQL Server 2014

32-bit or 64-bit

Microsoft SQL Server 2012

SP2

32-bit or 64-bit

Microsoft SQL Server 2008 R2

SP3

32-bit or 64-bit

- - - -### Publishing server operating system requirements - -The following table lists the operating systems that are supported for the App-V 5.0 SP3 Publishing server installation. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
Operating systemService PackSystem architecture

Microsoft Windows Server 2012 R2

64-bit

Microsoft Windows Server 2012

64-bit

Microsoft Windows Server 2008 R2

SP1

64-bit

- - - -### Publishing server hardware requirements - -App-V adds no additional requirements beyond those of Windows Server. - -- Processor—1.4 GHz or faster, 64-bit (x64) processor - -- RAM—2 GB RAM (64-bit) - -- Disk space—200 MB available hard disk space, not including the content directory - -### Reporting server operating system requirements - -The following table lists the operating systems that are supported for the App-V 5.0 SP3 Reporting server installation. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
Operating systemService PackSystem architecture

Microsoft Windows Server 2012 R2

64-bit

Microsoft Windows Server 2012

64-bit

Microsoft Windows Server 2008 R2

SP1

64-bit

- - - -### Reporting server hardware requirements - -App-V adds no additional requirements beyond those of Windows Server. - -- Processor—1.4 GHz or faster, 64-bit (x64) processor - -- RAM—2 GB RAM (64-bit) - -- Disk space—200 MB available hard disk space - -### Reporting server database requirements - -The following table lists the SQL Server versions that are supported for the App-V 5.0 SP3 Reporting database installation. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
SQL Server versionService packSystem architecture

Microsoft SQL Server 2014

32-bit or 64-bit

Microsoft SQL Server 2012

SP2

32-bit or 64-bit

Microsoft SQL Server 2008 R2

SP3

32-bit or 64-bit

- - - -## App-V client system requirements - - -The following table lists the operating systems that are supported for the App-V 5.0 SP3 client installation. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
Operating systemService packSystem architecture

Microsoft Windows 8.1

32-bit or 64-bit

Microsoft Windows 8

32-bit or 64-bit

Windows 7

SP1

32-bit or 64-bit

- - - -The following App-V client installation scenarios are not supported, except as noted: - -- Computers that run Windows Server - -- Computers that run App-V 4.6 SP1 or earlier versions - -- The App-V 5.0 SP3 Remote Desktop services client is supported only for RDS-enabled servers - -### App-V client hardware requirements - -The following list displays the supported hardware configuration for the App-V 5.0 SP3 client installation. - -- Processor— 1.4 GHz or faster 32-bit (x86) or 64-bit (x64) processor - -- RAM— 1 GB (32-bit) or 2 GB (64-bit) - -- Disk— 100 MB for installation, not including the disk space that is used by virtualized applications. - -## Remote Desktop Services client system requirements - - -The following table lists the operating systems that are supported for App-V 5.0 SP3 Remote Desktop Services (RDS) client installation. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
Operating systemService PackSystem architecture

Microsoft Windows Server 2012 R2

64-bit

Microsoft Windows Server 2012

64-bit

Microsoft Windows Server 2008 R2

SP1

64-bit

- - - -### Remote Desktop Services client hardware requirements - -App-V adds no additional requirements beyond those of Windows Server. - -- Processor—1.4 GHz or faster, 64-bit (x64) processor - -- RAM—2 GB RAM (64-bit) - -- Disk space—200 MB available hard disk space - -## Sequencer system requirements - - -The following table lists the operating systems that are supported for the App-V 5.0 SP3 Sequencer installation. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating systemService packSystem architecture

Microsoft Windows Server 2012 R2

64-bit

Microsoft Windows Server 2012

64-bit

Microsoft Windows Server 2008 R2

SP1

64-bit

Microsoft Windows 8.1

32-bit and 64-bit

Microsoft Windows 8

32-bit and 64-bit

Microsoft Windows 7

SP1

32-bit and 64-bit

- - - -### Sequencer hardware requirements - -See the Windows or Windows Server documentation for the hardware requirements. App-V adds no additional hardware requirements. - -## Supported versions of System Center Configuration Manager - - -The App-V client supports the following versions of System Center Configuration Manager: - -- Microsoft System Center 2012 Configuration Manager - -- System Center 2012 R2 Configuration Manager - -- System Center 2012 R2 Configuration Manager SP1 - -For more information about how Configuration Manager integrates with App-V, see [Planning for App-V Integration with Configuration Manager](https://technet.microsoft.com/library/jj822982.aspx). - - - - - - -## Related topics - - -[Planning to Deploy App-V](planning-to-deploy-app-v.md) - -[App-V 5.0 SP3 Prerequisites](app-v-50-sp3-prerequisites.md) - - - - - - - - - diff --git a/mdop/appv-v5/app-v-50-supported-configurations.md b/mdop/appv-v5/app-v-50-supported-configurations.md deleted file mode 100644 index 4b23a3738a..0000000000 --- a/mdop/appv-v5/app-v-50-supported-configurations.md +++ /dev/null @@ -1,532 +0,0 @@ ---- -title: App-V 5.0 Supported Configurations -description: App-V 5.0 Supported Configurations -author: dansimp -ms.assetid: 3787ff63-7ce7-45a8-8f01-81b4b6dced34 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# App-V 5.0 Supported Configurations - - -This topic specifies the requirements that are necessary to install and run Microsoft Application Virtualization (App-V) 5.0 in your environment. - -**Important** -**The supported configurations in this article apply only to App-V 5.0**. For supported configurations that apply to App-V 5.0 Service Packs, see the following web pages: - -- [What's new in App-V 5.0 SP1](whats-new-in-app-v-50-sp1.md) - -- [About App-V 5.0 SP2](about-app-v-50-sp2.md) - -- [App-V 5.0 SP3 Supported Configurations](app-v-50-sp3-supported-configurations.md) - - - -## App-V 5.0 server system requirements - - -**Important** -The App-V 5.0 server does not support the following scenarios: - - - -- Deployment to a computer that runs Microsoft Windows Server Core. - -- Deployment to a computer that runs a previous version of App-V 5.0 server components. - - **Note** - You can install App-V 5.0 side-by-side with the App-V 4.5 Lightweight Streaming Server (LWS) server only. Deployment of App-V 5.0 side-by-side with the App-V 4.5 Application Virtualization Management Service (HWS) server is not supported. - - - -- Deployment to a computer that runs Microsoft SQL Server Express edition. - -- Remote deployment of the management server database or the reporting database. The installer must be run directly on the computer running Microsoft SQL for the database installation to succeed. - -- Deployment to a domain controller. - -- Short paths are not supported. If you plan to use a short path you must create a new volume. - -### Management Server operating system requirements - -The following table lists the operating systems that are supported for the App-V 5.0 management server installation. - -**Note** -Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976). - - - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating systemEditionService packSystem architecture

Microsoft Windows Server 2008 (Standard, Enterprise, Datacenter, or Web Server)

R2

SP1 and higher

64-bit

Microsoft Windows Server 2012 (Standard, Datacenter)

64-bit

Microsoft Windows Server 2012 (Standard, Datacenter)

R2

64-bit

- - - -**Important** -Deployment of the management server role to a computer with Remote Desktop Sharing (RDS) enabled is not supported. - - - -### Management Server hardware requirements - -- Processor—1.4 GHz or faster, 64-bit (x64) processor - -- RAM— 1 GB RAM (64-bit) - -- Disk space—200 MB available hard disk space, not including the content directory. - -### Publishing Server operating system requirements - -The following table lists the operating systems that are supported for the App-V 5.0 publishing server installation. - -**Note** -Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976). - - - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating systemEditionService packSystem architecture

Microsoft Windows Server 2008 (Standard, Enterprise, Datacenter, or Web Server)

R2

64-bit

Microsoft Windows Server 2012 (Standard, Datacenter)

64-bit

Microsoft Windows Server 2012 (Standard, Datacenter)

R2

64-bit

- - - -### Publishing Server hardware requirements - -- Processor—1.4 GHz or faster. 64-bit (x64) processor - -- RAM— 2 GB RAM (64-bit) - -- Disk space—200 MB available hard disk space. not including content directory - -### Reporting Server operating system requirements - -The following table lists the operating systems that are supported for the App-V 5.0 reporting server installation. - -**Note** -Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976). - - - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating systemEditionService PackSystem architecture

Microsoft Windows Server 2008 (Standard, Enterprise, Datacenter, or Web Server)

R2

64-bit

Microsoft Windows Server 2012 (Standard, Datacenter)

64-bit

Microsoft Windows Server 2012 (Standard, Datacenter)

R2

64-bit

- - - -### Reporting Server hardware requirements - -- Processor—1.4 GHz or faster. 64-bit (x64) processor - -- RAM—2 GB RAM (64-bit) - -- Disk space—200 MB available hard disk space - -### SQL Server database requirements - -The following table lists the SQL Server versions that are supported for the App-V 5.0 database and server installation. - - ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
App-V 5.0 server typeSQL Server versionEditionService packSystem architecture

Management / Reporting

Microsoft SQL Server 2008

-

(Standard, Enterprise, Datacenter, or the Developer Edition with the following feature: Database Engine Services.)

32-bit or 64-bit

Management / Reporting

Microsoft SQL Server 2008

-

(Standard, Enterprise, Datacenter, or the Developer Edition with the following feature: Database Engine Services.)

R2

SP2

32-bit or 64-bit

Management / Reporting

Microsoft SQL Server 2012

-

(Standard, Enterprise, Datacenter, or the Developer Edition with the following feature: Database Engine Services.)

32-bit or 64-bit

- - - -## App-V 5.0 client system requirements - - -The following table lists the operating systems that are supported for the App-V 5.0 client installation. - -**Note** -Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976). - - - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
Operating systemService packSystem architecture

Microsoft Windows 7

SP1

32-bit or 64-bit

Microsoft Windows 8

32-bit or 64-bit

-Important

Windows 8.1 is only supported by App-V 5.0 SP2

-
-
- -
-

Windows 8.1

32-bit or 64-bit

- - - -The following App-V client installation scenarios are not supported, except as noted: - -- Computers that run Windows Server - -- Computers that run App-V 4.6 SP1 or earlier versions - -- The App-V 5.0 Remote Desktop services client is supported only for RDS-enabled servers - -### Client hardware requirements - -The following list displays the supported hardware configuration for the App-V 5.0 client installation. - -- Processor— 1.4 GHz or faster 32-bit (x86) or 64-bit (x64) processor - -- RAM— 1 GB (32-bit) or 2 GB (64-bit) - -- Disk— 100 MB for installation, not including the disk space that is used by virtualized applications. - -## App-V 5.0 Remote Desktop client system requirements - - -The following table lists the operating systems that are supported for App-V 5.0 Remote Desktop client installation. - -**Note** -Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976). - - - -Operating system -Edition -Service pack -Microsoft Windows Server 2008 - -R2 - -SP1 - -Microsoft Windows Server 2012 - -**Important** -Windows Server 2012 R2 is only supported by App-V 5.0 SP2 - - - -Microsoft Windows Server 2012 (Standard, Datacenter) - -R2 - -64-bit - - - -### Remote Desktop client hardware requirements - -The following list displays the supported hardware configuration for the App-V 5.0 client installation. - -- Processor— 1.4 GHz or faster 32-bit (x86) or 64-bit (x64) processor - -- RAM— 1 GB (32-bit) or 2 GB (64-bit) - -- Disk— 100 MB for installation, not including the disk space that is used by virtualized applications. - -## App-V 5.0 Sequencer system requirements - - -The following table lists the operating systems that are supported for App-V 5.0 Sequencer installation. - -**Note** -Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976). - - - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating systemEditionService packSystem architecture

Microsoft Windows 7

SP1

32-bit and 64-bit

Microsoft Windows 8

32-bit and 64-bit

-Important

Windows 8.1 is only supported by App-V 5.0 SP2

-
-
- -
-

Windows 8.1

32-bit or 64-bit

Microsoft Windows Server 2008

R2

SP1

32-bit and 64-bit

Microsoft Windows Server 2012

32-bit and 64-bit

-Important

Windows Server 2012 R2 is only supported by App-V 5.0 SP2

-
-
- -
-

Microsoft Windows Server 2012

R2

64-bit

- - - -## Supported versions of System Center Configuration Manager - - -You can use Microsoft System Center 2012 Configuration Manager or System Center 2012 R2 Configuration Manager to manage App-V virtual applications, reporting, and other functions. The following table lists the supported versions of Configuration Manager for each applicable version of App-V. - - ---- - - - - - - - - - - - - - - - - -
Supported Configuration Manager versionApp-V version

Microsoft System Center 2012 Configuration Manager

    -

  • App-V 5.0

    • -

  • App-V 5.0 SP1

    • -

  • App-V 5.0 SP2

    • -

System Center 2012 R2 Configuration Manager

    -

  • App-V 5.0

    • -

  • App-V 5.0 SP1

    • -

  • App-V 5.0 SP2

    • -
- - - -For more information about how Configuration Manager integrates with App-V, see [Planning for App-V Integration with Configuration Manager](https://technet.microsoft.com/library/jj822982.aspx). - - - - - - -## Related topics - - -[Planning to Deploy App-V](planning-to-deploy-app-v.md) - -[App-V 5.0 Prerequisites](app-v-50-prerequisites.md) - - - - - - - - - diff --git a/mdop/appv-v5/app-v-51-capacity-planning.md b/mdop/appv-v5/app-v-51-capacity-planning.md deleted file mode 100644 index 0473ec9858..0000000000 --- a/mdop/appv-v5/app-v-51-capacity-planning.md +++ /dev/null @@ -1,963 +0,0 @@ ---- -title: App-V 5.1 Capacity Planning -description: App-V 5.1 Capacity Planning -author: dansimp -ms.assetid: 7a98062f-5a60-49d6-ab40-dc6057e1dd5a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# App-V 5.1 Capacity Planning - - -The following recommendations can be used as a baseline to help determine capacity planning information that is appropriate to your organization’s App-V 5.1 infrastructure. - -**Important**   -Use the information in this section only as a general guide for planning your App-V 5.1 deployment. Your system capacity requirements will depend on the specific details of your hardware and application environment. Additionally, the performance numbers displayed in this document are examples and your results may vary. - - - -## Determine the Project Scope - - -Before you design the App-V 5.1 infrastructure, you must determine the project’s scope. The scope consists of determining which applications will be available virtually and to also identify the target users, and their locations. This information will help determine what type of App-V 5.1 infrastructure should be implemented. Decisions about the scope of the project must be based on the specific needs of your organization. - - ---- - - - - - - - - - - - - - - - - -
TaskMore Information

Determine Application Scope

Depending on the applications to be virtualized, the App-V 5.1 infrastructure can be set up in different ways. The first task is to define what applications you want to virtualize.

Determine Location Scope

Location scope refers to the physical locations (for example, enterprise-wide or a specific geographic location) where you plan to run the virtualized applications. It can also refer to the user population (for example, a single department) who will run the virtual applications. You should obtain a network map that includes the connection paths as well as available bandwidth to each location and the number of users using virtualized applications and the WAN link speed.

- - - -## Determine Which App-V 5.1 Infrastructure is Required - - -**Important**   -Both of the following models require the App-V 5.1 client to be installed on the computer where you plan to run virtual applications. - -You can also manage your App-V 5.1 environment using an Electronic Software Distribution (ESD) solution such as Microsoft Systems Center Configuration Manager. For more information see [How to deploy App-V 5.1 Packages Using Electronic Software Distribution](how-to-deploy-app-v-51-packages-using-electronic-software-distribution.md). - - - -- **Standalone Model** - The standalone model allows virtual applications to be Windows Installer-enabled for distribution without streaming. App-V 5.1 in Standalone Mode consists of the sequencer and the client; no additional components are required. Applications are prepared for virtualization using a process called sequencing. For more information see, [Planning for the App-V 5.1 Sequencer and Client Deployment](planning-for-the-app-v-51-sequencer-and-client-deployment.md). The stand-alone model is recommended for the following scenarios: - - - With disconnected remote users who cannot connect to the App-V 5.1 infrastructure. - - - When you are running a software management system, such as Configuration Manager 2012. - - - When network bandwidth limitations inhibit electronic software distribution. - -- **Full Infrastructure Model** - The full infrastructure model provides for software distribution, management, and reporting capabilities; it also includes the streaming of applications across the network. The App-V 5.1 Full Infrastructure Model consists of one or more App-V 5.1 management servers. The Management Server can be used to publish applications to all clients. The publishing process places the virtual application icons and shortcuts on the target computer. It can also stream applications to local users. For more information about installing the management server see, [Planning for the App-V 5.1 Server Deployment](planning-for-the-app-v-51-server-deployment.md). The full infrastructure model is recommended for the following scenarios: - - **Important**   - The App-V 5.1 full infrastructure model requires Microsoft SQL Server to store configuration data. For more information see [App-V 5.1 Supported Configurations](app-v-51-supported-configurations.md). - - - - - When you want to use the Management Server to publish the application to target computers. - - - For rapid provisioning of applications to target computers. - - - When you want to use App-V 5.1 reporting. - -## End-to-end Server Sizing Guidance - - -The following section provides information about end-to-end App-V 5.1 sizing and planning. For more specific information, refer to the subsequent sections. - -**Note**   -Round trip response time on the client is the time taken by the computer running the App-V 5.1 client to receive a successful notification from the publishing server. Round trip response time on the publishing server is the time taken by the computer running the publishing server to receive a successful package metadata update from the management server. - - - -- 20,000 clients can target a single publishing server to obtain the package refreshes in an acceptable round trip time. (<3 seconds) - -- A single management server can support up to 50 publishing servers for package metadata refreshes in an acceptable round trip time. (<5 seconds) - -## App-V 5.1 Management Server Capacity Planning Recommendations - - -The App-V 5.1 publishing servers require the management server for package refresh requests and package refresh responses. The management server then sends the information to the management database to retrieve information. For more information about App-V 5.1 management server supported configurations see [App-V 5.1 Supported Configurations](app-v-51-supported-configurations.md). - -**Note**   -The default refresh time on the App-V 5.1 publishing server is ten minutes. - - - -When multiple simultaneous publishing servers contact a single management server for package metadata refreshes, the following three factors influence the round trip response time on the publishing server: - -1. Number of publishing servers making simultaneous requests. - -2. Number of connection groups configured on the management server. - -3. Number of access groups configured on the management server. - -The following table displays more information about each factor that impacts round trip time. - -**Note**   -Round trip response time is the time taken by the computer running the App-V 5.1 publishing server to receive a successful package metadata update from the management server. - - - - ---- - - - - - - - - - - - - - - - - - - - - -
Factors impacting round trip response timeMore Information

The number of publishing servers simultaneously requesting package metadata refreshes.

-
    -

  • A single management server can respond to up to 320 publishing servers requesting publishing metadata simultaneously.

    • -

  • Round trip response time for 320 pub servers is ~40 seconds.

    • -

  • For <50 publishing servers requesting metadata simultaneously, the round trip response time is <5 seconds.

    • -

  • From 50 to 320 publishing servers, the response time increases linearly (approximately 2x).

    • -

The number of connection groups configured on the management server.

-

-
    -

  • For up to 100 connection groups, there is no significant change in the round trip response time on the publishing server.

    • -

  • For 100 - 400 connection groups, there is a minor linear increase in the round trip response time.

    • -

The number of access groups configured on the management server.

-

-
    -

  • For up to 40 access groups, there is a linear (approximately 3x) increase in the round trip response time on the publishing server.

    • -
- - - -The following table displays sample values for each of the previous factors. In each variation, 120 packages are refreshed from the App-V 5.1management server. - - ---------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ScenarioVariationNumber of connection groupsNumber of access groupsNumber of publishing serversNetwork connection type publishing server / management serverRound trip response time on the publishing server (in seconds)CPU utilization on management server

Publishing servers simultaneously contacting management server for publishing metadata.

Number of publishing servers

-
    -

  • 0

    • -

  • 0

    • -

  • 0

    • -

  • 0

    • -

  • 0

    • -

  • 0

    • -

-
    -

  • 1

    • -

  • 1

    • -

  • 1

    • -

  • 1

    • -

  • 1

    • -

  • 1

    • -

-
    -

  • 50

    • -

  • 100

    • -

  • 200

    • -

  • 300

    • -

  • 315

    • -

  • 320

    • -

-
    -

  • LAN

    • -

  • LAN

    • -

  • LAN

    • -

  • LAN

    • -

  • LAN

    • -

  • LAN

    • -

-
    -

  • 5

    • -

  • 10

    • -

  • 19

    • -

  • 32

    • -

  • 30

    • -

  • 37

    • -

-
    -

  • 17

    • -

  • 17

    • -

  • 17

    • -

  • 15

    • -

  • 17

    • -

  • 15

    • -

Publishing metadata contains connection groups

Number of connection groups

-
    -

  • 10

    • -

  • 50

    • -

  • 100

    • -

  • 150

    • -

  • 300

    • -

  • 400

    • -

-
    -

  • 1

    • -

  • 1

    • -

  • 1

    • -

  • 1

    • -

  • 1

    • -

  • 1

    • -

-
    -

  • 100

    • -

  • 100

    • -

  • 100

    • -

  • 100

    • -

  • 100

    • -

  • 100

    • -

-
    -

  • LAN

    • -

  • LAN

    • -

  • LAN

    • -

  • LAN

    • -

  • LAN

    • -

  • LAN

    • -

-
    -

  • 10

    • -

  • 11

    • -

  • 11

    • -

  • 16

    • -

  • 22

    • -

  • 25

    • -

-
    -

  • 17

    • -

  • 19

    • -

  • 22

    • -

  • 19

    • -

  • 20

    • -

  • 20

    • -

Publishing metadata contains access groups

Number of access groups

-
    -

  • 0

    • -

  • 0

    • -

  • 0

    • -

  • 0

    • -

-
    -

  • 1

    • -

  • 10

    • -

  • 20

    • -

  • 40

    • -

-
    -

  • 100

    • -

  • 100

    • -

  • 100

    • -

  • 100

    • -

-
    -

  • LAN

    • -

  • LAN

    • -

  • LAN

    • -

  • LAN

    • -

-
    -

  • 10

    • -

  • 43

    • -

  • 153

    • -

  • 535

    • -

-
    -

  • 17

    • -

  • 26

    • -

  • 24

    • -

  • 24

    • -
- - - -The CPU utilization of the computer running the management server is around 25% irrespective of the number of publishing servers targeting it. The Microsoft SQL Server database transactions/sec, batch requests/sec and user connections are identical irrespective of the number of publishing servers. For example: Transactions/sec is ~30, batch requests ~200, and user connects ~6. - -Using a geographically distributed deployment, where the management server & publishing servers utilize a slow link network between them, the round trip response time on the publishing servers is within acceptable time limits (<5 seconds), even for 100 simultaneous requests on a single management server. - - ---------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ScenarioVariationNumber of connection groupsNumber of access groupsNumber of publishing serversNetwork connection type publishing server / management serverRound trip response time on the publishing server (in seconds)CPU utilization on management server

Network connection between the publishing server and management server

1.5 Mbps Slow link Network

-
    -

  • 0

    • -

  • 0

    • -

-
    -

  • 1

    • -

  • 1

    • -

-
    -

  • 50

    • -

  • 100

    • -

-
    -

  • 1.5Mbps Cable DSL

    • -

  • 1.5Mbps Cable DSL

    • -

-
    -

  • 4

    • -

  • 5

    • -

-
    -

  • 1

    • -

  • 2

    • -

Network connection between the publishing server and management server

LAN / WIFI Network

-
    -

  • 0

    • -

  • 0

    • -

-
    -

  • 1

    • -

  • 1

    • -

-
    -

  • 100

    • -

  • 200

    • -

-
    -

  • Wifi

    • -

  • Wifi

    • -

-
    -

  • 11

    • -

  • 20

    • -

-
    -

  • 15

    • -

  • 17

    • -
- - - -Whether the management server and publishing servers are connected over a slow link network, or a high speed network, the management server can handle approximately 15,000 package refresh requests in 30 minutes. - -## App-V 5.1 Reporting Server Capacity Planning Recommendations - - -App-V 5.1 clients send reporting data to the reporting server. The reporting server then records the information in the Microsoft SQL Server database and returns a successful notification back to the computer running App-V 5.1 client. For more information about App-V 5.1 Reporting Server supported configurations see [App-V 5.1 Supported Configurations](app-v-51-supported-configurations.md). - -**Note**   -Round trip response time is the time taken by the computer running the App-V 5.1 client to send the reporting information to the reporting server and receive a successful notification from the reporting server. - - - - ---- - - - - - - - - - - - - - - - - - - - - -
ScenarioSummary

Multiple App-V 5.1 clients send reporting information to the reporting server simultaneously.

-
    -

  • Round trip response time from the reporting server is 2.6 seconds for 500 clients.

    • -

  • Round trip response time from the reporting server is 5.65 seconds for 1000 clients.

    • -

  • Round trip response time increases linearly depending on number of clients.

    • -

Requests per second processed by the reporting server.

-

-
    -

  • A single reporting server and a single database, can process a maximum of 139 requests per second. The average is 121 requests/second.

    • -

  • Using two reporting servers reporting to the same Microsoft SQL Server database, the average requests/second is similar to a single reporting server = ~127, with a max of 278 requests/second.

    • -

  • A single reporting server can process 500 concurrent/active connections.

    • -

  • A single reporting server can process a maximum 1500 concurrent connections.

    • -

Reporting Database.

-

-
    -

  • Lock contention on the computer running Microsoft SQL Server is the limiting factor for requests/second.

    • -

  • Throughput and response time are independent of database size.

    • -
- - - -**Calculating random delay**: - -The random delay specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between **0** and **ReportingRandomDelay** and will wait the specified duration before sending data. - -Random delay = 4 \* number of clients / average requests per second. - -Example: For 500 clients, with 120 requests per second, the Random delay is, 4 \* 500 / 120 = ~17 minutes. - -## App-V 5.1 Publishing Server Capacity Planning Recommendations - - -Computers running the App-V 5.1 client connect to the App-V 5.1 publishing server to send a publishing refresh request and to receive a response. Round trip response time is measured on the computer running the App-V 5.1 client. Processor time is measured on the publishing server. For more information about App-V 5.1 Publishing Server supported configurations see [App-V 5.1 Supported Configurations](app-v-51-supported-configurations.md). - -**Important**   -The following list displays the main factors to consider when setting up the App-V 5.1 publishing server: - -- The number of clients connecting simultaneously to a single publishing server. - -- The number of packages in each refresh. - -- The available network bandwidth in your environment between the client and the App-V 5.1 publishing server. - - - - ---- - - - - - - - - - - - - - - - - - - - - -
ScenarioSummary

Multiple App-V 5.1 clients connect to a single publishing server simultaneously.

-
    -

  • A publishing server running dual core processors can respond to at most 5000 clients requesting a refresh simultaneously.

    • -

  • For 5000-10000 clients, the publishing server requires a minimum quad core.

    • -

  • For 10000-20000 clients, the publishing server should have dual quad cores for more efficient response times.

    • -

  • A publishing server with a quad core can refresh up to 10000 packages within 3 seconds. (Supporting 10000 simultaneous clients)

    • -

Number of packages in each refresh.

-

-
    -

  • Increasing number of packages will increase response time by ~40% (up to 1000 packages).

    • -

Network between the App-V 5.1 client and the publishing server.

-

-
    -

  • Across a slow network (1.5 Mbps bandwidth), there is a 97% increase in response time compared to LAN (up to 1000 users).

    • -
- - - -**Note**   -The publishing server CPU usage is always high during the time interval when it has to process simultaneous requests (>90% in most cases). The publishing server can handle ~1500 client requests in 1 second. - - - - ---------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ScenarioVariationNumber of App-V 5.1 clientsNumber of packagesProcessor configuration on the publishing serverNetwork connection type publishing server / App-V 5.1 clientRound trip time on the App-V 5.1 client (in seconds)CPU utilization on publishing server (in %)

App-V 5.1 client sends publishing refresh request & receives response, each request containing 120 packages

Number of clients

-
    -

  • 100

    • -

  • 1000

    • -

  • 5000

    • -

  • 10000

    • -

-
    -

  • 120

    • -

  • 120

    • -

  • 120

    • -

  • 120

    • -

-
    -

  • Dual Core

    • -

  • Dual Core

    • -

  • Quad Core

    • -

  • Quad Core

    • -

-
    -

  • LAN

    • -

  • LAN

    • -

  • LAN

    • -

  • LAN

    • -

-
    -

  • 1

    • -

  • 2

    • -

  • 2

    • -

  • 3

    • -

-
    -

  • 100

    • -

  • 99

    • -

  • 89

    • -

  • 77

    • -

Multiple packages in each refresh

Number of packages

-
    -

  • 1000

    • -

  • 1000

    • -

-
    -

  • 500

    • -

  • 1000

    • -

-
    -

  • Quad Core

    • -

  • Quad Core

    • -

-
    -

  • LAN

    • -

  • LAN

    • -

-
    -

  • 2

    • -

  • 3

    • -

-
    -

  • 92

    • -

  • 91

    • -

Network between client and publishing server

1.5 Mbps Slow link network

-
    -

  • 100

    • -

  • 500

    • -

  • 1000

    • -

-
    -

  • 120

    • -

  • 120

    • -

  • 120

    • -

-
    -

  • Quad Core

    • -

  • Quad Core

    • -

  • Quad Core

    • -

-
    -

  • 1.5 Mbps Intra-Continental Network

    • -

-
    -

  • 3

    • -

  • 10 (with 0.2% failure rate)

    • -

  • 17 (with 1% failure rate)

    • -

- - - -## App-V 5.1 Streaming Capacity Planning Recommendations - - -Computers running the App-V 5.1 client stream the virtual application package from the streaming server. Round trip response time is measured on the computer running the App-V 5.1 client, and is the time taken to stream the entire package. - -**Important**   -The following list identifies the main factors to consider when setting up the App-V 5.1 streaming server: - -- The number of clients streaming application packages simultaneously from a single streaming server. - -- The size of the package being streamed. - -- The available network bandwidth in your environment between the client and the streaming server. - - - - ---- - - - - - - - - - - - - - - - - - - - - -
ScenarioSummary

Multiple App-V 5.1 clients stream applications from a single streaming server simultaneously.

-
    -

  • If the number of clients simultaneously streaming from the same server increases, there is a linear relationship with the package download/streaming time.

    • -

Size of the package being streamed.

-

-
    -

  • The package size has a significant impact on the streaming/download time only for larger packages with a size ~ 1GB. For package sizes ranging from 3 MB to 100 MB, the streaming time ranges from 20 seconds to 100 seconds, with 100 simultaneous clients.

    • -

Network between the App-V 5.1 client and the streaming server.

-

-
    -

  • Across a slow network (1.5 Mbps bandwidth), there is a 70-80% increase in response time compared to LAN (up to 100 users).

    • -
- - - -The following table displays sample values for each of the factors in the previous list: - - -------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ScenarioVariationNumber of App-V 5.1 clientsSize of each packageNetwork connection type streaming server / App-V 5.1 clientRound trip time on the App-V 5.1 client (in seconds)

Multiple App-V 5.1 clients streaming virtual application packages from a streaming server.

Number of clients.

-
    -

  • 100

    • -

  • 200

    • -

  • 1000

    • -

    • -

  • 100

    • -

  • 200

    • -

  • 1000

    • -

-
    -

  • 3.5 MB

    • -

  • 3.5 MB

    • -

  • 3.5 MB

    • -

    • -

  • 5 MB

    • -

  • 5 MB

    • -

  • 5 MB

    • -

-
    -

  • LAN

    • -

  • LAN

    • -

  • LAN

    • -

    • -

  • LAN

    • -

  • LAN

    • -

  • LAN

    • -

-
    -

  • 29

    • -

  • 39

    • -

  • 391

    • -

    • -

  • 35

    • -

  • 68

    • -

  • 461

    • -

Size of each package being streamed.

Size of each package.

-
    -

  • 100

    • -

  • 200

    • -

    • -

  • 100

    • -

  • 200

    • -

-
    -

  • 21 MB

    • -

  • 21 MB

    • -

    • -

  • 109

    • -

  • 109

    • -

-
    -

  • LAN

    • -

  • LAN

    • -

    • -

  • LAN

    • -

  • LAN

    • -

-

33

-

83

-

-

100

-

160

Network connection between client and App-V 5.1 streaming server.

1.5 Mbps Slow link network.

-
    -

  • 100

    • -

    • -

  • 100

    • -

-
    -

  • 3.5 MB

    • -

    • -

  • 5 MB

    • -

-
    -

  • 1.5 Mbps Intra-Continental Network

    • -

-

102

-

-

121

- - - -Each App-V 5.1 streaming server should be able to handle a minimum of 200 clients concurrently streaming virtualized applications. - -**Note**   -The actual time to it will take to stream is determined primarily by the number of clients streaming simultaneously, number of packages, package size, the server’s network activity, and network conditions. - - - -For example, an average user can stream a 100 MB package in less than 2 minutes, when 100 simultaneous clients are streaming from the server. However, a package of size 1 GB could take up to 30 minutes. In most real world environments streaming demand is not uniformly distributed, you will need to understand the approximate peak streaming requirements present in your environment in order to properly size the number of required streaming servers. - -The number of clients a streaming server can support can be significantly increased and the peak streaming requirements reduced if you pre-cache your applications. You can also increase the number of clients a streaming server can support by using on-demand streaming delivery and stream optimized packages. - -## Combining App-V 5.1 Server Roles - - -Discounting scaling and fault-tolerance requirements, the minimum number of servers needed for a location with connectivity to Active Directory is one. This server will host the management server, management server service, and Microsoft SQL Server roles. Server roles, therefore, can be arranged in any desired combination since they do not conflict with one another. - -Ignoring scaling requirements, the minimum number of servers necessary to provide a fault-tolerant implementation is four. The management server, and Microsoft SQL Server roles support being placed in fault-tolerant configurations. The management server service can be combined with any of the roles, but remains a single point of failure. - -Although there are a number of fault-tolerance strategies and technologies available, not all are applicable to a given service. Additionally, if App-V 5.1 roles are combined, certain fault-tolerance options may no longer apply due to incompatibilities. - - - - - - -## Related topics - - -[App-V 5.1 Supported Configurations](app-v-51-supported-configurations.md) - -[Planning for High Availability with App-V 5.1](planning-for-high-availability-with-app-v-51.md) - -[Planning to Deploy App-V](planning-to-deploy-app-v51.md) - - - - - - - - - diff --git a/mdop/appv-v5/app-v-51-deployment-checklist.md b/mdop/appv-v5/app-v-51-deployment-checklist.md deleted file mode 100644 index 955988dde1..0000000000 --- a/mdop/appv-v5/app-v-51-deployment-checklist.md +++ /dev/null @@ -1,94 +0,0 @@ ---- -title: App-V 5.1 Deployment Checklist -description: App-V 5.1 Deployment Checklist -author: dansimp -ms.assetid: 44bed85a-e4f5-49d7-a308-a2b681f76372 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# App-V 5.1 Deployment Checklist - - -This checklist can be used to help you during Microsoft Application Virtualization (App-V) 5.1 deployment. - -**Note** -This checklist outlines the recommended steps and a high-level list of items to consider when deploying App-V 5.1 features. It is recommended that you copy this checklist into a spreadsheet program and customize it for your use. - - - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TaskReferencesNotes
Checklist box

Complete the planning phase to prepare the computing environment for App-V 5.1 deployment.

App-V 5.1 Planning Checklist

Checklist box

Review the App-V 5.1 supported configurations information to make sure selected client and server computers are supported for App-V 5.1 feature installation.

App-V 5.1 Supported Configurations

Checklist box

Run App-V 5.1 Setup to deploy the required App-V 5.1 features for your environment.

-
-Note

Keep track of the names of the servers and associated URL’s created during installation. This information will be used throughout the installation process.

-
-
- -

-

- - - - - - - - -## Related topics - - -[Deploying App-V 5.1](deploying-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/app-v-51-planning-checklist.md b/mdop/appv-v5/app-v-51-planning-checklist.md deleted file mode 100644 index e1f8ef66b6..0000000000 --- a/mdop/appv-v5/app-v-51-planning-checklist.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -title: App-V 5.1 Planning Checklist -description: App-V 5.1 Planning Checklist -author: dansimp -ms.assetid: 1e26a861-0612-43a6-972f-375a40a8dcbc -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# App-V 5.1 Planning Checklist - -This checklist can be used to help you plan for preparing your computing environment for Microsoft Application Virtualization (App-V) 5.1 deployment. - -> [!NOTE] -> This checklist outlines the recommended steps and a high-level list of items to consider when planning for an App-V 5.1 deployment. It is recommended that you copy this checklist into a spreadsheet program and customize it for your use. - -| |Task |References | -|-|-|-| -|![Checklist box](images/checklistbox.gif) |Review the getting started information about App-V 5.1 to gain a basic understanding of the product before beginning deployment planning.|[Getting Started with App-V 5.1](getting-started-with-app-v-51.md)| -|![Checklist box](images/checklistbox.gif) |Plan for App-V 5.1 1.0 Deployment Prerequisites and prepare your computing environment.|[App-V 5.1 Prerequisites](app-v-51-prerequisites.md)| -|![Checklist box](images/checklistbox.gif) |If you plan to use the App-V 5.1 management server, plan for the required roles.|[Planning for the App-V 5.1 Server Deployment](planning-for-the-app-v-51-server-deployment.md)| -|![Checklist box](images/checklistbox.gif) |Plan for the App-V 5.1 sequencer and client so you to create and run virtualized applications.|[Planning for the App-V 5.1 Sequencer and Client Deployment](planning-for-the-app-v-51-sequencer-and-client-deployment.md)| -|![Checklist box](images/checklistbox.gif) |If applicable, review the options and steps for migrating from a previous version of App-V.|[Planning for Migrating from a Previous Version of App-V](planning-for-migrating-from-a-previous-version-of-app-v51.md)| -|![Checklist box](images/checklistbox.gif) |Plan for running App-V 5.1 clients using in shared content store mode.|[How to Install the App-V 5.1 Client for Shared Content Store Mode](how-to-install-the-app-v-51-client-for-shared-content-store-mode.md)| -|![Checklist box](images/checklistbox.gif) | | | - -## Related topics - -[Planning for App-V 5.1](planning-for-app-v-51.md) diff --git a/mdop/appv-v5/app-v-51-prerequisites.md b/mdop/appv-v5/app-v-51-prerequisites.md deleted file mode 100644 index f9709263ec..0000000000 --- a/mdop/appv-v5/app-v-51-prerequisites.md +++ /dev/null @@ -1,665 +0,0 @@ ---- -title: App-V 5.1 Prerequisites -description: App-V 5.1 Prerequisites -author: dansimp -ms.assetid: 1bfa03c1-a4ae-45ec-8a2b-b10c2b94bfb0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# App-V 5.1 Prerequisites - - -Before installing Microsoft Application Virtualization (App-V) 5.1, ensure that you have installed all of the following required prerequisite software. - -For a list of supported operating systems and hardware requirements for the App-V Server, Sequencer, and Client, see [App-V 5.1 Supported Configurations](app-v-51-supported-configurations.md). - -## Summary of software preinstalled on each operating system - - -The following table indicates the software that is already installed for different operating systems. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
Operating systemPrerequisite description

Windows 10

All of the prerequisite software is already installed.

Windows 8.1

All of the prerequisite software is already installed.

-
-Note

If you are running Windows 8, upgrade to Windows 8.1 before using App-V 5.1.

-
-
- -

Windows Server 2012

The following prerequisite software is already installed:

-
    -

  • Microsoft .NET Framework 4.5

    • -

  • Windows PowerShell 3.0

    -
    -Note

    Installing PowerShell 3.0 requires a restart.

    -
    -
    - -
    • -

Windows 7

The prerequisite software is not already installed. You must install it before you can install App-V.

- - - -## App-V Server prerequisite software - - -Install the required prerequisite software for the App-V 5.1 Server components. - -### What to know before you start - - ---- - - - - - - - - - - - - - - - - - - - - - - -

Account for installing the App-V Server

The account that you use to install the App-V Server components must have:

-
    -

  • Administrative rights on the computer on which you are installing the components.

    • -

  • The ability to query Active Directory Domain Services.

    • -

Port and firewall

    -

  • Specify a port where each component will be hosted.

    • -

  • Add the associated firewall rules to allow incoming requests to the specified ports.

    • -
-

Web Distributed Authoring and Versioning (WebDAV)

WebDAV is automatically disabled for the Management Service.

Supported deployment scenarios

    -

  • A stand-alone deployment, where all components are deployed on the same server.

    • -

  • A distributed deployment.

    • -

Unsupported deployment scenarios

    -

  • Installing side-by-side instances of multiple App-V Server versions on the same server.

    • -

  • Installing the App-V server components on a computer that runs server core or domain controller.

    • -
- - - -### Management server prerequisite software - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Prerequisites and required settingsDetails

Supported version of SQL Server

For supported versions, see App-V 5.1 Supported Configurations.

Microsoft .NET Framework 4.5.1 (Web Installer)

Windows PowerShell 3.0

Installing PowerShell 3.0 requires a restart.

Download and install KB2533623

Applies to Windows 7 only.

Visual C++ Redistributable Packages for Visual Studio 2013

64-bit ASP.NET registration

Windows Server Web Server Role

This role must be added to a server operating system that is supported for the Management server.

Web Server (IIS) Management Tools

Click IIS Management Scripts and Tools.

Web Server Role Services

Common HTTP Features:

-
    -

  • Static Content

    • -

  • Default Document

    • -
-

Application Development:

-
    -

  • ASP.NET

    • -

  • .NET Extensibility

    • -

  • ISAPI Extensions

    • -

  • ISAPI Filters

    • -
-

Security:

-
    -

  • Windows Authentication

    • -

  • Request Filtering

    • -
-

Management Tools:

-
    -

  • IIS Management Console

    • -

Default installation location

%PROGRAMFILES%\Microsoft Application Virtualization Server

Location of the Management database

SQL Server database name, SQL Server database instance name, and database name.

Management console and Management database permissions

A user or group that can access the Management console and database after the deployment is complete. Only these users or groups will have access to the Management console and database unless additional administrators are added by using the Management console.

Management service website name

Name for the Management console website.

Management service port binding

Unique port number for the Management service. This port cannot be used by another process on the computer.

- - - -**Important** -JavaScript must be enabled on the browser that opens the Web Management Console. - - - -### Management server database prerequisite software - -The Management database is required only if you are using the App-V 5.1 Management server. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Prerequisites and required settingsDetails

Microsoft .NET Framework 4.5.1 (Web Installer)

Visual C++ Redistributable Packages for Visual Studio 2013

Default installation location

%PROGRAMFILES%\Microsoft Application Virtualization Server

Custom SQL Server instance name (if applicable)

Format to use: INSTANCENAME

-

This format is based on the assumption that the installation is on the local computer.

-

If you specify the name with the format SVR\INSTANCE, the installation will fail.

Custom database name (if applicable)

Unique database name.

-

Default: AppVManagement

Management server location

Machine account on which the Management server is deployed.

-

Format to use: Domain\MachineAccount

Management server installation administrator

Account used to install the Management server.

-

Format to use: Domain\AdministratorLoginName

Microsoft SQL Server Service Agent

Configure the Management database computer so that the Microsoft SQL Server Agent service is restarted automatically. For instructions, see Configure SQL Server Agent to Restart Services Automatically.

- - - -### Publishing server prerequisite software - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Prerequisites and required settingsDetails

Microsoft .NET Framework 4.5.1 (Web Installer)

Visual C++ Redistributable Packages for Visual Studio 2013

64-bit ASP.NET registration

Windows Server Web Server Role

This role must be added to a server operating system that is supported for the Management server.

Web Server (IIS) Management Tools

Click IIS Management Scripts and Tools.

Web Server Role Services

Common HTTP Features:

-
    -

  • Static Content

    • -

  • Default Document

    • -
-

Application Development:

-
    -

  • ASP.NET

    • -

  • .NET Extensibility

    • -

  • ISAPI Extensions

    • -

  • ISAPI Filters

    • -
-

Security:

-
    -

  • Windows Authentication

    • -

  • Request Filtering

    • -
-

Management Tools:

-
    -

  • IIS Management Console

    • -

Default installation location

%PROGRAMFILES%\Microsoft Application Virtualization Server

Management service URL

URL of the App-V Management service. This is the port with which the Publishing server communicates.

- ---- - - - - - - - - - - - - - - - - -
Installation architectureFormat to use for the URL

Management server and Publishing server are installed on the same server

http://localhost:12345

Management server and Publishing server are installed on different servers

http://MyAppvServer.MyDomain.com

-

-

Publishing service website name

Name for the Publishing website.

Publishing service port binding

Unique port number for the Publishing service. This port cannot be used by another process on the computer.

- - - -### Reporting server prerequisite software - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Prerequisites and required settingsDetails

Supported version of SQL Server

For supported versions, see App-V 5.1 Supported Configurations.

Microsoft .NET Framework 4.5.1 (Web Installer)

Visual C++ Redistributable Packages for Visual Studio 2013

64-bit ASP.NET registration

Windows Server Web Server Role

This role must be added to a server operating system that is supported for the Management server.

Web Server (IIS) Management Tools

Click IIS Management Scripts and Tools.

Web Server Role Services

To reduce the risk of unwanted or malicious data being sent to the Reporting server, you should restrict access to the Reporting Web Service per your corporate security policy.

-

Common HTTP Features:

-
    -

  • Static Content

    • -

  • Default Document

    • -
-

Application Development:

-
    -

  • ASP.NET

    • -

  • .NET Extensibility

    • -

  • ISAPI Extensions

    • -

  • ISAPI Filters

    • -
-

Security:

-
    -

  • Windows Authentication

    • -

  • Request Filtering

    • -
-

Management Tools:

-
    -

  • IIS Management Console

    • -

Default installation location

%PROGRAMFILES%\Microsoft Application Virtualization Server

Reporting service website name

Name for the Reporting website.

Reporting service port binding

Unique port number for the Reporting service. This port cannot be used by another process on the computer.

- - - -### Reporting database prerequisite software - -The Reporting database is required only if you are using the App-V 5.1 Reporting server. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Prerequisites and required settingsDetails

Microsoft .NET Framework 4.5.1 (Web Installer)

Visual C++ Redistributable Packages for Visual Studio 2013

Default installation location

%PROGRAMFILES%\Microsoft Application Virtualization Server

Custom SQL Server instance name (if applicable)

Format to use: INSTANCENAME

-

This format is based on the assumption that the installation is on the local computer.

-

If you specify the name with the format SVR\INSTANCE, the installation will fail.

Custom database name (if applicable)

Unique database name.

-

Default: AppVReporting

Reporting server location

Machine account on which the Reporting server is deployed.

-

Format to use: Domain\MachineAccount

Reporting server installation administrator

Account used to install the Reporting server.

-

Format to use: Domain\AdministratorLoginName

Microsoft SQL Server Service and Microsoft SQL Server Service Agent

Configure these services to be associated with user accounts that have access to query AD DS.

- - - -## App-V client prerequisite software - - -Install the following prerequisite software for the App-V client. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
PrerequisiteDetails

Microsoft .NET Framework 4.5.1 (Web Installer)

Windows PowerShell 3.0

-

Installing PowerShell 3.0 requires a restart.

KB2533623

Applies to Windows 7 only: Download and install the KB.

Visual C++ Redistributable Packages for Visual Studio 2013

- - - -## Remote Desktop Services client prerequisite software - - -Install the following prerequisite software for the App-V Remote Desktop Services client. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
PrerequisiteDetails

Microsoft .NET Framework 4.5.1 (Web Installer)

Windows PowerShell 3.0

-

Installing PowerShell 3.0 requires a restart.

KB2533623

Applies to Windows 7 only: Download and install the KB.

Visual C++ Redistributable Packages for Visual Studio 2013

- - - -## Sequencer prerequisite software - - -**What to know before installing the prerequisites:** - -- Best practice: The computer that runs the Sequencer should have the same hardware and software configurations as the computers that will run the virtual applications. - -- The sequencing process is resource intensive, so make sure that the computer that runs the Sequencer has plenty of memory, a fast processor, and a fast hard drive. The system requirements of locally installed applications cannot exceed those of the Sequencer. For more information, see [App-V 5.1 Supported Configurations](app-v-51-supported-configurations.md). - - ---- - - - - - - - - - - - - - - - - - - - - -
PrerequisiteDetails

Microsoft .NET Framework 4.5.1 (Web Installer)

Windows PowerShell 3.0

-

Installing PowerShell 3.0 requires a restart.

KB2533623

Applies to Windows 7 only: Download and install the KB.

- - - - - - - - -## Related topics - - -[Planning for App-V 5.1](planning-for-app-v-51.md) - -[App-V 5.1 Supported Configurations](app-v-51-supported-configurations.md) - - - - - - - - - diff --git a/mdop/appv-v5/app-v-51-security-considerations.md b/mdop/appv-v5/app-v-51-security-considerations.md deleted file mode 100644 index cf442e5690..0000000000 --- a/mdop/appv-v5/app-v-51-security-considerations.md +++ /dev/null @@ -1,147 +0,0 @@ ---- -title: App-V 5.1 Security Considerations -description: App-V 5.1 Security Considerations -author: dansimp -ms.assetid: 6bc6c1fc-f813-47d4-b763-06fd4faf6a72 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# App-V 5.1 Security Considerations - - -This topic contains a brief overview of the accounts and groups, log files, and other security-related considerations for Microsoft Application Virtualization (App-V) 5.1. - -**Important** -App-V 5.1 is not a security product and does not provide any guarantees for a secure environment. - - - -## PackageStoreAccessControl (PSAC) feature has been deprecated - - -Effective as of June, 2014, the PackageStoreAccessControl (PSAC) feature that was introduced in Microsoft Application Virtualization (App-V) 5.0 Service Pack 2 (SP2) has been deprecated in both single-user and multi-user environments. - -## General security considerations - - -**Understand the security risks.** The most serious risk to App-V 5.1 is that its functionality could be hijacked by an unauthorized user who could then reconfigure key data on App-V 5.1 clients. The loss of App-V 5.1 functionality for a short period of time due to a denial-of-service attack would not generally have a catastrophic impact. - -**Physically secure your computers**. Security is incomplete without physical security. Anyone with physical access to an App-V 5.1 server could potentially attack the entire client base. Any potential physical attacks must be considered high risk and mitigated appropriately. App-V 5.1 servers should be stored in a physically secure server room with controlled access. Secure these computers when administrators are not physically present by having the operating system lock the computer, or by using a secured screen saver. - -**Apply the most recent security updates to all computers**. To stay informed about the latest updates for operating systems, Microsoft SQL Server, and App-V 5.1, subscribe to the Security Notification service (). - -**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all App-V 5.1 and App-V 5.1 administrator accounts. Never use blank passwords. For more information about password concepts, see the “Account Passwords and Policies” white paper on TechNet (). - -## Accounts and groups in App-V 5.1 - - -A best practice for user account management is to create domain global groups and add user accounts to them. Then, add the domain global accounts to the necessary App-V 5.1 local groups on the App-V 5.1 servers. - -**Note** -App-V client computer accounts that need to connect to the publishing server must be part of the publishing server’s **Users** local group. By default, all computers in the domain are part of the **Authorized Users** group, which is part of the **Users** local group. - - - -### App-V 5.1 server security - -No groups are created automatically during App-V 5.1 Setup. You should create the following Active Directory Domain Services global groups to manage App-V 5.1 server operations. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
Group nameDetails

App-V Management Admin group

Used to manage the App-V 5.1 management server. This group is created during the App-V 5.1 Management Server installation.

-
-Important

There is no method to create the group using the management console after you have completed the installation.

-
-
- -

Database read/write for Management Service account

Provides read/write access to the management database. This account should be created during the App-V 5.1 management database installation.

App-V Management Service install admin account

-
-Note

This is only required if management database is being installed separately from the service.

-
-
- -

Provides public access to schema-version table in management database. This account should be created during the App-V 5.1 management database installation.

App-V Reporting Service install admin account

-
-Note

This is only required if reporting database is being installed separately from the service.

-
-
- -

Public access to schema-version table in reporting database. This account should be created during the App-V 5.1 reporting database installation.

- - - -Consider the following additional information: - -- Access to the package shares - If a share exists on the same computer as the management Server, the **Network** service requires read access to the share. In addition, each App-V client computer must have read access to the package share. - - **Note** - In previous versions of App-V, package share was referred to as content share. - - - -- Registering publishing servers with Management Server - A publishing server must be registered with the Management server. For example, it must be added to the database, so that the Publishing server machine accounts are able to call into the Management service API. - -### App-V 5.1 package security - -The following will help you plan how to ensure that virtualized packages are secure. - -- If an application installer applies an access control list (ACL) to a file or directory, then that ACL is not persisted in the package. When the package is deployed, if the file or directory is modified by a user it will either inherit the ACL in the **%userprofile%** or inherit the ACL of the target computer’s directory. The former case occurs if the file or directory does not exist in a virtual file system location; the latter case occurs if the file or directory exists in a virtual file system location, for example **%windir%**. - -## App-V 5.1 log files - - -During App-V 5.1 Setup, setup log files are created in the **%temp%** folder of the installing user. - - - - - - -## Related topics - - -[Preparing Your Environment for App-V 5.1](preparing-your-environment-for-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/app-v-51-supported-configurations.md b/mdop/appv-v5/app-v-51-supported-configurations.md deleted file mode 100644 index 5d7e251bfa..0000000000 --- a/mdop/appv-v5/app-v-51-supported-configurations.md +++ /dev/null @@ -1,387 +0,0 @@ ---- -title: App-V 5.1 Supported Configurations -description: App-V 5.1 Supported Configurations -author: dansimp -ms.assetid: 8b8db63b-f71c-4ae9-80e7-a6752334e1f6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 04/02/2020 ---- - - -# App-V 5.1 Supported Configurations - ->Applies to: Windows 10, version 1607; Window Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 (Extended Security Update) - -This topic specifies the requirements to install and run Microsoft Application Virtualization (App-V) 5.1 in your environment. - -## App-V Server system requirements - -This section lists the operating system and hardware requirements for all of the App-V Server components. - -### Unsupported App-V 5.1 Server scenarios - -The App-V 5.1 Server does not support the following scenarios: - -- Deployment to a computer that runs Microsoft Windows Server Core. - -- Deployment to a computer that runs a previous version of App-V 5.1 Server components. You can install App-V 5.1 side by side with the App-V 4.5 Lightweight Streaming Server (LWS) server only. Deployment of App-V side by side with the App-V 4.5 Application Virtualization Management Service (HWS) server is not supported. - -- Deployment to a computer that runs Microsoft SQL Server Express edition. - -- Deployment to a domain controller. - -- Short paths. If you plan to use a short path, you must create a new volume. - -### Management server operating system requirements - -The following table lists the operating systems that are supported for the App-V 5.1 Management server installation. - -> [!NOTE] -> Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). See [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976) for more information. - - | Operating System | Service Pack | System Architecture | -|----------------------------------|--------------|---------------------| -| Microsoft Windows Server 2019 | | 64-bit | -| Microsoft Windows Server 2016 | | 64-bit | -| Microsoft Windows Server 2012 R2 | | 64-bit | -| Microsoft Windows Server 2012 | | 64-bit | -| Microsoft Windows Server 2008 R2 [Extended Security Update](https://www.microsoft.com/windows-server/extended-security-updates)| SP1 | 64-bit | - - -**Important**   -Deployment of the Management server role to a computer with Remote Desktop Sharing (RDS) enabled is not supported. - - - -### Management server hardware requirements - -- Processor—1.4 GHz or faster, 64-bit (x64) processor - -- RAM—1 GB RAM (64-bit) - -- Disk space—200 MB available hard disk space, not including the content directory - -### Management server database requirements - -The following table lists the SQL Server versions that are supported for the App-V 5.1 Management database installation. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SQL Server versionService packSystem architecture

Microsoft SQL Server 2019

32-bit or 64-bit

Microsoft SQL Server 2017

32-bit or 64-bit

Microsoft SQL Server 2016

SP2

32-bit or 64-bit

Microsoft SQL Server 2014

SP2

32-bit or 64-bit

Microsoft SQL Server 2012

SP2

32-bit or 64-bit

Microsoft SQL Server 2008 R2

SP3

32-bit or 64-bit

- -For more information on user configuration files with SQL server 2016 or later, see the [support article](https://support.microsoft.com/help/4548751/app-v-server-publishing-might-fail-when-you-apply-user-configuration-f). - -### Publishing server operating system requirements - -The following table lists the operating systems that are supported for the App-V 5.1 Publishing server installation. - -| Operating System | Service Pack | System Architecture | -|----------------------------------|--------------|---------------------| -| Microsoft Windows Server 2019 | | 64-bit | -| Microsoft Windows Server 2016 | | 64-bit | -| Microsoft Windows Server 2012 R2 | | 64-bit | -| Microsoft Windows Server 2012 | | 64-bit | -| Microsoft Windows Server 2008 R2 [Extended Security Update](https://www.microsoft.com/windows-server/extended-security-updates) | SP1 | 64-bit | - -### Publishing server hardware requirements - -App-V adds no additional requirements beyond those of Windows Server. - -- Processor—1.4 GHz or faster, 64-bit (x64) processor - -- RAM—2 GB RAM (64-bit) - -- Disk space—200 MB available hard disk space, not including the content directory - -### Reporting server operating system requirements - -The following table lists the operating systems that are supported for the App-V 5.1 Reporting server installation. - -| Operating System | Service Pack | System Architecture | -|----------------------------------|--------------|---------------------| -| Microsoft Windows Server 2019 | | 64-bit | -| Microsoft Windows Server 2016 | | 64-bit | -| Microsoft Windows Server 2012 R2 | | 64-bit | -| Microsoft Windows Server 2012 | | 64-bit | -| Microsoft Windows Server 2008 R2 [Extended Security Update](https://www.microsoft.com/windows-server/extended-security-updates) | SP1 | 64-bit | - -### Reporting server hardware requirements - -App-V adds no additional requirements beyond those of Windows Server. - -- Processor—1.4 GHz or faster, 64-bit (x64) processor - -- RAM—2 GB RAM (64-bit) - -- Disk space—200 MB available hard disk space - -### Reporting server database requirements - -The following table lists the SQL Server versions that are supported for the App-V 5.1 Reporting database installation. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SQL Server versionService packSystem architecture

Microsoft SQL Server 2017

32-bit or 64-bit

Microsoft SQL Server 2016

SP2

32-bit or 64-bit

Microsoft SQL Server 2014

SP2

32-bit or 64-bit

Microsoft SQL Server 2012

SP2

32-bit or 64-bit

Microsoft SQL Server 2008 R2

SP3

32-bit or 64-bit

- - - -## App-V client system requirements - -The following table lists the operating systems that are supported for the App-V 5.1 client installation. - -> [!NOTE] -> With the Windows 10 Anniversary release (aka 1607 version), the App-V client is in-box and will block installation of any previous version of the App-V client - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
Operating systemService packSystem architecture

Microsoft Windows 10 (pre-1607 version)

32-bit or 64-bit

Microsoft Windows 8.1

32-bit or 64-bit

Windows 7

SP1

32-bit or 64-bit

- - - -The following App-V client installation scenarios are not supported, except as noted: - -- Computers that run Windows Server - -- Computers that run App-V 4.6 SP1 or earlier versions - -- The App-V 5.1 Remote Desktop services client is supported only for RDS-enabled servers - -### App-V client hardware requirements - -The following list displays the supported hardware configuration for the App-V 5.1 client installation. - -- Processor— 1.4 GHz or faster 32-bit (x86) or 64-bit (x64) processor - -- RAM— 1 GB (32-bit) or 2 GB (64-bit) - -- Disk— 100 MB for installation, not including the disk space that is used by virtualized applications. - -## Remote Desktop Services client system requirements - - -The following table lists the operating systems that are supported for App-V 5.1 Remote Desktop Services (RDS) client installation. - -| Operating System | Service Pack | System Architecture | -|----------------------------------|--------------|---------------------| -| Microsoft Windows Server 2019 | | 64-bit | -| Microsoft Windows Server 2016 | | 64-bit | -| Microsoft Windows Server 2012 R2 | | 64-bit | -| Microsoft Windows Server 2012 | | 64-bit | -| Microsoft Windows Server 2008 R2 [Extended Security Update](https://www.microsoft.com/windows-server/extended-security-updates) | SP1 | 64-bit | - -### Remote Desktop Services client hardware requirements - -App-V adds no additional requirements beyond those of Windows Server. - -- Processor—1.4 GHz or faster, 64-bit (x64) processor - -- RAM—2 GB RAM (64-bit) - -- Disk space—200 MB available hard disk space - -## Sequencer system requirements - -The following table lists the operating systems that are supported for the App-V 5.1 Sequencer installation. - -| Operating System | Service Pack | System Architecture | -|----------------------------------|--------------|---------------------| -| Microsoft Windows Server 2019 | | 64-bit | -| Microsoft Windows Server 2016 | | 64-bit | -| Microsoft Windows Server 2012 R2 | | 64-bit | -| Microsoft Windows Server 2012 | | 64-bit | -| Microsoft Windows Server 2008 R2 [Extended Security Update](https://www.microsoft.com/windows-server/extended-security-updates) | SP1 | 64-bit | -| Microsoft Windows 10 | | 32-bit and 64-bit | -| Microsoft Windows 8.1 | | 32-bit and 64-bit | -| Microsoft Windows 7 | SP1 | 32-bit and 64-bit | - -### Sequencer hardware requirements - -See the Windows or Windows Server documentation for the hardware requirements. App-V adds no additional hardware requirements. - -## Supported versions of System Center Configuration Manager - -The App-V client supports the following versions of System Center Configuration Manager: - -- Microsoft System Center 2012 Configuration Manager - -- System Center 2012 R2 Configuration Manager - -- System Center 2012 R2 Configuration Manager SP1 - -The following App-V and System Center Configuration Manager version matrix shows all officially supported combinations of App-V and Configuration Manager. - -> [!NOTE] -> Both App-V 4.5 and 4.6 have exited Mainstream support. - - ---------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
App-V VersionSystem Center Configuration Manager 2007System Center 2012 Configuration ManagerSystem Center 2012 Configuration Manager SP1System Center 2012 R2 Configuration ManagerSystem Center 2012 R2 Configuration Manager SP1System Center 2012 Configuration Manager SP2System Center Configuration Manager Version 1511

App-V 5.0 SP3

MSI-Wrapper Only

No

2012 SP1 CU4

2012 R2 CU1

Yes

Yes

Yes

App-V 5.1

MSI-Wrapper Only

No

2012 SP1 CU4

2012 R2 CU1

Yes

Yes

Yes

- - - -For more information about how Configuration Manager integrates with App-V, see [Planning for App-V Integration with Configuration Manager](https://technet.microsoft.com/library/jj822982.aspx). - -## Related topics - -[Planning to Deploy App-V](planning-to-deploy-app-v51.md) - -[App-V 5.1 Prerequisites](app-v-51-prerequisites.md) diff --git a/mdop/appv-v5/application-publishing-and-client-interaction.md b/mdop/appv-v5/application-publishing-and-client-interaction.md deleted file mode 100644 index 6c060982f7..0000000000 --- a/mdop/appv-v5/application-publishing-and-client-interaction.md +++ /dev/null @@ -1,1635 +0,0 @@ ---- -title: Application Publishing and Client Interaction -description: Application Publishing and Client Interaction -author: dansimp -ms.assetid: c69a724a-85d1-4e2d-94a2-7ffe0b47d971 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Application Publishing and Client Interaction - - -This article provides technical information about common App-V client operations and their integration with the local operating system. - -- [App-V package files created by the Sequencer](#bkmk-appv-pkg-files-list) - -- [What’s in the appv file?](#bkmk-appv-file-contents) - -- [App-V client data storage locations](#bkmk-files-data-storage) - -- [Package registry](#bkmk-pkg-registry) - -- [App-V package store behavior](#bkmk-pkg-store-behavior) - -- [Roaming registry and data](#bkmk-roaming-reg-data) - -- [App-V client application lifecycle management](#bkmk-clt-app-lifecycle) - -- [Integration of App-V packages](#bkmk-integr-appv-pkgs) - -- [Dynamic configuration processing](#bkmk-dynamic-config) - -- [Side-by-side assemblies](#bkmk-sidebyside-assemblies) - -- [Client logging](#bkmk-client-logging) - -For additional reference information, see [Microsoft Application Virtualization (App-V) Documentation Resources Download Page](https://www.microsoft.com/download/details.aspx?id=27760). - -## App-V package files created by the Sequencer - - -The Sequencer creates App-V packages and produces a virtualized application. The sequencing process creates the following files: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FileDescription

.appv

    -

  • The primary package file, which contains the captured assets and state information from the sequencing process.

    • -

  • Architecture of the package file, publishing information, and registry in a tokenized form that can be reapplied to a machine and to a specific user upon delivery.

    • -

.MSI

Executable deployment wrapper that you can use to deploy .appv files manually or by using a third-party deployment platform.

_DeploymentConfig.XML

File used to customize the default publishing parameters for all applications in a package that is deployed globally to all users on a computer that is running the App-V client.

_UserConfig.XML

File used to customize the publishing parameters for all applications in a package that is a deployed to a specific user on a computer that is running the App-V client.

Report.xml

Summary of messages resulting from the sequencing process, including omitted drivers, files, and registry locations.

.CAB

Optional: Package accelerator file used to automatically rebuild a previously sequenced virtual application package.

.appvt

Optional: Sequencer template file used to retain commonly reused Sequencer settings.

- - - -For information about sequencing, see [Application Virtualization 5.0 Sequencing Guide](https://www.microsoft.com/download/details.aspx?id=27760). - -## What’s in the appv file? - - -The appv file is a container that stores XML and non-XML files together in a single entity. This file is built from the AppX format, which is based on the Open Packaging Conventions (OPC) standard. - -To view the appv file contents, make a copy of the package, and then rename the copied file to a ZIP extension. - -The appv file contains the following folder and files, which are used when creating and publishing a virtual application: - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescription

Root

File folder

Directory that contains the file system for the virtualized application that is captured during sequencing.

[Content_Types].xml

XML File

List of the core content types in the appv file (e.g. DLL, EXE, BIN).

AppxBlockMap.xml

XML File

Layout of the appv file, which uses File, Block, and BlockMap elements that enable location and validation of files in the App-V package.

AppxManifest.xml

XML File

Metadata for the package that contains the required information for adding, publishing, and launching the package. Includes extension points (file type associations and shortcuts) and the names and GUIDs associated with the package.

FilesystemMetadata.xml

XML File

List of the files captured during sequencing, including attributes (e.g., directories, files, opaque directories, empty directories,and long and short names).

PackageHistory.xml

XML File

Information about the sequencing computer (operating system version, Internet Explorer version, .Net Framework version) and process (upgrade, package version).

Registry.dat

DAT File

Registry keys and values captured during the sequencing process for the package.

StreamMap.xml

XML File

List of files for the primary and publishing feature block. The publishing feature block contains the ICO files and required portions of files (EXE and DLL) for publishing the package. When present, the primary feature block includes files that have been optimized for streaming during the sequencing process.

- - - -## App-V client data storage locations - - -The App-V client performs tasks to ensure that virtual applications run properly and work like locally installed applications. The process of opening and running virtual applications requires mapping from the virtual file system and registry to ensure the application has the required components of a traditional application expected by users. This section describes the assets that are required to run virtual applications and lists the location where App-V stores the assets. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameLocationDescription

Package Store

%ProgramData%\App-V

Default location for read only package files

Machine Catalog

%ProgramData%\Microsoft\AppV\Client\Catalog

Contains per-machine configuration documents

User Catalog

%AppData%\Microsoft\AppV\Client\Catalog

Contains per-user configuration documents

Shortcut Backups

%AppData%\Microsoft\AppV\Client\Integration\ShortCutBackups

Stores previous integration points that enable restore on package unpublish

Copy on Write (COW) Roaming

%AppData%\Microsoft\AppV\Client\VFS

Writeable roaming location for package modification

Copy on Write (COW) Local

%LocalAppData%\Microsoft\AppV\Client\VFS

Writeable non-roaming location for package modification

Machine Registry

HKLM\Software\Microsoft\AppV

Contains package state information, including VReg for machine or globally published packages (Machine hive)

User Registry

HKCU\Software\Microsoft\AppV

Contains user package state information including VReg

User Registry Classes

HKCU\Software\Classes\AppV

Contains additional user package state information

- - - -Additional details for the table are provided in the section below and throughout the document. - -### Package store - -The App-V Client manages the applications assets mounted in the package store. This default storage location is `%ProgramData%\App-V`, but you can configure it during or after setup by using the `Set-AppVClientConfiguration` PowerShell command, which modifies the local registry (`PackageInstallationRoot` value under the `HKLM\Software\Microsoft\AppV\Client\Streaming` key). The package store must be located at a local path on the client operating system. The individual packages are stored in the package store in subdirectories named for the Package GUID and Version GUID. - -Example of a path to a specific application: - -``` syntax -C:\ProgramData\App-V\PackGUID\VersionGUID -``` - -To change the default location of the package store during setup, see [How to Deploy the App-V Client](how-to-deploy-the-app-v-client-gb18030.md). - -### Shared Content Store - -If the App-V Client is configured in Shared Content Store mode, no data is written to disk when a stream fault occurs, which means that the packages require minimal local disk space (publishing data). The use of less disk space is highly desirable in VDI environments, where local storage can be limited, and streaming the applications from a high performance network location (such as a SAN) is preferable. For more information on shared content store mode, see . - -**Note**   -The machine and package store must be located on a local drive, even when you’re using Shared Content Store configurations for the App-V Client. - - - -### Package catalogs - -The App-V Client manages the following two file-based locations: - -- **Catalogs (user and machine).** - -- **Registry locations** - depends on how the package is targeted for publishing. There is a Catalog (data store) for the computer, and a catalog for each individual user. The Machine Catalog stores global information applicable to all users or any user, and the User Catalog stores information applicable to a specific user. The Catalog is a collection of Dynamic Configurations and manifest files; there is discrete data for both file and registry per package version.  - -### Machine catalog - - ---- - - - - - - - - - - - - - - - - - - - - - - -

Description

Stores package documents that are available to users on the machine, when packages are added and published. However, if a package is “global” at publishing time, the integrations are available to all users.

-

If a package is non-global, the integrations are published only for specific users, but there are still global resources that are modified and visible to anyone on the client computer (e.g., the package directory is in a shared disk location).

-

If a package is available to a user on the computer (global or non-global), the manifest is stored in the Machine Catalog. When a package is published globally, there is a Dynamic Configuration file, stored in the Machine Catalog; therefore, the determination of whether a package is global is defined according to whether there is a policy file (UserDeploymentConfiguration file) in the Machine Catalog.

Default storage location

%programdata%\Microsoft\AppV\Client\Catalog</code>

-

This location is not the same as the Package Store location. The Package Store is the golden or pristine copy of the package files.

Files in the machine catalog

    -

  • Manifest.xml

    • -

  • DeploymentConfiguration.xml

    • -

  • UserManifest.xml (Globally Published Package)

    • -

  • UserDeploymentConfiguration.xml (Globally Published Package)

    • -

Additional machine catalog location, used when the package is part of a connection group

The following location is in addition to the specific package location mentioned above:

-

%programdata%\Microsoft\AppV\Client\Catalog\PackageGroups\ConGroupGUID\ConGroupVerGUID

Additional files in the machine catalog when the package is part of a connection group

    -

  • PackageGroupDescriptor.xml

    • -

  • UserPackageGroupDescriptor.xml (globally published Connection Group)

    • -
- - - -### User catalog - - ---- - - - - - - - - - - - - - - - - - - - - - - -

Description

Created during the publishing process. Contains information used for publishing the package, and also used at launch to ensure that a package is provisioned to a specific user. Created in a roaming location and includes user-specific publishing information.

-

When a package is published for a user, the policy file is stored in the User Catalog. At the same time, a copy of the manifest is also stored in the User Catalog. When a package entitlement is removed for a user, the relevant package files are removed from the User Catalog. Looking at the user catalog, an administrator can view the presence of a Dynamic Configuration file, which indicates that the package is entitled for that user.

-

For roaming users, the User Catalog needs to be in a roaming or shared location to preserve the legacy App-V behavior of targeting users by default. Entitlement and policy are tied to a user, not a computer, so they should roam with the user once they are provisioned.

Default storage location

appdata\roaming\Microsoft\AppV\Client\Catalog\Packages\PkgGUID\VerGUID

Files in the user catalog

    -

  • UserManifest.xml

    • -

  • DynamicConfiguration.xml or UserDeploymentConfiguration.xml

    • -

Additional user catalog location, used when the package is part of a connection group

The following location is in addition to the specific package location mentioned above:

-

appdata\roaming\Microsoft\AppV\Client\Catalog\PackageGroups\PkgGroupGUID\PkgGroupVerGUID

Additional file in the machine catalog when the package is part of a connection group

UserPackageGroupDescriptor.xml

- - - -### Shortcut backups - -During the publishing process, the App-V Client backs up any shortcuts and integration points to `%AppData%\Microsoft\AppV\Client\Integration\ShortCutBackups.` This backup enables the restoration of these integration points to the previous versions when the package is unpublished. - -### Copy on Write files - -The Package Store contains a pristine copy of the package files that have been streamed from the publishing server. During normal operation of an App-V application, the user or service may require changes to the files. These changes are not made in the package store in order to preserve your ability to repair the application, which removes these changes. These locations, called Copy on Write (COW), support both roaming and non-roaming locations. The location where the modifications are stored depends where the application has been programmed to write changes to in a native experience. - -### COW roaming - -The COW Roaming location described above stores changes to files and directories that are targeted to the typical %AppData% location or \\Users\\{username}\\AppData\\Roaming location. These directories and files are then roamed based on the operating system settings. - -### COW local - -The COW Local location is similar to the roaming location, but the directories and files are not roamed to other computers, even if roaming support has been configured. The COW Local location described above stores changes applicable to typical windows and not the %AppData% location. The directories listed will vary but there will be two locations for any typical Windows locations (e.g. Common AppData and Common AppDataS). The **S** signifies the restricted location when the virtual service requests the change as a different elevated user from the logged on users. The non-**S** location stores user based changes. - -## Package registry - - -Before an application can access the package registry data, the App-V Client must make the package registry data available to the applications. The App-V Client uses the real registry as a backing store for all registry data. - -When a new package is added to the App-V Client, a copy of the REGISTRY.DAT file from the package is created at `%ProgramData%\Microsoft\AppV\Client\VREG\{Version GUID}.dat`. The name of the file is the version GUID with the .DAT extension. The reason this copy is made is to ensure that the actual hive file in the package is never in use, which would prevent the removal of the package at a later time. - - ----- - - - - - - - -

Registry.dat from Package Store

 > 

%ProgramData%\Microsoft\AppV\Client\Vreg{VersionGuid}.dat

- - - -When the first application from the package is launched on the client, the client stages or copies the contents out of the hive file, re-creating the package registry data in an alternate location `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Packages\PackageGuid\Versions\VersionGuid\REGISTRY`. The staged registry data has two distinct types of machine data and user data. Machine data is shared across all users on the machine. User data is staged for each user to a userspecific location `HKCU\Software\Microsoft\AppV\Client\Packages\PackageGuid\Registry\User`. The machine data is ultimately removed at package removal time, and the user data is removed on a user unpublish operation. - -### Package registry staging vs. connection group registry staging - -When connection groups are present, the previous process of staging the registry holds true, but instead of having one hive file to process, there are more than one. The files are processed in the order in which they appear in the connection group XML, with the first writer winning any conflicts. - -The staged registry persists the same way as in the single package case. Staged user registry data remains for the connection group until it is disabled; staged machine registry data is removed on connection group removal. - -### Virtual registry - -The purpose of the virtual registry (VREG) is to provide a single merged view of the package registry and the native registry to applications. It also provides copy-on-write (COW) functionality – that is any changes made to the registry from the context of a virtual process are made to a separate COW location. This means that the VREG must combine up to three separate registry locations into a single view based on the populated locations in the registry COW -> package -> native. When a request is made for a registry data it will locate in order until it finds the data it was requesting. Meaning if there is a value stored in a COW location it will not proceed to other locations, however, if there is no data in the COW location it will proceed to the Package and then Native location until it finds the appropriate data. - -### Registry locations - -There are two package registry locations and two connection group locations where the App-V Client stores registry information, depending on whether the Package is published individually or as part of a connection group. There are three COW locations for packages and three for connection groups, which are created and managed by the VREG. Settings for packages and connection groups are not shared: - -**Single Package VReg:** - - ---- - - - - - - - - - - - - - - - - - - -

Location

Description

COW

    -

  • Machine Registry\Client\Packages\PkgGUID\REGISTRY (Only elevate process can write)

    • -

  • User Registry\Client\Packages\PkgGUID\REGISTRY (User Roaming anything written under HKCU except Software\Classes

    • -

  • User Registry Classes\Client\Packages\PkgGUID\REGISTRY (HKCU\Software\Classes writes and HKLM for non elevated process)

    • -

Package

    -

  • Machine Registry\Client\Packages\PkgGUID\Versions\VerGuid\Registry\Machine

    • -

  • User Registry Classes\Client\Packages\PkgGUID\Versions\VerGUID\Registry

    • -

Native

    -

  • Native application registry location

    • -
- - - - - -**Connection Group VReg:** - - ---- - - - - - - - - - - - - - - - - - - -

Location

Description

COW

    -

  • Machine Registry\Client\PackageGroups\GrpGUID\REGISTRY (only elevate process can write)

    • -

  • User Registry\Client\PackageGroups\GrpGUID\REGISTRY (Anything written to HKCU except Software\Classes

    • -

  • User Registry Classes\Client\PackageGroups\GrpGUID\REGISTRY

    • -

Package

    -

  • Machine Registry\Client\PackageGroups\GrpGUID\Versions\VerGUID\REGISTRY

    • -

  • User Registry Classes\Client\PackageGroups\GrpGUID\Versions\VerGUID\REGISTRY

    • -

Native

    -

  • Native application registry location

    • -
- - - - - -There are two COW locations for HKLM; elevated and non-elevated processes. Elevated processes always write HKLM changes to the secure COW under HKLM. Non-elevated processes always write HKLM changes to the non-secure COW under HKCU\\Software\\Classes. When an application reads changes from HKLM, elevated processes will read changes from the secure COW under HKLM. Non-elevated reads from both, favoring the changes made in the unsecure COW first. - -### Pass-through keys - -Pass-through keys enable an administrator to configure certain keys so they can only be read from the native registry, bypassing the Package and COW locations. Pass-through locations are global to the machine (not package specific) and can be configured by adding the path to the key, which should be treated as pass-through to the **REG\_MULTI\_SZ** value called **PassThroughPaths** of the key `HKLM\Software\Microsoft\AppV\Subsystem\VirtualRegistry`. Any key that appears under this multi-string value (and their children) will be treated as pass-through. - -The following locations are configured as pass-through locations by default: - -- HKEY\_CURRENT\_USER\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel - -- HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel - -- HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WINEVT - -- HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\services\\eventlog\\Application - -- HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\WMI\\Autologger - -- HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings - -- HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Perflib - -- HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies - -- HKEY\_CURRENT\_USER\\SOFTWARE\\Policies - -The purpose of Pass-through keys is to ensure that a virtual application does not write registry data in the VReg that is required for non-virtual applications for successful operation or integration. The Policies key ensures that Group Policy based settings set by the administrator are utilized and not per package settings. The AppModel key is required for integration with Windows Modern UI based applications. It is recommend that administers do not modify any of the default pass-through keys, but in some instances, based on application behavior may require adding additional pass-through keys. - -## App-V package store behavior - - -App-V 5 manages the Package Store, which is the location where the expanded asset files from the appv file are stored. By default, this location is stored at %ProgramData%\\App-V, and is limited in terms of storage capabilities only by free disk space. The package store is organized by the GUIDs for the package and version as mentioned in the previous section. - -### Add packages - -App-V Packages are staged upon addition to the computer with the App-V Client. The App-V Client provides on-demand staging. During publishing or a manual Add-AppVClientPackage, the data structure is built in the package store (c:\\programdata\\App-V\\{PkgGUID}\\{VerGUID}). The package files identified in the publishing block defined in the StreamMap.xml are added to the system and the top level folders and child files staged to ensure proper application assets exist at launch. - -### Mounting packages - -Packages can be explicitly loaded using the PowerShell `Mount-AppVClientPackage` or by using the **App-V Client UI** to download a package. This operation completely loads the entire package into the package store. - -### Streaming packages - -The App-V Client can be configured to change the default behavior of streaming. All streaming policies are stored under the following registry key: `HKEY_LOCAL_MAcHINE\Software\Microsoft\AppV\Client\Streaming`. Policies are set using the PowerShell cmdlet `Set-AppvClientConfiguration`. The following policies apply to Streaming: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PolicyDescription

AllowHighCostLaunch

On Windows 8 it allows streaming over 3G and cellular networks

AutoLoad

Specifies the Background Load setting:

-

0 - Disabled

-

1 – Previously Used Packages only

-

2 – All Packages

PackageInstallationRoot

The root folder for the package store in the local machine

PackageSourceRoot

The root override where packages should be streamed from

SharedContentStoreMode

Enables the use of Shared Content Store for VDI scenarios

- - - - - -These settings affect the behavior of streaming App-V package assets to the client. By default, App-V only downloads the assets required after downloading the initial publishing and primary feature blocks. There are three specific behaviors around streaming packages that must be explained: - -- Background Streaming - -- Optimized Streaming - -- Stream Faults - -### Background streaming - -The PowerShell cmdlet `Get-AppvClientConfiguration` can be used to determine the current mode for background streaming with the AutoLoad setting and modified with the cmdlet Set-AppvClientConfiguration or from the registry (HKLM\\SOFTWARE\\Microsoft\\AppV\\ClientStreaming key). Background streaming is a default setting where the Autoload setting is set to download previously used packages. The behavior based on default setting (value=1) downloads App-V data blocks in the background after the application has been launched. This setting can be disabled all together (value=0) or enabled for all packages (value=2), whether they have been launched. - -### Optimized streaming - -App-V packages can be configured with a primary feature block during sequencing. This setting allows the sequencing engineer to monitor launch files for a specific application, or applications, and mark the blocks of data in the App-V package for streaming at first launch of any application in the package. - -### Stream faults - -After the initial stream of any publishing data and the primary feature block, requests for additional files perform stream faults. These blocks of data are downloaded to the package store on an as-needed basis. This allows a user to download only a small part of the package, typically enough to launch the package and run normal tasks. All other blocks are downloaded when a user initiates an operation that requires data not currently in the package store. - -For more information on App-V Package streaming visit: . - -Sequencing for streaming optimization is available at: . - -### Package upgrades - -App-V Packages require updating throughout the lifecycle of the application. App-V Package upgrades are similar to the package publish operation, as each version will be created in its own PackageRoot location: `%ProgramData%\App-V\{PkgGUID}\{newVerGUID}`. The upgrade operation is optimized by creating hard links to identical- and streamed-files from other versions of the same package. - -### Package removal - -The behavior of the App-V Client when packages are removed depends on the method used for removal. Using an App-V full infrastructure to unpublish the application, the user catalog files (machine catalog for globally published applications) are removed, but retains the package store location and COW locations. When the PowerShell cmdlet `Remove-AppVClientPackge` is used to remove an App-V Package, the package store location is cleaned. Remember that unpublishing an App-V Package from the Management Server does not perform a Remove operation. Neither operation will remove the Package Store package files. - -## Roaming registry and data - - -App-V 5 is able to provide a near-native experience when roaming, depending on how the application being used is written. By default, App-V roams AppData that is stored in the roaming location, based on the roaming configuration of the operating system. Other locations for storage of file-based data do not roam from computer to computer, since they are in locations that are not roamed. - -### Roaming requirements and user catalog data storage - -App-V stores data, which represents the state of the user’s catalog, in the form of: - -- Files under %appdata%\\Microsoft\\AppV\\Client\\Catalog - -- Registry settings under `HKEY_CURRENT_USER\Software\Microsoft\AppV\Client\Packages` - -Together, these files and registry settings represent the user’s catalog, so either both must be roamed, or neither must be roamed for a given user. App-V does not support roaming %AppData%, but not roaming the user’s profile (registry), or vice versa. - -**Note**   -The **Repair-AppvClientPackage** cmdlet does not repair the publishing state of packages, where the user’s App-V state under `HKEY_CURRENT_USER` is missing or mismatched with the data in %appdata%. - - - -### Registry-based data - -App-V registry roaming falls into two scenarios, as shown in the following table. - - ---- - - - - - - - - - - - - - - - - -
ScenarioDescription

Applications that are run as standard users

When a standard user launches an App-V application, both HKLM and HKCU for App-V applications are stored in the HKCU hive on the machine. This presents as two distinct paths:

-
    -

  • HKLM: HKCU\SOFTWARE\Classes\AppV\Client\Packages{PkgGUID}\REGISTRY\MACHINE\SOFTWARE

    • -

  • HKCU: HKCU\SOFTWARE\Microsoft\AppV\Client\Packages{PkgGUID}\REGISTRY\USER{UserSID}\SOFTWARE

    • -
-

The locations are enabled for roaming based on the operating system settings.

Applications that are run with elevation

When an application is launched with elevation:

-
    -

  • HKLM data is stored in the HKLM hive on the local computer

    • -

  • HKCU data is stored in the User Registry location

    • -
-

In this scenario, these settings are not roamed with normal operating system roaming configurations, and the resulting registry keys and values are stored in the following location:

-
    -

  • HKLM\SOFTWARE\Microsoft\AppV\Client\Packages{PkgGUID}{UserSID}\REGISTRY\MACHINE\SOFTWARE

    • -

  • HKCU\SOFTWARE\Microsoft\AppV\Client\Packages{PkgGUID}\Registry\User{UserSID}\SOFTWARE

    • -
- - - -### App-V and folder redirection - -App-V 5.0 SP2 supports folder redirection of the roaming AppData folder (%AppData%). When the virtual environment is started, the roaming AppData state from the user’s roaming AppData directory is copied to the local cache. Conversely, when the virtual environment is shut down, the local cache that is associated with a specific user’s roaming AppData is transferred to the actual location of that user’s roaming AppData directory. - -A typical package has several locations mapped in the user’s backing store for settings in both AppData\\Local and AppData\\Roaming. These locations are the Copy on Write locations that are stored per user in the user’s profile, and that are used to store changes made to the package VFS directories and to protect the default package VFS. - -The following table shows local and roaming locations, when folder redirection has not been implemented. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
VFS directory in packageMapped location of backing store

ProgramFilesX86

C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\ProgramFilesX86

SystemX86

C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\SystemX86

Windows

C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\Windows

appv_ROOT

C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\appv_ROOT

AppData

C:\users\jsmith\AppData<strong>Roaming\Microsoft\AppV\Client\VFS&lt;GUID>\AppData

- - - - - -The following table shows local and roaming locations, when folder redirection has been implemented for %AppData%, and the location has been redirected (typically to a network location). - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
VFS directory in packageMapped location of backing store

ProgramFilesX86

C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\ProgramFilesX86

SystemX86

C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\SystemX86

Windows

C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\Windows

appv_ROOT

C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\appv_ROOT

AppData

\Fileserver\users\jsmith\roaming\Microsoft\AppV\Client\VFS&lt;GUID>\AppData

- - - - - -The current App-V Client VFS driver cannot write to network locations, so the App-V Client detects the presence of folder redirection and copies the data on the local drive during publishing and when the virtual environment starts. After the user closes the App-V application and the App-V Client closes the virtual environment, the local storage of the VFS AppData is copied back to the network, enabling roaming to additional machines, where the process will be repeated. The detailed steps of the processes are: - -1. During publishing or virtual environment startup, the App-V Client detects the location of the AppData directory. - -2. If the roaming AppData path is local or ino AppData\\Roaming location is mapped, nothing happens. - -3. If the roaming AppData path is not local, the VFS AppData directory is mapped to the local AppData directory. - -This process solves the problem of a non-local %AppData% that is not supported by the App-V Client VFS driver. However, the data stored in this new location is not roamed with folder redirection. All changes during the running of the application happen to the local AppData location and must be copied to the redirected location. The detailed steps of this process are: - -1. App-V application is shut down, which shuts down the virtual environment. - -2. The local cache of the roaming AppData location is compressed and stored in a ZIP file. - -3. A timestamp at the end of the ZIP packaging process is used to name the file. - -4. The timestamp is recorded in the registry: HKEY\_CURRENT\_USER\\Software\\Microsoft\\AppV\\Client\\Packages\\<GUID>\\AppDataTime as the last known AppData timestamp. - -5. The folder redirection process is called to evaluate and initiate the ZIP file uploaded to the roaming AppData directory. - -The timestamp is used to determine a “last writer wins” scenario if there is a conflict and is used to optimize the download of the data when the App-V application is published or the virtual environment is started. Folder redirection will make the data available from any other clients covered by the supporting policy and will initiate the process of storing the AppData\\Roaming data to the local AppData location on the client. The detailed processes are: - -1. The user starts the virtual environment by starting an application. - -2. The application’s virtual environment checks for the most recent time stamped ZIP file, if present. - -3. The registry is checked for the last known uploaded timestamp, if present. - -4. The most recent ZIP file is downloaded unless the local last known upload timestamp is greater than or equal to the timestamp from the ZIP file. - -5. If the local last known upload timestamp is earlier than that of the most recent ZIP file in the roaming AppData location, the ZIP file is extracted to the local temp directory in the user’s profile. - -6. After the ZIP file is successfully extracted, the local cache of the roaming AppData directory is renamed and the new data is moved into place. - -7. The renamed directory is deleted and the application opens with the most recently saved roaming AppData data. - -This completes the successful roaming of application settings that are present in AppData\\Roaming locations. The only other condition that must be addressed is a package repair operation. The details of the process are: - -1. During repair, detect if the path to the user’s roaming AppData directory is not local. - -2. Map the non-local roaming AppData path targets are recreated the expected roaming and local AppData locations. - -3. Delete the timestamp stored in the registry, if present. - -This process will re-create both the local and network locations for AppData and remove the registry record of the timestamp. - -## App-V client application lifecycle management - - -In an App-V Full Infrastructure, after applications are sequenced they are managed and published to users or computers via the App-V Management and Publishing servers. This section details the operations that occur during the common App-V application lifecycle operations (Add, publishing, launch, upgrade, and removal) and the file and registry locations that are changed and modified from the App-V Client perspective. The App-V Client operations are performed as a series of PowerShell commands initiated on the computer running the App-V Client. - -This document focuses on App-V Full Infrastructure solutions. For specific information on App-V Integration with Configuration Manager 2012 visit: . - -The App-V application lifecycle tasks are triggered at user login (default), machine startup, or as background timed operations. The settings for the App-V Client operations, including Publishing Servers, refresh intervals, package script enablement, and others, are configured during setup of the client or post-setup with PowerShell commands. See the How to Deploy the Client section on TechNet at: [How to Deploy the App-V Client](how-to-deploy-the-app-v-client-gb18030.md) or utilize the PowerShell: - -```powershell -get-command *appv* -``` - -### Publishing refresh - -The publishing refresh process is comprised of several smaller operations that are performed on the App-V Client. Since App-V is an application virtualization technology and not a task scheduling technology, the Windows Task Scheduler is utilized to enable the process at user logon, machine startup, and at scheduled intervals. The configuration of the client during setup listed above is the preferred method when distributing the client to a large group of computers with the correct settings. These client settings can be configured with the following PowerShell cmdlets: - -- **Add-AppVPublishingServer:** Configures the client with an App-V Publishing Server that provides App-V packages. - -- **Set-AppVPublishingServer:** Modifies the current settings for the App-V Publishing Server. - -- **Set-AppVClientConfiguration:** Modifies the currents settings for the App-V Client. - -- **Sync-AppVPublishingServer:** Initiates an App-V Publishing Refresh process manually. This is also utilized in the scheduled tasks created during configuration of the publishing server. - -The focus of the following sections is to detail the operations that occur during different phases of an App-V Publishing Refresh. The topics include: - -- Adding an App-V Package - -- Publishing an App-V Package - -### Adding an App-V package - -Adding an App-V package to the client is the first step of the publishing refresh process. The end result is the same as the `Add-AppVClientPackage` cmdlet in PowerShell, except during the publishing refresh add process, the configured publishing server is contacted and passes a high-level list of applications back to the client to pull more detailed information and not a single package add operation. The process continues by configuring the client for package or connection group additions or updates, then accesses the appv file. Next, the contents of the appv file are expanded and placed on the local operating system in the appropriate locations. The following is a detailed workflow of the process, assuming the package is configured for Fault Streaming. - -**How to add an App-V package** - -1. Manual initiation via PowerShell or Task Sequence initiation of the Publishing Refresh process. - - 1. The App-V Client makes an HTTP connection and requests a list of applications based on the target. The Publishing refresh process supports targeting machines or users. - - 2. The App-V Publishing Server uses the identity of the initiating target, user or machine, and queries the database for a list of entitled applications. The list of applications is provided as an XML response, which the client uses to send additional requests to the server for more information on a per package basis. - -2. The Publishing Agent on the App-V Client performs all actions below serialized. - - Evaluate any connection groups that are unpublished or disabled, since package version updates that are part of the connection group cannot be processed. - -3. Configure the packages by identifying an Add or Update operations. - - 1. The App-V Client utilizes the AppX API from Windows and accesses the appv file from the publishing server. - - 2. The package file is opened and the AppXManifest.xml and StreamMap.xml are downloaded to the Package Store. - - 3. Completely stream publishing block data defined in the StreamMap.xml. Stores the publishing block data in the Package Store\\PkgGUID\\VerGUID\\Root. - - - Icons: Targets of extension points. - - - Portable Executable Headers (PE Headers): Targets of extension points that contain the base information about the image need on disk, directly accessed or via file types. - - - Scripts: Download scripts directory for use throughout the publishing process. - - 4. Populate the Package store: - - 1. Create sparse files on disk that represent the extracted package for any directories listed. - - 2. Stage top level files and directories under root. - - 3. All other files are created when the directory is listed as sparse on disk and streamed on demand. - - 5. Create the machine catalog entries. Create the Manifest.xml and DeploymentConfiguration.xml from the package files (if no DeploymentConfiguration.xml file in the package a placeholder is created). - - 6. Create location of the package store in the registry HKLM\\Software\\Microsoft\\AppV\\Client\\Packages\\PkgGUID\\Versions\\VerGUID\\Catalog - - 7. Create the Registry.dat file from the package store to %ProgramData%\\Microsoft\\AppV\\Client\\VReg\\{VersionGUID}.dat - - 8. Register the package with the App-V Kernel Mode Driver HKLM\\Microsoft\\Software\\AppV\\MAV - - 9. Invoke scripting from the AppxManifest.xml or DeploymentConfig.xml file for Package Add timing. - -4. Configure Connection Groups by adding and enabling or disabling. - -5. Remove objects that are not published to the target (user or machine). - - **Note**   - This will not perform a package deletion but rather remove integration points for the specific target (user or machine) and remove user catalog files (machine catalog files for globally published). - - - -6. Invoke background load mounting based on client configuration. - -7. Packages that already have publishing information for the machine or user are immediately restored. - - **Note**   - This condition occurs as a product of removal without unpublishing with background addition of the package. - - - -This completes an App-V package add of the publishing refresh process. The next step is publishing the package to the specific target (machine or user). - -![package add file and registry data](images/packageaddfileandregistrydata.png) - -### Publishing an App-V package - -During the Publishing Refresh operation, the specific publishing operation (Publish-AppVClientPackage) adds entries to the user catalog, maps entitlement to the user, identifies the local store, and finishes by completing any integration steps. The following are the detailed steps. - -**How to publish and App-V package** - -1. Package entries are added to the user catalog - - 1. User targeted packages: the UserDeploymentConfiguration.xml and UserManifest.xml are placed on the machine in the User Catalog - - 2. Machine targeted (global) packages: the UserDeploymentConfiguration.xml is placed in the Machine Catalog - -2. Register the package with the kernel mode driver for the user at HKLM\\Software\\Microsoft\\AppV\\MAV - -3. Perform integration tasks. - - 1. Create extension points. - - 2. Store backup information in the user’s registry and roaming profile (Shortcut Backups). - - **Note**   - This enables restore extension points if the package is unpublished. - - - - 3. Run scripts targeted for publishing timing. - -Publishing an App-V Package that is part of a Connection Group is very similar to the above process. For connection groups, the path that stores the specific catalog information includes PackageGroups as a child of the Catalog Directory. Review the machine and users catalog information above for details. - -![package add file and registry data - global](images/packageaddfileandregistrydata-global.png) - -### Application launch - -After the Publishing Refresh process, the user launches and subsequently re-launches an App-V application. The process is very simple and optimized to launch quickly with a minimum of network traffic. The App-V Client checks the path to the user catalog for files created during publishing. After rights to launch the package are established, the App-V Client creates a virtual environment, begins streaming any necessary data, and applies the appropriate manifest and deployment configuration files during virtual environment creation. With the virtual environment created and configured for the specific package and application, the application starts. - -**How to launch App-V applications** - -1. User launches the application by clicking on a shortcut or file type invocation. - -2. The App-V Client verifies existence in the User Catalog for the following files - - - UserDeploymentConfiguration.xml - - - UserManifest.xml - -3. If the files are present, the application is entitled for that specific user and the application will start the process for launch. There is no network traffic at this point. - -4. Next, the App-V Client checks that the path for the package registered for the App-V Client service is found in the registry. - -5. Upon finding the path to the package store, the virtual environment is created. If this is the first launch, the Primary Feature Block downloads if present. - -6. After downloading, the App-V Client service consumes the manifest and deployment configuration files to configure the virtual environment and all App-V subsystems are loaded. - -7. The Application launches. For any missing files in the package store (sparse files), App-V will stream fault the files on an as needed basis. - - ![package add file and registry data - stream](images/packageaddfileandregistrydata-stream.png) - -### Upgrading an App-V package - -The App-V 5 package upgrade process differs from the older versions of App-V. App-V supports multiple versions of the same package on a machine entitled to different users. Package versions can be added at any time as the package store and catalogs are updated with the new resources. The only process specific to the addition of new version resources is storage optimization. During an upgrade, only the new files are added to the new version store location and hard links are created for unchanged files. This reduces the overall storage by only presenting the file on one disk location and then projecting it into all folders with a file location entry on the disk. The specific details of upgrading an App-V Package are as follows: - -**How to upgrade an App-V package** - -1. The App-V Client performs a Publishing Refresh and discovers a newer version of an App-V Package. - -2. Package entries are added to the appropriate catalog for the new version - - 1. User targeted packages: the UserDeploymentConfiguration.xml and UserManifest.xml are placed on the machine in the user catalog at appdata\\roaming\\Microsoft\\AppV\\Client\\Catalog\\Packages\\PkgGUID\\VerGUID - - 2. Machine targeted (global) packages: the UserDeploymentConfiguration.xml is placed in the machine catalog at %programdata%\\Microsoft\\AppV\\Client\\Catalog\\Packages\\PkgGUID\\VerGUID - -3. Register the package with the kernel mode driver for the user at HKLM\\Software\\Microsoft\\AppV\\MAV - -4. Perform integration tasks. - - - Integrate extensions points (EP) from the Manifest and Dynamic Configuration files. - - 1. File based EP data is stored in the AppData folder utilizing Junction Points from the package store. - - 2. Version 1 EPs already exist when a new version becomes available. - - 3. The extension points are switched to the Version 2 location in machine or user catalogs for any newer or updated extension points. - -5. Run scripts targeted for publishing timing. - -6. Install Side by Side assemblies as required. - -### Upgrading an in-use App-V package - -**Starting in App-V 5 SP2**: If you try to upgrade a package that is in use by an end user, the upgrade task is placed in a pending state. The upgrade will run later, according to the following rules: - - ---- - - - - - - - - - - - - - - - - -
Task typeApplicable rule

User-based task, e.g., publishing a package to a user

The pending task will be performed after the user logs off and then logs back on.

Globally based task, e.g., enabling a connection group globally

The pending task will be performed when the computer is shut down and then restarted.

- - - -When a task is placed in a pending state, the App-V client also generates a registry key for the pending task, as follows: - - ---- - - - - - - - - - - - - - - - - -
User-based or globally based taskWhere the registry key is generated

User-based tasks

KEY_CURRENT_USER\Software\Microsoft\AppV\Client\PendingTasks

Globally based tasks

HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\PendingTasks

- - - -The following operations must be completed before users can use the newer version of the package: - - ---- - - - - - - - - - - - - - - - - -
TaskDetails

Add the package to the computer

This task is computer specific and you can perform it at any time by completing the steps in the Package Add section above.

Publish the package

See the Package Publishing section above for steps. This process requires that you update extension points on the system. End users cannot be using the application when you complete this task.

- - - -Use the following example scenarios as a guide for updating packages. - - ---- - - - - - - - - - - - - - - - - -
ScenarioRequirements

App-V package is not in use when you try to upgrade

None of the following components of the package can be in use: virtual application, COM server, or shell extensions.

-

The administrator publishes a newer version of the package and the upgrade works the next time a component or application inside the package is launched. The new version of the package is streamed and run. Nothing has changed in this scenario in App-V 5 SP2 from previous releases of App-V 5.

App-V package is in use when the administrator publishes a newer version of the package

The upgrade operation is set to pending by the App-V Client, which means that it is queued and carried out later when the package is not in use.

-

If the package application is in use, the user shuts down the virtual application, after which the upgrade can occur.

-

If the package has shell extensions (Office 2013), which are permanently loaded by Windows Explorer, the user cannot be logged in. Users must log off and the log back in to initiate the App-V package upgrade.

- - - -### Global vs user publishing - -App-V Packages can be published in one of two ways; User which entitles an App-V package to a specific user or group of users and Global which entitles the App-V package to the entire machine for all users of the machine. Once a package upgrade has been pended and the App-V package is not in use, consider the two types of publishing: - -- **Globally published**: the application is published to a machine; all users on that machine can use it. The upgrade will happen when the App-V Client Service starts, which effectively means a machine restart. - -- **User published**: the application is published to a user. If there are multiple users on the machine, the application can be published to a subset of the users. The upgrade will happen when the user logs in or when it is published again (periodically, ConfigMgr Policy refresh and evaluation, or an App-V periodic publishing/refresh, or explicitly via PowerShell commands). - -### Removing an App-V package - -Removing App-V applications in a Full Infrastructure is an unpublish operation, and does not perform a package removal. The process is the same as the publish process above, but instead of adding the removal process reverses the changes that have been made for App-V Packages. - -### Repairing an App-V package - -The repair operation is very simple but may affect many locations on the machine. The previously mentioned Copy on Write (COW) locations are removed, and extension points are de-integrated and then re-integrated. Please review the COW data placement locations by reviewing where they are registered in the registry. This operation is done automatically and there is no administrative control other than initiating a Repair operation from the App-V Client Console or via PowerShell (Repair-AppVClientPackage). - -## Integration of App-V packages - - -The App-V Client and package architecture provides specific integration with the local operating system during the addition and publishing of packages. Three files define the integration or extension points for an App-V Package: - -- AppXManifest.xml: Stored inside of the package with fallback copies stored in the package store and the user profile. Contains the options created during the sequencing process. - -- DeploymentConfig.xml: Provides configuration information of computer and user based integration extension points. - -- UserConfig.xml: A subset of the Deploymentconfig.xml that only provides user- based configurations and only targets user-based extension points. - -### Rules of integration - -When App-V applications are published to a computer with the App-V Client, some specific actions take place as described in the list below: - -- Global Publishing: Shortcuts are stored in the All Users profile location and other extension points are stored in the registry in the HKLM hive. - -- User Publishing: Shortcuts are stored in the current user account profile and other extension points are stored in the registry in the HKCU hive. - -- Backup and Restore: Existing native application data and registry (such as FTA registrations) are backed up during publishing. - - 1. App-V packages are given ownership based on the last integrated package where the ownership is passed to the newest published App-V application. - - 2. Ownership transfers from one App-V package to another when the owning App-V package is unpublished. This will not initiate a restore of the data or registry. - - 3. Restore the backed up data when the last package is unpublished or removed on a per extension point basis. - -### Extension points - -The App-V publishing files (manifest and dynamic configuration) provide several extension points that enable the application to integrate with the local operating system. These extension points perform typical application installation tasks, such as placing shortcuts, creating file type associations, and registering components. As these are virtualized applications that are not installed in the same manner a traditional application, there are some differences. The following is a list of extension points covered in this section: - -- Shortcuts - -- File Type Associations - -- Shell Extensions - -- COM - -- Software Clients - -- Application capabilities - -- URL Protocol Handler - -- AppPath - -- Virtual Application - -### Shortcuts - -The short cut is one of the basic elements of integration with the OS and is the interface for direct user launch of an App-V application. During the publishing and unpublishing of App-V applications. - -From the package manifest and dynamic configuration XML files, the path to a specific application executable can be found in a section similar to the following: - -```xml - - - [{Common Desktop}]\Adobe Reader 9.lnk - [{AppVPackageRoot}]\Reader\AcroRd32.exe - [{Windows}]\Installer\{AC76BA86-7AD7-1033-7B44-A94000000001}\SC_Reader.ico - - - 1 - [{AppVPackageRoot}]\Reader\AcroRd32.exe - - -``` - -As mentioned previously, the App-V shortcuts are placed by default in the user’s profile based on the refresh operation. Global refresh places shortcuts in the All Users profile and user refresh stores them in the specific user’s profile. The actual executable is stored in the Package Store. The location of the ICO file is a tokenized location in the App-V package. - -### File type associations - -The App-V Client manages the local operating system File Type Associations during publishing, which enables users to use file type invocations or to open a file with a specifically registered extension (.docx) to start an App-V application. File type associations are present in the manifest and dynamic configuration files as represented in the example below: - -```xml - - - - .xdp - AcroExch.XDPDoc - application/vnd.adobe.xdp+xml - - - AcroExch.XDPDoc - Adobe Acrobat XML Data Package File - 65536 - [{Windows}]\Installer\{AC76BA86-7AD7-1033-7B44-A94000000001}\XDPFile_8.ico - - Read - - [{AppVPackageRoot}]\Reader\AcroRd32.exe - Open - "[{AppVPackageRoot}]\Reader\AcroRd32.exe" "%1" - - - [{AppVPackageRoot}]\Reader\AcroRd32.exe - Printto - "[{AppVPackageRoot}]\Reader\AcroRd32.exe" /t "%1" "%2" "%3" "%4" - - - [{AppVPackageRoot}]\Reader\AcroRd32.exe - Read - Open with Adobe Reader 9 - "[{AppVPackageRoot}]\Reader\AcroRd32.exe" "%1" - - - - - -``` - -**Note**   -In this example: - -- `.xdp` is the extension - -- `AcroExch.XDPDoc` is the ProgId value (which points to the adjoining ProgId) - -- `"[{AppVPackageRoot}]\Reader\AcroRd32.exe" "%1"` is the command line, which points to the application executable - - - -### Shell extensions - -Shell extensions are embedded in the package automatically during the sequencing process. When the package is published globally, the shell extension gives users the same functionality as if the application were locally installed. The application requires no additional setup or configuration on the client to enable the shell extension functionality. - -**Requirements for using shell extensions:** - -- Packages that contain embedded shell extensions must be published globally. - -- The “bitness” of the application, Sequencer, and App-V client must match, or the shell extensions won’t work. For example: - - - The version of the application is 64-bit. - - - The Sequencer is running on a 64-bit computer. - - - The package is being delivered to a 64-bit App-V client computer. - -The following table displays the supported shell extensions. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
HandlerDescription

Context menu handler

Adds menu items to the context menu. It is called before the context menu is displayed.

Drag-and-drop handler

Controls the action upon right-click drag-and-drop and modifies the context menu that appears.

Drop target handler

Controls the action after a data object is dragged-and-dropped over a drop target such as a file.

Data object handler

Controls the action after a file is copied to the clipboard or dragged-and-dropped over a drop target. It can provide additional clipboard formats to the drop target.

Property sheet handler

Replaces or adds pages to the property sheet dialog box of an object.

Infotip handler

Allows retrieving flags and infotip information for an item and displaying it inside a popup tooltip upon mouse- hover.

Column handler

Allows creating and displaying custom columns in Windows Explorer Details view. It can be used to extend sorting and grouping.

Preview handler

Enables a preview of a file to be displayed in the Windows Explorer Preview Pane.

- - - -### COM - -The App-V Client supports publishing applications with support for COM integration and virtualization. COM integration allows the App-V Client to register COM objects on the local operating system and virtualization of the objects. For the purposes of this document, the integration of COM objects requires additional detail. - -App-V supports registering COM objects from the package to the local operating system with two process types: Out-of-process and in-process. Registering COM objects is accomplished with one or a combination of multiple modes of operation for a specific App-V package that includes off, Isolated, and Integrated. The integrated mode is configured for either the out-of-process or in-process type. Configuration of COM modes and types is accomplished with dynamic configuration files (deploymentconfig.xml or userconfig.xml). - -Details on App-V integration are available at: . - -### Software clients and application capabilities - -App-V supports specific software clients and application capabilities extension points that enable virtualized applications to be registered with the software client of the operating system. This enables users to select default programs for operations like email, instant messaging, and media player. This operation is performed in the control panel with the Set Program Access and Computer Defaults, and configured during sequencing in the manifest or dynamic configuration files. Application capabilities are only supported when the App-V applications are published globally. - -Example of software client registration of an App-V based mail client. - -```xml - - - - - - - Mozilla Thunderbird - Mozilla Thunderbird - [{ProgramFilesX86}]\Mozilla Thunderbird\thunderbird.exe,0 - - - "[{ProgramFilesX86}]\Mozilla Thunderbird\uninstall\helper.exe" /SetAsDefaultAppGlobal - "[{ProgramFilesX86}]\Mozilla Thunderbird\uninstall\helper.exe" /HideShortcuts - "[{ProgramFilesX86}]\Mozilla Thunderbird\uninstall\helper.exe" /ShowShortcuts - - 1 - - - - [{ProgramFilesX86}]\Mozilla Thunderbird\thunderbird.exe - "[{ProgramFilesX86}]\Mozilla Thunderbird\thunderbird.exe" -mail - - [{ProgramFilesX86}]\Mozilla Thunderbird\mozMapi32_InUse.dll - - Thunderbird URL - 2 - [{ProgramFilesX86}]\Mozilla Thunderbird\thunderbird.exe,0 - - [{ProgramFilesX86}]\Mozilla Thunderbird\thunderbird.exe - "[{ProgramFilesX86}]\Mozilla Thunderbird\thunderbird.exe" -osint -compose "%1" - - - - - - - -``` - -**Note**   -In this example: - -- `` is the overall Software Clients setting to integrate Email clients - -- `` is the flag to set a particular Email client as the default Email client - -- `[{ProgramFilesX86}]\Mozilla Thunderbird\mozMapi32_InUse.dll` is the MAPI dll registration - - - -### URL Protocol handler - -Applications do not always specifically called virtualized applications utilizing file type invocation. For, example, in an application that supports embedding a mailto: link inside a document or web page, the user clicks on a mailto: link and expects to get their registered mail client. App-V supports URL Protocol handlers that can be registered on a per-package basis with the local operating system. During sequencing, the URL protocol handlers are automatically added to the package. - -For situations where there is more than one application that could register the specific URL Protocol handler, the dynamic configuration files can be utilized to modify the behavior and suppress or disable this feature for an application that should not be the primary application launched. - -### AppPath - -The AppPath extension point supports calling App-V applications directly from the operating system. This is typically accomplished from the Run or Start Screen, depending on the operating system, which enables administrators to provide access to App-V applications from operating system commands or scripts without calling the specific path to the executable. It therefore avoids modifying the system path environment variable on all systems, as it is accomplished during publishing. - -The AppPath extension point is configured either in the manifest or in the dynamic configuration files and is stored in the registry on the local machine during publishing for the user. For additional information on AppPath review: . - -### Virtual application - -This subsystem provides a list of applications captured during sequencing which is usually consumed by other App-V components. Integration of extension points belonging to a particular application can be disabled using dynamic configuration files. For example, if a package contains two applications, it is possible to disable all extension points belonging to one application, in order to allow only integration of extension points of other application. - -### Extension point rules - -The extension points described above are integrated into the operating system based on how the packages has been published. Global publishing places extension points in public machine locations, where user publishing places extension points in user locations. For example a shortcut that is created on the desktop and published globally will result in the file data for the shortcut (%Public%\\Desktop) and the registry data (HKLM\\Software\\Classes). The same shortcut would have file data (%UserProfile%\\Desktop) and registry data (HKCU\\Software\\Classes). - -Extension points are not all published the same way, where some extension points will require global publishing and others require sequencing on the specific operating system and architecture where they are delivered. Below is a table that describes these two key rules. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Virtual ExtensionRequires target OS SequencingRequires Global Publishing

Shortcut

File Type Association

URL Protocols

X

AppPaths

X

COM Mode

Software Client

X

Application Capabilities

X

X

Context Menu Handler

X

X

Drag-and-drop Handler

X

Data Object Handler

X

Property Sheet Handler

X

Infotip Handler

X

Column Handler

X

Shell Extensions

X

Browser Helper Object

X

X

Active X Object

X

X

- - - -## Dynamic configuration processing - - -Deploying App-V packages to one machine or user is very simple. However, as organizations deploy AppV applications across business lines and geographic and political boundaries, the ability to sequence an application one time with one set of settings becomes impossible. App-V was designed for this scenario, as it captures specific settings and configurations during sequencing in the Manifest file, but also supports modification with Dynamic Configuration files. - -App-V dynamic configuration allows for specifying a policy for a package either at the machine level or at the user level. The Dynamic Configuration files enable sequencing engineers to modify the configuration of a package, post-sequencing, to address the needs of individual groups of users or machines. In some instances it may be necessary to make modifications to the application to provide proper functionality within the App-V environment. For example, it may be necessary to make modifications to the \_\*config.xml files to allow certain actions to be performed at a specified time during the execution of the application, like disabling a mailto extension to prevent a virtualized application from overwriting that extension from another application. - -App-V Packages contain the Manifest file inside of the appv package file, which is representative of sequencing operations and is the policy of choice unless Dynamic Configuration files are assigned to a specific package. Post-sequencing, the Dynamic Configuration files can be modified to allow the publishing of an application to different desktops or users with different extension points. The two Dynamic Configuration Files are the Dynamic Deployment Configuration (DDC) and Dynamic User Configuration (DUC) files. This section focuses on the combination of the manifest and dynamic configuration files. - -### Example for dynamic configuration files - -The example below shows the combination of the Manifest, Deployment Configuration and User Configuration files after publishing and during normal operation. These examples are abbreviated examples of each of the files. The purpose is show the combination of the files only and not to be a complete description of the specific categories available in each of the files. For more information review the App-V 5 Sequencing Guide at: - -**Manifest** - -```xml - - - [{Common Programs}]\7-Zip\7-Zip File Manager.lnk - [{AppVPackageRoot}]\7zFM.exe - [{AppVPackageRoot}]\7zFM exe.O.ico - - -``` - -**Deployment Configuration** - -```xml - - - - - - - - - - -``` - -**User Configuration** - -```xml - - - - - [{Desktop}]\7-Zip\7-Zip File Manager.lnk - [{AppVPackageRoot}]\7zFM.exe - [{AppVPackageRoot}]\7zFM exe.O.ico - - - - - - - - [{Desktop}]\7-Zip\7-Zip File Manager.lnk - [{AppVPackageRoot}]\7zFM.exe - [{AppVPackageRoot}]\7zFM.exe.O.ico - - - [{Common Programs}]\7-Zip\7-Zip File Manager.Ink - [{AppVPackageRoot}]\7zFM.exe - [{AppVPackageRoot)]\7zFM.exe.O.ico - - - - - - - - - - - - -``` - -## Side-by-side assemblies - - -App-V supports the automatic packaging of side-by-side (SxS) assemblies during sequencing and deployment on the client during virtual application publishing. App-V 5 SP2 supports capturing SxS assemblies during sequencing for assemblies not present on the sequencing machine. And for assemblies consisting of Visual C++ (Version 8 and newer) and/or MSXML run-time, the Sequencer will automatically detect and capture these dependencies even if they were not installed during monitoring. The Side by Side assemblies feature removes the limitations of previous versions of App-V, where the App-V Sequencer did not capture assemblies already present on the sequencing workstation, and privatizing the assemblies which limited to one bit version per package. This behavior resulted in deployed App-V applications to clients missing the required SxS assemblies, causing application launch failures. This forced the packaging process to document and then ensure that all assemblies required for packages were locally installed on the user’s client operating system to ensure support for the virtual applications. Based on the number of assemblies and the lack of application documentation for the required dependencies, this task was both a management and implementation challenge. - -Side by Side Assembly support in App-V has the following features. - -- Automatic captures of SxS assembly during Sequencing, regardless of whether the assembly was already installed on the sequencing workstation. - -- The App-V Client automatically installs required SxS assemblies to the client computer at publishing time when they are not present. - -- The Sequencer reports the VC run-time dependency in Sequencer reporting mechanism. - -- The Sequencer allows opting to not package the assemblies that are already installed on the Sequencer, supporting scenarios where the assemblies have previously been installed on the target computers. - -### Automatic publishing of SxS assemblies - -During publishing of an App-V package with SxS assemblies the App-V Client will check for the presence of the assembly on the machine. If the assembly does not exist, the client will deploy the assembly to the machine. Packages that are part of connection groups will rely on the Side by Side assembly installations that are part of the base packages, as the connection group does not contain any information about assembly installation. - -**Note**   -UnPublishing or removing a package with an assembly does not remove the assemblies for that package. - - - -## Client logging - - -The App-V client logs information to the Windows Event log in standard ETW format. The specific App-V events can be found in the event viewer, under Applications and Services Logs\\Microsoft\\AppV\\Client. - -**Note**   -In App-V 5.0 SP3, some logs have been consolidated and moved to the following location: - -`Event logs/Applications and Services Logs/Microsoft/AppV/ServiceLog` - -For a list of the moved logs, see [About App-V 5.0 SP3](about-app-v-50-sp3.md#bkmk-event-logs-moved). - - - -There are three specific categories of events recorded described below. - -**Admin**: Logs events for configurations being applied to the App-V Client, and contains the primary warnings and errors. - -**Operational**: Logs the general App-V execution and usage of individual components creating an audit log of the App-V operations that have been completed on the App-V Client. - -**Virtual Application**: Logs virtual application launches and use of virtualization subsystems. - - - - - - - - - - - - - - diff --git a/mdop/appv-v5/application-publishing-and-client-interaction51.md b/mdop/appv-v5/application-publishing-and-client-interaction51.md deleted file mode 100644 index ba6d7e8fe7..0000000000 --- a/mdop/appv-v5/application-publishing-and-client-interaction51.md +++ /dev/null @@ -1,1635 +0,0 @@ ---- -title: Application Publishing and Client Interaction -description: Application Publishing and Client Interaction -author: dansimp -ms.assetid: 36a4bf6f-a917-41a6-9856-6248686df352 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Application Publishing and Client Interaction - - -This article provides technical information about common App-V client operations and their integration with the local operating system. - -- [App-V package files created by the Sequencer](#bkmk-appv-pkg-files-list) - -- [What’s in the appv file?](#bkmk-appv-file-contents) - -- [App-V client data storage locations](#bkmk-files-data-storage) - -- [Package registry](#bkmk-pkg-registry) - -- [App-V package store behavior](#bkmk-pkg-store-behavior) - -- [Roaming registry and data](#bkmk-roaming-reg-data) - -- [App-V client application lifecycle management](#bkmk-clt-app-lifecycle) - -- [Integration of App-V packages](#bkmk-integr-appv-pkgs) - -- [Dynamic configuration processing](#bkmk-dynamic-config) - -- [Side-by-side assemblies](#bkmk-sidebyside-assemblies) - -- [Client logging](#bkmk-client-logging) - -For additional reference information, see [Microsoft Application Virtualization (App-V) Documentation Resources Download Page](https://www.microsoft.com/download/details.aspx?id=27760). - -## App-V package files created by the Sequencer - - -The Sequencer creates App-V packages and produces a virtualized application. The sequencing process creates the following files: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FileDescription

.appv

    -

  • The primary package file, which contains the captured assets and state information from the sequencing process.

    • -

  • Architecture of the package file, publishing information, and registry in a tokenized form that can be reapplied to a machine and to a specific user upon delivery.

    • -

.MSI

Executable deployment wrapper that you can use to deploy .appv files manually or by using a third-party deployment platform.

_DeploymentConfig.XML

File used to customize the default publishing parameters for all applications in a package that is deployed globally to all users on a computer that is running the App-V client.

_UserConfig.XML

File used to customize the publishing parameters for all applications in a package that is a deployed to a specific user on a computer that is running the App-V client.

Report.xml

Summary of messages resulting from the sequencing process, including omitted drivers, files, and registry locations.

.CAB

Optional: Package accelerator file used to automatically rebuild a previously sequenced virtual application package.

.appvt

Optional: Sequencer template file used to retain commonly reused Sequencer settings.

- - - -For information about sequencing, see [Application Virtualization Sequencing Guide](https://go.microsoft.com/fwlink/?LinkID=269810). - -## What’s in the appv file? - - -The appv file is a container that stores XML and non-XML files together in a single entity. This file is built from the AppX format, which is based on the Open Packaging Conventions (OPC) standard. - -To view the appv file contents, make a copy of the package, and then rename the copied file to a ZIP extension. - -The appv file contains the following folder and files, which are used when creating and publishing a virtual application: - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescription

Root

File folder

Directory that contains the file system for the virtualized application that is captured during sequencing.

[Content_Types].xml

XML File

List of the core content types in the appv file (e.g. DLL, EXE, BIN).

AppxBlockMap.xml

XML File

Layout of the appv file, which uses File, Block, and BlockMap elements that enable location and validation of files in the App-V package.

AppxManifest.xml

XML File

Metadata for the package that contains the required information for adding, publishing, and launching the package. Includes extension points (file type associations and shortcuts) and the names and GUIDs associated with the package.

FilesystemMetadata.xml

XML File

List of the files captured during sequencing, including attributes (e.g., directories, files, opaque directories, empty directories,and long and short names).

PackageHistory.xml

XML File

Information about the sequencing computer (operating system version, Internet Explorer version, .Net Framework version) and process (upgrade, package version).

Registry.dat

DAT File

Registry keys and values captured during the sequencing process for the package.

StreamMap.xml

XML File

List of files for the primary and publishing feature block. The publishing feature block contains the ICO files and required portions of files (EXE and DLL) for publishing the package. When present, the primary feature block includes files that have been optimized for streaming during the sequencing process.

- - - -## App-V client data storage locations - - -The App-V client performs tasks to ensure that virtual applications run properly and work like locally installed applications. The process of opening and running virtual applications requires mapping from the virtual file system and registry to ensure the application has the required components of a traditional application expected by users. This section describes the assets that are required to run virtual applications and lists the location where App-V stores the assets. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameLocationDescription

Package Store

%ProgramData%\App-V

Default location for read only package files

Machine Catalog

%ProgramData%\Microsoft\AppV\Client\Catalog

Contains per-machine configuration documents

User Catalog

%AppData%\Microsoft\AppV\Client\Catalog

Contains per-user configuration documents

Shortcut Backups

%AppData%\Microsoft\AppV\Client\Integration\ShortCutBackups

Stores previous integration points that enable restore on package unpublish

Copy on Write (COW) Roaming

%AppData%\Microsoft\AppV\Client\VFS

Writeable roaming location for package modification

Copy on Write (COW) Local

%LocalAppData%\Microsoft\AppV\Client\VFS

Writeable non-roaming location for package modification

Machine Registry

HKLM\Software\Microsoft\AppV

Contains package state information, including VReg for machine or globally published packages (Machine hive)

User Registry

HKCU\Software\Microsoft\AppV

Contains user package state information including VReg

User Registry Classes

HKCU\Software\Classes\AppV

Contains additional user package state information

- - - -Additional details for the table are provided in the section below and throughout the document. - -### Package store - -The App-V Client manages the applications assets mounted in the package store. This default storage location is `%ProgramData%\App-V`, but you can configure it during or after setup by using the `Set-AppVClientConfiguration` PowerShell command, which modifies the local registry (`PackageInstallationRoot` value under the `HKLM\Software\Microsoft\AppV\Client\Streaming` key). The package store must be located at a local path on the client operating system. The individual packages are stored in the package store in subdirectories named for the Package GUID and Version GUID. - -Example of a path to a specific application: - -``` syntax -C:\ProgramData\App-V\PackGUID\VersionGUID -``` - -To change the default location of the package store during setup, see [How to Deploy the App-V Client](how-to-deploy-the-app-v-client-51gb18030.md). - -### Shared Content Store - -If the App-V Client is configured in Shared Content Store mode, no data is written to disk when a stream fault occurs, which means that the packages require minimal local disk space (publishing data). The use of less disk space is highly desirable in VDI environments, where local storage can be limited, and streaming the applications from a high performance network location (such as a SAN) is preferable. For more information on shared content store mode, see . - -**Note**   -The machine and package store must be located on a local drive, even when you’re using Shared Content Store configurations for the App-V Client. - - - -### Package catalogs - -The App-V Client manages the following two file-based locations: - -- **Catalogs (user and machine).** - -- **Registry locations** - depends on how the package is targeted for publishing. There is a Catalog (data store) for the computer, and a catalog for each individual user. The Machine Catalog stores global information applicable to all users or any user, and the User Catalog stores information applicable to a specific user. The Catalog is a collection of Dynamic Configurations and manifest files; there is discrete data for both file and registry per package version.  - -### Machine catalog - - ---- - - - - - - - - - - - - - - - - - - - - - - -

Description

Stores package documents that are available to users on the machine, when packages are added and published. However, if a package is “global” at publishing time, the integrations are available to all users.

-

If a package is non-global, the integrations are published only for specific users, but there are still global resources that are modified and visible to anyone on the client computer (e.g., the package directory is in a shared disk location).

-

If a package is available to a user on the computer (global or non-global), the manifest is stored in the Machine Catalog. When a package is published globally, there is a Dynamic Configuration file, stored in the Machine Catalog; therefore, the determination of whether a package is global is defined according to whether there is a policy file (UserDeploymentConfiguration file) in the Machine Catalog.

Default storage location

%programdata%\Microsoft\AppV\Client\Catalog</code>

-

This location is not the same as the Package Store location. The Package Store is the golden or pristine copy of the package files.

Files in the machine catalog

    -

  • Manifest.xml

    • -

  • DeploymentConfiguration.xml

    • -

  • UserManifest.xml (Globally Published Package)

    • -

  • UserDeploymentConfiguration.xml (Globally Published Package)

    • -

Additional machine catalog location, used when the package is part of a connection group

The following location is in addition to the specific package location mentioned above:

-

%programdata%\Microsoft\AppV\Client\Catalog\PackageGroups\ConGroupGUID\ConGroupVerGUID

Additional files in the machine catalog when the package is part of a connection group

    -

  • PackageGroupDescriptor.xml

    • -

  • UserPackageGroupDescriptor.xml (globally published Connection Group)

    • -
- - - -### User catalog - - ---- - - - - - - - - - - - - - - - - - - - - - - -

Description

Created during the publishing process. Contains information used for publishing the package, and also used at launch to ensure that a package is provisioned to a specific user. Created in a roaming location and includes user-specific publishing information.

-

When a package is published for a user, the policy file is stored in the User Catalog. At the same time, a copy of the manifest is also stored in the User Catalog. When a package entitlement is removed for a user, the relevant package files are removed from the User Catalog. Looking at the user catalog, an administrator can view the presence of a Dynamic Configuration file, which indicates that the package is entitled for that user.

-

For roaming users, the User Catalog needs to be in a roaming or shared location to preserve the legacy App-V behavior of targeting users by default. Entitlement and policy are tied to a user, not a computer, so they should roam with the user once they are provisioned.

Default storage location

appdata\roaming\Microsoft\AppV\Client\Catalog\Packages\PkgGUID\VerGUID

Files in the user catalog

    -

  • UserManifest.xml

    • -

  • DynamicConfiguration.xml or UserDeploymentConfiguration.xml

    • -

Additional user catalog location, used when the package is part of a connection group

The following location is in addition to the specific package location mentioned above:

-

appdata\roaming\Microsoft\AppV\Client\Catalog\PackageGroups\PkgGroupGUID\PkgGroupVerGUID

Additional file in the machine catalog when the package is part of a connection group

UserPackageGroupDescriptor.xml

- - - -### Shortcut backups - -During the publishing process, the App-V Client backs up any shortcuts and integration points to `%AppData%\Microsoft\AppV\Client\Integration\ShortCutBackups.` This backup enables the restoration of these integration points to the previous versions when the package is unpublished. - -### Copy on Write files - -The Package Store contains a pristine copy of the package files that have been streamed from the publishing server. During normal operation of an App-V application, the user or service may require changes to the files. These changes are not made in the package store in order to preserve your ability to repair the application, which removes these changes. These locations, called Copy on Write (COW), support both roaming and non-roaming locations. The location where the modifications are stored depends where the application has been programmed to write changes to in a native experience. - -### COW roaming - -The COW Roaming location described above stores changes to files and directories that are targeted to the typical %AppData% location or \\Users\\{username}\\AppData\\Roaming location. These directories and files are then roamed based on the operating system settings. - -### COW local - -The COW Local location is similar to the roaming location, but the directories and files are not roamed to other computers, even if roaming support has been configured. The COW Local location described above stores changes applicable to typical windows and not the %AppData% location. The directories listed will vary but there will be two locations for any typical Windows locations (e.g. Common AppData and Common AppDataS). The **S** signifies the restricted location when the virtual service requests the change as a different elevated user from the logged on users. The non-**S** location stores user based changes. - -## Package registry - - -Before an application can access the package registry data, the App-V Client must make the package registry data available to the applications. The App-V Client uses the real registry as a backing store for all registry data. - -When a new package is added to the App-V Client, a copy of the REGISTRY.DAT file from the package is created at `%ProgramData%\Microsoft\AppV\Client\VREG\{Version GUID}.dat`. The name of the file is the version GUID with the .DAT extension. The reason this copy is made is to ensure that the actual hive file in the package is never in use, which would prevent the removal of the package at a later time. - - ----- - - - - - - - -

Registry.dat from Package Store

 > 

%ProgramData%\Microsoft\AppV\Client\Vreg{VersionGuid}.dat

- - - -When the first application from the package is launched on the client, the client stages or copies the contents out of the hive file, re-creating the package registry data in an alternate location `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Packages\PackageGuid\Versions\VersionGuid\REGISTRY`. The staged registry data has two distinct types of machine data and user data. Machine data is shared across all users on the machine. User data is staged for each user to a userspecific location `HKCU\Software\Microsoft\AppV\Client\Packages\PackageGuid\Registry\User`. The machine data is ultimately removed at package removal time, and the user data is removed on a user unpublish operation. - -### Package registry staging vs. connection group registry staging - -When connection groups are present, the previous process of staging the registry holds true, but instead of having one hive file to process, there are more than one. The files are processed in the order in which they appear in the connection group XML, with the first writer winning any conflicts. - -The staged registry persists the same way as in the single package case. Staged user registry data remains for the connection group until it is disabled; staged machine registry data is removed on connection group removal. - -### Virtual registry - -The purpose of the virtual registry (VREG) is to provide a single merged view of the package registry and the native registry to applications. It also provides copy-on-write (COW) functionality – that is any changes made to the registry from the context of a virtual process are made to a separate COW location. This means that the VREG must combine up to three separate registry locations into a single view based on the populated locations in the registry COW -> package -> native. When a request is made for a registry data it will locate in order until it finds the data it was requesting. Meaning if there is a value stored in a COW location it will not proceed to other locations, however, if there is no data in the COW location it will proceed to the Package and then Native location until it finds the appropriate data. - -### Registry locations - -There are two package registry locations and two connection group locations where the App-V Client stores registry information, depending on whether the Package is published individually or as part of a connection group. There are three COW locations for packages and three for connection groups, which are created and managed by the VREG. Settings for packages and connection groups are not shared: - -**Single Package VReg:** - - ---- - - - - - - - - - - - - - - - - - - -

Location

Description

COW

    -

  • Machine Registry\Client\Packages\PkgGUID\REGISTRY (Only elevate process can write)

    • -

  • User Registry\Client\Packages\PkgGUID\REGISTRY (User Roaming anything written under HKCU except Software\Classes

    • -

  • User Registry Classes\Client\Packages\PkgGUID\REGISTRY (HKCU\Software\Classes writes and HKLM for non elevated process)

    • -

Package

    -

  • Machine Registry\Client\Packages\PkgGUID\Versions\VerGuid\Registry\Machine

    • -

  • User Registry Classes\Client\Packages\PkgGUID\Versions\VerGUID\Registry

    • -

Native

    -

  • Native application registry location

    • -
- - - - - -**Connection Group VReg:** - - ---- - - - - - - - - - - - - - - - - - - -

Location

Description

COW

    -

  • Machine Registry\Client\PackageGroups\GrpGUID\REGISTRY (only elevate process can write)

    • -

  • User Registry\Client\PackageGroups\GrpGUID\REGISTRY (Anything written to HKCU except Software\Classes

    • -

  • User Registry Classes\Client\PackageGroups\GrpGUID\REGISTRY

    • -

Package

    -

  • Machine Registry\Client\PackageGroups\GrpGUID\Versions\VerGUID\REGISTRY

    • -

  • User Registry Classes\Client\PackageGroups\GrpGUID\Versions\VerGUID\REGISTRY

    • -

Native

    -

  • Native application registry location

    • -
- - - - - -There are two COW locations for HKLM; elevated and non-elevated processes. Elevated processes always write HKLM changes to the secure COW under HKLM. Non-elevated processes always write HKLM changes to the non-secure COW under HKCU\\Software\\Classes. When an application reads changes from HKLM, elevated processes will read changes from the secure COW under HKLM. Non-elevated reads from both, favoring the changes made in the unsecure COW first. - -### Pass-through keys - -Pass-through keys enable an administrator to configure certain keys so they can only be read from the native registry, bypassing the Package and COW locations. Pass-through locations are global to the machine (not package specific) and can be configured by adding the path to the key, which should be treated as pass-through to the **REG\_MULTI\_SZ** value called **PassThroughPaths** of the key `HKLM\Software\Microsoft\AppV\Subsystem\VirtualRegistry`. Any key that appears under this multi-string value (and their children) will be treated as pass-through. - -The following locations are configured as pass-through locations by default: - -- HKEY\_CURRENT\_USER\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel - -- HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel - -- HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WINEVT - -- HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\services\\eventlog\\Application - -- HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\WMI\\Autologger - -- HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings - -- HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Perflib - -- HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies - -- HKEY\_CURRENT\_USER\\SOFTWARE\\Policies - -The purpose of Pass-through keys is to ensure that a virtual application does not write registry data in the VReg that is required for non-virtual applications for successful operation or integration. The Policies key ensures that Group Policy based settings set by the administrator are utilized and not per package settings. The AppModel key is required for integration with Windows Modern UI based applications. It is recommend that administers do not modify any of the default pass-through keys, but in some instances, based on application behavior may require adding additional pass-through keys. - -## App-V package store behavior - - -App-V 5 manages the Package Store, which is the location where the expanded asset files from the appv file are stored. By default, this location is stored at %ProgramData%\\App-V, and is limited in terms of storage capabilities only by free disk space. The package store is organized by the GUIDs for the package and version as mentioned in the previous section. - -### Add packages - -App-V Packages are staged upon addition to the computer with the App-V Client. The App-V Client provides on-demand staging. During publishing or a manual Add-AppVClientPackage, the data structure is built in the package store (c:\\programdata\\App-V\\{PkgGUID}\\{VerGUID}). The package files identified in the publishing block defined in the StreamMap.xml are added to the system and the top level folders and child files staged to ensure proper application assets exist at launch. - -### Mounting packages - -Packages can be explicitly loaded using the PowerShell `Mount-AppVClientPackage` or by using the **App-V Client UI** to download a package. This operation completely loads the entire package into the package store. - -### Streaming packages - -The App-V Client can be configured to change the default behavior of streaming. All streaming policies are stored under the following registry key: `HKEY_LOCAL_MAcHINE\Software\Microsoft\AppV\Client\Streaming`. Policies are set using the PowerShell cmdlet `Set-AppvClientConfiguration`. The following policies apply to Streaming: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PolicyDescription

AllowHighCostLaunch

On Windows 8 and later, it allows streaming over 3G and cellular networks

AutoLoad

Specifies the Background Load setting:

-

0 - Disabled

-

1 – Previously Used Packages only

-

2 – All Packages

PackageInstallationRoot

The root folder for the package store in the local machine

PackageSourceRoot

The root override where packages should be streamed from

SharedContentStoreMode

Enables the use of Shared Content Store for VDI scenarios

- - - - - -These settings affect the behavior of streaming App-V package assets to the client. By default, App-V only downloads the assets required after downloading the initial publishing and primary feature blocks. There are three specific behaviors around streaming packages that must be explained: - -- Background Streaming - -- Optimized Streaming - -- Stream Faults - -### Background streaming - -The PowerShell cmdlet `Get-AppvClientConfiguration` can be used to determine the current mode for background streaming with the AutoLoad setting and modified with the cmdlet Set-AppvClientConfiguration or from the registry (HKLM\\SOFTWARE\\Microsoft\\AppV\\ClientStreaming key). Background streaming is a default setting where the Autoload setting is set to download previously used packages. The behavior based on default setting (value=1) downloads App-V data blocks in the background after the application has been launched. This setting can be disabled all together (value=0) or enabled for all packages (value=2), whether they have been launched. - -### Optimized streaming - -App-V packages can be configured with a primary feature block during sequencing. This setting allows the sequencing engineer to monitor launch files for a specific application, or applications, and mark the blocks of data in the App-V package for streaming at first launch of any application in the package. - -### Stream faults - -After the initial stream of any publishing data and the primary feature block, requests for additional files perform stream faults. These blocks of data are downloaded to the package store on an as-needed basis. This allows a user to download only a small part of the package, typically enough to launch the package and run normal tasks. All other blocks are downloaded when a user initiates an operation that requires data not currently in the package store. - -For more information on App-V Package streaming visit: . - -Sequencing for streaming optimization is available at: . - -### Package upgrades - -App-V Packages require updating throughout the lifecycle of the application. App-V Package upgrades are similar to the package publish operation, as each version will be created in its own PackageRoot location: `%ProgramData%\App-V\{PkgGUID}\{newVerGUID}`. The upgrade operation is optimized by creating hard links to identical- and streamed-files from other versions of the same package. - -### Package removal - -The behavior of the App-V Client when packages are removed depends on the method used for removal. Using an App-V full infrastructure to unpublish the application, the user catalog files (machine catalog for globally published applications) are removed, but retains the package store location and COW locations. When the PowerShell cmdlet `Remove-AppVClientPackge` is used to remove an App-V Package, the package store location is cleaned. Remember that unpublishing an App-V Package from the Management Server does not perform a Remove operation. Neither operation will remove the Package Store package files. - -## Roaming registry and data - - -App-V 5 is able to provide a near-native experience when roaming, depending on how the application being used is written. By default, App-V roams AppData that is stored in the roaming location, based on the roaming configuration of the operating system. Other locations for storage of file-based data do not roam from computer to computer, since they are in locations that are not roamed. - -### Roaming requirements and user catalog data storage - -App-V stores data, which represents the state of the user’s catalog, in the form of: - -- Files under %appdata%\\Microsoft\\AppV\\Client\\Catalog - -- Registry settings under `HKEY_CURRENT_USER\Software\Microsoft\AppV\Client\Packages` - -Together, these files and registry settings represent the user’s catalog, so either both must be roamed, or neither must be roamed for a given user. App-V does not support roaming %AppData%, but not roaming the user’s profile (registry), or vice versa. - -**Note**   -The **Repair-AppvClientPackage** cmdlet does not repair the publishing state of packages, where the user’s App-V state under `HKEY_CURRENT_USER` is missing or mismatched with the data in %appdata%. - - - -### Registry-based data - -App-V registry roaming falls into two scenarios, as shown in the following table. - - ---- - - - - - - - - - - - - - - - - -
ScenarioDescription

Applications that are run as standard users

When a standard user launches an App-V application, both HKLM and HKCU for App-V applications are stored in the HKCU hive on the machine. This presents as two distinct paths:

-
    -

  • HKLM: HKCU\SOFTWARE\Classes\AppV\Client\Packages{PkgGUID}\REGISTRY\MACHINE\SOFTWARE

    • -

  • HKCU: HKCU\SOFTWARE\Microsoft\AppV\Client\Packages{PkgGUID}\REGISTRY\USER{UserSID}\SOFTWARE

    • -
-

The locations are enabled for roaming based on the operating system settings.

Applications that are run with elevation

When an application is launched with elevation:

-
    -

  • HKLM data is stored in the HKLM hive on the local computer

    • -

  • HKCU data is stored in the User Registry location

    • -
-

In this scenario, these settings are not roamed with normal operating system roaming configurations, and the resulting registry keys and values are stored in the following location:

-
    -

  • HKLM\SOFTWARE\Microsoft\AppV\Client\Packages{PkgGUID}{UserSID}\REGISTRY\MACHINE\SOFTWARE

    • -

  • HKCU\SOFTWARE\Microsoft\AppV\Client\Packages{PkgGUID}\Registry\User{UserSID}\SOFTWARE

    • -
- - - -### App-V and folder redirection - -App-V 5.1 supports folder redirection of the roaming AppData folder (%AppData%). When the virtual environment is started, the roaming AppData state from the user’s roaming AppData directory is copied to the local cache. Conversely, when the virtual environment is shut down, the local cache that is associated with a specific user’s roaming AppData is transferred to the actual location of that user’s roaming AppData directory. - -A typical package has several locations mapped in the user’s backing store for settings in both AppData\\Local and AppData\\Roaming. These locations are the Copy on Write locations that are stored per user in the user’s profile, and that are used to store changes made to the package VFS directories and to protect the default package VFS. - -The following table shows local and roaming locations, when folder redirection has not been implemented. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
VFS directory in packageMapped location of backing store

ProgramFilesX86

C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\ProgramFilesX86

SystemX86

C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\SystemX86

Windows

C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\Windows

appv_ROOT

C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\appv_ROOT

AppData

C:\users\jsmith\AppData<strong>Roaming\Microsoft\AppV\Client\VFS&lt;GUID>\AppData

- - - - - -The following table shows local and roaming locations, when folder redirection has been implemented for %AppData%, and the location has been redirected (typically to a network location). - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
VFS directory in packageMapped location of backing store

ProgramFilesX86

C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\ProgramFilesX86

SystemX86

C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\SystemX86

Windows

C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\Windows

appv_ROOT

C:\users\jsmith\AppData<strong>Local\Microsoft\AppV\Client\VFS&lt;GUID>\appv_ROOT

AppData

\Fileserver\users\jsmith\roaming\Microsoft\AppV\Client\VFS&lt;GUID>\AppData

- - - - - -The current App-V Client VFS driver cannot write to network locations, so the App-V Client detects the presence of folder redirection and copies the data on the local drive during publishing and when the virtual environment starts. After the user closes the App-V application and the App-V Client closes the virtual environment, the local storage of the VFS AppData is copied back to the network, enabling roaming to additional machines, where the process will be repeated. The detailed steps of the processes are: - -1. During publishing or virtual environment startup, the App-V Client detects the location of the AppData directory. - -2. If the roaming AppData path is local or ino AppData\\Roaming location is mapped, nothing happens. - -3. If the roaming AppData path is not local, the VFS AppData directory is mapped to the local AppData directory. - -This process solves the problem of a non-local %AppData% that is not supported by the App-V Client VFS driver. However, the data stored in this new location is not roamed with folder redirection. All changes during the running of the application happen to the local AppData location and must be copied to the redirected location. The detailed steps of this process are: - -1. App-V application is shut down, which shuts down the virtual environment. - -2. The local cache of the roaming AppData location is compressed and stored in a ZIP file. - -3. A timestamp at the end of the ZIP packaging process is used to name the file. - -4. The timestamp is recorded in the registry: HKEY\_CURRENT\_USER\\Software\\Microsoft\\AppV\\Client\\Packages\\<GUID>\\AppDataTime as the last known AppData timestamp. - -5. The folder redirection process is called to evaluate and initiate the ZIP file uploaded to the roaming AppData directory. - -The timestamp is used to determine a “last writer wins” scenario if there is a conflict and is used to optimize the download of the data when the App-V application is published or the virtual environment is started. Folder redirection will make the data available from any other clients covered by the supporting policy and will initiate the process of storing the AppData\\Roaming data to the local AppData location on the client. The detailed processes are: - -1. The user starts the virtual environment by starting an application. - -2. The application’s virtual environment checks for the most recent time stamped ZIP file, if present. - -3. The registry is checked for the last known uploaded timestamp, if present. - -4. The most recent ZIP file is downloaded unless the local last known upload timestamp is greater than or equal to the timestamp from the ZIP file. - -5. If the local last known upload timestamp is earlier than that of the most recent ZIP file in the roaming AppData location, the ZIP file is extracted to the local temp directory in the user’s profile. - -6. After the ZIP file is successfully extracted, the local cache of the roaming AppData directory is renamed and the new data is moved into place. - -7. The renamed directory is deleted and the application opens with the most recently saved roaming AppData data. - -This completes the successful roaming of application settings that are present in AppData\\Roaming locations. The only other condition that must be addressed is a package repair operation. The details of the process are: - -1. During repair, detect if the path to the user’s roaming AppData directory is not local. - -2. Map the non-local roaming AppData path targets are recreated the expected roaming and local AppData locations. - -3. Delete the timestamp stored in the registry, if present. - -This process will re-create both the local and network locations for AppData and remove the registry record of the timestamp. - -## App-V client application lifecycle management - - -In an App-V Full Infrastructure, after applications are sequenced they are managed and published to users or computers via the App-V Management and Publishing servers. This section details the operations that occur during the common App-V application lifecycle operations (Add, publishing, launch, upgrade, and removal) and the file and registry locations that are changed and modified from the App-V Client perspective. The App-V Client operations are performed as a series of PowerShell commands initiated on the computer running the App-V Client. - -This document focuses on App-V Full Infrastructure solutions. For specific information on App-V Integration with Configuration Manager 2012 visit: . - -The App-V application lifecycle tasks are triggered at user login (default), machine startup, or as background timed operations. The settings for the App-V Client operations, including Publishing Servers, refresh intervals, package script enablement, and others, are configured during setup of the client or post-setup with PowerShell commands. See the How to Deploy the Client section on TechNet at: [How to Deploy the App-V Client](how-to-deploy-the-app-v-client-51gb18030.md) or utilize the PowerShell: - -```powershell -get-command *appv* -``` - -### Publishing refresh - -The publishing refresh process is comprised of several smaller operations that are performed on the App-V Client. Since App-V is an application virtualization technology and not a task scheduling technology, the Windows Task Scheduler is utilized to enable the process at user logon, machine startup, and at scheduled intervals. The configuration of the client during setup listed above is the preferred method when distributing the client to a large group of computers with the correct settings. These client settings can be configured with the following PowerShell cmdlets: - -- **Add-AppVPublishingServer:** Configures the client with an App-V Publishing Server that provides App-V packages. - -- **Set-AppVPublishingServer:** Modifies the current settings for the App-V Publishing Server. - -- **Set-AppVClientConfiguration:** Modifies the currents settings for the App-V Client. - -- **Sync-AppVPublishingServer:** Initiates an App-V Publishing Refresh process manually. This is also utilized in the scheduled tasks created during configuration of the publishing server. - -The focus of the following sections is to detail the operations that occur during different phases of an App-V Publishing Refresh. The topics include: - -- Adding an App-V Package - -- Publishing an App-V Package - -### Adding an App-V package - -Adding an App-V package to the client is the first step of the publishing refresh process. The end result is the same as the `Add-AppVClientPackage` cmdlet in PowerShell, except during the publishing refresh add process, the configured publishing server is contacted and passes a high-level list of applications back to the client to pull more detailed information and not a single package add operation. The process continues by configuring the client for package or connection group additions or updates, then accesses the appv file. Next, the contents of the appv file are expanded and placed on the local operating system in the appropriate locations. The following is a detailed workflow of the process, assuming the package is configured for Fault Streaming. - -**How to add an App-V package** - -1. Manual initiation via PowerShell or Task Sequence initiation of the Publishing Refresh process. - - 1. The App-V Client makes an HTTP connection and requests a list of applications based on the target. The Publishing refresh process supports targeting machines or users. - - 2. The App-V Publishing Server uses the identity of the initiating target, user or machine, and queries the database for a list of entitled applications. The list of applications is provided as an XML response, which the client uses to send additional requests to the server for more information on a per package basis. - -2. The Publishing Agent on the App-V Client performs all actions below serialized. - - Evaluate any connection groups that are unpublished or disabled, since package version updates that are part of the connection group cannot be processed. - -3. Configure the packages by identifying an Add or Update operations. - - 1. The App-V Client utilizes the AppX API from Windows and accesses the appv file from the publishing server. - - 2. The package file is opened and the AppXManifest.xml and StreamMap.xml are downloaded to the Package Store. - - 3. Completely stream publishing block data defined in the StreamMap.xml. Stores the publishing block data in the Package Store\\PkgGUID\\VerGUID\\Root. - - - Icons: Targets of extension points. - - - Portable Executable Headers (PE Headers): Targets of extension points that contain the base information about the image need on disk, directly accessed or via file types. - - - Scripts: Download scripts directory for use throughout the publishing process. - - 4. Populate the Package store: - - 1. Create sparse files on disk that represent the extracted package for any directories listed. - - 2. Stage top level files and directories under root. - - 3. All other files are created when the directory is listed as sparse on disk and streamed on demand. - - 5. Create the machine catalog entries. Create the Manifest.xml and DeploymentConfiguration.xml from the package files (if no DeploymentConfiguration.xml file in the package a placeholder is created). - - 6. Create location of the package store in the registry HKLM\\Software\\Microsoft\\AppV\\Client\\Packages\\PkgGUID\\Versions\\VerGUID\\Catalog - - 7. Create the Registry.dat file from the package store to %ProgramData%\\Microsoft\\AppV\\Client\\VReg\\{VersionGUID}.dat - - 8. Register the package with the App-V Kernel Mode Driver HKLM\\Microsoft\\Software\\AppV\\MAV - - 9. Invoke scripting from the AppxManifest.xml or DeploymentConfig.xml file for Package Add timing. - -4. Configure Connection Groups by adding and enabling or disabling. - -5. Remove objects that are not published to the target (user or machine). - - **Note**   - This will not perform a package deletion but rather remove integration points for the specific target (user or machine) and remove user catalog files (machine catalog files for globally published). - - - -6. Invoke background load mounting based on client configuration. - -7. Packages that already have publishing information for the machine or user are immediately restored. - - **Note**   - This condition occurs as a product of removal without unpublishing with background addition of the package. - - - -This completes an App-V package add of the publishing refresh process. The next step is publishing the package to the specific target (machine or user). - -![package add file and registry data](images/packageaddfileandregistrydata.png) - -### Publishing an App-V package - -During the Publishing Refresh operation, the specific publishing operation (Publish-AppVClientPackage) adds entries to the user catalog, maps entitlement to the user, identifies the local store, and finishes by completing any integration steps. The following are the detailed steps. - -**How to publish and App-V package** - -1. Package entries are added to the user catalog - - 1. User targeted packages: the UserDeploymentConfiguration.xml and UserManifest.xml are placed on the machine in the User Catalog - - 2. Machine targeted (global) packages: the UserDeploymentConfiguration.xml is placed in the Machine Catalog - -2. Register the package with the kernel mode driver for the user at HKLM\\Software\\Microsoft\\AppV\\MAV - -3. Perform integration tasks. - - 1. Create extension points. - - 2. Store backup information in the user’s registry and roaming profile (Shortcut Backups). - - **Note**   - This enables restore extension points if the package is unpublished. - - - - 3. Run scripts targeted for publishing timing. - -Publishing an App-V Package that is part of a Connection Group is very similar to the above process. For connection groups, the path that stores the specific catalog information includes PackageGroups as a child of the Catalog Directory. Review the machine and users catalog information above for details. - -![package add file and registry data - global](images/packageaddfileandregistrydata-global.png) - -### Application launch - -After the Publishing Refresh process, the user launches and subsequently re-launches an App-V application. The process is very simple and optimized to launch quickly with a minimum of network traffic. The App-V Client checks the path to the user catalog for files created during publishing. After rights to launch the package are established, the App-V Client creates a virtual environment, begins streaming any necessary data, and applies the appropriate manifest and deployment configuration files during virtual environment creation. With the virtual environment created and configured for the specific package and application, the application starts. - -**How to launch App-V applications** - -1. User launches the application by clicking on a shortcut or file type invocation. - -2. The App-V Client verifies existence in the User Catalog for the following files - - - UserDeploymentConfiguration.xml - - - UserManifest.xml - -3. If the files are present, the application is entitled for that specific user and the application will start the process for launch. There is no network traffic at this point. - -4. Next, the App-V Client checks that the path for the package registered for the App-V Client service is found in the registry. - -5. Upon finding the path to the package store, the virtual environment is created. If this is the first launch, the Primary Feature Block downloads if present. - -6. After downloading, the App-V Client service consumes the manifest and deployment configuration files to configure the virtual environment and all App-V subsystems are loaded. - -7. The Application launches. For any missing files in the package store (sparse files), App-V will stream fault the files on an as needed basis. - - ![package add file and registry data - stream](images/packageaddfileandregistrydata-stream.png) - -### Upgrading an App-V package - -The App-V 5 package upgrade process differs from the older versions of App-V. App-V supports multiple versions of the same package on a machine entitled to different users. Package versions can be added at any time as the package store and catalogs are updated with the new resources. The only process specific to the addition of new version resources is storage optimization. During an upgrade, only the new files are added to the new version store location and hard links are created for unchanged files. This reduces the overall storage by only presenting the file on one disk location and then projecting it into all folders with a file location entry on the disk. The specific details of upgrading an App-V Package are as follows: - -**How to upgrade an App-V package** - -1. The App-V Client performs a Publishing Refresh and discovers a newer version of an App-V Package. - -2. Package entries are added to the appropriate catalog for the new version - - 1. User targeted packages: the UserDeploymentConfiguration.xml and UserManifest.xml are placed on the machine in the user catalog at appdata\\roaming\\Microsoft\\AppV\\Client\\Catalog\\Packages\\PkgGUID\\VerGUID - - 2. Machine targeted (global) packages: the UserDeploymentConfiguration.xml is placed in the machine catalog at %programdata%\\Microsoft\\AppV\\Client\\Catalog\\Packages\\PkgGUID\\VerGUID - -3. Register the package with the kernel mode driver for the user at HKLM\\Software\\Microsoft\\AppV\\MAV - -4. Perform integration tasks. - - - Integrate extensions points (EP) from the Manifest and Dynamic Configuration files. - - 1. File based EP data is stored in the AppData folder utilizing Junction Points from the package store. - - 2. Version 1 EPs already exist when a new version becomes available. - - 3. The extension points are switched to the Version 2 location in machine or user catalogs for any newer or updated extension points. - -5. Run scripts targeted for publishing timing. - -6. Install Side by Side assemblies as required. - -### Upgrading an in-use App-V package - -**Starting in App-V 5 SP2**: If you try to upgrade a package that is in use by an end user, the upgrade task is placed in a pending state. The upgrade will run later, according to the following rules: - - ---- - - - - - - - - - - - - - - - - -
Task typeApplicable rule

User-based task, e.g., publishing a package to a user

The pending task will be performed after the user logs off and then logs back on.

Globally based task, e.g., enabling a connection group globally

The pending task will be performed when the computer is shut down and then restarted.

- - - -When a task is placed in a pending state, the App-V client also generates a registry key for the pending task, as follows: - - ---- - - - - - - - - - - - - - - - - -
User-based or globally based taskWhere the registry key is generated

User-based tasks

KEY_CURRENT_USER\Software\Microsoft\AppV\Client\PendingTasks

Globally based tasks

HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\PendingTasks

- - - -The following operations must be completed before users can use the newer version of the package: - - ---- - - - - - - - - - - - - - - - - -
TaskDetails

Add the package to the computer

This task is computer specific and you can perform it at any time by completing the steps in the Package Add section above.

Publish the package

See the Package Publishing section above for steps. This process requires that you update extension points on the system. End users cannot be using the application when you complete this task.

- - - -Use the following example scenarios as a guide for updating packages. - - ---- - - - - - - - - - - - - - - - - -
ScenarioRequirements

App-V package is not in use when you try to upgrade

None of the following components of the package can be in use: virtual application, COM server, or shell extensions.

-

The administrator publishes a newer version of the package and the upgrade works the next time a component or application inside the package is launched. The new version of the package is streamed and run. Nothing has changed in this scenario in App-V 5 SP2 from previous releases of App-V 5.

App-V package is in use when the administrator publishes a newer version of the package

The upgrade operation is set to pending by the App-V Client, which means that it is queued and carried out later when the package is not in use.

-

If the package application is in use, the user shuts down the virtual application, after which the upgrade can occur.

-

If the package has shell extensions (Office 2013), which are permanently loaded by Windows Explorer, the user cannot be logged in. Users must log off and the log back in to initiate the App-V package upgrade.

- - - -### Global vs user publishing - -App-V Packages can be published in one of two ways; User which entitles an App-V package to a specific user or group of users and Global which entitles the App-V package to the entire machine for all users of the machine. Once a package upgrade has been pended and the App-V package is not in use, consider the two types of publishing: - -- **Globally published**: the application is published to a machine; all users on that machine can use it. The upgrade will happen when the App-V Client Service starts, which effectively means a machine restart. - -- **User published**: the application is published to a user. If there are multiple users on the machine, the application can be published to a subset of the users. The upgrade will happen when the user logs in or when it is published again (periodically, ConfigMgr Policy refresh and evaluation, or an App-V periodic publishing/refresh, or explicitly via PowerShell commands). - -### Removing an App-V package - -Removing App-V applications in a Full Infrastructure is an unpublish operation, and does not perform a package removal. The process is the same as the publish process above, but instead of adding the removal process reverses the changes that have been made for App-V Packages. - -### Repairing an App-V package - -The repair operation is very simple but may affect many locations on the machine. The previously mentioned Copy on Write (COW) locations are removed, and extension points are de-integrated and then re-integrated. Please review the COW data placement locations by reviewing where they are registered in the registry. This operation is done automatically and there is no administrative control other than initiating a Repair operation from the App-V Client Console or via PowerShell (Repair-AppVClientPackage). - -## Integration of App-V packages - - -The App-V Client and package architecture provides specific integration with the local operating system during the addition and publishing of packages. Three files define the integration or extension points for an App-V Package: - -- AppXManifest.xml: Stored inside of the package with fallback copies stored in the package store and the user profile. Contains the options created during the sequencing process. - -- DeploymentConfig.xml: Provides configuration information of computer and user based integration extension points. - -- UserConfig.xml: A subset of the Deploymentconfig.xml that only provides user- based configurations and only targets user-based extension points. - -### Rules of integration - -When App-V applications are published to a computer with the App-V Client, some specific actions take place as described in the list below: - -- Global Publishing: Shortcuts are stored in the All Users profile location and other extension points are stored in the registry in the HKLM hive. - -- User Publishing: Shortcuts are stored in the current user account profile and other extension points are stored in the registry in the HKCU hive. - -- Backup and Restore: Existing native application data and registry (such as FTA registrations) are backed up during publishing. - - 1. App-V packages are given ownership based on the last integrated package where the ownership is passed to the newest published App-V application. - - 2. Ownership transfers from one App-V package to another when the owning App-V package is unpublished. This will not initiate a restore of the data or registry. - - 3. Restore the backed up data when the last package is unpublished or removed on a per extension point basis. - -### Extension points - -The App-V publishing files (manifest and dynamic configuration) provide several extension points that enable the application to integrate with the local operating system. These extension points perform typical application installation tasks, such as placing shortcuts, creating file type associations, and registering components. As these are virtualized applications that are not installed in the same manner a traditional application, there are some differences. The following is a list of extension points covered in this section: - -- Shortcuts - -- File Type Associations - -- Shell Extensions - -- COM - -- Software Clients - -- Application capabilities - -- URL Protocol Handler - -- AppPath - -- Virtual Application - -### Shortcuts - -The short cut is one of the basic elements of integration with the OS and is the interface for direct user launch of an App-V application. During the publishing and unpublishing of App-V applications. - -From the package manifest and dynamic configuration XML files, the path to a specific application executable can be found in a section similar to the following: - -```xml - - - [{Common Desktop}]\Adobe Reader 9.lnk - [{AppVPackageRoot}]\Reader\AcroRd32.exe - [{Windows}]\Installer\{AC76BA86-7AD7-1033-7B44-A94000000001}\SC_Reader.ico - - - 1 - [{AppVPackageRoot}]\Reader\AcroRd32.exe - - -``` - -As mentioned previously, the App-V shortcuts are placed by default in the user’s profile based on the refresh operation. Global refresh places shortcuts in the All Users profile and user refresh stores them in the specific user’s profile. The actual executable is stored in the Package Store. The location of the ICO file is a tokenized location in the App-V package. - -### File type associations - -The App-V Client manages the local operating system File Type Associations during publishing, which enables users to use file type invocations or to open a file with a specifically registered extension (.docx) to start an App-V application. File type associations are present in the manifest and dynamic configuration files as represented in the example below: - -```xml - - - - .xdp - AcroExch.XDPDoc - application/vnd.adobe.xdp+xml - - - AcroExch.XDPDoc - Adobe Acrobat XML Data Package File - 65536 - [{Windows}]\Installer\{AC76BA86-7AD7-1033-7B44-A94000000001}\XDPFile_8.ico - - Read - - [{AppVPackageRoot}]\Reader\AcroRd32.exe - Open - "[{AppVPackageRoot}]\Reader\AcroRd32.exe" "%1" - - - [{AppVPackageRoot}]\Reader\AcroRd32.exe - Printto - "[{AppVPackageRoot}]\Reader\AcroRd32.exe" /t "%1" "%2" "%3" "%4" - - - [{AppVPackageRoot}]\Reader\AcroRd32.exe - Read - Open with Adobe Reader 9 - "[{AppVPackageRoot}]\Reader\AcroRd32.exe" "%1" - - - - - -``` - -**Note**   -In this example: - -- `.xdp` is the extension - -- `AcroExch.XDPDoc` is the ProgId value (which points to the adjoining ProgId) - -- `"[{AppVPackageRoot}]\Reader\AcroRd32.exe" "%1"` is the command line, which points to the application executable - - - -### Shell extensions - -Shell extensions are embedded in the package automatically during the sequencing process. When the package is published globally, the shell extension gives users the same functionality as if the application were locally installed. The application requires no additional setup or configuration on the client to enable the shell extension functionality. - -**Requirements for using shell extensions:** - -- Packages that contain embedded shell extensions must be published globally. - -- The “bitness” of the application, Sequencer, and App-V client must match, or the shell extensions won’t work. For example: - - - The version of the application is 64-bit. - - - The Sequencer is running on a 64-bit computer. - - - The package is being delivered to a 64-bit App-V client computer. - -The following table displays the supported shell extensions. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
HandlerDescription

Context menu handler

Adds menu items to the context menu. It is called before the context menu is displayed.

Drag-and-drop handler

Controls the action upon right-click drag-and-drop and modifies the context menu that appears.

Drop target handler

Controls the action after a data object is dragged-and-dropped over a drop target such as a file.

Data object handler

Controls the action after a file is copied to the clipboard or dragged-and-dropped over a drop target. It can provide additional clipboard formats to the drop target.

Property sheet handler

Replaces or adds pages to the property sheet dialog box of an object.

Infotip handler

Allows retrieving flags and infotip information for an item and displaying it inside a popup tooltip upon mouse- hover.

Column handler

Allows creating and displaying custom columns in Windows Explorer Details view. It can be used to extend sorting and grouping.

Preview handler

Enables a preview of a file to be displayed in the Windows Explorer Preview Pane.

- - - -### COM - -The App-V Client supports publishing applications with support for COM integration and virtualization. COM integration allows the App-V Client to register COM objects on the local operating system and virtualization of the objects. For the purposes of this document, the integration of COM objects requires additional detail. - -App-V supports registering COM objects from the package to the local operating system with two process types: Out-of-process and in-process. Registering COM objects is accomplished with one or a combination of multiple modes of operation for a specific App-V package that includes off, Isolated, and Integrated. The integrated mode is configured for either the out-of-process or in-process type. Configuration of COM modes and types is accomplished with dynamic configuration files (deploymentconfig.xml or userconfig.xml). - -Details on App-V integration are available at: . - -### Software clients and application capabilities - -App-V supports specific software clients and application capabilities extension points that enable virtualized applications to be registered with the software client of the operating system. This enables users to select default programs for operations like email, instant messaging, and media player. This operation is performed in the control panel with the Set Program Access and Computer Defaults, and configured during sequencing in the manifest or dynamic configuration files. Application capabilities are only supported when the App-V applications are published globally. - -Example of software client registration of an App-V based mail client. - -```xml - - - - - - - Mozilla Thunderbird - Mozilla Thunderbird - [{ProgramFilesX86}]\Mozilla Thunderbird\thunderbird.exe,0 - - - "[{ProgramFilesX86}]\Mozilla Thunderbird\uninstall\helper.exe" /SetAsDefaultAppGlobal - "[{ProgramFilesX86}]\Mozilla Thunderbird\uninstall\helper.exe" /HideShortcuts - "[{ProgramFilesX86}]\Mozilla Thunderbird\uninstall\helper.exe" /ShowShortcuts - - 1 - - - - [{ProgramFilesX86}]\Mozilla Thunderbird\thunderbird.exe - "[{ProgramFilesX86}]\Mozilla Thunderbird\thunderbird.exe" -mail - - [{ProgramFilesX86}]\Mozilla Thunderbird\mozMapi32_InUse.dll - - Thunderbird URL - 2 - [{ProgramFilesX86}]\Mozilla Thunderbird\thunderbird.exe,0 - - [{ProgramFilesX86}]\Mozilla Thunderbird\thunderbird.exe - "[{ProgramFilesX86}]\Mozilla Thunderbird\thunderbird.exe" -osint -compose "%1" - - - - - - - -``` - -**Note**   -In this example: - -- `` is the overall Software Clients setting to integrate Email clients - -- `` is the flag to set a particular Email client as the default Email client - -- `[{ProgramFilesX86}]\Mozilla Thunderbird\mozMapi32_InUse.dll` is the MAPI dll registration - - - -### URL Protocol handler - -Applications do not always specifically called virtualized applications utilizing file type invocation. For, example, in an application that supports embedding a mailto: link inside a document or web page, the user clicks on a mailto: link and expects to get their registered mail client. App-V supports URL Protocol handlers that can be registered on a per-package basis with the local operating system. During sequencing, the URL protocol handlers are automatically added to the package. - -For situations where there is more than one application that could register the specific URL Protocol handler, the dynamic configuration files can be utilized to modify the behavior and suppress or disable this feature for an application that should not be the primary application launched. - -### AppPath - -The AppPath extension point supports calling App-V applications directly from the operating system. This is typically accomplished from the Run or Start Screen, depending on the operating system, which enables administrators to provide access to App-V applications from operating system commands or scripts without calling the specific path to the executable. It therefore avoids modifying the system path environment variable on all systems, as it is accomplished during publishing. - -The AppPath extension point is configured either in the manifest or in the dynamic configuration files and is stored in the registry on the local machine during publishing for the user. For additional information on AppPath review: . - -### Virtual application - -This subsystem provides a list of applications captured during sequencing which is usually consumed by other App-V components. Integration of extension points belonging to a particular application can be disabled using dynamic configuration files. For example, if a package contains two applications, it is possible to disable all extension points belonging to one application, in order to allow only integration of extension points of other application. - -### Extension point rules - -The extension points described above are integrated into the operating system based on how the packages has been published. Global publishing places extension points in public machine locations, where user publishing places extension points in user locations. For example a shortcut that is created on the desktop and published globally will result in the file data for the shortcut (%Public%\\Desktop) and the registry data (HKLM\\Software\\Classes). The same shortcut would have file data (%UserProfile%\\Desktop) and registry data (HKCU\\Software\\Classes). - -Extension points are not all published the same way, where some extension points will require global publishing and others require sequencing on the specific operating system and architecture where they are delivered. Below is a table that describes these two key rules. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Virtual ExtensionRequires target OS SequencingRequires Global Publishing

Shortcut

File Type Association

URL Protocols

X

AppPaths

X

COM Mode

Software Client

X

Application Capabilities

X

X

Context Menu Handler

X

X

Drag-and-drop Handler

X

Data Object Handler

X

Property Sheet Handler

X

Infotip Handler

X

Column Handler

X

Shell Extensions

X

Browser Helper Object

X

X

Active X Object

X

X

- - - -## Dynamic configuration processing - - -Deploying App-V packages to one machine or user is very simple. However, as organizations deploy AppV applications across business lines and geographic and political boundaries, the ability to sequence an application one time with one set of settings becomes impossible. App-V was designed for this scenario, as it captures specific settings and configurations during sequencing in the Manifest file, but also supports modification with Dynamic Configuration files. - -App-V dynamic configuration allows for specifying a policy for a package either at the machine level or at the user level. The Dynamic Configuration files enable sequencing engineers to modify the configuration of a package, post-sequencing, to address the needs of individual groups of users or machines. In some instances it may be necessary to make modifications to the application to provide proper functionality within the App-V environment. For example, it may be necessary to make modifications to the \_\*config.xml files to allow certain actions to be performed at a specified time during the execution of the application, like disabling a mailto extension to prevent a virtualized application from overwriting that extension from another application. - -App-V Packages contain the Manifest file inside of the appv package file, which is representative of sequencing operations and is the policy of choice unless Dynamic Configuration files are assigned to a specific package. Post-sequencing, the Dynamic Configuration files can be modified to allow the publishing of an application to different desktops or users with different extension points. The two Dynamic Configuration Files are the Dynamic Deployment Configuration (DDC) and Dynamic User Configuration (DUC) files. This section focuses on the combination of the manifest and dynamic configuration files. - -### Example for dynamic configuration files - -The example below shows the combination of the Manifest, Deployment Configuration and User Configuration files after publishing and during normal operation. These examples are abbreviated examples of each of the files. The purpose is show the combination of the files only and not to be a complete description of the specific categories available in each of the files. For more information review the App-V 5 Sequencing Guide at: - -**Manifest** - -```xml - - - [{Common Programs}]\7-Zip\7-Zip File Manager.lnk - [{AppVPackageRoot}]\7zFM.exe - [{AppVPackageRoot}]\7zFM exe.O.ico - - -``` - -**Deployment Configuration** - -```xml - - - - - - - - - - -``` - -**User Configuration** - -```xml - - - - - [{Desktop}]\7-Zip\7-Zip File Manager.lnk - [{AppVPackageRoot}]\7zFM.exe - [{AppVPackageRoot}]\7zFM exe.O.ico - - - - - - - - [{Desktop}]\7-Zip\7-Zip File Manager.lnk - [{AppVPackageRoot}]\7zFM.exe - [{AppVPackageRoot}]\7zFM.exe.O.ico - - - [{Common Programs}]\7-Zip\7-Zip File Manager.Ink - [{AppVPackageRoot}]\7zFM.exe - [{AppVPackageRoot)]\7zFM.exe.O.ico - - - - - - - - - - - - -``` - -## Side-by-side assemblies - - -App-V supports the automatic packaging of side-by-side (SxS) assemblies during sequencing and deployment on the client during virtual application publishing. App-V 5 SP2 supports capturing SxS assemblies during sequencing for assemblies not present on the sequencing machine. And for assemblies consisting of Visual C++ (Version 8 and newer) and/or MSXML run-time, the Sequencer will automatically detect and capture these dependencies even if they were not installed during monitoring. The Side by Side assemblies feature removes the limitations of previous versions of App-V, where the App-V Sequencer did not capture assemblies already present on the sequencing workstation, and privatizing the assemblies which limited to one bit version per package. This behavior resulted in deployed App-V applications to clients missing the required SxS assemblies, causing application launch failures. This forced the packaging process to document and then ensure that all assemblies required for packages were locally installed on the user’s client operating system to ensure support for the virtual applications. Based on the number of assemblies and the lack of application documentation for the required dependencies, this task was both a management and implementation challenge. - -Side by Side Assembly support in App-V has the following features. - -- Automatic captures of SxS assembly during Sequencing, regardless of whether the assembly was already installed on the sequencing workstation. - -- The App-V Client automatically installs required SxS assemblies to the client computer at publishing time when they are not present. - -- The Sequencer reports the VC run-time dependency in Sequencer reporting mechanism. - -- The Sequencer allows opting to not package the assemblies that are already installed on the Sequencer, supporting scenarios where the assemblies have previously been installed on the target computers. - -### Automatic publishing of SxS assemblies - -During publishing of an App-V package with SxS assemblies the App-V Client will check for the presence of the assembly on the machine. If the assembly does not exist, the client will deploy the assembly to the machine. Packages that are part of connection groups will rely on the Side by Side assembly installations that are part of the base packages, as the connection group does not contain any information about assembly installation. - -**Note**   -UnPublishing or removing a package with an assembly does not remove the assemblies for that package. - - - -## Client logging - - -The App-V client logs information to the Windows Event log in standard ETW format. The specific App-V events can be found in the event viewer, under Applications and Services Logs\\Microsoft\\AppV\\Client. - -**Note**   -In App-V 5.0 SP3, some logs were consolidated and moved to the following location: - -`Event logs/Applications and Services Logs/Microsoft/AppV/ServiceLog` - -For a list of the moved logs, see [About App-V 5.0 SP3](about-app-v-50-sp3.md#bkmk-event-logs-moved). - - - -There are three specific categories of events recorded described below. - -**Admin**: Logs events for configurations being applied to the App-V Client, and contains the primary warnings and errors. - -**Operational**: Logs the general App-V execution and usage of individual components creating an audit log of the App-V operations that have been completed on the App-V Client. - -**Virtual Application**: Logs virtual application launches and use of virtualization subsystems. - - - - - - - - - - - - - - diff --git a/mdop/appv-v5/check-reg-key-svr.md b/mdop/appv-v5/check-reg-key-svr.md deleted file mode 100644 index 44498c1829..0000000000 --- a/mdop/appv-v5/check-reg-key-svr.md +++ /dev/null @@ -1,246 +0,0 @@ ---- -title: Check Registry Keys before installing App-V 5.x Server -description: Check Registry Keys before installing App-V 5.x Server -author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 -ms.reviewer: -manager: dansimp -ms.author: dansimp ---- - - -# Check Registry Keys before installing App-V 5.x Server - -If you are upgrading the App-V Server from App-V 5.0 SP1 Hotfix Package 3 or later, complete the steps in this section before installing the App-V 5.x Server - - ---- - - - - - - - - - - - - - - - - - - -

When this step is required

You are upgrading from App-V 5.0 SP1 with any subsequent Hotfix Packages that you installed by using an .msp file.

Which components require that you do this step

Only the App-V Server components that you are upgrading.

When you need to do this step

Before you upgrade the App-V Server to App-V 5.x

What you need to do

Using the information in the following tables, update each registry key value under HKLM\Software\Microsoft\AppV\Server with the value that you provided in your original server installation. Completing this step restores registry values that may have been removed when App-V 5.0 SP1 Hotfix Packages were installed.

- -  - -**ManagementDatabase key** - -If you are installing the Management database, set these registry keys under `HKLM\Software\Microsoft\AppV\Server\ManagementDatabase`. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Key nameDescription

IS_MANAGEMENT_DB_PUBLIC_ACCESS_ACCOUNT_REQUIRED

Describes whether a public access account is required to access non-local management databases. Value is set to “1” if it is required.

MANAGEMENT_DB_NAME

Name of the Management database.

MANAGEMENT_DB_PUBLIC_ACCESS_ACCOUNT

Account used for read (public) access to the Management database.

-

Used when IS_MANAGEMENT_DB_PUBLIC_ACCESS_ACCOUNT_REQUIRED is set to 1.

MANAGEMENT_DB_PUBLIC_ACCESS_ACCOUNT_SID

Secure identifier (SID) of the account used for read (public) access to the Management database.

-

Used when IS_MANAGEMENT_DB_PUBLIC_ACCESS_ACCOUNT_REQUIRED is set to 1.

MANAGEMENT_DB_SQL_INSTANCE

SQL Server instance for the Management database.

-

If the value is blank, the default database instance is used.

MANAGEMENT_DB_WRITE_ACCESS_ACCOUNT

Account used for write (administrator) access to the Management database.

MANAGEMENT_DB_WRITE_ACCESS_ACCOUNT_SID

Secure identifier (SID) of the account used for write (administrator) access to the Management database.

MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT

Management server remote computer account (domain\account).

MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT

Installation administrator login for the Management server (domain\account).

MANAGEMENT_SERVER_MACHINE_USE_LOCAL

Valid values are:

-
    -

  • 1 – the Management service is on the local computer, that is, MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT is blank.

    • -

  • 0 - the Management service is on a different computer from the local computer.

    • -
- -  - -**ManagementService key** - -If you are installing the Management server, set these registry keys under `HKLM\Software\Microsoft\AppV\Server\ManagementService`. - - ---- - - - - - - - - - - - - - - - - - - - - -
Key nameDescription

MANAGEMENT_ADMINACCOUNT

Active Directory Domain Services (AD DS) group or account that is authorized to manage App-V (domain\account).

MANAGEMENT_DB_SQL_INSTANCE

SQL server instance that contains the Management database.

-

If the value is blank, the default database instance is used.

MANAGEMENT_DB_SQL_SERVER_NAME

Name of the remote SQL server with the Management database.

-

If the value is blank, the local computer is used.

- -  - -**ReportingDatabase key** - -If you are installing the Reporting database, set these registry keys under `HKLM\Software\Microsoft\AppV\Server\ReportingDatabase`. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Key nameDescription

IS_REPORTING_DB_PUBLIC_ACCESS_ACCOUNT_REQUIRED

Describes whether a public access account is required to access non-local reporting databases. Value is set to “1” if it is required.

REPORTING_DB_NAME

Name of the Reporting database.

REPORTING_DB_PUBLIC_ACCESS_ACCOUNT

Account used for read (public) access to the Reporting database.

-

Used when IS_REPORTING_DB_PUBLIC_ACCESS_ACCOUNT_REQUIRED is set to 1.

REPORTING_DB_PUBLIC_ACCESS_ACCOUNT_SID

Secure identifier (SID) of the account used for read (public) access to the Reporting database.

-

Used when IS_REPORTING_DB_PUBLIC_ACCESS_ACCOUNT_REQUIRED is set to 1.

REPORTING_DB_SQL_INSTANCE

SQL Server instance for the Reporting database.

-

If the value is blank, the default database instance is used.

REPORTING_DB_WRITE_ACCESS_ACCOUNT

REPORTING_DB_WRITE_ACCESS_ACCOUNT_SID

REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT

Reporting server remote computer account (domain\account).

REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT

Installation administrator login for the Reporting server (domain\account).

REPORTING_SERVER_MACHINE_USE_LOCAL

Valid values are:

-
    -

  • 1 – the Reporting service is on the local computer, that is, REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT is blank.

    • -

  • 0 - the Reporting service is on a different computer from the local computer.

    • -
- -  - -**ReportingService key** - -If you are installing the Reporting server, set these registry keys under `HKLM\Software\Microsoft\AppV\Server\ReportingService`. - - ---- - - - - - - - - - - - - - - - - -
Key nameDescription

REPORTING_DB_SQL_INSTANCE

SQL Server instance for the Reporting database.

-

If the value is blank, the default database instance is used.

REPORTING_DB_SQL_SERVER_NAME

Name of the remote SQL server with the Reporting database.

-

If the value is blank, the local computer is used.

- diff --git a/mdop/appv-v5/configure-applications-and-default-virtual-application-extensions-in-management-console.md b/mdop/appv-v5/configure-applications-and-default-virtual-application-extensions-in-management-console.md deleted file mode 100644 index c96dff8cbe..0000000000 --- a/mdop/appv-v5/configure-applications-and-default-virtual-application-extensions-in-management-console.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: Configure Applications and Default Virtual Application Extensions in Management Console -description: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console -author: dansimp -ms.assetid: 1e1941d3-fb22-4077-8ec6-7a0cb80335d8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 09/26/2019 ---- - -# Configure Applications and Default Virtual Application Extensions in Management Console - -Use the following procedure to *view* and *configure* default package extensions. - -**To view and configure default virtual application extensions** - -1. To view the package that you want to configure, open the App-V 5.1 Management Console. Select the package that you want to configure, right-click the package name and select **edit default configuration**. - -2. To view the applications contained in the specified package, in the **Default Configuration** pane, click **Applications**. To view the shortcuts for that package, click **Shortcuts**. To view the file type associations for that package, click **File Types**. - -3. To enable the application extensions, select **ENABLE**. - - To enable shortcuts, select **ENABLE SHORTCUTS**. To add a new shortcut for the selected application, right-click the application in the **SHORTCUTS** pane and select **Add new shortcut**. To remove a shortcut, right-click the application in the **SHORTCUTS** pane and select **Remove Shortcut**. To edit an existing shortcut, right-click the application and select **Edit Shortcut**. - -4. To view any other application extensions, click **Advanced** and click **Export Configuration**. Type in a filename and click **Save**. You can view all application extensions associated with the package using the configuration file. - -5. To edit other application extensions, modify the configuration file and click **Import and Overwrite this Configuration**. Select the modified file and click **Open**. In the dialog box, click **Overwrite** to complete the process. - ->**Note** If the upload fails and the size of your configuration file is above 4MB, you will need to increase the maximum file size allowed by the server. This can be done by adding the maxRequestLength attribute with a value greater than the size of your configuration file (in KB) to the httpRuntime element on line 26 of `C:\Program Files\Microsoft Application Virtualization Server\ManagementService\Web.config`. -For example, changing `` to `` will increase the maximum size to 8MB - - -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/creating-and-managing-app-v-50-virtualized-applications.md b/mdop/appv-v5/creating-and-managing-app-v-50-virtualized-applications.md deleted file mode 100644 index 56bd58a27e..0000000000 --- a/mdop/appv-v5/creating-and-managing-app-v-50-virtualized-applications.md +++ /dev/null @@ -1,344 +0,0 @@ ---- -title: Creating and Managing App-V 5.0 Virtualized Applications -description: Creating and Managing App-V 5.0 Virtualized Applications -author: dansimp -ms.assetid: 66bab403-d7e0-4e7b-bc8f-a29a98a7160a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Creating and Managing App-V 5.0 Virtualized Applications - - -After you have properly deployed the Microsoft Application Virtualization (App-V) 5.0 sequencer, you can use it to monitor and record the installation and setup process for an application to be run as a virtualized application. - -**Note**   -For more information about configuring the Microsoft Application Virtualization (App-V) 5.0 sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](https://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx) (https://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx). - - - -## Sequencing an application - - -You can use the App-V 5.0 Sequencer to perform the following tasks: - -- Create virtual packages that can be deployed to computers running the App-V 5.0 client. - -- Upgrade existing packages. You can expand an existing package onto the computer running the sequencer and then upgrade the application to create a newer version. - -- Edit configuration information associated with an existing package. For example, you can add a shortcut or modify a file type association. - - **Note**   - You must create shortcuts and save them to an available network location to allow roaming. If a shortcut is created and saved in a private location, the package must be published locally to the computer running the App-V 5.0 client. - - - -- Convert existing virtual packages. - -The sequencer uses the **%TMP% \\ Scratch** or **%TEMP% \\ Scratch** directory and the **Temp** directory to store temporary files during sequencing. On the computer that runs the sequencer, you should configure these directories with free disk space equivalent to the estimated application installation requirements. Configuring the temp directories and the Temp directory on different hard drive partitions can help improve performance during sequencing. - -When you use the sequencer to create a new virtual application, the following listed files are created. These files comprise the App-V 5.0 package. - -- .msi file. This Windows Installer (.msi) file is created by the sequencer and is used to install the virtual package on target computers. - -- Report.xml file. In this file, the sequencer saves all issues, warnings, and errors that were discovered during sequencing. It displays the information after the package has been created. You can us this report for diagnosing and troubleshooting. - -- .appv file. This is the virtual application file. - -- Deployment configuration file. The deployment configuration file determines how the virtual application will be deployed to target computers. - -- User configuration file. The user configuration file determines how the virtual application will run on target computers. - -**Important**   -You must configure the %TMP% and %TEMP% folders that the package converter uses to be a secure location and directory. A secure location is only accessible by an administrator. Additionally, when you sequence the package you should save the package to a location that is secure, or make sure that no other user is allowed to be logged in during the conversion and monitoring process. - - - -The **Options** dialog box in the sequencer console contains the following tabs: - -- **General**. Use this tab to enable Microsoft Updates to run during sequencing. Select **Append Package Version to Filename** to configure the sequence to add a version number to the virtualized package that is being sequenced. Select **Always trust the source of Package Accelerators** to create virtualized packages using a package accelerator without being prompted for authorization. - - **Important**   - Package Accelerators created using App-V 4.6 are not supported by App-V 5.0. - - - -- **Parse Items**. This tab displays the associated file path locations that will be parsed or tokenized into in the virtual environment. Tokens are useful for adding files using the **Package Files** tab in **Advanced Editing**. - -- **Exclusion Items**. Use this tab to specify which folders and directories should not be monitored during sequencing. To add local application data that is saved in the Local App Data folder in the package, click **New** and specify the location and the associated **Mapping Type**. This option is required for some packages. - -App-V 5.0 supports applications that include Microsoft Windows Services. If an application includes a Windows service, the Service will be included in the sequenced virtual package as long as it is installed while being monitored by the sequencer. If a virtual application creates a Windows service when it initially runs, then later, after installation, the application must be run while the sequencer is monitoring so that the Windows Service will be added to the package. Only Services that run under the Local System account are supported. Services that are configured for AutoStart or Delayed AutoStart are started before the first virtual application in a package runs inside the package’s Virtual Environment. Windows Services that are configured to be started on demand by an application are started when the virtual application inside the package starts the Service via API call. - -[How to Sequence a New Application with App-V 5.0](how-to-sequence-a-new-application-with-app-v-50-beta-gb18030.md) - -## App-V 5.0 SP2 shell extension support - - -App-V 5.0 SP2 supports shell extensions. Shell extensions will be detected and embedded in the package during sequencing. - -Shell extensions are embedded in the package automatically during the sequencing process. When the package is published, the shell extension gives users the same functionality as if the application were locally installed. - -**Requirements for using shell extensions:** - -- Packages that contain embedded shell extensions must be published globally. The application requires no additional setup or configuration on the client to enable the shell extension functionality. - -- The “bitness” of the application, Sequencer, and App-V client must match, or the shell extensions won’t work. For example: - - - The version of the application is 64-bit. - - - The Sequencer is running on a 64-bit computer. - - - The package is being delivered to a 64-bit App-V client computer. - -The following table lists the supported shell extensions: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
HandlerDescription

Context menu handler

Adds menu items to the context menu. It is called before the context menu is displayed.

Drag-and-drop handler

Controls the action where right-click, drag and drop and modifies the context menu that appears.

Drop target handler

Controls the action after a data object is dragged and dropped over a drop target such as a file.

Data object handler

Controls the action after a file is copied to the clipboard or dragged and dropped over a drop target. It can provide additional clipboard formats to the drop target.

Property sheet handler

Replaces or adds pages to the property sheet dialog box of an object.

Infotip handler

Allows retrieving flags and infotip information for an item and displaying it inside a pop-up tooltip upon mouse hover.

Column handler

Allows creating and displaying custom columns in Windows Explorer Details view. It can be used to extend sorting and grouping.

Preview handler

Enables a preview of a file to be displayed in the Windows Explorer Preview pane.

- - - -## Copy on Write (CoW) file extension support - - -Copy on write (CoW) file extensions allow App-V 5.0 to dynamically write to specific locations contained in the virtual package while it is being used. - -The following table displays the file types that can exist in a virtual package under the VFS directory, but cannot be updated on the computer running the App-V 5.0 client. All other files and directories can be modified. - -.acm - -.asa - -.asp - -.aspx - -.ax - -.bat - -.cer - -.chm - -.clb - -.cmd - -.cnt - -.cnv - -.com - -.cpl - -.cpx - -.crt - -.dll - -.drv - -.exe - -.fon - -.grp - -.hlp - -.hta - -.ime - -.inf - -.ins - -.isp - -.its - -.js - -.jse - -.lnk - -.msc - -.msi - -.msp - -.mst - -.mui - -.nls - -.ocx - -.pal - -.pcd - -.pif - -.reg - -.scf - -.scr - -.sct - -.shb - -.shs - -.sys - -.tlb - -.tsp - -.url - -.vb - -.vbe - -.vbs - -.vsmacros - -.ws - -.esc - -.wsf - -.wsh - - - -## Modifying an existing virtual application package - - -You can use the sequencer to modify an existing package. The computer on which you do this should match the chip architecture of the computer you used to create the application. For example, if you initially sequenced a package using a computer running a 64-bit operating system, you should modify the package using a computer running a 64-bit operating system. - -[How to Modify an Existing Virtual Application Package](how-to-modify-an-existing-virtual-application-package-beta.md) - -## Creating a project template - - -A .appvt file is a project template that can be used to save commonly applied, customized settings. You can then more easily use these settings for future sequencings. - -App-V 5.0 project templates differ from App-V 5.0 Application Accelerators because App-V 5.0 Application Accelerators are application-specific, and App-V 5.0 project templates can be applied to multiple applications. Additionally, you cannot use a project template when you use a Package Accelerator to create a virtual application package. The following general settings are saved with an App-V 5.0 project template: - -A template can specify and store multiple settings as follows: - -- **Advanced Monitoring Options**. Enables Microsoft Update to run during monitoring. Saves allow local interaction option settings - -- **General Options**. Enables the use of **Windows Installer**, **Append Package Version to Filename**. - -- **Exclusion Items.** Contains the Exclusion pattern list. - -[How to Create and Use a Project Template](how-to-create-and-use-a-project-template.md) - -## Creating a package accelerator - - -**Note**   -Package accelerators created using a previous version of App-V must be recreated using App-V 5.0. - - - -You can use App-V 5.0 package accelerators to automatically generate a new virtual application packages. After you have successfully created a package accelerator, you can reuse and share the package accelerator. - -In some situations, to create the package accelerator, you might have to install the application locally on the computer that runs the sequencer. In such cases, you should first try to create the package accelerator with the installation media. If multiple missing files are required, you should install the application locally to the computer that runs the sequencer, and then create the package accelerator. - -After you have successfully created a Package Accelerator, you can reuse and share the Package Accelerator. Creating App-V 5.0 Package Accelerators is an advanced task. Package Accelerators can contain password and user-specific information. Therefore you must save Package Accelerators and the associated installation media in a secure location, and you should digitally sign the Package Accelerator after you create it so that the publisher can be verified when the App-V 5.0 Package Accelerator is applied. - -[How to Create a Package Accelerator](how-to-create-a-package-accelerator.md) - -[How to Create a Virtual Application Package Using an App-V Package Accelerator](how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator.md) - -## Sequencer error reporting - - -The App-V 5.0 Sequencer can detect common sequencing issues during sequencing. The **Installation Report** page at the end of the sequencing wizard displays diagnostic messages categorized into **Errors**, **Warnings**, and **Info** depending on the severity of the issue. - -You can also find additional information about sequencing errors using the Windows Event Viewer. - - - - - - -## Other resources for the App-V 5.0 sequencer - - -- [Operations for App-V 5.0](operations-for-app-v-50.md) - - - - - - - - - diff --git a/mdop/appv-v5/creating-and-managing-app-v-51-virtualized-applications.md b/mdop/appv-v5/creating-and-managing-app-v-51-virtualized-applications.md deleted file mode 100644 index a2dc196c47..0000000000 --- a/mdop/appv-v5/creating-and-managing-app-v-51-virtualized-applications.md +++ /dev/null @@ -1,216 +0,0 @@ ---- -title: Creating and Managing App-V 5.1 Virtualized Applications -description: Creating and Managing App-V 5.1 Virtualized Applications -author: dansimp -ms.assetid: 26be4331-88eb-4cfb-9d82-e63d7ee54576 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Creating and Managing App-V 5.1 Virtualized Applications - - -After you have properly deployed the Microsoft Application Virtualization (App-V) 5.1 sequencer, you can use it to monitor and record the installation and setup process for an application to be run as a virtualized application. - -**Note**   -For more information about configuring the App-V 5.1 sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](https://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V%205.0%20Sequencing%20Guide.docx). - -**Note** -The App-V 5.x Sequencer cannot sequence applications with filenames matching "CO_<x>" where x is any numeral. Error 0x8007139F will be generated. - -## Sequencing an application - - -You can use the App-V 5.1 Sequencer to perform the following tasks: - -- Create virtual packages that can be deployed to computers running the App-V 5.1 client. - -- Upgrade existing packages. You can expand an existing package onto the computer running the sequencer and then upgrade the application to create a newer version. - -- Edit configuration information associated with an existing package. For example, you can add a shortcut or modify a file type association. - - **Note**   - You must create shortcuts and save them to an available network location to allow roaming. If a shortcut is created and saved in a private location, the package must be published locally to the computer running the App-V 5.1 client. - -- Convert existing virtual packages. - -The sequencer uses the **%TMP% \\ Scratch** or **%TEMP% \\ Scratch** directory and the **Temp** directory to store temporary files during sequencing. On the computer that runs the sequencer, you should configure these directories with free disk space equivalent to the estimated application installation requirements. Configuring the temp directories and the Temp directory on different hard drive partitions can help improve performance during sequencing. - -When you use the sequencer to create a new virtual application, the following listed files are created. These files comprise the App-V 5.1 package. - -- .msi file. This Windows Installer (.msi) file is created by the sequencer and is used to install the virtual package on target computers. - -- Report.xml file. In this file, the sequencer saves all issues, warnings, and errors that were discovered during sequencing. It displays the information after the package has been created. You can us this report for diagnosing and troubleshooting. - -- .appv file. This is the virtual application file. - -- Deployment configuration file. The deployment configuration file determines how the virtual application will be deployed to target computers. - -- User configuration file. The user configuration file determines how the virtual application will run on target computers. - -**Important**   -You must configure the %TMP% and %TEMP% folders that the package converter uses to be a secure location and directory. A secure location is only accessible by an administrator. Additionally, when you sequence the package you should save the package to a location that is secure, or make sure that no other user is allowed to be logged in during the conversion and monitoring process.  - -The **Options** dialog box in the sequencer console contains the following tabs: - -- **General**. Use this tab to enable Microsoft Updates to run during sequencing. Select **Append Package Version to Filename** to configure the sequence to add a version number to the virtualized package that is being sequenced. Select **Always trust the source of Package Accelerators** to create virtualized packages using a package accelerator without being prompted for authorization. - - **Important**   - Package Accelerators created using App-V 4.6 are not supported by App-V 5.1.   - -- **Parse Items**. This tab displays the associated file path locations that will be parsed or tokenized into in the virtual environment. Tokens are useful for adding files using the **Package Files** tab in **Advanced Editing**. - -- **Exclusion Items**. Use this tab to specify which folders and directories should not be monitored during sequencing. To add local application data that is saved in the Local App Data folder in the package, click **New** and specify the location and the associated **Mapping Type**. This option is required for some packages. - -App-V 5.1 supports applications that include Microsoft Windows Services. If an application includes a Windows service, the Service will be included in the sequenced virtual package as long as it is installed while being monitored by the sequencer. If a virtual application creates a Windows service when it initially runs, then later, after installation, the application must be run while the sequencer is monitoring so that the Windows Service will be added to the package. Only Services that run under the Local System account are supported. Services that are configured for AutoStart or Delayed AutoStart are started before the first virtual application in a package runs inside the package’s Virtual Environment. Windows Services that are configured to be started on demand by an application are started when the virtual application inside the package starts the Service via API call. - -[How to Sequence a New Application with App-V 5.1](how-to-sequence-a-new-application-with-app-v-51-beta-gb18030.md) - -## App-V 5.1 shell extension support - - -App-V 5.1 supports shell extensions. Shell extensions will be detected and embedded in the package during sequencing. - -Shell extensions are embedded in the package automatically during the sequencing process. When the package is published, the shell extension gives users the same functionality as if the application were locally installed. - -**Requirements for using shell extensions:** - -- Packages that contain embedded shell extensions must be published globally. The application requires no additional setup or configuration on the client to enable the shell extension functionality. - -- The “bitness” of the application, Sequencer, and App-V client must match, or the shell extensions won’t work. For example: - - - The version of the application is 64-bit. - - - The Sequencer is running on a 64-bit computer. - - - The package is being delivered to a 64-bit App-V client computer. - -The following table lists the supported shell extensions: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
HandlerDescription

Context menu handler

Adds menu items to the context menu. It is called before the context menu is displayed.

Drag-and-drop handler

Controls the action where right-click, drag and drop and modifies the context menu that appears.

Drop target handler

Controls the action after a data object is dragged and dropped over a drop target such as a file.

Data object handler

Controls the action after a file is copied to the clipboard or dragged and dropped over a drop target. It can provide additional clipboard formats to the drop target.

Property sheet handler

Replaces or adds pages to the property sheet dialog box of an object.

Infotip handler

Allows retrieving flags and infotip information for an item and displaying it inside a pop-up tooltip upon mouse hover.

Column handler

Allows creating and displaying custom columns in Windows Explorer Details view. It can be used to extend sorting and grouping.

Preview handler

Enables a preview of a file to be displayed in the Windows Explorer Preview pane.

- -## Copy on Write (CoW) file extension support - -Copy on write (CoW) file extensions allow App-V 5.1 to dynamically write to specific locations contained in the virtual package while it is being used. - -The following table displays the file types that can exist in a virtual package under the VFS directory, but cannot be updated on the computer running the App-V 5.1 client. All other files and directories can be modified. - -| File Type | | | | | | -|------------ |------------- |------------- |------------ |------------ |------------ | -| .acm | .asa | .asp | .aspx | .ax | .bat | -| .cer | .chm | .clb | .cmd | .cnt | .cnv | -| .com | .cpl | .cpx | .crt | .dll | .drv | -| .esc | .exe | .fon | .grp | .hlp | .hta | -| .ime | .inf | .ins | .isp | .its | .js | -| .jse | .lnk | .msc | .msi | .msp | .mst | -| .mui | .nls | .ocx | .pal | .pcd | .pif | -| .reg | .scf | .scr | .sct | .shb | .shs | -| .sys | .tlb | .tsp | .url | .vb | .vbe | -| .vbs | .vsmacros | .ws | .wsf | .wsh | | - - -## Modifying an existing virtual application package - - -You can use the sequencer to modify an existing package. The computer on which you do this should match the chip architecture of the computer you used to create the application. For example, if you initially sequenced a package using a computer running a 64-bit operating system, you should modify the package using a computer running a 64-bit operating system. - -[How to Modify an Existing Virtual Application Package](how-to-modify-an-existing-virtual-application-package-51.md) - -## Creating a project template - - -A .appvt file is a project template that can be used to save commonly applied, customized settings. You can then more easily use these settings for future sequencings. - -App-V 5.1 project templates differ from App-V 5.1 Application Accelerators because App-V 5.1 Application Accelerators are application-specific, and App-V 5.1 project templates can be applied to multiple applications. Additionally, you cannot use a project template when you use a Package Accelerator to create a virtual application package. The following general settings are saved with an App-V 5.1 project template: - -A template can specify and store multiple settings as follows: - -- **Advanced Monitoring Options**. Enables Microsoft Update to run during monitoring. Saves allow local interaction option settings - -- **General Options**. Enables the use of **Windows Installer**, **Append Package Version to Filename**. - -- **Exclusion Items.** Contains the Exclusion pattern list. - -[How to Create and Use a Project Template](how-to-create-and-use-a-project-template51.md) - -## Creating a package accelerator - - -**Note**   -Package accelerators created using a previous version of App-V must be recreated using App-V 5.1. - -You can use App-V 5.1 package accelerators to automatically generate a new virtual application packages. After you have successfully created a package accelerator, you can reuse and share the package accelerator. - -In some situations, to create the package accelerator, you might have to install the application locally on the computer that runs the sequencer. In such cases, you should first try to create the package accelerator with the installation media. If multiple missing files are required, you should install the application locally to the computer that runs the sequencer, and then create the package accelerator. - -After you have successfully created a Package Accelerator, you can reuse and share the Package Accelerator. Creating App-V 5.1 Package Accelerators is an advanced task. Package Accelerators can contain password and user-specific information. Therefore you must save Package Accelerators and the associated installation media in a secure location, and you should digitally sign the Package Accelerator after you create it so that the publisher can be verified when the App-V 5.1 Package Accelerator is applied. - -[How to Create a Package Accelerator](how-to-create-a-package-accelerator51.md) - -[How to Create a Virtual Application Package Using an App-V Package Accelerator](how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator51.md) - -## Sequencer error reporting - - -The App-V 5.1 Sequencer can detect common sequencing issues during sequencing. The **Installation Report** page at the end of the sequencing wizard displays diagnostic messages categorized into **Errors**, **Warnings**, and **Info** depending on the severity of the issue. - -You can also find additional information about sequencing errors using the Windows Event Viewer. - - -## Other resources for the App-V 5.1 sequencer - - -- [Operations for App-V 5.1](operations-for-app-v-51.md) - diff --git a/mdop/appv-v5/deploying-app-v-50-packages-by-using-electronic-software-distribution--esd-.md b/mdop/appv-v5/deploying-app-v-50-packages-by-using-electronic-software-distribution--esd-.md deleted file mode 100644 index 4490ab666a..0000000000 --- a/mdop/appv-v5/deploying-app-v-50-packages-by-using-electronic-software-distribution--esd-.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: Deploying App-V 5.0 Packages by Using Electronic Software Distribution (ESD) -description: Deploying App-V 5.0 Packages by Using Electronic Software Distribution (ESD) -author: dansimp -ms.assetid: d1d74af4-229f-4578-8c95-554a3d7cd2f3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Deploying App-V 5.0 Packages by Using Electronic Software Distribution (ESD) - - -You can deploy App-V 5.0 packages using an Electronic Software Distribution (ESD) solution. For information about planning to deploy App-V packages with an ESD, see [Planning to Deploy App-V 5.0 with an Electronic Software Distribution System](planning-to-deploy-app-v-50-with-an-electronic-software-distribution-system.md). - -To deploy App-V packages with Microsoft System Center 2012 Configuration Manager, see [Introduction to Application Management in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=281816) - -## How to deploy virtualized packages using an ESD - - -Describes the methods you can use to deploy App-V packages by using an ESD - -[How to deploy App-V 5.0 Packages Using Electronic Software Distribution](how-to-deploy-app-v-50-packages-using-electronic-software-distribution.md) - -## How to Enable Only Administrators to Publish Packages by Using an ESD - - -Explains how to configure the App-V client to enable only administrators to publish and unpublish packages when you’re using an ESD. - -[How to Enable Only Administrators to Publish Packages by Using an ESD](how-to-enable-only-administrators-to-publish-packages-by-using-an-esd.md) - - - - - - -## Other resources for using an ESD and App-V 5.0 - - -Use the following link for more information about [App-V and Citrix Integration](https://go.microsoft.com/fwlink/?LinkId=330294 ) (https://go.microsoft.com/fwlink/?LinkId=330294). - -[Operations for App-V 5.0](operations-for-app-v-50.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/deploying-app-v-50.md b/mdop/appv-v5/deploying-app-v-50.md deleted file mode 100644 index 5f13c3d291..0000000000 --- a/mdop/appv-v5/deploying-app-v-50.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Deploying App-V 5.0 -description: Deploying App-V 5.0 -author: dansimp -ms.assetid: 77cb19d7-00e6-4b39-b35a-e8a8ca0b807b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploying App-V 5.0 - - -Microsoft Application Virtualization (App-V) 5.0 (App-V 5.0) supports a number of different deployment options. This section of the App-V 5.0 Administrator’s Guide includes information you should consider about the deployment of App-V 5.0 and step-by-step procedures to help you successfully perform the tasks that you must complete at different stages of your deployment. - -## App-V 5.0 Deployment Information - - -- [Deploying the App-V 5.0 Sequencer and Client](deploying-the-app-v-50-sequencer-and-client.md) - - This section describes how to install the App-V 5.0 sequencer which is used to virtualize applications, and the App-V 5.0 client which runs on target computers to facilitate virtualized packages. - -- [Deploying the App-V 5.0 Server](deploying-the-app-v-50-server.md) - - This section provides information about installing the App-V 5.0 management, publishing, database and reporting severs. - -- [App-V 5.0 Deployment Checklist](app-v-50-deployment-checklist.md) - - This section provides a deployment checklist that can be used to assist with installing App-V 5.0. - -## Other Resources for Deploying App-V 5.0 - - -- [Microsoft Application Virtualization 5.0 Administrator's Guide](microsoft-application-virtualization-50-administrators-guide.md) - -- [Getting Started with App-V 5.0](getting-started-with-app-v-50--rtm.md) - -- [Planning for App-V 5.0](planning-for-app-v-50-rc.md) - -- [Operations for App-V 5.0](operations-for-app-v-50.md) - -- [Troubleshooting App-V 5.0](troubleshooting-app-v-50.md) - - - - - - -  - -  - - - - - diff --git a/mdop/appv-v5/deploying-app-v-51-packages-by-using-electronic-software-distribution--esd-.md b/mdop/appv-v5/deploying-app-v-51-packages-by-using-electronic-software-distribution--esd-.md deleted file mode 100644 index de4772c416..0000000000 --- a/mdop/appv-v5/deploying-app-v-51-packages-by-using-electronic-software-distribution--esd-.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: Deploying App-V 5.1 Packages by Using Electronic Software Distribution (ESD) -description: Deploying App-V 5.1 Packages by Using Electronic Software Distribution (ESD) -author: dansimp -ms.assetid: c2e4d176-460d-44ca-9a1d-69d2a733aa42 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Deploying App-V 5.1 Packages by Using Electronic Software Distribution (ESD) - - -You can deploy App-V 5.1 packages using an Electronic Software Distribution (ESD) solution. For information about planning to deploy App-V packages with an ESD, see [Planning to Deploy App-V 5.1 with an Electronic Software Distribution System](planning-to-deploy-app-v-51-with-an-electronic-software-distribution-system.md). - -To deploy App-V packages with Microsoft System Center 2012 Configuration Manager, see [Introduction to Application Management in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=281816) - -## How to deploy virtualized packages using an ESD - - -Describes the methods you can use to deploy App-V packages by using an ESD - -[How to deploy App-V 5.1 Packages Using Electronic Software Distribution](how-to-deploy-app-v-51-packages-using-electronic-software-distribution.md) - -## How to Enable Only Administrators to Publish Packages by Using an ESD - - -Explains how to configure the App-V client to enable only administrators to publish and unpublish packages when you’re using an ESD. - -[How to Enable Only Administrators to Publish Packages by Using an ESD](how-to-enable-only-administrators-to-publish-packages-by-using-an-esd51.md) - - - - - - -## Other resources for using an ESD and App-V 5.1 - - -Use the following link for more information about [App-V and Citrix Integration](https://go.microsoft.com/fwlink/?LinkId=330294 ) (https://go.microsoft.com/fwlink/?LinkId=330294). - -[Operations for App-V 5.1](operations-for-app-v-51.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/deploying-app-v-51.md b/mdop/appv-v5/deploying-app-v-51.md deleted file mode 100644 index 719dc32571..0000000000 --- a/mdop/appv-v5/deploying-app-v-51.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: Deploying App-V 5.1 -description: Deploying App-V 5.1 -author: dansimp -ms.assetid: af8742bf-e24b-402a-bcf4-0f2297f26bc4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploying App-V 5.1 - - -Microsoft Application Virtualization (App-V) 5.1 supports a number of different deployment options. This section of the App-V 5.1 Administrator’s Guide includes information you should consider about the deployment of App-V 5.1 and step-by-step procedures to help you successfully perform the tasks that you must complete at different stages of your deployment. - -## App-V 5.1 Deployment Information - - -- [Deploying the App-V 5.1 Sequencer and Client](deploying-the-app-v-51-sequencer-and-client.md) - - This section describes how to install the App-V 5.1 sequencer which is used to virtualize applications, and the App-V 5.1 client which runs on target computers to facilitate virtualized packages. - -- [Deploying the App-V 5.1 Server](deploying-the-app-v-51-server.md) - - This section provides information about installing the App-V 5.1 management, publishing, database and reporting severs. - -- [App-V 5.1 Deployment Checklist](app-v-51-deployment-checklist.md) - - This section provides a deployment checklist that can be used to assist with installing App-V 5.1. - -## Other Resources for Deploying App-V 5.1 - - -- [Microsoft Application Virtualization 5.1 Administrator's Guide](microsoft-application-virtualization-51-administrators-guide.md) - -- [Getting Started with App-V 5.1](getting-started-with-app-v-51.md) - -- [Planning for App-V 5.1](planning-for-app-v-51.md) - -- [Operations for App-V 5.1](operations-for-app-v-51.md) - -- [Troubleshooting App-V 5.1](troubleshooting-app-v-51.md) - -- [Technical Reference for App-V 5.1](technical-reference-for-app-v-51.md) - - - - - - -  - -  - - - - - diff --git a/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v.md b/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v.md deleted file mode 100644 index 88c3436957..0000000000 --- a/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v.md +++ /dev/null @@ -1,315 +0,0 @@ ---- -title: Deploying Microsoft Office 2010 by Using App-V -description: Deploying Microsoft Office 2010 by Using App-V -author: dansimp -ms.assetid: 0a9e496e-82a1-4dc0-a496-7b21eaa00f53 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Deploying Microsoft Office 2010 by Using App-V - - -You can create Office 2010 packages for Application Virtualization 5.0 using one of the following methods: - -- Application Virtualization (App-V) Sequencer - -- Application Virtualization (App-V) Package Accelerator - -## App-V support for Office 2010 - - -The following table shows the App-V versions, methods of Office package creation, supported licensing, and supported deployments for Office 2010. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
Supported itemLevel of support

Supported App-V versions

    -

  • 4.6

    • -

  • 5.0

    • -

Package creation

    -

  • Sequencing

    • -

  • Package Accelerator

    • -

  • Office Deployment Kit

    • -

Supported licensing

Volume Licensing

Supported deployments

    -

  • Desktop

    • -

  • Personal VDI

    • -

  • RDS

    • -
- - - -## Creating Office 2010 App-V 5.0 using the sequencer - - -Sequencing Office 2010 is one of the main methods for creating an Office 2010 package on App-V 5.0. Microsoft has provided a detailed recipe through a Knowledge Base article. To create an Office 2010 package on App-V 5.0, refer to the following link for detailed instructions: - -[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330676) - -## Creating Office 2010 App-V 5.0 packages using package accelerators - - -Office 2010 App-V 5.0 packages can be created through package accelerators. Microsoft has provided package accelerators for creating Office 2010 on Windows 8 and Windows 7. To create Office 2010 packages on App-V using Package accelerators, refer to the following pages to access the appropriate package accelerator: - -- [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 8](https://go.microsoft.com/fwlink/p/?LinkId=330677) - -- [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 7](https://go.microsoft.com/fwlink/p/?LinkId=330678) - -For detailed instructions on how to create virtual application packages using App-V package accelerators, see [How to Create a Virtual Application Package Using an App-V Package Accelerator](how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator.md). - -## Deploying the Microsoft Office package for App-V 5.0 - - -You can deploy Office 2010 packages by using any of the following App-V deployment methods: - -- System Center Configuration Manager - -- App-V server - -- Stand-alone through PowerShell commands - -## Office App-V package management and customization - - -Office 2010 packages can be managed like any other App-V 5.0 packages through known package management mechanisms. No special instructions are needed, for example, to add, publish, unpublish, or remove Office packages. - -## Microsoft Office integration with Windows - - -The following table provides a full list of supported integration points for Office 2010. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Extension PointDescriptionOffice 2010

Lync meeting Join Plug-in for Firefox and Chrome

User can join Lync meetings from Firefox and Chrome

Sent to OneNote Print Driver

User can print to OneNote

Yes

OneNote Linked Notes

OneNote Linked Notes

Send to OneNote Internet Explorer Add-In

User can send to OneNote from IE

Firewall Exception for Lync and Outlook

Firewall Exception for Lync and Outlook

MAPI Client

Native apps and add-ins can interact with virtual Outlook through MAPI

SharePoint Plugin for Firefox

User can use SharePoint features in Firefox

Mail Control Panel Applet

User gets the mail control panel applet in Outlook

Yes

Primary Interop Assemblies

Support managed add-ins

Office Document Cache Handler

Allows Document Cache for Office applications

Outlook Protocol Search handler

User can search in outlook

Yes

Active X Controls:

For more information on ActiveX controls, refer to ActiveX Control API Reference.

   Groove.SiteClient

Active X Control

   PortalConnect.PersonalSite

Active X Control

   SharePoint.openDocuments

Active X Control

   SharePoint.ExportDatabase

Active X Control

   SharePoint.SpreadSheetLauncher

Active X Control

   SharePoint.StssyncHander

Active X Control

   SharePoint.DragUploadCtl

Active X Control

   SharePoint.DragDownloadCtl

Active X Control

   Sharpoint.OpenXMLDocuments

Active X Control

   Sharepoint.ClipboardCtl

Active X control

   WinProj.Activator

Active X Control

   Name.NameCtrl

Active X Control

   STSUPld.CopyCtl

Active X Control

   CommunicatorMeetingJoinAx.JoinManager

Active X Control

   LISTNET.Listnet

Active X Control

   OneDrive Pro Browser Helper

Active X Control]

OneDrive Pro Icon Overlays

Windows explorer shell icon overlays when users look at folders OneDrive Pro folders

- - - -## Additional resources - - -**Office 2013 App-V 5.0 Packages 5.0 Additional Resources** - -[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://go.microsoft.com/fwlink/p/?LinkId=330680) - -**Office 2010 App-V 5.0 Packages** - -[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330681) - -[Known issues when you create or use an App-V 5.0 Office 2010 package](https://go.microsoft.com/fwlink/p/?LinkId=330682) - -[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330676) - -**Connection Groups** - -[Deploying Connection Groups in Microsoft App-V v5](https://go.microsoft.com/fwlink/p/?LinkId=330683) - -[Managing Connection Groups](managing-connection-groups.md) - -**Dynamic Configuration** - -[About App-V 5.0 Dynamic Configuration](about-app-v-50-dynamic-configuration.md) - - - - - - - - - - - - - - diff --git a/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v51.md b/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v51.md deleted file mode 100644 index 8e68496eec..0000000000 --- a/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v51.md +++ /dev/null @@ -1,316 +0,0 @@ ---- -title: Deploying Microsoft Office 2010 by Using App-V -description: Deploying Microsoft Office 2010 by Using App-V -author: dansimp -ms.assetid: ae0b0459-c0d6-4946-b62d-ff153f52d1fb -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Deploying Microsoft Office 2010 by Using App-V - - -You can create Office 2010 packages for Microsoft Application Virtualization (App-V) 5.1 using one of the following methods: - -- Application Virtualization (App-V) Sequencer - -- Application Virtualization (App-V) Package Accelerator - -## App-V support for Office 2010 - - -The following table shows the App-V versions, methods of Office package creation, supported licensing, and supported deployments for Office 2010. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
Supported itemLevel of support

Supported App-V versions

    -

  • 4.6

    • -

  • 5.0

    • -

  • 5.1

    • -

Package creation

    -

  • Sequencing

    • -

  • Package Accelerator

    • -

  • Office Deployment Kit

    • -

Supported licensing

Volume Licensing

Supported deployments

    -

  • Desktop

    • -

  • Personal VDI

    • -

  • RDS

    • -
- - - -## Creating Office 2010 App-V 5.1 using the sequencer - - -Sequencing Office 2010 is one of the main methods for creating an Office 2010 package on App-V 5.1. Microsoft has provided a detailed recipe through a Knowledge Base article. To create an Office 2010 package on App-V 5.1, refer to the following link for detailed instructions: - -[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330676) - -## Creating Office 2010 App-V 5.1 packages using package accelerators - - -Office 2010 App-V 5.1 packages can be created through package accelerators. Microsoft has provided package accelerators for creating Office 2010 on Windows 10, Windows 8 and Windows 7. To create Office 2010 packages on App-V using Package accelerators, refer to the following pages to access the appropriate package accelerator: - -- [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 8](https://go.microsoft.com/fwlink/p/?LinkId=330677) - -- [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 7](https://go.microsoft.com/fwlink/p/?LinkId=330678) - -For detailed instructions on how to create virtual application packages using App-V package accelerators, see [How to Create a Virtual Application Package Using an App-V Package Accelerator](how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator51.md). - -## Deploying the Microsoft Office package for App-V 5.1 - - -You can deploy Office 2010 packages by using any of the following App-V deployment methods: - -- System Center Configuration Manager - -- App-V server - -- Stand-alone through PowerShell commands - -## Office App-V package management and customization - - -Office 2010 packages can be managed like any other App-V 5.1 packages through known package management mechanisms. No special instructions are needed, for example, to add, publish, unpublish, or remove Office packages. - -## Microsoft Office integration with Windows - - -The following table provides a full list of supported integration points for Office 2010. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Extension PointDescriptionOffice 2010

Lync meeting Join Plug-in for Firefox and Chrome

User can join Lync meetings from Firefox and Chrome

Sent to OneNote Print Driver

User can print to OneNote

Yes

OneNote Linked Notes

OneNote Linked Notes

Send to OneNote Internet Explorer Add-In

User can send to OneNote from IE

Firewall Exception for Lync and Outlook

Firewall Exception for Lync and Outlook

MAPI Client

Native apps and add-ins can interact with virtual Outlook through MAPI

SharePoint Plugin for Firefox

User can use SharePoint features in Firefox

Mail Control Panel Applet

User gets the mail control panel applet in Outlook

Yes

Primary Interop Assemblies

Support managed add-ins

Office Document Cache Handler

Allows Document Cache for Office applications

Outlook Protocol Search handler

User can search in outlook

Yes

Active X Controls:

For more information on ActiveX controls, refer to ActiveX Control API Reference.

   Groove.SiteClient

Active X Control

   PortalConnect.PersonalSite

Active X Control

   SharePoint.openDocuments

Active X Control

   SharePoint.ExportDatabase

Active X Control

   SharePoint.SpreadSheetLauncher

Active X Control

   SharePoint.StssyncHander

Active X Control

   SharePoint.DragUploadCtl

Active X Control

   SharePoint.DragDownloadCtl

Active X Control

   Sharpoint.OpenXMLDocuments

Active X Control

   Sharepoint.ClipboardCtl

Active X control

   WinProj.Activator

Active X Control

   Name.NameCtrl

Active X Control

   STSUPld.CopyCtl

Active X Control

   CommunicatorMeetingJoinAx.JoinManager

Active X Control

   LISTNET.Listnet

Active X Control

   OneDrive Pro Browser Helper

Active X Control]

OneDrive Pro Icon Overlays

Windows explorer shell icon overlays when users look at folders OneDrive Pro folders

- - - -## Additional resources - - -**Office 2013 App-V Packages Additional Resources** - -[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://go.microsoft.com/fwlink/p/?LinkId=330680) - -**Office 2010 App-V Packages** - -[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330681) - -[Known issues when you create or use an App-V 5.0 Office 2010 package](https://go.microsoft.com/fwlink/p/?LinkId=330682) - -[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330676) - -**Connection Groups** - -[Deploying Connection Groups in Microsoft App-V v5](https://go.microsoft.com/fwlink/p/?LinkId=330683) - -[Managing Connection Groups](managing-connection-groups51.md) - -**Dynamic Configuration** - -[About App-V 5.1 Dynamic Configuration](about-app-v-51-dynamic-configuration.md) - - - - - - - - - - - - - - diff --git a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md b/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md deleted file mode 100644 index ec3642bc65..0000000000 --- a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md +++ /dev/null @@ -1,894 +0,0 @@ ---- -title: Deploying Microsoft Office 2013 by Using App-V -description: Deploying Microsoft Office 2013 by Using App-V -author: dansimp -ms.assetid: 02df5dc8-79e2-4c5c-8398-dbfb23344ab3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 11/02/2016 ---- - - -# Deploying Microsoft Office 2013 by Using App-V - - -Use the information in this article to use Microsoft Application Virtualization 5.0, or later versions, to deliver Microsoft Office 2013 as a virtualized application to computers in your organization. For information about using App-V to deliver Office 2010, see [Deploying Microsoft Office 2010 by Using App-V](deploying-microsoft-office-2010-by-using-app-v.md). To successfully deploy Office 2013 with App-V, you need to be familiar with Office 2013 and pp-V. - -This topic contains the following sections: - -- [What to know before you start](#bkmk-before-you-start) - -- [Creating an Office 2013 package for App-V with the Office Deployment Tool](#bkmk-create-office-pkg) - -- [Publishing the Office package for App-V 5.0](#bkmk-pub-pkg-office) - -- [Customizing and managing Office App-V packages](#bkmk-custmz-manage-office-pkgs) - -## What to know before you start - - -Before you deploy Office 2013 by using App-V, review the following planning information. - -### Supported Office versions and Office coexistence - -Use the following table to get information about supported versions of Office and about running coexisting versions of Office. - - ---- - - - - - - - - - - - - - - - - -
Information to reviewDescription

Planning for Using App-V with Office

    -

  • Supported versions of Office

    • -

  • Supported deployment types (for example, desktop, personal Virtual Desktop Infrastructure (VDI), pooled VDI)

    • -

  • Office licensing options

    • -

Planning for Using App-V with Office

Considerations for installing different versions of Office on the same computer

- - - -### Packaging, publishing, and deployment requirements - -Before you deploy Office by using App-V, review the following requirements. - - ---- - - - - - - - - - - - - - - - - - - - - -
TaskRequirement

Packaging

    -

  • All of the Office applications that you want to deploy to users must be in a single package.

    • -

  • In App-V 5.0 and later, you must use the Office Deployment Tool to create packages. You cannot use the Sequencer.

    • -

  • If you are deploying Microsoft Visio 2013 and Microsoft Project 2013 along with Office, you must include them in the same package with Office. For more information, see Deploying Visio 2013 and Project 2013 with Office.

    • -

Publishing

    -

  • You can publish only one Office package to each client computer.

    • -

  • You must publish the Office package globally. You cannot publish to the user.

    • -

Deploying any of the following products to a shared computer, for example, by using Remote Desktop Services:

-
    -

  • Microsoft 365 Apps for enterprise

    • -

  • Visio Pro for Office 365

    • -

  • Project Pro for Office 365

    • -

You must enable shared computer activation.

-

You don’t use shared computer activation if you’re deploying a volume licensed product, such as:

-
    -

  • Office Professional Plus 2013

    • -

  • Visio Professional 2013

    • -

  • Project Professional 2013

    • -
- - - -### Excluding Office applications from a package - -The following table describes the recommended methods for excluding specific Office applications from a package. - - ---- - - - - - - - - - - - - - - - - -
TaskDetails

Use the ExcludeApp setting when you create the package by using the Office Deployment Tool.

    -

  • Enables you to exclude specific Office applications from the package when the Office Deployment Tool creates the package. For example, you can use this setting to create a package that contains only Microsoft Word.

    • -

  • For more information, see ExcludeApp element.

    • -

Modify the DeploymentConfig.xml file

    -

  • Modify the DeploymentConfig.xml file after the package has been created. This file contains the default package settings for all users on a computer that is running the App-V Client.

    • -

  • For more information, see Disabling Office 2013 applications.

    • -
- - - -## Creating an Office 2013 package for App-V with the Office Deployment Tool - - -Complete the following steps to create an Office 2013 package for App-V 5.0 or later. - -**Important** -In App-V 5.0 and later, you must the Office Deployment Tool to create a package. You cannot use the Sequencer to create packages. - - -### Review prerequisites for using the Office Deployment Tool - -The computer on which you are installing the Office Deployment Tool must have: - - ---- - - - - - - - - - - - - - - - - -
PrerequisiteDescription

Prerequisite software

.Net Framework 4

Supported operating systems

    -

  • 64-bit version of Windows 8

    • -

  • 64-bit version of Windows 7

    • -
- - -**Note** -In this topic, the term “Office 2013 App-V package” refers to subscription licensing and volume licensing. - - -### Create Office 2013 App-V Packages Using Office Deployment Tool - -You create Office 2013 App-V packages by using the Office Deployment Tool. The following instructions explain how to create an Office 2013 App-V package with Volume Licensing or Subscription Licensing. - -Create Office 2013 App-V packages on 64-bit Windows computers. Once created, the Office 2013 App-V package will run on 32-bit and 64-bit Windows 7 and Windows 8 computers. - -### Download the Office Deployment Tool - -Office 2013 App-V Packages are created using the Office Deployment Tool, which generates an Office 2013 App-V Package. The package cannot be created or modified through the App-V sequencer. To begin package creation: - -1. Download the [Office Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=36778). - -2. Run the .exe file and extract its features into the desired location. To make this process easier, you can create a shared network folder where the features will be saved. - - Example: \\\\Server\\Office2013 - -3. Check that a setup.exe and a configuration.xml file exist and are in the location you specified. - -### Download Office 2013 applications - -After you download the Office Deployment Tool, you can use it to get the latest Office 2013 applications. After getting the Office applications, you create the Office 2013 App-V package. - -The XML file that is included in the Office Deployment Tool specifies the product details, such as the languages and Office applications included. - -1. **Customize the sample XML configuration file:** Use the sample XML configuration file that you downloaded with the Office Deployment Tool to customize the Office applications: - - 1. Open the sample XML file in Notepad or your favorite text editor. - - 2. With the sample configuration.xml file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2013 applications. The following is a basic example of the configuration.xml file: - - ```xml - - - - - - - - - - - ``` - - **Note** - The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file. - - The above XML configuration file specifies that Office 2013 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office 2013, which is the location where Office applications will be saved to. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2013 App-V packages with various licensing can be created from the same applications through specifying licensing in a later stage. The table below summarizes the customizable attributes and elements of XML file: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
InputDescriptionExample

Add element

Specifies the products and languages to include in the package.

N/A

OfficeClientEdition (attribute of Add element)

Specifies the edition of Office 2013 product to use: 32-bit or 64-bit. The operation fails if OfficeClientEdition is not set to a valid value.

OfficeClientEdition="32"

-

OfficeClientEdition="64"

Product element

Specifies the application. Project 2013 and Visio 2013 must be specified here as an added product to be included in the applications.

Product ID ="O365ProPlusRetail "

-

Product ID ="VisioProRetail"

-

Product ID ="ProjectProRetail"

-

Product ID ="ProPlusVolume"

-

Product ID ="VisioProVolume"

-

Product ID = "ProjectProVolume"

Language element

Specifies the language supported in the applications

Language ID="en-us"

Version (attribute of Add element)

Optional. Specifies a build to use for the package

-

Defaults to latest advertised build (as defined in v32.CAB at the Office source).

15.1.2.3

SourcePath (attribute of Add element)

Specifies the location in which the applications will be saved to.

Sourcepath = "\Server\Office2013”

- - After editing the configuration.xml file to specify the desired product, languages, and also the location which the Office 2013 applications will be saved onto, you can save the configuration file, for example, as Customconfig.xml. - -2. **Download the applications into the specified location:** Use an elevated command prompt and a 64 bit operating system to download the Office 2013 applications that will later be converted into an App-V package. Below is an example command with description of details: - - ``` syntax - \\server\Office2013\setup.exe /download \\server\Office2013\Customconfig.xml - ``` - - In the example: - - - - - - - - - - - - - - - - - - - - - - - - -

\server\Office2013

is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.

Setup.exe

is the Office Deployment Tool.

/download

downloads the Office 2013 applications that you specify in the customConfig.xml file. These bits can be later converted in an Office 2013 App-V package with Volume Licensing.

\server\Office2013\Customconfig.xml

passes the XML configuration file required to complete the download process, in this example, customconfig.xml. After using the download command, Office applications should be found in the location specified in the configuration xml file, in this example \Server\Office2013.

- - - -### Convert the Office applications into an App-V package - -After you download the Office 2013 applications through the Office Deployment Tool, use the Office Deployment Tool to convert them into an Office 2013 App-V package. Complete the steps that correspond to your licensing model. - -**Summary of what you’ll need to do:** - -- Create the Office 2013 App-V packages on 64-bit Windows computers. However, the package will run on 32-bit and 64-bit Windows 7 and Windows 8 computers. - -- Create an Office App-V package for either Subscription Licensing package or Volume Licensing by using the Office Deployment Tool, and then modify the CustomConfig.xml configuration file. - - The following table summarizes the values you need to enter in the CustomConfig.xml file for the licensing model you’re using. The steps in the sections that follow the table will specify the exact entries you need to make. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
Product IDVolume LicensingSubscription Licensing

Office 2013

ProPlusVolume

O365ProPlusRetail

Office 2013 with Visio 2013

ProPlusVolume

-

VisioProVolume

O365ProPlusRetail

-

VisioProRetail

Office 2013 with Visio 2013 and Project 2013

ProPlusVolume

-

VisioProVolume

-

ProjectProVolume

O365ProPlusRetail

-

VisioProRetail

-

ProjectProRetail

- - - -**How to convert the Office applications into an App-V package** - -1. In Notepad, reopen the CustomConfig.xml file, and make the following changes to the file: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterWhat to change the value to

SourcePath

Point to the Office applications downloaded earlier.

ProductID

Specify the type of licensing, as shown in the following examples:

-
    -

  • Subscription Licensing

    - 
    <Configuration>
-      <Add SourcePath= "\server\Office 2013" OfficeClientEdition="32" >
-       <Product ID="O365ProPlusRetail">
-         <Language ID="en-us" />
-       </Product>
-       <Product ID="VisioProRetail">
-         <Language ID="en-us" />
-       </Product>
-     </Add>
-   </Configuration>
    -

    In this example, the following changes were made to create a package with Subscription licensing:

    - - - - - - - - - - - - - - - - - - - -

    SourcePath

    is the path, which was changed to point to the Office applications that were downloaded earlier.

    Product ID

    for Office was changed to O365ProPlusRetail.

    Product ID

    for Visio was changed to VisioProRetail.

    -

    -

    • -

  • Volume Licensing

    - 
    <Configuration>
-      <Add SourcePath= "\Server\Office2013" OfficeClientEdition="32" >
-       <Product ID="ProPlusVolume">
-         <Language ID="en-us" />
-       </Product>
-       <Product ID="VisioProVolume">
-         <Language ID="en-us" />
-       </Product>
-     </Add>
-   </Configuration>
    -

    In this example, the following changes were made to create a package with Volume licensing:

    - - - - - - - - - - - - - - - - - - - -

    SourcePath

    is the path, which was changed to point to the Office applications that were downloaded earlier.

    Product ID

    for Office was changed to ProPlusVolume.

    Product ID

    for Visio was changed to VisioProVolume.

    -

    -

    • -

ExcludeApp (optional)

Lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access and InfoPath.

PACKAGEGUID (optional)

By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.

-

An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2013 for some users, and create another package with Office 2013 and Visio 2013 for another set of users.

-
- Note

Even if you use unique package IDs, you can still deploy only one App-V package to a single device.

-
-
- -
- - - -2. Use the /packager command to convert the Office applications to an Office 2013 App-V package. - - For example: - - ``` syntax - \\server\Office2013\setup.exe /packager \\server\Office2013\Customconfig.xml \\server\share\Office2013AppV - ``` - - In the example: - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

\server\Office2013

is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.

Setup.exe

is the Office Deployment Tool.

/packager

creates the Office 2013 App-V package with Volume Licensing as specified in the customConfig.xml file.

\server\Office2013\Customconfig.xml

passes the configuration XML file (in this case customConfig) that has been prepared for the packaging stage.

\server\share\Office 2013AppV

specifies the location of the newly created Office App-V package.

- - - -~~~ -After you run the **/packager** command, the following folders appear up in the directory where you specified the package should be saved: - -- **App-V Packages** – contains an Office 2013 App-V package and two deployment configuration files. - -- **WorkingDir** - -**Note** -To troubleshoot any issues, see the log files in the %temp% directory (default). -~~~ - - - -3. Verify that the Office 2013 App-V package works correctly: - - 1. Publish the Office 2013 App-V package, which you created globally, to a test computer, and verify that the Office 2013 shortcuts appear. - - 2. Start a few Office 2013 applications, such as Excel or Word, to ensure that your package is working as expected. - -## Publishing the Office package for App-V 5.0 - - -Use the following information to publish an Office package. - -### Methods for publishing Office App-V packages - -Deploy the App-V package for Office 2013 by using the same methods you use for any other package: - -- System Center Configuration Manager - -- App-V Server - -- Stand-alone through PowerShell commands - -### Publishing prerequisites and requirements - - ---- - - - - - - - - - - - - - - - - -
Prerequisite or requirementDetails

Enable PowerShell scripting on the App-V clients

To publish Office 2013 packages, you must run a script.

-

Package scripts are disabled by default on App-V clients. To enable scripting, run the following PowerShell command:

-
Set-AppvClientConfiguration –EnablePackageScripts 1

Publish the Office 2013 package globally

Extension points in the Office App-V package require installation at the computer level.

-

When you publish at the computer level, no prerequisite actions or redistributables are needed, and the Office 2013 package globally enables its applications to work like natively installed Office, eliminating the need for administrators to customize packages.

- - - -### How to publish an Office package - -Run the following command to publish an Office package globally: - -- `Add-AppvClientPackage | Publish-AppvClientPackage –global` - -- From the Web Management Console on the App-V Server, you can add permissions to a group of computers instead of to a user group to enable packages to be published globally to the computers in the corresponding group. - -## Customizing and managing Office App-V packages - - -To manage your Office App-V packages, use the same operations as you would for any other package, but there are a few exceptions, as outlined in the following sections. - -- [Enabling Office plug-ins by using connection groups](#bkmk-enable-office-plugins) - -- [Disabling Office 2013 applications](#bkmk-disable-office-apps) - -- [Disabling Office 2013 shortcuts](#bkmk-disable-shortcuts) - -- [Managing Office 2013 package upgrades](#bkmk-manage-office-pkg-upgrd) - -- [Managing Office 2013 licensing upgrades](#bkmk-manage-office-lic-upgrd) - -- [Deploying Visio 2013 and Project 2013 with Office](#bkmk-deploy-visio-project) - -### Enabling Office plug-ins by using connection groups - -Use the steps in this section to enable Office plug-ins with your Office package. To use Office plug-ins, you must use the App-V Sequencer to create a separate package that contains just the plug-ins. You cannot use the Office Deployment Tool to create the plug-ins package. You then create a connection group that contains the Office package and the plug-ins package, as described in the following steps. - -**To enable plug-ins for Office App-V packages** - -1. Add a Connection Group through App-V Server, System Center Configuration Manager, or a PowerShell cmdlet. - -2. Sequence your plug-ins using the App-V 5.0 Sequencer. Ensure that Office 2013 is installed on the computer being used to sequence the plug-in. It is recommended you use Microsoft 365 Apps for enterprise(non-virtual) on the sequencing computer when you sequence Office 2013 plug-ins. - -3. Create an App-V 5.0 package that includes the desired plug-ins. - -4. Add a Connection Group through App-V server, System Center Configuration Manager, or a PowerShell cmdlet. - -5. Add the Office 2013 App-V package and the plug-ins package you sequenced to the Connection Group you created. - - **Important** - The order of the packages in the Connection Group determines the order in which the package contents are merged. In your Connection group descriptor file, add the Office 2013 App-V package first, and then add the plug-in App-V package. - - - -6. Ensure that both packages are published to the target computer and that the plug-in package is published globally to match the global settings of the published Office 2013 App-V package. - -7. Verify that the Deployment Configuration File of the plug-in package has the same settings that the Office 2013 App-V package has. - - Since the Office 2013 App-V package is integrated with the operating system, the plug-in package settings should match. You can search the Deployment Configuration File for “COM Mode” and ensure that your plug-ins package has that value set as “Integrated” and that both "InProcessEnabled" and "OutOfProcessEnabled" match the settings of the Office 2013 App-V package you published. - -8. Open the Deployment Configuration File and set the value for **Objects Enabled** to **false**. - -9. If you made any changes to the Deployment Configuration file after sequencing, ensure that the plug-in package is published with the file. - -10. Ensure that the Connection Group you created is enabled onto your desired computer. The Connection Group created will likely “pend” if the Office 2013 App-V package is in use when the Connection Group is enabled. If that happens, you have to reboot to successfully enable the Connection Group. - -11. After you successfully publish both packages and enable the Connection Group, start the target Office 2013 application and verify that the plug-in you published and added to the connection group works as expected. - -### Disabling Office 2013 applications - -You may want to disable specific applications in your Office App-V package. For instance, you can disable Access, but leave all other Office application main available. When you disable an application, the end user will no longer see the shortcut for that application. You do not have to re-sequence the application. When you change the Deployment Configuration File after the Office 2013 App-V package has been published, you will save the changes, add the Office 2013 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2013 App-V Package applications. - -**Note** -To exclude specific Office applications (for example, Access and InfoPath) when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting. For more information, see [Reference for Click-to-Run configuration.xml file](https://technet.microsoft.com/library/jj219426.aspx). - - - -**To disable an Office 2013 application** - -1. Open a Deployment Configuration File with a text editor such as **Notepad** and search for “Applications." - -2. Search for the Office application you want to disable, for example, Access 2013. - -3. Change the value of "Enabled" from "true" to "false." - -4. Save the Deployment Configuration File. - -5. Add the Office 2013 App-V Package with the new Deployment Configuration File. - - ```xml - - - InfoPath Filler 2013 - - - - - - - Lync 2013 - - - - - - - Access 2013 - - - - - ``` - -6. Re-add the Office 2013 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2013 App-V Package applications. - -### Disabling Office 2013 shortcuts - -You may want to disable shortcuts for certain Office applications instead of unpublishing or removing the package. The following example shows how to disable shortcuts for Microsoft Access. - -**To disable shortcuts for Office 2013 applications** - -1. Open a Deployment Configuration File in Notepad and search for “Shortcuts”. - -2. To disable certain shortcuts, delete or comment out the specific shortcuts you don’t want. You must keep the subsystem present and enabled. For example, in the example below, delete the Microsoft Access shortcuts, while keeping the subsystems <shortcut> </shortcut> intact to disable the Microsoft Access shortcut. - - ``` syntax - Shortcuts - - --> - - - - - [{Common Programs}]\Microsoft Office 2013\Access 2013.lnk - [{AppvPackageRoot}])office15\MSACCESS.EXE - [{Windows}]\Installer\{90150000-000F-0000-0000-000000FF1CE)\accicons.exe.Ø.ico - - - Microsoft.Office.MSACCESS.EXE.15 - true - Build a professional app quickly to manage data. - l - [{AppVPackageRoot}]\office15\MSACCESS.EXE - - ``` - -3. Save the Deployment Configuration File. - -4. Republish Office 2013 App-V Package with new Deployment Configuration File. - -Many additional settings can be changed through modifying the Deployment Configuration for App-V packages, for example, file type associations, Virtual File System, and more. For additional information on how to use Deployment Configuration Files to change App-V package settings, refer to the additional resources section at the end of this document. - -### Managing Office 2013 package upgrades - -To upgrade an Office 2013 package, use the Office Deployment Tool. To upgrade a previously deployed Office 2013 package, perform the following steps. - -**How to upgrade a previously deployed Office 2013 package** - -1. Create a new Office 2013 package through the Office Deployment Tool that uses the most recent Office 2013 application software. The most recent Office 2013 bits can always be obtained through the download stage of creating an Office 2013 App-V Package. The newly created Office 2013 package will have the most recent updates and a new Version ID. All packages created using the Office Deployment Tool have the same lineage. - - **Note** - Office App-V packages have two Version IDs: - - - An Office 2013 App-V Package Version ID that is unique across all packages created using the Office Deployment Tool. - - - A second App-V Package Version ID, x.x.x.x for example, in the AppX manifest that will only change if there is a new version of Office itself. For example, if a new Office 2013 release with upgrades is available, and a package is created through the Office Deployment Tool to incorporate these upgrades, the X.X.X.X version ID will change to reflect that the Office version itself has changed. The App-V server will use the X.X.X.X version ID to differentiate this package and recognize that it contains new upgrades to the previously published package, and as a result, publish it as an upgrade to the existing Office 2013 package. - - - -2. Globally publish the newly created Office 2013 App-V Packages onto computers where you would like to apply the new updates. Since the new package has the same lineage of the older Office 2013 App-V Package, publishing the new package with the updates will only apply the new changes to the old package, and thus will be fast. - -3. Upgrades will be applied in the same manner of any globally published App-V Packages. Because applications will probably be in use, upgrades might be delayed until the computer is rebooted. - -### Managing Office 2013 licensing upgrades - -If a new Office 2013 App-V Package has a different license than the Office 2013 App-V Package currently deployed. For instance, the Office 2013 package deployed is a subscription based Office 2013 and the new Office 2013 package is Volume Licensing based, the following instructions must be followed to ensure smooth licensing upgrade: - -**How to upgrade an Office 2013 License** - -1. Unpublish the already deployed Office 2013 Subscription Licensing App-V package. - -2. Remove the unpublished Office 2013 Subscription Licensing App-V package. - -3. Restart the computer. - -4. Add the new Office 2013 App-V Package Volume Licensing. - -5. Publish the added Office 2013 App-V Package with Volume Licensing. - -An Office 2013 App-V Package with your chosen licensing will be successfully deployed. - -### Deploying Visio 2013 and Project 2013 with Office - -The following table describes the requirements and options for deploying Visio 2013 and Project 2013 with Office. - - ---- - - - - - - - - - - - - - - - - -
TaskDetails

How do I package and publish Visio 2013 and Project 2013 with Office?

You must include Visio 2013 and Project 2013 in the same package with Office.

-

If you aren’t deploying Office, you can create a package that contains Visio and/or Project, as long as you follow Deploying Microsoft Office 2010 by Using App-V.

How can I deploy Visio 2013 and Project 2013 to specific users?

Use one of the following methods:

- ---- - - - - - - - - - - - - - - - - -
If you want to......then use this method

Create two different packages and deploy each one to a different group of users

Create and deploy the following packages:

-
    -

  • A package that contains only Office - deploy to computers whose users need only Office.

    • -

  • A package that contains Office, Visio, and Project - deploy to computers whose users need all three applications.

    • -

If you want only one package for the whole organization, or if you have users who share computers:

Follows these steps:

-
    -

  1. Create a package that contains Office, Visio, and Project.

    2. -

  2. Deploy the package to all users.

    3. -

  3. Use Microsoft AppLocker to prevent specific users from using Visio and Project.

    4. -
-

- - - -## Additional resources - - -**Office 2013 App-V 5.0 Packages 5.0 Additional Resources** - -[Office Deployment Tool for Click-to-Run](https://go.microsoft.com/fwlink/p/?LinkID=330672) - -[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://go.microsoft.com/fwlink/p/?LinkId=330680) - -**Office 2010 App-V 5.0 Packages** - -[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330681) - -[Known issues when you create or use an App-V 5.0 Office 2010 package](https://go.microsoft.com/fwlink/p/?LinkId=330682) - -[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330676) - -**Connection Groups** - -[Deploying Connection Groups in Microsoft App-V v5](https://go.microsoft.com/fwlink/p/?LinkId=330683) - -[Managing Connection Groups](managing-connection-groups.md) - -**Dynamic Configuration** - -[About App-V 5.0 Dynamic Configuration](about-app-v-50-dynamic-configuration.md) - - - - - - - - - - - - - - diff --git a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md b/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md deleted file mode 100644 index 3c08f56eaf..0000000000 --- a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md +++ /dev/null @@ -1,902 +0,0 @@ ---- -title: Deploying Microsoft Office 2013 by Using App-V -description: Deploying Microsoft Office 2013 by Using App-V -author: dansimp -ms.assetid: 9a7be05e-2a7a-4874-af25-09c0f5037876 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 11/02/2016 ---- - - -# Deploying Microsoft Office 2013 by Using App-V - - -Use the information in this article to use Microsoft Application Virtualization (App-V) 5.1, or later versions, to deliver Microsoft Office 2013 as a virtualized application to computers in your organization. For information about using App-V to deliver Office 2010, see [Deploying Microsoft Office 2010 by Using App-V](deploying-microsoft-office-2010-by-using-app-v51.md). To successfully deploy Office 2013 with App-V, you need to be familiar with Office 2013 and App-V. - -This topic contains the following sections: - -- [What to know before you start](#bkmk-before-you-start) - -- [Creating an Office 2013 package for App-V with the Office Deployment Tool](#bkmk-create-office-pkg) - -- [Publishing the Office package for App-V 5.1](#bkmk-pub-pkg-office) - -- [Customizing and managing Office App-V packages](#bkmk-custmz-manage-office-pkgs) - -## What to know before you start - - -Before you deploy Office 2013 by using App-V, review the following planning information. - -### Supported Office versions and Office coexistence - -Use the following table to get information about supported versions of Office and about running coexisting versions of Office. - - ---- - - - - - - - - - - - - - - - - -
Information to reviewDescription

Planning for Using App-V with Office

    -

  • Supported versions of Office

    • -

  • Supported deployment types (for example, desktop, personal Virtual Desktop Infrastructure (VDI), pooled VDI)

    • -

  • Office licensing options

    • -

Planning for Using App-V with Office

Considerations for installing different versions of Office on the same computer

- - -### Packaging, publishing, and deployment requirements - -Before you deploy Office by using App-V, review the following requirements. - - ---- - - - - - - - - - - - - - - - - - - - - -
TaskRequirement

Packaging

    -

  • All of the Office applications that you want to deploy to users must be in a single package.

    • -

  • In App-V 5.1 and later, you must use the Office Deployment Tool to create packages. You cannot use the Sequencer.

    • -

  • If you are deploying Microsoft Visio 2013 and Microsoft Project 2013 along with Office, you must include them in the same package with Office. For more information, see Deploying Visio 2013 and Project 2013 with Office.

    • -

Publishing

    -

  • You can publish only one Office package to each client computer.

    • -

  • You must publish the Office package globally. You cannot publish to the user.

    • -

Deploying any of the following products to a shared computer, for example, by using Remote Desktop Services:

-
    -

  • Microsoft 365 Apps for enterprise

    • -

  • Visio Pro for Office 365

    • -

  • Project Pro for Office 365

    • -

You must enable shared computer activation.

-

You don’t use shared computer activation if you’re deploying a volume licensed product, such as:

-
    -

  • Office Professional Plus 2013

    • -

  • Visio Professional 2013

    • -

  • Project Professional 2013

    • -
- - - -### Excluding Office applications from a package - -The following table describes the recommended methods for excluding specific Office applications from a package. - - ---- - - - - - - - - - - - - - - - - -
TaskDetails

Use the ExcludeApp setting when you create the package by using the Office Deployment Tool.

    -

  • Enables you to exclude specific Office applications from the package when the Office Deployment Tool creates the package. For example, you can use this setting to create a package that contains only Microsoft Word.

    • -

  • For more information, see ExcludeApp element.

    • -

Modify the DeploymentConfig.xml file

    -

  • Modify the DeploymentConfig.xml file after the package has been created. This file contains the default package settings for all users on a computer that is running the App-V Client.

    • -

  • For more information, see Disabling Office 2013 applications.

    • -
- - - -## Creating an Office 2013 package for App-V with the Office Deployment Tool - - -Complete the following steps to create an Office 2013 package for App-V 5.1 or later. - -**Important** -In App-V 5.1 and later, you must the Office Deployment Tool to create a package. You cannot use the Sequencer to create packages. - - - -### Review prerequisites for using the Office Deployment Tool - -The computer on which you are installing the Office Deployment Tool must have: - - ---- - - - - - - - - - - - - - - - - -
PrerequisiteDescription

Prerequisite software

.Net Framework 4

Supported operating systems

    -

  • 64-bit version of Windows 8 or later

    • -

  • 64-bit version of Windows 7

    • -
- - - -**Note** -In this topic, the term “Office 2013 App-V package” refers to subscription licensing and volume licensing. - - - -### Create Office 2013 App-V Packages Using Office Deployment Tool - -You create Office 2013 App-V packages by using the Office Deployment Tool. The following instructions explain how to create an Office 2013 App-V package with Volume Licensing or Subscription Licensing. - -Create Office 2013 App-V packages on 64-bit Windows computers. Once created, the Office 2013 App-V package will run on 32-bit and 64-bit Windows 7, Windows 8.1, and Windows 10 computers. - -### Download the Office Deployment Tool - -Office 2013 App-V Packages are created using the Office Deployment Tool, which generates an Office 2013 App-V Package. The package cannot be created or modified through the App-V sequencer. To begin package creation: - -1. Download the [Office Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=36778). - -2. Run the .exe file and extract its features into the desired location. To make this process easier, you can create a shared network folder where the features will be saved. - - Example: \\\\Server\\Office2013 - -3. Check that a setup.exe and a configuration.xml file exist and are in the location you specified. - -### Download Office 2013 applications - -After you download the Office Deployment Tool, you can use it to get the latest Office 2013 applications. After getting the Office applications, you create the Office 2013 App-V package. - -The XML file that is included in the Office Deployment Tool specifies the product details, such as the languages and Office applications included. - -1. **Customize the sample XML configuration file:** Use the sample XML configuration file that you downloaded with the Office Deployment Tool to customize the Office applications: - - 1. Open the sample XML file in Notepad or your favorite text editor. - - 2. With the sample configuration.xml file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2013 applications. The following is a basic example of the configuration.xml file: - - ```xml - - - - - - - - - - - ``` - - **Note** - The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file. - - - -~~~ - The above XML configuration file specifies that Office 2013 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office 2013, which is the location where Office applications will be saved to. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2013 App-V packages with various licensing can be created from the same applications through specifying licensing in a later stage. The table below summarizes the customizable attributes and elements of XML file: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
InputDescriptionExample

Add element

Specifies the products and languages to include in the package.

N/A

OfficeClientEdition (attribute of Add element)

Specifies the edition of Office 2013 product to use: 32-bit or 64-bit. The operation fails if OfficeClientEdition is not set to a valid value.

OfficeClientEdition="32"

-

OfficeClientEdition="64"

Product element

Specifies the application. Project 2013 and Visio 2013 must be specified here as an added product to be included in the applications.

Product ID ="O365ProPlusRetail "

-

Product ID ="VisioProRetail"

-

Product ID ="ProjectProRetail"

-

Product ID ="ProPlusVolume"

-

Product ID ="VisioProVolume"

-

Product ID = "ProjectProVolume"

Language element

Specifies the language supported in the applications

Language ID="en-us"

Version (attribute of Add element)

Optional. Specifies a build to use for the package

-

Defaults to latest advertised build (as defined in v32.CAB at the Office source).

15.1.2.3

SourcePath (attribute of Add element)

Specifies the location in which the applications will be saved to.

Sourcepath = "\\Server\Office2013”

- - - - After editing the configuration.xml file to specify the desired product, languages, and also the location which the Office 2013 applications will be saved onto, you can save the configuration file, for example, as Customconfig.xml. -~~~ - -2. **Download the applications into the specified location:** Use an elevated command prompt and a 64 bit operating system to download the Office 2013 applications that will later be converted into an App-V package. Below is an example command with description of details: - - ``` syntax - \\server\Office2013\setup.exe /download \\server\Office2013\Customconfig.xml - ``` - - In the example: - - - - - - - - - - - - - - - - - - - - - - - - -

\server\Office2013

is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.

Setup.exe

is the Office Deployment Tool.

/download

downloads the Office 2013 applications that you specify in the customConfig.xml file. These bits can be later converted in an Office 2013 App-V package with Volume Licensing.

\server\Office2013\Customconfig.xml

passes the XML configuration file required to complete the download process, in this example, customconfig.xml. After using the download command, Office applications should be found in the location specified in the configuration xml file, in this example \Server\Office2013.

- - - -### Convert the Office applications into an App-V package - -After you download the Office 2013 applications through the Office Deployment Tool, use the Office Deployment Tool to convert them into an Office 2013 App-V package. Complete the steps that correspond to your licensing model. - -**Summary of what you’ll need to do:** - -- Create the Office 2013 App-V packages on 64-bit Windows computers. However, the package will run on 32-bit and 64-bit Windows 7, Windows 8, and Windows 10 computers. - -- Create an Office App-V package for either Subscription Licensing package or Volume Licensing by using the Office Deployment Tool, and then modify the CustomConfig.xml configuration file. - - The following table summarizes the values you need to enter in the CustomConfig.xml file for the licensing model you’re using. The steps in the sections that follow the table will specify the exact entries you need to make. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
Product IDVolume LicensingSubscription Licensing

Office 2013

ProPlusVolume

O365ProPlusRetail

Office 2013 with Visio 2013

ProPlusVolume

-

VisioProVolume

O365ProPlusRetail

-

VisioProRetail

Office 2013 with Visio 2013 and Project 2013

ProPlusVolume

-

VisioProVolume

-

ProjectProVolume

O365ProPlusRetail

-

VisioProRetail

-

ProjectProRetail

- - - -**How to convert the Office applications into an App-V package** - -1. In Notepad, reopen the CustomConfig.xml file, and make the following changes to the file: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterWhat to change the value to

SourcePath

Point to the Office applications downloaded earlier.

ProductID

Specify the type of licensing, as shown in the following examples:

-
    -

  • Subscription Licensing

    - 
    <Configuration>
-      <Add SourcePath= "\server\Office 2013" OfficeClientEdition="32" >
-       <Product ID="O365ProPlusRetail">
-         <Language ID="en-us" />
-       </Product>
-       <Product ID="VisioProRetail">
-         <Language ID="en-us" />
-       </Product>
-     </Add>
-   </Configuration>
    -

    In this example, the following changes were made to create a package with Subscription licensing:

    - - - - - - - - - - - - - - - - - - - -

    SourcePath

    is the path, which was changed to point to the Office applications that were downloaded earlier.

    Product ID

    for Office was changed to O365ProPlusRetail.

    Product ID

    for Visio was changed to VisioProRetail.

    -

    -

    • -

  • Volume Licensing

    - 
    <Configuration>
-      <Add SourcePath= "\Server\Office2013" OfficeClientEdition="32" >
-       <Product ID="ProPlusVolume">
-         <Language ID="en-us" />
-       </Product>
-       <Product ID="VisioProVolume">
-         <Language ID="en-us" />
-       </Product>
-     </Add>
-   </Configuration>
    -

    In this example, the following changes were made to create a package with Volume licensing:

    - - - - - - - - - - - - - - - - - - - -

    SourcePath

    is the path, which was changed to point to the Office applications that were downloaded earlier.

    Product ID

    for Office was changed to ProPlusVolume.

    Product ID

    for Visio was changed to VisioProVolume.

    -

    -

    • -

ExcludeApp (optional)

Lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access and InfoPath.

PACKAGEGUID (optional)

By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.

-

An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2013 for some users, and create another package with Office 2013 and Visio 2013 for another set of users.

-
- Note

Even if you use unique package IDs, you can still deploy only one App-V package to a single device.

-
-
- -
- - - -2. Use the /packager command to convert the Office applications to an Office 2013 App-V package. - - For example: - - ``` syntax - \\server\Office2013\setup.exe /packager \\server\Office2013\Customconfig.xml \\server\share\Office2013AppV - ``` - - In the example: - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

\server\Office2013

is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.

Setup.exe

is the Office Deployment Tool.

/packager

creates the Office 2013 App-V package with Volume Licensing as specified in the customConfig.xml file.

\server\Office2013\Customconfig.xml

passes the configuration XML file (in this case customConfig) that has been prepared for the packaging stage.

\server\share\Office 2013AppV

specifies the location of the newly created Office App-V package.

- - - -~~~ -After you run the **/packager** command, the following folders appear up in the directory where you specified the package should be saved: - -- **App-V Packages** – contains an Office 2013 App-V package and two deployment configuration files. - -- **WorkingDir** - -**Note** -To troubleshoot any issues, see the log files in the %temp% directory (default). -~~~ - - - -3. Verify that the Office 2013 App-V package works correctly: - - 1. Publish the Office 2013 App-V package, which you created globally, to a test computer, and verify that the Office 2013 shortcuts appear. - - 2. Start a few Office 2013 applications, such as Excel or Word, to ensure that your package is working as expected. - -## Publishing the Office package for App-V 5.1 - - -Use the following information to publish an Office package. - -### Methods for publishing Office App-V packages - -Deploy the App-V package for Office 2013 by using the same methods you use for any other package: - -- System Center Configuration Manager - -- App-V Server - -- Stand-alone through PowerShell commands - -### Publishing prerequisites and requirements - - ---- - - - - - - - - - - - - - - - - -
Prerequisite or requirementDetails

Enable PowerShell scripting on the App-V clients

To publish Office 2013 packages, you must run a script.

-

Package scripts are disabled by default on App-V clients. To enable scripting, run the following PowerShell command:

-
Set-AppvClientConfiguration –EnablePackageScripts 1

Publish the Office 2013 package globally

Extension points in the Office App-V package require installation at the computer level.

-

When you publish at the computer level, no prerequisite actions or redistributables are needed, and the Office 2013 package globally enables its applications to work like natively installed Office, eliminating the need for administrators to customize packages.

- - - -### How to publish an Office package - -Run the following command to publish an Office package globally: - -- `Add-AppvClientPackage | Publish-AppvClientPackage –global` - -- From the Web Management Console on the App-V Server, you can add permissions to a group of computers instead of to a user group to enable packages to be published globally to the computers in the corresponding group. - -## Customizing and managing Office App-V packages - - -To manage your Office App-V packages, use the same operations as you would for any other package, but there are a few exceptions, as outlined in the following sections. - -- [Enabling Office plug-ins by using connection groups](#bkmk-enable-office-plugins) - -- [Disabling Office 2013 applications](#bkmk-disable-office-apps) - -- [Disabling Office 2013 shortcuts](#bkmk-disable-shortcuts) - -- [Managing Office 2013 package upgrades](#bkmk-manage-office-pkg-upgrd) - -- [Managing Office 2013 licensing upgrades](#bkmk-manage-office-lic-upgrd) - -- [Deploying Visio 2013 and Project 2013 with Office](#bkmk-deploy-visio-project) - -### Enabling Office plug-ins by using connection groups - -Use the steps in this section to enable Office plug-ins with your Office package. To use Office plug-ins, you must use the App-V Sequencer to create a separate package that contains just the plug-ins. You cannot use the Office Deployment Tool to create the plug-ins package. You then create a connection group that contains the Office package and the plug-ins package, as described in the following steps. - -**To enable plug-ins for Office App-V packages** - -1. Add a Connection Group through App-V Server, System Center Configuration Manager, or a PowerShell cmdlet. - -2. Sequence your plug-ins using the App-V 5.1 Sequencer. Ensure that Office 2013 is installed on the computer being used to sequence the plug-in. It is recommended you use Microsoft 365 Apps for enterprise(non-virtual) on the sequencing computer when you sequence Office 2013 plug-ins. - -3. Create an App-V 5.1 package that includes the desired plug-ins. - -4. Add a Connection Group through App-V server, System Center Configuration Manager, or a PowerShell cmdlet. - -5. Add the Office 2013 App-V package and the plug-ins package you sequenced to the Connection Group you created. - - **Important** - The order of the packages in the Connection Group determines the order in which the package contents are merged. In your Connection group descriptor file, add the Office 2013 App-V package first, and then add the plug-in App-V package. - - - -6. Ensure that both packages are published to the target computer and that the plug-in package is published globally to match the global settings of the published Office 2013 App-V package. - -7. Verify that the Deployment Configuration File of the plug-in package has the same settings that the Office 2013 App-V package has. - - Since the Office 2013 App-V package is integrated with the operating system, the plug-in package settings should match. You can search the Deployment Configuration File for “COM Mode” and ensure that your plug-ins package has that value set as “Integrated” and that both "InProcessEnabled" and "OutOfProcessEnabled" match the settings of the Office 2013 App-V package you published. - -8. Open the Deployment Configuration File and set the value for **Objects Enabled** to **false**. - -9. If you made any changes to the Deployment Configuration file after sequencing, ensure that the plug-in package is published with the file. - -10. Ensure that the Connection Group you created is enabled onto your desired computer. The Connection Group created will likely “pend” if the Office 2013 App-V package is in use when the Connection Group is enabled. If that happens, you have to reboot to successfully enable the Connection Group. - -11. After you successfully publish both packages and enable the Connection Group, start the target Office 2013 application and verify that the plug-in you published and added to the connection group works as expected. - -### Disabling Office 2013 applications - -You may want to disable specific applications in your Office App-V package. For instance, you can disable Access, but leave all other Office application main available. When you disable an application, the end user will no longer see the shortcut for that application. You do not have to re-sequence the application. When you change the Deployment Configuration File after the Office 2013 App-V package has been published, you will save the changes, add the Office 2013 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2013 App-V Package applications. - -**Note** -To exclude specific Office applications (for example, Access and InfoPath) when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting. For more information, see [Reference for Click-to-Run configuration.xml file](https://technet.microsoft.com/library/jj219426.aspx). - - - -**To disable an Office 2013 application** - -1. Open a Deployment Configuration File with a text editor such as **Notepad** and search for “Applications." - -2. Search for the Office application you want to disable, for example, Access 2013. - -3. Change the value of "Enabled" from "true" to "false." - -4. Save the Deployment Configuration File. - -5. Add the Office 2013 App-V Package with the new Deployment Configuration File. - - ```xml - - - InfoPath Filler 2013 - - - - - - - Lync 2013 - - - - - - - Access 2013 - - - - - ``` - -6. Re-add the Office 2013 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2013 App-V Package applications. - -### Disabling Office 2013 shortcuts - -You may want to disable shortcuts for certain Office applications instead of unpublishing or removing the package. The following example shows how to disable shortcuts for Microsoft Access. - -**To disable shortcuts for Office 2013 applications** - -1. Open a Deployment Configuration File in Notepad and search for “Shortcuts”. - -2. To disable certain shortcuts, delete or comment out the specific shortcuts you don’t want. You must keep the subsystem present and enabled. For example, in the example below, delete the Microsoft Access shortcuts, while keeping the subsystems <shortcut> </shortcut> intact to disable the Microsoft Access shortcut. - - ``` syntax - Shortcuts - - --> - - - - - [{Common Programs}]\Microsoft Office 2013\Access 2013.lnk - [{AppvPackageRoot}])office15\MSACCESS.EXE - [{Windows}]\Installer\{90150000-000F-0000-0000-000000FF1CE)\accicons.exe.Ø.ico - - - Microsoft.Office.MSACCESS.EXE.15 - true - Build a professional app quickly to manage data. - l - [{AppVPackageRoot}]\office15\MSACCESS.EXE - - ``` - -3. Save the Deployment Configuration File. - -4. Republish Office 2013 App-V Package with new Deployment Configuration File. - -Many additional settings can be changed through modifying the Deployment Configuration for App-V packages, for example, file type associations, Virtual File System, and more. For additional information on how to use Deployment Configuration Files to change App-V package settings, refer to the additional resources section at the end of this document. - -### Managing Office 2013 package upgrades - -To upgrade an Office 2013 package, use the Office Deployment Tool. To upgrade a previously deployed Office 2013 package, perform the following steps. - -**How to upgrade a previously deployed Office 2013 package** - -1. Create a new Office 2013 package through the Office Deployment Tool that uses the most recent Office 2013 application software. The most recent Office 2013 bits can always be obtained through the download stage of creating an Office 2013 App-V Package. The newly created Office 2013 package will have the most recent updates and a new Version ID. All packages created using the Office Deployment Tool have the same lineage. - - **Note** - Office App-V packages have two Version IDs: - - - An Office 2013 App-V Package Version ID that is unique across all packages created using the Office Deployment Tool. - - - A second App-V Package Version ID, x.x.x.x for example, in the AppX manifest that will only change if there is a new version of Office itself. For example, if a new Office 2013 release with upgrades is available, and a package is created through the Office Deployment Tool to incorporate these upgrades, the X.X.X.X version ID will change to reflect that the Office version itself has changed. The App-V server will use the X.X.X.X version ID to differentiate this package and recognize that it contains new upgrades to the previously published package, and as a result, publish it as an upgrade to the existing Office 2013 package. - - - -2. Globally publish the newly created Office 2013 App-V Packages onto computers where you would like to apply the new updates. Since the new package has the same lineage of the older Office 2013 App-V Package, publishing the new package with the updates will only apply the new changes to the old package, and thus will be fast. - -3. Upgrades will be applied in the same manner of any globally published App-V Packages. Because applications will probably be in use, upgrades might be delayed until the computer is rebooted. - -### Managing Office 2013 licensing upgrades - -If a new Office 2013 App-V Package has a different license than the Office 2013 App-V Package currently deployed. For instance, the Office 2013 package deployed is a subscription based Office 2013 and the new Office 2013 package is Volume Licensing based, the following instructions must be followed to ensure smooth licensing upgrade: - -**How to upgrade an Office 2013 License** - -1. Unpublish the already deployed Office 2013 Subscription Licensing App-V package. - -2. Remove the unpublished Office 2013 Subscription Licensing App-V package. - -3. Restart the computer. - -4. Add the new Office 2013 App-V Package Volume Licensing. - -5. Publish the added Office 2013 App-V Package with Volume Licensing. - -An Office 2013 App-V Package with your chosen licensing will be successfully deployed. - -### Deploying Visio 2013 and Project 2013 with Office - -The following table describes the requirements and options for deploying Visio 2013 and Project 2013 with Office. - - ---- - - - - - - - - - - - - - - - - -
TaskDetails

How do I package and publish Visio 2013 and Project 2013 with Office?

You must include Visio 2013 and Project 2013 in the same package with Office.

-

If you aren’t deploying Office, you can create a package that contains Visio and/or Project, as long as you follow Deploying Microsoft Office 2010 by Using App-V.

How can I deploy Visio 2013 and Project 2013 to specific users?

Use one of the following methods:

- ---- - - - - - - - - - - - - - - - - -
If you want to......then use this method

Create two different packages and deploy each one to a different group of users

Create and deploy the following packages:

-
    -

  • A package that contains only Office - deploy to computers whose users need only Office.

    • -

  • A package that contains Office, Visio, and Project - deploy to computers whose users need all three applications.

    • -

If you want only one package for the whole organization, or if you have users who share computers:

Follows these steps:

-
    -

  1. Create a package that contains Office, Visio, and Project.

    2. -

  2. Deploy the package to all users.

    3. -

  3. Use Microsoft AppLocker to prevent specific users from using Visio and Project.

    4. -
-

- - - -## Additional resources - - -**Office 2013 App-V Packages Additional Resources** - -[Office Deployment Tool for Click-to-Run](https://go.microsoft.com/fwlink/p/?LinkID=330672) - -[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://go.microsoft.com/fwlink/p/?LinkId=330680) - -**Office 2010 App-V Packages** - -[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330681) - -[Known issues when you create or use an App-V 5.0 Office 2010 package](https://go.microsoft.com/fwlink/p/?LinkId=330682) - -[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330676) - -**Connection Groups** - -[Deploying Connection Groups in Microsoft App-V v5](https://go.microsoft.com/fwlink/p/?LinkId=330683) - -[Managing Connection Groups](managing-connection-groups51.md) - -**Dynamic Configuration** - -[About App-V 5.1 Dynamic Configuration](about-app-v-51-dynamic-configuration.md) - - - - - - - - - - - - - - diff --git a/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md b/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md deleted file mode 100644 index 2856f34f5d..0000000000 --- a/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md +++ /dev/null @@ -1,796 +0,0 @@ ---- -title: Deploying Microsoft Office 2016 by Using App-V -description: Deploying Microsoft Office 2016 by Using App-V -author: dansimp -ms.assetid: cc675cde-cb8d-4b7c-a700-6104b78f1d89 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 07/25/2017 ---- - - -# Deploying Microsoft Office 2016 by Using App-V - - -Use the information in this article to use Microsoft Application Virtualization 5.0, or later versions, to deliver Microsoft Office 2016 as a virtualized application to computers in your organization. For information about using App-V to deliver Office 2013, see [Deploying Microsoft Office 2013 by Using App-V](deploying-microsoft-office-2013-by-using-app-v.md). For information about using App-V to deliver Office 2010, see [Deploying Microsoft Office 2010 by Using App-V](deploying-microsoft-office-2010-by-using-app-v.md). - -This topic contains the following sections: - -- [What to know before you start](#bkmk-before-you-start) - -- [Creating an Office 2016 package for App-V with the Office Deployment Tool](#bkmk-create-office-pkg) - -- [Publishing the Office package for App-V 5.0](#bkmk-pub-pkg-office) - -- [Customizing and managing Office App-V packages](#bkmk-custmz-manage-office-pkgs) - -## What to know before you start - - -Before you deploy Office 2016 by using App-V, review the following planning information. - -### Supported Office versions and Office coexistence - -Use the following table to get information about supported versions of Office and about running coexisting versions of Office. - - ---- - - - - - - - - - - - - - - - - -
Information to reviewDescription

Supported versions of Microsoft Office

    -

  • Supported versions of Office

    • -

  • Supported deployment types (for example, desktop, personal Virtual Desktop Infrastructure (VDI), pooled VDI)

    • -

  • Office licensing options

    • -

Planning for Using App-V with coexisting versions of Office

Considerations for installing different versions of Office on the same computer

- - - -### Packaging, publishing, and deployment requirements - -Before you deploy Office by using App-V, review the following requirements. - - ---- - - - - - - - - - - - - - - - - - - - - -
TaskRequirement

Packaging

 -
    -

  • All of the Office applications that you want to deploy to users must be in a single package.

    • -

  • In App-V 5.0 and later, you must use the Office Deployment Tool to create packages. You cannot use the Sequencer.

    • -

  • If you are deploying Microsoft Visio 2016 and Microsoft Project 2016 along with Office, you must include them in the same package with Office. For more information, see Deploying Visio 2016 and Project 2016 with Office.

    • -

Publishing

    -

  • You can publish only one Office package to each client computer.

    • -

  • You must publish the Office package globally. You cannot publish to the user.

    • -

Deploying any of the following products to a shared computer, for example, by using Remote Desktop Services:

-
    -

  • Microsoft 365 Apps for enterprise

    • -

  • Visio Pro for Office 365

    • -

  • Project Pro for Office 365

    • -

You must enable shared computer activation.

-
- - - -### Excluding Office applications from a package - -The following table describes the recommended methods for excluding specific Office applications from a package. - - ---- - - - - - - - - - - - - - - - - -
TaskDetails

Use the ExcludeApp setting when you create the package by using the Office Deployment Tool.

    -

  • Enables you to exclude specific Office applications from the package when the Office Deployment Tool creates the package. For example, you can use this setting to create a package that contains only Microsoft Word.

    • -

  • For more information, see ExcludeApp element.

    • -

Modify the DeploymentConfig.xml file

    -

  • Modify the DeploymentConfig.xml file after the package has been created. This file contains the default package settings for all users on a computer that is running the App-V Client.

    • -

  • For more information, see Disabling Office 2016 applications.

    • -
- - - -## Creating an Office 2016 package for App-V with the Office Deployment Tool - - -Complete the following steps to create an Office 2016 package for App-V 5.0 or later. - ->**Important**  In App-V 5.0 and later, you must use the Office Deployment Tool to create a package. You cannot use the Sequencer to create packages. - -### Review prerequisites for using the Office Deployment Tool - -The computer on which you are installing the Office Deployment Tool must have: - - ---- - - - - - - - - - - - - - - - - -
PrerequisiteDescription

Prerequisite software

.Net Framework 4

Supported operating systems

    -

  • 64-bit version of Windows 10

    • -

  • 64-bit version of Windows 8 or 8.1

    • -

  • 64-bit version of Windows 7

    • -
- - ->**Note** In this topic, the term “Office 2016 App-V package” refers to subscription licensing. - - -### Create Office 2016 App-V Packages Using Office Deployment Tool - -You create Office 2016 App-V packages by using the Office Deployment Tool. The following instructions explain how to create an Office 2016 App-V package with Subscription Licensing. - -Create Office 2016 App-V packages on 64-bit Windows computers. Once created, the Office 2016 App-V package will run on 32-bit and 64-bit Windows 7, Windows 8.1, and Windows 10 computers. - -### Download the Office Deployment Tool - -Office 2016 App-V Packages are created using the Office Deployment Tool, which generates an Office 2016 App-V Package. The package cannot be created or modified through the App-V sequencer. To begin package creation: - -1. Download the [Office 2016 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=49117). - -> **Important** You must use the Office 2016 Deployment Tool to create Office 2016 App-V Packages. -> 2. Run the .exe file and extract its features into the desired location. To make this process easier, you can create a shared network folder where the features will be saved. - - Example: \\\\Server\\Office2016 - -3. Check that a setup.exe and a configuration.xml file exist and are in the location you specified. - -### Download Office 2016 applications - -After you download the Office Deployment Tool, you can use it to get the latest Office 2016 applications. After getting the Office applications, you create the Office 2016 App-V package. - -The XML file that is included in the Office Deployment Tool specifies the product details, such as the languages and Office applications included. - -1. **Customize the sample XML configuration file:** Use the sample XML configuration file that you downloaded with the Office Deployment Tool to customize the Office applications: - - 1. Open the sample XML file in Notepad or your favorite text editor. - - 2. With the sample configuration.xml file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2016 applications. The following is a basic example of the configuration.xml file: - - ```xml - - - - - - - - - - - ``` - - >**Note** The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file. To “uncomment” these lines, remove the "" from the end of the line. - - The above XML configuration file specifies that Office 2016 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office 2016, which is the location where Office applications will be saved to. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2016 App-V packages with various licensing can be created from the same applications through specifying licensing in a later stage. The table below summarizes the customizable attributes and elements of XML file: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
InputDescriptionExample

Add element

Specifies the products and languages to include in the package.

N/A

OfficeClientEdition (attribute of Add element)

Specifies the edition of Office 2016 product to use: 32-bit or 64-bit. The operation fails if OfficeClientEdition is not set to a valid value.

OfficeClientEdition="32"

-

OfficeClientEdition="64"

Product element

Specifies the application. Project 2016 and Visio 2016 must be specified here as an added product to be included in the applications. - - For more information about the product IDs, see Product IDs that are supported by the Office Deployment Tool for Click-to-Run -

Product ID ="O365ProPlusRetail "

-

Product ID ="VisioProRetail"

-

Product ID ="ProjectProRetail"

-

Language element

Specifies the language supported in the applications

Language ID="en-us"

Version (attribute of Add element)

Optional. Specifies a build to use for the package

-

Defaults to latest advertised build (as defined in v32.CAB at the Office source).

16.1.2.3

SourcePath (attribute of Add element)

Specifies the location in which the applications will be saved to.

Sourcepath = "\Server\Office2016”

Channel (attribute of Add element)

Optional. Specifies the update channel for the product that you want to download or install.

For more information about update channels, see Overview of update channels for Microsoft 365 Apps for enterprise.

Channel="Deferred"

- - After editing the configuration.xml file to specify the desired product, languages, and also the location which the Office 2016 applications will be saved onto, you can save the configuration file, for example, as Customconfig.xml. - -2. **Download the applications into the specified location:** Use an elevated command prompt and a 64 bit operating system to download the Office 2016 applications that will later be converted into an App-V package. Below is an example command with a description of details: - - ``` syntax - \\server\Office2016\setup.exe /download \\server\Office2016\Customconfig.xml - ``` - - In the example: - - - - - - - - - - - - - - - - - - - - - - - - -

\server\Office2016

is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.

Setup.exe

is the Office Deployment Tool.

/download

downloads the Office 2016 applications that you specify in the customConfig.xml file. These bits can be later converted in an Office 2016 App-V package with Volume Licensing.

\server\Office2016\Customconfig.xml

passes the XML configuration file required to complete the download process, in this example, customconfig.xml. After using the download command, Office applications should be found in the location specified in the configuration xml file, in this example \Server\Office2016.

- - - -### Convert the Office applications into an App-V package - -After you download the Office 2016 applications through the Office Deployment Tool, use the Office Deployment Tool to convert them into an Office 2016 App-V package. Complete the steps that correspond to your licensing model. - -**Summary of what you’ll need to do:** - -- Create the Office 2016 App-V packages on 64-bit Windows computers. However, the package will run on 32-bit and 64-bit Windows 7, Windows 8 or 8.1, and Windows 10 computers. - -- Create an Office App-V package for Subscription Licensing package by using the Office Deployment Tool, and then modify the CustomConfig.xml configuration file. - - The following table summarizes the values you need to enter in the CustomConfig.xml file for the licensing model you’re using. The steps in the sections that follow the table will specify the exact entries you need to make. - ->**Note**  You can use the Office Deployment Tool to create App-V packages for Microsoft 365 Apps for enterprise. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported. - - ---- - - - - - - - - - - - - - - - - - - - - -
Product IDSubscription Licensing

Office 2016

O365ProPlusRetail

Office 2016 with Visio 2016

O365ProPlusRetail

-

VisioProRetail

Office 2016 with Visio 2016 and Project 2016

O365ProPlusRetail

-

VisioProRetail

-

ProjectProRetail

- - - -**How to convert the Office applications into an App-V package** - -1. In Notepad, reopen the CustomConfig.xml file, and make the following changes to the file: - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterWhat to change the value to

SourcePath

Point to the Office applications downloaded earlier.

ProductID

Specify Subscription licensing, as shown in the following example:

- 
<Configuration>
-      <Add SourcePath= "\server\Office 2016" OfficeClientEdition="32" >
-       <Product ID="O365ProPlusRetail">
-         <Language ID="en-us" />
-       </Product>
-       <Product ID="VisioProRetail">
-         <Language ID="en-us" />
-       </Product>
-     </Add>
-   </Configuration>
-

In this example, the following changes were made to create a package with Subscription licensing:

- - - - - - - - - - - - - - - - - - - -

SourcePath

is the path, which was changed to point to the Office applications that were downloaded earlier.

Product ID

for Office was changed to O365ProPlusRetail.

Product ID

for Visio was changed to VisioProRetail.

-

-

ExcludeApp (optional)

Lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access and InfoPath.

PACKAGEGUID (optional)

By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.

-

An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2016 for some users, and create another package with Office 2016 and Visio 2016 for another set of users.

- >Note Even if you use unique package IDs, you can still deploy only one App-V package to a single device. -
- - - -2. Use the /packager command to convert the Office applications to an Office 2016 App-V package. - - For example: - - ``` syntax - \\server\Office2016\setup.exe /packager \\server\Office2016\Customconfig.xml \\server\share\Office2016AppV - ``` - - In the example: - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

\server\Office2016

is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.

Setup.exe

is the Office Deployment Tool.

/packager

creates the Office 2016 App-V package with the type of licensing specified in the customConfig.xml file.

\server\Office2016\Customconfig.xml

passes the configuration XML file (in this case customConfig) that has been prepared for the packaging stage.

\server\share\Office 2016AppV

specifies the location of the newly created Office App-V package.

- - - -~~~ -After you run the **/packager** command, the following folders appear up in the directory where you specified the package should be saved: - -- **App-V Packages** – contains an Office 2016 App-V package and two deployment configuration files. - -- **WorkingDir** - -**Note** To troubleshoot any issues, see the log files in the %temp% directory (default). -~~~ - - - -3. Verify that the Office 2016 App-V package works correctly: - - 1. Publish the Office 2016 App-V package, which you created globally, to a test computer, and verify that the Office 2016 shortcuts appear. - - 2. Start a few Office 2016 applications, such as Excel or Word, to ensure that your package is working as expected. - -## Publishing the Office package for App-V - - -Use the following information to publish an Office package. - -### Methods for publishing Office App-V packages - -Deploy the App-V package for Office 2016 by using the same methods you use for any other package: - -- System Center Configuration Manager - -- App-V Server - -- Stand-alone through PowerShell commands - -### Publishing prerequisites and requirements - - ---- - - - - - - - - - - - - - - - - -
Prerequisite or requirementDetails

Enable PowerShell scripting on the App-V clients

To publish Office 2016 packages, you must run a script.

-

Package scripts are disabled by default on App-V clients. To enable scripting, run the following PowerShell command:

-
Set-AppvClientConfiguration –EnablePackageScripts 1

Publish the Office 2016 package globally

Extension points in the Office App-V package require installation at the computer level.

-

When you publish at the computer level, no prerequisite actions or redistributables are needed, and the Office 2016 package globally enables its applications to work like natively installed Office, eliminating the need for administrators to customize packages.

- - - -### How to publish an Office package - -Run the following command to publish an Office package globally: - -- `Add-AppvClientPackage | Publish-AppvClientPackage –global` - -- From the Web Management Console on the App-V Server, you can add permissions to a group of computers instead of to a user group to enable packages to be published globally to the computers in the corresponding group. - -## Customizing and managing Office App-V packages - - -To manage your Office App-V packages, use the same operations as you would for any other package, but there are a few exceptions, as outlined in the following sections. - -- [Enabling Office plug-ins by using connection groups](#bkmk-enable-office-plugins) - -- [Disabling Office 2016 applications](#bkmk-disable-office-apps) - -- [Disabling Office 2016 shortcuts](#bkmk-disable-shortcuts) - -- [Managing Office 2016 package upgrades](#bkmk-manage-office-pkg-upgrd) - -- [Deploying Visio 2016 and Project 2016 with Office](#bkmk-deploy-visio-project) - -### Enabling Office plug-ins by using connection groups - -Use the steps in this section to enable Office plug-ins with your Office package. To use Office plug-ins, you must use the App-V Sequencer to create a separate package that contains just the plug-ins. You cannot use the Office Deployment Tool to create the plug-ins package. You then create a connection group that contains the Office package and the plug-ins package, as described in the following steps. - -**To enable plug-ins for Office App-V packages** - -1. Add a Connection Group through App-V Server, System Center Configuration Manager, or a PowerShell cmdlet. - -2. Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2016 is installed on the computer being used to sequence the plug-in. It is recommended you use Microsoft 365 Apps for enterprise(non-virtual) on the sequencing computer when you sequence Office 2016 plug-ins. - -3. Create an App-V package that includes the desired plug-ins. - -4. Add a Connection Group through App-V server, System Center Configuration Manager, or a PowerShell cmdlet. - -5. Add the Office 2016 App-V package and the plug-ins package you sequenced to the Connection Group you created. - - >**Important** The order of the packages in the Connection Group determines the order in which the package contents are merged. In your Connection group descriptor file, add the Office 2016 App-V package first, and then add the plug-in App-V package. - - - -6. Ensure that both packages are published to the target computer and that the plug-in package is published globally to match the global settings of the published Office 2016 App-V package. - -7. Verify that the Deployment Configuration File of the plug-in package has the same settings that the Office 2016 App-V package has. - - Since the Office 2016 App-V package is integrated with the operating system, the plug-in package settings should match. You can search the Deployment Configuration File for “COM Mode” and ensure that your plug-ins package has that value set as “Integrated” and that both "InProcessEnabled" and "OutOfProcessEnabled" match the settings of the Office 2016 App-V package you published. - -8. Open the Deployment Configuration File and set the value for **Objects Enabled** to **false**. - -9. If you made any changes to the Deployment Configuration file after sequencing, ensure that the plug-in package is published with the file. - -10. Ensure that the Connection Group you created is enabled onto your desired computer. The Connection Group created will likely “pend” if the Office 2016 App-V package is in use when the Connection Group is enabled. If that happens, you have to reboot to successfully enable the Connection Group. - -11. After you successfully publish both packages and enable the Connection Group, start the target Office 2016 application and verify that the plug-in you published and added to the connection group works as expected. - -### Disabling Office 2016 applications - -You may want to disable specific applications in your Office App-V package. For instance, you can disable Access, but leave all other Office application main available. When you disable an application, the end user will no longer see the shortcut for that application. You do not have to re-sequence the application. When you change the Deployment Configuration File after the Office 2016 App-V package has been published, you will save the changes, add the Office 2016 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2016 App-V Package applications. - ->**Note** To exclude specific Office applications (for example, Access and InfoPath) when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting. - - -**To disable an Office 2016 application** - -1. Open a Deployment Configuration File with a text editor such as **Notepad** and search for “Applications." - -2. Search for the Office application you want to disable, for example, Access 2016. - -3. Change the value of "Enabled" from "true" to "false." - -4. Save the Deployment Configuration File. - -5. Add the Office 2016 App-V Package with the new Deployment Configuration File. - - ```xml - - - Lync 2016 - - - - - - - Access 2016 - - - - - ``` - -6. Re-add the Office 2016 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2016 App-V Package applications. - -### Disabling Office 2016 shortcuts - -You may want to disable shortcuts for certain Office applications instead of unpublishing or removing the package. The following example shows how to disable shortcuts for Microsoft Access. - -**To disable shortcuts for Office 2016 applications** - -1. Open a Deployment Configuration File in Notepad and search for “Shortcuts”. - -2. To disable certain shortcuts, delete or comment out the specific shortcuts you don’t want. You must keep the subsystem present and enabled. For example, in the example below, delete the Microsoft Access shortcuts, while keeping the subsystems <shortcut> </shortcut> intact to disable the Microsoft Access shortcut. - - ``` syntax - Shortcuts - - --> - - - - - [{Common Programs}]\Microsoft Office 2016\Access 2016.lnk - [{AppvPackageRoot}])office16\MSACCESS.EXE - [{Windows}]\Installer\{90150000-000F-0000-0000-000000FF1CE)\accicons.exe.Ø.ico - - - Microsoft.Office.MSACCESS.EXE.15 - true - Build a professional app quickly to manage data. - l - [{AppVPackageRoot}]\office16\MSACCESS.EXE - - ``` - -3. Save the Deployment Configuration File. - -4. Republish Office 2016 App-V Package with new Deployment Configuration File. - -Many additional settings can be changed through modifying the Deployment Configuration for App-V packages, for example, file type associations, Virtual File System, and more. For additional information on how to use Deployment Configuration Files to change App-V package settings, refer to the additional resources section at the end of this document. - -### Managing Office 2016 package upgrades - -To upgrade an Office 2016 package, use the Office Deployment Tool. To upgrade a previously deployed Office 2016 package, perform the following steps. - -**How to upgrade a previously deployed Office 2016 package** - -1. Create a new Office 2016 package through the Office Deployment Tool that uses the most recent Office 2016 application software. The most recent Office 2016 bits can always be obtained through the download stage of creating an Office 2016 App-V Package. The newly created Office 2016 package will have the most recent updates and a new Version ID. All packages created using the Office Deployment Tool have the same lineage. - - > **Note** Office App-V packages have two Version IDs: - >
    - >
  • An Office 2016 App-V Package Version ID that is unique across all packages created using the Office Deployment Tool.
    • - >
  • A second App-V Package Version ID, x.x.x.x for example, in the AppX manifest that will only change if there is a new version of Office itself. For example, if a new Office 2016 release with upgrades is available, and a package is created through the Office Deployment Tool to incorporate these upgrades, the X.X.X.X version ID will change to reflect that the Office version itself has changed. The App-V server will use the X.X.X.X version ID to differentiate this package and recognize that it contains new upgrades to the previously published package, and as a result, publish it as an upgrade to the existing Office 2016 package.
    • - >
- - -2. Globally publish the newly created Office 2016 App-V Packages onto computers where you would like to apply the new updates. Since the new package has the same lineage of the older Office 2016 App-V Package, publishing the new package with the updates will only apply the new changes to the old package, and thus will be fast. - -3. Upgrades will be applied in the same manner of any globally published App-V Packages. Because applications will probably be in use, upgrades might be delayed until the computer is rebooted. - - -### Deploying Visio 2016 and Project 2016 with Office - -The following table describes the requirements and options for deploying Visio 2016 and Project 2016 with Office. - - ---- - - - - - - - - - - - - - - - - -
TaskDetails

How do I package and publish Visio 2016 and Project 2016 with Office?

You must include Visio 2016 and Project 2016 in the same package with Office.

-

If you aren’t deploying Office, you can create a package that contains Visio and/or Project, as long as you follow the packaging, publishing, and deployment requirements described in this topic.

How can I deploy Visio 2016 and Project 2016 to specific users?

Use one of the following methods:

- ---- - - - - - - - - - - - - - - - - -
If you want to......then use this method

Create two different packages and deploy each one to a different group of users

Create and deploy the following packages:

-
    -

  • A package that contains only Office - deploy to computers whose users need only Office.

    • -

  • A package that contains Office, Visio, and Project - deploy to computers whose users need all three applications.

    • -

If you want only one package for the whole organization, or if you have users who share computers:

Follows these steps:

-
    -

  1. Create a package that contains Office, Visio, and Project.

    2. -

  2. Deploy the package to all users.

    3. -

  3. Use Microsoft AppLocker to prevent specific users from using Visio and Project.

    4. -
-

- - - -## Additional resources - - -[Deploying Microsoft Office 2013 by Using App-V](deploying-microsoft-office-2013-by-using-app-v.md) - -[Deploying Microsoft Office 2010 by Using App-V](deploying-microsoft-office-2010-by-using-app-v.md) - -[Office 2016 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=49117) - -**Connection Groups** - -[Deploying Connection Groups in Microsoft App-V v5](https://go.microsoft.com/fwlink/p/?LinkId=330683) - -[Managing Connection Groups](managing-connection-groups.md) - -**Dynamic Configuration** - -[About App-V 5.1 Dynamic Configuration](about-app-v-51-dynamic-configuration.md) - - - - - diff --git a/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v51.md b/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v51.md deleted file mode 100644 index 6d6021c95e..0000000000 --- a/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v51.md +++ /dev/null @@ -1,795 +0,0 @@ ---- -title: Deploying Microsoft Office 2016 by Using App-V -description: Deploying Microsoft Office 2016 by Using App-V -author: dansimp -ms.assetid: e0f4876-da99-4b89-977e-2fb6e89ea3d3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 04/19/2017 ---- - - -# Deploying Microsoft Office 2016 by Using App-V - - -Use the information in this article to use Microsoft Application Virtualization (App-V) 5.1, or later versions, to deliver Microsoft Office 2016 as a virtualized application to computers in your organization. For information about using App-V to deliver Office 2013, see [Deploying Microsoft Office 2013 by Using App-V](deploying-microsoft-office-2013-by-using-app-v51.md). For information about using App-V to deliver Office 2010, see [Deploying Microsoft Office 2010 by Using App-V](deploying-microsoft-office-2010-by-using-app-v51.md). - -This topic contains the following sections: - -- [What to know before you start](#bkmk-before-you-start) - -- [Creating an Office 2016 package for App-V with the Office Deployment Tool](#bkmk-create-office-pkg) - -- [Publishing the Office package for App-V 5.1](#bkmk-pub-pkg-office) - -- [Customizing and managing Office App-V packages](#bkmk-custmz-manage-office-pkgs) - -## What to know before you start - - -Before you deploy Office 2016 by using App-V, review the following planning information. - -### Supported Office versions and Office coexistence - -Use the following table to get information about supported versions of Office and about running coexisting versions of Office. - - ---- - - - - - - - - - - - - - - - - -
Information to reviewDescription

Supported versions of Microsoft Office

    -

  • Supported versions of Office

    • -

  • Supported deployment types (for example, desktop, personal Virtual Desktop Infrastructure (VDI), pooled VDI)

    • -

  • Office licensing options

    • -

Planning for Using App-V with coexisting versions of Office

Considerations for installing different versions of Office on the same computer

- - - -### Packaging, publishing, and deployment requirements - -Before you deploy Office by using App-V, review the following requirements. - - ---- - - - - - - - - - - - - - - - - - - - - -
TaskRequirement

Packaging

 -
    -

  • All of the Office applications that you want to deploy to users must be in a single package.

    • -

  • In App-V 5.1 and later, you must use the Office Deployment Tool to create packages. You cannot use the Sequencer.

    • -

  • If you are deploying Microsoft Visio 2016 and Microsoft Project 2016 along with Office, you must include them in the same package with Office. For more information, see Deploying Visio 2016 and Project 2016 with Office.

    • -

Publishing

    -

  • You can publish only one Office package to each client computer.

    • -

  • You must publish the Office package globally. You cannot publish to the user.

    • -

Deploying any of the following products to a shared computer, for example, by using Remote Desktop Services:

-
    -

  • Microsoft 365 Apps for enterprise

    • -

  • Visio Pro for Office 365

    • -

  • Project Pro for Office 365

    • -

You must enable shared computer activation.

-
- - - -### Excluding Office applications from a package - -The following table describes the recommended methods for excluding specific Office applications from a package. - - ---- - - - - - - - - - - - - - - - - -
TaskDetails

Use the ExcludeApp setting when you create the package by using the Office Deployment Tool.

    -

  • Enables you to exclude specific Office applications from the package when the Office Deployment Tool creates the package. For example, you can use this setting to create a package that contains only Microsoft Word.

    • -

  • For more information, see ExcludeApp element.

    • -

Modify the DeploymentConfig.xml file

    -

  • Modify the DeploymentConfig.xml file after the package has been created. This file contains the default package settings for all users on a computer that is running the App-V Client.

    • -

  • For more information, see Disabling Office 2016 applications.

    • -
- - - -## Creating an Office 2016 package for App-V with the Office Deployment Tool - - -Complete the following steps to create an Office 2016 package for App-V 5.1 or later. - ->**Important**  In App-V 5.1 and later, you must use the Office Deployment Tool to create a package. You cannot use the Sequencer to create packages. - -### Review prerequisites for using the Office Deployment Tool - -The computer on which you are installing the Office Deployment Tool must have: - - ---- - - - - - - - - - - - - - - - - -
PrerequisiteDescription

Prerequisite software

.Net Framework 4

Supported operating systems

    -

  • 64-bit version of Windows 10

    • -

  • 64-bit version of Windows 8 or 8.1

    • -

  • 64-bit version of Windows 7

    • -
- - ->**Note** In this topic, the term “Office 2016 App-V package” refers to subscription licensing. - - -### Create Office 2016 App-V Packages Using Office Deployment Tool - -You create Office 2016 App-V packages by using the Office Deployment Tool. The following instructions explain how to create an Office 2016 App-V package with Subscription Licensing. - -Create Office 2016 App-V packages on 64-bit Windows computers. Once created, the Office 2016 App-V package will run on 32-bit and 64-bit Windows 7, Windows 8.1, and Windows 10 computers. - -### Download the Office Deployment Tool - -Office 2016 App-V Packages are created using the Office Deployment Tool, which generates an Office 2016 App-V Package. The package cannot be created or modified through the App-V sequencer. To begin package creation: - -1. Download the [Office 2016 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=49117). - -> **Important** You must use the Office 2016 Deployment Tool to create Office 2016 App-V Packages. -> 2. Run the .exe file and extract its features into the desired location. To make this process easier, you can create a shared network folder where the features will be saved. - - Example: \\\\Server\\Office2016 - -3. Check that a setup.exe and a configuration.xml file exist and are in the location you specified. - -### Download Office 2016 applications - -After you download the Office Deployment Tool, you can use it to get the latest Office 2016 applications. After getting the Office applications, you create the Office 2016 App-V package. - -The XML file that is included in the Office Deployment Tool specifies the product details, such as the languages and Office applications included. - -1. **Customize the sample XML configuration file:** Use the sample XML configuration file that you downloaded with the Office Deployment Tool to customize the Office applications: - - 1. Open the sample XML file in Notepad or your favorite text editor. - - 2. With the sample configuration.xml file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2016 applications. The following is a basic example of the configuration.xml file: - - ```xml - - - - - - - - - - - ``` - - >**Note** The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file. To “uncomment” these lines, remove the "" from the end of the line. - - The above XML configuration file specifies that Office 2016 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office 2016, which is the location where Office applications will be saved to. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2016 App-V packages with various licensing can be created from the same applications through specifying licensing in a later stage. The table below summarizes the customizable attributes and elements of XML file: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
InputDescriptionExample

Add element

Specifies the products and languages to include in the package.

N/A

OfficeClientEdition (attribute of Add element)

Specifies the edition of Office 2016 product to use: 32-bit or 64-bit. The operation fails if OfficeClientEdition is not set to a valid value.

OfficeClientEdition="32"

-

OfficeClientEdition="64"

Product element

Specifies the application. Project 2016 and Visio 2016 must be specified here as an added product to be included in the applications. - - For more information about the product IDs, see Product IDs that are supported by the Office Deployment Tool for Click-to-Run -

Product ID ="O365ProPlusRetail "

-

Product ID ="VisioProRetail"

-

Product ID ="ProjectProRetail"

-

Language element

Specifies the language supported in the applications

Language ID="en-us"

Version (attribute of Add element)

Optional. Specifies a build to use for the package

-

Defaults to latest advertised build (as defined in v32.CAB at the Office source).

16.1.2.3

SourcePath (attribute of Add element)

Specifies the location in which the applications will be saved to.

Sourcepath = "\Server\Office2016”

Branch (attribute of Add element)

Optional. Specifies the update branch for the product that you want to download or install.

For more information about update branches, see Overview of update branches for Microsoft 365 Apps for enterprise.

Branch = "Business"

- - After editing the configuration.xml file to specify the desired product, languages, and also the location which the Office 2016 applications will be saved onto, you can save the configuration file, for example, as Customconfig.xml. - -2. **Download the applications into the specified location:** Use an elevated command prompt and a 64 bit operating system to download the Office 2016 applications that will later be converted into an App-V package. Below is an example command with a description of details: - - ``` syntax - \\server\Office2016\setup.exe /download \\server\Office2016\Customconfig.xml - ``` - - In the example: - - - - - - - - - - - - - - - - - - - - - - - - -

\server\Office2016

is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.

Setup.exe

is the Office Deployment Tool.

/download

downloads the Office 2016 applications that you specify in the customConfig.xml file. These bits can be later converted in an Office 2016 App-V package with Volume Licensing.

\server\Office2016\Customconfig.xml

passes the XML configuration file required to complete the download process, in this example, customconfig.xml. After using the download command, Office applications should be found in the location specified in the configuration xml file, in this example \Server\Office2016.

- - - -### Convert the Office applications into an App-V package - -After you download the Office 2016 applications through the Office Deployment Tool, use the Office Deployment Tool to convert them into an Office 2016 App-V package. Complete the steps that correspond to your licensing model. - -**Summary of what you’ll need to do:** - -- Create the Office 2016 App-V packages on 64-bit Windows computers. However, the package will run on 32-bit and 64-bit Windows 7, Windows 8 or 8.1, and Windows 10 computers. - -- Create an Office App-V package for Subscription Licensing package by using the Office Deployment Tool, and then modify the CustomConfig.xml configuration file. - - The following table summarizes the values you need to enter in the CustomConfig.xml file for the licensing model you’re using. The steps in the sections that follow the table will specify the exact entries you need to make. - ->**Note**  You can use the Office Deployment Tool to create App-V packages for Microsoft 365 Apps for enterprise. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported. - - ---- - - - - - - - - - - - - - - - - - - - - -
Product IDSubscription Licensing

Office 2016

O365ProPlusRetail

Office 2016 with Visio 2016

O365ProPlusRetail

-

VisioProRetail

Office 2016 with Visio 2016 and Project 2016

O365ProPlusRetail

-

VisioProRetail

-

ProjectProRetail

- - - -**How to convert the Office applications into an App-V package** - -1. In Notepad, reopen the CustomConfig.xml file, and make the following changes to the file: - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterWhat to change the value to

SourcePath

Point to the Office applications downloaded earlier.

ProductID

Specify Subscription licensing, as shown in the following example:

- 
<Configuration>
-      <Add SourcePath= "\server\Office 2016" OfficeClientEdition="32" >
-       <Product ID="O365ProPlusRetail">
-         <Language ID="en-us" />
-       </Product>
-       <Product ID="VisioProRetail">
-         <Language ID="en-us" />
-       </Product>
-     </Add>
-   </Configuration>
-

In this example, the following changes were made to create a package with Subscription licensing:

- - - - - - - - - - - - - - - - - - - -

SourcePath

is the path, which was changed to point to the Office applications that were downloaded earlier.

Product ID

for Office was changed to O365ProPlusRetail.

Product ID

for Visio was changed to VisioProRetail.

-

-

ExcludeApp (optional)

Lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access and InfoPath.

PACKAGEGUID (optional)

By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.

-

An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2016 for some users, and create another package with Office 2016 and Visio 2016 for another set of users.

- - >Note Even if you use unique package IDs, you can still deploy only one App-V package to a single device. -
- - -2. Use the /packager command to convert the Office applications to an Office 2016 App-V package. - - For example: - - ``` syntax - \\server\Office2016\setup.exe /packager \\server\Office2016\Customconfig.xml \\server\share\Office2016AppV - ``` - - In the example: - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

\server\Office2016

is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.

Setup.exe

is the Office Deployment Tool.

/packager

creates the Office 2016 App-V package with the type of licensing specified in the customConfig.xml file.

\server\Office2016\Customconfig.xml

passes the configuration XML file (in this case customConfig) that has been prepared for the packaging stage.

\server\share\Office 2016AppV

specifies the location of the newly created Office App-V package.

- - - -~~~ -After you run the **/packager** command, the following folders appear up in the directory where you specified the package should be saved: - -- **App-V Packages** – contains an Office 2016 App-V package and two deployment configuration files. - -- **WorkingDir** - -**Note** To troubleshoot any issues, see the log files in the %temp% directory (default). -~~~ - - - -3. Verify that the Office 2016 App-V package works correctly: - - 1. Publish the Office 2016 App-V package, which you created globally, to a test computer, and verify that the Office 2016 shortcuts appear. - - 2. Start a few Office 2016 applications, such as Excel or Word, to ensure that your package is working as expected. - -## Publishing the Office package for App-V - - -Use the following information to publish an Office package. - -### Methods for publishing Office App-V packages - -Deploy the App-V package for Office 2016 by using the same methods you use for any other package: - -- System Center Configuration Manager - -- App-V Server - -- Stand-alone through PowerShell commands - -### Publishing prerequisites and requirements - - ---- - - - - - - - - - - - - - - - - -
Prerequisite or requirementDetails

Enable PowerShell scripting on the App-V clients

To publish Office 2016 packages, you must run a script.

-

Package scripts are disabled by default on App-V clients. To enable scripting, run the following PowerShell command:

-
Set-AppvClientConfiguration –EnablePackageScripts 1

Publish the Office 2016 package globally

Extension points in the Office App-V package require installation at the computer level.

-

When you publish at the computer level, no prerequisite actions or redistributables are needed, and the Office 2016 package globally enables its applications to work like natively installed Office, eliminating the need for administrators to customize packages.

- - - -### How to publish an Office package - -Run the following command to publish an Office package globally: - -- `Add-AppvClientPackage | Publish-AppvClientPackage –global` - -- From the Web Management Console on the App-V Server, you can add permissions to a group of computers instead of to a user group to enable packages to be published globally to the computers in the corresponding group. - -## Customizing and managing Office App-V packages - - -To manage your Office App-V packages, use the same operations as you would for any other package, but there are a few exceptions, as outlined in the following sections. - -- [Enabling Office plug-ins by using connection groups](#bkmk-enable-office-plugins) - -- [Disabling Office 2016 applications](#bkmk-disable-office-apps) - -- [Disabling Office 2016 shortcuts](#bkmk-disable-shortcuts) - -- [Managing Office 2016 package upgrades](#bkmk-manage-office-pkg-upgrd) - -- [Deploying Visio 2016 and Project 2016 with Office](#bkmk-deploy-visio-project) - -### Enabling Office plug-ins by using connection groups - -Use the steps in this section to enable Office plug-ins with your Office package. To use Office plug-ins, you must use the App-V Sequencer to create a separate package that contains just the plug-ins. You cannot use the Office Deployment Tool to create the plug-ins package. You then create a connection group that contains the Office package and the plug-ins package, as described in the following steps. - -**To enable plug-ins for Office App-V packages** - -1. Add a Connection Group through App-V Server, System Center Configuration Manager, or a PowerShell cmdlet. - -2. Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2016 is installed on the computer being used to sequence the plug-in. It is recommended you use Microsoft 365 Apps for enterprise(non-virtual) on the sequencing computer when you sequence Office 2016 plug-ins. - -3. Create an App-V package that includes the desired plug-ins. - -4. Add a Connection Group through App-V server, System Center Configuration Manager, or a PowerShell cmdlet. - -5. Add the Office 2016 App-V package and the plug-ins package you sequenced to the Connection Group you created. - - >**Important** The order of the packages in the Connection Group determines the order in which the package contents are merged. In your Connection group descriptor file, add the Office 2016 App-V package first, and then add the plug-in App-V package. - - - -6. Ensure that both packages are published to the target computer and that the plug-in package is published globally to match the global settings of the published Office 2016 App-V package. - -7. Verify that the Deployment Configuration File of the plug-in package has the same settings that the Office 2016 App-V package has. - - Since the Office 2016 App-V package is integrated with the operating system, the plug-in package settings should match. You can search the Deployment Configuration File for “COM Mode” and ensure that your plug-ins package has that value set as “Integrated” and that both "InProcessEnabled" and "OutOfProcessEnabled" match the settings of the Office 2016 App-V package you published. - -8. Open the Deployment Configuration File and set the value for **Objects Enabled** to **false**. - -9. If you made any changes to the Deployment Configuration file after sequencing, ensure that the plug-in package is published with the file. - -10. Ensure that the Connection Group you created is enabled onto your desired computer. The Connection Group created will likely “pend” if the Office 2016 App-V package is in use when the Connection Group is enabled. If that happens, you have to reboot to successfully enable the Connection Group. - -11. After you successfully publish both packages and enable the Connection Group, start the target Office 2016 application and verify that the plug-in you published and added to the connection group works as expected. - -### Disabling Office 2016 applications - -You may want to disable specific applications in your Office App-V package. For instance, you can disable Access, but leave all other Office application main available. When you disable an application, the end user will no longer see the shortcut for that application. You do not have to re-sequence the application. When you change the Deployment Configuration File after the Office 2016 App-V package has been published, you will save the changes, add the Office 2016 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2016 App-V Package applications. - ->**Note** To exclude specific Office applications (for example, Access and InfoPath) when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting. - - -**To disable an Office 2016 application** - -1. Open a Deployment Configuration File with a text editor such as **Notepad** and search for “Applications." - -2. Search for the Office application you want to disable, for example, Access 2016. - -3. Change the value of "Enabled" from "true" to "false." - -4. Save the Deployment Configuration File. - -5. Add the Office 2016 App-V Package with the new Deployment Configuration File. - - ```xml - - - Lync 2016 - - - - - - - Access 2016 - - - - - ``` - -6. Re-add the Office 2016 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2016 App-V Package applications. - -### Disabling Office 2016 shortcuts - -You may want to disable shortcuts for certain Office applications instead of unpublishing or removing the package. The following example shows how to disable shortcuts for Microsoft Access. - -**To disable shortcuts for Office 2016 applications** - -1. Open a Deployment Configuration File in Notepad and search for “Shortcuts”. - -2. To disable certain shortcuts, delete or comment out the specific shortcuts you don’t want. You must keep the subsystem present and enabled. For example, in the example below, delete the Microsoft Access shortcuts, while keeping the subsystems <shortcut> </shortcut> intact to disable the Microsoft Access shortcut. - - ``` syntax - Shortcuts - - --> - - - - - [{Common Programs}]\Microsoft Office 2016\Access 2016.lnk - [{AppvPackageRoot}])office16\MSACCESS.EXE - [{Windows}]\Installer\{90150000-000F-0000-0000-000000FF1CE)\accicons.exe.Ø.ico - - - Microsoft.Office.MSACCESS.EXE.15 - true - Build a professional app quickly to manage data. - l - [{AppVPackageRoot}]\office16\MSACCESS.EXE - - ``` - -3. Save the Deployment Configuration File. - -4. Republish Office 2016 App-V Package with new Deployment Configuration File. - -Many additional settings can be changed through modifying the Deployment Configuration for App-V packages, for example, file type associations, Virtual File System, and more. For additional information on how to use Deployment Configuration Files to change App-V package settings, refer to the additional resources section at the end of this document. - -### Managing Office 2016 package upgrades - -To upgrade an Office 2016 package, use the Office Deployment Tool. To upgrade a previously deployed Office 2016 package, perform the following steps. - -**How to upgrade a previously deployed Office 2016 package** - -1. Create a new Office 2016 package through the Office Deployment Tool that uses the most recent Office 2016 application software. The most recent Office 2016 bits can always be obtained through the download stage of creating an Office 2016 App-V Package. The newly created Office 2016 package will have the most recent updates and a new Version ID. All packages created using the Office Deployment Tool have the same lineage. - - > **Note** Office App-V packages have two Version IDs: - >
    - >
  • An Office 2016 App-V Package Version ID that is unique across all packages created using the Office Deployment Tool.
    • - >
  • A second App-V Package Version ID, x.x.x.x for example, in the AppX manifest that will only change if there is a new version of Office itself. For example, if a new Office 2016 release with upgrades is available, and a package is created through the Office Deployment Tool to incorporate these upgrades, the X.X.X.X version ID will change to reflect that the Office version itself has changed. The App-V server will use the X.X.X.X version ID to differentiate this package and recognize that it contains new upgrades to the previously published package, and as a result, publish it as an upgrade to the existing Office 2016 package.
    • - >
- - -2. Globally publish the newly created Office 2016 App-V Packages onto computers where you would like to apply the new updates. Since the new package has the same lineage of the older Office 2016 App-V Package, publishing the new package with the updates will only apply the new changes to the old package, and thus will be fast. - -3. Upgrades will be applied in the same manner of any globally published App-V Packages. Because applications will probably be in use, upgrades might be delayed until the computer is rebooted. - - -### Deploying Visio 2016 and Project 2016 with Office - -The following table describes the requirements and options for deploying Visio 2016 and Project 2016 with Office. - - ---- - - - - - - - - - - - - - - - - -
TaskDetails

How do I package and publish Visio 2016 and Project 2016 with Office?

You must include Visio 2016 and Project 2016 in the same package with Office.

-

If you aren’t deploying Office, you can create a package that contains Visio and/or Project, as long as you follow the packaging, publishing, and deployment requirements described in this topic.

How can I deploy Visio 2016 and Project 2016 to specific users?

Use one of the following methods:

- ---- - - - - - - - - - - - - - - - - -
If you want to......then use this method

Create two different packages and deploy each one to a different group of users

Create and deploy the following packages:

-
    -

  • A package that contains only Office - deploy to computers whose users need only Office.

    • -

  • A package that contains Office, Visio, and Project - deploy to computers whose users need all three applications.

    • -

If you want only one package for the whole organization, or if you have users who share computers:

Follows these steps:

-
    -

  1. Create a package that contains Office, Visio, and Project.

    2. -

  2. Deploy the package to all users.

    3. -

  3. Use Microsoft AppLocker to prevent specific users from using Visio and Project.

    4. -
-

- - -## Additional resources - - -[Deploying Microsoft Office 2013 by Using App-V](deploying-microsoft-office-2013-by-using-app-v.md) - -[Deploying Microsoft Office 2010 by Using App-V](deploying-microsoft-office-2010-by-using-app-v.md) - -[Office 2016 Deployment Tool for Click-to-Run](https://www.microsoft.com/download/details.aspx?id=49117) - -**Connection Groups** - -[Deploying Connection Groups in Microsoft App-V v5](https://go.microsoft.com/fwlink/p/?LinkId=330683) - -[Managing Connection Groups](managing-connection-groups.md) - -**Dynamic Configuration** - -[About App-V 5.1 Dynamic Configuration](about-app-v-51-dynamic-configuration.md) - - - - - diff --git a/mdop/appv-v5/deploying-the-app-v-50-sequencer-and-client.md b/mdop/appv-v5/deploying-the-app-v-50-sequencer-and-client.md deleted file mode 100644 index 1ad01a6915..0000000000 --- a/mdop/appv-v5/deploying-the-app-v-50-sequencer-and-client.md +++ /dev/null @@ -1,125 +0,0 @@ ---- -title: Deploying the App-V 5.0 Sequencer and Client -description: Deploying the App-V 5.0 Sequencer and Client -author: dansimp -ms.assetid: 84cc84bd-5bc0-41aa-9519-0ded2932c078 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/21/2016 ---- - - -# Deploying the App-V 5.0 Sequencer and Client - - -The App-V 5.0 Sequencer and client enable administrators to virtualize and run virtualized applications. - -## Deploy the client - - -The App-V 5.0 client is the component that runs a virtualized application on a target computer. The client enables users to interact with icons and to double-click file types, so that they can start a virtualized application. The client can also obtain the virtual application content from the management server. - -[How to Deploy the App-V Client](how-to-deploy-the-app-v-client-gb18030.md) - -[How to Uninstall the App-V 5.0 Client](how-to-uninstall-the-app-v-50-client.md) - -[How to Deploy the App-V 4.6 and the App-V 5.0 Client on the Same Computer](how-to-deploy-the-app-v-46-and-the-app-v--50-client-on-the-same-computer.md) - -## Client Configuration Settings - - -The App-V 5.0 client stores its configuration in the registry. You can gather some useful information about the client if you understand the format of data in the registry. You can also configure many client actions by changing registry entries. - -[About Client Configuration Settings](about-client-configuration-settings.md) - -## Configure the client by using the ADMX template and Group Policy - - -You can use the Microsoft ADMX template to configure the client settings for the App-V 5.0 client and the Remote Desktop Services client. The ADMX template manages common client configurations by using an existing Group Policy infrastructure and it includes settings for the App-V 5.0 client configuration. - -**Important**   -You can obtain the App-V 5.0 ADMX template from the Microsoft Download Center. - - - -After you download and install the ADMX template, perform the following steps on the computer that you will use to manage Group Policy. This is typically the Domain Controller. - -1. Save the **.admx** file to the following directory: **Windows \\ PolicyDefinitions** - -2. Save the **.adml** file to the following directory: **Windows \\ PolicyDefinitions \\ <Language Directory>** - -After you have completed the preceding steps, you can manage the App-V 5.0 client configuration settings with the **Group Policy Management** console. - -The App-V 5.0 client also stores its configuration in the registry. You can gather some useful information about the client if you understand the format of the data in the registry. You can also configure many client actions by changing registry entries. - -[How to Modify App-V 5.0 Client Configuration Using the ADMX Template and Group Policy](how-to-modify-app-v-50-client-configuration-using-the-admx-template-and-group-policy.md) - -## Deploy the client by using the Shared Content Store mode - - -The App-V 5.0 Shared Content Store (SCS) mode enables the SCS App-V 5.0 clients to run virtualized applications without saving any of the associated package data locally. All required virtualized package data is transmitted across the network; therefore, you should only use the SCS mode in environments with a fast connection. Both the Remote Desktop Services (RDS) and the standard version of the App-V 5.0 client are supported with SCS mode. - -**Important**   -If the App-V 5.0 client is configured to run in the SCS mode, the location where the App-V 5.0 packages are streamed from must be available, otherwise, the virtualized package will fail. Additionally, we do not recommend deployment of virtualized applications to computers that run the App-V 5.0 client in the SCS mode across the internet. - - - -Additionally, the SCS is not a physical location that contains virtualized packages. It is a mode that allows the App-V 5.0 client to stream the required virtualized package data across the network. - -The SCS mode is helpful in the following scenarios: - -- Virtual desktop infrastructure (VDI) deployments - -- Remote desktop services (RDS) deployments - -To use SCS in your environment, you must enable the App-V 5.0 client to run in SCS mode. This setting should be specified during installation. By default, the client is not configured to use SCS mode. You should install the client by using the suggested procedure if you plan to use SCS. However, you can configure an existing App-V 5.0 client to run in SCS mode by entering the following PowerShell command on the computer that runs the App-V 5.0 client: - -**set-AppvClientConfiguration -SharedContentStoreMode 1** - -There might be cases when the administrator pre-loads some virtual applications on the computer that runs the App-V 5.0 client in SCS mode. This can be accomplished with PowerShell commands to add, publish, and mount the package. For example, if a package is pre-loaded on all computers, the administrator could add, publish, and mount the package by using PowerShell commands. The package would not stream across the network because it would be locally stored. - -[How to Install the App-V 5.0 Client for Shared Content Store Mode](how-to-install-the-app-v-50-client-for-shared-content-store-mode.md) - -## Deploy the Sequencer - - -The Sequencer is a tool that is used to convert standard applications into virtual packages for deployment to computers that run the App-V 5.0 client. The Sequencer helps provide a simple and predictable conversion process with minimal changes to prior sequencing workflows. In addition, the Sequencer allows users to more easily configure applications to enable connections of virtualized applications. - -For a list of changes in the App-V 5.0 Sequencer, see [What's New in App-V 5.0](whats-new-in-app-v-50.md). - -[How to Install the Sequencer](how-to-install-the-sequencer-beta-gb18030.md) - -## App-V 5.0 Client and Sequencer logs - - -You can use the App-V 5.0 Sequencer log information to help troubleshoot the Sequencer installation and operational events while using App-V 5.0. The Sequencer-related log information can be reviewed with the **Event Viewer**. The following line displays the specific path for Sequencer-related events: - -**Event Viewer \\ Applications and Services Logs \\ Microsoft \\ App V**. Sequencer-related events are prepended with **AppV\_Sequencer**. Client-related events are prepended with **AppV\_Client**. - -In App-V 5.0 SP3, some logs have been consolidated. See [About App-V 5.0 SP3](about-app-v-50-sp3.md#bkmk-event-logs-moved). - -## Other resources for deploying the Sequencer and client - - -[Deploying App-V 5.0](deploying-app-v-50.md) - -[Planning for App-V 5.0](planning-for-app-v-50-rc.md) - - - - - - - - - - - - - - diff --git a/mdop/appv-v5/deploying-the-app-v-50-server.md b/mdop/appv-v5/deploying-the-app-v-50-server.md deleted file mode 100644 index a9c5cecc6e..0000000000 --- a/mdop/appv-v5/deploying-the-app-v-50-server.md +++ /dev/null @@ -1,129 +0,0 @@ ---- -title: Deploying the App-V 5.0 Server -description: Deploying the App-V 5.0 Server -author: dansimp -ms.assetid: a47f0dc8-2971-4e4d-8d57-6b69bbed4b63 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploying the App-V 5.0 Server - - -You can install the App-V 5.0 server features by using different deployment configurations, which described in this topic. Before you install the server features, review the server section of [App-V 5.0 Security Considerations](app-v-50-security-considerations.md). - -For information about deploying the App-V 5.0 SP3 Server, see [About App-V 5.0 SP3](about-app-v-50-sp3.md#bkmk-migrate-to-50sp3). - -**Important**   -Before you install and configure the App-V 5.0 servers, you must specify a port where each component will be hosted. You must also add the associated firewall rules to allow incoming requests to access the specified ports. The installer does not modify firewall settings. - - - -## App-V 5.0 Server overview - - -The App-V 5.0 Server is made up of five components. Each component serves a different purpose within the App-V 5.0 environment. Each of the five components is briefly described here: - -- Management Server – provides overall management functionality for the App-V 5.0 infrastructure. - -- Management Database – facilitates database predeployments for App-V 5.0 management. - -- Publishing Server – provides hosting and streaming functionality for virtual applications. - -- Reporting Server – provides App-V 5.0 reporting services. - -- Reporting Database – facilitates database predeployments for App-V 5.0 reporting. - -## App-V 5.0 stand-alone deployment - - -The App-V 5.0 standalone deployment provides a good topology for a small deployment or a test environment. When you use this type of implementation, all server components are deployed to a single computer. The services and associated databases will compete for the resources on the computer that runs the App-V 5.0 components. Therefore, you should not use this topology for larger deployments. - -[How to Deploy the App-V 5.0 Server](how-to-deploy-the-app-v-50-server-50sp3.md) - -[How to Deploy the App-V 5.0 Server Using a Script](how-to-deploy-the-app-v-50-server-using-a-script.md) - -## App-V 5.0 Server distributed deployment - - -The distributed deployment topology can support a large App-V 5.0 client base and it allows you to more easily manage and scale your environment. When you use this type of deployment, the App-V 5.0 Server components are deployed across multiple computers, based on the structure and requirements of the organization. - -[How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services.md) - -[How to install the Reporting Server on a Standalone Computer and Connect it to the Database](how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database.md) - -[How to Deploy the App-V 5.0 Server Using a Script](how-to-deploy-the-app-v-50-server-using-a-script.md) - -[How to Install the Publishing Server on a Remote Computer](how-to-install-the-publishing-server-on-a-remote-computer.md) - -[How to install the Management Server on a Standalone Computer and Connect it to the Database](how-to-install-the-management-server-on-a-standalone-computer-and-connect-it-to-the-database.md) - -## Using an Enterprise Software Distribution (ESD) solution and App-V 5.0 - - -You can also deploy the App-V 5.0 clients and packages by using an ESD without having to deploy App-V 5.0. The full capabilities for integration will vary depending on the ESD that you use. - -**Note**   -The App-V 5.0 reporting server and reporting database can still be deployed alongside the ESD to collect the reporting data from the App-V 5.0 clients. However, the other three server components should not be deployed, because they will conflict with the ESD functionality. - - - -[Deploying App-V 5.0 Packages by Using Electronic Software Distribution (ESD)](deploying-app-v-50-packages-by-using-electronic-software-distribution--esd-.md) - -## App-V 5.0 Server logs - - -You can use App-V 5.0 server log information to help troubleshoot the server installation and operational events while using App-V 5.0. The server-related log information can be reviewed with the **Event Viewer**. The following line displays the specific path for Server-related events: - -**Event Viewer \\ Applications and Services Logs \\ Microsoft \\ App V** - -Associated setup logs are saved in the following directory: - -**%temp%** - -In App-V 5.0 SP3, some logs have been consolidated and moved. See [About App-V 5.0 SP3](about-app-v-50-sp3.md#bkmk-event-logs-moved). - -## App-V 5.0 reporting - - -App-V 5.0 reporting allows App-V 5.0 clients to collect data and then send it back to be stored in a central repository. You can use this information to get a better view of the virtual application usage within your organization. The following list displays some of the types of information the App-V 5.0 client collects: - -- Information about the computer that runs the App-V 5.0 client. - -- Information about virtualized packages on a specific computer that runs the App-V 5.0 client. - -- Information about package open and shutdown for a specific user. - -The reporting information will be maintained until it is successfully sent to the reporting server database. After the data is in the database, you can use Microsoft SQL Server Reporting Services to generate any necessary reports. - -If you want to retrieve report information, you must use Microsoft SQL Server Reporting Services (SSRS) which is available with Microsoft SQL. SSRS is not installed when you install the App-V 5.0 reporting server and it must be deployed separately to generate the associated reports. - -Use the following link for more information [About App-V 5.0 Reporting](about-app-v-50-reporting.md). - -[How to Enable Reporting on the App-V 5.0 Client by Using PowerShell](how-to-enable-reporting-on-the-app-v-50-client-by-using-powershell.md) - -## Other resources for the App-V server - - -[Deploying App-V 5.0](deploying-app-v-50.md) - - - - - - - - - - - - - - diff --git a/mdop/appv-v5/deploying-the-app-v-51-sequencer-and-client.md b/mdop/appv-v5/deploying-the-app-v-51-sequencer-and-client.md deleted file mode 100644 index 0811cc8ca8..0000000000 --- a/mdop/appv-v5/deploying-the-app-v-51-sequencer-and-client.md +++ /dev/null @@ -1,123 +0,0 @@ ---- -title: Deploying the App-V 5.1 Sequencer and Client -description: Deploying the App-V 5.1 Sequencer and Client -author: dansimp -ms.assetid: 74f32794-4c76-436f-a542-f9e95d89063d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/21/2016 ---- - - -# Deploying the App-V 5.1 Sequencer and Client - - -The Microsoft Application Virtualization (App-V) 5.1 Sequencer and client enable administrators to virtualize and run virtualized applications. - -## Deploy the client - - -The App-V 5.1 client is the component that runs a virtualized application on a target computer. The client enables users to interact with icons and to double-click file types, so that they can start a virtualized application. The client can also obtain the virtual application content from the management server. - -[How to Deploy the App-V Client](how-to-deploy-the-app-v-client-51gb18030.md) - -[How to Uninstall the App-V 5.1 Client](how-to-uninstall-the-app-v-51-client.md) - -[How to Deploy the App-V 4.6 and the App-V 5.1 Client on the Same Computer](how-to-deploy-the-app-v-46-and-the-app-v--51-client-on-the-same-computer.md) - -## Client Configuration Settings - - -The App-V 5.1 client stores its configuration in the registry. You can gather some useful information about the client if you understand the format of data in the registry. You can also configure many client actions by changing registry entries. - -[About Client Configuration Settings](about-client-configuration-settings51.md) - -## Configure the client by using the ADMX template and Group Policy - - -You can use the Microsoft ADMX template to configure the client settings for the App-V 5.1 client and the Remote Desktop Services client. The ADMX template manages common client configurations by using an existing Group Policy infrastructure and it includes settings for the App-V 5.1 client configuration. - -**Important**   -You can obtain the App-V 5.1 ADMX template from the Microsoft Download Center. - - - -After you download and install the ADMX template, perform the following steps on the computer that you will use to manage Group Policy. This is typically the Domain Controller. - -1. Save the **.admx** file to the following directory: **Windows \\ PolicyDefinitions** - -2. Save the **.adml** file to the following directory: **Windows \\ PolicyDefinitions \\ <Language Directory>** - -After you have completed the preceding steps, you can manage the App-V 5.1 client configuration settings with the **Group Policy Management** console. - -The App-V 5.1 client also stores its configuration in the registry. You can gather some useful information about the client if you understand the format of the data in the registry. You can also configure many client actions by changing registry entries. - -[How to Modify App-V 5.1 Client Configuration Using the ADMX Template and Group Policy](how-to-modify-app-v-51-client-configuration-using-the-admx-template-and-group-policy.md) - -## Deploy the client by using the Shared Content Store mode - - -The App-V 5.1 Shared Content Store (SCS) mode enables the SCS App-V 5.1 clients to run virtualized applications without saving any of the associated package data locally. All required virtualized package data is transmitted across the network; therefore, you should only use the SCS mode in environments with a fast connection. Both the Remote Desktop Services (RDS) and the standard version of the App-V 5.1 client are supported with SCS mode. - -**Important**   -If the App-V 5.1 client is configured to run in the SCS mode, the location where the App-V 5.1 packages are streamed from must be available, otherwise, the virtualized package will fail. Additionally, we do not recommend deployment of virtualized applications to computers that run the App-V 5.1 client in the SCS mode across the internet. - - - -Additionally, the SCS is not a physical location that contains virtualized packages. It is a mode that allows the App-V 5.1 client to stream the required virtualized package data across the network. - -The SCS mode is helpful in the following scenarios: - -- Virtual desktop infrastructure (VDI) deployments - -- Remote desktop services (RDS) deployments - -To use SCS in your environment, you must enable the App-V 5.1 client to run in SCS mode. This setting should be specified during installation. By default, the client is not configured to use SCS mode. You should install the client by using the suggested procedure if you plan to use SCS. However, you can configure an existing App-V 5.1 client to run in SCS mode by entering the following PowerShell command on the computer that runs the App-V 5.1 client: - -**set-AppvClientConfiguration -SharedContentStoreMode 1** - -There might be cases when the administrator pre-loads some virtual applications on the computer that runs the App-V 5.1 client in SCS mode. This can be accomplished with PowerShell commands to add, publish, and mount the package. For example, if a package is pre-loaded on all computers, the administrator could add, publish, and mount the package by using PowerShell commands. The package would not stream across the network because it would be locally stored. - -[How to Install the App-V 5.1 Client for Shared Content Store Mode](how-to-install-the-app-v-51-client-for-shared-content-store-mode.md) - -## Deploy the Sequencer - - -The Sequencer is a tool that is used to convert standard applications into virtual packages for deployment to computers that run the App-V 5.1 client. The Sequencer helps provide a simple and predictable conversion process with minimal changes to prior sequencing workflows. In addition, the Sequencer allows users to more easily configure applications to enable connections of virtualized applications. - -For a list of changes in the App-V 5.1 Sequencer, see [About App-V 5.1](about-app-v-51.md). - -[How to Install the Sequencer](how-to-install-the-sequencer-51beta-gb18030.md) - -## App-V 5.1 Client and Sequencer logs - - -You can use the App-V 5.1 Sequencer log information to help troubleshoot the Sequencer installation and operational events while using App-V 5.1. The Sequencer-related log information can be reviewed with the **Event Viewer**. The following line displays the specific path for Sequencer-related events: - -**Event Viewer \\ Applications and Services Logs \\ Microsoft \\ App V**. Sequencer-related events are prepended with **AppV\_Sequencer**. Client-related events are prepended with **AppV\_Client**. - -## Other resources for deploying the Sequencer and client - - -[Deploying App-V 5.1](deploying-app-v-51.md) - -[Planning for App-V 5.1](planning-for-app-v-51.md) - - - - - - - - - - - - - - diff --git a/mdop/appv-v5/deploying-the-app-v-51-server.md b/mdop/appv-v5/deploying-the-app-v-51-server.md deleted file mode 100644 index ddfa7f25d1..0000000000 --- a/mdop/appv-v5/deploying-the-app-v-51-server.md +++ /dev/null @@ -1,96 +0,0 @@ ---- -title: Deploying the App-V 5.1 Server -description: Deploying the App-V 5.1 Server -author: dansimp -ms.assetid: 987b61dc-00d6-49ba-8f1b-92d7b948e702 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - -# Deploying the App-V 5.1 Server - -You can install the Microsoft Application Virtualization (App-V) 5.1 server features by using different deployment configurations, which described in this topic. Before you install the server features, review the server section of [App-V 5.1 Security Considerations](app-v-51-security-considerations.md). - -For information about deploying the App-V Server, see [About App-V 5.1](about-app-v-51.md#bkmk-migrate-to-51). - -> [!IMPORTANT] -> Before you install and configure the App-V 5.1 servers, you must specify a port where each component will be hosted. You must also add the associated firewall rules to allow incoming requests to access the specified ports. The installer does not modify firewall settings. - -## App-V 5.1 Server overview - -The App-V 5.1 Server is made up of five components. Each component serves a different purpose within the App-V 5.1 environment. Each of the five components is briefly described here: - -- Management Server – provides overall management functionality for the App-V 5.1 infrastructure. -- Management Database – facilitates database predeployments for App-V 5.1 management. -- Publishing Server – provides hosting and streaming functionality for virtual applications. -- Reporting Server – provides App-V 5.1 reporting services. -- Reporting Database – facilitates database predeployments for App-V 5.1 reporting. - -## App-V 5.1 stand-alone deployment - -The App-V 5.1 standalone deployment provides a good topology for a small deployment or a test environment. When you use this type of implementation, all server components are deployed to a single computer. The services and associated databases will compete for the resources on the computer that runs the App-V 5.1 components. Therefore, you should not use this topology for larger deployments. - -[How to Deploy the App-V 5.1 Server](how-to-deploy-the-app-v-51-server.md) - -[How to Deploy the App-V 5.1 Server Using a Script](how-to-deploy-the-app-v-51-server-using-a-script.md) - -## App-V 5.1 Server distributed deployment - -The distributed deployment topology can support a large App-V 5.1 client base and it allows you to more easily manage and scale your environment. When you use this type of deployment, the App-V 5.1 Server components are deployed across multiple computers, based on the structure and requirements of the organization. - -[How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services51.md) - -[How to install the Management Server on a Standalone Computer and Connect it to the Database](how-to-install-the-management-server-on-a-standalone-computer-and-connect-it-to-the-database51.md) - -[How to Deploy the App-V 5.1 Server Using a Script](how-to-deploy-the-app-v-51-server-using-a-script.md) - -[How to Install the Publishing Server on a Remote Computer](how-to-install-the-publishing-server-on-a-remote-computer51.md) - -[How to install the Management Server on a Standalone Computer and Connect it to the Database](how-to-install-the-management-server-on-a-standalone-computer-and-connect-it-to-the-database51.md) - -## Using an Enterprise Software Distribution (ESD) solution and App-V 5.1 - -You can also deploy the App-V 5.1 clients and packages by using an ESD without having to deploy App-V 5.1. The full capabilities for integration will vary depending on the ESD that you use. - -> [!NOTE] -> The App-V 5.1 reporting server and reporting database can still be deployed alongside the ESD to collect the reporting data from the App-V 5.1 clients. However, the other three server components should not be deployed, because they will conflict with the ESD functionality. - -[Deploying App-V 5.1 Packages by Using Electronic Software Distribution (ESD)](deploying-app-v-51-packages-by-using-electronic-software-distribution--esd-.md) - -## App-V 5.1 Server logs - -You can use App-V 5.1 server log information to help troubleshoot the server installation and operational events while using App-V 5.1. The server-related log information can be reviewed with the **Event Viewer**. The following line displays the specific path for Server-related events: - -**Event Viewer \\ Applications and Services Logs \\ Microsoft \\ App V** - -Associated setup logs are saved in the following directory: - -**%temp%** - -In App-V 5.0 SP3, some logs were consolidated and moved. See [About App-V 5.0 SP3](about-app-v-50-sp3.md#bkmk-event-logs-moved). - -## App-V 5.1 reporting - -App-V 5.1 reporting allows App-V 5.1 clients to collect data and then send it back to be stored in a central repository. You can use this information to get a better view of the virtual application usage within your organization. The following list displays some of the types of information the App-V 5.1 client collects: - -- Information about the computer that runs the App-V 5.1 client. -- Information about virtualized packages on a specific computer that runs the App-V 5.1 client. -- Information about package open and shutdown for a specific user. - -The reporting information will be maintained until it is successfully sent to the reporting server database. After the data is in the database, you can use Microsoft SQL Server Reporting Services to generate any necessary reports. - -If you want to retrieve report information, you must use Microsoft SQL Server Reporting Services (SSRS) which is available with Microsoft SQL. SSRS is not installed when you install the App-V 5.1 reporting server and it must be deployed separately to generate the associated reports. - -Use the following link for more information [About App-V 5.1 Reporting](about-app-v-51-reporting.md). - -[How to Enable Reporting on the App-V 5.1 Client by Using PowerShell](how-to-enable-reporting-on-the-app-v-51-client-by-using-powershell.md) - -## Other resources for the App-V server - -[Deploying App-V 5.1](deploying-app-v-51.md) diff --git a/mdop/appv-v5/evaluating-app-v-50.md b/mdop/appv-v5/evaluating-app-v-50.md deleted file mode 100644 index 1b2cc2ac24..0000000000 --- a/mdop/appv-v5/evaluating-app-v-50.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: Evaluating App-V 5.0 -description: Evaluating App-V 5.0 -author: dansimp -ms.assetid: 0b4a6b12-559d-429f-9659-dc8f4883feab -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Evaluating App-V 5.0 - - -Before you deploy Microsoft Application Virtualization (App-V) 5.0 into a production environment, you should evaluate it in a lab environment. You can use the information in this topic to set up App-V 5.0 in a lab environment for evaluation purposes only. - -## Configure lab computers for App-V 5.0 Evaluation - - -Use the following link for information about setting up the App-V 5.0 sequencer on a computer in your lab environment. - -### Installing the App-V 5.0 Sequencer and Creating Packages - -Use the following links for information about setting up the App-V 5.0 sequencer and creating packages in your lab environment. - -- [How to Install the Sequencer](how-to-install-the-sequencer-beta-gb18030.md) - -- [Creating and Managing App-V 5.0 Virtualized Applications](creating-and-managing-app-v-50-virtualized-applications.md) - -### Configuring the App-V 5.0 Server - -Use the following links for information about setting up the App-V 5.0 server in your lab environment. - -- [How to Deploy the App-V 5.0 Server](how-to-deploy-the-app-v-50-server-50sp3.md) - -- [Administering App-V 5.0 Virtual Applications by Using the Management Console](administering-app-v-50-virtual-applications-by-using-the-management-console.md) - -### Installing the App-V 5.0 Client - -Use the following link for more information about creating and managing virtualized packages in your lab environment. - -- [How to Deploy the App-V Client](how-to-deploy-the-app-v-client-gb18030.md) - -- [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](how-to-configure-the-client-to-receive-package-and-connection-groups-updates-from-the-publishing-server-beta.md) - - - - - - -## Related topics - - -[Getting Started with App-V 5.0](getting-started-with-app-v-50--rtm.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/evaluating-app-v-51.md b/mdop/appv-v5/evaluating-app-v-51.md deleted file mode 100644 index 84facb34f4..0000000000 --- a/mdop/appv-v5/evaluating-app-v-51.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: Evaluating App-V 5.1 -description: Evaluating App-V 5.1 -author: dansimp -ms.assetid: 92d80b23-3eca-4be3-a771-e700ad1470db -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Evaluating App-V 5.1 - - -Before you deploy Microsoft Application Virtualization (App-V) 5.1 into a production environment, you should evaluate it in a lab environment. You can use the information in this topic to set up App-V 5.1 in a lab environment for evaluation purposes only. - -## Configure lab computers for App-V 5.1 Evaluation - - -Use the following link for information about setting up the App-V 5.1 sequencer on a computer in your lab environment. - -### Installing the App-V 5.1 Sequencer and Creating Packages - -Use the following links for information about setting up the App-V 5.1 sequencer and creating packages in your lab environment. - -- [How to Install the Sequencer](how-to-install-the-sequencer-51beta-gb18030.md) - -- [Creating and Managing App-V 5.1 Virtualized Applications](creating-and-managing-app-v-51-virtualized-applications.md) - -### Configuring the App-V 5.1 Server - -Use the following links for information about setting up the App-V 5.1 server in your lab environment. - -- [How to Deploy the App-V 5.1 Server](how-to-deploy-the-app-v-51-server.md) - -- [Administering App-V 5.1 Virtual Applications by Using the Management Console](administering-app-v-51-virtual-applications-by-using-the-management-console.md) - -### Installing the App-V 5.1 Client - -Use the following link for more information about creating and managing virtualized packages in your lab environment. - -- [How to Deploy the App-V Client](how-to-deploy-the-app-v-client-51gb18030.md) - -- [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](how-to-configure-the-client-to-receive-package-and-connection-groups-updates-from-the-publishing-server-51.md) - - - - - - -## Related topics - - -[Getting Started with App-V 5.1](getting-started-with-app-v-51.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/getting-started-with-app-v-50--rtm.md b/mdop/appv-v5/getting-started-with-app-v-50--rtm.md deleted file mode 100644 index 861662bca5..0000000000 --- a/mdop/appv-v5/getting-started-with-app-v-50--rtm.md +++ /dev/null @@ -1,150 +0,0 @@ ---- -title: Getting Started with App-V 5.0 -description: Getting Started with App-V 5.0 -author: dansimp -ms.assetid: 3e16eafb-ce95-4d06-b214-fe0f4b1b495f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Getting Started with App-V 5.0 - - -App-V 5.0 enables administrators to deploy, update, and support applications as services in real time, on an as-needed basis. Individual applications are transformed from locally installed products into centrally managed services and are available wherever you need, without the need to preconfigure computers or to change operating system settings. - -App-V consists of the following elements: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ElementDescription

App-V Management Server

    -

  • Provides a central location for managing the App-V infrastructure, which delivers virtual applications to both the App-V Desktop Client and the Remote Desktop Services (formerly Terminal Services) Client.

    • -

  • Uses Microsoft SQL Server® for its data store, where one or more App-V Management servers can share a single SQL Server data store.

    • -

  • Authenticates requests and provides security, metering, monitoring, and data gathering. The server uses Active Directory and supporting tools to manage users and applications.

    • -

  • Has a Silverlight®-based management site, which enables you to configure the App-V infrastructure from any computer. You can add and remove applications, manipulate shortcuts, assign access permissions to users and groups, and create connection groups.

    • -

  • Enables communication between the App-V Web Management Console and the SQL Server data store. These components can all be installed on a single server computer, or on one or more separate computers, depending on the required system architecture.

    • -

App-V Publishing Server

    -

  • Provides App-V Clients with entitled applications for the specific user

    • -

  • Hosts the virtual application package for streaming.

    • -

App-V Desktop Client

    -

  • Retrieves virtual applications

    • -

  • Publishes the applications on the clients

    • -

  • Automatically sets up and manages virtual environments at runtime on Windows endpoints.

    • -

  • Stores user-specific virtual application settings, such as registry and file changes, in each user's profile.

    • -

App-V Remote Desktop Services (RDS) Client

Enables Remote Desktop Session Host servers to use the capabilities of the App-V Desktop Client for shared desktop sessions.

App-V Sequencer

    -

  • Is a wizard-based tool that you use to transform traditional applications into virtual applications.

    • -

  • Produces the application “package,” which consists of:

    -
      -

    1. a sequenced application (APPV) file

      2. -

    2. a Windows Installer file (MSI) that can be deployed to clients configured for stand-alone operation

      3. -

    3. Several XML files including Report.XML, PackageName_DeploymentConfig.XML, and PackageName_UserConfig.XML. The UserConfig and DeploymentConfig XML files are used to configure custom changes to the default behavior of the package.

      4. -
    • -
- - - -For more information about these elements, see [High Level Architecture for App-V 5.0](high-level-architecture-for-app-v-50.md). - -If you are new to this product, we recommend that you read the documentation thoroughly. Before you deploy it to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at . - -**Note**   -A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at (https://go.microsoft.com/fwlink/?LinkId=272491). - - - -This section of the App-V 5.0 Administrator’s Guide includes high-level information about App-V 5.0 to provide you with a basic understanding of the product before you begin the deployment planning. - -## Getting started with App-V 5.0 - - -- [About App-V 5.0](about-app-v-50.md) - - Provides a high-level overview of App-V 5.0 and how it can be used in your organization. - -- [About App-V 5.0 SP1](about-app-v-50-sp1.md) - - Provides a high-level overview of App-V 5.0 SP1 and how it can be used in your organization. - -- [About App-V 5.0 SP2](about-app-v-50-sp2.md) - - Provides a high-level overview of App-V 5.0 SP2 and how it can be used in your organization. - -- [About App-V 5.0 SP3](about-app-v-50-sp3.md) - - Provides a high-level overview of App-V 5.0 SP2 and how it can be used in your organization. - -- [Evaluating App-V 5.0](evaluating-app-v-50.md) - - Provides information about how you can best evaluate App-V 5.0 for use in your organization. - -- [High Level Architecture for App-V 5.0](high-level-architecture-for-app-v-50.md) - - Provides a description of the App-V 5.0 features and how they work together. - -- [Accessibility for App-V 5.0](accessibility-for-app-v-50.md) - - Provides information about features and services that make this product and its corresponding documentation more accessible for people with disabilities. - -## Other resources for this product - - -- [Microsoft Application Virtualization 5.0 Administrator's Guide](microsoft-application-virtualization-50-administrators-guide.md) - -- [Planning for App-V 5.0](planning-for-app-v-50-rc.md) - -- [Deploying App-V 5.0](deploying-app-v-50.md) - -- [Operations for App-V 5.0](operations-for-app-v-50.md) - -- [Troubleshooting App-V 5.0](troubleshooting-app-v-50.md) - - - - - - - - - - - - - - diff --git a/mdop/appv-v5/getting-started-with-app-v-51.md b/mdop/appv-v5/getting-started-with-app-v-51.md deleted file mode 100644 index f508e2c3a6..0000000000 --- a/mdop/appv-v5/getting-started-with-app-v-51.md +++ /dev/null @@ -1,140 +0,0 @@ ---- -title: Getting Started with App-V 5.1 -description: Getting Started with App-V 5.1 -author: dansimp -ms.assetid: 49a20e1f-0566-4e53-a417-1521393fc974 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Getting Started with App-V 5.1 - - -Microsoft Application Virtualization (App-V) 5.1 enables administrators to deploy, update, and support applications as services in real time, on an as-needed basis. Individual applications are transformed from locally installed products into centrally managed services and are available wherever you need, without the need to preconfigure computers or to change operating system settings. - -App-V consists of the following elements: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ElementDescription

App-V Management Server

    -

  • Provides a central location for managing the App-V infrastructure, which delivers virtual applications to both the App-V Desktop Client and the Remote Desktop Services (formerly Terminal Services) Client.

    • -

  • Uses Microsoft SQL Server® for its data store, where one or more App-V Management servers can share a single SQL Server data store.

    • -

  • Authenticates requests and provides security, metering, monitoring, and data gathering. The server uses Active Directory and supporting tools to manage users and applications.

    • -

  • Has a management site that lets you configure the App-V infrastructure from any computer. You can add and remove applications, manipulate shortcuts, assign access permissions to users and groups, and create connection groups.

    • -

  • Enables communication between the App-V Web Management Console and the SQL Server data store. These components can all be installed on a single server computer, or on one or more separate computers, depending on the required system architecture.

    • -

App-V Publishing Server

    -

  • Provides App-V Clients with entitled applications for the specific user

    • -

  • Hosts the virtual application package for streaming.

    • -

App-V Desktop Client

    -

  • Retrieves virtual applications

    • -

  • Publishes the applications on the clients

    • -

  • Automatically sets up and manages virtual environments at runtime on Windows endpoints.

    • -

  • Stores user-specific virtual application settings, such as registry and file changes, in each user's profile.

    • -

App-V Remote Desktop Services (RDS) Client

Enables Remote Desktop Session Host servers to use the capabilities of the App-V Desktop Client for shared desktop sessions.

App-V Sequencer

    -

  • Is a wizard-based tool that you use to transform traditional applications into virtual applications.

    • -

  • Produces the application “package,” which consists of:

    -
      -

    1. a sequenced application (APPV) file

      2. -

    2. a Windows Installer file (MSI) that can be deployed to clients configured for stand-alone operation

      3. -

    3. Several XML files including Report.XML, PackageName_DeploymentConfig.XML, and PackageName_UserConfig.XML. The UserConfig and DeploymentConfig XML files are used to configure custom changes to the default behavior of the package.

      4. -
    • -
- - - -For more information about these elements, see [High Level Architecture for App-V 5.1](high-level-architecture-for-app-v-51.md). - -If you are new to this product, we recommend that you read the documentation thoroughly. Before you deploy it to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at . - -**Note**   -A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at (https://go.microsoft.com/fwlink/?LinkId=272491). - - - -This section of the App-V 5.1 Administrator’s Guide includes high-level information about App-V 5.1 to provide you with a basic understanding of the product before you begin the deployment planning. - -## Getting started with App-V 5.1 - - -- [About App-V 5.1](about-app-v-51.md) - - Provides a high-level overview of App-V 5.1 and how it can be used in your organization. - -- [Evaluating App-V 5.1](evaluating-app-v-51.md) - - Provides information about how you can best evaluate App-V 5.1 for use in your organization. - -- [High Level Architecture for App-V 5.1](high-level-architecture-for-app-v-51.md) - - Provides a description of the App-V 5.1 features and how they work together. - -- [Accessibility for App-V 5.1](accessibility-for-app-v-51.md) - - Provides information about features and services that make this product and its corresponding documentation more accessible for people with disabilities. - -## Other resources for this product - - -- [Microsoft Application Virtualization 5.1 Administrator's Guide](microsoft-application-virtualization-51-administrators-guide.md) - -- [Planning for App-V 5.1](planning-for-app-v-51.md) - -- [Deploying App-V 5.1](deploying-app-v-51.md) - -- [Operations for App-V 5.1](operations-for-app-v-51.md) - -- [Troubleshooting App-V 5.1](troubleshooting-app-v-51.md) - -- [Technical Reference for App-V 5.1](technical-reference-for-app-v-51.md) - - - - - - - - - - - - - - diff --git a/mdop/appv-v5/high-level-architecture-for-app-v-50.md b/mdop/appv-v5/high-level-architecture-for-app-v-50.md deleted file mode 100644 index e23df5f0a1..0000000000 --- a/mdop/appv-v5/high-level-architecture-for-app-v-50.md +++ /dev/null @@ -1,91 +0,0 @@ ---- -title: High Level Architecture for App-V 5.0 -description: High Level Architecture for App-V 5.0 -author: dansimp -ms.assetid: fdf8b841-918f-4672-b352-0f2b9519581b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# High Level Architecture for App-V 5.0 - - -Use the following information to help you simplify you Microsoft Application Virtualization (App-V) 5.0 deployment. - -## Architecture Overview - - -A typical App-V 5.0 implementation consists of the following elements. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ElementMore information

App-V 5.0 Management Server

The App-V 5.0 Management server provides overall management functionality for the App-V 5.0 infrastructure. Additionally, you can install more than one instance of the management server in your environment which provides the following benefits:

-
    -

  • Fault Tolerance and High Availability – Installing and configuring the App-V 5.0 Management server on two separate computers can help in situations when one of the servers is unavailable or offline.

    -

    You can also help increase App-V 5.0 availability by installing the Management server on multiple computers. In this scenario, a network load balancer should also be considered so that server requests are balanced.

    • -

  • Scalability – You can add additional management servers as necessary to support a high load, for example you can install multiple servers behind a load balancer.

    • -

App-V 5.0 Publishing Server

The App-V 5.0 publishing server provides functionality for virtual application hosting and streaming. The publishing server does not require a database connection and supports the following protocols:

-
    -

  • HTTP, and HTTPS

    • -
-

You can also help increase App-V 5.0 availability by installing the Publishing server on multiple computers. A network load balancer should also be considered so that server requests are balanced.

App-V 5.0 Reporting Server

The App-V 5.0 Reporting server enables authorized users to run and view existing App-V 5.0 reports and ad hoc reports that can help them manage the App-V 5.0 infrastructure. The Reporting server requires a connection to the App-V 5.0 reporting database. You can also help increase App-V 5.0 availability by installing the Reporting server on multiple computers. A network load balancer should also be considered so that server requests are balanced.

App-V 5.0 Client

The App-V 5.0 client enables packages created using App-V 5.0 to run on target computers.

- - - -**Note**   -If you are using App-V 5.0 with Electronic Software Distribution (ESD) you are not required to use the App-V 5.0 Management server, however you can still utilize the reporting and streaming functionality of App-V 5.0. - - - - - - - - -## Related topics - - -[Getting Started with App-V 5.0](getting-started-with-app-v-50--rtm.md) - - - - - - - - - diff --git a/mdop/appv-v5/high-level-architecture-for-app-v-51.md b/mdop/appv-v5/high-level-architecture-for-app-v-51.md deleted file mode 100644 index af616233b3..0000000000 --- a/mdop/appv-v5/high-level-architecture-for-app-v-51.md +++ /dev/null @@ -1,91 +0,0 @@ ---- -title: High Level Architecture for App-V 5.1 -description: High Level Architecture for App-V 5.1 -author: dansimp -ms.assetid: 90406361-55b8-40b7-85c0-449436789d4c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# High Level Architecture for App-V 5.1 - - -Use the following information to help you simplify you Microsoft Application Virtualization (App-V) 5.1 deployment. - -## Architecture Overview - - -A typical App-V 5.1 implementation consists of the following elements. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ElementMore information

App-V 5.1 Management Server

The App-V 5.1 Management server provides overall management functionality for the App-V 5.1 infrastructure. Additionally, you can install more than one instance of the management server in your environment which provides the following benefits:

-
    -

  • Fault Tolerance and High Availability – Installing and configuring the App-V 5.1 Management server on two separate computers can help in situations when one of the servers is unavailable or offline.

    -

    You can also help increase App-V 5.1 availability by installing the Management server on multiple computers. In this scenario, a network load balancer should also be considered so that server requests are balanced.

    • -

  • Scalability – You can add additional management servers as necessary to support a high load, for example you can install multiple servers behind a load balancer.

    • -

App-V 5.1 Publishing Server

The App-V 5.1 publishing server provides functionality for virtual application hosting and streaming. The publishing server does not require a database connection and supports the following protocols:

-
    -

  • HTTP, and HTTPS

    • -
-

You can also help increase App-V 5.1 availability by installing the Publishing server on multiple computers. A network load balancer should also be considered so that server requests are balanced.

App-V 5.1 Reporting Server

The App-V 5.1 Reporting server enables authorized users to run and view existing App-V 5.1 reports and ad hoc reports that can help them manage the App-V 5.1 infrastructure. The Reporting server requires a connection to the App-V 5.1 reporting database. You can also help increase App-V 5.1 availability by installing the Reporting server on multiple computers. A network load balancer should also be considered so that server requests are balanced.

App-V 5.1 Client

The App-V 5.1 client enables packages created using App-V 5.1 to run on target computers.

- - - -**Note**   -If you are using App-V 5.1 with Electronic Software Distribution (ESD) you are not required to use the App-V 5.1 Management server, however you can still utilize the reporting and streaming functionality of App-V 5.1. - - - - - - - - -## Related topics - - -[Getting Started with App-V 5.1](getting-started-with-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-access-the-client-management-console.md b/mdop/appv-v5/how-to-access-the-client-management-console.md deleted file mode 100644 index 90164220e0..0000000000 --- a/mdop/appv-v5/how-to-access-the-client-management-console.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: How to Access the Client Management Console -description: How to Access the Client Management Console -author: dansimp -ms.assetid: 3f6303c7-f953-4623-8211-c20d1faa846b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Access the Client Management Console - - -Use the App-V 5.0 client management console to manage packages on the computer running the App-V 5.0 client. - -**Note**   -To perform all of the actions available using the client management console, you must have administrative access on the computer running the App-V 5.0 client. - - - -Use the following procedure to access the client management console. - -**To access the client management console** - -1. On the computer running the App-V 5.0 client, click **Start** and select **Microsoft Application Virtualization Client**. - - **Note**   - For computers running the App-V 5.0 Remote Desktop Services client version, to access client management console follow step 1 of this procedure on the server running the client. - - - -2. When the App-V 5.0 client management console is displayed, click the tab you want to review and perform any required tasks. For more information about the client management console tasks see, [Using the App-V 5.0 Client Management Console](using-the-app-v-50-client-management-console.md). - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-access-the-client-management-console51.md b/mdop/appv-v5/how-to-access-the-client-management-console51.md deleted file mode 100644 index e98a45a0a3..0000000000 --- a/mdop/appv-v5/how-to-access-the-client-management-console51.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: How to Access the Client Management Console -description: How to Access the Client Management Console -author: dansimp -ms.assetid: 22131251-acd5-44e7-a30b-7d389c518b6f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Access the Client Management Console - - -Use the App-V 5.1 client management console to manage packages on the computer running the App-V 5.1 client. - -**Note**   -To perform all of the actions available using the client management console, you must have administrative access on the computer running the App-V 5.1 client. - - - -Use the following procedure to access the client management console. - -**To access the client management console** - -1. On the computer running the App-V 5.1 client, click **Start** and select **Microsoft Application Virtualization Client**. - - **Note**   - For computers running the App-V 5.1 Remote Desktop Services client version, to access client management console follow step 1 of this procedure on the server running the client. - - - -2. When the App-V 5.1 client management console is displayed, click the tab you want to review and perform any required tasks. For more information about the client management console tasks see, [Using the App-V 5.1 Client Management Console](using-the-app-v-51-client-management-console.md). - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-add-or-remove-an-administrator-by-using-the-management-console.md b/mdop/appv-v5/how-to-add-or-remove-an-administrator-by-using-the-management-console.md deleted file mode 100644 index 7f2daaca8d..0000000000 --- a/mdop/appv-v5/how-to-add-or-remove-an-administrator-by-using-the-management-console.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: How to Add or Remove an Administrator by Using the Management Console -description: How to Add or Remove an Administrator by Using the Management Console -author: dansimp -ms.assetid: 0e8ab443-1931-4b1a-95df-6ccbecc9efc5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Add or Remove an Administrator by Using the Management Console - - -Use the following procedures to add or remove an administrator on the App-V 5.0 server. - -**To add an administrator using the Management Console** - -1. Open the App-V 5.0 Management Console and click **Administrators** in the navigation pane. The navigation pane displays a list of Access Directory (AD) users and groups that currently have administrative access to the App-V 5.0 server. - -2. To add a new administrator, click **Add Administrator** Type the name of the administrator that you want to add in the **Active Directory Name** field. Ensure you provide the associated user account domain name. For example, **Domain** \\ **UserName**. - -3. Select the account that you want to add and click **Add**. The new account is displayed in the list of server administrators. - -**To remove an administrator using the Management Console** - -1. Open the App-V 5.0 Management Console and click **Administrators** in the navigation pane. The navigation pane displays a list of AD users and groups that currently have administrative access to the App-V 5.0 server. - -2. Right-click the account to be removed from the list of administrators and select **Remove**. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-add-or-remove-an-administrator-by-using-the-management-console51.md b/mdop/appv-v5/how-to-add-or-remove-an-administrator-by-using-the-management-console51.md deleted file mode 100644 index e4d9c802e9..0000000000 --- a/mdop/appv-v5/how-to-add-or-remove-an-administrator-by-using-the-management-console51.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: How to Add or Remove an Administrator by Using the Management Console -description: How to Add or Remove an Administrator by Using the Management Console -author: dansimp -ms.assetid: 7ff8c436-9d2e-446a-9ea2-bbab7e25bf21 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Add or Remove an Administrator by Using the Management Console - - -Use the following procedures to add or remove an administrator on the Microsoft Application Virtualization (App-V) 5.1 server. - -**To add an administrator using the Management Console** - -1. Open the Microsoft Application Virtualization (App-V) 5.1 Management Console and click **Administrators** in the navigation pane. The navigation pane displays a list of Access Directory (AD) users and groups that currently have administrative access to the Microsoft Application Virtualization (App-V) 5.1 server. - -2. To add a new administrator, click **Add Administrator** Type the name of the administrator that you want to add in the **Active Directory Name** field. Ensure you provide the associated user account domain name. For example, **Domain** \\ **UserName**. - -3. Select the account that you want to add and click **Add**. The new account is displayed in the list of server administrators. - -**To remove an administrator using the Management Console** - -1. Open the Microsoft Application Virtualization (App-V) 5.1 Management Console and click **Administrators** in the navigation pane. The navigation pane displays a list of AD users and groups that currently have administrative access to the Microsoft Application Virtualization (App-V) 5.1 server. - -2. Right-click the account to be removed from the list of administrators and select **Remove**. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-add-or-upgrade-packages-by-using-the-management-console-51-gb18030.md b/mdop/appv-v5/how-to-add-or-upgrade-packages-by-using-the-management-console-51-gb18030.md deleted file mode 100644 index 0d643c8054..0000000000 --- a/mdop/appv-v5/how-to-add-or-upgrade-packages-by-using-the-management-console-51-gb18030.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: How to Add or Upgrade Packages by Using the Management Console -description: How to Add or Upgrade Packages by Using the Management Console -author: dansimp -ms.assetid: 62417b63-06b2-437c-8584-523e1dea97c3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Add or Upgrade Packages by Using the Management Console - - -You can the following procedure to add or upgrade a package to the App-V 5.1 Management Console. To upgrade a package that already exists in the Management Console, use the following steps and import the upgraded package using the same package **Name**. - -**To add a package to the Management Console** - -1. Click the **Packages** tab in the navigation pane of the Management Console display. - - The console displays the list of packages that have been added to the server along with status information about each package. When a package is selected, detailed information about the package is displayed in the **PACKAGES** pane. - - Click the **Ungrouped** drop-down list box and specify how the packages are to be displayed in the console. You can also click the associated column header to sort the packages. - -2. To specify the package you want to add, click **Add or Upgrade Packages**. - -3. Type the full path to the package that you want to add. Use the UNC or HTTP path format, for example **\\\\servername\\sharename\\foldername\\packagename.appv** or **http://server.1234/file.appv**, and then click **Add**. - - **Important**   - You must select a package with the **.appv** file name extension. - - - -4. The page displays the status message **Adding <Packagename>**. Click **IMPORT STATUS** to check the status of a package that you have imported. - - Click **OK** to add the package and close the **Add Package** page. If there was an error during the import, click **Detail** on the **Package Import** page for more information. The newly added package is now available in the **PACKAGES** pane. - -5. Click **Close** to close the **Add or Upgrade Packages** page. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-add-or-upgrade-packages-by-using-the-management-console-beta-gb18030.md b/mdop/appv-v5/how-to-add-or-upgrade-packages-by-using-the-management-console-beta-gb18030.md deleted file mode 100644 index ac3caca510..0000000000 --- a/mdop/appv-v5/how-to-add-or-upgrade-packages-by-using-the-management-console-beta-gb18030.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: How to Add or Upgrade Packages by Using the Management Console -description: How to Add or Upgrade Packages by Using the Management Console -author: dansimp -ms.assetid: 4e389d7e-f402-44a7-bc4c-42c2a8440573 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Add or Upgrade Packages by Using the Management Console - - -You can the following procedure to add or upgrade a package to the App-V 5.0 Management Console. To upgrade a package that already exists in the Management Console, use the following steps and import the upgraded package using the same package **Name**. - -**To add a package to the Management Console** - -1. Click the **Packages** tab in the navigation pane of the Management Console display. - - The console displays the list of packages that have been added to the server along with status information about each package. When a package is selected, detailed information about the package is displayed in the **PACKAGES** pane. - - Click the **Ungrouped** drop-down list box and specify how the packages are to be displayed in the console. You can also click the associated column header to sort the packages. - -2. To specify the package you want to add, click **Add or Upgrade Packages**. - -3. Type the full path to the package that you want to add. Use the UNC or HTTP path format, for example **\\\\servername\\sharename\\foldername\\packagename.appv** or **http://server.1234/file.appv**, and then click **Add**. - - **Important**   - You must select a package with the **.appv** file name extension. - - - -4. The page displays the status message **Adding <Packagename>**. Click **IMPORT STATUS** to check the status of a package that you have imported. - - Click **OK** to add the package and close the **Add Package** page. If there was an error during the import, click **Detail** on the **Package Import** page for more information. The newly added package is now available in the **PACKAGES** pane. - -5. Click **Close** to close the **Add or Upgrade Packages** page. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-allow-only-administrators-to-enable-connection-groups.md b/mdop/appv-v5/how-to-allow-only-administrators-to-enable-connection-groups.md deleted file mode 100644 index ac99282ee1..0000000000 --- a/mdop/appv-v5/how-to-allow-only-administrators-to-enable-connection-groups.md +++ /dev/null @@ -1,75 +0,0 @@ ---- -title: How to Allow Only Administrators to Enable Connection Groups -description: How to Allow Only Administrators to Enable Connection Groups -author: dansimp -ms.assetid: 60e62426-624f-4f26-851e-41cd78520883 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Allow Only Administrators to Enable Connection Groups - - -You can configure the App-V client so that only administrators (not end users) can enable or disable connection groups. In earlier versions of App-V, you could not prevent end users from performing these tasks. - -**Note**   -**This feature is supported starting in App-V 5.0 SP3.** - - - -Use one of the following methods to allow only administrators to enable or disable connection groups. - - ---- - - - - - - - - - - - - - - - - -
MethodSteps

Group Policy setting

Enable the “Require publish as administrator” Group Policy setting, which is located in the following Group Policy Object node:

-

Computer Configuration > Policies > Administrative Templates > System > App-V > Publishing

PowerShell cmdlet

Run the Set-AppvClientConfiguration cmdlet with the –RequirePublishAsAdmin parameter.

-

Parameter values:

-
    -

  • 0 - False

    • -

  • 1 - True

    • -
-

Example:: Set-AppvClientConfiguration –RequirePublishAsAdmin1

- - - -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Managing Connection Groups](managing-connection-groups.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-allow-only-administrators-to-enable-connection-groups51.md b/mdop/appv-v5/how-to-allow-only-administrators-to-enable-connection-groups51.md deleted file mode 100644 index 1a6a35f007..0000000000 --- a/mdop/appv-v5/how-to-allow-only-administrators-to-enable-connection-groups51.md +++ /dev/null @@ -1,75 +0,0 @@ ---- -title: How to Allow Only Administrators to Enable Connection Groups -description: How to Allow Only Administrators to Enable Connection Groups -author: dansimp -ms.assetid: 42ca3157-5d85-467b-a148-09404f8f737a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Allow Only Administrators to Enable Connection Groups - - -You can configure the App-V client so that only administrators (not end users) can enable or disable connection groups. In earlier versions of App-V, you could not prevent end users from performing these tasks. - -**Note**   -**This feature is supported starting in App-V 5.0 SP3.** - - - -Use one of the following methods to allow only administrators to enable or disable connection groups. - - ---- - - - - - - - - - - - - - - - - -
MethodSteps

Group Policy setting

Enable the “Require publish as administrator” Group Policy setting, which is located in the following Group Policy Object node:

-

Computer Configuration > Policies > Administrative Templates > System > App-V > Publishing

PowerShell cmdlet

Run the Set-AppvClientConfiguration cmdlet with the –RequirePublishAsAdmin parameter.

-

Parameter values:

-
    -

  • 0 - False

    • -

  • 1 - True

    • -
-

Example:: Set-AppvClientConfiguration –RequirePublishAsAdmin1

- - - -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Managing Connection Groups](managing-connection-groups51.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-apply-the-deployment-configuration-file-by-using-powershell.md b/mdop/appv-v5/how-to-apply-the-deployment-configuration-file-by-using-powershell.md deleted file mode 100644 index 3f0b9b7a68..0000000000 --- a/mdop/appv-v5/how-to-apply-the-deployment-configuration-file-by-using-powershell.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: How to Apply the Deployment Configuration File by Using PowerShell -description: How to Apply the Deployment Configuration File by Using PowerShell -author: dansimp -ms.assetid: 5df5d5bc-6c72-4087-8b93-d6d4b502a1f4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Apply the Deployment Configuration File by Using PowerShell - - -The dynamic deployment configuration file is applied when a package is added or set to a computer running the App-V 5.0 client before the package has been published. The file configures the default settings for package for all users on the computer running the App-V 5.0 client. This section describes the steps used to use a deployment configuration file. The procedure is based on the following example and assumes the following package and configuration files exist on a computer: - -**c:\\Packages\\Contoso\\MyApp.appv** - -**c:\\Packages\\Contoso\\DynamicConfigurations\\deploymentconfig.xml** - -**To Apply the Deployment Configuration File Using PowerShell** - -- To specify a new default set of configurations for all users who will run the package on a specific computer, using a PowerShell console type the following: - - **Add-AppVClientPackage –Path c:\\Packages\\Contoso\\MyApp.appv -DynamicDeploymentConfiguration c:\\Packages\\Contoso\\DynamicConfigurations\\deploymentconfig.xml** - - **Note** - This command captures the resulting object into $pkg. If the package is already present on the computer, the **Set-AppVclientPackage** cmdlet can be used to apply the deployment configuration document: - - **Set-AppVClientPackage –Name Myapp –Path c:\\Packages\\Contoso\\MyApp.appv -DynamicDeploymentConfiguration c:\\Packages\\Contoso\\DynamicConfigurations\\deploymentconfig.xml** - - - -~~~ -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). -~~~ - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-apply-the-deployment-configuration-file-by-using-powershell51.md b/mdop/appv-v5/how-to-apply-the-deployment-configuration-file-by-using-powershell51.md deleted file mode 100644 index dac9fedce1..0000000000 --- a/mdop/appv-v5/how-to-apply-the-deployment-configuration-file-by-using-powershell51.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: How to Apply the Deployment Configuration File by Using PowerShell -description: How to Apply the Deployment Configuration File by Using PowerShell -author: dansimp -ms.assetid: 78fe0f15-4a36-41e3-96d6-7d5aa77c1e06 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Apply the Deployment Configuration File by Using PowerShell - - -The dynamic deployment configuration file is applied when a package is added or set to a computer running the App-V 5.1 client before the package has been published. The file configures the default settings for package for all users on the computer running the App-V 5.1 client. This section describes the steps used to use a deployment configuration file. The procedure is based on the following example and assumes the following package and configuration files exist on a computer: - -**c:\\Packages\\Contoso\\MyApp.appv** - -**c:\\Packages\\Contoso\\DynamicConfigurations\\deploymentconfig.xml** - -**To Apply the Deployment Configuration File Using PowerShell** - -- To specify a new default set of configurations for all users who will run the package on a specific computer, using a PowerShell console type the following: - - **Add-AppVClientPackage –Path c:\\Packages\\Contoso\\MyApp.appv -DynamicDeploymentConfiguration c:\\Packages\\Contoso\\DynamicConfigurations\\deploymentconfig.xml** - - **Note** - This command captures the resulting object into $pkg. If the package is already present on the computer, the **Set-AppVclientPackage** cmdlet can be used to apply the deployment configuration document: - - **Set-AppVClientPackage –Name Myapp –Path c:\\Packages\\Contoso\\MyApp.appv -DynamicDeploymentConfiguration c:\\Packages\\Contoso\\DynamicConfigurations\\deploymentconfig.xml** - - - -~~~ -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). -~~~ - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-apply-the-user-configuration-file-by-using-powershell.md b/mdop/appv-v5/how-to-apply-the-user-configuration-file-by-using-powershell.md deleted file mode 100644 index bf8e5bc775..0000000000 --- a/mdop/appv-v5/how-to-apply-the-user-configuration-file-by-using-powershell.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: How to Apply the User Configuration File by Using PowerShell -description: How to Apply the User Configuration File by Using PowerShell -author: dansimp -ms.assetid: f7d7c595-4fdd-4096-b53d-9eead111c339 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Apply the User Configuration File by Using PowerShell - - -The dynamic user configuration file is applied when a package is published to a specific user and determines how the package will run. - -Use the following procedure to specify a user-specific configuration file. The following procedure is based on the example: - -**c:\\Packages\\Contoso\\MyApp.appv** - -**To apply a user Configuration file** - -1. To add the package to the computer using the PowerShell console type the following command: - - **Add-AppVClientPackage c:\\Packages\\Contoso\\MyApp.appv**. - -2. Use the following command to publish the package to the user and specify the updated the dynamic user configuration file: - - **Publish-AppVClientPackage $pkg –DynamicUserConfigurationPath c:\\Packages\\Contoso\\config.xml** - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-apply-the-user-configuration-file-by-using-powershell51.md b/mdop/appv-v5/how-to-apply-the-user-configuration-file-by-using-powershell51.md deleted file mode 100644 index 9ef045bf7b..0000000000 --- a/mdop/appv-v5/how-to-apply-the-user-configuration-file-by-using-powershell51.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: How to Apply the User Configuration File by Using PowerShell -description: How to Apply the User Configuration File by Using PowerShell -author: dansimp -ms.assetid: 986e638c-4a0c-4a7e-be73-f4615e8b8000 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Apply the User Configuration File by Using PowerShell - - -The dynamic user configuration file is applied when a package is published to a specific user and determines how the package will run. - -Use the following procedure to specify a user-specific configuration file. The following procedure is based on the example: - -**c:\\Packages\\Contoso\\MyApp.appv** - -**To apply a user Configuration file** - -1. To add the package to the computer using the PowerShell console type the following command: - - **Add-AppVClientPackage c:\\Packages\\Contoso\\MyApp.appv**. - -2. Use the following command to publish the package to the user and specify the updated the dynamic user configuration file: - - **Publish-AppVClientPackage $pkg –DynamicUserConfigurationPath c:\\Packages\\Contoso\\config.xml** - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-configure-access-to-packages-by-using-the-management-console-50.md b/mdop/appv-v5/how-to-configure-access-to-packages-by-using-the-management-console-50.md deleted file mode 100644 index b09260f550..0000000000 --- a/mdop/appv-v5/how-to-configure-access-to-packages-by-using-the-management-console-50.md +++ /dev/null @@ -1,77 +0,0 @@ ---- -title: How to Configure Access to Packages by Using the Management Console -description: How to Configure Access to Packages by Using the Management Console -author: dansimp -ms.assetid: 8f4c91e4-f4e6-48cf-aa94-6085a054e8f7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure Access to Packages by Using the Management Console - - -Before you deploy an App-V 5.0 virtualized package, you must configure the Active Directory Domain Services (AD DS) security groups that will be allowed to access and run the applications. The security groups may contain computers or users. Entitling a package to a computer group publishes the package globally to all computers in the group. - -Use the following procedure to configure access to virtualized packages. - -**To grant access to an App-V 5.0 package** - -1. Find the package you want to configure: - - 1. Open the App-V 5.0 Management console. - - 2. To display the **AD ACCESS** page, right-click the package to be configured, and select **Edit active directory access**. Alternatively, select the package and click **EDIT** in the **AD ACCESS** pane. - -2. Provision a security group for the package: - - 1. Go to the **FIND VALID ACTIVE DIRECTORY NAMES AND GRANT ACCESS** page. - - 2. Using the format **mydomain** \\ **groupname**, type the name or part of the name of an Active Directory group object, and click **Check**. - - **Note**   - Ensure that you provide an associated domain name for the group that you are searching for. - - - -3. To grant access to the package, select the desired group and click **Grant Access**. The newly added group is displayed in the **AD ENTITIES WITH ACCESS** pane. - -4. - - To accept the default configuration settings and close the **AD ACCESS** page, click **Close**. - - To customize configurations for a specific group, click the **ASSIGNED CONFIGURATIONS** drop-down and select **Custom**. To configure the custom configurations, click **EDIT**. After you grant access, click **Close**. - -**To remove access to an App-V 5.0 package** - -1. Find the package you want to configure: - - 1. Open the App-V 5.0 Management console. - - 2. To display the **AD ACCESS** page, right-click the package to be configured, and select **Edit active directory access**. Alternatively, select the package and click **EDIT** in the **AD ACCESS** pane. - -2. Select the group you want to remove, and click **DELETE**. - -3. To close the **AD ACCESS** page, click **Close**. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-configure-access-to-packages-by-using-the-management-console-51.md b/mdop/appv-v5/how-to-configure-access-to-packages-by-using-the-management-console-51.md deleted file mode 100644 index b7683c7b78..0000000000 --- a/mdop/appv-v5/how-to-configure-access-to-packages-by-using-the-management-console-51.md +++ /dev/null @@ -1,77 +0,0 @@ ---- -title: How to Configure Access to Packages by Using the Management Console -description: How to Configure Access to Packages by Using the Management Console -author: dansimp -ms.assetid: 4fd39bc2-d814-46de-a108-1c21fa404e8a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure Access to Packages by Using the Management Console - - -Before you deploy an App-V 5.1 virtualized package, you must configure the Active Directory Domain Services (AD DS) security groups that will be allowed to access and run the applications. The security groups may contain computers or users. Entitling a package to a computer group publishes the package globally to all computers in the group. - -Use the following procedure to configure access to virtualized packages. - -**To grant access to an App-V 5.1 package** - -1. Find the package you want to configure: - - 1. Open the App-V 5.1 Management console. - - 2. To display the **AD ACCESS** page, right-click the package to be configured, and select **Edit active directory access**. Alternatively, select the package and click **EDIT** in the **AD ACCESS** pane. - -2. Provision a security group for the package: - - 1. Go to the **FIND VALID ACTIVE DIRECTORY NAMES AND GRANT ACCESS** page. - - 2. Using the format **mydomain** \\ **groupname**, type the name or part of the name of an Active Directory group object, and click **Check**. - - **Note**   - Ensure that you provide an associated domain name for the group that you are searching for. - - - -3. To grant access to the package, select the desired group and click **Grant Access**. The newly added group is displayed in the **AD ENTITIES WITH ACCESS** pane. - -4. - - To accept the default configuration settings and close the **AD ACCESS** page, click **Close**. - - To customize configurations for a specific group, click the **ASSIGNED CONFIGURATIONS** drop-down and select **Custom**. To configure the custom configurations, click **EDIT**. After you grant access, click **Close**. - -**To remove access to an App-V 5.1 package** - -1. Find the package you want to configure: - - 1. Open the App-V 5.1 Management console. - - 2. To display the **AD ACCESS** page, right-click the package to be configured, and select **Edit active directory access**. Alternatively, select the package and click **EDIT** in the **AD ACCESS** pane. - -2. Select the group you want to remove, and click **DELETE**. - -3. To close the **AD ACCESS** page, click **Close**. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-configure-the-client-to-receive-package-and-connection-groups-updates-from-the-publishing-server-51.md b/mdop/appv-v5/how-to-configure-the-client-to-receive-package-and-connection-groups-updates-from-the-publishing-server-51.md deleted file mode 100644 index 8e6b0c9389..0000000000 --- a/mdop/appv-v5/how-to-configure-the-client-to-receive-package-and-connection-groups-updates-from-the-publishing-server-51.md +++ /dev/null @@ -1,87 +0,0 @@ ---- -title: How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server -description: How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server -author: dansimp -ms.assetid: 23b2d03a-20ce-4973-99ee-748f3b682207 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server - - -Deploying packages and connection groups using the App-V 5.1 publishing server is helpful because it offers single-point management and high scalability. - -Use the following steps to configure the App-V 5.1 client to receive updates from the publishing server. - -**Note**   -For the following procedures the management server was installed on a computer named **MyMgmtSrv**, and the publishing server was installed on a computer named **MyPubSrv**. - - - -**To configure the App-V 5.1 client to receive updates from the publishing server** - -1. Deploy the App-V 5.1 management and publishing servers, and add the required packages and connection groups. For more information about adding packages and connection groups, see [How to Add or Upgrade Packages by Using the Management Console](how-to-add-or-upgrade-packages-by-using-the-management-console-51-gb18030.md) and [How to Create a Connection Group](how-to-create-a-connection-group51.md). - -2. To open the management console click the following link, open a browser and type the following: http://MyMgmtSrv/AppvManagement/Console.html in a web browser, and import, publish, and entitle all the packages and connection groups which will be necessary for a particular set of users. - -3. On the computer running the App-V 5.1 client, open an elevated PowerShell command prompt, run the following command: - - **Add-AppvPublishingServer  -Name  ABC  -URL  http:// MyPubSrv/AppvPublishing** - - This command will configure the specified publishing server. You should see output similar to the following: - - Id                        : 1 - - SetByGroupPolicy          : False - - Name                      : ABC - - URL                       : http:// MyPubSrv/AppvPublishing - - GlobalRefreshEnabled      : False - - GlobalRefreshOnLogon      : False - - GlobalRefreshInterval     : 0 - - GlobalRefreshIntervalUnit : Day - - UserRefreshEnabled        : True - - UserRefreshOnLogon        : True - - UserRefreshInterval       : 0 - - UserRefreshIntervalUnit   : Day - - The returned Id – in this case 1 - -4. On the computer running the App-V 5.1 client, open a PowerShell command prompt, and type the following command: - - **Sync-AppvPublishingServer  -ServerId  1** - - The command will query the publishing server for the packages and connection groups that need to be added or removed for this particular client based on the entitlements for the packages and connection groups as configured on the management server. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-configure-the-client-to-receive-package-and-connection-groups-updates-from-the-publishing-server-beta.md b/mdop/appv-v5/how-to-configure-the-client-to-receive-package-and-connection-groups-updates-from-the-publishing-server-beta.md deleted file mode 100644 index fd12886881..0000000000 --- a/mdop/appv-v5/how-to-configure-the-client-to-receive-package-and-connection-groups-updates-from-the-publishing-server-beta.md +++ /dev/null @@ -1,87 +0,0 @@ ---- -title: How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server -description: How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server -author: dansimp -ms.assetid: f5dfd96d-4b63-468c-8d93-9dfdf47c28fd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server - - -Deploying packages and connection groups using the App-V 5.0 publishing server is helpful because it offers single-point management and high scalability. - -Use the following steps to configure the App-V 5.0 client to receive updates from the publishing server. - -**Note**   -For the following procedures the management server was installed on a computer named **MyMgmtSrv**, and the publishing server was installed on a computer named **MyPubSrv**. - - - -**To configure the App-V 5.0 client to receive updates from the publishing server** - -1. Deploy the App-V 5.0 management and publishing servers, and add the required packages and connection groups. For more information about adding packages and connection groups, see [How to Add or Upgrade Packages by Using the Management Console](how-to-add-or-upgrade-packages-by-using-the-management-console-beta-gb18030.md) and [How to Create a Connection Group](how-to-create-a-connection-group.md). - -2. To open the management console click the following link, open a browser and type the following: http://MyMgmtSrv/AppvManagement/Console.html in a web browser, and import, publish, and entitle all the packages and connection groups which will be necessary for a particular set of users. - -3. On the computer running the App-V 5.0 client, open an elevated PowerShell command prompt, run the following command: - - **Add-AppvPublishingServer  -Name  ABC  -URL  http:// MyPubSrv/AppvPublishing** - - This command will configure the specified publishing server. You should see output similar to the following: - - Id                        : 1 - - SetByGroupPolicy          : False - - Name                      : ABC - - URL                       : http:// MyPubSrv/AppvPublishing - - GlobalRefreshEnabled      : False - - GlobalRefreshOnLogon      : False - - GlobalRefreshInterval     : 0 - - GlobalRefreshIntervalUnit : Day - - UserRefreshEnabled        : True - - UserRefreshOnLogon        : True - - UserRefreshInterval       : 0 - - UserRefreshIntervalUnit   : Day - - The returned Id – in this case 1 - -4. On the computer running the App-V 5.0 client, open a PowerShell command prompt, and type the following command: - - **Sync-AppvPublishingServer  -ServerId  1** - - The command will query the publishing server for the packages and connection groups that need to be added or removed for this particular client based on the entitlements for the packages and connection groups as configured on the management server. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-connect-to-the-management-console-51.md b/mdop/appv-v5/how-to-connect-to-the-management-console-51.md deleted file mode 100644 index b6144f08ac..0000000000 --- a/mdop/appv-v5/how-to-connect-to-the-management-console-51.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: How to Connect to the Management Console -description: How to Connect to the Management Console -author: dansimp -ms.assetid: 5a15ed86-7db7-4df3-80ca-bde26f3285e1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Connect to the Management Console - - -Use the following procedure to connect to the App-V 5.1 Management Console. - -**To connect to the App-V 5.1 Management Console** - -1. Open Internet Explorer browser and type the address for the App-V 5.1. For example, **http://<Management server name>:<Management service port number>/Console.html**. - -2. To view different sections of the console, click the desired section in the navigation pane. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-connect-to-the-management-console-beta.md b/mdop/appv-v5/how-to-connect-to-the-management-console-beta.md deleted file mode 100644 index a460c12f62..0000000000 --- a/mdop/appv-v5/how-to-connect-to-the-management-console-beta.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: How to Connect to the Management Console -description: How to Connect to the Management Console -author: dansimp -ms.assetid: 67dfdfa1-e7dd-4c5e-aa50-f016bd1dc643 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Connect to the Management Console - - -Use the following procedure to connect to the App-V 5.0 Management Console. - -**To connect to the App-V 5.0 Management Console** - -1. Open Internet Explorer browser and type the address for the App-V 5.0. For example, **http://<Management server name>:<Management service port number>/Console.html**. - -2. To view different sections of the console, click the desired section in the navigation pane. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v.md b/mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v.md deleted file mode 100644 index e1e6432a8a..0000000000 --- a/mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v.md +++ /dev/null @@ -1,83 +0,0 @@ ---- -title: How to Convert a Package Created in a Previous Version of App-V -description: How to Convert a Package Created in a Previous Version of App-V -author: dansimp -ms.assetid: b092a5f8-cc5f-4df8-a5a2-0a68fd7bd5b2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Convert a Package Created in a Previous Version of App-V - - -You can use the package converter utility to upgrade virtual application packages that have been created with previous versions of App-V. - -**Note** -If you are running a computer with a 64-bit architecture, you must use the x86 version of PowerShell. - - - -The package converter can only directly convert packages that were created by using the App-V 4.5 sequencer or a subsequent version. Packages that were created using a version prior to App-V 4.5 must be upgraded to the App-V 4.5 or App-V 4.6 format before conversion. - -The following information provides direction for converting existing virtual application packages. - -**Important** -You must configure the package converter to always save the package ingredients file to a secure location and directory. A secure location is accessible only by an administrator. Additionally, when you deploy the package, you should save the package to a location that is secure, or make sure that no other user is allowed to be logged in during the conversion process. - - - -**Getting started** - -1. Install the App-V Sequencer on a computer in your environment. For information about how to install the Sequencer, see [How to Install the Sequencer](how-to-install-the-sequencer-beta-gb18030.md). - -2. Import the required Powershell Module - -```powershell -Import-Module AppVPkgConverter -``` - -3. The following cmdlets are available: - - - Test-AppvLegacyPackage – This cmdlet is designed to check packages. It will return information about any failures with the package such as missing **.sft** files, an invalid source, **.osd** file errors, or invalid package version. This cmdlet will not parse the **.sft** file or do any in depth validation. For information about options and basic functionality for this cmdlet, using the PowerShell cmdline, type `Test-AppvLegacyPackage -?`. - - - ConvertFrom-AppvLegacyPackage – To convert an existing package, type `ConvertFrom-AppvLegacyPackage c:\contentStore c:\convertedPackages`. In this command, `c:\contentStore` represents the location of the existing package and `c:\convertedPackages` is the output directory to which the resulting App-V 5.0 virtual application package file will be saved. By default, if you do not specify a new name, the old package name will be used for the App-V 5.0 filename. - - Additionally, the package converter optimizes performance of packages in App-V 5.0 by setting the package to stream fault the App-V package. This is more performant than the primary feature block and fully downloading the package. The flag **DownloadFullPackageOnFirstLaunch** allows you to convert the package and set the package to be fully downloaded by default. - - **Note** - Before you specify the output directory, you must create the output directory. - - - -~~~ -**Advanced Conversion Tips** - -- Piping - PowerShell supports piping. Piping allows you to call `dir c:\contentStore\myPackage | Test-AppvLegacyPackage`. In this example, the directory object that represents `myPackage` will be given as input to the `Test-AppvLegacyPackage` command and bound to the `-Source` parameter. Piping like this is especially useful when you want to batch commands together; for example, `dir .\ | Test-AppvLegacyPackage | ConvertFrom-AppvLegacyAppvPackage -Target .\ConvertedPackages`. This piped command would test the packages and then pass those objects on to actually be converted. You can also apply a filter on packages without errors or only specify a directory which contains an **.sprj** file or pipe them to another cmdlet that adds the filtered package to the server or publishes them to the App-V 5.0 client. - -- Batching - The PowerShell command enables batching. More specifically, the cmdlets support taking a string\[\] object for the `-Source` parameter which represents a list of directory paths. This allows you to enter `$packages = dir c:\contentStore` and then call `ConvertFrom-AppvLegacyAppvPackage-Source $packages -Target c:\ConvertedPackages` or to use piping and call `dir c:\ContentStore | ConvertFrom-AppvLegacyAppvPackage -Target C:\ConvertedPackages`. - -- Other functionality - PowerShell has other built-in functionality for features such as aliases, piping, lazy-binding, .NET object, and many others. All of these are usable in PowerShell and can help you create advanced scenarios for the Package Converter. - -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). -~~~ - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v51.md b/mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v51.md deleted file mode 100644 index b146f4dd7f..0000000000 --- a/mdop/appv-v5/how-to-convert-a-package-created-in-a-previous-version-of-app-v51.md +++ /dev/null @@ -1,87 +0,0 @@ ---- -title: How to Convert a Package Created in a Previous Version of App-V -description: How to Convert a Package Created in a Previous Version of App-V -author: dansimp -ms.assetid: 3366d399-2891-491d-8de1-f8cfdf39bbab -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Convert a Package Created in a Previous Version of App-V - - -You can use the package converter utility to upgrade virtual application packages that have been created with previous versions of App-V. - -**Note** -If you are running a computer with a 64-bit architecture, you must use the x86 version of PowerShell. - - - -The package converter can only directly convert packages that were created by using the App-V 4.5 sequencer or a subsequent version. Packages that were created using a version prior to App-V 4.5 must be upgraded to the App-V 4.5 or App-V 4.6 format before conversion. - -The following information provides direction for converting existing virtual application packages. - -**Important** -You must configure the package converter to always save the package ingredients file to a secure location and directory. A secure location is accessible only by an administrator. Additionally, when you deploy the package, you should save the package to a location that is secure, or make sure that no other user is allowed to be logged in during the conversion process. - - - -**App-V 4.6 installation folder is redirected to virtual file system root** - -When you convert packages from App-V 4.6 to 5.1, the App-V 5.1 package can access the hardcoded drive that you were required to use when you created 4.6 packages. The drive letter will be the drive you selected as the installation drive on the 4.6 sequencing machine. (The default drive letter is Q:\\.) - -Prior to App-V 5.1, the 4.6 root folder was not recognized and could not be accessed by App-V 5.0 packages. Now, App-V 5.1 packages can access hardcoded files by their full path or can programmatically enumerate files under the App-V 4.6 installation root. - -**Technical Details:** The App-V 5.1 package converter will save the App-V 4.6 installation root folder and short folder names in the FilesystemMetadata.xml file in the Filesystem element. When the App-V 5.1 client creates the virtual process, it will map requests from the App-V 4.6 installation root to the virtual file system root. - -**Getting started** - -1. Install the App-V Sequencer on a computer in your environment. For information about how to install the Sequencer, see [How to Install the Sequencer](how-to-install-the-sequencer-51beta-gb18030.md). - -2. - - The following cmdlets are available: - - - Test-AppvLegacyPackage – This cmdlet is designed to check packages. It will return information about any failures with the package such as missing **.sft** files, an invalid source, **.osd** file errors, or invalid package version. This cmdlet will not parse the **.sft** file or do any in depth validation. For information about options and basic functionality for this cmdlet, using the PowerShell cmdline, type `Test-AppvLegacyPackage -?`. - - - ConvertFrom-AppvLegacyPackage – To convert an existing package, type `ConvertFrom-AppvLegacyPackage c:\contentStore c:\convertedPackages`. In this command, `c:\contentStore` represents the location of the existing package and `c:\convertedPackages` is the output directory to which the resulting App-V 5.1 virtual application package file will be saved. By default, if you do not specify a new name, the old package name will be used for the App-V 5.1 filename. - - Additionally, the package converter optimizes performance of packages in App-V 5.1 by setting the package to stream fault the App-V package. This is more performant than the primary feature block and fully downloading the package. The flag **DownloadFullPackageOnFirstLaunch** allows you to convert the package and set the package to be fully downloaded by default. - - **Note** - Before you specify the output directory, you must create the output directory. - - - -~~~ -**Advanced Conversion Tips** - -- Piping - PowerShell supports piping. Piping allows you to call `dir c:\contentStore\myPackage | Test-AppvLegacyPackage`. In this example, the directory object that represents `myPackage` will be given as input to the `Test-AppvLegacyPackage` command and bound to the `-Source` parameter. Piping like this is especially useful when you want to batch commands together; for example, `dir .\ | Test-AppvLegacyPackage | ConvertFrom-AppvLegacyAppvPackage -Target .\ConvertedPackages`. This piped command would test the packages and then pass those objects on to actually be converted. You can also apply a filter on packages without errors or only specify a directory which contains an **.sprj** file or pipe them to another cmdlet that adds the filtered package to the server or publishes them to the App-V 5.1 client. - -- Batching - The PowerShell command enables batching. More specifically, the cmdlets support taking a string\[\] object for the `-Source` parameter which represents a list of directory paths. This allows you to enter `$packages = dir c:\contentStore` and then call `ConvertFrom-AppvLegacyAppvPackage-Source $packages -Target c:\ConvertedPackages` or to use piping and call `dir c:\ContentStore | ConvertFrom-AppvLegacyAppvPackage -Target C:\ConvertedPackages`. - -- Other functionality - PowerShell has other built-in functionality for features such as aliases, piping, lazy-binding, .NET object, and many others. All of these are usable in PowerShell and can help you create advanced scenarios for the Package Converter. - -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). -~~~ - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-create-a-connection-group-with-user-published-and-globally-published-packages.md b/mdop/appv-v5/how-to-create-a-connection-group-with-user-published-and-globally-published-packages.md deleted file mode 100644 index f9ce72926a..0000000000 --- a/mdop/appv-v5/how-to-create-a-connection-group-with-user-published-and-globally-published-packages.md +++ /dev/null @@ -1,95 +0,0 @@ ---- -title: How to Create a Connection Group with User-Published and Globally Published Packages -description: How to Create a Connection Group with User-Published and Globally Published Packages -author: dansimp -ms.assetid: 82f7ea7f-7b14-4506-8940-fdcd6c3e117f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 11/01/2016 ---- - - -# How to Create a Connection Group with User-Published and Globally Published Packages -You can create user-entitled connection groups that contain both user-published and globally published packages, using either of the following methods: - -- [How to use PowerShell cmdlets to create the user-entitled connection groups](#bkmk-posh-userentitled-cg) - -- [How to use the App-V Server to create the user-entitled connection groups](#bkmk-appvserver-userentitled-cg) - -**What to know before you start:** - - ---- - - - - - - - - - - - - - - - - -
Unsupported scenarios and potential issuesResult

You cannot include user-published packages in globally entitled connection groups.

The connection group will fail.

If you publish a package globally and then create a user-published connection group in which you’ve made that package non-optional, you can still run Unpublish-AppvClientPackage <package> -global to unpublish the package, even when that package is being used in another connection group.

If any other connection groups are using that package, the package will fail in those connection groups.

-

To avoid inadvertently unpublishing a non-optional package that is being used in another connection group, we recommend that you track the connection groups in which you’ve used a non-optional package.

- -  -**How to use PowerShell cmdlets to create user-entitled connection groups** - -1. Add and publish packages by using the following commands: - - **Add-AppvClientPackage Package1\_AppV\_file\_Path** - - **Add-AppvClientPackage Package2\_AppV\_file\_Path** - - **Publish-AppvClientPackage -PackageId Package1\_ID -VersionId Package1\_Version ID -Global** - - **Publish-AppvClientPackage -PackageId Package2\_ID -VersionId Package2\_ID** - -2. Create the connection group XML file. For more information, see [About the Connection Group File](about-the-connection-group-file.md). - -3. Add and publish the connection group by using the following commands: - - **Add-AppvClientConnectionGroup Connection\_Group\_XML\_file\_Path** - - **Enable-AppvClientConnectionGroup  -GroupId CG\_Group\_ID -VersionId CG\_Version\_ID** - -**How to use the App-V Server to create user-entitled connection groups** - -1. Open the App-V 5.0 Management Console. - -2. Follow the instructions in [How to Publish a Package by Using the Management Console](how-to-publish-a-package-by-using-the-management-console-50.md) to publish packages globally and to the user. - -3. Follow the instructions in [How to Create a Connection Group](how-to-create-a-connection-group.md) to create the connection group, and add the user-published and globally published packages. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Managing Connection Groups](managing-connection-groups.md) - -[How to Use Optional Packages in Connection Groups](how-to-use-optional-packages-in-connection-groups.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-create-a-connection-group-with-user-published-and-globally-published-packages51.md b/mdop/appv-v5/how-to-create-a-connection-group-with-user-published-and-globally-published-packages51.md deleted file mode 100644 index fe42b5278b..0000000000 --- a/mdop/appv-v5/how-to-create-a-connection-group-with-user-published-and-globally-published-packages51.md +++ /dev/null @@ -1,96 +0,0 @@ ---- -title: How to Create a Connection Group with User-Published and Globally Published Packages -description: How to Create a Connection Group with User-Published and Globally Published Packages -author: dansimp -ms.assetid: 851b8742-0283-4aa6-b3a3-f7f6289824c3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 11/01/2016 ---- - - -# How to Create a Connection Group with User-Published and Globally Published Packages - - -You can create user-entitled connection groups that contain both user-published and globally published packages, using either of the following methods: - -- [How to use PowerShell cmdlets to create the user-entitled connection groups](#bkmk-posh-userentitled-cg) - -- [How to use the App-V Server to create the user-entitled connection groups](#bkmk-appvserver-userentitled-cg) - -**What to know before you start:** - - ---- - - - - - - - - - - - - - - - - -
Unsupported scenarios and potential issuesResult

You cannot include user-published packages in globally entitled connection groups.

The connection group will fail.

If you publish a package globally and then create a user-published connection group in which you’ve made that package non-optional, you can still run Unpublish-AppvClientPackage <package> -global to unpublish the package, even when that package is being used in another connection group.

If any other connection groups are using that package, the package will fail in those connection groups.

-

To avoid inadvertently unpublishing a non-optional package that is being used in another connection group, we recommend that you track the connection groups in which you’ve used a non-optional package.

- -**How to use PowerShell cmdlets to create user-entitled connection groups** - -1. Add and publish packages by using the following commands: - - **Add-AppvClientPackage Package1\_AppV\_file\_Path** - - **Add-AppvClientPackage Package2\_AppV\_file\_Path** - - **Publish-AppvClientPackage -PackageId Package1\_ID -VersionId Package1\_Version ID -Global** - - **Publish-AppvClientPackage -PackageId Package2\_ID -VersionId Package2\_ID** - -2. Create the connection group XML file. For more information, see [About the Connection Group File](about-the-connection-group-file51.md). - -3. Add and publish the connection group by using the following commands: - - **Add-AppvClientConnectionGroup Connection\_Group\_XML\_file\_Path** - - **Enable-AppvClientConnectionGroup  -GroupId CG\_Group\_ID -VersionId CG\_Version\_ID** - -**How to use the App-V Server to create user-entitled connection groups** - -1. Open the App-V 5.1 Management Console. - -2. Follow the instructions in [How to Publish a Package by Using the Management Console](how-to-publish-a-package-by-using-the-management-console-51.md) to publish packages globally and to the user. - -3. Follow the instructions in [How to Create a Connection Group](how-to-create-a-connection-group51.md) to create the connection group, and add the user-published and globally published packages. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Managing Connection Groups](managing-connection-groups51.md) - -[How to Use Optional Packages in Connection Groups](how-to-use-optional-packages-in-connection-groups51.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-create-a-connection-group.md b/mdop/appv-v5/how-to-create-a-connection-group.md deleted file mode 100644 index 70a482f2c4..0000000000 --- a/mdop/appv-v5/how-to-create-a-connection-group.md +++ /dev/null @@ -1,65 +0,0 @@ ---- -title: How to Create a Connection Group -description: How to Create a Connection Group -author: dansimp -ms.assetid: 9d272052-2d28-4e41-989c-89610482a0ca -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Create a Connection Group - - -Use these steps to create a connection group by using the App-V Management Console. To use PowerShell to create connection groups, see [How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell](how-to-manage-connection-groups-on-a-stand-alone-computer-by-using-powershell.md). - -When you place packages in a connection group, their package root paths are merged. If you remove packages, only the remaining packages maintain the merged root. - -**To create a connection group** - -1. In the App-V 5.0 Management Console, select **Packages**. - -2. Select **CONNECTION GROUPS** to display the Connection Groups library. - -3. Select **ADD CONNECTION GROUP** to create a new connection group. - -4. In the **New Connection Group** pane, type a description for the group. - -5. Click **EDIT** in the **CONNECTED PACKAGES** pane to add a new application to the connection group. - -6. In the **PACKAGES Entire Library** pane, select the application to be added, and click the arrow to add the application. - - To remove an application, select the application to be removed in the **PACKAGES IN** pane and click the arrow. - - To reprioritize the applications in your connection group, use the arrows in the **PACKAGES IN** pane. - - **Important**   - By default, the Active Directory Domain Services access configurations that are associated with a specific application are not added to the connection group. To transfer the Active Directory access configuration, select **ADD PACKAGE ACCESS TO GROUP ACCESS**, which is located in the **PACKAGES IN** pane. - - - -7. After adding all the applications and configuring Active Directory access, click **Apply**. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - -[Managing Connection Groups](managing-connection-groups.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-create-a-connection-group51.md b/mdop/appv-v5/how-to-create-a-connection-group51.md deleted file mode 100644 index f5605affe1..0000000000 --- a/mdop/appv-v5/how-to-create-a-connection-group51.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: How to Create a Connection Group -description: How to Create a Connection Group -author: dansimp -ms.assetid: 221e2eed-7ebb-42e3-b3d6-11c37c0578e6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Create a Connection Group - - -Use these steps to create a connection group by using the App-V Management Console. To use PowerShell to create connection groups, see [How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell](how-to-manage-connection-groups-on-a-stand-alone-computer-by-using-powershell51.md). - -When you place packages in a connection group, their package root paths are merged. If you remove packages, only the remaining packages maintain the merged root. - -**To create a connection group** - -1. In the App-V 5.1 Management Console, select **CONNECTION GROUPS** to display the Connection Groups library. - -2. Select **ADD CONNECTION GROUP** to create a new connection group. - -3. In the **New Connection Group** pane, type a description for the group. - -4. Click **EDIT** in the **CONNECTED PACKAGES** pane to add a new application to the connection group. - -5. In the **PACKAGES Entire Library** pane, select the application to be added, and click the arrow to add the application. - - To remove an application, select the application to be removed in the **PACKAGES IN** pane and click the arrow. - - To reprioritize the applications in your connection group, use the arrows in the **PACKAGES IN** pane. - - **Important**   - By default, the Active Directory Domain Services access configurations that are associated with a specific application are not added to the connection group. To transfer the Active Directory access configuration, select **ADD PACKAGE ACCESS TO GROUP ACCESS**, which is located in the **PACKAGES IN** pane. - - - -6. After adding all the applications and configuring Active Directory access, click **Apply**. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - -[Managing Connection Groups](managing-connection-groups51.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-create-a-custom-configuration-file-by-using-the-app-v-50-management-console.md b/mdop/appv-v5/how-to-create-a-custom-configuration-file-by-using-the-app-v-50-management-console.md deleted file mode 100644 index 4837568ff0..0000000000 --- a/mdop/appv-v5/how-to-create-a-custom-configuration-file-by-using-the-app-v-50-management-console.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: How to Create a Custom Configuration File by Using the App-V 5.0 Management Console -description: How to Create a Custom Configuration File by Using the App-V 5.0 Management Console -author: dansimp -ms.assetid: 0d1f6768-be30-4682-8eeb-aa95918b24c3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Create a Custom Configuration File by Using the App-V 5.0 Management Console - - -You can use a dynamic configuration to customize an App-V 5.0 package for a specific user. However, you must first create the dynamic user configuration (.xml) file or the dynamic deployment configuration file before you can use the files. Creation of the file is an advanced manual operation. For general information about dynamic user configuration files, see, [About App-V 5.0 Dynamic Configuration](about-app-v-50-dynamic-configuration.md). - -Use the following procedure to create a Dynamic User Configuration file by using the App-V 5.0 Management console. - -**To create a Dynamic User Configuration file** - -1. Right-click the name of the package that you want to view and select **Edit active directory access** to view the configuration that is assigned to a given user group. Alternatively, select the package, and click **Edit**. - -2. Using the list of **AD Entities with Access**, select the AD group that you want to customize. Select **Custom** from the drop-down list, if it is not already selected. A link named **Edit** will be displayed. - -3. Click **Edit**. The Dynamic User Configuration that is assigned to the AD Group will be displayed. - -4. Click **Advanced**, and then click **Export Configuration**. Type in a filename and click **Save**. Now you can edit the file to configure a package for a user. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-create-a-custom-configuration-file-by-using-the-app-v-51-management-console.md b/mdop/appv-v5/how-to-create-a-custom-configuration-file-by-using-the-app-v-51-management-console.md deleted file mode 100644 index eb1da74435..0000000000 --- a/mdop/appv-v5/how-to-create-a-custom-configuration-file-by-using-the-app-v-51-management-console.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: How to Create a Custom Configuration File by Using the App-V 5.1 Management Console -description: How to Create a Custom Configuration File by Using the App-V 5.1 Management Console -author: dansimp -ms.assetid: f5ab426a-f49a-47b3-93f3-b9d60aada8f4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Create a Custom Configuration File by Using the App-V 5.1 Management Console - - -You can use a dynamic configuration to customize an App-V 5.1 package for a specific user. However, you must first create the dynamic user configuration (.xml) file or the dynamic deployment configuration file before you can use the files. Creation of the file is an advanced manual operation. For general information about dynamic user configuration files, see, [About App-V 5.1 Dynamic Configuration](about-app-v-51-dynamic-configuration.md). - -Use the following procedure to create a Dynamic User Configuration file by using the App-V 5.1 Management console. - -**To create a Dynamic User Configuration file** - -1. Right-click the name of the package that you want to view and select **Edit active directory access** to view the configuration that is assigned to a given user group. Alternatively, select the package, and click **Edit**. - -2. Using the list of **AD Entities with Access**, select the AD group that you want to customize. Select **Custom** from the drop-down list, if it is not already selected. A link named **Edit** will be displayed. - -3. Click **Edit**. The Dynamic User Configuration that is assigned to the AD Group will be displayed. - -4. Click **Advanced**, and then click **Export Configuration**. Type in a filename and click **Save**. Now you can edit the file to configure a package for a user. - - **Note** - To export a configuration while running on Windows Server, you must disable "IE Enhanced Security Configuration". If this is enabled and set to block downloads, you cannot download anything from the App-V Server. - - - -~~~ -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). -~~~ - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-create-a-package-accelerator-by-using-powershell.md b/mdop/appv-v5/how-to-create-a-package-accelerator-by-using-powershell.md deleted file mode 100644 index 0f7df5d66c..0000000000 --- a/mdop/appv-v5/how-to-create-a-package-accelerator-by-using-powershell.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -title: How to Create a Package Accelerator by Using PowerShell -description: How to Create a Package Accelerator by Using PowerShell -author: dansimp -ms.assetid: 8e527363-d961-4153-826a-446a4ad8d980 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Create a Package Accelerator by Using PowerShell - - -App-V 5.0 package accelerators automatically sequence large, complex applications. Additionally, when you apply an App-V 5.0 package accelerator, you are not always required to manually install an application to create the virtualized package. - -**To create a package accelerator** - -1. Install the App-V 5.0 sequencer. For more information about installing the sequencer see [How to Install the Sequencer](how-to-install-the-sequencer-beta-gb18030.md). - -2. To open a PowerShell console click **Start** and type **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**. Use the **New-AppvPackageAccelerator** cmdlet. - -3. To create a package accelerator, make sure that you have the .appv package to create an accelerator from, the installation media or installation files, and optionally a read me file for consumers of the accelerator to use. The following parameters are required to use the package accelerator cmdlet: - - - **InstalledFilesPath** - specifies the application installation path. - - - **Installer** – specifies the path to the application installer media - - - **InputPackagePath** – specifies the path to the .appv package - - - **Path** – specifies the output directory for the package. - - The following example displays how you can create a package accelerator with an .appv package and the installation media: - - **New-AppvPackageAccelerator -InputPackagePath <path to the .appv file> -Installer <path to the installer executable> -Path <directory of the output path>** - - Additional optional parameters that can be used with the **New-AppvPackageAccelerator** cmdlet are displayed in the following list: - - - **AcceleratorDescriptionFile** - specifies the path to user created package accelerator instructions. The package accelerator instructions are **.txt** or **.rtf** description files that will be packaged with the package created using the package accelerator. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Administering App-V by Using PowerShell](administering-app-v-by-using-powershell.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-create-a-package-accelerator-by-using-powershell51.md b/mdop/appv-v5/how-to-create-a-package-accelerator-by-using-powershell51.md deleted file mode 100644 index ef6e767d58..0000000000 --- a/mdop/appv-v5/how-to-create-a-package-accelerator-by-using-powershell51.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -title: How to Create a Package Accelerator by Using PowerShell -description: How to Create a Package Accelerator by Using PowerShell -author: dansimp -ms.assetid: 0cb98394-4477-4193-8c5f-1c1773c7263a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Create a Package Accelerator by Using PowerShell - - -App-V 5.1 package accelerators automatically sequence large, complex applications. Additionally, when you apply an App-V 5.1 package accelerator, you are not always required to manually install an application to create the virtualized package. - -**To create a package accelerator** - -1. Install the App-V 5.1 sequencer. For more information about installing the sequencer see [How to Install the Sequencer](how-to-install-the-sequencer-51beta-gb18030.md). - -2. To open a PowerShell console click **Start** and type **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**. Use the **New-AppvPackageAccelerator** cmdlet. - -3. To create a package accelerator, make sure that you have the .appv package to create an accelerator from, the installation media or installation files, and optionally a read me file for consumers of the accelerator to use. The following parameters are required to use the package accelerator cmdlet: - - - **InstalledFilesPath** - specifies the application installation path. - - - **Installer** – specifies the path to the application installer media - - - **InputPackagePath** – specifies the path to the .appv package - - - **Path** – specifies the output directory for the package. - - The following example displays how you can create a package accelerator with an .appv package and the installation media: - - **New-AppvPackageAccelerator -InputPackagePath <path to the .appv file> -Installer <path to the installer executable> -Path <directory of the output path>** - - Additional optional parameters that can be used with the **New-AppvPackageAccelerator** cmdlet are displayed in the following list: - - - **AcceleratorDescriptionFile** - specifies the path to user created package accelerator instructions. The package accelerator instructions are **.txt** or **.rtf** description files that will be packaged with the package created using the package accelerator. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Administering App-V 5.1 by Using PowerShell](administering-app-v-51-by-using-powershell.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-create-a-package-accelerator.md b/mdop/appv-v5/how-to-create-a-package-accelerator.md deleted file mode 100644 index b823c813a0..0000000000 --- a/mdop/appv-v5/how-to-create-a-package-accelerator.md +++ /dev/null @@ -1,118 +0,0 @@ ---- -title: How to Create a Package Accelerator -description: How to Create a Package Accelerator -author: dansimp -ms.assetid: dfe305e5-7cf8-498f-9581-4805ffc722bd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Create a Package Accelerator - - -App-V 5.0 package accelerators automatically generate new virtual application packages. - -**Note** -You can use PowerShell to create a package accelerator. For more information see [How to Create a Package Accelerator by Using PowerShell](how-to-create-a-package-accelerator-by-using-powershell.md). - - - -Use the following procedure to create a package accelerator. - -**Important** -Package Accelerators can contain password and user-specific information. Therefore you must save Package Accelerators and the associated installation media in a secure location, and you should digitally sign the Package Accelerator after you create it so that the publisher can be verified when the App-V 5.0 Package Accelerator is applied. - - - -**Important** -Before you begin the following procedure, you should perform the following: - -- Copy the virtual application package that you will use to create the package accelerator locally to the computer running the sequencer. - -- Copy all required installation files associated with the virtual application package to the computer running the sequencer. - - - -**To create a package accelerator** - -1. **Important** - The App-V 5.0 Sequencer does not grant any license rights to the software application you are using to create the Package Accelerator. You must abide by all end user license terms for the application you are using. It is your responsibility to make sure the software application’s license terms allow you to create a Package Accelerator using App-V 5.0 Sequencer. - - - -~~~ -To start the App-V 5.0 sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. -~~~ - -2. To start the App-V 5.0 **Create Package Accelerator** wizard, in the App-V 5.0 sequencer console, click **Tools** / **Create Accelerator**. - -3. On the **Select Package** page, to specify an existing virtual application package to use to create the Package Accelerator, click **Browse**, and locate the existing virtual application package (.appv file). - - **Tip** - Copy the files associated with the virtual application package you plan to use locally to the computer running the Sequencer. - - - -~~~ -Click **Next**. -~~~ - -4. On the **Installation Files** page, to specify the folder that contains the installation files that you used to create the original virtual application package, click **Browse**, and then select the directory that contains the installation files. - - **Tip** - Copy the folder that contains the required installation files to the computer running the Sequencer. - - - -5. If the application is already installed on the computer running the sequencer, to specify the installation file, select **Files installed on local system**. To use this option, the application must already be installed in the default installation location. - -6. On the **Gathering Information** page, review the files that were not found in the location specified on the **Installation Files** page of this wizard. If the files displayed are not required, select **Remove these files**, and then click **Next**. If the files are required, click **Previous** and copy the required files to the directory specified on the **Installation Files** page. - - **Note** - You must either remove the unrequired files, or click **Previous** and locate the required files to advance to the next page of this wizard. - - - -7. On the **Select Files** page, carefully review the files that were detected, and clear any file that should be removed from the package accelerator. Select only files that are required for the application to run successfully, and then click **Next**. - -8. On the **Verify Applications** page, confirm that all installation files that are required to build the package are displayed. When the Package Accelerator is used to create a new package, all installation files displayed in the **Applications** pane are required to create the package. - - If necessary, to add additional Installer files, click **Add**. To remove unnecessary installation files, select the Installer file, and then click **Delete**. To edit the properties associated with an installer, click **Edit**. The installation files specified in this step will be required when the Package Accelerator is used to create a new virtual application package. After you have confirmed the information displayed, click **Next**. - -9. On the **Select Guidance** page, to specify a file that contains information about how the Package Accelerator, click **Browse**. For example, this file can contain information about how the computer running the Sequencer should be configured, application prerequisite information for target computers, and general notes. You should provide all required information for the Package Accelerator to be successfully applied. The file you select must be in rich text (.rtf) or text file (.txt) format. Click **Next**. - -10. On the **Create Package Accelerator** page, to specify where to save the Package Accelerator, click **Browse** and select the directory. - -11. On the **Completion** page, to close the **Create Package Accelerator** wizard, click **Close**. - - **Important** - To help ensure that the package accelerator is as secure as possible, and so that the publisher can be verified when the package accelerator is applied, you should always digitally sign the package accelerator. - - - -~~~ -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). -~~~ - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - -[How to Create a Virtual Application Package Using an App-V Package Accelerator](how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-create-a-package-accelerator51.md b/mdop/appv-v5/how-to-create-a-package-accelerator51.md deleted file mode 100644 index 45092fa865..0000000000 --- a/mdop/appv-v5/how-to-create-a-package-accelerator51.md +++ /dev/null @@ -1,118 +0,0 @@ ---- -title: How to Create a Package Accelerator -description: How to Create a Package Accelerator -author: dansimp -ms.assetid: b61f3581-7933-443e-b872-a96bed9ff8d7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Create a Package Accelerator - - -App-V 5.1 package accelerators automatically generate new virtual application packages. - -**Note** -You can use PowerShell to create a package accelerator. For more information see [How to Create a Package Accelerator by Using PowerShell](how-to-create-a-package-accelerator-by-using-powershell51.md). - - - -Use the following procedure to create a package accelerator. - -**Important** -Package Accelerators can contain password and user-specific information. Therefore you must save Package Accelerators and the associated installation media in a secure location, and you should digitally sign the Package Accelerator after you create it so that the publisher can be verified when the App-V 5.1 Package Accelerator is applied. - - - -**Important** -Before you begin the following procedure, you should perform the following: - -- Copy the virtual application package that you will use to create the package accelerator locally to the computer running the sequencer. - -- Copy all required installation files associated with the virtual application package to the computer running the sequencer. - - - -**To create a package accelerator** - -1. **Important** - The App-V 5.1 Sequencer does not grant any license rights to the software application you are using to create the Package Accelerator. You must abide by all end user license terms for the application you are using. It is your responsibility to make sure the software application’s license terms allow you to create a Package Accelerator using App-V 5.1 Sequencer. - - - -~~~ -To start the App-V 5.1 sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. -~~~ - -2. To start the App-V 5.1 **Create Package Accelerator** wizard, in the App-V 5.1 sequencer console, click **Tools** / **Create Accelerator**. - -3. On the **Select Package** page, to specify an existing virtual application package to use to create the Package Accelerator, click **Browse**, and locate the existing virtual application package (.appv file). - - **Tip** - Copy the files associated with the virtual application package you plan to use locally to the computer running the Sequencer. - - - -~~~ -Click **Next**. -~~~ - -4. On the **Installation Files** page, to specify the folder that contains the installation files that you used to create the original virtual application package, click **Browse**, and then select the directory that contains the installation files. - - **Tip** - Copy the folder that contains the required installation files to the computer running the Sequencer. - - - -5. If the application is already installed on the computer running the sequencer, to specify the installation file, select **Files installed on local system**. To use this option, the application must already be installed in the default installation location. - -6. On the **Gathering Information** page, review the files that were not found in the location specified on the **Installation Files** page of this wizard. If the files displayed are not required, select **Remove these files**, and then click **Next**. If the files are required, click **Previous** and copy the required files to the directory specified on the **Installation Files** page. - - **Note** - You must either remove the unrequired files, or click **Previous** and locate the required files to advance to the next page of this wizard. - - - -7. On the **Select Files** page, carefully review the files that were detected, and clear any file that should be removed from the package accelerator. Select only files that are required for the application to run successfully, and then click **Next**. - -8. On the **Verify Applications** page, confirm that all installation files that are required to build the package are displayed. When the Package Accelerator is used to create a new package, all installation files displayed in the **Applications** pane are required to create the package. - - If necessary, to add additional Installer files, click **Add**. To remove unnecessary installation files, select the Installer file, and then click **Delete**. To edit the properties associated with an installer, click **Edit**. The installation files specified in this step will be required when the Package Accelerator is used to create a new virtual application package. After you have confirmed the information displayed, click **Next**. - -9. On the **Select Guidance** page, to specify a file that contains information about how the Package Accelerator, click **Browse**. For example, this file can contain information about how the computer running the Sequencer should be configured, application prerequisite information for target computers, and general notes. You should provide all required information for the Package Accelerator to be successfully applied. The file you select must be in rich text (.rtf) or text file (.txt) format. Click **Next**. - -10. On the **Create Package Accelerator** page, to specify where to save the Package Accelerator, click **Browse** and select the directory. - -11. On the **Completion** page, to close the **Create Package Accelerator** wizard, click **Close**. - - **Important** - To help ensure that the package accelerator is as secure as possible, and so that the publisher can be verified when the package accelerator is applied, you should always digitally sign the package accelerator. - - - -~~~ -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). -~~~ - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - -[How to Create a Virtual Application Package Using an App-V Package Accelerator](how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator51.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator.md b/mdop/appv-v5/how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator.md deleted file mode 100644 index d6752dc7b3..0000000000 --- a/mdop/appv-v5/how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator.md +++ /dev/null @@ -1,108 +0,0 @@ ---- -title: How to Create a Virtual Application Package Using an App-V Package Accelerator -description: How to Create a Virtual Application Package Using an App-V Package Accelerator -author: dansimp -ms.assetid: 715e7526-e100-419c-8fc1-75cbfe433835 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Create a Virtual Application Package Using an App-V Package Accelerator - - -**Important** -The App-V 5.0 Sequencer does not grant any license rights to the software application that you use to create the Package Accelerator. You must abide by all end user license terms for the application that you use. It is your responsibility to make sure that the software application’s license terms allow you to create a Package Accelerator with the App-V 5.0 Sequencer. - - - -Use the following procedure to create a virtual application package with the App-V 5.0 Package Accelerator. - -**Note** -Before you start this procedure, copy the required Package Accelerator locally to the computer that runs the App-V 5.0 Sequencer. You should also copy all required installation files for the package to a local directory on the computer that runs the Sequencer. This is the directory that you have to specify in step 5 of this procedure. - - - -**To create a virtual application package with an App-V 5.0 Package Accelerator** - -1. To start the App-V Sequencer, on the computer that runs the App-V 5.0 Sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. - -2. To start the **Create New Package Wizard**, click **Create a New Virtual Application Package**. To create the package, select the **Create Package using a Package Accelerator** check box, and then click **Next**. - -3. To specify the package accelerator that will be used to create the new virtual application package, click **Browse** on the **Select Package Accelerator** page. Click **Next**. - - **Important** - If the publisher of the package accelerator cannot be verified and does not contain a valid digital signature, then before you click **Run**, you must confirm that you trust the source of the package accelerator. Confirm your choice in the **Security Warning** dialog box. - - - -4. On the **Guidance** page, review the publishing guidance information that is displayed in the information pane. This information was added when the Package Accelerator was created and it contains guidance about how to create and publish the package. To export the guidance information to a text (.txt) file, click **Export** and specify the location where the file should be saved, and then click **Next**. - -5. On the **Select Installation Files** page, click **Make New Folder** to create a local folder that contains all required installation files for the package, and specify where the folder should be saved. You must also specify a name to be assigned to the folder. You must then copy all required installation files to the location that you specified. If the folder that contains the installation files already exists on the computer that runs the Sequencer, click **Browse** to select the folder. - - Alternatively, if you have already copied the installation files to a directory on this computer, click **Make New Folder**, browse to the folder that contains the installation files, and then click **Next**. - - **Note** - You can specify the following types of supported installation files: - - - Windows Installer files (**.msi**) - - - Cabinet files (.cab) - - - Compressed files with a .zip file name extension - - - The actual application files - - The following file types are not supported: **.msp** and **.exe** files. If you specify an **.exe** file, you must extract the installation files manually. - - - -~~~ -If the package accelerator requires an application to be installed before you apply the Package Accelerator, and if you have already installed the required application, select **I have installed all applications**, and then click **Next** on the **Local Installation** page. -~~~ - -6. On the **Package Name** page, specify a name that will be associated with the package. The name that you specify identifies the package in the App-V Management Console. Click **Next**. - -7. On the **Create Package** page, provide comments that will be associated with the package. The comments should contain identifying information about the package that you are creating. To confirm the location where the package is created, review the information that is displayed in **Save Location**. To compress the package, select **Compress Package**. Select the **Compress Package** check box if the package will be streamed across the network, or when the package size exceeds 4 GB. - - To create the package, click **Create**. After the package is created, click **Next**. - -8. On the **Configure Software** page, to enable the Sequencer to configure the applications that are contained in the package, select **Configure Software**. In this step you can configure any associated tasks that must be completed in order to run the application on the target computers. For example, you can configure any associated license agreements. - - If you select **Configure Software**, the following items can be configured using the Sequencer as part of this step: - - - **Load Package**. The Sequencer loads the files that are associated with the package. It can take several seconds to an hour to decode the package. - - - **Run Each Program**. Optionally run the programs that are contained in the package. This step is helpful to complete any associated license or configuration tasks that are required to run the application before you deploy and run the package on target computers. To run all the programs at once, select at least one program, and then click **Run All**. To run specific programs, select the program or programs that you want to run, and then click **Run Selected**. Complete the required configuration tasks, and then close the applications. It can take several minutes for all programs to run. Click **Next**. - - - **Save Package**. The Sequencer saves the package. - - - **Primary Feature Block**. The Sequencer optimizes the package for streaming by rebuilding the primary feature block. - - If you do not want to configure the applications, click **Skip this step**, and to go to step 9 of this procedure, and then click **Next**. - -9. On the **Completion** page, after you review the information that is displayed in the **Virtual Application Package Report** pane, click **Close**. - - The package is now available in the Sequencer. To edit the package properties, click **Edit \[Package Name\]**. For more information about how to modify a package, see [How to Modify an Existing Virtual Application Package](how-to-modify-an-existing-virtual-application-package-beta.md). - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator51.md b/mdop/appv-v5/how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator51.md deleted file mode 100644 index 2552432acc..0000000000 --- a/mdop/appv-v5/how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator51.md +++ /dev/null @@ -1,108 +0,0 @@ ---- -title: How to Create a Virtual Application Package Using an App-V Package Accelerator -description: How to Create a Virtual Application Package Using an App-V Package Accelerator -author: dansimp -ms.assetid: eae1e4f8-f14f-4bc8-9867-052561c37297 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Create a Virtual Application Package Using an App-V Package Accelerator - - -**Important** -The App-V 5.1 Sequencer does not grant any license rights to the software application that you use to create the Package Accelerator. You must abide by all end user license terms for the application that you use. It is your responsibility to make sure that the software application’s license terms allow you to create a Package Accelerator with the App-V 5.1 Sequencer. - - - -Use the following procedure to create a virtual application package with the App-V 5.1 Package Accelerator. - -**Note** -Before you start this procedure, copy the required Package Accelerator locally to the computer that runs the App-V 5.1 Sequencer. You should also copy all required installation files for the package to a local directory on the computer that runs the Sequencer. This is the directory that you have to specify in step 5 of this procedure. - - - -**To create a virtual application package with an App-V 5.1 Package Accelerator** - -1. To start the App-V Sequencer, on the computer that runs the App-V 5.1 Sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. - -2. To start the **Create New Package Wizard**, click **Create a New Virtual Application Package**. To create the package, select the **Create Package using a Package Accelerator** check box, and then click **Next**. - -3. To specify the package accelerator that will be used to create the new virtual application package, click **Browse** on the **Select Package Accelerator** page. Click **Next**. - - **Important** - If the publisher of the package accelerator cannot be verified and does not contain a valid digital signature, then before you click **Run**, you must confirm that you trust the source of the package accelerator. Confirm your choice in the **Security Warning** dialog box. - - - -4. On the **Guidance** page, review the publishing guidance information that is displayed in the information pane. This information was added when the Package Accelerator was created and it contains guidance about how to create and publish the package. To export the guidance information to a text (.txt) file, click **Export** and specify the location where the file should be saved, and then click **Next**. - -5. On the **Select Installation Files** page, click **Make New Folder** to create a local folder that contains all required installation files for the package, and specify where the folder should be saved. You must also specify a name to be assigned to the folder. You must then copy all required installation files to the location that you specified. If the folder that contains the installation files already exists on the computer that runs the Sequencer, click **Browse** to select the folder. - - Alternatively, if you have already copied the installation files to a directory on this computer, click **Make New Folder**, browse to the folder that contains the installation files, and then click **Next**. - - **Note** - You can specify the following types of supported installation files: - - - Windows Installer files (**.msi**) - - - Cabinet files (.cab) - - - Compressed files with a .zip file name extension - - - The actual application files - - The following file types are not supported: **.msp** and **.exe** files. If you specify an **.exe** file, you must extract the installation files manually. - - - -~~~ -If the package accelerator requires an application to be installed before you apply the Package Accelerator, and if you have already installed the required application, select **I have installed all applications**, and then click **Next** on the **Local Installation** page. -~~~ - -6. On the **Package Name** page, specify a name that will be associated with the package. The name that you specify identifies the package in the App-V Management Console. Click **Next**. - -7. On the **Create Package** page, provide comments that will be associated with the package. The comments should contain identifying information about the package that you are creating. To confirm the location where the package is created, review the information that is displayed in **Save Location**. To compress the package, select **Compress Package**. Select the **Compress Package** check box if the package will be streamed across the network, or when the package size exceeds 4 GB. - - To create the package, click **Create**. After the package is created, click **Next**. - -8. On the **Configure Software** page, to enable the Sequencer to configure the applications that are contained in the package, select **Configure Software**. In this step you can configure any associated tasks that must be completed in order to run the application on the target computers. For example, you can configure any associated license agreements. - - If you select **Configure Software**, the following items can be configured using the Sequencer as part of this step: - - - **Load Package**. The Sequencer loads the files that are associated with the package. It can take several seconds to an hour to decode the package. - - - **Run Each Program**. Optionally run the programs that are contained in the package. This step is helpful to complete any associated license or configuration tasks that are required to run the application before you deploy and run the package on target computers. To run all the programs at once, select at least one program, and then click **Run All**. To run specific programs, select the program or programs that you want to run, and then click **Run Selected**. Complete the required configuration tasks, and then close the applications. It can take several minutes for all programs to run. Click **Next**. - - - **Save Package**. The Sequencer saves the package. - - - **Primary Feature Block**. The Sequencer optimizes the package for streaming by rebuilding the primary feature block. - - If you do not want to configure the applications, click **Skip this step**, and to go to step 9 of this procedure, and then click **Next**. - -9. On the **Completion** page, after you review the information that is displayed in the **Virtual Application Package Report** pane, click **Close**. - - The package is now available in the Sequencer. To edit the package properties, click **Edit \[Package Name\]**. For more information about how to modify a package, see [How to Modify an Existing Virtual Application Package](how-to-modify-an-existing-virtual-application-package-beta.md). - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-create-and-use-a-project-template.md b/mdop/appv-v5/how-to-create-and-use-a-project-template.md deleted file mode 100644 index 514740a212..0000000000 --- a/mdop/appv-v5/how-to-create-and-use-a-project-template.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: How to Create and Use a Project Template -description: How to Create and Use a Project Template -author: dansimp -ms.assetid: 2063f0b3-47a1-4090-bf99-0f26b107331c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Create and Use a Project Template - - -You can use an App-V 5.0 project template to save commonly applied settings associated with an existing virtual application package. These settings can then be applied when you create new virtual application packages in your environment. Using a project template can streamline the process of creating virtual application packages. - -**Note**   -You can, and often should apply an App-V 5.0 project template during a package upgrade. For example, if you sequenced an application with a custom exclusion list, it is recommended that an associated template is created and saved for later use while upgrading the sequenced application. - -App-V 5.0 project templates differ from App-V 5.0 Application Accelerators because App-V 5.0 Application Accelerators are application-specific, and App-V 5.0 project templates can be applied to multiple applications. - -Use the following procedures to create and apply a new template. - -**To create a project template** - -1. To start the App-V 5.0 sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. - -**Note**   - If the virtual application package is currently open in the App-V 5.0 Sequencer console, skip to step 3 of this procedure. - -2. To open the existing virtual application package that contains the settings you want to save with the App-V 5.0 project template, click **File** / **Open**, and then click **Edit Package**. On the **Select Package** page, click **Browse** and locate the virtual application package that you want to open. Click **Edit**. - -3. In the App-V 5.0 Sequencer console, to save the template file, click **File** / **Save As Template**. After you have reviewed the settings that will be saved with the new template, click **OK**. Specify a name that will be associated with the new App-V 5.0 project template. Click Save. - The new App-V 5.0 project template is saved in the directory specified in step 3 of this procedure. - -**To apply a project template** - -**Important**   - Creating a virtual application package using a project template in conjunction with a Package Accelerator is not supported. - -1. To start the App-V 5.0 sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. - -2. To create or upgrade a new virtual application package by using an App-V 5.0 project template, click **File** / **New From Template**. - -3. To select the project template that you want to use, browse to the directory where the project template is saved, select the project template, and then click **Open**. - - Create the new virtual application package. The settings saved with the specified template will be applied to the new virtual application package that you are creating. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-create-and-use-a-project-template51.md b/mdop/appv-v5/how-to-create-and-use-a-project-template51.md deleted file mode 100644 index cc1d47dba3..0000000000 --- a/mdop/appv-v5/how-to-create-and-use-a-project-template51.md +++ /dev/null @@ -1,79 +0,0 @@ ---- -title: How to Create and Use a Project Template -description: How to Create and Use a Project Template -author: dansimp -ms.assetid: e5ac1dc8-a88f-4b16-8e3c-df07ef5e4c3b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Create and Use a Project Template - - -You can use an App-V 5.1 project template to save commonly applied settings associated with an existing virtual application package. These settings can then be applied when you create new virtual application packages in your environment. Using a project template can streamline the process of creating virtual application packages. - -**Note** -You can, and often should apply an App-V 5.1 project template during a package upgrade. For example, if you sequenced an application with a custom exclusion list, it is recommended that an associated template is created and saved for later use while upgrading the sequenced application. - - - -App-V 5.1 project templates differ from App-V 5.1 Application Accelerators because App-V 5.1 Application Accelerators are application-specific, and App-V 5.1 project templates can be applied to multiple applications. - -Use the following procedures to create and apply a new template. - -**To create a project template** - -1. To start the App-V 5.1 sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. - -2. **Note** - If the virtual application package is currently open in the App-V 5.1 Sequencer console, skip to step 3 of this procedure. - - - -~~~ -To open the existing virtual application package that contains the settings you want to save with the App-V 5.1 project template, click **File** / **Open**, and then click **Edit Package**. On the **Select Package** page, click **Browse** and locate the virtual application package that you want to open. Click **Edit**. -~~~ - -3. In the App-V 5.1 Sequencer console, to save the template file, click **File** / **Save As Template**. After you have reviewed the settings that will be saved with the new template, click **OK**. Specify a name that will be associated with the new App-V 5.1 project template. Click Save. - - The new App-V 5.1 project template is saved in the directory specified in step 3 of this procedure. - -**To apply a project template** - -1. **Important** - Creating a virtual application package using a project template in conjunction with a Package Accelerator is not supported. - - - -~~~ -To start the App-V 5.1 sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**. -~~~ - -2. To create or upgrade a new virtual application package by using an App-V 5.1 project template, click **File** / **New From Template**. - -3. To select the project template that you want to use, browse to the directory where the project template is saved, select the project template, and then click **Open**. - - Create the new virtual application package. The settings saved with the specified template will be applied to the new virtual application package that you are creating. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-customize-virtual-applications-extensions-for-a-specific-ad-group-by-using-the-management-console.md b/mdop/appv-v5/how-to-customize-virtual-applications-extensions-for-a-specific-ad-group-by-using-the-management-console.md deleted file mode 100644 index 110fce61e0..0000000000 --- a/mdop/appv-v5/how-to-customize-virtual-applications-extensions-for-a-specific-ad-group-by-using-the-management-console.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console -description: How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console -author: dansimp -ms.assetid: 4f249ee3-cc2d-4b1e-afe5-d1cbf9cabd88 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console - - -Use the following procedure to customize the virtual application extensions for an Active Directory (AD) group. - -**To customize virtual applications extensions for an AD group** - -1. To view the package that you want to configure, open the App-V 5.0 Management Console. To view the configuration that is assigned to a given user group, select the package, and right-click the package name and select **Edit active directory access**. Alternatively, select the package and click **EDIT** in the **AD ACCESS** pane. - -2. To customize an AD group, you can find the group from the list of **AD Entities with Access**. Then, using the drop-down box in the **Assigned Configuration** pane, select **Custom**, and then click **EDIT**. - -3. To disable all extensions for a given application, clear **ENABLE**. - - To add a new shortcut for the selected application, right-click the application in the **SHORTCUTS** pane, and select **Add new shortcut**. To remove a shortcut, right-click the application in the **SHORTCUTS** pane, and select **Remove Shortcut**. To edit an existing shortcut, right-click the application, and select **Edit Shortcut**. - -4. To view any other application extensions, click **Advanced**, and click **Export Configuration**. Type in a filename and click **Save**. You can view all application extensions that are associated with the package using the configuration file. - -5. To edit additional application extensions, modify the configuration file and click **Import and Overwrite this Configuration**. Select the modified file and click **Open**. In the dialog, click **Overwrite** to complete the process. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-customize-virtual-applications-extensions-for-a-specific-ad-group-by-using-the-management-console51.md b/mdop/appv-v5/how-to-customize-virtual-applications-extensions-for-a-specific-ad-group-by-using-the-management-console51.md deleted file mode 100644 index 4d7754f265..0000000000 --- a/mdop/appv-v5/how-to-customize-virtual-applications-extensions-for-a-specific-ad-group-by-using-the-management-console51.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console -description: How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console -author: dansimp -ms.assetid: dd71df05-512f-4eb4-a55f-e5b93601323d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console - - -Use the following procedure to customize the virtual application extensions for an Active Directory (AD) group. - -**To customize virtual applications extensions for an AD group** - -1. To view the package that you want to configure, open the App-V 5.1 Management Console. To view the configuration that is assigned to a given user group, select the package, and right-click the package name and select **Edit active directory access**. Alternatively, select the package and click **EDIT** in the **AD ACCESS** pane. - -2. To customize an AD group, you can find the group from the list of **AD Entities with Access**. Then, using the drop-down box in the **Assigned Configuration** pane, select **Custom**, and then click **EDIT**. - -3. To disable all extensions for a given application, clear **ENABLE**. - - To add a new shortcut for the selected application, right-click the application in the **SHORTCUTS** pane, and select **Add new shortcut**. To remove a shortcut, right-click the application in the **SHORTCUTS** pane, and select **Remove Shortcut**. To edit an existing shortcut, right-click the application, and select **Edit Shortcut**. - -4. To view any other application extensions, click **Advanced**, and click **Export Configuration**. Type in a filename and click **Save**. You can view all application extensions that are associated with the package using the configuration file. - -5. To edit additional application extensions, modify the configuration file and click **Import and Overwrite this Configuration**. Select the modified file and click **Open**. In the dialog, click **Overwrite** to complete the process. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-delete-a-connection-group.md b/mdop/appv-v5/how-to-delete-a-connection-group.md deleted file mode 100644 index 8d3a29dee3..0000000000 --- a/mdop/appv-v5/how-to-delete-a-connection-group.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: How to Delete a Connection Group -description: How to Delete a Connection Group -author: dansimp -ms.assetid: 92654019-a5ad-4ed7-8c39-45f658f60196 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Delete a Connection Group - - -Use the following procedure to delete an existing App-V connection group. - -**To delete a connection group** - -1. Open the App-V Management Console and select **Packages** > **CONNECTION GROUPS**. - -2. Right-click the connection group to be removed, and select **delete**. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - -[Managing Connection Groups](managing-connection-groups.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-delete-a-connection-group51.md b/mdop/appv-v5/how-to-delete-a-connection-group51.md deleted file mode 100644 index 90aec39b89..0000000000 --- a/mdop/appv-v5/how-to-delete-a-connection-group51.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: How to Delete a Connection Group -description: How to Delete a Connection Group -author: dansimp -ms.assetid: dfdfb507-8891-4f17-9125-5759c9b74483 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Delete a Connection Group - - -Use the following procedure to delete an existing App-V connection group. - -**To delete a connection group** - -1. Open the App-V Management Console and select **CONNECTION GROUPS**. - -2. Right-click the connection group to be removed, and select **delete**. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - -[Managing Connection Groups](managing-connection-groups51.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-delete-a-package-in-the-management-console-51.md b/mdop/appv-v5/how-to-delete-a-package-in-the-management-console-51.md deleted file mode 100644 index 51e1ae3be1..0000000000 --- a/mdop/appv-v5/how-to-delete-a-package-in-the-management-console-51.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: How to Delete a Package in the Management Console -description: How to Delete a Package in the Management Console -author: dansimp -ms.assetid: 4a2be40b-bbb8-4fab-992d-7466df432858 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Delete a Package in the Management Console - - -Use the following procedure to delete an App-V 5.1 package. - -**To delete a package in the Management Console** - -1. To view the package you want to delete, open the App-V 5.1 Management Console and select **Packages**. Select the package to be removed. - -2. Click or right-click the package. Select **Delete** to remove the package. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-delete-a-package-in-the-management-console-beta.md b/mdop/appv-v5/how-to-delete-a-package-in-the-management-console-beta.md deleted file mode 100644 index a9a1d7847a..0000000000 --- a/mdop/appv-v5/how-to-delete-a-package-in-the-management-console-beta.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: How to Delete a Package in the Management Console -description: How to Delete a Package in the Management Console -author: dansimp -ms.assetid: d780aafb-4097-4417-8ecc-30efac73c33a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Delete a Package in the Management Console - - -Use the following procedure to delete an App-V 5.0 package. - -**To delete a package in the Management Console** - -1. To view the package you want to delete, open the App-V 5.0 Management Console and select **Packages**. Select the package to be removed. - -2. Right-click the package, and select **delete** to remove the package. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-deploy-app-v-50-packages-using-electronic-software-distribution.md b/mdop/appv-v5/how-to-deploy-app-v-50-packages-using-electronic-software-distribution.md deleted file mode 100644 index c84a1d788d..0000000000 --- a/mdop/appv-v5/how-to-deploy-app-v-50-packages-using-electronic-software-distribution.md +++ /dev/null @@ -1,79 +0,0 @@ ---- -title: How to deploy App-V 5.0 Packages Using Electronic Software Distribution -description: How to deploy App-V 5.0 Packages Using Electronic Software Distribution -author: dansimp -ms.assetid: 08e5e05b-dbb8-4be7-b2d8-721ef627da81 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to deploy App-V 5.0 Packages Using Electronic Software Distribution - - -You can use an electronic software distribution (ESD) system to deploy App-V 5.0 virtual applications to App-V clients. For details, see the documentation available with the ESD you are using. - -For component requirements and options for using an ESD to deploy App-V packages, see [Planning to Deploy App-V 5.0 with an Electronic Software Distribution System](planning-to-deploy-app-v-50-with-an-electronic-software-distribution-system.md). - -Use one of the following methods to publish packages to App-V client computers with an ESD: - - ---- - - - - - - - - - - - - - - - - - - - - -
MethodDescription

Functionality provided by a third-party ESD

Use the functionality in a third-party ESD.

Stand-alone Windows Installer

Install the application on the target client computer by using the associated Windows Installer (.msi) file that is created when you initially sequence an application. The Windows Installer file contains the associated App-V 5.0 package file information used to configure a package and copies the required package files to the client.

PowerShell

Use PowerShell cmdlets to deploy virtualized applications. For more information about using PowerShell and App-V 5.0, see Administering App-V by Using PowerShell.

- - - -**To deploy App-V 5.0 packages by using an ESD** - -1. Install the App-V 5.0 Sequencer on a computer in your environment. For more information about installing the sequencer, see [How to Install the Sequencer](how-to-install-the-sequencer-beta-gb18030.md). - -2. Use the App-V 5.0 Sequencer to create virtual application. For information about creating a virtual application, see [Creating and Managing App-V 5.0 Virtualized Applications](creating-and-managing-app-v-50-virtualized-applications.md). - -3. After you create the virtual application, deploy the package by using your ESD solution. - - If you are using System Center Configuration Manager, start by reviewing [Introduction to Application Management in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=281816) for information about using App-V 5.0 and System Center 2012 Configuration Manager. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-deploy-app-v-51-packages-using-electronic-software-distribution.md b/mdop/appv-v5/how-to-deploy-app-v-51-packages-using-electronic-software-distribution.md deleted file mode 100644 index 6171caac63..0000000000 --- a/mdop/appv-v5/how-to-deploy-app-v-51-packages-using-electronic-software-distribution.md +++ /dev/null @@ -1,79 +0,0 @@ ---- -title: How to deploy App-V 5.1 Packages Using Electronic Software Distribution -description: How to deploy App-V 5.1 Packages Using Electronic Software Distribution -author: dansimp -ms.assetid: e1957a5a-1f18-42da-b2c1-a5ae5a4cca7a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to deploy App-V 5.1 Packages Using Electronic Software Distribution - - -You can use an electronic software distribution (ESD) system to deploy App-V 5.1 virtual applications to App-V clients. For details, see the documentation available with the ESD you are using. - -For component requirements and options for using an ESD to deploy App-V packages, see [Planning to Deploy App-V 5.1 with an Electronic Software Distribution System](planning-to-deploy-app-v-51-with-an-electronic-software-distribution-system.md). - -Use one of the following methods to publish packages to App-V client computers with an ESD: - - ---- - - - - - - - - - - - - - - - - - - - - -
MethodDescription

Functionality provided by a third-party ESD

Use the functionality in a third-party ESD.

Stand-alone Windows Installer

Install the application on the target client computer by using the associated Windows Installer (.msi) file that is created when you initially sequence an application. The Windows Installer file contains the associated App-V 5.1 package file information used to configure a package and copies the required package files to the client.

PowerShell

Use PowerShell cmdlets to deploy virtualized applications. For more information about using PowerShell and App-V 5.1, see Administering App-V 5.1 by Using PowerShell.

- - - -**To deploy App-V 5.1 packages by using an ESD** - -1. Install the App-V 5.1 Sequencer on a computer in your environment. For more information about installing the sequencer, see [How to Install the Sequencer](how-to-install-the-sequencer-51beta-gb18030.md). - -2. Use the App-V 5.1 Sequencer to create virtual application. For information about creating a virtual application, see [Creating and Managing App-V 5.1 Virtualized Applications](creating-and-managing-app-v-51-virtualized-applications.md). - -3. After you create the virtual application, deploy the package by using your ESD solution. - - If you are using System Center Configuration Manager, start by reviewing [Introduction to Application Management in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=281816) for information about using App-V 5.1 and System Center 2012 Configuration Manager. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-46-and-the-app-v--50-client-on-the-same-computer.md b/mdop/appv-v5/how-to-deploy-the-app-v-46-and-the-app-v--50-client-on-the-same-computer.md deleted file mode 100644 index b201ab4069..0000000000 --- a/mdop/appv-v5/how-to-deploy-the-app-v-46-and-the-app-v--50-client-on-the-same-computer.md +++ /dev/null @@ -1,58 +0,0 @@ ---- -title: How to Deploy the App-V 4.6 and the App-V 5.0 Client on the Same Computer -description: How to Deploy the App-V 4.6 and the App-V 5.0 Client on the Same Computer -ms.assetid: 5b7e27e4-4360-464c-b832-f1c7939e5485 -ms.reviewer: -manager: dansimp -ms.author: dansimp -author: dansimp -ms.date: 06/21/2016 ---- - -# How to Deploy the App-V 4.6 and the App-V 5.0 Client on the Same Computer - -**Note:** App-V 4.6 has exited Mainstream support. The following assumes that the App-V 4.6 SP3 client is already installed. - -Use the following information to install the App-V 5.0 client (preferably, with the latest Service Packs and hotfixes) and the App-V 4.6 SP3 client on the same computer. For supported versions, requirements, and other planning information, see [Planning for Migrating from a Previous Version of App-V](planning-for-migrating-from-a-previous-version-of-app-v.md). - -**To deploy the App-V 5.0 client and App-V 4.6 client on the same computer** - -1. Install the App-V 5.0 SP3 client on the computer that is running the App-V 4.6 version of the client. For best results, we recommend that you install all available updates to the App-V 5.0 SP3 client. - -2. Convert or re-sequence the packages gradually. - - - To convert the packages, use the App-V 5.0 package converter and convert the required packages to the App-V 5.0 (**.appv**) file format. - - - To re-sequence the packages, consider using the latest version of the Sequencer for best results. - - For more information about publishing packages, see [How to Publish a Package by Using the Management Console](how-to-publish-a-package-by-using-the-management-console-50.md). - -3. Deploy packages to the client computers. - -4. Convert extension points, as needed. For more information, see the following resources: - - - [How to Migrate Extension Points From an App-V 4.6 Package to a Converted App-V 5.0 Package for All Users on a Specific Computer](how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-50-package-for-all-users-on-a-specific-computer.md) - - - [How to Migrate Extension Points From an App-V 4.6 Package to App-V 5.0 for a Specific User](how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-50-for-a-specific-user.md) - - - [How to Convert a Package Created in a Previous Version of App-V](how-to-convert-a-package-created-in-a-previous-version-of-app-v.md) - -5. Test that your App-V 5.0 packages are successful, and then remove the 4.6 packages. To check the user state of your client computers, we recommend that you use [User Experience Virtualization](https://technet.microsoft.com/library/dn458947.aspx) or another user environment management tool. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Planning for Migrating from a Previous Version of App-V](planning-for-migrating-from-a-previous-version-of-app-v.md) - -[Deploying the App-V 5.0 Sequencer and Client](deploying-the-app-v-50-sequencer-and-client.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-46-and-the-app-v--51-client-on-the-same-computer.md b/mdop/appv-v5/how-to-deploy-the-app-v-46-and-the-app-v--51-client-on-the-same-computer.md deleted file mode 100644 index 90cb9db9a7..0000000000 --- a/mdop/appv-v5/how-to-deploy-the-app-v-46-and-the-app-v--51-client-on-the-same-computer.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -title: How to Deploy the App-V 4.6 and the App-V 5.1 Client on the Same Computer -description: How to Deploy the App-V 4.6 and the App-V 5.1 Client on the Same Computer -ms.assetid: 498d50c7-f13d-4fbb-8ea1-b959ade26fdf -ms.reviewer: -manager: dansimp -ms.author: dansimp -author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/21/2016 ---- - -# How to Deploy the App-V 4.6 and the App-V 5.1 Client on the Same Computer - -**Note:** App-V 4.6 has exited Mainstream support. - -Use the following information to install the Microsoft Application Virtualization (App-V) 5.1 client (preferably, with the latest Service Packs and hotfixes) and the App-V 4.6 SP2 client or the App-V 4.6 S3 client on the same computer. For supported versions, requirements, and other planning information, see [Planning for Migrating from a Previous Version of App-V](planning-for-migrating-from-a-previous-version-of-app-v51.md). - -**To deploy the App-V 5.1 client and App-V 4.6 client on the same computer** - -1. Install the following version of the App-V client on the computer that is running App-V 4.6. - - - [Microsoft Application Virtualization 4.6 Service Pack 3](https://www.microsoft.com/download/details.aspx?id=41187) - -2. Install the App-V 5.1 client on the computer that is running the App-V 4.6 SP3 version of the client. For best results, we recommend that you install all available updates to the App-V 5.1 client. - -3. Convert or re-sequence the packages gradually. - - - To convert the packages, use the App-V 5.1 package converter and convert the required packages to the App-V 5.1 (**.appv**) file format. - - - To re-sequence the packages, consider using the latest version of the Sequencer for best results. - - For more information about publishing packages, see [How to Publish a Package by Using the Management Console](how-to-publish-a-package-by-using-the-management-console-51.md). - -4. Deploy packages to the client computers. - -5. Convert extension points, as needed. For more information, see the following resources: - - - [How to Migrate Extension Points From an App-V 4.6 Package to a Converted App-V 5.1 Package for All Users on a Specific Computer](how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-51-package-for-all-users-on-a-specific-computer.md) - - - [How to Migrate Extension Points From an App-V 4.6 Package to App-V 5.1 for a Specific User](how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-51-for-a-specific-user.md) - - - [How to Convert a Package Created in a Previous Version of App-V](how-to-convert-a-package-created-in-a-previous-version-of-app-v51.md) - -6. Test that your App-V 5.1 packages are successful, and then remove the 4.6 packages. To check the user state of your client computers, we recommend that you use [User Experience Virtualization](https://technet.microsoft.com/library/dn458947.aspx) or another user environment management tool. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Planning for Migrating from a Previous Version of App-V](planning-for-migrating-from-a-previous-version-of-app-v51.md) - -[Deploying the App-V 5.1 Sequencer and Client](deploying-the-app-v-51-sequencer-and-client.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-50-server-50sp3.md b/mdop/appv-v5/how-to-deploy-the-app-v-50-server-50sp3.md deleted file mode 100644 index b58dcbe9cc..0000000000 --- a/mdop/appv-v5/how-to-deploy-the-app-v-50-server-50sp3.md +++ /dev/null @@ -1,280 +0,0 @@ ---- -title: How to Deploy the App-V 5.0 Server -description: How to Deploy the App-V 5.0 Server -author: dansimp -ms.assetid: 4f8f16af-7d74-42b4-84b8-b04ce668225d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Deploy the App-V 5.0 Server - - -Use the following procedure to install the App-V 5.0 server. For information about deploying the App-V 5.0 SP3 Server, see [About App-V 5.0 SP3](about-app-v-50-sp3.md#bkmk-migrate-to-50sp3). - -**Before you start:** - -- Ensure that you’ve installed prerequisite software. See [App-V 5.0 Prerequisites](app-v-50-prerequisites.md). - -- Review the server section of [App-V 5.0 Security Considerations](app-v-50-security-considerations.md). - -- Specify a port where each component will be hosted. - -- Add firewall rules to allow incoming requests to access the specified ports. - -- If you use SQL scripts, instead of the Windows Installer, to set up the Management database or Reporting database, you must run the SQL scripts before installing the Management Server or Reporting Server. See [How to Deploy the App-V Databases by Using SQL Scripts](how-to-deploy-the-app-v-databases-by-using-sql-scripts.md). - -**To install the App-V 5.0 server** - -1. Copy the App-V 5.0 server installation files to the computer on which you want to install it. - -2. Start the App-V 5.0 server installation by right-clicking and running **appv\_server\_setup.exe** as an administrator, and then click **Install**. - -3. Review and accept the license terms, and choose whether to enable Microsoft updates. - -4. On the **Feature Selection** page, select all of the following components. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ComponentDescription

Management server

Provides overall management functionality for the App-V infrastructure.

Management database

Facilitates database predeployments for App-V management.

Publishing server

Provides hosting and streaming functionality for virtual applications.

Reporting server

Provides App-V 5.0 reporting services.

Reporting database

Facilitates database predeployments for App-V reporting.

- - - -5. On the **Installation Location** page, accept the default location where the selected components will be installed, or change the location by typing a new path on the **Installation Location** line. - -6. On the initial **Create New Management Database** page, configure the **Microsoft SQL Server instance** and **Management Server database** by selecting the appropriate option below. - - - - - - - - - - - - - - - - - - - - - - -
MethodWhat you need to do

You are using a custom Microsoft SQL Server instance.

Select Use the custom instance, and type the name of the instance.

-

Use the format INSTANCENAME. The assumed installation location is the local computer.

-

Not supported: A server name using the format ServerName<strong>INSTANCE.

You are using a custom database name.

Select Custom configuration and type the database name.

-

The database name must be unique, or the installation will fail.

- - - -7. On the **Configure** page, accept the default value **Use this local computer**. - - **Note** - If you are installing the Management server and Management database side by side, some options on this page are not available. In this case, the appropriate options are selected by default and cannot be changed. - - - -8. On the initial **Create New Reporting Database** page, configure the **Microsoft SQL Server instance** and **Reporting Server database** by selecting the appropriate option below. - - - - - - - - - - - - - - - - - - - - - - -
MethodWhat you need to do

You are using a custom Microsoft SQL Server instance.

Select Use the custom instance, and type the name of the instance.

-

Use the format INSTANCENAME. The assumed installation location is the local computer.

-

Not supported: A server name using the format ServerName<strong>INSTANCE.

You are using a custom database name.

Select Custom configuration and type the database name.

-

The database name must be unique, or the installation will fail.

- - - -9. On the **Configure** page, accept the default value: **Use this local computer**. - - **Note** - If you are installing the Management server and Management database side by side, some options on this page are not available. In this case, the appropriate options are selected by default and cannot be changed. - - - -10. On the **Configure** (Management Server Configuration) page, specify the following: - - - - - - - - - - - - - - - - - - - - - - - - - - -
Item to configureDescription and examples

Type the AD group with sufficient permissions to manage the App-V environment.

Example: MyDomain\MyUser

-

After installation, you can add additional users or groups by using the Management console. However, global security groups and Active Directory Domain Services (AD DS) distribution groups are not supported. You must use Domain local or Universal groups are required to perform this action.

Website name: Specify the custom name that will be used to run the publishing service.

If you do not have a custom name, do not make any changes.

Port binding: Specify a unique port number that will be used by App-V.

Example: 12345

-

Ensure that the port specified is not being used by another website.

- - - -11. On the **Configure** **Publishing Server Configuration** page, specify the following: - - - - - - - - - - - - - - - - - - - - - - - - - - -
Item to configureDescription and examples

Specify the URL for the management service.

Example: http://localhost:12345

Website name: Specify the custom name that will be used to run the publishing service.

If you do not have a custom name, do not make any changes.

Port binding: Specify a unique port number that will be used by App-V.

Example: 54321

-

Ensure that the port specified is not being used by another website.

- - - -12. On the **Reporting Server** page, specify the following: - - - - - - - - - - - - - - - - - - - - - - -
Item to configureDescription and examples

Website name: Specify the custom name that will be used to run the Reporting Service.

If you do not have a custom name, do not make any changes.

Port binding: Specify a unique port number that will be used by App-V.

Example: 55555

-

Ensure that the port specified is not being used by another website.

- - - -13. To start the installation, click **Install** on the **Ready** page, and then click **Close** on the **Finished** page. - -14. To verify that the setup completed successfully, open a web browser, and type the following URL: - - **http://<Management server machine name>:<Management service port number>/Console.html**. - - Example: **http://localhost:12345/console.html**. If the installation succeeded, the App-V Management console is displayed with no errors. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Deploying App-V 5.0](deploying-app-v-50.md) - -[How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services.md) - -[How to Install the Publishing Server on a Remote Computer](how-to-install-the-publishing-server-on-a-remote-computer.md) - -[How to Deploy the App-V 5.0 Server Using a Script](how-to-deploy-the-app-v-50-server-using-a-script.md) - -[How to Enable Reporting on the App-V 5.0 Client by Using PowerShell](how-to-enable-reporting-on-the-app-v-50-client-by-using-powershell.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-50-server-using-a-script.md b/mdop/appv-v5/how-to-deploy-the-app-v-50-server-using-a-script.md deleted file mode 100644 index 03f183eae8..0000000000 --- a/mdop/appv-v5/how-to-deploy-the-app-v-50-server-using-a-script.md +++ /dev/null @@ -1,757 +0,0 @@ ---- -title: How to Deploy the App-V 5.0 Server Using a Script -description: How to Deploy the App-V 5.0 Server Using a Script -author: dansimp -ms.assetid: b91a35c8-df9e-4065-9187-abafbe565b84 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/15/2018 ---- - - -# How to Deploy the App-V 5.0 Server Using a Script - - -In order to complete the **appv\_server\_setup.exe** Server setup successfully using the command line, you must specify and combine multiple parameters. - -Use the following tables for more information about installing the App-V 5.0 server using the command line. - ->[!NOTE] -> The information in the following tables can also be accessed using the command line by typing the following command: ->``` -> appv\_server\_setup.exe /? ->``` - -## Common parameters and Examples - - - - - - - - - - - - -

To Install the Management server and Management database on a local machine.

To use the default instance of Microsoft SQL Server, use the following parameters:

-
    -

  • /MANAGEMENT_SERVER

    • -

  • /MANAGEMENT_ADMINACCOUNT

    • -

  • /MANAGEMENT_WEBSITE_NAME

    • -

  • /MANAGEMENT_WEBSITE_PORT

    • -

  • /DB_PREDEPLOY_MANAGEMENT

    • -

  • /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT

    • -

  • /MANAGEMENT_DB_NAME

    • -
-

To use a custom instance of Microsoft SQL Server, use the following parameters:

-
    -

  • /MANAGEMENT_SERVER

    • -

  • /MANAGEMENT_ADMINACCOUNT

    • -

  • /MANAGEMENT_WEBSITE_NAME

    • -

  • /MANAGEMENT_WEBSITE_PORT

    • -

  • /DB_PREDEPLOY_MANAGEMENT

    • -

  • /MANAGEMENT_DB_CUSTOM_SQLINSTANCE

    • -

  • /MANAGEMENT_DB_NAME

    • -
-

Using a custom instance of Microsoft SQL Server example:

-

/appv_server_setup.exe /QUIET

-

/MANAGEMENT_SERVER

-

/MANAGEMENT_ADMINACCOUNT=”Domain\AdminGroup”

-

/MANAGEMENT_WEBSITE_NAME=”Microsoft AppV Management Service”

-

/MANAGEMENT_WEBSITE_PORT=”8080”

-

/DB_PREDEPLOY_MANAGEMENT

-

/MANAGEMENT_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”

-

/MANAGEMENT_DB_NAME=”AppVManagement”

- - - - - - - - - - - - -

To Install the Management server using an existing Management database on a local machine.

To use the default instance of Microsoft SQL Server, use the following parameters:

-
    -

  • /MANAGEMENT_SERVER

    • -

  • /MANAGEMENT_ADMINACCOUNT

    • -

  • /MANAGEMENT_WEBSITE_NAME

    • -

  • /MANAGEMENT_WEBSITE_PORT

    • -

  • /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL

    • -

  • /EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT

    • -

  • /EXISTING_MANAGEMENT_DB_NAME

    • -
-

To use a custom instance of Microsoft SQL Server, use these parameters:

-
    -

  • /MANAGEMENT_SERVER

    • -

  • /MANAGEMENT_ADMINACCOUNT

    • -

  • /MANAGEMENT_WEBSITE_NAME

    • -

  • /MANAGEMENT_WEBSITE_PORT

    • -

  • /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL

    • -

  • /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE

    • -

  • /EXISTING_MANAGEMENT_DB_NAME

    • -
-

Using a custom instance of Microsoft SQL Server example:

-

/appv_server_setup.exe /QUIET

-

/MANAGEMENT_SERVER

-

/MANAGEMENT_ADMINACCOUNT=”Domain\AdminGroup”

-

/MANAGEMENT_WEBSITE_NAME=”Microsoft AppV Management Service”

-

/MANAGEMENT_WEBSITE_PORT=”8080”

-

/EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL

-

/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE =”SqlInstanceName”

-

/EXISTING_MANAGEMENT_DB_NAME =”AppVManagement”

  - - - - - - - - - - - - -

To install the Management server using an existing Management database on a remote machine.

To use the default instance of Microsoft SQL Server, use the following parameters:

-
    -

  • /MANAGEMENT_SERVER

    • -

  • /MANAGEMENT_ADMINACCOUNT

    • -

  • /MANAGEMENT_WEBSITE_NAME

    • -

  • /MANAGEMENT_WEBSITE_PORT

    • -

  • /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME

    • -

  • /EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT

    • -

  • /EXISTING_MANAGEMENT_DB_NAME

    • -
-

To use a custom instance of Microsoft SQL Server, use these parameters:

-
    -

  • /MANAGEMENT_SERVER

    • -

  • /MANAGEMENT_ADMINACCOUNT

    • -

  • /MANAGEMENT_WEBSITE_NAME

    • -

  • /MANAGEMENT_WEBSITE_PORT

    • -

  • /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME

    • -

  • /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE

    • -

  • /EXISTING_MANAGEMENT_DB_NAME

    • -
-

Using a custom instance of Microsoft SQL Server example:

-

/appv_server_setup.exe /QUIET

-

/MANAGEMENT_SERVER

-

/MANAGEMENT_ADMINACCOUNT=”Domain\AdminGroup”

-

/MANAGEMENT_WEBSITE_NAME=”Microsoft AppV Management Service”

-

/MANAGEMENT_WEBSITE_PORT=”8080”

-

/EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME=”SqlServermachine.domainName”

-

/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE =”SqlInstanceName”

-

/EXISTING_MANAGEMENT_DB_NAME =”AppVManagement”

- - - - - - - - - - - - -

To Install the Management database and the Management Server on the same computer.

To use the default instance of Microsoft SQL Server, use the following parameters:

-
    -

  • /DB_PREDEPLOY_MANAGEMENT

    • -

  • /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT

    • -

  • /MANAGEMENT_DB_NAME

    • -

  • /MANAGEMENT_SERVER_MACHINE_USE_LOCAL

    • -

  • /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT

    • -
-

To use a custom instance of Microsoft SQL Server, use these parameters:

-
    -

  • /DB_PREDEPLOY_MANAGEMENT

    • -

  • /MANAGEMENT_DB_CUSTOM_SQLINSTANCE

    • -

  • /MANAGEMENT_DB_NAME

    • -

  • /MANAGEMENT_SERVER_MACHINE_USE_LOCAL

    • -

  • /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT

    • -
-

Using a custom instance of Microsoft SQL Server example:

-

/appv_server_setup.exe /QUIET

-

/DB_PREDEPLOY_MANAGEMENT

-

/MANAGEMENT_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”

-

/MANAGEMENT_DB_NAME=”AppVManagement”

-

/MANAGEMENT_SERVER_MACHINE_USE_LOCAL

-

/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT=”Domain\InstallAdminAccount”

- - - - - - - - - - - - -

To install the Management database on a different computer than the Management server.

To use the default instance of Microsoft SQL Server, use the following parameters:

-
    -

  • /DB_PREDEPLOY_MANAGEMENT

    • -

  • /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT

    • -

  • /MANAGEMENT_DB_NAME

    • -

  • /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT

    • -

  • /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT

    • -
-

To use a custom instance of Microsoft SQL Server, use these parameters:

-
    -

  • /DB_PREDEPLOY_MANAGEMENT

    • -

  • /MANAGEMENT_DB_CUSTOM_SQLINSTANCE

    • -

  • /MANAGEMENT_DB_NAME

    • -

  • /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT

    • -

  • /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT

    • -
-

Using a custom instance of Microsoft SQL Server example:

-

/appv_server_setup.exe /QUIET

-

/DB_PREDEPLOY_MANAGEMENT

-

/MANAGEMENT_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”

-

/MANAGEMENT_DB_NAME=”AppVManagement”

-

/MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT=”Domain\MachineAccount”

-

/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT=”Domain\InstallAdminAccount”

- - - - - - - - - - - - -

To Install the publishing server.

To use the default instance of Microsoft SQL Server, use the following parameters:

-
    -

  • /PUBLISHING_SERVER

    • -

  • /PUBLISHING_MGT_SERVER

    • -

  • /PUBLISHING_WEBSITE_NAME

    • -

  • /PUBLISHING_WEBSITE_PORT

    • -
-

Using a custom instance of Microsoft SQL Server example:

-

/appv_server_setup.exe /QUIET

-

/PUBLISHING_SERVER

-

/PUBLISHING_MGT_SERVER=”http://ManagementServerName:ManagementPort”

-

/PUBLISHING_WEBSITE_NAME=”Microsoft AppV Publishing Service”

-

/PUBLISHING_WEBSITE_PORT=”8081”

- - - - - - - - - - - - -

To Install the Reporting server and Reporting database on a local machine.

To use the default instance of Microsoft SQL Server, use the following parameters:

-
    -

  • /REPORTING _SERVER

    • -

  • /REPORTING _WEBSITE_NAME

    • -

  • /REPORTING _WEBSITE_PORT

    • -

  • /DB_PREDEPLOY_REPORTING

    • -

  • /REPORTING _DB_SQLINSTANCE_USE_DEFAULT

    • -

  • /REPORTING _DB_NAME

    • -
-

To use a custom instance of Microsoft SQL Server, use these parameters:

-
    -

  • /REPORTING _SERVER

    • -

  • /REPORTING _ADMINACCOUNT

    • -

  • /REPORTING _WEBSITE_NAME

    • -

  • /REPORTING _WEBSITE_PORT

    • -

  • /DB_PREDEPLOY_REPORTING

    • -

  • /REPORTING _DB_CUSTOM_SQLINSTANCE

    • -

  • /REPORTING _DB_NAME

    • -
-

Using a custom instance of Microsoft SQL Server example:

-
    -

  • /appv_server_setup.exe /QUIET

    • -

  • /REPORTING_SERVER

    • -

  • /REPORTING_WEBSITE_NAME=”Microsoft AppV Reporting Service”

    • -

  • /REPORTING_WEBSITE_PORT=”8082”

    • -

  • /DB_PREDEPLOY_REPORTING

    • -

  • /REPORTING_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”

    • -

  • /REPORTING_DB_NAME=”AppVReporting”

    • -
- - - - - - - - - - - - -

To Install the Reporting server and using an existing Reporting database on a local machine.

To use the default instance of Microsoft SQL Server, use the following parameters:

-
    -

  • /REPORTING _SERVER

    • -

  • /REPORTING _WEBSITE_NAME

    • -

  • /REPORTING _WEBSITE_PORT

    • -

  • /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL

    • -

  • /EXISTING_REPORTING _DB_SQLINSTANCE_USE_DEFAULT

    • -

  • /EXISTING_REPORTING _DB_NAME

    • -
-

To use a custom instance of Microsoft SQL Server, use these parameters:

-
    -

  • /REPORTING _SERVER

    • -

  • /REPORTING _ADMINACCOUNT

    • -

  • /REPORTING _WEBSITE_NAME

    • -

  • /REPORTING _WEBSITE_PORT

    • -

  • /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL

    • -

  • /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE

    • -

  • /EXISTING_REPORTING _DB_NAME

    • -
-

Using a custom instance of Microsoft SQL Server example:

-

/appv_server_setup.exe /QUIET

-

/REPORTING_SERVER

-

/REPORTING_WEBSITE_NAME=”Microsoft AppV Reporting Service”

-

/REPORTING_WEBSITE_PORT=”8082”

-

/EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL

-

/EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”

-

/EXITING_REPORTING_DB_NAME=”AppVReporting”

- - - - - - - - - - - - -

To Install the Reporting server using an existing Reporting database on a remote machine.

To use the default instance of Microsoft SQL Server, use the following parameters:

-
    -

  • /REPORTING _SERVER

    • -

  • /REPORTING _WEBSITE_NAME

    • -

  • /REPORTING _WEBSITE_PORT

    • -

  • /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME

    • -

  • /EXISTING_REPORTING _DB_SQLINSTANCE_USE_DEFAULT

    • -

  • /EXISTING_REPORTING _DB_NAME

    • -
-

To use a custom instance of Microsoft SQL Server, use these parameters:

-
    -

  • /REPORTING _SERVER

    • -

  • /REPORTING _ADMINACCOUNT

    • -

  • /REPORTING _WEBSITE_NAME

    • -

  • /REPORTING _WEBSITE_PORT

    • -

  • /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME

    • -

  • /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE

    • -

  • /EXISTING_REPORTING _DB_NAME

    • -
-

Using a custom instance of Microsoft SQL Server example:

-

/appv_server_setup.exe /QUIET

-

/REPORTING_SERVER

-

/REPORTING_WEBSITE_NAME=”Microsoft AppV Reporting Service”

-

/REPORTING_WEBSITE_PORT=”8082”

-

/EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME=”SqlServerMachine.DomainName”

-

/EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”

-

/EXITING_REPORTING_DB_NAME=”AppVReporting”

- - - - - - - - - - - - -

To install the Reporting database on the same computer as the Reporting server.

To use the default instance of Microsoft SQL Server, use the following parameters:

-
    -

  • /DB_PREDEPLOY_REPORTING

    • -

  • /REPORTING _DB_SQLINSTANCE_USE_DEFAULT

    • -

  • /REPORTING _DB_NAME

    • -

  • /REPORTING_SERVER_MACHINE_USE_LOCAL

    • -

  • /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT

    • -
-

To use a custom instance of Microsoft SQL Server, use these parameters:

-
    -

  • /DB_PREDEPLOY_REPORTING

    • -

  • /REPORTING _DB_CUSTOM_SQLINSTANCE

    • -

  • /REPORTING _DB_NAME

    • -

  • /REPORTING_SERVER_MACHINE_USE_LOCAL

    • -

  • /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT

    • -
-

Using a custom instance of Microsoft SQL Server example:

-

/appv_server_setup.exe /QUIET

-

/DB_PREDEPLOY_REPORTING

-

/REPORTING_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”

-

/REPORTING_DB_NAME=”AppVReporting”

-

/REPORTING_SERVER_MACHINE_USE_LOCAL

-

/REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT=”Domain\InstallAdminAccount”

- - - - - - - - - - - - -

To install the Reporting database on a different computer than the Reporting server.

To use the default instance of Microsoft SQL Server, use the following parameters:

-
    -

  • /DB_PREDEPLOY_REPORTING

    • -

  • /REPORTING _DB_SQLINSTANCE_USE_DEFAULT

    • -

  • /REPORTING _DB_NAME

    • -

  • /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT

    • -

  • /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT

    • -
-

To use a custom instance of Microsoft SQL Server, use these parameters:

-
    -

  • /DB_PREDEPLOY_REPORTING

    • -

  • /REPORTING _DB_CUSTOM_SQLINSTANCE

    • -

  • /REPORTING _DB_NAME

    • -

  • /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT

    • -

  • /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT

    • -
-

Using a custom instance of Microsoft SQL Server example:

-

/appv_server_setup.exe /QUIET

-

/DB_PREDEPLOY_REPORTING

-

/REPORTING_DB_CUSTOM_SQLINSTANCE=”SqlInstanceName”

-

/REPORTING_DB_NAME=”AppVReporting”

-

/REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT=”Domain\MachineAccount”

-

/REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT=”Domain\InstallAdminAccount”

- -## Parameter Definitions - -### General Parameters - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterInformation

/QUIET

Specifies silent install.

/UNINSTALL

Specifies an uninstall.

/LAYOUT

Specifies layout action. This extracts the MSIs and script files to a folder without actually installing the product. No value is expected.

/LAYOUTDIR

Specifies the layout directory. Takes a string. For example, /LAYOUTDIR=”C:\Application Virtualization Server”

/INSTALLDIR

Specifies the installation directory. Takes a string. E.g. /INSTALLDIR=”C:\Program Files\Application Virtualization\Server”

/MUOPTIN

Enables Microsoft Update. No value is expected

/ACCEPTEULA

Accepts the license agreement. This is required for an unattended installation. Example usage: /ACCEPTEULA or /ACCEPTEULA=1.

- -### Management Server Installation Parameters - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterInformation

/MANAGEMENT_SERVER

Specifies that the management server will be installed. No value is expected

/MANAGEMENT_ADMINACCOUNT

Specifies the account that will be allowed to Administrator access to the management server This account can be an individual user account or a group. Example usage: /MANAGEMENT_ADMINACCOUNT=”mydomain\admin”. If /MANAGEMENT_SERVER is not specified, this will be ignored. Specifies the account that will be allowed to Administrator access to the management server. This can be a user account or a group. For example, /MANAGEMENT_ADMINACCOUNT="mydomain\admin".

/MANAGEMENT_WEBSITE_NAME

Specifies name of the website that will be created for the management service. For example, /MANAGEMENT_WEBSITE_NAME=”Microsoft App-V Management Service”

MANAGEMENT_WEBSITE_PORT

Specifies the port number that will be used by the management service will use. For example, /MANAGEMENT_WEBSITE_PORT=82.

- -### Parameters for the Management Server Database - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterInformation

/DB_PREDEPLOY_MANAGEMENT

Specifies that the management database will be installed. You must have sufficient database permissions to complete this installation. No value is expected

/MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT

Indicates that the default SQL instance should be used. No value is expected.

/MANAGEMENT_DB_ CUSTOM_SQLINSTANCE

Specifies the name of the custom SQL instance that should be used to create a new database. Example usage: /MANAGEMENT_DB_ CUSTOM_SQLINSTANCE=”MYSQLSERVER”. If /DB_PREDEPLOY_MANAGEMENT is not specified, this will be ignored.

/MANAGEMENT_DB_NAME

Specifies the name of the new management database that should be created. Example usage: /MANAGEMENT_DB_NAME=”AppVMgmtDB”. If /DB_PREDEPLOY_MANAGEMENT is not specified, this will be ignored.

/MANAGEMENT_SERVER_MACHINE_USE_LOCAL

Indicates if the management server that will be accessing the database is installed on the local server. Switch parameter so no value is expected.

/MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT

Specifies the machine account of the remote machine that the management server will be installed on. Example usage: /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT=”domain\computername”

/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT

Indicates the Administrator account that will be used to install the management server. Example usage: /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT =”domain\alias”

- -### Parameters for Installing Publishing Server - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterInformation

/PUBLISHING_SERVER

Specifies that the Publishing Server will be installed. No value is expected

/PUBLISHING_MGT_SERVER

Specifies the URL to Management Service the Publishing server will connect to. Example usage: http://<management server name>:<Management server port number>. If /PUBLISHING_SERVER is not used, this parameter will be ignored

/PUBLISHING_WEBSITE_NAME

Specifies name of the website that will be created for the publishing service. For example, /PUBLISHING_WEBSITE_NAME=”Microsoft App-V Publishing Service”

/PUBLISHING_WEBSITE_PORT

Specifies the port number used by the publishing service. For example, /PUBLISHING_WEBSITE_PORT=83

- -### Parameters for Reporting Server - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterInformation

/REPORTING_SERVER

Specifies that the Reporting Server will be installed. No value is expected

/REPORTING_WEBSITE_NAME

Specifies name of the website that will be created for the Reporting Service. E.g. /REPORTING_WEBSITE_NAME="Microsoft App-V ReportingService"

/REPORTING_WEBSITE_PORT

Specifies the port number that the Reporting Service will use. E.g. /REPORTING_WEBSITE_PORT=82

- - - -### Parameters for using an Existing Reporting Server Database - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterInformation

/EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL

Indicates that the Microsoft SQL Server is installed on the local server. Switch parameter so no value is expected.

/EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME

Specifies the name of the remote computer that SQL Server is installed on. Takes a string. E.g. /EXISTING_REPORTING_DB_ REMOTE_SQL_SERVER_NAME="mycomputer1"

/EXISTING_ REPORTING DB_SQLINSTANCE_USE_DEFAULT

Indicates that the default SQL instance is to be used. Switch parameter so no value is expected.

/EXISTING REPORTING_DB_CUSTOM_SQLINSTANCE

Specifies the name of the custom SQL instance that should be used. Takes a string. E.g. /EXISTING_REPORTING_DB_ CUSTOM_SQLINSTANCE="MYSQLSERVER"

/EXISTING_ REPORTING _DB_NAME

Specifies the name of the existing Reporting database that should be used. Takes a string. E.g. /EXISTING_REPORTING_DB_NAME="AppVReporting"

- -### Parameters for installing Reporting Server Database - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterInformation

/DB_PREDEPLOY_REPORTING

Specifies that the Reporting Database will be installed. DBA permissions are required for this installation. No value is expected

/REPORTING_DB_SQLINSTANCE_USE_DEFAULT

Specifies the name of the custom SQL instance that should be used. Takes a string. E.g. /REPORTING_DB_ CUSTOM_SQLINSTANCE="MYSQLSERVER"

/REPORTING_DB_NAME

Specifies the name of the new Reporting database that should be created. Takes a string. E.g. /REPORTING_DB_NAME="AppVMgmtDB"

/REPORTING_SERVER_MACHINE_USE_LOCAL

Indicates that the Reporting server that will be accessing the database is installed on the local server. Switch parameter so no value is expected.

/REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT

Specifies the machine account of the remote machine that the Reporting server will be installed on. Takes a string. E.g. /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT = "domain\computername"

/REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT

Indicates the Administrator account that will be used to install the App-V Reporting Server. Takes a string. E.g. /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT = "domain\alias"

- -### Parameters for using an existing Management Server Database - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterInformation

/EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL

Indicates that the SQL Server is installed on the local server. Switch parameter so no value is expected.If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored.

/EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME

Specifies the name of the remote computer that SQL Server is installed on. Takes a string. E.g. /EXISTING_MANAGEMENT_DB_ REMOTE_SQL_SERVER_NAME="mycomputer1"

/EXISTING_ MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT

Indicates that the default SQL instance is to be used. Switch parameter so no value is expected. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored.

/EXISTING_MANAGEMENT_DB_ CUSTOM_SQLINSTANCE

Specifies the name of the custom SQL instance that will be used. Example usage /EXISTING_MANAGEMENT_DB_ CUSTOM_SQLINSTANCE=”AppVManagement”. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored.

/EXISTING_MANAGEMENT_DB_NAME

Specifies the name of the existing management database that should be used. Example usage: /EXISTING_MANAGEMENT_DB_NAME=”AppVMgmtDB”. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored.

-

-

Got a suggestion for App-V? Add or vote on suggestions here. Got an App-V issue? Use the App-V TechNet Forum.

- - -## Related topics - -[Deploying the App-V 5.0 Server](deploying-the-app-v-50-server.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-51-server-using-a-script.md b/mdop/appv-v5/how-to-deploy-the-app-v-51-server-using-a-script.md deleted file mode 100644 index 5a39bf03ab..0000000000 --- a/mdop/appv-v5/how-to-deploy-the-app-v-51-server-using-a-script.md +++ /dev/null @@ -1,380 +0,0 @@ ---- -title: How to Deploy the App-V 5.1 Server Using a Script -description: How to Deploy the App-V 5.1 Server Using a Script -author: dansimp -ms.assetid: 15c33d7b-9b61-4dbc-8674-399bb33e5f7e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 03/20/2020 ---- - -# How to Deploy the App-V 5.1 Server Using a Script - -In order to complete the **appv\_server\_setup.exe** Server setup successfully using the command line, you must specify and combine multiple parameters. - -## Install the App-V 5.1 server using a script - -- Use the following information about installing the App-V 5.1 server using the command line. - - > [!NOTE] - > The information in the following tables can also be accessed using the command line by typing the following command: **appv\_server\_setup.exe /?**. - -### Install the Management server and Management database on a local machine - -The following parameters are valid with both the default and custom instance of Microsoft SQL Server: - -- /MANAGEMENT_SERVER -- /MANAGEMENT_ADMINACCOUNT -- /MANAGEMENT_WEBSITE_NAME -- /MANAGEMENT_WEBSITE_PORT -- /DB_PREDEPLOY_MANAGEMENT -- /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT -- /MANAGEMENT_DB_NAME - -**Example: Using a custom instance of Microsoft SQL Server** - -```dos -appv_server_setup.exe /QUIET /MANAGEMENT_SERVER /MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup" /MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service" /MANAGEMENT_WEBSITE_PORT="8080" /DB_PREDEPLOY_MANAGEMENT /MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName" /MANAGEMENT_DB_NAME="AppVManagement" -``` - -### Install the Management server using an existing Management database on a local machine - -To use the default instance of Microsoft SQL Server, use the following parameters (difference from custom instance in *italic*): - -- /MANAGEMENT_SERVER -- /MANAGEMENT_ADMINACCOUNT -- /MANAGEMENT_WEBSITE_NAME -- /MANAGEMENT_WEBSITE_PORT -- /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL -- */EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT* -- /EXISTING_MANAGEMENT_DB_NAME - -To use a custom instance of Microsoft SQL Server, use the following parameters (difference from default instance in *italic*): - -- /MANAGEMENT_SERVER -- /MANAGEMENT_ADMINACCOUNT -- /MANAGEMENT_WEBSITE_NAME -- /MANAGEMENT_WEBSITE_PORT -- /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL -- */EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE* -- /EXISTING_MANAGEMENT_DB_NAME - -**Example: Using a custom instance of Microsoft SQL Server** - -```dos -appv_server_setup.exe /QUIET /MANAGEMENT_SERVER /MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup" /MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service" /MANAGEMENT_WEBSITE_PORT="8080" /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE ="SqlInstanceName" /EXISTING_MANAGEMENT_DB_NAME ="AppVManagement" -``` - -### Install the Management server using an existing Management database on a remote machine - -To use the default instance of Microsoft SQL Server, use the following parameters (difference from custom instance in *italic*): - -- /MANAGEMENT_SERVER -- /MANAGEMENT_ADMINACCOUNT -- /MANAGEMENT_WEBSITE_NAME -- /MANAGEMENT_WEBSITE_PORT -- /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME -- */EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT* -- /EXISTING_MANAGEMENT_DB_NAME - -To use a custom instance of Microsoft SQL Server, use these parameters (difference from default instance in *italic*): - -- /MANAGEMENT_SERVER -- /MANAGEMENT_ADMINACCOUNT -- /MANAGEMENT_WEBSITE_NAME -- /MANAGEMENT_WEBSITE_PORT -- /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME -- */EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE* -- /EXISTING_MANAGEMENT_DB_NAME - -**Example: Using a custom instance of Microsoft SQL Server:** - -```dos -appv_server_setup.exe /QUIET /MANAGEMENT_SERVER /MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup" /MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service" /MANAGEMENT_WEBSITE_PORT="8080" /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME="SqlServermachine.domainName" /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE ="SqlInstanceName" /EXISTING_MANAGEMENT_DB_NAME ="AppVManagement" -``` - -### Install the Management database and the Management Server on the same computer - -To use the default instance of Microsoft SQL Server, use the following parameters (difference from custom instance in *italic*): - -- /DB_PREDEPLOY_MANAGEMENT -- */MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT* -- /MANAGEMENT_DB_NAME -- /MANAGEMENT_SERVER_MACHINE_USE_LOCAL -- /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT - -To use a custom instance of Microsoft SQL Server, use these parameters (difference from default instance in *italic*): - -- /DB_PREDEPLOY_MANAGEMENT -- */MANAGEMENT_DB_CUSTOM_SQLINSTANCE* -- /MANAGEMENT_DB_NAME -- /MANAGEMENT_SERVER_MACHINE_USE_LOCAL -- /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT - -**Example: Using a custom instance of Microsoft SQL Server** - -```dos -appv_server_setup.exe /QUIET /DB_PREDEPLOY_MANAGEMENT /MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName" /MANAGEMENT_DB_NAME="AppVManagement" /MANAGEMENT_SERVER_MACHINE_USE_LOCAL /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT="Domain\InstallAdminAccount" -``` - -### Install the Management database on a different computer than the Management server - -To use the default instance of Microsoft SQL Server, use the following parameters (difference from custom instance in *italic*): - -- /DB_PREDEPLOY_MANAGEMENT -- */MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT* -- /MANAGEMENT_DB_NAME -- /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT -- /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT - -To use a custom instance of Microsoft SQL Server, use these parameters (difference from default instance in *italic*): - -- /DB_PREDEPLOY_MANAGEMENT -- */MANAGEMENT_DB_CUSTOM_SQLINSTANCE* -- /MANAGEMENT_DB_NAME -- /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT -- /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT - -**Example: Using a custom instance of Microsoft SQL Server** - -```dos -appv_server_setup.exe /QUIET /DB_PREDEPLOY_MANAGEMENT /MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName" /MANAGEMENT_DB_NAME="AppVManagement" /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT="Domain\MachineAccount" /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT="Domain\InstallAdminAccount" -``` - -### Install the publishing server - -To use the default instance of Microsoft SQL Server, use the following parameters: - -- /PUBLISHING_SERVER -- /PUBLISHING_MGT_SERVER -- /PUBLISHING_WEBSITE_NAME -- /PUBLISHING_WEBSITE_PORT - -**Example: Using a custom instance of Microsoft SQL Server:** - -```dos -appv_server_setup.exe /QUIET /PUBLISHING_SERVER /PUBLISHING_MGT_SERVER="http://ManagementServerName:ManagementPort" /PUBLISHING_WEBSITE_NAME="Microsoft AppV Publishing Service" /PUBLISHING_WEBSITE_PORT="8081" -``` - -### Install the Reporting server and Reporting database on a local machine - -To use the default instance of Microsoft SQL Server, use the following parameters (difference from custom instance in *italic*): - -- /REPORTING _SERVER -- /REPORTING _WEBSITE_NAME -- /REPORTING _WEBSITE_PORT -- /DB_PREDEPLOY_REPORTING -- */REPORTING _DB_SQLINSTANCE_USE_DEFAULT* -- /REPORTING _DB_NAME - -To use a custom instance of Microsoft SQL Server, use these parameters (difference from default instance in *italic*): - -- /REPORTING _SERVER -- */REPORTING _ADMINACCOUNT* -- /REPORTING _WEBSITE_NAME -- /REPORTING _WEBSITE_PORT -- /DB_PREDEPLOY_REPORTING -- */REPORTING _DB_CUSTOM_SQLINSTANCE* -- /REPORTING _DB_NAME - -**Example: Using a custom instance of Microsoft SQL Server:** - -```dos -appv_server_setup.exe /QUIET /REPORTING_SERVER /REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service" /REPORTING_WEBSITE_PORT="8082" /DB_PREDEPLOY_REPORTING /REPORTING_DB_CUSTOM_SQLINSTANCE="SqlInstanceName" /REPORTING_DB_NAME="AppVReporting" -``` - -### Install the Reporting server and using an existing Reporting database on a local machine - -To use the default instance of Microsoft SQL Server, use the following parameters (difference from custom instance in *italic*): - -- /REPORTING _SERVER -- /REPORTING _WEBSITE_NAME -- /REPORTING _WEBSITE_PORT -- /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL -- */EXISTING_REPORTING _DB_SQLINSTANCE_USE_DEFAULT* -- /EXISTING_REPORTING _DB_NAME - -To use a custom instance of Microsoft SQL Server, use these parameters (difference from default instance in *italic*): - -- /REPORTING _SERVER -- */REPORTING _ADMINACCOUNT* -- /REPORTING _WEBSITE_NAME -- /REPORTING _WEBSITE_PORT -- /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL -- */EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE* -- /EXISTING_REPORTING _DB_NAME - -**Example: Using a custom instance of Microsoft SQL Server:** - -```dos -appv_server_setup.exe /QUIET /REPORTING_SERVER /REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service" /REPORTING_WEBSITE_PORT="8082" /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE="SqlInstanceName" /EXITING_REPORTING_DB_NAME="AppVReporting" -``` - -### Install the Reporting server using an existing Reporting database on a remote machine - -To use the default instance of Microsoft SQL Server, use the following parameters (difference from custom instance in *italic*): - -- /REPORTING _SERVER -- /REPORTING _WEBSITE_NAME -- /REPORTING _WEBSITE_PORT -- /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME -- */EXISTING_REPORTING _DB_SQLINSTANCE_USE_DEFAULT* -- /EXISTING_REPORTING _DB_NAME - -To use a custom instance of Microsoft SQL Server, use these parameters (difference from default instance in *italic*): - -- /REPORTING _SERVER -- */REPORTING _ADMINACCOUNT* -- /REPORTING _WEBSITE_NAME -- /REPORTING _WEBSITE_PORT -- /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME -- */EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE* -- /EXISTING_REPORTING _DB_NAME - -**Example: Using a custom instance of Microsoft SQL Server:** - -```dos -appv_server_setup.exe /QUIET /REPORTING_SERVER /REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service" /REPORTING_WEBSITE_PORT="8082" /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME="SqlServerMachine.DomainName" /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE="SqlInstanceName" /EXITING_REPORTING_DB_NAME="AppVReporting" -``` - -### Install the Reporting database on the same computer as the Reporting server - -To use the default instance of Microsoft SQL Server, use the following parameters (difference from custom instance in *italic*): - -- /DB_PREDEPLOY_REPORTING -- */REPORTING _DB_SQLINSTANCE_USE_DEFAULT* -- /REPORTING _DB_NAME -- /REPORTING_SERVER_MACHINE_USE_LOCAL -- /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT - -To use a custom instance of Microsoft SQL Server, use these parameters (difference from default instance in *italic*): - -- /DB_PREDEPLOY_REPORTING -- */REPORTING _DB_CUSTOM_SQLINSTANCE* -- /REPORTING _DB_NAME -- /REPORTING_SERVER_MACHINE_USE_LOCAL -- /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT - -**Example: Using a custom instance of Microsoft SQL Server:** - -```dos -appv_server_setup.exe /QUIET /DB_PREDEPLOY_REPORTING /REPORTING_DB_CUSTOM_SQLINSTANCE="SqlInstanceName" /REPORTING_DB_NAME="AppVReporting" /REPORTING_SERVER_MACHINE_USE_LOCAL /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT="Domain\InstallAdminAccount" -``` - -### Install the Reporting database on a different computer than the Reporting server - -To use the default instance of Microsoft SQL Server, use the following parameters (difference from custom instance in *italic*): - -- /DB_PREDEPLOY_REPORTING -- /REPORTING _DB_SQLINSTANCE_USE_DEFAULT -- /REPORTING _DB_NAME -- /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT -- /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT - -To use a custom instance of Microsoft SQL Server, use these parameters (difference from default instance in *italic*): - -- /DB_PREDEPLOY_REPORTING -- /REPORTING _DB_CUSTOM_SQLINSTANCE -- /REPORTING _DB_NAME -- /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT -- /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT - -**Example: Using a custom instance of Microsoft SQL Server:** - -```dos - appv_server_setup.exe /QUIET /DB_PREDEPLOY_REPORTING /REPORTING_DB_CUSTOM_SQLINSTANCE="SqlInstanceName" /REPORTING_DB_NAME="AppVReporting" /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT="Domain\MachineAccount" /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT="Domain\InstallAdminAccount" -``` - -### Parameter Definitions - -#### General Parameters - -| Parameter | Information | -|--|--| -| /QUIET | Specifies silent install. | -| /UNINSTALL | Specifies an uninstall. | -| /LAYOUT | Specifies layout action. This extracts the MSIs and script files to a folder without actually installing the product. No value is expected. | -| /LAYOUTDIR | Specifies the layout directory. Takes a string. Example usage: **/LAYOUTDIR="C:\\Application Virtualization Server"** | -| /INSTALLDIR | Specifies the installation directory. Takes a string. Example usage: **/INSTALLDIR="C:\\Program Files\\Application Virtualization\\Server"** | -| /MUOPTIN | Enables Microsoft Update. No value is expected. | -| /ACCEPTEULA | Accepts the license agreement. This is required for an unattended installation. Example usage: **/ACCEPTEULA** or **/ACCEPTEULA=1** | - -#### Management Server Installation Parameters - -|Parameter |Information | -|--|--| -| /MANAGEMENT_SERVER | Specifies that the management server will be installed. No value is expected | -| /MANAGEMENT_ADMINACCOUNT | Specifies the account that will be allowed Administrator access to the management server. This can be a user account or a group. Example usage: **/MANAGEMENT_ADMINACCOUNT="mydomain\\admin"**. If **/MANAGEMENT_SERVER** is not specified, this will be ignored. | -| /MANAGEMENT_WEBSITE_NAME | Specifies name of the website that will be created for the management service. Example usage: **/MANAGEMENT_WEBSITE_NAME="Microsoft App-V Management Service"** | -| MANAGEMENT_WEBSITE_PORT | Specifies the port number that will be used by the management service will use. Example usage: **/MANAGEMENT_WEBSITE_PORT=82** | - -#### Parameters for the Management Server Database - -| Parameter | Information | -|--|--| -| /DB_PREDEPLOY_MANAGEMENT | Specifies that the management database will be installed. You must have sufficient database permissions to complete this installation. No value is expected. | -| /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT | Indicates that the default SQL instance should be used. No value is expected. | -| /MANAGEMENT_DB_ CUSTOM_SQLINSTANCE | Specifies the name of the custom SQL instance that should be used to create a new database. Example usage: **/MANAGEMENT_DB_ CUSTOM_SQLINSTANCE="MYSQLSERVER"**. If **/DB_PREDEPLOY_MANAGEMENT** is not specified, this will be ignored. | -| /MANAGEMENT_DB_NAME | Specifies the name of the new management database that should be created. Example usage: **/MANAGEMENT_DB_NAME="AppVMgmtDB"**. If **/DB_PREDEPLOY_MANAGEMENT** is not specified, this will be ignored. | -| /MANAGEMENT_SERVER_MACHINE_USE_LOCAL | Indicates if the management server that will be accessing the database is installed on the local server. Switch parameter so no value is expected. | -| /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT | Specifies the machine account of the remote machine that the management server will be installed on. Example usage: **/MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT="domain\\computername"** | -| /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT | Indicates the Administrator account that will be used to install the management server. Example usage: **/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT ="domain\\alias"** | - -#### Parameters for Installing Publishing Server - -| Parameter | Information | -|--|--| -| /PUBLISHING_SERVER | Specifies that the Publishing Server will be installed. No value is expected. | -| /PUBLISHING_MGT_SERVER | Specifies the URL to Management Service the Publishing server will connect to. Example usage: **http://<management server name>:<Management server port number>**. If **/PUBLISHING_SERVER** is not used, this parameter will be ignored. | -| /PUBLISHING_WEBSITE_NAME | Specifies name of the website that will be created for the publishing service. Example usage: **/PUBLISHING_WEBSITE_NAME="Microsoft App-V Publishing Service"** | -| /PUBLISHING_WEBSITE_PORT | Specifies the port number used by the publishing service. Example usage: **/PUBLISHING_WEBSITE_PORT=83** | - -#### Parameters for Reporting Server - -| Parameter | Information | -|--|--| -| /REPORTING_SERVER | Specifies that the Reporting Server will be installed. No value is expected. | -| /REPORTING_WEBSITE_NAME | Specifies name of the website that will be created for the Reporting Service. Example usage: **/REPORTING_WEBSITE_NAME="Microsoft App-V ReportingService"** | -| /REPORTING_WEBSITE_PORT | Specifies the port number that the Reporting Service will use. Example usage: **/REPORTING_WEBSITE_PORT=82** | - -#### Parameters for using an Existing Reporting Server Database - -| Parameter | Information | -|--|--| -| /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL | Indicates that the Microsoft SQL Server is installed on the local server. Switch parameter so no value is expected. | -| /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME | Specifies the name of the remote computer that SQL Server is installed on. Takes a string. Example usage: **/EXISTING_REPORTING_DB_ REMOTE_SQL_SERVER_NAME="mycomputer1"** | -| /EXISTING_ REPORTING _DB_SQLINSTANCE_USE_DEFAULT | Indicates that the default SQL instance is to be used. Switch parameter so no value is expected. | -| /EXISTING_ REPORTING_DB_CUSTOM_SQLINSTANCE | Specifies the name of the custom SQL instance that should be used. Takes a string. Example usage: **/EXISTING_REPORTING_DB_ CUSTOM_SQLINSTANCE="MYSQLSERVER"** | -| /EXISTING_ REPORTING _DB_NAME | Specifies the name of the existing Reporting database that should be used. Takes a string. Example usage: **/EXISTING_REPORTING_DB_NAME="AppVReporting"** | - -#### Parameters for installing Reporting Server Database - -| Parameter | Information | -|--|--| -| /DB_PREDEPLOY_REPORTING | Specifies that the Reporting Database will be installed. DBA permissions are required for this installation. No value is expected. | -| /REPORTING_DB_SQLINSTANCE_USE_DEFAULT | Specifies the name of the custom SQL instance that should be used. Takes a string. Example usage: **/REPORTING_DB_ CUSTOM_SQLINSTANCE="MYSQLSERVER"** | -| /REPORTING_DB_NAME | Specifies the name of the new Reporting database that should be created. Takes a string. Example usage: **/REPORTING_DB_NAME="AppVMgmtDB"** | -| /REPORTING_SERVER_MACHINE_USE_LOCAL | Indicates that the Reporting server that will be accessing the database is installed on the local server. Switch parameter so no value is expected. | -| /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT | Specifies the machine account of the remote machine that the Reporting server will be installed on. Takes a string. Example usage: **/REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT="domain\computername"** | -| /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT | Indicates the Administrator account that will be used to install the App-V Reporting Server. Takes a string. Example usage: **/REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT="domain\\alias"** | - -#### Parameters for using an existing Management Server Database - -| Parameter | Information | -|--|--| -| /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL | Indicates that the SQL Server is installed on the local server. Switch parameter so no value is expected.If **/DB_PREDEPLOY_MANAGEMENT** is specified, this will be ignored. | -| /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME | Specifies the name of the remote computer that SQL Server is installed on. Takes a string. Example usage: **/EXISTING_MANAGEMENT_DB_ REMOTE_SQL_SERVER_NAME="mycomputer1"** | -| /EXISTING_ MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT | Indicates that the default SQL instance is to be used. Switch parameter so no value is expected. If **/DB_PREDEPLOY_MANAGEMENT** is specified, this will be ignored. | -| /EXISTING_MANAGEMENT_DB_ CUSTOM_SQLINSTANCE | Specifies the name of the custom SQL instance that will be used. Example usage **/EXISTING_MANAGEMENT_DB_ CUSTOM_SQLINSTANCE="AppVManagement"**. If **/DB_PREDEPLOY_MANAGEMENT** is specified, this will be ignored. | -| /EXISTING_MANAGEMENT_DB_NAME | Specifies the name of the existing management database that should be used. Example usage: **/EXISTING_MANAGEMENT_DB_NAME="AppVMgmtDB"**. If **/DB_PREDEPLOY_MANAGEMENT** is specified, this will be ignored. | - -Got an App-V issue? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - -[Deploying the App-V 5.1 Server](deploying-the-app-v-51-server.md) diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-51-server.md b/mdop/appv-v5/how-to-deploy-the-app-v-51-server.md deleted file mode 100644 index 97b1877022..0000000000 --- a/mdop/appv-v5/how-to-deploy-the-app-v-51-server.md +++ /dev/null @@ -1,278 +0,0 @@ ---- -title: How to Deploy the App-V 5.1 Server -description: How to Deploy the App-V 5.1 Server -author: dansimp -ms.assetid: 4729beda-b98f-481b-ae74-ad71c59b1d69 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Deploy the App-V 5.1 Server - - -Use the following procedure to install the Microsoft Application Virtualization (App-V) 5.1 server. For information about deploying the App-V 5.1 Server, see [About App-V 5.1](about-app-v-51.md#bkmk-migrate-to-51). - -**Before you start:** - -- Ensure that you’ve installed prerequisite software. See [App-V 5.1 Prerequisites](app-v-51-prerequisites.md). - -- Review the server section of [App-V 5.1 Security Considerations](app-v-51-security-considerations.md). - -- Specify a port where each component will be hosted. - -- Add firewall rules to allow incoming requests to access the specified ports. - -- If you use SQL scripts, instead of the Windows Installer, to set up the Management database or Reporting database, you must run the SQL scripts before installing the Management Server or Reporting Server. See [How to Deploy the App-V Databases by Using SQL Scripts](how-to-deploy-the-app-v-databases-by-using-sql-scripts51.md). - -**To install the App-V 5.1 server** - -1. Copy the App-V 5.1 server installation files to the computer on which you want to install it. - -2. Start the App-V 5.1 server installation by right-clicking and running **appv\_server\_setup.exe** as an administrator, and then click **Install**. - -3. Review and accept the license terms, and choose whether to enable Microsoft updates. - -4. On the **Feature Selection** page, select all of the following components. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ComponentDescription

Management server

Provides overall management functionality for the App-V infrastructure.

Management database

Facilitates database predeployments for App-V management.

Publishing server

Provides hosting and streaming functionality for virtual applications.

Reporting server

Provides App-V 5.1 reporting services.

Reporting database

Facilitates database predeployments for App-V reporting.

- - - -5. On the **Installation Location** page, accept the default location where the selected components will be installed, or change the location by typing a new path on the **Installation Location** line. - -6. On the initial **Create New Management Database** page, configure the **Microsoft SQL Server instance** and **Management Server database** by selecting the appropriate option below. - - - - - - - - - - - - - - - - - - - - - - -
MethodWhat you need to do

You are using a custom Microsoft SQL Server instance.

Select Use the custom instance, and type the name of the instance.

-

Use the format INSTANCENAME. The assumed installation location is the local computer.

-

Not supported: A server name using the format ServerName<strong>INSTANCE.

You are using a custom database name.

Select Custom configuration and type the database name.

-

The database name must be unique, or the installation will fail.

- - - -7. On the **Configure** page, accept the default value **Use this local computer**. - - **Note** - If you are installing the Management server and Management database side by side, some options on this page are not available. In this case, the appropriate options are selected by default and cannot be changed. - - - -8. On the initial **Create New Reporting Database** page, configure the **Microsoft SQL Server instance** and **Reporting Server database** by selecting the appropriate option below. - - - - - - - - - - - - - - - - - - - - - - -
MethodWhat you need to do

You are using a custom Microsoft SQL Server instance.

Select Use the custom instance, and type the name of the instance.

-

Use the format INSTANCENAME. The assumed installation location is the local computer.

-

Not supported: A server name using the format ServerName<strong>INSTANCE.

You are using a custom database name.

Select Custom configuration and type the database name.

-

The database name must be unique, or the installation will fail.

- - - -9. On the **Configure** page, accept the default value: **Use this local computer**. - - **Note** - If you are installing the Management server and Management database side by side, some options on this page are not available. In this case, the appropriate options are selected by default and cannot be changed. - - - -10. On the **Configure** (Management Server Configuration) page, specify the following: - - - - - - - - - - - - - - - - - - - - - - - - - - -
Item to configureDescription and examples

Type the AD group with sufficient permissions to manage the App-V environment.

Example: MyDomain\MyUser

-

After installation, you can add additional users or groups by using the Management console. However, global security groups and Active Directory Domain Services (AD DS) distribution groups are not supported. You must use Domain local or Universal groups are required to perform this action.

Website name: Specify the custom name that will be used to run the publishing service.

If you do not have a custom name, do not make any changes.

Port binding: Specify a unique port number that will be used by App-V.

Example: 12345

-

Ensure that the port specified is not being used by another website.

- - - -11. On the **Configure** **Publishing Server Configuration** page, specify the following: - - - - - - - - - - - - - - - - - - - - - - - - - - -
Item to configureDescription and examples

Specify the URL for the management service.

Example: http://localhost:12345

Website name: Specify the custom name that will be used to run the publishing service.

If you do not have a custom name, do not make any changes.

Port binding: Specify a unique port number that will be used by App-V.

Example: 54321

-

Ensure that the port specified is not being used by another website.

- - - -12. On the **Reporting Server** page, specify the following: - - - - - - - - - - - - - - - - - - - - - - -
Item to configureDescription and examples

Website name: Specify the custom name that will be used to run the Reporting Service.

If you do not have a custom name, do not make any changes.

Port binding: Specify a unique port number that will be used by App-V.

Example: 55555

-

Ensure that the port specified is not being used by another website.

- - - -13. To start the installation, click **Install** on the **Ready** page, and then click **Close** on the **Finished** page. - -14. To verify that the setup completed successfully, open a web browser, and type the following URL: - - **http://<Management server machine name>:<Management service port number>/Console.html**. - - Example: **http://localhost:12345/console.html**. If the installation succeeded, the App-V Management console is displayed with no errors. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Deploying App-V 5.1](deploying-app-v-51.md) - -[How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services51.md) - -[How to Install the Publishing Server on a Remote Computer](how-to-install-the-publishing-server-on-a-remote-computer51.md) - -[How to Deploy the App-V 5.1 Server Using a Script](how-to-deploy-the-app-v-51-server-using-a-script.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-client-51gb18030.md b/mdop/appv-v5/how-to-deploy-the-app-v-client-51gb18030.md deleted file mode 100644 index f89ee280f9..0000000000 --- a/mdop/appv-v5/how-to-deploy-the-app-v-client-51gb18030.md +++ /dev/null @@ -1,374 +0,0 @@ ---- -title: How to Deploy the App-V Client -description: How to Deploy the App-V Client -author: dansimp -ms.assetid: 981f57c9-56c3-45da-8261-0972bfad3e5b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 11/01/2016 ---- - - -# How to Deploy the App-V Client - - -Use the following procedure to install the Microsoft Application Virtualization (App-V) 5.1 client and Remote Desktop Services client. You must install the version of the client that matches the operating system of the target computer. - -**What to do before you start** - -1. Review and install the software prerequisites: - - Install the prerequisite software that corresponds to the version of App-V that you are installing: - - - [About App-V 5.1](about-app-v-51.md) - - - [App-V 5.1 Prerequisites](app-v-51-prerequisites.md) - -2. Review the client coexistence and unsupported scenarios, as applicable to your installation: - - - - - - - - - - - - - - - - -

Deploying coexisting App-V clients

Planning for the App-V 5.1 Sequencer and Client Deployment

Unsupported or limited installation scenarios

See the client section in App-V 5.1 Supported Configurations

- - - -3. Review the locations for client registry, log, and troubleshooting information: - - ---- - - - - - - - - - - - - - - -

Client registry information

    -

  • By default, after you install the App-V 5.1 client, the client information is stored in the registry in the following registry key:

    -

    HKEY_LOCAL_MACHINE \ SOFTWARE \ MICROSOFT \ APPV \ CLIENT

    • -

  • When you deploy a virtualized package to a computer that is running the App-V client, the associated package data is stored in the following location:

    -

    C: \ ProgramData \ App-V

    -

    However, you can reconfigure this location with the following registry key:

    -

    HKEY_LOCAL_MACHINE \ SOFTWARE \ MICROSOFT \ SOFTWARE \ MICROSOFT \ APPV \ CLIENT \ STREAMING \ PACKAGEINSTALLATIONROOT

    • -

Client log files

    -

  • For log file information that is associated with the App-V 5.1 Client, search in the following log:

    -

    Event logs / Applications and Services Logs / Microsoft / AppV

    • -

  • In App-V 5.0 SP3, some logs were consolidated and moved to the following location:

    -

    Event logs/Applications and Services Logs/Microsoft/AppV/ServiceLog

    -

    For a list of the moved logs, see About App-V 5.0 SP3.

    • -

  • Packages that are currently stored on computers that run the App-V 5.1 Client are saved to the following location:

    -

    C:\ProgramData\App-V&lt;package id>&lt;version id>

    • -

Client installation troubleshooting information

See the error log in the %temp% folder. To review the log files, click Start, type %temp%, and then look for the appv_ log.

- - - -**To install the App-V 5.1 Client** - -1. Copy the App-V 5.1 client installation file to the computer on which it will be installed. Choose from the following client types: - - - - - - - - - - - - - - - - - - - - - - -
Client typeFile to use

Standard version of the client

appv_client_setup.exe

Remote Desktop Services version of the client

appv_client_setup_rds.exe

- - - -2. Double-click the installation file, and click **Install**. Before the installation begins, the installer checks the computer for any missing [App-V 5.1 Prerequisites](app-v-51-prerequisites.md). - -3. Review and accept the Software License Terms, choose whether to use Microsoft Update and whether to participate in the Microsoft Customer Experience Improvement Program, and click **Install**. - -4. On the **Setup completed successfully** page, click **Close**. - - The installation creates the following entries for the App-V client in **Programs**: - - - **.exe** - - - **.msi** - - - **language pack** - - **Note** - After the installation, only the .exe file can be uninstalled. - - - -**To install the App-V 5.1 client using a script** - -1. Install all of the required prerequisite software on the target computers. See [What to do before you start](#bkmk-clt-install-prereqs). If you install the client by using an .msi file, the installation will fail if any prerequisites are missing. - -2. To use a script to install the App-V 5.1 client, use the following parameters with **appv\_client\_setup.exe**. - - **Note** - The client Windows Installer (.msi) supports the same set of switches, except for the **/LOG** parameter. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

/INSTALLDIR

Specifies the installation directory. Example usage: /INSTALLDIR=C:\Program Files\AppV Client

/CEIPOPTIN

Enables participation in the Customer Experience Improvement Program. Example usage: /CEIPOPTIN=[0|1]

/MUOPTIN

Enables Microsoft Update. Example usage: /MUOPTIN=[0|1]

/PACKAGEINSTALLATIONROOT

Specifies the directory in which to install all new applications and updates. Example usage: /PACKAGEINSTALLATIONROOT='C:\App-V Packages'

/PACKAGESOURCEROOT

Overrides the source location for downloading package content. Example usage: /PACKAGESOURCEROOT='http://packageStore'

/AUTOLOAD

Specifies how new packages will be loaded by App-V 5.1 on a specific computer. The following options are enabled: [1]; automatically load all packages [2]; or automatically load no packages [0].Example usage: /AUTOLOAD=[0|1|2]

/SHAREDCONTENTSTOREMODE

Specifies that streamed package contents will be not be saved to the local hard disk. Example usage: /SHAREDCONTENTSTOREMODE=[0|1]

/MIGRATIONMODE

Allows the App-V 5.1 client to modify the shortcuts and FTAs that are associated with the packages that are created with a previous version. Example usage: /MIGRATIONMODE=[0|1]

/ENABLEPACKAGESCRIPTS

Enables the scripts that are defined in the package manifest file or configuration files that should run. Example usage: /ENABLEPACKAGESCRIPTS=[0|1]

/ROAMINGREGISTRYEXCLUSIONS

Specifies the registry paths that will not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\classes;software\clients

/ROAMINGFILEEXCLUSIONS

Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /ROAMINGFILEEXCLUSIONS 'desktop;my pictures'

/S[1-5]PUBLISHINGSERVERNAME

Displays the name of the publishing server. Example usage: /S2PUBLISHINGSERVERNAME=MyPublishingServer

/S[1-5]PUBLISHINGSERVERURL

Displays the URL of the publishing server. Example usage: /S2PUBLISHINGSERVERURL=\pubserver

/S[1-5]GLOBALREFRESHENABLED -

Enables a global publishing refresh. Example usage: /S2GLOBALREFRESHENABLED=[0|1]

/S[1-5]GLOBALREFRESHONLOGON

Initiates a global publishing refresh when a user logs on. Example usage: /S2LOGONREFRESH=[0|1]

/S[1-5]GLOBALREFRESHINTERVAL -

Specifies the publishing refresh interval, where 0 indicates do not periodically refresh. Example usage: /S2PERIODICREFRESHINTERVAL=[0-744]

/S[1-5]GLOBALREFRESHINTERVALUNIT

Specifies the interval unit (Hours[0], Days[1]). Example usage: /S2GLOBALREFRESHINTERVALUNIT=[0|1]

/S[1-5]USERREFRESHENABLED

Enables user publishing refresh. Example usage: /S2USERREFRESHENABLED=[0|1]

/S[1-5]USERREFRESHONLOGON

Initiates a user publishing refresh when a user logs on. Example usage: /S2LOGONREFRESH=[0|1]

/S[1-5]USERREFRESHINTERVAL -

Specifies the publishing refresh interval, where 0 indicates do not periodically refresh. Example usage: /S2PERIODICREFRESHINTERVAL=[0-744]

/S[1-5]USERREFRESHINTERVALUNIT

Specifies the interval unit (Hours[0], Days[1]). Example usage: /S2USERREFRESHINTERVALUNIT=[0|1]

/Log

Specifies a location where the log information is saved. The default location is %Temp%. Example usage: /log C:\logs\log.log

/q

Specifies an unattended installation.

/REPAIR

Repairs a previous client installation.

/NORESTART

Prevents the computer from rebooting after the client installation.

-

The parameter prevents the end-user computer from rebooting after each update is installed and lets you schedule the reboot at your convenience. For example, you can install App-V 5.1 and then install Hotfix Package Y without rebooting after the Service Pack installation. After the installation, you must reboot before you start using App-V.

/UNINSTALL

Uninstalls the client.

/ACCEPTEULA

Accepts the license agreement. This is required for an unattended installation. Example usage: /ACCEPTEULA or /ACCEPTEULA=1.

/LAYOUT

Specifies the associated layout action. It also extracts the Windows Installer (.msi) and script files to a folder without installing App-V 5.1. No value is expected.

/LAYOUTDIR

Specifies the layout directory. Requires a string value. Example usage: /LAYOUTDIR=”C:\Application Virtualization Client”.

/?, /h, /help

Requests help about the previous installation parameters.

- - - -**To install the App-V 5.1 client by using the Windows Installer (.msi) file** - -1. Install the required prerequisites on the target computers. See [What to do before you start](#bkmk-clt-install-prereqs). If any prerequisites are not met, the installation will fail. - -2. Ensure that the target computers do not have any pending restarts before you install the client using the App-V 5.1 Windows Installer (.msi) files. The Windows Installer files do not flag a pending restart. - -3. Deploy one of the following Windows Installer files to the target computer. The file that you specify must match the configuration of the target computer. - - - - - - - - - - - - - - - - - - - - - - - - - - -
Type of deploymentDeploy this file

Computer is running a 32-bit Microsoft Windows operating system

appv_client_MSI_x86.msi

Computer is running a 64-bit Microsoft Windows operating system

appv_client_MSI_x64.msi

You are deploying the App-V 5.1 Remote Desktop Services client

appv_client_rds_MSI_x64.msi

- - - -4. Using the information in the following table, select the appropriate language pack **.msi** to install, based on the desired language for the target computer. The **xxxx** in the table refers to the target locale of the language pack. - - **What to know before you start:** - - - The language packs are common to both the standard App-V 5.1 client and the Remote Desktop Services version of the App-V 5.1 client. - - - If you install the App-V 5.1 client using the **.exe**, the installer will deploy only the language pack that matches the operating system running on the target computer. - - - To deploy additional language packs on a target computer, use the procedure **To install the App-V 5.1 client by using Windows Installer (.msi) file**. - - - - - - - - - - - - - - - - - - - - - - -
Type of deploymentDeploy this file

Computer is running a 32-bit Microsoft Windows operating system

appv_client_LP_xxxx_ x86.msi

Computer is running a 64-bit Microsoft Windows operating system

appv_client_LP_xxxx_ x64.msi

- - - -~~~ -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). -~~~ - -## Related topics - - -[Deploying App-V 5.1](deploying-app-v-51.md) - -[About Client Configuration Settings](about-client-configuration-settings51.md) - -[How to Uninstall the App-V 5.1 Client](how-to-uninstall-the-app-v-51-client.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-client-gb18030.md b/mdop/appv-v5/how-to-deploy-the-app-v-client-gb18030.md deleted file mode 100644 index 3197e02c38..0000000000 --- a/mdop/appv-v5/how-to-deploy-the-app-v-client-gb18030.md +++ /dev/null @@ -1,173 +0,0 @@ ---- -title: How to Deploy the App-V Client -description: How to Deploy the App-V Client -ms.author: dansimp -author: dansimp -ms.assetid: 9c4e67ae-ddaf-4e23-8c16-72d029a74a27 -ms.reviewer: -manager: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 11/05/2018 ---- - - -# How to Deploy the App-V Client - - -Use the following procedure to install the Microsoft Application Virtualization (App-V) 5.0 client and Remote Desktop Services client. You must install the version of the client that matches the operating system of the target computer. - -**What to do before you start** - -1. Review and install the software prerequisites: - - Install the prerequisite software that corresponds to the version of App-V that you are installing: - - - [About App-V 5.0 SP3](about-app-v-50-sp3.md) - - - App-V 5.0 SP1 and App-V 5.0 SP2 – no new prerequisites in these versions - - - [App-V 5.0 Prerequisites](app-v-50-prerequisites.md) - -2. Review the client coexistence and unsupported scenarios, as applicable to your installation: - - - | | | - |-----------------------------------------------|----------------------------------------------------------------------------------------------------------------------------| - | Deploying coexisting App-V clients | [Planning for the App-V 5.0 Sequencer and Client Deployment](planning-for-the-app-v-50-sequencer-and-client-deployment.md) | - | Unsupported or limited installation scenarios | [App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md) | - - --- - -3. Review the locations for client registry, log, and troubleshooting information: - -#### Client registry information -
  • By default, after you install the App-V 5.0 client, the client information is stored in the registry in the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\APPV\CLIENT

  • When you deploy a virtualized package to a computer that is running the App-V client, the associated package data is stored in the following location:

    C:\ProgramData\App-V

    However, you can reconfigure this location with the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\SOFTWARE\MICROSOFT\APPV\CLIENT\STREAMING\PACKAGEINSTALLATIONROOT

- -#### Client log files -
  • For log file information that is associated with the App-V 5.0 Client, search in the following log:

    Event logs/Applications and Services Logs/Microsoft/AppV

  • In App-V 5.0 SP3, some logs have been consolidated and moved to the following location:

    Event logs/Applications and Services Logs/Microsoft/AppV/ServiceLog

    For a list of the moved logs, see [About App-V 5.0 SP3](about-app-v-50-sp3.md#bkmk-event-logs-moved).

  • Packages that are currently stored on computers that run the App-V 5.0 Client are saved to the following location:

    C:\ProgramData\App-V\<package id>\<version id>

- -#### Client installation troubleshooting information -- See the error log in the **%temp%** folder. -- To review the log files, click **Start**, type **%temp%**, and then look for the **appv_ log**. - -## To install the App-V 5.0 Client - -1. Copy the App-V 5.0 client installation file to the computer on which it will be installed.

Choose from the following client types: - - - | Client type | File to use | - |-----------------------------------------------|-------------------------------| - | Standard version of the client | **appv_client_setup.exe** | - | Remote Desktop Services version of the client | **appv_client_setup_rds.exe** | - - --- - -2. Double-click the installation file, and click **Install**. Before the installation begins, the installer checks the computer for any missing [App-V 5.0 Prerequisites](app-v-50-prerequisites.md). - -3. Review and accept the Software License Terms, choose whether to use Microsoft Update and whether to participate in the Microsoft Customer Experience Improvement Program, and click **Install**. - -4. On the **Setup completed successfully** page, click **Close**. - - The installation creates the following entries for the App-V client in **Programs**: - - - **.exe** - - - **.msi** - - - **language pack** - - >[!NOTE] - >After the installation, only the .exe file can be uninstalled. - - -## To install the App-V 5.0 client using a script - -1. Install all of the required prerequisite software on the target computers. See [What to do before you start](#bkmk-clt-install-prereqs). If you install the client by using an .msi file, the installation will fail if any prerequisites are missing. - -2. To use a script to install the App-V 5.0 client, use the following parameters with **appv\_client\_setup.exe**. - - >[!NOTE] - >The client Windows Installer (.msi) supports the same set of switches, except for the **/LOG** parameter. - - | | | - |----------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| - | /INSTALLDIR | Specifies the installation directory. Example usage:

**/INSTALLDIR=C:\Program Files\AppV Client** | - | /CEIPOPTIN | Enables participation in the Customer Experience Improvement Program. Example usage:

**/CEIPOPTIN=[0\|1\]** | - | /MUOPTIN | Enables Microsoft Update. Example usage:

**/MUOPTIN=[0\|1\]** | - | /PACKAGEINSTALLATIONROOT | Specifies the directory in which to install all new applications and updates. Example usage:

**/PACKAGEINSTALLATIONROOT='C:\App-V Packages'** | - | /PACKAGESOURCEROOT | Overrides the source location for downloading package content. Example usage:

**/PACKAGESOURCEROOT=''** | - | /AUTOLOAD | Specifies how new packages will be loaded by App-V 5.0 on a specific computer. The following options are enabled: [1]; automatically load all packages [2]; or automatically load no packages [0]. Example usage:

**/AUTOLOAD=[0\|1\|2\]** | - | /SHAREDCONTENTSTOREMODE | Specifies that streamed package contents will be not be saved to the local hard disk. Example usage:

**/SHAREDCONTENTSTOREMODE=[0\|1\]** | - | /MIGRATIONMODE | Allows the App-V 5.0 client to modify the shortcuts and FTAs that are associated with the packages that are created with a previous version. Example usage:

**/MIGRATIONMODE=[0\|1\]** | - | /ENABLEPACKAGESCRIPTS | Enables the scripts that are defined in the package manifest file or configuration files that should run. Example usage:

**/ENABLEPACKAGESCRIPTS=[0\|1\]** | - | /ROAMINGREGISTRYEXCLUSIONS | Specifies the registry paths that will not roam with a user profile. Example usage:

**/ROAMINGREGISTRYEXCLUSIONS=software\classes;software\clients** | - | /ROAMINGFILEEXCLUSIONS | Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage:

**/ROAMINGFILEEXCLUSIONS 'desktop;my pictures'** | - | /S[1-5]PUBLISHINGSERVERNAME | Displays the name of the publishing server. Example usage:

**/S2PUBLISHINGSERVERNAME=MyPublishingServer** | - | /S[1-5]PUBLISHINGSERVERURL | Displays the URL of the publishing server. Example usage:

**/S2PUBLISHINGSERVERURL=\\pubserver** | - | /S[1-5]GLOBALREFRESHENABLED | Enables a global publishing refresh. Example usage:

**/S2GLOBALREFRESHENABLED=[0\|1\]** | - | /S[1-5]GLOBALREFRESHONLOGON | Initiates a global publishing refresh when a user logs on. Example usage:

**/S2LOGONREFRESH=[0\|1\]** | - | /S[1-5]GLOBALREFRESHINTERVAL | Specifies the publishing refresh interval, where **0** indicates do not periodically refresh. Example usage: **/S2PERIODICREFRESHINTERVAL=[0-744]** | - | /S[1-5]GLOBALREFRESHINTERVALUNIT | Specifies the interval unit (Hours[0], Days[1]). Example usage:

**/S2GLOBALREFRESHINTERVALUNIT=[0\|1\]** | - | /S[1-5]USERREFRESHENABLED | Enables user publishing refresh. Example usage: **/S2USERREFRESHENABLED=[0\|1\]** | - | /S[1-5]USERREFRESHONLOGON | Initiates a user publishing refresh when a user logs on. Example usage:

**/S2LOGONREFRESH=[0\|1\]** | - | /S[1-5]USERREFRESHINTERVAL | Specifies the publishing refresh interval, where **0** indicates do not periodically refresh. Example usage: **/S2PERIODICREFRESHINTERVAL=[0-744]** | - | /S[1-5]USERREFRESHINTERVALUNIT | Specifies the interval unit (Hours[0], Days[1]). Example usage:

**/S2USERREFRESHINTERVALUNIT=[0\|1\]** | - | /Log | Specifies a location where the log information is saved. The default location is %Temp%. Example usage:

**/log C:\logs\log.log** | - | /q | Specifies an unattended installation. | - | /REPAIR | Repairs a previous client installation. | - | /NORESTART | Prevents the computer from rebooting after the client installation.

The parameter prevents the end-user computer from rebooting after each update is installed and lets you schedule the reboot at your convenience. For example, you can install App-V 5.0 SPX and then install Hotfix Package Y without rebooting after the Service Pack installation. After the installation, you must reboot before you start using App-V. | - | /UNINSTALL | Uninstalls the client. | - | /ACCEPTEULA | Accepts the license agreement. This is required for an unattended installation. Example usage:

**/ACCEPTEULA** or **/ACCEPTEULA=1** | - | /LAYOUT | Specifies the associated layout action. It also extracts the Windows Installer (.msi) and script files to a folder without installing App-V 5.0. No value is expected. | - | /LAYOUTDIR | Specifies the layout directory. Requires a string value. Example usage:

**/LAYOUTDIR=”C:\Application Virtualization Client”** | - | /?, /h, /help | Requests help about the previous installation parameters. | - - --- - -## To install the App-V 5.0 client by using the Windows Installer (.msi) file - -1. Install the required prerequisites on the target computers. See [What to do before you start](#bkmk-clt-install-prereqs). If any prerequisites are not met, the installation will fail. - -2. Ensure that the target computers do not have any pending restarts before you install the client using the App-V 5.0 Windows Installer (.msi) files. The Windows Installer files do not flag a pending restart. - -3. Deploy one of the following Windows Installer files to the target computer. The file that you specify must match the configuration of the target computer. - - - | Type of deployment | Deploy this file | - |-----------------------------------------------------------------|-----------------------------| - | Computer is running a 32-bit Microsoft Windows operating system | appv_client_MSI_x86.msi | - | Computer is running a 64-bit Microsoft Windows operating system | appv_client_MSI_x64.msi | - | You are deploying the App-V 5.0 Remote Desktop Services client | appv_client_rds_MSI_x64.msi | - - --- - -4. Using the information in the following table, select the appropriate language pack **.msi** to install, based on the desired language for the target computer. The **xxxx** in the table refers to the target locale of the language pack. - - **What to know before you start:** - - - The language packs are common to both the standard App-V 5.0 client and the Remote Desktop Services version of the App-V 5.0 client. - - - If you install the App-V 5.0 client using the **.exe**, the installer will deploy only the language pack that matches the operating system running on the target computer. - - - To deploy additional language packs on a target computer, use the procedure **To install the App-V 5.0 client by using Windows Installer (.msi) file**. - - | Type of deployment | Deploy this file | - |-----------------------------------------------------------------|------------------------------| - | Computer is running a 32-bit Microsoft Windows operating system | appv_client_LP_xxxx_ x86.msi | - | Computer is running a 64-bit Microsoft Windows operating system | appv_client_LP_xxxx_ x64.msi | - - --- - - **Got a suggestion for App-V**? Add or vote on [suggestions](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).

**Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Deploying App-V 5.0](deploying-app-v-50.md) - -[About Client Configuration Settings](about-client-configuration-settings.md) - -[How to Uninstall the App-V 5.0 Client](how-to-uninstall-the-app-v-50-client.md) diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-databases-by-using-sql-scripts.md b/mdop/appv-v5/how-to-deploy-the-app-v-databases-by-using-sql-scripts.md deleted file mode 100644 index 0427b800e1..0000000000 --- a/mdop/appv-v5/how-to-deploy-the-app-v-databases-by-using-sql-scripts.md +++ /dev/null @@ -1,87 +0,0 @@ ---- -title: How to Deploy the App-V Databases by Using SQL Scripts -description: How to Deploy the App-V Databases by Using SQL Scripts -author: dansimp -ms.assetid: 23637936-475f-4ca5-adde-76bb27d2372b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Deploy the App-V Databases by Using SQL Scripts - - -Use the following instructions to use SQL scripts, rather than the Windows Installer, to: - -- Install the App-V 5.0 databases - -- Upgrade the 5.0 databases to a later version - -**How to install the App-V databases by using SQL scripts** - -1. Before you install the database scripts, review and keep a copy of the App-V license terms. By running the database scripts, you are agreeing to the license terms. If you do not accept them, you should not use this software. - -2. Copy the **appv\_server\_setup.exe** from the App-V release media to a temporary location. - -3. From a command prompt, run **appv\_server\_setup.exe** and specify a temporary location for extracting the database scripts. - - Example: appv\_server\_setup.exe /layout c:\\<temporary location path> - -4. Browse to the temporary location that you created, open the extracted **DatabaseScripts** folder, and review the appropriate Readme.txt file for instructions: - - - - - - - - - - - - - - - - - - - - - - -
DatabaseLocation of Readme.txt file to use

Management database

ManagementDatabase subfolder

-
- Important

If you are upgrading to or installing the App-V 5.0 SP3 Management database, see SQL scripts to install or upgrade the App-V 5.0 SP3 Management Server database fail.

-
-
- -

Reporting database

ReportingDatabase subfolder

- - - -~~~ -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). -~~~ - -## Related topics - - -[Deploying the App-V 5.0 Server](deploying-the-app-v-50-server.md) - -[How to Deploy the App-V 5.0 Server](how-to-deploy-the-app-v-50-server-50sp3.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-databases-by-using-sql-scripts51.md b/mdop/appv-v5/how-to-deploy-the-app-v-databases-by-using-sql-scripts51.md deleted file mode 100644 index 521bf090aa..0000000000 --- a/mdop/appv-v5/how-to-deploy-the-app-v-databases-by-using-sql-scripts51.md +++ /dev/null @@ -1,198 +0,0 @@ ---- -title: How to Deploy the App-V Databases by Using SQL Scripts -description: How to Deploy the App-V Databases by Using SQL Scripts -author: dansimp -ms.assetid: 1183b1bc-d4d7-4914-a049-06e82bf2d96d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - -# How to Deploy the App-V Databases by Using SQL Scripts - -Use the following instructions to use SQL scripts, rather than the Windows Installer, to: - -- Install the App-V 5.1 databases -- Upgrade the App-V databases to a later version - -> [!NOTE] -> If you have already deployed the App-V 5.0 SP3 database, the SQL scripts are not required to upgrade to App-V 5.1. - -## How to install the App-V databases by using SQL scripts - -1. Before you install the database scripts, review and keep a copy of the App-V license terms. By running the database scripts, you are agreeing to the license terms. If you do not accept them, you should not use this software. -1. Copy the **appv\_server\_setup.exe** from the App-V release media to a temporary location. -1. From a command prompt, run **appv\_server\_setup.exe** and specify a temporary location for extracting the database scripts. - - Example: appv\_server\_setup.exe /layout c:\\<_temporary location path_> - -1. Browse to the temporary location that you created, open the extracted **DatabaseScripts** folder, and review the appropriate Readme.txt file for instructions: - - | Database | Location of Readme.txt file to use | - |--|--| - | Management database | ManagementDatabase subfolder | - | Reporting database | ReportingDatabase subfolder | - -> [!CAUTION] -> The readme.txt file in the ManagementDatabase subfolder is out of date. The information in the updated readme files below is the most current and should supersede the readme information provided in the **DatabaseScripts** folders. - -> [!IMPORTANT] -> The InsertVersionInfo.sql script is not required for versions of the App-V management database later than App-V 5.0 SP3. - -The Permissions.sql script should be updated according to **Step 2** in [KB article 3031340](https://support.microsoft.com/kb/3031340). **Step 1** is not required for versions of App-V later than App-V 5.0 SP3. - -## Updated management database README file content - -```plaintext -****************************************************************** -Before you install and use the Application Virtualization Database Scripts you must: -1.Review the Microsoft Application Virtualization Server 5.0 license terms. -2.Print and retain a copy of the license terms for your records. -By running the Microsoft Application Virtualization Database Scripts you agree to such license terms. If you do not accept them, do not use the software. -****************************************************************** - - -Steps to install "AppVManagement" schema in SQL SERVER. - - -## PREREQUISITES: - - 1. Review the installation package. The following files MUST exist: - - SQL files - --------- - Database.sql - CreateTables.sql - CreateStoredProcs.sql - UpdateTables.sql - Permissions.sql - - 2. Ensure the target SQL Server instance and SQL Server Agent service are running. - - 3. If you are not running the scripts directly on the server, ensure the - necessary SQL Server client software is installed and available from - the specified location. Specifically, the "osql" command must -## be supported for these scripts to run. - - - -## PREPARATION: - - 1. Review the database.sql file and modify as necessary. Although the - defaults are likely sufficient, it is suggested that the following - settings be reviewed: - - DATABASE - ensure name is satisfactory - default is "AppVManagement". - - 2. Review the Permissions.sql file and provide all the necessary account information - for setting up read and write access on the database. Note: Default settings -## in the file will not work. - - - -## INSTALLATION: - - 1. Run the database.sql against the "master" database. Your user - credential must have the ability to create databases. - This script will create the database. - - 2. Run the following scripts against the "AppVManagement" database using the - same account as above in order. - - CreateTables.sql - CreateStoredProcs.sql - UpdateTables.sql -## Permissions.sql - -``` - -## Updated reporting database README file content - -```plaintext -****************************************************************** -Before you install and use the Application Virtualization Database Scripts you must: -1.Review the Microsoft Application Virtualization Server 5.0 license terms. -2.Print and retain a copy of the license terms for your records. -By running the Microsoft Application Virtualization Database Scripts you agree to such license terms. If you do not accept them, do not use the software. -****************************************************************** - -Steps to install "AppVReporting" schema in SQL SERVER. - - -## PREREQUISITES: - - 1. Review the installation package. The following files MUST exist: - - SQL files - --------- - Database.sql - UpgradeDatabase.sql - CreateTables.sql - CreateReportingStoredProcs.sql - CreateStoredProcs.sql - CreateViews.sql - InsertVersionInfo.sql - Permissions.sql - ScheduleReportingJob.sql - - 2. Ensure the target SQL Server instance and SQL Server Agent service are running. - - 3. If you are not running the scripts directly on the server, ensure the - necessary SQL Server client software is installed and executable from - the location you have chosen. Specifically, the "osql" command must -## be supported for these scripts to run. - - - -## PREPARATION: - - 1. Review the database.sql file and modify as necessary. Although the - defaults are likely sufficient, it is suggested that the following - settings be reviewed: - - DATABASE - ensure name is satisfactory - default is "AppVReporting". - - 2. Review the Permissions.sql file and provide all the necessary account information - for setting up read and write access on the database. Note: Default settings - in the file will not work. - - 3. Review the ScheduleReportingJob.sql file and make sure that the stored proc schedule - time is acceptable. The default stored proc schedule time is at 12.01 AM (line 84). - If this time is not suitable, you can change this to a more suitable time. The time is -## in the format HHMMSS. - - - -## INSTALLATION: - - 1. Run the database.sql against the "master" database. Your user - credential must have the ability to create databases. - This script will create the database. - - 2. If upgrading the database, run UpgradeDatabase.sql This will upgrade database schema. - - 2. Run the following scripts against the "AppVReporting" database using the - same account as above in order. - - CreateTables.sql - CreateReportingStoredProcs.sql - CreateStoredProcs.sql - CreateViews.sql - InsertVersionInfo.sql - Permissions.sql -## ScheduleReportingJob.sql - -``` - -**Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - -[Deploying the App-V 5.1 Server](deploying-the-app-v-51-server.md) - -[How to Deploy the App-V 5.1 Server](how-to-deploy-the-app-v-51-server.md) diff --git a/mdop/appv-v5/how-to-enable-only-administrators-to-publish-packages-by-using-an-esd.md b/mdop/appv-v5/how-to-enable-only-administrators-to-publish-packages-by-using-an-esd.md deleted file mode 100644 index 094eff2814..0000000000 --- a/mdop/appv-v5/how-to-enable-only-administrators-to-publish-packages-by-using-an-esd.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: How to Enable Only Administrators to Publish Packages by Using an ESD -description: How to Enable Only Administrators to Publish Packages by Using an ESD -author: dansimp -ms.assetid: 03367b26-83d5-4299-ad52-b9177b9cf9a8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Enable Only Administrators to Publish Packages by Using an ESD - - -Starting in App-V 5.0 SP3, you can configure the App-V client so that only administrators (not end users) can publish or unpublish packages. In earlier versions of App-V, you could not prevent end users from performing these tasks. - -**To enable only administrators to publish or unpublish packages** - -1. Navigate to the following Group Policy Object node: - - **Computer Configuration > Policies > Administrative Templates > System > App-V > Publishing**. - -2. Enable the **Require publish as administrator** Group Policy setting. - - To alternatively use PowerShell to set this item, see [How to Manage App-V 5.0 Packages Running on a Stand-Alone Computer by Using PowerShell](how-to-manage-app-v-50-packages-running-on-a-stand-alone-computer-by-using-powershell.md#bkmk-admins-pub-pkgs). - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-enable-only-administrators-to-publish-packages-by-using-an-esd51.md b/mdop/appv-v5/how-to-enable-only-administrators-to-publish-packages-by-using-an-esd51.md deleted file mode 100644 index 475dc5d892..0000000000 --- a/mdop/appv-v5/how-to-enable-only-administrators-to-publish-packages-by-using-an-esd51.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: How to Enable Only Administrators to Publish Packages by Using an ESD -description: How to Enable Only Administrators to Publish Packages by Using an ESD -author: dansimp -ms.assetid: bbc9fda2-fc09-4d72-8d9a-e83d2fcfe234 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Enable Only Administrators to Publish Packages by Using an ESD - - -Starting in App-V 5.0 SP3, you can configure the App-V client so that only administrators (not end users) can publish or unpublish packages. In earlier versions of App-V, you could not prevent end users from performing these tasks. - -**To enable only administrators to publish or unpublish packages** - -1. Navigate to the following Group Policy Object node: - - **Computer Configuration > Policies > Administrative Templates > System > App-V > Publishing**. - -2. Enable the **Require publish as administrator** Group Policy setting. - - To alternatively use PowerShell to set this item, see [How to Manage App-V 5.1 Packages Running on a Stand-Alone Computer by Using PowerShell](how-to-manage-app-v-51-packages-running-on-a-stand-alone-computer-by-using-powershell.md#bkmk-admins-pub-pkgs). - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-enable-reporting-on-the-app-v-50-client-by-using-powershell.md b/mdop/appv-v5/how-to-enable-reporting-on-the-app-v-50-client-by-using-powershell.md deleted file mode 100644 index 128470febf..0000000000 --- a/mdop/appv-v5/how-to-enable-reporting-on-the-app-v-50-client-by-using-powershell.md +++ /dev/null @@ -1,97 +0,0 @@ ---- -title: How to Enable Reporting on the App-V 5.0 Client by Using PowerShell -description: How to Enable Reporting on the App-V 5.0 Client by Using PowerShell -author: dansimp -ms.assetid: a7aaf553-0f83-4cd0-8df8-93a5f1ebe497 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Enable Reporting on the App-V 5.0 Client by Using PowerShell - - -Use the following procedure to configure the App-V 5.0 for reporting. - -**To configure the computer running the App-V 5.0 client for reporting** - -1. Install the App-V 5.0 client. For more information about installing the client see [How to Deploy the App-V Client](how-to-deploy-the-app-v-client-gb18030.md). - -2. After you have installed the App-V 5.0 client, use the **Set-AppvClientConfiguration** PowerShell to configure appropriate Reporting Configuration settings: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SettingDescription

ReportingEnabled

Enables the client to return information to a reporting server. This setting is required for the client to collect the reporting data on the client.

ReportingServerURL

Specifies the location on the reporting server where client information is saved. For example, http://<reportingservername>:<reportingportnumber>.

-
- Note

This is the port number that was assigned during the Reporting Server setup

-
-
- -

Reporting Start Time

This is set to schedule the client to automatically send the data to the server. This setting will indicate the hour at which the reporting data will start to send. It is in the 24 hour format and will take a number between 0-23.

ReportingRandomDelay

Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and ReportingRandomDelay and will wait the specified duration before sending data.

ReportingInterval

Specifies the retry interval that the client will use to resend data to the reporting server.

ReportingDataCacheLimit

Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over.

ReportingDataBlockSize

Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over.

- - - -3. After the appropriate settings have been configured, the computer running the App-V 5.0 client will automatically collect data and will send the data back to the reporting server. - - Additionally, administrators can manually send the data back in an on-demand manner using the **Send-AppvClientReport** PowerShell cmdlet. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Administering App-V by Using PowerShell](administering-app-v-by-using-powershell.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-enable-reporting-on-the-app-v-51-client-by-using-powershell.md b/mdop/appv-v5/how-to-enable-reporting-on-the-app-v-51-client-by-using-powershell.md deleted file mode 100644 index 0bbe4ac487..0000000000 --- a/mdop/appv-v5/how-to-enable-reporting-on-the-app-v-51-client-by-using-powershell.md +++ /dev/null @@ -1,97 +0,0 @@ ---- -title: How to Enable Reporting on the App-V 5.1 Client by Using PowerShell -description: How to Enable Reporting on the App-V 5.1 Client by Using PowerShell -author: dansimp -ms.assetid: c4c58be6-cc50-44f6-bf4f-8346fc5d0c0e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Enable Reporting on the App-V 5.1 Client by Using PowerShell - - -Use the following procedure to configure the App-V 5.1 for reporting. - -**To configure the computer running the App-V 5.1 client for reporting** - -1. Install the App-V 5.1 client. For more information about installing the client see [How to Deploy the App-V Client](how-to-deploy-the-app-v-client-51gb18030.md). - -2. After you have installed the App-V 5.1 client, use the **Set-AppvClientConfiguration** PowerShell to configure appropriate Reporting Configuration settings: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SettingDescription

ReportingEnabled

Enables the client to return information to a reporting server. This setting is required for the client to collect the reporting data on the client.

ReportingServerURL

Specifies the location on the reporting server where client information is saved. For example, http://<reportingservername>:<reportingportnumber>.

-
- Note

This is the port number that was assigned during the Reporting Server setup

-
-
- -

Reporting Start Time

This is set to schedule the client to automatically send the data to the server. This setting will indicate the hour at which the reporting data will start to send. It is in the 24 hour format and will take a number between 0-23.

ReportingRandomDelay

Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and ReportingRandomDelay and will wait the specified duration before sending data.

ReportingInterval

Specifies the retry interval that the client will use to resend data to the reporting server.

ReportingDataCacheLimit

Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over.

ReportingDataBlockSize

Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over.

- - - -3. After the appropriate settings have been configured, the computer running the App-V 5.1 client will automatically collect data and will send the data back to the reporting server. - - Additionally, administrators can manually send the data back in an on-demand manner using the **Send-AppvClientReport** PowerShell cmdlet. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Administering App-V 5.1 by Using PowerShell](administering-app-v-51-by-using-powershell.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-install-the-app-v-50-client-for-shared-content-store-mode.md b/mdop/appv-v5/how-to-install-the-app-v-50-client-for-shared-content-store-mode.md deleted file mode 100644 index b9405a9529..0000000000 --- a/mdop/appv-v5/how-to-install-the-app-v-50-client-for-shared-content-store-mode.md +++ /dev/null @@ -1,58 +0,0 @@ ---- -title: How to Install the App-V 5.0 Client for Shared Content Store Mode -description: How to Install the App-V 5.0 Client for Shared Content Store Mode -author: dansimp -ms.assetid: 88f09e6f-19e7-48ea-965a-907052d1a02f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Install the App-V 5.0 Client for Shared Content Store Mode - - -Use the following procedure to install the Microsoft Application Virtualization (App-V) 5.0 client so that it uses the App-V 5.0 Shared Content Store (SCS) mode. You should ensure that all required prerequisites are installed on the computer you plan to install to. Use the following link for a [App-V 5.0 Prerequisites](app-v-50-prerequisites.md). - -**Note**   -Before performing this procedure if necessary uninstall any existing version of the App-V 5.0 client. - - - -For more information about SCS mode, see [Shared Content Store in Microsoft App-V 5.0 – Behind the Scenes](https://go.microsoft.com/fwlink/?LinkId=316879) (https://go.microsoft.com/fwlink/?LinkId=316879). - -**Install and configure the App-V 5.0 client for SCS mode** - -1. Copy the App-V 5.0 client installation files to the computer on which it will be installed. Open a command line and from the directory where the installation files are saved type one of the following options depending on the version of the client you are installing: - - - To install the RDS version of the App-V 5.0 client type: **appv\_client\_setup\_rds.exe /SHAREDCONTENTSTOREMODE=1 /q** - - - To install the standard version of the App-V 5.0 client type: **appv\_client\_setup.exe /SHAREDCONTENTSTOREMODE=1 /q** - - **Important**   - You must perform a silent installation or the installation will fail. - - - -2. After you have completed the installation you can deploy packages to the computer running the client and all package contents will be streamed across the network. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Deploying the App-V 5.0 Sequencer and Client](deploying-the-app-v-50-sequencer-and-client.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-install-the-app-v-51-client-for-shared-content-store-mode.md b/mdop/appv-v5/how-to-install-the-app-v-51-client-for-shared-content-store-mode.md deleted file mode 100644 index 25741ffb48..0000000000 --- a/mdop/appv-v5/how-to-install-the-app-v-51-client-for-shared-content-store-mode.md +++ /dev/null @@ -1,58 +0,0 @@ ---- -title: How to Install the App-V 5.1 Client for Shared Content Store Mode -description: How to Install the App-V 5.1 Client for Shared Content Store Mode -author: dansimp -ms.assetid: 6f3ecb1b-b5b5-4ae0-8de9-b4ffdfd2c216 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Install the App-V 5.1 Client for Shared Content Store Mode - - -Use the following procedure to install the Microsoft Application Virtualization (App-V) 5.1 client so that it uses the App-V 5.1 Shared Content Store (SCS) mode. You should ensure that all required prerequisites are installed on the computer you plan to install to. Use the following link to see [App-V 5.1 Prerequisites](app-v-51-prerequisites.md). - -**Note**   -Before performing this procedure if necessary uninstall any existing version of the App-V 5.1 client. - - - -For more information about SCS mode, see [Shared Content Store in Microsoft App-V 5.0 – Behind the Scenes](https://go.microsoft.com/fwlink/?LinkId=316879) (https://go.microsoft.com/fwlink/?LinkId=316879). - -**Install and configure the App-V 5.1 client for SCS mode** - -1. Copy the App-V 5.1 client installation files to the computer on which it will be installed. Open a command line and from the directory where the installation files are saved type one of the following options depending on the version of the client you are installing: - - - To install the RDS version of the App-V 5.1 client type: **appv\_client\_setup\_rds.exe /SHAREDCONTENTSTOREMODE=1 /q** - - - To install the standard version of the App-V 5.1 client type: **appv\_client\_setup.exe /SHAREDCONTENTSTOREMODE=1 /q** - - **Important**   - You must perform a silent installation or the installation will fail. - - - -2. After you have completed the installation you can deploy packages to the computer running the client and all package contents will be streamed across the network. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Deploying the App-V 5.1 Sequencer and Client](deploying-the-app-v-51-sequencer-and-client.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell.md b/mdop/appv-v5/how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell.md deleted file mode 100644 index 22ca05448e..0000000000 --- a/mdop/appv-v5/how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell.md +++ /dev/null @@ -1,173 +0,0 @@ ---- -title: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell -description: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell -author: dansimp -ms.assetid: 9399342b-1ea7-41df-b988-33e302f9debe -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell - - -Use the following PowerShell procedure to convert any number of Active Directory Domain Services (AD DS) user or machine accounts into formatted Security Identifiers (SIDs) both in the standard format and in the hexadecimal format used by Microsoft SQL Server when running SQL scripts. - -Before attempting this procedure, you should read and understand the information and examples displayed in the following list: - -- **.INPUTS** – The account or accounts used to convert to SID format. This can be a single account name or an array of account names. - -- **.OUTPUTS** - A list of account names with the corresponding SID in standard and hexadecimal formats. - -- **Examples** - - - **.\\ConvertToSID.ps1 DOMAIN\\user\_account1 DOMAIN\\machine\_account1$ DOMAIN\\user\_account2 | Format-List**. - - **$accountsArray = @("DOMAIN\\user\_account1", "DOMAIN\\machine\_account1$", "DOMAIN\_user\_account2")** - - **.\\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\\SIDs.txt -Width 200** - - \#> - -**To convert any number of Active Directory Domain Services (AD DS) user or machine accounts into formatted Security Identifiers (SIDs)** - -1. Copy the following script into a text editor and save it as a PowerShell script file, for example **ConvertToSIDs.ps1**. - -2. To open a PowerShell console click **Start** and type **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**. - - ```powershell - <# - .SYNOPSIS - This PowerShell script will take an array of account names and try to convert each of them to the corresponding SID in standard and hexadecimal formats. - - .DESCRIPTION - This is a PowerShell script that converts any number of Active Directory (AD) user or machine accounts into formatted Security Identifiers (SIDs) both in the standard format and in the hexadecimal format used by SQL server when running SQL scripts. - - .INPUTS - The account(s) to convert to SID format. This can be a single account name or an array of account names. Please see examples below. - - .OUTPUTS - A list of account names with the corresponding SID in standard and hexadecimal formats - - .EXAMPLE - .\ConvertToSID.ps1 DOMAIN\user_account1 DOMAIN\machine_account1$ DOMAIN\user_account2 | Format-List - - .EXAMPLE - $accountsArray = @("DOMAIN\user_account1", "DOMAIN\machine_account1$", "DOMAIN_user_account2") - - .\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\SIDs.txt -Width 200 - #> - - function ConvertSIDToHexFormat - { - param([System.Security.Principal.SecurityIdentifier]$sidToConvert) - - $sb = New-Object System.Text.StringBuilder - - [int] $binLength = $sidToConvert.BinaryLength - - [Byte[]] $byteArray = New-Object Byte[] $binLength - - $sidToConvert.GetBinaryForm($byteArray, 0) - - foreach($byte in $byteArray) - { - $sb.Append($byte.ToString("X2")) |Out-Null - } - return $sb.ToString() - } - - [string[]]$myArgs = $args - - - - if(($myArgs.Length -lt 1) -or ($myArgs[0].CompareTo("/?") -eq 0)) - { - [string]::Format("{0}====== Description ======{0}{0}" + - " Converts any number of user or machine account names to string and hexadecimal SIDs.{0}" + - " Pass the account(s) as space separated command line parameters. (For example 'ConvertToSID.exe DOMAIN\\Account1 DOMAIN\\Account2 ...'){0}" + - " The output is written to the console in the format 'Account name SID as string SID as hexadecimal'{0}" + - " And can be written out to a file using standard PowerShell redirection{0}" + - " Please specify user accounts in the format 'DOMAIN\username'{0}" + - " Please specify machine accounts in the format 'DOMAIN\machinename$'{0}" + - " For more help content, please run 'Get-Help ConvertToSID.ps1'{0}" + - "{0}====== Arguments ======{0}" + - - - - "{0} /? Show this help message", [Environment]::NewLine) - } - else - { - #If an array was passed in, try to split it - if($myArgs.Length -eq 1) - { - $myArgs = $myArgs.Split(' ') - } - - #Parse the arguments for account names - foreach($accountName in $myArgs) - { - [string[]] $splitString = $accountName.Split('\') # We're looking for the format "DOMAIN\Account" so anything that does not match, we reject - - if($splitString.Length -ne 2) - { - $message = [string]::Format("{0} is not a valid account name. Expected format 'Domain\username' for user accounts or 'DOMAIN\machinename$' for machine accounts.", $accountName) - - Write-Error -Message $message - continue - } - - #Convert any account names to SIDs - try - { - [System.Security.Principal.NTAccount] $account = New-Object System.Security.Principal.NTAccount($splitString[0], $splitString[1]) - - [System.Security.Principal.SecurityIdentifier] $SID = [System.Security.Principal.SecurityIdentifier]($account.Translate([System.Security.Principal.SecurityIdentifier])) - } - catch [System.Security.Principal.IdentityNotMappedException] - { - $message = [string]::Format("Failed to translate account object '{0}' to a SID. Please verify that this is a valid user or machine account.", $account.ToString()) - - Write-Error -Message $message - - continue - } - - #Convert regular SID to binary format used by SQL - - $hexSIDString = ConvertSIDToHexFormat $SID - - $SIDs = New-Object PSObject - - $SIDs | Add-Member NoteProperty Account $accountName - - $SIDs | Add-Member NoteProperty SID $SID.ToString() - - $SIDs | Add-Member NoteProperty Hexadecimal $hexSIDString - - Write-Output $SIDs - } - } - ``` - -3. Run the script you saved in step one of this procedure passing the accounts to convert as arguments. - - For example, - - **.\\ConvertToSID.ps1 DOMAIN\\user\_account1 DOMAIN\\machine\_account1$ DOMAIN\\user\_account2 | Format-List” or “$accountsArray = @("DOMAIN\\user\_account1", "DOMAIN\\machine\_account1$", "DOMAIN\_user\_account2")** - - **.\\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\\SIDs.txt -Width 200”** - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Administering App-V by Using PowerShell](administering-app-v-by-using-powershell.md) diff --git a/mdop/appv-v5/how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell51.md b/mdop/appv-v5/how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell51.md deleted file mode 100644 index 152d31ca72..0000000000 --- a/mdop/appv-v5/how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell51.md +++ /dev/null @@ -1,146 +0,0 @@ ---- -title: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell -description: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell -author: dansimp -ms.assetid: 2be6fb72-f3a6-4550-bba1-6defa78ca08a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - -# How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell - -Use the following PowerShell procedure to convert any number of Active Directory Domain Services (AD DS) user or machine accounts into formatted Security Identifiers (SIDs) both in the standard format and in the hexadecimal format used by Microsoft SQL Server when running SQL scripts. - -Before attempting this procedure, you should read and understand the information and examples displayed in the following list: - -- **.INPUTS** – The account or accounts used to convert to SID format. This can be a single account name or an array of account names. - -- **.OUTPUTS** - A list of account names with the corresponding SID in standard and hexadecimal formats. - -- **Examples** - - - **.\\ConvertToSID.ps1 DOMAIN\\user\_account1 DOMAIN\\machine\_account1$ DOMAIN\\user\_account2 | Format-List**. - - **$accountsArray = @("DOMAIN\\user\_account1", "DOMAIN\\machine\_account1$", "DOMAIN\_user\_account2")** - - **.\\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\\SIDs.txt -Width 200** - -## To convert any number of Active Directory Domain Services (AD DS) user or machine accounts into formatted Security Identifiers (SIDs) - -1. Copy the following script into a text editor and save it as a PowerShell script file, for example **ConvertToSIDs.ps1**. -1. To open a PowerShell console click **Start** and type **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**. - - ```powershell - <# - .SYNOPSIS - This PowerShell script will take an array of account names and try to convert each of them to the corresponding SID in standard and hexadecimal formats. - .DESCRIPTION - This is a PowerShell script that converts any number of Active Directory (AD) user or machine accounts into formatted Security Identifiers (SIDs) both in the standard format and in the hexadecimal format used by SQL server when running SQL scripts. - .INPUTS - The account(s) to convert to SID format. This can be a single account name or an array of account names. Please see examples below. - .OUTPUTS - A list of account names with the corresponding SID in standard and hexadecimal formats - .EXAMPLE - .\ConvertToSID.ps1 DOMAIN\user_account1 DOMAIN\machine_account1$ DOMAIN\user_account2 | Format-List - .EXAMPLE - $accountsArray = @("DOMAIN\user_account1", "DOMAIN\machine_account1$", "DOMAIN_user_account2") - .\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\SIDs.txt -Width 200 - #> - - function ConvertSIDToHexFormat - { - - param([System.Security.Principal.SecurityIdentifier]$sidToConvert) - - $sb = New-Object System.Text.StringBuilder - [int] $binLength = $sidToConvert.BinaryLength - [Byte[]] $byteArray = New-Object Byte[] $binLength - $sidToConvert.GetBinaryForm($byteArray, 0) - foreach($byte in $byteArray) - { - $sb.Append($byte.ToString("X2")) |Out-Null - } - return $sb.ToString() - } - [string[]]$myArgs = $args - if(($myArgs.Length -lt 1) -or ($myArgs[0].CompareTo("/?") -eq 0)) - { - - [string]::Format("{0}====== Description ======{0}{0}" + - " Converts any number of user or machine account names to string and hexadecimal SIDs.{0}" + - " Pass the account(s) as space separated command line parameters. (For example 'ConvertToSID.ps1 DOMAIN\Account1 DOMAIN\Account2 ...'){0}" + - " The output is written to the console in the format 'Account name SID as string SID as hexadecimal'{0}" + - " And can be written out to a file using standard PowerShell redirection{0}" + - " Please specify user accounts in the format 'DOMAIN\username'{0}" + - " Please specify machine accounts in the format 'DOMAIN\machinename$'{0}" + - " For more help content, please run 'Get-Help ConvertToSID.ps1'{0}" + - "{0}====== Arguments ======{0}" + - "{0} /? Show this help message", [Environment]::NewLine) - } - else - { - #If an array was passed in, try to split it - if($myArgs.Length -eq 1) - { - $myArgs = $myArgs.Split(' ') - } - - #Parse the arguments for account names - foreach($accountName in $myArgs) - { - [string[]] $splitString = $accountName.Split('\') # We're looking for the format "DOMAIN\Account" so anything that does not match, we reject - if($splitString.Length -ne 2) - { - $message = [string]::Format("{0} is not a valid account name. Expected format 'Domain\username' for user accounts or 'DOMAIN\machinename$' for machine accounts.", $accountName) - Write-Error -Message $message - continue - } - - #Convert any account names to SIDs - try - { - [System.Security.Principal.NTAccount] $account = New-Object System.Security.Principal.NTAccount($splitString[0], $splitString[1]) - [System.Security.Principal.SecurityIdentifier] $SID = [System.Security.Principal.SecurityIdentifier]($account.Translate([System.Security.Principal.SecurityIdentifier])) - } - catch [System.Security.Principal.IdentityNotMappedException] - { - $message = [string]::Format("Failed to translate account object '{0}' to a SID. Please verify that this is a valid user or machine account.", $account.ToString()) - Write-Error -Message $message - continue - } - - #Convert regular SID to binary format used by SQL - $hexSIDString = ConvertSIDToHexFormat $SID - - $SIDs = New-Object PSObject - $SIDs | Add-Member NoteProperty Account $accountName - $SIDs | Add-Member NoteProperty SID $SID.ToString() - $SIDs | Add-Member NoteProperty Hexadecimal $hexSIDString - - Write-Output $SIDs - } - } - ``` - -1. Run the script you saved in step one of this procedure passing the accounts to convert as arguments. - - For example, - - **.\\ConvertToSID.ps1 DOMAIN\\user\_account1 DOMAIN\\machine\_account1$ DOMAIN\\user\_account2 | Format-List** - - or - - **$accountsArray = @("DOMAIN\\user\_account1", "DOMAIN\\machine\_account1$", "DOMAIN\_user\_account2")** - **.\\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\\SIDs.txt -Width 200** - -**Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - -[Administering App-V 5.1 by Using PowerShell](administering-app-v-51-by-using-powershell.md) diff --git a/mdop/appv-v5/how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services.md b/mdop/appv-v5/how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services.md deleted file mode 100644 index 924e89d919..0000000000 --- a/mdop/appv-v5/how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services.md +++ /dev/null @@ -1,126 +0,0 @@ ---- -title: How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services -description: How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services -author: dansimp -ms.assetid: 02afd6d6-4c33-4c0b-bd88-ae167b786fdf -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services - - -Use the following procedure to install the database server and management server on different computers. The computer you plan to install the database server on must be running a supported version of Microsoft SQL or the installation will fail. - -**Note** -After you complete the deployment, the **Microsoft SQL Server name**, **instance name** and **database name** will be required by the administrator installing the service to be able to connect to these databases. - - - -**To install the management database and the management server on separate computers** - -1. Copy the App-V 5.0 server installation files to the computer on which you want to install it on. To start the App-V 5.0 server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**. - -2. On the **Getting Started** page, review and accept the license terms, and click **Next**. - -3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**. - -4. On the **Feature Selection** page, select the components you want to install by selecting the **Management Server Database** checkbox and click **Next**. - -5. On the **Installation Location** page, accept the default location and click **Next**. - -6. On the initial **Create New Management Server Database page**, accept the default selections if appropriate, and click **Next**. - - If you are using a custom SQL Server instance, then select **Use a custom instance** and type the name of the instance. - - If you are using a custom database name, then select **Custom configuration** and type the database name. - -7. On the next **Create New Management Server Database** page, select **Use a remote computer**, and type the remote machine account using the following format: **Domain\\MachineAccount**. - - **Note** - If you plan to deploy the management server on the same computer you must select **Use this local computer**. - - - -~~~ -Specify the user name for the management server **Install Administrator** using the following format: **Domain\\AdministratorLoginName**. Click **Next**. -~~~ - -8. To start the installation, click **Install**. - -**To install the reporting database and the reporting server on separate computers** - -1. Copy the App-V 5.0 server installation files to the computer on which you want to install it on. To start the App-V 5.0 server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**. - -2. On the **Getting Started** page, review and accept the license terms, and click **Next**. - -3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**. - -4. On the **Feature Selection** page, select the components you want to install by selecting the **Reporting Server Database** checkbox and click **Next**. - -5. On the **Installation Location** page, accept the default location and click **Next**. - -6. On the initial **Create New Reporting Server Database** page, accept the default selections if appropriate, and click **Next**. - - If you are using a custom SQL Server instance, then select **Use a custom instance** and type the name of the instance. - - If you are using a custom database name, then select **Custom configuration** and type the database name. - -7. On the next **Create New Reporting Server Database** page, select **Use a remote computer**, and type the remote machine account using the following format: **Domain\\MachineAccount**. - - **Note** - If you plan to deploy the reporting server on the same computer you must select **Use this local computer**. - - - -~~~ -Specify the user name for the reporting server **Install Administrator** using the following format: **Domain\\AdministratorLoginName**. Click **Next**. -~~~ - -8. To start the installation, click **Install**. - -**To install the management and reporting databases using App-V 5.0 database scripts** - -1. Copy the App-V 5.0 server installation files to the computer on which you want to install it on. - -2. To extract the App-V 5.0 database scripts, open a command prompt and specify the location where the installation files are saved and run the following command: - - **appv\_server\_setup.exe** **/LAYOUT** **/LAYOUTDIR=”InstallationExtractionLocation”**. - -3. After the extraction has been completed, to access the App-V 5.0 database scripts and instructions readme file: - - - The App-V 5.0 Management Database scripts and instructions readme are located in the following folder: **InstallationExtractionLocation** \\ **Database Scripts** \\ **Management Database**. - - - The App-V 5.0 Reporting Database scripts and instructions readme are located in the following folder: **InstallationExtractionLocation** \\ **Database Scripts** \\ **Reporting Database**. - -4. For each database, copy the scripts to a share and modify them following the instructions in the readme file. - - **Note** - For more information about modifying the required SIDs contained in the scripts see, [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell](how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell.md). - - - -5. Run the scripts on the computer running Microsoft SQL Server. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Deploying App-V 5.0](deploying-app-v-50.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services51.md b/mdop/appv-v5/how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services51.md deleted file mode 100644 index ebe96992d3..0000000000 --- a/mdop/appv-v5/how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services51.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services -description: How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services -author: dansimp -ms.assetid: 2a67402e-3119-40ea-a247-24d166af1ced -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - -# How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services - -Use the following procedure to install the database server and management server on different computers. The computer you plan to install the database server on must be running a supported version of Microsoft SQL or the installation will fail. - -> [!NOTE] -> After you complete the deployment, the **Microsoft SQL Server name**, **instance name** and **database name** will be required by the administrator installing the service to be able to connect to these databases. - -## To install the management database and the management server on separate computers - -1. Copy the App-V 5.1 server installation files to the computer on which you want to install it on. To start the App-V 5.1 server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**. -1. On the **Getting Started** page, review and accept the license terms, and click **Next**. -1. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don't want to use Microsoft Update**. Click **Next**. -1. On the **Feature Selection** page, select the components you want to install by selecting the **Management Server Database** checkbox and click **Next**. -1. On the **Installation Location** page, accept the default location and click **Next**. -1. On the initial **Create New Management Server Database page**, accept the default selections if appropriate, and click **Next**. - - If you are using a custom SQL Server instance, then select **Use a custom instance** and type the name of the instance.\ - If you are using a custom database name, then select **Custom configuration** and type the database name. - -1. On the next **Create New Management Server Database** page, select **Use a remote computer**, and type the remote machine account using the following format: **Domain\\MachineAccount**. - - > [!NOTE] - > If you plan to deploy the management server on the same computer you must select **Use this local computer**. - -1. Specify the user name for the management server **Install Administrator** using the following format: **Domain\\AdministratorLoginName**. Click **Next**. -1. To start the installation, click **Install**. - -## To install the reporting database and the reporting server on separate computers - -1. Copy the App-V 5.1 server installation files to the computer on which you want to install it on. To start the App-V 5.1 server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**. -1. On the **Getting Started** page, review and accept the license terms, and click **Next**. -1. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don't want to use Microsoft Update**. Click **Next**. -1. On the **Feature Selection** page, select the components you want to install by selecting the **Reporting Server Database** checkbox and click **Next**. -1. On the **Installation Location** page, accept the default location and click **Next**. -1. On the initial **Create New Reporting Server Database** page, accept the default selections if appropriate, and click **Next**. - - If you are using a custom SQL Server instance, then select **Use a custom instance** and type the name of the instance. - If you are using a custom database name, then select **Custom configuration** and type the database name. - -1. On the next **Create New Reporting Server Database** page, select **Use a remote computer**, and type the remote machine account using the following format: **Domain\\MachineAccount**. - - > [!NOTE] - > If you plan to deploy the reporting server on the same computer you must select **Use this local computer**. - -1. Specify the user name for the reporting server **Install Administrator** using the following format: **Domain\\AdministratorLoginName**. Click **Next**. -1. To start the installation, click **Install**. - -## To install the management and reporting databases using App-V 5.1 database scripts - -1. Copy the App-V 5.1 server installation files to the computer on which you want to install it on. -1. To extract the App-V 5.1 database scripts, open a command prompt and specify the location where the installation files are saved and run the following command: - - **appv\_server\_setup.exe** **/LAYOUT** **/LAYOUTDIR="InstallationExtractionLocation"**. - -1. After the extraction has been completed, to access the App-V 5.1 database scripts and instructions readme file: - - - The App-V 5.1 Management Database scripts and instructions readme are located in the following folder: **InstallationExtractionLocation** \\ **Database Scripts** \\ **Management Database**. - - The App-V 5.1 Reporting Database scripts and instructions readme are located in the following folder: **InstallationExtractionLocation** \\ **Database Scripts** \\ **Reporting Database**. - -1. For each database, copy the scripts to a share and modify them following the instructions in the readme file. - - > [!NOTE] - > For more information about modifying the required SIDs contained in the scripts, see [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using PowerShell](how-to-install-the-app-v-databases-and-convert-the-associated-security-identifiers--by-using-powershell51.md). - -1. Run the scripts on the computer running Microsoft SQL Server. - -**Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - -[Deploying App-V 5.1](deploying-app-v-51.md) diff --git a/mdop/appv-v5/how-to-install-the-management-server-on-a-standalone-computer-and-connect-it-to-the-database.md b/mdop/appv-v5/how-to-install-the-management-server-on-a-standalone-computer-and-connect-it-to-the-database.md deleted file mode 100644 index c27949ba3d..0000000000 --- a/mdop/appv-v5/how-to-install-the-management-server-on-a-standalone-computer-and-connect-it-to-the-database.md +++ /dev/null @@ -1,69 +0,0 @@ ---- -title: How to install the Management Server on a Standalone Computer and Connect it to the Database -description: How to install the Management Server on a Standalone Computer and Connect it to the Database -author: dansimp -ms.assetid: 95281287-cb56-4117-befd-854268ea147c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to install the Management Server on a Standalone Computer and Connect it to the Database - - -Use the following procedure to install the management server on a standalone computer and connect it to the database. - -**To install the management server on a standalone computer and connect it to the database** - -1. Copy the App-V 5.0 server installation files to the computer on which you want to install it on. To start the App-V 5.0 server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**. - -2. On the **Getting Started** page, review and accept the license terms, and click **Next**. - -3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**. - -4. On the **Feature Selection** page, select the **Management Server** checkbox and click **Next**. - -5. On the **Installation Location** page, accept the default location and click **Next**. - -6. On the **Configure Existing Management Database** page, select **Use a remote SQL Server**, and type the machine name of the computer running Microsoft SQL SQL, for example **SqlServerMachine**. - - **Note** - If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**. - - - -~~~ -For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance** and then type the name of the instance. - -Specify the **SQL Server Database name** that this management server will use, for example **AppvManagement**. -~~~ - -7. On the **Configure Management Server Configuration** page, specify the AD group or account that will connect to the management console for administrative purposes for example **MyDomain\\MyUser** or **MyDomain\\AdminGroup**. The account or AD group you specify will be enabled to manage the server through the management console. You can add additional users or groups using the management console after installation - - Specify the **Website Name** that you want to use for the management service. Accept the default if you do not have a custom name. For the **Port Binding**, specify a unique port number to be used, for example **12345**. - -8. Click **Install**. - -9. To confirm that the setup has completed successfully, open a web browser, and type the following URL: http://managementserver:portnumber/Console.html if the installation was successful you should see the **Silverlight Management Console** appear without any error messages or warnings being displayed. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Deploying App-V 5.0](deploying-app-v-50.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-install-the-management-server-on-a-standalone-computer-and-connect-it-to-the-database51.md b/mdop/appv-v5/how-to-install-the-management-server-on-a-standalone-computer-and-connect-it-to-the-database51.md deleted file mode 100644 index 988a91b3ff..0000000000 --- a/mdop/appv-v5/how-to-install-the-management-server-on-a-standalone-computer-and-connect-it-to-the-database51.md +++ /dev/null @@ -1,69 +0,0 @@ ---- -title: How to install the Management Server on a Standalone Computer and Connect it to the Database -description: How to install the Management Server on a Standalone Computer and Connect it to the Database -author: dansimp -ms.assetid: 3f83c335-d976-4abd-b8f8-d7f5e50b4318 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to install the Management Server on a Standalone Computer and Connect it to the Database - - -Use the following procedure to install the management server on a standalone computer and connect it to the database. - -**To install the management server on a standalone computer and connect it to the database** - -1. Copy the App-V 5.1 server installation files to the computer on which you want to install it on. To start the App-V 5.1 server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**. - -2. On the **Getting Started** page, review and accept the license terms, and click **Next**. - -3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**. - -4. On the **Feature Selection** page, select the **Management Server** checkbox and click **Next**. - -5. On the **Installation Location** page, accept the default location and click **Next**. - -6. On the **Configure Existing Management Database** page, select **Use a remote SQL Server**, and type the machine name of the computer running Microsoft SQL SQL, for example **SqlServerMachine**. - - **Note** - If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**. - - - -~~~ -For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance** and then type the name of the instance. - -Specify the **SQL Server Database name** that this management server will use, for example **AppvManagement**. -~~~ - -7. On the **Configure Management Server Configuration** page, specify the AD group or account that will connect to the management console for administrative purposes for example **MyDomain\\MyUser** or **MyDomain\\AdminGroup**. The account or AD group you specify will be enabled to manage the server through the management console. You can add additional users or groups using the management console after installation - - Specify the **Website Name** that you want to use for the management service. Accept the default if you do not have a custom name. For the **Port Binding**, specify a unique port number to be used, for example **12345**. - -8. Click **Install**. - -9. To confirm that the setup has completed successfully, open a web browser, and type the following URL: http://managementserver:portnumber/Console. If the installation was successful, you should see the **Management Console** appear without any error messages or warnings being displayed. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Deploying App-V 5.1](deploying-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-install-the-publishing-server-on-a-remote-computer.md b/mdop/appv-v5/how-to-install-the-publishing-server-on-a-remote-computer.md deleted file mode 100644 index ee45693fca..0000000000 --- a/mdop/appv-v5/how-to-install-the-publishing-server-on-a-remote-computer.md +++ /dev/null @@ -1,79 +0,0 @@ ---- -title: How to Install the Publishing Server on a Remote Computer -description: How to Install the Publishing Server on a Remote Computer -author: dansimp -ms.assetid: 37970706-54ff-4799-9485-b9b49fd50f37 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Install the Publishing Server on a Remote Computer - - -Use the following procedure to install the publishing server on a separate computer. Before you perform the following procedure, ensure the database and management server are available. - -**To install the publishing server on a separate computer** - -1. Copy the App-V 5.0 server installation files to the computer on which you want to install it on. To start the App-V 5.0 server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**. - -2. On the **Getting Started** page, review and accept the license terms, and click **Next**. - -3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**. - -4. On the **Feature Selection** page, select the **Publishing Server** checkbox and click **Next**. - -5. On the **Installation Location** page, accept the default location and click **Next**. - -6. On the **Configure Publishing Server Configuration** page, specify the following items: - - - The URL for the management service that the publishing server will connect to. For example, **http://ManagementServerName:12345**. - - - Specify the website name that you want to use for the publishing service. Accept the default if you do not have a custom name. - - - For the **Port Binding**, specify a unique port number that will be used by App-V 5.0, for example **54321**. - -7. On the **Ready to Install** page, click **Install**. - -8. After the installation is complete, the publishing server must be registered with the management server. In the App-V 5.0 management console, use the following steps to register the server: - - 1. Open the App-V 5.0 management server console. - - 2. In the left pane, select **Servers**, and then select **Register New Server**. - - 3. Type the name of this server and a description (if required) and click **Add**. - -9. To verify if the publishing server is running correctly, you should import a package to the management server, entitle the package to an AD group, and publish the package. Using an internet browser, open the following URL: http://publishingserver:pubport. If the server is running correctly information similar to the following will be displayed: - - ```xml - - - - - - - - - ``` - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Deploying App-V 5.0](deploying-app-v-50.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-install-the-publishing-server-on-a-remote-computer51.md b/mdop/appv-v5/how-to-install-the-publishing-server-on-a-remote-computer51.md deleted file mode 100644 index c9ed253251..0000000000 --- a/mdop/appv-v5/how-to-install-the-publishing-server-on-a-remote-computer51.md +++ /dev/null @@ -1,79 +0,0 @@ ---- -title: How to Install the Publishing Server on a Remote Computer -description: How to Install the Publishing Server on a Remote Computer -author: dansimp -ms.assetid: 1c903f78-0558-458d-a149-d5f6fb55aefb -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Install the Publishing Server on a Remote Computer - - -Use the following procedure to install the publishing server on a separate computer. Before you perform the following procedure, ensure the database and management server are available. - -**To install the publishing server on a separate computer** - -1. Copy the App-V 5.1 server installation files to the computer on which you want to install it on. To start the App-V 5.1 server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**. - -2. On the **Getting Started** page, review and accept the license terms, and click **Next**. - -3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**. - -4. On the **Feature Selection** page, select the **Publishing Server** checkbox and click **Next**. - -5. On the **Installation Location** page, accept the default location and click **Next**. - -6. On the **Configure Publishing Server Configuration** page, specify the following items: - - - The URL for the management service that the publishing server will connect to. For example, **http://ManagementServerName:12345**. - - - Specify the website name that you want to use for the publishing service. Accept the default if you do not have a custom name. - - - For the **Port Binding**, specify a unique port number that will be used by App-V 5.1, for example **54321**. - -7. On the **Ready to Install** page, click **Install**. - -8. After the installation is complete, the publishing server must be registered with the management server. In the App-V 5.1 management console, use the following steps to register the server: - - 1. Open the App-V 5.1 management server console. - - 2. In the left pane, select **Servers**, and then select **Register New Server**. - - 3. Type the name of this server and a description (if required) and click **Add**. - -9. To verify if the publishing server is running correctly, you should import a package to the management server, entitle the package to an AD group, and publish the package. Using an internet browser, open the following URL: http://publishingserver:pubport. If the server is running correctly information similar to the following will be displayed: - - ```xml - - - - - - - - - ``` - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Deploying App-V 5.1](deploying-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database.md b/mdop/appv-v5/how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database.md deleted file mode 100644 index 4285fdefd0..0000000000 --- a/mdop/appv-v5/how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database.md +++ /dev/null @@ -1,78 +0,0 @@ ---- -title: How to install the Reporting Server on a Standalone Computer and Connect it to the Database -description: How to install the Reporting Server on a Standalone Computer and Connect it to the Database -author: dansimp -ms.assetid: d186bdb7-e522-4124-bc6d-7d5a41ba8266 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to install the Reporting Server on a Standalone Computer and Connect it to the Database - - -Use the following procedure to install the reporting server on a standalone computer and connect it to the database. - -**Important** -Before performing the following procedure you should read and understand [About App-V 5.0 Reporting](about-app-v-50-reporting.md). - - - -**To install the reporting server on a standalone computer and connect it to the database** - -1. Copy the App-V 5.0 server installation files to the computer on which you want to install it on. To start the App-V 5.0 server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**. - -2. On the **Getting Started** page, review and accept the license terms, and click **Next**. - -3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**. - -4. On the **Feature Selection** page, select the **Reporting Server** checkbox and click **Next**. - -5. On the **Installation Location** page, accept the default location and click **Next**. - -6. On the **Configure Existing Reporting Database** page, select **Use a remote SQL Server**, and type the machine name of the computer running Microsoft SQL Server, for example **SqlServerMachine**. - - **Note** - If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**. - - - -~~~ -For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance** and then type the name of the instance. - -Specify the **SQL Server Database name** that this reporting server will use, for example **AppvReporting**. -~~~ - -7. On the **Configure Reporting Server Configuration** page. - - - Specify the Website Name that you want to use for the Reporting Service. Leave the default unchanged if you do not have a custom name. - - - For the **Port binding**, specify a unique port number that will be used by App-V 5.0, for example **55555**. You should also ensure that the port specified is not being used by another website. - -8. Click **Install**. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[About App-V 5.0 Reporting](about-app-v-50-reporting.md) - -[Deploying App-V 5.0](deploying-app-v-50.md) - -[How to Enable Reporting on the App-V 5.0 Client by Using PowerShell](how-to-enable-reporting-on-the-app-v-50-client-by-using-powershell.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database51.md b/mdop/appv-v5/how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database51.md deleted file mode 100644 index b74f0be3c2..0000000000 --- a/mdop/appv-v5/how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database51.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: How to install the Reporting Server on a Standalone Computer and Connect it to the Database -description: How to install the Reporting Server on a Standalone Computer and Connect it to the Database -author: dansimp -ms.assetid: 11f07750-4045-4c8d-a583-7d70c9e9aa7b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to install the Reporting Server on a Standalone Computer and Connect it to the Database - -Use the following procedure to install the reporting server on a standalone computer and connect it to the database. - -**Important** -Before performing the following procedure you should read and understand [About App-V 5.1 Reporting](about-app-v-51-reporting.md). - -## To install the reporting server on a standalone computer and connect it to the database - -1. Copy the App-V 5.1 server installation files to the computer on which you want to install it on. To start the App-V 5.1 server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**. - -2. On the **Getting Started** page, review and accept the license terms, and click **Next**. - -3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don't want to use Microsoft Update**. Click **Next**. - -4. On the **Feature Selection** page, select the **Reporting Server** checkbox and click **Next**. - -5. On the **Installation Location** page, accept the default location and click **Next**. - -6. On the **Configure Existing Reporting Database** page, select **Use a remote SQL Server**, and type the machine name of the computer running Microsoft SQL Server, for example **SqlServerMachine**. - - > [!NOTE] - > If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**. - - For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance** and then type the name of the instance. - - Specify the **SQL Server Database name** that this reporting server will use, for example **AppvReporting**. - -7. On the **Configure Reporting Server Configuration** page. - - - Specify the Website Name that you want to use for the Reporting Service. Leave the default unchanged if you do not have a custom name. - - - For the **Port binding**, specify a unique port number that will be used by App-V 5.1, for example **55555**. You should also ensure that the port specified is not being used by another website. - -8. Click **Install**. - -**Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - -[About App-V 5.1 Reporting](about-app-v-51-reporting.md) - -[Deploying App-V 5.1](deploying-app-v-51.md) - -[How to Enable Reporting on the App-V 5.1 Client by Using PowerShell](how-to-enable-reporting-on-the-app-v-51-client-by-using-powershell.md) diff --git a/mdop/appv-v5/how-to-install-the-sequencer-51beta-gb18030.md b/mdop/appv-v5/how-to-install-the-sequencer-51beta-gb18030.md deleted file mode 100644 index dac6a4e3dc..0000000000 --- a/mdop/appv-v5/how-to-install-the-sequencer-51beta-gb18030.md +++ /dev/null @@ -1,114 +0,0 @@ ---- -title: How to Install the Sequencer -description: How to Install the Sequencer -author: dansimp -ms.assetid: 5e8f1696-9bc0-4f44-8cb7-b809b2daae10 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Install the Sequencer - - -Use the following procedure to install the Microsoft Application Virtualization (App-V) 5.1 sequencer. The computer that will run the sequencer must not be running any version of the App-V 5.1 client. - -Upgrading a previous installation of the App-V sequencer is not supported. - -**Important**   -For a full list of the sequencer requirements see sequencer sections of [App-V 5.1 Prerequisites](app-v-51-prerequisites.md) and [App-V 5.1 Supported Configurations](app-v-51-supported-configurations.md). - - - -You can also use the command line to install the App-V 5.1 sequencer. The following list displays information about options for installing the sequencer using the command line and **appv\_sequencer\_setup.exe**: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
CommandDescription

/INSTALLDIR

Specifies the installation directory.

/CEIPOPTIN

Enables participation in the Microsoft Customer Experience Improvement Program.

/Log

Specifies where the installation log will be saved, the default location is %Temp%. For example, C:\ Logs \ log.log.

/q

Specifies a quiet or silent installation.

/Uninstall

Specifies the removal of the sequencer.

/ACCEPTEULA

Accepts the license agreement. This is required for an unattended installation. Example usage: /ACCEPTEULA or /ACCEPTEULA=1.

/LAYOUT

Specifies the associated layout action. It also extracts the Windows Installer (.msi) and script files to a folder without installing App-V 5.1. No value is expected.

/LAYOUTDIR

Specifies the layout directory. Requires a string value. Example usage: /LAYOUTDIR=”C:\Application Virtualization Client”.

/? Or /h or /help

Displays associated help.

- - - -**To install the App-V 5.1 sequencer** - -1. Copy the App-V 5.1 sequencer installation files to the computer on which it will be installed. Double-click **appv\_sequencer\_setup.exe** and then click **Install**. - -2. On the **Software License Terms** page, you should review the license terms. To accept the license terms select **I accept the license terms.** Click **Next**. - -3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates from running select **I don’t want to use Microsoft Update**. Click **Next**. - -4. On the **Customer Experience Improvement Program** page, to participate in the program select **Join the Customer Experience Improvement Program**. This will allow information to be collected about how you are using App-V 5.1. If you don’t want to participate in the program select **I don’t want to join the program at this time**. Click **Install**. - -5. To open the sequencer, click **Start** and then click **Microsoft Application Virtualization Sequencer**. - -**To troubleshoot the App-V 5.1 sequencer installation** - -- For more information regarding the sequencer installation, you can view the error log in the **%temp%** folder. To review the log files, click **Start**, type **%temp%**, and then look for the **appv\_ log**. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Planning to Deploy App-V](planning-to-deploy-app-v51.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-install-the-sequencer-beta-gb18030.md b/mdop/appv-v5/how-to-install-the-sequencer-beta-gb18030.md deleted file mode 100644 index c02d94ec51..0000000000 --- a/mdop/appv-v5/how-to-install-the-sequencer-beta-gb18030.md +++ /dev/null @@ -1,114 +0,0 @@ ---- -title: How to Install the Sequencer -description: How to Install the Sequencer -author: dansimp -ms.assetid: a122caf0-f408-458c-b119-dc84123c1d58 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Install the Sequencer - - -Use the following procedure to install the Microsoft Application Virtualization (App-V) 5.0 sequencer. The computer that will run the sequencer must not be running any version of the App-V 5.0 client. - -Upgrading a previous installation of the App-V sequencer is not supported. - -**Important**   -For a full list of the sequencer requirements see sequencer sections of [App-V 5.0 Prerequisites](app-v-50-prerequisites.md) and [App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md). - - - -You can also use the command line to install the App-V 5.0 sequencer. The following list displays information about options for installing the sequencer using the command line and **appv\_sequencer\_setup.exe**: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
CommandDescription

/INSTALLDIR

Specifies the installation directory.

/CEIPOPTIN

Enables participation in the Microsoft Customer Experience Improvement Program.

/Log

Specifies where the installation log will be saved, the default location is %Temp%. For example, C:\ Logs \ log.log.

/q

Specifies a quiet or silent installation.

/Uninstall

Specifies the removal of the sequencer.

/ACCEPTEULA

Accepts the license agreement. This is required for an unattended installation. Example usage: /ACCEPTEULA or /ACCEPTEULA=1.

/LAYOUT

Specifies the associated layout action. It also extracts the Windows Installer (.msi) and script files to a folder without installing App-V 5.0. No value is expected.

/LAYOUTDIR

Specifies the layout directory. Requires a string value. Example usage: /LAYOUTDIR=”C:\Application Virtualization Client”.

/? Or /h or /help

Displays associated help.

- - - -**To install the App-V 5.0 sequencer** - -1. Copy the App-V 5.0 sequencer installation files to the computer on which it will be installed. Double-click **appv\_sequencer\_setup.exe** and then click **Install**. - -2. On the **Software License Terms** page, you should review the license terms. To accept the license terms select **I accept the license terms.** Click **Next**. - -3. On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates from running select **I don’t want to use Microsoft Update**. Click **Next**. - -4. On the **Customer Experience Improvement Program** page, to participate in the program select **Join the Customer Experience Improvement Program**. This will allow information to be collected about how you are using App-V 5.0. If you don’t want to participate in the program select **I don’t want to join the program at this time**. Click **Install**. - -5. To open the sequencer, click **Start** and then click **Microsoft Application Virtualization Sequencer**. - -**To troubleshoot the App-V 5.0 sequencer installation** - -- For more information regarding the sequencer installation, you can view the error log in the **%temp%** folder. To review the log files, click **Start**, type **%temp%**, and then look for the **appv\_ log**. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Planning to Deploy App-V](planning-to-deploy-app-v.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-50-sp3.md b/mdop/appv-v5/how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-50-sp3.md deleted file mode 100644 index e24a590f0a..0000000000 --- a/mdop/appv-v5/how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-50-sp3.md +++ /dev/null @@ -1,222 +0,0 @@ ---- -title: How to Load the PowerShell Cmdlets and Get Cmdlet Help -description: How to Load the PowerShell Cmdlets and Get Cmdlet Help -author: dansimp -ms.assetid: 0624495b-943e-485b-9e54-b50e4ee6591c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 11/02/2016 ---- - - -# How to Load the PowerShell Cmdlets and Get Cmdlet Help - - -What this topic covers: - -- [Requirements for using PowerShell cmdlets](#bkmk-reqs-using-posh) - -- [Loading the PowerShell cmdlets](#bkmk-load-cmdlets) - -- [Getting help for the PowerShell cmdlets](#bkmk-get-cmdlet-help) - -- [Displaying the help for a PowerShell cmdlet](#bkmk-display-help-cmdlet) - -## Requirements for using PowerShell cmdlets - - -Review the following requirements for using the App-V PowerShell cmdlets: - - ---- - - - - - - - - - - - - - - - - - - - - -
RequirementDetails

Users can run App-V Server cmdlets only if you grant them access by using one of the following methods:

Cmdlets that require an elevated command prompt

    -

  • Add-AppvClientPackage

    • -

  • Remove-AppvClientPackage

    • -

  • Set-AppvClientConfiguration

    • -

  • Add-AppvClientConnectionGroup

    • -

  • Remove-AppvClientConnectionGroup

    • -

  • Add-AppvPublishingServer

    • -

  • Remove-AppvPublishingServer

    • -

  • Send-AppvClientReport

    • -

  • Set-AppvClientMode

    • -

  • Set-AppvClientPackage

    • -

  • Set-AppvPublishingServer

    • -

Cmdlets that end users can run, unless you configure them to require an elevated command prompt

    -

  • Publish-AppvClientPackage

    • -

  • Unpublish-AppvClientPackage

    • -
-

To configure these cmdlets to require an elevated command prompt, use one of the following methods:

- ---- - - - - - - - - - - - - - - - - -
MethodMore resources

Run the Set-AppvClientConfiguration cmdlet with the -RequirePublishAsAdmin parameter.

Enable the “Require publish as administrator” Group Policy setting for App-V Clients.

How to Publish a Package by Using the Management Console

-

 

- - - -## Loading the PowerShell cmdlets -To load the PowerShell cmdlet modules: - -1. Open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE). - -2. Type one of the following commands to load the cmdlets for the module you want: - - ---- - - - - - - - - - - - - - - - - - - - - -
App-V componentCommand to type

App-V Server

Import-Module AppvServer

App-V Sequencer

Import-Module AppvSequencer

App-V Client

Import-Module AppvClient

- - - -## Getting help for the PowerShell cmdlets -Starting in App-V 5.0 SP3, cmdlet help is available in two formats: - - ---- - - - - - - - - - - - - - - - - -
FormatDescription

As a downloadable module

To download the latest help after downloading the cmdlet module:

-
    -

  1. Open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE).

    2. -

  2. Type one of the following commands to load the cmdlets for the module you want:

    3. -
- ---- - - - - - - - - - - - - - - - - - - - - -
App-V componentCommand to type

App-V Server

Update-Help -Module AppvServer

App-V Sequencer

Update-Help -Module AppvSequencer

App-V Client

Update-Help -Module AppvClient

-

 

On TechNet as web pages

See the App-V node under Microsoft Desktop Optimization Pack Automation with Windows PowerShell.

- - - -## Displaying the help for a PowerShell cmdlet -To display help for a specific PowerShell cmdlet: - -1. Open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE). - -2. Type **Get-Help** <*cmdlet*>, for example, **Get-Help Publish-AppvClientPackage**. - -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue**? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - - - - - - - - - diff --git a/mdop/appv-v5/how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-51.md b/mdop/appv-v5/how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-51.md deleted file mode 100644 index c8f34160ab..0000000000 --- a/mdop/appv-v5/how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-51.md +++ /dev/null @@ -1,219 +0,0 @@ ---- -title: How to Load the PowerShell Cmdlets and Get Cmdlet Help -description: How to Load the PowerShell Cmdlets and Get Cmdlet Help -author: dansimp -ms.assetid: b6ae5460-2c3a-4030-b132-394d9d5a541e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 11/02/2016 ---- - - -# How to Load the PowerShell Cmdlets and Get Cmdlet Help - - -What this topic covers: - -- [Requirements for using PowerShell cmdlets](#bkmk-reqs-using-posh) - -- [Loading the PowerShell cmdlets](#bkmk-load-cmdlets) - -- [Getting help for the PowerShell cmdlets](#bkmk-get-cmdlet-help) - -- [Displaying the help for a PowerShell cmdlet](#bkmk-display-help-cmdlet) - -## Requirements for using PowerShell cmdlets - - -Review the following requirements for using the App-V PowerShell cmdlets: - - ---- - - - - - - - - - - - - - - - - - - - - -
RequirementDetails

Users can run App-V Server cmdlets only if you grant them access by using one of the following methods:

Cmdlets that require an elevated command prompt

    -

  • Add-AppvClientPackage

    • -

  • Remove-AppvClientPackage

    • -

  • Set-AppvClientConfiguration

    • -

  • Add-AppvClientConnectionGroup

    • -

  • Remove-AppvClientConnectionGroup

    • -

  • Add-AppvPublishingServer

    • -

  • Remove-AppvPublishingServer

    • -

  • Send-AppvClientReport

    • -

  • Set-AppvClientMode

    • -

  • Set-AppvClientPackage

    • -

  • Set-AppvPublishingServer

    • -

Cmdlets that end users can run, unless you configure them to require an elevated command prompt

    -

  • Publish-AppvClientPackage

    • -

  • Unpublish-AppvClientPackage

    • -
-

To configure these cmdlets to require an elevated command prompt, use one of the following methods:

- ---- - - - - - - - - - - - - - - - - -
MethodMore resources

Run the Set-AppvClientConfiguration cmdlet with the -RequirePublishAsAdmin parameter.

Enable the “Require publish as administrator” Group Policy setting for App-V Clients.

How to Publish a Package by Using the Management Console

-

 

- - - -## Loading the PowerShell cmdlets - -To load the PowerShell cmdlet modules: - -1. Open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE). - -2. Type one of the following commands to load the cmdlets for the module you want: - - ---- - - - - - - - - - - - - - - - - - - - - -
App-V componentCommand to type

App-V Server

Import-Module AppvServer

App-V Sequencer

Import-Module AppvSequencer

App-V Client

Import-Module AppvClient

- -## Getting help for the PowerShell cmdlets -Starting in App-V 5.0 SP3, cmdlet help is available in two formats: - - ---- - - - - - - - - - - - - - - - - -
FormatDescription

As a downloadable module

To download the latest help after downloading the cmdlet module:

-
    -

  1. Open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE).

    2. -

  2. Type one of the following commands to load the cmdlets for the module you want:

    3. -
- ---- - - - - - - - - - - - - - - - - - - - - -
App-V componentCommand to type

App-V Server

Update-Help -Module AppvServer

App-V Sequencer

Update-Help -Module AppvSequencer

App-V Client

Update-Help -Module AppvClient

-

 

On TechNet as web pages

See the App-V node under Microsoft Desktop Optimization Pack Automation with Windows PowerShell.

- -## Displaying the help for a PowerShell cmdlet -To display help for a specific PowerShell cmdlet: - -1. Open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE). - -2. Type **Get-Help** <*cmdlet*>, for example, **Get-Help Publish-AppvClientPackage**. - -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - - - - - - - - - diff --git a/mdop/appv-v5/how-to-make-a-connection-group-ignore-the-package-version.md b/mdop/appv-v5/how-to-make-a-connection-group-ignore-the-package-version.md deleted file mode 100644 index 5cfa258188..0000000000 --- a/mdop/appv-v5/how-to-make-a-connection-group-ignore-the-package-version.md +++ /dev/null @@ -1,112 +0,0 @@ ---- -title: How to Make a Connection Group Ignore the Package Version -description: How to Make a Connection Group Ignore the Package Version -author: dansimp -ms.assetid: 6ebc1bff-d190-4f4c-a6da-e09a4cca7874 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Make a Connection Group Ignore the Package Version - - -Microsoft Application Virtualization (App-V) 5.0 SP3 enables you to configure a connection group to use any version of a package, which simplifies package upgrades and reduces the number of connection groups you need to create. - -To upgrade a package in earlier versions of App-V, you had to perform several steps, including disabling the connection group and modifying the connection group’s XML definition file. - - ---- - - - - - - - - - - - - -
Task description with App-V 5.0 SP3How to perform the task with App-V 5.0 SP3

You can configure a connection group to accept any version of a package, which enables you to upgrade the package without having to disable the connection group.

-

How the feature works:

-
    -

  • If the connection group has access to multiple versions of a package, the latest version is used.

    • -

  • If the connection group contains an optional package that has an incorrect version, the package is ignored and won’t block the connection group’s virtual environment from being created.

    • -

  • If the connection group contains a non-optional package that has an incorrect version, the connection group’s virtual environment cannot be created.

    • -
 ---- - - - - - - - - - - - - - - - - -
MethodSteps

App-V Server – Management Console

    -

  1. In the Management Console, select PACKAGES > CONNECTION GROUPS.

    2. -

  2. Select the correct connection group from the Connection Groups library.

    3. -

  3. Click EDIT in the CONNECTED PACKAGES pane.

    4. -

  4. Select Use Any Version check box next to the package name, and click Apply.

    5. -
-

For more about adding or upgrading packages, see How to Add or Upgrade Packages by Using the Management Console.

App-V Client on a Stand-alone computer

    -

  1. Create the connection group XML document.

    2. -

  2. For the package to be upgraded, set the Package tag attribute VersionID to an asterisk (*).

    3. -

  3. Use the following cmdlet to add the connection group, and include the path to the connection group XML document:

    -

    Add-AppvClientConnectionGroup

    4. -

  4. When you upgrade a package, use the following cmdlets to remove the old package, add the upgraded package, and publish the upgraded package:

    -
      -

    • RemoveAppvClientPackage

      • -

    • Add-AppvClientPackage

      • -

    • Publish-AppvClientPackage

      • -
    5. -
-

For more information, see:

-
-

 

- - - - - - - - -## Related topics - - -[Managing Connection Groups](managing-connection-groups.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-make-a-connection-group-ignore-the-package-version51.md b/mdop/appv-v5/how-to-make-a-connection-group-ignore-the-package-version51.md deleted file mode 100644 index dd0494ceee..0000000000 --- a/mdop/appv-v5/how-to-make-a-connection-group-ignore-the-package-version51.md +++ /dev/null @@ -1,112 +0,0 @@ ---- -title: How to Make a Connection Group Ignore the Package Version -description: How to Make a Connection Group Ignore the Package Version -author: dansimp -ms.assetid: db16b095-dbe2-42c7-863d-b0d5d91b2f4c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Make a Connection Group Ignore the Package Version - - -Microsoft Application Virtualization (App-V) 5.1 lets you configure a connection group to use any version of a package, which simplifies package upgrades and reduces the number of connection groups you need to create. - -To upgrade a package in some earlier versions of App-V, you had to perform several steps, including disabling the connection group and modifying the connection group’s XML definition file. - - ---- - - - - - - - - - - - - -
Task description with App-V 5.1How to perform the task with App-V 5.1

You can configure a connection group to accept any version of a package, which enables you to upgrade the package without having to disable the connection group.

-

How the feature works:

-
    -

  • If the connection group has access to multiple versions of a package, the latest version is used.

    • -

  • If the connection group contains an optional package that has an incorrect version, the package is ignored and won’t block the connection group’s virtual environment from being created.

    • -

  • If the connection group contains a non-optional package that has an incorrect version, the connection group’s virtual environment cannot be created.

    • -
 ---- - - - - - - - - - - - - - - - - -
MethodSteps

App-V Server – Management Console

    -

  1. In the Management Console, select CONNECTION GROUPS.

    2. -

  2. Select the correct connection group from the Connection Groups library.

    3. -

  3. Click EDIT in the CONNECTED PACKAGES pane.

    4. -

  4. Select Use Any Version check box next to the package name, and click Apply.

    5. -
-

For more about adding or upgrading packages, see How to Add or Upgrade Packages by Using the Management Console.

App-V Client on a Stand-alone computer

    -

  1. Create the connection group XML document.

    2. -

  2. For the package to be upgraded, set the Package tag attribute VersionID to an asterisk (*).

    3. -

  3. Use the following cmdlet to add the connection group, and include the path to the connection group XML document:

    -

    Add-AppvClientConnectionGroup

    4. -

  4. When you upgrade a package, use the following cmdlets to remove the old package, add the upgraded package, and publish the upgraded package:

    -
      -

    • RemoveAppvClientPackage

      • -

    • Add-AppvClientPackage

      • -

    • Publish-AppvClientPackage

      • -
    5. -
-

For more information, see:

-
-

 

- - - - - - - - -## Related topics - - -[Managing Connection Groups](managing-connection-groups51.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-manage-app-v-50-packages-running-on-a-stand-alone-computer-by-using-powershell.md b/mdop/appv-v5/how-to-manage-app-v-50-packages-running-on-a-stand-alone-computer-by-using-powershell.md deleted file mode 100644 index ef45d7b6df..0000000000 --- a/mdop/appv-v5/how-to-manage-app-v-50-packages-running-on-a-stand-alone-computer-by-using-powershell.md +++ /dev/null @@ -1,299 +0,0 @@ ---- -title: How to Manage App-V 5.0 Packages Running on a Stand-Alone Computer by Using PowerShell -description: How to Manage App-V 5.0 Packages Running on a Stand-Alone Computer by Using PowerShell -author: dansimp -ms.assetid: 1d6c2d25-81ec-4ff8-9262-6b4cf484a376 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Manage App-V 5.0 Packages Running on a Stand-Alone Computer by Using PowerShell - - -The following sections explain how to perform various management tasks on a stand-alone client computer by using PowerShell: - -- [To return a list of packages](#bkmk-return-pkgs-standalone-posh) - -- [To add a package](#bkmk-add-pkgs-standalone-posh) - -- [To publish a package](#bkmk-pub-pkg-standalone-posh) - -- [To publish a package to a specific user](#bkmk-pub-pkg-a-user-standalone-posh) - -- [To add and publish a package](#bkmk-add-pub-pkg-standalone-posh) - -- [To unpublish an existing package](#bkmk-unpub-pkg-standalone-posh) - -- [To unpublish a package for a specific user](#bkmk-unpub-pkg-specfc-use) - -- [To remove an existing package](#bkmk-remove-pkg-standalone-posh) - -- [To enable only administrators to publish or unpublish packages](#bkmk-admins-pub-pkgs) - -- [Understanding pending packages (UserPending and GlobalPending)](#bkmk-understd-pend-pkgs) - -## To return a list of packages - - -Use the following information to return a list of packages that are entitled to a specific user: - -**Cmdlet**: Get-AppvClientPackage - -**Parameters**: -Name -Version -PackageID -VersionID - -**Example**: Get-AppvClientPackage –Name “ContosoApplication” -Version 2 - -## To add a package - - -Use the following information to add a package to a computer. - -**Important**   -This example only adds a package. It does not publish the package to the user or the computer. - - - -**Cmdlet**: Add-AppvClientPackage - -**Example**: $Contoso = Add-AppvClientPackage \\\\path\\to\\appv\\package.appv - -## To publish a package - - -Use the following information to publish a package that has been added to a specific user or globally to any user on the computer. - - ---- - - - - - - - - - - - - - - - - -
Publishing methodCmdlet and example

Publishing to the user

Cmdlet: Publish-AppvClientPackage

-

Example: Publish-AppvClientPackage “ContosoApplication”

Publishing globally

Cmdlet: Publish-AppvClientPackage

-

Example: Publish-AppvClientPackage “ContosoApplication” -Global

- - - -## To publish a package to a specific user - - -**Note**   -You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter. - - - -An administrator can publish a package to a specific user by specifying the optional **–UserSID** parameter with the **Publish-AppvClientPackage** cmdlet, where **-UserSID** represents the end user’s security identifier (SID). - -To use this parameter: - -- You can run this cmdlet from the user or administrator session. - -- You must be logged in with administrative credentials to use the parameter. - -- The end user must be logged in. - -- You must provide the end user’s security identifier (SID). - -**Cmdlet**: Publish-AppvClientPackage - -**Example**: Publish-AppvClientPackage “ContosoApplication” -UserSID S-1-2-34-56789012-3456789012-345678901-2345 - -## To add and publish a package - - -Use the following information to add a package to a computer and publish it to the user. - -**Cmdlet**: Add-AppvClientPackage - -**Example**: Add-AppvClientPackage \\\\path\\to\\appv\\package.appv | Publish-AppvClientPackage - -## To unpublish an existing package - - -Use the following information to unpublish a package which has been entitled to a user but not remove the package from the computer. - -**Cmdlet**: Unpublish-AppvClientPackage - -**Example**: Unpublish-AppvClientPackage “ContosoApplication” - -## To unpublish a package for a specific user - - -**Note**   -You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter. - - - -An administrator can unpublish a package for a specific user by using the optional **–UserSID** parameter with the **Unpublish-AppvClientPackage** cmdlet, where **-UserSID** represents the end user’s security identifier (SID). - -To use this parameter: - -- You can run this cmdlet from the user or administrator session. - -- You must be logged in with administrative credentials to use the parameter. - -- The end user must be logged in. - -- You must provide the end user’s security identifier (SID). - -**Cmdlet**: Unpublish-AppvClientPackage - -**Example**: Unpublish-AppvClientPackage “ContosoApplication” -UserSID S-1-2-34-56789012-3456789012-345678901-2345 - -## To remove an existing package - - -Use the following information to remove a package from the computer. - -**Cmdlet**: Remove-AppvClientPackage - -**Example**: Remove-AppvClientPackage “ContosoApplication” - -**Note**   -App-V cmdlets have been assigned to variables for the previous examples for clarity only; assignment is not a requirement. Most cmdlets can be combined as displayed in [To add and publish a package](#bkmk-add-pub-pkg-standalone-posh). For a detailed tutorial, see [App-V 5.0 Client PowerShell Deep Dive](https://go.microsoft.com/fwlink/?LinkId=324466). - - - -## To enable only administrators to publish or unpublish packages - - -**Note**   -**This feature is supported starting in App-V 5.0 SP3.** - - - -Use the following cmdlet and parameter to enable only administrators (not end users) to publish or unpublish packages: - - ---- - - - - - - - - - - -

Cmdlet

Set-AppvClientConfiguration

Parameter

-RequirePublishAsAdmin

-

Parameter values:

-
    -

  • 0 - False

    • -

  • 1 - True

    • -
-

Example:: Set-AppvClientConfiguration –RequirePublishAsAdmin1

- - - -To use the App-V Management console to set this configuration, see [How to Publish a Package by Using the Management Console](how-to-publish-a-package-by-using-the-management-console-50.md). - -## Understanding pending packages (UserPending and GlobalPending) - - -**Starting in App-V 5.0 SP2**: If you run a PowerShell cmdlet that affects a package that is currently in use, the task that you are trying to perform is placed in a pending state. For example, if you try to publish a package when an application in that package is being used, and then run **Get-AppvClientPackage**, the pending status appears in the cmdlet output as follows: - - ---- - - - - - - - - - - - - - - - - -
Cmdlet output itemDescription

UserPending

Indicates whether the listed package has a pending task that is being applied to the user:

-
    -

  • True

    • -

  • False

    • -

GlobalPending

Indicates whether the listed package has a pending task that is being applied globally to the computer:

-
    -

  • True

    • -

  • False

    • -
- - - -The pending task will run later, according to the following rules: - - ---- - - - - - - - - - - - - - - - - -
Task typeApplicable rule

User-based task, e.g., publishing a package to a user

The pending task will be performed after the user logs off and then logs back on.

Globally based task, e.g., enabling a connection group globally

The pending task will be performed when the computer is shut down and then restarted.

- - - -For more information about pending tasks, see [About App-V 5.0 SP2](about-app-v-50-sp2.md#bkmk-pkg-upgr-pendg-tasks). - -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - -[Administering App-V by Using PowerShell](administering-app-v-by-using-powershell.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-manage-app-v-51-packages-running-on-a-stand-alone-computer-by-using-powershell.md b/mdop/appv-v5/how-to-manage-app-v-51-packages-running-on-a-stand-alone-computer-by-using-powershell.md deleted file mode 100644 index fe66e53ac9..0000000000 --- a/mdop/appv-v5/how-to-manage-app-v-51-packages-running-on-a-stand-alone-computer-by-using-powershell.md +++ /dev/null @@ -1,299 +0,0 @@ ---- -title: How to Manage App-V 5.1 Packages Running on a Stand-Alone Computer by Using PowerShell -description: How to Manage App-V 5.1 Packages Running on a Stand-Alone Computer by Using PowerShell -author: dansimp -ms.assetid: c3fd06f6-102f-43d1-a577-d5ced6ac537d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Manage App-V 5.1 Packages Running on a Stand-Alone Computer by Using PowerShell - - -The following sections explain how to perform various management tasks on a stand-alone client computer by using PowerShell: - -- [To return a list of packages](#bkmk-return-pkgs-standalone-posh) - -- [To add a package](#bkmk-add-pkgs-standalone-posh) - -- [To publish a package](#bkmk-pub-pkg-standalone-posh) - -- [To publish a package to a specific user](#bkmk-pub-pkg-a-user-standalone-posh) - -- [To add and publish a package](#bkmk-add-pub-pkg-standalone-posh) - -- [To unpublish an existing package](#bkmk-unpub-pkg-standalone-posh) - -- [To unpublish a package for a specific user](#bkmk-unpub-pkg-specfc-use) - -- [To remove an existing package](#bkmk-remove-pkg-standalone-posh) - -- [To enable only administrators to publish or unpublish packages](#bkmk-admins-pub-pkgs) - -- [Understanding pending packages (UserPending and GlobalPending)](#bkmk-understd-pend-pkgs) - -## To return a list of packages - - -Use the following information to return a list of packages that are entitled to a specific user: - -**Cmdlet**: Get-AppvClientPackage - -**Parameters**: -Name -Version -PackageID -VersionID - -**Example**: Get-AppvClientPackage –Name “ContosoApplication” -Version 2 - -## To add a package - - -Use the following information to add a package to a computer. - -**Important**   -This example only adds a package. It does not publish the package to the user or the computer. - - - -**Cmdlet**: Add-AppvClientPackage - -**Example**: $Contoso = Add-AppvClientPackage \\\\path\\to\\appv\\package.appv - -## To publish a package - - -Use the following information to publish a package that has been added to a specific user or globally to any user on the computer. - - ---- - - - - - - - - - - - - - - - - -
Publishing methodCmdlet and example

Publishing to the user

Cmdlet: Publish-AppvClientPackage

-

Example: Publish-AppvClientPackage “ContosoApplication”

Publishing globally

Cmdlet: Publish-AppvClientPackage

-

Example: Publish-AppvClientPackage “ContosoApplication” -Global

- - - -## To publish a package to a specific user - - -**Note**   -You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter. - - - -An administrator can publish a package to a specific user by specifying the optional **–UserSID** parameter with the **Publish-AppvClientPackage** cmdlet, where **-UserSID** represents the end user’s security identifier (SID). - -To use this parameter: - -- You can run this cmdlet from the user or administrator session. - -- You must be logged in with administrative credentials to use the parameter. - -- The end user must be logged in. - -- You must provide the end user’s security identifier (SID). - -**Cmdlet**: Publish-AppvClientPackage - -**Example**: Publish-AppvClientPackage “ContosoApplication” -UserSID S-1-2-34-56789012-3456789012-345678901-2345 - -## To add and publish a package - - -Use the following information to add a package to a computer and publish it to the user. - -**Cmdlet**: Add-AppvClientPackage - -**Example**: Add-AppvClientPackage \\\\path\\to\\appv\\package.appv | Publish-AppvClientPackage - -## To unpublish an existing package - - -Use the following information to unpublish a package which has been entitled to a user but not remove the package from the computer. - -**Cmdlet**: Unpublish-AppvClientPackage - -**Example**: Unpublish-AppvClientPackage “ContosoApplication” - -## To unpublish a package for a specific user - - -**Note**   -You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter. - - - -An administrator can unpublish a package for a specific user by using the optional **–UserSID** parameter with the **Unpublish-AppvClientPackage** cmdlet, where **-UserSID** represents the end user’s security identifier (SID). - -To use this parameter: - -- You can run this cmdlet from the user or administrator session. - -- You must be logged in with administrative credentials to use the parameter. - -- The end user must be logged in. - -- You must provide the end user’s security identifier (SID). - -**Cmdlet**: Unpublish-AppvClientPackage - -**Example**: Unpublish-AppvClientPackage “ContosoApplication” -UserSID S-1-2-34-56789012-3456789012-345678901-2345 - -## To remove an existing package - - -Use the following information to remove a package from the computer. - -**Cmdlet**: Remove-AppvClientPackage - -**Example**: Remove-AppvClientPackage “ContosoApplication” - -**Note**   -App-V cmdlets have been assigned to variables for the previous examples for clarity only; assignment is not a requirement. Most cmdlets can be combined as displayed in [To add and publish a package](#bkmk-add-pub-pkg-standalone-posh). For a detailed tutorial, see [App-V 5.0 Client PowerShell Deep Dive](https://go.microsoft.com/fwlink/?LinkId=324466). - - - -## To enable only administrators to publish or unpublish packages - - -**Note**   -**This feature is supported starting in App-V 5.0 SP3.** - - - -Use the following cmdlet and parameter to enable only administrators (not end users) to publish or unpublish packages: - - ---- - - - - - - - - - - -

Cmdlet

Set-AppvClientConfiguration

Parameter

-RequirePublishAsAdmin

-

Parameter values:

-
    -

  • 0 - False

    • -

  • 1 - True

    • -
-

Example:: Set-AppvClientConfiguration –RequirePublishAsAdmin1

- - - -To use the App-V Management console to set this configuration, see [How to Publish a Package by Using the Management Console](how-to-publish-a-package-by-using-the-management-console-51.md). - -## Understanding pending packages (UserPending and GlobalPending) - - -**Starting in App-V 5.0 SP2**: If you run a PowerShell cmdlet that affects a package that is currently in use, the task that you are trying to perform is placed in a pending state. For example, if you try to publish a package when an application in that package is being used, and then run **Get-AppvClientPackage**, the pending status appears in the cmdlet output as follows: - - ---- - - - - - - - - - - - - - - - - -
Cmdlet output itemDescription

UserPending

Indicates whether the listed package has a pending task that is being applied to the user:

-
    -

  • True

    • -

  • False

    • -

GlobalPending

Indicates whether the listed package has a pending task that is being applied globally to the computer:

-
    -

  • True

    • -

  • False

    • -
- - - -The pending task will run later, according to the following rules: - - ---- - - - - - - - - - - - - - - - - -
Task typeApplicable rule

User-based task, e.g., publishing a package to a user

The pending task will be performed after the user logs off and then logs back on.

Globally based task, e.g., enabling a connection group globally

The pending task will be performed when the computer is shut down and then restarted.

- - - -For more information about pending tasks, see [About App-V 5.0 SP2](about-app-v-50-sp2.md#bkmk-pkg-upgr-pendg-tasks). - -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - -[Administering App-V 5.1 by Using PowerShell](administering-app-v-51-by-using-powershell.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-manage-connection-groups-on-a-stand-alone-computer-by-using-powershell.md b/mdop/appv-v5/how-to-manage-connection-groups-on-a-stand-alone-computer-by-using-powershell.md deleted file mode 100644 index 742f6905de..0000000000 --- a/mdop/appv-v5/how-to-manage-connection-groups-on-a-stand-alone-computer-by-using-powershell.md +++ /dev/null @@ -1,147 +0,0 @@ ---- -title: How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell -description: How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell -author: dansimp -ms.assetid: b73ae74d-8a6f-4bb3-b1f2-0067c7bd5212 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 11/01/2016 ---- - - -# How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell - - -An App-V connection group allows you to run all the virtual applications as a defined set of packages in a single virtual environment. For example, you can virtualize an application and its plug-ins by using separate packages, but run them together in a single connection group. - -A connection group XML file defines the connection group that runs on the computer where you’ve installed the App-V client. For information about the connection group XML file and how to configure it, see [About the Connection Group File](about-the-connection-group-file.md). - -This topic explains the following procedures: - -- [To add and publish the App-V packages in the connection group](#bkmk-add-pub-pkgs-in-cg) - -- [To add and enable the connection group on the App-V client](#bkmk-add-enable-cg-on-clt) - -- [To enable or disable a connection group for a specific user](#bkmk-enable-cg-for-user-poshtopic) - -- [To allow only administrators to enable connection groups](#bkmk-admin-only-posh-topic-cg) - -**To add and publish the App-V packages in the connection group** - -1. To add and publish the App-V 5.0 packages to the computer running the App-V client, type the following command: - - Add-AppvClientPackage –path c:\\tmpstore\\quartfin.appv | Publish-AppvClientPackage - -2. Repeat **step 1** of this procedure for each package in the connection group. - -**To add and enable the connection group on the App-V client** - -1. Add the connection group by typing the following command: - - Add-AppvClientConnectionGroup –path c:\\tmpstore\\financ.xml - -2. Enable the connection group by typing the following command: - - Enable-AppvClientConnectionGroup –name “Financial Applications” - - When any virtual applications that are in the member packages are run on the target computer, they will run inside the connection group’s virtual environment and will be available to all the virtual applications in the other packages in the connection group. - -**To enable or disable a connection group for a specific user** - -1. Review the parameter description and requirements: - - - The parameter enables an administrator to enable or disable a connection group for a specific user. - - - You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter. - - - You can run this cmdlet from the user or administrator session. - - - You must be logged in with administrative credentials to use the parameter. - - - The end user must be logged in. - - - You must provide the end user’s security identifier (SID). - -2. Use the following cmdlets, and add the optional **–UserSID** parameter, where **-UserSID** represents the end user’s security identifier (SID): - - - - - - - - - - - - - - - - - - - - - - -
CmdletExamples

Enable-AppVClientConnectionGroup

Enable-AppVClientConnectionGroup “ConnectionGroupA” -UserSID S-1-2-34-56789012-3456789012-345678901-2345

Disable -AppVClientConnectionGroup

Disable -AppVClientConnectionGroup “ConnectionGroupA” -UserSID S-1-2-34-56789012-3456789012-345678901-2345

- -**To allow only administrators to enable connection groups** - -1. Review the description and requirement for using this cmdlet: - - - Use this cmdlet and parameter to configure the App-V client to allow only administrators (not end users) to enable or disable connection groups. - - - You must be using at least App-V 5.0 SP3 to use this cmdlet. - -2. Run the following cmdlet and parameter: - - - - - - - - - - - - - - - - - - - - - -
CmdletParameter and valuesExample

Set-AppvClientConfiguration

–RequirePublishAsAdmin

-
    -

  • 0 - False

    • -

  • 1 - True

    • -

Set-AppvClientConfiguration –RequirePublishAsAdmin1

- - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - -[Administering App-V by Using PowerShell](administering-app-v-by-using-powershell.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-manage-connection-groups-on-a-stand-alone-computer-by-using-powershell51.md b/mdop/appv-v5/how-to-manage-connection-groups-on-a-stand-alone-computer-by-using-powershell51.md deleted file mode 100644 index fb63bd845f..0000000000 --- a/mdop/appv-v5/how-to-manage-connection-groups-on-a-stand-alone-computer-by-using-powershell51.md +++ /dev/null @@ -1,151 +0,0 @@ ---- -title: How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell -description: How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell -author: dansimp -ms.assetid: e1589eff-d306-40fb-a0ae-727190dafe26 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 11/01/2016 ---- - - -# How to Manage Connection Groups on a Stand-alone Computer by Using PowerShell - - -An App-V connection group allows you to run all the virtual applications as a defined set of packages in a single virtual environment. For example, you can virtualize an application and its plug-ins by using separate packages, but run them together in a single connection group. - -A connection group XML file defines the connection group that runs on the computer where you’ve installed the App-V client. For information about the connection group XML file and how to configure it, see [About the Connection Group File](about-the-connection-group-file51.md). - -This topic explains the following procedures: - -- [To add and publish the App-V packages in the connection group](#bkmk-add-pub-pkgs-in-cg) - -- [To add and enable the connection group on the App-V client](#bkmk-add-enable-cg-on-clt) - -- [To enable or disable a connection group for a specific user](#bkmk-enable-cg-for-user-poshtopic) - -- [To allow only administrators to enable connection groups](#bkmk-admin-only-posh-topic-cg) - -*To add and publish the App-V packages in the connection group** - -1. To add and publish the App-V 5.1 packages to the computer running the App-V client, type the following command: - - Add-AppvClientPackage –path c:\\tmpstore\\quartfin.appv | Publish-AppvClientPackage - -2. Repeat **step 1** of this procedure for each package in the connection group. - -**To add and enable the connection group on the App-V client** - -1. Add the connection group by typing the following command: - - Add-AppvClientConnectionGroup –path c:\\tmpstore\\financ.xml - -2. Enable the connection group by typing the following command: - - Enable-AppvClientConnectionGroup –name “Financial Applications” - - When any virtual applications that are in the member packages are run on the target computer, they will run inside the connection group’s virtual environment and will be available to all the virtual applications in the other packages in the connection group. - -**To enable or disable a connection group for a specific user** - -1. Review the parameter description and requirements: - - - The parameter enables an administrator to enable or disable a connection group for a specific user. - - - You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter. - - - You can run this cmdlet from the user or administrator session. - - - You must be logged in with administrative credentials to use the parameter. - - - The end user must be logged in. - - - You must provide the end user’s security identifier (SID). - -2. Use the following cmdlets, and add the optional **–UserSID** parameter, where **-UserSID** represents the end user’s security identifier (SID): - - - - - - - - - - - - - - - - - - - - - - -
CmdletExamples

Enable-AppVClientConnectionGroup

Enable-AppVClientConnectionGroup “ConnectionGroupA” -UserSID S-1-2-34-56789012-3456789012-345678901-2345

Disable -AppVClientConnectionGroup

Disable -AppVClientConnectionGroup “ConnectionGroupA” -UserSID S-1-2-34-56789012-3456789012-345678901-2345

- -**To allow only administrators to enable connection groups** - -1. Review the description and requirement for using this cmdlet: - - - Use this cmdlet and parameter to configure the App-V client to allow only administrators (not end users) to enable or disable connection groups. - - - You must be using at least App-V 5.0 SP3 to use this cmdlet. - -2. Run the following cmdlet and parameter: - - - - - - - - - - - - - - - - - - - - - -
CmdletParameter and valuesExample

Set-AppvClientConfiguration

–RequirePublishAsAdmin

-
    -

  • 0 - False

    • -

  • 1 - True

    • -

Set-AppvClientConfiguration –RequirePublishAsAdmin1

- - - -~~~ -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). -~~~ - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - -[Administering App-V 5.1 by Using PowerShell](administering-app-v-51-by-using-powershell.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-50-package-for-all-users-on-a-specific-computer.md b/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-50-package-for-all-users-on-a-specific-computer.md deleted file mode 100644 index 08be8a6ee4..0000000000 --- a/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-50-package-for-all-users-on-a-specific-computer.md +++ /dev/null @@ -1,77 +0,0 @@ ---- -title: How to Migrate Extension Points From an App-V 4.6 Package to a Converted App-V 5.0 Package for All Users on a Specific Computer -description: How to Migrate Extension Points From an App-V 4.6 Package to a Converted App-V 5.0 Package for All Users on a Specific Computer -ms.assetid: 3ae9996f-71d9-4ca1-9aab-25b599158e55 -ms.reviewer: -manager: dansimp -ms.author: dansimp -author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/21/2016 ---- - -# How to Migrate Extension Points From an App-V 4.6 Package to a Converted App-V 5.0 Package for All Users on a Specific Computer - -**Note:** App-V 4.6 has exited Mainstream support. - -Use the following procedure to migrate extension points from an App-V 4.6 package to a App-V 5.0 package using the deployment configuration file. - -**Note**   -The following procedure does not require an App-V 5.0 management server. - - - -**To migrate extension points from a package from an App-V 4.6 package to a converted App-V 5.0 package using the deployment configuration file** - -1. Locate the directory that contains the deployment configuration file for the package you want to migrate. To set the policy, make the following update to the **userConfiguration** section: - - **ManagingAuthority TakeoverExtensionPointsFrom46="true" PackageName=<Package ID>** - - The following is an example of content from a deployment configuration file: - - <?xml version="1.0" ?> - - <DeploymentConfiguration - - xmlns="" PackageId=<Package ID> DisplayName=<Display Name> - - <MachineConfiguration/> - - <UserConfiguration> - - <ManagingAuthority TakeoverExtensionPointsFrom46="true" - - PackageName=<Package ID> - - </UserConfiguration> - - </DeploymentConfiguration> - -2. To add the App-V 5.0 package, in an elevated PowerShell command prompt type: - - PS>**$pkg= Add-AppvClientPackage** **–Path** <Path to package location> -**DynamicDeploymentConfiguration** <Path to the deployment configuration file> - - PS>**Publish-AppVClientPackage $pkg** - -3. To test the migration, open the virtual application using associated FTAs or shortcuts. The application opens with App-V 5.0. Both, the App-V 4.6 package and the converted App-V 5.0 package are published to the user, but the FTAs and shortcuts for the applications have been assumed by the App-V 5.0 package. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[How to Revert Extension Points from an App-V 5.0 Package to an App-V 4.6 Package For All Users on a Specific Computer](how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-all-users-on-a-specific-computer.md) - -[Operations for App-V 5.0](operations-for-app-v-50.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-51-package-for-all-users-on-a-specific-computer.md b/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-51-package-for-all-users-on-a-specific-computer.md deleted file mode 100644 index 3a18c1b154..0000000000 --- a/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-51-package-for-all-users-on-a-specific-computer.md +++ /dev/null @@ -1,78 +0,0 @@ ---- -title: How to Migrate Extension Points From an App-V 4.6 Package to a Converted App-V 5.1 Package for All Users on a Specific Computer -description: How to Migrate Extension Points From an App-V 4.6 Package to a Converted App-V 5.1 Package for All Users on a Specific Computer -author: dansimp -ms.assetid: 4ef823a5-3106-44c5-aecc-29edf69c2fbb -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/21/2016 ---- - - -# How to Migrate Extension Points From an App-V 4.6 Package to a Converted App-V 5.1 Package for All Users on a Specific Computer - - -Use the following procedure to migrate extension points from an App-V 4.6 package to a App-V 5.1 package using the deployment configuration file. - -**Note**   -This procedure assumes that you are running the latest version of App-V 4.6. -The following procedure does not require an App-V 5.1 management server. - - - -**To migrate extension points from a package from an App-V 4.6 package to a converted App-V 5.1 package using the deployment configuration file** - -1. Locate the directory that contains the deployment configuration file for the package you want to migrate. To set the policy, make the following update to the **userConfiguration** section: - - **ManagingAuthority TakeoverExtensionPointsFrom46="true" PackageName=<Package ID>** - - The following is an example of content from a deployment configuration file: - - <?xml version="1.0" ?> - - <DeploymentConfiguration - - xmlns="" PackageId=<Package ID> DisplayName=<Display Name> - - <MachineConfiguration/> - - <UserConfiguration> - - <ManagingAuthority TakeoverExtensionPointsFrom46="true" - - PackageName=<Package ID> - - </UserConfiguration> - - </DeploymentConfiguration> - -2. To add the App-V 5.1 package, in an elevated PowerShell command prompt type: - - PS>**$pkg= Add-AppvClientPackage** **–Path** <Path to package location> -**DynamicDeploymentConfiguration** <Path to the deployment configuration file> - - PS>**Publish-AppVClientPackage $pkg** - -3. To test the migration, open the virtual application using associated FTAs or shortcuts. The application opens with App-V 5.1. Both, the App-V 4.6 package and the converted App-V 5.1 package are published to the user, but the FTAs and shortcuts for the applications have been assumed by the App-V 5.1 package. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[How to Revert Extension Points from an App-V 5.1 Package to an App-V 4.6 Package For All Users on a Specific Computer](how-to-revert-extension-points-from-an-app-v-51-package-to-an-app-v-46-package-for-all-users-on-a-specific-computer.md) - -[Operations for App-V 5.1](operations-for-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-50-for-a-specific-user.md b/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-50-for-a-specific-user.md deleted file mode 100644 index 6e636ec80a..0000000000 --- a/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-50-for-a-specific-user.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: How to Migrate Extension Points From an App-V 4.6 Package to App-V 5.0 for a Specific User -description: How to Migrate Extension Points From an App-V 4.6 Package to App-V 5.0 for a Specific User -ms.assetid: dad25992-3c75-4b7d-b4c6-c2edf43baaea -ms.reviewer: -manager: dansimp -ms.author: dansimp -author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/21/2016 ---- - -# How to Migrate Extension Points From an App-V 4.6 Package to App-V 5.0 for a Specific User - -*Note:** App-V 4.6 has exited Mainstream support. - -Use the following procedure to migrate packages created with App-V using the user configuration file. - -**To convert a package** - -1. Locate the user configuration file for the package you want to convert. To set the policy, perform the following updates in the **userConfiguration** section: **ManagingAuthority TakeoverExtensionPointsFrom46="true" PackageName=<Package ID>**. - - The following is an example of a user configuration file: - - <?xml version="1.0" ?> - - <UserConfiguration PackageId=<Package ID> DisplayName=<Name of the Package> - - xmlns="; <ManagingAuthority TakeoverExtensionPointsFrom46="true" - - PackageName=<Package ID> - - </UserConfiguration> - -2. To add the App-V 5.0 package type the following in an elevated PowerShell command prompt: - - PS>**$pkg= Add-AppvClientPackage –Path** <Path to package location> - - PS>**Publish-AppVClientPackage $pkg -DynamicUserConfiguration** <Path to the user configuration file> - -3. Open the application using FTAs or shortcuts now. The application should open using App-V 5.0. - - The App-V SP2 package and the converted App-V 5.0 package are published to the user, but the FTAs and shortcuts for the applications have been assumed by the App-V 5.0 package. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-51-for-a-specific-user.md b/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-51-for-a-specific-user.md deleted file mode 100644 index cbec1bdbe6..0000000000 --- a/mdop/appv-v5/how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-51-for-a-specific-user.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: How to Migrate Extension Points From an App-V 4.6 Package to App-V 5.1 for a Specific User -description: How to Migrate Extension Points From an App-V 4.6 Package to App-V 5.1 for a Specific User -author: dansimp -ms.assetid: 19da3776-5ebe-41e1-9890-12b84ef3c1c7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/21/2016 ---- - - -# How to Migrate Extension Points From an App-V 4.6 Package to App-V 5.1 for a Specific User - - -Use the following procedure to migrate packages created with App-V using the user configuration file. - -**Note**   -This procedure assumes that you are running the latest version of App-V 4.6. - -**To convert a package** - -1. Locate the user configuration file for the package you want to convert. To set the policy, perform the following updates in the **userConfiguration** section: **ManagingAuthority TakeoverExtensionPointsFrom46="true" PackageName=<Package ID>**. - - The following is an example of a user configuration file: - - <?xml version="1.0" ?> - - <UserConfiguration PackageId=<Package ID> DisplayName=<Name of the Package> - - xmlns="; <ManagingAuthority TakeoverExtensionPointsFrom46="true" - - PackageName=<Package ID> - - </UserConfiguration> - -2. To add the App-V 5.1 package, type the following in an elevated PowerShell command prompt window: - - PS>**$pkg= Add-AppvClientPackage –Path** <Path to package location> - - PS>**Publish-AppVClientPackage $pkg -DynamicUserConfiguration** <Path to the user configuration file> - -3. Open the application using FTAs or shortcuts now. The application should open using App-V 5.1. - - The App-V 4.6 package and the converted App-V 5.1 package are published to the user, but the FTAs and shortcuts for the applications have been assumed by the App-V 5.1 package. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - -[How to Revert Extension Points From an App-V 5.1 Package to an App-V 4.6 Package for a Specific User](how-to-revert-extension-points-from-an-app-v-51-package-to-an-app-v-46-package-for-a-specific-user.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-modify-an-existing-virtual-application-package-51.md b/mdop/appv-v5/how-to-modify-an-existing-virtual-application-package-51.md deleted file mode 100644 index 8a537ea939..0000000000 --- a/mdop/appv-v5/how-to-modify-an-existing-virtual-application-package-51.md +++ /dev/null @@ -1,168 +0,0 @@ ---- -title: How to Modify an Existing Virtual Application Package -description: How to Modify an Existing Virtual Application Package -author: dansimp -ms.assetid: 6cdeec00-e4fe-4210-b4c7-6ca1ac643ddd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 11/01/2016 ---- - - -# How to Modify an Existing Virtual Application Package - - -This topic explains how to: - -- [Update an application in an existing virtual application package](#bkmk-update-app-in-pkg) - -- [Modify the properties associated with an existing virtual application package](#bkmk-chg-props-in-pkg) - -- [Add a new application to an existing virtual application package](#bkmk-add-app-to-pkg) - -**Before you update a package:** - -- Ensure that you’ve installed the Microsoft Application Virtualization (App-V) Sequencer, which is required for modifying a virtual application package. To install the App-V Sequencer, see [How to Install the Sequencer](how-to-install-the-sequencer-51beta-gb18030.md). - -- Save the .appv file in a secure location and always trust the source before trying to open the package for editing. - -- The Managing Authority section is erroneously removed from the deployment configuration file when you update a package. Before starting the update, copy the Managing Authority section from the existing deployment configuration file, and then paste the copied section into the new configuration file after the conversion is complete. - -- If you click **Modify an Existing Virtual Application Package** in the Sequencer in order to edit a package, but then make no changes and close the package, the streaming behavior of the package is changed. The primary feature block is removed from the StreamMap.xml file, and any files that were listed in the publishing feature block are removed. Users who receive the edited package experience that package as if it were stream-faulted, regardless of how the original package was configured. - -**Update an application in an existing virtual application package** - -1. On the computer that runs the sequencer, click **All Programs**, point to **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**. - -2. In the App-V Sequencer, click **Modify an Existing Virtual Application Package** > **Next**. - -3. On the **Select Task** page, click **Update Application in Existing Package** > **Next**. - -4. On the **Select Package** page, click **Browse** to locate the virtual application package that contains the application to update, and then click **Next**. - -5. On the **Prepare Computer** page, review the issues that could cause the application update to fail or cause the updated application to contain unnecessary data. Resolve all potential issues before you continue. After making any corrections and resolving all potential issues, click **Refresh** > **Next**. - - **Important**   - If you are required to disable virus scanning software, first scan the computer that runs the sequencer to ensure that no unwanted or malicious files are added to the package. - -6. On the **Select Installer** page, click **Browse** and specify the update installation file for the application. If the update does not have an associated installer file, and if you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**. - -7. On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the application update so the sequencer can monitor the installation process. If additional installation files must be run as part of the installation, click **Run**, and then locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**. Click **Next**. - - **Note**   - The sequencer monitors all changes and installations that occur on the computer that runs the sequencer. This includes any changes and installations that are performed outside of the sequencing wizard. - -8. On the **Installation Report** page, you can review information about the updated virtual application. In **Additional Information**, double-click the event to obtain more detailed information. To proceed, click **Next**. - -9. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all of the applications to run. After all applications have run, close each of the applications, and then click **Next**. - - **Note**   - You can stop an application from loading during this step. In the **Application Launch** dialog box, click **Stop**, and then select either **Stop all applications** or **Stop this application only**.   - -10. On the **Create Package** page, to modify the package without saving it, select the check box for **Continue to modify package without saving using the package editor**. When you select this option, the package opens in the App-V Sequencer console, where you can modify the package before it is saved. Click **Next**. - - To save the package immediately, select the default **Save the package now**. Add optional **Comments** to associate with the package. Comments are useful to identify the application version and provide other information about the package. The default **Save Location** is also displayed. To change the default location, click **Browse** and specify the new location. Click **Create**. - -11. On the **Completion** page, click **Close** to close the wizard. The package is now available in the sequencer. - -**Modify the properties associated with an existing virtual application package** - -1. On the computer that runs the sequencer, click **All Programs**, point to **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**. - -2. In the App-V Sequencer, click **Modify an Existing Virtual Application Package** > **Next**. - -3. On the **Select Task** page, click **Edit Package** > **Next**. - -4. On the **Select Package** page, click **Browse** to locate the virtual application package that contains the application properties to modify, and then click **Edit**. - -5. In the App-V Sequencer console, perform any of the following tasks as needed: - - - Import and export the manifest file. - - - Enable or disable Browser Helper Objects. - - - Import or export a VFS file. - - - Import a directory into the virtual file system. - - - Import and export virtual registry keys. - - - View package properties. - - - View associated package files. - - - Edit registry settings. - - - Review additional package settings (except operating system file properties). - - - Set virtualized registry key state (override or merge). - - - Set virtualized folder state. - - - Add or edit shortcuts and file type associations. - - **Note**   - To edit shortcuts or file type associations, you must first open the package for upgrade to add a new application, and then proceed to the final editing page. - -6. When you finish changing the package properties, click **File** > **Save** to save the package. - -**Add a new application to an existing virtual application package** - -1. On the computer that runs the sequencer, click **All Programs**, point to **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**. - -2. In the App-V Sequencer, click **Modify an Existing Virtual Application Package** > **Next**. - -3. On the **Select Task** page, click **Add New Application** > **Next**. - -4. On the **Select Package** page, click **Browse** to locate the virtual application package to which you will add the application, and then click **Next**. - -5. On the **Prepare Computer** page, review the issues that could cause the package creation to fail or cause the revised package to contain unnecessary data. Resolve all potential issues before you continue. After making any corrections and resolving all potential issues, click **Refresh** > **Next**. - - **Important**   - If you are required to disable virus scanning software, first scan the computer that runs the sequencer to ensure that no unwanted or malicious files can be added to the package. - -6. On the **Select Installer** page, click **Browse** and specify the installation file for the application. If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**. - -7. On the **Installation** page, when the sequencer and application installer are ready, install the application so that the sequencer can monitor the installation process. If additional installation files must be run as part of the installation, click **Run**, and locate and run the additional installation files. When you finish the installation, select **I am finished installing** > **Next**. In the **Browse for Folder** dialog box, specify the primary directory where the application will be installed. Ensure that this is a new location so that you don’t overwrite the existing version of the virtual application package. - - **Note**   - The sequencer monitors all changes and installations that occur on the computer that runs the sequencer. This includes any changes and installations that are performed outside of the sequencing wizard. - -8. On the **Configure Software** page, optionally run the programs contained in the package. This step completes any associated license or configuration tasks that are required to run the application before you deploy and run the package on target computers. To run all the programs at the same time, select at least one program, and then click **Run All**. To run specific programs, select the program or programs you want to run, and then click **Run Selected**. Complete the required configuration tasks and then close the applications. It can take several minutes for all programs to run. Click **Next**. - -9. On the **Installation Report** page, you can review information about the updated virtual application. In **Additional Information**, double-click the event to obtain more detailed information, and then click **Next** to open the **Customize** page. - -10. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 13 of this procedure. If you want to perform the following described customization, click **Customize**. - - If you are customizing, prepare the virtual package for streaming, and then click **Next**. Streaming improves the experience when the virtual application package is run on target computers. - -11. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all the applications to run. After all applications have run, close each of the applications, and then click **Next**. - - **Note**   - You can stop an application from loading during this step. In the **Application Launch** dialog box, click **Stop** and then select either **Stop all applications** or **Stop this application only**. - -12. On the **Create Package** page, to modify the package without saving it, select the **Continue to modify package without saving using the package editor** check box. Selecting this option opens the package in the App-V Sequencer console, where you can modify the package before saving it. Click **Next**. - - To save the package immediately, select the default **Save the package now**. Add optional **Comments** to associate with the package. Comments are useful for providing application versions and other information about the package. The default **Save Location** is also displayed. To change the default location, click **Browse** and specify the new location. The uncompressed package size is displayed. Click **Create**. - -13. On the **Completion** page, click **Close**. The package is now available in the sequencer. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - -[Operations for App-V 5.1](operations-for-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-modify-an-existing-virtual-application-package-beta.md b/mdop/appv-v5/how-to-modify-an-existing-virtual-application-package-beta.md deleted file mode 100644 index cb4d6428ca..0000000000 --- a/mdop/appv-v5/how-to-modify-an-existing-virtual-application-package-beta.md +++ /dev/null @@ -1,158 +0,0 @@ ---- -title: How to Modify an Existing Virtual Application Package -description: How to Modify an Existing Virtual Application Package -author: dansimp -ms.assetid: 86b0fe21-52b0-4a9c-9a66-c78935fe74f1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 11/01/2016 ---- - - -# How to Modify an Existing Virtual Application Package - - -This topic explains how to: - -- [Update an application in an existing virtual application package](#bkmk-update-app-in-pkg) - -- [Modify the properties associated with an existing virtual application package](#bkmk-chg-props-in-pkg) - -- [Add a new application to an existing virtual application package](#bkmk-add-app-to-pkg) - -**Before you update a package:** - -- Ensure that you’ve installed the Microsoft Application Virtualization (App-V) Sequencer, which is required for modifying a virtual application package. To install the App-V Sequencer, see [How to Install the Sequencer](how-to-install-the-sequencer-beta-gb18030.md). - -- Save the .appv file in a secure location and always trust the source before trying to open the package for editing. - -- The Managing Authority section is erroneously removed from the deployment configuration file when you update a package. Before starting the update, copy the Managing Authority section from the existing deployment configuration file, and then paste the copied section into the new configuration file after the conversion is complete. - -- If you click **Modify an Existing Virtual Application Package** in the Sequencer in order to edit a package, but then make no changes and close the package, the streaming behavior of the package is changed. The primary feature block is removed from the StreamMap.xml file, and any files that were listed in the publishing feature block are removed. Users who receive the edited package experience that package as if it were stream-faulted, regardless of how the original package was configured. - -**Update an application in an existing virtual application package** - -1. On the computer that runs the sequencer, click **All Programs**, point to **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**. - -2. In the App-V Sequencer, click **Modify an Existing Virtual Application Package** > **Next**. - -3. On the **Select Task** page, click **Update Application in Existing Package** > **Next**. - -4. On the **Select Package** page, click **Browse** to locate the virtual application package that contains the application to update, and then click **Next**. - -5. On the **Prepare Computer** page, review the issues that could cause the application update to fail or cause the updated application to contain unnecessary data. Resolve all potential issues before you continue. After making any corrections and resolving all potential issues, click **Refresh** > **Next**. - - **Important**   - If you are required to disable virus scanning software, first scan the computer that runs the sequencer to ensure that no unwanted or malicious files are added to the package. - -6. On the **Select Installer** page, click **Browse** and specify the update installation file for the application. If the update does not have an associated installer file, and if you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**. - -7. On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the application update so the sequencer can monitor the installation process. If additional installation files must be run as part of the installation, click **Run**, and then locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**. Click **Next**. - - **Note**   - The sequencer monitors all changes and installations that occur on the computer that runs the sequencer. This includes any changes and installations that are performed outside of the sequencing wizard. - -8. On the **Installation Report** page, you can review information about the updated virtual application. In **Additional Information**, double-click the event to obtain more detailed information. To proceed, click **Next**. - -9. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all of the applications to run. After all applications have run, close each of the applications, and then click **Next**. - - **Note**   - You can stop an application from loading during this step. In the **Application Launch** dialog box, click **Stop**, and then select either **Stop all applications** or **Stop this application only**. - -10. On the **Create Package** page, to modify the package without saving it, select the check box for **Continue to modify package without saving using the package editor**. When you select this option, the package opens in the App-V Sequencer console, where you can modify the package before it is saved. Click **Next**. - - To save the package immediately, select the default **Save the package now**. Add optional **Comments** to associate with the package. Comments are useful to identify the application version and provide other information about the package. The default **Save Location** is also displayed. To change the default location, click **Browse** and specify the new location. Click **Create**. - -11. On the **Completion** page, click **Close** to close the wizard. The package is now available in the sequencer. - -**Modify the properties associated with an existing virtual application package** - -1. On the computer that runs the sequencer, click **All Programs**, point to **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**. - -2. In the App-V Sequencer, click **Modify an Existing Virtual Application Package** > **Next**. - -3. On the **Select Task** page, click **Edit Package** > **Next**. - -4. On the **Select Package** page, click **Browse** to locate the virtual application package that contains the application properties to modify, and then click **Edit**. - -5. In the App-V Sequencer console, perform any of the following tasks as needed: - - - View package properties. - - - View associated package files. - - - Edit registry settings. - - - Review additional package settings (except operating system file properties). - - - Set virtualized registry key state (override or merge). - - - Set virtualized folder state. - - - Add or edit shortcuts and file type associations. - - **Note**   - To edit shortcuts or file type associations, you must first open the package for upgrade to add a new application, and then proceed to the final editing page. - -6. When you finish changing the package properties, click **File** > **Save** to save the package. - -**Add a new application to an existing virtual application package** - -1. On the computer that runs the sequencer, click **All Programs**, point to **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**. - -2. In the App-V Sequencer, click **Modify an Existing Virtual Application Package** > **Next**. - -3. On the **Select Task** page, click **Add New Application** > **Next**. - -4. On the **Select Package** page, click **Browse** to locate the virtual application package to which you will add the application, and then click **Next**. - -5. On the **Prepare Computer** page, review the issues that could cause the package creation to fail or cause the revised package to contain unnecessary data. Resolve all potential issues before you continue. After making any corrections and resolving all potential issues, click **Refresh** > **Next**. - - **Important**   - If you are required to disable virus scanning software, first scan the computer that runs the sequencer to ensure that no unwanted or malicious files can be added to the package. - -6. On the **Select Installer** page, click **Browse** and specify the installation file for the application. If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**. - -7. On the **Installation** page, when the sequencer and application installer are ready, install the application so that the sequencer can monitor the installation process. If additional installation files must be run as part of the installation, click **Run**, and locate and run the additional installation files. When you finish the installation, select **I am finished installing** > **Next**. In the **Browse for Folder** dialog box, specify the primary directory where the application will be installed. Ensure that this is a new location so that you don’t overwrite the existing version of the virtual application package. - - **Note**   - The sequencer monitors all changes and installations that occur on the computer that runs the sequencer. This includes any changes and installations that are performed outside of the sequencing wizard. - -8. On the **Configure Software** page, optionally run the programs contained in the package. This step completes any associated license or configuration tasks that are required to run the application before you deploy and run the package on target computers. To run all the programs at the same time, select at least one program, and then click **Run All**. To run specific programs, select the program or programs you want to run, and then click **Run Selected**. Complete the required configuration tasks and then close the applications. It can take several minutes for all programs to run. Click **Next**. - -9. On the **Installation Report** page, you can review information about the updated virtual application. In **Additional Information**, double-click the event to obtain more detailed information, and then click **Next** to open the **Customize** page. - -10. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 13 of this procedure. If you want to perform the following described customization, click **Customize**. - - If you are customizing, prepare the virtual package for streaming, and then click **Next**. Streaming improves the experience when the virtual application package is run on target computers. - -11. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all the applications to run. After all applications have run, close each of the applications, and then click **Next**. - - **Note**   - You can stop an application from loading during this step. In the **Application Launch** dialog box, click **Stop** and then select either **Stop all applications** or **Stop this application only**. - -12. On the **Create Package** page, to modify the package without saving it, select the **Continue to modify package without saving using the package editor** check box. Selecting this option opens the package in the App-V Sequencer console, where you can modify the package before saving it. Click **Next**. - - To save the package immediately, select the default **Save the package now**. Add optional **Comments** to associate with the package. Comments are useful for providing application versions and other information about the package. The default **Save Location** is also displayed. To change the default location, click **Browse** and specify the new location. The uncompressed package size is displayed. Click **Create**. - -13. On the **Completion** page, click **Close**. The package is now available in the sequencer. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - -[Operations for App-V 5.0](operations-for-app-v-50.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-modify-app-v-50-client-configuration-using-the-admx-template-and-group-policy.md b/mdop/appv-v5/how-to-modify-app-v-50-client-configuration-using-the-admx-template-and-group-policy.md deleted file mode 100644 index 8ad3680354..0000000000 --- a/mdop/appv-v5/how-to-modify-app-v-50-client-configuration-using-the-admx-template-and-group-policy.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -title: How to Modify App-V 5.0 Client Configuration Using the ADMX Template and Group Policy -description: How to Modify App-V 5.0 Client Configuration Using the ADMX Template and Group Policy -author: dansimp -ms.assetid: 79d03a2b-2586-4ca7-bbaa-bdeb0a694279 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Modify App-V 5.0 Client Configuration Using the ADMX Template and Group Policy - - -Use the App-V 5.0 ADMX template to configure App-V 5.0 client settings using the ADMX Template and Group Policy. - -**To modify App-V 5.0 client configuration using Group Policy** - -1. To modify the App-V 5.0 client configuration, locate the **ADMXTemplate** files that are available with App-V 5.0. - - **Note**   - Use the following link to download the App-V 5.0 **ADMX Templates**: . - - - -2. On the computer where you manage group Policy, typically the domain controller, copy the template **.admx** file to the following directory: **<Installation Drive> \\ Windows \\ PolicyDefinitions**. - - Next, on the same computer, copy the **.adml** file to the following directory: **<InstallationDrive> \\ Windows \\ PolicyDefinitions \\ en-US**. - -3. After you have copied the files open the Group Policy Management Console, to modify the policies associated with your App-V 5.0 clients browse to **Computer Configuration** / **Policies** / **Administrative Templates** / **System** / **App-V**. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Deploying App-V 5.0](deploying-app-v-50.md) - -[About Client Configuration Settings](about-client-configuration-settings.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-modify-app-v-51-client-configuration-using-the-admx-template-and-group-policy.md b/mdop/appv-v5/how-to-modify-app-v-51-client-configuration-using-the-admx-template-and-group-policy.md deleted file mode 100644 index b316fe6660..0000000000 --- a/mdop/appv-v5/how-to-modify-app-v-51-client-configuration-using-the-admx-template-and-group-policy.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -title: How to Modify App-V 5.1 Client Configuration Using the ADMX Template and Group Policy -description: How to Modify App-V 5.1 Client Configuration Using the ADMX Template and Group Policy -author: dansimp -ms.assetid: 0d9cf13a-b29c-4c87-a776-15fea34027dd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Modify App-V 5.1 Client Configuration Using the ADMX Template and Group Policy - - -Use the Microsoft Application Virtualization (App-V) 5.1 ADMX template to configure App-V 5.1 client settings using the ADMX Template and Group Policy. - -**To modify App-V 5.1 client configuration using Group Policy** - -1. To modify the App-V 5.1 client configuration, locate the **ADMXTemplate** files that are available with App-V 5.1. - - **Note**   - Use the following link to download the App-V 5.1 **ADMX Templates**: . - - - -2. On the computer where you manage group Policy, typically the domain controller, copy the template **.admx** file to the following directory: **<Installation Drive> \\ Windows \\ PolicyDefinitions**. - - Next, on the same computer, copy the **.adml** file to the following directory: **<InstallationDrive> \\ Windows \\ PolicyDefinitions \\ en-US**. - -3. After you have copied the files open the Group Policy Management Console, to modify the policies associated with your App-V 5.1 clients browse to **Computer Configuration** / **Policies** / **Administrative Templates** / **System** / **App-V**. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Deploying App-V 5.1](deploying-app-v-51.md) - -[About Client Configuration Settings](about-client-configuration-settings51.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell.md b/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell.md deleted file mode 100644 index b51429c229..0000000000 --- a/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: How to Modify Client Configuration by Using PowerShell -description: How to Modify Client Configuration by Using PowerShell -author: dansimp -ms.assetid: 53ccb2cf-ef81-4310-a853-efcb395f006e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Modify Client Configuration by Using PowerShell - - -Use the following procedure to configure the App-V 5.0 client configuration. - -**To modify App-V 5.0 client configuration using PowerShell** - -1. To configure the client settings using PowerShell, use the **Set-AppvClientConfiguration** cmdlet. - -2. To modify the client configuration, open a PowerShell Command prompt and run the following cmdlet **Set-AppvClientConfiguration** with any required parameters. For example: - - `$config = Get-AppvClientConfiguration` - - `Set-AppvClientConfiguration $config` - - `Set-AppvClientConfiguration –AutoLoad 2` - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell51.md b/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell51.md deleted file mode 100644 index ba031caf40..0000000000 --- a/mdop/appv-v5/how-to-modify-client-configuration-by-using-powershell51.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: How to Modify Client Configuration by Using PowerShell -description: How to Modify Client Configuration by Using PowerShell -author: dansimp -ms.assetid: c3a59592-bb0d-43b6-8f4e-44f3a2d5b7ea -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Modify Client Configuration by Using PowerShell - - -Use the following procedure to configure the App-V 5.1 client configuration. - -**To modify App-V 5.1 client configuration using PowerShell** - -1. To configure the client settings using PowerShell, use the **Set-AppvClientConfiguration** cmdlet. For more information about installing PowerShell, and a list of cmdlets see, [How to Load the PowerShell Cmdlets and Get Cmdlet Help](how-to-load-the-powershell-cmdlets-and-get-cmdlet-help-51.md). - -2. To modify the client configuration, open a PowerShell Command prompt and run the following cmdlet **Set-AppvClientConfiguration** with any required parameters. For example: - - `$config = Get-AppvClientConfiguration` - - `Set-AppvClientConfiguration $config` - - `Set-AppvClientConfiguration –AutoLoad 2` - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-move-the-app-v-server-to-another-computer.md b/mdop/appv-v5/how-to-move-the-app-v-server-to-another-computer.md deleted file mode 100644 index 75439a513b..0000000000 --- a/mdop/appv-v5/how-to-move-the-app-v-server-to-another-computer.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: How to Move the App-V Server to Another Computer -description: How to Move the App-V Server to Another Computer -author: dansimp -ms.assetid: 4fda21be-4d6b-499c-a38a-5afd57b34a47 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Move the App-V Server to Another Computer - - -Use the following information to create a new management server console in your environment. - -## To create a new management server console - - -The following list displays the steps necessary to create a new management server console: - -1. Install the management server on a computer in your environment. For more information about installing the management server see [Deploying the App-V 5.0 Server](deploying-the-app-v-50-server.md). - -2. After you have completed the installation, use the following link to connect it to the App-V 5.0 database - [How to install the Management Server on a Standalone Computer and Connect it to the Database](how-to-install-the-management-server-on-a-standalone-computer-and-connect-it-to-the-database.md). - -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-move-the-app-v-server-to-another-computer51.md b/mdop/appv-v5/how-to-move-the-app-v-server-to-another-computer51.md deleted file mode 100644 index 65179dff17..0000000000 --- a/mdop/appv-v5/how-to-move-the-app-v-server-to-another-computer51.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: How to Move the App-V Server to Another Computer -description: How to Move the App-V Server to Another Computer -author: dansimp -ms.assetid: 853af9eb-db5b-421d-a0fe-79ded8752cef -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Move the App-V Server to Another Computer - - -Use the following information to create a new management server console in your environment. - -## To create a new management server console - - -The following list displays the steps necessary to create a new management server console: - -1. Install the management server on a computer in your environment. For more information about installing the management server see [Deploying the App-V 5.1 Server](deploying-the-app-v-51-server.md). - -2. After you have completed the installation, use the following link to connect it to the App-V 5.1 database - [How to install the Management Server on a Standalone Computer and Connect it to the Database](how-to-install-the-management-server-on-a-standalone-computer-and-connect-it-to-the-database51.md). - -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-publish-a-connection-group.md b/mdop/appv-v5/how-to-publish-a-connection-group.md deleted file mode 100644 index d3e96c272e..0000000000 --- a/mdop/appv-v5/how-to-publish-a-connection-group.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: How to Publish a Connection Group -description: How to Publish a Connection Group -author: dansimp -ms.assetid: c61db00a-8393-485c-949e-af2098b9e258 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Publish a Connection Group - - -After you create a connection group, you must publish it to computers that run the App-V client. - -**To publish a connection group** - -1. Open the App-V Management Console, and select **Packages** > **CONNECTION GROUPS**. - -2. Right-click the connection group to be published, and select **publish**. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - -[Managing Connection Groups](managing-connection-groups.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-publish-a-connection-group51.md b/mdop/appv-v5/how-to-publish-a-connection-group51.md deleted file mode 100644 index 523eb51739..0000000000 --- a/mdop/appv-v5/how-to-publish-a-connection-group51.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: How to Publish a Connection Group -description: How to Publish a Connection Group -author: dansimp -ms.assetid: fe89601c-23c6-4b7c-a61b-4ca50908f1b4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Publish a Connection Group - - -After you create a connection group, you must publish it to computers that run the App-V client. - -**To publish a connection group** - -1. Open the App-V Management Console, and select **CONNECTION GROUPS**. - -2. Right-click the connection group to be published, and select **publish**. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - -[Managing Connection Groups](managing-connection-groups51.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-publish-a-package-by-using-the-management-console-50.md b/mdop/appv-v5/how-to-publish-a-package-by-using-the-management-console-50.md deleted file mode 100644 index 99df93599f..0000000000 --- a/mdop/appv-v5/how-to-publish-a-package-by-using-the-management-console-50.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: How to Publish a Package by Using the Management Console -description: How to Publish a Package by Using the Management Console -author: dansimp -ms.assetid: 7c6930fc-5c89-4519-a901-512dae155fd2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Publish a Package by Using the Management Console - - -Use the following procedure to publish an App-V 5.0 package. Once you publish a package, computers that are running the App-V 5.0 client can access and run the applications in that package. - -**Note**   -The ability to enable only administrators to publish or unpublish packages (described below) is supported starting in App-V 5.0 SP3. - - - -**To publish an App-V 5.0 package** - -1. In the App-V 5.0 Management console. right-click the name of the package to be published, and select **Publish**. - -2. Review the **Status** column to verify that the package has been published and is now available. If the package is available, the status **published** is displayed. - - If the package is not published successfully, the status **unpublished** is displayed, along with error text that explains why the package is not available. - -**To enable only administrators to publish or unpublish packages** - -1. Navigate to the following Group Policy Object node: - - **Computer Configuration > Policies > Administrative Templates > System > App-V > Publishing**. - -2. Enable the **Require publish as administrator** Group Policy setting. - - To alternatively use PowerShell to set this item, see [How to Manage App-V 5.0 Packages Running on a Stand-Alone Computer by Using PowerShell](how-to-manage-app-v-50-packages-running-on-a-stand-alone-computer-by-using-powershell.md#bkmk-admins-pub-pkgs). - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - -[How to Configure Access to Packages by Using the Management Console](how-to-configure-access-to-packages-by-using-the-management-console-50.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-publish-a-package-by-using-the-management-console-51.md b/mdop/appv-v5/how-to-publish-a-package-by-using-the-management-console-51.md deleted file mode 100644 index 9a64b6ff65..0000000000 --- a/mdop/appv-v5/how-to-publish-a-package-by-using-the-management-console-51.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: How to Publish a Package by Using the Management Console -description: How to Publish a Package by Using the Management Console -author: dansimp -ms.assetid: e34d2bcf-15ac-4a75-9dc8-79380b36a25f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Publish a Package by Using the Management Console - - -Use the following procedure to publish an App-V 5.1 package. Once you publish a package, computers that are running the App-V 5.1 client can access and run the applications in that package. - -**Note**   -The ability to enable only administrators to publish or unpublish packages (described below) is supported starting in App-V 5.0 SP3. - - - -**To publish an App-V 5.1 package** - -1. In the App-V 5.1 Management console. Click or right-click the name of the package to be published. Select **Publish**. - -2. Review the **Status** column to verify that the package has been published and is now available. If the package is available, the status **published** is displayed. - - If the package is not published successfully, the status **unpublished** is displayed, along with error text that explains why the package is not available. - -**To enable only administrators to publish or unpublish packages** - -1. Navigate to the following Group Policy Object node: - - **Computer Configuration > Policies > Administrative Templates > System > App-V > Publishing**. - -2. Enable the **Require publish as administrator** Group Policy setting. - - To alternatively use PowerShell to set this item, see [How to Manage App-V 5.1 Packages Running on a Stand-Alone Computer by Using PowerShell](how-to-manage-app-v-51-packages-running-on-a-stand-alone-computer-by-using-powershell.md#bkmk-admins-pub-pkgs). - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - -[How to Configure Access to Packages by Using the Management Console](how-to-configure-access-to-packages-by-using-the-management-console-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-register-and-unregister-a-publishing-server-by-using-the-management-console.md b/mdop/appv-v5/how-to-register-and-unregister-a-publishing-server-by-using-the-management-console.md deleted file mode 100644 index abd93c7e0a..0000000000 --- a/mdop/appv-v5/how-to-register-and-unregister-a-publishing-server-by-using-the-management-console.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: How to Register and Unregister a Publishing Server by Using the Management Console -description: How to Register and Unregister a Publishing Server by Using the Management Console -author: dansimp -ms.assetid: c24f3b43-4888-41a9-9a39-973657f2b917 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Register and Unregister a Publishing Server by Using the Management Console - - -You can register and unregister publishing servers that will synchronize with the App-V 5.0 management server. You can also see the last attempt that the publishing server made to synchronize the information with the management server. - -Use the following procedure to register or unregister a publishing server. - -**To register a publishing server using the Management Console** - -1. Connect to the Management Console and select **Servers**. For more information about how to connect to the Management Console, see [How to Connect to the Management Console](how-to-connect-to-the-management-console-beta.md). - -2. A list of publishing servers that already synchronize with the management server is displayed. Click Register New Server to register a new server. - -3. Type a computer name of a domain joined computer on the **Server Name** line, to specify a name for the server. You should also include a domain name, for example, **MyDomain\\TestServer**. Click **Check**. - -4. Select the computer and click **Add** to add the computer to the list of servers. The new server will be displayed in the list. - -**To unregister a publishing server using the Management Console** - -1. Connect to the Management Console and select **Servers**. For more information about how to connect to the Management Console, see [How to Connect to the Management Console](how-to-connect-to-the-management-console-beta.md). - -2. A list of publishing servers that synchronize with the management server is displayed. - -3. To unregister the server, right-click the computer name and select the computer name and select **unregister server**. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-register-and-unregister-a-publishing-server-by-using-the-management-console51.md b/mdop/appv-v5/how-to-register-and-unregister-a-publishing-server-by-using-the-management-console51.md deleted file mode 100644 index 7e06b09dbc..0000000000 --- a/mdop/appv-v5/how-to-register-and-unregister-a-publishing-server-by-using-the-management-console51.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: How to Register and Unregister a Publishing Server by Using the Management Console -description: How to Register and Unregister a Publishing Server by Using the Management Console -author: dansimp -ms.assetid: 69cef0a8-8102-4697-b1ba-f16e0f25216b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Register and Unregister a Publishing Server by Using the Management Console - - -You can register and unregister publishing servers that will synchronize with the App-V 5.1 management server. You can also see the last attempt that the publishing server made to synchronize the information with the management server. - -Use the following procedure to register or unregister a publishing server. - -**To register a publishing server using the Management Console** - -1. Connect to the Management Console and select **Servers**. For more information about how to connect to the Management Console, see [How to Connect to the Management Console](how-to-connect-to-the-management-console-51.md). - -2. A list of publishing servers that already synchronize with the management server is displayed. Click Register New Server to register a new server. - -3. Type a computer name of a domain joined computer on the **Server Name** line, to specify a name for the server. You should also include a domain name, for example, **MyDomain\\TestServer**. Click **Check**. - -4. Select the computer and click **Add** to add the computer to the list of servers. The new server will be displayed in the list. - -**To unregister a publishing server using the Management Console** - -1. Connect to the Management Console and select **Servers**. For more information about how to connect to the Management Console, see [How to Connect to the Management Console](how-to-connect-to-the-management-console-51.md). - -2. A list of publishing servers that synchronize with the management server is displayed. - -3. To unregister the server, right-click the computer name and select the computer name and select **unregister server**. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md b/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md deleted file mode 100644 index 38d5dc61eb..0000000000 --- a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -ms.reviewer: -title: How to Revert Extension Points From an App-V 5.0 Package to an App-V 4.6 Package for a Specific User -description: How to Revert Extension Points From an App-V 5.0 Package to an App-V 4.6 Package for a Specific User -ms.assetid: f1d2ab1f-0831-4976-b49f-169511d3382a -author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/21/2016 ---- - -# How to Revert Extension Points From an App-V 5.0 Package to an App-V 4.6 Package for a Specific User - -*Note:** App-V 4.6 has exited Mainstream support. - -Use the following procedure to revert an App-V 5.0 package to the App-V file format using the user configuration file. - -**To revert a package** - -1. Ensure that App-V 4.6 package is published to the users but the FTAs and shortcuts have been assumed by App-V 5.0 package using the following migration method, [How to Migrate Extension Points From an App-V 4.6 Package to App-V 5.0 for a Specific User](how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-50-for-a-specific-user.md). - - In the **userConfiguration** section of the deployment configuration file for the converted package, to set the policy, make the following update to the **userConfiguration** section: **ManagingAuthority TakeoverExtensionPointsFrom46="false" PackageName=<Package ID>** - -2. From an elevated command prompt, type: - - PS>**Publish-AppVClientPackage $pkg –DynamicUserConfigurationPath** <path to user configuration file> - -3. Perform a publishing refresh, or wait for the next scheduled publishing refresh for the App-V 4.6. Open the application using FTAs or shortcuts. The Application should now open using App-V 4.6 SP2. - - **Note** - If you do not need the App-V 5.0 package anymore, you can unpublish the App-V 5.0 package and the extension points will automatically revert to App-V 4.6. - - - -~~~ -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). -~~~ - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - - - - - - - - - - - - diff --git a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-all-users-on-a-specific-computer.md b/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-all-users-on-a-specific-computer.md deleted file mode 100644 index d8bed1b729..0000000000 --- a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-all-users-on-a-specific-computer.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: "How to Revert Extension Points from an App-V 5.0 Package to an App-V 4.6 Package For All Users on a Specific Computer" -description: How to Revert Extension Points from an App-V 5.0 Package to an App-V 4.6 Package For All Users on a Specific Computer -ms.assetid: 2a43ca1b-6847-4dd1-ade2-336ac4ac6af0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/21/2016 ---- - -# How to Revert Extension Points from an App-V 5.0 Package to an App-V 4.6 Package For All Users on a Specific Computer - -*Note:** App-V 4.6 has exited Mainstream support. The following assumes that the App-V 4.6 SP3 client is already installed. - -Use the following procedure to revert extension points from an App-V 5.0 package to the App-V 4.6 file format using the deployment configuration file. - -**To revert a package** - -1. Ensure that App-V 4.6 package is published to the users but the FTAs and shortcuts have been assumed by App-V 5.0 package using the following migration method, [How to Migrate Extension Points From an App-V 4.6 Package to a Converted App-V 5.0 Package for All Users on a Specific Computer](how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-50-package-for-all-users-on-a-specific-computer.md). - - In the **userConfiguration** section of the deployment configuration file for the converted package, to set the policy, make the following update to the **userConfiguration** section: **ManagingAuthority TakeoverExtensionPointsFrom46="false" PackageName=<Package ID>** - -2. From an elevated command prompt, type: - - PS>**Set-AppvClientPackage $pkg –DynamicDeploymentConfiguration** <path to deployment configuration file> - - PS>**Publish-AppVClientPackage $pkg –DynamicUserConfigurationType useDeploymentConfiguration** - -3. Perform a publishing refresh, or wait for the next scheduled publishing refresh for the App-V 4.6 SP2 package. - - Open the application using FTAs or shortcuts. The Application should now open using App-V 4.6. - - **Note** - If you do not need the App-V 5.0 package anymore, you can unpublish the App-V 5.0 package and the extension points will automatically revert to App-V 4.6. - - - -~~~ -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). -~~~ - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-51-package-to-an-app-v-46-package-for-a-specific-user.md b/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-51-package-to-an-app-v-46-package-for-a-specific-user.md deleted file mode 100644 index b62aea5290..0000000000 --- a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-51-package-to-an-app-v-46-package-for-a-specific-user.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: How to Revert Extension Points From an App-V 5.1 Package to an App-V 4.6 Package for a Specific User -description: How to Revert Extension Points From an App-V 5.1 Package to an App-V 4.6 Package for a Specific User -author: dansimp -ms.assetid: bd53c5d6-7fd2-4816-b03b-d59da0a35819 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/21/2016 ---- - - -# How to Revert Extension Points From an App-V 5.1 Package to an App-V 4.6 Package for a Specific User - - -Use the following procedure to revert an App-V 5.1 package to the App-V file format using the user configuration file. - -**To revert a package** - -1. Ensure that App-V 4.6 package is published to the users but the FTAs and shortcuts have been assumed by App-V 5.1 package using the following migration method, [How to Migrate Extension Points From an App-V 4.6 Package to App-V 5.1 for a Specific User](how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-51-for-a-specific-user.md). - - In the **userConfiguration** section of the deployment configuration file for the converted package, to set the policy, make the following update to the **userConfiguration** section: **ManagingAuthority TakeoverExtensionPointsFrom46="false" PackageName=<Package ID>** - -2. From an elevated command prompt, type: - - PS>**Publish-AppVClientPackage $pkg –DynamicUserConfigurationPath** <path to user configuration file> - -3. Perform a publishing refresh, or wait for the next scheduled publishing refresh for the App-V 4.6. Open the application using FTAs or shortcuts. The Application should now open using App-V 4.6. - - **Note** - If you do not need the App-V 5.1 package anymore, you can unpublish the App-V 5.1 package and the extension points will automatically revert to App-V 4.6. - - - -~~~ -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). -~~~ - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-51-package-to-an-app-v-46-package-for-all-users-on-a-specific-computer.md b/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-51-package-to-an-app-v-46-package-for-all-users-on-a-specific-computer.md deleted file mode 100644 index 7c6b1455cf..0000000000 --- a/mdop/appv-v5/how-to-revert-extension-points-from-an-app-v-51-package-to-an-app-v-46-package-for-all-users-on-a-specific-computer.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: How to Revert Extension Points from an App-V 5.1 Package to an App-V 4.6 Package For All Users on a Specific Computer -description: How to Revert Extension Points from an App-V 5.1 Package to an App-V 4.6 Package For All Users on a Specific Computer -author: dansimp -ms.assetid: 64640b8e-de6b-4006-a33e-353d285af15e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/21/2016 ---- - - -# How to Revert Extension Points from an App-V 5.1 Package to an App-V 4.6 Package For All Users on a Specific Computer - - -Use the following procedure to revert extension points from an App-V 5.1 package to the App-V 4.6 file format using the deployment configuration file. - -**To revert a package** - -1. Ensure that App-V 4.6 package is published to the users but the FTAs and shortcuts have been assumed by App-V 5.1 package using the following migration method, [How to Migrate Extension Points From an App-V 4.6 Package to a Converted App-V 5.1 Package for All Users on a Specific Computer](how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-51-package-for-all-users-on-a-specific-computer.md). - - In the **userConfiguration** section of the deployment configuration file for the converted package, to set the policy, make the following update to the **userConfiguration** section: **ManagingAuthority TakeoverExtensionPointsFrom46="false" PackageName=<Package ID>** - -2. From an elevated command prompt, type: - - PS>**Set-AppvClientPackage $pkg –DynamicDeploymentConfiguration** <path to deployment configuration file> - - PS>**Publish-AppVClientPackage $pkg –DynamicUserConfigurationType useDeploymentConfiguration** - -3. Perform a publishing refresh, or wait for the next scheduled publishing refresh for the App-V 4.6 package. - - Open the application using FTAs or shortcuts. The Application should now open using App-V 4.6. - - **Note** - If you do not need the App-V 5.1 package anymore, you can unpublish the App-V 5.1 package and the extension points will automatically revert to App-V 4.6. - - - -~~~ -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). -~~~ - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-50-beta-gb18030.md b/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-50-beta-gb18030.md deleted file mode 100644 index 8652ce06d6..0000000000 --- a/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-50-beta-gb18030.md +++ /dev/null @@ -1,332 +0,0 @@ ---- -title: How to Sequence a New Application with App-V 5.0 -description: How to Sequence a New Application with App-V 5.0 -author: dansimp -ms.assetid: a263fa84-cd6d-4219-a5c2-eb6a553b826c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Sequence a New Application with App-V 5.0 - - -**To review or do before you start sequencing** - -1. Determine the type of virtualized application package you want to create: - - - - - - - - - - - - - - - - - - - - - - - - - - -
Application typeDescription

Standard

Creates a package that contains an application or a suite of applications. This is the preferred option for most application types.

Add-on or plug-in

Creates a package that extends the functionality of a standard application, for example, a plug-in for Microsoft Excel. Additionally, you can use plug-ins for natively installed applications, or for another package that is linked by using connection groups.

Middleware

Creates a package that is required by a standard application, for example, Java. Middleware packages are used for linking to other packages by using connection groups.

- - - -2. Copy all required installation files to the computer that is running the sequencer. - -3. Make a backup image of your virtual environment before sequencing an application, and then revert to that image each time after you finish sequencing an application. - -4. Review the following items: - - - If an application installer changes the security access to a new or existing file or directory, those changes are not captured in the package. - - - If short paths have been disabled for the virtualized package’s target volume, you must also sequence the package to a volume that was created and still has short-paths disabled. It cannot be the system volume. - - - Starting in App-V 5.0 SP3, the primary virtual application directory (PVAD) is hidden, but you can turn it back on. See [About App-V 5.0 SP3](about-app-v-50-sp3.md#bkmk-pvad-hidden). - -**To sequence a new standard application** - -1. On the computer that runs the sequencer, click **All Programs**, and then Click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**. - -2. In the sequencer, click **Create a New Virtual Application Package**. Select **Create Package (default)**, and then click **Next**. - -3. On the **Prepare Computer** page, review the issues that could cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**. - - **Important** - If you are required to disable virus scanning software, you should first scan the computer that runs the sequencer in order to ensure that no unwanted or malicious files could be added to the package. - - - -4. On the **Type of Application** page, click the **Standard Application (default)** check box, and then click **Next**. - -5. On the **Select Installer** page, click **Browse** and specify the installation file for the application. - - **Note** - If the specified application installer modifies security access to a file or directory, existing or new, the associated changes will not be captured into the package. - - - -~~~ -If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Perform a Custom Installation** check box, and then Click **Next**. -~~~ - -6. On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V 5.0 Management Console. - - The **Primary Virtual Application Directory** displays the path where the application will be installed on target computers. To specify this location, select **Browse**. - - **Note** - Starting in App-V 5.0 SP3, the primary virtual application directory (PVAD) is hidden, but you can turn it back on. See [About App-V 5.0 SP3](about-app-v-50-sp3.md#bkmk-pvad-hidden). - - - -~~~ -**Important** -The primary application virtual directory should match the installation location for the application that is being sequenced. For example, if you install Notepad to **C:\\Program Files\\Notepad**; you should configure **C:\\Program Files\\Notepad** as your primary virtual directory. Alternatively, you can choose to set **C:\\Notepad** as the primary virtual application directory, as long as during installation time, you configure the installer to install to **C:\\Notepad**. Editing the Application Virtualization path is an advanced configuration task. For most applications, the default path is recommended for the following reasons: - -- Application Compatibility. Some virtualized applications will not function correctly, or will fail to open if the directories are not configured with identical virtual directory paths. - -- Performance. Since no file system redirection is required, the runtime performance can improve. - - - -**Tip** -It is recommended that prior to Sequencing an application, you open the associated installer to determine the default installation directory, and then configure that location as the **Primary Virtual Application Directory**. - - - -Click **Next**. -~~~ - -7. On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the application so that the sequencer can monitor the installation process. - - **Important** - You should always install applications to a secure location and make sure no other users are logged on to the computer running the sequencer during monitoring. - - - -~~~ -Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run** to locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**. Click **Next**. -~~~ - -8. On the **Installation** page, wait while the sequencer configures the virtualized application package. - -9. On the **Configure Software** page, optionally run the programs contained in the package. This step allows you to complete any necessary license or configuration tasks before you deploy and run the package on target computers. To run all the programs at one time, select at least one program, and then click **Run All**. To run specific programs, select the program or programs, and then click **Run Selected**. Complete the required configuration tasks and then close the applications. You may need to wait several minutes for all programs to run. - - **Note** - To run first-use tasks for any application that is not available in the list, open the application. The associated information will be captured during this step. - - - -~~~ -Click **Next**. -~~~ - -10. On the **Installation Report** page, you can review information about the virtualized application package you have just sequenced. In **Additional Information**, double-click an event to obtain more detailed information. To proceed, click **Next**. - -11. The **Customize** page is displayed. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 14 of this procedure. To perform either of the following customizations, select **Customize**. - - - Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers. - - - Specify the operating systems that can run this package. - - Click **Next**. - -12. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all the applications to run. After all applications have run, close each of the applications, and then click **Next**. - - **Note** - If you do not open any applications during this step, the default streaming method is on-demand streaming delivery. This means applications will be downloaded bit by bit until it can be opened, and then depending on how the background loading is configured, will load the rest of the application. - - - -13. On the **Target OS** page, specify the operating systems that can run this package. To allow all supported operating systems in your environment to run this package, select **Allow this package to run on any operating system**. To configure this package to run only on specific operating systems, select **Allow this package to run only on the following operating systems** and select the operating systems that can run this package. Click **Next**. - - **Important** - Make sure that the operating systems you specify here are supported by the application you are sequencing. - - - -14. The **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor**. This option opens the package in the sequencer console so that you can modify the package before it is saved. Click **Next**. - - To save the package immediately, select **Save the package now** (default). Add optional **Comments** to be associated with the package. Comments are useful for identifying the program version and other information about the package. - - **Important** - The system does not support non-printable characters in **Comments** and **Descriptions**. - - - -~~~ -The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**. -~~~ - -15. The **Completion** page is displayed. Review the information in the **Virtual Application Package Report** pane as needed, then click **Close**. This information is also available in the **Report.xml** file that is located in the directory where the package was created. - - The package is now available in the sequencer. - - **Important** - After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the sequencer. - - - -**To sequence an add-on or plug-in application** - -1. - - **Note** - Before performing the following procedure, install the parent application locally on the computer that is running the sequencer. Or if you have the parent application virtualized, you can follow the steps in the add-on or plug-in workflow to unpack the parent application on the computer. - - For example, if you are sequencing a plug-in for Microsoft Excel, install Microsoft Excel locally on the computer that is running the sequencer. Also install the parent application in the same directory where the application is installed on target computers. If the plug-in or add-on is going to be used with an existing virtual application package, install the application on the same virtual application drive that was used when you created the parent virtual application package. - - - -~~~ -On the computer that runs the sequencer, click **All Programs**, and then Click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**. -~~~ - -2. *In the sequencer, click *Create a New Virtual Application Package. Select **Create Package (default)**, and then click **Next**. - -3. On the **Prepare Computer** page, review the issues that might cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**. - - **Important** - If you are required to disable virus scanning software, you should first scan the computer that runs the sequencer in order to ensure that no unwanted or malicious files could be added to the package. - - - -4. On the **Type of Application** page, select **Add-on or Plug-in**, and then click **Next**. - -5. On the **Select Installer** page, click **Browse** and specify the installation file for the add-on or plug-in. If the add-on or plug-in does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**. - -6. On the **Install Primary** page, ensure that the primary application is installed on the computer that runs the sequencer. Alternatively, you can expand an existing package that has been saved locally on the computer that runs the sequencer. To do this, click **Expand Package**, and then select the package. After you have expanded or installed the parent program, select **I have installed the primary parent program**. - - Click **Next**. - -7. On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name will be displayed in the App-V 5.0 Management Console. The **Primary Virtual Application Directory** displays the path where the application will be installed. To specify this location, type the path, or click **Browse**. - - **Note** - Starting in App-V 5.0 SP3, the primary virtual application directory (PVAD) is hidden, but you can turn it back on. See [About App-V 5.0 SP3](about-app-v-50-sp3.md#bkmk-pvad-hidden). - - - -~~~ -Click **Next**. -~~~ - -8. On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the plug-in or add-in application so the sequencer can monitor the installation process. Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run** and locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**, and then click **Next**. - -9. On the **Installation Report** page, you can review information about the virtual application package that you just sequenced. For a more detailed explanation about the information displayed in **Additional Information**, double-click the event. After you have reviewed the information, click **Next**. - -10. The **Customize** page is displayed. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 12 of this procedure. To perform either of the following customizations, select **Customize**. - - - Optimize how the package will run across a slow or unreliable network. - - - Specify the operating systems that can run this package. - - Click **Next**. - -11. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. Streaming improves the experience when the virtual application package is run on target computers on high-latency networks. It can take several minutes for all the applications to run. After all applications have run, close each of the applications. You can also configure the package to be required to be fully downloaded before opening by selecting the **Force applications to be downloaded** check-box. Click **Next**. - - **Note** - If necessary, you can stop an application from loading during this step. In the **Application Launch** dialog box, click **Stop** and select one of the check boxes: **Stop all applications** or **Stop this application only**. - - - -12. On the **Target OS** page, specify the operating systems that can run this package. To allow all supported operating systems in your environment to run this package, select the **Allow this package to run on any operating system** check box. To configure this package to run only on specific operating systems, select the **Allow this package to run only on the following operating systems** check box, and then select the operating systems that can run this package. Click **Next**. - -13. The **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor** check box. This option opens the package in the sequencer console so that you can modify the package before it is saved. Click **Next**. - - To save the package immediately, select **Save the package now**. Optionally, add a **Description** that will be associated with the package. Descriptions are useful for identifying the version and other information about the package. - - **Important** - The system does not support non-printable characters in Comments and Descriptions. - - - -~~~ -The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**. -~~~ - -**To sequence a middleware application** - -1. On the computer that runs the sequencer, click **All Programs**, and then Click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**. - -2. *In the sequencer, click *Create a New Virtual Application Package. Select **Create Package (default)**, and then click **Next**. - -3. On the **Prepare Computer** page, review the issues that could cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**. - - **Important** - If you are required to disable virus scanning software, you should first scan the computer that runs the App-V 5.0 Sequencer in order to ensure that no unwanted or malicious files can be added to the package. - - - -4. On the **Type of Application** page, select **Middleware**, and then click **Next**. - -5. On the **Select Installer** page, click **Browse** and specify the installation file for the application. If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**. - -6. On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V 5.0 Management Console. The **Primary Virtual Application Directory** displays the path where the application will be installed. To specify this location, type the path or click **Browse**. - - Click **Next**. - -7. On the **Installation** page, when the sequencer and middleware application installer are ready you can proceed to install the application so that the sequencer can monitor the installation process. Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run**, to locate and run the additional installation files. When you are finished with the installation, select the **I am finished installing** check box, and then click **Next**. - -8. On the **Installation** page, wait while the sequencer configures the virtual application package. - -9. On the **Installation Report** page, you can review information about the virtual application package that you have just sequenced. In **Additional Information**, double-click an event to obtain more detailed information. To proceed, click **Next**. - -10. On the **Target OS** page, specify the operating systems that can run this package. To enable all supported operating systems in your environment to run this package, select the **Allow this package to run on any operating system** check box. To configure this package to run only on specific operating systems, select the **Allow this package to run only on the following operating systems** check box and select the operating systems that can run this package. Click **Next**. - -11. On the **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor**. This option opens the package in the sequencer console so that you can modify the package before it is saved. Click **Next**. - - To save the package immediately, select **Save the package now**. Optionally, add a **Description** to be associated with the package. Descriptions are useful for identifying the program version and other information about the package. - - **Important** - The system does not support non-printable characters in Comments and Descriptions. - - - -~~~ -The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**. -~~~ - -12. The **Completion** page is displayed. Review the information in the **Virtual Application Package Report** pane as needed, then click **Close**. This information is also available in the **Report.xml** file that is located in the directory specified in step 11 of this procedure. - - The package is now available in the sequencer. To edit the package properties, click **Edit \[Package Name\]**. - - **Important** - After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the sequencer. - - - -~~~ -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). -~~~ - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-51-beta-gb18030.md b/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-51-beta-gb18030.md deleted file mode 100644 index ba6d5a807d..0000000000 --- a/mdop/appv-v5/how-to-sequence-a-new-application-with-app-v-51-beta-gb18030.md +++ /dev/null @@ -1,308 +0,0 @@ ---- -title: How to Sequence a New Application with App-V 5.1 -description: How to Sequence a New Application with App-V 5.1 -author: dansimp -ms.assetid: 7d7699b1-0cb8-450d-94e7-5af937e16c21 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Sequence a New Application with App-V 5.1 - - -**To review or do before you start sequencing** - -1. Determine the type of virtualized application package you want to create: - - - - - - - - - - - - - - - - - - - - - - - - - - -
Application typeDescription

Standard

Creates a package that contains an application or a suite of applications. This is the preferred option for most application types.

Add-on or plug-in

Creates a package that extends the functionality of a standard application, for example, a plug-in for Microsoft Excel. Additionally, you can use plug-ins for natively installed applications, or for another package that is linked by using connection groups.

Middleware

Creates a package that is required by a standard application, for example, Java. Middleware packages are used for linking to other packages by using connection groups.

- - - -2. Copy all required installation files to the computer that is running the sequencer. - -3. Make a backup image of your virtual environment before sequencing an application, and then revert to that image each time after you finish sequencing an application. - -4. Review the following items: - - - If an application installer changes the security access to a new or existing file or directory, those changes are not captured in the package. - - - If short paths have been disabled for the virtualized package’s target volume, you must also sequence the package to a volume that was created and still has short-paths disabled. It cannot be the system volume. - -> [!NOTE] -> The App-V 5.x Sequencer cannot sequence applications with filenames matching "CO_<x>" where x is any numeral. Error 0x8007139F will be generated. - -**To sequence a new standard application** - -1. On the computer that runs the sequencer, click **All Programs**, and then Click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**. - -2. In the sequencer, click **Create a New Virtual Application Package**. Select **Create Package (default)**, and then click **Next**. - -3. On the **Prepare Computer** page, review the issues that could cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**. - - > [!IMPORTANT] - > If you are required to disable virus scanning software, you should first scan the computer that runs the sequencer in order to ensure that no unwanted or malicious files could be added to the package. - - - -~~~ -> [!NOTE] -> There is currently no way to disable Windows Defender in Windows 10. If you receive a warning, you can safely ignore it. It is unlikely that Windows Defender will affect sequencing at all. -~~~ - - - -4. On the **Type of Application** page, click the **Standard Application (default)** check box, and then click **Next**. - -5. On the **Select Installer** page, click **Browse** and specify the installation file for the application. - - > [!NOTE] - > If the specified application installer modifies security access to a file or directory, existing or new, the associated changes will not be captured into the package. - - - -~~~ -If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Perform a Custom Installation** check box, and then Click **Next**. -~~~ - -6. On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V 5.0 Management Console. - - Click **Next**. - -7. On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the application so that the sequencer can monitor the installation process. - - > [!IMPORTANT] - > You should always install applications to a secure location and make sure no other users are logged on to the computer running the sequencer during monitoring. - - - -~~~ -Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run** to locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**. Click **Next**. -~~~ - -8. On the **Installation** page, wait while the sequencer configures the virtualized application package. - -9. On the **Configure Software** page, optionally run the programs contained in the package. This step allows you to complete any necessary license or configuration tasks before you deploy and run the package on target computers. To run all the programs at one time, select at least one program, and then click **Run All**. To run specific programs, select the program or programs, and then click **Run Selected**. Complete the required configuration tasks and then close the applications. You may need to wait several minutes for all programs to run. - - > [!NOTE] - > To run first-use tasks for any application that is not available in the list, open the application. The associated information will be captured during this step. - - - -~~~ -Click **Next**. -~~~ - -10. On the **Installation Report** page, you can review information about the virtualized application package you have just sequenced. In **Additional Information**, double-click an event to obtain more detailed information. To proceed, click **Next**. - -11. The **Customize** page is displayed. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 14 of this procedure. To perform either of the following customizations, select **Customize**. - - - Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers. - - - Specify the operating systems that can run this package. - - Click **Next**. - -12. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all the applications to run. After all applications have run, close each of the applications, and then click **Next**. - - > [!NOTE] - > If you do not open any applications during this step, the default streaming method is on-demand streaming delivery. This means applications will be downloaded bit by bit until it can be opened, and then depending on how the background loading is configured, will load the rest of the application. - - - -13. On the **Target OS** page, specify the operating systems that can run this package. To allow all supported operating systems in your environment to run this package, select **Allow this package to run on any operating system**. To configure this package to run only on specific operating systems, select **Allow this package to run only on the following operating systems** and select the operating systems that can run this package. Click **Next**. - - > [!IMPORTANT] - > Make sure that the operating systems you specify here are supported by the application you are sequencing. - - - -14. The **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor**. This option opens the package in the sequencer console so that you can modify the package before it is saved. Click **Next**. - - To save the package immediately, select **Save the package now** (default). Add optional **Comments** to be associated with the package. Comments are useful for identifying the program version and other information about the package. - - > [!IMPORTANT] - > The system does not support non-printable characters in **Comments** and **Descriptions**. - - - -~~~ -The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**. -~~~ - -15. The **Completion** page is displayed. Review the information in the **Virtual Application Package Report** pane as needed, then click **Close**. This information is also available in the **Report.xml** file that is located in the directory where the package was created. - - The package is now available in the sequencer. - - > [!IMPORTANT] - > After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the sequencer. - - - -**To sequence an add-on or plug-in application** - -1. > [!NOTE] - > Before performing the following procedure, install the parent application locally on the computer that is running the sequencer. Or if you have the parent application virtualized, you can follow the steps in the add-on or plug-in workflow to unpack the parent application on the computer. - > - > For example, if you are sequencing a plug-in for Microsoft Excel, install Microsoft Excel locally on the computer that is running the sequencer. Also install the parent application in the same directory where the application is installed on target computers. If the plug-in or add-on is going to be used with an existing virtual application package, install the application on the same virtual application drive that was used when you created the parent virtual application package. - - - -~~~ -On the computer that runs the sequencer, click **All Programs**, and then Click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**. -~~~ - -2. *In the sequencer, click *Create a New Virtual Application Package. Select **Create Package (default)**, and then click **Next**. - -3. On the **Prepare Computer** page, review the issues that might cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**. - - > [!IMPORTANT] - > If you are required to disable virus scanning software, you should first scan the computer that runs the sequencer in order to ensure that no unwanted or malicious files could be added to the package. - - - -4. On the **Type of Application** page, select **Add-on or Plug-in**, and then click **Next**. - -5. On the **Select Installer** page, click **Browse** and specify the installation file for the add-on or plug-in. If the add-on or plug-in does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**. - -6. On the **Install Primary** page, ensure that the primary application is installed on the computer that runs the sequencer. Alternatively, you can expand an existing package that has been saved locally on the computer that runs the sequencer. To do this, click **Expand Package**, and then select the package. After you have expanded or installed the parent program, select **I have installed the primary parent program**. - - Click **Next**. - -7. On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name will be displayed in the App-V 5.0 Management Console. - - Click **Next**. - -8. On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the plug-in or add-in application so the sequencer can monitor the installation process. Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run** and locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**, and then click **Next**. - -9. On the **Installation Report** page, you can review information about the virtual application package that you just sequenced. For a more detailed explanation about the information displayed in **Additional Information**, double-click the event. After you have reviewed the information, click **Next**. - -10. The **Customize** page is displayed. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 12 of this procedure. To perform either of the following customizations, select **Customize**. - - - Optimize how the package will run across a slow or unreliable network. - - - Specify the operating systems that can run this package. - - Click **Next**. - -11. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. Streaming improves the experience when the virtual application package is run on target computers on high-latency networks. It can take several minutes for all the applications to run. After all applications have run, close each of the applications. You can also configure the package to be required to be fully downloaded before opening by selecting the **Force applications to be downloaded** check-box. Click **Next**. - - > [!NOTE] - > If necessary, you can stop an application from loading during this step. In the **Application Launch** dialog box, click **Stop** and select one of the check boxes: **Stop all applications** or **Stop this application only**. - - - -12. On the **Target OS** page, specify the operating systems that can run this package. To allow all supported operating systems in your environment to run this package, select the **Allow this package to run on any operating system** check box. To configure this package to run only on specific operating systems, select the **Allow this package to run only on the following operating systems** check box, and then select the operating systems that can run this package. Click **Next**. - -13. The **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor** check box. This option opens the package in the sequencer console so that you can modify the package before it is saved. Click **Next**. - - To save the package immediately, select **Save the package now**. Optionally, add a **Description** that will be associated with the package. Descriptions are useful for identifying the version and other information about the package. - - > [!IMPORTANT] - > The system does not support non-printable characters in Comments and Descriptions. - - - -~~~ -The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**. -~~~ - -**To sequence a middleware application** - -1. On the computer that runs the sequencer, click **All Programs**, and then Click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**. - -2. *In the sequencer, click *Create a New Virtual Application Package. Select **Create Package (default)**, and then click **Next**. - -3. On the **Prepare Computer** page, review the issues that could cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**. - - > [!IMPORTANT] - > If you are required to disable virus scanning software, you should first scan the computer that runs the App-V 5.0 Sequencer in order to ensure that no unwanted or malicious files can be added to the package. - - - -4. On the **Type of Application** page, select **Middleware**, and then click **Next**. - -5. On the **Select Installer** page, click **Browse** and specify the installation file for the application. If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**. - -6. On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V 5.0 Management Console. - - Click **Next**. - -7. On the **Installation** page, when the sequencer and middleware application installer are ready you can proceed to install the application so that the sequencer can monitor the installation process. Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run**, to locate and run the additional installation files. When you are finished with the installation, select the **I am finished installing** check box, and then click **Next**. - -8. On the **Installation** page, wait while the sequencer configures the virtual application package. - -9. On the **Installation Report** page, you can review information about the virtual application package that you have just sequenced. In **Additional Information**, double-click an event to obtain more detailed information. To proceed, click **Next**. - -10. On the **Target OS** page, specify the operating systems that can run this package. To enable all supported operating systems in your environment to run this package, select the **Allow this package to run on any operating system** check box. To configure this package to run only on specific operating systems, select the **Allow this package to run only on the following operating systems** check box and select the operating systems that can run this package. Click **Next**. - -11. On the **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor**. This option opens the package in the sequencer console so that you can modify the package before it is saved. Click **Next**. - - To save the package immediately, select **Save the package now**. Optionally, add a **Description** to be associated with the package. Descriptions are useful for identifying the program version and other information about the package. - - > [!IMPORTANT] - > The system does not support non-printable characters in Comments and Descriptions. - - - -~~~ -The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**. -~~~ - -12. The **Completion** page is displayed. Review the information in the **Virtual Application Package Report** pane as needed, then click **Close**. This information is also available in the **Report.xml** file that is located in the directory specified in step 11 of this procedure. - - The package is now available in the sequencer. To edit the package properties, click **Edit \[Package Name\]**. - - > [!IMPORTANT] - > After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the sequencer. - - - -~~~ -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). -~~~ - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-sequence-a-package--by-using-powershell-50.md b/mdop/appv-v5/how-to-sequence-a-package--by-using-powershell-50.md deleted file mode 100644 index d9728ec6c1..0000000000 --- a/mdop/appv-v5/how-to-sequence-a-package--by-using-powershell-50.md +++ /dev/null @@ -1,77 +0,0 @@ ---- -title: How to Sequence a Package by Using PowerShell -description: How to Sequence a Package by Using PowerShell -author: dansimp -ms.assetid: b41feed9-d1c5-48a3-940c-9a21d594f4f8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Sequence a Package by Using PowerShell - - -Use the following procedure to create a new App-V 5.0 package using PowerShell. - -**Note**   -Before you use this procedure you must copy the associated installer files to the computer running the sequencer and you have read and understand the sequencer section of [Planning for the App-V 5.0 Sequencer and Client Deployment](planning-for-the-app-v-50-sequencer-and-client-deployment.md). - - - -**To create a new virtual application using PowerShell** - -1. Install the App-V 5.0 sequencer. For more information about installing the sequencer see [How to Install the Sequencer](how-to-install-the-sequencer-beta-gb18030.md). - -2. To open a PowerShell console click **Start** and type **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**. - -3. Using the PowerShell console, type the following: **import-module appvsequencer**. - -4. To create a package, use the **New-AppvSequencerPackage** cmdlet. The following parameters are required to create a package: - - - **Name** - specifies the name of the package. - - - **PrimaryVirtualApplicationDirectory** - specifies the path to the directory that will be used to install the application. This path must exist. - - - **Installer** - specifies the path to the associated application installer. - - - **Path** - specifies the output directory for the package. - - For example: - - **New-AppvSequencerPackage –Name <name of Package> -PrimaryVirtualApplicationDirectory <path to the package root> -Installer <path to the installer executable> -OutputPath <directory of the output path>** - - Wait for the sequencer to create the package. Creating a package using PowerShell can take time. If the package was not created successfully an error will be returned. - - The following list displays additional optional parameters that can be used with **New-AppvSequencerPackage** cmdlet: - - - AcceleratorFilePath – specifies the path to the accelerator .cab file to generate a package. - - - InstalledFilesPath - specifies the path to where the local installed files of the application are saved. - - - InstallMediaPath - specifies the path to where the installation media is - - - TemplateFilePath - specifies the path to a template file if you want to customize the sequencing process. - - - FullLoad - specifies that the package must be fully downloaded to the computer running the App-V 5.0 before it can be opened. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Administering App-V by Using PowerShell](administering-app-v-by-using-powershell.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-sequence-a-package--by-using-powershell-51.md b/mdop/appv-v5/how-to-sequence-a-package--by-using-powershell-51.md deleted file mode 100644 index 8a8c74258e..0000000000 --- a/mdop/appv-v5/how-to-sequence-a-package--by-using-powershell-51.md +++ /dev/null @@ -1,77 +0,0 @@ ---- -title: How to Sequence a Package by Using PowerShell -description: How to Sequence a Package by Using PowerShell -author: dansimp -ms.assetid: 6134c6be-937d-4609-a516-92d49154b290 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Sequence a Package by Using PowerShell - - -Use the following procedure to create a new App-V 5.1 package using PowerShell. - -**Note**   -Before you use this procedure you must copy the associated installer files to the computer running the sequencer and you have read and understand the sequencer section of [Planning for the App-V 5.1 Sequencer and Client Deployment](planning-for-the-app-v-51-sequencer-and-client-deployment.md). - - - -**To create a new virtual application using PowerShell** - -1. Install the App-V 5.1 sequencer. For more information about installing the sequencer see [How to Install the Sequencer](how-to-install-the-sequencer-51beta-gb18030.md). - -2. To open a PowerShell console click **Start** and type **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**. - -3. Using the PowerShell console, type the following: **import-module appvsequencer**. - -4. To create a package, use the **New-AppvSequencerPackage** cmdlet. The following parameters are required to create a package: - - - **Name** - specifies the name of the package. - - - **PrimaryVirtualApplicationDirectory** - specifies the path to the directory that will be used to install the application. This path must exist. - - - **Installer** - specifies the path to the associated application installer. - - - **Path** - specifies the output directory for the package. - - For example: - - **New-AppvSequencerPackage –Name <name of Package> -PrimaryVirtualApplicationDirectory <path to the package root> -Installer <path to the installer executable> -OutputPath <directory of the output path>** - - Wait for the sequencer to create the package. Creating a package using PowerShell can take time. If the package was not created successfully an error will be returned. - - The following list displays additional optional parameters that can be used with **New-AppvSequencerPackage** cmdlet: - - - AcceleratorFilePath – specifies the path to the accelerator .cab file to generate a package. - - - InstalledFilesPath - specifies the path to where the local installed files of the application are saved. - - - InstallMediaPath - specifies the path to where the installation media is - - - TemplateFilePath - specifies the path to a template file if you want to customize the sequencing process. - - - FullLoad - specifies that the package must be fully downloaded to the computer running the App-V 5.1 before it can be opened. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Administering App-V 5.1 by Using PowerShell](administering-app-v-51-by-using-powershell.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-transfer-access-and-configurations-to-another-version-of-a-package-by-using-the-management-console.md b/mdop/appv-v5/how-to-transfer-access-and-configurations-to-another-version-of-a-package-by-using-the-management-console.md deleted file mode 100644 index 1979f1b044..0000000000 --- a/mdop/appv-v5/how-to-transfer-access-and-configurations-to-another-version-of-a-package-by-using-the-management-console.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console -description: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console -author: dansimp -ms.assetid: d41d64a0-0333-4951-ab27-db595bf0f634 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console - - -Use the following procedure to transfer the access and default package configurations to another version of a package by using the management console. - -**To transfer access and configurations to another version of a package** - -1. To view the package that you want to configure, open the App-V 5.0 Management Console. Select the package to which you will transfer the new configuration, right-click the package and select **transfer default configuration from** or **transfer access and configurations from**, depending on the configuration that you want to transfer. - -2. To transfer the configuration, in the **Select Previous Version** dialog box, select the package that contains the settings that you want to transfer, and then click **OK**. - - If you select **transfer default configuration from**, then only the underlying dynamic deployment configuration will be transferred. - - If you select **transfer access and configurations from**, then all access permissions, as well as the configuration settings, will be copied. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-transfer-access-and-configurations-to-another-version-of-a-package-by-using-the-management-console51.md b/mdop/appv-v5/how-to-transfer-access-and-configurations-to-another-version-of-a-package-by-using-the-management-console51.md deleted file mode 100644 index 17e0975836..0000000000 --- a/mdop/appv-v5/how-to-transfer-access-and-configurations-to-another-version-of-a-package-by-using-the-management-console51.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console -description: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console -author: dansimp -ms.assetid: bf53f064-76ae-4eac-9266-d087c480cda7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console - - -Use the following procedure to transfer the access and default package configurations to another version of a package by using the management console. - -**To transfer access and configurations to another version of a package** - -1. To view the package that you want to configure, open the App-V 5.1 Management Console. Select the package to which you will transfer the new configuration, right-click the package and select **transfer default configuration from** or **transfer access and configurations from**, depending on the configuration that you want to transfer. - -2. To transfer the configuration, in the **Select Previous Version** dialog box, select the package that contains the settings that you want to transfer, and then click **OK**. - - If you select **transfer default configuration from**, then only the underlying dynamic deployment configuration will be transferred. - - If you select **transfer access and configurations from**, then all access permissions, as well as the configuration settings, will be copied. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/how-to-uninstall-the-app-v-50-client.md b/mdop/appv-v5/how-to-uninstall-the-app-v-50-client.md deleted file mode 100644 index b30443d81b..0000000000 --- a/mdop/appv-v5/how-to-uninstall-the-app-v-50-client.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: How to Uninstall the App-V 5.0 Client -description: How to Uninstall the App-V 5.0 Client -author: dansimp -ms.assetid: 7566fb19-8d52-439a-be42-e004d95fed6f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Uninstall the App-V 5.0 Client - - -Use the following procedure to uninstall the App-V 5.0 client from a computer. When you uninstall the App-V 5.0 client all packages published to the computer running the client are also removed. If the uninstall operation does not complete the packages will need to be re-published to the computer running the App-V 5.0 client. - -**Important** -You should ensure that the App-V 5.0 client service is running prior to performing the uninstall procedure. - - - -**To uninstall the App-V 5.0 Client** - -1. In Control Panel, double-click **Programs** / **Uninstall a Program**, and then double-click **Microsoft Application Virtualization Client**. - -2. In the dialog box that appears, click **Yes** to continue with the uninstall process. - - **Important** - The uninstall process cannot be canceled or interrupted. - - - -3. A progress bar shows the time remaining. When this step finishes, you must restart the computer so that all associated drivers can be stopped to complete the uninstall process. - - **Note** - You can also use the command line to uninstall the App-V 5.0 client with the following switch: **/UNINSTALL**. - - - -~~~ -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). -~~~ - -## Related topics - - -[Deploying App-V 5.0](deploying-app-v-50.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-uninstall-the-app-v-51-client.md b/mdop/appv-v5/how-to-uninstall-the-app-v-51-client.md deleted file mode 100644 index 119e3fda37..0000000000 --- a/mdop/appv-v5/how-to-uninstall-the-app-v-51-client.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: How to Uninstall the App-V 5.1 Client -description: How to Uninstall the App-V 5.1 Client -author: dansimp -ms.assetid: 21f2d946-fc9f-4cd3-899b-ac52b3fbc306 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Uninstall the App-V 5.1 Client - - -Use the following procedure to uninstall the Microsoft Application Virtualization (App-V) 5.1 client from a computer. When you uninstall the App-V 5.1 client all packages published to the computer running the client are also removed. If the uninstall operation does not complete the packages will need to be re-published to the computer running the App-V 5.1 client. - -**Important** -You should ensure that the App-V 5.1 client service is running prior to performing the uninstall procedure. - - - -**To uninstall the App-V 5.1 Client** - -1. In Control Panel, double-click **Programs** / **Uninstall a Program**, and then double-click **Microsoft Application Virtualization Client**. - -2. In the dialog box that appears, click **Yes** to continue with the uninstall process. - - **Important** - The uninstall process cannot be canceled or interrupted. - - - -3. A progress bar shows the time remaining. When this step finishes, you must restart the computer so that all associated drivers can be stopped to complete the uninstall process. - - **Note** - You can also use the command line to uninstall the App-V 5.1 client with the following switch: **/UNINSTALL**. - - - -~~~ -**Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). -~~~ - -## Related topics - - -[Deploying App-V 5.1](deploying-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-50-application.md b/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-50-application.md deleted file mode 100644 index bad9d61431..0000000000 --- a/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-50-application.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -ms.reviewer: -title: How to Use an App-V 4.6 Application From an App-V 5.0 Application -description: How to Use an App-V 4.6 Application From an App-V 5.0 Application -ms.assetid: 4e78cb32-9c8b-478e-ae8b-c474a7e42487 -author: msfttracyp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/21/2016 ---- - -# How to Use an App-V 4.6 Application From an App-V 5.0 Application - -*Note:** App-V 4.6 has exited Mainstream support. The following applies to an App-V 4.6 SP3 package. - -Use the following procedure to run an App-V 4.6 application with App-V 5.0 applications on a standalone client. - -**To run applications on a standalone client** - -1. Select two applications in your environment that can be opened from one another. For example, Microsoft Outlook and Adobe Acrobat Reader. You can access an email attachment created using Adobe Acrobat. - -2. Convert the packages, or create a new package for either of the applications using the App-V 5.0 format. For more information about converting packages see, [How to Migrate Extension Points From an App-V 4.6 Package to a Converted App-V 5.0 Package for All Users on a Specific Computer](how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-50-package-for-all-users-on-a-specific-computer.md) or [How to Migrate Extension Points From an App-V 4.6 Package to App-V 5.0 for a Specific User](how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-50-for-a-specific-user.md). - -3. Add and provision the package using the App-V 5.0 management console. For more information adding and provisioning packages see, [How to Add or Upgrade Packages by Using the Management Console](how-to-add-or-upgrade-packages-by-using-the-management-console-beta-gb18030.md) and [How to Configure Access to Packages by Using the Management Console](how-to-configure-access-to-packages-by-using-the-management-console-50.md). - -4. The converted application now runs using App-V 5.0 and you can open one application from the other. For example, if you converted a Microsoft Office package to an App-V 5.0 package and Adobe Acrobat is still running as an App-V 4.6 package, you can open an Adobe Acrobat Reader attachment using Microsoft Outlook. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - -  - -  - - - - - - - - diff --git a/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-51-application.md b/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-51-application.md deleted file mode 100644 index ea81880476..0000000000 --- a/mdop/appv-v5/how-to-use-an-app-v-46-sp1-application-from-an-app-v-51-application.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: How to Use an App-V 4.6 Application From an App-V 5.1 Application -description: How to Use an App-V 4.6 Application From an App-V 5.1 Application -author: dansimp -ms.assetid: 909b4391-762b-4988-b0cf-32b67f1fcf0e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/21/2016 ---- - - -# How to Use an App-V 4.6 Application From an App-V 5.1 Application - -*Note:** App-V 4.6 has exited Mainstream support. The following applies to an App-V 4.6 SP3 package. - -Use the following procedure to run an App-V 4.6 application with App-V 5.1 applications on a standalone client. - -**Note**   -This procedure assumes that you are running the latest version of App-V 4.6. - -**To run applications on a standalone client** - -1. Select two applications in your environment that can be opened from one another. For example, Microsoft Outlook and Adobe Acrobat Reader. You can access an email attachment created using Adobe Acrobat. - -2. Convert the packages, or create a new package for either of the applications using the App-V 5.1 format. For more information about converting packages see, [How to Migrate Extension Points From an App-V 4.6 Package to a Converted App-V 5.1 Package for All Users on a Specific Computer](how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-51-package-for-all-users-on-a-specific-computer.md) or [How to Migrate Extension Points From an App-V 4.6 Package to App-V 5.1 for a Specific User](how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-51-for-a-specific-user.md). - -3. Add and provision the package using the App-V 5.1 management console. For more information adding and provisioning packages see, [How to Add or Upgrade Packages by Using the Management Console](how-to-add-or-upgrade-packages-by-using-the-management-console-51-gb18030.md) and [How to Configure Access to Packages by Using the Management Console](how-to-configure-access-to-packages-by-using-the-management-console-51.md). - -4. The converted application now runs using App-V 5.1 and you can open one application from the other. For example, if you converted a Microsoft Office package to an App-V 5.1 package and Adobe Acrobat is still running as an App-V 4.6 package, you can open an Adobe Acrobat Reader attachment using Microsoft Outlook. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-use-optional-packages-in-connection-groups.md b/mdop/appv-v5/how-to-use-optional-packages-in-connection-groups.md deleted file mode 100644 index 8c95c046c5..0000000000 --- a/mdop/appv-v5/how-to-use-optional-packages-in-connection-groups.md +++ /dev/null @@ -1,301 +0,0 @@ ---- -title: How to Use Optional Packages in Connection Groups -description: How to Use Optional Packages in Connection Groups -author: dansimp -ms.assetid: 4d08a81b-55e5-471a-91dc-9a684fb3c9a1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Use Optional Packages in Connection Groups - - -Starting in Microsoft Application Virtualization (App-V) 5.0 SP3, you can add optional packages to your connection groups to simplify connection group management. The following table summarizes the tasks that you can complete more easily by using optional packages, and provides links to instructions for each task. - -**Note**   -**Optional packages are supported only in App-V 5.0 SP3.** - - - -Before using optional packages, see [Requirements for using optional packages in connection groups](#bkmk-reqs-using-cg). - - ---- - - - - - - - - - - - - - - - - -
Link to instructionsTask

Use one connection group, with optional packages, for multiple users who have different packages entitled to them

Use a single connection group to make different groups of applications and plug-ins available to different end users.

-

For example, you want to distribute Microsoft Office to all end users, but distribute different plug-ins to different subsets of users.

Unpublish or delete an optional package, or unpublish an optional package and republish it later, without changing the connection group

Unpublish, delete, or republish an optional package without having to disable, remove, edit, add, and re-enable the connection group on the App-V Client.

-

You can also unpublish the optional package and republish it later without having to disable or republish the connection group.

- - - -## Use one connection group, with optional packages, for multiple users with different packages entitled to them - - - ---- - - - - - - - - - - - - - - - - -
Task descriptionHow to perform the task

With App-V 5.0 SP3

-

You can add optional packages to connection groups, which enables you to provide different combinations of applications and plug-ins to different end users.

-

Example: You want to distribute Microsoft Office to your end users, but enable a certain plug-in for only a subset of users.

-

To do this, create a connection group that contains a package with Office, and another package with Office plug-ins, and then make the plug-ins package optional.

-

End users who are not entitled to the plug-in package will still be able to run Office.

 ---- - - - - - - - - - - - - - - - - - - - - -
MethodSteps

App-V Server – Management Console

    -

  1. In the Management Console, select PACKAGES to open the PACKAGES page.

    2. -

  2. Select CONNECTION GROUPS to display the Connection Groups library.

    3. -

  3. Select the correct connection group from the Connection Groups library.

    4. -

  4. Click EDIT in the CONNECTED PACKAGES pane.

    5. -

  5. Select Optional next to the package name.

    6. -

  6. Select the ADD PACKAGE ACCESS TO GROUP ACCESS check box. This required step adds to the connection group the package entitlements that you configured earlier when you assigned packages to Active Directory groups.

    7. -

App-V Server - PowerShell cmdlet

Use the following cmdlet, and specify the -Optional parameter:

-

Add-AppvServerConnectionGroupPackage

-

Syntax:

-

Add-AppvServerConnectionGroupPackage [-AppvServerConnectionGroup] <SerializableConnectionGroup> [[-AppvServerPackage] <PackageVersion>] [-Optional] [-Order <int>] [-UseAnyPackageVersion]

-

Example:

-

Add-AppvServerConnectionGroupPackage -Name "Connection Group 1" -PackageName "Package 1" -Optional

App-V Client on a Stand-alone computer

    -

  1. Create the connection group XML document, and set the Package tag attribute IsOptional to “true”.

    2. -

  2. Use the following cmdlets to add and enable the connection group:

    -
      -

    • Add-AppvClientConnectionGroup

      • -

    • Enable-AppvClientConnectionGroup

      • -
    3. -
-

Example connection group XML document with optional packages:

-
<?xml version="1.0" ?>
-<AppConnectionGroup
-   xmlns="https://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup";
-   AppConnectionGroupId="8105CCD5-244B-4BA1-8888-E321E688D2CB"
-   VersionId="84CE3797-F1CB-4475-A223-757918929EB4"
-   DisplayName="Contoso Software Connection Group" >
-<Packages>
-<Package
-   PackageId="7735d1a8-5ef9-4df9-a1cf-3aa92ef54fe7"
-   VersionId="ec560d6f-e62e-48eb-a9e5-7c52a8c2e149"
-   DisplayName="Contoso Business Manager"
-/>
-
-<Package
-   PackageId="fc6fe0f7-be3d-4643-b37d-fc3f62d4dd5c"
-   VersionId="c67a71cd-3542-4a48-93e8-20c643c50970"
-   DisplayName="Contoso Forms"
-   IsOptional="false"
-/>
-
-<Package
-   PackageId="8f6301a5-4348-4039-9560-b27a5bb72711"
-   VersionId="6c694b45-3e19-46c6-a327-d159aa39e1d2"
-   DisplayName="Contoso Tax"
-   IsOptional="true"
-/>
-
-<Package
-   PackageId="89d701bc-d507-4299-b6b6-000000003472"
-   VersionId="*"
-   DisplayName="Contoso Accounts"
-   IsOptional="true"
-/>
-
-</Packages>
-</AppConnectionGroup>
-

 

With versions earlier than App-V 5.0 SP3

You had to create many connection groups to make specific application and plug-in combinations available to specific users.

- - - -## Unpublish or delete an optional package, or unpublish an optional package and republish it later, without changing the connection group - - - ---- - - - - - - - - - - - - - - - - -
Task descriptionHow to perform the task

With App-V 5.0 SP3

-

You can unpublish, delete, or republish an optional package, which is in a connection group, without having to disable or re-enable the connection group on the App-V Client.

-

You can also unpublish an optional package and republish it later without having to disable or republish the connection group.

-

Example: If you publish an optional package that contains a Microsoft Office plug-in, and you want to remove the plug-in, you can unpublish the package without having to disable the connection group.

 ---- - - - - - - - - - - - - - - - - -
MethodSteps

App-V Server – Management Console

    -

  • To unpublish the package: In the Management Console, select elect the PACKAGES page, right-click the package that you want to unpublish, and click unpublish.

    • -

  • To remove an optional package from a connection group: On the CONNECTION GROUPS page, select the package that you want to remove, and click the right arrow to remove the package from the connection group pane on the bottom left.

    • -

App-V Client on a Stand-alone computer

Use the following existing cmdlets:

-
    -

  • Unpublish-AppvClientPackage

    • -

  • Remove-AppvClientPackage

    • -
-

For more information, see How to Manage App-V 5.0 Packages Running on a Stand-Alone Computer by Using PowerShell.

-

 

With versions earlier than App-V 5.0 SP3

You had to:

-
    -

  1. Remove the connection group from each App-V Client computer where it was enabled.

    2. -

  2. Unpublish the package.

    3. -

  3. Remove the package from the connection group’s definition.

    4. -

  4. Republish the connection group.

    5. -
- - - -## Requirements for using optional packages in connection groups - - -Review the following requirements before using optional packages in connection groups: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
RequirementDetails

Connection groups must contain at least one non-optional package.

    -

  • Check carefully that you meet this requirement, as the App-V Server and the PowerShell cmdlet don’t validate that the requirement has been met.

    • -

  • If you accidentally create a connection group that does not contain at least one non-optional package, and the end user tries to open a packaged application in that connection group, the connection group will fail.

    • -
-

    -

  • User-published connection groups can contain packages that are published globally or to the user.

    • -

  • Globally published connection groups must contain only globally published packages.

    • -

Globally published connection groups must contain packages that are published globally to ensure that the packages will be available when starting the connection group’s virtual environment.

-

If you try to add or enable globally published connection groups that contain user-published packages, the connection group will fail.

You must publish all non-optional packages before publishing the connection group that contains those packages.

A connection group’s virtual environment cannot start if any non-optional packages are missing.

-

The App-V Client fails to add or enable a connection group if any non-optional packages have not been published.

Before you unpublish a globally published package, ensure that the connection groups that are entitled to all the users on that computer no longer require the package.

The system does not check whether the package is part of another user’s connection group. Unpublishing a global package will make it unavailable to every user on that computer, so make sure that each user’s connection groups no longer contain the package, or alternatively make the package optional.

- - - - - - - - -## Related topics - - -[Managing Connection Groups](managing-connection-groups.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-use-optional-packages-in-connection-groups51.md b/mdop/appv-v5/how-to-use-optional-packages-in-connection-groups51.md deleted file mode 100644 index b29a4ff7a9..0000000000 --- a/mdop/appv-v5/how-to-use-optional-packages-in-connection-groups51.md +++ /dev/null @@ -1,300 +0,0 @@ ---- -title: How to Use Optional Packages in Connection Groups -description: How to Use Optional Packages in Connection Groups -author: dansimp -ms.assetid: 67666f18-b704-4852-a1e4-d13633bd2baf -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Use Optional Packages in Connection Groups - - -Starting in Microsoft Application Virtualization (App-V) 5.0 SP3, you can add optional packages to your connection groups to simplify connection group management. The following table summarizes the tasks that you can complete more easily by using optional packages, and provides links to instructions for each task. - -**Note**   -**Optional packages are not supported in releases prior to App-V 5.0 SP3.** - - - -Before using optional packages, see [Requirements for using optional packages in connection groups](#bkmk-reqs-using-cg). - - ---- - - - - - - - - - - - - - - - - -
Link to instructionsTask

Use one connection group, with optional packages, for multiple users who have different packages entitled to them

Use a single connection group to make different groups of applications and plug-ins available to different end users.

-

For example, you want to distribute Microsoft Office to all end users, but distribute different plug-ins to different subsets of users.

Unpublish or delete an optional package, or unpublish an optional package and republish it later, without changing the connection group

Unpublish, delete, or republish an optional package without having to disable, remove, edit, add, and re-enable the connection group on the App-V Client.

-

You can also unpublish the optional package and republish it later without having to disable or republish the connection group.

- - - -## Use one connection group, with optional packages, for multiple users with different packages entitled to them - - - ---- - - - - - - - - - - - - - - - - -
Task descriptionHow to perform the task

With App-V 5.0 SP3 and App-V 5.1

-

You can add optional packages to connection groups, which enables you to provide different combinations of applications and plug-ins to different end users.

-

Example: You want to distribute Microsoft Office to your end users, but enable a certain plug-in for only a subset of users.

-

To do this, create a connection group that contains a package with Office, and another package with Office plug-ins, and then make the plug-ins package optional.

-

End users who are not entitled to the plug-in package will still be able to run Office.

 ---- - - - - - - - - - - - - - - - - - - - - -
MethodSteps

App-V Server – Management Console

    -

  1. In the Management Console, select CONNECTION GROUPS to display the Connection Groups library.

    2. -

  2. Select the correct connection group from the Connection Groups library.

    3. -

  3. Click EDIT in the CONNECTED PACKAGES pane.

    4. -

  4. Select Optional next to the package name.

    5. -

  5. Select the ADD PACKAGE ACCESS TO GROUP ACCESS check box. This required step adds to the connection group the package entitlements that you configured earlier when you assigned packages to Active Directory groups.

    6. -

App-V Server - PowerShell cmdlet

Use the following cmdlet, and specify the -Optional parameter:

-

Add-AppvServerConnectionGroupPackage

-

Syntax:

-

Add-AppvServerConnectionGroupPackage [-AppvServerConnectionGroup] <SerializableConnectionGroup> [[-AppvServerPackage] <PackageVersion>] [-Optional] [-Order <int>] [-UseAnyPackageVersion]

-

Example:

-

Add-AppvServerConnectionGroupPackage -Name "Connection Group 1" -PackageName "Package 1" -Optional

App-V Client on a Stand-alone computer

    -

  1. Create the connection group XML document, and set the Package tag attribute IsOptional to “true”.

    2. -

  2. Use the following cmdlets to add and enable the connection group:

    -
      -

    • Add-AppvClientConnectionGroup

      • -

    • Enable-AppvClientConnectionGroup

      • -
    3. -
-

Example connection group XML document with optional packages:

-
<?xml version="1.0" ?>
-<AppConnectionGroup
-   xmlns="https://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup";
-   AppConnectionGroupId="8105CCD5-244B-4BA1-8888-E321E688D2CB"
-   VersionId="84CE3797-F1CB-4475-A223-757918929EB4"
-   DisplayName="Contoso Software Connection Group" >
-<Packages>
-<Package
-   PackageId="7735d1a8-5ef9-4df9-a1cf-3aa92ef54fe7"
-   VersionId="ec560d6f-e62e-48eb-a9e5-7c52a8c2e149"
-   DisplayName="Contoso Business Manager"
-/>
-
-<Package
-   PackageId="fc6fe0f7-be3d-4643-b37d-fc3f62d4dd5c"
-   VersionId="c67a71cd-3542-4a48-93e8-20c643c50970"
-   DisplayName="Contoso Forms"
-   IsOptional="false"
-/>
-
-<Package
-   PackageId="8f6301a5-4348-4039-9560-b27a5bb72711"
-   VersionId="6c694b45-3e19-46c6-a327-d159aa39e1d2"
-   DisplayName="Contoso Tax"
-   IsOptional="true"
-/>
-
-<Package
-   PackageId="89d701bc-d507-4299-b6b6-000000003472"
-   VersionId="*"
-   DisplayName="Contoso Accounts"
-   IsOptional="true"
-/>
-
-</Packages>
-</AppConnectionGroup>
-

 

With versions earlier than App-V 5.0 SP3

You had to create many connection groups to make specific application and plug-in combinations available to specific users.

- - - -## Unpublish or delete an optional package, or unpublish an optional package and republish it later, without changing the connection group - - - ---- - - - - - - - - - - - - - - - - -
Task descriptionHow to perform the task

With App-V 5.0 SP3 and App-V 5.1

-

You can unpublish, delete, or republish an optional package, which is in a connection group, without having to disable or re-enable the connection group on the App-V Client.

-

You can also unpublish an optional package and republish it later without having to disable or republish the connection group.

-

Example: If you publish an optional package that contains a Microsoft Office plug-in, and you want to remove the plug-in, you can unpublish the package without having to disable the connection group.

 ---- - - - - - - - - - - - - - - - - -
MethodSteps

App-V Server – Management Console

    -

  • To unpublish the package: In the Management Console, select elect the PACKAGES page, click or right-click the package that you want to unpublish, and click Unpublish.

    • -

  • To remove an optional package from a connection group: On the CONNECTION GROUPS page, select the package that you want to remove, and click the right arrow to remove the package from the connection group pane on the bottom left.

    • -

App-V Client on a Stand-alone computer

Use the following existing cmdlets:

-
    -

  • Unpublish-AppvClientPackage

    • -

  • Remove-AppvClientPackage

    • -
-

For more information, see How to Manage App-V 5.1 Packages Running on a Stand-Alone Computer by Using PowerShell.

-

 

With versions earlier than App-V 5.0 SP3

You had to:

-
    -

  1. Remove the connection group from each App-V Client computer where it was enabled.

    2. -

  2. Unpublish the package.

    3. -

  3. Remove the package from the connection group’s definition.

    4. -

  4. Republish the connection group.

    5. -
- - - -## Requirements for using optional packages in connection groups - - -Review the following requirements before using optional packages in connection groups: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
RequirementDetails

Connection groups must contain at least one non-optional package.

    -

  • Check carefully that you meet this requirement, as the App-V Server and the PowerShell cmdlet don’t validate that the requirement has been met.

    • -

  • If you accidentally create a connection group that does not contain at least one non-optional package, and the end user tries to open a packaged application in that connection group, the connection group will fail.

    • -
-

    -

  • User-published connection groups can contain packages that are published globally or to the user.

    • -

  • Globally published connection groups must contain only globally published packages.

    • -

Globally published connection groups must contain packages that are published globally to ensure that the packages will be available when starting the connection group’s virtual environment.

-

If you try to add or enable globally published connection groups that contain user-published packages, the connection group will fail.

You must publish all non-optional packages before publishing the connection group that contains those packages.

A connection group’s virtual environment cannot start if any non-optional packages are missing.

-

The App-V Client fails to add or enable a connection group if any non-optional packages have not been published.

Before you unpublish a globally published package, ensure that the connection groups that are entitled to all the users on that computer no longer require the package.

The system does not check whether the package is part of another user’s connection group. Unpublishing a global package will make it unavailable to every user on that computer, so make sure that each user’s connection groups no longer contain the package, or alternatively make the package optional.

- - - - - - - - -## Related topics - - -[Managing Connection Groups](managing-connection-groups51.md) - - - - - - - - - diff --git a/mdop/appv-v5/how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-beta.md b/mdop/appv-v5/how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-beta.md deleted file mode 100644 index 96723eea3e..0000000000 --- a/mdop/appv-v5/how-to-view-and-configure-applications-and-default-virtual-application-extensions-by-using-the-management-console-beta.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console -description: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console -author: dansimp -ms.assetid: c77e6662-7a18-4da1-8da8-b58068b65fa1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console - - -Use the following procedure to view and configure default package extensions. - -**To view and configure default virtual application extensions** - -1. To view the package that you want to configure, open the App-V 5.0 Management Console. Select the package that you want to configure, right-click the package name and select **edit default configuration**. - -2. To view the applications contained in the specified package, in the **Default Configuration** pane, click **Applications**. To view the shortcuts for that package, click **Shortcuts**. To view the file type associations for that package, click **File Types**. - -3. To enable the application extensions, select **ENABLE**. - - To enable shortcuts, select **ENABLE SHORTCUTS**. To add a new shortcut for the selected application, right-click the application in the **SHORTCUTS** pane and select **Add new shortcut**. To remove a shortcut, right-click the application in the **SHORTCUTS** pane and select **Remove Shortcut**. To edit an existing shortcut, right-click the application and select **Edit Shortcut**. - -4. To view any other application extensions, click **Advanced** and click **Export Configuration**. Type in a filename and click **Save**. You can view all application extensions associated with the package using the configuration file. - -5. To edit other application extensions, modify the configuration file and click **Import and Overwrite this Configuration**. Select the modified file and click **Open**. In the dialog box, click **Overwrite** to complete the process. - - **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/images/checklistbox.gif b/mdop/appv-v5/images/checklistbox.gif deleted file mode 100644 index 8af13c51d1..0000000000 Binary files a/mdop/appv-v5/images/checklistbox.gif and /dev/null differ diff --git a/mdop/appv-v5/images/packageaddfileandregistrydata-global.png b/mdop/appv-v5/images/packageaddfileandregistrydata-global.png deleted file mode 100644 index 775e290a36..0000000000 Binary files a/mdop/appv-v5/images/packageaddfileandregistrydata-global.png and /dev/null differ diff --git a/mdop/appv-v5/images/packageaddfileandregistrydata-stream.png b/mdop/appv-v5/images/packageaddfileandregistrydata-stream.png deleted file mode 100644 index 0e1205c62b..0000000000 Binary files a/mdop/appv-v5/images/packageaddfileandregistrydata-stream.png and /dev/null differ diff --git a/mdop/appv-v5/images/packageaddfileandregistrydata.png b/mdop/appv-v5/images/packageaddfileandregistrydata.png deleted file mode 100644 index 603420e627..0000000000 Binary files a/mdop/appv-v5/images/packageaddfileandregistrydata.png and /dev/null differ diff --git a/mdop/appv-v5/index.md b/mdop/appv-v5/index.md deleted file mode 100644 index 8f3c652084..0000000000 --- a/mdop/appv-v5/index.md +++ /dev/null @@ -1,65 +0,0 @@ ---- -title: Application Virtualization 5 -description: Application Virtualization 5 -author: dansimp -ms.assetid: e82eb44b-9ccd-41aa-923b-71400230ad23 -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 04/19/2017 ---- - - -# Application Virtualization 5 - - -Microsoft Application Virtualization (App-V) 5 lets administrators make applications available to end users without having to install the applications directly on end user computers. App-V transforms applications into centrally managed services that are never installed and don't conflict with other applications. - -## App-V 5 Versions - - -[Microsoft Application Virtualization 5.1 Administrator's Guide](microsoft-application-virtualization-51-administrators-guide.md) - -> [!NOTE] -> Application Virtualization 5.1 for Remote Desktop Services will be end of life on January 10, 2023. Please upgrade to a supported version, such as App-V 5.0 with Service Pack 3 prior to this date. - -[Microsoft Application Virtualization 5.0 Administrator's Guide](microsoft-application-virtualization-50-administrators-guide.md) - -> [!NOTE] -> Application Virtualization 5.0 for Windows Desktops will be end of life on January 10, 2023. Please upgrade to a supported version, such as App-V 5.0 with Service Pack 3 prior to this date. - -## More Information - - -[Release Notes for App-V 5.1](release-notes-for-app-v-51.md) -View updated product information and known issues for App-V 5.1. - -[Release Notes for App-V 5.0 SP3](release-notes-for-app-v-50-sp3.md) -View updated product information and known issues for App-V 5.0 SP3. - -[Release Notes for App-V 5.0 SP2](release-notes-for-app-v-50-sp2.md) -View updated product information and known issues for App-V 5.0 SP2. - -[Release Notes for App-V 5.0](release-notes-for-app-v-50.md) -View updated product information and known issues for App-V 5.0. - -[MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286) -Learn about the latest MDOP information and resources. - -[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) -Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447). - - - - - - -  - -  - - - - - diff --git a/mdop/appv-v5/maintaining-app-v-50.md b/mdop/appv-v5/maintaining-app-v-50.md deleted file mode 100644 index a8cfb7715b..0000000000 --- a/mdop/appv-v5/maintaining-app-v-50.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -title: Maintaining App-V 5.0 -description: Maintaining App-V 5.0 -author: dansimp -ms.assetid: 66851ec3-c674-493b-ad6d-db8fcbf1956c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Maintaining App-V 5.0 - - -After you have completed all the necessary planning, and then deployment of App-V 5.0, you can use the following information to maintain the App-V 5.0 infrastructure. - -## Move the App-V 5.0 Server - - -The App-V 5.0 server connects to the App-V 5.0 database. Therefore you can install the management component to any computer on the network and then connect it to the App-V 5.0 database. - -[How to Move the App-V Server to Another Computer](how-to-move-the-app-v-server-to-another-computer.md) - -## Determine if an App-V 5.0 Application is Running Virtualized - - -Independent software vendors (ISV) who want to determine if an application is running virtualized with App-V 5.0 or above, should open a named object called **AppVVirtual-<PID>** in the default namespace. For example, Windows API **GetCurrentProcessId()** can be used to obtain the current process's ID, for example 4052, and then if a named Event object called **AppVVirtual-4052** can be successfully opened using **OpenEvent()** in the default namespace for read access, then the application is virtual. If the **OpenEvent()** call fails, the application is not virtual. - -Additionally, ISV’s who want to explicitly virtualize or not virtualize calls on specific API’s with App-V 5.0 and above, can use the **VirtualizeCurrentThread()** and **CurrentThreadIsVirtualized()** functions implemented in the AppEntSubsystems32.dll module. These provide a way of hinting at a downstream component that the call should or should not be virtualized. - - - - - - -## Other resources for maintaining App-V 5.0 - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/maintaining-app-v-51.md b/mdop/appv-v5/maintaining-app-v-51.md deleted file mode 100644 index 005a024a2b..0000000000 --- a/mdop/appv-v5/maintaining-app-v-51.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -title: Maintaining App-V 5.1 -description: Maintaining App-V 5.1 -author: dansimp -ms.assetid: 5abd17d3-e8af-4261-b914-741ae116b0e7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Maintaining App-V 5.1 - - -After you have completed all the necessary planning, and then deployment of App-V 5.1, you can use the following information to maintain the App-V 5.1 infrastructure. - -## Move the App-V 5.1 Server - - -The App-V 5.1 server connects to the App-V 5.1 database. Therefore you can install the management component to any computer on the network and then connect it to the App-V 5.1 database. - -[How to Move the App-V Server to Another Computer](how-to-move-the-app-v-server-to-another-computer51.md) - -## Determine if an App-V 5.1 Application is Running Virtualized - - -Independent software vendors (ISV) who want to determine if an application is running virtualized with App-V 5.1 or above, should open a named object called **AppVVirtual-<PID>** in the default namespace. For example, Windows API **GetCurrentProcessId()** can be used to obtain the current process's ID, for example 4052, and then if a named Event object called **AppVVirtual-4052** can be successfully opened using **OpenEvent()** in the default namespace for read access, then the application is virtual. If the **OpenEvent()** call fails, the application is not virtual. - -Additionally, ISV’s who want to explicitly virtualize or not virtualize calls on specific API’s with App-V 5.1 and above, can use the **VirtualizeCurrentThread()** and **CurrentThreadIsVirtualized()** functions implemented in the AppEntSubsystems32.dll module. These provide a way of hinting at a downstream component that the call should or should not be virtualized. - - - - - - -## Other resources for maintaining App-V 5.1 - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/managing-connection-groups.md b/mdop/appv-v5/managing-connection-groups.md deleted file mode 100644 index 1c3c341ef5..0000000000 --- a/mdop/appv-v5/managing-connection-groups.md +++ /dev/null @@ -1,81 +0,0 @@ ---- -title: Managing Connection Groups -description: Managing Connection Groups -author: dansimp -ms.assetid: 1a9c8f26-f421-4b70-b7e2-da8118e8198c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Managing Connection Groups - - -Connection groups enable the applications within a package to interact with each other in the virtual environment, while remaining isolated from the rest of the system. By using connection groups, administrators can manage packages independently and can avoid having to add the same application multiple times to a client computer. - -**Note**   -In previous versions of App-V 5.0, connection groups were referred to as Dynamic Suite Composition. - - - -**In this topic:** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - -

About the Connection Group Virtual Environment

Describes the connection group virtual environment.

About the Connection Group File

Describes the connection group file.

How to Create a Connection Group

Explains how to create a new connection group.

How to Create a Connection Group with User-Published and Globally Published Packages

Explains how to create a new connection group that contains a mix of packages that are published to the user and published globally.

How to Delete a Connection Group

Explains how to delete a connection group.

How to Publish a Connection Group

Explains how to publish a connection group.

- - - - - - - - -## Other resources for App-V 5.0 connection groups - - -- [Operations for App-V 5.0](operations-for-app-v-50.md) - - - - - - - - - diff --git a/mdop/appv-v5/managing-connection-groups51.md b/mdop/appv-v5/managing-connection-groups51.md deleted file mode 100644 index 43554b1ff9..0000000000 --- a/mdop/appv-v5/managing-connection-groups51.md +++ /dev/null @@ -1,81 +0,0 @@ ---- -title: Managing Connection Groups -description: Managing Connection Groups -author: dansimp -ms.assetid: 22c9d3cb-7246-4173-9742-4ba1c24b0a6a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Managing Connection Groups - - -Connection groups enable the applications within a package to interact with each other in the virtual environment, while remaining isolated from the rest of the system. By using connection groups, administrators can manage packages independently and can avoid having to add the same application multiple times to a client computer. - -**Note**   -In some previous versions of App-V, connection groups were referred to as Dynamic Suite Composition. - - - -**In this topic:** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - -

About the Connection Group Virtual Environment

Describes the connection group virtual environment.

About the Connection Group File

Describes the connection group file.

How to Create a Connection Group

Explains how to create a new connection group.

How to Create a Connection Group with User-Published and Globally Published Packages

Explains how to create a new connection group that contains a mix of packages that are published to the user and published globally.

How to Delete a Connection Group

Explains how to delete a connection group.

How to Publish a Connection Group

Explains how to publish a connection group.

- - - - - - - - -## Other resources for App-V 5.1 connection groups - - -- [Operations for App-V 5.1](operations-for-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/microsoft-application-virtualization-50-administrators-guide.md b/mdop/appv-v5/microsoft-application-virtualization-50-administrators-guide.md deleted file mode 100644 index 3645704cf9..0000000000 --- a/mdop/appv-v5/microsoft-application-virtualization-50-administrators-guide.md +++ /dev/null @@ -1,58 +0,0 @@ ---- -title: Microsoft Application Virtualization 5.0 Administrator's Guide -description: Microsoft Application Virtualization 5.0 Administrator's Guide -author: dansimp -ms.assetid: c46e94b5-32cd-4377-8dc3-8163539be897 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - -# Microsoft Application Virtualization 5.0 Administrator's Guide - -The Microsoft Application Virtualization (App-V) 5.0 Administrator’s Guide provides information and step-by-step procedures to help you administer the App-V 5.0 system and its components. This information will be valuable for system administrators who manage large installations with many servers and clients and for support personnel who interact directly with the computers or the end users. - -- [Getting Started with App-V 5.0](getting-started-with-app-v-50--rtm.md) - - [About App-V 5.0](about-app-v-50.md) - - [About App-V 5.0 SP1](about-app-v-50-sp1.md) - - [About App-V 5.0 SP2](about-app-v-50-sp2.md) - - [About App-V 5.0 SP3](about-app-v-50-sp3.md) - - [Evaluating App-V 5.0](evaluating-app-v-50.md) - - [High Level Architecture for App-V 5.0](high-level-architecture-for-app-v-50.md) - - [Accessibility for App-V 5.0](accessibility-for-app-v-50.md) -- [Planning for App-V 5.0](planning-for-app-v-50-rc.md) - - [Preparing Your Environment for App-V 5.0](preparing-your-environment-for-app-v-50.md) - - [Planning to Deploy App-V](planning-to-deploy-app-v.md) - - [App-V 5.0 Planning Checklist](app-v-50-planning-checklist.md) -- [Deploying App-V 5.0](deploying-app-v-50.md) - - [Deploying the App-V 5.0 Sequencer and Client](deploying-the-app-v-50-sequencer-and-client.md) - - [Deploying the App-V 5.0 Server](deploying-the-app-v-50-server.md) - - [App-V 5.0 Deployment Checklist](app-v-50-deployment-checklist.md) - - [Deploying Microsoft Office 2016 by Using App-V](deploying-microsoft-office-2016-by-using-app-v.md) - - [Deploying Microsoft Office 2013 by Using App-V](deploying-microsoft-office-2013-by-using-app-v.md) - - [Deploying Microsoft Office 2010 by Using App-V](deploying-microsoft-office-2010-by-using-app-v.md) -- [Operations for App-V 5.0](operations-for-app-v-50.md) - - [Creating and Managing App-V 5.0 Virtualized Applications](creating-and-managing-app-v-50-virtualized-applications.md) - - [Administering App-V 5.0 Virtual Applications by Using the Management Console](administering-app-v-50-virtual-applications-by-using-the-management-console.md) - - [Managing Connection Groups](managing-connection-groups.md) - - [Deploying App-V 5.0 Packages by Using Electronic Software Distribution (ESD)](deploying-app-v-50-packages-by-using-electronic-software-distribution--esd-.md) - - [Using the App-V 5.0 Client Management Console](using-the-app-v-50-client-management-console.md) - - [Migrating from a Previous Version](migrating-from-a-previous-version-app-v-50.md) - - [Maintaining App-V 5.0](maintaining-app-v-50.md) - - [Administering App-V by Using PowerShell](administering-app-v-by-using-powershell.md) -- [Troubleshooting App-V 5.0](troubleshooting-app-v-50.md) -- [Technical Reference for App-V 5.0](technical-reference-for-app-v-50.md) - - [Performance Guidance for Application Virtualization 5.0](performance-guidance-for-application-virtualization-50.md) - - [Application Publishing and Client Interaction](application-publishing-and-client-interaction.md) - - [Viewing App-V Server Publishing Metadata](viewing-app-v-server-publishing-metadata.md) - - [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications.md) - -## Also see - -- Add or vote on suggestions on the ["Microsoft Application Virtualization" forum on UserVoice.com](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). -- For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). diff --git a/mdop/appv-v5/microsoft-application-virtualization-51-administrators-guide.md b/mdop/appv-v5/microsoft-application-virtualization-51-administrators-guide.md deleted file mode 100644 index 07efe04eca..0000000000 --- a/mdop/appv-v5/microsoft-application-virtualization-51-administrators-guide.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: Microsoft Application Virtualization 5.1 Administrator's Guide -description: Microsoft Application Virtualization 5.1 Administrator's Guide -author: dansimp -ms.assetid: 3049996a-7253-4599-a29a-1b58f9ab14a4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - -# Microsoft Application Virtualization 5.1 Administrator's Guide - -The Microsoft Application Virtualization (App-V) 5.1 Administrator’s Guide provides information and step-by-step procedures to help you administer the App-V 5.1 system and its components. This information will be valuable for system administrators who manage large installations with many servers and clients and for support personnel who interact directly with the computers or the end users. - -- [Getting Started with App-V 5.1](getting-started-with-app-v-51.md) - - [About App-V 5.1](about-app-v-51.md) - - [Evaluating App-V 5.1](evaluating-app-v-51.md) - - [High Level Architecture for App-V 5.1](high-level-architecture-for-app-v-51.md) - - [Accessibility for App-V 5.1](accessibility-for-app-v-51.md) -- [Planning for App-V 5.1](planning-for-app-v-51.md) - - [Preparing Your Environment for App-V 5.1](preparing-your-environment-for-app-v-51.md) - - [Planning to Deploy App-V](planning-to-deploy-app-v51.md) -- [Deploying App-V 5.1](deploying-app-v-51.md) - - [Deploying the App-V 5.1 Sequencer and Client](deploying-the-app-v-51-sequencer-and-client.md) - - [Deploying the App-V 5.1 Server](deploying-the-app-v-51-server.md) - - [App-V 5.1 Deployment Checklist](app-v-51-deployment-checklist.md) - - [Deploying Microsoft Office 2016 by Using App-V](deploying-microsoft-office-2016-by-using-app-v51.md) - - [Deploying Microsoft Office 2013 by Using App-V](deploying-microsoft-office-2013-by-using-app-v51.md) - - [Deploying Microsoft Office 2010 by Using App-V](deploying-microsoft-office-2010-by-using-app-v51.md) -- [Operations for App-V 5.1](operations-for-app-v-51.md) - - [Creating and Managing App-V 5.1 Virtualized Applications](creating-and-managing-app-v-51-virtualized-applications.md) - - [Administering App-V 5.1 Virtual Applications by Using the Management Console](administering-app-v-51-virtual-applications-by-using-the-management-console.md) - - [Managing Connection Groups](managing-connection-groups51.md) - - [Deploying App-V 5.1 Packages by Using Electronic Software Distribution (ESD)](deploying-app-v-51-packages-by-using-electronic-software-distribution--esd-.md) - - [Using the App-V 5.1 Client Management Console](using-the-app-v-51-client-management-console.md) - - [Migrating to App-V 5.1 from a Previous Version](migrating-to-app-v-51-from-a-previous-version.md) - - [Maintaining App-V 5.1](maintaining-app-v-51.md) - - [Administering App-V 5.1 by Using PowerShell](administering-app-v-51-by-using-powershell.md) -- [Troubleshooting App-V 5.1](troubleshooting-app-v-51.md) -- [Technical Reference for App-V 5.1](technical-reference-for-app-v-51.md) - - [Performance Guidance for Application Virtualization 5.1](performance-guidance-for-application-virtualization-51.md) - - [Application Publishing and Client Interaction](application-publishing-and-client-interaction51.md) - - [Viewing App-V Server Publishing Metadata](viewing-app-v-server-publishing-metadata51.md) - - [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications51.md) - -## Also see - -- Add or vote on suggestions on the ["Microsoft Application Virtualization" forum on UserVoice.com](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). -- For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). diff --git a/mdop/appv-v5/migrating-from-a-previous-version-app-v-50.md b/mdop/appv-v5/migrating-from-a-previous-version-app-v-50.md deleted file mode 100644 index c3d4ae514c..0000000000 --- a/mdop/appv-v5/migrating-from-a-previous-version-app-v-50.md +++ /dev/null @@ -1,199 +0,0 @@ ---- -title: Migrating from a Previous Version -description: Migrating from a Previous Version -author: dansimp -ms.assetid: a13cd353-b22a-48f7-af1e-5d54ede2a7e5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Migrating from a Previous Version - - -With App-V 5.0 you can migrate your existing App-V 4.6 infrastructure to the more flexible, integrated, and easier to manage App-V 5.0 infrastructure. - -Consider the following sections when you plan your migration strategy: - -**Note**   -For more information about the differences between App-V 4.6 and App-V 5.0, see the **Differences between App-V 4.6 and App-V 5.0 section** of [About App-V 5.0](about-app-v-50.md). - - - -## Converting packages created using a prior version of App-V - - -Use the package converter utility to upgrade virtual application packages created using previous versions of App-V. The package converter uses PowerShell to convert packages and can help automate the process if you have many packages that require conversion. - -**Important**   -After you convert an existing package you should test the package prior to deploying the package to ensure the conversion process was successful. - - - -**What to know before you convert existing packages** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IssueWorkaround

Package scripts are not converted.

Test the converted package. If necessary convert the script.

Package registry setting overrides are not converted.

Test the converted package. If necessary, re-add registry overrides.

Virtual packages using DSC are not linked after conversion.

Link the packages using connection groups. See Managing Connection Groups.

Environment variable conflicts are detected during conversion.

Resolve any conflicts in the associated .osd file.

Hard-coded paths are detected during conversion.

Hard-coded paths are difficult to convert correctly. The package converter will detect and return packages with files that contain hard-coded paths. View the file with the hard-coded path, and determine whether the package requires the file. If so, it is recommended to re-sequence the package.

- - - -When converting a package check for failing files or shortcuts. Locate the item in App-V 4.6 package. It could possibly be hard-coded path. Convert the path. - -**Note**   -It is recommended that you use the App-V 5.0 sequencer for converting critical applications or applications that need to take advantage of features. See, [How to Sequence a New Application with App-V 5.0](how-to-sequence-a-new-application-with-app-v-50-beta-gb18030.md). - -If a converted package does not open after you convert it, it is also recommended that you re-sequence the application using the App-V 5.0 sequencer. - - - -[How to Convert a Package Created in a Previous Version of App-V](how-to-convert-a-package-created-in-a-previous-version-of-app-v.md) - -## Migrating Clients - - -The following table displays the recommended method for upgrading clients. - - ---- - - - - - - - - - - - - - - - - - - - - -
TaskMore Information

Upgrade your environment to App-V 4.6 SP2

Application Virtualization Deployment and Upgrade Considerations.

Install the App-V 5.0 client with co-existence enabled.

How to Deploy the App-V 4.6 and the App-V 5.0 Client on the Same Computer.

Sequence and roll out App-V 5.0 packages. As needed, unpublish App-V 4.6 packages.

How to Sequence a New Application with App-V 5.0.

- - - -**Important**   -You must be running App-V 4.6 SP3 to use coexistence mode. Additionally, when you sequence a package, you must configure the Managing Authority setting, which is in the **User Configuration** is located in the **User Configuration** section. - - - -## Migrating the App-V 5.0 Server Full Infrastructure - - -There is no direct method to upgrade to a full App-V 5.0 infrastructure. Use the information in the following section for information about upgrading the App-V server. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
TaskMore Information

Upgrade your environment to App-V 4.6 SP3.

Application Virtualization Deployment and Upgrade Considerations.

Deploy App-V 5.0 version of the client.

How to Deploy the App-V Client.

Install App-V 5.0 server.

How to Deploy the App-V 5.0 Server.

Migrate existing packages.

See the Converting packages created using a prior version of App-V section of this article.

- - - -## Additional Migration tasks - - -You can also perform additional migration tasks such as reconfiguring end points as well as opening a package created using a prior version on a computer running the App-V 5.0 client. The following links provide more information about performing these tasks. - -[How to Migrate Extension Points From an App-V 4.6 Package to a Converted App-V 5.0 Package for All Users on a Specific Computer](how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-50-package-for-all-users-on-a-specific-computer.md) - -[How to Migrate Extension Points From an App-V 4.6 Package to App-V 5.0 for a Specific User](how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-50-for-a-specific-user.md) - -[How to Revert Extension Points from an App-V 5.0 Package to an App-V 4.6 Package For All Users on a Specific Computer](how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-all-users-on-a-specific-computer.md) - -[How to Revert Extension Points From an App-V 5.0 Package to an App-V 4.6 Package for a Specific User](how-to-revert-extension-points-from-an-app-v-50-package-to-an-app-v-46-package-for-a-specific-user.md) - - - - - - - -## Other resources for performing App-V migration tasks - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - -[A simplified Microsoft App-V 5.1 Management Server upgrade procedure](https://go.microsoft.com/fwlink/p/?LinkId=786330) - - - - - - - - - diff --git a/mdop/appv-v5/migrating-to-app-v-51-from-a-previous-version.md b/mdop/appv-v5/migrating-to-app-v-51-from-a-previous-version.md deleted file mode 100644 index 3692e67c10..0000000000 --- a/mdop/appv-v5/migrating-to-app-v-51-from-a-previous-version.md +++ /dev/null @@ -1,335 +0,0 @@ ---- -title: Migrating to App-V 5.1 from a Previous Version -description: Migrating to App-V 5.1 from a Previous Version -author: dansimp -ms.assetid: e7ee0edc-7544-4c0a-aaca-d922a33bc1bb -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Migrating to App-V 5.1 from a Previous Version - - -With Microsoft Application Virtualization (App-V) 5.1, you can migrate your existing App-V 4.6 or App-V 5.0 infrastructure to the more flexible, integrated, and easier to manage App-V 5.1 infrastructure. -However, you cannot migrate directly from App-V 4.x to App-V 5.1, you must migrate to App-V 5.0 first. For more information on migrating from App-V 4.x to App-V 5.0, see [Migrating from a Previous Version](migrating-from-a-previous-version-app-v-50.md) - -**Note**   -App-V 5.1 packages are exactly the same as App-V 5.0 packages. There has been no change in the package format between the versions and therefore, there is no need to convert App-V 5.0 packages to App-V 5.1 packages. - -For more information about the differences between App-V 4.6 and App-V 5.1, see the **Differences between App-V 4.6 and App-V 5.0 section** of [About App-V 5.0](about-app-v-50.md). - - - -## Improvements to the App-V 5.1 Package Converter - - -You can now use the package converter to convert App-V 4.6 packages that contain scripts, and registry information and scripts from source .osd files are now included in package converter output. - -You can also use the `–OSDsToIncludeInPackage` parameter with the `ConvertFrom-AppvLegacyPackage` cmdlet to specify which .osd files’ information is converted and placed within the new package. - - ---- - - - - - - - - - - - - -
New in App-V 5.1Prior to App-V 5.1

New .xml files are created corresponding to the .osd files associated with a package; these files include the following information:

-
    -

  • environment variables

    • -

  • shortcuts

    • -

  • file type associations

    • -

  • registry information

    • -

  • scripts

    • -
-

You can now choose to add information from a subset of the .osd files in the source directory to the package using the -OSDsToIncludeInPackage parameter.

Registry information and scripts included in .osd files associated with a package were not included in package converter output.

-

The package converter would populate the new package with information from all of the .osd files in the source directory.

- - - -### Example conversion statement - -To understand the new process, review the following example `ConvertFrom-AppvLegacyPackage` package converter statement. - -**If the source directory (\\\\OldPkgStore\\ContosoApp) includes the following:** - -- ContosoApp.sft - -- ContosoApp.msi - -- ContosoApp.sprj - -- ContosoApp\_manifest.xml - -- X.osd - -- Y.osd - -- Z.osd - -**And you run this command:** - -``` syntax -ConvertFrom-AppvLegacyPackage –SourcePath \\OldPkgStore\ContosoApp\ --DestinationPath \\NewPkgStore\ContosoApp\ --OSDsToIncludeInPackage X.osd,Y.osd -``` - -**The following is created in the destination directory (\\\\NewPkgStore\\ContosoApp):** - -- ContosoApp.appv - -- ContosoApp.msi - -- ContosoApp\_DeploymentConfig.xml - -- ContosoApp\_UserConfig.xml - -- X\_Config.xml - -- Y\_Config.xml - -- Z\_Config.xml - -**In the above example:** - - ------ - - - - - - - - - - - - - - - - - - - - - - -
These Source directory files……are converted to these Destination directory files……and will contain these itemsDescription
    -

  • X.osd

    • -

  • Y.osd

    • -

  • Z.osd

    • -
    -

  • X_Config.xml

    • -

  • Y_Config.xml

    • -

  • Z_Config.xml

    • -
    -

  • Environment variables

    • -

  • Shortcuts

    • -

  • File type associations

    • -

  • Registry information

    • -

  • Scripts

    • -

Each .osd file is converted to a separate, corresponding .xml file that contains the items listed here in App-V 5.1 deployment configuration format. These items can then be copied from these .xml files and placed in the deployment configuration or user configuration files as desired.

-

In this example, there are three .xml files, corresponding with the three .osd files in the source directory. Each .xml file contains the environment variables, shortcuts, file type associations, registry information, and scripts in its corresponding .osd file.

    -

  • X.osd

    • -

  • Y.osd

    • -
    -

  • ContosoApp.appv

    • -

  • ContosoApp_DeploymentConfig.xml

    • -

  • ContosoApp_UserConfig.xml

    • -
    -

  • Environment variables

    • -

  • Shortcuts

    • -

  • File type associations

    • -

The information from the .osd files specified in the -OSDsToIncludeInPackage parameter are converted and placed inside the package. The converter then populates the deployment configuration file and the user configuration file with the contents of the package, just as App-V Sequencer does when sequencing a new package.

-

In this example, environment variables, shortcuts, and file type associations included in X.osd and Y.osd were converted and placed in the App-V package, and some of this information was also included in the deployment configuration and user configuration files. X.osd and Y.osd were used because they were included as arguments to the -OSDsToIncludeInPackage parameter. No information from Z.osd was included in the package, because it was not included as one of these arguments.

- - - -## Converting packages created using a prior version of App-V - - -Use the package converter utility to upgrade virtual application packages created using versions of App-V prior to App-V 5.0. The package converter uses PowerShell to convert packages and can help automate the process if you have many packages that require conversion. - -**Important**   -After you convert an existing package you should test the package prior to deploying the package to ensure the conversion process was successful. - - - -**What to know before you convert existing packages** - - ---- - - - - - - - - - - - - - - - - - - - - -
IssueWorkaround

Virtual packages using DSC are not linked after conversion.

Link the packages using connection groups. See Managing Connection Groups.

Environment variable conflicts are detected during conversion.

Resolve any conflicts in the associated .osd file.

Hard-coded paths are detected during conversion.

Hard-coded paths are difficult to convert correctly. The package converter will detect and return packages with files that contain hard-coded paths. View the file with the hard-coded path, and determine whether the package requires the file. If so, it is recommended to re-sequence the package.

- - - -When converting a package check for failing files or shortcuts. Locate the item in App-V 4.6 package. It could possibly be a hard-coded path. Convert the path. - -**Note**   -It is recommended that you use the App-V 5.1 sequencer for converting critical applications or applications that need to take advantage of features. See, [How to Sequence a New Application with App-V 5.1](how-to-sequence-a-new-application-with-app-v-51-beta-gb18030.md). - -If a converted package does not open after you convert it, it is also recommended that you re-sequence the application using the App-V 5.1 sequencer. - - - -[How to Convert a Package Created in a Previous Version of App-V](how-to-convert-a-package-created-in-a-previous-version-of-app-v51.md) - -## Migrating Clients - - -The following table displays the recommended method for upgrading clients. - - ---- - - - - - - - - - - - - - - - - - - - - -
TaskMore Information

Upgrade your environment to the latest version of App-V 4.6

Application Virtualization Deployment and Upgrade Considerations.

Install the App-V 5.1 client with co-existence enabled.

How to Deploy the App-V 4.6 and the App-V 5.1 Client on the Same Computer.

Sequence and roll out App-V 5.1 packages. As needed, unpublish App-V 4.6 packages.

How to Sequence a New Application with App-V 5.1.

- - - -**Important**   -You must be running the latest version of App-V 4.6 to use coexistence mode. Additionally, when you sequence a package, you must configure the Managing Authority setting, which is in the **User Configuration** is located in the **User Configuration** section. - - - -## Migrating the App-V 5.1 Server Full Infrastructure - - -There is no direct method to upgrade to a full App-V 5.1 infrastructure. Use the information in the following section for information about upgrading the App-V server. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
TaskMore Information

Upgrade your environment to the latest version of App-V 4.6.

Application Virtualization Deployment and Upgrade Considerations.

Deploy App-V 5.1 version of the client.

How to Deploy the App-V Client.

Install App-V 5.1 server.

How to Deploy the App-V 5.1 Server.

Migrate existing packages.

See the Converting packages created using a prior version of App-V section of this article.

- - - -## Additional Migration tasks - - -You can also perform additional migration tasks such as reconfiguring end points as well as opening a package created using a prior version on a computer running the App-V 5.1 client. The following links provide more information about performing these tasks. - -[How to Migrate Extension Points From an App-V 4.6 Package to a Converted App-V 5.1 Package for All Users on a Specific Computer](how-to-migrate-extension-points-from-an-app-v-46-package-to-a-converted-app-v-51-package-for-all-users-on-a-specific-computer.md) - -[How to Migrate Extension Points From an App-V 4.6 Package to App-V 5.1 for a Specific User](how-to-migrate-extension-points-from-an-app-v-46-package-to-app-v-51-for-a-specific-user.md) - -[How to Revert Extension Points from an App-V 5.1 Package to an App-V 4.6 Package For All Users on a Specific Computer](how-to-revert-extension-points-from-an-app-v-51-package-to-an-app-v-46-package-for-all-users-on-a-specific-computer.md) - -[How to Revert Extension Points From an App-V 5.1 Package to an App-V 4.6 Package for a Specific User](how-to-revert-extension-points-from-an-app-v-51-package-to-an-app-v-46-package-for-a-specific-user.md) - - - - - - - -## Other resources for performing App-V migration tasks - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - -[A simplified Microsoft App-V 5.1 Management Server upgrade procedure](https://go.microsoft.com/fwlink/p/?LinkId=786330) - - - - - - - - - diff --git a/mdop/appv-v5/operations-for-app-v-50.md b/mdop/appv-v5/operations-for-app-v-50.md deleted file mode 100644 index 3df456161b..0000000000 --- a/mdop/appv-v5/operations-for-app-v-50.md +++ /dev/null @@ -1,78 +0,0 @@ ---- -title: Operations for App-V 5.0 -description: Operations for App-V 5.0 -author: dansimp -ms.assetid: 4d0d41a6-f7da-4a2f-8ac9-2d67cc18ea93 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Operations for App-V 5.0 - - -This section of the App-V 5.0 Administrator’s Guide includes information about the various types of App-V 5.0 administration and operating tasks that are typically performed by an administrator. This section also includes step-by-step procedures to help you successfully perform those tasks. - -## Operations Information - - -- [Creating and Managing App-V 5.0 Virtualized Applications](creating-and-managing-app-v-50-virtualized-applications.md) - - Describes how to create, modify, and convert virtualized packages. - -- [Administering App-V 5.0 Virtual Applications by Using the Management Console](administering-app-v-50-virtual-applications-by-using-the-management-console.md) - - Describes how to use the App-V Management console to perform tasks such as sequencing an application, changing a package, using a project template, and using a package accelerator. - -- [Managing Connection Groups](managing-connection-groups.md) - - Describes how connection groups enable virtualized applications to communicate with each other in the virtual environment; explains how to create, publish, and delete them; and describes how connection groups can help you better manage your virtualized applications. - -- [Deploying App-V 5.0 Packages by Using Electronic Software Distribution (ESD)](deploying-app-v-50-packages-by-using-electronic-software-distribution--esd-.md) - - Describes how to deploy App-V packages by using an ESD. - -- [Using the App-V 5.0 Client Management Console](using-the-app-v-50-client-management-console.md) - - Describes how perform client configuration tasks using the client management console. - -- [Migrating from a Previous Version](migrating-from-a-previous-version-app-v-50.md) - - Provides instructions for migrating to App-V 5.0 from a previous version. - -- [Administering App-V by Using PowerShell](administering-app-v-by-using-powershell.md) - - Describes the set of Windows PowerShell cmdlets available for administrators performing various App-V 5.0 server tasks. - - - - - - -## Other Resources for App-V Operations - - -- [Microsoft Application Virtualization 5.0 Administrator's Guide](microsoft-application-virtualization-50-administrators-guide.md) - -- [Getting Started with App-V 5.0](getting-started-with-app-v-50--rtm.md) - -- [Planning for App-V 5.0](planning-for-app-v-50-rc.md) - -- [Deploying App-V 5.0](deploying-app-v-50.md) - -- [Troubleshooting App-V 5.0](troubleshooting-app-v-50.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/operations-for-app-v-51.md b/mdop/appv-v5/operations-for-app-v-51.md deleted file mode 100644 index 8a97413907..0000000000 --- a/mdop/appv-v5/operations-for-app-v-51.md +++ /dev/null @@ -1,80 +0,0 @@ ---- -title: Operations for App-V 5.1 -description: Operations for App-V 5.1 -author: dansimp -ms.assetid: dd13b5c9-2d1e-442f-91e4-43dec7f17ea2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Operations for App-V 5.1 - - -This section of the Microsoft Application Virtualization (App-V) 5.1 Administrator’s Guide includes information about the various types of App-V 5.1 administration and operating tasks that are typically performed by an administrator. This section also includes step-by-step procedures to help you successfully perform those tasks. - -## Operations Information - - -- [Creating and Managing App-V 5.1 Virtualized Applications](creating-and-managing-app-v-51-virtualized-applications.md) - - Describes how to create, modify, and convert virtualized packages. - -- [Administering App-V 5.1 Virtual Applications by Using the Management Console](administering-app-v-51-virtual-applications-by-using-the-management-console.md) - - Describes how to use the App-V Management console to perform tasks such as sequencing an application, changing a package, using a project template, and using a package accelerator. - -- [Managing Connection Groups](managing-connection-groups51.md) - - Describes how connection groups enable virtualized applications to communicate with each other in the virtual environment; explains how to create, publish, and delete them; and describes how connection groups can help you better manage your virtualized applications. - -- [Deploying App-V 5.1 Packages by Using Electronic Software Distribution (ESD)](deploying-app-v-51-packages-by-using-electronic-software-distribution--esd-.md) - - Describes how to deploy App-V packages by using an ESD. - -- [Using the App-V 5.1 Client Management Console](using-the-app-v-51-client-management-console.md) - - Describes how perform client configuration tasks using the client management console. - -- [Migrating to App-V 5.1 from a Previous Version](migrating-to-app-v-51-from-a-previous-version.md) - - Provides instructions for migrating to App-V 5.1 from a previous version. - -- [Administering App-V 5.1 by Using PowerShell](administering-app-v-51-by-using-powershell.md) - - Describes the set of Windows PowerShell cmdlets available for administrators performing various App-V 5.1 server tasks. - - - - - - -## Other Resources for App-V Operations - - -- [Microsoft Application Virtualization 5.1 Administrator's Guide](microsoft-application-virtualization-51-administrators-guide.md) - -- [Getting Started with App-V 5.1](getting-started-with-app-v-51.md) - -- [Planning for App-V 5.1](planning-for-app-v-51.md) - -- [Deploying App-V 5.1](deploying-app-v-51.md) - -- [Troubleshooting App-V 5.1](troubleshooting-app-v-51.md) - -- [Technical Reference for App-V 5.1](technical-reference-for-app-v-51.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/performance-guidance-for-application-virtualization-50.md b/mdop/appv-v5/performance-guidance-for-application-virtualization-50.md deleted file mode 100644 index d18673c97f..0000000000 --- a/mdop/appv-v5/performance-guidance-for-application-virtualization-50.md +++ /dev/null @@ -1,761 +0,0 @@ ---- -title: Performance Guidance for Application Virtualization 5.0 -description: Performance Guidance for Application Virtualization 5.0 -author: dansimp -ms.assetid: 6b3a3255-b957-4b9b-8bfc-a93fe8438a81 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Performance Guidance for Application Virtualization 5.0 - - -Learn how to configure App-V 5.0 for optimal performance, optimize virtual app packages, and provide a better user experience with RDS and VDI. - -Implementing multiple methods can help you improve the end-user experience. However, your environment may not support all methods. - -You should read and understand the following information before reading this document. - -- [Microsoft Application Virtualization 5.0 Administrator's Guide](microsoft-application-virtualization-50-administrators-guide.md) - -- [App-V 5 SP2 Application Publishing and Client Interaction](https://go.microsoft.com/fwlink/?LinkId=395206) - -- [Microsoft Application Virtualization 5.0 Sequencing Guide](https://go.microsoft.com/fwlink/?LinkId=269953) - -**Note** -Some terms used in this document may have different meanings depending on external source and context. For more information about terms used in this document followed by an asterisk **\\*** review the [Application Virtualization Performance Guidance Terminology](#bkmk-terms1) section of this document. - - - -Finally, this document will provide you with the information to configure the computer running App-V 5.0 client and the environment for optimal performance. Optimize your virtual application packages for performance using the sequencer, and to understand how to use User Experience Virtualization (UE-V) or other user environment management technologies to provide the optimal user experience with App-V 5.0 in both Remote Desktop Services (RDS) and non-persistent virtual desktop infrastructure (VDI). - -To help determine what information is relevant to your environment you should review each section’s brief overview and applicability checklist. - -## App-V 5.0 in stateful\* non-persistent deployments - - -This section provides information about an approach that helps ensure a user will have access to all virtual applications within seconds after logging in. This is achieved by uniquely addressing the often long-running App-V 5.0 publishing refresh. As you will discover the basis of the approach, the fastest publishing refresh, is one that doesn’t have to actually do anything. A number of conditions must be met and steps followed to provide the optimal user experience. - -Use the information in the following section for more information: - -[Usage Scenarios](#bkmk-us) - As you review the two scenarios, keep in mind that these are the approach extremes. Based on your usage requirements, you may choose to apply these steps to a subset of users and/or virtual applications packages. - -- Optimized for Performance – To provide the optimal experience, you can expect the base image to include some of the App-V virtual application package. This and other requirements are discussed. - -- Optimized for Storage – If you are concerned with the storage impact, following this scenario will help address those concerns. - -[Preparing your Environment](#bkmk-pe) - -- Steps to Prepare the Base Image – Whether in a non-persistent VDI or RDSH environment, only a few steps must be completed in the base image to enable this approach. - -- Use UE-V 2.0 as the User Profile Management (UPM) solution for the App-V approach – the cornerstone of this approach is the ability of a UEM solution to persist the contents of just a few registry and file locations. These locations constitute the user integrations\*. Be sure to review the specific requirements for the UPM solution. - -[User Experience Walk-through](#bkmk-uewt) - -- Walk-through – This is a step-by-step walk-through of the App-V and UE-V operations and the expectations users should have. - -- Outcome – This describes the expected results. - -[Impact to Package Lifecycle](#bkmk-plc) - -[Enhancing the VDI Experience through Performance Optimization/Tuning](#bkmk-evdi) - -### Applicability Checklist - -Deployment Environment - - ---- - - - - - - - - - - -
Checklist box

Non-Persistent VDI or RDSH.

Checklist box

User Experience Virtualization (UE-V), other UPM solutions or User Profile Disks (UPD).

- - - -Expected Configuration - - ---- - - - - - - - - - - -
Checklist box

User Experience Virtualization (UE-V) with the App-V user state template enabled or User Profile Management (UPM) software. Non-UE-V UPM software must be capable of triggering on Login or Process/Application Start and Logoff.

Checklist box

App-V Shared Content Store (SCS) is configured or can be configured.

- - - -IT Administration - - ---- - - - - - - -
Checklist box

Admin may need to update the VM base image regularly to ensure optimal performance or Admin may need to manage multiple images for different user groups.

- - - -### Usage Scenario - -As you review the two scenarios, keep in mind that these approach the extremes. Based on your usage requirements, you may choose to apply these steps to a subset of users, virtual application packages, or both. - - ---- - - - - - - - - - - - - -
Optimized for PerformanceOptimized for Storage

To provide the most optimal user experience, this approach leverages the capabilities of a UPM solution and requires additional image preparation and can incur some additional image management overhead.

-

The following describes many performance improvements in stateful non-persistent deployments. For more information, see the Sequencing Steps to Optimize Packages for Publishing Performance and reference to App-V 5.0 Sequencing Guide in the See Also section of this document.

The general expectations of the previous scenario still apply here. However, keep in mind that VM images are typically stored in very costly arrays; a slight alteration has been made to the approach. Do not pre-configure user-targeted virtual application packages in the base image.

-

The impact of this alteration is detailed in the User Experience Walkthrough section of this document.

- - - -### Preparing your Environment - -The following table displays the required steps to prepare the base image and the UE-V or another UPM solution for the approach. - -**Prepare the Base Image** - - ---- - - - - - - - - - - - - -
Optimized for PerformanceOptimized for Storage

-
    -

  • Install the Hotfix Package 4 for Application Virtualization 5.0 SP2 client version of the client.

    • -

  • Install UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.

    • -

  • Configure for Shared Content Store (SCS) mode. For more information see How to Install the App-V 5.0 Client for Shared Content Store Mode.

    • -

  • Configure Preserve User Integrations on Login Registry DWORD.

    • -

  • Pre-configure all user- and global-targeted packages for example, Add-AppvClientPackage.

    • -

  • Pre-configure all user- and global-targeted connection groups for example, Add-AppvClientConnectionGroup.

    • -

  • Pre-publish all global-targeted packages.

    -

    -

    Alternatively,

    -
      -

    • Perform a global publishing/refresh.

      • -

    • Perform a user publishing/refresh.

      • -

    • Un-publish all user-targeted packages.

      • -

    • Delete the following user-Virtual File System (VFS) entries.

      • -
    -

    AppData\Local\Microsoft\AppV\Client\VFS

    -

    AppData\Roaming\Microsoft\AppV\Client\VFS

    • -

-
    -

  • Install the Hotfix Package 4 for Application Virtualization 5.0 SP2 client version of the client.

    • -

  • Install UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.

    • -

  • Configure for Shared Content Store (SCS) mode. For more information see How to Install the App-V 5.0 Client for Shared Content Store Mode.

    • -

  • Configure Preserve User Integrations on Login Registry DWORD.

    • -

  • Pre-configure all global-targeted packages for example, Add-AppvClientPackage.

    • -

  • Pre-configure all global-targeted connection groups for example, Add-AppvClientConnectionGroup.

    • -

  • Pre-publish all global-targeted packages.

    -

    • -
- - - -**Configurations** - For critical App-V Client configurations and for a little more context and how-to, review the following information: - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
Configuration SettingWhat does this do?How should I use it?

Shared Content Store (SCS) Mode

-
    -

  • Configurable in PowerShell using Set- AppvClientConfigurationSharedContentStoreMode, or

    • -

  • During installation of the App-V 5.0 client.

    • -

When running the shared content store only publishing data is maintained on hard disk; other virtual application assets are maintained in memory (RAM).

-

This helps to conserve local storage and minimize disk I/O per second (IOPS).

This is recommended when low-latency connections are available between the App-V Client endpoint and the SCS content server, SAN.

PreserveUserIntegrationsOnLogin

-
    -

  • Configure in the Registry under HKEY_LOCAL_MACHINE \ Software \ Microsoft \ AppV \ Client \ Integration.

    • -

  • Create the DWORD value PreserveUserIntegrationsOnLogin with a value of 1.

    • -

  • Restart the App-V client service or restart the computer running the App-V Client.

    • -

If you have not pre-configured (Add-AppvClientPackage) a specific package and this setting is not configured, the App-V Client will de-integrate* the persisted user integrations, then re-integrate*.

-

For every package that meets the above conditions, effectively twice the work will be done during publishing/refresh.

If you don’t plan to pre-configure every available user package in the base image, use this setting.

MaxConcurrentPublishingRefresh

-
    -

  • Configure in the Registry under HKEY_LOCAL_MACHINE <strong>Software \ Microsoft \ AppV <strong>Client \ Publishing.

    • -

  • Create the DWORD value MaxConcurrentPublishingrefresh with the desired maximum number of concurrent publishing refreshes.

    • -

  • The App-V client service and computer do not need to be restarted.

    • -

This setting determines the number of users that can perform a publishing refresh/sync at the same time. The default setting is no limit.

Limiting the number of concurrent publishing refreshes prevents excessive CPU usage that could impact computer performance. This limit is recommended in an RDS environment, where multiple users can log in to the same computer at the same time and perform a publishing refresh sync.

-

If the concurrent publishing refresh threshold is reached, the time required to publish new applications and make them available to end users after they log in could take an indeterminate amount of time.

- - - -### Configure UE-V solution for App-V Approach - -We recommend using Microsoft User Experience Virtualization (UE-V) to capture and centralize application settings and Windows operating system settings for a specific user. These settings are then applied to the different computers that are accessed by the user, including desktop computers, laptop computers, and virtual desktop infrastructure (VDI) sessions. UE-V is optimized for RDS and VDI scenarios. - -For more information see [Getting Started With User Experience Virtualization 2.0](https://technet.microsoft.com/library/dn458936.aspx) - -In essence all that is required is to install the UE-V client and download the following Microsoft authored App-V settings template from the [Microsoft User Experience Virtualization (UE-V) template gallery](https://gallery.technet.microsoft.com/Authored-UE-V-Settings-bb442a33). Register the template. For more information around UE-V templates see [The UE-V specific resource for acquiring and registering the template](https://technet.microsoft.com/library/dn458936.aspx). - -**Note** -Without performing an additional configuration step, the Microsoft User Environment Virtualization (UE-V) will not be able to synchronize the Start menu shortcuts (.lnk files) on the target computer. The .lnk file type is excluded by default. - -UE-V will only support removing the .lnk file type from the exclusion list in the RDS and VDI scenarios, where every user’s device will have the same set of applications installed to the same location and every .lnk file is valid for all the users’ devices. For example, UE-V would not currently support the following 2 scenarios, because the net result will be that the shortcut will be valid on one but not all devices. - -- If a user has an application installed on one device with .lnk files enabled and the same native application installed on another device to a different installation root with .lnk files enabled. - -- If a user has an application installed on one device but not another with .lnk files enabled. - - - -**Important** -This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk. - - - -Using the Microsoft Registry Editor (regedit.exe), navigate to **HKEY\_LOCAL\_MACHINE** \\ **Software** \\ **Microsoft** \\ **UEV** \\ **Agent** \\ **Configuration** \\ **ExcludedFileTypes** and remove **.lnk** from the excluded file types. - -**Configure other User Profile Management (UPM) solution for App-V Approach** - -The expectation in a stateful environment is that a UPM solution is implemented and can support persistence of user data across sessions and between logins. - -The requirements for the UPM solution are as follows. - -To enable an optimized login experience, for example the App-V 5.0 approach for the user, the solution must be capable of: - -- Persisting the below user integrations as part of the user profile/persona. - -- Triggering a user profile sync on login (or application start), which can guarantee that all user integrations are applied before publishing/refresh begin, or, - -- Attaching and detaching a user profile disk (UPD) or similar technology that contains the user integrations. - -- Capturing changes to the locations, which constitute the user integrations, prior to session logoff. - -With App-V 5.0 when you add a publishing server (**Add-AppvPublishingServer**) you can configure synchronization, for example refresh during log on and/or after a specified refresh interval. In both cases a scheduled task is created. - -In previous versions of App-V 5.0, both scheduled tasks were configured using a VBScript that would initiate the user and global refresh. With Hotfix Package 4 for Application Virtualization 5.0 SP2 the user refresh on log on is initiated by **SyncAppvPublishingServer.exe**. This change was introduced to provide UPM solutions a trigger process. This process will delay the publish /refresh to allow the UPM solution to apply the user integrations. It will exit once the publishing/refresh is complete. - -**User Integrations** - -Registry – HKEY\_CURRENT\_USER - -- Path - Software\\Classes - - Exclude: Local Settings, ActivatableClasses, AppX\* - -- Path - Software\\Microsoft\\AppV - -- Path- Software\\Microsoft\\Windows\\CurrentVersion\\App Paths - -**File Locations** - -- Root – “Environment Variable” APPDATA - - Path – Microsoft\\AppV\\Client\\Catalog - -- Root – “Environment Variable” APPDATA - - Path – Microsoft\\AppV\\Client\\Integration - -- Root – “Environment Variable” APPDATA - - Path - Microsoft\\Windows\\Start Menu\\Programs - -- (To persist all desktop shortcuts, virtual and non-virtual) - - Root - “KnownFolder” {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}FileMask - \*.lnk - -**Microsoft User Experience Virtualization (UE-V)** - -Additionally, we recommend using Microsoft User Experience Virtualization (UE-V) to capture and centralize application settings and Windows operating system settings for a specific user. These settings are then applied to the different computers that are accessed by the user, including desktop computers, laptop computers, and virtual desktop infrastructure (VDI) sessions. - -For more information see [Getting Started With User Experience Virtualization 1.0](https://technet.microsoft.com/library/jj680015.aspx) and [Sharing Settings Location Templates with the UE-V Template Gallery](https://technet.microsoft.com/library/jj679972.aspx). - -### User Experience Walk-through - -This following is a step-by-step walk-through of the App-V and UPM operations and the expectations users should expect. - - ---- - - - - - - - - - - - - -
Optimized for PerformanceOptimized for Storage

After implementing this approach in the VDI/RDSH environment, on first login,

-
    -

  • (Operation) A user-publishing/refresh is initiated. (Expectation) If this is the first time a user has published virtual applications (e.g. non-persistent), this will take the usual duration of a publishing/refresh.

    • -

  • (Operation) After the publishing/refresh, the UPM solution captures the user integrations. (Expectation) Depending on how the UPM solution is configured, this may occur as part of the logoff process. This will incur the same/similar overhead as persisting the user state.

    • -
-

On subsequent logins:

-
    -

  • (Operation) UPM solution applies the user integrations to the system prior to publishing/refresh.

    -

    (Expectation) There will be shortcuts present on the desktop, or in the start menu, which work immediately. When the publishing/refresh completes (i.e., package entitlements change), some may go away.

    • -

  • (Operation) Publishing/refresh will process un-publish and publish operations for changes in user package entitlements. (Expectation) If there are no entitlement changes, publishing1 will complete in seconds. Otherwise, the publishing/refresh will increase relative to the number and complexity* of virtual applications

    • -

  • (Operation) UPM solution will capture user integrations again at logoff. (Expectation) Same as previous.

    • -
-

¹ The publishing operation (Publish-AppVClientPackage) adds entries to the user catalog, maps entitlement to the user, identifies the local store, and finishes by completing any integration steps.

After implementing this approach in the VDI/RDSH environment, on first login,

-
    -

  • (Operation) A user-publishing/refresh is initiated. (Expectation)

    -
      -

    • If this is the first time a user has published virtual applications (e.g., non-persistent), this will take the usual duration of a publishing/refresh.

      • -

    • First and subsequent logins will be impacted by pre-configuring of packages (add/refresh).

      -

      • -
    • -

  • (Operation) After the publishing/refresh, the UPM solution captures the user integrations. (Expectation) Depending on how the UPM solution is configured, this may occur as part of the logoff process. This will incur the same/similar overhead as persisting the user state

    • -
-

On subsequent logins:

-
    -

  • (Operation) UPM solution applies the user integrations to the system prior to publishing/refresh.

    • -

  • (Operation) Add/refresh must pre-configure all user targeted applications. (Expectation)

    -
      -

    • This may increase the time to application availability significantly (on the order of 10’s of seconds).

      • -

    • This will increase the publishing refresh time relative to the number and complexity* of virtual applications.

      -

      • -
    • -

  • (Operation) Publishing/refresh will process un-publish and publish operations for changes to user package entitlements.

    • -
- - - - ---- - - - - - - - - - - - - -
OutcomeOutcome

-
    -

  • Because the user integrations are entirely preserved, there will be no work for example, integration for the publishing/refresh to complete. All virtual applications will be available within seconds of login.

    • -

  • The publishing/refresh will process changes to the users entitled virtual applications which impacts the experience.

    • -

Because the add/refresh must re-configure all the virtual applications to the VM, the publishing refresh time on every login will be extended.

- - - -### Impact to Package Life Cycle - -Upgrading a package is a crucial aspect of the package lifecycle. To help guarantee users have access to the appropriate upgraded (published) or downgraded (un-published) virtual application packages, it is recommended you update the base image to reflect these changes. To understand why review the following section: - -App-V 5.0 SP2 introduced the concept of pending states. In the past, - -- If an administrator changed entitlements or created a new version of a package (upgraded) and during a publishing/refresh that package was in-use, the un-publish or publish operation, respectively, would fail. - -- Now, if a package is in-use the operation will be pended. The un-publish and publish-pend operations will be processed on service restart or if another publish or un-publish command is issued. In the latter case, if the virtual application is in-use otherwise, the virtual application will remain in a pending state. For globally published packages, a restart (or service restart) often needed. - -In a non-persistent environment, it is unlikely these pended operations will be processed. The pended operations, for example tasks are captured under **HKEY\_CURRENT\_USER** \\ **Software** \\ **Microsoft** \\ **AppV** \\ **Client** \\ **PendingTasks**. Although this location is persisted by the UPM solution, if it is not applied to the environment prior to log on, it will not be processed. - -### Enhancing the VDI Experience through Performance Optimization Tuning - -The following section contains lists with information about Microsoft documentation and downloads that may be useful when optimizing your environment for performance. - -**.NET NGEN Blog and Script (Highly Recommended)** - -About NGEN technology - -- [How to speed up NGEN optimization](https://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx) - -- [Script](https://aka.ms/DrainNGenQueue) - -**Windows Server and Server Roles** - -Server Performance Tuning Guidelines for - -- [Microsoft Windows Server 2012 R2](https://msdn.microsoft.com/library/windows/hardware/dn529133.aspx) - -- [Microsoft Windows Server 2012](https://download.microsoft.com/download/0/0/B/00BE76AF-D340-4759-8ECD-C80BC53B6231/performance-tuning-guidelines-windows-server-2012.docx) - -- [Microsoft Windows Server 2008 R2](https://download.microsoft.com/download/6/B/2/6B2EBD3A-302E-4553-AC00-9885BBF31E21/Perf-tun-srv-R2.docx) - -**Server Roles** - -- [Remote Desktop Virtualization Host](https://msdn.microsoft.com/library/windows/hardware/dn567643.aspx) - -- [Remote Desktop Session Host](https://msdn.microsoft.com/library/windows/hardware/dn567648.aspx) - -- [IIS Relevance: App-V Management, Publishing, Reporting Web Services](https://msdn.microsoft.com/library/windows/hardware/dn567678.aspx) - -- [File Server (SMB) Relevance: If used for App-V Content Storage and Delivery in SCS Mode](https://technet.microsoft.com/library/jj134210.aspx) - -**Windows Client (Guest OS) Performance Tuning Guidance** - -- [Microsoft Windows 7](https://download.microsoft.com/download/E/5/7/E5783D68-160B-4366-8387-114FC3E45EB4/Performance Tuning Guidelines for Windows 7 Desktop Virtualization v1.9.docx) - -- [Optimization Script: (Provided by Microsoft Support)](https://blogs.technet.com/b/jeff_stokes/archive/2012/10/15/the-microsoft-premier-field-engineer-pfe-view-on-virtual-desktop-vdi-density.aspx) - -- [Microsoft Windows 8](https://download.microsoft.com/download/6/0/1/601D7797-A063-4FA7-A2E5-74519B57C2B4/Windows_8_VDI_Image_Client_Tuning_Guide.pdf) - -- [Optimization Script: (Provided by Microsoft Support)](https://blogs.technet.com/b/jeff_stokes/archive/2013/04/09/hot-off-the-presses-get-it-now-the-windows-8-vdi-optimization-script-courtesy-of-pfe.aspx) - -## Sequencing Steps to Optimize Packages for Publishing Performance - - -App-V 5.0 and App-V 5.0 SP2 provide significant value in their respective releases. Several features facilitate new scenarios or enabled new customer deployment scenarios. These following features can impact the performance of the publishing and launch operations. - - ------ - - - - - - - - - - - - - - - - -
StepConsiderationBenefitsTradeoffs

No Feature Block 1 (FB1, also known as Primary FB)

No FB1 means the application will launch immediately and stream fault (application requires file, DLL and must pull down over the network) during launch.If there are network limitations, FB1 will:

-
    -

  • Reduce the number of stream faults and network bandwidth used when you launch an application for the first time.

    • -

  • Delay launch until the entire FB1 has been streamed.

    • -

Stream faulting decreases the launch time.

Virtual application packages with FB1 configured will need to be re-sequenced.

- - - -### Removing FB1 - -Removing FB1 does not require the original application installer. After completing the following steps, it is suggested that you revert the computer running the sequencer to a clean snapshot. - -**Sequencer UI** - Create a New Virtual Application Package. - -1. Complete the sequencing steps up to Customize -> Streaming. - -2. At the Streaming step, do not select **Optimize the package for deployment over slow or unreliable network**. - -3. If desired, move on to **Target OS**. - -**Modify an Existing Virtual Application Package** - -1. Complete the sequencing steps up to Streaming. - -2. Do not select **Optimize the package for deployment over a slow or unreliable network**. - -3. Move to **Create Package**. - -**PowerShell** - Update an Existing Virtual Application Package. - -1. Open an elevated PowerShell session. - -2. Import-module **appvsequencer**. - -3. **Update-AppvSequencerPackage** - **AppvPackageFilePath** - - "C:\\Packages\\MyPackage.appv" -Installer - - "C:\\PackageInstall\\PackageUpgrade.exe empty.exe" -OutputPath - - "C:\\UpgradedPackages" - - **Note** - This cmdlet requires an executable (.exe) or batch file (.bat). You must provide an empty (does nothing) executable or batch file. - - - - ------ - - - - - - - - - - - - - - - - -
StepConsiderationsBenefitsTradeoffs

No SXS Install at Publish (Pre-Install SxS assemblies)

Virtual Application packages do not need to be re-sequenced. SxS Assemblies can remain in the virtual application package.

The SxS Assembly dependencies will not install at publishing time.

SxS Assembly dependencies must be pre-installed.

- - - -### Creating a new virtual application package on the sequencer - -If, during sequencer monitoring, an SxS Assembly (such as a VC++ Runtime) is installed as part of an application’s installation, SxS Assembly will be automatically detected and included in the package. The administrator will be notified and will have the option to exclude the SxS Assembly. - -**Client Side**: - -When publishing a virtual application package, the App-V 5.0 SP2 Client will detect if a required SxS dependency is already installed. If the dependency is unavailable on the computer and it is included in the package, a traditional Windows Installer (.**msi**) installation of the SxS assembly will be initiated. As previously documented, simply install the dependency on the computer running the client to ensure that the Windows Installer (.msi) installation will not occur. - - ------ - - - - - - - - - - - - - - - - -
StepConsiderationsBenefitsTradeoffs

Selectively Employ Dynamic Configuration files

The App-V 5.0 client must parse and process these Dynamic Configuration files.

-

Be conscious of size and complexity (script execution, VREG inclusions/exclusions) of the file.

-

Numerous virtual application packages may already have User- or computer–specific dynamic configurations files.

Publishing times will improve if these files are used selectively or not at all.

Virtual application packages would need to be reconfigured individually or via the App-V server management console to remove associated Dynamic Configuration files.

- - - -### Disabling a Dynamic Configuration using Powershell - -- For already published packages, you can use `Set-AppVClientPackage –Name Myapp –Path c:\Packages\Apps\MyApp.appv` without - - **-DynamicDeploymentConfiguration** parameter - -- Similarly, when adding new packages using `Add-AppVClientPackage –Path c:\Packages\Apps\MyApp.appv`, do not use the - - **-DynamicDeploymentConfiguration** parameter. - -For documentation on How to Apply a Dynamic Configuration, see: - -- [How to Apply the User Configuration File by Using PowerShell](how-to-apply-the-user-configuration-file-by-using-powershell.md) - -- [How to Apply the Deployment Configuration File by Using PowerShell](how-to-apply-the-deployment-configuration-file-by-using-powershell.md) - - ------ - - - - - - - - - - - - - - - - - - - - - - -
StepConsiderationsBenefitsTradeoffs

Account for Synchronous Script Execution during Package Lifecycle.

If script collateral is embedded in the package, Add (Powershell) may be significantly slower.

-

Running of scripts during virtual application launch (StartVirtualEnvironment, StartProcess) and/or Add+Publish will impact the perceived performance during one or more of these lifecycle operations.

Use of Asynchronous (Non-Blocking) Scripts will ensure that the lifecycle operations complete efficiently.

This step requires working knowledge of all virtual application packages with embedded script collateral, which have associated dynamic configurations files and which reference and run scripts synchronously.

Remove Extraneous Virtual Fonts from Package.

The majority of applications investigated by the App-V product team contained a small number of fonts, typically fewer than 20.

Virtual Fonts impact publishing refresh performance.

Desired fonts will need to be enabled/installed natively. For instructions, see Install or uninstall fonts.

- - - -### Determining what virtual fonts exist in the package - -- Make a copy of the package. - -- Rename Package\_copy.appv to Package\_copy.zip - -- Open AppxManifest.xml and locate the following: - - <appv:Extension Category="AppV.Fonts"> - - <appv:Fonts> - - <appv:Font Path="\[{Fonts}\]\\private\\CalibriL.ttf" DelayLoad="true"></appv:Font> - - **Note** - If there are fonts marked as **DelayLoad**, those will not impact first launch. - - - -~~~ -</appv:Fonts> -~~~ - -### Excluding virtual fonts from the package - -Use the dynamic configuration file that best suits the user scope – deployment configuration for all users on computer, user configuration for specific user or users. - -- Disable fonts with the deployment or user configuration. - -Fonts - ---> - -<Fonts Enabled="false" /> - -<!-- - -## App-V 5.0 Performance Guidance Terminology - - -The following terms are used when describing concepts and actions related to App-V 5.0 performance optimization. - -- **Complexity** – Refers to the one or more package characteristics that may impact performance during pre-configure (**Add-AppvClientPackage**) or integration (**Publish-AppvClientPackage**). Some example characteristics are: manifest size, number of virtual fonts, number of files. - -- **De-Integrate** – Removes the user integrations - -- **Re-Integrate** – Applies the user integrations. - -- **Non-Persistent, Pooled** – Creates a computer running a virtual environment each time they log in. - -- **Persistent, Personal** – A computer running a virtual environment that remains the same for every login. - -- **Stateful** - For this document, implies that user integrations are persisted between sessions and a user environment management technology is used in conjunction with non-persistent RDSH or VDI. - -- **Stateless** – Represents a scenario when no user state is persisted between sessions. - -- **Trigger** – (or Native Action Triggers). UPM uses these types of triggers to initiate monitoring or synchronization operations. - -- **User Experience** - In the context of App-V 5.0, the user experience, quantitatively, is the sum of the following parts: - - - From the point that users initiate a log-in to when they are able to manipulate the desktop. - - - From the point where the desktop can be interacted with to the point a publishing refresh begins (in PowerShell terms, sync) when using the App-V 5.0 full server infrastructure. In standalone instances, it is when the **Add-AppVClientPackage** and **Publish-AppVClientPackage Powershell** commands are initiated. - - - From start to completion of the publishing refresh. In standalone instances, this is the first to last virtual application published. - - - From the point where the virtual application is available to launch from a shortcut. Alternatively, it is from the point at which the file type association is registered and will launch a specified virtual application. - -- **User Profile Management** – The controlled and structured approach to managing user components associated with the environment. For example, user profiles, preference and policy management, application control and application deployment. You can use scripting or third-party solutions configure the environment as needed. - - - - - - -## Related topics - - -[Microsoft Application Virtualization 5.0 Administrator's Guide](microsoft-application-virtualization-50-administrators-guide.md) - - - - - - - - - diff --git a/mdop/appv-v5/performance-guidance-for-application-virtualization-51.md b/mdop/appv-v5/performance-guidance-for-application-virtualization-51.md deleted file mode 100644 index c6309edacb..0000000000 --- a/mdop/appv-v5/performance-guidance-for-application-virtualization-51.md +++ /dev/null @@ -1,768 +0,0 @@ ---- -title: Performance Guidance for Application Virtualization 5.1 -description: Performance Guidance for Application Virtualization 5.1 -author: dansimp -ms.assetid: 5f2643c7-5cf7-4a29-adb7-45bf9f5b0364 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Performance Guidance for Application Virtualization 5.1 - - -Learn how to configure App-V 5.1 for optimal performance, optimize virtual app packages, and provide a better user experience with RDS and VDI. - -Implementing multiple methods can help you improve the end-user experience. However, your environment may not support all methods. - -You should read and understand the following information before reading this document. - -- [Microsoft Application Virtualization 5.1 Administrator's Guide](microsoft-application-virtualization-51-administrators-guide.md) - -- [App-V 5 SP2 Application Publishing and Client Interaction](https://go.microsoft.com/fwlink/?LinkId=395206) - -- [Microsoft Application Virtualization Sequencing Guide](https://go.microsoft.com/fwlink/?LinkId=269953) - -**Note** -Some terms used in this document may have different meanings depending on external source and context. For more information about terms used in this document followed by an asterisk **\\*** review the [Application Virtualization Performance Guidance Terminology](#bkmk-terms1) section of this document. - - - -Finally, this document will provide you with the information to configure the computer running App-V 5.1 client and the environment for optimal performance. Optimize your virtual application packages for performance using the sequencer, and to understand how to use User Experience Virtualization (UE-V) or other user environment management technologies to provide the optimal user experience with App-V 5.1 in both Remote Desktop Services (RDS) and non-persistent virtual desktop infrastructure (VDI). - -To help determine what information is relevant to your environment you should review each section’s brief overview and applicability checklist. - -## App-V 5.1 in stateful\* non-persistent deployments - - -This section provides information about an approach that helps ensure a user will have access to all virtual applications within seconds after logging in. This is achieved by uniquely addressing the often long-running App-V 5.1 publishing refresh. As you will discover the basis of the approach, the fastest publishing refresh, is one that doesn’t have to actually do anything. A number of conditions must be met and steps followed to provide the optimal user experience. - -Use the information in the following section for more information: - -[Usage Scenarios](#bkmk-us) - As you review the two scenarios, keep in mind that these are the approach extremes. Based on your usage requirements, you may choose to apply these steps to a subset of users and/or virtual applications packages. - -- Optimized for Performance – To provide the optimal experience, you can expect the base image to include some of the App-V virtual application package. This and other requirements are discussed. - -- Optimized for Storage – If you are concerned with the storage impact, following this scenario will help address those concerns. - -[Preparing your Environment](#bkmk-pe) - -- Steps to Prepare the Base Image – Whether in a non-persistent VDI or RDSH environment, only a few steps must be completed in the base image to enable this approach. - -- Use UE-V 2.1 as the User Profile Management (UPM) solution for the App-V approach – the cornerstone of this approach is the ability of a UEM solution to persist the contents of just a few registry and file locations. These locations constitute the user integrations\*. Be sure to review the specific requirements for the UPM solution. - -[User Experience Walk-through](#bkmk-uewt) - -- Walk-through – This is a step-by-step walk-through of the App-V and UE-V operations and the expectations users should have. - -- Outcome – This describes the expected results. - -[Impact to Package Lifecycle](#bkmk-plc) - -[Enhancing the VDI Experience through Performance Optimization/Tuning](#bkmk-evdi) - -### Applicability Checklist - -Deployment Environment - - ---- - - - - - - - - - - -
Checklist box

Non-Persistent VDI or RDSH.

Checklist box

User Experience Virtualization (UE-V), other UPM solutions or User Profile Disks (UPD).

- - - -Expected Configuration - - ---- - - - - - - - - - - -
Checklist box

User Experience Virtualization (UE-V) with the App-V user state template enabled or User Profile Management (UPM) software. Non-UE-V UPM software must be capable of triggering on Login or Process/Application Start and Logoff.

Checklist box

App-V Shared Content Store (SCS) is configured or can be configured.

- - - -IT Administration - - ---- - - - - - - -
Checklist box

Admin may need to update the VM base image regularly to ensure optimal performance or Admin may need to manage multiple images for different user groups.

- - - -### Usage Scenario - -As you review the two scenarios, keep in mind that these approach the extremes. Based on your usage requirements, you may choose to apply these steps to a subset of users, virtual application packages, or both. - - ---- - - - - - - - - - - - - -
Optimized for PerformanceOptimized for Storage

To provide the most optimal user experience, this approach leverages the capabilities of a UPM solution and requires additional image preparation and can incur some additional image management overhead.

-

The following describes many performance improvements in stateful non-persistent deployments. For more information, see the Sequencing Steps to Optimize Packages for Publishing Performance and reference to App-V Sequencing Guide in the See Also section of this document.

The general expectations of the previous scenario still apply here. However, keep in mind that VM images are typically stored in very costly arrays; a slight alteration has been made to the approach. Do not pre-configure user-targeted virtual application packages in the base image.

-

The impact of this alteration is detailed in the User Experience Walkthrough section of this document.

- - - -### Preparing your Environment - -The following table displays the required steps to prepare the base image and the UE-V or another UPM solution for the approach. - -**Prepare the Base Image** - - ---- - - - - - - - - - - - - -
Optimized for PerformanceOptimized for Storage

-
    -

  • Install the App-V 5.1 client version of the client.

    • -

  • Install UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.

    • -

  • Configure for Shared Content Store (SCS) mode. For more information see How to Install the App-V 5.1 Client for Shared Content Store Mode.

    • -

  • Configure Preserve User Integrations on Login Registry DWORD.

    • -

  • Pre-configure all user- and global-targeted packages for example, Add-AppvClientPackage.

    • -

  • Pre-configure all user- and global-targeted connection groups for example, Add-AppvClientConnectionGroup.

    • -

  • Pre-publish all global-targeted packages.

    -

    -

    Alternatively,

    -
      -

    • Perform a global publishing/refresh.

      • -

    • Perform a user publishing/refresh.

      • -

    • Un-publish all user-targeted packages.

      • -

    • Delete the following user-Virtual File System (VFS) entries.

      • -
    -

    AppData\Local\Microsoft\AppV\Client\VFS

    -

    AppData\Roaming\Microsoft\AppV\Client\VFS

    • -

-
    -

  • Install the App-V 5.1 client version of the client.

    • -

  • Install UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.

    • -

  • Configure for Shared Content Store (SCS) mode. For more information see How to Install the App-V 5.1 Client for Shared Content Store Mode.

    • -

  • Configure Preserve User Integrations on Login Registry DWORD.

    • -

  • Pre-configure all global-targeted packages for example, Add-AppvClientPackage.

    • -

  • Pre-configure all global-targeted connection groups for example, Add-AppvClientConnectionGroup.

    • -

  • Pre-publish all global-targeted packages.

    -

    • -
- - - -**Configurations** - For critical App-V Client configurations and for a little more context and how-to, review the following information: - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
Configuration SettingWhat does this do?How should I use it?

Shared Content Store (SCS) Mode

-
    -

  • Configurable in PowerShell using Set- AppvClientConfigurationSharedContentStoreMode, or

    • -

  • During installation of the App-V client.

    • -

When running the shared content store only publishing data is maintained on hard disk; other virtual application assets are maintained in memory (RAM).

-

This helps to conserve local storage and minimize disk I/O per second (IOPS).

This is recommended when low-latency connections are available between the App-V Client endpoint and the SCS content server, SAN.

PreserveUserIntegrationsOnLogin

-
    -

  • Configure in the Registry under HKEY_LOCAL_MACHINE \ Software \ Microsoft \ AppV \ Client \ Integration.

    • -

  • Create the DWORD value PreserveUserIntegrationsOnLogin with a value of 1.

    • -

  • Restart the App-V client service or restart the computer running the App-V Client.

    • -

If you have not pre-configured (Add-AppvClientPackage) a specific package and this setting is not configured, the App-V Client will de-integrate* the persisted user integrations, then re-integrate*.

-

For every package that meets the above conditions, effectively twice the work will be done during publishing/refresh.

If you don’t plan to pre-configure every available user package in the base image, use this setting.

MaxConcurrentPublishingRefresh

-
    -

  • Configure in the Registry under HKEY_LOCAL_MACHINE <strong>Software \ Microsoft \ AppV <strong>Client \ Publishing.

    • -

  • Create the DWORD value MaxConcurrentPublishingrefresh with the desired maximum number of concurrent publishing refreshes.

    • -

  • The App-V client service and computer do not need to be restarted.

    • -

This setting determines the number of users that can perform a publishing refresh/sync at the same time. The default setting is no limit.

Limiting the number of concurrent publishing refreshes prevents excessive CPU usage that could impact computer performance. This limit is recommended in an RDS environment, where multiple users can log in to the same computer at the same time and perform a publishing refresh sync.

-

If the concurrent publishing refresh threshold is reached, the time required to publish new applications and make them available to end users after they log in could take an indeterminate amount of time.

- - - -### Configure UE-V solution for App-V Approach - -We recommend using Microsoft User Experience Virtualization (UE-V) to capture and centralize application settings and Windows operating system settings for a specific user. These settings are then applied to the different computers that are accessed by the user, including desktop computers, laptop computers, and virtual desktop infrastructure (VDI) sessions. UE-V is optimized for RDS and VDI scenarios. - -For more information see [Getting Started With User Experience Virtualization 2.0](https://technet.microsoft.com/library/dn458926.aspx) - -In essence all that is required is to install the UE-V client and download the following Microsoft authored App-V settings template from the [Microsoft User Experience Virtualization (UE-V) template gallery](https://gallery.technet.microsoft.com/Authored-UE-V-Settings-bb442a33). Register the template. For more information around UE-V templates see [The UE-V specific resource for acquiring and registering the template](https://technet.microsoft.com/library/dn458926.aspx). - -**Note** -Without performing an additional configuration step, the Microsoft User Environment Virtualization (UE-V) will not be able to synchronize the Start menu shortcuts (.lnk files) on the target computer. The .lnk file type is excluded by default. - -UE-V will only support removing the .lnk file type from the exclusion list in the RDS and VDI scenarios, where every user’s device will have the same set of applications installed to the same location and every .lnk file is valid for all the users’ devices. For example, UE-V would not currently support the following 2 scenarios, because the net result will be that the shortcut will be valid on one but not all devices. - -- If a user has an application installed on one device with .lnk files enabled and the same native application installed on another device to a different installation root with .lnk files enabled. - -- If a user has an application installed on one device but not another with .lnk files enabled. - - - -**Important** -This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk. - - - -Using the Microsoft Registry Editor (regedit.exe), navigate to **HKEY\_LOCAL\_MACHINE** \\ **Software** \\ **Microsoft** \\ **UEV** \\ **Agent** \\ **Configuration** \\ **ExcludedFileTypes** and remove **.lnk** from the excluded file types. - -**Configure other User Profile Management (UPM) solution for App-V Approach** - -The expectation in a stateful environment is that a UPM solution is implemented and can support persistence of user data across sessions and between logins. - -The requirements for the UPM solution are as follows. - -To enable an optimized login experience, for example the App-V 5.1 approach for the user, the solution must be capable of: - -- Persisting the below user integrations as part of the user profile/persona. - -- Triggering a user profile sync on login (or application start), which can guarantee that all user integrations are applied before publishing/refresh begin, or, - -- Attaching and detaching a user profile disk (UPD) or similar technology that contains the user integrations. - - **Note** - App-V is supported when using UPD only when the entire profile is stored on the user profile disk. - - App-V packages are not supported when using UPD with selected folders stored in the user profile disk. The Copy on Write driver does not handle UPD selected folders. - - - -- Capturing changes to the locations, which constitute the user integrations, prior to session logoff. - -With App-V 5.1 when you add a publishing server (**Add-AppvPublishingServer**) you can configure synchronization, for example refresh during log on and/or after a specified refresh interval. In both cases a scheduled task is created. - -In previous versions of App-V 5.1, both scheduled tasks were configured using a VBScript that would initiate the user and global refresh. With Hotfix Package 4 for Application Virtualization 5.0 SP2 the user refresh on log on was initiated by **SyncAppvPublishingServer.exe**. This change was introduced to provide UPM solutions a trigger process. This process delays the publish /refresh to allow the UPM solution to apply the user integrations. It will exit once the publishing/refresh is complete. - -**User Integrations** - -Registry – HKEY\_CURRENT\_USER - -- Path - Software\\Classes - - Exclude: Local Settings, ActivatableClasses, AppX\* - -- Path - Software\\Microsoft\\AppV - -- Path- Software\\Microsoft\\Windows\\CurrentVersion\\App Paths - -**File Locations** - -- Root – “Environment Variable” APPDATA - - Path – Microsoft\\AppV\\Client\\Catalog - -- Root – “Environment Variable” APPDATA - - Path – Microsoft\\AppV\\Client\\Integration - -- Root – “Environment Variable” APPDATA - - Path - Microsoft\\Windows\\Start Menu\\Programs - -- (To persist all desktop shortcuts, virtual and non-virtual) - - Root - “KnownFolder” {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}FileMask - \*.lnk - -**Microsoft User Experience Virtualization (UE-V)** - -Additionally, we recommend using Microsoft User Experience Virtualization (UE-V) to capture and centralize application settings and Windows operating system settings for a specific user. These settings are then applied to the different computers that are accessed by the user, including desktop computers, laptop computers, and virtual desktop infrastructure (VDI) sessions. - -For more information see [Getting Started With User Experience Virtualization 1.0](https://technet.microsoft.com/library/jj680015.aspx) and [Sharing Settings Location Templates with the UE-V Template Gallery](https://technet.microsoft.com/library/jj679972.aspx). - -### User Experience Walk-through - -This following is a step-by-step walk-through of the App-V and UPM operations and the expectations users should expect. - - ---- - - - - - - - - - - - - -
Optimized for PerformanceOptimized for Storage

After implementing this approach in the VDI/RDSH environment, on first login,

-
    -

  • (Operation) A user-publishing/refresh is initiated. (Expectation) If this is the first time a user has published virtual applications (e.g. non-persistent), this will take the usual duration of a publishing/refresh.

    • -

  • (Operation) After the publishing/refresh, the UPM solution captures the user integrations. (Expectation) Depending on how the UPM solution is configured, this may occur as part of the logoff process. This will incur the same/similar overhead as persisting the user state.

    • -
-

On subsequent logins:

-
    -

  • (Operation) UPM solution applies the user integrations to the system prior to publishing/refresh.

    -

    (Expectation) There will be shortcuts present on the desktop, or in the start menu, which work immediately. When the publishing/refresh completes (i.e., package entitlements change), some may go away.

    • -

  • (Operation) Publishing/refresh will process un-publish and publish operations for changes in user package entitlements. (Expectation) If there are no entitlement changes, publishing1 will complete in seconds. Otherwise, the publishing/refresh will increase relative to the number and complexity* of virtual applications

    • -

  • (Operation) UPM solution will capture user integrations again at logoff. (Expectation) Same as previous.

    • -
-

¹ The publishing operation (Publish-AppVClientPackage) adds entries to the user catalog, maps entitlement to the user, identifies the local store, and finishes by completing any integration steps.

After implementing this approach in the VDI/RDSH environment, on first login,

-
    -

  • (Operation) A user-publishing/refresh is initiated. (Expectation)

    -
      -

    • If this is the first time a user has published virtual applications (e.g., non-persistent), this will take the usual duration of a publishing/refresh.

      • -

    • First and subsequent logins will be impacted by pre-configuring of packages (add/refresh).

      -

      • -
    • -

  • (Operation) After the publishing/refresh, the UPM solution captures the user integrations. (Expectation) Depending on how the UPM solution is configured, this may occur as part of the logoff process. This will incur the same/similar overhead as persisting the user state

    • -
-

On subsequent logins:

-
    -

  • (Operation) UPM solution applies the user integrations to the system prior to publishing/refresh.

    • -

  • (Operation) Add/refresh must pre-configure all user targeted applications. (Expectation)

    -
      -

    • This may increase the time to application availability significantly (on the order of 10’s of seconds).

      • -

    • This will increase the publishing refresh time relative to the number and complexity* of virtual applications.

      -

      • -
    • -

  • (Operation) Publishing/refresh will process un-publish and publish operations for changes to user package entitlements.

    • -
- - - - ---- - - - - - - - - - - - - -
OutcomeOutcome

-
    -

  • Because the user integrations are entirely preserved, there will be no work for example, integration for the publishing/refresh to complete. All virtual applications will be available within seconds of login.

    • -

  • The publishing/refresh will process changes to the users entitled virtual applications which impacts the experience.

    • -

Because the add/refresh must re-configure all the virtual applications to the VM, the publishing refresh time on every login will be extended.

- - - -### Impact to Package Life Cycle - -Upgrading a package is a crucial aspect of the package lifecycle. To help guarantee users have access to the appropriate upgraded (published) or downgraded (un-published) virtual application packages, it is recommended you update the base image to reflect these changes. To understand why review the following section: - -App-V 5.0 SP2 introduced the concept of pending states. In the past, - -- If an administrator changed entitlements or created a new version of a package (upgraded) and during a publishing/refresh that package was in-use, the un-publish or publish operation, respectively, would fail. - -- Now, if a package is in-use the operation will be pended. The un-publish and publish-pend operations will be processed on service restart or if another publish or un-publish command is issued. In the latter case, if the virtual application is in-use otherwise, the virtual application will remain in a pending state. For globally published packages, a restart (or service restart) often needed. - -In a non-persistent environment, it is unlikely these pended operations will be processed. The pended operations, for example tasks are captured under **HKEY\_CURRENT\_USER** \\ **Software** \\ **Microsoft** \\ **AppV** \\ **Client** \\ **PendingTasks**. Although this location is persisted by the UPM solution, if it is not applied to the environment prior to log on, it will not be processed. - -### Enhancing the VDI Experience through Performance Optimization Tuning - -The following section contains lists with information about Microsoft documentation and downloads that may be useful when optimizing your environment for performance. - -**.NET NGEN Blog and Script (Highly Recommended)** - -About NGEN technology - -- [How to speed up NGEN optimization](https://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx) - -- [Script](https://aka.ms/DrainNGenQueue) - -**Windows Server and Server Roles** - -Server Performance Tuning Guidelines for - -- [Microsoft Windows Server 2012 R2](https://msdn.microsoft.com/library/windows/hardware/dn529133.aspx) - -- [Microsoft Windows Server 2012](https://download.microsoft.com/download/0/0/B/00BE76AF-D340-4759-8ECD-C80BC53B6231/performance-tuning-guidelines-windows-server-2012.docx) - -- [Microsoft Windows Server 2008 R2](https://download.microsoft.com/download/6/B/2/6B2EBD3A-302E-4553-AC00-9885BBF31E21/Perf-tun-srv-R2.docx) - -**Server Roles** - -- [Remote Desktop Virtualization Host](https://msdn.microsoft.com/library/windows/hardware/dn567643.aspx) - -- [Remote Desktop Session Host](https://msdn.microsoft.com/library/windows/hardware/dn567648.aspx) - -- [IIS Relevance: App-V Management, Publishing, Reporting Web Services](https://msdn.microsoft.com/library/windows/hardware/dn567678.aspx) - -- [File Server (SMB) Relevance: If used for App-V Content Storage and Delivery in SCS Mode](https://technet.microsoft.com/library/jj134210.aspx) - -**Windows Client (Guest OS) Performance Tuning Guidance** - -- [Microsoft Windows 7](https://download.microsoft.com/download/E/5/7/E5783D68-160B-4366-8387-114FC3E45EB4/Performance Tuning Guidelines for Windows 7 Desktop Virtualization v1.9.docx) - -- [Optimization Script: (Provided by Microsoft Support)](https://blogs.technet.com/b/jeff_stokes/archive/2012/10/15/the-microsoft-premier-field-engineer-pfe-view-on-virtual-desktop-vdi-density.aspx) - -- [Microsoft Windows 8](https://download.microsoft.com/download/6/0/1/601D7797-A063-4FA7-A2E5-74519B57C2B4/Windows_8_VDI_Image_Client_Tuning_Guide.pdf) - -- [Optimization Script: (Provided by Microsoft Support)](https://blogs.technet.com/b/jeff_stokes/archive/2013/04/09/hot-off-the-presses-get-it-now-the-windows-8-vdi-optimization-script-courtesy-of-pfe.aspx) - -## Sequencing Steps to Optimize Packages for Publishing Performance - - -Several App-V features facilitate new scenarios or enable new customer deployment scenarios. These following features can impact the performance of the publishing and launch operations. - - ------ - - - - - - - - - - - - - - - - -
StepConsiderationBenefitsTradeoffs

No Feature Block 1 (FB1, also known as Primary FB)

No FB1 means the application will launch immediately and stream fault (application requires file, DLL and must pull down over the network) during launch.If there are network limitations, FB1 will:

-
    -

  • Reduce the number of stream faults and network bandwidth used when you launch an application for the first time.

    • -

  • Delay launch until the entire FB1 has been streamed.

    • -

Stream faulting decreases the launch time.

Virtual application packages with FB1 configured will need to be re-sequenced.

- - - -### Removing FB1 - -Removing FB1 does not require the original application installer. After completing the following steps, it is suggested that you revert the computer running the sequencer to a clean snapshot. - -**Sequencer UI** - Create a New Virtual Application Package. - -1. Complete the sequencing steps up to Customize -> Streaming. - -2. At the Streaming step, do not select **Optimize the package for deployment over slow or unreliable network**. - -3. If desired, move on to **Target OS**. - -**Modify an Existing Virtual Application Package** - -1. Complete the sequencing steps up to Streaming. - -2. Do not select **Optimize the package for deployment over a slow or unreliable network**. - -3. Move to **Create Package**. - -**PowerShell** - Update an Existing Virtual Application Package. - -1. Open an elevated PowerShell session. - -2. Import-module **appvsequencer**. - -3. **Update-AppvSequencerPackage** - **AppvPackageFilePath** - - "C:\\Packages\\MyPackage.appv" -Installer - - "C:\\PackageInstall\\PackageUpgrade.exe empty.exe" -OutputPath - - "C:\\UpgradedPackages" - - **Note** - This cmdlet requires an executable (.exe) or batch file (.bat). You must provide an empty (does nothing) executable or batch file. - - - - ------ - - - - - - - - - - - - - - - - -
StepConsiderationsBenefitsTradeoffs

No SXS Install at Publish (Pre-Install SxS assemblies)

Virtual Application packages do not need to be re-sequenced. SxS Assemblies can remain in the virtual application package.

The SxS Assembly dependencies will not install at publishing time.

SxS Assembly dependencies must be pre-installed.

- - - -### Creating a new virtual application package on the sequencer - -If, during sequencer monitoring, an SxS Assembly (such as a VC++ Runtime) is installed as part of an application’s installation, SxS Assembly will be automatically detected and included in the package. The administrator will be notified and will have the option to exclude the SxS Assembly. - -**Client Side**: - -When publishing a virtual application package, the App-V Client will detect if a required SxS dependency is already installed. If the dependency is unavailable on the computer and it is included in the package, a traditional Windows Installer (.**msi**) installation of the SxS assembly will be initiated. As previously documented, simply install the dependency on the computer running the client to ensure that the Windows Installer (.msi) installation will not occur. - - ------ - - - - - - - - - - - - - - - - -
StepConsiderationsBenefitsTradeoffs

Selectively Employ Dynamic Configuration files

The App-V 5.1 client must parse and process these Dynamic Configuration files.

-

Be conscious of size and complexity (script execution, VREG inclusions/exclusions) of the file.

-

Numerous virtual application packages may already have User- or computer–specific dynamic configurations files.

Publishing times will improve if these files are used selectively or not at all.

Virtual application packages would need to be reconfigured individually or via the App-V server management console to remove associated Dynamic Configuration files.

- - - -### Disabling a Dynamic Configuration using Powershell - -- For already published packages, you can use `Set-AppVClientPackage –Name Myapp –Path c:\Packages\Apps\MyApp.appv` without - - **-DynamicDeploymentConfiguration** parameter - -- Similarly, when adding new packages using `Add-AppVClientPackage –Path c:\Packages\Apps\MyApp.appv`, do not use the - - **-DynamicDeploymentConfiguration** parameter. - -For documentation on How to Apply a Dynamic Configuration, see: - -- [How to Apply the User Configuration File by Using PowerShell](how-to-apply-the-user-configuration-file-by-using-powershell51.md) - -- [How to Apply the Deployment Configuration File by Using PowerShell](how-to-apply-the-deployment-configuration-file-by-using-powershell51.md) - - ------ - - - - - - - - - - - - - - - - - - - - - - -
StepConsiderationsBenefitsTradeoffs

Account for Synchronous Script Execution during Package Lifecycle.

If script collateral is embedded in the package, Add (Powershell) may be significantly slower.

-

Running of scripts during virtual application launch (StartVirtualEnvironment, StartProcess) and/or Add+Publish will impact the perceived performance during one or more of these lifecycle operations.

Use of Asynchronous (Non-Blocking) Scripts will ensure that the lifecycle operations complete efficiently.

This step requires working knowledge of all virtual application packages with embedded script collateral, which have associated dynamic configurations files and which reference and run scripts synchronously.

Remove Extraneous Virtual Fonts from Package.

The majority of applications investigated by the App-V product team contained a small number of fonts, typically fewer than 20.

Virtual Fonts impact publishing refresh performance.

Desired fonts will need to be enabled/installed natively. For instructions, see Install or uninstall fonts.

- - - -### Determining what virtual fonts exist in the package - -- Make a copy of the package. - -- Rename Package\_copy.appv to Package\_copy.zip - -- Open AppxManifest.xml and locate the following: - - <appv:Extension Category="AppV.Fonts"> - - <appv:Fonts> - - <appv:Font Path="\[{Fonts}\]\\private\\CalibriL.ttf" DelayLoad="true"></appv:Font> - - **Note** - If there are fonts marked as **DelayLoad**, those will not impact first launch. - - - -~~~ -</appv:Fonts> -~~~ - -### Excluding virtual fonts from the package - -Use the dynamic configuration file that best suits the user scope – deployment configuration for all users on computer, user configuration for specific user or users. - -- Disable fonts with the deployment or user configuration. - -Fonts - ---> - -<Fonts Enabled="false" /> - -<!-- - -## App-V 5.1 Performance Guidance Terminology - - -The following terms are used when describing concepts and actions related to App-V 5.1 performance optimization. - -- **Complexity** – Refers to the one or more package characteristics that may impact performance during pre-configure (**Add-AppvClientPackage**) or integration (**Publish-AppvClientPackage**). Some example characteristics are: manifest size, number of virtual fonts, number of files. - -- **De-Integrate** – Removes the user integrations - -- **Re-Integrate** – Applies the user integrations. - -- **Non-Persistent, Pooled** – Creates a computer running a virtual environment each time they log in. - -- **Persistent, Personal** – A computer running a virtual environment that remains the same for every login. - -- **Stateful** - For this document, implies that user integrations are persisted between sessions and a user environment management technology is used in conjunction with non-persistent RDSH or VDI. - -- **Stateless** – Represents a scenario when no user state is persisted between sessions. - -- **Trigger** – (or Native Action Triggers). UPM uses these types of triggers to initiate monitoring or synchronization operations. - -- **User Experience** - In the context of App-V 5.1, the user experience, quantitatively, is the sum of the following parts: - - - From the point that users initiate a log-in to when they are able to manipulate the desktop. - - - From the point where the desktop can be interacted with to the point a publishing refresh begins (in PowerShell terms, sync) when using the App-V 5.1 full server infrastructure. In standalone instances, it is when the **Add-AppVClientPackage** and **Publish-AppVClientPackage Powershell** commands are initiated. - - - From start to completion of the publishing refresh. In standalone instances, this is the first to last virtual application published. - - - From the point where the virtual application is available to launch from a shortcut. Alternatively, it is from the point at which the file type association is registered and will launch a specified virtual application. - -- **User Profile Management** – The controlled and structured approach to managing user components associated with the environment. For example, user profiles, preference and policy management, application control and application deployment. You can use scripting or third-party solutions configure the environment as needed. - - - - - - -## Related topics - - -[Microsoft Application Virtualization 5.1 Administrator's Guide](microsoft-application-virtualization-51-administrators-guide.md) - - - - - - - - - diff --git a/mdop/appv-v5/planning-for-app-v-50-rc.md b/mdop/appv-v5/planning-for-app-v-50-rc.md deleted file mode 100644 index 1d4bd7a75c..0000000000 --- a/mdop/appv-v5/planning-for-app-v-50-rc.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Planning for App-V 5.0 -description: Planning for App-V 5.0 -author: dansimp -ms.assetid: 69df85b3-06c7-4123-af05-29d537a687ec -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning for App-V 5.0 - - -Use this information to plan how to deploy Microsoft Application Virtualization (App-V) 5.0 so that it does not disrupt your users or the network. - -## Planning information - - -- [Preparing Your Environment for App-V 5.0](preparing-your-environment-for-app-v-50.md) - - This section describes the computing environment requirements and installation prerequisites that should be planned for before beginning App-V 5.0 setup. - -- [Planning to Deploy App-V](planning-to-deploy-app-v.md) - - This section describes the minimum hardware and software requirements necessary for App-V 5.0 client, sequencer and server feature installations. Additionally, associated feature planning information is also displayed. - -- [App-V 5.0 Planning Checklist](app-v-50-planning-checklist.md) - - Planning checklist that can be used to assist in App-V 5.0 deployment planning. - - - - - - -## Other resources for App-V 5.0 Planning - - -- [Microsoft Application Virtualization 5.0 Administrator's Guide](microsoft-application-virtualization-50-administrators-guide.md) - -- [Getting Started with App-V 5.0](getting-started-with-app-v-50--rtm.md) - -- [Deploying App-V 5.0](deploying-app-v-50.md) - -- [Operations for App-V 5.0](operations-for-app-v-50.md) - -- [Troubleshooting App-V 5.0](troubleshooting-app-v-50.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/planning-for-app-v-51.md b/mdop/appv-v5/planning-for-app-v-51.md deleted file mode 100644 index 302d550ef0..0000000000 --- a/mdop/appv-v5/planning-for-app-v-51.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: Planning for App-V 5.1 -description: Planning for App-V 5.1 -author: dansimp -ms.assetid: 8d84e679-0bd3-4864-976b-a3cbe6eafba6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning for App-V 5.1 - - -Use this information to plan how to deploy Microsoft Application Virtualization (App-V) 5.1 so that it does not disrupt your users or the network. - -## Planning information - - -- [Preparing Your Environment for App-V 5.1](preparing-your-environment-for-app-v-51.md) - - This section describes the computing environment requirements and installation prerequisites that should be planned for before beginning App-V 5.1 setup. - -- [Planning to Deploy App-V](planning-to-deploy-app-v51.md) - - This section describes the minimum hardware and software requirements necessary for App-V 5.1 client, sequencer and server feature installations. Additionally, associated feature planning information is also displayed. - -- [App-V 5.1 Planning Checklist](app-v-51-planning-checklist.md) - - Planning checklist that can be used to assist in App-V 5.1 deployment planning. - - - - - - -## Other resources for App-V 5.1 Planning - - -- [Microsoft Application Virtualization 5.1 Administrator's Guide](microsoft-application-virtualization-51-administrators-guide.md) - -- [Getting Started with App-V 5.1](getting-started-with-app-v-51.md) - -- [Deploying App-V 5.1](deploying-app-v-51.md) - -- [Operations for App-V 5.1](operations-for-app-v-51.md) - -- [Troubleshooting App-V 5.1](troubleshooting-app-v-51.md) - -- [Technical Reference for App-V 5.1](technical-reference-for-app-v-51.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/planning-for-high-availability-with-app-v-50.md b/mdop/appv-v5/planning-for-high-availability-with-app-v-50.md deleted file mode 100644 index d23fc021f8..0000000000 --- a/mdop/appv-v5/planning-for-high-availability-with-app-v-50.md +++ /dev/null @@ -1,156 +0,0 @@ ---- -title: Planning for High Availability with App-V 5.0 -description: Planning for High Availability with App-V 5.0 -author: dansimp -ms.assetid: 6d9a6492-23f8-465c-82e5-49c863594156 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Planning for High Availability with App-V 5.0 - - -Microsoft Application Virtualization 5.0 (App-V 5.0) system configurations can take advantage of options that maintain a high level of available service. - -Use the information in the following sections to help you understand the options to deploy App-V 5.0 in a highly available configuration. - -- [Support for Microsoft SQL Server clustering](#bkmk-sqlcluster) - -- [Support for IIS Network Load Balancing](#bkmk-iisloadbal) - -- [Support for clustered file servers when running (SCS) mode](#bkmk-clusterscsmode) - -- [Support for Microsoft SQL Server Mirroring](#bkmk-sqlmirroring) - -- [Support for Microsoft SQL Server Always On](#bkmk-sqlalwayson) - -## Support for Microsoft SQL Server clustering - - -You can run the App-V Management database and Reporting database on computers that are running Microsoft SQL Server clusters. However, you must install the databases using scripts. - -For instructions, see [How to Deploy the App-V Databases by Using SQL Scripts](how-to-deploy-the-app-v-databases-by-using-sql-scripts.md). - -## Support for IIS Network Load Balancing - - -You can use Internet Information Services (IIS) Network Load Balancing to configure a highly available environment for computers running the App-V 5.x Management, Publishing, and Reporting services which are deployed through IIS. - -Review the following for more information about configuring IIS and Network Load Balancing for computers running Windows Server operating systems: - -- Provides information about configuring Internet Information Services (IIS) 7.0. - - [Achieving High Availability and Scalability - ARR and NLB](https://go.microsoft.com/fwlink/?LinkId=316369) (https://go.microsoft.com/fwlink/?LinkId=316369) - -- Configuring Microsoft Windows Server - - [Network Load Balancing](https://go.microsoft.com/fwlink/?LinkId=316370) (https://go.microsoft.com/fwlink/?LinkId=316370). - - This information also applies to IIS Network Load Balancing (NLB) clusters in Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012. - - **Note**   - The IIS Network Load Balancing functionality in Windows Server 2012 is generally the same as in Windows Server 2008 R2. However, some task details are changed in Windows Server 2012. For information on new ways to do tasks, see [Common Management Tasks and Navigation in Windows Server 2012 R2 Preview and Windows Server 2012](https://go.microsoft.com/fwlink/?LinkId=316371) (https://go.microsoft.com/fwlink/?LinkId=316371). - - - -## Support for clustered file servers when running (SCS) mode - - -Running App-V 5.0 in Share Content Store (SCS) mode with clustered file servers is supported. - -The following steps can be used to enable this configuration: - -- Configure App-V 5.0 to run in client SCS mode. For more information about configuring App-V 5.0 SCS mode, see [How to Install the App-V 5.0 Client for Shared Content Store Mode](how-to-install-the-app-v-50-client-for-shared-content-store-mode.md). - -- Configure the file server cluster configured in both the Microsoft Server 2012 scale out mode and pre **2012** mode with a virtual SAN. - -The following steps can be used to validate the configuration: - -1. Add a package on the publishing server. For more information about adding a package, see [How to Add or Upgrade Packages by Using the Management Console](how-to-add-or-upgrade-packages-by-using-the-management-console-beta-gb18030.md). - -2. Perform a publishing refresh on the computer running the App-V 5.0 client and open an application. - -3. Switch cluster nodes mid-publishing refresh and mid-streaming to ensure fail-over works correctly. - -Review the following for more information about configuring Windows Server Failover clusters: - -- [Checklist: Create a Clustered File Server](https://go.microsoft.com/fwlink/?LinkId=316372) (https://go.microsoft.com/fwlink/?LinkId=316372). - -- [Use Cluster Shared Volumes in a Windows Server 2012 Failover Cluster](https://go.microsoft.com/fwlink/?LinkId=316373) (https://go.microsoft.com/fwlink/?LinkId=316373). - -## Support for Microsoft SQL Server Mirroring - - -Using Microsoft SQL Server mirroring, where the App-V 5.0 management server database is mirrored utilizing two SQL Server instances, for App-V 5.0 management server databases is supported. - -Review the following for more information about configuring Microsoft SQL Server Mirroring: - -- [How to: Prepare a Mirror Database for Mirroring (Transact-SQL)](https://go.microsoft.com/fwlink/?LinkId=316375) (https://go.microsoft.com/fwlink/?LinkId=316375) - -- [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](https://go.microsoft.com/fwlink/?LinkId=316377) (https://go.microsoft.com/fwlink/?LinkId=316377) - -The following steps can be used to validate the configuration: - -1. Initiate a Microsoft SQL Server Mirroring session. - -2. Select **Failover** to designate a new master Microsoft SQL Server instance. - -3. Verify that the App-V 5.0 management server continues to function as expected after the failover. - -The connection string on the management server can be modified to include **failover partner = <server2>**. This will only help when the primary on the mirror has failed over to the secondary and the computer running the App-V 5.0 client is doing a fresh connection (say after reboot). - -Use the following steps to modify the connection string to include **failover partner = <server2>**: - -**Important**   -This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk. - - - -1. Login to the management server and open **regedit**. - -2. Navigate to **HKEY\_LOCAL\_MACHINE** \\ **Software** \\ **Microsoft** \\ **AppV** \\ **Server** \\ **ManagementService**. - -3. Modify the **MANAGEMENT\_SQL\_CONNECTION\_STRING** value with the **failover partner = <server2>**. - -4. Restart management service using the IIS console. - - **Note**   - Database Mirroring is on the list of Deprecated Database Engine Features for Microsoft SQL Server 2012 due to the **AlwaysOn** feature available with Microsoft SQL Server 2012. - - - -Click any of the following links for more information: - -- [How to: Prepare a Mirror Database for Mirroring (Transact-SQL)](https://go.microsoft.com/fwlink/?LinkId=394235) (https://go.microsoft.com/fwlink/?LinkId=394235). - -- [How to: Configure a Database Mirroring Session (SQL Server Management Studio)](https://go.microsoft.com/fwlink/?LinkId=394236) (https://go.microsoft.com/fwlink/?LinkId=394236). - -- [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](https://go.microsoft.com/fwlink/?LinkId=394237) (https://go.microsoft.com/fwlink/?LinkId=394237). - -- [Deprecated Database Engine Features in SQL Server 2012](https://go.microsoft.com/fwlink/?LinkId=394238) (https://go.microsoft.com/fwlink/?LinkId=394238). - -## Support for Microsoft SQL Server Always On configuration - - -The App-V 5.0 management server database supports deployments to computers running Microsoft SQL Server with the **Always On** configuration. - -## Related topics - - -[Planning to Deploy App-V](planning-to-deploy-app-v.md) - - - - - - - - - diff --git a/mdop/appv-v5/planning-for-high-availability-with-app-v-51.md b/mdop/appv-v5/planning-for-high-availability-with-app-v-51.md deleted file mode 100644 index a0cfecee7c..0000000000 --- a/mdop/appv-v5/planning-for-high-availability-with-app-v-51.md +++ /dev/null @@ -1,161 +0,0 @@ ---- -title: Planning for High Availability with App-V 5.1 -description: Planning for High Availability with App-V 5.1 -author: dansimp -ms.assetid: 1f190a0e-10ee-4fbe-a602-7e807e943033 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Planning for High Availability with App-V 5.1 - - -Microsoft Application Virtualization (App-V) 5.1 system configurations can take advantage of options that maintain a high level of available service. - -Use the information in the following sections to help you understand the options to deploy App-V 5.1 in a highly available configuration. - -- [Support for Microsoft SQL Server clustering](#bkmk-sqlcluster) - -- [Support for IIS Network Load Balancing](#bkmk-iisloadbal) - -- [Support for clustered file servers when running (SCS) mode](#bkmk-clusterscsmode) - -- [Support for Microsoft SQL Server Mirroring](#bkmk-sqlmirroring) - -- [Support for Microsoft SQL Server Always On](#bkmk-sqlalwayson) - -## Support for Microsoft SQL Server clustering - - -You can run the App-V Management database and Reporting database on computers that are running Microsoft SQL Server clusters. However, you must install the databases using scripts. - -For instructions, see [How to Deploy the App-V Databases by Using SQL Scripts](how-to-deploy-the-app-v-databases-by-using-sql-scripts51.md). - -## Support for IIS Network Load Balancing - - -You can use Internet Information Services (IIS) Network Load Balancing to configure a highly available environment for computers running the App-V 5.x Management, Publishing, and Reporting services which are deployed through IIS. - -Review the following for more information about configuring IIS and Network Load Balancing for computers running Windows Server operating systems: - -- Provides information about configuring Internet Information Services (IIS) 7.0. - - [Achieving High Availability and Scalability - ARR and NLB](https://go.microsoft.com/fwlink/?LinkId=316369) (https://go.microsoft.com/fwlink/?LinkId=316369) - -- Configuring Microsoft Windows Server - - [Network Load Balancing](https://go.microsoft.com/fwlink/?LinkId=316370) (https://go.microsoft.com/fwlink/?LinkId=316370). - - This information also applies to IIS Network Load Balancing (NLB) clusters in Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012. - - **Note**   - The IIS Network Load Balancing functionality in Windows Server 2012 is generally the same as in Windows Server 2008 R2. However, some task details are changed in Windows Server 2012. For information on new ways to do tasks, see [Common Management Tasks and Navigation in Windows Server 2012 R2 Preview and Windows Server 2012](https://go.microsoft.com/fwlink/?LinkId=316371) (https://go.microsoft.com/fwlink/?LinkId=316371). - - - -## Support for clustered file servers when running (SCS) mode - - -Running App-V 5.1 in Share Content Store (SCS) mode with clustered file servers is supported. - -The following steps can be used to enable this configuration: - -- Configure App-V 5.1 to run in client SCS mode. For more information about configuring App-V 5.1 SCS mode, see [How to Install the App-V 5.1 Client for Shared Content Store Mode](how-to-install-the-app-v-51-client-for-shared-content-store-mode.md). - -- Configure the file server cluster configured in both the Microsoft Server 2012 scale out mode and pre **2012** mode with a virtual SAN. - -The following steps can be used to validate the configuration: - -1. Add a package on the publishing server. For more information about adding a package, see [How to Add or Upgrade Packages by Using the Management Console](how-to-add-or-upgrade-packages-by-using-the-management-console-51-gb18030.md). - -2. Perform a publishing refresh on the computer running the App-V 5.1 client and open an application. - -3. Switch cluster nodes mid-publishing refresh and mid-streaming to ensure fail-over works correctly. - -Review the following for more information about configuring Windows Server Failover clusters: - -- [Checklist: Create a Clustered File Server](https://go.microsoft.com/fwlink/?LinkId=316372) (https://go.microsoft.com/fwlink/?LinkId=316372). - -- [Use Cluster Shared Volumes in a Windows Server 2012 Failover Cluster](https://go.microsoft.com/fwlink/?LinkId=316373) (https://go.microsoft.com/fwlink/?LinkId=316373). - -## Support for Microsoft SQL Server Mirroring - - -Using Microsoft SQL Server mirroring, where the App-V 5.1 management server database is mirrored utilizing two SQL Server instances, for App-V 5.1 management server databases is supported. - -Review the following for more information about configuring Microsoft SQL Server Mirroring: - -- [How to: Prepare a Mirror Database for Mirroring (Transact-SQL)](https://go.microsoft.com/fwlink/?LinkId=316375) (https://go.microsoft.com/fwlink/?LinkId=316375) - -- [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](https://go.microsoft.com/fwlink/?LinkId=316377) (https://go.microsoft.com/fwlink/?LinkId=316377) - -The following steps can be used to validate the configuration: - -1. Initiate a Microsoft SQL Server Mirroring session. - -2. Select **Failover** to designate a new master Microsoft SQL Server instance. - -3. Verify that the App-V 5.1 management server continues to function as expected after the failover. - -The connection string on the management server can be modified to include **failover partner = <server2>**. This will only help when the primary on the mirror has failed over to the secondary and the computer running the App-V 5.1 client is doing a fresh connection (say after reboot). - -Use the following steps to modify the connection string to include **failover partner = <server2>**: - -**Important**   -This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk. - - - -1. Login to the management server and open **regedit**. - -2. Navigate to **HKEY\_LOCAL\_MACHINE** \\ **Software** \\ **Microsoft** \\ **AppV** \\ **Server** \\ **ManagementService**. - -3. Modify the **MANAGEMENT\_SQL\_CONNECTION\_STRING** value with the **failover partner = <server2>**. - -4. Restart management service using the IIS console. - - **Note**   - Database Mirroring is on the list of Deprecated Database Engine Features for Microsoft SQL Server 2012 due to the **AlwaysOn** feature available with Microsoft SQL Server 2012. - - - -Click any of the following links for more information: - -- [How to: Prepare a Mirror Database for Mirroring (Transact-SQL)](https://go.microsoft.com/fwlink/?LinkId=394235) (https://go.microsoft.com/fwlink/?LinkId=394235). - -- [How to: Configure a Database Mirroring Session (SQL Server Management Studio)](https://go.microsoft.com/fwlink/?LinkId=394236) (https://go.microsoft.com/fwlink/?LinkId=394236). - -- [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](https://go.microsoft.com/fwlink/?LinkId=394237) (https://go.microsoft.com/fwlink/?LinkId=394237). - -- [Deprecated Database Engine Features in SQL Server 2012](https://go.microsoft.com/fwlink/?LinkId=394238) (https://go.microsoft.com/fwlink/?LinkId=394238). - -## Support for Microsoft SQL Server Always On configuration - - -The App-V 5.1 management server database supports deployments to computers running Microsoft SQL Server with the **Always On** configuration. - - - - - - -## Related topics - - -[Planning to Deploy App-V](planning-to-deploy-app-v51.md) - - - - - - - - - diff --git a/mdop/appv-v5/planning-for-migrating-from-a-previous-version-of-app-v.md b/mdop/appv-v5/planning-for-migrating-from-a-previous-version-of-app-v.md deleted file mode 100644 index b802e65076..0000000000 --- a/mdop/appv-v5/planning-for-migrating-from-a-previous-version-of-app-v.md +++ /dev/null @@ -1,145 +0,0 @@ ---- -title: Planning for Migrating from a Previous Version of App-V -description: Planning for Migrating from a Previous Version of App-V -author: dansimp -ms.assetid: d4ca8f09-86fd-456f-8ec2-242ff94ae9a0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/21/2016 ---- - - -# Planning for Migrating from a Previous Version of App-V - - -Use the following information to plan how to migrate to App-V 5.0 from previous versions of App-V. - -## Migration requirements - - -Before you start any upgrades, review the following requirements: - -- If you are upgrading from a version earlier than App-V 4.6 SP2, upgrade to version App-V 4.6 SP3 first before upgrading to App-V 5.0 or later. In this scenario, upgrade the App-V clients first, and then upgrade the server components. -**Note:** App-V 4.6 has exited Mainstream support. - -- App-V 5.0 supports only packages that are created using App-V 5.0, or packages that have been converted to the App-V 5.0 (**.appv**) format. - -- App-V 5.0 SP3 only: If you are upgrading the App-V Server from App-V 5.0 SP1, see [About App-V 5.0 SP3](about-app-v-50-sp3.md#bkmk-migrate-to-50sp3) for instructions. - -## Running the App-V 5.0 client concurrently with App-V 4.6 - - -You can run the App-V 5.0 client concurrently on the same computer with the App-V 4.6 SP3 client. - -When you run coexisting App-V clients, you can: - -- Convert an App-V 4.6 SP3 package to the App-V 5.0 format and publish both packages, when you have both clients running. - -- Define the migration policy for the converted package, which allows the converted App-V 5.0 package to assume the file type associations and shortcuts from the App-V 4.6 package. - -### Supported coexistence scenarios - -The following table shows the supported App-V coexistence scenarios. We recommend that you install the latest available updates of a given release when you are running coexisting clients. - - ---- - - - - - - - - - - - - - - - - -
App-V 4.6 client typeApp-V 5.0 client type

App-V 4.6 SP3

App-V 5.0

App-V 4.6 SP3 RDS

App-V 5.0 RDS

- - - -### Requirements for running coexisting clients - -To run coexisting clients, you must: - -- Install the App-V 4.6 client before you install the App-V 5.0 client. - -- Enable the **Enable Migration Mode** Group Policy setting, which is in the **App-V** > **Client Coexistence** node. To get the deploy the .admx template, see [How to Download and Deploy MDOP Group Policy (.admx) Templates](https://technet.microsoft.com/library/dn659707.aspx). - -### Client downloads and documentation - -The following table provides link to the TechNet documentation about the releases. The TechNet documentation about the App-V client applies to both clients, unless stated otherwise. - - ---- - - - - - - - - - - - - - - - - -
App-V versionLink to TechNet documentation

App-V 4.6 SP3

About Microsoft Application Virtualization 4.6 SP3

App-V 5.0 SP3

About Microsoft Application Virtualization 5.0 SP3

- - - -For more information about how to configure App-V 5.0 client coexistence, see: - -- [How to Deploy the App-V 4.6 and the App-V 5.0 Client on the Same Computer](how-to-deploy-the-app-v-46-and-the-app-v--50-client-on-the-same-computer.md) - -- [App-V 5.0 Coexistence and Migration](https://technet.microsoft.com/windows/jj835811.aspx) - -## Converting “previous-version” packages using the package converter - - -Before migrating a package, created using App-V 4.6 SP3 or earlier, to App-V 5.0, review the following requirements: - -- You must convert the package to the **.appv** file format. - -- The Package Converter supports only the direct conversion of packages that were created by using App-V 4.5 and later. To use the package converter on a package that was created using a previous version, you must use an App-V 4.5 or later version of the sequencer to upgrade the package, and then you can perform the package conversion. - -For more information about using the package converter to convert a package, see [How to Convert a Package Created in a Previous Version of App-V](how-to-convert-a-package-created-in-a-previous-version-of-app-v.md). After you convert the file, you can deploy it to target computers that run the App-V 5.0 client. - - - - - - -## Related topics - - -[Planning to Deploy App-V](planning-to-deploy-app-v.md) - - - - - - - - - diff --git a/mdop/appv-v5/planning-for-migrating-from-a-previous-version-of-app-v51.md b/mdop/appv-v5/planning-for-migrating-from-a-previous-version-of-app-v51.md deleted file mode 100644 index 583f61a259..0000000000 --- a/mdop/appv-v5/planning-for-migrating-from-a-previous-version-of-app-v51.md +++ /dev/null @@ -1,150 +0,0 @@ ---- -title: Planning for Migrating from a Previous Version of App-V -description: Planning for Migrating from a Previous Version of App-V -author: dansimp -ms.assetid: 4a058047-9674-41bc-8050-c58c97a80a9b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/21/2016 ---- - - -# Planning for Migrating from a Previous Version of App-V - - -Use the following information to plan how to migrate to Microsoft Application Virtualization (App-V) 5.1 from previous versions of App-V. - -## Migration requirements - - -Before you start any upgrades, review the following requirements: - -- If you are upgrading from a version earlier than App-V 4.6 SP2, upgrade to version App-V 4.6 SP3 first before upgrading to App-V 5.1 or later. In this scenario, upgrade the App-V clients first, and then upgrade the server components. -**Note:** App-V 4.6 has exited Mainstream support. - -- App-V 5.1 supports only packages that are created using App-V 5.0 or App-V 5.1, or packages that have been converted to the **.appv** format. - -- If you are upgrading the App-V Server from App-V 5.0 SP1, see [About App-V 5.1](about-app-v-51.md#bkmk-migrate-to-51) for instructions. - -## Running the App-V 5.1 client concurrently with App-V 4.6 - - -You can run the App-V 5.1 client concurrently on the same computer with the App-V 4.6 SP3 client. - -When you run coexisting App-V clients, you can: - -- Convert an App-V 4.6 SP3 package to the App-V 5.1 format and publish both packages, when you have both clients running. - -- Define the migration policy for the converted package, which allows the converted App-V 5.1 package to assume the file type associations and shortcuts from the App-V 4.6 package. - -### Supported coexistence scenarios - -The following table shows the supported App-V coexistence scenarios. We recommend that you install the latest available updates of a given release when you are running coexisting clients. - - ---- - - - - - - - - - - - - - - - - -
App-V 4.6 client typeApp-V 5.1 client type

App-V 4.6 SP3

App-V 5.1

App-V 4.6 SP3 RDS

App-V 5.1 RDS

- - - -### Requirements for running coexisting clients - -To run coexisting clients, you must: - -- Install the App-V 4.6 client before you install the App-V 5.1 client. - -- Enable the **Enable Migration Mode** Group Policy setting, which is in the **App-V** > **Client Coexistence** node. To deploy the .admx template, see [How to Download and Deploy MDOP Group Policy (.admx) Templates](https://technet.microsoft.com/library/dn659707.aspx). - -**Note**   -App-V 5.1 packages can run side by side with App-V 4.6 packages if you have coexisting installations of App-V 5.1 and 4.6. However, App-V 5.1 packages cannot interact with App-V 4.6 packages in the same virtual environment. - - - -### Client downloads and documentation - -The following table provides links to the App-V 4.6 client downloads and to the TechNet documentation about the releases. The downloads include the App-V “regular” and RDS clients. The TechNet documentation about the App-V client applies to both clients, unless stated otherwise. - - ---- - - - - - - - - - - - - - - - - -
App-V versionLink to TechNet documentation

App-V 4.6 SP3

About Microsoft Application Virtualization 4.6 SP3

App-V 4.6 SP3

About Microsoft Application Virtualization 5.1

- - - -For more information about how to configure App-V 5.1 client coexistence, see: - -- [How to Deploy the App-V 4.6 and the App-V 5.1 Client on the Same Computer](how-to-deploy-the-app-v-46-and-the-app-v--51-client-on-the-same-computer.md) - -- [App-V 5.0 Coexistence and Migration](https://technet.microsoft.com/windows/jj835811.aspx) - -## Converting “previous-version” packages using the package converter - - -Before migrating a package, created using App- 4.6 SP2 or earlier, to App-V 5.1, review the following requirements: - -- You must convert the package to the **.appv** file format. - -- The Package Converter supports only the direct conversion of packages that were created by using App-V 4.5 and later. To use the package converter on a package that was created using a previous version, you must use an App-V 4.5 or later version of the sequencer to upgrade the package, and then you can perform the package conversion. - -For more information about using the package converter to convert a package, see [How to Convert a Package Created in a Previous Version of App-V](how-to-convert-a-package-created-in-a-previous-version-of-app-v51.md). After you convert the file, you can deploy it to target computers that run the App-V 5.1 client. - - - - - - -## Related topics - - -[Planning to Deploy App-V](planning-to-deploy-app-v51.md) - - - - - - - - - diff --git a/mdop/appv-v5/planning-for-the-app-v-50-sequencer-and-client-deployment.md b/mdop/appv-v5/planning-for-the-app-v-50-sequencer-and-client-deployment.md deleted file mode 100644 index dda2baef42..0000000000 --- a/mdop/appv-v5/planning-for-the-app-v-50-sequencer-and-client-deployment.md +++ /dev/null @@ -1,107 +0,0 @@ ---- -title: Planning for the App-V 5.0 Sequencer and Client Deployment -description: Planning for the App-V 5.0 Sequencer and Client Deployment -author: dansimp -ms.assetid: 57a604ad-90e1-4d32-86bb-eafff59aa43a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/21/2016 ---- - - -# Planning for the App-V 5.0 Sequencer and Client Deployment - - -Before you can start to use Microsoft Application Virtualization (App-V) 5.0, you must install the App-V 5.0 sequencer, the App-V 5.0 client, and optionally the App-V 5.0 shared content store. The following sections address planning for these installations. - -## Planning for App-V 5.0 sequencer deployment - - -App-V 5.0 uses a process called sequencing to create virtualized applications and application packages. Sequencing requires the use of a computer that runs the App-V 5.0 sequencer. - -**Note**   -For information about the new functionality of App-V 5.0 sequencer, see the **Changes to the sequencer** section of [What's New in App-V 5.0](whats-new-in-app-v-50.md). - - - -The computer that runs the App-V 5.0 sequencer must meet the minimum system requirements. For a list of these requirements, see [App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md). - -Ideally, you should install the sequencer on a computer running as a virtual machine. This enables you to more easily revert the computer running the sequencer to a “clean” state before sequencing another application. When you install the sequencer using a virtual machine, you should perform the following steps: - -1. Install all associated sequencer prerequisites. - -2. Install the sequencer. - -3. Take a “snapshot” of the environment. - -**Important**   -You should have your corporate security team review and approve the sequencing process plan. For security reasons, you should keep the sequencer operations in a lab that is separate from the production environment. The separation arrangement can be as simple or as comprehensive as necessary, based on your business requirements. The sequencing computers must be able to connect to the corporate network to copy finished packages to the production servers. However, because the sequencing computers are typically operated without antivirus protection, they must not be on the corporate network unprotected. For example, you might be able to operate behind a firewall or on an isolated network segment. You might also be able to use virtual machines that are configured to share an isolated virtual network. Follow your corporate security policies to safely address these concerns. - - - -[How to Install the Sequencer](how-to-install-the-sequencer-beta-gb18030.md) - -## Planning for App-V 5.0 client deployment - - -To run virtualized packages on target computers, you must install the App-V 5.0 client on the target computers. The App-V 5.0 client is the component that runs a virtualized application on a target computer. The client enables users to interact with icons and specific file types to start virtualized applications. The client also helps obtain application content from the management server and caches the content before the client starts the application. There are two different client types: the client for Remote Desktop Services, which is used on Remote Desktop Session Host (RD Session Host) server systems and the App-V 5.0 client, which is used for all other computers. - -The App-V 5.0 client should be configured by using either the installer command line or by using a PowerShell script after the installation has been completed. - -The settings must be defined carefully in advance in order to expedite the deployment of the App-V 5.0 client software. This is especially important when you have computers in different offices where the clients must be configured to use different source locations. - -You must also determine how you will deploy the client software. Although it is possible to deploy the client manually on each computer, most organizations prefer to deploy the client through an automated process. A larger organization might have an operational Electronic Software Distribution (ESD) system, which is an ideal client deployment system. If no ESD system exists, you can use your organization’s standard method of installing software. Possible methods include Group Policy or various scripting techniques. Depending on the quantity and disparate locations of your client computers, this deployment process can be complex. You must use a structured approach to ensure that all computers get the client installed with the correct configuration. - -For a list of the client minimum requirements see [App-V 5.0 Prerequisites](app-v-50-prerequisites.md). - -[How to Deploy the App-V Client](how-to-deploy-the-app-v-client-gb18030.md) - -## Planning for App-V client coexistence - - -You can deploy the App-V 5.0 client side by side with the App-V 4.6 client. Client coexistence requires that you add or publish virtualized applications by using either a deployment configuration file or a user configuration file, because there are certain settings in these configuration files that must be configured in order for App-V 5.0 to function with App-V 4.6 clients. When a package is upgraded by using either the client or the server, the package must resubmit the configuration file. This is true for any package that has a corresponding configuration file, so it is not specific to client coexistence. However, if you do not submit the configuration file during the package upgrade, then the package state will not function as expected in coexistence scenarios. - -App-V 5.0 dynamic configuration files customize a package for a specific user. You must create the dynamic user configuration (.xml) file or the dynamic deployment configuration file before you can use them. To create the file it requires an advanced manual operation. - -When a dynamic user configuration file is used, none of the App-V 5.0 information for the extension in the manifest file is used. This means that the dynamic user configuration file must include everything for the extension that is specific to App-V 5.0 in the manifest file, as well as the changes that you want to make, such as, deletions and updates. For more information about how to create a custom configuration file, see [How to Create a Custom Configuration File by Using the App-V 5.0 Management Console](how-to-create-a-custom-configuration-file-by-using-the-app-v-50-management-console.md). - -[How to Deploy the App-V 4.6 and the App-V 5.0 Client on the Same Computer](how-to-deploy-the-app-v-46-and-the-app-v--50-client-on-the-same-computer.md) - -## Planning for the App-V 5.0 Shared Content Store (SCS) - - -The App-V 5.0 shared content store mode allows the computer running the App-V 5.0 client to run virtualized applications and none of the package contents is saved on the computer running the App-V 5.0 client. Virtual applications are streamed to target computers only when requested by the client. - -The following list displays some of the benefits of using the App-V 5.0 shared content store: - -- Reduced app-to-app and multi-user application conflicts and hence a reduced need for regression testing - -- Accelerated application deployment by reduction of deployment risk - -- Simplified profile management - -[How to Install the App-V 5.0 Client for Shared Content Store Mode](how-to-install-the-app-v-50-client-for-shared-content-store-mode.md) - - - - - - -## Other resources for the App-V 5.0 deployment - - -[Planning to Deploy App-V](planning-to-deploy-app-v.md) - - - - - - - - - diff --git a/mdop/appv-v5/planning-for-the-app-v-50-server-deployment.md b/mdop/appv-v5/planning-for-the-app-v-50-server-deployment.md deleted file mode 100644 index cfbadbc58c..0000000000 --- a/mdop/appv-v5/planning-for-the-app-v-50-server-deployment.md +++ /dev/null @@ -1,121 +0,0 @@ ---- -title: Planning for the App-V 5.0 Server Deployment -description: Planning for the App-V 5.0 Server Deployment -author: dansimp -ms.assetid: fd89b324-3961-471a-ad90-c8f9ae7a8155 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning for the App-V 5.0 Server Deployment - - -The Microsoft Application Virtualization (App-V) 5.0 server infrastructure consists of a set of specialized features that can be installed on one or more server computers, based on the requirements of the enterprise. - -## Planning for App-V 5.0 Server Deployment - - -The App-V 5.0 server consists of the following features: - -- Management Server – provides overall management functionality for the App-V 5.0 infrastructure. - -- Management Database – facilitates database predeployments for App-V 5.0 management. - -- Publishing Server – provides hosting and streaming functionality for virtual applications. - -- Reporting Server – provides App-V 5.0 reporting services. - -- Reporting Database – facilitates database predeployments for App-V 5.0 reporting. - -The following list displays the recommended methods for installing the App-V 5.0 server infrastructure: - -- Install the App-V 5.0 server. For more information, see [How to Deploy the App-V 5.0 Server](how-to-deploy-the-app-v-50-server-50sp3.md). - -- Install the database, reporting, and management features on separate computers. For more information, see [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services.md). - -- Use Electronic Software Distribution (ESD). For more information, see [How to deploy App-V 5.0 Packages Using Electronic Software Distribution](how-to-deploy-app-v-50-packages-using-electronic-software-distribution.md). - -- Install all server features on a single computer. - -## App-V 5.0 Server Interaction - - -This section contains information about how the various App-V 5.0 server roles interact with each other. - -The App-V 5.0 Management Server contains the repository of packages and their assigned configurations. For Publishing Servers that are registered with the Management Server, the associated metadata is provided to the Publishing servers for use when publishing refresh requests are received from computers running the App-V 5.0 Client. App-V 5.0 publishing servers managed by a single management server can be serving different clients and can have different website names and port bindings. Additionally, all Publishing Servers managed by the same Management Server are replicas of each other. - -**Note**   -The Management Server does not perform any load balancing. The associated metadata is simply passed to the publishing server for use when processing client requests. - - - -## Server-Related Protocols and External Features - - -The following displays information about server-related protocols used by the App-V 5.0 servers. The table also includes the reporting mechanism for each server type. - - ------- - - - - - - - - - - - - - - - - - - - - - - - - - -
Server TypeProtocolsExternal Features NeededReporting

IIS server

HTTP

-

HTTPS

This server-protocol combination requires a mechanism to synchronize the content between the Management Server and the Streaming Server. When using HTTP or HTTPS, use an IIS server and a firewall to protect the server from exposure to the Internet.

Internal

File

SMB

This server-protocol combination requires support to synchronize the content between the Management Server and the Streaming Server. Use a client computer with file sharing or streaming capability.

Internal

- - - - - - - - -## Related topics - - -[Planning to Deploy App-V](planning-to-deploy-app-v.md) - -[Deploying the App-V 5.0 Server](deploying-the-app-v-50-server.md) - - - - - - - - - diff --git a/mdop/appv-v5/planning-for-the-app-v-51-sequencer-and-client-deployment.md b/mdop/appv-v5/planning-for-the-app-v-51-sequencer-and-client-deployment.md deleted file mode 100644 index 2dc56979b0..0000000000 --- a/mdop/appv-v5/planning-for-the-app-v-51-sequencer-and-client-deployment.md +++ /dev/null @@ -1,110 +0,0 @@ ---- -title: Planning for the App-V 5.1 Sequencer and Client Deployment -description: Planning for the App-V 5.1 Sequencer and Client Deployment -author: dansimp -ms.assetid: d92f8773-fa7d-4926-978a-433978f91202 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/21/2016 ---- - - -# Planning for the App-V 5.1 Sequencer and Client Deployment - - -Before you can start to use Microsoft Application Virtualization (App-V) 5.1, you must install the App-V 5.1 sequencer, the App-V 5.1 client, and optionally the App-V 5.1 shared content store. The following sections address planning for these installations. - -## Planning for App-V 5.1 sequencer deployment - - -App-V 5.1 uses a process called sequencing to create virtualized applications and application packages. Sequencing requires the use of a computer that runs the App-V 5.1 sequencer. - -**Note**   -For information about the new functionality of App-V 5.1 sequencer, see the **Sequencer Improvements** section of [About App-V 5.1](about-app-v-51.md). - - - -The computer that runs the App-V 5.1 sequencer must meet the minimum system requirements. For a list of these requirements, see [App-V 5.1 Supported Configurations](app-v-51-supported-configurations.md). - -Ideally, you should install the sequencer on a computer running as a virtual machine. This enables you to more easily revert the computer running the sequencer to a “clean” state before sequencing another application. When you install the sequencer using a virtual machine, you should perform the following steps: - -1. Install all associated sequencer prerequisites. - -2. Install the sequencer. - -3. Take a “snapshot” of the environment. - -**Important**   -You should have your corporate security team review and approve the sequencing process plan. For security reasons, you should keep the sequencer operations in a lab that is separate from the production environment. The separation arrangement can be as simple or as comprehensive as necessary, based on your business requirements. The sequencing computers must be able to connect to the corporate network to copy finished packages to the production servers. However, because the sequencing computers are typically operated without antivirus protection, they must not be on the corporate network unprotected. For example, you might be able to operate behind a firewall or on an isolated network segment. You might also be able to use virtual machines that are configured to share an isolated virtual network. Follow your corporate security policies to safely address these concerns. - - - -## Planning for App-V 5.1 client deployment - - -To run virtualized packages on target computers, you must install the App-V 5.1 client on the target computers. The App-V 5.1 client is the component that runs a virtualized application on a target computer. The client enables users to interact with icons and specific file types to start virtualized applications. The client also helps obtain application content from the management server and caches the content before the client starts the application. There are two different client types: the client for Remote Desktop Services, which is used on Remote Desktop Session Host (RD Session Host) server systems and the App-V 5.1 client, which is used for all other computers. - -The App-V 5.1 client should be configured by using either the installer command line or by using a PowerShell script after the installation has been completed. - -The settings must be defined carefully in advance in order to expedite the deployment of the App-V 5.1 client software. This is especially important when you have computers in different offices where the clients must be configured to use different source locations. - -You must also determine how you will deploy the client software. Although it is possible to deploy the client manually on each computer, most organizations prefer to deploy the client through an automated process. A larger organization might have an operational Electronic Software Distribution (ESD) system, which is an ideal client deployment system. If no ESD system exists, you can use your organization’s standard method of installing software. Possible methods include Group Policy or various scripting techniques. Depending on the quantity and disparate locations of your client computers, this deployment process can be complex. You must use a structured approach to ensure that all computers get the client installed with the correct configuration. - -For a list of the client minimum requirements see [App-V 5.1 Prerequisites](app-v-51-prerequisites.md). - -## Planning for App-V client coexistence - - -You can deploy the App-V 5.1 client side by side with the App-V 4.6 client. Client coexistence requires that you add or publish virtualized applications by using either a deployment configuration file or a user configuration file, because there are certain settings in these configuration files that must be configured in order for App-V 5.1 to function with App-V 4.6 clients. When a package is upgraded by using either the client or the server, the package must resubmit the configuration file. This is true for any package that has a corresponding configuration file, so it is not specific to client coexistence. However, if you do not submit the configuration file during the package upgrade, then the package state will not function as expected in coexistence scenarios. - -App-V 5.1 dynamic configuration files customize a package for a specific user. You must create the dynamic user configuration (.xml) file or the dynamic deployment configuration file before you can use them. To create the file it requires an advanced manual operation. - -When a dynamic user configuration file is used, none of the App-V 5.1 information for the extension in the manifest file is used. This means that the dynamic user configuration file must include everything for the extension that is specific to App-V 5.1 in the manifest file, as well as the changes that you want to make, such as, deletions and updates. For more information about how to create a custom configuration file, see [How to Create a Custom Configuration File by Using the App-V 5.1 Management Console](how-to-create-a-custom-configuration-file-by-using-the-app-v-51-management-console.md). - -## Planning for the App-V 5.1 Shared Content Store (SCS) - - -The App-V 5.1 shared content store mode allows the computer running the App-V 5.1 client to run virtualized applications and none of the package contents is saved on the computer running the App-V 5.1 client. Virtual applications are streamed to target computers only when requested by the client. - -The following list displays some of the benefits of using the App-V 5.1 shared content store: - -- Reduced app-to-app and multi-user application conflicts and hence a reduced need for regression testing - -- Accelerated application deployment by reduction of deployment risk - -- Simplified profile management - - - - - - -## Other resources for the App-V 5.1 deployment - - -[Planning to Deploy App-V](planning-to-deploy-app-v51.md) - -## Related topics - - -[How to Install the Sequencer](how-to-install-the-sequencer-51beta-gb18030.md) - -[How to Deploy the App-V Client](how-to-deploy-the-app-v-client-51gb18030.md) - -[How to Deploy the App-V 4.6 and the App-V 5.1 Client on the Same Computer](how-to-deploy-the-app-v-46-and-the-app-v--51-client-on-the-same-computer.md) - -[How to Install the App-V 5.1 Client for Shared Content Store Mode](how-to-install-the-app-v-51-client-for-shared-content-store-mode.md) - - - - - - - - - diff --git a/mdop/appv-v5/planning-for-the-app-v-51-server-deployment.md b/mdop/appv-v5/planning-for-the-app-v-51-server-deployment.md deleted file mode 100644 index cbba13e491..0000000000 --- a/mdop/appv-v5/planning-for-the-app-v-51-server-deployment.md +++ /dev/null @@ -1,121 +0,0 @@ ---- -title: Planning for the App-V 5.1 Server Deployment -description: Planning for the App-V 5.1 Server Deployment -author: dansimp -ms.assetid: eedd97c9-bee0-4749-9d1e-ab9528fba398 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning for the App-V 5.1 Server Deployment - - -The Microsoft Application Virtualization (App-V) 5.1 server infrastructure consists of a set of specialized features that can be installed on one or more server computers, based on the requirements of the enterprise. - -## Planning for App-V 5.1 Server Deployment - - -The App-V 5.1 server consists of the following features: - -- Management Server – provides overall management functionality for the App-V 5.1 infrastructure. - -- Management Database – facilitates database predeployments for App-V 5.1 management. - -- Publishing Server – provides hosting and streaming functionality for virtual applications. - -- Reporting Server – provides App-V 5.1 reporting services. - -- Reporting Database – facilitates database predeployments for App-V 5.1 reporting. - -The following list displays the recommended methods for installing the App-V 5.1 server infrastructure: - -- Install the App-V 5.1 server. For more information, see [How to Deploy the App-V 5.1 Server](how-to-deploy-the-app-v-51-server.md). - -- Install the database, reporting, and management features on separate computers. For more information, see [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services51.md). - -- Use Electronic Software Distribution (ESD). For more information, see [How to deploy App-V 5.1 Packages Using Electronic Software Distribution](how-to-deploy-app-v-51-packages-using-electronic-software-distribution.md). - -- Install all server features on a single computer. - -## App-V 5.1 Server Interaction - - -This section contains information about how the various App-V 5.1 server roles interact with each other. - -The App-V 5.1 Management Server contains the repository of packages and their assigned configurations. For Publishing Servers that are registered with the Management Server, the associated metadata is provided to the Publishing servers for use when publishing refresh requests are received from computers running the App-V 5.1 Client. App-V 5.1 publishing servers managed by a single management server can be serving different clients and can have different website names and port bindings. Additionally, all Publishing Servers managed by the same Management Server are replicas of each other. - -**Note**   -The Management Server does not perform any load balancing. The associated metadata is simply passed to the publishing server for use when processing client requests. - - - -## Server-Related Protocols and External Features - - -The following displays information about server-related protocols used by the App-V 5.1 servers. The table also includes the reporting mechanism for each server type. - - ------- - - - - - - - - - - - - - - - - - - - - - - - - - -
Server TypeProtocolsExternal Features NeededReporting

IIS server

HTTP

-

HTTPS

This server-protocol combination requires a mechanism to synchronize the content between the Management Server and the Streaming Server. When using HTTP or HTTPS, use an IIS server and a firewall to protect the server from exposure to the Internet.

Internal

File

SMB

This server-protocol combination requires support to synchronize the content between the Management Server and the Streaming Server. Use a client computer with file sharing or streaming capability.

Internal

- - - - - - - - -## Related topics - - -[Planning to Deploy App-V](planning-to-deploy-app-v51.md) - -[Deploying the App-V 5.1 Server](deploying-the-app-v-51-server.md) - - - - - - - - - diff --git a/mdop/appv-v5/planning-for-using-app-v-with-office.md b/mdop/appv-v5/planning-for-using-app-v-with-office.md deleted file mode 100644 index bb0f791a10..0000000000 --- a/mdop/appv-v5/planning-for-using-app-v-with-office.md +++ /dev/null @@ -1,398 +0,0 @@ ---- -title: Planning for Using App-V with Office -description: Planning for Using App-V with Office -author: dansimp -ms.assetid: c4371869-4bfc-4d13-9198-ef19f99fc192 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Planning for Using App-V with Office - - -Use the following information to plan how to deploy Office by using App-V. This article includes: - -- [App-V support for Language Packs](#bkmk-lang-pack) - -- [Supported versions of Microsoft Office](#bkmk-office-vers-supp-appv) - -- [Planning for using App-V with coexisting versions of Office](#bkmk-plan-coexisting) - -- [How Office integrates with Windows when you deploy use App-V to deploy Office](#bkmk-office-integration-win) - -## App-V support for Language Packs - - -You can use the App-V 5.0 Sequencer to create plug-in packages for Language Packs, Language Interface Packs, Proofing Tools and ScreenTip Languages. You can then include the plug-in packages in a Connection Group, along with the Office 2013 package that you create by using the Office Deployment Toolkit. The Office applications and the plug-in Language Packs interact seamlessly in the same connection group, just like any other packages that are grouped together in a connection group. - -**Note**   -Microsoft Visio and Microsoft Project do not provide support for the Thai Language Pack. - - - -## Supported versions of Microsoft Office - - -The following table lists the versions of Microsoft Office that App-V supports, methods of Office package creation, supported licensing, and supported deployments. - - ------- - - - - - - - - - - - - - - - - - - - - - - - - - -
Supported Office VersionSupported App-V VersionsPackage CreationSupported LicensingSupported Deployments

Microsoft 365 Apps for enterprise

-

Also supported:

-
    -

  • Visio Pro for Office 365

    • -

  • Project Pro for Office 365

    • -
    -

  • App-V 5.0

    • -

  • App-V 5.0 SP1

    • -

  • App-V 5.0 SP2

    • -

Office Deployment Tool

Subscription

    -

  • Desktop

    • -

  • Personal VDI

    • -

  • Pooled VDI

    • -

  • RDS

    • -

Office Professional Plus 2013

-

Also supported:

-
    -

  • Visio Professional 2013

    • -

  • Project Professional 2013

    • -
    -

  • App-V 5.0

    • -

  • App-V 5.0 SP1

    • -

  • App-V 5.0 SP2

    • -

Office Deployment Tool

Volume Licensing

    -

  • Desktop

    • -

  • Personal VDI

    • -

  • Pooled VDI

    • -

  • RDS

    • -
- - - -## Planning for using App-V with coexisting versions of Office - - -You can install more than one version of Microsoft Office side by side on the same computer by using “Microsoft Office coexistence.” You can implement Office coexistence with combinations of all major versions of Office and with installation methods, as applicable, by using the Windows Installer-based (MSi) version of Office, Click-to-Run, and App-V 5.0 SP2. However, using Office coexistence is not recommended by Microsoft. - -Microsoft’s recommended best practice is to avoid Office coexistence completely to prevent compatibility issues. However, when you are migrating to a newer version of Office, issues occasionally arise that can’t be resolved immediately, so you can temporarily implement coexistence to help facilitate a faster migration to the latest product version. Using Office coexistence on a long-term basis is never recommended, and your organization should have a plan to fully transition in the immediate future. - -### Before you implement Office coexistence - -Before implementing Office coexistence, review the following Office documentation. Choose the article that corresponds to the newest version of Office for which you plan to implement coexistence. - - ---- - - - - - - - - - - - - - - - - -
Office versionLink to guidance

Office 2013

Information about how to use Office 2013 suites and programs (MSI deployment) on a computer that is running another version of Office

Office 2010

Information about how to use Office 2010 suites and programs on a computer that is running another version of Office

- - - -The Office documentation provides extensive guidance on coexistence for Windows Installer-based (MSi) and Click-to-Run installations of Office. This App-V topic on coexistence supplements the Office guidance with information that is more specific to App-V deployments. - -### Supported Office coexistence scenarios - -The following tables summarize the supported coexistence scenarios. They are organized according to the version and deployment method you’re starting with and the version and deployment method you are migrating to. Be sure to fully test all coexistence solutions before deploying them to a production audience. - -**Note**   -Microsoft does not support the use of multiple versions of Office in Windows Server environments that have the Remote Desktop Session Host role service enabled. To run Office coexistence scenarios, you must disable this role service. - - - -### Windows integrations & Office coexistence - -The Windows Installer-based and Click-to-Run Office installation methods integrate with certain points of the underlying Windows operating system. When you use coexistence, common operating system integrations between two Office versions can conflict, causing compatibility and user experience issues. With App-V, you can sequence certain versions of Office to exclude integrations, thereby “isolating” them from the operating system. - - ---- - - - - - - - - - - - - - - - - - - - - -
Mode in which App-V can sequence this version of Office

Office 2007

Always non-integrated. App-V does not offer any operating system integrations with a virtualized version of Office 2007.

Office 2010

Integrated and non-integrated mode.

Office 2013

Always integrated. Windows operating system integrations cannot be disabled.

- - - -Microsoft recommends that you deploy Office coexistence with only one integrated Office instance. For example, if you’re using App-V to deploy Office 2010 and Office 2013, you should sequence Office 2010 in non-integrated mode. For more information about sequencing Office in non-integration (isolated) mode, see [How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/kb/2830069). - -### Known limitations of Office coexistence scenarios - -The following sections describe some issues that you might encounter when using App-V to implement coexistence with Office. - -### Limitations common to Windows Installer-based/Click-to-Run and App-V Office coexistence scenarios - -The following limitations can occur when you install the following versions of Office on the same computer: - -- Office 2010 by using the Windows Installer-based version - -- Office 2013 by using App-V - -After you publish Office 2013 by using App-V side by side with an earlier version of the Windows Installer-based Office 2010 might also cause the Windows Installer to start. This is because the Windows Installer-based or Click-to-Run version of Office 2010 is trying to automatically register itself to the computer. - -To bypass the auto-registration operation for native Word 2010, follow these steps: - -1. Exit Word 2010. - -2. Start the Registry Editor by doing the following: - - - In Windows 7: Click **Start**, type **regedit** in the Start Search box, and then press Enter. - - - In Windows 8, type **regedit** press Enter on the Start page and then press Enter. - - If you are prompted for an administrator password or for a confirmation, type the password, or click **Continue**. - -3. Locate and then select the following registry subkey: - - ``` syntax - HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options - ``` - -4. On the **Edit** menu, click **New**, and then click **DWORD Value**. - -5. Type **NoReReg**, and then press Enter. - -6. Right-click **NoReReg** and then click **Modify**. - -7. In the **Valuedata** box, type **1**, and then click **OK**. - -8. On the File menu, click **Exit** to close Registry Editor. - -## How Office integrates with Windows when you use App-V to deploy Office - - -When you deploy Office 2013 by using App-V, Office is fully integrated with the operating system, which provides end users with the same features and functionality as Office has when it is deployed without App-V. - -The Office 2013 App-V package supports the following integration points with the Windows operating system: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Extension PointDescription

Lync meeting Join Plug-in for Firefox and Chrome

User can join Lync meetings from Firefox and Chrome

Sent to OneNote Print Driver

User can print to OneNote

OneNote Linked Notes

OneNote Linked Notes

Send to OneNote Internet Explorer Add-In

User can send to OneNote from IE

Firewall Exception for Lync and Outlook

Firewall Exception for Lync and Outlook

MAPI Client

Native apps and add-ins can interact with virtual Outlook through MAPI

SharePoint Plug-in for Firefox

User can use SharePoint features in Firefox

Mail Control Panel Applet

User gets the mail control panel applet in Outlook

Primary Interop Assemblies

Support managed add-ins

Office Document Cache Handler

Allows Document Cache for Office applications

Outlook Protocol Search handler

User can search in outlook

Active X Controls:

For more information on ActiveX controls, refer to ActiveX Control API Reference.

   Groove.SiteClient

Active X Control

   PortalConnect.PersonalSite

Active X Control

   SharePoint.openDocuments

Active X Control

   SharePoint.ExportDatabase

Active X Control

   SharePoint.SpreadSheetLauncher

Active X Control

   SharePoint.StssyncHander

Active X Control

   SharePoint.DragUploadCtl

Active X Control

   SharePoint.DragDownloadCtl

Active X Control

   Sharepoint.OpenXMLDocuments

Active X Control

   Sharepoint.ClipboardCtl

Active X control

   WinProj.Activator

Active X Control

   Name.NameCtrl

Active X Control

   STSUPld.CopyCtl

Active X Control

   CommunicatorMeetingJoinAx.JoinManager

Active X Control

   LISTNET.Listnet

Active X Control

   OneDrive Pro Browser Helper

Active X Control]

OneDrive Pro Icon Overlays

Windows Explorer shell icon overlays when users look at folders OneDrive Pro folders

Shell extensions

Shortcuts

Windows Search

- - - - - - - - - - - - - - - - diff --git a/mdop/appv-v5/planning-for-using-app-v-with-office51.md b/mdop/appv-v5/planning-for-using-app-v-with-office51.md deleted file mode 100644 index 76e791e8a6..0000000000 --- a/mdop/appv-v5/planning-for-using-app-v-with-office51.md +++ /dev/null @@ -1,335 +0,0 @@ ---- -title: Planning for Using App-V with Office -description: Planning for Using App-V with Office -author: dansimp -ms.assetid: e7a19b43-1746-469f-bad6-8e75cf4b3f67 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 03/16/2017 ---- - - -# Planning for Using App-V with Office - - -Use the following information to plan how to deploy Office by using Microsoft Application Virtualization (App-V) 5.1. This article includes: - -- [App-V support for Language Packs](#bkmk-lang-pack) - -- [Supported versions of Microsoft Office](#bkmk-office-vers-supp-appv) - -- [Planning for using App-V with coexisting versions of Office](#bkmk-plan-coexisting) - -- [How Office integrates with Windows when you deploy use App-V to deploy Office](#bkmk-office-integration-win) - -## App-V support for Language Packs - - -You can use the App-V 5.1 Sequencer to create plug-in packages for Language Packs, Language Interface Packs, Proofing Tools and ScreenTip Languages. You can then include the plug-in packages in a Connection Group, along with the Office 2013 package that you create by using the Office Deployment Toolkit. The Office applications and the plug-in Language Packs interact seamlessly in the same connection group, just like any other packages that are grouped together in a connection group. - ->**Note**   -Microsoft Visio and Microsoft Project do not provide support for the Thai Language Pack. - - - -## Supported versions of Microsoft Office - -See [Microsoft Office Product IDs that App-V supports](https://support.microsoft.com/help/2842297/product-ids-that-are-supported-by-the-office-deployment-tool-for-click) for a list of supported Office products. ->**Note**  You must use the Office Deployment Tool to create App-V packages for Microsoft 365 Apps for enterprise. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported. You cannot use the App-V Sequencer. - - - -## Planning for using App-V with coexisting versions of Office - - -You can install more than one version of Microsoft Office side by side on the same computer by using “Microsoft Office coexistence.” You can implement Office coexistence with combinations of all major versions of Office and with installation methods, as applicable, by using the Windows Installer-based (MSi) version of Office, Click-to-Run, and App-V 5.1. However, using Office coexistence is not recommended by Microsoft. - -Microsoft’s recommended best practice is to avoid Office coexistence completely to prevent compatibility issues. However, when you are migrating to a newer version of Office, issues occasionally arise that can’t be resolved immediately, so you can temporarily implement coexistence to help facilitate a faster migration to the latest product version. Using Office coexistence on a long-term basis is never recommended, and your organization should have a plan to fully transition in the immediate future. - -### Before you implement Office coexistence - -Before implementing Office coexistence, review the following Office documentation. Choose the article that corresponds to the newest version of Office for which you plan to implement coexistence. - - ---- - - - - - - - - - - - - - - - - -
Office versionLink to guidance

Office 2013

Information about how to use Office 2013 suites and programs (MSI deployment) on a computer that is running another version of Office

Office 2010

Information about how to use Office 2010 suites and programs on a computer that is running another version of Office

- - - -The Office documentation provides extensive guidance on coexistence for Windows Installer-based (MSi) and Click-to-Run installations of Office. This App-V topic on coexistence supplements the Office guidance with information that is more specific to App-V deployments. - -### Supported Office coexistence scenarios - -The following tables summarize the supported coexistence scenarios. They are organized according to the version and deployment method you’re starting with and the version and deployment method you are migrating to. Be sure to fully test all coexistence solutions before deploying them to a production audience. - ->**Note**   -Microsoft does not support the use of multiple versions of Office in Windows Server environments that have the Remote Desktop Session Host role service enabled. To run Office coexistence scenarios, you must disable this role service. - - - -### Windows integrations & Office coexistence - -The Windows Installer-based and Click-to-Run Office installation methods integrate with certain points of the underlying Windows operating system. When you use coexistence, common operating system integrations between two Office versions can conflict, causing compatibility and user experience issues. With App-V, you can sequence certain versions of Office to exclude integrations, thereby “isolating” them from the operating system. - - ---- - - - - - - - - - - - - - - - - - - - - -
Mode in which App-V can sequence this version of Office

Office 2007

Always non-integrated. App-V does not offer any operating system integrations with a virtualized version of Office 2007.

Office 2010

Integrated and non-integrated mode.

Office 2013

Always integrated. Windows operating system integrations cannot be disabled.

- - - -Microsoft recommends that you deploy Office coexistence with only one integrated Office instance. For example, if you’re using App-V to deploy Office 2010 and Office 2013, you should sequence Office 2010 in non-integrated mode. For more information about sequencing Office in non-integration (isolated) mode, see [How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/kb/2830069). - -### Known limitations of Office coexistence scenarios - -The following sections describe some issues that you might encounter when using App-V to implement coexistence with Office. - -### Limitations common to Windows Installer-based/Click-to-Run and App-V Office coexistence scenarios - -The following limitations can occur when you install the following versions of Office on the same computer: - -- Office 2010 by using the Windows Installer-based version - -- Office 2013 by using App-V - -After you publish Office 2013 by using App-V side by side with an earlier version of the Windows Installer-based Office 2010 might also cause the Windows Installer to start. This is because the Windows Installer-based or Click-to-Run version of Office 2010 is trying to automatically register itself to the computer. - -To bypass the auto-registration operation for native Word 2010, follow these steps: - -1. Exit Word 2010. - -2. Start the Registry Editor by doing the following: - - - In Windows 7: Click **Start**, type **regedit** in the Start Search box, and then press Enter. - - - In Windows 8.1 or Windows 10, type **regedit** press Enter on the Start page and then press Enter. - - If you are prompted for an administrator password or for a confirmation, type the password, or click **Continue**. - -3. Locate and then select the following registry subkey: - - ``` syntax - HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options - ``` - -4. On the **Edit** menu, click **New**, and then click **DWORD Value**. - -5. Type **NoReReg**, and then press Enter. - -6. Right-click **NoReReg** and then click **Modify**. - -7. In the **Valuedata** box, type **1**, and then click **OK**. - -8. On the File menu, click **Exit** to close Registry Editor. - -## How Office integrates with Windows when you use App-V to deploy Office - - -When you deploy Office 2013 by using App-V, Office is fully integrated with the operating system, which provides end users with the same features and functionality as Office has when it is deployed without App-V. - -The Office 2013 App-V package supports the following integration points with the Windows operating system: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Extension PointDescription

Lync meeting Join Plug-in for Firefox and Chrome

User can join Lync meetings from Firefox and Chrome

Sent to OneNote Print Driver

User can print to OneNote

OneNote Linked Notes

OneNote Linked Notes

Send to OneNote Internet Explorer Add-In

User can send to OneNote from IE

Firewall Exception for Lync and Outlook

Firewall Exception for Lync and Outlook

MAPI Client

Native apps and add-ins can interact with virtual Outlook through MAPI

SharePoint Plug-in for Firefox

User can use SharePoint features in Firefox

Mail Control Panel Applet

User gets the mail control panel applet in Outlook

Primary Interop Assemblies

Support managed add-ins

Office Document Cache Handler

Allows Document Cache for Office applications

Outlook Protocol Search handler

User can search in outlook

Active X Controls:

For more information on ActiveX controls, refer to ActiveX Control API Reference.

   Groove.SiteClient

Active X Control

   PortalConnect.PersonalSite

Active X Control

   SharePoint.openDocuments

Active X Control

   SharePoint.ExportDatabase

Active X Control

   SharePoint.SpreadSheetLauncher

Active X Control

   SharePoint.StssyncHander

Active X Control

   SharePoint.DragUploadCtl

Active X Control

   SharePoint.DragDownloadCtl

Active X Control

   Sharepoint.OpenXMLDocuments

Active X Control

   Sharepoint.ClipboardCtl

Active X control

   WinProj.Activator

Active X Control

   Name.NameCtrl

Active X Control

   STSUPld.CopyCtl

Active X Control

   CommunicatorMeetingJoinAx.JoinManager

Active X Control

   LISTNET.Listnet

Active X Control

   OneDrive Pro Browser Helper

Active X Control]

OneDrive Pro Icon Overlays

Windows Explorer shell icon overlays when users look at folders OneDrive Pro folders

Shell extensions

Shortcuts

Windows Search

- - - - - - - - - - - - - - - - diff --git a/mdop/appv-v5/planning-to-deploy-app-v-50-with-an-electronic-software-distribution-system.md b/mdop/appv-v5/planning-to-deploy-app-v-50-with-an-electronic-software-distribution-system.md deleted file mode 100644 index 0cc8198165..0000000000 --- a/mdop/appv-v5/planning-to-deploy-app-v-50-with-an-electronic-software-distribution-system.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Planning to Deploy App-V 5.0 with an Electronic Software Distribution System -description: Planning to Deploy App-V 5.0 with an Electronic Software Distribution System -author: dansimp -ms.assetid: 8cd3f1fb-b84e-4260-9e72-a14d01e7cadf -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Planning to Deploy App-V 5.0 with an Electronic Software Distribution System - - -If you are using an electronic software distribution system to deploy App-V packages, review the following planning considerations. For information about using System Center Configuration Manager to deploy App-V, see [Introduction to Application Management in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=281816). - -Review the following component and architecture requirements options that apply when you use an ESD to deploy App-V packages: - - ---- - - - - - - - - - - - - - - - - -
Deployment requirement or optionDescription

The App-V Management server, Management database, and Publishing server are not required.

These functions are handled by the implemented ESD solution.

You can deploy the App-V Reporting server and Reporting database side by side with the ESD.

The side-by-side deployment lets you to collect data and generate reports.

-

If you enable the App-V client to send report information, and you are not using the App-V Reporting server, the reporting data is stored in associated .xml files.

- -  - - - - - - -  - -  - - - - - diff --git a/mdop/appv-v5/planning-to-deploy-app-v-51-with-an-electronic-software-distribution-system.md b/mdop/appv-v5/planning-to-deploy-app-v-51-with-an-electronic-software-distribution-system.md deleted file mode 100644 index 6033a54f5b..0000000000 --- a/mdop/appv-v5/planning-to-deploy-app-v-51-with-an-electronic-software-distribution-system.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: Planning to Deploy App-V 5.1 with an Electronic Software Distribution System -description: Planning to Deploy App-V 5.1 with an Electronic Software Distribution System -author: dansimp -ms.assetid: c26602c2-5e8d-44e6-90df-adacc593607e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Planning to Deploy App-V 5.1 with an Electronic Software Distribution System - - -If you are using an electronic software distribution system to deploy App-V packages, review the following planning considerations. For information about using System Center Configuration Manager to deploy App-V, see [Introduction to Application Management in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=281816). - -Review the following component and architecture requirements options that apply when you use an ESD to deploy App-V packages: - - ---- - - - - - - - - - - - - - - - - -
Deployment requirement or optionDescription

The App-V Management server, Management database, and Publishing server are not required.

These functions are handled by the implemented ESD solution.

You can deploy the App-V Reporting server and Reporting database side by side with the ESD.

The side-by-side deployment lets you to collect data and generate reports.

-

If you enable the App-V client to send report information, and you are not using the App-V Reporting server, the reporting data is stored in associated .xml files.

- -  - - - - - - -## Related topics - - -[Planning to Deploy App-V](planning-to-deploy-app-v51.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/planning-to-deploy-app-v.md b/mdop/appv-v5/planning-to-deploy-app-v.md deleted file mode 100644 index c12ddb523d..0000000000 --- a/mdop/appv-v5/planning-to-deploy-app-v.md +++ /dev/null @@ -1,97 +0,0 @@ ---- -title: Planning to Deploy App-V -description: Planning to Deploy App-V -author: dansimp -ms.assetid: 28d3035c-3805-4339-90fc-6c3fd3b1123e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning to Deploy App-V - - -You should consider a number of different deployment configurations and prerequisites before you create your deployment plan for Microsoft Application Virtualization (App-V) 5.0. This section includes information that can help you gather the information that you must have to formulate a deployment plan that best meets your business requirements. - -## App-V 5.0 supported configurations - - -Describes the minimum hardware and operating system requirements for each App-V components. For information about software prerequisites that you must install before you install App-V, see [App-V 5.0 Prerequisites](app-v-50-prerequisites.md). - -[App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md) - -## App-V 5.0 capacity planning - - -Describes the available options for scaling your App-V 5.0 deployment. - -[App-V 5.0 Capacity Planning](app-v-50-capacity-planning.md) - -## Planning for high availability with App-V 5.0 - - -Describes the available options for ensuring high availability of App-V 5.0 databases and services. - -[Planning for High Availability with App-V 5.0](planning-for-high-availability-with-app-v-50.md) - -## Planning to Deploy App-V 5.0 with an Electronic Software Distribution System - - -Describes the options and requirements for deploying App-V with an electronic software distribution system. - -[Planning to Deploy App-V 5.0 with an Electronic Software Distribution System](planning-to-deploy-app-v-50-with-an-electronic-software-distribution-system.md) - -## Planning for the App-V 5.0 Server deployment - - -Describes the planning considerations for the App-V Server components and their functions. - -[Planning for the App-V 5.0 Server Deployment](planning-for-the-app-v-50-server-deployment.md) - -## Planning for the App-V 5.0 Sequencer and Client deployment - - -Describes the planning considerations for the App-V Client and for the Sequencer software, which you use to create virtual applications and application packages. - -[Planning for the App-V 5.0 Sequencer and Client Deployment](planning-for-the-app-v-50-sequencer-and-client-deployment.md) - -## Planning for migrating from a previous version of App-V - - -Describes the recommended path for migrating from previous versions of App-V, while ensuring that existing server configurations, packages and clients continue to work in your new App-V environment. - -[Planning for Migrating from a Previous Version of App-V](planning-for-migrating-from-a-previous-version-of-app-v.md) - -## Planning for using App-V with Office - - -Describes the requirements for using App-V with Office and explains the supported scenarios, including information about coexisting versions of Office. - -[Planning for Using App-V with Office](planning-for-using-app-v-with-office.md) - -## Planning to use folder redirection with App-V - - -Explains how folder redirection works with App-V. - -[Planning to Use Folder Redirection with App-V](planning-to-use-folder-redirection-with-app-v.md) - -## Other Resources for App-V 5.0 Planning - - -- [Planning for App-V 5.0](planning-for-app-v-50-rc.md)[Performance Guidance for Application Virtualization 5.0](performance-guidance-for-application-virtualization-50.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/planning-to-deploy-app-v51.md b/mdop/appv-v5/planning-to-deploy-app-v51.md deleted file mode 100644 index dc0bca0071..0000000000 --- a/mdop/appv-v5/planning-to-deploy-app-v51.md +++ /dev/null @@ -1,99 +0,0 @@ ---- -title: Planning to Deploy App-V -description: Planning to Deploy App-V -author: dansimp -ms.assetid: 39cbf981-d9c6-457f-b047-f9046e1a6442 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning to Deploy App-V - - -You should consider a number of different deployment configurations and prerequisites before you create your deployment plan for Microsoft Application Virtualization (App-V) 5.1. This section includes information that can help you gather the information that you must have to formulate a deployment plan that best meets your business requirements. - -## App-V 5.1 supported configurations - - -Describes the minimum hardware and operating system requirements for each App-V components. For information about software prerequisites that you must install before you install App-V, see [App-V 5.1 Prerequisites](app-v-51-prerequisites.md). - -[App-V 5.1 Supported Configurations](app-v-51-supported-configurations.md) - -## App-V 5.1 capacity planning - - -Describes the available options for scaling your App-V 5.1 deployment. - -[App-V 5.1 Capacity Planning](app-v-51-capacity-planning.md) - -## Planning for high availability with App-V 5.1 - - -Describes the available options for ensuring high availability of App-V 5.1 databases and services. - -[Planning for High Availability with App-V 5.1](planning-for-high-availability-with-app-v-51.md) - -## Planning to Deploy App-V 5.1 with an Electronic Software Distribution System - - -Describes the options and requirements for deploying App-V with an electronic software distribution system. - -[Planning to Deploy App-V 5.1 with an Electronic Software Distribution System](planning-to-deploy-app-v-51-with-an-electronic-software-distribution-system.md) - -## Planning for the App-V 5.1 Server deployment - - -Describes the planning considerations for the App-V Server components and their functions. - -[Planning for the App-V 5.1 Server Deployment](planning-for-the-app-v-51-server-deployment.md) - -## Planning for the App-V 5.1 Sequencer and Client deployment - - -Describes the planning considerations for the App-V Client and for the Sequencer software, which you use to create virtual applications and application packages. - -[Planning for the App-V 5.1 Sequencer and Client Deployment](planning-for-the-app-v-51-sequencer-and-client-deployment.md) - -## Planning for migrating from a previous version of App-V - - -Describes the recommended path for migrating from previous versions of App-V, while ensuring that existing server configurations, packages and clients continue to work in your new App-V environment. - -[Planning for Migrating from a Previous Version of App-V](planning-for-migrating-from-a-previous-version-of-app-v51.md) - -## Planning for using App-V with Office - - -Describes the requirements for using App-V with Office and explains the supported scenarios, including information about coexisting versions of Office. - -[Planning for Using App-V with Office](planning-for-using-app-v-with-office51.md) - -## Planning to use folder redirection with App-V - - -Explains how folder redirection works with App-V. - -[Planning to Use Folder Redirection with App-V](planning-to-use-folder-redirection-with-app-v51.md) - -## Other Resources for App-V 5.1 Planning - - -- [Planning for App-V 5.1](planning-for-app-v-51.md) - -- [Performance Guidance for Application Virtualization 5.1](performance-guidance-for-application-virtualization-51.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/planning-to-use-folder-redirection-with-app-v.md b/mdop/appv-v5/planning-to-use-folder-redirection-with-app-v.md deleted file mode 100644 index 5d2759961a..0000000000 --- a/mdop/appv-v5/planning-to-use-folder-redirection-with-app-v.md +++ /dev/null @@ -1,193 +0,0 @@ ---- -title: Planning to Use Folder Redirection with App-V -description: Planning to Use Folder Redirection with App-V -author: dansimp -ms.assetid: 2a4deeed-fdc0-465c-b88a-3a2fbbf27436 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning to Use Folder Redirection with App-V - - -App-V 5.0 SP2 supports the use of folder redirection, a feature that enables users and administrators to redirect the path of a folder to a new location. - -This topic contains the following sections: - -- [Requirements for using folder redirection](#bkmk-folder-redir-reqs) - -- [How to configure folder redirection for use with App-V](#bkmk-folder-redir-cfg) - -- [How folder redirection works with App-V](#bkmk-folder-redir-works) - -- [Overview of folder redirection](#bkmk-folder-redir-overview) - -## Requirements and unsupported scenarios for using folder redirection - - - ---- - - - - - - - - - - -

Requirements

To use %AppData% folder redirection, you must:

-
    -

  • Have an App-V package that has an AppData virtual file system (VFS) folder.

    • -

  • Enable folder redirection and redirect users’ folders to a shared folder, typically a network folder.

    • -

  • Roam both or neither of the following:

    -
    • -

  • Ensure that the following folders are available to each user who logs into the computer that is running the App-V 5.0 SP2 or later client:

    -
      -

    • %AppData% is configured to the desired network location (with or without Offline Files support).

      • -

    • %LocalAppData% is configured to the desired local folder.

      • -
    • -

Unsupported scenarios

    -

  • Configuring %LocalAppData% as a network drive.

    • -

  • Redirecting the Start menu to a single folder for multiple users.

    • -

  • If roaming AppData (%AppData%) is redirected to a network share that is not available, App-V applications will fail to launch as follows:

    - ---- - - - - - - - - - - - - - - - - -
    App-V versionScenario description

    In App-V 5.0 through App-V 5.0 SP2 plus hotfixes

    This failure will occur regardless of whether Offline Files is enabled.

    In App-V 5.0 SP3

    If the unavailable network share has been enabled for Offline Files, the App-V application will start successfully.

    -

    • -
- - - -## How to configure folder redirection for use with App-V - - -Folder redirection can be applied to different folders, such as Desktop, My Documents, My Pictures, etc. However, the only folder that impacts the use of App-V applications is the user’s roaming AppData folder (%AppData%). You can apply folder redirection to any other supported folders without impacting App-V. - -## How folder redirection works with App-V - - -The following table describes how folder redirection works when %AppData% is redirected to a network and when you have met the requirements listed earlier in this article. - - ---- - - - - - - - - - - - - - - - - -
Virtual environment stateAction that occurs

When the virtual environment starts

The virtual file system (VFS) AppData folder is mapped to the local AppData folder (%LocalAppData%) instead of to the user’s roaming AppData folder (%AppData%).

-
    -

  • LocalAppData contains a local cache of the user’s roaming AppData folder for the package in use. The local cache is located under:

    -

    %LocalAppData%\Microsoft\AppV\Client\VFS\PackageGUID\AppData

    • -

  • The latest data from the user’s roaming AppData folder is copied to and replaces the data currently in the local cache.

    • -

  • While the virtual environment is running, data continues to be saved to the local cache. Data is served only out of %LocalAppData% and is not moved or synchronized with %AppData% until the end user shuts down the computer.

    • -

  • Entries to the AppData folder are made using the user context, not the system context.

    • -
-
-Note

The App-V client folder redirection sometimes fails to move files from %AppData% to %LocalAppData%. See Release Notes for App-V 5.0 SP2.

-
-
- -

When the virtual environment shuts down

The local cached data in AppData (roaming) is zipped up and copied to the “real” roaming AppData folder in %AppData%. A time stamp, which indicates the last known upload, is simultaneously saved as a registry key under:

-

HKCU\Software\Microsoft\AppV\Client\Packages&lt;PACKAGE_GUID>\AppDataTime

-

To provide redundancy, App-V 5.0 keeps the three most recent copies of the compressed data under %AppData%.

- - - -## Overview of folder redirection - - - ---- - - - - - - - - - - - - - - - - - - -

Purpose

Enables end users to work with files, which have been redirected to another folder, as if the files still existed on the local drive.

Description

Folder redirection allows users and administrators to redirect the path of a folder to a network location. The documents in the folder are available to the user from any computer on the network.

-
    -

  • Folder redirection allows users and administrators to redirect the path of a folder to a network location. The documents in the folder are available to the user from any computer on the network.

    • -

  • The new location can be a folder on the local computer or a folder on a shared network.

    • -

  • Folder redirection updates the files immediately, whereas roaming data is typically synchronized when the user logs in or logs off.

    • -

Usage example

You can redirect the Documents folder, which is usually stored on the computer's local hard disk, to a network location. The user can access the documents in the folder from any computer on the network.

More resources

Folder redirection overview

- - - - - - - - - - - - - - - - diff --git a/mdop/appv-v5/planning-to-use-folder-redirection-with-app-v51.md b/mdop/appv-v5/planning-to-use-folder-redirection-with-app-v51.md deleted file mode 100644 index adf150f3e1..0000000000 --- a/mdop/appv-v5/planning-to-use-folder-redirection-with-app-v51.md +++ /dev/null @@ -1,193 +0,0 @@ ---- -title: Planning to Use Folder Redirection with App-V -description: Planning to Use Folder Redirection with App-V -author: dansimp -ms.assetid: 6bea9a8f-a915-4d7d-be67-ef1cca1398ed -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning to Use Folder Redirection with App-V - - -Microsoft Application Virtualization (App-V) 5.1 supports the use of folder redirection, a feature that enables users and administrators to redirect the path of a folder to a new location. - -This topic contains the following sections: - -- [Requirements for using folder redirection](#bkmk-folder-redir-reqs) - -- [How to configure folder redirection for use with App-V](#bkmk-folder-redir-cfg) - -- [How folder redirection works with App-V](#bkmk-folder-redir-works) - -- [Overview of folder redirection](#bkmk-folder-redir-overview) - -## Requirements and unsupported scenarios for using folder redirection - - - ---- - - - - - - - - - - -

Requirements

To use %AppData% folder redirection, you must:

-
    -

  • Have an App-V package that has an AppData virtual file system (VFS) folder.

    • -

  • Enable folder redirection and redirect users’ folders to a shared folder, typically a network folder.

    • -

  • Roam both or neither of the following:

    -
    • -

  • Ensure that the following folders are available to each user who logs into the computer that is running the App-V 5.0 SP2 or later client:

    -
      -

    • %AppData% is configured to the desired network location (with or without Offline Files support).

      • -

    • %LocalAppData% is configured to the desired local folder.

      • -
    • -

Unsupported scenarios

    -

  • Configuring %LocalAppData% as a network drive.

    • -

  • Redirecting the Start menu to a single folder for multiple users.

    • -

  • If roaming AppData (%AppData%) is redirected to a network share that is not available, App-V applications will fail to launch as follows:

    - ---- - - - - - - - - - - - - - - - - -
    App-V versionScenario description

    In App-V 5.0 through App-V 5.0 SP2 plus hotfixes

    This failure will occur regardless of whether Offline Files is enabled.

    In App-V 5.0 SP3 and later

    If the unavailable network share has been enabled for Offline Files, the App-V application will start successfully.

    -

    • -
- - - -## How to configure folder redirection for use with App-V - - -Folder redirection can be applied to different folders, such as Desktop, My Documents, My Pictures, etc. However, the only folder that impacts the use of App-V applications is the user’s roaming AppData folder (%AppData%). You can apply folder redirection to any other supported folders without impacting App-V. - -## How folder redirection works with App-V - - -The following table describes how folder redirection works when %AppData% is redirected to a network and when you have met the requirements listed earlier in this article. - - ---- - - - - - - - - - - - - - - - - -
Virtual environment stateAction that occurs

When the virtual environment starts

The virtual file system (VFS) AppData folder is mapped to the local AppData folder (%LocalAppData%) instead of to the user’s roaming AppData folder (%AppData%).

-
    -

  • LocalAppData contains a local cache of the user’s roaming AppData folder for the package in use. The local cache is located under:

    -

    %LocalAppData%\Microsoft\AppV\Client\VFS\PackageGUID\AppData

    • -

  • The latest data from the user’s roaming AppData folder is copied to and replaces the data currently in the local cache.

    • -

  • While the virtual environment is running, data continues to be saved to the local cache. Data is served only out of %LocalAppData% and is not moved or synchronized with %AppData% until the end user shuts down the computer.

    • -

  • Entries to the AppData folder are made using the user context, not the system context.

    • -
-
-Note

The App-V client folder redirection sometimes fails to move files from %AppData% to %LocalAppData%. See Release Notes for App-V 5.0 SP2.

-
-
- -

When the virtual environment shuts down

The local cached data in AppData (roaming) is zipped up and copied to the “real” roaming AppData folder in %AppData%. A time stamp, which indicates the last known upload, is simultaneously saved as a registry key under:

-

HKCU\Software\Microsoft\AppV\Client\Packages&lt;PACKAGE_GUID>\AppDataTime

-

To provide redundancy, App-V keeps the three most recent copies of the compressed data under %AppData%.

- - - -## Overview of folder redirection - - - ---- - - - - - - - - - - - - - - - - - - -

Purpose

Enables end users to work with files, which have been redirected to another folder, as if the files still existed on the local drive.

Description

Folder redirection allows users and administrators to redirect the path of a folder to a network location. The documents in the folder are available to the user from any computer on the network.

-
    -

  • Folder redirection allows users and administrators to redirect the path of a folder to a network location. The documents in the folder are available to the user from any computer on the network.

    • -

  • The new location can be a folder on the local computer or a folder on a shared network.

    • -

  • Folder redirection updates the files immediately, whereas roaming data is typically synchronized when the user logs in or logs off.

    • -

Usage example

You can redirect the Documents folder, which is usually stored on the computer's local hard disk, to a network location. The user can access the documents in the folder from any computer on the network.

More resources

Folder redirection overview

- - - - - - - - - - - - - - - - diff --git a/mdop/appv-v5/preparing-your-environment-for-app-v-50.md b/mdop/appv-v5/preparing-your-environment-for-app-v-50.md deleted file mode 100644 index aa0bb21af5..0000000000 --- a/mdop/appv-v5/preparing-your-environment-for-app-v-50.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -title: Preparing Your Environment for App-V 5.0 -description: Preparing Your Environment for App-V 5.0 -author: dansimp -ms.assetid: 119d990e-a6c6-47b7-a7b0-52f88205e5ec -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Preparing Your Environment for App-V 5.0 - - -There are a number of different deployment configurations and prerequisites that you must consider before you create your deployment plan. This section includes information that can help you gather the information that you must have to formulate a deployment plan that best meets your business requirements.” - -## App-V 5.0 prerequisites - - -- [App-V 5.0 Prerequisites](app-v-50-prerequisites.md) - - Lists the prerequisite software that you must install before installing App-V 5.0. - -## App-V 5.0 SP3 prerequisites - - -- [App-V 5.0 SP3 Prerequisites](app-v-50-sp3-prerequisites.md) - - Lists the prerequisite software that you must install before installing App-V 5.0 SP3. - -## App-V 5.0 security considerations - - -- [App-V 5.0 Security Considerations](app-v-50-security-considerations.md) - - Describes accounts, groups, log files, and other considerations for securing your App-V environment. - - - - - - -## Other resources for App-V 5.0 Planning - - -- [Planning for App-V 5.0](planning-for-app-v-50-rc.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/preparing-your-environment-for-app-v-51.md b/mdop/appv-v5/preparing-your-environment-for-app-v-51.md deleted file mode 100644 index 05f376d410..0000000000 --- a/mdop/appv-v5/preparing-your-environment-for-app-v-51.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -title: Preparing Your Environment for App-V 5.1 -description: Preparing Your Environment for App-V 5.1 -author: dansimp -ms.assetid: 64b2e1ac-1561-4c99-9815-b4688a0ff48a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Preparing Your Environment for App-V 5.1 - - -There are a number of different deployment configurations and prerequisites that you must consider before you create your deployment plan for Microsoft Application Virtualization (App-V) 5.1. This section includes information that can help you gather the information that you must have to formulate a deployment plan that best meets your business requirements. - -## App-V 5.1 prerequisites - - -- [App-V 5.1 Prerequisites](app-v-51-prerequisites.md) - - Lists the prerequisite software that you must install before installing App-V 5.1. - -## App-V 5.1 security considerations - - -- [App-V 5.1 Security Considerations](app-v-51-security-considerations.md) - - Describes accounts, groups, log files, and other considerations for securing your App-V environment. - - - - - - -## Other resources for App-V 5.1 Planning - - -- [Planning for App-V 5.1](planning-for-app-v-51.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/release-notes-for-app-v-50-sp1.md b/mdop/appv-v5/release-notes-for-app-v-50-sp1.md deleted file mode 100644 index a24b405c96..0000000000 --- a/mdop/appv-v5/release-notes-for-app-v-50-sp1.md +++ /dev/null @@ -1,74 +0,0 @@ ---- -title: Release Notes for App-V 5.0 SP1 -description: Release Notes for App-V 5.0 SP1 -author: dansimp -ms.assetid: 21a859cd-41b4-4cc4-9c9c-7ba236084bb0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Release Notes for App-V 5.0 SP1 - - -**To search for a specific issue in these release notes, press CTRL+F.** - -Read these release notes thoroughly before you install App-V 5.0 SP1. - -These release notes contain information that is required to successfully install App-V 5.0 SP1. The release notes also contain information that is not available in the product documentation. If there is a difference between these release notes and other App-V 5.0 documentation, the latest change should be considered authoritative. These release notes supersede the content that is included with this product. - -## About the Product Documentation - - -For information about App-V 5.0 documentation, see the App-V 5.0 home page on Microsoft TechNet. - -## Provide Feedback - - -We are interested in your feedback on App-V 5.0. You can send your feedback to . - -**Note**   -This email address is not a support channel, but your feedback will help us to plan for future changes in our documentation and product releases. - - - -For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) page. - -For more information about new updates or to provide feedback, follow us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447). - -## Known Issues with App-V 5.0 SP1 - - -There are no App-V 5.0 SP1 release notes at this time.  This topic will be updated if issues are reported in future. - -## Release Notes Copyright Information - - -Microsoft, Active Directory, ActiveX, Bing, Excel, Silverlight, SQL Server, Windows, Microsoft Intune, and Windows PowerShell are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners. - - - - - - - - -## Related topics - - -[About App-V 5.0](about-app-v-50.md) - - - - - - - - - diff --git a/mdop/appv-v5/release-notes-for-app-v-50-sp2.md b/mdop/appv-v5/release-notes-for-app-v-50-sp2.md deleted file mode 100644 index 8a8faa9757..0000000000 --- a/mdop/appv-v5/release-notes-for-app-v-50-sp2.md +++ /dev/null @@ -1,170 +0,0 @@ ---- -title: Release Notes for App-V 5.0 SP2 -description: Release Notes for App-V 5.0 SP2 -author: dansimp -ms.assetid: fe73139d-240c-4ed5-8e59-6ae76ee8e80c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Release Notes for App-V 5.0 SP2 - - -**To search for a specific issue in these release notes, press CTRL+F.** - -Read these release notes thoroughly before you install App-V 5.0 SP2. - -These release notes contain information that is required to successfully install App-V 5.0 SP2. The release notes also contain information that is not available in the product documentation. If there are differences between these release notes and other App-V 5.0 documentation, the latest change should be considered authoritative. These release notes supersede the content that is included with this product. - -## About the Product Documentation - - -For information about App-V 5.0 documentation, see the App-V 5.0 home page on Microsoft TechNet. - -## Provide Feedback - - -We are interested in your feedback on App-V 5.0. You can send your feedback to . - -**Note**   -This email address is not a support channel, but your feedback will help us to plan for future changes in our documentation and product releases. - - - -For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) page. - -For more information about new updates or to provide feedback, follow us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447). - -## Known Issues with Hotfix Package 4 for Application Virtualization 5.0 SP2 - - -### Packages stop working after you uninstall Hotfix Package 4 for Application Virtualization 5.0 SP2 - -Packages published when Hotfix Package 4 for Application Virtualization 5.0 SP2 is applied stop working when Hotfix Package 4 for Application Virtualization 5.0 SP2 is removed. - -WORKAROUND: - -If the following folder exists, then you must delete it: - -**%localappdata%** \\ **Microsoft** \\ **AppV** \\ **Client** \\ **VFS** \\ **<package ID>** for each package that was published. - -**Note**   -You must have elevated privileges to delete this folder. - - - -To use a script, for each user account on the computer and for each package id that was published after installing Hotfix Package 4 for Application Virtualization 5.0 SP2: - -`Rd /s /q “%systemdrive%\users\[UserName]\AppData\Local\Microsoft\AppV\Client\VFS\[Package ID]` - -- The shortcuts will remain with the user sessions even after deleting the folder from the directory in the previous section, so you can click on the shortcut to run the application again. There is no need to re-publish the application. - -- This issue happens for both user published packaged and globally published packages for example, Microsoft Office 2013. The folder must be deleted for both types of packages. - -- You do not need to delete the VFS folder in the Roaming app data (**%appdata%**). Only the **%localappdata%** must be deleted. - -### Microsoft Office integration points to wrong file system location - -Microsoft Office integration points to wrong file system location (Groove.exe error message). - -WORKAROUND: - -Use one of the following methods: - -1. Delete the shortcut in the start-up folder after upgrade. - -2. Change the shortcut in the start-up folder using a script. - -3. Use the deployment configuration file to specify the shortcut target to the integration root. - -### Hotfix Package 4 for Application Virtualization 5.0 SP2 installer can take a long time - -The Hotfix Package 4 for Application Virtualization 5.0 SP2 installer can potentially take a long time depending on how many files are stored in the existing package cache. - -Updating associated package security descriptors during the Hotfix Package 4 for Application Virtualization 5.0 SP2 installation has a significant impact on how long it takes the installation will take. Previously, the installation install was standard in duration. However, it now depends on how many files you have staged in the package cache. - -WORKAROUND: None - -### Uninstalling Hotfix Package 4 for Application Virtualization 5.0 SP2 fails if JIT-V package is in use - -If you install Hotfix Package 4 for Application Virtualization 5.0 SP2 and then try to uninstall the hotfix when just-in-time virtualization (JIT-V) is being used, the operation will fail if all of the following conditions are true: - -- You installed by using a Windows Installer file (.msi), and then you apply updates by using a Microsoft Installer Patch File (.msp). - -- You try to uninstall an update by using the Add or Remove Programs item in Control Panel. - -- A JIT-V-enabled package is running on the computer. - -WORKAROUND: Complete the following steps: - -1. Open Windows PowerShell and run the following commands: - - - **Import-module appvclient** - - - **Get-AppvClientPackage | Stop-AppvClientPackage** - -2. Uninstall the update using Add or Remove Programs. - -## Known Issues with App-V 5.0 SP2 - - -### App-V client folder redirection sometimes fails to move files from %AppData% to %LocalAppData% - -When %AppData% is a shared network folder that you have configured for folder redirection, the changes that end users make to AppData (Roaming) can be lost when they switch computers or when their local AppData is cleared when they log off and then log back on. This error occurs because the registry key (AppDataTime), which indicates the last known upload, gets out of synchronization with the local cached AppData. - -WORKAROUND: Manually delete the following registry key for each relevant package when an end user logs on or off: - -``` syntax -HKCU\Software\Microsoft\AppV\Client\Packages\\AppDataTime -``` - -The first time that end users start an application in the package after they log in, App-V forces a download of the zipped %AppData%, even if %LocalAppData% is already up to date. - -### App-V 5.0 Service Pack 2 (App-V 5.0 SP2) does not include a new version of the App-V Server - -App-V 5.0 SP2 does not include a new version of the App-V Server. If you deploy App-V 5.0 SP2 clients running Windows 8.1 in your environment and plan to manage the clients using the App-V infrastructure, you must install [Hotfix Package 2 for Microsoft Application Virtualization 5.0 Service Pack 1](https://go.microsoft.com/fwlink/?LinkId=386634). (https://go.microsoft.com/fwlink/?LinkId=386634) - -If you are running and managing App-V 5.0 SP2 clients using any of the following methods no client update is required: - -- Standalone mode. - -- Configuration Manager. - -- Third party ESD. - -The App-V 5.0 SP2 client is fully compatible with Windows 8.1 - -WORKAROUND: None. - -## Release Notes Copyright Information - - -Microsoft, Active Directory, ActiveX, Bing, Excel, Silverlight, SQL Server, Windows, Microsoft Intune, and Windows PowerShell are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners. - - - - - - - - -## Related topics - - -[About App-V 5.0 SP2](about-app-v-50-sp2.md) - - - - - - - - - diff --git a/mdop/appv-v5/release-notes-for-app-v-50-sp3.md b/mdop/appv-v5/release-notes-for-app-v-50-sp3.md deleted file mode 100644 index 9eb47a741d..0000000000 --- a/mdop/appv-v5/release-notes-for-app-v-50-sp3.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: Release Notes for App-V 5.0 SP3 -description: Release Notes for App-V 5.0 SP3 -author: dansimp -ms.assetid: bc4806e0-2aba-4c7b-9ecc-1b2cc54af1d0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Release Notes for App-V 5.0 SP3 - - -The following are known issues in Microsoft Application Virtualization (App-V) 5.0 SP3. - -## Server files fail to get deleted after a new App-V 5.0 SP3 Server installation - - -If you uninstall the App-V 5.0 SP1 Server and then install the App-V 5.0 SP3 Server, the installation fails and the wrong version of the Management server is installed. The following errors are displayed: - -`[0A5C:06F8][2014-09-12T19:08:00]i102: Detected related bundle: {bee44f0f-05be-48e4-81dd-d34a83600b95}, type: Upgrade, scope: PerMachine, version: 5.0.1218.0, operation: MajorUpgrade``[0A5C:06F8][2014-09-12T19:08:00]i000: AppvUX: A previous version of this product is installed; requesting upgrade.``[0A5C:06F8][2014-09-12T19:08:00]i102: Detected related bundle: {e1ca9d65-0ebf-4fd5-98e5-00d6453967a4}, type: Upgrade, scope: PerMachine, version: 5.0.1224.0, operation: MajorUpgrade``[0A5C:06F8][2014-09-12T19:08:00]i000: AppvUX: A previous version of this product is installed; requesting upgrade.` - -The issue occurs because the Server files are not being deleted when you uninstall App-V 5.0 SP1, so the App-V 5.0 SP3 installation process erroneously does an upgrade instead of a new installation. - -**Workaround**: Delete the following registry key before you start installing App-V 5.0 SP3: - -`HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall` - -## Querying AD DS can cause some applications to work incorrectly - - -When you receive updated packages by querying Active Directory Domain Services for updated group memberships, it can cause some applications to work incorrectly if the applications depend on the user’s access token. In addition, frequent group membership queries can cause the domain controller to overload. For more information about user access tokens, see [Access Tokens](https://msdn.microsoft.com/library/windows/desktop/aa374909.aspx). - -**Workaround**: Wait until the user logs off and then logs back on before you query for updated group memberships. Do not use the registry key, described in [Hotfix Package 2 for Microsoft Application Virtualization 5.0 Service Pack 1](https://support.microsoft.com/kb/2897087), to query for updated group memberships. - - - - - - -## Related topics - - -[About App-V 5.0 SP3](about-app-v-50-sp3.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/release-notes-for-app-v-50.md b/mdop/appv-v5/release-notes-for-app-v-50.md deleted file mode 100644 index 417148f521..0000000000 --- a/mdop/appv-v5/release-notes-for-app-v-50.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: Release Notes for App-V 5.0 -description: Release Notes for App-V 5.0 -author: dansimp -ms.assetid: 68a6a5a1-4b3c-4c09-b00c-9ca4237695d5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Release Notes for App-V 5.0 - - -**To search for a specific issue in these release notes, press CTRL+F.** - -Read these release notes thoroughly before you install App-V 5.0. - -These release notes contain information that is required to successfully install App-V 5.0. The release notes also contain information that is not available in the product documentation. If there is a difference between these release notes and other App-V 5.0 documentation, the latest change should be considered authoritative. These release notes supersede the content that is included with this product. - -## About the Product Documentation - - -For information about App-V 5.0 documentation, see the App-V 5.0 home page on Microsoft TechNet. - -## Provide Feedback - - -We are interested in your feedback on App-V 5.0. You can send your feedback to . - -**Note**   -This email address is not a support channel, but your feedback will help us to plan for future changes in our documentation and product releases. - - - -For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) page. - -For more information about new updates or to provide feedback, follow us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447). - -## Known Issues with App-V 5.0 - - -This section contains release notes about the known issues with App-V 5.0. - -### Unable to terminate adding packages when using server PowerShell cmdlets - -When you add a package using PowerShell, there is no method to exit adding new packages. - -WORKAROUND: To stop adding packages, press **enter** after you have added the final package. - -### App-V 5.0 client rejects packages from servers whose SSL certificate has been revoked - -When using the HTTPS protocol, the App-V 5.0 client will by default reject packages from servers whose SSL certificate has been revoked. This behavior can be turned off through configuration by modifying the **VerifyCertificateRevocationList** setting. Applying new configuration for this setting will not take effect until the App-V 5.0 service is restarted. - -WORKAROUND: Restart the App-V 5.0 service. - -## Release Notes Copyright Information - - -Microsoft, Active Directory, ActiveX, Bing, Excel, Silverlight, SQL Server, Windows, Microsoft Intune, and Windows PowerShell are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners. - - - - - - - - -## Related topics - - -[About App-V 5.0](about-app-v-50.md) - - - - - - - - - diff --git a/mdop/appv-v5/release-notes-for-app-v-51.md b/mdop/appv-v5/release-notes-for-app-v-51.md deleted file mode 100644 index f96c8ae1d2..0000000000 --- a/mdop/appv-v5/release-notes-for-app-v-51.md +++ /dev/null @@ -1,205 +0,0 @@ ---- -title: Release Notes for App-V 5.1 -description: Release Notes for App-V 5.1 -author: dansimp -ms.assetid: 62c5be3b-0a46-4512-93ed-97c23184f343 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 09/26/2016 ---- - - -# Release Notes for App-V 5.1 - - -The following are known issues in Microsoft Application Virtualization (App-V) 5.1. - -## Error occurs during publishing refresh between App-V 5.0 SP3 Management Server and App-V 5.1 Client on Windows 10 - - -An error is generated during publishing refresh when synchronizing packages from the App-V 5.0 SP3 management server to an App-V 5.1 client on Windows 10 . This error occurs because the App-V 5.0 SP3 server does not understand the Windows 10 operating system that is specified in the publishing URL. The issue is fixed for App-V 5.1 publishing server, but is not backported to versions of App-V 5.0 SP3 or earlier. - -**Workaround**: Upgrade the App-V 5.0 Management server to the App-V 5.1 Management server for Windows 10 Clients. - -## Custom configurations do not get applied for packages that will be published globally if they are set using the App-V 5.1 Server - - -If you assign a package to an AD group that contains machine accounts and apply a custom configuration to that group using the App-V Server, the custom configuration will not be applied to those machines. The App-V 5.1 Client will publish packages assigned to a machine account globally. However, it stores custom configuration files per user in each user’s profile. Globally published packages will not have access to this custom configuration. - -**Workaround**: Do one of the following: - -- Assign the package to groups containing only user accounts. This will ensure that the package’s custom configuration will be stored in each user’s profile and will be applied correctly. - -- Create a custom deployment configuration file and apply it to the package on the client using the Add-AppvClientPackage cmdlet with the –DynamicDeploymentConfiguration parameter. See [About App-V 5.1 Dynamic Configuration](about-app-v-51-dynamic-configuration.md) for more information. - -- Create a new package with the custom configuration using the App-V 5.1 Sequencer. - -## Server files not deleted after new App-V 5.1 Server installation - - -If you uninstall the App-V 5.0 SP1 Server and then install the App-V 5.1 Server, the installation fails, the wrong version of the Management server is installed, and an error message is returned. The issue occurs because the Server files are not being deleted when you uninstall App-V 5.0 SP1, so the installation process does an upgrade instead of a new installation. - -**Workaround**: Delete this registry key before you start installing App-V 5.1: - -Under HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall, locate and delete the installation GUID key that contains the DWORD value "DisplayName" with value data "Microsoft Application Virtualization (App-V) Server". This is the only key that should be deleted. - -## File type associations added manually are not saved correctly - - -File type associations added to an application package manually using the Shortcuts and FTAs tab at the end of the application upgrade wizard are not saved correctly. They will not be available to the App-V Client or to the Sequencer when updating the saved package again. - -**Workaround**: To add a file type association, open the package for modification and run the update wizard. During the Installation step, add the new file type association through the operating system. The sequencer will detect the new association in the system registry and add it to the package’s virtual registry, where it will be available to the client. - -## When streaming packages in Shared Content Store (SCS) mode to a client that is also managed with AppLocker, additional data is written to the local disk. - - -To decrease the amount of data written to a client’s local disk, you can enable SCS mode on the App-V 5.1 Client to stream the contents of a package on demand. However, if AppLocker manages an application within the package, some data might be written to the client’s local disk that would not otherwise be written. - -**Workaround**: None - -## In the Management Console Add Package dialog box, the Browse button is not available when using Chrome or Firefox - - -On the Packages page of the Management Console, if you click **Add or Upgrade** in the lower-right corner, the **Add Package** dialog box appears. If you are accessing the Management Console using Chrome or Firefox as your browser, you will not be able to browse to the location of the package. - -**Workaround**: Type or copy and paste the path to the package into the **Add Package** input field. If the Management Console has access to this path, you will be able to add the package. If the package is on a network share, you can browse to the location using File Explorer by doing these steps: - -1. While pressing **Shift**, right-click on the package file - -2. Select **Copy as path** - -3. Paste the path into the **Add Package** dialog box input field - -## Upgrading App-V Management Server to 5.1 sometimes fails with the message “A database error occurred” - - -If you install the App-V 5.0 SP1 Management Server, and then try to upgrade to App-V 5.1 Server when multiple connection groups are configured and enabled, the following error is displayed: “A database error occurred. Reason: 'Invalid column name 'PackageOptional'. Invalid column name 'VersionOptional'.” - -**Workaround**: Run this command on your SQL database: - -`ALTER TABLE AppVManagement.dbo.PackageGroupMembers ADD PackageOptional bit NOT NULL DEFAULT 0, VersionOptional bit NOT NULL DEFAULT 0` - -where “AppVManagement” is the name of the database. - -## Users cannot open a package in a user-published connection group if you add or remove an optional package - - -In environments that are running the RDS Client or that have multiple concurrent users per computer, logged-in users cannot open applications in packages that are in a user-published connection group if an optional package is added to or removed from the connection group. - -**Workaround**: Have users log out and then log back in. - -## Error message is erroneously displayed when the connection group is published only to the user - - -When you run Repair-AppvClientConnectionGroup, the following error is displayed, even when the connection group is published only to the user: “Internal App-V Integration error: Package not integrated for the user. Please ensure that the package is added to the machine and published to the user.” - -**Workaround**: Do one of the following: - -- Publish all packages in a connection group. - - The problem arises when the connection group being repaired has packages that are missing or not available to the user (that is, not published globally or to the user). However, the repair will work if all of the connection group’s packages are available, so ensure that all packages are published. - -- Repair packages individually using the Repair-AppvClientPackage command rather than the Repair-AppvClientConnectionGroup command. - - Determine which packages are available to users and then run the Repair-AppvClientPackage command once for each package. Use PowerShell cmdlets to do the following: - - 1. Get all the packages in a connection group. - - 2. Check to see if each package is currently published. - - 3. If the package is currently published, run Repair-AppvClientPackage on that package. - -## Icons not displayed properly in Sequencer - - -Icons in the Shortcuts and File Type Associations tab are not displayed correctly when modifying a package in the App-V Sequencer. This problem occurs when the size of the icons are not 16x16 or 32x32. - -**Workaround**: Only use icons that are 16x16 or 32x32. - -## InsertVersionInfo.sql script no longer required for the Management Database - - -The InsertVersionInfo.sql script is not required for versions of the App-V management database later than App-V 5.0 SP3. - -The Permissions.sql script should be updated according to **Step 2** in [KB article 3031340](https://support.microsoft.com/kb/3031340). - -**Important**   -**Step 1** is not required for versions of App-V later than App-V 5.0 SP3. - - - -## Microsoft Visual Studio 2012 not supported - - -App-V 5.1 does not support Visual Studio 2012. - -**Workaround**: None - -## Application filename restrictions for App-V 5.x Sequencer - - -The App-V 5.x Sequencer cannot sequence applications with filenames matching "CO_<x>" where x is any numeral. Error 0x8007139F will be generated. - -**Workaround**: Use a different filename - -## Intermittent "File Not Found" error when Mounting a Package - - -Occasionally when mounting a package, a "File Not Found" (0x80070002) error is generated. Typically, this occurs when a folder in an App-V package contains many files ( i.e. 20K or more). This can cause streaming to take longer than expected and to time out which generates the "File Not Found" error. - -**Workaround**: Starting with HF06, a new registry key has been introduced to enable extending this time-out period. - - ---- - - - - - - - - - - - - - - - - - - - - - - -
PathHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Streaming
SettingStreamResponseWaitTimeout
DataTypeDWORD
UnitsSeconds
Default5
-Note: this value is the default if the registry key is not defined or a value <=5 is specified. -
- - - - - - -## Related topics - - -[About App-V 5.1](about-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications.md b/mdop/appv-v5/running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications.md deleted file mode 100644 index 6a49308d73..0000000000 --- a/mdop/appv-v5/running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications.md +++ /dev/null @@ -1,195 +0,0 @@ ---- -title: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications -description: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications -author: dansimp -ms.assetid: a8affa46-f1f7-416c-8125-9595cfbfdbc7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications - - -You can run a locally installed application in a virtual environment, alongside applications that have been virtualized by using Microsoft Application Virtualization (App-V). You might want to do this if you: - -- Want to install and run an application locally on client computers, but want to virtualize and run specific plug-ins that work with that local application. - -- Are troubleshooting an App-V client package and want to open a local application within the App-V virtual environment. - -Use any of the following methods to open a local application inside the App-V virtual environment: - -- [RunVirtual registry key](#bkmk-runvirtual-regkey) - -- [Get-AppvClientPackage PowerShell cmdlet](#bkmk-get-appvclientpackage-posh) - -- [Command line switch /appvpid:<PID>](#bkmk-cl-switch-appvpid) - -- [Command line hook switch /appvve:<GUID>](#bkmk-cl-hook-switch-appvve) - -Each method accomplishes essentially the same task, but some methods may be better suited for some applications than others, depending on whether the virtualized application is already running. - -## RunVirtual registry key - - -To add a locally installed application to a package or to a connection group’s virtual environment, you add a subkey to the `RunVirtual` registry key in the Registry Editor, as described in the following sections. - -There is no Group Policy setting available to manage this registry key, so you have to use System Center Configuration Manager or another electronic software distribution (ESD) system, or manually edit the registry. - -### Supported methods of publishing packages when using RunVirtual - - ---- - - - - - - - - - - - - - - - - -
App-V versionSupported publishing methods

App-V 5.0 SP3

Published globally or to the user

App-V 5.0 through App-V 5.0 SP2

Published globally only

- - - -### Steps to create the subkey - -1. Using the information in the following table, create a new registry key using the name of the executable file, for example, **MyApp.exe**. - - - - - - - - - - - - - - - - - - - - - - - - - - -
Package publishing methodWhere to create the registry key

Published globally

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual

-

Example: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual\MyApp.exe

Published to the user

HKEY_CURRENT_USER\SOFTWARE\Microsoft\AppV\Client\RunVirtual

-

Example: HKEY_CURRENT_USER \SOFTWARE\Microsoft\AppV\Client\RunVirtual\MyApp.exe

Connection group can contain:

-
    -

  • Packages that are published just globally or just to the user

    • -

  • Packages that are published globally and to the user

    • -

Either HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER key, but all of the following must be true:

-
    -

  • If you want to include multiple packages in the virtual environment, you must include them in an enabled connection group.

    • -

  • Create only one subkey for one of the packages in the connection group. If, for example, you have one package that is published globally, and another package that is published to the user, you create a subkey for either of these packages, but not both. Although you create a subkey for only one of the packages, all of the packages in the connection group, plus the local application, will be available in the virtual environment.

    • -

  • The key under which you create the subkey must match the publishing method you used for the package.

    -

    For example, if you published the package to the user, you must create the subkey under HKEY_CURRENT_USER\SOFTWARE\Microsoft\AppV\Client\RunVirtual.

    • -
- - - -2. Set the new registry subkey’s value to the PackageId and VersionId of the package, separating the values with an underscore. - - **Syntax**: <PackageId>\_<VersionId> - - **Example**: 4c909996-afc9-4352-b606-0b74542a09c1\_be463724-Oct1-48f1-8604-c4bd7ca92fa - - The application in the previous example would produce a registry export file (.reg file) like the following: - - ``` syntax - Windows Registry Editor Version 5.00 - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual] - @="" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual\MyApp.exe] - @="aaaaaaaa-bbbb-cccc-dddd-eeeeeeee_11111111-2222-3333-4444-555555555 - ``` - -## Get-AppvClientPackage PowerShell cmdlet - - -You can use the **Start-AppVVirtualProcess** cmdlet to retrieve the package name and then start a process within the specified package's virtual environment. This method lets you launch any command within the context of an App-V package, regardless of whether the package is currently running. - -Use the following example syntax, and substitute the name of your package for **<Package>**: - -`$AppVName = Get-AppvClientPackage ` - -`Start-AppvVirtualProcess -AppvClientObject $AppVName cmd.exe` - -If you don’t know the exact name of your package, you can use the command line **Get-AppvClientPackage \*executable\\**, where **executable* is the name of the application, for example: Get-AppvClientPackage \*Word\*. - -## Command line switch /appvpid:<PID> - - -You can apply the **/appvpid:<PID>** switch to any command, which enables that command to run within a virtual process that you select by specifying its process ID (PID). Using this method launches the new executable in the same App-V environment as an executable that is already running. - -Example: `cmd.exe /appvpid:8108` - -To find the process ID (PID) of your App-V process, run the command **tasklist.exe** from an elevated command prompt. - -## Command line hook switch /appvve:<GUID> - - -This switch lets you run a local command within the virtual environment of an App-V package. Unlike the **/appvid** switch, where the virtual environment must already be running, this switch enables you to start the virtual environment. - -Syntax: `cmd.exe /appvve:` - -Example: `cmd.exe /appvve:aaaaaaaa-bbbb-cccc-dddd-eeeeeeee_11111111-2222-3333-4444-55555555` - -To get the package GUID and version GUID of your application, run the **Get-AppvClientPackage** cmdlet. Concatenate the **/appvve** switch with the following: - -- A colon - -- Package GUID of the desired package - -- An underscore - -- Version ID of the desired package - -If you don’t know the exact name of your package, use the command line **Get-AppvClientPackage \*executable\\**, where **executable* is the name of the application, for example: Get-AppvClientPackage \*Word\*. - -This method lets you launch any command within the context of an App-V package, regardless of whether the package is currently running. - - - - - - -## Related topics - - -[Technical Reference for App-V 5.0](technical-reference-for-app-v-50.md) - - - - - - - - - diff --git a/mdop/appv-v5/running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications51.md b/mdop/appv-v5/running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications51.md deleted file mode 100644 index 26f9693b4b..0000000000 --- a/mdop/appv-v5/running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications51.md +++ /dev/null @@ -1,195 +0,0 @@ ---- -title: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications -description: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications -author: dansimp -ms.assetid: 71baf193-a9e8-4ffa-aa7f-e0bffed2e4b2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications - - -You can run a locally installed application in a virtual environment, alongside applications that have been virtualized by using Microsoft Application Virtualization (App-V). You might want to do this if you: - -- Want to install and run an application locally on client computers, but want to virtualize and run specific plug-ins that work with that local application. - -- Are troubleshooting an App-V client package and want to open a local application within the App-V virtual environment. - -Use any of the following methods to open a local application inside the App-V virtual environment: - -- [RunVirtual registry key](#bkmk-runvirtual-regkey) - -- [Get-AppvClientPackage PowerShell cmdlet](#bkmk-get-appvclientpackage-posh) - -- [Command line switch /appvpid:<PID>](#bkmk-cl-switch-appvpid) - -- [Command line hook switch /appvve:<GUID>](#bkmk-cl-hook-switch-appvve) - -Each method accomplishes essentially the same task, but some methods may be better suited for some applications than others, depending on whether the virtualized application is already running. - -## RunVirtual registry key - - -To add a locally installed application to a package or to a connection group’s virtual environment, you add a subkey to the `RunVirtual` registry key in the Registry Editor, as described in the following sections. - -There is no Group Policy setting available to manage this registry key, so you have to use System Center Configuration Manager or another electronic software distribution (ESD) system, or manually edit the registry. - -### Supported methods of publishing packages when using RunVirtual - - ---- - - - - - - - - - - - - - - - - -
App-V versionSupported publishing methods

App-V 5.0 SP3 and App-V 5.1

Published globally or to the user

App-V 5.0 through App-V 5.0 SP2

Published globally only

- - - -### Steps to create the subkey - -1. Using the information in the following table, create a new registry key using the name of the executable file, for example, **MyApp.exe**. - - - - - - - - - - - - - - - - - - - - - - - - - - -
Package publishing methodWhere to create the registry key

Published globally

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual

-

Example: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual\MyApp.exe

Published to the user

HKEY_CURRENT_USER\SOFTWARE\Microsoft\AppV\Client\RunVirtual

-

Example: HKEY_CURRENT_USER \SOFTWARE\Microsoft\AppV\Client\RunVirtual\MyApp.exe

Connection group can contain:

-
    -

  • Packages that are published just globally or just to the user

    • -

  • Packages that are published globally and to the user

    • -

Either HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER key, but all of the following must be true:

-
    -

  • If you want to include multiple packages in the virtual environment, you must include them in an enabled connection group.

    • -

  • Create only one subkey for one of the packages in the connection group. If, for example, you have one package that is published globally, and another package that is published to the user, you create a subkey for either of these packages, but not both. Although you create a subkey for only one of the packages, all of the packages in the connection group, plus the local application, will be available in the virtual environment.

    • -

  • The key under which you create the subkey must match the publishing method you used for the package.

    -

    For example, if you published the package to the user, you must create the subkey under HKEY_CURRENT_USER\SOFTWARE\Microsoft\AppV\Client\RunVirtual.

    • -
- - - -2. Set the new registry subkey’s value to the PackageId and VersionId of the package, separating the values with an underscore. - - **Syntax**: <PackageId>\_<VersionId> - - **Example**: 4c909996-afc9-4352-b606-0b74542a09c1\_be463724-Oct1-48f1-8604-c4bd7ca92fa - - The application in the previous example would produce a registry export file (.reg file) like the following: - - ``` syntax - Windows Registry Editor Version 5.00 - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual] - @="" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual\MyApp.exe] - @="aaaaaaaa-bbbb-cccc-dddd-eeeeeeee_11111111-2222-3333-4444-555555555 - ``` - -## Get-AppvClientPackage PowerShell cmdlet - - -You can use the **Start-AppVVirtualProcess** cmdlet to retrieve the package name and then start a process within the specified package's virtual environment. This method lets you launch any command within the context of an App-V package, regardless of whether the package is currently running. - -Use the following example syntax, and substitute the name of your package for **<Package>**: - -`$AppVName = Get-AppvClientPackage ` - -`Start-AppvVirtualProcess -AppvClientObject $AppVName cmd.exe` - -If you don’t know the exact name of your package, you can use the command line **Get-AppvClientPackage \*executable\\**, where **executable* is the name of the application, for example: Get-AppvClientPackage \*Word\*. - -## Command line switch /appvpid:<PID> - - -You can apply the **/appvpid:<PID>** switch to any command, which enables that command to run within a virtual process that you select by specifying its process ID (PID). Using this method launches the new executable in the same App-V environment as an executable that is already running. - -Example: `cmd.exe /appvpid:8108` - -To find the process ID (PID) of your App-V process, run the command **tasklist.exe** from an elevated command prompt. - -## Command line hook switch /appvve:<GUID> - - -This switch lets you run a local command within the virtual environment of an App-V package. Unlike the **/appvid** switch, where the virtual environment must already be running, this switch enables you to start the virtual environment. - -Syntax: `cmd.exe /appvve:` - -Example: `cmd.exe /appvve:aaaaaaaa-bbbb-cccc-dddd-eeeeeeee_11111111-2222-3333-4444-55555555` - -To get the package GUID and version GUID of your application, run the **Get-AppvClientPackage** cmdlet. Concatenate the **/appvve** switch with the following: - -- A colon - -- Package GUID of the desired package - -- An underscore - -- Version ID of the desired package - -If you don’t know the exact name of your package, use the command line **Get-AppvClientPackage \*executable\\**, where **executable* is the name of the application, for example: Get-AppvClientPackage \*Word\*. - -This method lets you launch any command within the context of an App-V package, regardless of whether the package is currently running. - - - - - - -## Related topics - - -[Technical Reference for App-V 5.1](technical-reference-for-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/technical-reference-for-app-v-50.md b/mdop/appv-v5/technical-reference-for-app-v-50.md deleted file mode 100644 index 4edd02b6e7..0000000000 --- a/mdop/appv-v5/technical-reference-for-app-v-50.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: Technical Reference for App-V 5.0 -description: Technical Reference for App-V 5.0 -author: dansimp -ms.assetid: aa899158-41e8-47d3-882c-8c5b96018308 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Technical Reference for App-V 5.0 - - -This section provides reference information related to managing App-V 5.0. - -## In This Section - - -- [Performance Guidance for Application Virtualization 5.0](performance-guidance-for-application-virtualization-50.md) - - Provides strategy and context for a number of performance optimization practices. Not all practices will be applicable although they are supported and have been tested. Using all suggested practices that are applicable to your organization will provide the optimal end-user experience. - -- [Application Publishing and Client Interaction](application-publishing-and-client-interaction.md) - - Describes how the following App-V client operations affect the local operating system: App-V files and data storage locations, package registry, package store behavior, roaming registry and data, client application lifecycle management, integration of App-V packages, dynamic configuration, side-by-side assemblies, and client logging. - - - - - - -## Related topics - - -[Creating App-V 4.5 Databases Using SQL Scripting](../solutions/creating-app-v-45-databases-using-sql-scripting.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/technical-reference-for-app-v-51.md b/mdop/appv-v5/technical-reference-for-app-v-51.md deleted file mode 100644 index 4a5b670357..0000000000 --- a/mdop/appv-v5/technical-reference-for-app-v-51.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: Technical Reference for App-V 5.1 -description: Technical Reference for App-V 5.1 -author: dansimp -ms.assetid: 2b9e8b2b-4cd1-46f3-ba08-e3bc8d5c6127 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Technical Reference for App-V 5.1 - - -This section provides reference information related to managing App-V 5.1. - -## In This Section - - -- [Performance Guidance for Application Virtualization 5.1](performance-guidance-for-application-virtualization-51.md) - - Provides strategy and context for a number of performance optimization practices. Not all practices will be applicable although they are supported and have been tested. Using all suggested practices that are applicable to your organization will provide the optimal end-user experience. - -- [Application Publishing and Client Interaction](application-publishing-and-client-interaction51.md) - - Describes how the following App-V client operations affect the local operating system: App-V files and data storage locations, package registry, package store behavior, roaming registry and data, client application lifecycle management, integration of App-V packages, dynamic configuration, side-by-side assemblies, and client logging. - - - - - - -## Related topics - - -[Creating App-V 4.5 Databases Using SQL Scripting](../solutions/creating-app-v-45-databases-using-sql-scripting.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/troubleshooting-app-v-50.md b/mdop/appv-v5/troubleshooting-app-v-50.md deleted file mode 100644 index 7fde4fd864..0000000000 --- a/mdop/appv-v5/troubleshooting-app-v-50.md +++ /dev/null @@ -1,97 +0,0 @@ ---- -title: Troubleshooting App-V 5.0 -description: Troubleshooting App-V 5.0 -author: dansimp -ms.assetid: a713b345-25b7-4cdf-ba55-66df672a1f3a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Troubleshooting App-V 5.0 - - -Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905). - -## How to Find Troubleshooting Content - - -You can use the following information to find troubleshooting or additional technical content for this product. - -### Search the MDOP Documentation - -The first step to find help content in the Administrator’s Guide is to search the MDOP documentation on TechNet. - -After you search the MDOP documentation, your next step would be to search the troubleshooting information for the product in the TechNet Wiki. - -**To search the MDOP product documentation** - -1. Use a web browser to navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page. - -2. Enter applicable search terms in the **Search TechNet with Bing** search box at the top of the MDOP Information Experience home page. - -3. Review the search results for assistance. - -**To search the TechNet Wiki** - -1. Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page. - -2. Enter applicable search terms in the **Search TechNet Wiki** search box on the TechNet Wiki home page. - -3. Review the search results for assistance. - -## How to Create a Troubleshooting Article - - -If you have a troubleshooting tip or a best practice to share that is not already included in the MDOP OnlineHelp or TechNet Wiki, you can create your own TechNet Wiki articles. - -**To create a TechNet Wiki troubleshooting or best practices article** - -1. Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page. - -2. Log in with your Windows Live ID. - -3. Review the **Getting Started** section to learn the basics of the TechNet Wiki and its articles. - -4. Select **Post an article >>** at the bottom of the **Getting Started** section. - -5. On the Wiki article **Add Page** page, select **Insert Template** from the toolbar, select the troubleshooting article template (**Troubleshooting.html**), and then click **Insert**. - -6. Be sure to give the article a descriptive title and then overwrite the template information as needed to create your troubleshooting or best practice article. - -7. After you review your article, be sure to include a tag that is named **Troubleshooting** and another for the product name. This helps others to find your content. - -8. Click **Save** to publish the article to the TechNet Wiki. - -## Other resources for troubleshooting App-V 5.0 - - -- [Microsoft Application Virtualization 5.0 Administrator's Guide](microsoft-application-virtualization-50-administrators-guide.md) - -- [Getting Started with App-V 5.0](getting-started-with-app-v-50--rtm.md) - -- [Planning for App-V 5.0](planning-for-app-v-50-rc.md) - -- [Deploying App-V 5.0](deploying-app-v-50.md) - -- [Operations for App-V 5.0](operations-for-app-v-50.md) - - - - - - -  - -  - - - - - diff --git a/mdop/appv-v5/troubleshooting-app-v-51.md b/mdop/appv-v5/troubleshooting-app-v-51.md deleted file mode 100644 index 27ce45c67f..0000000000 --- a/mdop/appv-v5/troubleshooting-app-v-51.md +++ /dev/null @@ -1,97 +0,0 @@ ---- -title: Troubleshooting App-V 5.1 -description: Troubleshooting App-V 5.1 -author: dansimp -ms.assetid: 435d0e56-0aa2-4168-b5a7-2f03a1f273d4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Troubleshooting App-V 5.1 - - -Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905). - -## How to Find Troubleshooting Content - - -You can use the following information to find troubleshooting or additional technical content for this product. - -### Search the MDOP Documentation - -The first step to find help content in the Administrator’s Guide is to search the MDOP documentation on TechNet. - -After you search the MDOP documentation, your next step would be to search the troubleshooting information for the product in the TechNet Wiki. - -**To search the MDOP product documentation** - -1. Use a web browser to navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page. - -2. Enter applicable search terms in the **Search TechNet with Bing** search box at the top of the MDOP Information Experience home page. - -3. Review the search results for assistance. - -**To search the TechNet Wiki** - -1. Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page. - -2. Enter applicable search terms in the **Search TechNet Wiki** search box on the TechNet Wiki home page. - -3. Review the search results for assistance. - -## How to Create a Troubleshooting Article - - -If you have a troubleshooting tip or a best practice to share that is not already included in the MDOP OnlineHelp or TechNet Wiki, you can create your own TechNet Wiki articles. - -**To create a TechNet Wiki troubleshooting or best practices article** - -1. Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page. - -2. Log in with your Windows Live ID. - -3. Review the **Getting Started** section to learn the basics of the TechNet Wiki and its articles. - -4. Select **Post an article >>** at the bottom of the **Getting Started** section. - -5. On the Wiki article **Add Page** page, select **Insert Template** from the toolbar, select the troubleshooting article template (**Troubleshooting.html**), and then click **Insert**. - -6. Be sure to give the article a descriptive title and then overwrite the template information as needed to create your troubleshooting or best practice article. - -7. After you review your article, be sure to include a tag that is named **Troubleshooting** and another for the product name. This helps others to find your content. - -8. Click **Save** to publish the article to the TechNet Wiki. - -## Other resources for troubleshooting App-V 5.1 - - -- [Microsoft Application Virtualization 5.1 Administrator's Guide](microsoft-application-virtualization-51-administrators-guide.md) - -- [Getting Started with App-V 5.1](getting-started-with-app-v-51.md) - -- [Planning for App-V 5.1](planning-for-app-v-51.md) - -- [Deploying App-V 5.1](deploying-app-v-51.md) - -- [Operations for App-V 5.1](operations-for-app-v-51.md) - - - - - - -  - -  - - - - - diff --git a/mdop/appv-v5/using-the-app-v-50-client-management-console.md b/mdop/appv-v5/using-the-app-v-50-client-management-console.md deleted file mode 100644 index 2ab6dea613..0000000000 --- a/mdop/appv-v5/using-the-app-v-50-client-management-console.md +++ /dev/null @@ -1,96 +0,0 @@ ---- -title: Using the App-V 5.0 Client Management Console -description: Using the App-V 5.0 Client Management Console -author: dansimp -ms.assetid: 36398307-57dd-40f3-9d4f-b09f44fd37c3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Using the App-V 5.0 Client Management Console - - -This topic provides information about how you can configure and manage the App-V 5.0 client. - -## Modify App-V 5.0 client configuration - - -The App-V 5.0 client has associated settings that can be configured to determine how the client will run in your environment. You can manage these settings on the computer that runs the client or by using PowerShell or Group Policy. For more information about how to modify the client using PowerShell or Group Policy configuration see, [How to Modify Client Configuration by Using PowerShell](how-to-modify-client-configuration-by-using-powershell.md). - -## The App-V 5.0 client management console - - -You can obtain information about the App-V 5.0 client or perform specific tasks by using the App-V 5.0 client management console. Many of the tasks that you can perform in the client management console you can also perform by using PowerShell. The associated PowerShell cmdlets for each action are also displayed in the following table. For more information about how to use PowerShell, see [Administering App-V by Using PowerShell](administering-app-v-by-using-powershell.md). - -The client management console contains the following described main tabs. - - ---- - - - - - - - - - - - - - - - - - - - - -
TabDescription

Overview

The Overview tab contains the following elements:

-
    -

  • Update – Use the Update tile to refresh a virtualized application or to receive a new virtualized package.

    -

    The Last Refresh displays the current version of the virtualized package.

    • -

  • Download all virtual applications – Use the Download tile to download all of the packages provisioned to the current user.

    -

    (Associated PowerShell cmdlet: Mount-AppvClientPackage)

    -

    • -

  • Work Offline – Use this tile to disallow all automatic and manual virtual application updates.

    -

    (Associated PowerShell cmdlet: Set-AppvPublishServer –UserRefreshEnabled –GlobalRefreshEnabled)

    • -

Virtual Apps

The VIRTUAL APPS tab displays all of the packages that have been published to the user. You can also click a specific package and see all of the applications that are part of that package. This displays information about packages that are currently in use and how much of each package has been downloaded to the computer. You can also start and stop package downloads. Additionally, you can repair the user state. A repair will delete all user data that is associated with a package.

-

App Connection Groups

The APP CONNECTION GROUPS tab displays all of the connection groups that are available to the current user. Click a specific connection group to see all of the packages that are part of the selected group. This displays information about connection groups that are already in use and how much of the connection group contents have been downloaded to the computer. Additionally, you can start and stop connection group downloads. You can use this section to initiate a repair. A repair will remove all of the user state that is associated a connection group.

-

(Associated PowerShell cmdlets: Download - Mount-AppvClientConnectionGroup. Repair -AppvClientConnectionGroup.)

-

- -  - -[How to Access the Client Management Console](how-to-access-the-client-management-console.md) - -[How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](how-to-configure-the-client-to-receive-package-and-connection-groups-updates-from-the-publishing-server-beta.md) - - - - - - -## Related topics - - -[Operations for App-V 5.0](operations-for-app-v-50.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/using-the-app-v-51-client-management-console.md b/mdop/appv-v5/using-the-app-v-51-client-management-console.md deleted file mode 100644 index 427f3aa60c..0000000000 --- a/mdop/appv-v5/using-the-app-v-51-client-management-console.md +++ /dev/null @@ -1,96 +0,0 @@ ---- -title: Using the App-V 5.1 Client Management Console -description: Using the App-V 5.1 Client Management Console -author: dansimp -ms.assetid: be6d4e35-5701-4f9a-ba8a-bede12662cf1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Using the App-V 5.1 Client Management Console - - -This topic provides information about how you can configure and manage the Microsoft Application Virtualization (App-V) 5.1 client. - -## Modify App-V 5.1 client configuration - - -The App-V 5.1 client has associated settings that can be configured to determine how the client will run in your environment. You can manage these settings on the computer that runs the client or by using PowerShell or Group Policy. For more information about how to modify the client using PowerShell or Group Policy configuration see, [How to Modify Client Configuration by Using PowerShell](how-to-modify-client-configuration-by-using-powershell51.md). - -## The App-V 5.1 client management console - - -You can obtain information about the App-V 5.1 client or perform specific tasks by using the App-V 5.1 client management console. Many of the tasks that you can perform in the client management console you can also perform by using PowerShell. The associated PowerShell cmdlets for each action are also displayed in the following table. For more information about how to use PowerShell, see [Administering App-V 5.1 by Using PowerShell](administering-app-v-51-by-using-powershell.md). - -The client management console contains the following described main tabs. - - ---- - - - - - - - - - - - - - - - - - - - - -
TabDescription

Overview

The Overview tab contains the following elements:

-
    -

  • Update – Use the Update tile to refresh a virtualized application or to receive a new virtualized package.

    -

    The Last Refresh displays the current version of the virtualized package.

    • -

  • Download all virtual applications – Use the Download tile to download all of the packages provisioned to the current user.

    -

    (Associated PowerShell cmdlet: Mount-AppvClientPackage)

    -

    • -

  • Work Offline – Use this tile to disallow all automatic and manual virtual application updates.

    -

    (Associated PowerShell cmdlet: Set-AppvPublishServer –UserRefreshEnabled –GlobalRefreshEnabled)

    • -

Virtual Apps

The VIRTUAL APPS tab displays all of the packages that have been published to the user. You can also click a specific package and see all of the applications that are part of that package. This displays information about packages that are currently in use and how much of each package has been downloaded to the computer. You can also start and stop package downloads. Additionally, you can repair the user state. A repair will delete all user data that is associated with a package.

-

App Connection Groups

The APP CONNECTION GROUPS tab displays all of the connection groups that are available to the current user. Click a specific connection group to see all of the packages that are part of the selected group. This displays information about connection groups that are already in use and how much of the connection group contents have been downloaded to the computer. Additionally, you can start and stop connection group downloads. You can use this section to initiate a repair. A repair will remove all of the user state that is associated a connection group.

-

(Associated PowerShell cmdlets: Download - Mount-AppvClientConnectionGroup. Repair -AppvClientConnectionGroup.)

-

- -  - -[How to Access the Client Management Console](how-to-access-the-client-management-console51.md) - -[How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](how-to-configure-the-client-to-receive-package-and-connection-groups-updates-from-the-publishing-server-51.md) - - - - - - -## Related topics - - -[Operations for App-V 5.1](operations-for-app-v-51.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/viewing-app-v-server-publishing-metadata.md b/mdop/appv-v5/viewing-app-v-server-publishing-metadata.md deleted file mode 100644 index 218bac0f4f..0000000000 --- a/mdop/appv-v5/viewing-app-v-server-publishing-metadata.md +++ /dev/null @@ -1,258 +0,0 @@ ---- -title: Viewing App-V Server Publishing Metadata -description: Viewing App-V Server Publishing Metadata -author: dansimp -ms.assetid: 048dd42a-24d4-4cc4-81f6-7a919aadd9b2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Viewing App-V Server Publishing Metadata - - -Use this procedure to view publishing metadata, which can help you resolve publishing-related issues. You must be using the App-V Management server to use this procedure. - -This article contains the following information: - -- [App-V 5.0 SP3 requirements for viewing publishing metadata](#bkmk-50sp3-reqs-pub-meta) - -- [Syntax to use for viewing publishing metadata](#bkmk-syntax-view-pub-meta) - -- [Query values for client operating system and version](#bkmk-values-query-pub-meta) - -- [Definition of publishing metadata](#bkmk-whatis-pub-metadata) - -## App-V 5.0 SP3 requirements for viewing publishing metadata - - -In App-V 5.0 SP3, you must provide the following values in the address when you query the App-V Publishing server for metadata: - - ---- - - - - - - - - - - - - - - - - -
ValueAdditional details

ClientVersion

If you omit the ClientVersion parameter from the query, the metadata excludes the new App-V 5.0 SP3 features.

ClientOS

You have to provide this value only if you select specific client operating systems when you sequence the package. If you select the default (all operating systems), do not specify this value in the query.

-

If you omit the ClientOS parameter from the query, only the packages that were sequenced to support any operating system appear in the metadata.

- - - -## Query syntax for viewing publishing metadata - - -The following table provides the syntax and query examples. - - ------ - - - - - - - - - - - - - - - - - - - - - - -
Version of App-VQuery syntaxParameter descriptionsExample

App-V 5.0 SP3

http://<PubServer>:<Publishing Port#>/?ClientVersion=<AppvClientVersion>&ClientOS=<OSStringValue>

 ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

<PubServer>

Name of the App-V Publishing server.

<Publishing Port#>

Port to the App-V Publishing server, which you defined when you configured the Publishing server.

ClientVersion=<AppvClientVersion>

Version of the App-V client. Refer to the following table for the correct value to use.

ClientOS=<OSStringValue>

Operating system of the computer that is running the App-V client. Refer to the following table for the correct value to use.

-

-

To get the name of the Publishing server and the port number (http://<PubServer>:<Publishing Port#>) from the App-V Client, look at the URL configuration of the Get-AppvPublishingServer PowerShell cmdlet.

http://pubsvr01:2718/?clientversion=5.0.10066.0&clientos=WindowsClient_6.2_x64

-

In the example:

-
    -

  • A Windows Server 2012 R2 named “pubsvr01” hosts the Publishing service.

    • -

  • The Windows client is Windows 8.1 64-bit.

    • -

App-V 5.0 through App-V 5.0 SP2

http://<PubServer>:<Publishing Port#>/

-
-Note

ClientVersion and ClientOS are supported only in App-V 5.0 SP3.

-
-
- -

See the information for App-V 5.0 SP3.

http://pubsvr01:2718

-

In the example, A Windows Server 2012 R2 named “pubsvr01” hosts the Management and Publishing services.

- - - -## Query values for client operating system and version - - -In your publishing metadata query, enter the string values that correspond to the client operating system and version that you’re using. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating systemArchitectureOperating string string value

Windows 8.1

64-bit

WindowsClient_6.2_x64

Windows 8.1

32-bit

WindowsClient_6.2_x86

Windows 8

64-bit

WindowsClient_6.2_x64

Windows 8

32-bit

WindowsClient_6.2_x86

Windows Server 2012 R2

64-bit

WindowsServer_6.2_x64

Windows Server 2012 R2

32-bit

WindowsServer_6.2_x86

Windows Server 2012

64-bit

WindowsServer_6.2_x64

Windows Server 2012

32-bit

WindowsServer_6.2_x86

Windows 7

64-bit

WindowsClient_6.1_x64

Windows 7

32-bit

WindowsClient_6.1_x86

Windows Server 2008 R2

64-bit

WindowsServer_6.1_x64

Windows Server 2008 R2

32-bit

WindowsServer_6.1_x86

- - - -## Definition of publishing metadata - - -When packages are published to a computer that is running the App-V client, metadata is sent to that computer indicating which packages and connection groups are being published. The App-V Client makes two separate requests for the following: - -- Packages and connection groups that are entitled to the client computer. - -- Packages and connection groups that are entitled to the current user. - -The Publishing server communicates with the Management server to determine which packages and connection groups are available to the requester. The Publishing server must be registered with the Management server in order for the metadata to be generated. - -You can view the metadata for each request in an Internet browser by using a query that is in the context of the specific user or computer. - - - - - - -## Related topics - - -[Technical Reference for App-V 5.0](technical-reference-for-app-v-50.md) - - - - - - - - - diff --git a/mdop/appv-v5/viewing-app-v-server-publishing-metadata51.md b/mdop/appv-v5/viewing-app-v-server-publishing-metadata51.md deleted file mode 100644 index 5971f5c937..0000000000 --- a/mdop/appv-v5/viewing-app-v-server-publishing-metadata51.md +++ /dev/null @@ -1,268 +0,0 @@ ---- -title: Viewing App-V Server Publishing Metadata -description: Viewing App-V Server Publishing Metadata -author: dansimp -ms.assetid: d5fa9eb5-647c-478d-8a4d-0ecda018bce6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Viewing App-V Server Publishing Metadata - - -Use this procedure to view publishing metadata, which can help you resolve publishing-related issues. You must be using the App-V Management server to use this procedure. - -This article contains the following information: - -- [App-V 5.1 requirements for viewing publishing metadata](#bkmk-51-reqs-pub-meta) - -- [Syntax to use for viewing publishing metadata](#bkmk-syntax-view-pub-meta) - -- [Query values for client operating system and version](#bkmk-values-query-pub-meta) - -- [Definition of publishing metadata](#bkmk-whatis-pub-metadata) - -## App-V 5.1 requirements for viewing publishing metadata - - -In App-V 5.1, you must provide the following values in the address when you query the App-V Publishing server for metadata: - - ---- - - - - - - - - - - - - - - - - -
ValueAdditional details

ClientVersion

If you omit the ClientVersion parameter from the query, the metadata excludes the features that were new in App-V 5.0 SP3.

ClientOS

You have to provide this value only if you select specific client operating systems when you sequence the package. If you select the default (all operating systems), do not specify this value in the query.

-

If you omit the ClientOS parameter from the query, only the packages that were sequenced to support any operating system appear in the metadata.

- - - -## Query syntax for viewing publishing metadata - - -The following table provides the syntax and query examples. - - ------ - - - - - - - - - - - - - - - - - - - - - - -
Version of App-VQuery syntaxParameter descriptionsExample

App-V 5.0 SP3 and App-V 5.1

http://<PubServer>:<Publishing Port#>/?ClientVersion=<AppvClientVersion>&ClientOS=<OSStringValue>

 ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

<PubServer>

Name of the App-V Publishing server.

<Publishing Port#>

Port to the App-V Publishing server, which you defined when you configured the Publishing server.

ClientVersion=<AppvClientVersion>

Version of the App-V client. Refer to the following table for the correct value to use.

ClientOS=<OSStringValue>

Operating system of the computer that is running the App-V client. Refer to the following table for the correct value to use.

-

-

To get the name of the Publishing server and the port number (http://<PubServer>:<Publishing Port#>) from the App-V Client, look at the URL configuration of the Get-AppvPublishingServer PowerShell cmdlet.

http://pubsvr01:2718/?clientversion=5.0.10066.0&clientos=WindowsClient_6.2_x64

-

In the example:

-
    -

  • A Windows Server 2012 R2 named “pubsvr01” hosts the Publishing service.

    • -

  • The Windows client is Windows 8.1 64-bit.

    • -

App-V 5.0 through App-V 5.0 SP2

http://<PubServer>:<Publishing Port#>/

-
-Note

ClientVersion and ClientOS are supported only in App-V 5.0 SP3 and App-V 5.1.

-
-
- -

See the information for App-V 5.0 SP3 and App-V 5.1.

http://pubsvr01:2718

-

In the example, A Windows Server 2012 R2 named “pubsvr01” hosts the Management and Publishing services.

- - - -## Query values for client operating system and version - - -In your publishing metadata query, enter the string values that correspond to the client operating system and version that you’re using. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating systemArchitectureOperating string string value

Windows 10

64-bit

WindowsClient_10.0_x64

Windows 10

32-bit

WindowsClient_10.0_x86

Windows 8.1

64-bit

WindowsClient_6.2_x64

Windows 8.1

32-bit

WindowsClient_6.2_x86

Windows 8

64-bit

WindowsClient_6.2_x64

Windows 8

32-bit

WindowsClient_6.2_x86

Windows Server 2012 R2

64-bit

WindowsServer_6.2_x64

Windows Server 2012 R2

32-bit

WindowsServer_6.2_x86

Windows Server 2012

64-bit

WindowsServer_6.2_x64

Windows Server 2012

32-bit

WindowsServer_6.2_x86

Windows 7

64-bit

WindowsClient_6.1_x64

Windows 7

32-bit

WindowsClient_6.1_x86

Windows Server 2008 R2

64-bit

WindowsServer_6.1_x64

Windows Server 2008 R2

32-bit

WindowsServer_6.1_x86

- - - -## Definition of publishing metadata - - -When packages are published to a computer that is running the App-V client, metadata is sent to that computer indicating which packages and connection groups are being published. The App-V Client makes two separate requests for the following: - -- Packages and connection groups that are entitled to the client computer. - -- Packages and connection groups that are entitled to the current user. - -The Publishing server communicates with the Management server to determine which packages and connection groups are available to the requester. The Publishing server must be registered with the Management server in order for the metadata to be generated. - -You can view the metadata for each request in an Internet browser by using a query that is in the context of the specific user or computer. - - - - - - -## Related topics - - -[Technical Reference for App-V 5.1](technical-reference-for-app-v-51.md) - - - - - - - - - diff --git a/mdop/appv-v5/whats-new-in-app-v-50-sp1.md b/mdop/appv-v5/whats-new-in-app-v-50-sp1.md deleted file mode 100644 index 6968160074..0000000000 --- a/mdop/appv-v5/whats-new-in-app-v-50-sp1.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: What's new in App-V 5.0 SP1 -description: What's new in App-V 5.0 SP1 -author: dansimp -ms.assetid: e97c2dbb-7b40-46a0-8137-9ee4fc2bd071 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# What's new in App-V 5.0 SP1 - - -This section is for users who are already familiar with App-V and want to know what has changed in App-V 5.0 SP1. If you are not already familiar with App-V, you should start by reading [Planning for App-V 5.0](planning-for-app-v-50-rc.md). - -## Changes in Standard Functionality - - -The following sections contain information about the changes in standard functionality for App-V 5.0 SP1. - -### Changes to Supported Languages - -For more information, see [About App-V 5.0 SP1](about-app-v-50-sp1.md). - -The following list contains more information about the new Language Packs: - -- The App-V 5.0 SP1 language packs are bundled into the **appv\_xxx\_setup.exe** installer for all the App-V 5.0 Components. - -- When you run the installer it will automatically install the most appropriate language pack based on the locale of the associated operating system running on the target computer. - -- If additional language packs are required, you must extract these language packs from the installer by running the following command: `appv_xxx_setup.exe /Layout /LayoutDir=””`. After this has been run, the contents of the installer are extracted to the specified location. - -- You must install the desired language pack by applying the appropriate Language pack Windows Installation file. For example, **appv\_hib\_LP\_jmmb\_x86.msi** or **appv\_hib\_LP\_jmmb\_x64.msi**, where **hib** refers to the component and **jmmb** refers to the locale. - -## Enhanced Support for Microsoft Office 2010 - - -**Microsoft Office 2010 Sequencing Kit for Application Virtualization 5.0** – helps provide users with a consistent experience using a virtualized version of Microsoft Office 2010. The **Microsoft Office 2010 Sequencing Kit for Application Virtualization 5.0** is used in conjunction with the **Microsoft Office 2010 Deployment Kit for App-V** and also provides the required Microsoft Office 2010 licensing service. - - - - - - -## Related topics - - -[About App-V 5.0](about-app-v-50.md) - -  - -  - - - - - diff --git a/mdop/appv-v5/whats-new-in-app-v-50.md b/mdop/appv-v5/whats-new-in-app-v-50.md deleted file mode 100644 index 7d5f3286a2..0000000000 --- a/mdop/appv-v5/whats-new-in-app-v-50.md +++ /dev/null @@ -1,174 +0,0 @@ ---- -title: What's New in App-V 5.0 -description: What's New in App-V 5.0 -author: dansimp -ms.assetid: 79ff6e02-e926-4803-87d8-248a6b28099d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# What's New in App-V 5.0 - - -This section is for users who are already familiar with App-V and want to know what has changed in App-V 5.0 If you are not already familiar with App-V, you should start by reading [Planning for App-V 5.0](planning-for-app-v-50-rc.md). - -## Changes in Standard Functionality - - -The following sections contain information about the changes in standard functionality for App-V 5.0. - -### Changes to Supported Operating Systems - -For more information, see [App-V 5.0 Supported Configurations](app-v-50-supported-configurations.md). - -## Changes to the sequencer - - -The following sections contain information about the changes in the App-V 5.0 sequencer. - -### Specific change to the sequencer - -The following table displays information about what has changed with the App-V 5.0 sequencer - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Sequencer FeatureApp-V 5.0 Sequencer Functionality

Reboot processing

When an application prompts for a restart, you should allow the application to restart the computer running the sequencer. The computer running the sequencer will restart and the sequencer will resume in monitoring mode.

Specifying the virtual application directory

Virtual Application Directory is a mandatory parameter. For best results, it should match the installation directory of the application installer. This results in more optimal performance and application compatibility.

Editing shortcuts/FTAs

The Shortcuts/FTA page is on the Advanced editing page after the sequencing wizard has completed.

Change History Tab

The Change History tab has been removed for App-V 5.0.

OSD Tab

The OSD tab has been removed for App-V 5.0.

Virtual Services Tab

The virtual services tab has been removed for App-V 5.0.

Files/Virtual File System Tab

These tabs are combined and allow you to modify package files.

Deployment Tab

There are no longer options to configure the server URL in the packages. You should configure this now using deployment configuration, or the management server.

Package Converter Tool

You can now use PowerShell to convert packages created in previous versions.

Add-on/Middleware

You can expand parent packages when you are sequencing an Add-On or Middleware application. Add-ons and Middleware packages must be connected using connection groups in App-V 5.0.

Files output

The following files are created with App-V 5.0, Windows Installer (.msi), .appv, deployment configuration, user configuration, and the Report.XML.

Compression/Security descriptors/MSI packages

Compression and the creation of a Windows Installer (.msi) file are automatic for all packages and you can no longer override security descriptors.

Tools / Options

The Diagnostics window has been removed as well as several other settings.

Installation Drive

An installation drive is no longer required when you install an application.

OOS Streaming

If no stream optimization is performed, packages are stream faulted when they are requested by computers running the App-V 5.0 client until they can launch.

Q:</p>

App-V 5.0 uses the native file system and no longer requires a Q:.

- - - -## Sequencing error detection - - -The App-V 5.0 sequencer can detect common sequencing issues during sequencing. The **Installation Report** page at the end of the sequencing wizard displays diagnostic messages categorized into **Errors**, **Warnings**, and **Info** depending on the severity of the issue. - -To display more detailed information about an event, double-click the item you want to review in the report. The sequencing issues, as well as suggestions about how to resolve the issues are displayed. Information from the system preparation report and the installation report are summarized when you have finished creating a package. The following list displays the types of issues available in the report: - -- Excluded files. - -- Driver information. - -- COM+ system differences. - -- Side-by-side (SxS) conflicts. - -- Shell Extensions. - -- Information about unsupported services. - -- DCOM. - -## Connection Groups - - -The App-V feature formerly known as **Dynamic Suite Composition** is now referred to as **Connection Groups** in App-V 5.0. For more information about using Connection Groups see [Managing Connection Groups](managing-connection-groups.md). - -## Licensing and Metering Functionality - - -The application and licensing functionality has been removed in App-V 5.0. The actual license positions in your environment depend on the specific software title license and usage rights granted by the associated license terms. - -## File and Application Cache - - -There is no file or application cache available with App-V 5.0. - - - - - - -## Related topics - - -[About App-V 5.0](about-app-v-50.md) - - - - - - - - - diff --git a/mdop/breadcrumb/toc.yml b/mdop/breadcrumb/toc.yml deleted file mode 100644 index 904b8033a1..0000000000 --- a/mdop/breadcrumb/toc.yml +++ /dev/null @@ -1,7 +0,0 @@ -- name: Docs - tocHref: / - topicHref: / - items: - - name: Microsoft Desktop Optimization Pack - tocHref: /microsoft-desktop-optimization-pack - topicHref: /microsoft-desktop-optimization-pack/index \ No newline at end of file diff --git a/mdop/dart-v10/TOC.md b/mdop/dart-v10/TOC.md deleted file mode 100644 index 5f3730e1c6..0000000000 --- a/mdop/dart-v10/TOC.md +++ /dev/null @@ -1,39 +0,0 @@ -# [Diagnostics and Recovery Toolset 10](index.md) -## [Getting Started with DaRT 10](getting-started-with-dart-10.md) -### [About DaRT 10](about-dart-10.md) -#### [Release Notes for DaRT 10](release-notes-for-dart-10.md) -### [Overview of the Tools in DaRT 10](overview-of-the-tools-in-dart-10.md) -### [Accessibility for DaRT 10](accessibility-for-dart-10.md) -## [Planning for DaRT 10](planning-for-dart-10.md) -### [Planning to Deploy DaRT 10](planning-to-deploy-dart-10.md) -#### [DaRT 10 Supported Configurations](dart-10-supported-configurations.md) -#### [Planning to Create the DaRT 10 Recovery Image](planning-to-create-the-dart-10-recovery-image.md) -#### [Planning How to Save and Deploy the DaRT 10 Recovery Image](planning-how-to-save-and-deploy-the-dart-10-recovery-image.md) -### [DaRT 10 Planning Checklist](dart-10-planning-checklist.md) -## [Deploying DaRT 10](deploying-dart-10.md) -### [Deploying DaRT 10 to Administrator Computers](deploying-dart-10-to-administrator-computers.md) -#### [How to Deploy DaRT 10](how-to-deploy-dart-10.md) -#### [How to Change, Repair, or Remove DaRT 10](how-to-change-repair-or-remove-dart-10.md) -### [Creating the DaRT 10 Recovery Image](creating-the-dart-10-recovery-image.md) -### [Deploying the DaRT Recovery Image](deploying-the-dart-recovery-image-dart-10.md) -#### [How to Deploy the DaRT Recovery Image as Part of a Recovery Partition](how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-10.md) -#### [How to Deploy the DaRT Recovery Image as a Remote Partition](how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-10.md) -### [DaRT 10 Deployment Checklist](dart-10-deployment-checklist.md) -## [Operations for DaRT 10](operations-for-dart-10.md) -### [Recovering Computers Using DaRT 10](recovering-computers-using-dart-10.md) -#### [How to Recover Local Computers by Using the DaRT Recovery Image](how-to-recover-local-computers-by-using-the-dart-recovery-image-dart-10.md) -#### [How to Recover Remote Computers by Using the DaRT Recovery Image](how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-10.md) -### [Diagnosing System Failures with Crash Analyzer](diagnosing-system-failures-with-crash-analyzer-dart-10.md) -#### [How to Run the Crash Analyzer on an End-user Computer](how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-10.md) -#### [How to Run the Crash Analyzer in Stand-alone Mode on a Computer Other than an End-user Computer](how-to-run-the-crash-analyzer-in-stand-alone-mode-on-a-computer-other-than-an-end-user-computer-dart-10.md) -#### [How to Ensure that Crash Analyzer Can Access Symbol Files](how-to-ensure-that-crash-analyzer-can-access-symbol-files-dart-10.md) -### [Security and Privacy for DaRT 10](security-and-privacy-for-dart-10.md) -#### [Security Considerations for DaRT 10](security-considerations-for-dart-10.md) -#### [DaRT 10 Privacy Statement](dart-10-privacy-statement.md) -### [Administering DaRT 10 Using PowerShell](administering-dart-10-using-powershell.md) -#### [How to Perform DaRT Tasks by Using PowerShell Commands](how-to-perform-dart-tasks-by-using-powershell-commands-dart-10.md) -#### [How to Use a PowerShell Script to Create the Recovery Image](how-to-use-a-powershell-script-to-create-the-recovery-image-dart-10.md) -## [Troubleshooting DaRT 10](troubleshooting-dart-10.md) -# [DaRT 10](dart-10--c--page.md) -# [DaRT 10](dart-10-cover-page.md) - diff --git a/mdop/dart-v10/about-dart-10.md b/mdop/dart-v10/about-dart-10.md deleted file mode 100644 index bc738c6bd9..0000000000 --- a/mdop/dart-v10/about-dart-10.md +++ /dev/null @@ -1,98 +0,0 @@ ---- -title: About DaRT 10 -description: About DaRT 10 -author: dansimp -ms.assetid: 02378035-58d1-4095-82fe-d60734a746fb -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# About DaRT 10 - - -DaRT 10 includes the following enhancements and changes as described in this topic. - -## What’s new - - -- **Support for Windows 10** - - You can create DaRT images by using Windows 10. - - **Note**   - For earlier versions of the Windows operating systems, continue to use the earlier versions of DaRT. - - - -- **Windows Defender** - - Windows Defender is now part of the Windows 10 Preinstallation Environment (PE) image. As a result, Windows Defender has been removed from the DaRT 10 toolset. - -## Requirements - - -- **Windows Assessment and Development Kit 10.0** - - Windows Assessment and Development Kit (ADK) 10.0 is a required prerequisite for the DaRT Recovery Image Wizard. Windows ADK 10.0 contains deployment tools that are used to customize, deploy, and service Windows images. It also contains the Windows Preinstallation Environment (Windows PE). - - **Note**   - Windows ADK 10.0 is not required if you are installing only Remote Connection Viewer or Crash Analyzer. - - - -- **Windows 10 Debugging Tools** - - To use the Crash Analyzer tool in DaRT 10, you need the required debugging tools, which are available in the Software Development Kit for Windows 10. - -## Language availability - - -DaRT 10 is available in the following languages: - -- English (United States) en-US - -- French (France) fr-FR - -- Italian (Italy) it-IT - -- German (Germany) de-DE - -- Spanish, International Sort (Spain) es-ES - -- Korean (Korea) ko-KR - -- Japanese (Japan) ja-JP - -- Portuguese (Brazil) pt-BR - -- Russian (Russia) ru-RU - -- Chinese Traditional zh-TW - -- Chinese Simplified zh-CN - -## How to Get MDOP Technologies - - -DaRT 10 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049). - -## Related topics - - -[Release Notes for DaRT 10](release-notes-for-dart-10.md) - - - - - - - - - diff --git a/mdop/dart-v10/accessibility-for-dart-10.md b/mdop/dart-v10/accessibility-for-dart-10.md deleted file mode 100644 index d6f65c76e7..0000000000 --- a/mdop/dart-v10/accessibility-for-dart-10.md +++ /dev/null @@ -1,106 +0,0 @@ ---- -title: Accessibility for DaRT 10 -description: Accessibility for DaRT 10 -author: dansimp -ms.assetid: 61d7a30c-3551-440d-bdcd-36333052c7b4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Accessibility for DaRT 10 - - -Microsoft is committed to making its products and services easier for everyone to use. This section provides information about features and services that make this product and its corresponding documentation more accessible for people with disabilities. - -## Access any command with a few keystrokes - - -Access keys let you quickly use a command by pressing a few keys. You can get to most commands by using two keystrokes. To use an access key: - -1. Press ALT. - - The keyboard shortcuts are displayed over each feature that is available in the current view. - -2. Press the letter shown in the keyboard shortcut over the feature that you want to use. - -**Note**   -To cancel the action that you are taking and hide the keyboard shortcuts, press ALT. - - - -## Documentation in alternative formats - - -If you have difficulty reading or handling printed materials, you can obtain the documentation for many Microsoft products in more accessible formats. You can view an index of accessible product documentation on the Microsoft Accessibility website. In addition, you can obtain additional Microsoft publications from Learning Ally (formerly Recording for the Blind & Dyslexic, Inc.). Learning Ally distributes these documents to registered, eligible members of their distribution service. - -For information about the availability of Microsoft product documentation and books from Microsoft Press, contact: - - ---- - - - - - - - - - - - - - - - - - - - - - - -

Learning Ally (formerly Recording for the Blind & Dyslexic, Inc.)

-

20 Roszel Road

-

Princeton, NJ 08540

Telephone number from within the United States:

(800) 221-4792

Telephone number from outside the United States and Canada:

(609) 452-0606

Fax:

(609) 987-8116

http://www.learningally.org/

Web addresses can change, so you might be unable to connect to the website or sites mentioned here.

- - - -## Customer service for people with hearing impairments - - -If you are deaf or hard-of-hearing, complete access to Microsoft product and customer services is available through a text telephone (TTY/TDD) service: - -- For customer service, contact Microsoft Sales Information Center at (800) 892-5234 between 6:30 AM and 5:30 PM Pacific Time, Monday through Friday, excluding holidays. - -- For technical assistance in the United States, contact Microsoft Product Support Services at (800) 892-5234 between 6:00 AM and 6:00 PM Pacific Time, Monday through Friday, excluding holidays. In Canada, dial (905) 568-9641 between 8:00 AM and 8:00 PM Eastern Time, Monday through Friday, excluding holidays. - -Microsoft Support Services are subject to the prices, terms, and conditions in place at the time the service is used. - -## For more information - - -For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431). - -## Related topics - - -[Getting Started with DaRT 10](getting-started-with-dart-10.md) - - - - - - - - - diff --git a/mdop/dart-v10/administering-dart-10-using-powershell.md b/mdop/dart-v10/administering-dart-10-using-powershell.md deleted file mode 100644 index 566da0b7e9..0000000000 --- a/mdop/dart-v10/administering-dart-10-using-powershell.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: Administering DaRT 10 Using PowerShell -description: Administering DaRT 10 Using PowerShell -author: dansimp -ms.assetid: eefe992f-077b-4e4b-8a5d-45b451614d7b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Administering DaRT 10 Using PowerShell - - -Microsoft Diagnostics and Recovery Toolset (DaRT) 10 lets you use PowerShell commands to complete various DaRT 10 administrative tasks or to create the DaRT recovery image. - -## Perform DaRT tasks by using PowerShell commands - - -DaRT 10 provides four PowerShell commands that let you do the following: - -- Burn an ISO to a CD, DVD, or USB drive. - -- Allow the source WIM file, which contains a DaRT image, to be converted into an ISO file. - -- Create a DaRT configuration object that is needed to apply a DaRT toolset to a Windows Image. - -- Apply a DartConfiguration object to a mounted Windows Image. - -[How to Perform DaRT Tasks by Using PowerShell Commands](how-to-perform-dart-tasks-by-using-powershell-commands-dart-10.md) - -## Use a PowerShell script to create the recovery image - - -Rather than use the DaRT Recovery Image wizard to create the recovery image, you can use a PowerShell script and specify the parameters you want. - -[How to Use a PowerShell Script to Create the Recovery Image](how-to-use-a-powershell-script-to-create-the-recovery-image-dart-10.md) - -## Other resources for administering DaRT 10 using PowerShell - - -[Operations for DaRT 10](operations-for-dart-10.md) - -  - -  - - - - - diff --git a/mdop/dart-v10/creating-the-dart-10-recovery-image.md b/mdop/dart-v10/creating-the-dart-10-recovery-image.md deleted file mode 100644 index 01bc58f01f..0000000000 --- a/mdop/dart-v10/creating-the-dart-10-recovery-image.md +++ /dev/null @@ -1,266 +0,0 @@ ---- -title: Creating the DaRT 10 Recovery Image -description: Creating the DaRT 10 Recovery Image -author: dansimp -ms.assetid: 173556de-2f20-4ea6-9e29-fc5ccc71ebd7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Creating the DaRT 10 Recovery Image - - -After installing Microsoft Diagnostics and Recovery Toolset (DaRT) 10, you create a DaRT 10 recovery image. The recovery image starts Windows RE, from which you can then start the DaRT tools. You can generate International Organization for Standardization (ISO) files and Windows Imaging Format (WIM) images. In addition, you can use PowerShell to generate scripts that use the settings you select in the DaRT Recovery Image wizard. You can use the script later to rebuild recovery images by using the same settings. The recovery image provides a variety of recovery tools. For a description of the tools, see [Overview of the Tools in DaRT 10](overview-of-the-tools-in-dart-10.md). - -After you boot the computer into DaRT, you can run the different DaRT tools to try to diagnose and repair the computer. This section walks you through the process of creating the DaRT recovery image and lets you select the tools and features that you want to include as part of the image. - -You can create the DaRT recovery image by using either of two methods: - -- Use the DaRT Recovery Image wizard, which runs in a Windows environment. - -- Modify an example PowerShell script with the values you want. For more information, see [How to Use a PowerShell Script to Create the Recovery Image](how-to-use-a-powershell-script-to-create-the-recovery-image-dart-10.md). - -You can write the ISO to a recordable CD or DVD, save it to a USB flash drive, or save it in a format that you can use to boot into DaRT from a remote partition or from a recovery partition. - -Once you have created the ISO image, you can burn it onto a blank CD or DVD (if your computer has a CD or DVD drive). If your computer does not have a drive for this purpose, you can use most generic programs that are used to burn CDs or DVDs. - -## Select the image architecture and specify the path - - -On the Windows 10 Media page, you select whether to create a 32-bit or 64-bit DaRT recovery image. Use the 32-bit Windows to build 32-bit DaRT recovery images, and 64-bit Windows to build 64-bit DaRT recovery images. You can use a single computer to create recovery images for both architecture types, but you cannot create one image that works on both 32-bit and 64-bit architectures. You also indicate the path of the Windows 10 installation media. Choose the architecture that matches the one of the recovery image that you are creating. - -**To select the image architecture and specify the path** - -1. On the **Windows 10 Media** page, select one of the following: - - - If you are creating a recovery image for 64-bit computers, select **Create x64 (64-bit) DaRT image**. - - - If you are creating a recovery image for 32-bit computers, select **Create x86 (32-bit) DaRT image**. - -2. In the **Specify the root path of the Windows 10 <64-bit or 32-bit> install media** box, type the path of the Windows 10 installation files. Use a path that matches the architecture of the recovery image that you are creating. - -3. Click **Next**. - -## Select the tools to include on the recovery image - - -On the Tools page, you can select numerous tools to include on the recovery image. These tools will be available to end users when they boot into the DaRT image. However, if you enable remote connectivity when creating the DaRT image, all of the tools will be available when a help desk worker connects to the end user’s computer, regardless of which tools you chose to include on the image. - -To restrict end-user access to these tools, but still retain full access to the tools through the Remote Connection Viewer, do not select those tools on the Tools page. End users will be able to use only Remote Connection and will be able to see, but not access, any tools that you exclude from the recovery image. - -**To select the tools to include on the recovery image** - -1. On the **Tools** page, select the check box beside each tool that you want to include on the image. - -2. Click **Next**. - -## Choose whether to allow remote connectivity by a help desk - - -On the Remote Connection page, you can choose to enable a help desk worker to remotely connect to and run the DaRT tools on an end user’s computer. The remote connectivity option is then shown as an available option in the Diagnostics and Recovery Toolset window. After help desk workers establish a remote connection, they can run the DaRT tools on the end-user computer from a remote location. - -**To choose whether to allow remote connectivity by help desk workers** - -1. On the **Remote Connection** page, select the **Allow remote connections** check box to allow remote connections, or clear the check box to prevent remote connections. - -2. If you cleared the **Allow remote connections** check box, click **Next**. Otherwise, go to the next step to continue configuring remote connectivity. - -3. Select one of the following: - - - Let Windows choose an open port number. - - - Specify the port number. If you select this option, enter a port number between 1 and 65535 in the field beneath the option. This port number will be used when establishing a remote connection. We recommend that the port number be 1024 or higher to minimize the possibility of a conflict. - -4. (Optional) in the **Remote connection welcome** message box, create a customized message that end users receive when they establish a remote connection. The message can be a maximum of 2048 characters. - -5. Click **Next**. - - For more information about running the DaRT tools remotely, see [How to Recover Remote Computers by Using the DaRT Recovery Image](how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-10.md). - -## Add drivers to the recovery image - - -On the Drivers tab of the Advanced Options page, you can add additional device drivers that you may need when repairing a computer. These may typically include storage or network controllers that Windows 10 does not provide. Drivers are installed when the image is created. - -**Important**   -When you select drivers to include, be aware that wireless connectivity (such as Bluetooth or 802.11a/b/g/n) is not supported in DaRT. - - - -**To add drivers to the recovery image** - -1. On the **Advanced Options** page, click the **Drivers** tab. - -2. Click **Add**. - -3. Browse to the file to be added for the driver, and then click **Open**. - - **Note**   - The driver file is provided by the manufacturer of the storage or network controller. - - - -4. Repeat Steps 2 and 3 for every driver that you want to include. - -5. Click **Next**. - -## Add WinPE optional packages to the recovery image - - -On the WinPE tab of the Advanced Options page, you can add WinPE optional packages to the DaRT image. These packages are part of the Windows ADK, which is an installation prerequisite for the DaRT Recovery Image wizard. The tools that you can select are all optional. Any required packages are added automatically, based on the tools you selected on the Tools page. - -You can also specify the size of the scratch space. Scratch space is the amount of RAM disk space that is set aside for DaRT to run. The scratch space is useful in case the end user’s hard disk is not available. If you are running additional tools and drivers, you may want to increase the scratch space. - -**To add WinPE optional packages to the recovery image** - -1. On the **Advanced Options** page, click the **WinPE** tab. - -2. Select the check box beside each package that you want to include on the image, or click the **Name** check box to select all of the packages. - -3. In the **Scratch Space** field, select the amount of RAM disk space to allocate for running DaRT in case the end user’s hard disk is not available. - -4. Click **Next**. - -## Add the debugging tools for Crash Analyzer - - -If you include the Crash Analyzer tool in the ISO image, you must also include the Debugging Tools for Windows. On the Crash Analyzer tab of the Advanced Options page, you enter the path of the Windows 10 Debugging Tools, which Crash Analyzer uses to analyze memory dump files. You can use the tools that are on the computer where you are running the DaRT Recovery Image wizard, or you can use the tools that are on the end-user computer. If you decide to use the tools on the end-user computer, remember that every computer that you diagnose must have the Debugging Tools installed. - -If you installed the Microsoft Windows Software Development Kit (SDK) or the Microsoft Windows Development Kit (WDK), the Windows 10 Debugging Tools are added to the recovery image by default, and the path to the Debugging Tools is automatically filled in. You can change the path of the Windows 10 Debugging Tools if the files are located somewhere other than the location indicated by the default file path. A link in the wizard lets you download and install debugging tools for Windows if they are not already installed. - -To download the Windows Debugging Tools, see [Debugging Tools for Windows](https://go.microsoft.com/fwlink/?LinkId=266248). Install the Debugging Tools to the default location. - -**Note**   -The DaRT wizard checks for the tools in the `HKLM\Software\Microsoft\Windows Kits\Installed Roots\WindowsDebuggersRoot` registry key. If the registry value is not there, the wizard looks in one of the following locations, depending on your system architecture: - -`%ProgramFilesX86%\Windows Kits\10.0\Debuggers\x64` - -`%ProgramFilesX86%\Windows Kits\10.0\Debuggers\x86` - - - -**To add the debugging tools for Crash Analyzer** - -1. On the **Advanced Options** page, click the **Crash Analyzer** tab. - -2. (Optional) Click **Download the Debugging Tools** to download the Debugging Tools for Windows. - -3. Select one of the following options: - - - **Include the Windows 10 <64-bit or 32-bit> Debugging Tools**. If you select this option, browse to and select the location of the tools if the path is not already displaying. - - - **Use the Debugging Tools from the system that is being debugged**. If you select this option, the Crash Analyzer will not work if the Debugging Tools for Windows are not found on the problem computer. - -4. Click **Next**. - -## Select the types of recovery image files to create - - -On the Create Image page, you choose an output folder for the recovery image, enter an image name, and select the types of DaRT recovery image files to create. During the recovery image creation process, Windows source files are unpacked, DaRT files are copied to it, and the image is then “re-packed” into the file formats that you select on this page. - -The available image file types are: - -- **Windows Imaging File (WIM)** - used to deploy DaRT to a preboot execution environment (PXE) or local partition). - -- **International Standards Organization (ISO)** – used to deploy to CD or DVD, or for use in virtual machines (VM)s). The wizard requires that the ISO image have an .iso file name extension because most programs that burn a CD or DVD require that extension. If you do not specify a different location, the ISO image is created on your desktop with the name DaRT10.ISO. - -- **PowerShell script** – creates a DaRT recovery image with commands that provide essentially the same options that you can select by using the DaRT Recovery Image wizard. The script also enables you to add or changes files in the DaRT recovery image. - -If you select the Edit Image check box on this page, you can customize the recovery image during the image creation process. For example, you can change the “winpeshl.ini” file to create a custom startup order or to add third-party tools. - -**To select the types of recovery image files to create** - -1. On the **Create Image** page, click **Browse** to choose the output folder for the image file. - - **Note**   - The size of the image will vary, depending on the tools that you select and the files that you add in the wizard. - - - -2. In the **Image name** box, enter a name for the DaRT recovery image, or accept the default name, which is DaRT10. - - The wizard creates a subfolder in the output path by this name. - -3. Select the types of image files that you want to create. - -4. Choose one of the following: - - - To change the files in the recovery image before you create the image files, select the **Edit Image** check box, and then click **Prepare**. - - - To create the recovery image without changing the files, click **Create**. - -5. - - Click **Next**. - -## Edit the recovery image files - - -You can edit the recovery image only if you selected the Edit Image check box on the Create Image page. After the recovery image has been prepared for editing, you can add and modify the recovery image files before creating the bootable media. For example, you can create a custom order for startup, add various third-party tools, and so on. - -**To edit the recovery image files** - -1. On the **Edit Image** page, click **Open** in Windows Explorer. - -2. Create a subfolder in the folder that is listed in the dialog box. - -3. Copy the files that you want to the new subfolder, or remove files that you don’t want. - -4. Click **Create** to start creating the recovery image. - -## Generate the recovery image files - - -On the Generate Files page, the DaRT recovery image is generated for the file types that you selected on the Create Image page. - -**To generate the recovery image files** - -- On the **Generate Files** page, click **Next** to generate the recovery image files. - -## Copy the recovery image to a CD, DVD, or USB - - -On the Create Bootable Media page, you can optionally copy the image file to a CD, DVD, or USB flash drive (UFD). You can also create additional bootable media from this page by restarting the wizard. - -**Note**   -The Preboot execution environment (PXE) and local image deployment are not supported natively by this tool since they require additional enterprise tools, such as System Center Configuration Manager server and Microsoft Development Toolkit. - - - -**To copy the recovery image to a CD, DVD, or USB** - -1. On the **Create Bootable Media** page, select the iso file that you want to copy. - -2. Insert a CD, DVD, or USB, and then select the drive. - - **Note**   - If a drive is not recognized and you install a new drive, you can click **Refresh** to force the wizard to update the list of available drives. - - - -3. Click the **Create Bootable Media** button. - -4. To create another recovery image, click Restart, or click **Close** if you have finished creating all of the media that you want. - -## Related topics - - -[Overview of the Tools in DaRT 10](overview-of-the-tools-in-dart-10.md) - -[Deploying DaRT 10](deploying-dart-10.md) - - - - - - - - - diff --git a/mdop/dart-v10/dart-10--c--page.md b/mdop/dart-v10/dart-10--c--page.md deleted file mode 100644 index edbc333edd..0000000000 --- a/mdop/dart-v10/dart-10--c--page.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -title: DaRT 10 -description: DaRT 10 -author: dansimp -ms.assetid: 4f62abe6-d971-44b4-b1e7-9dcaf199ca31 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# DaRT 10 - - -## Copyright - - -This document is provided "as-is". Information and views expressed in this document, including URL and other Internet website references, may change without notice. - -Some examples depicted herein are provided for illustration only and are fictitious.  No real association or connection is intended or should be inferred. - -This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes. You may modify this document for your internal, reference purposes. - -This document is confidential and proprietary to Microsoft. It is disclosed and can be used only pursuant to a non-disclosure agreement. - - - -Microsoft, Active Directory, ActiveX, Bing, Excel, Silverlight, SQL Server, Windows, Microsoft Intune, and Windows PowerShell are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners. - -## Revision History - - - ---- - - - - - - - - - - - - -
Release DateChanges

Month dd, yyyy

Original release of this guide.

- -  - -  - -  - - - - - diff --git a/mdop/dart-v10/dart-10-cover-page.md b/mdop/dart-v10/dart-10-cover-page.md deleted file mode 100644 index 93162131d7..0000000000 --- a/mdop/dart-v10/dart-10-cover-page.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: DaRT 10 -description: DaRT 10 -author: dansimp -ms.assetid: 875f6dc4-13f4-4625-8c6a-38215c2daf01 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# DaRT 10 - - -![mbam logo](images/mbam-logo-sm.gif) - -## Administrator’s Guide for <Product Name> - - -Published: *<date published>* - -*Include an executive summary overview of the product, here.* - -This guide describes how to install and use *<Product Name>*. This guide is intended for administrators and IT personnel. - -For the most current documentation for *<Product Name>*, see the *insert link here* home page. - -For the release notes for *<Product Name>*, see *insert link here*. - -### Feedback - -Send suggestions and comments about this document to . - -  - -  - - - - - diff --git a/mdop/dart-v10/dart-10-deployment-checklist.md b/mdop/dart-v10/dart-10-deployment-checklist.md deleted file mode 100644 index 51c0fb097f..0000000000 --- a/mdop/dart-v10/dart-10-deployment-checklist.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: DaRT 10 Deployment Checklist -description: DaRT 10 Deployment Checklist -author: dansimp -ms.assetid: a6b7ba27-a969-4da9-bef0-d019739413cc -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# DaRT 10 Deployment Checklist - - -This checklist can be used to help you during Microsoft Diagnostics and Recovery Toolset (DaRT) 10 deployment. - -**Note**   -This checklist outlines the recommended steps and a high-level list of items to consider when planning for product deployment. It is recommended that you copy this checklist into a spreadsheet program and customize it for your use. - - - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
TaskReferences
Checklist box

Decide on the best DaRT 10 deployment option for your requirements and deploy it.

Deploying DaRT 10 to Administrator Computers

Checklist box

Use the DaRT Recovery Image wizard to create the DaRT recovery image ISO.

Creating the DaRT 10 Recovery Image

Checklist box

Decide on the best DaRT 10 recovery image deployment option for your requirements and deploy it.

Deploying the DaRT Recovery Image

- - - -## Related topics - - -[Deploying DaRT 10](deploying-dart-10.md) - - - - - - - - - diff --git a/mdop/dart-v10/dart-10-planning-checklist.md b/mdop/dart-v10/dart-10-planning-checklist.md deleted file mode 100644 index 5db8a262f5..0000000000 --- a/mdop/dart-v10/dart-10-planning-checklist.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: DaRT 10 Planning Checklist -description: DaRT 10 Planning Checklist -author: dansimp -ms.assetid: d6482534-cdf3-4997-bec0-33d0edf6924a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# DaRT 10 Planning Checklist - - -This checklist can be used to help you plan for preparing your computing environment for Microsoft Diagnostics and Recovery Toolset (DaRT) 10 deployment. - -**Note**   -This checklist outlines the recommended steps and a high-level list of items to consider when planning for product deployment. It is recommended that you copy this checklist into a spreadsheet program and customize it for your use. - - - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
TaskReferences
Checklist box

Review the DaRT 10 Supported Configurations information to confirm that the computers you have selected for client or feature installation meet the minimum hardware and operating system requirements.

DaRT 10 Supported Configurations

Checklist box

Understand the deployment prerequisites and decide which tools to include on the DaRT recovery image.

Planning to Create the DaRT 10 Recovery Image

Checklist box

Determine which method, or methods, you will use to deploy the DaRT recovery image.

Planning How to Save and Deploy the DaRT 10 Recovery Image

- - - -## Related topics - - -[Planning for DaRT 10](planning-for-dart-10.md) - - - - - - - - - diff --git a/mdop/dart-v10/dart-10-privacy-statement.md b/mdop/dart-v10/dart-10-privacy-statement.md deleted file mode 100644 index ee32260042..0000000000 --- a/mdop/dart-v10/dart-10-privacy-statement.md +++ /dev/null @@ -1,97 +0,0 @@ ---- -title: DaRT 10 Privacy Statement -description: DaRT 10 Privacy Statement -author: dansimp -ms.assetid: 27ad36fe-6816-4fe8-8838-500c05b5b184 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# DaRT 10 Privacy Statement - - -Microsoft is committed to protecting your privacy, while delivering software that brings you the performance, power, and convenience you desire in your personal computing. This privacy statement explains many of the data collection and use practices of Microsoft Diagnostics and Recovery Toolset (“DaRT”). This disclosure focuses on features that communicate with the Internet and is not intended to be an exhaustive list. - -Microsoft Diagnostics and Recovery Toolset (“DaRT”) enables administrators to easily recover PCs that have become unusable, rapidly diagnose probable causes of issues, and quickly repair unbootable or locked-out systems, all faster than the average time it takes to reimage the machine. When necessary, you can also quickly restore critical lost files. This release provides support for Windows 10 as well as improvements on image creation and new hardware and software coverage. - -## Collection and Use of Your Information - - -The information we collect from you will be used by Microsoft and its controlled subsidiaries and affiliates to enable the features you are using and provide the service(s) or carry out the transaction(s) you have requested or authorized. It may also be used to analyze and improve Microsoft products and services. - -We may send certain mandatory service communications such as welcome letters, billing reminders, information on technical service issues, and security announcements. Some Microsoft services may send periodic member letters that are considered part of the service. We may occasionally request your feedback, invite you to participate in surveys, or send you promotional mailings to inform you of other products or services available from Microsoft and its affiliates. - -In order to offer you a more consistent and personalized experience in your interactions with Microsoft, information collected through one Microsoft service may be combined with information obtained through other Microsoft services. We may also supplement the information we collect with information obtained from other companies. For example, we may use services from other companies that enable us to derive a general geographic area based on your IP address in order to customize certain services to your geographic area. - -Except as described in this statement, personal information you provide will not be transferred to third parties without your consent. We occasionally hire other companies to provide limited services on our behalf, such as packaging, sending and delivering purchases and other mailings, answering customer questions about products or services, processing event registration, or performing statistical analysis of our services. We will only provide those companies the personal information they need to deliver the service, and they are prohibited from using that information for any other purpose. - -Microsoft may access or disclose information about you, including the content of your communications, in order to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft or our customers, including the enforcement of our agreements or policies governing your use of the services; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers, or the public. We may also disclose personal information as part of a corporate transaction such as a merger or sale of assets. - -Information that is collected by or sent to Microsoft by DaRT may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries, or service providers maintain facilities. Microsoft abides by the safe harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union, the European Economic Area, and Switzerland. - -## Collection and Use of Information about Your Computer - - -When you use software with Internet-enabled features, information about your computer ("standard computer information") is sent to the Web sites you visit and online services you use. Microsoft uses standard computer information to provide you Internet-enabled services, to help improve our products and services, and for statistical analysis. Standard computer information typically includes information such as your IP address, operating system version, browser version, and regional and language settings. In some cases, standard computer information may also include hardware ID, which indicates the device manufacturer, device name, and version. If a particular feature or service sends information to Microsoft, standard computer information will be sent as well. - -The privacy details for each DaRT feature, software or service listed in this privacy statement describe what additional information is collected and how it is used. - -## Security of your information - - -Microsoft is committed to helping protect the security of your information. We use a variety of security technologies and procedures to help protect your information from unauthorized access, use, or disclosure. For example, we store the information you provide on computer systems with limited access, which are located in controlled facilities. - -## Changes to this privacy statement - - -We will occasionally update this privacy statement to reflect changes in our products, services, and customer feedback. When we post changes, we will revise the "last updated" date at the top of this statement. If there are material changes to this statement or in how Microsoft will use your personal information, we will notify you either by posting a notice of such changes prior to implementing the change or by directly sending you a notification. We encourage you to periodically review this statement to be informed of how Microsoft is protecting your information. - -## For More Information - - -Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement or believe that we have not adhered to it, please [contact us](https://go.microsoft.com/fwlink/?LinkID=245853). - -Microsoft PrivacyMicrosoft CorporationOne Microsoft WayRedmond, Washington 98052 USA - -## Specific Features - - -## Microsoft Update - - -**What This Feature Does:** - -Microsoft Update is a service that provides Windows updates as well as updates for other Microsoft software. - -**Information Collected, Processed, or Transmitted:** - -For details about what information is collected and how it is used, see the Update Services Privacy Statement at . - -**Use of Information:** - -For details about what information is collected and how it is used, see the Update Services Privacy Statement at . - -**Choice/Control:** - -For details about controlling this feature, see the Update Services Privacy Statement at [https://go.microsoft.com/fwlink/?LinkId=244000](https://go.microsoft.com/fwlink/?LinkId=244400). - -## Related topics - - -[Security and Privacy for DaRT 10](security-and-privacy-for-dart-10.md) - -  - -  - - - - - diff --git a/mdop/dart-v10/dart-10-supported-configurations.md b/mdop/dart-v10/dart-10-supported-configurations.md deleted file mode 100644 index 0a20396771..0000000000 --- a/mdop/dart-v10/dart-10-supported-configurations.md +++ /dev/null @@ -1,307 +0,0 @@ ---- -title: DaRT 10 Supported Configurations -description: DaRT 10 Supported Configurations -author: dansimp -ms.assetid: a07d6562-1fa9-499f-829c-9cc487ede0b7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# DaRT 10 Supported Configurations - - -This topic specifies the prerequisite software and supported configurations requirements that are necessary to install and run Microsoft Diagnostics and Recovery Toolset (DaRT) 10 in your environment. Both the operating system requirements and the system requirements that are required to run DaRT 10 are specified. For information about prerequisites that you need to consider to create the DaRT recovery image, see [Planning to Create the DaRT 10 Recovery Image](planning-to-create-the-dart-10-recovery-image.md). - -For supported configurations that apply to later releases, see the documentation for the applicable release. - -You can install DaRT in one of two ways. You can install all functionality on an IT administrator computer, where you will perform all the tasks associated with running DaRT. Alternatively, you can install, on the administrator computer, only the DaRT functionality that creates the recovery image, and then install the functionality used to run DaRT (that is, the DaRT Remote Connection Viewer) on a help desk computer. - -## DaRT 10 prerequisite software - - -Make sure that the following prerequisites are met before you install DaRT. - -### Administrator computer prerequisites - -The following table lists the installation prerequisites for the administrator computer when you are installing DaRT 10 and all of the DaRT tools. - - ---- - - - - - - - - - - - - - - - - - - - - -
PrerequisiteDetails

Windows Assessment and Development Kit (ADK)

Required for the DaRT Recovery Image wizard. Contains the Deployment Tools, which are used to customize, deploy, and service Windows images, and contains the Windows Preinstallation Environment (Windows PE). The ADK is not required if you are installing only the Remote Connection Viewer and/or Crash Analyzer.

Windows Development Kit OR Software Development Kit (optional)

Crash Analyzer requires the Windows 10 Debugging Tools from the Windows Driver Kit to analyze memory dump files.

Windows 10 64-bit or 32-bit ISO image

DaRT requires the Windows Recovery Environment (Windows RE) image from the Windows 10 media. Download the 32-bit or 64-bit version of Windows 10, depending on the type of DaRT recovery image you want to create. If you support both system types in your environment, download both versions of Windows 10.

- - - -### Help desk computer prerequisites - -The following table lists the installation prerequisites for the help desk computer when you are running the DaRT 10 Remote Connection Viewer. - - ---- - - - - - - - - - - - - - - - - -
PrerequisiteDetails

DaRT 10 Remote Connection Viewer

Must be installed on a Windows 10 operating system.

Debugging Tools for Windows

Required only if you are installing the Crash Analyzer tool

- - - -### End-user computer prerequisites - -There is no prerequisite software that must be installed on end-user computers, other than the Windows 10 operating system. - -## DaRT 10 operating system requirements - - -### Administrator computer system requirements - -The following table lists the operating systems that are supported for the DaRT 10 administrator computer installation. - -**Note**   -Make sure that you allocate enough space for any additional tools that you want to install on the administrator computer. - - - -**Note**   -Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976). - - - - -------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackSystem ArchitectureOperating System RequirementsRAM Requirement for Running DaRT

Windows 10

All editions

N/A

64-bit

2 GB

2.5 GB

Windows 10

All editions

N/A

32-bit

1 GB

1.5 GB

- - - -### DaRT help desk computer system requirements - -If you allow a help desk to remotely troubleshoot computers, you must have the Remote Connection Viewer installed on the help desk computer. You can optionally install the Crash Analyzer tool on the help desk computer. - -DaRT 10 enables a help desk worker to connect to a DaRT 10 computer by using either the DaRT 7.0, DaRT 8.0, DaRt 8.1, or DaRT 10 Remote Connection Viewer. The DaRT 7.0, DaRT 8.0 and DaRt 8.1, Remote Connection Viewers require Windows 7, Windows 8, or Windows 8.1 operating systems respectively, while the DaRT 10 Remote Connection Viewer requires Windows 10. The DaRT 10 Remote Connection Viewer and all other DaRT 10 tools can be installed only on a computer running Windows 10. - -The following table lists the operating systems that are supported for the DaRT help desk computer installation. - - -------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackSystem ArchitectureOperating System RequirementsRAM Requirements for Running DaRT

Windows 10

All editions

N/A

64-bit

2 GB

2.5 GB

Windows 10 (with Remote Connection Viewer 10.0 only)

All editions

N/A

32-bit

1 GB

1.5 GB

Windows 8

All editions

N/A

64-bit

2 GB

2.5 GB

Windows 8 (with Remote Connection Viewer 8.0 only)

All editions

N/A

32-bit

1 GB

1.5 GB

Windows 7 (with Remote Connection Viewer 7.0 only)

All editions

SP1, SP2

64-bit or 32-bit

1 GB

N/A

Windows Server 2012

Standard, Enterprise, Data Center

N/A

64-bit

2 GB

1.0 GB

Windows Server 2012 R2

Standard, Enterprise, Data Center

N/A

64-bit

2 GB

1.0 GB

- - - -DaRT also has the following minimum hardware requirements for the end-user computer: - -A CD or DVD drive or a USB port - required only if you are deploying DaRT in your enterprise by using a CD, DVD, or USB. - -BIOS support for starting the computer from a CD or DVD, a USB flash drive, or from a remote or recovery partition. - -### DaRT 10 end-user computer system requirements - -The Diagnostics and Recovery Toolset window in DaRT 10 requires that the end-user computer use one of the following operating systems together with the specified amount of system memory available for DaRT: - - -------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackSystem ArchitectureOperating System RequirementsRAM Requirements

Windows 10

All editions

N/A

64-bit

2 GB

2.5 GB

Windows 10

All editions

N/A

32-bit

1 GB

1.5 GB

- - - -## Related topics - - -[Planning to Deploy DaRT 10](planning-to-deploy-dart-10.md) - - - - - - - - - diff --git a/mdop/dart-v10/deploying-dart-10-to-administrator-computers.md b/mdop/dart-v10/deploying-dart-10-to-administrator-computers.md deleted file mode 100644 index 84b8e13959..0000000000 --- a/mdop/dart-v10/deploying-dart-10-to-administrator-computers.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: Deploying DaRT 10 to Administrator Computers -description: Deploying DaRT 10 to Administrator Computers -author: dansimp -ms.assetid: c1981cbe-10f8-41f6-8989-bcc9d57a2aa8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Deploying DaRT 10 to Administrator Computers - - -Before you begin the deployment of Microsoft Diagnostics and Recovery Toolset (DaRT) 10, review the requirements for your environment. This includes the hardware requirements for installing DaRT 10. For more information about DaRT hardware and software requirements, see [DaRT 10 Supported Configurations](dart-10-supported-configurations.md). - -The topics in this section can be used to help you deploy DaRT in your enterprise based on your environment and deployment strategy. - -## Deploy DaRT 10 - - -You can use the Windows Installer file for DaRT to install DaRT on a computer that you will use to first create the DaRT recovery image and then troubleshoot and fix end-user computers. Frequently, across an organization, you might install on the administrator computer only the DaRT functionality that you need to create a DaRT recovery image. Then, on a help desk administrator’s computer, you might install only the DaRT functionality that you must have to troubleshoot a problem computer, such as the DaRT Remote Connection Viewer and the Crash Analyzer. - -In addition to manually running the Windows Installer file to install DaRT, you can also install DaRT at the command prompt to support enterprise software deployment systems such as System Center Configuration Manager 2012. - -[How to Deploy DaRT 10](how-to-deploy-dart-10.md) - -## Change, repair, or remove DaRT 10 - - -You can change, repair, or remove the DaRT installation by double-clicking the DaRT installation file and then clicking the button that corresponds to the action that you want to perform or through the Windows Control Panel. - -[How to Change, Repair, or Remove DaRT 10](how-to-change-repair-or-remove-dart-10.md) - -## How to get DaRT 10 - - -To get the DaRT software, see [How to Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049). - -## Other resources for deploying DaRT 10 to administrator computers - - -[Deploying DaRT 10](deploying-dart-10.md) - -  - -  - - - - - diff --git a/mdop/dart-v10/deploying-dart-10.md b/mdop/dart-v10/deploying-dart-10.md deleted file mode 100644 index ba270e3a87..0000000000 --- a/mdop/dart-v10/deploying-dart-10.md +++ /dev/null @@ -1,65 +0,0 @@ ---- -title: Deploying DaRT 10 -description: Deploying DaRT 10 -author: dansimp -ms.assetid: 92cf70fd-006f-4fdc-9fb3-78d9d223148d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Deploying DaRT 10 - - -Microsoft Diagnostics and Recovery Toolset (DaRT) 10 supports a number of different deployment configurations. This section includes information you should consider about the deployment of DaRT 10 and step-by-step procedures to help you successfully perform the tasks that you must complete at different stages of your deployment. - -## Deployment Information - - -- [Deploying DaRT 10 to Administrator Computers](deploying-dart-10-to-administrator-computers.md) - - This section describes the different DaRT deployment options for your requirements and explains how to deploy them. - -- [Creating the DaRT 10 Recovery Image](creating-the-dart-10-recovery-image.md) - - This section describes the methods you can use to create the DaRT recovery image and provides instructions to create the recovery image by using the DaRT Recovery Image wizard. - -- [Deploying the DaRT Recovery Image](deploying-the-dart-recovery-image-dart-10.md) - - This section provides information to help you decide on the best DaRT recovery image deployment option for your requirements and provides instructions on how to deploy the recovery image. - -- [DaRT 10 Deployment Checklist](dart-10-deployment-checklist.md) - - This section contains a deployment checklist that can help you to deploy DaRT. - -### How to get DaRT - -This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Enterprise customers can get MDOP with Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/p/?LinkId=322049) (https://go.microsoft.com/fwlink/p/?LinkId=322049). - -## Other Resources for deploying DaRT - - -[Diagnostics and Recovery Toolset 10](index.md) - -[Getting Started with DaRT 10](getting-started-with-dart-10.md) - -[Planning for DaRT 10](planning-for-dart-10.md) - -[Operations for DaRT 10](operations-for-dart-10.md) - -[Troubleshooting DaRT 10](troubleshooting-dart-10.md) - -  - -  - - - - - diff --git a/mdop/dart-v10/deploying-the-dart-recovery-image-dart-10.md b/mdop/dart-v10/deploying-the-dart-recovery-image-dart-10.md deleted file mode 100644 index 8bdf2391c1..0000000000 --- a/mdop/dart-v10/deploying-the-dart-recovery-image-dart-10.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: Deploying the DaRT Recovery Image -description: Deploying the DaRT Recovery Image -author: dansimp -ms.assetid: 2b859da6-e31a-4240-8868-93a754328cf2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploying the DaRT Recovery Image - - -After you have created the International Organization for Standardization (ISO) file that contains the Microsoft Diagnostics and Recovery Toolset (DaRT) 10 recovery image, you can deploy the DaRT 10 recovery image throughout your enterprise so that it is available to end users and help desk workers. There are four supported methods that you can use to deploy the DaRT recovery image. To review the advantages and disadvantages of each method, see [Planning How to Save and Deploy the DaRT 10 Recovery Image](planning-how-to-save-and-deploy-the-dart-10-recovery-image.md). - -Burn the ISO image file to a CD or DVD by using the DaRT Recovery Image wizard - -Save the contents of the ISO image file to a USB Flash Drive (UFD) by using the DaRT Recovery Image wizard - -Extract the boot.wim file from the ISO image and deploy as a remote partition that is available to end-user computers - -Extract the boot.wim file from the ISO image and deploy in the recovery partition of a new Windows 10 installation - -**Important**   -The **DaRT Recovery Image Wizard** provides the option to burn the image to a CD, DVD or UFD, but the other methods of saving and deploying the recovery image require additional steps that involve tools that are not included in DaRT. Some guidance and links for these other methods are provided in this section. - - - -## Deploy the DaRT recovery image as part of a recovery partition - - -After you have finished running the DaRT Recovery Image wizard and created the recovery image, you can extract the boot.wim file from the ISO image file and deploy it as a recovery partition in a Windows 10 image. - -[How to Deploy the DaRT Recovery Image as Part of a Recovery Partition](how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-10.md) - -## Deploy the DaRT recovery image as a remote partition - - -You can host the recovery image on a central network boot server, such as Windows Deployment Services, and allow users or support staff to stream the image to computers on demand. - -[How to Deploy the DaRT Recovery Image as a Remote Partition](how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-10.md) - -## Other resources for deploying the DaRT recovery image - - -[Deploying DaRT 10](deploying-dart-10.md) - - - - - - - - - diff --git a/mdop/dart-v10/diagnosing-system-failures-with-crash-analyzer-dart-10.md b/mdop/dart-v10/diagnosing-system-failures-with-crash-analyzer-dart-10.md deleted file mode 100644 index a13df573f8..0000000000 --- a/mdop/dart-v10/diagnosing-system-failures-with-crash-analyzer-dart-10.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: Diagnosing System Failures with Crash Analyzer -description: Diagnosing System Failures with Crash Analyzer -author: dansimp -ms.assetid: 7ebef49e-a294-4173-adb1-7e6994aa01ad -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Diagnosing System Failures with Crash Analyzer - - -The **Crash Analyzer** in Microsoft Diagnostics and Recovery Toolset (DaRT) 10 lets you debug a memory dump file on a Windows-based computer and then diagnose any related computer errors. The **Crash Analyzer** uses the Microsoft Debugging Tools for Windows to examine a memory dump file for the driver that caused the computer to fail. You can run the Crash Analyzer on an end-user computer or in stand-alone mode on a computer other than an end-user computer. - -## Run the Crash Analyzer on an end-user-computer - - -Typically, you run **Crash Analyzer** from the **Diagnostics and Recovery Toolset** window on an end-user computer that is experiencing the problem. The **Crash Analyzer** tries to locate the Debugging Tools for Windows on the problem computer. If the directory path dialog box is empty, you must enter the location, or browse to the location of the Debugging Tools for Windows (you can download the files from Microsoft). You must also provide a path to where the symbol files are located. - -If you included the Microsoft Debugging Tools for Windows and the symbol files when you created the DaRT 10 recovery image, the Tools and symbol files should be available when you run the **Crash Analyzer** on the problem computer. If you did not include them in the DaRT recovery image, or if disk size or network connectivity problems are preventing you from obtaining them, you can alternatively run the Crash Analyzer in stand-alone mode on a computer other than the end user’s computer, as described in the following section. - -[How to Run the Crash Analyzer on an End-user Computer](how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-10.md) - -## Run the Crash Analyzer in stand-alone mode on a computer other than an end user’s computer - - -Although you typically run **Crash Analyzer** on the end-user computer that is experiencing the problem, you can also run the Crash Analyzer in stand-alone mode, on a computer other than an end-user computer. You might choose this option if you did not include the Windows Debugging Tools in the DaRT recovery image, or if disk size or network connectivity problems are preventing you from obtaining the Debugging Tools. In this case, you can copy the dump file from the problem computer and analyze it on a computer that has the stand-alone version of **Crash Analyzer** installed, such as on a help desk agent’s computer. - -[How to Run the Crash Analyzer in Stand-alone Mode on a Computer Other than an End-user Computer](how-to-run-the-crash-analyzer-in-stand-alone-mode-on-a-computer-other-than-an-end-user-computer-dart-10.md) - -## How to ensure that Crash Analyzer can access symbol files - - -To debug applications that have stopped responding, you need access to the symbol file, which is separate from the program. Although symbol files are automatically downloaded when you run Crash Analyzer, there might be times when the problem computer does not have access to the Internet. There are several ways to ensure that you have guaranteed access to symbol files. - -[How to Ensure that Crash Analyzer Can Access Symbol Files](how-to-ensure-that-crash-analyzer-can-access-symbol-files-dart-10.md) - -## Other resources for diagnosing system failures with Crash Analyzer - - -[Operations for DaRT 10](operations-for-dart-10.md) - -  - -  - - - - - diff --git a/mdop/dart-v10/getting-started-with-dart-10.md b/mdop/dart-v10/getting-started-with-dart-10.md deleted file mode 100644 index f81b153367..0000000000 --- a/mdop/dart-v10/getting-started-with-dart-10.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: Getting Started with DaRT 10 -description: Getting Started with DaRT 10 -author: dansimp -ms.assetid: 593dd317-4fba-4d51-8a80-951590acede6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Getting Started with DaRT 10 - - -Microsoft Diagnostics and Recovery Toolset (DaRT) 10 requires thorough planning before you deploy it or use its features. If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. - ->[!NOTE] -> A downloadable version of this administrator’s guide is not available. However, you can click **Download PDF** at the bottom of the Table of Contents pane to get a PDF version of this guide. -> ->Additional information about this product can also be found on the [Diagnostics and Recovery Toolset documentation download page.](https://www.microsoft.com/download/details.aspx?id=27754) - - -## Getting started with DaRT 10 - - -- [About DaRT 10](about-dart-10.md) - - Provides information specifically related to DaRT, including what is new in DaRT 10. - -- [Overview of the Tools in DaRT 10](overview-of-the-tools-in-dart-10.md) - - Describes the tools in DaRT 10. - -- [Accessibility for DaRT 10](accessibility-for-dart-10.md) - - Provides information about features and services that make this product and its corresponding documentation more accessible for people with disabilities. - -## How to Get DaRT 10 - - -DaRT 10 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049). - -## Other resources for this product - - -[Diagnostics and Recovery Toolset 10](index.md) - -[Planning for DaRT 10](planning-for-dart-10.md) - -[Deploying DaRT 10](deploying-dart-10.md) - -[Operations for DaRT 10](operations-for-dart-10.md) - -[Troubleshooting DaRT 10](troubleshooting-dart-10.md) - - - - - - - - - diff --git a/mdop/dart-v10/how-to-change-repair-or-remove-dart-10.md b/mdop/dart-v10/how-to-change-repair-or-remove-dart-10.md deleted file mode 100644 index 8bc407173f..0000000000 --- a/mdop/dart-v10/how-to-change-repair-or-remove-dart-10.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: How to Change, Repair, or Remove DaRT 10 -description: How to Change, Repair, or Remove DaRT 10 -author: dansimp -ms.assetid: e7718c6f-06a1-48bb-b04b-1a0f659a0337 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Change, Repair, or Remove DaRT 10 - - -You can change, repair, or remove the Microsoft Diagnostics and Recovery Toolset (DaRT) 10 installation by double-clicking the DaRT 10 installation file and then clicking the button that corresponds to the action that you want to perform. - -You can also change, repair, or remove the DaRT installation using the Windows Control Panel by completing the following steps. - -## To change, repair, or remove DaRT - - -1. Click **Start**, and then click **Control Panel**. - -2. On **Control Panel**, navigate to the feature that lets you uninstall programs. - -3. Click **Microsoft Diagnostics and Recovery Toolset 10**, and then click the button that corresponds to the action that you want to perform. - -## Related topics - - -[Deploying DaRT 10 to Administrator Computers](deploying-dart-10-to-administrator-computers.md) - -  - -  - - - - - diff --git a/mdop/dart-v10/how-to-deploy-dart-10.md b/mdop/dart-v10/how-to-deploy-dart-10.md deleted file mode 100644 index f911f88b74..0000000000 --- a/mdop/dart-v10/how-to-deploy-dart-10.md +++ /dev/null @@ -1,111 +0,0 @@ ---- -title: How to Deploy DaRT 10 -description: How to Deploy DaRT 10 -author: dansimp -ms.assetid: 13e8ba20-21c3-4870-94ed-6d3106d69f21 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Deploy DaRT 10 - - -The following instructions explain how to deploy Microsoft Diagnostics and Recovery Toolset (DaRT) 10 in your environment. To get the DaRT software, see [How to Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049). It is assumed that you are installing all functionality on one administrator computer. If you need to deploy or uninstall DaRT 10 on multiple computers, using an electronic software distribution system, for example, it might be easier to use command line installation options. Descriptions and examples of the available command line options are provided in this section. - -**Important**   -Before you install DaRT, see [DaRT 10 Supported Configurations](dart-10-supported-configurations.md) to ensure that you have installed all of the prerequisite software and that the computer meets the minimum system requirements. The computer onto which you install DaRT must be running Windows 10. - - - -You can install DaRT using one of two different configurations: - -- Install DaRT and all of the DaRT tools on the administrator computer. - -- Install on the administrator computer only the tools that you need to create the DaRT recovery image, and then install the **Remote Connection Viewer** and, optionally, **Crash Analyzer** on a help desk computer. - -The DaRT installation file is available in both 32-bit and 64-bit versions. Install the version that matches the architecture of the computer on which you are running the DaRT Recovery Image wizard, not the computer architecture of the recovery image that you are creating. - -You can use either version of the DaRT installation file to create a recovery image for either 32-bit or 64-bit computers, but you cannot create one recovery image for both 32-bit and 64-bit computers. - -**To install DaRT and all DaRT tools on an administrator computer** - -1. Download the 32-bit or 64-bit version of the DaRT 10 installer file. Choose the architecture that matches the computer on which you are installing DaRT and running the DaRT Recovery Image wizard. - -2. From the folder into which you downloaded DaRT 10, run the **MSDaRT.msi** installation file that corresponds to your system requirements. - -3. On the **Welcome to the Microsoft DaRT 10 Setup Wizard** page, click **Next**. - -4. Accept the Microsoft Software License Terms, and then click **Next**. - -5. On the **Microsoft Update** page, select **Use Microsoft Update when I check for updates**, and then click **Next**. - -6. On the **Select Installation Folder** page, select a folder, or click **Next** to install DaRT in the default installation location. - -7. On the **Setup Options** page, select the DaRT features that you want to install, or click **Next** to install DaRT with all of the features. - -8. To start the installation, click **Install**. - -9. After the installation has completed successfully, click **Finish** to exit the wizard. - -## To install DaRT and all DaRT tools on an administrator computer by using a command prompt - - -When you install or uninstall DaRT, you have the option of running the installation files at the command prompt. This section describes some examples of different options that you can specify when you install or uninstall DaRT at the command prompt. - -The following example shows how to install all DaRT functionality. - -``` syntax -msiexec /i MSDaRT.msi ADDLOCAL=CommonFiles, DaRTRecoveryImage,CrashAnalyzer,RemoteViewer -``` - -The following example shows how to install only the DaRT Recovery Image wizard. - -``` syntax -msiexec /i MSDaRT.msi ADDLOCAL=CommonFiles, ,DaRTRecoveryImage -``` - -The following example shows how to install only the Crash Analyzer and the DaRT Remote Connection Viewer. - -``` syntax -msiexec /i MSDaRT.msi ADDLOCAL=CommonFiles,CrashAnalyzer,RemoteViewer -``` - -The following example creates a setup log for the Windows Installer. This is valuable for debugging. - -``` syntax -msiexec.exe /i MSDaRT.msi /l*v log.txt -``` - -**Note**   -You can add /qn or /qb to perform a silent installation. - - - -**To validate the DaRT installation** - -1. Click **Start**, and select **Diagnostics and Recovery Toolset**. - - The **Diagnostics and Recovery Toolset** window opens. - -2. Check that all of the DaRT tools that you selected for installation were successfully installed. - -## Related topics - - -[Deploying DaRT 10 to Administrator Computers](deploying-dart-10-to-administrator-computers.md) - - - - - - - - - diff --git a/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-10.md b/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-10.md deleted file mode 100644 index 8d2a4a4426..0000000000 --- a/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-10.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: How to Deploy the DaRT Recovery Image as a Remote Partition -description: How to Deploy the DaRT Recovery Image as a Remote Partition -author: dansimp -ms.assetid: 06a5e250-b992-4f6a-ad74-e7715f9e96e7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Deploy the DaRT Recovery Image as a Remote Partition - - -After you have finished running the Microsoft Diagnostics and Recovery Toolset (DaRT) 10 Recovery Image wizard and created the recovery image, you can extract the boot.wim file from the ISO image file and deploy it as a remote partition on the network. - -**To deploy DaRT 10 as a remote partition** - -1. Extract the boot.wim file from the DaRT ISO image file. - - 1. Mount the ISO image file that you created in the **Create Startup Image** dialog box by using your company’s preferred method of mounting an image. - - 2. Open the ISO image file and copy the boot.wim file from the \\sources folder in the mounted image to a location on your computer or on an external drive. - - **Note**   - If you burned a CD or DVD of the recovery image, you can open the files on the CD or DVD and copy the boot.wim file from the \\sources folder. This lets you skip the need to mount the image. - - - -2. Deploy the boot.wim file to a WDS server that can be accessed from end-user computers in your enterprise. - -3. Configure the WDS server to use the boot.wim file for DaRT by following your standard WDS deployment procedures. - -For more information about how to deploy DaRT as a remote partition, see [Walkthrough: Deploy an Image by Using PXE](https://go.microsoft.com/fwlink/?LinkId=212108) and [Windows Deployment Services Getting Started Guide](https://go.microsoft.com/fwlink/?LinkId=212106). - -## Related topics - - -[Creating the DaRT 10 Recovery Image](creating-the-dart-10-recovery-image.md) - -[Deploying the DaRT Recovery Image](deploying-the-dart-recovery-image-dart-10.md) - -[Planning for DaRT 10](planning-for-dart-10.md) - - - - - - - - - diff --git a/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-10.md b/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-10.md deleted file mode 100644 index a147d07a7b..0000000000 --- a/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-10.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: How to Deploy the DaRT Recovery Image as Part of a Recovery Partition -description: How to Deploy the DaRT Recovery Image as Part of a Recovery Partition -author: dansimp -ms.assetid: 0d2192c1-4058-49fb-b0b6-baf4699ac7f5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Deploy the DaRT Recovery Image as Part of a Recovery Partition - - -After you have finished running the Microsoft Diagnostics and Recovery Toolset (DaRT) 10 Recovery Image wizard and created the recovery image, you can extract the boot.wim file from the ISO image file and deploy it as a recovery partition in a Windows 10 image. A partition is recommended, because any corruption issues that prevent the Windows operating system from starting would also prevent the recovery image from starting. A separate partition also eliminates the need to provide the BitLocker recovery key twice. Consider hiding the partition to prevent users from storing files on it. - -**To deploy DaRT in the recovery partition of a Windows 10 image** - -1. Create a target partition in your Windows 10 image that is equal to or greater than the size of the ISO image file that you created by using the **DaRT 10 Recovery Image wizard**. - - The minimum size required for a DaRT partition is 500MB to accommodate the remote connection functionality in DaRT. - -2. Extract the boot.wim file from the DaRT ISO image file. - - 1. Using your company’s preferred method, mount the ISO image file that you created on the **Create Startup Image** page. - - 2. Open the ISO image file and copy the boot.wim file from the \\sources folder in the mounted image to a location on your computer or on an external drive. - - **Note**   - If you burned a CD, DVD, or USB of the recovery image, you can open the files on the removable media and copy the boot.wim file from the \\sources folder. If you copy boot.wim file, you don’t need to mount the image. - - - -3. Use the boot.wim file to create a bootable recovery partition by using your company’s standard method for creating a custom Windows RE image. - - For more information about how to create or customize a recovery partition, see [Customizing the Windows RE Experience](https://go.microsoft.com/fwlink/?LinkId=214222). - -4. Replace the target partition in your Windows 10 image with the recovery partition. - - For more information about how to deploy a recovery solution to reinstall the factory image in the event of a system failure, see [Deploy a System Recovery Image](https://go.microsoft.com/fwlink/?LinkId=214221). - -## Related topics - - -[Creating the DaRT 10 Recovery Image](creating-the-dart-10-recovery-image.md) - -[Deploying the DaRT Recovery Image](deploying-the-dart-recovery-image-dart-10.md) - -[Planning for DaRT 10](planning-for-dart-10.md) - - - - - - - - - diff --git a/mdop/dart-v10/how-to-ensure-that-crash-analyzer-can-access-symbol-files-dart-10.md b/mdop/dart-v10/how-to-ensure-that-crash-analyzer-can-access-symbol-files-dart-10.md deleted file mode 100644 index 4d6c8d968c..0000000000 --- a/mdop/dart-v10/how-to-ensure-that-crash-analyzer-can-access-symbol-files-dart-10.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: How to Ensure that Crash Analyzer Can Access Symbol Files -description: How to Ensure that Crash Analyzer Can Access Symbol Files -author: dansimp -ms.assetid: 39e307bd-5d21-4e44-bed6-bf532f580775 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Ensure that Crash Analyzer Can Access Symbol Files - - -Typically, debugging information is stored in a symbol file that is separate from the program. You must have access to the symbol information when you debug an application that has stopped responding. - -Symbol files are automatically downloaded when you run **Crash Analyzer**. If the computer does not have an Internet connection or the network requires the computer to access an HTTP proxy server, the symbol files cannot be downloaded. - -**To ensure that Crash Analyzer can access symbol files** - -1. **Copy the dump file to another computer.** If the symbols cannot be downloaded because of a lack of an Internet connection, copy the memory dump file to a computer that does have an Internet connection and run the stand-alone **Crash Analyzer Wizard** on that computer. - -2. **Access the symbol files from another computer.** If the symbols cannot be downloaded because of a lack of an Internet connection, you can download the symbols from a computer that does have an Internet connection and then copy them to the computer that does not have an Internet connection, or you can map a network drive to a location where the symbols are available on the local network. If you run the **Crash Analyzer** in a Windows Recovery Environment (Windows RE), you can include the symbol files on the Microsoft Diagnostics and Recovery Toolset (DaRT) 10 recovery image. - -3. **Access symbol files through an HTTP proxy server.** If the symbols cannot be downloaded because an HTTP proxy server must be accessed, use the following steps to access an HTTP proxy server. In DaRT 10, the **Crash Analyzer Wizard** has a setting available on the **Specify Symbol Files Location** dialog page, marked with the label **Proxy server (optional, using the format "server:port")**. You can use this text box to specify a proxy server. Enter the proxy address in the form **<hostname>:<port>**, where the <**hostname**> is a DNS name or IP address, and the <**port**> is a TCP port number. There are two modes in which the **Crash Analyzer** can be run. Following is how you use the proxy setting in each of these modes: - - - **Online mode:** In this mode, if the proxy server field is left blank, the wizard uses the proxy settings from Internet Options in Control Panel. If you enter a proxy address in the text box which is provided, that address will be used, and it will override the setting in the Internet Options. - - - Windows Recovery Environment (Windows RE): When you run **Crash Analyzer** from the **Diagnostics and Recovery Toolset** window, there is no default proxy address. If the computer is directly connected to the Internet, a proxy address is not required. Therefore, you can leave this field blank in the wizard setting. If the computer is not directly connected to the Internet, and it is in a network environment that has a proxy server, you must set the proxy field in the wizard to access the symbol store. The proxy address can be obtained from the network administrator. Setting the proxy server is important only when the public symbol store is connected to the Internet. If the symbols are already on the DaRT recovery image, or if they are available locally, setting the proxy server is not required. - -## Related topics - - -[Diagnosing System Failures with Crash Analyzer](diagnosing-system-failures-with-crash-analyzer-dart-10.md) - -[Operations for DaRT 10](operations-for-dart-10.md) - -  - -  - - - - - diff --git a/mdop/dart-v10/how-to-perform-dart-tasks-by-using-powershell-commands-dart-10.md b/mdop/dart-v10/how-to-perform-dart-tasks-by-using-powershell-commands-dart-10.md deleted file mode 100644 index f53350ad55..0000000000 --- a/mdop/dart-v10/how-to-perform-dart-tasks-by-using-powershell-commands-dart-10.md +++ /dev/null @@ -1,72 +0,0 @@ ---- -title: How to Perform DaRT Tasks by Using PowerShell Commands -description: How to Perform DaRT Tasks by Using PowerShell Commands -author: dansimp -ms.assetid: f5a5c5f9-d667-4c85-9e82-7baf0b2aec6e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Perform DaRT Tasks by Using PowerShell Commands - - -Microsoft Diagnostics and Recovery Toolset (DaRT) 10 provides the following listed set of Windows PowerShell cmdlets. Administrators can use these PowerShell cmdlets to perform various DaRT 10 server tasks from the command prompt rather than from the DaRT Recovery Image wizard. - -## To administer DaRT by using PowerShell commands - - -Use the PowerShell cmdlets described here to administer DaRT. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
NameDescription

Copy-DartImage

Burns an ISO to a CD, DVD, or USB drive.

Export-DartImage

Allows the source WIM file, which contains a DaRT image, to be converted into an ISO file.

New-DartConfiguration

Creates a DaRT configuration object that is needed to apply a DaRT toolset to a Windows Image.

Set-DartImage

Applies a DartConfiguration object to a mounted Windows Image. This includes adding all files, configuration, and package dependencies.

- -  - -## Related topics - - -[Administering DaRT 10 Using PowerShell](administering-dart-10-using-powershell.md) - -  - -  - - - - - diff --git a/mdop/dart-v10/how-to-recover-local-computers-by-using-the-dart-recovery-image-dart-10.md b/mdop/dart-v10/how-to-recover-local-computers-by-using-the-dart-recovery-image-dart-10.md deleted file mode 100644 index 443db6f54f..0000000000 --- a/mdop/dart-v10/how-to-recover-local-computers-by-using-the-dart-recovery-image-dart-10.md +++ /dev/null @@ -1,112 +0,0 @@ ---- -title: How to Recover Local Computers by Using the DaRT Recovery Image -description: How to Recover Local Computers by Using the DaRT Recovery Image -author: dansimp -ms.assetid: a6adc717-827c-45e8-b9c3-06d0e919e0bd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Recover Local Computers by Using the DaRT Recovery Image - - -Use these instructions to recover a computer when you are physically present at the end-user computer that is experiencing problems. - -**How to recover a local computer by using the DaRT recovery image** - -1. Boot the end-user computer by using the Microsoft Diagnostics and Recovery Toolset (DaRT) 10 recovery image. - - As the computer is booting into the DaRT 10 recovery image, the **NetStart** dialog box appears. - -2. When you are asked whether you want to initialize network services, select one of the following: - - **Yes** - it is assumed that a DHCP server is present on the network, and an attempt is made to obtain an IP address from the server. If the network uses static IP addresses instead of DHCP, you can later use the **TCP/IP Configuration** tool in DaRT to specify a static IP address. - - **No** - skip the network initialization process. - -3. Indicate whether you want to remap the drive letters. When you run Windows online, the system volume is typically mapped to drive C. However, when you run Windows offline under WinRE, the original system volume might be mapped to another drive, and this can cause confusion. If you decide to remap, DaRT tries to map the offline drive letters to match the online drive letters. Remapping is performed only if an offline operating system is selected later in the startup process. - -4. On the **System Recovery Options** dialog box, select a keyboard layout. - -5. Check the displayed system root directory, the kind of operating system installed, and the partition size. If you do not see your operating system listed, and suspect that the lack of drivers is a possible cause of the failure, click **Load Drivers** to load the suspect drivers, and then insert the installation media for the device and select the driver. - -6. Select the installation that you want to repair or diagnose, and then click **Next**. - - **Note** - If the Windows Recovery Environment (WinRE) detects or suspects that Windows 10 did not start correctly the last time that it was tried, **Startup Repair** might start to run automatically. - - - -~~~ -If any of the registry hives are corrupted or missing, Registry Editor and several other DaRT utilities will have limited functionality. If no operating system is selected, some tools will not be available. - -The **System Recovery Options** window appears and lists various recovery tools. -~~~ - -7. On the **System Recovery Options** window, click **Microsoft Diagnostics and Recovery Toolset**. - - The **Diagnostics and Recovery Toolset** window opens. You can now run any of the individual tools or wizards that were included when the DaRT recovery image was created. - -You can click **Help** on the **Diagnostics and Recovery Toolset** window to open the client Help file that provides detailed instruction and information needed to run the individual DaRT tools. You can also click the **Solution Wizard** on the **Diagnostics and Recovery Toolset** window to choose the best tool for the situation, based on a brief interview that the wizard provides. - -For general information about any of the DaRT tools, see [Overview of the Tools in DaRT 10](overview-of-the-tools-in-dart-10.md). - -**How to run DaRT at the command prompt** - -- To run DaRT at the command prompt, specify the **netstart.exe** command then use any of the following parameters: - - - - - - - - - - - - - - - - - - - - - - - - -

Parameter

Description

-network

Initializes the network services.

-remount

Remaps the drive letters.

-prompt

Displays messages that ask the end user to specify whether to initialize the network and remap the drives.

-
- Warning

The end user’s response to the prompt overrides the –network and –remount switches.

-
-
- -
- - - -## Related topics - - -[Operations for DaRT 10](operations-for-dart-10.md) - -[Recovering Computers Using DaRT 10](recovering-computers-using-dart-10.md) - - - - - - - - - diff --git a/mdop/dart-v10/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-10.md b/mdop/dart-v10/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-10.md deleted file mode 100644 index 90f2db33d1..0000000000 --- a/mdop/dart-v10/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-10.md +++ /dev/null @@ -1,207 +0,0 @@ ---- -title: How to Recover Remote Computers by Using the DaRT Recovery Image -description: How to Recover Remote Computers by Using the DaRT Recovery Image -author: dansimp -ms.assetid: c0062208-39cd-4e01-adf8-36a11386e2ea -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Recover Remote Computers by Using the DaRT Recovery Image - - -Use the Remote Connection feature in Microsoft Diagnostics and Recovery Toolset (DaRT) 10 to run the DaRT tools remotely on an end-user computer. After the end user provides the administrator or help desk worker with certain information, the IT administrator or help desk worker can take control of the end user's computer and run the necessary DaRT tools remotely. - -If you disabled the DaRT tools when you created the recovery image, you still have access to all of the tools. All of the tools, except Remote Connection, are unavailable to end users. - -**To recover a remote computer by using the DaRT recovery image** - -1. Boot an end-user computer by using the DaRT recovery image. - - You will typically use one of the following methods to boot into DaRT to recover a remote computer, depending on how you deploy the DaRT recovery image. For more information about deploying the DaRT recovery image, see [Deploying DaRT 10](deploying-dart-10.md). - - - Boot into DaRT from a recovery partition on the problem computer. - - - Boot into DaRT from a remote partition on the network. - - For information about the advantages and disadvantages of each method, see [Planning How to Save and Deploy the DaRT 10 Recovery Image](planning-how-to-save-and-deploy-the-dart-10-recovery-image.md). - - Whichever method that you use to boot into DaRT, you must enable the boot device in the BIOS for the boot option or options that you want to make available to the end user. - - **Note** - Configuring the BIOS is unique, depending on the kind of hard disk drive, network adapters, and other hardware that is used in your organization. - - - -~~~ -As the computer is booting into the DaRT recovery image, the **NetStart** dialog box appears. -~~~ - -2. When you are asked whether you want to initialize network services, select one of the following: - - **Yes** - it is assumed that a DHCP server is present on the network, and an attempt is made to obtain an IP address from the server. If the network uses static IP addresses instead of DHCP, you can later use the **TCP/IP Configuration** tool in DaRT to specify a static IP address. - - **No** - skip the network initialization process. - -3. Indicate whether you want to remap the drive letters. When you run Windows online, the system volume is typically mapped to drive C. However, when you run Windows offline under WinRE, the original system volume might be mapped to another drive, and this can cause confusion. If you decide to remap, DaRT tries to map the offline drive letters to match the online drive letters. Remapping is performed only if an offline operating system is selected later in the startup process. - -4. On the **System Recovery Options** dialog box, select a keyboard layout. - -5. Check the displayed system root directory, the kind of operating system installed, and the partition size. If you do not see your operating system listed, and suspect that the lack of drivers is a possible cause of the failure, click **Load Drivers** to load the suspect drivers, and then insert the installation media for the device and select the driver. - -6. Select the installation that you want to repair or diagnose, and then click **Next**. - - **Note** - If the Windows Recovery Environment (WinRE) detects or suspects that Windows 10 did not start correctly the last time that it was tried, **Startup Repair** might start to run automatically. For information about how to resolve this issue, see [Troubleshooting DaRT 10](troubleshooting-dart-10.md). - - - -~~~ -If any of the registry hives are corrupted or missing, Registry Editor and several other DaRT utilities will have limited functionality. If no operating system is selected, some tools will not be available. - -The **System Recovery Options** window appears and lists various recovery tools. -~~~ - -7. On the **System Recovery Options** window, click **Microsoft Diagnostics and Recovery Toolset** to open the **Diagnostics and Recovery Toolset**. - -8. On the **Diagnostics and Recovery Toolset** window, click **Remote Connection** to open the **DaRT Remote Connection** window. If you are prompted to give the help desk remote access, click **OK**. - - The DaRT Remote Connection window opens and displays a ticket number, IP address, and port information. - -9. On the help desk computer, open the **DaRT Remote Connection Viewer**. - -10. Click **Start**, click **All Programs**, click **Microsoft DaRT 10**, and then click **DaRT Remote Connection Viewer**. - -11. In the **DaRT Remote Connection** window, enter the required ticket, IP address, and port information. - - **Note** - This information is created on the end-user computer and must be provided by the end user. There might be multiple IP addresses to choose from, depending on how many are available on the end-user computer. - - - -12. Click **Connect**. - -The IT administrator now assumes control of the end-user computer and can run the DaRT tools remotely. - -**Note** -A file is provided that is named inv32.xml and contains remote connection information, such as the port number and IP address. By default, the file is typically located at %windir%\\system32. - - - -**To customize the Remote Connection process** - -1. You can customize the Remote Connection process by editing the winpeshl.ini file. For more information about how to edit the winpeshl.ini file, see [Winpeshl.ini Files](https://go.microsoft.com/fwlink/?LinkId=219413). - - Specify the following commands and parameters to customize how a remote connection is established with an end-user computer: - - - - - - - - - - - - - - - - - - - - - - - - - - -
CommandParameterDescription

RemoteRecovery.exe

-nomessage

Specifies that the confirmation prompt is not displayed. Remote Connection continues just as if the end user had responded "Yes" to the confirmation prompt.

WaitForConnection.exe

none

Prevents a custom script from continuing until either Remote Connection is not running or a valid connection is established with the end-user computer.

-
- Important

This command serves no function if it is specified independently. It must be specified in a script to function correctly.

-
-
- -
- - - -2. The following is an example of a winpeshl.ini file that is customized to open the **Remote Connection** tool as soon as an attempt is made to boot into DaRT: - - ```ini - [LaunchApps] - "%windir%\system32\netstart.exe -network -remount" - "cmd /C start %windir%\system32\RemoteRecovery.exe -nomessage" - "%windir%\system32\WaitForConnection.exe" - "%SYSTEMDRIVE%\sources\recovery\recenv.exe" - ``` - -When DaRT starts, it creates the file inv32.xml in \\Windows\\System32\\ on the RAM disk. This file contains connection information: IP address, port, and ticket number. You can copy this file to a network share to trigger a Help desk workflow. For example, a custom program can check the network share for connection files, and then create a support ticket or send email notifications. - -**To run the Remote Connection Viewer at the command prompt** - -1. To run the **DaRT Remote Connection Viewer** at the command prompt, specify the **DartRemoteViewer.exe** command and use the following parameters: - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

-ticket=<ticketnumber>

Where <ticketnumber> is the ticket number, including the dashes, that is generated by Remote Connection.

-ipaddress=<ipaddress>

Where <ipaddress> is the IP address that is generated by Remote Connection.

-port=<port>

Where <port> is the port that corresponds to the specified IP address.

- - - -~~~ -**Note** -The variables for these parameters are created on the end-user computer and must be provided by the end user. -~~~ - - - -2. If all three parameters are specified and the data is valid, a connection is immediately tried when the program starts. If any parameter is not valid, the program starts as if there were no parameters specified. - -## Related topics - - -[Operations for DaRT 10](operations-for-dart-10.md) - -[Recovering Computers Using DaRT 10](recovering-computers-using-dart-10.md) - - - - - - - - - diff --git a/mdop/dart-v10/how-to-run-the-crash-analyzer-in-stand-alone-mode-on-a-computer-other-than-an-end-user-computer-dart-10.md b/mdop/dart-v10/how-to-run-the-crash-analyzer-in-stand-alone-mode-on-a-computer-other-than-an-end-user-computer-dart-10.md deleted file mode 100644 index 1d01911abd..0000000000 --- a/mdop/dart-v10/how-to-run-the-crash-analyzer-in-stand-alone-mode-on-a-computer-other-than-an-end-user-computer-dart-10.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: How to Run the Crash Analyzer in Stand-alone Mode on a Computer Other than an End-user Computer -description: How to Run the Crash Analyzer in Stand-alone Mode on a Computer Other than an End-user Computer -author: dansimp -ms.assetid: 27c1e1c6-123a-4f8a-b7d2-5bddc9ca3249 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Run the Crash Analyzer in Stand-alone Mode on a Computer Other than an End-user Computer - - -If you cannot access the Microsoft Debugging Tools for Windows or the symbol files on the end-user computer, you can copy the dump file from the problem computer and analyze it on a computer that has the stand-alone version of Crash Analyzer installed, such as a help desk computer that contains Microsoft Diagnostics and Recovery Toolset (DaRT) 10. - -To run Crash Analyzer in stand-alone mode, you copy the memory dump file from the problem computer and analyze it on another computer, such as a help desk computer, that has the **Crash Analyzer** installed. - -**To run the Crash Analyzer in stand-alone mode** - -1. On a computer that has DaRT 10 installed, click **Start**, type **Crash Analyzer**, and then click **Crash Analyzer**. - -2. Follow the steps in the wizard, as described in [How to Run the Crash Analyzer on an End-user Computer](how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-10.md). - -## Related topics - - -[Operations for DaRT 10](operations-for-dart-10.md) - -[Diagnosing System Failures with Crash Analyzer](diagnosing-system-failures-with-crash-analyzer-dart-10.md) - -[How to Ensure that Crash Analyzer Can Access Symbol Files](how-to-ensure-that-crash-analyzer-can-access-symbol-files-dart-10.md) - -  - -  - - - - - diff --git a/mdop/dart-v10/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-10.md b/mdop/dart-v10/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-10.md deleted file mode 100644 index 7f67229645..0000000000 --- a/mdop/dart-v10/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-10.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -title: How to Run the Crash Analyzer on an End-user Computer -description: How to Run the Crash Analyzer on an End-user Computer -author: dansimp -ms.assetid: 10334800-ff8e-43ac-a9c2-d28807473ec2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Run the Crash Analyzer on an End-user Computer - - -To run **Crash Analyzer** from the **Diagnostics and Recovery Toolset** window on an end-user computer that is experiencing problems, you must have the Microsoft Debugging Tools for Windows and the symbol files installed. To download the Windows Debugging Tools, see [Debugging Tools for Windows](https://go.microsoft.com/fwlink/?LinkId=266248). - -**To run the Crash Analyzer on an end-user computer** - -1. On the **Diagnostics and Recovery Toolset** window on an end-user computer, click **Crash Analyzer**. - -2. Provide the required information for the Microsoft Debugging Tools for Windows. - -3. Provide the required information for the symbol files. For more information about symbol files, see [How to Ensure that Crash Analyzer Can Access Symbol Files](how-to-ensure-that-crash-analyzer-can-access-symbol-files-dart-10.md). - -4. Provide the required information for a memory dump file. To determine the location of the memory dump file: - - 1. Open the **System Properties** window. - - 2. Click **Start**, type **sysdm.cpl**, and then press **Enter**. - - 3. Click the **Advanced** tab. - - 4. In the **Startup and Recovery** area, click **Settings**. - - If you do not have access to the **System Properties** window, you can search for dump files on the end-user computer by using the **Search** tool in Microsoft Diagnostics and Recovery Toolset (DaRT) 10. - - The **Crash Analyzer** scans the memory dump file and reports a probable cause of the problem. You can view more information about the failure, such as the specific memory dump message and description, the drivers loaded at the time of the failure, and the full output of the analysis. - -5. Identify the appropriate strategy to resolve the problem. The strategy may require disabling or updating the device driver that caused the failure by using the **Services and Drivers** node of the **Computer Management** tool in DaRT 10. - -## Related topics - - -[Diagnosing System Failures with Crash Analyzer](diagnosing-system-failures-with-crash-analyzer-dart-10.md) - -[Operations for DaRT 10](operations-for-dart-10.md) - -  - -  - - - - - diff --git a/mdop/dart-v10/how-to-use-a-powershell-script-to-create-the-recovery-image-dart-10.md b/mdop/dart-v10/how-to-use-a-powershell-script-to-create-the-recovery-image-dart-10.md deleted file mode 100644 index 0b1feb848a..0000000000 --- a/mdop/dart-v10/how-to-use-a-powershell-script-to-create-the-recovery-image-dart-10.md +++ /dev/null @@ -1,91 +0,0 @@ ---- -title: How to Use a PowerShell Script to Create the Recovery Image -description: How to Use a PowerShell Script to Create the Recovery Image -author: dansimp -ms.assetid: cf5b0814-71a8-4f0b-b1f1-1ac6d8b51c4f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Use a PowerShell Script to Create the Recovery Image - - -## To create the DaRT recovery image by using a PowerShell script - - -You can create the Microsoft Diagnostics and Recovery Toolset (DaRT) 10 recovery image by using a PowerShell script instead of using the DaRT 10 Recovery Image wizard. See the following example script. - -`` - -`This script was auto generated by the Microsoft DaRT Recovery Image Wizard.``###``This script uses the DISM and DaRT PowerShell commands to create a bootable DaRT image.``###Both a WIM and ISO file are produced.``###``### Examples of how to burn/copy the DaRT ISO to DVD/USB are available at the end of this script.``###` - -`$ErrorActionPreference = "Stop";``### This variable tells PowerShell to stop if an error occurs.` - -`###``### Import the modules necessary for DaRT Image creation.``###` - -`Import-Module "Dism"`I`mport-Module "Microsoft.Dart"` - -`###``### Specifies where the Windows 10 media is located and where the ISO and WIM files will be saved.``### These can be changed as necessary.``###` - -`$Win10MediaPath = "D:\";``### This is the path of the Windows 10 media.``$DestinationWimPath = "C:\Users\Administrator\Desktop\DaRT10\x64\boot.wim";``### Specify where the WIM file will be saved.``$DestinationIsoPath = "C:\Users\Administrator\Desktop\DaRT10\x64\DaRT10.iso";``### Specify where the ISO will be saved.` - -`###``### These variables are used to specify temporary and output directories based on the paths above.``###` - -`$WimParentPath = (Split-Path -Path "$destinationWimPath" -Parent);``### Specify the directory where the DaRT WIM file will be saved.``$IsoParentPath = (Split-Path -Path "$destinationIsoPath" -Parent);``### This is the directory where the DaRT ISO file will be saved.``$TempMountPath = "$env:temp\DaRT10Mount_$(Get-Random)";``### Specify the temporary directory used to mount the Windows image.` - -`###``### Prepare the windows image.``###` - -`### Guarantee the output directories exists.``New-Item -Path $WimParentPath -Type Directory -Force``New-Item -Path $IsoParentPath -Type Directory -Force``New-Item -Path $TempMountPath -Type Directory -Force` - -`### Create a copy of the WIM and remove the read-only attribute.``### The WIM file will be the resulting dart image.``Copy-Item "$Win10MediaPath\sources\boot.wim" $DestinationWimPath -Force``Set-ItemProperty $DestinationWimPath -Name IsReadOnly -Value $false` - -`### Mount the bootable image within the WIM file (normally index 2).``Mount-WindowsImage -ImagePath $DestinationWimPath -Path $TempMountPath -Index 2` - -`###``### Add additional drivers to the image.``###` - -`###``### Installs the specified driver(s) into the image.``###` - -`Add-WindowsDriver -Path $TempMountPath -Driver "C:\Windows\System32\DriverStore\FileRepository``\xusb22.inf_amd64_89c20c625f14f923\xusb22.inf" -ForceUnsigned` - -`###``### Add additional drivers to the image.``###` - -`###``### Installs the specified WinPE package(s) into the image.``###` - -`Add-WindowsPackage -Path $TempMountPath -PackagePath "C:\Program Files (x86)\Windows Kits\10.0\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-Scripting.cab"``Add-WindowsPackage -Path $TempMountPath -PackagePath "C:\Program Files (x86)\Windows Kits\10.0\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-FMAPI.cab"``Add-WindowsPackage -Path $TempMountPath -PackagePath "C:\Program Files (x86)\Windows Kits\10.0\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\WinPE-Scripting_en-us.cab"``Add-WindowsPackage -Path $TempMountPath -PackagePath "C:\Program Files (x86)\Windows Kits\10.0\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-HTA.cab"``Add-WindowsPackage -Path $TempMountPath -PackagePath "C:\Program Files (x86)\Windows Kits\10.0\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\WinPE-HTA_en-us.cab"` - -`###``### Add the DaRT tools to the image.``### The New-DartConfiguration cmdlet is used to specify how the DaRT image is configured.``### Modify this statement to configure how the DaRT tools will be applied to the image.``###` - -`$config = New-DartConfiguration -AddComputerManagement -AddCrashAnalyzer -AddDiskCommander -AddExplorer -AddFileRestore -AddFileSearch -AddHotfixUninstall -AddRegistryEditor -AddRemoteConnection -AddSfcScan -AddSolutionWizard -AddTcpConfig -RemoteMessage "Test welcome message" -RemotePort 3388 -ScratchSpace 512``$config | Set-DartImage -Path $TempMountPath` - -`###``### Perform any manual user-specific customizations here.``###` - -`# Read-Host -Prompt "Script is paused for any manual customization. Press ENTER to continue"` - -`### Save the changes to the WIM file by dismounting the image.``Dismount-WindowsImage -Path $TempMountPath -Save` - -`### Create a bootable DaRT ISO.``Export-DartImage -IsoPath $DestinationIsoPath -WimPath $DestinationWimPath` - -`### The following is an example of how to burn the ISO to a writeable CD/DVD.``### Specify the correct drive letter and uncomment the statement to burn an ISO.``# Copy-DartImage -IsoPath $DestinationIsoPath -Drive "G:" -Type DVD` - -`### Removes all temporary files.``Remove-Item $TempMountPath -Force -Recurse` - -## Related topics - - -[Administering DaRT 10 Using PowerShell](administering-dart-10-using-powershell.md) - -  - -  - - - - - diff --git a/mdop/dart-v10/images/checklistbox.gif b/mdop/dart-v10/images/checklistbox.gif deleted file mode 100644 index 8af13c51d1..0000000000 Binary files a/mdop/dart-v10/images/checklistbox.gif and /dev/null differ diff --git a/mdop/dart-v10/images/mbam-logo-sm.gif b/mdop/dart-v10/images/mbam-logo-sm.gif deleted file mode 100644 index 2102b4540c..0000000000 Binary files a/mdop/dart-v10/images/mbam-logo-sm.gif and /dev/null differ diff --git a/mdop/dart-v10/index.md b/mdop/dart-v10/index.md deleted file mode 100644 index 5d88fce5c0..0000000000 --- a/mdop/dart-v10/index.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Diagnostics and Recovery Toolset 10 -description: Diagnostics and Recovery Toolset 10 -author: dansimp -ms.assetid: 64403eca-ff05-4327-ac33-bdcc96e706c8 -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 04/19/2017 ---- - - -# Diagnostics and Recovery Toolset 10 - - -Microsoft Diagnostics and Recovery Toolset (DaRT) 10 lets you diagnose and repair a computer that cannot be started or that has problems starting as expected. By using DaRT 10, you can recover end-user computers that have become unusable, diagnose probable causes of issues, and quickly repair unbootable or locked-out computers. When it is necessary, you can also quickly restore important lost files and detect and remove malware, even when the computer is not online. - -DaRT 10 lets you create a DaRT recovery image in International Organization for Standardization (ISO) and Windows Imaging (WIM) file formats and burn the image to a CD, DVD, or USB. You can then use the recovery image files and deploy them locally or to a remote partition or a recovery partition. - -DaRT 10 is an important part of the Microsoft Desktop Optimization Pack (MDOP), a dynamic solution available to Software Assurance customers that helps reduce software installation costs, enables delivery of applications as services, and helps manage and control enterprise desktop environments. - -[Getting Started with DaRT 10](getting-started-with-dart-10.md) - -[About DaRT 10](about-dart-10.md)**|**[Release Notes for DaRT 10](release-notes-for-dart-10.md)**|**[Overview of the Tools in DaRT 10](overview-of-the-tools-in-dart-10.md)**|**[Accessibility for DaRT 10](accessibility-for-dart-10.md) - -[Planning for DaRT 10](planning-for-dart-10.md) - -[Planning to Deploy DaRT 10](planning-to-deploy-dart-10.md)**|**[DaRT 10 Supported Configurations](dart-10-supported-configurations.md)**|**[Planning to Create the DaRT 10 Recovery Image](planning-to-create-the-dart-10-recovery-image.md)**|**[Planning How to Save and Deploy the DaRT 10 Recovery Image](planning-how-to-save-and-deploy-the-dart-10-recovery-image.md)**|**[DaRT 10 Planning Checklist](dart-10-planning-checklist.md) - -[Deploying DaRT 10](deploying-dart-10.md) - -[Deploying DaRT 10 to Administrator Computers](deploying-dart-10-to-administrator-computers.md)**|**[Creating the DaRT 10 Recovery Image](creating-the-dart-10-recovery-image.md)**|**[Deploying the DaRT Recovery Image](deploying-the-dart-recovery-image-dart-10.md)**|**[DaRT 10 Deployment Checklist](dart-10-deployment-checklist.md) - -[Operations for DaRT 10](operations-for-dart-10.md) - -[Recovering Computers Using DaRT 10](recovering-computers-using-dart-10.md)**|**[Diagnosing System Failures with Crash Analyzer](diagnosing-system-failures-with-crash-analyzer-dart-10.md)**|**[Security and Privacy for DaRT 10](security-and-privacy-for-dart-10.md)**|**[Administering DaRT 10 Using PowerShell](administering-dart-10-using-powershell.md) - -[Troubleshooting DaRT 10](troubleshooting-dart-10.md) - -### More Information - -[How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) -Get information about how to download DaRT. - -[Release Notes for DaRT 10](release-notes-for-dart-10.md) -View updated product information and known issues for DaRT 10. - -[MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286) -Learn about the latest MDOP information and resources. - -[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) -Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447). - -  - -  - - - - - diff --git a/mdop/dart-v10/operations-for-dart-10.md b/mdop/dart-v10/operations-for-dart-10.md deleted file mode 100644 index 6e12927ca8..0000000000 --- a/mdop/dart-v10/operations-for-dart-10.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: Operations for DaRT 10 -description: Operations for DaRT 10 -author: dansimp -ms.assetid: 1776d5ed-96c6-4841-a097-721d8cf5c7f7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Operations for DaRT 10 - - -This section includes information about the various types of Microsoft Diagnostics and Recovery Toolset (DaRT) 10 administration and operating tasks that are typically performed by an administrator. This section also includes step-by-step procedures to help you successfully perform those tasks. - -## Operations information - - -- [Recovering Computers Using DaRT 10](recovering-computers-using-dart-10.md) - - This section provides instructions on how to use DaRT 10 to recover local or remote computers by using the DaRT recovery image. - -- [Diagnosing System Failures with Crash Analyzer](diagnosing-system-failures-with-crash-analyzer-dart-10.md) - - This section explains how to open and run the Crash Analyzer on either an end-user or non-end-user computer to debug a memory dump file and then diagnose computer errors. - -- [Security and Privacy for DaRT 10](security-and-privacy-for-dart-10.md) - - This section describes measures for maintaining security while using DaRT. - -- [Administering DaRT 10 Using PowerShell](administering-dart-10-using-powershell.md) - - This section lists the Windows PowerShell commands that administrators can use to perform various DaRT tasks. - -## Other resources for DaRT 10 operations - - -[Diagnostics and Recovery Toolset 10](index.md) - -[Getting Started with DaRT 10](getting-started-with-dart-10.md) - -[Planning for DaRT 10](planning-for-dart-10.md) - -[Deploying DaRT 10](deploying-dart-10.md) - -[Troubleshooting DaRT 10](troubleshooting-dart-10.md) - -  - -  - - - - - diff --git a/mdop/dart-v10/overview-of-the-tools-in-dart-10.md b/mdop/dart-v10/overview-of-the-tools-in-dart-10.md deleted file mode 100644 index d5908052a6..0000000000 --- a/mdop/dart-v10/overview-of-the-tools-in-dart-10.md +++ /dev/null @@ -1,148 +0,0 @@ ---- -title: Overview of the Tools in DaRT 10 -description: Overview of the Tools in DaRT 10 -author: dansimp -ms.assetid: 752467dd-b646-4335-82ce-9090d4651f65 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Overview of the Tools in DaRT 10 - - -From the **Diagnostics and Recovery Toolset** window in Microsoft Diagnostics and Recovery Toolset (DaRT) 10, you can start any of the individual tools that you include when you create the DaRT 10 recovery image. For information about how to access the **Diagnostics and Recovery Toolset** window, see [How to Recover Local Computers by Using the DaRT Recovery Image](how-to-recover-local-computers-by-using-the-dart-recovery-image-dart-10.md). - -If it is available, you can use the **Solution Wizard** on the **Diagnostics and Recovery Toolset** window to select the tool that best addresses your particular issue, based on a brief interview that the wizard provides. - -## Exploring the DaRT tools - - -A description of the DaRT 10 tools follows. - -### Computer Management - -**Computer Management** is a collection of Windows administrative tools that help you troubleshoot a problem computer. You can use the **Computer Management** tools in DaRT to view system information and event logs, manage disks, list autoruns, and manage services and drivers. The **Computer Management** console is customized to help you diagnose and repair problems that might be preventing the Windows operating system from starting. - -**Note**   -The recovery of dynamic disks with DaRT is not supported. - - - -### Crash Analyzer - -Use the **Crash Analyzer Wizard** to quickly determine the cause of a computer failure by analyzing the memory dump file on the Windows operating system that you are repairing. **Crash Analyzer** examines the memory dump file for the driver that caused a computer to fail. You can then disable the problem device driver by using the **Services and Drivers** node in the **Computer Management** tool. - -The **Crash Analyzer Wizard** requires the Debugging Tools for Windows and symbol files for the operating system that you are repairing. You can include both requirements when you create the DaRT recovery image. If they are not included on the recovery image and you do not have access to them on the computer that you are repairing, you can copy the memory dump file to another computer and use the stand-alone version of **Crash Analyzer** to diagnose the problem. - -Running **Crash Analyzer** is a good idea even if you plan to reimage the computer. The image could have a defective driver that is causing problems in your environment. By running **Crash Analyzer**, you can identify problem drivers and improve the image stability. - -For more information about **Crash Analyzer**, see [Diagnosing System Failures with Crash Analyzer](diagnosing-system-failures-with-crash-analyzer-dart-10.md). - -### Disk Commander - -**Disk Commander** lets you recover and repair disk partitions or volumes by using one of the following recovery processes: - -- Restore the master boot record (MBR) - -- Recover one or more lost volumes - -- Restore partition tables from **Disk Commander** backup - -- Save partition tables to **Disk Commander** backup - -**Warning**   -We recommend that you back up a disk before you use **Disk Commander** to repair it. By using **Disk Commander**, you can potentially damage volumes and make them inaccessible. Additionally, changes to one volume can affect other volumes because volumes on a disk share a partition table. - - - -**Note**   -The recovery of dynamic disks with DaRT is not supported. - - - -### Disk Wipe - -You can use **Disk Wipe** to delete all data from a disk or volume, even the data that is left behind after you reformat a hard disk drive. **Disk Wipe** lets you select from either a single-pass overwrite or a four-pass overwrite, which meets current U.S. Department of Defense standards. - -**Warning**   -After wiping a disk or volume, you cannot recover the data. Verify the size and label of a volume before erasing it. - - - -### Explorer - -The **Explorer** tool lets you browse the computer’s file system and network shares so that you can remove important data that the user stored on the local drive before you try to repair or reimage the computer. And because you can map drive letters to network shares, you can easily copy and move files from the computer to the network for safekeeping or from the network to the computer to restore them. - -### File Restore - -**File Restore** lets you try to restore files that were accidentally deleted or that were too big to fit in the Recycle Bin. **File Restore** is not limited to regular disk volumes, but can find and restore files on lost volumes or on volumes that are encrypted by BitLocker. - -**Note**   -The recovery of dynamic disks with DaRT is not supported. - - - -### File Search - -Before reimaging a computer, recovering files from the local hard disk is important, especially when the user might not have backed up or stored the files elsewhere. - -The **Search** tool opens a **File Search** window that you can use to find documents when you do not know the file path or to search for general kinds of files across all local hard disks. You can search for specific file-name patterns in specific paths. You can also limit results to a date range or size range. - -### Hotfix Uninstall - -The **Hotfix Uninstall Wizard** lets you remove hotfixes or service packs from the Windows operating system on the computer that you are repairing. Use this tool when a hotfix or service pack is suspected in preventing the operating system from starting. - -We recommend that you uninstall only one hotfix at a time, even though the tool lets you uninstall more than one. - -**Important**   -Programs that were installed or updated after a hotfix was installed might not work correctly after you uninstall a hotfix. - - - -### Locksmith - -The **Locksmith Wizard** lets you set or change the password for any local account on the Windows operating system that you are analyzing or repairing. You do not have to know the current password. However, the password that you set must comply with any requirements that are defined by a local Group Policy Object. This includes password length and complexity. - -You can use **Locksmith** when the password for a local account, such as the local Administrator account, is unknown. You cannot use **Locksmith** to set passwords for domain accounts. - -### Registry Editor - -You can use **Registry Editor** to access and change the registry of the Windows operating system that you are analyzing or repairing. This includes adding, removing, and editing keys and values, and importing registry (.reg) files. - -**Warning**   -Serious problems can occur if you change the registry incorrectly by using **Registry Editor**. These problems might require you to reinstall the operating system. Before you make changes to the registry, you should back up any valued data on the computer. Change the registry at your own risk. - - - -### SFC Scan - -The **SFC Scan** tool starts the **System File Repair Wizard** and lets you repair system files that are preventing the installed Windows operating system from starting. The **System File Repair Wizard** can automatically repair system files that are corrupted or missing, or it can prompt you before it performs any repairs. - -### Solution Wizard - -The **Solution Wizard** presents a series of questions and then recommends the best tool for the situation, based on your answers. This wizard helps you determine which tool to use when you are not familiar with the tools in DaRT. - -### TCP/IP Config - -When you boot a problem computer into DaRT, it is set to automatically obtain its TCP/IP configuration (IP address and DNS server) from Dynamic Host Configuration Protocol (DHCP). If DHCP is unavailable, you can manually configure TCP/IP by using the **TCP/IP Config** tool. You first select a network adapter, and then configure the IP address and DNS server for that adapter. - -## Related topics - - -[Getting Started with DaRT 10](getting-started-with-dart-10.md) - - - - - - - - - diff --git a/mdop/dart-v10/planning-for-dart-10.md b/mdop/dart-v10/planning-for-dart-10.md deleted file mode 100644 index d907bb9ecc..0000000000 --- a/mdop/dart-v10/planning-for-dart-10.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: Planning for DaRT 10 -description: Planning for DaRT 10 -author: dansimp -ms.assetid: 2ca0249a-6a9f-4b4e-91f1-f1b34be7b16c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning for DaRT 10 - - -The goal of deployment planning is to successfully and efficiently deploy Microsoft Diagnostics and Recovery Toolset (DaRT) 10 so that it does not disrupt your users or the network. - -Before you deploy DaRT 10, you should consider the different deployment configurations and prerequisites. This section includes information that can help you gather the information to formulate a deployment plan that best meets your business requirements. - -## Planning information - - -- [Planning to Deploy DaRT 10](planning-to-deploy-dart-10.md) - - There are several deployment configurations and prerequisites that you must consider before you create your deployment plan. This section includes information that can help you gather the information that you must have to formulate a deployment plan that best meets your business requirements. - -- [DaRT 10 Planning Checklist](dart-10-planning-checklist.md) - - This checklist can assist you in preparing your computing environment for the DaRT deployment. - -## Other resources for DaRT planning - - -[Diagnostics and Recovery Toolset 10](index.md) - -[Getting Started with DaRT 10](getting-started-with-dart-10.md) - -[Deploying DaRT 10](deploying-dart-10.md) - -[Operations for DaRT 10](operations-for-dart-10.md) - -[Troubleshooting DaRT 10](troubleshooting-dart-10.md) - -  - -  - - - - - diff --git a/mdop/dart-v10/planning-how-to-save-and-deploy-the-dart-10-recovery-image.md b/mdop/dart-v10/planning-how-to-save-and-deploy-the-dart-10-recovery-image.md deleted file mode 100644 index f76a87d4d5..0000000000 --- a/mdop/dart-v10/planning-how-to-save-and-deploy-the-dart-10-recovery-image.md +++ /dev/null @@ -1,97 +0,0 @@ ---- -title: Planning How to Save and Deploy the DaRT 10 Recovery Image -description: Planning How to Save and Deploy the DaRT 10 Recovery Image -author: dansimp -ms.assetid: 9a3e5413-2621-49ce-8bd2-992616691703 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning How to Save and Deploy the DaRT 10 Recovery Image - - -You can save and deploy the Microsoft Diagnostics and Recovery Toolset (DaRT) 10 recovery image by using the following methods. When you are determining the method that you will use, consider the advantages and disadvantages of each. You should also consider your infrastructure and support staff. If you have a small infrastructure, you might want to deploy DaRT 10 by using removable media, since the recovery image will always be available if you install it to the local hard drive. - -If your organization uses Active Directory Domain Services (AD DS), you may want to deploy recovery images as a network service by using Windows DS. Recovery images are always available to any connected computer. You can deploy multiple images from Windows DS and maintain them all in one place. - -**Note**   -You may want to use more than one method in your organization. For example, you can boot into DaRT from a remote partition for most situations and have a USB flash drive available in case the end-user computer cannot connect to the network. - - - -The following table shows some advantages and disadvantages of each method of using DaRT in your organization. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
Method to Boot into DaRTAdvantagesDisadvantages

Removable Media

-

The recovery image is written to a CD, DVD, or USB drive to enable support staff to take the recovery tools with them to the unstable computer.

Supports scenarios in which the master boot record (MBR) is corrupted and you cannot access the hard disk and supports cases in which there is no network connection.

-

Enables you to create multiple recovery images with different tools to provide different levels of support.

-

Provides a built-in tool for burning recovery images to removable media.

Requires that support staff are physically at the end-user computer to boot into DaRT.

-

Requires time and maintenance to create multiple media with different configurations for 32-bit and 64-bit computers.

From a remote (network) partition

-

The recovery image is hosted on a network boot server like Windows Deployment Services (Windows DS), which allows users or support staff to stream it to computers on demand.

Available to all computers that have access to the network boot server.

-

Recovery images are hosted on a central server, which enables centralized updates.

-

Centralized help desk staff can provide repairs by using remote connectivity.

-

No local storage requirement on the clients.

-

Ability to create multiple recovery images with different tools for specific support levels.

The need to secure Windows DS infrastructure to ensure that regular users can start only the DaRT recovery image and not the full operating system imaging process.

-

-

-

Requires that the end-user computer is connected to the network at runtime.

-

Requires that the recovery image is brought across the network.

From a recovery partition on the local hard drive

-

The recovery image is installed on a local hard drive either manually or by using electronic software distribution systems like System Center Configuration Manager.

The recovery image is always available because it is pre-staged on the computer.

-

Centralized help desk staff can provide support by using Remote Connection.

-

The recovery image is centrally managed and deployed.

-

Additional recovery key requests on computers that are protected by Windows BitLocker drive encryption are eliminated.

Local storage is required.

-

A dedicated, unencrypted partition for recovery image placement is recommended to reduce the risk of a failed boot partition.

-

When updating DaRT, you must update all computers in your enterprise instead of just one partition (on the network) or removable device.

-

Additional consideration is required if you deploy the recovery image after BitLocker has been enabled.

- - - -## Related topics - - -[Planning to Deploy DaRT 10](planning-to-deploy-dart-10.md) - - - - - - - - - diff --git a/mdop/dart-v10/planning-to-create-the-dart-10-recovery-image.md b/mdop/dart-v10/planning-to-create-the-dart-10-recovery-image.md deleted file mode 100644 index 7089ba0bff..0000000000 --- a/mdop/dart-v10/planning-to-create-the-dart-10-recovery-image.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: Planning to Create the DaRT 10 Recovery Image -description: Planning to Create the DaRT 10 Recovery Image -author: dansimp -ms.assetid: a0087d93-b88f-454b-81b2-3c7ce3718023 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Planning to Create the DaRT 10 Recovery Image - - -Use the information in this section when you are planning to create the Microsoft Diagnostics and Recovery Toolset (DaRT) 10 recovery image. - -## Planning to create the DaRT 10 recovery image - - -When you create the DaRT recovery image, you have to decide which tools to include on the image. To make the decision, consider that end users may have access to those tools. If support engineers will take the recovery image media to end users’ computers to diagnose issues, you may want to install all of the tools on the recovery image. If you plan to diagnose end user’s computers remotely, you may want to disable some of the tools, such as Disk Wipe and Registry Editor, and then enable other tools, including Remote Connection. - -When you create the DaRT recovery image, you will also specify whether you want to include additional drivers or files. Determine the locations of any additional drivers or files that you want to include on the DaRT recovery image. - -For more information about the DaRT tools, see [Overview of the Tools in DaRT 10](overview-of-the-tools-in-dart-10.md). For more information about how to help create a secure recovery image, see [Security Considerations for DaRT 10](security-considerations-for-dart-10.md). - -## Prerequisites for the recovery image - - -The following items are required or recommended for creating the DaRT recovery image: - - ---- - - - - - - - - - - - - - - - - - - -

Prerequisite

Details

Windows 10 source files

Required to create the DaRT recovery image. Provide the path of a Windows 10 DVD or of Windows 10 source files.

Windows Debugging Tools for your platform

Required when you run the Crash Analyzer to determine the cause of a computer failure. We recommend that you specify the path of the Windows Debugging Tools at the time that you create the DaRT recovery image. You can download the Windows Debugging Tools here: Download and Install Debugging Tools for Windows.

Optional: Windows symbols files for use with Crash Analyzer

Typically, debugging information is stored in a symbol file that is separate from the program. You must have access to the symbol information when you debug an application that has stopped responding, for example, if it stopped working. For more information, see Diagnosing System Failures with Crash Analyzer.

- - - -## Related topics - -[Planning to Deploy DaRT 10](planning-to-deploy-dart-10.md) - - - - - - - - diff --git a/mdop/dart-v10/planning-to-deploy-dart-10.md b/mdop/dart-v10/planning-to-deploy-dart-10.md deleted file mode 100644 index a3f8fabb1c..0000000000 --- a/mdop/dart-v10/planning-to-deploy-dart-10.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: Planning to Deploy DaRT 10 -description: Planning to Deploy DaRT 10 -author: dansimp -ms.assetid: 32a39e97-a889-4aae-982c-b85cdc3d9134 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning to Deploy DaRT 10 - - -You should consider all of the different deployment configurations and prerequisites before you create your deployment plan. This section includes information that can help you gather the information that you must have to formulate a deployment plan that best meets your business requirements. - -## Review the DaRT 10 software prerequisites and supported configurations - - -After preparing your computing environment for DaRT 10 installation, make sure that you review the prerequisite software to install and the supported configurations to confirm that the selected computers for the installation meet the minimum hardware and operating system requirements. For information about prerequisites that you need to consider to create the DaRT recovery image, see [Planning to Create the DaRT 10 Recovery Image](planning-to-create-the-dart-10-recovery-image.md). - -[DaRT 10 Supported Configurations](dart-10-supported-configurations.md) - -## Plan for creating the DaRT 10 recovery image - - -Before you start to create the DaRT recovery image, you need to consider possible security issues, the tools that you want to include on the recovery image, and the prerequisite software that you need to install. - -[Planning to Create the DaRT 10 Recovery Image](planning-to-create-the-dart-10-recovery-image.md) - -## Plan how to save and deploy the DaRT recovery image - - -There are several methods that you can use to save and deploy the DaRT recovery image. Before you start to create the recovery image, review the advantages and disadvantages of each method and consider how you want to use DaRT in your enterprise. - -[Planning How to Save and Deploy the DaRT 10 Recovery Image](planning-how-to-save-and-deploy-the-dart-10-recovery-image.md) - -## Other resources for planning to deploy DaRT 10 - - -[Planning for DaRT 10](planning-for-dart-10.md) - -  - -  - - - - - diff --git a/mdop/dart-v10/recovering-computers-using-dart-10.md b/mdop/dart-v10/recovering-computers-using-dart-10.md deleted file mode 100644 index a8d8499941..0000000000 --- a/mdop/dart-v10/recovering-computers-using-dart-10.md +++ /dev/null @@ -1,76 +0,0 @@ ---- -title: Recovering Computers Using DaRT 10 -description: Recovering Computers Using DaRT 10 -author: dansimp -ms.assetid: 2ad7fab0-c22d-4171-8b5a-b2b7d7c0ad2d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Recovering Computers Using DaRT 10 - - -After deploying the Microsoft Diagnostics and Recovery Toolset (DaRT) 10 recovery image, you can use DaRT 10 to recover computers. The information in this section describes the recovery tasks that you can perform. - -You have several different methods to choose from to boot into DaRT, depending on how you deploy the DaRT recovery image. - -- Insert a DaRT recovery image CD, DVD, or USB flash drive into the problem computer and use it to boot into the computer. - -- Boot into DaRT from a recovery partition on the problem computer. - -- Boot into DaRT from a remote partition on the network. - -For information about the advantages and disadvantages of each method, see [Planning How to Save and Deploy the DaRT 10 Recovery Image](planning-how-to-save-and-deploy-the-dart-10-recovery-image.md). - -Whichever method that you use to boot into DaRT, you must enable the boot device in the BIOS for the boot option or options that you want to make available to the end user. - -**Note**   -Configuring the BIOS is unique, depending on the kind of hard disk drive, network adapters, and other hardware that is used in your organization. - - - -## Recover a local computer by using the DaRT recovery image - - -To recover a local computer by using DaRT, you must be physically present at the end-user computer that is experiencing problems that require DaRT. - -[How to Recover Local Computers by Using the DaRT Recovery Image](how-to-recover-local-computers-by-using-the-dart-recovery-image-dart-10.md) - -## Recover a remote computer by using the DaRT recovery image - - -The Remote Connection feature in DaRT lets an IT administrator run the DaRT tools remotely on an end-user computer. After certain information is provided by the end user (or by a help desk professional working on the end-user computer), the IT administrator or help desk worker can take control of the end user's computer and run the necessary DaRT tools remotely. - -**Important**   -The two computers establishing a remote connection must be part of the same network. - - - -The **Diagnostics and Recovery Toolset** window includes the option to run DaRT on an end-user computer remotely from an administrator computer. The end user opens the DaRT tools on the problem computer and starts the remote session by clicking **Remote Connection**. - -The Remote Connection feature on the end-user computer creates the following connection information: a ticket number, a port, and a list of all available IP addresses. The ticket number and port are generated randomly. - -The IT administrator or help desk worker enters this information into the **DaRT Remote Connection Viewer** to establish the terminal services connection to the end-user computer. The terminal services connection that is established lets an IT administrator remotely interact with the DaRT tools on the end-user computer. The end-user computer then processes the connection information, shares its screen, and responds to instructions from the IT administrator computer. - -[How to Recover Remote Computers by Using the DaRT Recovery Image](how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-10.md) - -## Other resources for recovering computers using DaRT 10 - - -[Operations for DaRT 10](operations-for-dart-10.md) - - - - - - - - - diff --git a/mdop/dart-v10/release-notes-for-dart-10.md b/mdop/dart-v10/release-notes-for-dart-10.md deleted file mode 100644 index 422e6479b3..0000000000 --- a/mdop/dart-v10/release-notes-for-dart-10.md +++ /dev/null @@ -1,77 +0,0 @@ ---- -title: Release Notes for DaRT 10 -description: Release Notes for DaRT 10 -author: dansimp -ms.assetid: eb996980-f9c4-42cb-bde9-6b3d4b82b58c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Release Notes for DaRT 10 - - -**To search these release notes, press CTRL+F.** - -Read these release notes thoroughly before you install Microsoft Diagnostics and Recovery Toolset (DaRT) 10. - -These release notes contain information that is required to successfully install Diagnostics and Recovery Toolset 10. The release notes also contain information that is not available in the product documentation. If there is a difference between these release notes and other DaRT documentation, the latest change should be considered authoritative. These release notes supersede the content that is included with this product. - -## Known issues with DaRT 10 - - -### Disk Commander is unable to repair a corrupt master boot record in a physical partition in Windows 10 - -In Windows 10, the “Restore the Master Boot Record (MBR) or the header of the GUID Partition Table (GPT)” option in Disk Commander is unable to repair a corrupt master boot record in a physical partition, and therefore is unable to boot the client computer. - -**Workaround:** Start **Startup Repair**, click **Troubleshoot**, click **Advanced options**, and then click **Start repair**. - -### Multiple instances of Disk Wipe that target the same drive cause all instances except the last one to report a failure - -If you start multiple instances of Disk Wipe, and then try to wipe the same drive by using two separate Disk Wipe instances, all instances except the last one report a failure to wipe the drive. - -**Workaround:** None. - -### Disk Wipe may not clear all data on solid-state drives that have flash memory - -If you use Disk Wipe to clear data on a solid-state drive (SSD) that has flash memory, all of the data may not be erased. This issue occurs because the SSD firmware controls the physical location of writes while Disk Wipe is running. - -**Workaround:** None. - -### System restore fails when you run Locksmith Wizard or Registry Editor - -If you run Locksmith Wizard, Registry Editor, and possibly other tools, System Restore fails. - -**Workaround:** Close and restart DaRT, and then start System Restore. - -### System File Checker (SFC) Scan fails to run after you start and close Locksmith Wizard or Computer Management - -If you start and then close Locksmith Wizard or tools in Computer Management, System File Checker fails to run. - -**Workaround:** Close and restart DaRT, and then start System File Checker. - -### DaRT installer does not fail when the Windows Assessment and Deployment Kit is not installed - -If you install DaRT 10 by using the command line to run the Windows Installer (.msi), and the Windows Assessment and Deployment Kit (Windows ADK) has not been installed, the DaRT installation should fail. Currently, the DaRT 10 installer installs all components except the DaRT recovery image. - -**Workaround:** None. - -## Related topics - - -[About DaRT 10](about-dart-10.md) - -  - -  - - - - - diff --git a/mdop/dart-v10/security-and-privacy-for-dart-10.md b/mdop/dart-v10/security-and-privacy-for-dart-10.md deleted file mode 100644 index 8a01341fe5..0000000000 --- a/mdop/dart-v10/security-and-privacy-for-dart-10.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: Security and Privacy for DaRT 10 -description: Security and Privacy for DaRT 10 -author: dansimp -ms.assetid: 9ce5d555-c4e9-4482-a147-27b26579c935 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Security and Privacy for DaRT 10 - - -Use the following information to help you plan for security and privacy considerations in Microsoft Diagnostics and Recovery Toolset (DaRT) 10. - -## Security considerations for DaRT 10 - - -There are several security-related considerations that you should plan for when deploying and using DaRT in your environment. The information in this section provides a brief overview about the security-related considerations for DaRT. - -[Security Considerations for DaRT 10](security-considerations-for-dart-10.md) - -## Privacy considerations for DaRT 10 - - -The information in this section explains many of the data collection and use practices of DaRT. - -[DaRT 10 Privacy Statement](dart-10-privacy-statement.md) - -## Other resources for DaRT 10 security and privacy - - -[Operations for DaRT 10](operations-for-dart-10.md) - -  - -  - - - - - diff --git a/mdop/dart-v10/security-considerations-for-dart-10.md b/mdop/dart-v10/security-considerations-for-dart-10.md deleted file mode 100644 index 41712c5ad9..0000000000 --- a/mdop/dart-v10/security-considerations-for-dart-10.md +++ /dev/null @@ -1,74 +0,0 @@ ---- -title: Security Considerations for DaRT 10 -description: Security Considerations for DaRT 10 -author: dansimp -ms.assetid: c653daf1-f12a-4667-98cc-f0c89fa38e3f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Security Considerations for DaRT 10 - - -This topic contains a brief overview about the accounts and groups, log files, and other security-related considerations for Microsoft Diagnostics and Recovery Toolset (DaRT) 10. For more information, follow the links within this article. - -## General security considerations - - -**Understand the security risks**. DaRT 10 includes functionality that lets an administrator or a help desk worker run the DaRT tools remotely to resolve problems on an end-user computer. In addition, you can save the International Organization for Standardization (ISO) image to a USB flash drive or put the ISO image on a network to include its contents as a recovery partition on a computer’s hard disk. These capabilities provide flexibility, but also create potential security risks that you should consider when configuring DaRT. - -**Physically secure your computers**. When administrators and help desk workers are not physically at their computers, they should lock their computers and use a secured screen saver. - -**Apply the most recent security updates to all computers**. Stay informed about new updates for operating systems by subscribing to the Security Notification service (). - -## Limit end-user access to DaRT tools - - -When you are creating the DaRT recovery image, you can select the tools that you want to include. For security reasons, you might want to restrict end-user access to the more powerful DaRT tools, such as Disk Wipe and Locksmith. In DaRT 10, you can disable certain tools during configuration and still make them available to help desk workers when the end user starts the Remote Connection feature. - -You can even configure the DaRT image so that the option to start a remote connection session is the only tool available to an end user. - -**Important**   -After the remote connection is established, all the tools that you included in the recovery image, including those unavailable to the end user, will become available to any help desk worker who is working on the end–user computer. - - - -For more information about including tools in the DaRT recovery image, see [Overview of the Tools in DaRT 10](overview-of-the-tools-in-dart-10.md). - -## Secure the DaRT recovery image - - -If you deploy the DaRT recovery image by saving it to a USB flash drive or by creating a remote partition or a recovery partition, you might want to include your company’s preferred method of drive encryption on the ISO. Encrypting the ISO helps to ensure that end users cannot use DaRT functionality if they were to gain access to the recovery image, and it ensures that unauthorized users cannot boot into DaRT on computers that belong to someone else. If you use an encryption method, be sure to deploy and enable it in all computers. - -**Note**   -DaRT 10 supports BitLocker natively. - - - -To include drive encryption, add the encryption solution files when you create the recovery image. Your encryption solution must be able to run on WinPE. End users who boot from the ISO are then able to access that encryption solution and unblock the drive. - -## Maintain security between two computers when you use Remote Connection - - -By default, the communication between two computers that have established a **Remote Connection** session may not be encrypted. Therefore, to help maintain security between the two computers, we recommend that both computers are a part of the same network. - -## Related topics - - -[Security and Privacy for DaRT 10](security-and-privacy-for-dart-10.md) - - - - - - - - - diff --git a/mdop/dart-v10/troubleshooting-dart-10.md b/mdop/dart-v10/troubleshooting-dart-10.md deleted file mode 100644 index 2ba6f1ddfb..0000000000 --- a/mdop/dart-v10/troubleshooting-dart-10.md +++ /dev/null @@ -1,92 +0,0 @@ ---- -title: Troubleshooting DaRT 10 -description: Troubleshooting DaRT 10 -author: dansimp -ms.assetid: 76d42a00-3f6b-4730-8857-39fe49535d37 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Troubleshooting DaRT 10 - - -Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905). - -## How to find troubleshooting content - - -You can use the following information to find troubleshooting or additional technical content for this product. - -### Search the MDOP documentation - -The first step to find help content in the Administrator’s Guide is to search the MDOP documentation on TechNet. - -After you search the MDOP documentation, your next step would be to search the troubleshooting information for the product in the TechNet Wiki. - -**To search the MDOP product documentation** - -1. Use a web browser to navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page. - -2. Enter applicable search terms in the **Search TechNet with Bing** search box at the top of the MDOP Information Experience home page. - -3. Review the search results for assistance. - -**To search the TechNet wiki** - -1. Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page. - -2. Enter applicable search terms in the **Search TechNet Wiki** search box on the TechNet Wiki home page. - -3. Review the search results for assistance. - -## How to create a troubleshooting article - - -If you have a troubleshooting tip or a best practice to share that is not already included in the MDOP OnlineHelp or TechNet Wiki, you can create your own TechNet Wiki articles. - -**To create a TechNet Wiki troubleshooting or best practices article** - -1. Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page. - -2. Log in with your Windows Live ID. - -3. Review the **Getting Started** section to learn the basics of the TechNet Wiki and its articles. - -4. Select **Post an article >>** at the bottom of the **Getting Started** section. - -5. On the Wiki article **Add Page** page, select **Insert Template** from the toolbar, select the troubleshooting article template (**Troubleshooting.html**), and then click **Insert**. - -6. Be sure to give the article a descriptive title and then overwrite the template information as needed to create your troubleshooting or best practice article. - -7. After you review your article, be sure to include a tag that is named **Troubleshooting** and another for the product name. This helps others to find your content. - -8. Click **Save** to publish the article to the TechNet Wiki. - -## Other resources for troubleshooting DaRT 10 - - -[Diagnostics and Recovery Toolset 10](index.md) - -[Getting Started with DaRT 10](getting-started-with-dart-10.md) - -[Planning for DaRT 10](planning-for-dart-10.md) - -[Deploying DaRT 10](deploying-dart-10.md) - -[Operations for DaRT 10](operations-for-dart-10.md) - -  - -  - - - - - diff --git a/mdop/dart-v65.md b/mdop/dart-v65.md deleted file mode 100644 index ef08a90758..0000000000 --- a/mdop/dart-v65.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -title: Diagnostics and Recovery Toolset 6.5 -description: Diagnostics and Recovery Toolset 6.5 -author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 04/19/2017 -ms.reviewer: -manager: dansimp -ms.author: dansimp ---- - -# Diagnostics and Recovery Toolset 6.5 - -Selecting the link for [Diagnostics and Recovery Toolset 6.5 documentation](https://technet.microsoft.com/library/jj713388.aspx) will take you to another website. Use your browser's **Back** button to return to this page. diff --git a/mdop/dart-v7/TOC.md b/mdop/dart-v7/TOC.md deleted file mode 100644 index 5688dce81f..0000000000 --- a/mdop/dart-v7/TOC.md +++ /dev/null @@ -1,36 +0,0 @@ -# [Diagnostics and Recovery Toolset 7](index.md) -## [Getting Started with DaRT 7.0](getting-started-with-dart-70-new-ia.md) -### [About DaRT 7.0](about-dart-70-new-ia.md) -#### [Release Notes for DaRT 7.0](release-notes-for-dart-70-new-ia.md) -### [Overview of the Tools in DaRT 7.0](overview-of-the-tools-in-dart-70-new-ia.md) -### [Accessibility for DaRT 7.0](accessibility-for-dart-70.md) -## [Planning for DaRT 7.0](planning-for-dart-70-new-ia.md) -### [Planning to Deploy DaRT 7.0](planning-to-deploy-dart-70.md) -#### [DaRT 7.0 Supported Configurations](dart-70-supported-configurations-dart-7.md) -#### [Planning to Create the DaRT 7.0 Recovery Image](planning-to-create-the-dart-70-recovery-image.md) -#### [Planning How to Save and Deploy the DaRT 7.0 Recovery Image](planning-how-to-save-and-deploy-the-dart-70-recovery-image.md) -### [DaRT 7.0 Planning Checklist](dart-70-planning-checklist-dart-7.md) -## [Deploying DaRT 7.0](deploying-dart-70-new-ia.md) -### [Deploying DaRT 7.0 to Administrator Computers](deploying-dart-70-to-administrator-computers-dart-7.md) -#### [How to Deploy DaRT 7.0](how-to-deploy-dart-70.md) -#### [How to Change, Repair, or Remove DaRT 7.0](how-to-change-repair-or-remove-dart-70.md) -### [Creating the DaRT 7.0 Recovery Image](creating-the-dart-70-recovery-image-dart-7.md) -#### [How to Use the DaRT Recovery Image Wizard to Create the Recovery Image](how-to-use-the-dart-recovery-image-wizard-to-create-the-recovery-image-dart-7.md) -#### [How to Create a Time Limited Recovery Image](how-to-create-a-time-limited-recovery-image-dart-7.md) -### [Deploying the DaRT 7.0 Recovery Image](deploying-the-dart-70-recovery-image-dart-7.md) -#### [How to Deploy the DaRT Recovery Image Using a USB Flash Drive](how-to-deploy-the-dart-recovery-image-using-a-usb-flash-drive-dart-7.md) -#### [How to Deploy the DaRT Recovery Image as Part of a Recovery Partition](how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-7.md) -#### [How to Deploy the DaRT Recovery Image as a Remote Partition](how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-7.md) -### [DaRT 7.0 Deployment Checklist](dart-70-deployment-checklist-dart-7.md) -## [Operations for DaRT 7.0](operations-for-dart-70-new-ia.md) -### [Recovering Computers Using DaRT 7.0](recovering-computers-using-dart-70-dart-7.md) -#### [How to Recover Local Computers Using the DaRT Recovery Image](how-to-recover-local-computers-using-the-dart-recovery-image-dart-7.md) -#### [How to Recover Remote Computers Using the DaRT Recovery Image](how-to-recover-remote-computers-using-the-dart-recovery-image-dart-7.md) -### [Diagnosing System Failures with Crash Analyzer](diagnosing-system-failures-with-crash-analyzer--dart-7.md) -#### [How to Run the Crash Analyzer on an End-user Computer](how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-7.md) -#### [How to Run the Crash Analyzer in Stand-alone Mode on a Computer Other than an End-user Computer](how-to-run-the-crash-analyzer-in-stand-alone-mode-on-a-computer-other-than-an-end-user-computer-dart-7.md) -#### [How to Ensure that Crash Analyzer Can Access Symbol Files](how-to-ensure-that-crash-analyzer-can-access-symbol-files-dart-7.md) -### [Security Considerations for DaRT 7.0](security-considerations-for-dart-70-dart-7.md) -## [Troubleshooting DaRT 7.0](troubleshooting-dart-70-new-ia.md) -## [Technical Reference for DaRT 7.0](technical-reference-for-dart-70-new-ia.md) - diff --git a/mdop/dart-v7/about-dart-70-new-ia.md b/mdop/dart-v7/about-dart-70-new-ia.md deleted file mode 100644 index bad11f06bb..0000000000 --- a/mdop/dart-v7/about-dart-70-new-ia.md +++ /dev/null @@ -1,78 +0,0 @@ ---- -title: About DaRT 7.0 -description: About DaRT 7.0 -author: dansimp -ms.assetid: 217ffafc-6d73-4b80-88d9-71870460d4ab -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About DaRT 7.0 - - -Microsoft Diagnostics and Recovery Toolset (DaRT) 7 helps you troubleshoot and repair Windows-based desktops. This includes those desktops that cannot be started. DaRT is a powerful set of tools that extend the Windows Recovery Environment (WinRE). By using DaRT, you can analyze an issue to determine its cause, for example, by inspecting the computer’s event log or system registry. - -DaRT also provides tools to help you fix a problem as soon as you determine the cause. For example, you can use the tools in DaRT to disable a faulty device driver, remove hotfixes, restore deleted files, and scan the computer for malware even when you cannot or should not start the installed Windows operating system. - -DaRT can help you quickly recover computers that are running either 32-bit or 64-bit versions of Windows 7, typically in less time than it would take to reimage the computer. - -## About the DaRT 7 Recovery Image - - -Functionality in DaRT lets you create a recovery image that is based on WinRE combined with a set of tools that DaRT provides. The DaRT recovery image takes advantage of WinRE, from which you can access the **Diagnostics and Recovery Toolset** window. - -Use the **DaRT Recovery Image Wizard** to create the DaRT recovery image. By default, the wizard creates an International Organization for Standardization (ISO) image file on your desktop that is named DaRT70.iso, although you can specify a different location and file name. The wizard also lets you burn the image to a CD or DVD. After you have finished the wizard, you can save the recovery image to a USB flash drive or save it in a format that you can use to create a remote partition or a recovery partition. - -When you have to use DaRT to startup an end-user computer that will not start, you can follow the instructions at [How to Recover Local Computers Using the DaRT Recovery Image](how-to-recover-local-computers-using-the-dart-recovery-image-dart-7.md). - -For detailed information about the tools in DaRT, see [Overview of the Tools in DaRT 7.0](overview-of-the-tools-in-dart-70-new-ia.md). - -## What’s New in DaRT 7 - - -DaRT 7 continues to support all the scenarios included in previous versions and it adds a new Remote Connection feature in addition to three new deployment options. - -### DaRT 7 Image Creation - -The wizard that you use to create DaRT ISO images is now called **DaRT Recovery Image** and it now supports an option to enable or disable the new Remote Connection feature. Remote Connection lets a helpdesk agent run the DaRT tools from a remote location. In previous releases, the helpdesk agent had to be physically present at the end-user computer to run the DaRT tools. - -The wizard also lets you customize the Welcome message for the Remote Connection feature (the message is shown when end users run the Remote Connection tool). IT Admins can also configure which Port Number should be used by Remote Connection. - -For more information about the **DaRT Recovery Image Wizard** or Remote Connection, see [Creating the DaRT 7.0 Recovery Image](creating-the-dart-70-recovery-image-dart-7.md). - -### DaRT 7 ISO Deployment - -In addition to burning to a CD or DVD, DaRT 7 adds three new options when you deploy the ISO that contains the DaRT recovery image: - -- USB flash drive deployment - -- Remote partition deployment - -- Recovery partition deployment - -The USB flash drive deployment option lets a company use DaRT on computers that do not have CD or DVD drives available. The recovery and remote partition options let end users have easy access to the DaRT image and to enable the Remote Connection functionality. - -For more information about how to deploy DaRT recovery images, see [Deploying the DaRT 7.0 Recovery Image](deploying-the-dart-70-recovery-image-dart-7.md). - -## Related topics - - -[Getting Started with DaRT 7.0](getting-started-with-dart-70-new-ia.md) - -[Release Notes for DaRT 7.0](release-notes-for-dart-70-new-ia.md) - -  - -  - - - - - diff --git a/mdop/dart-v7/accessibility-for-dart-70.md b/mdop/dart-v7/accessibility-for-dart-70.md deleted file mode 100644 index 728b5a9f48..0000000000 --- a/mdop/dart-v7/accessibility-for-dart-70.md +++ /dev/null @@ -1,106 +0,0 @@ ---- -title: Accessibility for DaRT 7.0 -description: Accessibility for DaRT 7.0 -author: dansimp -ms.assetid: 41f7bb72-4f1d-44fb-bc3f-8b66557fec2f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Accessibility for DaRT 7.0 - - -Microsoft is committed to making its products and services easier for everyone to use. This section provides information about features and services that make this product and its corresponding documentation more accessible for people with disabilities. - -## Access Any Command with a Few Keystrokes - - -Access keys let you quickly use a command by pressing a few keys. You can get to most commands by using two keystrokes. To use an access key: - -1. Press ALT. - - The keyboard shortcuts are displayed over each feature that is available in the current view. - -2. Press the letter shown in the keyboard shortcut over the feature that you want to use. - -**Note**   -To cancel the action that you are taking and hide the keyboard shortcuts, press ALT. - - - -## Documentation in Alternative Formats - - -If you have difficulty reading or handling printed materials, you can obtain the documentation for many Microsoft products in more accessible formats. You can view an index of accessible product documentation on the Microsoft Accessibility website. In addition, you can obtain additional Microsoft publications from Learning Ally (formerly Recording for the Blind & Dyslexic, Inc.). Learning Ally distributes these documents to registered, eligible members of their distribution service. - -For information about the availability of Microsoft product documentation and books from Microsoft Press, contact: - - ---- - - - - - - - - - - - - - - - - - - - - - - -

Learning Ally (formerly Recording for the Blind & Dyslexic, Inc.)

-

20 Roszel Road

-

Princeton, NJ 08540

Telephone number from within the United States:

(800) 221-4792

Telephone number from outside the United States and Canada:

(609) 452-0606

Fax:

(609) 987-8116

http://www.learningally.org/

Web addresses can change, so you might be unable to connect to the website or sites mentioned here.

- - - -## Customer Service for People with Hearing Impairments - - -If you are deaf or hard-of-hearing, complete access to Microsoft product and customer services is available through a text telephone (TTY/TDD) service: - -- For customer service, contact Microsoft Sales Information Center at (800) 892-5234 between 6:30 AM and 5:30 PM Pacific Time, Monday through Friday, excluding holidays. - -- For technical assistance in the United States, contact Microsoft Product Support Services at (800) 892-5234 between 6:00 AM and 6:00 PM Pacific Time, Monday through Friday, excluding holidays. In Canada, dial (905) 568-9641 between 8:00 AM and 8:00 PM Eastern Time, Monday through Friday, excluding holidays. - -Microsoft Support Services are subject to the prices, terms, and conditions in place at the time the service is used. - -## For More Information - - -For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431). - -## Related topics - - -[Getting Started with DaRT 7.0](getting-started-with-dart-70-new-ia.md) - - - - - - - - - diff --git a/mdop/dart-v7/creating-the-dart-70-recovery-image-dart-7.md b/mdop/dart-v7/creating-the-dart-70-recovery-image-dart-7.md deleted file mode 100644 index 7158d4abbf..0000000000 --- a/mdop/dart-v7/creating-the-dart-70-recovery-image-dart-7.md +++ /dev/null @@ -1,74 +0,0 @@ ---- -title: Creating the DaRT 7.0 Recovery Image -description: Creating the DaRT 7.0 Recovery Image -author: dansimp -ms.assetid: ebb2ec58-0349-469d-a23f-3f944fe4c1fa -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Creating the DaRT 7.0 Recovery Image - - -Microsoft Diagnostics and Recovery Toolset (DaRT) 7 includes the **DaRT Recovery Image Wizard** that is used in Windows to create a bootable International Organization for Standardization (ISO) image. An ISO image is a file that represents the raw contents of a CD. - -## Use the DaRT Recovery Image Wizard to Create the Recovery Image - - -The ISO created by the DaRT Recovery Image Wizard contains the DaRT recovery image that lets you boot into a problem computer, even if it might otherwise not start. After you boot the computer into DaRT, you can run the different DaRT tools to try to diagnose and repair the computer. - -You can write the ISO to a recordable CD or DVD, save it to a USB flash drive, or save it in a format that you can use to boot into DaRT from a remote partition or from a recovery partition. For more information, see [Deploying the DaRT 7.0 Recovery Image](deploying-the-dart-70-recovery-image-dart-7.md). - -**Note**   -If your computer includes a CD-RW drive, the wizard offers to burn the ISO image to a blank CD or DVD. If your computer does not include a drive that is supported by the wizard, you can burn the ISO image onto a CD or DVD by using most programs that can burn a CD or DVD. - - - -To create a bootable CD or DVD from the ISO image, you must have: - -- A CD-RW drive. - -- A recordable CD or DVD (in a format supported by the recordable drive). - -- Software that supports the recordable drive and supports burning an ISO image directly to CD or DVD. - - **Important**   - Test the CD or DVD that you create on all the different kinds of computers that you intend to support because some computers cannot start from all kinds of recordable media. - - - -To save the ISO image to a USB flash drive (UFD), you must have: - -- A correctly formatted UFD. - -- A program that you can use to mount the ISO image. - -[How to Use the DaRT Recovery Image Wizard to Create the Recovery Image](how-to-use-the-dart-recovery-image-wizard-to-create-the-recovery-image-dart-7.md) - -## Create a Time Limited Recovery Image - - -You can create a DaRT recovery image that can only be used for a certain number of days after it is generated. To do this, you must run the **DaRT Recovery Image Wizard** at a command prompt and specify the number of days. - -[How to Create a Time Limited Recovery Image](how-to-create-a-time-limited-recovery-image-dart-7.md) - -## Other resources for creating the DaRT 7 recovery image - - -- [Deploying DaRT 7.0](deploying-dart-70-new-ia.md) - - - - - - - - - diff --git a/mdop/dart-v7/dart-70-deployment-checklist-dart-7.md b/mdop/dart-v7/dart-70-deployment-checklist-dart-7.md deleted file mode 100644 index ab0a13cab2..0000000000 --- a/mdop/dart-v7/dart-70-deployment-checklist-dart-7.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: DaRT 7.0 Deployment Checklist -description: DaRT 7.0 Deployment Checklist -author: dansimp -ms.assetid: 2c68ec15-0624-4a75-8237-05c68b61ad07 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# DaRT 7.0 Deployment Checklist - - -This checklist can be used to help you during Microsoft Diagnostics and Recovery Toolset (DaRT) 7 deployment. - -**Note**   -This checklist outlines the recommended steps and a high-level list of items to consider when planning for product deployment. It is recommended that you copy this checklist into a spreadsheet program and customize it for your use. - - - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
TaskReferences
Checklist box

Decide on the best DaRT 7 deployment option for your requirements and deploy it.

Deploying DaRT 7.0 to Administrator Computers

Checklist box

Use the DaRT Recovery Image Wizard to create the DaRT recovery image ISO.

Creating the DaRT 7.0 Recovery Image

Checklist box

Decide on the best DaRT 7 recovery image deployment option for your requirements and deploy it.

Deploying the DaRT 7.0 Recovery Image

- - - -## Related topics - - -[Deploying DaRT 7.0](deploying-dart-70-new-ia.md) - - - - - - - - - diff --git a/mdop/dart-v7/dart-70-planning-checklist-dart-7.md b/mdop/dart-v7/dart-70-planning-checklist-dart-7.md deleted file mode 100644 index 8c9dbcaa92..0000000000 --- a/mdop/dart-v7/dart-70-planning-checklist-dart-7.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: DaRT 7.0 Planning Checklist -description: DaRT 7.0 Planning Checklist -author: dansimp -ms.assetid: f97a2318-6597-4774-a854-bb546279a8fd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# DaRT 7.0 Planning Checklist - - -This checklist can be used to help you plan for preparing your computing environment for Microsoft Diagnostics and Recovery Toolset (DaRT) 7 deployment. - -**Note**   -This checklist outlines the recommended steps and a high-level list of items to consider when planning for product deployment. It is recommended that you copy this checklist into a spreadsheet program and customize it for your use. - - - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
TaskReferences
Checklist box

Review the DaRT 7 Supported Configurations information to confirm that the computers you have selected for client or feature installation meet the minimum hardware and operating system requirements.

DaRT 7.0 Supported Configurations

Checklist box

Understand the deployment prerequisites and decide which tools to include on the DaRT recovery image.

Planning to Create the DaRT 7.0 Recovery Image

Checklist box

Determine which method, or methods, you will use to deploy the DaRT recovery image.

Planning How to Save and Deploy the DaRT 7.0 Recovery Image

- - - -## Related topics - - -[Planning for DaRT 7.0](planning-for-dart-70-new-ia.md) - - - - - - - - - diff --git a/mdop/dart-v7/dart-70-supported-configurations-dart-7.md b/mdop/dart-v7/dart-70-supported-configurations-dart-7.md deleted file mode 100644 index 790c2e9077..0000000000 --- a/mdop/dart-v7/dart-70-supported-configurations-dart-7.md +++ /dev/null @@ -1,106 +0,0 @@ ---- -title: DaRT 7.0 Supported Configurations -description: DaRT 7.0 Supported Configurations -author: dansimp -ms.assetid: e9ee87b0-3254-4625-b178-17b2f5b8f8c8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# DaRT 7.0 Supported Configurations - - -Your environment may already meet the configuration requirements provided here so that you can install and run Microsoft Diagnostics and Recovery Toolset (DaRT) 7. These include the following recovery image and disk space requirements. - -## DaRT 7 Recovery Image Requirements - - -No cross-platform recovery image creation is supported. The following table specifies the kind of recovery image that you should create and deploy in your enterprise: - - ---- - - - - - - - - - - - - - - - - -
Platform and DaRT VersionRecovery Image Requirements

64-Bit DaRT 7.0

Create and use a 64-Bit DaRT recovery image.

32-Bit DaRT 7.0

Create and use a 32-Bit DaRT recovery image.

- -  - -## DaRT 7 End-user Computer Requirements - - -The **Diagnostics and Recovery Toolset** window in DaRT requires that the destination computer use one of the following operating systems together with the specified amount of system memory available for DaRT: - - ---- - - - - - - - - - - - - - - - - - - - - -
Operating SystemSystem Requirements for DaRT

Windows 7 64-Bit (2GB)

2.5GB of system memory

Windows 7 32-Bit (1GB)

1.5GB of system memory

Windows Server 2008 R2 (512MB)

1GB of system memory

- -  - -DaRT also has the following minimal hardware requirements: - -- A CD or DVD drive or a USB port - - This is required if you are deploying DaRT in your enterprise by using a CD, DVD, or USB. - -- BIOS support for starting the computer from a CD or DVD, a USB flash drive, or from a remote or recovery partition - -## Related topics - - -[Planning to Deploy DaRT 7.0](planning-to-deploy-dart-70.md) - -  - -  - - - - - diff --git a/mdop/dart-v7/deploying-dart-70-new-ia.md b/mdop/dart-v7/deploying-dart-70-new-ia.md deleted file mode 100644 index 4b535951b5..0000000000 --- a/mdop/dart-v7/deploying-dart-70-new-ia.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: Deploying DaRT 7.0 -description: Deploying DaRT 7.0 -author: dansimp -ms.assetid: 7bc99bce-b94f-4074-ba88-986ed76f8a6c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploying DaRT 7.0 - - -There are a number of different deployment configurations that Microsoft Diagnostics and Recovery Toolset (DaRT) 7 supports. This section includes information you should consider about the deployment of DaRT 7 and step-by-step procedures to help you successfully perform the tasks that you must complete at different stages of your deployment. - -## Deployment information - - -- [Deploying DaRT 7.0 to Administrator Computers](deploying-dart-70-to-administrator-computers-dart-7.md) - - This section provides information to help you decide on the best DaRT 7 deployment option for your requirements and then how to deploy it. - -- [Creating the DaRT 7.0 Recovery Image](creating-the-dart-70-recovery-image-dart-7.md) - - This section provides information to help you use the DaRT Recovery Image Wizard to create the DaRT recovery image ISO. - -- [Deploying the DaRT 7.0 Recovery Image](deploying-the-dart-70-recovery-image-dart-7.md) - - This section provides information to help you decide on the best DaRT 7 recovery image deployment option for your requirements and then how to deploy it. - -- [DaRT 7.0 Deployment Checklist](dart-70-deployment-checklist-dart-7.md) - - This section provides a deployment checklist that can help you in deploying and using DaRT 7. - -## Other resources for deploying DaRT 7 - - -- [Diagnostics and Recovery Toolset 7 Administrator's Guide](index.md) - -- [Getting Started with DaRT 7.0](getting-started-with-dart-70-new-ia.md) - -- [Planning for DaRT 7.0](planning-for-dart-70-new-ia.md) - -- [Operations for DaRT 7.0](operations-for-dart-70-new-ia.md) - -- [Troubleshooting DaRT 7.0](troubleshooting-dart-70-new-ia.md) - -  - -  - - - - - diff --git a/mdop/dart-v7/deploying-dart-70-to-administrator-computers-dart-7.md b/mdop/dart-v7/deploying-dart-70-to-administrator-computers-dart-7.md deleted file mode 100644 index 107a1f0256..0000000000 --- a/mdop/dart-v7/deploying-dart-70-to-administrator-computers-dart-7.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: Deploying DaRT 7.0 to Administrator Computers -description: Deploying DaRT 7.0 to Administrator Computers -author: dansimp -ms.assetid: 8baf26aa-b168-463c-810f-a165918b9d9f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploying DaRT 7.0 to Administrator Computers - - -Before you begin the deployment of Microsoft Diagnostics and Recovery Toolset (DaRT) 7, review the requirements for your environment. This includes the hardware requirements for installing DaRT. For more information about DaRT hardware and software requirements, see [DaRT 7.0 Supported Configurations](dart-70-supported-configurations-dart-7.md). - -The topics in this section can be used to help you deploy DaRT in your enterprise based on your environment and deployment strategy. - -## Deploy DaRT 7.0 to administrator computers - - -You can use the Windows Installer file for DaRT to install DaRT on a computer that you will use to first create the DaRT recovery image and then troubleshoot and fix end-user computers. Frequently, across an organization, you might install on the administrator computer only the DaRT functionality that you need to create a DaRT recovery image. Then, on a helpdesk administrator’s computer, you might install only the DaRT functionality that you must have to troubleshoot a problem computer, such as the DaRT Remote Connection Viewer and the Crash Analyzer. - -In addition to manually running the Windows Installer file to install DaRT, you can also install DaRT at the command prompt to support enterprise software deployment systems such as System Center Configuration Manager 2012. - -[How to Deploy DaRT 7.0](how-to-deploy-dart-70.md) - -## Change, repair, or remove DaRT 7.0 - - -You can change, repair, or remove the DaRT installation by double-clicking the DaRT installation file and then clicking the button that corresponds to the action that you want to perform or through the Windows Control Panel. - -[How to Change, Repair, or Remove DaRT 7.0](how-to-change-repair-or-remove-dart-70.md) - -## Other resources for Deploying the DaRT 7.0 to Administrator Computers - - -- [Deploying DaRT 7.0](deploying-dart-70-new-ia.md) - -  - -  - - - - - diff --git a/mdop/dart-v7/deploying-the-dart-70-recovery-image-dart-7.md b/mdop/dart-v7/deploying-the-dart-70-recovery-image-dart-7.md deleted file mode 100644 index d5be1d6f03..0000000000 --- a/mdop/dart-v7/deploying-the-dart-70-recovery-image-dart-7.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: Deploying the DaRT 7.0 Recovery Image -description: Deploying the DaRT 7.0 Recovery Image -author: dansimp -ms.assetid: 6bba7bff-800f-44e4-bcfc-e143115607ca -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Deploying the DaRT 7.0 Recovery Image - - -After you have created the International Organization for Standardization (ISO) file that contains the Microsoft Diagnostics and Recovery Toolset (DaRT) 7 recovery image, you can deploy the DaRT recovery image throughout your enterprise so that it is available to end users and helpdesk agents. There are four supported methods that you can use to deploy the DaRT recovery image. - -- Burn the ISO image file to a CD or DVD - -- Save the contents of the ISO image file to a USB Flash Drive (UFD) - -- Extract the boot.wim file from the ISO image and deploy as a remote partition that is available to end-user computers - -- Extract the boot.wim file from the ISO image and deploy in the recovery partition of a new Windows 7 installation - -**Important**   -The **DaRT Recovery Image Wizard** only provides the option to burn a CD or DVD. All other methods of saving and deploying the recovery image require additional steps that involve tools that are not included in DaRT. Some guidance and links for these other methods are provided in this section. - - - -## Deploy the DaRT Recovery Image Using a USB Flash Drive - - -After you have finished running the DaRT Recovery Image Wizard, you can use the tool at to copy the ISO image file to a USB flash drive (UFD). - -[How to Deploy the DaRT Recovery Image Using a USB Flash Drive](how-to-deploy-the-dart-recovery-image-using-a-usb-flash-drive-dart-7.md) - -## Deploy the DaRT Recovery Image as Part of a Recovery Partition - - -After you have finished running the DaRT Recovery Image Wizard and created the recovery image, you can extract the boot.wim file from the ISO image file and deploy it as a recovery partition in a Windows 7 image. - -[How to Deploy the DaRT Recovery Image as Part of a Recovery Partition](how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-7.md) - -## Deploy the DaRT Recovery Image as a Remote Partition - - -After you have finished running the DaRT Recovery Image Wizard and created the recovery image, you can extract the boot.wim file from the ISO image file and deploy it as a remote partition on the network. - -[How to Deploy the DaRT Recovery Image as a Remote Partition](how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-7.md) - -## Other resources for maintaining Deploying the DaRT Recovery Image - - -- [Deploying DaRT 7.0](deploying-dart-70-new-ia.md) - - - - - - - - - diff --git a/mdop/dart-v7/diagnosing-system-failures-with-crash-analyzer--dart-7.md b/mdop/dart-v7/diagnosing-system-failures-with-crash-analyzer--dart-7.md deleted file mode 100644 index 793f1a332e..0000000000 --- a/mdop/dart-v7/diagnosing-system-failures-with-crash-analyzer--dart-7.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: Diagnosing System Failures with Crash Analyzer -description: Diagnosing System Failures with Crash Analyzer -author: dansimp -ms.assetid: 170d40ef-4edb-4a32-a349-c285c0ea5e56 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Diagnosing System Failures with Crash Analyzer - - -The Crash Analyzer in Microsoft Diagnostics and Recovery Toolset (DaRT) 7 lets you debug a crash dump file on a Windows-based computer and then diagnose any related computer errors. The Crash Analyzer uses the Microsoft Debugging Tools for Windows to examine a crash dump file for the driver that caused the computer to fail. - -## Run the Crash Analyzer on an End-user Computer - - -Typically, you run Crash Analyzer from the Diagnostics and Recovery Toolset window on an end-user computer that has problems. The Crash Analyzer tries to locate the Debugging Tools for Windows on the problem computer. If the directory path dialog box is empty, you must enter the location or browse to the location of the Debugging Tools for Windows (you can download the files from Microsoft). You must also provide a path to where the symbol files are located. - -If you included the Microsoft Debugging Tools for Windows and the symbol files when you created the DaRT recovery image, they should be available when you run the Crash Analyzer on the problem computer. - -[How to Run the Crash Analyzer on an End-user Computer](how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-7.md) - -## Run the Crash Analyzer in stand-alone mode on a computer other than an end-user computer - - -The Crash Analyzer tries to locate the Debugging Tools for Windows on the problem computer. If the directory path dialog box is empty, you must enter the location or browse to the location of the Debugging Tools for Windows (you can download the files from Microsoft). You must also provide a path to where the symbol files are located. - -If you did not include the Microsoft Debugging Tools for Windows and the symbol files when you created the DaRT recovery image, or if disk size or network connectivity problems are preventing you from obtaining them, then you can copy the dump file from the problem computer and analyze it on a computer that has the stand-alone version of Crash Analyzer installed, such as a helpdesk administrator’s computer. - -[How to Run the Crash Analyzer in Stand-alone Mode on a Computer Other than an End-user Computer](how-to-run-the-crash-analyzer-in-stand-alone-mode-on-a-computer-other-than-an-end-user-computer-dart-7.md) - -## Ensure that Crash Analyzer can access symbol files - - -Typically, debugging information is stored in a symbol file that is separate from the executable. You must have access to the symbol information when you debug an application that has stopped responding, for example if it crashed. - -Symbol files are automatically downloaded when you run Crash Analyzer. If the computer does not have an Internet connection or the network requires the computer to access an HTTP proxy server, the symbol files cannot be downloaded. - -[How to Ensure that Crash Analyzer Can Access Symbol Files](how-to-ensure-that-crash-analyzer-can-access-symbol-files-dart-7.md) - -## Other resources for diagnosing system failures with Crash Analyzer - - -[Operations for DaRT 7.0](operations-for-dart-70-new-ia.md) - -  - -  - - - - - diff --git a/mdop/dart-v7/getting-started-with-dart-70-new-ia.md b/mdop/dart-v7/getting-started-with-dart-70-new-ia.md deleted file mode 100644 index 4a0b5db556..0000000000 --- a/mdop/dart-v7/getting-started-with-dart-70-new-ia.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: Getting Started with DaRT 7.0 -description: Getting Started with DaRT 7.0 -author: dansimp -ms.assetid: 796f52ce-0935-4d3d-9437-289b4c7b16c3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Getting Started with DaRT 7.0 - - -DaRT requires thorough planning before you deploy it or use its features. If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at [https://go.microsoft.com/fwlink/p/?LinkId=80347](https://go.microsoft.com/fwlink/?LinkId=80347). - -This section provides general information for administrators who are evaluating and using Microsoft Diagnostics and Recovery Toolset (DaRT) 7. - -**Note**   -A downloadable version of this document and the DaRT 7 Evaluation Guide can be downloaded from . - - - -## Getting Started With DaRT 7 - - -- [About DaRT 7.0](about-dart-70-new-ia.md) - - Provides information specifically related to DaRT including what is new in DaRT 7. - -- [Overview of the Tools in DaRT 7.0](overview-of-the-tools-in-dart-70-new-ia.md) - - Provides general information about the tools in Microsoft Diagnostics and Recovery Toolset (DaRT) 7. - -- [Accessibility for DaRT 7.0](accessibility-for-dart-70.md) - - Provides information about features and services that make this product and its corresponding documentation more accessible for people with disabilities. - -## Other resources for this product - - -- [Diagnostics and Recovery Toolset 7 Administrator's Guide](index.md) - -- [Planning for DaRT 7.0](planning-for-dart-70-new-ia.md) - -- [Deploying DaRT 7.0](deploying-dart-70-new-ia.md) - -- [Operations for DaRT 7.0](operations-for-dart-70-new-ia.md) - -- [Troubleshooting DaRT 7.0](troubleshooting-dart-70-new-ia.md) - - - - - - - - - diff --git a/mdop/dart-v7/how-to-change-repair-or-remove-dart-70.md b/mdop/dart-v7/how-to-change-repair-or-remove-dart-70.md deleted file mode 100644 index 07c0c01702..0000000000 --- a/mdop/dart-v7/how-to-change-repair-or-remove-dart-70.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: How to Change, Repair, or Remove DaRT 7.0 -description: How to Change, Repair, or Remove DaRT 7.0 -author: dansimp -ms.assetid: a65ff4f3-2b6d-4105-a7a0-67c87e8e7300 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Change, Repair, or Remove DaRT 7.0 - - -You can change, repair, or remove the Microsoft Diagnostics and Recovery Toolset (DaRT) 7 installation by double-clicking the DaRT installation file and then clicking the button that corresponds to the action that you want to perform. - -You can also change, repair, or remove the DaRT installation using the Windows Control Panel by following the steps described in the procedure in this topic. - -**To change, repair, or remove DaRT** - -1. Click **Start** and then click **Control Panel**. - -2. Click **Programs and Features**. - -3. Click **Microsoft Diagnostics and Recovery Toolset 7.0** and then click the button that corresponds to the action that you want to perform. - -## Related topics - - -[Deploying DaRT 7.0 to Administrator Computers](deploying-dart-70-to-administrator-computers-dart-7.md) - -  - -  - - - - - diff --git a/mdop/dart-v7/how-to-create-a-time-limited-recovery-image-dart-7.md b/mdop/dart-v7/how-to-create-a-time-limited-recovery-image-dart-7.md deleted file mode 100644 index 91c0b79888..0000000000 --- a/mdop/dart-v7/how-to-create-a-time-limited-recovery-image-dart-7.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: How to Create a Time Limited Recovery Image -description: How to Create a Time Limited Recovery Image -author: dansimp -ms.assetid: d2e29cac-c24c-4239-997f-0320b8a830ae -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Create a Time Limited Recovery Image - - -You can create a DaRT recovery image that can only be used for a certain number of days after it is generated. To do this, you must run the **DaRT Recovery Image Wizard** at a command prompt and specify the number of days. - -**To create a recovery image that has a time limit** - -1. Open a Command Prompt with administrator credentials. - -2. Change the directory to the location of the ERDC.exe program. - -3. Using the following syntax, run the **DaRT Recovery Image Wizard**. *NumberOfDays* is a positive integer that represents the number of days that the DaRT recovery image will be usable. - - ``` syntax - ERDC /e NumberOfDays - ``` - -## Related topics - - -[Creating the DaRT 7.0 Recovery Image](creating-the-dart-70-recovery-image-dart-7.md) - -  - -  - - - - - diff --git a/mdop/dart-v7/how-to-deploy-dart-70.md b/mdop/dart-v7/how-to-deploy-dart-70.md deleted file mode 100644 index 23d20d5d80..0000000000 --- a/mdop/dart-v7/how-to-deploy-dart-70.md +++ /dev/null @@ -1,94 +0,0 @@ ---- -title: How to Deploy DaRT 7.0 -description: How to Deploy DaRT 7.0 -author: dansimp -ms.assetid: 30522441-40cb-4eca-99b4-dff758f5c647 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Deploy DaRT 7.0 - - -This topic provides instructions to deploy Microsoft Diagnostics and Recovery Toolset (DaRT) 7 in your environment. The first procedure in this topic assumes that you are installing all functionality on one administrator computer. When you need to deploy or uninstall DaRT on multiple computers, using an electronic software distribution system for example, it might be easier to use command line installation options. Those options are defined in the second procedure in this topic which provides example usage for the available command line options. - -**Important**   -Before you install DaRT, ensure that the computer meets the minimum system requirements listed in [DaRT 7.0 Supported Configurations](dart-70-supported-configurations-dart-7.md). - - - -**To install DaRT on an administrator computer** - -1. Locate the DaRT installation files that you received as part of your software download. - -2. Double-click the DaRT installation file that corresponds to your system requirements, either 32-bit or 64-bit. The DaRT installation file is named **MSDaRT70.msi**. - -3. Accept the Microsoft Software License Terms, and then click **Next**. - -4. Select the destination folder for installing DaRT, select whether DaRT should be installed for all users or just the current user, and then click **Next**. - -5. Select whether the installation should be **Typical**, **Custom**, or **Complete**, and then click **Next**. - - - **Typical** installs the tools that are most frequently used. This method is recommended for most users. - - - **Custom** lets you select the tools that are installed and where they will be installed. This is recommended for advanced users, especially if you are installing different DaRT tools on different helpdesk computers. - - - **Complete** installs all DaRT tools and requires the most disk space. - - After you have selected your method of installation, click **Next**. - -6. To start the installation, click **Install**. - -7. After the installation is completed successfully, click **Finish** to exit the wizard. - -**To install DaRT at the command prompt** - -1. The following example shows how to install all DaRT functionality. - - ``` syntax - msiexec /i MSDaRT70.msi ADDLOCAL=CommonFiles,MSDaRTHelp,DaRTRecoveryImage,CrashAnalyzer,RemoteViewer - ``` - -2. The following example shows how to install only the **DaRT Recovery Image Wizard**. - - ``` syntax - msiexec /i MSDaRT70.msi ADDLOCAL=CommonFiles,MSDaRTHelp,DaRTRecoveryImage - ``` - -3. The following example shows how to install only the Crash Analyzer and the DaRT Remote Connection Viewer. - - ``` syntax - msiexec /i MSDaRT70.msi ADDLOCAL=CommonFiles,MSDaRTHelp,CrashAnalyzer,RemoteViewer - ``` - -4. The following example creates a setup log for the Windows Installer. This is valuable for debugging. - - ``` syntax - msiexec.exe /i MSDaRT70.msi /l*v log.txt - ``` - -**Note**   -You can add /qn or /qb to any of the DaRT installation command prompt options to perform a silent installation. - - - -## Related topics - - -[Deploying DaRT 7.0 to Administrator Computers](deploying-dart-70-to-administrator-computers-dart-7.md) - - - - - - - - - diff --git a/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-7.md b/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-7.md deleted file mode 100644 index 39343027eb..0000000000 --- a/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-7.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: How to Deploy the DaRT Recovery Image as a Remote Partition -description: How to Deploy the DaRT Recovery Image as a Remote Partition -author: dansimp -ms.assetid: 757c9340-8eac-42e8-85de-4302e436713a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Deploy the DaRT Recovery Image as a Remote Partition - - -After you have finished running the DaRT Recovery Image Wizard and created the recovery image, you can extract the boot.wim file from the ISO image file and deploy it as a remote partition on the network. - -**To deploy DaRT as a remote partition** - -1. Extract the boot.wim file from the DaRT ISO image file. - - 1. Mount the ISO image file that you created in the **Create Startup Image** dialog box by using your company’s preferred method of mounting an image. - - 2. Open the ISO image file and copy the boot.wim file from the \\sources folder in the mounted image to a location on your computer or on an external drive. - - **Note**   - If you burned a CD or DVD of the recovery image, you can open the files on the CD or DVD and copy the boot.wim file from the \\sources folder. This lets you skip the need to mount the image. - - - -2. Deploy the boot.wim file to a WDS server that can be accessed from end-user computers in your enterprise. - -3. Configure the WDS server to use the boot.wim file for DaRT by following your standard WDS deployment procedures. - -For more information about how to deploy DaRT as a remote partition, see the following: - -- [Walkthrough: Deploy an Image by Using PXE](https://go.microsoft.com/fwlink/?LinkId=212108) - -- [Windows Deployment Services Getting Started Guide](https://go.microsoft.com/fwlink/?LinkId=212106) - -## Related topics - - -[Deploying the DaRT 7.0 Recovery Image](deploying-the-dart-70-recovery-image-dart-7.md) - - - - - - - - - diff --git a/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-7.md b/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-7.md deleted file mode 100644 index 3ec6953ff3..0000000000 --- a/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-7.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: How to Deploy the DaRT Recovery Image as Part of a Recovery Partition -description: How to Deploy the DaRT Recovery Image as Part of a Recovery Partition -author: dansimp -ms.assetid: 462f2d08-f03b-4a07-b2d3-c69205dc6f70 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Deploy the DaRT Recovery Image as Part of a Recovery Partition - - -After you have finished running the DaRT Recovery Image Wizard and created the recovery image, you can extract the boot.wim file from the ISO image file and deploy it as a recovery partition in a Windows 7 image. - -**To deploy DaRT in the recovery partition of a Windows 7 image** - -1. Create a target partition in your Windows 7 image that is equal to or greater than the size of the ISO image file that you created by using the **DaRT Recovery Image Wizard**. - - The minimum size required for a DaRT partition is approximately 300MB. However, we recommend 450MB to accommodate for the remote connection functionality in DaRT. - -2. Extract the boot.wim file from the DaRT ISO image file. - - 1. Mount the ISO image file that you created in the **Create Startup Image** dialog box by using your company’s preferred method of mounting an image. - - 2. Open the ISO image file and copy the boot.wim file from the \\sources folder in the mounted image to a location on your computer or on an external drive. - - **Note**   - If you burned a CD or DVD of the recovery image, you can open the files on the CD or DVD and copy the boot.wim file from the \\sources folder. This lets you skip the need to mount the image. - - - -3. Use the boot.wim file to create a bootable recovery partition by using your company’s standard method for creating a custom Windows RE image. - - For more information about how to create or customize a recovery partition, see [Customizing the Windows RE Experience](https://go.microsoft.com/fwlink/?LinkId=214222). - -4. Replace the target partition in your Windows 7 image with the recovery partition. - -After your Windows 7 image is ready, distribute the image to computers in your enterprise by using your company’s standard image deployment process. For more information about how to create a Windows 7 image, see [Building a Standard Image of Windows 7: Step-by-Step Guide](https://go.microsoft.com/fwlink/?LinkId=212103). - -For more information about how to deploy a recovery solution to reinstall the factory image in the event of a system failure, see [Deploy a System Recovery Image](https://go.microsoft.com/fwlink/?LinkId=214221). - -## Related topics - - -[Deploying the DaRT 7.0 Recovery Image](deploying-the-dart-70-recovery-image-dart-7.md) - - - - - - - - - diff --git a/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-using-a-usb-flash-drive-dart-7.md b/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-using-a-usb-flash-drive-dart-7.md deleted file mode 100644 index aebbdbfef1..0000000000 --- a/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-using-a-usb-flash-drive-dart-7.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: How to Deploy the DaRT Recovery Image Using a USB Flash Drive -description: How to Deploy the DaRT Recovery Image Using a USB Flash Drive -author: dansimp -ms.assetid: 5b7aa843-731e-47e7-b5f9-48d08da732d6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Deploy the DaRT Recovery Image Using a USB Flash Drive - - -After you have finished running the **DaRT Recovery Image Wizard**, you can use the tool at to copy the ISO image file to a USB flash drive (UFD). - -You can also manually copy the ISO image file to a UFD by following the steps provided in this section. - -**To save the DaRT recovery image to a USB flash drive** - -1. Format the USB flash drive. - - 1. From a running valid operating system or Windows PE session, insert your UFD. - - 2. At the command prompt with administrator permissions, type **DISKPART** and then type **LIST DISK**. - - The Command Prompt window displays the disk number of your UFD, for example **DISK 1**. - - 3. Enter the following commands one at a time at the command prompt. - - ``` syntax - SELECT DISK 1 - CLEAN - CREATE PARTITION PRIMARY - SELECT PARTITION 1 - ACTIVE - FORMAT FS=NTFS - ASSIGN - EXIT - ``` - - **Note**   - The previous code example assumes Disk 1 is the UFD. If it is necessary, replace DISK 1 with your disk number. - - - -2. By using your company’s preferred method of mounting an image, mount the ISO image file that you created in the **Create Startup Image** dialog box of the **DaRT Recovery Image Wizard**. This requires that you have a method available to mount an image file. - -3. Open the mounted ISO image file and copy all its contents to the formatted USB flash drive. - - **Note**   - If you burned a CD or DVD of the recovery image, you can open the files on the CD or DVD and copy the contents to the UFD. This lets you skip the need to mount the image. - - - -## Related topics - - -[Deploying the DaRT 7.0 Recovery Image](deploying-the-dart-70-recovery-image-dart-7.md) - - - - - - - - - diff --git a/mdop/dart-v7/how-to-ensure-that-crash-analyzer-can-access-symbol-files-dart-7.md b/mdop/dart-v7/how-to-ensure-that-crash-analyzer-can-access-symbol-files-dart-7.md deleted file mode 100644 index a241116de7..0000000000 --- a/mdop/dart-v7/how-to-ensure-that-crash-analyzer-can-access-symbol-files-dart-7.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: How to Ensure that Crash Analyzer Can Access Symbol Files -description: How to Ensure that Crash Analyzer Can Access Symbol Files -author: dansimp -ms.assetid: 150a2f88-68a5-40eb-8471-e5008488ab6e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Ensure that Crash Analyzer Can Access Symbol Files - - -Typically, debugging information is stored in a symbol file that is separate from the executable. You must have access to the symbol information when you debug an application that has stopped responding, for example if it crashed. - -Symbol files are automatically downloaded when you run the Microsoft Diagnostics and Recovery Toolset (DaRT) 7 Crash Analyzer. If the computer does not have an Internet connection or the network requires the computer to access an HTTP proxy server, the symbol files cannot be downloaded. - -## Ensure access to symbol files - - -Typically, debugging information is stored in a symbol file that is separate from the executable. You must have access to the symbol information when you debug an application that has stopped responding, for example if it crashed. - -Symbol files are automatically downloaded when you run **Crash Analyzer**. If the computer does not have an Internet connection or the network requires the computer to access an HTTP proxy server, the symbol files cannot be downloaded. - -The following is a list of options that are available for guaranteeing access to symbol files: - -- **Copy the dump file to another computer.** If the symbols cannot be downloaded because of a lack of an Internet connection, copy the crash dump file to a computer that does have an Internet connection and run the stand-alone **Crash Analyzer Wizard** on that computer. - -- **Access the symbol files from another computer.** If the symbols cannot be downloaded because of a lack of an Internet connection, you can download the symbols from a computer that does have an Internet connection and then copy them to the computer that does not have an Internet connection, or you can map a network drive to a location where the symbols are available on the local network. If you run the **Crash Analyzer** in a Windows Recovery Environment (Windows RE), you can include the symbol files on the DaRT recovery image. For more information about how to create a recovery image, see [Creating the DaRT 7.0 Recovery Image](creating-the-dart-70-recovery-image-dart-7.md). - -- **Access symbol files through an HTTP proxy server.** If the symbols cannot be downloaded because an HTTP proxy server must be accessed, use the following steps to access an HTTP proxy server. In DaRT 7, the **Crash Analyzer Wizard** has a setting available on the **Specify Symbol Files Location** dialog page, marked with the label **Proxy server (optional, using the format "server:port")**. You can use this text box to specify a proxy server. Enter the proxy address in the form **<hostname>:<port>**, where the <**hostname**> is a DNS name or IP address, and the <**port**> is a TCP port number, usually 80. There are two modes in which the **Crash Analyzer** can be run. Following is how you use the proxy setting in each of these modes: - - - **Online mode:** In this mode, if the proxy server field is left blank, the wizard uses the proxy settings from Internet Options in Control Panel. If you enter a proxy address in the text box which is provided, that address will be used, and it will override the setting in the Internet Options. - - - **Windows Recovery Environment (Windows RE):** When you run **Crash Analyzer** from the **Diagnostics and Recovery Toolset** window, there is no default proxy address. If the computer is directly connected to the Internet, a proxy address is not required. Therefore, you can leave this field blank in the wizard setting. If the computer is not directly connected to the Internet, and it is in a network environment that has a proxy server, you must set the proxy field in the wizard to access the symbol store. The proxy address can be obtained from the network administrator. Setting the proxy server is important only when the public symbol store is connected to the Internet. If the symbols are already on the DaRT recovery image, or if they are available locally, setting the proxy server is not required. - -## Related topics - - -[Diagnosing System Failures with Crash Analyzer](diagnosing-system-failures-with-crash-analyzer--dart-7.md) - -  - -  - - - - - diff --git a/mdop/dart-v7/how-to-recover-local-computers-using-the-dart-recovery-image-dart-7.md b/mdop/dart-v7/how-to-recover-local-computers-using-the-dart-recovery-image-dart-7.md deleted file mode 100644 index f7bab54d96..0000000000 --- a/mdop/dart-v7/how-to-recover-local-computers-using-the-dart-recovery-image-dart-7.md +++ /dev/null @@ -1,104 +0,0 @@ ---- -title: How to Recover Local Computers Using the DaRT Recovery Image -description: How to Recover Local Computers Using the DaRT Recovery Image -author: dansimp -ms.assetid: be29b5a8-be08-4cf2-822e-77a51d3f3b65 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Recover Local Computers Using the DaRT Recovery Image - - -To recover a local computer by using Microsoft Diagnostics and Recovery Toolset (DaRT) 7, you must be physically present at the end-user computer that is experiencing problems that require DaRT. You can also run DaRT remotely by following the instructions at [How to Recover Remote Computers Using the DaRT Recovery Image](how-to-recover-remote-computers-using-the-dart-recovery-image-dart-7.md). - -**To recover a local computer by using DaRT** - -1. As the computer is booting into the DaRT recovery image, the **NetStart** dialog box appears. You are asked whether you want to initialize network services. If you click **Yes**, it is assumed that a DHCP server is present on the network and an attempt is made to obtain an IP address from the server. If the network uses static IP addresses instead of DHCP, you can later use the **TCP/IP Configuration** tool in DaRT to specify a static IP address. - - To skip the network initialization process, click **No**. - -2. Following the network initialization dialog box, you are asked whether you want to remap the drive letters. When you run Windows online, the system volume is typically mapped to drive C. However, when you run Windows offline under WinRE, the original system volume might be mapped to another drive, and this can cause confusion. If you decide to remap, DaRT tries to map the offline drive letters to match the online drive letters. Remapping is performed only if an offline operating system is selected later in the startup process. - -3. Following the remapping dialog box, a **System Recovery Options** dialog box appears and asks you to select a keyboard layout. Then it displays the system root directory, the kind of operating system installed, and the partition size. If you do not see your operating system listed, and suspect that the lack of drivers is a possible cause of the failure, click **Load Drivers** to load the suspect drivers. This prompts you to insert the installation media for the device and to select the driver. Select the installation that you want to repair or diagnose, and then click **Next**. - - **Note** - If the Windows Recovery Environment (WinRE) detects or suspects that Windows 7 did not start correctly the last time that it was tried, **Startup Repair** might start to run automatically. - - - -~~~ -If any of the registry hives are corrupted or missing, Registry Editor, and several other DaRT utilities, will have limited functionality. If no operating system is selected, some tools will not be available. - -The **System Recovery Options** window appears and lists various recovery tools. -~~~ - -4. On the **System Recovery Options** window, click **Microsoft Diagnostics and Recovery Toolset**. - - The **Diagnostics and Recovery Toolset** window opens. You can now run any of the individual tools or wizards that were included when the DaRT recovery image was created. - -You can click **Help** on the **Diagnostics and Recovery Toolset** window to open the client Help file that provides detailed instruction and information needed to run the individual DaRT tools. You can also click the **Solution Wizard** on the **Diagnostics and Recovery Toolset** window to choose the best tool for the situation, based on a brief interview that the wizard provides. - -For general information about any of the DaRT tools, see [Overview of the Tools in DaRT 7.0](overview-of-the-tools-in-dart-70-new-ia.md). - -**To run DaRT at the command prompt** - -1. You can run DaRT at the command prompt by specifying the **netstart.exe** command and by using any of the following parameters: - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

-network

Initializes the network services.

-remount

Remaps the drive letters.

-prompt

Displays messages asking the end user to specify whether to initialize the network and remap the drives.

-
- Important

The end user’s response to the prompts overrides the -network and -remount switches.

-
-
- -
- - - -2. You can customize DaRT so that a computer that boots into DaRT automatically opens the **Remote Connection** tool that is used to establish a remote connection with the help desk. - -## Related topics - - -[Recovering Computers Using DaRT 7.0](recovering-computers-using-dart-70-dart-7.md) - - - - - - - - - diff --git a/mdop/dart-v7/how-to-recover-remote-computers-using-the-dart-recovery-image-dart-7.md b/mdop/dart-v7/how-to-recover-remote-computers-using-the-dart-recovery-image-dart-7.md deleted file mode 100644 index 4ed0e0e5ec..0000000000 --- a/mdop/dart-v7/how-to-recover-remote-computers-using-the-dart-recovery-image-dart-7.md +++ /dev/null @@ -1,196 +0,0 @@ ---- -title: How to Recover Remote Computers Using the DaRT Recovery Image -description: How to Recover Remote Computers Using the DaRT Recovery Image -author: dansimp -ms.assetid: 66bc45fb-dc40-4d47-b583-5bb1ff5c97a7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Recover Remote Computers Using the DaRT Recovery Image - - -The Remote Connection feature in Microsoft Diagnostics and Recovery Toolset (DaRT) 7 lets an IT administrator run the DaRT tools remotely on an end-user computer. After certain information is provided by the end user (or by a helpdesk professional working on the end-user computer), the IT administrator or helpdesk agent can take control of the end user's computer and run the necessary DaRT tools remotely. - -**Important** -The two computers establishing a remote connection must be part of the same network. - - - -**To recover a remote computer by using DaRT** - -1. Boot an end-user computer by using the DaRT recovery image. - - You will typically use one of the following methods to boot into DaRT to recover a remote computer, depending on how you deploy the DaRT recovery image. For more information about deploying the DaRT recovery image, see [Deploying the DaRT 7.0 Recovery Image](deploying-the-dart-70-recovery-image-dart-7.md). - - - Boot into DaRT from a recovery partition on the problem computer. - - - Boot into DaRT from a remote partition on the network. - - For information about the advantages and disadvantages of each method, see [Planning How to Save and Deploy the DaRT 7.0 Recovery Image](planning-how-to-save-and-deploy-the-dart-70-recovery-image.md). - - Whichever method that you use to boot into DaRT, you must enable the boot device in the BIOS for the boot option or options that you want to make available to the end user. - - **Note** - Configuring the BIOS is unique, depending on the kind of hard disk drive, network adapters, and other hardware that is used in your organization. - - - -2. As the computer is booting into the DaRT recovery image, the **NetStart** dialog box appears. You are asked whether you want to initialize network services. If you click **Yes**, it is assumed that a DHCP server is present on the network and an attempt is made to obtain an IP address from the server. If the network uses static IP addresses instead of DHCP, you can later use the **TCP/IP Configuration** tool in DaRT to specify a static IP address. - - To skip the network initialization process, click **No**. - -3. Following the network initialization dialog box, you are asked whether you want to remap the drive letters. When you run Windows online, the system volume is typically mapped to drive C. However, when you run Windows offline under WinRE, the original system volume might be mapped to another drive, and this can cause confusion. If you decide to remap, DaRT tries to map the offline drive letters to match the online drive letters. Remapping is performed only if an offline operating system is selected later in the startup process. - -4. Following the remapping dialog box, a **System Recovery Options** dialog box appears and asks you to select a keyboard layout. Then it displays the system root directory, the kind of operating system installed, and the partition size. If you do not see your operating system listed, and suspect that the lack of drivers is a possible cause of the failure, click **Load Drivers** to load the suspect drivers. This prompts you to insert the installation media for the device and to select the driver. Select the installation that you want to repair or diagnose, and then click **Next**. - - **Note** - If the Windows Recovery Environment (WinRE) detects or suspects that Windows 7 did not start correctly the last time that it was tried, **Startup Repair** might start to run automatically. For information about this situation including how to resolve it, see [Troubleshooting DaRT 7.0](troubleshooting-dart-70-new-ia.md). - - - -~~~ -If any of the registry hives are corrupted or missing, Registry Editor, and several other DaRT utilities, will have limited functionality. If no operating system is selected, some tools will not be available. - -The **System Recovery Options** window appears and lists various recovery tools. -~~~ - -5. On the **System Recovery Options** window, select **Microsoft Diagnostics and Recovery Toolset** to open the **Diagnostics and Recovery Toolset** window. - -6. On the **Diagnostics and Recovery Toolset** window, click **Remote Connection** to open the **DaRT Remote Connection** window. If you are prompted to give the help desk remote access, click **OK**. - - The DaRT Remote Connection window opens and displays a ticket number, IP address, and port information. - -7. On the helpdesk agent computer, open the **DaRT Remote Connection Viewer**. - - Click **Start**, click **All Programs**, click **Microsoft DaRT 7**, and then click **DaRT Remote Connection Viewer**. - -8. In the **DaRT Remote Connection** window, enter the required ticket, IP address, and port information. - - **Note** - This information is created on the end-user computer and must be provided by the end user. There might be multiple IP addresses to choose from, depending on how many are available on the end-user computer. - - - -9. Click **Connect**. - -The IT administrator now assumes control of the end-user computer and can run the DaRT tools remotely. - -**Note** -A file is provided that is named inv32.xml and contains remote connection information, such as the port number and IP address. By default, the file is typically located at %windir%\\system32. - - - -**To customize the Remote Connection process** - -1. You can customize the Remote Connection process by editing the winpeshl.ini file. For more information about how to edit the winpeshl.ini file, see [Winpeshl.ini Files](https://go.microsoft.com/fwlink/?LinkId=219413). - - Specify the following commands and parameters to customize how a remote connection is established with an end-user computer: - - - - - - - - - - - - - - - - - - - - - - - - - - -
CommandParameterDescription

RemoteRecovery.exe

-nomessage

Specifies that the confirmation prompt is not displayed. Remote Connection continues just as if the end user had responded "Yes" to the confirmation prompt.

WaitForConnection.exe

none

Prevents a custom script from continuing until either Remote Connection is not running or a valid connection is established with the end-user computer.

-
- Important

This command serves no function if it is specified independently. It must be specified in a script to function correctly.

-
-
- -
- - - -2. The following is an example of a winpeshl.ini file that is customized to open the **Remote Connection** tool as soon as an attempt is made to boot into DaRT: - - ```ini - [LaunchApps] - "%windir%\system32\netstart.exe -network -remount" - "cmd /C start %windir%\system32\RemoteRecovery.exe -nomessage" - "%windir%\system32\WaitForConnection.exe" - "%SYSTEMDRIVE%\sources\recovery\recenv.exe" - ``` - -**To run the Remote Connection Viewer at the command prompt** - -1. You can run the **DaRT Remote Connection Viewer** at the command prompt by specifying the **DartRemoteViewer.exe** command and by using the following parameters: - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

-ticket=<ticketnumber>

Where <ticketnumber> is the ticket number, including the dashes, that is generated by Remote Connection.

-ipaddress=<ipaddress>

Where <ipaddress> is the IP address that is generated by Remote Connection.

-port=<port>

Where <port> is the port that corresponds to the specified IP address.

- - - -~~~ -**Note** -The variables for these parameters are created on the end-user computer and must be provided by the end user. -~~~ - - - -2. If all three parameters are specified and the data is valid, a connection is immediately tried when the program starts. If any parameter is not valid, the program starts as if there were no parameters specified. - -## Related topics - - -[Recovering Computers Using DaRT 7.0](recovering-computers-using-dart-70-dart-7.md) - - - - - - - - - diff --git a/mdop/dart-v7/how-to-run-the-crash-analyzer-in-stand-alone-mode-on-a-computer-other-than-an-end-user-computer-dart-7.md b/mdop/dart-v7/how-to-run-the-crash-analyzer-in-stand-alone-mode-on-a-computer-other-than-an-end-user-computer-dart-7.md deleted file mode 100644 index 943522849f..0000000000 --- a/mdop/dart-v7/how-to-run-the-crash-analyzer-in-stand-alone-mode-on-a-computer-other-than-an-end-user-computer-dart-7.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: How to Run the Crash Analyzer in Stand-alone Mode on a Computer Other than an End-user Computer -description: How to Run the Crash Analyzer in Stand-alone Mode on a Computer Other than an End-user Computer -author: dansimp -ms.assetid: 881d573f-2f18-4c5f-838e-2f5320179f94 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Run the Crash Analyzer in Stand-alone Mode on a Computer Other than an End-user Computer - - -If you cannot access the Microsoft Debugging Tools for Windows or the symbol files on the end-user computer, you can copy the dump file from the problem computer and analyze it on a computer that has the stand-alone version of Crash Analyzer installed, such as a helpdesk administrator’s computer. - -**To run the Crash Analyzer in stand-alone mode** - -1. On a computer with DaRT 7 installed, click **Start** / **All Programs** / **Microsoft DaRT 7**. - -2. Provide the required information for the following: - - - Microsoft Debugging Tools for Windows - - - Symbol files - - For more information about symbol files, see, [How to Ensure that Crash Analyzer Can Access Symbol Files](how-to-ensure-that-crash-analyzer-can-access-symbol-files-dart-7.md). - - - A crash dump file - - **Note**   - Use the Search tool in DaRT 7 to locate the copied crash dump file. - - - -3. The **Crash Analyzer** scans the crash dump file and reports a probable cause of the crash. You can view more information about the crash, such as the specific crash message and description, the drivers loaded at the time of the crash, and the full output of the analysis. - -4. Decide upon an appropriate strategy to resolve the problem. This may require disabling or updating the device driver that caused the crash by using the **Services and Drivers** node of the **Computer Management** tool in DaRT. - -## Related topics - - -[Diagnosing System Failures with Crash Analyzer](diagnosing-system-failures-with-crash-analyzer--dart-7.md) - - - - - - - - - diff --git a/mdop/dart-v7/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-7.md b/mdop/dart-v7/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-7.md deleted file mode 100644 index 857157396c..0000000000 --- a/mdop/dart-v7/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-7.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: How to Run the Crash Analyzer on an End-user Computer -description: How to Run the Crash Analyzer on an End-user Computer -author: dansimp -ms.assetid: 40af4ead-6588-4a81-8eaa-3dc00c397e1d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Run the Crash Analyzer on an End-user Computer - - -Typically, you run Microsoft Diagnostics and Recovery Toolset (DaRT) 7 Crash Analyzer from the Diagnostics and Recovery Toolset window on an end-user computer that has problems. The Crash Analyzer tries to locate the Debugging Tools for Windows on the problem computer. If the directory path dialog box is empty, you must enter the location or browse to the location of the Debugging Tools for Windows (you can download the files from Microsoft). You must also provide a path to where the symbol files are located. - -**To open and run the Crash Analyzer on an end-user computer** - -1. On the **Diagnostics and Recovery Toolset** window on an end-user computer, click **Crash Analyzer**. - -2. Provide the required information for the following: - - - Microsoft Debugging Tools for Windows - - - Symbol files - - For more information about symbol files, see, [How to Ensure that Crash Analyzer Can Access Symbol Files](how-to-ensure-that-crash-analyzer-can-access-symbol-files-dart-7.md). - - - A crash dump file - - Follow these steps to determine the location of the crash dump file: - - 1. Open the **System Properties** window. - - Click **Start**, type sysdm.cpl, and then press Enter. - - 2. Click the **Advanced** tab. - - 3. In the **Startup and Recovery** area, click **Settings**. - - **Note**   - If you do not have access to the **System Properties** window, you can search for dump files on the end-user computer by using the **Search** tool in DaRT. - - - -3. The **Crash Analyzer** scans the crash dump file and reports a probable cause of the crash. You can view more information about the crash, such as the specific crash message and description, the drivers loaded at the time of the crash, and the full output of the analysis. - -4. Decide upon an appropriate strategy to resolve the problem. This may require disabling or updating the device driver that caused the crash by using the **Services and Drivers** node of the **Computer Management** tool in DaRT. - -## Related topics - - -[Diagnosing System Failures with Crash Analyzer](diagnosing-system-failures-with-crash-analyzer--dart-7.md) - - - - - - - - - diff --git a/mdop/dart-v7/how-to-use-the-dart-recovery-image-wizard-to-create-the-recovery-image-dart-7.md b/mdop/dart-v7/how-to-use-the-dart-recovery-image-wizard-to-create-the-recovery-image-dart-7.md deleted file mode 100644 index 28abed205c..0000000000 --- a/mdop/dart-v7/how-to-use-the-dart-recovery-image-wizard-to-create-the-recovery-image-dart-7.md +++ /dev/null @@ -1,190 +0,0 @@ ---- -title: How to Use the DaRT Recovery Image Wizard to Create the Recovery Image -description: How to Use the DaRT Recovery Image Wizard to Create the Recovery Image -author: dansimp -ms.assetid: 1b8ef983-fff9-4d75-a2f6-53120c5c00c9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Use the DaRT Recovery Image Wizard to Create the Recovery Image - - -Microsoft Diagnostics and Recovery Toolset (DaRT) 7 includes the **DaRT Recovery Image Wizard** that is used in Windows to create a bootable International Organization for Standardization (ISO) image. An ISO image is a file that represents the raw contents of a CD. - -The **DaRT Recovery Image Wizard** requires the following information: - -- **Boot Image**˚˚You must provide the path of a Windows 7 DVD or Windows 7 source files that are required to create the DaRT recovery image. - -- **Tool Selection**˚˚You can select the tools to include on the DaRT recovery image. - -- **Remote Connections**˚˚You can select whether you want the DaRT recovery image to include the ability to establish a remote connection between the helpdesk and the end-user computer. - -- **Debugging Tools for Windows**˚˚You are asked to provide the location of the Debugging Tools for Windows. - -- **Definitions for Standalone System Sweeper**˚˚You can decide whether to download the latest definitions at the time that you create the recovery image or download the definitions later. - -- **Drivers**˚˚You are asked whether you want to add drivers to the ISO image. - -- **Additional Files**˚˚You can add files to the ISO image that might help diagnose problems. - -- **ISO Image Location**˚˚You are asked to specify where the ISO image should be located. - -- **CD/DVD Drive**˚˚You are asked to specify whether the CD or DVD drive should be used to burn the CD or DVD. - -**Note**   -The ISO image size can vary, depending on the tools that were selected in the **DaRT Recovery Image Wizard**. - - - -## To create the recovery image using the DaRT Recovery Image Wizard - - -Follow these instructions to use the **DaRT Recovery Image Wizard** to create the DaRT recovery image. - -### To select the tools to include on the DaRT recovery image - -The **DaRT Recovery Image Wizard** presents a **Tool Selection** dialog box. You can select or remove tools from the list of tools to be included on the DaRT recovery image by highlighting a tool and then clicking the **Enable** or **Disable** buttons. - -After you have selected all the tools that you want to include on the recovery image, click **Next**. - -### To add the option to allow remote connectivity - -You can select the **Allow remote connections** check box to provide the option in the **Diagnostics and Recovery Toolset** window to establish a remote connection between the helpdesk agent and an end-user computer. After a helpdesk agent establishes a remote connection, they can run the DaRT tools on the end-user computer from a remote location. - -You can select the **Specify the port number** check box to enter a specific port number that will be used when establishing a remote connection. You can specify a port number between 1 and 65535. We recommend that the port number be 1024 or higher to minimize the possibility of a conflict. - -You can also create a customized message that an end user will receive when they establish a remote connection. The message can be a maximum of 2048 characters. - -For more information about remotely running the DaRT tools, see [How to Recover Remote Computers Using the DaRT Recovery Image](how-to-recover-remote-computers-using-the-dart-recovery-image-dart-7.md). - -### To add the Debugging Tools for Windows to the DaRT recovery image - -In the **Crash Analyzer** dialog box of the **DaRT Recovery Image Wizard**, you are asked to specify the location of the Debugging Tools for Windows. If you do not have a copy of the tools, you can download them from Microsoft. The following link to the download page is provided in the wizard: [Download and Install Debugging Tools for Windows](https://go.microsoft.com/fwlink/?LinkId=99934). - -You can either specify the location of the debugging tools on the computer where you are running the **DaRT Recovery Image Wizard**, or you can decide to use the tools that are located on the destination computer. If you decide to use a copy on another computer, you must make sure that the tools are installed on each computer on which you are diagnosing a crash. - -**Note**   -If you include the **Crash Analyzer** in the ISO image, we recommend that you also include the Debugging Tools for Windows. - - - -Follow these steps to add the Debugging Tools for Windows: - -1. (Optional) Click the hyperlink to download the Debugging Tools for Windows. - -2. Select one of the following options: - - - **Use the Debugging Tools for Windows in the following location**. If you select this option, you can browse to the location of the tools. - - - **Locate the Debugging Tools for Windows on the system that you are repairing**. If you select this option, the **Crash Analyzer** will not work if the Debugging Tools for Windows are not found on the problem computer. - -3. After you have finished, click **Next**. - -### To add definitions for Standalone System Sweeper to the DaRT recovery image - -Definitions are a repository of known malware and other potentially unwanted software. Because malware is being continually developed, **Standalone System Sweeper** relies on current definitions to determine whether software that is trying to install, run, or change settings on a computer is potentially unwanted or malicious software. - -To include the latest definitions in the DaRT recovery image (recommended), click **Yes, download the latest definitions.** The definition update starts automatically. You must be connected to the Internet to complete this process. - -To skip the definition update, click **No, manually download definitions later**. Definitions will not be included in the DaRT recovery image. - -If you decide not to include the latest definitions on the recovery image, or if the definitions included on the recovery image are no longer current by the time that you are ready to use **Standalone System Sweeper**, obtain the latest definitions before you begin a scan by following the instructions that are provided in the **Standalone System Sweeper**. - -**Important**   -You cannot scan if there are no definitions. - - - -After you have finished, click **Next**. - -### To add drivers to the DaRT recovery image - -**Caution**   -By default, when you add a driver to the DaRT recovery image, all additional files and subfolders that are located in that folder are added into the recovery image. For more information, see [Troubleshooting DaRT 7.0](troubleshooting-dart-70-new-ia.md). - - - -You should include additional drivers on the recovery image for DaRT 7 that you may need when repairing a computer. These may typically include storage or network controllers that are not included on the Windows DVD. - -**Important**   -When you select drivers to include, be aware that wireless connectivity (such as Bluetooth or 802.11a/b/g/n) is not supported in DaRT. - - - -**To add a storage or network controller driver to the recovery image** - -1. In the **Additional Drivers** dialog box of the **DaRT Recovery Image Wizard**, click **Add Device**. - -2. Browse to the file to be added for the driver, and then click **Open**. - - **Note**   - The **driver** file is provided by the manufacturer of the storage or network controller. - - - -3. Repeat Steps 1 and 2 for every driver that you want to include. - -4. After you have finished, click **Next**. - -### To add files to the DaRT recovery image - -Follow these steps to add files to the recovery image so that you can use them to diagnose computer problems. - -1. In the **Additional Files** dialog box of the **DaRT Recovery Image Wizard**, click **Show Files**. This opens an Explorer window that displays the folder that holds the shared files. - -2. Create a subfolder in the folder that is listed in the dialog box. - -3. Copy the files that you want to the new subfolder. - -4. After you have finished, click **Next.** - -### To select a location for the ISO that contains the DaRT recovery image - -Follow these steps to specify the location where the ISO image is created: - -1. In the **Create Startup Image** dialog box of the **DaRT Recovery Image Wizard**, click **Browse**. - -2. Browse to the preferred location in the **Save As** window, and then click **Save**. - -3. After you have finished, click **Next**. - -The size of the ISO image will vary, depending on the tools that you select and the files that you add in the wizard. - -The wizard requires the ISO image to have an **.iso** file name extension because most programs that burn a CD or DVD require that extension. If you do not specify a different location, the ISO image is created on your desktop with the name **DaRT70.ISO**. - -### To burn the recovery image to a CD or DVD - -If the **DaRT Recovery Image Wizard** detects a compatible CD-RW drive on your computer, it offers to burn the ISO image to a disc for you. If you want to burn a CD or DVD and the wizard does not recognize your drive, you must use another program, such as the program that was included with your drive. You can use a duplicator, a duplicating service, or CD or DVD-burning software to make any additional copies. - -1. In the **Burn to a recordable CD/DVD** dialog box of the **DaRT Recovery Image Wizard**, select **Burn the image to the following recordable CD/DVD drive**. - -2. Select the CD or DVD drive. - - **Note**   - If a drive is not recognized and you install a new drive, you can click **Refresh Drive List** to force the wizard to update the list of available drives. - - - -3. Click **Next**. - -## Related topics - - -[Creating the DaRT 7.0 Recovery Image](creating-the-dart-70-recovery-image-dart-7.md) - - - - - - - - - diff --git a/mdop/dart-v7/images/checklistbox.gif b/mdop/dart-v7/images/checklistbox.gif deleted file mode 100644 index 8af13c51d1..0000000000 Binary files a/mdop/dart-v7/images/checklistbox.gif and /dev/null differ diff --git a/mdop/dart-v7/index.md b/mdop/dart-v7/index.md deleted file mode 100644 index ba12a07c9d..0000000000 --- a/mdop/dart-v7/index.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: Diagnostics and Recovery Toolset 7 Administrator's Guide -description: Diagnostics and Recovery Toolset 7 Administrator's Guide -author: dansimp -ms.assetid: bf89eccd-fc03-48ff-9019-a8640e11dd99 -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 04/19/2017 ---- - - -# Diagnostics and Recovery Toolset 7 Administrator's Guide - - -Microsoft Diagnostics and Recovery Toolset (DaRT) 7 lets you diagnose and repair a computer that cannot be started or that has problems starting as expected. By using DaRT, you can recover end-user computers that have become unusable, diagnose probable causes of issues, and quickly repair unbootable or locked-out computers. When it is necessary, you can also quickly restore important lost files and detect and remove malware, even when the computer is not online. - -DaRT is an important part of the Microsoft Desktop Optimization Pack (MDOP), a dynamic solution available to Software Assurance customers that helps reduce software installation costs, enables delivery of applications as services, and helps manage and control enterprise desktop environments. - -[Getting Started with DaRT 7.0](getting-started-with-dart-70-new-ia.md) - -[About DaRT 7.0](about-dart-70-new-ia.md)**|**[Overview of the Tools in DaRT 7.0](overview-of-the-tools-in-dart-70-new-ia.md)**|**[Accessibility for DaRT 7.0](accessibility-for-dart-70.md) - -[Planning for DaRT 7.0](planning-for-dart-70-new-ia.md) - -[Planning to Deploy DaRT 7.0](planning-to-deploy-dart-70.md)**|**[DaRT 7.0 Supported Configurations](dart-70-supported-configurations-dart-7.md)**|**[Planning to Create the DaRT 7.0 Recovery Image](planning-to-create-the-dart-70-recovery-image.md)**|**[Planning How to Save and Deploy the DaRT 7.0 Recovery Image](planning-how-to-save-and-deploy-the-dart-70-recovery-image.md)**|**[DaRT 7.0 Planning Checklist](dart-70-planning-checklist-dart-7.md) - -[Deploying DaRT 7.0](deploying-dart-70-new-ia.md) - -[Deploying DaRT 7.0 to Administrator Computers](deploying-dart-70-to-administrator-computers-dart-7.md)**|**[Creating the DaRT 7.0 Recovery Image](creating-the-dart-70-recovery-image-dart-7.md)**|**[Deploying the DaRT 7.0 Recovery Image](deploying-the-dart-70-recovery-image-dart-7.md)**|**[DaRT 7.0 Deployment Checklist](dart-70-deployment-checklist-dart-7.md) - -[Operations for DaRT 7.0](operations-for-dart-70-new-ia.md) - -[Recovering Computers Using DaRT 7.0](recovering-computers-using-dart-70-dart-7.md)**|**[Diagnosing System Failures with Crash Analyzer](diagnosing-system-failures-with-crash-analyzer--dart-7.md)**|**[Security Considerations for DaRT 7.0](security-considerations-for-dart-70-dart-7.md) - -[Troubleshooting DaRT 7.0](troubleshooting-dart-70-new-ia.md) - -[Technical Reference for DaRT 7.0](technical-reference-for-dart-70-new-ia.md) - -### More Information - -[Release Notes for DaRT 7.0](release-notes-for-dart-70-new-ia.md) -View updated product information and known issues for DaRT 7. - -[MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286) -Learn about the latest MDOP information and resources. - -[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) -Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447). - -  - -  - - - - - diff --git a/mdop/dart-v7/operations-for-dart-70-new-ia.md b/mdop/dart-v7/operations-for-dart-70-new-ia.md deleted file mode 100644 index 1a7b02146b..0000000000 --- a/mdop/dart-v7/operations-for-dart-70-new-ia.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: Operations for DaRT 7.0 -description: Operations for DaRT 7.0 -author: dansimp -ms.assetid: 5566d817-fc14-4408-ba01-1d87fbc132d9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Operations for DaRT 7.0 - - -This section of the Administrator’s Guide includes information about the various types of Microsoft Diagnostics and Recovery Toolset (DaRT) 7 administration and operating tasks that are typically performed by an administrator. This section also includes step-by-step procedures to help you successfully perform those tasks. - -## Operations information - - -- [Recovering Computers Using DaRT 7.0](recovering-computers-using-dart-70-dart-7.md) - - This section provides information to help you recover computers using the DaRT 7 recovery image. - -- [Diagnosing System Failures with Crash Analyzer](diagnosing-system-failures-with-crash-analyzer--dart-7.md) - - This section provides information to help you use the DaRT 7 Crash Analyzer to diagnose system failures. - -- [Security Considerations for DaRT 7.0](security-considerations-for-dart-70-dart-7.md) - - This section provides information to help you follow security best practices while using DaRT 7. - -## Other resources for DaRT operations - - -- [Diagnostics and Recovery Toolset 7 Administrator's Guide](index.md) - -- [Getting Started with DaRT 7.0](getting-started-with-dart-70-new-ia.md) - -- [Planning for DaRT 7.0](planning-for-dart-70-new-ia.md) - -- [Deploying DaRT 7.0](deploying-dart-70-new-ia.md) - -- [Troubleshooting DaRT 7.0](troubleshooting-dart-70-new-ia.md) - -  - -  - - - - - diff --git a/mdop/dart-v7/overview-of-the-tools-in-dart-70-new-ia.md b/mdop/dart-v7/overview-of-the-tools-in-dart-70-new-ia.md deleted file mode 100644 index a021c0fd09..0000000000 --- a/mdop/dart-v7/overview-of-the-tools-in-dart-70-new-ia.md +++ /dev/null @@ -1,153 +0,0 @@ ---- -title: Overview of the Tools in DaRT 7.0 -description: Overview of the Tools in DaRT 7.0 -author: dansimp -ms.assetid: 67c5991e-cbe6-4ce9-9fe5-f1761369d1fe -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Overview of the Tools in DaRT 7.0 - - -From the **Diagnostics and Recovery Toolset** window in Microsoft Diagnostics and Recovery Toolset (DaRT) 7, you can start any of the individual tools that were included when the DaRT recovery image was created. For information about how to access the **Diagnostics and Recovery Toolset** window, see [How to Recover Local Computers Using the DaRT Recovery Image](how-to-recover-local-computers-using-the-dart-recovery-image-dart-7.md). - -If it is available, you can use the **Solution Wizard** on the **Diagnostics and Recovery Toolset** window to select the tool that best addresses your particular issue, based on a brief interview. - -## Exploring the DaRT Tools - - -This section describes the various tools that are part of DaRT. - -### Registry Editor - -You can use **Registry Editor** to access and change the registry of the Windows operating system that you are analyzing or repairing. This includes adding, removing, and editing keys and values, and importing registry (.reg) files. - -**Caution**   -This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk. - - - -### Locksmith - -The **Locksmith Wizard** lets you set or change the password for any local account on the Windows operating system that you are analyzing or repairing. You do not have to know the current password. However, the password that you set must comply with any requirements that are defined by a local Group Policy object. This includes password length and complexity. - -You can use **Locksmith** when the password for a local account, such as the local Administrator account, is unknown. You cannot use **Locksmith** to set passwords for domain accounts. - -### Crash Analyzer - -Use the **Crash Analyzer Wizard** to quickly determine the cause of a computer crash by analyzing the memory dump file on the Windows operating system that you are repairing. **Crash Analyzer** examines the crash dump file for the driver that caused a computer to fail. Then, you can disable the problem device driver by using the **Services and Drivers** node in the **Computer Management** tool. - -The **Crash Analyzer Wizard** requires the Debugging Tools for Windows and symbol files for the operating system that you are repairing. You can include both requirements when you create the DaRT recovery image. If they are not included on the recovery image and you do not have access to them on the computer that you are repairing, you can copy the memory dump file to another computer and use the stand-alone version of **Crash Analyzer** to diagnose the problem. - -Running **Crash Analyzer** is a good idea even if you plan to reimage the computer. The image could have a defective driver that is causing problems in your environment. By running **Crash Analyzer**, you can identify problem drivers and improve the image stability. - -For more information about **Crash Analyzer**, see [Diagnosing System Failures with Crash Analyzer](diagnosing-system-failures-with-crash-analyzer--dart-7.md). - -### File Restore - -**File Restore** lets you try to restore files that were accidentally deleted or that were too big to fit in the Recycle Bin. **File Restore** is not limited to regular disk volumes, but can find and restore files on lost volumes or on volumes that are encrypted by BitLocker. - -### Disk Commander - -**Disk Commander** lets you recover and repair disk partitions or volumes by using one of the following recovery processes: - -- Restore the master boot record (MBR) - -- Recover one or more lost volumes - -- Restore partition tables from **Disk Commander** backup - -- Save partition tables to **Disk Commander** backup - -**Warning**   -We recommend that you back up a disk before you use **Disk Commander** to repair it. By using **Disk Commander**, you can potentially damage volumes and make them inaccessible. Additionally, changes to one volume can affect other volumes because volumes on a disk share a partition table. - - - -### Disk Wipe - -You can use **Disk Wipe** to delete all data from a disk or volume, even the data that is left behind after you reformat a hard disk drive. **Disk Wipe** lets you select from either a single-pass overwrite or a four-pass overwrite, which meets current U.S. Department of Defense standards. - -**Warning**   -After wiping a disk or volume, you cannot recover the data. Verify the size and label of a volume before erasing it. - - - -### Computer Management - -**Computer Management** is a collection of Windows administrative tools that help you troubleshoot a problem computer. You can use the **Computer Management** tools in DaRT to view system information and event logs, manage disks, list autoruns, and manage services and drivers. The **Computer Management** console is customized to help you diagnose and repair problems that might be preventing the Windows operating system from starting. - -### Explorer - -The **Explorer** tool lets you browse the computer’s file system and network shares so that you can remove important data that the user stored on the local drive before you try to repair or reimage the computer. And because you can map drive letters to network shares, you can easily copy and move files from the computer to the network for safekeeping or from the network to the computer to restore them. - -### Solution Wizard - -The **Solution Wizard** presents a series of questions and then recommends the best tool for the situation, based on your answers. This wizard helps you determine which tool to use when you are not familiar with the tools in DaRT. - -### TCP/IP Config - -When you boot a problem computer into DaRT, it is set to automatically obtain its TCP/IP configuration (IP address and DNS server) from Dynamic Host Configuration Protocol (DHCP). If DHCP is unavailable, you can manually configure TCP/IP by using the **TCP/IP Config** tool. You first select a network adapter, and then configure the IP address and DNS server for that adapter. - -### Hotfix Uninstall - -The **Hotfix Uninstall Wizard** lets you remove hotfixes or service packs from the Windows operating system on the computer that you are repairing. Use this tool when a hotfix or service pack is suspected in preventing the operating system from starting. - -We recommend that you uninstall only one hotfix at a time, even though the tool lets you uninstall more than one. - -**Important**   -Programs that were installed or updated after a hotfix was installed might not work correctly after you uninstall a hotfix. - - - -### SFC Scan - -The **SFC Scan** tool starts the **System File Repair Wizard** and lets you repair system files that are preventing the installed Windows operating system from starting. The **System File Repair Wizard** can automatically repair system files that are corrupted or missing, or it can prompt you before it performs any repairs. - -### Search - -Before reimaging a computer, recovering files from the local hard disk is important, especially when the user might not have backed up or stored the files elsewhere. - -The **Search** tool opens a **File Search** window that you can use to find documents when you do not know the file path or to search for general kinds of files across all local hard disks. You can search for specific file-name patterns in specific paths. You can also limit results to a date range or size range. - -### Standalone System Sweeper - -**Important**   -Environments with the Standalone System Sweeper deployed should instead use the Microsoft Defender Offline (WDO) protection image for malware detection. Because of how the Standalone System Sweeper tool integrates into DaRT, all supported DaRT version deployments cannot apply these anti-malware updates to their DaRT images. - - - -The **Standalone System Sweeper** can help detect malware and unwanted software and warn you of security risks. You can use this tool to scan a computer for and remove malware even when the installed Windows operating system is not running. When the **Standalone System Sweeper** detects malicious or unwanted software, it prompts you to remove, quarantine, or allow for each item. - -Malware that uses rootkits can mask itself from the running operating system. If a rootkit-enabled virus or spyware is in a computer, most real-time scanning and removal tools can no longer see it or remove it. Because you boot the problem computer into DaRT and the installed operating system is offline, you can detect the rootkit without it being able to mask itself. - -### Remote Connection - -The **Remote Connection** tool in DaRT lets you remotely run the DaRT tools on an end-user computer. After certain specific information is provided by the end user (or by a helpdesk professional working on the end-user computer), the IT administrator can take control of the end user's computer and run the necessary DaRT tools remotely. - -**Important**   -The two computers establishing a remote connection must be part of the same network. - - - -## Related topics - - -[Getting Started with DaRT 7.0](getting-started-with-dart-70-new-ia.md) - - - - - - - - - diff --git a/mdop/dart-v7/planning-for-dart-70-new-ia.md b/mdop/dart-v7/planning-for-dart-70-new-ia.md deleted file mode 100644 index 0e8009edfe..0000000000 --- a/mdop/dart-v7/planning-for-dart-70-new-ia.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: Planning for DaRT 7.0 -description: Planning for DaRT 7.0 -author: dansimp -ms.assetid: 9a60cb08-5efb-40fe-b1e3-9ece831f3b43 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning for DaRT 7.0 - - -The goal of deployment planning is to successfully and efficiently deploy a product so that it does not disrupt your users or the network. - -There are a number of different deployment configurations and prerequisites that you must consider before you create your deployment plan. This section includes information that can help you gather the information that you must have to formulate a deployment plan that best meets your business requirements. - -## Planning information - - -- [Planning to Deploy DaRT 7.0](planning-to-deploy-dart-70.md) - - There are a number of different deployment configurations and prerequisites that you must consider before you create your deployment plan. This section includes information that can help you gather the information that you must have to formulate a deployment plan that best meets your business requirements. - -- [DaRT 7.0 Planning Checklist](dart-70-planning-checklist-dart-7.md) - - This checklist can be used to help you plan for preparing your computing environment for DaRT 7 deployment. - -## Other resources for DaRT 7 Planning - - -- [Diagnostics and Recovery Toolset 7 Administrator's Guide](index.md) - -- [Getting Started with DaRT 7.0](getting-started-with-dart-70-new-ia.md) - -- [Deploying DaRT 7.0](deploying-dart-70-new-ia.md) - -- [Operations for DaRT 7.0](operations-for-dart-70-new-ia.md) - -- [Troubleshooting DaRT 7.0](troubleshooting-dart-70-new-ia.md) - -  - -  - - - - - diff --git a/mdop/dart-v7/planning-how-to-save-and-deploy-the-dart-70-recovery-image.md b/mdop/dart-v7/planning-how-to-save-and-deploy-the-dart-70-recovery-image.md deleted file mode 100644 index 041f8915f6..0000000000 --- a/mdop/dart-v7/planning-how-to-save-and-deploy-the-dart-70-recovery-image.md +++ /dev/null @@ -1,88 +0,0 @@ ---- -title: Planning How to Save and Deploy the DaRT 7.0 Recovery Image -description: Planning How to Save and Deploy the DaRT 7.0 Recovery Image -author: dansimp -ms.assetid: d96e9363-6186-4fc3-9b83-ba15ed9694a5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning How to Save and Deploy the DaRT 7.0 Recovery Image - - -Use the information in this section when you plan for saving and deploying the Microsoft Diagnostics and Recovery Toolset (DaRT) 7 recovery image. - -## Planning How to Save and Deploy the DaRT Recovery Image - - -You can save and deploy the DaRT recovery image by using the following methods. When you are determining the method that you will use, consider the advantages and disadvantages of each. Also, consider how you want to use DaRT in your enterprise. - -**Note**   -You might want to use more than one method in your organization. For example, you can boot into DaRT from a remote partition for most situations and have a USB flash drive available in case the end-user computer cannot connect to the network. - - - -The following table shows some advantages and disadvantages of each method of using DaRT in your organization. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Method to Boot into DaRTAdvantagesDisadvantages

From a CD or DVD

Supports scenarios in which the master boot record (MBR) is corrupted and you cannot access the hard disk. Also supports cases in which there is no network connection.

-

This is most familiar to users of earlier versions of DaRT, and a CD or DVD can be burned directly from the DaRT Recovery Image Wizard.

Requires that someone with access to the CD or DVD is physically at the end-user computer to boot into DaRT.

From a USB flash drive (UFD)

Provides same advantages as booting from a CD or DVD and also provides support to computers that have no CD or DVD drive.

Requires you to format the UFD before you can use it to boot into DaRT. Also requires that someone with access to the UFD is physically at the end-user computer to boot into DaRT.

From a remote (network) partition

Lets you boot into DaRT without needing a CD, DVD, or UFD. Also allows for easy upgrades of DaRT because there is only one file location to update.

Does not work if the end-user computer is not connected to the network.

-

Widely available to end users and might require additional security considerations when you are creating the recovery image.

From a recovery partition

Lets you boot into DaRT without needing a CD, DVD, or UFD that includes instances in which there is no network connectivity.

-

Also, can be implemented and managed as part of your standard Windows image process by using automated distribution tools, such as Microsoft Endpoint Configuration Manager.

When updating DaRT, requires you to update all computers in your enterprise instead of just one partition (on the network) or device (CD, DVD, or UFD).

- - - -## Related topics - - -[Planning to Deploy DaRT 7.0](planning-to-deploy-dart-70.md) - - - - - - - - - diff --git a/mdop/dart-v7/planning-to-create-the-dart-70-recovery-image.md b/mdop/dart-v7/planning-to-create-the-dart-70-recovery-image.md deleted file mode 100644 index fb3aeeb596..0000000000 --- a/mdop/dart-v7/planning-to-create-the-dart-70-recovery-image.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Planning to Create the DaRT 7.0 Recovery Image -description: Planning to Create the DaRT 7.0 Recovery Image -author: dansimp -ms.assetid: e5d49bee-ae4e-467b-9976-c1203f6355f9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Planning to Create the DaRT 7.0 Recovery Image - - -Use the information in this section when you plan for creating the Microsoft Diagnostics and Recovery Toolset (DaRT) 7 recovery image. - -## Planning to Create the DaRT 7 Recovery Image - - -When you create the DaRT recovery image, you have to decide which tools to include on the image. When you make that decision, remember that end users might have access occasionally to the various DaRT tools. For more information about the DaRT tools, see [Overview of the Tools in DaRT 7.0](overview-of-the-tools-in-dart-70-new-ia.md). For more information about how to help create a secure recovery image, see [Security Considerations for DaRT 7.0](security-considerations-for-dart-70-dart-7.md). - -When you create the DaRT recovery image, you will also specify whether you want to include additional drivers or files. Determine the locations of any additional drivers or files that you want to include on the DaRT recovery image. - -## Prerequisites - - -The following items are required or recommended for creating the DaRT recovery image: - -- Windows 7 source files - - You must provide the path of a Windows 7 DVD or of Windows 7 source files. Windows 7 source files are required to create the DaRT recovery image. - -- Windows Debugging Tools for your platform - - Windows Debugging Tools are required when you run **Crash Analyzer** to determine the cause of a computer crash. We recommend that you specify the path of the Windows Debugging Tools at the time that you create the DaRT recovery image. If it is necessary, you can download the Windows Debugging Tools here: [Download and Install Debugging Tools for Windows](https://go.microsoft.com/fwlink/?LinkId=99934). - -- Optional: **Standalone System Sweeper** definitions - - The latest definitions for the **Standalone System Sweeper** are required when you run this tool. Although you can download the definitions when you run **Standalone System Sweeper**, we recommend that you download the latest definitions at the time you create the DaRT recovery image. In this manner, you can still run the tool with the latest definitions even if the problem computer does not have network connectivity. - -- Optional: Windows symbols files for use with **Crash Analyzer** - - Typically, debugging information is stored in a symbol file that is separate from the executable. You must have access to the symbol information when you debug an application that has stopped responding, for example if it crashed. For more information, see [Diagnosing System Failures with Crash Analyzer](diagnosing-system-failures-with-crash-analyzer--dart-7.md). - -## Related topics - - -[Planning to Deploy DaRT 7.0](planning-to-deploy-dart-70.md) - -  - -  - - - - - diff --git a/mdop/dart-v7/planning-to-deploy-dart-70.md b/mdop/dart-v7/planning-to-deploy-dart-70.md deleted file mode 100644 index 27eb83e0aa..0000000000 --- a/mdop/dart-v7/planning-to-deploy-dart-70.md +++ /dev/null @@ -1,70 +0,0 @@ ---- -title: Planning to Deploy DaRT 7.0 -description: Planning to Deploy DaRT 7.0 -author: dansimp -ms.assetid: 05e97cdb-a8c2-46e4-9c75-a7d12fe26fe8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning to Deploy DaRT 7.0 - - -There are a number of different deployment configurations and prerequisites that you must consider before you create your deployment plan. This section includes information that can help you gather the information that you must have to formulate a deployment plan that best meets your business requirements. - -Consider the following when you plan your Microsoft Diagnostics and Recovery Toolset (DaRT) 7 installation: - -- When you install DaRT, you can either install all functionality on an IT administrator computer where you will perform all the tasks associated with running DaRT. Or you can install only the DaRT functionality that creates the recovery image on the IT administrator computer. Then, install the functionality used to run DaRT, such as the **DaRT Remote Connection Viewer** and **Crash Analyzer**, on a helpdesk agent computer. - -- To be able to run DaRT remotely, make sure that the helpdesk agent computer and all computers that you might be troubleshooting remotely are on the same network. - -- Before you roll out DaRT into production, you can first build a lab environment for testing. A test lab should include a minimum of two computers, one to act as the IT administrator/helpdesk agent computer and one to act as an end-user computer. Or, you can use three computers in your lab if you want to separate the IT administrator responsibilities from those of the helpdesk agent. - -## Review the supported configurations - - -You should review the Microsoft Diagnostics and Recovery Toolset (DaRT) 7 Supported Configurations information to confirm that the computers you have selected for client or feature installation meet the minimum hardware and operating system requirements. - -[DaRT 7.0 Supported Configurations](dart-70-supported-configurations-dart-7.md) - -## Plan for creating the DaRT recovery image - - -When you create the DaRT recovery image, you have to decide which tools to include on the image. When you make that decision, remember that end users might have access occasionally to the various DaRT tools. When you create the recovery image, you will also specify whether you want to include additional drivers or files. Determine the locations of any additional drivers or files that you want to include on the DaRT recovery image. - -You should be aware of the prerequisites and other additional planning recommendations for creating the DaRT recovery image. - -[Planning to Create the DaRT 7.0 Recovery Image](planning-to-create-the-dart-70-recovery-image.md) - -## Plan for saving and deploying the DaRT recovery image - - -Several methods can be used to save and deploy the DaRT recovery image. When you are determining the method that you will use, consider the advantages and disadvantages of each. Also, consider how you want to use DaRT in your enterprise. - -**Note**   -You might want to use more than one method in your organization. For example, you can boot into DaRT from a remote partition for most situations and have a USB flash drive available in case the end-user computer cannot connect to the network. - - - -[Planning How to Save and Deploy the DaRT 7.0 Recovery Image](planning-how-to-save-and-deploy-the-dart-70-recovery-image.md) - -## Other resources for Planning to Deploy DaRT - - -[Planning for DaRT 7.0](planning-for-dart-70-new-ia.md) - - - - - - - - - diff --git a/mdop/dart-v7/recovering-computers-using-dart-70-dart-7.md b/mdop/dart-v7/recovering-computers-using-dart-70-dart-7.md deleted file mode 100644 index fb6d52dd23..0000000000 --- a/mdop/dart-v7/recovering-computers-using-dart-70-dart-7.md +++ /dev/null @@ -1,76 +0,0 @@ ---- -title: Recovering Computers Using DaRT 7.0 -description: Recovering Computers Using DaRT 7.0 -author: dansimp -ms.assetid: bcded7ca-237b-4971-ac34-4394b05cbc50 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Recovering Computers Using DaRT 7.0 - - -There are two methods available to recover computers using Microsoft Diagnostics and Recovery Toolset (DaRT) 7. You can either run the DaRT 7 recovery image locally or use The Remote Connection feature available in DaRT 7 to recover a remote computer. Both methods are described in more detail in this section. - -## Recover Local Computers by Using the DaRT Recovery Image - - -To recover a local computer by using DaRT 7, you must be physically present at the end-user computer that is experiencing problems that require DaRT. - -You have several different methods to choose from to boot into DaRT, depending on how you deploy the DaRT recovery image. - -- Insert a DaRT recovery image CD, DVD, or USB flash drive into the problem computer and use it to boot into the computer. - -- Boot into DaRT from a recovery partition on the problem computer. - -- Boot into DaRT from a remote partition on the network. - -For information about the advantages and disadvantages of each method, see [Planning How to Save and Deploy the DaRT 7.0 Recovery Image](planning-how-to-save-and-deploy-the-dart-70-recovery-image.md). - -Whichever method that you use to boot into DaRT, you must enable the boot device in the BIOS for the boot option or options that you want to make available to the end user. - -**Note**   -Configuring the BIOS is unique, depending on the kind of hard disk drive, network adapters, and other hardware that is used in your organization. - - - -[How to Recover Local Computers Using the DaRT Recovery Image](how-to-recover-local-computers-using-the-dart-recovery-image-dart-7.md) - -## Recover Remote Computers by Using the DaRT Recovery Image - - -The Remote Connection feature in DaRT lets an IT administrator run the DaRT tools remotely on an end-user computer. After certain information is provided by the end user (or by a helpdesk professional working on the end-user computer), the IT administrator or helpdesk agent can take control of the end user's computer and run the necessary DaRT tools remotely. - -**Important**   -The two computers establishing a remote connection must be part of the same network. - - - -The **Diagnostics and Recovery Toolset** window includes the option to run DaRT on an end-user computer remotely from an administrator computer. The end user opens the DaRT tools on the problem computer and starts the remote session by clicking **Remote Connection**. - -The Remote Connection feature on the end-user computer creates the following connection information: a ticket number, a port, and a list of all available IP addresses. The ticket number and port are generated randomly. - -The IT administrator or helpdesk agent enters this information into the **DaRT Remote Connection Viewer** to establish the terminal services connection to the end-user computer. The terminal services connection that is established lets an IT administrator remotely interact with the DaRT tools on the end-user computer. The end-user computer then processes the connection information, shares its screen, and responds to instructions from the IT administrator computer. - -[How to Recover Remote Computers Using the DaRT Recovery Image](how-to-recover-remote-computers-using-the-dart-recovery-image-dart-7.md) - -## Other resources for recovering computers using DaRT 7 - - -[Operations for DaRT 7.0](operations-for-dart-70-new-ia.md) - - - - - - - - - diff --git a/mdop/dart-v7/release-notes-for-dart-70-new-ia.md b/mdop/dart-v7/release-notes-for-dart-70-new-ia.md deleted file mode 100644 index 19faaa9de5..0000000000 --- a/mdop/dart-v7/release-notes-for-dart-70-new-ia.md +++ /dev/null @@ -1,118 +0,0 @@ ---- -title: Release Notes for DaRT 7.0 -description: Release Notes for DaRT 7.0 -author: dansimp -ms.assetid: fad227d0-5c22-4efd-9187-0e5922f7250b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Release Notes for DaRT 7.0 - - -**To search these release notes, press CTRL+F.** - -Read these release notes thoroughly before you install Microsoft Diagnostics and Recovery Toolset (DaRT) 7. - -## About Microsoft Diagnostics and Recovery Toolset 7.0 - - -These release notes contain information that is required to successfully install DaRT 7 and contain information that is not available in the product documentation. If there is a difference between these release notes and other DaRT platform documentation, the latest change should be considered authoritative. These release notes supersede the content included with this product. - -## About the Product Documentation - - -Documentation for Microsoft Diagnostics and Recovery Toolset (DaRT) 7 is distributed with the product and on the Connect site. - -For detailed help about how to use the tools in DaRT 7, see the Help file available on the **Diagnostics and Recovery Toolset** menu. - -## Providing feedback - - -We are interested in your feedback on DaRT 7. You can send your feedback to dart7feedback@microsoft.com. This email address is not a support channel, but your feedback will help us to plan future changes for these tools to make them more useful to you in the future. - -## Protect Against Security Vulnerabilities and Viruses - - -To help protect against security vulnerabilities and viruses, we recommend that you install the latest available security updates for any new software being installed. For more information, see [Microsoft Security](https://go.microsoft.com/fwlink/?LinkId=3482) (https://go.microsoft.com/fwlink/?LinkId=3482). - -## Known Issues with DaRT 7.0 - - -### SFC Scan cannot start if Standalone System Sweeper is open - -If the Standalone System Sweeper is running, SFC Scan cannot start or run because of a resource conflict between the two tools. - -**Workaround:** Close the Standalone System Sweeper before you try to open or run the SFC Scan tool. - -### Unicode characters may not be displayed in file names - -If you delete a file that has Unicode characters in its file name and try to restore the file by using the File Restore tool, the file is not found. This only occurs when you use characters from a language other than the language of the Windows DVD that was used to create the recovery image. - -**Workaround:** Make sure that the language that is used by DaRT matches the language that is used by the operating system from which it is trying to restore files. - -### DaRT command-line installation may fail silently - -DaRT command-line installation fails silently if run with the quiet mode option unless it is run by using elevated administrator permissions. - -**Workaround:** Run the command-line installation by using elevated administrator permissions. DaRT installation supports the typical Windows Installer options for command-line installation. Please see [Command-Line Options](https://go.microsoft.com/fwlink/?LinkId=160689) for Windows Installer for more information about the several available switches. - -### File Search cannot move a folder to a different volume - -Moving folders between volumes is not supported by the File Search application. If you try to move a folder to a different volume in File Search, the following error is returned: "An error occurred while writing the file *<filename>*. Make sure that the drive has sufficient space and the destination path is accessible." - -**Workaround:** Use the Explorer to move a folder to a different volume. - -### Some data may not be available on computers where the drive letters are remapped - -This problem can occur on BitLocker-enabled computers and multiboot computers. This occurs because some information in the offline registry has hard-coded drive letters, and DaRT uses different letters for the same volumes. The typical effects include not having access to certain local user accounts in Registry Editor. Additionally, some tools may be unable to obtain properties that rely on resolving file paths. - -**Workaround:** Use the option to remap the drive letters as DaRT starts. This usually aligns the typical drive letters to what is expected. - -### Hotfix Uninstall might not uninstall certain updates - -Some updates and service packs cannot be uninstalled because they are marked as un-installable or because they need to be uninstalled from within Windows 7. In these instances, the Hotfix Uninstall tool may indicate that these updates have been uninstalled even though they have not been. - -**Workaround:** Uninstall these problematic updates from Windows 7. - -### Disk Wipe: Disks with spanned volumes, striped volumes, or mirrored volumes cannot be deleted - -Disk Wipe does not support deleting disks that are spanned, mirrored, or striped across one or more volumes. - -**Workaround:** Select and delete each disk in the volume separately. - -## Release Notes Copyright Information - - -This document is provided “as-is”. Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it. - -Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should be inferred. - -This document does not provide you with any legal rights to any intellectual property in any Microsoft product. This document is confidential and proprietary to Microsoft. It is disclosed and can be used only pursuant to a nondisclosure agreement. - - - -Microsoft, Active Directory, ActiveSync, MS-DOS, Windows, Windows Server, and Windows Vista are trademarks of the Microsoft group of companies. - -All other trademarks are property of their respective owners. - -## Related topics - - -[About DaRT 7.0](about-dart-70-new-ia.md) - - - - - - - - - diff --git a/mdop/dart-v7/security-considerations-for-dart-70-dart-7.md b/mdop/dart-v7/security-considerations-for-dart-70-dart-7.md deleted file mode 100644 index bba2b7aa94..0000000000 --- a/mdop/dart-v7/security-considerations-for-dart-70-dart-7.md +++ /dev/null @@ -1,71 +0,0 @@ ---- -title: Security Considerations for DaRT 7.0 -description: Security Considerations for DaRT 7.0 -author: dansimp -ms.assetid: 52ad7e6c-c169-4ba4-aa76-56335a585eb8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Security Considerations for DaRT 7.0 - - -Microsoft Diagnostics and Recovery Toolset (DaRT) 7 includes functionality that lets an administrator run the DaRT tools remotely to resolve problems on an end-user computer. In earlier releases of DaRT, a help desk technician or administrator had to physically be at an end-user computer and boot into DaRT by using the CD or DVD that included the DaRT recovery image. Now, the help desk technician or administrator can perform the same procedures remotely. - -Also in DaRT 7, in addition to burning a CD or DVD, you are now able to save the International Organization for Standardization (ISO) image to a USB flash drive. You can also put the ISO image on a network or include its contents as a recovery partition on a computer hard disk. - -The **Remote Connection** feature in DaRT 7 lets end users access DaRT by using one of these new deployment methods. Therefore, they can more easily start DaRT and access the DaRT tools. - -The new functionalities in DaRT 7 provide much more flexibility in how you use DaRT in your enterprise. However, they also create their own set of security issues that must be addressed. We recommend that you consider the following security tips when you configure DaRT. - -## To help maintain security when you create the DaRT recovery image - - -When you are creating the DaRT recovery image, you can select the tools that you want to include. For security reasons, you might want to restrict end-user access to the more powerful DaRT tools, such as Disk Wipe and Locksmith. In DaRT 7, you can disable certain tools during configuration and still make them available to helpdesk agents when the end user starts the Remote Connection feature. - -You can even configure the DaRT image so that the option to start a remote connection session is the only tool available to an end user. - -**Important**   -After the remote connection is established, all the tools that you included in the recovery image, including those unavailable to the end user, will become available to the helpdesk agent working on the end–user computer. - - - -For more information about including tools in the DaRT recovery image, see [How to Use the DaRT Recovery Image Wizard to Create the Recovery Image](how-to-use-the-dart-recovery-image-wizard-to-create-the-recovery-image-dart-7.md). - -## To help maintain security by encrypting the DaRT recovery image - - -If you use one of the deployment options new in DaRT 7, for example, saving to a USB flash drive or creating a remote partition or a recovery partition, you can include your company’s preferred method of drive encryption on the ISO. This will help make sure that an end user cannot use the functionality of DaRT should they gain access to the recovery image. And it will also make sure that unauthorized users cannot boot into DaRT on computers that belong to someone else. - -Your encryption method should be deployed and enabled in all computers. - -**Note**   -DaRT 7 supports BitLocker natively. - - - -## To help maintain security between two computers during Remote Connection - - -By default, the communication between two computers that have established a **Remote Connection** session may not be encrypted. Therefore, to help maintain security between the two computers, we recommend that both computers are a part of the same network. - -## Related topics - - -[Operations for DaRT 7.0](operations-for-dart-70-new-ia.md) - - - - - - - - - diff --git a/mdop/dart-v7/technical-reference-for-dart-70-new-ia.md b/mdop/dart-v7/technical-reference-for-dart-70-new-ia.md deleted file mode 100644 index 71ac50f9ae..0000000000 --- a/mdop/dart-v7/technical-reference-for-dart-70-new-ia.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: Technical Reference for DaRT 7.0 -description: Technical Reference for DaRT 7.0 -author: dansimp -ms.assetid: f55c7e5e-713a-42d1-84c9-88370155f934 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Technical Reference for DaRT 7.0 - - -This section includes technical reference information about Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 that provide additional information an administrator. - -## Other resources for DaRT operations - - -- [Diagnostics and Recovery Toolset 7 Administrator's Guide](index.md) - -- [Getting Started with DaRT 7.0](getting-started-with-dart-70-new-ia.md) - -- [Planning for DaRT 7.0](planning-for-dart-70-new-ia.md) - -- [Deploying DaRT 7.0](deploying-dart-70-new-ia.md) - -- [Operations for DaRT 7.0](operations-for-dart-70-new-ia.md) - -- [Troubleshooting DaRT 7.0](troubleshooting-dart-70-new-ia.md) - -  - -  - - - - - diff --git a/mdop/dart-v7/troubleshooting-dart-70-new-ia.md b/mdop/dart-v7/troubleshooting-dart-70-new-ia.md deleted file mode 100644 index 6c38d06409..0000000000 --- a/mdop/dart-v7/troubleshooting-dart-70-new-ia.md +++ /dev/null @@ -1,92 +0,0 @@ ---- -title: Troubleshooting DaRT 7.0 -description: Troubleshooting DaRT 7.0 -author: dansimp -ms.assetid: 24c50efa-e9ac-45c4-aca2-b1dcfe834fdd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Troubleshooting DaRT 7.0 - - -Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905). - -## How to Find Troubleshooting Content - - -You can use the following information to find troubleshooting or additional technical content for this product. - -### Search the MDOP Documentation - -The first step to find help content in the Administrator’s Guide is to search the MDOP documentation on TechNet. - -After you search the MDOP documentation, your next step would be to search the troubleshooting information for the product in the TechNet Wiki. - -**To search the MDOP product documentation** - -1. Use a web browser to navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page. - -2. Enter applicable search terms in the **Search TechNet with Bing** search box at the top of the MDOP Information Experience home page. - -3. Review the search results for assistance. - -**To search the TechNet Wiki** - -1. Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page. - -2. Enter applicable search terms in the **Search TechNet Wiki** search box on the TechNet Wiki home page. - -3. Review the search results for assistance. - -## How to Create a Troubleshooting Article - - -If you have a troubleshooting tip or a best practice to share that is not already included in the MDOP OnlineHelp or TechNet Wiki, you can create your own TechNet Wiki articles. - -**To create a TechNet Wiki troubleshooting or best practices article** - -1. Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page. - -2. Log in with your Windows Live ID. - -3. Review the **Getting Started** section to learn the basics of the TechNet Wiki and its articles. - -4. Select **Post an article >>** at the bottom of the **Getting Started** section. - -5. On the Wiki article **Add Page** page, select **Insert Template** from the toolbar, select the troubleshooting article template (**Troubleshooting.html**), and then click **Insert**. - -6. Be sure to give the article a descriptive title and then overwrite the template information as needed to create your troubleshooting or best practice article. - -7. After you review your article, be sure to include a tag that is named **Troubleshooting** and another for the product name. This helps others to find your content. - -8. Click **Save** to publish the article to the TechNet Wiki. - -## Other resources for troubleshooting DaRT 7 - - -- [Diagnostics and Recovery Toolset 7 Administrator's Guide](index.md) - -- [Getting Started with DaRT 7.0](getting-started-with-dart-70-new-ia.md) - -- [Planning for DaRT 7.0](planning-for-dart-70-new-ia.md) - -- [Deploying DaRT 7.0](deploying-dart-70-new-ia.md) - -- [Operations for DaRT 7.0](operations-for-dart-70-new-ia.md) - -  - -  - - - - - diff --git a/mdop/dart-v8/TOC.md b/mdop/dart-v8/TOC.md deleted file mode 100644 index 1071a26cdd..0000000000 --- a/mdop/dart-v8/TOC.md +++ /dev/null @@ -1,43 +0,0 @@ -# [Diagnostics and Recovery Toolset 8](index.md) -## [Getting Started with DaRT 8.0](getting-started-with-dart-80-dart-8.md) -### [About DaRT 8.0](about-dart-80-dart-8.md) -#### [Release Notes for DaRT 8.0](release-notes-for-dart-80--dart-8.md) -### [About DaRT 8.0 SP1](about-dart-80-sp1.md) -#### [Release Notes for DaRT 8.0 SP1](release-notes-for-dart-80-sp1.md) -### [About DaRT 8.1](about-dart-81.md) -#### [Release Notes for DaRT 8.1](release-notes-for-dart-81.md) -### [Overview of the Tools in DaRT 8.0](overview-of-the-tools-in-dart-80-dart-8.md) -### [Accessibility for DaRT 8.0](accessibility-for-dart-80-dart-8.md) -## [Planning for DaRT 8.0](planning-for-dart-80-dart-8.md) -### [Planning to Deploy DaRT 8.0](planning-to-deploy-dart-80-dart-8.md) -#### [DaRT 8.0 Supported Configurations](dart-80-supported-configurations-dart-8.md) -#### [Planning to Create the DaRT 8.0 Recovery Image](planning-to-create-the-dart-80-recovery-image-dart-8.md) -#### [Planning How to Save and Deploy the DaRT 8.0 Recovery Image](planning-how-to-save-and-deploy-the-dart-80-recovery-image-dart-8.md) -### [DaRT 8.0 Planning Checklist](dart-80-planning-checklist-dart-8.md) -## [Deploying DaRT 8.0](deploying-dart-80-dart-8.md) -### [Deploying DaRT 8.0 to Administrator Computers](deploying-dart-80-to-administrator-computers-dart-8.md) -#### [How to Deploy DaRT 8.0](how-to-deploy-dart-80-dart-8.md) -#### [How to Change, Repair, or Remove DaRT 8.0](how-to-change-repair-or-remove-dart-80-dart-8.md) -### [Creating the DaRT 8.0 Recovery Image](creating-the-dart-80-recovery-image-dart-8.md) -### [Deploying the DaRT Recovery Image](deploying-the-dart-recovery-image-dart-8.md) -#### [How to Deploy the DaRT Recovery Image as Part of a Recovery Partition](how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-8.md) -#### [How to Deploy the DaRT Recovery Image as a Remote Partition](how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-8.md) -### [DaRT 8.0 Deployment Checklist](dart-80-deployment-checklist-dart-8.md) -## [Operations for DaRT 8.0](operations-for-dart-80-dart-8.md) -### [Recovering Computers Using DaRT 8.0](recovering-computers-using-dart-80-dart-8.md) -#### [How to Recover Local Computers by Using the DaRT Recovery Image](how-to-recover-local-computers-by-using-the-dart-recovery-image-dart-8.md) -#### [How to Recover Remote Computers by Using the DaRT Recovery Image](how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-8.md) -### [Diagnosing System Failures with Crash Analyzer](diagnosing-system-failures-with-crash-analyzer--dart-8.md) -#### [How to Run the Crash Analyzer on an End-user Computer](how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-8.md) -#### [How to Run the Crash Analyzer in Stand-alone Mode on a Computer Other than an End-user Computer](how-to-run-the-crash-analyzer-in-stand-alone-mode-on-a-computer-other-than-an-end-user-computer-dart-8.md) -#### [How to Ensure that Crash Analyzer Can Access Symbol Files](how-to-ensure-that-crash-analyzer-can-access-symbol-files.md) -### [Security and Privacy for DaRT 8.0](security-and-privacy-for-dart-80-dart-8.md) -#### [Security Considerations for DaRT 8.0](security-considerations-for-dart-80--dart-8.md) -#### [DaRT 8.0 Privacy Statement](dart-80-privacy-statement-dart-8.md) -### [Administering DaRT 8.0 Using PowerShell](administering-dart-80-using-powershell-dart-8.md) -#### [How to Perform DaRT Tasks by Using PowerShell Commands](how-to-perform-dart-tasks-by-using-powershell-commands-dart-8.md) -#### [How to Use a PowerShell Script to Create the Recovery Image](how-to-use-a-powershell-script-to-create-the-recovery-image-dart-8.md) -## [Troubleshooting DaRT 8.0](troubleshooting-dart-80-dart-8.md) -## [Technical Reference for DaRT 8.0](technical-reference-for-dart-80-new-ia.md) -### [Use Microsoft Defender Offline (WDO) for malware protection, not DaRT ](use-windows-defender-offline-wdo-for-malware-protection-not-dart.md) - diff --git a/mdop/dart-v8/about-dart-80-dart-8.md b/mdop/dart-v8/about-dart-80-dart-8.md deleted file mode 100644 index 9820c5e742..0000000000 --- a/mdop/dart-v8/about-dart-80-dart-8.md +++ /dev/null @@ -1,83 +0,0 @@ ---- -title: About DaRT 8.0 -description: About DaRT 8.0 -author: dansimp -ms.assetid: ce91efd6-7d78-44cb-bb8f-1f43f768ebaa -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# About DaRT 8.0 - - -Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 helps you troubleshoot and repair Windows-based computers. This includes those computers that cannot be started. DaRT 8.0 is a powerful set of tools that extend the Windows Recovery Environment (WinRE). By using DaRT, you can analyze an issue to determine its cause, for example, by inspecting the computer’s event log or system registry. DaRT supports the recovery of basic hard disks that contain partitions, for example, primary partitions and logical drives, and supports the recovery of volumes. - -**Note**   -DaRT does not support the recovery of dynamic disks. - - - -DaRT also provides tools to help you fix a problem as soon as you determine the cause. For example, you can use the tools in DaRT to disable a faulty device driver, remove hotfixes, restore deleted files, and scan the computer for malware even when you cannot or should not start the installed Windows operating system. - -DaRT can help you quickly recover computers that are running either 32-bit or 64-bit versions of Windows 8, typically in less time than it would take to reimage the computer. - -Functionality in DaRT lets you create a recovery image. The recovery image starts Windows Recovery Environment (Windows RE), from which you can start the **Diagnostics and Recovery Toolset** window and access the DaRT tools. - -Use the **DaRT Recovery Image Wizard** to create the DaRT recovery image. By default, the wizard creates an International Organization for Standardization (ISO) image file and a Windows Imaging Format (WIM) file and let you burn the image to a CD, DVD, or USB. You can deploy the image locally at end user’s computers, or you can deploy it from a remote network partition or a recovery partition on the local hard drive. - -## What’s new in DaRT 8.0 - - -DaRT 8.0 can help you quickly recover computers that are running either 32-bit or 64-bit versions of Windows 8, typically in less time than it would take to reimage the computer. DaRT 8.0 has the following new features. - -### Create DaRT images by using Windows 8 or Windows Server 2012 - -DaRT 8.0 enables you to create DaRT images using either Windows® 8 or Windows Server® 2012. For versions of Windows earlier than Windows 8 and Windows Server 2012, customers should continue to use earlier versions of DaRT. - -### Generate both 32- and 64-bit images from one computer - -DaRT 8.0 enables you to generate both 32-bit and 64-bit images from a single computer that is running DaRT, regardless of whether the computer is a 32-bit or 64-bit computer. In DaRT 7, the image that was created had to be the same, bit-wise, as the computer that was running DaRT. - -### Create one image that supports computers that have either a BIOS or UEFI interface - -DaRT 8.0’s support for both the Unified Extensible Firmware Interface (UEFI) and BIOS interfaces enables you to create just one image that works with computers that have either interface. - -### Use a GUID partition table (GPT) for partitioning - -DaRT 8.0 tools now support Windows 8 GPT disks, which provide a more flexible mechanism for partitioning disks than the older master boot record (MBR) partitioning scheme. DaRT 8.0 tools continue to support MBR partitioning. - -### Install Windows 8 and Windows Server 2012 on the local hard disk - -DaRT 8.0 tools can be used only when Windows 8 and Windows Server 2012 are installed on the local hard disk. Currently, there is no support for Windows To Go. - -### DaRT 8.0 release notes - -For more information, and for late-breaking news that did not make it into the documentation, see the [Release Notes for DaRT 8.0](release-notes-for-dart-80--dart-8.md). - -## How to Get DaRT 8.0 - - -This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049). - -## Related topics - - -[Getting Started with DaRT 8.0](getting-started-with-dart-80-dart-8.md) - -[Release Notes for DaRT 8.0](release-notes-for-dart-80--dart-8.md) - - - - - - - - - diff --git a/mdop/dart-v8/about-dart-80-sp1.md b/mdop/dart-v8/about-dart-80-sp1.md deleted file mode 100644 index e44c7a09be..0000000000 --- a/mdop/dart-v8/about-dart-80-sp1.md +++ /dev/null @@ -1,71 +0,0 @@ ---- -title: About DaRT 8.0 SP1 -description: About DaRT 8.0 SP1 -author: dansimp -ms.assetid: 2e166444-4097-4b23-9f50-d8819f1f4960 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# About DaRT 8.0 SP1 - - -Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 Service Pack 1 (SP1) provides the following enhancements, which are described in this topic. - -**Translation of Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 into Ten Languages plus English** - -DaRT 8.0 is now available in the following languages, in addition to English: - -- French (FR) - -- Italian (IT) - -- German (DE) - -- Spanish (ES) - -- Korean (KO) - -- Japanese (JA) - -- Brazilian Portuguese (PT-BR) - -- Russian (RU) - -- Chinese Traditional (ZH-TW) - -- Chinese Simplified (ZH-CN) - -**Updates to the DaRT Defender tool** - -Defender has been updated to include improved protection capabilities. The changes do not impact how you use Defender. - -**Customer feedback rollup** - -DaRT 8.0 SP1 includes a rollup of fixes to address issues found since the DaRT 8.0 release. - -## How to Get DaRT 8.0 SP1 - - -DaRT 8.0 SP1 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049). - -## Related topics - - -[Release Notes for DaRT 8.0 SP1](release-notes-for-dart-80-sp1.md) - -  - -  - - - - - diff --git a/mdop/dart-v8/about-dart-81.md b/mdop/dart-v8/about-dart-81.md deleted file mode 100644 index b6da659173..0000000000 --- a/mdop/dart-v8/about-dart-81.md +++ /dev/null @@ -1,122 +0,0 @@ ---- -title: About DaRT 8.1 -description: About DaRT 8.1 -author: dansimp -ms.assetid: dcaddc57-0111-4a9d-8be9-f5ada0eefa7d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# About DaRT 8.1 - - -Microsoft Diagnostics and Recovery Toolset (DaRT) 8.1 provides the following enhancements, which are described in this topic. - -## What’s new - - -- **Support for WIMBoot** - - Diagnostics and Recovery Toolset 8.1 supports the Windows image file boot (WIMBoot) environment if these conditions are met: - - - WIMBoot is based on Windows 8.1 Update 1 or later. - - - The DaRT 8.1 image is built on Windows 8.1 Update 1 or later. - - For more information about WIMBoot, see [Windows Image File Boot (WIMBoot) Overview](https://go.microsoft.com/fwlink/?LinkId=517536). - -- **Support for Windows Server 2012 R2 and Windows 8.1** - - You can create DaRT images by using Windows Server 2012 R2 or Windows 8.1. - - **Note** - For earlier versions of the Windows Server and Windows operating systems, continue to use the earlier versions of DaRT. - - - -- **Customer feedback** - - DaRT 8.1 includes updates that address issues found since the DaRT 8.0 SP1 release. - -- **Windows Defender** - - Windows Defender in Windows 8.1 includes improved protection. The changes do not impact how you use DaRT with Windows Defender. - -## Requirements - - -- **Windows Assessment and Development Kit 8.1** - - Windows Assessment and Development Kit (ADK) 8.1 is a required prerequisite for the DaRT Recovery Image Wizard. Windows ADK 8.1 contains deployment tools that are used to customize, deploy, and service Windows images. It also contains the Windows Preinstallation Environment (Windows PE). - - **Note** - Windows ADK 8.1 is not required if you are installing only Remote Connection Viewer or Crash Analyzer. - - - -~~~ -To download Windows ADK 8.1, see [Windows Assessment and Deployment Kit (Windows ADK) for Windows 8.1](https://www.microsoft.com/download/details.aspx?id=39982) in the Microsoft Download Center. -~~~ - -- **Microsoft .NET Framework 4.5.1** - - DaRT 8.1 requires that .NET Framework 4.5.1 is installed. To download, see [Microsoft.NET Framework 4.5.1](https://go.microsoft.com/fwlink/?LinkId=329038) in the Microsoft Download Center. - -- **Windows 8.1 Debugging Tools** - - To use the Crash Analyzer tool in DaRT 8.1, you need the required debugging tools, which are available in the Software Development Kit for Windows 8.1. - - To download, see [Windows Software Development Kit (SDK) for Windows 8.1](https://msdn.microsoft.com/library/windows/desktop/bg162891.aspx) in the Microsoft Download Center. - -## Language availability - - -DaRT 8.1 is available in the following languages: - -- English (United States) en-US - -- French (France) fr-FR - -- Italian (Italy) it-IT - -- German (Germany) de-DE - -- Spanish, International Sort (Spain) es-ES - -- Korean (Korea) ko-KR - -- Japanese (Japan) ja-JP - -- Portuguese (Brazil) pt-BR - -- Russian (Russia) ru-RU - -- Chinese Traditional zh-TW - -- Chinese Simplified zh-CN - -## How to Get MDOP Technologies - - -DaRT 8.1 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049). - -## Related topics - - -[Release Notes for DaRT 8.1](release-notes-for-dart-81.md) - - - - - - - - - diff --git a/mdop/dart-v8/accessibility-for-dart-80-dart-8.md b/mdop/dart-v8/accessibility-for-dart-80-dart-8.md deleted file mode 100644 index 6980d28973..0000000000 --- a/mdop/dart-v8/accessibility-for-dart-80-dart-8.md +++ /dev/null @@ -1,106 +0,0 @@ ---- -title: Accessibility for DaRT 8.0 -description: Accessibility for DaRT 8.0 -author: dansimp -ms.assetid: 95f426de-222c-4ec0-9b9b-af817c7fff9b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Accessibility for DaRT 8.0 - - -Microsoft is committed to making its products and services easier for everyone to use. This section provides information about features and services that make this product and its corresponding documentation more accessible for people with disabilities. - -## Access any command with a few keystrokes - - -Access keys let you quickly use a command by pressing a few keys. You can get to most commands by using two keystrokes. To use an access key: - -1. Press ALT. - - The keyboard shortcuts are displayed over each feature that is available in the current view. - -2. Press the letter shown in the keyboard shortcut over the feature that you want to use. - -**Note**   -To cancel the action that you are taking and hide the keyboard shortcuts, press ALT. - - - -## Documentation in alternative formats - - -If you have difficulty reading or handling printed materials, you can obtain the documentation for many Microsoft products in more accessible formats. You can view an index of accessible product documentation on the Microsoft Accessibility website. In addition, you can obtain additional Microsoft publications from Learning Ally (formerly Recording for the Blind & Dyslexic, Inc.). Learning Ally distributes these documents to registered, eligible members of their distribution service. - -For information about the availability of Microsoft product documentation and books from Microsoft Press, contact: - - ---- - - - - - - - - - - - - - - - - - - - - - - -

Learning Ally (formerly Recording for the Blind & Dyslexic, Inc.)

-

20 Roszel Road

-

Princeton, NJ 08540

Telephone number from within the United States:

(800) 221-4792

Telephone number from outside the United States and Canada:

(609) 452-0606

Fax:

(609) 987-8116

http://www.learningally.org/

Web addresses can change, so you might be unable to connect to the website or sites mentioned here.

- - - -## Customer service for people with hearing impairments - - -If you are deaf or hard-of-hearing, complete access to Microsoft product and customer services is available through a text telephone (TTY/TDD) service: - -- For customer service, contact Microsoft Sales Information Center at (800) 892-5234 between 6:30 AM and 5:30 PM Pacific Time, Monday through Friday, excluding holidays. - -- For technical assistance in the United States, contact Microsoft Product Support Services at (800) 892-5234 between 6:00 AM and 6:00 PM Pacific Time, Monday through Friday, excluding holidays. In Canada, dial (905) 568-9641 between 8:00 AM and 8:00 PM Eastern Time, Monday through Friday, excluding holidays. - -Microsoft Support Services are subject to the prices, terms, and conditions in place at the time the service is used. - -## For more information - - -For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431). - -## Related topics - - -[Getting Started with DaRT 8.0](getting-started-with-dart-80-dart-8.md) - - - - - - - - - diff --git a/mdop/dart-v8/administering-dart-80-using-powershell-dart-8.md b/mdop/dart-v8/administering-dart-80-using-powershell-dart-8.md deleted file mode 100644 index 49ed66516c..0000000000 --- a/mdop/dart-v8/administering-dart-80-using-powershell-dart-8.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: Administering DaRT 8.0 Using PowerShell -description: Administering DaRT 8.0 Using PowerShell -author: dansimp -ms.assetid: 776430e0-d5c9-4919-877a-fab503451b37 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Administering DaRT 8.0 Using PowerShell - - -Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 lets you use PowerShell commands to complete various DaRT 8.0 administrative tasks or to create the DaRT recovery image. - -## Perform DaRT tasks by using PowerShell commands - - -DaRT 8.0 provides four PowerShell commands that let you do the following: - -- Burn an ISO to a CD, DVD, or USB drive. - -- Allow the source WIM file, which contains a DaRT image, to be converted into an ISO file. - -- Create a DaRT configuration object that is needed to apply a DaRT toolset to a Windows Image. - -- Apply a DartConfiguration object to a mounted Windows Image. - -[How to Perform DaRT Tasks by Using PowerShell Commands](how-to-perform-dart-tasks-by-using-powershell-commands-dart-8.md) - -## Use a PowerShell script to create the recovery image - - -Rather than use the DaRT Recovery Image wizard to create the recovery image, you can use a PowerShell script and specify the parameters you want. - -[How to Use a PowerShell Script to Create the Recovery Image](how-to-use-a-powershell-script-to-create-the-recovery-image-dart-8.md) - -## Other resources for administering DaRT 8.0 using PowerShell - - -[Operations for DaRT 8.0](operations-for-dart-80-dart-8.md) - -  - -  - - - - - diff --git a/mdop/dart-v8/creating-the-dart-80-recovery-image-dart-8.md b/mdop/dart-v8/creating-the-dart-80-recovery-image-dart-8.md deleted file mode 100644 index 9284d0c20e..0000000000 --- a/mdop/dart-v8/creating-the-dart-80-recovery-image-dart-8.md +++ /dev/null @@ -1,290 +0,0 @@ ---- -title: Creating the DaRT 8.0 Recovery Image -description: Creating the DaRT 8.0 Recovery Image -author: dansimp -ms.assetid: 39001b8e-86c0-45ef-8f34-2d6199f9922d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/21/2017 ---- - - -# Creating the DaRT 8.0 Recovery Image - - -After installing Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0, you create a DaRT 8.0 recovery image. The recovery image starts Windows RE, from which you can then start the DaRT tools. You can generate International Organization for Standardization (ISO) files and Windows Imaging Format (WIM) images. In addition, you can use PowerShell to generate scripts that use the settings you select in the DaRT Recovery Image wizard. You can use the script later to rebuild recovery images by using the same settings. The recovery image provides a variety of recovery tools. For a description of the tools, see [Overview of the Tools in DaRT 8.0](overview-of-the-tools-in-dart-80-dart-8.md). - -After you boot the computer into DaRT, you can run the different DaRT tools to try to diagnose and repair the computer. This section walks you through the process of creating the DaRT recovery image and lets you select the tools and features that you want to include as part of the image. - -You can create the DaRT recovery image by using either of two methods: - -- Use the DaRT Recovery Image wizard, which runs in a Windows environment. - -- Modify an example PowerShell script with the values you want. For more information, see [How to Use a PowerShell Script to Create the Recovery Image](how-to-use-a-powershell-script-to-create-the-recovery-image-dart-8.md). - -You can write the ISO to a recordable CD or DVD, save it to a USB flash drive, or save it in a format that you can use to boot into DaRT from a remote partition or from a recovery partition. - -Once you have created the ISO image, you can burn it onto a blank CD or DVD (if your computer has a CD or DVD drive). If your computer does not have a drive for this purpose, you can use most generic programs that are used to burn CDs or DVDs. - -## Select the image architecture and specify the path - - -On the Windows 8 Media page, you select whether to create a 32-bit or 64-bit DaRT recovery image. Use the 32-bit Windows to build 32-bit DaRT recovery images, and 64-bit Windows to build 64-bit DaRT recovery images. You can use a single computer to create recovery images for both architecture types, but you cannot create one image that works on both 32-bit and 64-bit architectures. You also indicate the path of the Windows 8 installation media. Choose the architecture that matches the one of the recovery image that you are creating. - -**To select the image architecture and specify the path** - -1. On the **Windows 8 Media** page, select one of the following: - - - If you are creating a recovery image for 64-bit computers, select **Create x64 (64-bit) DaRT image**. - - - If you are creating a recovery image for 32-bit computers, select **Create x86 (32-bit) DaRT image**. - -2. In the **Specify the root path of the Windows 8 <64-bit or 32-bit> install media** box, type the path of the Windows 8 installation files. Use a path that matches the architecture of the recovery image that you are creating. - -3. Click **Next**. - -## Select the tools to include on the recovery image - - -On the Tools page, you can select numerous tools to include on the recovery image. These tools will be available to end users when they boot into the DaRT image. However, if you enable remote connectivity when creating the DaRT image, all of the tools will be available when a help desk worker connects to the end user’s computer, regardless of which tools you chose to include on the image. - -To restrict end-user access to these tools, but still retain full access to the tools through the Remote Connection Viewer, do not select those tools on the Tools page. End users will be able to use only Remote Connection and will be able to see, but not access, any tools that you exclude from the recovery image. - -**To select the tools to include on the recovery image** - -1. On the **Tools** page, select the check box beside each tool that you want to include on the image. - -2. Click **Next**. - -## Choose whether to allow remote connectivity by a help desk - - -On the Remote Connection page, you can choose to enable a help desk worker to remotely connect to and run the DaRT tools on an end user’s computer. The remote connectivity option is then shown as an available option in the Diagnostics and Recovery Toolset window. After help desk workers establish a remote connection, they can run the DaRT tools on the end-user computer from a remote location. - -**To choose whether to allow remote connectivity by help desk workers** - -1. On the **Remote Connection** page, select the **Allow remote connections** check box to allow remote connections, or clear the check box to prevent remote connections. - -2. If you cleared the **Allow remote connections** check box, click **Next**. Otherwise, go to the next step to continue configuring remote connectivity. - -3. Select one of the following: - - - Let Windows choose an open port number. - - - Specify the port number. If you select this option, enter a port number between 1 and 65535 in the field beneath the option. This port number will be used when establishing a remote connection. We recommend that the port number be 1024 or higher to minimize the possibility of a conflict. - -4. (Optional) in the **Remote connection welcome** message box, create a customized message that end users receive when they establish a remote connection. The message can be a maximum of 2048 characters. - -5. Click **Next**. - - For more information about running the DaRT tools remotely, see [How to Recover Remote Computers by Using the DaRT Recovery Image](how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-8.md). - -## Add drivers to the recovery image - - -On the Drivers tab of the Advanced Options page, you can add additional device drivers that you may need when repairing a computer. These may typically include storage or network controllers that Windows 8 does not provide. Drivers are installed when the image is created. - -**Important**   -When you select drivers to include, be aware that wireless connectivity (such as Bluetooth or 802.11a/b/g/n) is not supported in DaRT. - - - -**To add drivers to the recovery image** - -1. On the **Advanced Options** page, click the **Drivers** tab. - -2. Click **Add**. - -3. Browse to the file to be added for the driver, and then click **Open**. - - **Note**   - The driver file is provided by the manufacturer of the storage or network controller. - - - -4. Repeat Steps 2 and 3 for every driver that you want to include. - -5. Click **Next**. - -## Add WinPE optional packages to the recovery image - - -On the WinPE tab of the Advanced Options page, you can add WinPE optional packages to the DaRT image. These packages are part of the Windows ADK, which is an installation prerequisite for the DaRT Recovery Image wizard. The tools that you can select are all optional. Any required packages are added automatically, based on the tools you selected on the Tools page. - -You can also specify the size of the scratch space. Scratch space is the amount of RAM disk space that is set aside for DaRT to run. The scratch space is useful in case the end user’s hard disk is not available. If you are running additional tools and drivers, you may want to increase the scratch space. - -**To add WinPE optional packages to the recovery image** - -1. On the **Advanced Options** page, click the **WinPE** tab. - -2. Select the check box beside each package that you want to include on the image, or click the **Name** check box to select all of the packages. - -3. In the **Scratch Space** field, select the amount of RAM disk space to allocate for running DaRT in case the end user’s hard disk is not available. - -4. Click **Next**. - -## Add the debugging tools for Crash Analyzer - - -If you include the Crash Analyzer tool in the ISO image, you must also include the Debugging Tools for Windows. On the Crash Analyzer tab of the Advanced Options page, you enter the path of the Windows 8 Debugging Tools, which Crash Analyzer uses to analyze memory dump files. You can use the tools that are on the computer where you are running the DaRT Recovery Image wizard, or you can use the tools that are on the end-user computer. If you decide to use the tools on the end-user computer, remember that every computer that you diagnose must have the Debugging Tools installed. - -If you installed the Microsoft Windows Software Development Kit (SDK) or the Microsoft Windows Development Kit (WDK), the Windows 8 Debugging Tools are added to the recovery image by default, and the path to the Debugging Tools is automatically filled in. You can change the path of the Windows 8 Debugging Tools if the files are located somewhere other than the location indicated by the default file path. A link in the wizard lets you download and install debugging tools for Windows if they are not already installed. - -To download the Windows Debugging Tools, see [Debugging Tools for Windows](https://go.microsoft.com/fwlink/?LinkId=266248). Install the Debugging Tools to the default location. - -**Note**   -The DaRT wizard checks for the tools in the `HKLM\Software\Microsoft\Windows Kits\Installed Roots\WindowsDebuggersRoot` registry key. If the registry value is not there, the wizard looks in one of the following locations, depending on your system architecture: - -`%ProgramFilesX86%\Windows Kits\8.0\Debuggers\x64` - -`%ProgramFilesX86%\Windows Kits\8.0\Debuggers\x86` - - - -**To add the debugging tools for Crash Analyzer** - -1. On the **Advanced Options** page, click the **Crash Analyzer** tab. - -2. (Optional) Click **Download the Debugging Tools** to download the Debugging Tools for Windows. - -3. Select one of the following options: - - - **Include the Windows 8 <64-bit or 32-bit> Debugging Tools**. If you select this option, browse to and select the location of the tools if the path is not already displaying. - - - **Use the Debugging Tools from the system that is being debugged**. If you select this option, the Crash Analyzer will not work if the Debugging Tools for Windows are not found on the problem computer. - -4. Click **Next**. - -## Add definitions for the Defender tool - - -On the Defender tab of the Advanced Options page, you add definitions, which are used by the Defender tool to determine whether software that is trying to install, run, or change settings on a computer is unwanted or malicious software. - -**To add definitions for the Defender tool** - -1. On the **Advanced Options** page, click the **Defender** tab. - -2. Select one of the following options: - - - **Download the latest definitions (Recommended)** – The definition update starts automatically, and the definitions are added to the DaRT recovery image. This option is recommended to help you avoid cases where the definitions might not be available. You must be connected to the Internet to download the definitions. - - - **Download the definitions later** – Definitions will not be included in the DaRT recovery image, and you will need to download the definitions from the computer that is running DaRT. - - If you decide not to include the latest definitions on the recovery image, or if the definitions included on the recovery image are no longer current by the time that you are ready to use Defender, obtain the latest definitions before you begin a scan by following the instructions that are provided in Defender. - - **Important**   - You cannot scan if there are no definitions. - - - -3. Click **Next**. - -## Select the types of recovery image files to create - - -On the Create Image page, you choose an output folder for the recovery image, enter an image name, and select the types of DaRT recovery image files to create. During the recovery image creation process, Windows source files are unpacked, DaRT files are copied to it, and the image is then “re-packed” into the file formats that you select on this page. - -The available image file types are: - -- **Windows Imaging File (WIM)** - used to deploy DaRT to a preboot execution environment (PXE) or local partition). - -- **ISO image file** – used to deploy to CD or DVD, or for use in virtual machines (VM)s). The wizard requires that the ISO image have an .iso file name extension because most programs that burn a CD or DVD require that extension. If you do not specify a different location, the ISO image is created on your desktop with the name DaRT8.ISO. - -- **PowerShell script** – creates a DaRT recovery image with commands that provide essentially the same options that you can select by using the DaRT Recovery Image wizard. The script also enables you to add or changes files in the DaRT recovery image. - -If you select the Edit Image check box on this page, you can customize the recovery image during the image creation process. For example, you can change the “winpeshl.ini” file to create a custom startup order or to add third-party tools. - -**To select the types of recovery image files to create** - -1. On the **Create Image** page, click **Browse** to choose the output folder for the image file. - - **Note**   - The size of the image will vary, depending on the tools that you select and the files that you add in the wizard. - - - -2. In the **Image name** box, enter a name for the DaRT recovery image, or accept the default name, which is DaRT8. - - The wizard creates a subfolder in the output path by this name. - -3. Select the types of image files that you want to create. - -4. Choose one of the following: - - - To change the files in the recovery image before you create the image files, select the **Edit Image** check box, and then click **Prepare**. - - - To create the recovery image without changing the files, click **Create**. - -5. - - Click **Next**. - -## Edit the recovery image files - - -You can edit the recovery image only if you selected the Edit Image check box on the Create Image page. After the recovery image has been prepared for editing, you can add and modify the recovery image files before creating the bootable media. For example, you can create a custom order for startup, add various third-party tools, and so on. - -**To edit the recovery image files** - -1. On the **Edit Image** page, click **Open** in Windows Explorer. - -2. Create a subfolder in the folder that is listed in the dialog box. - -3. Copy the files that you want to the new subfolder, or remove files that you don’t want. - -4. Click **Create** to start creating the recovery image. - -## Generate the recovery image files - - -On the Generate Files page, the DaRT recovery image is generated for the file types that you selected on the Create Image page. - -**To generate the recovery image files** - -- On the **Generate Files** page, click **Next** to generate the recovery image files. - -## Copy the recovery image to a CD, DVD, or USB - - -On the Create Bootable Media page, you can optionally copy the image file to a CD, DVD, or USB flash drive (UFD). You can also create additional bootable media from this page by restarting the wizard. - -**Note**   -The Preboot execution environment (PXE) and local image deployment are not supported natively by this tool since they require additional enterprise tools, such as System Center Configuration Manager server and Microsoft Development Toolkit. - - - -**To copy the recovery image to a CD, DVD, or USB** - -1. On the **Create Bootable Media** page, select the iso file that you want to copy. - -2. Insert a CD, DVD, or USB, and then select the drive. - - **Note**   - If a drive is not recognized and you install a new drive, you can click **Refresh** to force the wizard to update the list of available drives. - - - -3. Click the **Create Bootable Media** button. - -4. To create another recovery image, click Restart, or click **Close** if you have finished creating all of the media that you want. - -## Related topics - - -[Overview of the Tools in DaRT 8.0](overview-of-the-tools-in-dart-80-dart-8.md) - -[Deploying DaRT 8.0](deploying-dart-80-dart-8.md) - - - - - - - - - diff --git a/mdop/dart-v8/dart-80-deployment-checklist-dart-8.md b/mdop/dart-v8/dart-80-deployment-checklist-dart-8.md deleted file mode 100644 index b0585c84fc..0000000000 --- a/mdop/dart-v8/dart-80-deployment-checklist-dart-8.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: DaRT 8.0 Deployment Checklist -description: DaRT 8.0 Deployment Checklist -author: dansimp -ms.assetid: 74e071fb-697c-463f-adce-d09b8d86495f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# DaRT 8.0 Deployment Checklist - - -This checklist can be used to help you during Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 deployment. - -**Note**   -This checklist outlines the recommended steps and a high-level list of items to consider when planning for product deployment. It is recommended that you copy this checklist into a spreadsheet program and customize it for your use. - - - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
TaskReferences
Checklist box

Decide on the best DaRT 8.0 deployment option for your requirements and deploy it.

Deploying DaRT 8.0 to Administrator Computers

Checklist box

Use the DaRT Recovery Image wizard to create the DaRT recovery image ISO.

Creating the DaRT 8.0 Recovery Image

Checklist box

Decide on the best DaRT 8.0 recovery image deployment option for your requirements and deploy it.

Deploying the DaRT Recovery Image

- - - -## Related topics - - -[Deploying DaRT 8.0](deploying-dart-80-dart-8.md) - - - - - - - - - diff --git a/mdop/dart-v8/dart-80-planning-checklist-dart-8.md b/mdop/dart-v8/dart-80-planning-checklist-dart-8.md deleted file mode 100644 index ceb155c30e..0000000000 --- a/mdop/dart-v8/dart-80-planning-checklist-dart-8.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: DaRT 8.0 Planning Checklist -description: DaRT 8.0 Planning Checklist -author: dansimp -ms.assetid: 0a0f5a71-b1d6-424c-8174-fc5aad506928 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# DaRT 8.0 Planning Checklist - - -This checklist can be used to help you plan for preparing your computing environment for Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 deployment. - -**Note**   -This checklist outlines the recommended steps and a high-level list of items to consider when planning for product deployment. It is recommended that you copy this checklist into a spreadsheet program and customize it for your use. - - - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
TaskReferences
Checklist box

Review the DaRT 8.0 Supported Configurations information to confirm that the computers you have selected for client or feature installation meet the minimum hardware and operating system requirements.

DaRT 8.0 Supported Configurations

Checklist box

Understand the deployment prerequisites and decide which tools to include on the DaRT recovery image.

Planning to Create the DaRT 8.0 Recovery Image

Checklist box

Determine which method, or methods, you will use to deploy the DaRT recovery image.

Planning How to Save and Deploy the DaRT 8.0 Recovery Image

- - - -## Related topics - - -[Planning for DaRT 8.0](planning-for-dart-80-dart-8.md) - - - - - - - - - diff --git a/mdop/dart-v8/dart-80-privacy-statement-dart-8.md b/mdop/dart-v8/dart-80-privacy-statement-dart-8.md deleted file mode 100644 index f49f70867f..0000000000 --- a/mdop/dart-v8/dart-80-privacy-statement-dart-8.md +++ /dev/null @@ -1,116 +0,0 @@ ---- -title: DaRT 8.0 Privacy Statement -description: DaRT 8.0 Privacy Statement -author: dansimp -ms.assetid: db474241-e44e-4bca-9be4-3557a3614c2a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# DaRT 8.0 Privacy Statement - - -Microsoft is committed to protecting your privacy, while delivering software that brings you the performance, power, and convenience you desire in your personal computing. This privacy statement explains many of the data collection and use practices of Microsoft Diagnostics and Recovery Toolset (“DaRT”). This disclosure focuses on features that communicate with the Internet and is not intended to be an exhaustive list. - -Microsoft Diagnostics and Recovery Toolset (“DaRT”) enables administrators to easily recover PCs that have become unusable, rapidly diagnose probable causes of issues, and quickly repair unbootable or locked-out systems, all faster than the average time it takes to reimage the machine. When necessary, you can also quickly restore critical lost files. This release provides support for Windows 8 Beta as well as improvements on image creation and new hardware and software coverage. - -## Collection and Use of Your Information - - -The information we collect from you will be used by Microsoft and its controlled subsidiaries and affiliates to enable the features you are using and provide the service(s) or carry out the transaction(s) you have requested or authorized. It may also be used to analyze and improve Microsoft products and services. - -We may send certain mandatory service communications such as welcome letters, billing reminders, information on technical service issues, and security announcements. Some Microsoft services may send periodic member letters that are considered part of the service. We may occasionally request your feedback, invite you to participate in surveys, or send you promotional mailings to inform you of other products or services available from Microsoft and its affiliates. - -In order to offer you a more consistent and personalized experience in your interactions with Microsoft, information collected through one Microsoft service may be combined with information obtained through other Microsoft services. We may also supplement the information we collect with information obtained from other companies. For example, we may use services from other companies that enable us to derive a general geographic area based on your IP address in order to customize certain services to your geographic area. - -Except as described in this statement, personal information you provide will not be transferred to third parties without your consent. We occasionally hire other companies to provide limited services on our behalf, such as packaging, sending and delivering purchases and other mailings, answering customer questions about products or services, processing event registration, or performing statistical analysis of our services. We will only provide those companies the personal information they need to deliver the service, and they are prohibited from using that information for any other purpose. - -Microsoft may access or disclose information about you, including the content of your communications, in order to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft or our customers, including the enforcement of our agreements or policies governing your use of the services; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers, or the public. We may also disclose personal information as part of a corporate transaction such as a merger or sale of assets. - -Information that is collected by or sent to Microsoft by DaRT may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries, or service providers maintain facilities. Microsoft abides by the safe harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union, the European Economic Area, and Switzerland. - -## Collection and Use of Information about Your Computer - - -When you use software with Internet-enabled features, information about your computer ("standard computer information") is sent to the Web sites you visit and online services you use. Microsoft uses standard computer information to provide you Internet-enabled services, to help improve our products and services, and for statistical analysis. Standard computer information typically includes information such as your IP address, operating system version, browser version, and regional and language settings. In some cases, standard computer information may also include hardware ID, which indicates the device manufacturer, device name, and version. If a particular feature or service sends information to Microsoft, standard computer information will be sent as well. - -The privacy details for each DaRT feature, software or service listed in this privacy statement describe what additional information is collected and how it is used. - -## Security of your information - - -Microsoft is committed to helping protect the security of your information. We use a variety of security technologies and procedures to help protect your information from unauthorized access, use, or disclosure. For example, we store the information you provide on computer systems with limited access, which are located in controlled facilities. - -## Changes to this privacy statement - - -We will occasionally update this privacy statement to reflect changes in our products, services, and customer feedback. When we post changes, we will revise the "last updated" date at the top of this statement. If there are material changes to this statement or in how Microsoft will use your personal information, we will notify you either by posting a notice of such changes prior to implementing the change or by directly sending you a notification. We encourage you to periodically review this statement to be informed of how Microsoft is protecting your information. - -## For More Information - - -Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement or believe that we have not adhered to it, please [contact us](https://go.microsoft.com/fwlink/?LinkID=245853). - -Microsoft PrivacyMicrosoft CorporationOne Microsoft WayRedmond, Washington 98052 USA - -## Specific Features - - -## Microsoft Update - - -**What This Feature Does:** - -Microsoft Update is a service that provides Windows updates as well as updates for other Microsoft software. - -**Information Collected, Processed, or Transmitted:** - -For details about what information is collected and how it is used, see the Update Services Privacy Statement at . - -**Use of Information:** - -For details about what information is collected and how it is used, see the Update Services Privacy Statement at . - -**Choice/Control:** - -For details about controlling this feature, see the Update Services Privacy Statement at [https://go.microsoft.com/fwlink/?LinkId=244000](https://go.microsoft.com/fwlink/?LinkId=244400). - -## Microsoft Defender Offline - - -**What This Feature Does:** - -Microsoft Defender Offline (WDO) is included in the DaRT download. WDO helps protect your PC from malicious software (malware) such as viruses, spyware, and other potentially harmful software. - -**Information Collected, Processed, or Transmitted:** - -For details about what information is collected and how it is used, see the WDO Privacy Statement at [https://go.microsoft.com/fwlink/?LinkId=246081](https://go.microsoft.com/fwlink/?LinkID=211807). - -**Use of Information:** - -For details about what information is collected and how it is used, see the WDO Privacy Statement at . - -**Choice/Control:** - -For details about controlling this feature, see the Microsoft Defender Offline Privacy Statement at . - -## Related topics - - -[Security and Privacy for DaRT 8.0](security-and-privacy-for-dart-80-dart-8.md) - -  - -  - - - - - diff --git a/mdop/dart-v8/dart-80-supported-configurations-dart-8.md b/mdop/dart-v8/dart-80-supported-configurations-dart-8.md deleted file mode 100644 index ba3ca72434..0000000000 --- a/mdop/dart-v8/dart-80-supported-configurations-dart-8.md +++ /dev/null @@ -1,307 +0,0 @@ ---- -title: DaRT 8.0 Supported Configurations -description: DaRT 8.0 Supported Configurations -author: dansimp -ms.assetid: 95d68e5c-d202-4f4a-adef-d2098328172e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# DaRT 8.0 Supported Configurations - - -This topic specifies the prerequisite software and supported configurations requirements that are necessary to install and run Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 in your environment. Both the operating system requirements and the system requirements that are required to run DaRT 8.0 are specified. For information about prerequisites that you need to consider to create the DaRT recovery image, see [Planning to Create the DaRT 8.0 Recovery Image](planning-to-create-the-dart-80-recovery-image-dart-8.md). - -For supported configurations that apply to later releases, see the documentation for the applicable release. - -You can install DaRT in one of two ways. You can install all functionality on an IT administrator computer, where you will perform all the tasks associated with running DaRT. Alternatively, you can install, on the administrator computer, only the DaRT functionality that creates the recovery image, and then install the functionality used to run DaRT (that is, the DaRT Remote Connection Viewer) on a help desk computer. - -## DaRT 8.0 prerequisite software - - -Make sure that the following prerequisites are met before you install DaRT. - -### Administrator computer prerequisites - -The following table lists the installation prerequisites for the administrator computer when you are installing DaRT 8.0 and all of the DaRT tools. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
PrerequisiteDetails

Windows Assessment and Development Kit (ADK)

Required for the DaRT Recovery Image wizard. Contains the Deployment Tools, which are used to customize, deploy, and service Windows images, and contains the Windows Preinstallation Environment (Windows PE). The ADK is not required if you are installing only the Remote Connection Viewer and/or Crash Analyzer.

.NET Framework 4.5

Required by the DaRT Recovery Image wizard.

Windows Development Kit OR Software Development Kit (optional)

Crash Analyzer requires the Windows 8 Debugging Tools from the Windows Driver Kit to analyze memory dump files.

Windows 8 64-bit ISO image

DaRT requires the Windows Recovery Environment (Windows RE) image from the Windows 8 media. Download the 32-bit or 64-bit version of Windows 8, depending on the type of DaRT recovery image you want to create. If you support both system types in your environment, download both versions of Windows 8.

- - - -### Help desk computer prerequisites - -The following table lists the installation prerequisites for the help desk computer when you are running the DaRT 8.0 Remote Connection Viewer. - - ---- - - - - - - - - - - - - - - - - - - - - -
PrerequisiteDetails

DaRT 8.0 Remote Connection Viewer

Must be installed on a Windows 8 operating system.

NET Framework 4.5

Required by the DaRT Recovery Image wizard

Debugging Tools for Windows

Required only if you are installing the Crash Analyzer tool

- - - -### End-user computer prerequisites - -There is no prerequisite software that must be installed on end-user computers, other than the Windows 8 operating system. - -## DaRT operating system requirements - - -### Administrator computer system requirements - -The following table lists the operating systems that are supported for the DaRT administrator computer installation. - -**Note**   -Make sure that you allocate enough space for any additional tools that you want to install on the administrator computer. - - - -**Note**   -Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976). - - - - -------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackSystem ArchitectureOperating System RequirementsRAM Requirement for Running DaRT

Windows 8

All editions

N/A

64-bit

2 GB

2.5 GB

Windows 8

All editions

N/A

32-bit

1 GB

1.5 GB

Windows Server 2012

Standard, Enterprise, Data Center

N/A

64-bit

512 MB

1 .0 GB

- - - -### DaRT help desk computer system requirements - -If you allow a help desk to remotely troubleshoot computers, you must have the Remote Connection Viewer installed on the help desk computer. You can optionally install the Crash Analyzer tool on the help desk computer. - -DaRT 8.0 enables a help desk worker to connect to a DaRT 8.0 computer by using either the DaRT 7.0 or DaRT 8.0 Remote Connection Viewer. The DaRT 7.0 Remote Connection Viewer requires a Windows 7 operating system, while the DaRT 8.0 Remote Connection Viewer requires Windows 8. The DaRT 8.0 Remote Connection Viewer and all other DaRT 8.0 tools can be installed only on a computer running Windows 8. - -The following table lists the operating systems that are supported for the DaRT help desk computer installation. - - -------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackSystem ArchitectureOperating System RequirementsRAM Requirements for Running DaRT

Windows 8

All editions

N/A

64-bit

2 GB

2.5 GB

Windows 8 (with Remote Connection Viewer 8.0 only)

All editions

N/A

32-bit

1 GB

1.5 GB

Windows 7 (with Remote Connection Viewer 7.0 only)

All editions

SP1, SP2

64-bit or 32-bit

1 GB

N/A

Windows Server 2012

Standard, Enterprise, Data Center

N/A

64-bit

51

1.0 GB

- - - -DaRT also has the following minimum hardware requirements for the end-user computer: - -A CD or DVD drive or a USB port - required only if you are deploying DaRT in your enterprise by using a CD, DVD, or USB. - -BIOS support for starting the computer from a CD or DVD, a USB flash drive, or from a remote or recovery partition. - -### DaRT end-user computer system requirements - -The Diagnostics and Recovery Toolset window in DaRT requires that the end-user computer use one of the following operating systems together with the specified amount of system memory available for DaRT: - - -------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackSystem ArchitectureOperating System RequirementsRAM Requirements

Windows 8

All editions

N/A

64-bit

2 GB

2.5 GB

Windows 8

All editions

N/A

32-bit

1 GB

1.5 GB

Windows Server 2012

Standard, Enterprise, Data Center

N/A

64-bit

512 MB

1.0 GB

- - - -## Related topics - - -[Planning to Deploy DaRT 8.0](planning-to-deploy-dart-80-dart-8.md) - - - - - - - - - diff --git a/mdop/dart-v8/deploying-dart-80-dart-8.md b/mdop/dart-v8/deploying-dart-80-dart-8.md deleted file mode 100644 index 0bfff42e41..0000000000 --- a/mdop/dart-v8/deploying-dart-80-dart-8.md +++ /dev/null @@ -1,65 +0,0 @@ ---- -title: Deploying DaRT 8.0 -description: Deploying DaRT 8.0 -author: dansimp -ms.assetid: 5a976d4e-3372-4ef6-9095-1b48e99af21b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Deploying DaRT 8.0 - - -Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 supports a number of different deployment configurations. This section includes information you should consider about the deployment of DaRT 8.0 and step-by-step procedures to help you successfully perform the tasks that you must complete at different stages of your deployment. - -## Deployment Information - - -- [Deploying DaRT 8.0 to Administrator Computers](deploying-dart-80-to-administrator-computers-dart-8.md) - - This section describes the different DaRT deployment options for your requirements and explains how to deploy them. - -- [Creating the DaRT 8.0 Recovery Image](creating-the-dart-80-recovery-image-dart-8.md) - - This section describes the methods you can use to create the DaRT recovery image and provides instructions to create the recovery image by using the DaRT Recovery Image wizard. - -- [Deploying the DaRT Recovery Image](deploying-the-dart-recovery-image-dart-8.md) - - This section provides information to help you decide on the best DaRT recovery image deployment option for your requirements and provides instructions on how to deploy the recovery image. - -- [DaRT 8.0 Deployment Checklist](dart-80-deployment-checklist-dart-8.md) - - This section contains a deployment checklist that can help you to deploy DaRT. - -### How to get DaRT - -This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Enterprise customers can get MDOP with Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/p/?LinkId=322049) (https://go.microsoft.com/fwlink/p/?LinkId=322049). - -## Other Resources for deploying DaRT - - -[Diagnostics and Recovery Toolset 8 Administrator's Guide](index.md) - -[Getting Started with DaRT 8.0](getting-started-with-dart-80-dart-8.md) - -[Planning for DaRT 8.0](planning-for-dart-80-dart-8.md) - -[Operations for DaRT 8.0](operations-for-dart-80-dart-8.md) - -[Troubleshooting DaRT 8.0](troubleshooting-dart-80-dart-8.md) - -  - -  - - - - - diff --git a/mdop/dart-v8/deploying-dart-80-to-administrator-computers-dart-8.md b/mdop/dart-v8/deploying-dart-80-to-administrator-computers-dart-8.md deleted file mode 100644 index 9a76b0e3ae..0000000000 --- a/mdop/dart-v8/deploying-dart-80-to-administrator-computers-dart-8.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: Deploying DaRT 8.0 to Administrator Computers -description: Deploying DaRT 8.0 to Administrator Computers -author: dansimp -ms.assetid: f918ead8-742e-464a-8bf6-1fcedde66cae -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Deploying DaRT 8.0 to Administrator Computers - - -Before you begin the deployment of Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0, review the requirements for your environment. This includes the hardware requirements for installing DaRT 8.0. For more information about DaRT hardware and software requirements, see [DaRT 8.0 Supported Configurations](dart-80-supported-configurations-dart-8.md). - -The topics in this section can be used to help you deploy DaRT in your enterprise based on your environment and deployment strategy. - -## Deploy DaRT 8.0 - - -You can use the Windows Installer file for DaRT to install DaRT on a computer that you will use to first create the DaRT recovery image and then troubleshoot and fix end-user computers. Frequently, across an organization, you might install on the administrator computer only the DaRT functionality that you need to create a DaRT recovery image. Then, on a help desk administrator’s computer, you might install only the DaRT functionality that you must have to troubleshoot a problem computer, such as the DaRT Remote Connection Viewer and the Crash Analyzer. - -In addition to manually running the Windows Installer file to install DaRT, you can also install DaRT at the command prompt to support enterprise software deployment systems such as System Center Configuration Manager 2012. - -[How to Deploy DaRT 8.0](how-to-deploy-dart-80-dart-8.md) - -## Change, repair, or remove DaRT 8.0 - - -You can change, repair, or remove the DaRT installation by double-clicking the DaRT installation file and then clicking the button that corresponds to the action that you want to perform or through the Windows Control Panel. - -[How to Change, Repair, or Remove DaRT 8.0](how-to-change-repair-or-remove-dart-80-dart-8.md) - -## How to get DaRT 8.0 - - -To get the DaRT software, see [How to Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049). - -## Other resources for deploying the DaRT 8.0 to administrator computers - - -[Deploying DaRT 8.0](deploying-dart-80-dart-8.md) - -  - -  - - - - - diff --git a/mdop/dart-v8/deploying-the-dart-recovery-image-dart-8.md b/mdop/dart-v8/deploying-the-dart-recovery-image-dart-8.md deleted file mode 100644 index 38d53ac43d..0000000000 --- a/mdop/dart-v8/deploying-the-dart-recovery-image-dart-8.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: Deploying the DaRT Recovery Image -description: Deploying the DaRT Recovery Image -author: dansimp -ms.assetid: df5cb54a-be8c-4ed2-89ea-d3c67c2ef4d4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploying the DaRT Recovery Image - - -After you have created the International Organization for Standardization (ISO) file that contains the Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 recovery image, you can deploy the DaRT 8.0 recovery image throughout your enterprise so that it is available to end users and help desk workers. There are four supported methods that you can use to deploy the DaRT recovery image. To review the advantages and disadvantages of each method, see [Planning How to Save and Deploy the DaRT 8.0 Recovery Image](planning-how-to-save-and-deploy-the-dart-80-recovery-image-dart-8.md). - -Burn the ISO image file to a CD or DVD by using the DaRT Recovery Image wizard - -Save the contents of the ISO image file to a USB Flash Drive (UFD) by using the DaRT Recovery Image wizard - -Extract the boot.wim file from the ISO image and deploy as a remote partition that is available to end-user computers - -Extract the boot.wim file from the ISO image and deploy in the recovery partition of a new Windows 8 installation - -**Important**   -The **DaRT Recovery Image Wizard** provides the option to burn the image to a CD, DVD or UFD, but the other methods of saving and deploying the recovery image require additional steps that involve tools that are not included in DaRT. Some guidance and links for these other methods are provided in this section. - - - -## Deploy the DaRT recovery image as part of a recovery partition - - -After you have finished running the DaRT Recovery Image wizard and created the recovery image, you can extract the boot.wim file from the ISO image file and deploy it as a recovery partition in a Windows 8 image. - -[How to Deploy the DaRT Recovery Image as Part of a Recovery Partition](how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-8.md) - -## Deploy the DaRT recovery image as a remote partition - - -You can host the recovery image on a central network boot server, such as Windows Deployment Services, and allow users or support staff to stream the image to computers on demand. - -[How to Deploy the DaRT Recovery Image as a Remote Partition](how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-8.md) - -## Other resources for deploying the DaRT recovery image - - -[Deploying DaRT 8.0](deploying-dart-80-dart-8.md) - - - - - - - - - diff --git a/mdop/dart-v8/diagnosing-system-failures-with-crash-analyzer--dart-8.md b/mdop/dart-v8/diagnosing-system-failures-with-crash-analyzer--dart-8.md deleted file mode 100644 index 4553af5ce2..0000000000 --- a/mdop/dart-v8/diagnosing-system-failures-with-crash-analyzer--dart-8.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: Diagnosing System Failures with Crash Analyzer -description: Diagnosing System Failures with Crash Analyzer -author: dansimp -ms.assetid: ce3d3186-54fb-45b2-b5ce-9bb7841db28f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Diagnosing System Failures with Crash Analyzer - - -The **Crash Analyzer** in Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 lets you debug a memory dump file on a Windows-based computer and then diagnose any related computer errors. The **Crash Analyzer** uses the Microsoft Debugging Tools for Windows to examine a memory dump file for the driver that caused the computer to fail. You can run the Crash Analyzer on an end-user computer or in stand-alone mode on a computer other than an end-user computer. - -## Run the Crash Analyzer on an end-user-computer - - -Typically, you run **Crash Analyzer** from the **Diagnostics and Recovery Toolset** window on an end-user computer that is experiencing the problem. The **Crash Analyzer** tries to locate the Debugging Tools for Windows on the problem computer. If the directory path dialog box is empty, you must enter the location, or browse to the location of the Debugging Tools for Windows (you can download the files from Microsoft). You must also provide a path to where the symbol files are located. - -If you included the Microsoft Debugging Tools for Windows and the symbol files when you created the DaRT 8.0 recovery image, the Tools and symbol files should be available when you run the **Crash Analyzer** on the problem computer. If you did not include them in the DaRT recovery image, or if disk size or network connectivity problems are preventing you from obtaining them, you can alternatively run the Crash Analyzer in stand-alone mode on a computer other than the end user’s computer, as described in the following section. - -[How to Run the Crash Analyzer on an End-user Computer](how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-8.md) - -## Run the Crash Analyzer in stand-alone mode on a computer other than an end user’s computer - - -Although you typically run **Crash Analyzer** on the end-user computer that is experiencing the problem, you can also run the Crash Analyzer in stand-alone mode, on a computer other than an end-user computer. You might choose this option if you did not include the Windows Debugging Tools in the DaRT recovery image, or if disk size or network connectivity problems are preventing you from obtaining the Debugging Tools. In this case, you can copy the dump file from the problem computer and analyze it on a computer that has the stand-alone version of **Crash Analyzer** installed, such as on a help desk agent’s computer. - -[How to Run the Crash Analyzer in Stand-alone Mode on a Computer Other than an End-user Computer](how-to-run-the-crash-analyzer-in-stand-alone-mode-on-a-computer-other-than-an-end-user-computer-dart-8.md) - -## How to ensure that Crash Analyzer can access symbol files - - -To debug applications that have stopped responding, you need access to the symbol file, which is separate from the program. Although symbol files are automatically downloaded when you run Crash Analyzer, there might be times when the problem computer does not have access to the Internet. There are several ways to ensure that you have guaranteed access to symbol files. - -[How to Ensure that Crash Analyzer Can Access Symbol Files](how-to-ensure-that-crash-analyzer-can-access-symbol-files.md) - -## Other resources for diagnosing system failures with Crash Analyzer - - -[Operations for DaRT 8.0](operations-for-dart-80-dart-8.md) - -  - -  - - - - - diff --git a/mdop/dart-v8/getting-started-with-dart-80-dart-8.md b/mdop/dart-v8/getting-started-with-dart-80-dart-8.md deleted file mode 100644 index 66f6c6ad7d..0000000000 --- a/mdop/dart-v8/getting-started-with-dart-80-dart-8.md +++ /dev/null @@ -1,69 +0,0 @@ ---- -title: Getting Started with DaRT 8.0 -description: Getting Started with DaRT 8.0 -author: dansimp -ms.assetid: 579d18c5-7434-4a0e-9725-fb81ca5e3c6d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Getting Started with DaRT 8.0 - - -Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 requires thorough planning before you deploy it or use its features. If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at [https://go.microsoft.com/fwlink/p/?LinkId=80347](https://go.microsoft.com/fwlink/?LinkId=80347). - -**Note**   -A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at (https://go.microsoft.com/fwlink/?LinkId=272493). - -Additional downloadable information about this product can also be found at . - - - -## Getting started with DaRT 8.0 - - -- [About DaRT 8.0](about-dart-80-dart-8.md) - - Provides information specifically related to DaRT, including what is new in DaRT 8.0. - -- [Overview of the Tools in DaRT 8.0](overview-of-the-tools-in-dart-80-dart-8.md) - - Describes the tools in DaRT 8.0. - -- [Accessibility for DaRT 8.0](accessibility-for-dart-80-dart-8.md) - - Provides information about features and services that make this product and its corresponding documentation more accessible for people with disabilities. - -## How to Get DaRT 8.0 - - -DaRT 8.0 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049). - -## Other resources for this product - - -[Diagnostics and Recovery Toolset 8 Administrator's Guide](index.md) - -[Planning for DaRT 8.0](planning-for-dart-80-dart-8.md) - -[Deploying DaRT 8.0](deploying-dart-80-dart-8.md) - -[Operations for DaRT 8.0](operations-for-dart-80-dart-8.md) - -[Troubleshooting DaRT 8.0](troubleshooting-dart-80-dart-8.md) - - - - - - - - - diff --git a/mdop/dart-v8/how-to-change-repair-or-remove-dart-80-dart-8.md b/mdop/dart-v8/how-to-change-repair-or-remove-dart-80-dart-8.md deleted file mode 100644 index 07b0c8b5bf..0000000000 --- a/mdop/dart-v8/how-to-change-repair-or-remove-dart-80-dart-8.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: How to Change, Repair, or Remove DaRT 8.0 -description: How to Change, Repair, or Remove DaRT 8.0 -author: dansimp -ms.assetid: a9737635-aaf5-45bd-861f-f9dff4f02336 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Change, Repair, or Remove DaRT 8.0 - - -You can change, repair, or remove the Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 installation by double-clicking the DaRT 8.0 installation file and then clicking the button that corresponds to the action that you want to perform. - -You can also change, repair, or remove the DaRT installation using the Windows Control Panel by completing the following steps. - -## To change, repair, or remove DaRT - - -1. Click **Start**, and then click **Control Panel**. - -2. On **Control Panel**, navigate to the feature that lets you uninstall programs. - -3. Click **Microsoft Diagnostics and Recovery Toolset 8.0**, and then click the button that corresponds to the action that you want to perform. - -## Related topics - - -[Deploying DaRT 8.0 to Administrator Computers](deploying-dart-80-to-administrator-computers-dart-8.md) - -  - -  - - - - - diff --git a/mdop/dart-v8/how-to-deploy-dart-80-dart-8.md b/mdop/dart-v8/how-to-deploy-dart-80-dart-8.md deleted file mode 100644 index 64defad414..0000000000 --- a/mdop/dart-v8/how-to-deploy-dart-80-dart-8.md +++ /dev/null @@ -1,111 +0,0 @@ ---- -title: How to Deploy DaRT 8.0 -description: How to Deploy DaRT 8.0 -author: dansimp -ms.assetid: ab772e7a-c02f-4847-acdf-8bd362769a77 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Deploy DaRT 8.0 - - -The following instructions explain how to deploy Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 in your environment. To get the DaRT software, see [How to Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049). It is assumed that you are installing all functionality on one administrator computer. If you need to deploy or uninstall DaRT 8.0 on multiple computers, using an electronic software distribution system, for example, it might be easier to use command line installation options. Descriptions and examples of the available command line options are provided in this section. - -**Important**   -Before you install DaRT, see [DaRT 8.0 Supported Configurations](dart-80-supported-configurations-dart-8.md) to ensure that you have installed all of the prerequisite software and that the computer meets the minimum system requirements. The computer onto which you install DaRT must be running Windows 8 or Windows Server 2012. - - - -You can install DaRT using one of two different configurations: - -- Install DaRT and all of the DaRT tools on the administrator computer. - -- Install on the administrator computer only the tools that you need to create the DaRT recovery image, and then install the **Remote Connection Viewer** and, optionally, **Crash Analyzer** on a help desk computer. - -The DaRT installation file is available in both 32-bit and 64-bit versions. Install the version that matches the architecture of the computer on which you are running the DaRT Recovery Image wizard, not the computer architecture of the recovery image that you are creating. - -You can use either version of the DaRT installation file to create a recovery image for either 32-bit or 64-bit computers, but you cannot create one recovery image for both 32-bit and 64-bit computers. - -**To install DaRT and all DaRT tools on an administrator computer** - -1. Download the 32-bit or 64-bit version of the DaRT 8.0 installer file. Choose the architecture that matches the computer on which you are installing DaRT and running the DaRT Recovery Image wizard. - -2. From the folder into which you downloaded DaRT 8.0, run the **MSDaRT80.msi** installation file that corresponds to your system requirements. - -3. On the **Welcome to the Microsoft DaRT 8.0 Setup Wizard** page, click **Next**. - -4. Accept the Microsoft Software License Terms, and then click **Next**. - -5. On the **Microsoft Update** page, select **Use Microsoft Update when I check for updates**, and then click **Next**. - -6. On the **Select Installation Folder** page, select a folder, or click **Next** to install DaRT in the default installation location. - -7. On the **Setup Options** page, select the DaRT features that you want to install, or click **Next** to install DaRT with all of the features. - -8. To start the installation, click **Install**. - -9. After the installation has completed successfully, click **Finish** to exit the wizard. - -## To install DaRT and all DaRT tools on an administrator computer by using a command prompt - - -When you install or uninstall DaRT, you have the option of running the installation files at the command prompt. This section describes some examples of different options that you can specify when you install or uninstall DaRT at the command prompt. - -The following example shows how to install all DaRT functionality. - -``` syntax -msiexec /i MSDaRT80.msi ADDLOCAL=CommonFiles, DaRTRecoveryImage,CrashAnalyzer,RemoteViewer -``` - -The following example shows how to install only the DaRT Recovery Image wizard. - -``` syntax -msiexec /i MSDaRT80.msi ADDLOCAL=CommonFiles, ,DaRTRecoveryImage -``` - -The following example shows how to install only the Crash Analyzer and the DaRT Remote Connection Viewer. - -``` syntax -msiexec /i MSDaRT80.msi ADDLOCAL=CommonFiles,CrashAnalyzer,RemoteViewer -``` - -The following example creates a setup log for the Windows Installer. This is valuable for debugging. - -``` syntax -msiexec.exe /i MSDaRT80.msi /l*v log.txt -``` - -**Note**   -You can add /qn or /qb to perform a silent installation. - - - -**To validate the DaRT installation** - -1. Click **Start**, and select **Diagnostics and Recovery Toolset**. - - The **Diagnostics and Recovery Toolset** window opens. - -2. Check that all of the DaRT tools that you selected for installation were successfully installed. - -## Related topics - - -[Deploying DaRT 8.0 to Administrator Computers](deploying-dart-80-to-administrator-computers-dart-8.md) - - - - - - - - - diff --git a/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-8.md b/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-8.md deleted file mode 100644 index db1b6db9c4..0000000000 --- a/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-8.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: How to Deploy the DaRT Recovery Image as a Remote Partition -description: How to Deploy the DaRT Recovery Image as a Remote Partition -author: dansimp -ms.assetid: 58f4a6c6-6193-42bd-a095-0de868711af9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Deploy the DaRT Recovery Image as a Remote Partition - - -After you have finished running the Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 Recovery Image wizard and created the recovery image, you can extract the boot.wim file from the ISO image file and deploy it as a remote partition on the network. - -**To deploy DaRT 8.0 as a remote partition** - -1. Extract the boot.wim file from the DaRT ISO image file. - - 1. Mount the ISO image file that you created in the **Create Startup Image** dialog box by using your company’s preferred method of mounting an image. - - 2. Open the ISO image file and copy the boot.wim file from the \\sources folder in the mounted image to a location on your computer or on an external drive. - - **Note**   - If you burned a CD or DVD of the recovery image, you can open the files on the CD or DVD and copy the boot.wim file from the \\sources folder. This lets you skip the need to mount the image. - - - -2. Deploy the boot.wim file to a WDS server that can be accessed from end-user computers in your enterprise. - -3. Configure the WDS server to use the boot.wim file for DaRT by following your standard WDS deployment procedures. - -For more information about how to deploy DaRT as a remote partition, see [Walkthrough: Deploy an Image by Using PXE](https://go.microsoft.com/fwlink/?LinkId=212108) and [Windows Deployment Services Getting Started Guide](https://go.microsoft.com/fwlink/?LinkId=212106). - -## Related topics - - -[Creating the DaRT 8.0 Recovery Image](creating-the-dart-80-recovery-image-dart-8.md) - -[Deploying the DaRT Recovery Image](deploying-the-dart-recovery-image-dart-8.md) - -[Planning for DaRT 8.0](planning-for-dart-80-dart-8.md) - - - - - - - - - diff --git a/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-8.md b/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-8.md deleted file mode 100644 index 2f572440c7..0000000000 --- a/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-8.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: How to Deploy the DaRT Recovery Image as Part of a Recovery Partition -description: How to Deploy the DaRT Recovery Image as Part of a Recovery Partition -author: dansimp -ms.assetid: 07c5d539-51d9-4759-adc7-72b40d5d7bb3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Deploy the DaRT Recovery Image as Part of a Recovery Partition - - -After you have finished running the Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 Recovery Image wizard and created the recovery image, you can extract the boot.wim file from the ISO image file and deploy it as a recovery partition in a Windows 8 image. A partition is recommended, because any corruption issues that prevent the Windows operating system from starting would also prevent the recovery image from starting. A separate partition also eliminates the need to provide the BitLocker recovery key twice. Consider hiding the partition to prevent users from storing files on it. - -**To deploy DaRT in the recovery partition of a Windows 8 image** - -1. Create a target partition in your Windows 8 image that is equal to or greater than the size of the ISO image file that you created by using the **DaRT 8.0 Recovery Image wizard**. - - The minimum size required for a DaRT partition is 500MB to accommodate the remote connection functionality in DaRT. - -2. Extract the boot.wim file from the DaRT ISO image file. - - 1. Using your company’s preferred method, mount the ISO image file that you created on the **Create Startup Image** page. - - 2. Open the ISO image file and copy the boot.wim file from the \\sources folder in the mounted image to a location on your computer or on an external drive. - - **Note**   - If you burned a CD, DVD, or USB of the recovery image, you can open the files on the removable media and copy the boot.wim file from the \\sources folder. If you copy boot.wim file, you don’t need to mount the image. - - - -3. Use the boot.wim file to create a bootable recovery partition by using your company’s standard method for creating a custom Windows RE image. - - For more information about how to create or customize a recovery partition, see [Customizing the Windows RE Experience](https://go.microsoft.com/fwlink/?LinkId=214222). - -4. Replace the target partition in your Windows 8 image with the recovery partition. - - For more information about how to deploy a recovery solution to reinstall the factory image in the event of a system failure, see [Deploy a System Recovery Image](https://go.microsoft.com/fwlink/?LinkId=214221). - -## Related topics - - -[Creating the DaRT 8.0 Recovery Image](creating-the-dart-80-recovery-image-dart-8.md) - -[Deploying the DaRT Recovery Image](deploying-the-dart-recovery-image-dart-8.md) - -[Planning for DaRT 8.0](planning-for-dart-80-dart-8.md) - - - - - - - - - diff --git a/mdop/dart-v8/how-to-ensure-that-crash-analyzer-can-access-symbol-files.md b/mdop/dart-v8/how-to-ensure-that-crash-analyzer-can-access-symbol-files.md deleted file mode 100644 index e6b4f6ad25..0000000000 --- a/mdop/dart-v8/how-to-ensure-that-crash-analyzer-can-access-symbol-files.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: How to Ensure that Crash Analyzer Can Access Symbol Files -description: How to Ensure that Crash Analyzer Can Access Symbol Files -author: dansimp -ms.assetid: 99839013-1cd8-44d1-8484-0e15261c5a4b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Ensure that Crash Analyzer Can Access Symbol Files - - -Typically, debugging information is stored in a symbol file that is separate from the program. You must have access to the symbol information when you debug an application that has stopped responding. - -Symbol files are automatically downloaded when you run **Crash Analyzer**. If the computer does not have an Internet connection or the network requires the computer to access an HTTP proxy server, the symbol files cannot be downloaded. - -**To ensure that Crash Analyzer can access symbol files** - -1. **Copy the dump file to another computer.** If the symbols cannot be downloaded because of a lack of an Internet connection, copy the memory dump file to a computer that does have an Internet connection and run the stand-alone **Crash Analyzer Wizard** on that computer. - -2. **Access the symbol files from another computer.** If the symbols cannot be downloaded because of a lack of an Internet connection, you can download the symbols from a computer that does have an Internet connection and then copy them to the computer that does not have an Internet connection, or you can map a network drive to a location where the symbols are available on the local network. If you run the **Crash Analyzer** in a Windows Recovery Environment (Windows RE), you can include the symbol files on the Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 recovery image. - -3. **Access symbol files through an HTTP proxy server.** If the symbols cannot be downloaded because an HTTP proxy server must be accessed, use the following steps to access an HTTP proxy server. In DaRT 8.0, the **Crash Analyzer Wizard** has a setting available on the **Specify Symbol Files Location** dialog page, marked with the label **Proxy server (optional, using the format "server:port")**. You can use this text box to specify a proxy server. Enter the proxy address in the form **<hostname>:<port>**, where the <**hostname**> is a DNS name or IP address, and the <**port**> is a TCP port number, usually 80. There are two modes in which the **Crash Analyzer** can be run. Following is how you use the proxy setting in each of these modes: - - - **Online mode:** In this mode, if the proxy server field is left blank, the wizard uses the proxy settings from Internet Options in Control Panel. If you enter a proxy address in the text box which is provided, that address will be used, and it will override the setting in the Internet Options. - - - Windows Recovery Environment (Windows RE): When you run **Crash Analyzer** from the **Diagnostics and Recovery Toolset** window, there is no default proxy address. If the computer is directly connected to the Internet, a proxy address is not required. Therefore, you can leave this field blank in the wizard setting. If the computer is not directly connected to the Internet, and it is in a network environment that has a proxy server, you must set the proxy field in the wizard to access the symbol store. The proxy address can be obtained from the network administrator. Setting the proxy server is important only when the public symbol store is connected to the Internet. If the symbols are already on the DaRT recovery image, or if they are available locally, setting the proxy server is not required. - -## Related topics - - -[Diagnosing System Failures with Crash Analyzer](diagnosing-system-failures-with-crash-analyzer--dart-8.md) - -[Operations for DaRT 8.0](operations-for-dart-80-dart-8.md) - -  - -  - - - - - diff --git a/mdop/dart-v8/how-to-perform-dart-tasks-by-using-powershell-commands-dart-8.md b/mdop/dart-v8/how-to-perform-dart-tasks-by-using-powershell-commands-dart-8.md deleted file mode 100644 index 8e49329140..0000000000 --- a/mdop/dart-v8/how-to-perform-dart-tasks-by-using-powershell-commands-dart-8.md +++ /dev/null @@ -1,72 +0,0 @@ ---- -title: How to Perform DaRT Tasks by Using PowerShell Commands -description: How to Perform DaRT Tasks by Using PowerShell Commands -author: dansimp -ms.assetid: bc788b00-38c7-4f57-a832-916b68264d89 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Perform DaRT Tasks by Using PowerShell Commands - - -Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 provides the following listed set of Windows PowerShell cmdlets. Administrators can use these PowerShell cmdlets to perform various DaRT 8.0 server tasks from the command prompt rather than from the DaRT Recovery Image wizard. - -## To administer DaRT by using PowerShell commands - - -Use the PowerShell cmdlets described here to administer DaRT. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
NameDescription

Copy-DartImage

Burns an ISO to a CD, DVD, or USB drive.

Export-DartImage

Allows the source WIM file, which contains a DaRT image, to be converted into an ISO file.

New-DartConfiguration

Creates a DaRT configuration object that is needed to apply a DaRT toolset to a Windows Image.

Set-DartImage

Applies a DartConfiguration object to a mounted Windows Image. This includes adding all files, configuration, and package dependencies.

- -  - -## Related topics - - -[Administering DaRT 8.0 Using PowerShell](administering-dart-80-using-powershell-dart-8.md) - -  - -  - - - - - diff --git a/mdop/dart-v8/how-to-recover-local-computers-by-using-the-dart-recovery-image-dart-8.md b/mdop/dart-v8/how-to-recover-local-computers-by-using-the-dart-recovery-image-dart-8.md deleted file mode 100644 index fc95efeecd..0000000000 --- a/mdop/dart-v8/how-to-recover-local-computers-by-using-the-dart-recovery-image-dart-8.md +++ /dev/null @@ -1,112 +0,0 @@ ---- -title: How to Recover Local Computers by Using the DaRT Recovery Image -description: How to Recover Local Computers by Using the DaRT Recovery Image -author: dansimp -ms.assetid: f679d522-49ab-429c-93d0-294c3f3e5639 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Recover Local Computers by Using the DaRT Recovery Image - - -Use these instructions to recover a computer when you are physically present at the end-user computer that is experiencing problems. - -**How to recover a local computer by using the DaRT recovery image** - -1. Boot the end-user computer by using the Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 recovery image. - - As the computer is booting into the DaRT 8.0 recovery image, the **NetStart** dialog box appears. - -2. When you are asked whether you want to initialize network services, select one of the following: - - **Yes** - it is assumed that a DHCP server is present on the network, and an attempt is made to obtain an IP address from the server. If the network uses static IP addresses instead of DHCP, you can later use the **TCP/IP Configuration** tool in DaRT to specify a static IP address. - - **No** - skip the network initialization process. - -3. Indicate whether you want to remap the drive letters. When you run Windows online, the system volume is typically mapped to drive C. However, when you run Windows offline under WinRE, the original system volume might be mapped to another drive, and this can cause confusion. If you decide to remap, DaRT tries to map the offline drive letters to match the online drive letters. Remapping is performed only if an offline operating system is selected later in the startup process. - -4. On the **System Recovery Options** dialog box, select a keyboard layout. - -5. Check the displayed system root directory, the kind of operating system installed, and the partition size. If you do not see your operating system listed, and suspect that the lack of drivers is a possible cause of the failure, click **Load Drivers** to load the suspect drivers, and then insert the installation media for the device and select the driver. - -6. Select the installation that you want to repair or diagnose, and then click **Next**. - - **Note** - If the Windows Recovery Environment (WinRE) detects or suspects that Windows 8 did not start correctly the last time that it was tried, **Startup Repair** might start to run automatically. - - - -~~~ -If any of the registry hives are corrupted or missing, Registry Editor and several other DaRT utilities will have limited functionality. If no operating system is selected, some tools will not be available. - -The **System Recovery Options** window appears and lists various recovery tools. -~~~ - -7. On the **System Recovery Options** window, click **Microsoft Diagnostics and Recovery Toolset**. - - The **Diagnostics and Recovery Toolset** window opens. You can now run any of the individual tools or wizards that were included when the DaRT recovery image was created. - -You can click **Help** on the **Diagnostics and Recovery Toolset** window to open the client Help file that provides detailed instruction and information needed to run the individual DaRT tools. You can also click the **Solution Wizard** on the **Diagnostics and Recovery Toolset** window to choose the best tool for the situation, based on a brief interview that the wizard provides. - -For general information about any of the DaRT tools, see [Overview of the Tools in DaRT 8.0](overview-of-the-tools-in-dart-80-dart-8.md). - -**How to run DaRT at the command prompt** - -- To run DaRT at the command prompt, specify the **netstart.exe** command then use any of the following parameters: - - - - - - - - - - - - - - - - - - - - - - - - -

Parameter

Description

-network

Initializes the network services.

-remount

Remaps the drive letters.

-prompt

Displays messages that ask the end user to specify whether to initialize the network and remap the drives.

-
- Warning

The end user’s response to the prompt overrides the –network and –remount switches.

-
-
- -
- - - -## Related topics - - -[Operations for DaRT 8.0](operations-for-dart-80-dart-8.md) - -[Recovering Computers Using DaRT 8.0](recovering-computers-using-dart-80-dart-8.md) - - - - - - - - - diff --git a/mdop/dart-v8/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-8.md b/mdop/dart-v8/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-8.md deleted file mode 100644 index e8ceaf560b..0000000000 --- a/mdop/dart-v8/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-8.md +++ /dev/null @@ -1,207 +0,0 @@ ---- -title: How to Recover Remote Computers by Using the DaRT Recovery Image -description: How to Recover Remote Computers by Using the DaRT Recovery Image -author: dansimp -ms.assetid: 363ccd48-6820-4b5b-a43a-323c0b208a9d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Recover Remote Computers by Using the DaRT Recovery Image - - -Use the Remote Connection feature in Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 to run the DaRT tools remotely on an end-user computer. After the end user provides the administrator or help desk worker with certain information, the IT administrator or help desk worker can take control of the end user's computer and run the necessary DaRT tools remotely. - -If you disabled the DaRT tools when you created the recovery image, you still have access to all of the tools. All of the tools, except Remote Connection, are unavailable to end users. - -**To recover a remote computer by using the DaRT recovery image** - -1. Boot an end-user computer by using the DaRT recovery image. - - You will typically use one of the following methods to boot into DaRT to recover a remote computer, depending on how you deploy the DaRT recovery image. For more information about deploying the DaRT recovery image, see [Deploying DaRT 8.0](deploying-dart-80-dart-8.md). - - - Boot into DaRT from a recovery partition on the problem computer. - - - Boot into DaRT from a remote partition on the network. - - For information about the advantages and disadvantages of each method, see [Planning How to Save and Deploy the DaRT 8.0 Recovery Image](planning-how-to-save-and-deploy-the-dart-80-recovery-image-dart-8.md). - - Whichever method that you use to boot into DaRT, you must enable the boot device in the BIOS for the boot option or options that you want to make available to the end user. - - **Note** - Configuring the BIOS is unique, depending on the kind of hard disk drive, network adapters, and other hardware that is used in your organization. - - - -~~~ -As the computer is booting into the DaRT recovery image, the **NetStart** dialog box appears. -~~~ - -2. When you are asked whether you want to initialize network services, select one of the following: - - **Yes** - it is assumed that a DHCP server is present on the network, and an attempt is made to obtain an IP address from the server. If the network uses static IP addresses instead of DHCP, you can later use the **TCP/IP Configuration** tool in DaRT to specify a static IP address. - - **No** - skip the network initialization process. - -3. Indicate whether you want to remap the drive letters. When you run Windows online, the system volume is typically mapped to drive C. However, when you run Windows offline under WinRE, the original system volume might be mapped to another drive, and this can cause confusion. If you decide to remap, DaRT tries to map the offline drive letters to match the online drive letters. Remapping is performed only if an offline operating system is selected later in the startup process. - -4. On the **System Recovery Options** dialog box, select a keyboard layout. - -5. Check the displayed system root directory, the kind of operating system installed, and the partition size. If you do not see your operating system listed, and suspect that the lack of drivers is a possible cause of the failure, click **Load Drivers** to load the suspect drivers, and then insert the installation media for the device and select the driver. - -6. Select the installation that you want to repair or diagnose, and then click **Next**. - - **Note** - If the Windows Recovery Environment (WinRE) detects or suspects that Windows 8 did not start correctly the last time that it was tried, **Startup Repair** might start to run automatically. For information about how to resolve this issue, see [Troubleshooting DaRT 8.0](troubleshooting-dart-80-dart-8.md). - - - -~~~ -If any of the registry hives are corrupted or missing, Registry Editor and several other DaRT utilities will have limited functionality. If no operating system is selected, some tools will not be available. - -The **System Recovery Options** window appears and lists various recovery tools. -~~~ - -7. On the **System Recovery Options** window, click **Microsoft Diagnostics and Recovery Toolset** to open the **Diagnostics and Recovery Toolset**. - -8. On the **Diagnostics and Recovery Toolset** window, click **Remote Connection** to open the **DaRT Remote Connection** window. If you are prompted to give the help desk remote access, click **OK**. - - The DaRT Remote Connection window opens and displays a ticket number, IP address, and port information. - -9. On the help desk computer, open the **DaRT Remote Connection Viewer**. - -10. Click **Start**, click **All Programs**, click **Microsoft DaRT 8.0**, and then click **DaRT Remote Connection Viewer**. - -11. In the **DaRT Remote Connection** window, enter the required ticket, IP address, and port information. - - **Note** - This information is created on the end-user computer and must be provided by the end user. There might be multiple IP addresses to choose from, depending on how many are available on the end-user computer. - - - -12. Click **Connect**. - -The IT administrator now assumes control of the end-user computer and can run the DaRT tools remotely. - -**Note** -A file is provided that is named inv32.xml and contains remote connection information, such as the port number and IP address. By default, the file is typically located at %windir%\\system32. - - - -**To customize the Remote Connection process** - -1. You can customize the Remote Connection process by editing the winpeshl.ini file. For more information about how to edit the winpeshl.ini file, see [Winpeshl.ini Files](https://go.microsoft.com/fwlink/?LinkId=219413). - - Specify the following commands and parameters to customize how a remote connection is established with an end-user computer: - - - - - - - - - - - - - - - - - - - - - - - - - - -
CommandParameterDescription

RemoteRecovery.exe

-nomessage

Specifies that the confirmation prompt is not displayed. Remote Connection continues just as if the end user had responded "Yes" to the confirmation prompt.

WaitForConnection.exe

none

Prevents a custom script from continuing until either Remote Connection is not running or a valid connection is established with the end-user computer.

-
- Important

This command serves no function if it is specified independently. It must be specified in a script to function correctly.

-
-
- -
- - - -2. The following is an example of a winpeshl.ini file that is customized to open the **Remote Connection** tool as soon as an attempt is made to boot into DaRT: - - ```ini - [LaunchApps] - "%windir%\system32\netstart.exe -network -remount" - "cmd /C start %windir%\system32\RemoteRecovery.exe -nomessage" - "%windir%\system32\WaitForConnection.exe" - "%SYSTEMDRIVE%\sources\recovery\recenv.exe" - ``` - -When DaRT starts, it creates the file inv32.xml in \\Windows\\System32\\ on the RAM disk. This file contains connection information: IP address, port, and ticket number. You can copy this file to a network share to trigger a Help desk workflow. For example, a custom program can check the network share for connection files, and then create a support ticket or send email notifications. - -**To run the Remote Connection Viewer at the command prompt** - -1. To run the **DaRT Remote Connection Viewer** at the command prompt, specify the **DartRemoteViewer.exe** command and use the following parameters: - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

-ticket=<ticketnumber>

Where <ticketnumber> is the ticket number, including the dashes, that is generated by Remote Connection.

-ipaddress=<ipaddress>

Where <ipaddress> is the IP address that is generated by Remote Connection.

-port=<port>

Where <port> is the port that corresponds to the specified IP address.

- - - -~~~ -**Note** -The variables for these parameters are created on the end-user computer and must be provided by the end user. -~~~ - - - -2. If all three parameters are specified and the data is valid, a connection is immediately tried when the program starts. If any parameter is not valid, the program starts as if there were no parameters specified. - -## Related topics - - -[Operations for DaRT 8.0](operations-for-dart-80-dart-8.md) - -[Recovering Computers Using DaRT 8.0](recovering-computers-using-dart-80-dart-8.md) - - - - - - - - - diff --git a/mdop/dart-v8/how-to-run-the-crash-analyzer-in-stand-alone-mode-on-a-computer-other-than-an-end-user-computer-dart-8.md b/mdop/dart-v8/how-to-run-the-crash-analyzer-in-stand-alone-mode-on-a-computer-other-than-an-end-user-computer-dart-8.md deleted file mode 100644 index 8f3cdb66ed..0000000000 --- a/mdop/dart-v8/how-to-run-the-crash-analyzer-in-stand-alone-mode-on-a-computer-other-than-an-end-user-computer-dart-8.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: How to Run the Crash Analyzer in Stand-alone Mode on a Computer Other than an End-user Computer -description: How to Run the Crash Analyzer in Stand-alone Mode on a Computer Other than an End-user Computer -author: dansimp -ms.assetid: b2f87144-6379-478a-802b-9cfef5242f34 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Run the Crash Analyzer in Stand-alone Mode on a Computer Other than an End-user Computer - - -If you cannot access the Microsoft Debugging Tools for Windows or the symbol files on the end-user computer, you can copy the dump file from the problem computer and analyze it on a computer that has the stand-alone version of Crash Analyzer installed, such as a help desk computer that contains Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0. - -To run Crash Analyzer in stand-alone mode, you copy the memory dump file from the problem computer and analyze it on another computer, such as a help desk computer, that has the **Crash Analyzer** installed. - -**To run the Crash Analyzer in stand-alone mode** - -1. On a computer that has DaRT 8.0 installed, click **Start**, type **Crash Analyzer**, and then click **Crash Analyzer**. - -2. Follow the steps in the wizard, as described in [How to Run the Crash Analyzer on an End-user Computer](how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-8.md). - -## Related topics - - -[Operations for DaRT 8.0](operations-for-dart-80-dart-8.md) - -[Diagnosing System Failures with Crash Analyzer](diagnosing-system-failures-with-crash-analyzer--dart-8.md) - -[How to Ensure that Crash Analyzer Can Access Symbol Files](how-to-ensure-that-crash-analyzer-can-access-symbol-files.md) - -  - -  - - - - - diff --git a/mdop/dart-v8/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-8.md b/mdop/dart-v8/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-8.md deleted file mode 100644 index 82ae23319c..0000000000 --- a/mdop/dart-v8/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-8.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -title: How to Run the Crash Analyzer on an End-user Computer -description: How to Run the Crash Analyzer on an End-user Computer -author: dansimp -ms.assetid: d36213e5-7719-44d7-be65-971c3ef7df2c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Run the Crash Analyzer on an End-user Computer - - -To run **Crash Analyzer** from the **Diagnostics and Recovery Toolset** window on an end-user computer that is experiencing problems, you must have the Microsoft Debugging Tools for Windows and the symbol files installed. To download the Windows Debugging Tools, see [Debugging Tools for Windows](https://go.microsoft.com/fwlink/?LinkId=266248). - -**To run the Crash Analyzer on an end-user computer** - -1. On the **Diagnostics and Recovery Toolset** window on an end-user computer, click **Crash Analyzer**. - -2. Provide the required information for the Microsoft Debugging Tools for Windows. - -3. Provide the required information for the symbol files. For more information about symbol files, see [How to Ensure that Crash Analyzer Can Access Symbol Files](how-to-ensure-that-crash-analyzer-can-access-symbol-files.md). - -4. Provide the required information for a memory dump file. To determine the location of the memory dump file: - - 1. Open the **System Properties** window. - - 2. Click **Start**, type **sysdm.cpl**, and then press **Enter**. - - 3. Click the **Advanced** tab. - - 4. In the **Startup and Recovery** area, click **Settings**. - - If you do not have access to the **System Properties** window, you can search for dump files on the end-user computer by using the **Search** tool in Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0. - - The **Crash Analyzer** scans the memory dump file and reports a probable cause of the problem. You can view more information about the failure, such as the specific memory dump message and description, the drivers loaded at the time of the failure, and the full output of the analysis. - -5. Identify the appropriate strategy to resolve the problem. The strategy may require disabling or updating the device driver that caused the failure by using the **Services and Drivers** node of the **Computer Management** tool in DaRT 8.0. - -## Related topics - - -[Diagnosing System Failures with Crash Analyzer](diagnosing-system-failures-with-crash-analyzer--dart-8.md) - -[Operations for DaRT 8.0](operations-for-dart-80-dart-8.md) - -  - -  - - - - - diff --git a/mdop/dart-v8/how-to-use-a-powershell-script-to-create-the-recovery-image-dart-8.md b/mdop/dart-v8/how-to-use-a-powershell-script-to-create-the-recovery-image-dart-8.md deleted file mode 100644 index 33e32407c5..0000000000 --- a/mdop/dart-v8/how-to-use-a-powershell-script-to-create-the-recovery-image-dart-8.md +++ /dev/null @@ -1,91 +0,0 @@ ---- -title: How to Use a PowerShell Script to Create the Recovery Image -description: How to Use a PowerShell Script to Create the Recovery Image -author: dansimp -ms.assetid: d0c71092-535e-43b1-9b1d-6ac819508348 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Use a PowerShell Script to Create the Recovery Image - - -## To create the DaRT recovery image by using a PowerShell script - - -You can create the Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 recovery image by using a PowerShell script instead of using the DaRT 8.0 Recovery Image wizard. See the following example script. - -`` - -`This script was auto generated by the Microsoft DaRT Recovery Image Wizard.``###``This script uses the DISM and DaRT PowerShell commands to create a bootable DaRT image.``###Both a WIM and ISO file are produced.``###``### Examples of how to burn/copy the DaRT ISO to DVD/USB are available at the end of this script.``###` - -`$ErrorActionPreference = "Stop";``### This variable tells PowerShell to stop if an error occurs.` - -`###``### Import the modules necessary for DaRT Image creation.``###` - -`Import-Module "Dism"`I`mport-Module "Microsoft.Dart"` - -`###``### Specifies where the Windows 8 media is located and where the ISO and WIM files will be saved.``### These can be changed as necessary.``###` - -`$Win8MediaPath = "D:\";``### This is the path of the Windows 8 media.``$DestinationWimPath = "C:\Users\Administrator\Desktop\DaRT8\x64\boot.wim";``### Specify where the WIM file will be saved.``$DestinationIsoPath = "C:\Users\Administrator\Desktop\DaRT8\x64\DaRT8.iso";``### Specify where the ISO will be saved.` - -`###``### These variables are used to specify temporary and output directories based on the paths above.``###` - -`$WimParentPath = (Split-Path -Path "$destinationWimPath" -Parent);``### Specify the directory where the DaRT WIM file will be saved.``$IsoParentPath = (Split-Path -Path "$destinationIsoPath" -Parent);``### This is the directory where the DaRT ISO file will be saved.``$TempMountPath = "$env:temp\DaRT8Mount_$(Get-Random)";``### Specify the temporary directory used to mount the Windows image.` - -`###``### Prepare the windows image.``###` - -`### Guarantee the output directories exists.``New-Item -Path $WimParentPath -Type Directory -Force``New-Item -Path $IsoParentPath -Type Directory -Force``New-Item -Path $TempMountPath -Type Directory -Force` - -`### Create a copy of the WIM and remove the read-only attribute.``### The WIM file will be the resulting dart image.``Copy-Item "$Win8MediaPath\sources\boot.wim" $DestinationWimPath -Force``Set-ItemProperty $DestinationWimPath -Name IsReadOnly -Value $false` - -`### Mount the bootable image within the WIM file (normally index 2).``Mount-WindowsImage -ImagePath $DestinationWimPath -Path $TempMountPath -Index 2` - -`###``### Add additional drivers to the image.``###` - -`###``### Installs the specified driver(s) into the image.``###` - -`Add-WindowsDriver -Path $TempMountPath -Driver "C:\Windows\System32\DriverStore\FileRepository``\xusb22.inf_amd64_89c20c625f14f923\xusb22.inf" -ForceUnsigned` - -`###``### Add additional drivers to the image.``###` - -`###``### Installs the specified WinPE package(s) into the image.``###` - -`Add-WindowsPackage -Path $TempMountPath -PackagePath "C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-Scripting.cab"``Add-WindowsPackage -Path $TempMountPath -PackagePath "C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-FMAPI.cab"``Add-WindowsPackage -Path $TempMountPath -PackagePath "C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\WinPE-Scripting_en-us.cab"``Add-WindowsPackage -Path $TempMountPath -PackagePath "C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\WinPE-HTA.cab"``Add-WindowsPackage -Path $TempMountPath -PackagePath "C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\WinPE-HTA_en-us.cab"` - -`###``### Add the DaRT tools to the image.``### The New-DartConfiguration cmdlet is used to specify how the DaRT image is configured.``### Modify this statement to configure how the DaRT tools will be applied to the image.``###` - -`$config = New-DartConfiguration -AddComputerManagement -AddCrashAnalyzer -AddDefender -AddDiskCommander -AddExplorer -AddFileRestore -AddFileSearch -AddHotfixUninstall -AddRegistryEditor -AddRemoteConnection -AddSfcScan -AddSolutionWizard -AddTcpConfig -RemoteMessage "Test welcome message" -RemotePort 3388 -ScratchSpace 512 -UpdateDefender``$config | Set-DartImage -Path $TempMountPath` - -`###``### Perform any manual user-specific customizations here.``###` - -`# Read-Host -Prompt "Script is paused for any manual customization. Press ENTER to continue"` - -`### Save the changes to the WIM file by dismounting the image.``Dismount-WindowsImage -Path $TempMountPath -Save` - -`### Create a bootable DaRT ISO.``Export-DartImage -IsoPath $DestinationIsoPath -WimPath $DestinationWimPath` - -`### The following is an example of how to burn the ISO to a writeable CD/DVD.``### Specify the correct drive letter and uncomment the statement to burn an ISO.``# Copy-DartImage -IsoPath $DestinationIsoPath -Drive "G:" -Type DVD` - -`### Removes all temporary files.``Remove-Item $TempMountPath -Force -Recurse` - -## Related topics - - -[Administering DaRT 8.0 Using PowerShell](administering-dart-80-using-powershell-dart-8.md) - -  - -  - - - - - diff --git a/mdop/dart-v8/images/checklistbox.gif b/mdop/dart-v8/images/checklistbox.gif deleted file mode 100644 index 8af13c51d1..0000000000 Binary files a/mdop/dart-v8/images/checklistbox.gif and /dev/null differ diff --git a/mdop/dart-v8/index.md b/mdop/dart-v8/index.md deleted file mode 100644 index 403a88d542..0000000000 --- a/mdop/dart-v8/index.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -title: Diagnostics and Recovery Toolset 8 Administrator's Guide -description: Diagnostics and Recovery Toolset 8 Administrator's Guide -author: dansimp -ms.assetid: 33685dd7-844f-4864-b504-3ef384ef01de -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 10/03/2017 ---- - - -# Diagnostics and Recovery Toolset 8 Administrator's Guide - - -Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 lets you diagnose and repair a computer that cannot be started or that has problems starting as expected. By using DaRT 8.0, you can recover end-user computers that have become unusable, diagnose probable causes of issues, and quickly repair unbootable or locked-out computers. When it is necessary, you can also quickly restore important lost files and detect and remove malware, even when the computer is not online. - -DaRT 8.0 lets you create a DaRT recovery image in International Organization for Standardization (ISO) and Windows Imaging (WIM) file formats and burn the image to a CD, DVD, or USB. You can then use the recovery image files and deploy them locally or to a remote partition or a recovery partition. - -DaRT 8.0 is an important part of the Microsoft Desktop Optimization Pack (MDOP), a dynamic solution available to Software Assurance customers that helps reduce software installation costs, enables delivery of applications as services, and helps manage and control enterprise desktop environments. - -[Getting Started with DaRT 8.0](getting-started-with-dart-80-dart-8.md) - -[About DaRT 8.0](about-dart-80-dart-8.md)**|**[Release Notes for DaRT 8.0](release-notes-for-dart-80--dart-8.md)**|**[About DaRT 8.0 SP1](about-dart-80-sp1.md)**|**[Release Notes for DaRT 8.0 SP1](release-notes-for-dart-80-sp1.md)**|**[About DaRT 8.1](about-dart-81.md)**|**[Release Notes for DaRT 8.1](release-notes-for-dart-81.md)**|**[Overview of the Tools in DaRT 8.0](overview-of-the-tools-in-dart-80-dart-8.md)**|**[Accessibility for DaRT 8.0](accessibility-for-dart-80-dart-8.md) - -[Planning for DaRT 8.0](planning-for-dart-80-dart-8.md) - -[Planning to Deploy DaRT 8.0](planning-to-deploy-dart-80-dart-8.md)**|**[DaRT 8.0 Supported Configurations](dart-80-supported-configurations-dart-8.md)**|**[Planning to Create the DaRT 8.0 Recovery Image](planning-to-create-the-dart-80-recovery-image-dart-8.md)**|**[Planning How to Save and Deploy the DaRT 8.0 Recovery Image](planning-how-to-save-and-deploy-the-dart-80-recovery-image-dart-8.md)**|**[DaRT 8.0 Planning Checklist](dart-80-planning-checklist-dart-8.md) - -[Deploying DaRT 8.0](deploying-dart-80-dart-8.md) - -[Deploying DaRT 8.0 to Administrator Computers](deploying-dart-80-to-administrator-computers-dart-8.md)**|**[Creating the DaRT 8.0 Recovery Image](creating-the-dart-80-recovery-image-dart-8.md)**|**[Deploying the DaRT Recovery Image](deploying-the-dart-recovery-image-dart-8.md)**|**[DaRT 8.0 Deployment Checklist](dart-80-deployment-checklist-dart-8.md) - -[Operations for DaRT 8.0](operations-for-dart-80-dart-8.md) - -[Recovering Computers Using DaRT 8.0](recovering-computers-using-dart-80-dart-8.md)**|**[Diagnosing System Failures with Crash Analyzer](diagnosing-system-failures-with-crash-analyzer--dart-8.md)**|**[Security and Privacy for DaRT 8.0](security-and-privacy-for-dart-80-dart-8.md)**|**[Administering DaRT 8.0 Using PowerShell](administering-dart-80-using-powershell-dart-8.md) - -[Technical Reference for DaRT 8.0](technical-reference-for-dart-80-new-ia.md) - -[Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Microsoft Defender Offline (WDO) for malware detection-->](use-windows-defender-offline-wdo-for-malware-protection-not-dart.md) - -[Troubleshooting DaRT 8.0](troubleshooting-dart-80-dart-8.md) - -### More Information - -[How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) -Get information about how to download DaRT. - -[Release Notes for DaRT 8.0](release-notes-for-dart-80--dart-8.md) -View updated product information and known issues for DaRT 8.0. - -[MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286) -Learn about the latest MDOP information and resources. - -[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) -Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com), or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447). - -  - -  - - - - - diff --git a/mdop/dart-v8/operations-for-dart-80-dart-8.md b/mdop/dart-v8/operations-for-dart-80-dart-8.md deleted file mode 100644 index a629db0966..0000000000 --- a/mdop/dart-v8/operations-for-dart-80-dart-8.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: Operations for DaRT 8.0 -description: Operations for DaRT 8.0 -author: dansimp -ms.assetid: a31615de-eb6e-41af-909c-d0b6f3eb3f2f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Operations for DaRT 8.0 - - -This section includes information about the various types of Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 administration and operating tasks that are typically performed by an administrator. This section also includes step-by-step procedures to help you successfully perform those tasks. - -## Operations information - - -- [Recovering Computers Using DaRT 8.0](recovering-computers-using-dart-80-dart-8.md) - - This section provides instructions on how to use DaRT 8.0 to recover local or remote computers by using the DaRT recovery image. - -- [Diagnosing System Failures with Crash Analyzer](diagnosing-system-failures-with-crash-analyzer--dart-8.md) - - This section explains how to open and run the Crash Analyzer on either an end-user or non-end-user computer to debug a memory dump file and then diagnose computer errors. - -- [Security and Privacy for DaRT 8.0](security-and-privacy-for-dart-80-dart-8.md) - - This section describes measures for maintaining security while using DaRT. - -- [Administering DaRT 8.0 Using PowerShell](administering-dart-80-using-powershell-dart-8.md) - - This section lists the Windows PowerShell commands that administrators can use to perform various DaRT tasks. - -## Other resources for DaRT 8.0 operations - - -[Diagnostics and Recovery Toolset 8 Administrator's Guide](index.md) - -[Getting Started with DaRT 8.0](getting-started-with-dart-80-dart-8.md) - -[Planning for DaRT 8.0](planning-for-dart-80-dart-8.md) - -[Deploying DaRT 8.0](deploying-dart-80-dart-8.md) - -[Troubleshooting DaRT 8.0](troubleshooting-dart-80-dart-8.md) - -  - -  - - - - - diff --git a/mdop/dart-v8/overview-of-the-tools-in-dart-80-dart-8.md b/mdop/dart-v8/overview-of-the-tools-in-dart-80-dart-8.md deleted file mode 100644 index 46c8676819..0000000000 --- a/mdop/dart-v8/overview-of-the-tools-in-dart-80-dart-8.md +++ /dev/null @@ -1,159 +0,0 @@ ---- -title: Overview of the Tools in DaRT 8.0 -description: Overview of the Tools in DaRT 8.0 -author: dansimp -ms.assetid: 1766c82e-c099-47d4-b186-4689b026a7e0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 10/03/2016 ---- - - -# Overview of the Tools in DaRT 8.0 - - -From the **Diagnostics and Recovery Toolset** window in Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0, you can start any of the individual tools that you include when you create the DaRT 8.0 recovery image. For information about how to access the **Diagnostics and Recovery Toolset** window, see [How to Recover Local Computers by Using the DaRT Recovery Image](how-to-recover-local-computers-by-using-the-dart-recovery-image-dart-8.md). - -If it is available, you can use the **Solution Wizard** on the **Diagnostics and Recovery Toolset** window to select the tool that best addresses your particular issue, based on a brief interview that the wizard provides. - -## Exploring the DaRT tools - - -A description of the DaRT 8.0 tools follows. - -### Computer Management - -**Computer Management** is a collection of Windows administrative tools that help you troubleshoot a problem computer. You can use the **Computer Management** tools in DaRT to view system information and event logs, manage disks, list autoruns, and manage services and drivers. The **Computer Management** console is customized to help you diagnose and repair problems that might be preventing the Windows operating system from starting. - -**Note**   -The recovery of dynamic disks with DaRT is not supported. - - - -### Crash Analyzer - -Use the **Crash Analyzer Wizard** to quickly determine the cause of a computer failure by analyzing the memory dump file on the Windows operating system that you are repairing. **Crash Analyzer** examines the memory dump file for the driver that caused a computer to fail. You can then disable the problem device driver by using the **Services and Drivers** node in the **Computer Management** tool. - -The **Crash Analyzer Wizard** requires the Debugging Tools for Windows and symbol files for the operating system that you are repairing. You can include both requirements when you create the DaRT recovery image. If they are not included on the recovery image and you do not have access to them on the computer that you are repairing, you can copy the memory dump file to another computer and use the stand-alone version of **Crash Analyzer** to diagnose the problem. - -Running **Crash Analyzer** is a good idea even if you plan to reimage the computer. The image could have a defective driver that is causing problems in your environment. By running **Crash Analyzer**, you can identify problem drivers and improve the image stability. - -For more information about **Crash Analyzer**, see [Diagnosing System Failures with Crash Analyzer](diagnosing-system-failures-with-crash-analyzer--dart-8.md). - -### Defender - -**Important**   -Environments with the DaRT Defender deployed should instead use the Microsoft Defender Offline (WDO) protection image for malware detection. Because of how the Defender tool integrates into DaRT, all supported DaRT version deployments cannot apply these anti-malware updates to their DaRT images. For more information, see [Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Microsoft Defender Offline (WDO) for malware detection-->](use-windows-defender-offline-wdo-for-malware-protection-not-dart.md). - - - -**Defender** can help detect malware and unwanted software and warn you of security risks. You can use this tool to scan a computer for and remove malware even when the installed Windows operating system is not running. When **Defender** detects malicious or unwanted software, it prompts you to remove, quarantine, or allow for each item. - -Malware that uses rootkits can mask itself from the running operating system. If a rootkit-enabled virus or spyware is in a computer, most real-time scanning and removal tools can no longer see it or remove it. Because you boot the problem computer into DaRT and the installed operating system is offline, you can detect the rootkit without it being able to mask itself. - -### Disk Commander - -**Disk Commander** lets you recover and repair disk partitions or volumes by using one of the following recovery processes: - -- Restore the master boot record (MBR) - -- Recover one or more lost volumes - -- Restore partition tables from **Disk Commander** backup - -- Save partition tables to **Disk Commander** backup - -**Warning**   -We recommend that you back up a disk before you use **Disk Commander** to repair it. By using **Disk Commander**, you can potentially damage volumes and make them inaccessible. Additionally, changes to one volume can affect other volumes because volumes on a disk share a partition table. - - - -**Note**   -The recovery of dynamic disks with DaRT is not supported. - - - -### Disk Wipe - -You can use **Disk Wipe** to delete all data from a disk or volume, even the data that is left behind after you reformat a hard disk drive. **Disk Wipe** lets you select from either a single-pass overwrite or a four-pass overwrite, which meets current U.S. Department of Defense standards. - -**Warning**   -After wiping a disk or volume, you cannot recover the data. Verify the size and label of a volume before erasing it. - - - -### Explorer - -The **Explorer** tool lets you browse the computer’s file system and network shares so that you can remove important data that the user stored on the local drive before you try to repair or reimage the computer. And because you can map drive letters to network shares, you can easily copy and move files from the computer to the network for safekeeping or from the network to the computer to restore them. - -### File Restore - -**File Restore** lets you try to restore files that were accidentally deleted or that were too big to fit in the Recycle Bin. **File Restore** is not limited to regular disk volumes, but can find and restore files on lost volumes or on volumes that are encrypted by BitLocker. - -**Note**   -The recovery of dynamic disks with DaRT is not supported. - - - -### File Search - -Before reimaging a computer, recovering files from the local hard disk is important, especially when the user might not have backed up or stored the files elsewhere. - -The **Search** tool opens a **File Search** window that you can use to find documents when you do not know the file path or to search for general kinds of files across all local hard disks. You can search for specific file-name patterns in specific paths. You can also limit results to a date range or size range. - -### Hotfix Uninstall - -The **Hotfix Uninstall Wizard** lets you remove hotfixes or service packs from the Windows operating system on the computer that you are repairing. Use this tool when a hotfix or service pack is suspected in preventing the operating system from starting. - -We recommend that you uninstall only one hotfix at a time, even though the tool lets you uninstall more than one. - -**Important**   -Programs that were installed or updated after a hotfix was installed might not work correctly after you uninstall a hotfix. - - - -### Locksmith - -The **Locksmith Wizard** lets you set or change the password for any local account on the Windows operating system that you are analyzing or repairing. You do not have to know the current password. However, the password that you set must comply with any requirements that are defined by a local Group Policy Object. This includes password length and complexity. - -You can use **Locksmith** when the password for a local account, such as the local Administrator account, is unknown. You cannot use **Locksmith** to set passwords for domain accounts. - -### Registry Editor - -You can use **Registry Editor** to access and change the registry of the Windows operating system that you are analyzing or repairing. This includes adding, removing, and editing keys and values, and importing registry (.reg) files. - -**Warning**   -Serious problems can occur if you change the registry incorrectly by using **Registry Editor**. These problems might require you to reinstall the operating system. Before you make changes to the registry, you should back up any valued data on the computer. Change the registry at your own risk. - - - -### SFC Scan - -The **SFC Scan** tool starts the **System File Repair Wizard** and lets you repair system files that are preventing the installed Windows operating system from starting. The **System File Repair Wizard** can automatically repair system files that are corrupted or missing, or it can prompt you before it performs any repairs. - -### Solution Wizard - -The **Solution Wizard** presents a series of questions and then recommends the best tool for the situation, based on your answers. This wizard helps you determine which tool to use when you are not familiar with the tools in DaRT. - -### TCP/IP Config - -When you boot a problem computer into DaRT, it is set to automatically obtain its TCP/IP configuration (IP address and DNS server) from Dynamic Host Configuration Protocol (DHCP). If DHCP is unavailable, you can manually configure TCP/IP by using the **TCP/IP Config** tool. You first select a network adapter, and then configure the IP address and DNS server for that adapter. - -## Related topics - - -[Getting Started with DaRT 8.0](getting-started-with-dart-80-dart-8.md) - - - - - - - - - diff --git a/mdop/dart-v8/planning-for-dart-80-dart-8.md b/mdop/dart-v8/planning-for-dart-80-dart-8.md deleted file mode 100644 index 79fd2ee510..0000000000 --- a/mdop/dart-v8/planning-for-dart-80-dart-8.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: Planning for DaRT 8.0 -description: Planning for DaRT 8.0 -author: dansimp -ms.assetid: c8be3ab3-dc54-43b9-b9ff-fbd5e1ef29a7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning for DaRT 8.0 - - -The goal of deployment planning is to successfully and efficiently deploy Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 so that it does not disrupt your users or the network. - -Before you deploy DaRT 8.0, you should consider the different deployment configurations and prerequisites. This section includes information that can help you gather the information to formulate a deployment plan that best meets your business requirements. - -## Planning information - - -- [Planning to Deploy DaRT 8.0](planning-to-deploy-dart-80-dart-8.md) - - There are several deployment configurations and prerequisites that you must consider before you create your deployment plan. This section includes information that can help you gather the information that you must have to formulate a deployment plan that best meets your business requirements. - -- [DaRT 8.0 Planning Checklist](dart-80-planning-checklist-dart-8.md) - - This checklist can assist you in preparing your computing environment for the DaRT deployment. - -## Other resources for DaRT planning - - -[Diagnostics and Recovery Toolset 8 Administrator's Guide](index.md) - -[Getting Started with DaRT 8.0](getting-started-with-dart-80-dart-8.md) - -[Deploying DaRT 8.0](deploying-dart-80-dart-8.md) - -[Operations for DaRT 8.0](operations-for-dart-80-dart-8.md) - -[Troubleshooting DaRT 8.0](troubleshooting-dart-80-dart-8.md) - -  - -  - - - - - diff --git a/mdop/dart-v8/planning-how-to-save-and-deploy-the-dart-80-recovery-image-dart-8.md b/mdop/dart-v8/planning-how-to-save-and-deploy-the-dart-80-recovery-image-dart-8.md deleted file mode 100644 index cebf48b625..0000000000 --- a/mdop/dart-v8/planning-how-to-save-and-deploy-the-dart-80-recovery-image-dart-8.md +++ /dev/null @@ -1,97 +0,0 @@ ---- -title: Planning How to Save and Deploy the DaRT 8.0 Recovery Image -description: Planning How to Save and Deploy the DaRT 8.0 Recovery Image -author: dansimp -ms.assetid: 939fbe17-0e30-4c85-8782-5b84d69442a7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning How to Save and Deploy the DaRT 8.0 Recovery Image - - -You can save and deploy the Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 recovery image by using the following methods. When you are determining the method that you will use, consider the advantages and disadvantages of each. You should also consider your infrastructure and support staff. If you have a small infrastructure, you might want to deploy DaRT 8.0 by using removable media, since the recovery image will always be available if you install it to the local hard drive. - -If your organization uses Active Directory Domain Services (AD DS), you may want to deploy recovery images as a network service by using Windows DS. Recovery images are always available to any connected computer. You can deploy multiple images from Windows DS and maintain them all in one place. - -**Note**   -You may want to use more than one method in your organization. For example, you can boot into DaRT from a remote partition for most situations and have a USB flash drive available in case the end-user computer cannot connect to the network. - - - -The following table shows some advantages and disadvantages of each method of using DaRT in your organization. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
Method to Boot into DaRTAdvantagesDisadvantages

Removable Media

-

The recovery image is written to a CD, DVD, or USB drive to enable support staff to take the recovery tools with them to the unstable computer.

Supports scenarios in which the master boot record (MBR) is corrupted and you cannot access the hard disk and supports cases in which there is no network connection.

-

Enables you to create multiple recovery images with different tools to provide different levels of support.

-

Provides a built-in tool for burning recovery images to removable media.

Requires that support staff are physically at the end-user computer to boot into DaRT.

-

Requires time and maintenance to create multiple media with different configurations for 32-bit and 64-bit computers.

From a remote (network) partition

-

The recovery image is hosted on a network boot server like Windows Deployment Services (Windows DS), which allows users or support staff to stream it to computers on demand.

Available to all computers that have access to the network boot server.

-

Recovery images are hosted on a central server, which enables centralized updates.

-

Centralized help desk staff can provide repairs by using remote connectivity.

-

No local storage requirement on the clients.

-

Ability to create multiple recovery images with different tools for specific support levels.

The need to secure Windows DS infrastructure to ensure that regular users can start only the DaRT recovery image and not the full operating system imaging process.

-

-

-

Requires that the end-user computer is connected to the network at runtime.

-

Requires that the recovery image is brought across the network.

From a recovery partition on the local hard drive

-

The recovery image is installed on a local hard drive either manually or by using electronic software distribution systems like System Center Configuration Manager.

The recovery image is always available because it is pre-staged on the computer.

-

Centralized help desk staff can provide support by using Remote Connection.

-

The recovery image is centrally managed and deployed.

-

Additional recovery key requests on computers that are protected by Windows BitLocker drive encryption are eliminated.

Local storage is required.

-

A dedicated, unencrypted partition for recovery image placement is recommended to reduce the risk of a failed boot partition.

-

When updating DaRT, you must update all computers in your enterprise instead of just one partition (on the network) or removable device.

-

Additional consideration is required if you deploy the recovery image after BitLocker has been enabled.

- - - -## Related topics - - -[Planning to Deploy DaRT 8.0](planning-to-deploy-dart-80-dart-8.md) - - - - - - - - - diff --git a/mdop/dart-v8/planning-to-create-the-dart-80-recovery-image-dart-8.md b/mdop/dart-v8/planning-to-create-the-dart-80-recovery-image-dart-8.md deleted file mode 100644 index c75e4671f5..0000000000 --- a/mdop/dart-v8/planning-to-create-the-dart-80-recovery-image-dart-8.md +++ /dev/null @@ -1,79 +0,0 @@ ---- -title: Planning to Create the DaRT 8.0 Recovery Image -description: Planning to Create the DaRT 8.0 Recovery Image -author: dansimp -ms.assetid: cfd0e1e2-c379-4460-b545-3f7be9f33583 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Planning to Create the DaRT 8.0 Recovery Image - - -Use the information in this section when you are planning to create the Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 recovery image. - -## Planning to create the DaRT 8.0 recovery image - - -When you create the DaRT recovery image, you have to decide which tools to include on the image. To make the decision, consider that end users may have access to those tools. If support engineers will take the recovery image media to end users’ computers to diagnose issues, you may want to install all of the tools on the recovery image. If you plan to diagnose end user’s computers remotely, you may want to disable some of the tools, such as Disk Wipe and Registry Editor, and then enable other tools, including Remote Connection. - -When you create the DaRT recovery image, you will also specify whether you want to include additional drivers or files. Determine the locations of any additional drivers or files that you want to include on the DaRT recovery image. - -For more information about the DaRT tools, see [Overview of the Tools in DaRT 8.0](overview-of-the-tools-in-dart-80-dart-8.md). For more information about how to help create a secure recovery image, see [Security Considerations for DaRT 8.0](security-considerations-for-dart-80--dart-8.md). - -## Prerequisites for the recovery image - - -The following items are required or recommended for creating the DaRT recovery image: - - ---- - - - - - - - - - - - - - - - - - - - - - - -

Prerequisite

Details

Windows 8 source files

Required to create the DaRT recovery image. Provide the path of a Windows 8 DVD or of Windows 8 source files.

Windows Debugging Tools for your platform

Required when you run the Crash Analyzer to determine the cause of a computer failure. We recommend that you specify the path of the Windows Debugging Tools at the time that you create the DaRT recovery image. You can download the Windows Debugging Tools here: Download and Install Debugging Tools for Windows.

Optional: Defender definitions

The latest definitions for Defender are required when you run Defender. Although you can download the definitions when you run Defender, we recommend that you download the latest definitions at the time you create the DaRT recovery image so that you can still run the tool with the latest definitions even if the problem computer does not have network connectivity.

Optional: Windows symbols files for use with Crash Analyzer

Typically, debugging information is stored in a symbol file that is separate from the program. You must have access to the symbol information when you debug an application that has stopped responding, for example, if it stopped working. For more information, see Diagnosing System Failures with Crash Analyzer.

- - - -## Related topics - - -[Planning to Deploy DaRT 8.0](planning-to-deploy-dart-80-dart-8.md) - - - - - - - - - diff --git a/mdop/dart-v8/planning-to-deploy-dart-80-dart-8.md b/mdop/dart-v8/planning-to-deploy-dart-80-dart-8.md deleted file mode 100644 index dd46acd8ee..0000000000 --- a/mdop/dart-v8/planning-to-deploy-dart-80-dart-8.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: Planning to Deploy DaRT 8.0 -description: Planning to Deploy DaRT 8.0 -author: dansimp -ms.assetid: 36f2babb-9ac5-4ea2-932c-12c6211f5be2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning to Deploy DaRT 8.0 - - -You should consider all of the different deployment configurations and prerequisites before you create your deployment plan. This section includes information that can help you gather the information that you must have to formulate a deployment plan that best meets your business requirements. - -## Review the Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 software prerequisites and supported configurations - - -After preparing your computing environment for DaRT 8.0 installation, make sure that you review the prerequisite software to install and the supported configurations to confirm that the selected computers for the installation meet the minimum hardware and operating system requirements. For information about prerequisites that you need to consider to create the DaRT recovery image, see [Planning to Create the DaRT 8.0 Recovery Image](planning-to-create-the-dart-80-recovery-image-dart-8.md). - -[DaRT 8.0 Supported Configurations](dart-80-supported-configurations-dart-8.md) - -## Plan for creating the DaRT 8.0 recovery image - - -Before you start to create the DaRT recovery image, you need to consider possible security issues, the tools that you want to include on the recovery image, and the prerequisite software that you need to install. - -[Planning to Create the DaRT 8.0 Recovery Image](planning-to-create-the-dart-80-recovery-image-dart-8.md) - -## Plan how to save and deploy the DaRT recovery image - - -There are several methods that you can use to save and deploy the DaRT recovery image. Before you start to create the recovery image, review the advantages and disadvantages of each method and consider how you want to use DaRT in your enterprise. - -[Planning How to Save and Deploy the DaRT 8.0 Recovery Image](planning-how-to-save-and-deploy-the-dart-80-recovery-image-dart-8.md) - -## Other resources for planning to deploy DaRT 8.0 - - -[Planning for DaRT 8.0](planning-for-dart-80-dart-8.md) - -  - -  - - - - - diff --git a/mdop/dart-v8/recovering-computers-using-dart-80-dart-8.md b/mdop/dart-v8/recovering-computers-using-dart-80-dart-8.md deleted file mode 100644 index 0cec24ac75..0000000000 --- a/mdop/dart-v8/recovering-computers-using-dart-80-dart-8.md +++ /dev/null @@ -1,76 +0,0 @@ ---- -title: Recovering Computers Using DaRT 8.0 -description: Recovering Computers Using DaRT 8.0 -author: dansimp -ms.assetid: 0caeb7d9-c1e6-4f32-bc27-157b91630989 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Recovering Computers Using DaRT 8.0 - - -After deploying the Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 recovery image, you can use DaRT 8.0 to recover computers. The information in this section describes the recovery tasks that you can perform. - -You have several different methods to choose from to boot into DaRT, depending on how you deploy the DaRT recovery image. - -- Insert a DaRT recovery image CD, DVD, or USB flash drive into the problem computer and use it to boot into the computer. - -- Boot into DaRT from a recovery partition on the problem computer. - -- Boot into DaRT from a remote partition on the network. - -For information about the advantages and disadvantages of each method, see [Planning How to Save and Deploy the DaRT 8.0 Recovery Image](planning-how-to-save-and-deploy-the-dart-80-recovery-image-dart-8.md). - -Whichever method that you use to boot into DaRT, you must enable the boot device in the BIOS for the boot option or options that you want to make available to the end user. - -**Note**   -Configuring the BIOS is unique, depending on the kind of hard disk drive, network adapters, and other hardware that is used in your organization. - - - -## Recover a local computer by using the DaRT recovery image - - -To recover a local computer by using DaRT, you must be physically present at the end-user computer that is experiencing problems that require DaRT. - -[How to Recover Local Computers by Using the DaRT Recovery Image](how-to-recover-local-computers-by-using-the-dart-recovery-image-dart-8.md) - -## Recover a remote computer by using the DaRT recovery image - - -The Remote Connection feature in DaRT lets an IT administrator run the DaRT tools remotely on an end-user computer. After certain information is provided by the end user (or by a help desk professional working on the end-user computer), the IT administrator or help desk worker can take control of the end user's computer and run the necessary DaRT tools remotely. - -**Important**   -The two computers establishing a remote connection must be part of the same network. - - - -The **Diagnostics and Recovery Toolset** window includes the option to run DaRT on an end-user computer remotely from an administrator computer. The end user opens the DaRT tools on the problem computer and starts the remote session by clicking **Remote Connection**. - -The Remote Connection feature on the end-user computer creates the following connection information: a ticket number, a port, and a list of all available IP addresses. The ticket number and port are generated randomly. - -The IT administrator or help desk worker enters this information into the **DaRT Remote Connection Viewer** to establish the terminal services connection to the end-user computer. The terminal services connection that is established lets an IT administrator remotely interact with the DaRT tools on the end-user computer. The end-user computer then processes the connection information, shares its screen, and responds to instructions from the IT administrator computer. - -[How to Recover Remote Computers by Using the DaRT Recovery Image](how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-8.md) - -## Other resources for recovering computers using DaRT 8.0 - - -[Operations for DaRT 8.0](operations-for-dart-80-dart-8.md) - - - - - - - - - diff --git a/mdop/dart-v8/release-notes-for-dart-80--dart-8.md b/mdop/dart-v8/release-notes-for-dart-80--dart-8.md deleted file mode 100644 index 501dfef1e7..0000000000 --- a/mdop/dart-v8/release-notes-for-dart-80--dart-8.md +++ /dev/null @@ -1,101 +0,0 @@ ---- -title: Release Notes for DaRT 8.0 -description: Release Notes for DaRT 8.0 -author: dansimp -ms.assetid: e8b373c8-7aa5-4930-a8f9-743d26145dad -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Release Notes for DaRT 8.0 - - -**To search these release notes, press CTRL+F.** - -Read these release notes thoroughly before you install Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0. - -These release notes contain information that is required to successfully install DaRT 8.0. The release notes also contain information that is not available in the product documentation. If there is a difference between these release notes and other DaRT documentation, the latest change should be considered authoritative. These release notes supersede the content that is included with this product. - -To get the DaRT software, see [How to Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049). - -## About the product documentation - - -For information about documentation for DaRT, see the [DaRT home page](https://go.microsoft.com/fwlink/?LinkID=252096) on Microsoft TechNet. - -To obtain a downloadable copy of DaRT documentation, see on the Microsoft Download Center. - -## Providing feedback - - -We are interested in your feedback on DaRT 8.0. You can send your feedback to . - -**Note**   -This email address is not a support channel, but your feedback will help us to plan future changes for our documentation and product releases. - - - -For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) page. - -For more information about new updates or to provide feedback, follow us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447). - -## Known issues with DaRT 8.0 - - -### System restore fails when you run Locksmith or Registry Editor - -If you run Locksmith, Registry Editor, and possibly other tools, System Restore fails. - -**Workaround:** Close and restart DaRT and then start System Restore. - -### SFC scan fails to run after you launch and close Locksmith or Computer Management - -If you start and then close the Locksmith or Computer Management tools, System File Checker fails to run. - -**Workaround:** Close and restart DaRT and then start SFC. - -### DaRT installer does not fail when ADK has not been installed - -If you install DaRT 8.0 by using the command line to execute the MSI, and the ADK has not been installed, the DaRT installation should fail. Currently, the DaRT 8.0 installer installs all components except the DaRT 8.0 recovery image. - -**Workaround:** None. - -### Defender cannot be launched after Locksmith, RegEdit, Crash Analyzer, and Computer Management are launched - -Defender does not launch if you have already launched Locksmith, RegEdit, Crash Analyzer, and Computer Management. - -**Workaround:** Close and restart DaRT and then launch Defender. - -### Defender may be slow to launch - -Defender sometimes takes a few minutes to launch. The progress bar indicates the current loading status. - -**Workaround:** None. - -## Release notes copyright information - - -Microsoft, Active Directory, ActiveX, Bing, Excel, Silverlight, SQL Server, Windows, Microsoft Intune, and Windows PowerShell are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners. - - - -## Related topics - - -[About DaRT 8.0](about-dart-80-dart-8.md) - - - - - - - - - diff --git a/mdop/dart-v8/release-notes-for-dart-80-sp1.md b/mdop/dart-v8/release-notes-for-dart-80-sp1.md deleted file mode 100644 index 063f9be979..0000000000 --- a/mdop/dart-v8/release-notes-for-dart-80-sp1.md +++ /dev/null @@ -1,83 +0,0 @@ ---- -title: Release Notes for DaRT 8.0 SP1 -description: Release Notes for DaRT 8.0 SP1 -author: dansimp -ms.assetid: fa7512d8-fb00-4c27-8f65-c15f3a8ff1cc -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Release Notes for DaRT 8.0 SP1 - - -**To search these release notes, press CTRL+F.** - -Read these release notes thoroughly before you install Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 Service Pack 1 (SP1). - -These release notes contain information that is required to successfully install Diagnostics and Recovery Toolset 8.0 SP1. The release notes also contain information that is not available in the product documentation. If there is a difference between these release notes and other DaRT documentation, the latest change should be considered authoritative. These release notes supersede the content that is included with this product. - -## About the product documentation - - -For information about documentation for DaRT, see the [DaRT home page](https://go.microsoft.com/fwlink/?LinkID=252096) on Microsoft TechNet. - -## Known issues with DaRT 8.0 SP1 - - -### System restore fails when you run Locksmith or Registry Editor - -If you run Locksmith, Registry Editor, and possibly other tools, System Restore fails. - -**Workaround:** Close and restart DaRT and then start System Restore. - -### SFC scan fails to run after you launch and close Locksmith or Computer Management - -If you start and then close the Locksmith or Computer Management tools, System File Checker fails to run. - -**Workaround:** Close and restart DaRT and then start SFC. - -### DaRT installer does not fail when ADK has not been installed - -If you install DaRT 8.0 SP1 by using the command line to run the MSI, and the ADK has not been installed, the DaRT installation should fail. Currently, the DaRT 8.0 SP1 installer installs all components except the DaRT recovery image. - -**Workaround:** None. - -### Defender cannot be launched after Locksmith, RegEdit, Crash Analyzer, and Computer Management are launched - -Defender does not launch if you have already launched Locksmith, RegEdit, Crash Analyzer, and Computer Management. - -**Workaround:** Close and restart DaRT and then launch Defender. - -### Defender may be slow to launch - -Defender sometimes takes a few minutes to launch. The progress bar indicates the current loading status. - -**Workaround:** None. - -## Release notes copyright information - - -Microsoft, Active Directory, ActiveX, Bing, Excel, Silverlight, SQL Server, Windows, Microsoft Intune, and Windows PowerShell are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners. - - - -## Related topics - - -[About DaRT 8.0 SP1](about-dart-80-sp1.md) - -  - -  - - - - - diff --git a/mdop/dart-v8/release-notes-for-dart-81.md b/mdop/dart-v8/release-notes-for-dart-81.md deleted file mode 100644 index 9b8d9d6639..0000000000 --- a/mdop/dart-v8/release-notes-for-dart-81.md +++ /dev/null @@ -1,89 +0,0 @@ ---- -title: Release Notes for DaRT 8.1 -description: Release Notes for DaRT 8.1 -author: dansimp -ms.assetid: 44303107-60f4-485c-848a-7e0529f142d4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Release Notes for DaRT 8.1 - - -**To search these release notes, press CTRL+F.** - -Read these release notes thoroughly before you install Microsoft Diagnostics and Recovery Toolset (DaRT) 8.1. - -These release notes contain information that is required to successfully install Diagnostics and Recovery Toolset 8.1. The release notes also contain information that is not available in the product documentation. If there is a difference between these release notes and other DaRT documentation, the latest change should be considered authoritative. These release notes supersede the content that is included with this product. - -## Known issues with DaRT 8.1 - - -### Disk Commander is unable to repair a corrupt master boot record in a physical partition in Windows 8.1 - -In Windows 8.1, the “Restore the Master Boot Record (MBR) or the header of the GUID Partition Table (GPT)” option in Disk Commander is unable to repair a corrupt master boot record in a physical partition, and therefore is unable to boot the client computer. - -**Workaround:** Start **Startup Repair**, click **Troubleshoot**, click **Advanced options**, and then click **Start repair**. - -### Multiple instances of Disk Wipe that target the same drive cause all instances except the last one to report a failure - -If you start multiple instances of Disk Wipe, and then try to wipe the same drive by using two separate Disk Wipe instances, all instances except the last one report a failure to wipe the drive. - -**Workaround:** None. - -### Disk Wipe may not clear all data on solid-state drives that have flash memory - -If you use Disk Wipe to clear data on a solid-state drive (SSD) that has flash memory, all of the data may not be erased. This issue occurs because the SSD firmware controls the physical location of writes while Disk Wipe is running. - -**Workaround:** None. - -### System restore fails when you run Locksmith Wizard or Registry Editor - -If you run Locksmith Wizard, Registry Editor, and possibly other tools, System Restore fails. - -**Workaround:** Close and restart DaRT, and then start System Restore. - -### System File Checker (SFC) Scan fails to run after you start and close Locksmith Wizard or Computer Management - -If you start and then close Locksmith Wizard or tools in Computer Management, System File Checker fails to run. - -**Workaround:** Close and restart DaRT, and then start System File Checker. - -### DaRT installer does not fail when the Windows Assessment and Deployment Kit is not installed - -If you install DaRT 8.1 by using the command line to run the Windows Installer (.msi), and the Windows Assessment and Deployment Kit (Windows ADK) has not been installed, the DaRT installation should fail. Currently, the DaRT 8.1 installer installs all components except the DaRT recovery image. - -**Workaround:** None. - -### Windows Defender cannot start after Locksmith Wizard, Registry Editor, Crash Analyzer, and Computer Management are started - -Windows Defender does not start if you have already started Locksmith Wizard, Registry Editor, Crash Analyzer, and Computer Management. - -**Workaround:** Close and restart DaRT, and then start Windows Defender. - -### Windows Defender may be slow to start - -Windows Defender sometimes takes a few minutes to start. The progress bar indicates the current loading status. - -**Workaround:** None. - -## Related topics - - -[About DaRT 8.1](about-dart-81.md) - -  - -  - - - - - diff --git a/mdop/dart-v8/security-and-privacy-for-dart-80-dart-8.md b/mdop/dart-v8/security-and-privacy-for-dart-80-dart-8.md deleted file mode 100644 index bb8ae3ba3b..0000000000 --- a/mdop/dart-v8/security-and-privacy-for-dart-80-dart-8.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: Security and Privacy for DaRT 8.0 -description: Security and Privacy for DaRT 8.0 -author: dansimp -ms.assetid: 668188fc-d9e9-4607-b90a-9e50bf53bc88 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Security and Privacy for DaRT 8.0 - - -Use the following information to help you plan for security and privacy considerations in Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0. - -## Security considerations for DaRT 8.0 - - -There are several security-related considerations that you should plan for when deploying and using DaRT in your environment. The information in this section provides a brief overview about the security-related considerations for DaRT. - -[Security Considerations for DaRT 8.0](security-considerations-for-dart-80--dart-8.md) - -## Privacy considerations for DaRT 8.0 - - -The information in this section explains many of the data collection and use practices of DaRT. - -[DaRT 8.0 Privacy Statement](dart-80-privacy-statement-dart-8.md) - -## Other resources for DaRT 8.0 security and privacy - - -[Operations for DaRT 8.0](operations-for-dart-80-dart-8.md) - -  - -  - - - - - diff --git a/mdop/dart-v8/security-considerations-for-dart-80--dart-8.md b/mdop/dart-v8/security-considerations-for-dart-80--dart-8.md deleted file mode 100644 index 918f14acaf..0000000000 --- a/mdop/dart-v8/security-considerations-for-dart-80--dart-8.md +++ /dev/null @@ -1,74 +0,0 @@ ---- -title: Security Considerations for DaRT 8.0 -description: Security Considerations for DaRT 8.0 -author: dansimp -ms.assetid: 45ef8164-fee7-41a1-9a36-de4e3264e7a8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Security Considerations for DaRT 8.0 - - -This topic contains a brief overview about the accounts and groups, log files, and other security-related considerations for Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0. For more information, follow the links within this article. - -## General security considerations - - -**Understand the security risks**. DaRT 8.0 includes functionality that lets an administrator or a help desk worker run the DaRT tools remotely to resolve problems on an end-user computer. In addition, you can save the International Organization for Standardization (ISO) image to a USB flash drive or put the ISO image on a network to include its contents as a recovery partition on a computer’s hard disk. These capabilities provide flexibility, but also create potential security risks that you should consider when configuring DaRT. - -**Physically secure your computers**. When administrators and help desk workers are not physically at their computers, they should lock their computers and use a secured screen saver. - -**Apply the most recent security updates to all computers**. Stay informed about new updates for operating systems by subscribing to the Security Notification service (). - -## Limit end-user access to DaRT tools - - -When you are creating the DaRT recovery image, you can select the tools that you want to include. For security reasons, you might want to restrict end-user access to the more powerful DaRT tools, such as Disk Wipe and Locksmith. In DaRT 8.0, you can disable certain tools during configuration and still make them available to help desk workers when the end user starts the Remote Connection feature. - -You can even configure the DaRT image so that the option to start a remote connection session is the only tool available to an end user. - -**Important**   -After the remote connection is established, all the tools that you included in the recovery image, including those unavailable to the end user, will become available to any help desk worker who is working on the end–user computer. - - - -For more information about including tools in the DaRT recovery image, see [Overview of the Tools in DaRT 8.0](overview-of-the-tools-in-dart-80-dart-8.md). - -## Secure the DaRT recovery image - - -If you deploy the DaRT recovery image by saving it to a USB flash drive or by creating a remote partition or a recovery partition, you might want to include your company’s preferred method of drive encryption on the ISO. Encrypting the ISO helps to ensure that end users cannot use DaRT functionality if they were to gain access to the recovery image, and it ensures that unauthorized users cannot boot into DaRT on computers that belong to someone else. If you use an encryption method, be sure to deploy and enable it in all computers. - -**Note**   -DaRT 8.0 supports BitLocker natively. - - - -To include drive encryption, add the encryption solution files when you create the recovery image. Your encryption solution must be able to run on WinPE. End users who boot from the ISO are then able to access that encryption solution and unblock the drive. - -## Maintain security between two computers when you use Remote Connection - - -By default, the communication between two computers that have established a **Remote Connection** session may not be encrypted. Therefore, to help maintain security between the two computers, we recommend that both computers are a part of the same network. - -## Related topics - - -[Security and Privacy for DaRT 8.0](security-and-privacy-for-dart-80-dart-8.md) - - - - - - - - - diff --git a/mdop/dart-v8/technical-reference-for-dart-80-new-ia.md b/mdop/dart-v8/technical-reference-for-dart-80-new-ia.md deleted file mode 100644 index 356e206ffd..0000000000 --- a/mdop/dart-v8/technical-reference-for-dart-80-new-ia.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Technical Reference for DaRT 8.0 -description: Technical Reference for DaRT 8.0 -author: dansimp -ms.assetid: 1d0bf98b-b56b-4ce6-ad19-eb85e1ff1287 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 10/03/2016 ---- - - -# Technical Reference for DaRT 8.0 - - -This section includes technical reference information about Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 that provide additional information an administrator. - -## Technical reference - - -[Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Microsoft Defender Offline (WDO) for malware detection-->](use-windows-defender-offline-wdo-for-malware-protection-not-dart.md) - - Environments with the Microsoft Diagnostics and Recovery Toolset (DaRT) Defender tool deployed should instead use the Microsoft Defender Offline (WDO) protection image for malware detection. - -## Other resources for DaRT 8.0 operations - - -[Diagnostics and Recovery Toolset 8 Administrator's Guide](index.md) - -[Getting Started with DaRT 8.0](getting-started-with-dart-80-dart-8.md) - -[Planning for DaRT 8.0](planning-for-dart-80-dart-8.md) - -[Deploying DaRT 8.0](deploying-dart-80-dart-8.md) - -[Operations for DaRT 8.0](operations-for-dart-80-dart-8.md) - -[Troubleshooting DaRT 8.0](troubleshooting-dart-80-dart-8.md) - -  - -  - - - - - diff --git a/mdop/dart-v8/troubleshooting-dart-80-dart-8.md b/mdop/dart-v8/troubleshooting-dart-80-dart-8.md deleted file mode 100644 index 1ad577b12a..0000000000 --- a/mdop/dart-v8/troubleshooting-dart-80-dart-8.md +++ /dev/null @@ -1,92 +0,0 @@ ---- -title: Troubleshooting DaRT 8.0 -description: Troubleshooting DaRT 8.0 -author: dansimp -ms.assetid: 0444a390-3251-47f4-b6c8-828d4a2e8af4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Troubleshooting DaRT 8.0 - - -Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905). - -## How to find troubleshooting content - - -You can use the following information to find troubleshooting or additional technical content for this product. - -### Search the MDOP documentation - -The first step to find help content in the Administrator’s Guide is to search the MDOP documentation on TechNet. - -After you search the MDOP documentation, your next step would be to search the troubleshooting information for the product in the TechNet Wiki. - -**To search the MDOP product documentation** - -1. Use a web browser to navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page. - -2. Enter applicable search terms in the **Search TechNet with Bing** search box at the top of the MDOP Information Experience home page. - -3. Review the search results for assistance. - -**To search the TechNet wiki** - -1. Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page. - -2. Enter applicable search terms in the **Search TechNet Wiki** search box on the TechNet Wiki home page. - -3. Review the search results for assistance. - -## How to create a troubleshooting article - - -If you have a troubleshooting tip or a best practice to share that is not already included in the MDOP OnlineHelp or TechNet Wiki, you can create your own TechNet Wiki articles. - -**To create a TechNet Wiki troubleshooting or best practices article** - -1. Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page. - -2. Log in with your Windows Live ID. - -3. Review the **Getting Started** section to learn the basics of the TechNet Wiki and its articles. - -4. Select **Post an article >>** at the bottom of the **Getting Started** section. - -5. On the Wiki article **Add Page** page, select **Insert Template** from the toolbar, select the troubleshooting article template (**Troubleshooting.html**), and then click **Insert**. - -6. Be sure to give the article a descriptive title and then overwrite the template information as needed to create your troubleshooting or best practice article. - -7. After you review your article, be sure to include a tag that is named **Troubleshooting** and another for the product name. This helps others to find your content. - -8. Click **Save** to publish the article to the TechNet Wiki. - -## Other resources for troubleshooting DaRT 8.0 - - -[Diagnostics and Recovery Toolset 8 Administrator's Guide](index.md) - -[Getting Started with DaRT 8.0](getting-started-with-dart-80-dart-8.md) - -[Planning for DaRT 8.0](planning-for-dart-80-dart-8.md) - -[Deploying DaRT 8.0](deploying-dart-80-dart-8.md) - -[Operations for DaRT 8.0](operations-for-dart-80-dart-8.md) - -  - -  - - - - - diff --git a/mdop/dart-v8/use-windows-defender-offline-wdo-for-malware-protection-not-dart.md b/mdop/dart-v8/use-windows-defender-offline-wdo-for-malware-protection-not-dart.md deleted file mode 100644 index 02e1f3ee25..0000000000 --- a/mdop/dart-v8/use-windows-defender-offline-wdo-for-malware-protection-not-dart.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -title: Use Microsoft Defender Offline (WDO) for malware protection not DaRT -description: Microsoft Diagnostics and Recovery Toolset (DaRT) users should use Microsoft Defender Offline (WDO) for malware detection -author: dansimp -ms.assetid: 59678283-4b44-4d02-ba8f-0e7315efd5d1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: support -ms.sitesec: library -ms.prod: w10 -ms.date: 09/25/2019 ---- - - -# Use Microsoft Defender Offline (WDO) for malware protection, not DaRT. - -Environments that have the Microsoft Diagnostics and Recovery Toolset (DaRT) Defender tool deployed should instead use the Microsoft Defender Offline (WDO) protection image for malware detection. This applies to all currently supported versions of DaRT. These versions include DaRT 7, DaRT 8, and DaRT 8.1, together with their service packs. - -## About Windows Defender - - -The Windows Defender tool distributes anti-malware updates more frequently than the DaRT Defender tool. Because of how the Defender tool integrates into DaRT, all supported DaRT version deployments cannot apply these anti-malware updates to their DaRT images. Without these updates, the DaRT Defender tool quickly becomes outdated. To make sure of up-to-date protection at scan time, you should download Microsoft Defender Offline to create a bootable image for scanning. - -Currently deployed DaRT images do not have to be removed or updated. We recommend that you deploy the bootable image that is provided by Microsoft Defender Offline for all future malware scans. Using an outdated version of the DaRT Defender tool could result in undetected malware. - -For more information about Microsoft Defender Offline downloads and FAQs, go to the following website: [What is Microsoft Defender Offline?](https://go.microsoft.com/fwlink/p/?LinkId=394127). - -  - -  - - - - - diff --git a/mdop/index.md b/mdop/index.md deleted file mode 100644 index 93ce634a80..0000000000 --- a/mdop/index.md +++ /dev/null @@ -1,179 +0,0 @@ ---- -title: MDOP Information Experience -description: MDOP Information Experience -ms.assetid: 12b8ab56-3267-450d-bb22-1c7e44cb8e52 -author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 07/24/2018 ---- - -# MDOP Information Experience - - -The Microsoft Desktop Optimization Pack (MDOP) is a portfolio of technologies available as a subscription for Software Assurance customers. MDOP helps to improve compatibility and management, reduce support costs, improve asset management, and improve policy control. - -The MDOP Information Experience provides product documentation, videos, blogs, and other resources to help users implement and optimize their experience with the MDOP technologies. You can learn about updates and events by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447). - -## MDOP Documentation Links - - -The following table provides links to the product documentation for the MDOP products by version. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Microsoft Advanced Group Policy Management (AGPM) extends the capabilities of the Group Policy Management Console (GPMC) to provide change control and improved management.

-

AGPM 4.0 SP3 – Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Vista SP1, Windows Server 2012, Windows Server 2012 R2, Windows Server 2008, Windows Server 2008 R2

-

AGPM 4.0 SP2 - Windows 8.1, Windows 8, Windows 7, Windows Vista SP1, Windows Server 2012, Windows Server 2008, Windows Server 2008 R2

-

AGPM 4.0 SP1 - Windows 8, Windows 7, Windows Vista SP1, Windows Server 2012, Windows Server 2008, Windows Server 2008 R2

-

AGPM 4.0 - Windows Vista SP1, Windows 7, Windows Server 2008, Windows Server 2008 R2

-

AGPM 3.0- Windows Vista SP1, Windows Server 2008

-

AGPM 2.5 - Windows Vista, Windows Server 2003

Overview of Microsoft Advanced Group Policy Management

-

AGPM 4.0 SP3

-

AGPM 4.0 SP2

-

AGPM 4.0 SP1 (https://go.microsoft.com/fwlink/p/?LinkId=286715)

-

AGPM 4.0

-

AGPM 3.0

-

AGPM 2.5

-

AGPM Whitepapers on the Microsoft Download Center

Microsoft Application Virtualization (App-V) lets you make applications available to end user computers without installing the applications directly on those computers.

Microsoft Application Virtualization 5.1 Administrator's Guide

-

About App-V 5.0 SP3

-

About App-V 5.0 SP2

-

About App-V 5.0 SP1

-

Microsoft Application Virtualization 5.0 Administrator's Guide

-

About Microsoft Application Virtualization 4.6 SP3

-

About Microsoft Application Virtualization 4.6 SP2

-

About Microsoft Application Virtualization 4.6 SP1

-

About Microsoft Application Virtualization 4.6

-

About Microsoft Application Virtualization 4.5

-

App-V Whitepapers on the Microsoft Download Center

-

App-V 5.0 eBooks (https://go.microsoft.com/fwlink/p/?LinkId=309570)

Microsoft BitLocker Administration and Monitoring (MBAM) provides an administrative interface to enterprise-wide BitLocker drive encryption.

Microsoft BitLocker Administration and Monitoring 2.5

-

MBAM 2.5 Video Demonstration: Deploying MBAM 2.5

-

About MBAM 2.5 SP1

-

About MBAM 2.0 SP1

-

Microsoft BitLocker Administration and Monitoring 2 Administrator's Guide

-

Microsoft BitLocker Administration and Monitoring 1 Administrator's Guide

-

MBAM Whitepapers on the Microsoft Download Center (https://go.microsoft.com/fwlink/p/?LinkId=231905)

-

MBAM 1.0 eBooks (https://go.microsoft.com/fwlink/p/?LinkId=309571)

Microsoft Diagnostics and Recovery Toolset (DaRT) helps troubleshoot and repair Windows-based computers.

-

DaRT 10 - Windows 10

-

DaRT 8.1 - Windows 8.1, Windows Server 2012 R2

-

DaRT 8.0 SP1 - Windows 8, Windows Server 2012

-

DaRT 8.0 - Windows 8, Windows Server 2012

-

DaRT 7.0 - Windows 7, Windows Server 2008 R2

-

DaRT 6.5 - Windows 7, Windows Server 2008 R2

-

DaRT 6.0 - Windows Vista, Windows Server 2008

-

DaRT 5.0 - Windows 2000, Windows XP, Windows Server 2003

Diagnostics and Recovery Toolset 10

-

About DaRT 8.1

-

About DaRT 8.0 SP1

-

Diagnostics and Recovery Toolset 8 Administrator's Guide

-

Diagnostics and Recovery Toolset 7 Administrator's Guide

-

DaRT 6.5 (https://go.microsoft.com/fwlink/p/?LinkId=232983)

-

DaRT Whitepapers on the Microsoft Download Center (https://go.microsoft.com/fwlink/p/?LinkId=232274)

-

DaRT 8.0 eBook (https://go.microsoft.com/fwlink/p/?LinkId=309573)

-

DaRT 7.0 eBook (https://go.microsoft.com/fwlink/p/?LinkId=309572)

Microsoft Desktop Enterprise Monitoring (DEM) monitors and reports enterprise-wide desktop application and system failures.

DEM 3.5 (https://go.microsoft.com/fwlink/p/?LinkId=232985)

-

DEM Whitepapers on the Microsoft Download Center (https://go.microsoft.com/fwlink/p/?LinkId=232276)

Microsoft Enterprise Desktop Virtualization (MED-V) uses Microsoft Virtual PC to provide an enterprise solution for desktop virtualization.

-

MED-V 2.0 - Windows 7

-

MED-V 1.0 SP1 - Windows 7, Windows Vista, Windows XP

-

MED-V 1.0 - Windows Vista, Windows XP

Microsoft Enterprise Desktop Virtualization 2.0

-

About MED-V 1.0 SP1

-

Microsoft Enterprise Desktop Virtualization 1.0

-

Microsoft User Experience Virtualization (UE-V) captures settings to apply to computers accessed by the user including desktop computers, laptop computers, and VDI sessions.

Microsoft User Experience Virtualization (UE-V) 2.x

-

What's New in UE-V 2.1 SP1

-

What's New in UE-V 2.1

-

What's New in UE-V 2.0

-

About User Experience Virtualization 1.0 SP1

-

Microsoft User Experience Virtualization (UE-V) 1.0

-

UE-V 1.0 eBooks (https://go.microsoft.com/fwlink/p/?LinkId=309574)

MDOP Solutions and Scenarios

Virtualizing Microsoft Office 2013 for Application Virtualization (App-V) 5.0

-

Virtualizing Microsoft Office 2010 for Application Virtualization (App-V) 5.0

-

Creating App-V 4.5 Databases Using SQL Scripting

-

Application Publishing and Client Interaction for App-V 5

-

How to Download and Deploy MDOP Group Policy (.admx) Templates

- - - -## Supplemental MDOP Product Guidance - - -In addition to the product documentation available online, supplemental product guidance such as informational videos and virtual labs are available for most MDOP products. - - ---- - - - - - - - - - - - - - - -

MDOP Virtual Labs

For a list of available MDOP virtual labs, go to Microsoft Desktop Optimization Pack (MDOP) Virtual Labs (https://go.microsoft.com/fwlink/p/?LinkId=234276).

MDOP TechCenter

For technical whitepapers, evaluation materials, blogs, and additional MDOP resources, go to MDOP TechCenter (https://go.microsoft.com/fwlink/p/?LinkId=225286)

-

MDOP Forums

Join in the MDOP community where you can ask and answer questions at the MDOP TechNet Forum (https://go.microsoft.com/fwlink/p/?LinkId=286973).

- - - -## How to Get MDOP - - -MDOP is a suite of products that can help streamline desktop deployment, management, and support across the enterprise. MDOP is available as an additional subscription for Software Assurance customers. - -**Download MDOP** -MDOP subscribers can download the software at the [Microsoft Volume Licensing website (MVLS)](https://go.microsoft.com/fwlink/p/?LinkId=166331). - -**Purchase MDOP** -Visit the enterprise [Purchase Windows Enterprise Licensing](https://www.microsoft.com/licensing/how-to-buy/how-to-buy) website to find out how to purchase MDOP for your business. - - - - - - - - - diff --git a/mdop/mbam-v1/TOC.md b/mdop/mbam-v1/TOC.md deleted file mode 100644 index 8d49baf940..0000000000 --- a/mdop/mbam-v1/TOC.md +++ /dev/null @@ -1,59 +0,0 @@ -# [Microsoft BitLocker Administration and Monitoring 1](index.md) -## [Getting Started with MBAM 1.0](getting-started-with-mbam-10.md) -### [About MBAM 1.0](about-mbam-10.md) -#### [Release Notes for MBAM 1.0](release-notes-for-mbam-10.md) -### [Evaluating MBAM 1.0](evaluating-mbam-10.md) -### [High Level Architecture for MBAM 1.0](high-level-architecture-for-mbam-10.md) -### [Accessibility for MBAM 1.0](accessibility-for-mbam-10.md) -## [Planning for MBAM 1.0](planning-for-mbam-10.md) -### [Preparing your Environment for MBAM 1.0](preparing-your-environment-for-mbam-10.md) -#### [MBAM 1.0 Deployment Prerequisites](mbam-10-deployment-prerequisites.md) -#### [Planning for MBAM 1.0 Group Policy Requirements](planning-for-mbam-10-group-policy-requirements.md) -#### [Planning for MBAM 1.0 Administrator Roles](planning-for-mbam-10-administrator-roles.md) -### [Planning to Deploy MBAM 1.0](planning-to-deploy-mbam-10.md) -#### [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md) -#### [Planning for MBAM 1.0 Server Deployment](planning-for-mbam-10-server-deployment.md) -#### [Planning for MBAM 1.0 Client Deployment](planning-for-mbam-10-client-deployment.md) -### [MBAM 1.0 Planning Checklist](mbam-10-planning-checklist.md) -## [Deploying MBAM 1.0](deploying-mbam-10.md) -### [Deploying the MBAM 1.0 Server Infrastructure](deploying-the-mbam-10-server-infrastructure.md) -#### [How to Install and Configure MBAM on a Single Server](how-to-install-and-configure-mbam-on-a-single-server-mbam-1.md) -#### [How to Install and Configure MBAM on Distributed Servers](how-to-install-and-configure-mbam-on-distributed-servers-mbam-1.md) -#### [How to Configure Network Load Balancing for MBAM](how-to-configure-network-load-balancing-for-mbam.md) -### [Deploying MBAM 1.0 Group Policy Objects](deploying-mbam-10-group-policy-objects.md) -#### [How to Install the MBAM 1.0 Group Policy Template](how-to-install-the-mbam-10-group-policy-template.md) -#### [How to Edit MBAM 1.0 GPO Settings](how-to-edit-mbam-10-gpo-settings.md) -#### [How to Hide Default BitLocker Encryption in The Windows Control Panel](how-to-hide-default-bitlocker-encryption-in-the-windows-control-panel.md) -### [Deploying the MBAM 1.0 Client](deploying-the-mbam-10-client.md) -#### [How to Deploy the MBAM Client to Desktop or Laptop Computers](how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-1.md) -#### [How to Deploy the MBAM Client as Part of a Windows Deployment](how-to-deploy-the-mbam-client-as-part-of-a-windows-deployment-mbam-1.md) -### [Deploying the MBAM 1.0 Language Release Update](deploying-the-mbam-10-language-release-update.md) -#### [How to Install the MBAM Language Update on a Single Server](how-to-install-the-mbam-language-update-on-a-single-server-mbam-1.md) -#### [How to Install the MBAM Language Update on Distributed Servers](how-to-install-the-mbam-language-update-on-distributed-servers-mbam-1.md) -#### [Known Issues in the MBAM International Release](known-issues-in-the-mbam-international-release-mbam-1.md) -### [MBAM 1.0 Deployment Checklist](mbam-10-deployment-checklist.md) -## [Operations for MBAM 1.0](operations-for-mbam-10.md) -### [Administering MBAM 1.0 Features](administering-mbam-10-features.md) -#### [How to Manage MBAM Administrator Roles](how-to-manage-mbam-administrator-roles-mbam-1.md) -#### [How to Manage Hardware Compatibility](how-to-manage-hardware-compatibility-mbam-1.md) -#### [How to Manage Computer BitLocker Encryption Exemptions](how-to-manage-computer-bitlocker-encryption-exemptions.md) -#### [How to Manage User BitLocker Encryption Exemptions](how-to-manage-user-bitlocker-encryption-exemptions-mbam-1.md) -#### [How to Manage MBAM Client BitLocker Encryption Options by Using the Control Panel](how-to-manage-mbam-client-bitlocker-encryption-options-by-using-the-control-panel-mbam-1.md) -### [Monitoring and Reporting BitLocker Compliance with MBAM 1.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-10.md) -#### [Understanding MBAM Reports](understanding-mbam-reports-mbam-1.md) -#### [How to Generate MBAM Reports](how-to-generate-mbam-reports-mbam-1.md) -### [Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam.md) -#### [How to Reset a TPM Lockout](how-to-reset-a-tpm-lockout-mbam-1.md) -#### [How to Recover a Drive in Recovery Mode](how-to-recover-a-drive-in-recovery-mode-mbam-1.md) -#### [How to Recover a Moved Drive](how-to-recover-a-moved-drive-mbam-1.md) -#### [How to Recover a Corrupted Drive](how-to-recover-a-corrupted-drive-mbam-1.md) -#### [How to Determine the BitLocker Encryption State of a Lost Computers](how-to-determine-the-bitlocker-encryption-state-of-a-lost-computers-mbam-1.md) -### [Maintaining MBAM 1.0](maintaining-mbam-10.md) -#### [High Availability for MBAM 1.0](high-availability-for-mbam-10.md) -#### [How to Move MBAM 1.0 Features to Another Computer](how-to-move-mbam-10-features-to-another-computer.md) -### [Security and Privacy for MBAM 1.0](security-and-privacy-for-mbam-10.md) -#### [Security Considerations for MBAM 1.0](security-considerations-for-mbam-10.md) -#### [Privacy Statement for MBAM 1.0](privacy-statement-for-mbam-10.md) -### [Administering MBAM 1.0 by Using PowerShell](administering-mbam-10-by-using-powershell.md) -## [Troubleshooting MBAM 1.0](troubleshooting-mbam-10.md) - diff --git a/mdop/mbam-v1/about-mbam-10.md b/mdop/mbam-v1/about-mbam-10.md deleted file mode 100644 index 3d6a3f705f..0000000000 --- a/mdop/mbam-v1/about-mbam-10.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: About MBAM 1.0 -description: About MBAM 1.0 -author: dansimp -ms.assetid: 99254aaa-2b30-4b2e-8365-0d4b67a89a0c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# About MBAM 1.0 - - -Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative interface to BitLocker drive encryption and offers enhanced protection against data theft or data exposure for computers that are lost or stolen. BitLocker encrypts all data that is stored on the Windows operating system volume and configured data volumes, which includes the Windows operating system, hibernation and paging files, applications, and the data that is used by applications. - -With Microsoft BitLocker Administration and Monitoring, you can select the BitLocker encryption policy options that are appropriate for your enterprise so that you can monitor the client compliance with those policies and then report the encryption status of both the enterprise and individual computers. In addition, you can access recovery key information when users forget their PIN or password or when their BIOS or boot record changes. - -**Note**   -BitLocker is not covered in detail in this guide. For an overview of BitLocker, see [BitLocker Drive Encryption Overview](https://go.microsoft.com/fwlink/p/?LinkId=225013). - - - -The following groups might be interested in using MBAM to manage BitLocker: - -- Administrators, IT security professionals, and compliance officers who are tasked with ensuring that confidential data is not disclosed without authorization - -- Administrators who are responsible for securing computers in remote or branch offices - -- Administrators who are responsible for servers or Windows client computers that are mobile - -- Administrators who are responsible for decommissioning servers that contain confidential data - -## MBAM 1.0 Release Notes - - -For more information and for latest updates, see [Release Notes for MBAM 1.0](release-notes-for-mbam-10.md). - -## Related topics - - -[Getting Started with MBAM 1.0](getting-started-with-mbam-10.md) - - - - - - - - - diff --git a/mdop/mbam-v1/accessibility-for-mbam-10.md b/mdop/mbam-v1/accessibility-for-mbam-10.md deleted file mode 100644 index bfe5549622..0000000000 --- a/mdop/mbam-v1/accessibility-for-mbam-10.md +++ /dev/null @@ -1,106 +0,0 @@ ---- -title: Accessibility for MBAM 1.0 -description: Accessibility for MBAM 1.0 -author: dansimp -ms.assetid: 5c1bf1a3-76cf-458c-ac4a-cd343aace4de -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Accessibility for MBAM 1.0 - - -Microsoft is committed to making its products and services easier for everyone to use. This section provides information about features and services that make this product and its corresponding documentation more accessible for people with disabilities. - -## Access Any Command with a Few Keystrokes - - -Access keys let you quickly use a command by pressing a few keys. You can get to most commands by using two keystrokes. To use an access key: - -1. Press ALT. - - The keyboard shortcuts are displayed over each feature that is available in the current view. - -2. Press the letter shown in the keyboard shortcut over the feature that you want to use. - -**Note**   -To cancel the action that you are taking and hide the keyboard shortcuts, press ALT. - - - -## Documentation in Alternative Formats - - -If you have difficulty reading or handling printed materials, you can obtain the documentation for many Microsoft products in more accessible formats. You can view an index of accessible product documentation on the Microsoft Accessibility website. In addition, you can obtain additional Microsoft publications from Learning Ally (formerly Recording for the Blind & Dyslexic, Inc.). Learning Ally distributes these documents to registered, eligible members of their distribution service. - -For information about the availability of Microsoft product documentation and books from Microsoft Press, contact: - - ---- - - - - - - - - - - - - - - - - - - - - - - -

Learning Ally (formerly Recording for the Blind & Dyslexic, Inc.)

-

20 Roszel Road

-

Princeton, NJ 08540

Telephone number from within the United States:

(800) 221-4792

Telephone number from outside the United States and Canada:

(609) 452-0606

Fax:

(609) 987-8116

http://www.learningally.org/

Web addresses can change, so you might be unable to connect to the website or sites mentioned here.

- - - -## Customer Service for People with Hearing Impairments - - -If you are deaf or hard-of-hearing, complete access to Microsoft product and customer services is available through a text telephone (TTY/TDD) service: - -- For customer service, contact Microsoft Sales Information Center at (800) 892-5234 between 6:30 AM and 5:30 PM Pacific Time, Monday through Friday, excluding holidays. - -- For technical assistance in the United States, contact Microsoft Product Support Services at (800) 892-5234 between 6:00 AM and 6:00 PM Pacific Time, Monday through Friday, excluding holidays. In Canada, dial (905) 568-9641 between 8:00 AM and 8:00 PM Eastern Time, Monday through Friday, excluding holidays. - -Microsoft Support Services are subject to the prices, terms, and conditions in place at the time the service is used. - -## For More Information - - -For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431). - -## Related topics - - -[Getting Started with MBAM 1.0](getting-started-with-mbam-10.md) - - - - - - - - - diff --git a/mdop/mbam-v1/administering-mbam-10-by-using-powershell.md b/mdop/mbam-v1/administering-mbam-10-by-using-powershell.md deleted file mode 100644 index 1609db7fb7..0000000000 --- a/mdop/mbam-v1/administering-mbam-10-by-using-powershell.md +++ /dev/null @@ -1,88 +0,0 @@ ---- -title: Administering MBAM 1.0 by Using PowerShell -description: Administering MBAM 1.0 by Using PowerShell -author: dansimp -ms.assetid: 3bf2eca5-4ab7-4e84-9e80-c0c7d709647b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Administering MBAM 1.0 by Using PowerShell - - -Microsoft BitLocker Administration and Monitoring (MBAM) provides the following listed set of Windows PowerShell cmdlets. Administrators can use these PowerShell cmdlets to perform various MBAM server tasks from the command prompt rather than from the MBAM administration website. - -## How to administer MBAM by using PowerShell - - -Use the PowerShell cmdlets described here to administer MBAM. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameDescription

Add-MbamHardwareType

Adds a new hardware model to the MBAM hardware inventory. This cmdlet can also specify whether the hardware is supported or unsupported for BitLocker drive encryption.

Get-MbamBitLockerRecoveryKey

Requests an MBAM recovery key that will enable a user to unlock a computer or encrypted drive.

Get-MbamHardwareType

Gets a master hardware inventory that contains data that indicates whether hardware models are compatible or incompatible with BitLocker drive encryption.

Get-MbamTPMOwnerPassword

Provides a TPM owner password for a user to manage their TPM (Trusted Platform Module) access. Helps users when TPM has locked them out and will no longer accept their PIN.

Install-Mbam

Installs MBAM features that provide advanced group policy, encryption, key recovery, and compliance reporting tools.

Remove-MbamHardwareType

Removes the hardware models from the hardware inventory.

Set-MbamHardwareType

Allows management of a master hardware inventory to designate whether or not hardware models are capable or incapable to perform BitLocker encryption.

Uninstall-Mbam

Removes previously installed MBAM features that provide advanced policy, encryption, key recovery, and compliance reporting tools.

- -  - -## Related topics - - -[Operations for MBAM 1.0](operations-for-mbam-10.md) - -  - -  - - - - - diff --git a/mdop/mbam-v1/administering-mbam-10-features.md b/mdop/mbam-v1/administering-mbam-10-features.md deleted file mode 100644 index 5f4fbb0244..0000000000 --- a/mdop/mbam-v1/administering-mbam-10-features.md +++ /dev/null @@ -1,71 +0,0 @@ ---- -title: Administering MBAM 1.0 Features -description: Administering MBAM 1.0 Features -author: dansimp -ms.assetid: dd9a9eff-f1ad-4af3-85d9-c19131a4ad22 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Administering MBAM 1.0 Features - - -After you complete all necessary Microsoft BitLocker Administration and Monitoring (MBAM) planning and deployment, you can configure and use MBAM to manage enterprise BitLocker encryption. The information in this section describes post-installation day-to-day MBAM feature operations tasks. - -## Manage MBAM Administrator Roles - - -After MBAM Setup is complete for all server features, administrative users must be granted access to these server features. As a best practice, administrators who will manage or use MBAM server features, should be assigned to Active Directory security groups and then those groups should be added to the appropriate MBAM administrative local group. - -[How to Manage MBAM Administrator Roles](how-to-manage-mbam-administrator-roles-mbam-1.md) - -## Manage Hardware Compatibility - - -The MBAM Hardware Compatibility feature can help you to ensure that only the computer hardware that you specify as supporting BitLocker will be encrypted. When this feature is turned on, bit\_admmontla will encrypt only computers that are marked as Compatible. - -**Important**   -When this feature is turned off, all computers where the MBAM policy is deployed will be encrypted. - - - -MBAM can collect information on both the make and model of client computers if you deploy the “Allow Hardware Compatibility Checking” Group Policy. If you configure this policy, the MBAM agent reports the computer make and model information to the MBAM Server when the MBAM Client is deployed on a client computer. - -[How to Manage Hardware Compatibility](how-to-manage-hardware-compatibility-mbam-1.md) - -[How to Manage User BitLocker Encryption Exemptions](how-to-manage-user-bitlocker-encryption-exemptions-mbam-1.md) - -## Manage BitLocker encryption exemptions - - -MBAM can grant two forms of exemption from BitLocker encryption: computer exemption and user exemption. Computer exemption is typically used when a company has computers that do not have to be encrypted, such as computers that are used in development or testing, or older computers that do not support BitLocker. In some cases, local law may also require that certain computers are not encrypted. You may also choose to exempt users who do not need or want their drives encrypted. - -[How to Manage Computer BitLocker Encryption Exemptions](how-to-manage-computer-bitlocker-encryption-exemptions.md) - -## Manage MBAM Client BitLocker Encryption Options by using the Control Panel - - -If enabled through a Group Policy Objects (GPO), a custom MBAM control panel that is named BitLocker Encryption Options will be available under **System and Security**. This customized control panel replaces the default Windows BitLocker control panel. The MBAM control panel enables you to unlock encrypted drives (fixed and removable), and also helps you manage your PIN or password. - -[How to Manage MBAM Client BitLocker Encryption Options by Using the Control Panel](how-to-manage-mbam-client-bitlocker-encryption-options-by-using-the-control-panel-mbam-1.md) - -## Other resources for Administering MBAM features - - -[Operations for MBAM 1.0](operations-for-mbam-10.md) - - - - - - - - - diff --git a/mdop/mbam-v1/deploying-mbam-10-group-policy-objects.md b/mdop/mbam-v1/deploying-mbam-10-group-policy-objects.md deleted file mode 100644 index 37436151d6..0000000000 --- a/mdop/mbam-v1/deploying-mbam-10-group-policy-objects.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: Deploying MBAM 1.0 Group Policy Objects -description: Deploying MBAM 1.0 Group Policy Objects -author: dansimp -ms.assetid: 2129291e-d2b2-41ed-b643-1e311c49fee7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploying MBAM 1.0 Group Policy Objects - - -To successfully deploy Microsoft BitLocker Administration and Monitoring (MBAM), you must first determine the Group Policies that you will use in your implementation of MBAM. For more information about the various available policies, see [Planning for MBAM 1.0 Group Policy Requirements](planning-for-mbam-10-group-policy-requirements.md). When you have determined the policies that you are going to use, you must use the MBAM 1.0 Group Policy template to create and deploy one or more Group Policy objects (GPO) that include the MBAM policy settings. - -## Install the MBAM 1.0 Group Policy template - - -In addition to providing server-related features of MBAM, the server setup application includes an MBAM Group Policy template. You can install this template on any computer that is able to run the Group Policy Management Console (GPMC) or Advanced Group Policy Management (AGPM). - -[How to Install the MBAM 1.0 Group Policy Template](how-to-install-the-mbam-10-group-policy-template.md) - -## Deploy MBAM 1.0 Group Policy settings - - -After you create the necessary GPOs, you must deploy the MBAM Group Policy settings to your organization’s client computers. - -[How to Edit MBAM 1.0 GPO Settings](how-to-edit-mbam-10-gpo-settings.md) - -## Display the MBAM Control Panel in Windows - - -Because MBAM offers a customized MBAM control panel that can replace the default Windows BitLocker control panel, you can also choose to hide the default BitLocker Control Panel from end users by using Group Policy. - -[How to Hide Default BitLocker Encryption in The Windows Control Panel](how-to-hide-default-bitlocker-encryption-in-the-windows-control-panel.md) - -## Other resources for deploying MBAM 1.0 Group Policy Objects - - -[Deploying MBAM 1.0](deploying-mbam-10.md) - -  - -  - - - - - diff --git a/mdop/mbam-v1/deploying-mbam-10.md b/mdop/mbam-v1/deploying-mbam-10.md deleted file mode 100644 index ab3420e5c6..0000000000 --- a/mdop/mbam-v1/deploying-mbam-10.md +++ /dev/null @@ -1,65 +0,0 @@ ---- -title: Deploying MBAM 1.0 -description: Deploying MBAM 1.0 -author: dansimp -ms.assetid: ff952ed6-08b2-4ed0-97b8-bf89f22cccbc -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploying MBAM 1.0 - - -Microsoft BitLocker Administration and Monitoring (MBAM) supports a number of different deployment configurations. This section of the Administrator’s Guide for Microsoft BitLocker Administration and Monitoring includes information that you should consider about the deployment of MBAM and step-by-step procedures to help you successfully perform the tasks that you must complete at different stages of your deployment. - -## Deployment information - - -- [Deploying the MBAM 1.0 Server Infrastructure](deploying-the-mbam-10-server-infrastructure.md) - - This section describes the different topology options for MBAM deployment and how to use MBAM Setup to deploy MBAM Server features. - -- [Deploying MBAM 1.0 Group Policy Objects](deploying-mbam-10-group-policy-objects.md) - - This section describes how to create and deploy the MBAM Group Policy Objects that are required to manage MBAM Clients and BitLocker encryption policies throughout the enterprise. - -- [Deploying the MBAM 1.0 Client](deploying-the-mbam-10-client.md) - - This section describes how to use the MBAM Client Windows Installer files to deploy the MBAM Client software. - -- [Deploying the MBAM 1.0 Language Release Update](deploying-the-mbam-10-language-release-update.md) - - This section describes how to deploy the MBAM language release update to provide support for additional non-English language user interfaces. - -- [MBAM 1.0 Deployment Checklist](mbam-10-deployment-checklist.md) - - This section provides a deployment checklist that can help you deploy MBAM Server and MBAM Client. - -## Other Resources for deploying MBAM - - -- [Microsoft BitLocker Administration and Monitoring 1 Administrator's Guide](index.md) - -- [Getting Started with MBAM 1.0](getting-started-with-mbam-10.md) - -- [Planning for MBAM 1.0](planning-for-mbam-10.md) - -- [Operations for MBAM 1.0](operations-for-mbam-10.md) - -- [Troubleshooting MBAM 1.0](troubleshooting-mbam-10.md) - -  - -  - - - - - diff --git a/mdop/mbam-v1/deploying-the-mbam-10-client.md b/mdop/mbam-v1/deploying-the-mbam-10-client.md deleted file mode 100644 index cba12f248f..0000000000 --- a/mdop/mbam-v1/deploying-the-mbam-10-client.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: Deploying the MBAM 1.0 Client -description: Deploying the MBAM 1.0 Client -author: dansimp -ms.assetid: f7ca233f-5035-4ff9-ab3a-f2453b4929d1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploying the MBAM 1.0 Client - - -The Microsoft BitLocker Administration and Monitoring (MBAM) Client enables administrators to enforce and monitor BitLocker drive encryption on computers in the enterprise. The BitLocker client can be integrated into an organization by deploying the client through tools like Active Directory Domain Services or by directly encrypting the client computers as part of the initial imaging process. - -Depending on when you deploy the MBAM Client, you can enable BitLocker encryption on a computer in your organization either before or after the end user receives the computer. To control this timing, you configure Group Policy and deploy the MBAM Client software by using an enterprise software deployment system. - -You can use either or both of these methods in your organization. If you use both methods, you can improve compliance, reporting, and key recovery support. - -## Deploy the MBAM Client to desktop or laptop computers - - -After you have configured Group Policy, you can deploy the MBAM Client installation Windows Installer files to target computers. You can do this by use of an enterprise software deployment system product like Microsoft System Center 2012 Configuration Manager or Active Directory Domain Services. The two available MBAM Client installation Windows Installer files are MBAMClient-64bit.msi and MBAMClient-32bit.msi. These files are provided with the MBAM software. For more information about how to deploy MBAM Group Policy Objects, see [Deploying MBAM 1.0 Group Policy Objects](deploying-mbam-10-group-policy-objects.md). - -[How to Deploy the MBAM Client to Desktop or Laptop Computers](how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-1.md) - -## Deploy the MBAM Client as part of a Windows deployment - - -In some organizations, new computers are received and configured centrally. This situation enables administrators to install the MBAM Client to manage BitLocker encryption on each computer before any user data is written to the computer. This approach helps to ensure that computers are properly encrypted because the administrator performs the action without reliance on end-user action. A key assumption for this scenario is that the policy of the organization installs a corporate Windows image before the computer is delivered to the user. - -[How to Deploy the MBAM Client as Part of a Windows Deployment](how-to-deploy-the-mbam-client-as-part-of-a-windows-deployment-mbam-1.md) - -## Other resources for deploying the MBAM Client - - -[Deploying MBAM 1.0](deploying-mbam-10.md) - -[Planning for MBAM 1.0 Client Deployment](planning-for-mbam-10-client-deployment.md) - -  - -  - - - - - diff --git a/mdop/mbam-v1/deploying-the-mbam-10-language-release-update.md b/mdop/mbam-v1/deploying-the-mbam-10-language-release-update.md deleted file mode 100644 index 22cac957e6..0000000000 --- a/mdop/mbam-v1/deploying-the-mbam-10-language-release-update.md +++ /dev/null @@ -1,105 +0,0 @@ ---- -title: Deploying the MBAM 1.0 Language Release Update -description: Deploying the MBAM 1.0 Language Release Update -author: dansimp -ms.assetid: 9dbd85c3-e470-4752-a90f-25754dd46dab -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploying the MBAM 1.0 Language Release Update - - -Microsoft BitLocker Administration and Monitoring (MBAM) 1.0 Language Release is an update to MBAM and includes the support of new languages. The new languages are: - -- English (en-us) - -- French (fr) - -- Italian (it) - -- German (de) - -- Spanish (es) - -- Korean (ko) - -- Japanese (ja) - -- Brazilian Portuguese (pt-br) - -- Russian (ru) - -- Chinese Traditional (zh-tw) - -- Chinese Simplified (zh-cn) - -The MBAM 1.0 language update will change the version number from MBAM 1.0.1237.1 to MBAM 1.0.2001. - -You do not need to reinstall all of the MBAM features in order to add these additional languages. This topic defines the steps required to add the newly supported languages. - -## Deploy the MBAM international release to MBAM Server features - - -To begin, you must update the following MBAM server features: - -- Compliance and Audit Report - -- Administration and Monitoring Server - -- Policy Templates - -Then, you must run **MbamSetup.exe** to upgrade the MBAM features that run on the same server at the same time. - -[How to Install the MBAM Language Update on a Single Server](how-to-install-the-mbam-language-update-on-a-single-server-mbam-1.md) - -[How to Install the MBAM Language Update on Distributed Servers](how-to-install-the-mbam-language-update-on-distributed-servers-mbam-1.md) - -## Install the MBAM language update for Group Policies - - -The MBAM Group Policy templates can be installed on each management workstation or they can be copied to the Group Policy central store, in order to make the templates available to all Group Policy administrators. The policy templates cannot be directly installed on a domain controller. If you do not use a Group Policy central store, then you must copy the policies manually to each domain controller that manages MBAM Group Policy. - -To add the MBAM language policies templates, copy the Group Policy language files from %SystemRoot%\\PolicyDefinitions on the computer where the “Policy Templates” role was installed to the same location on the workstation computer. Here are some examples of Group Policy files: - -- BitLockerManagement.admx - -- BitLockerUserManagement.admx - -- en-us\\BitLockerManagement.adml - -- en-us\\BitLockerUserManagement.adml - -- fr-fr\\ BitLockerManagement.adml - -- fr-fr\\ BitLockerUserManagement.adml - -- (and similarly for each supported language) - -## Known issues in the MBAM international release - - -This topic contains known issues for Microsoft BitLocker Administration and Monitoring International Release. - -[Known Issues in the MBAM International Release](known-issues-in-the-mbam-international-release-mbam-1.md) - -## Other resources for deploying the MBAM 1.0 Language Update - - -[Deploying MBAM 1.0](deploying-mbam-10.md) - -  - -  - - - - - diff --git a/mdop/mbam-v1/deploying-the-mbam-10-server-infrastructure.md b/mdop/mbam-v1/deploying-the-mbam-10-server-infrastructure.md deleted file mode 100644 index 22d1fabb5c..0000000000 --- a/mdop/mbam-v1/deploying-the-mbam-10-server-infrastructure.md +++ /dev/null @@ -1,103 +0,0 @@ ---- -title: Deploying the MBAM 1.0 Server Infrastructure -description: Deploying the MBAM 1.0 Server Infrastructure -author: dansimp -ms.assetid: 90529379-b70e-4c92-b188-3d7aaf1844af -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Deploying the MBAM 1.0 Server Infrastructure - - -You can install Microsoft BitLocker Administration and Monitoring (MBAM) Server features in different configurations by using one to five servers. Generally, you should use a configuration of three to five servers for production environments, depending on your scalability needs. For more information about performance scalability of MBAM and recommended deployment topologies, see the [MBAM Scalability and High-Availability Guide White Paper](https://go.microsoft.com/fwlink/p/?LinkId=258314). - -## Deploy all MBAM 1.0 on a single server - - -In this configuration, all MBAM features are installed on a single server. This deployment topology for MBAM server infrastructure will support up to 21,000 MBAM client computers. - -**Important**   -This configuration is supported, but we recommend it for testing only. - - - -The procedures in this section describe the full installation of the MBAM features on a single server. - -[How to Install and Configure MBAM on a Single Server](how-to-install-and-configure-mbam-on-a-single-server-mbam-1.md) - -## Deploy MBAM 1.0 on distributed servers - - -MBAM features can be installed in different configurations, depending on your scalability needs. For more information about how to plan for MBAM server feature deployment, see [Planning for MBAM 1.0 Server Deployment](planning-for-mbam-10-server-deployment.md). - -The procedures in this section describe the full installation of the MBAM features on distributed servers. - -### Three-computer configuration - -The following diagram displays the three-computer deployment topology for MBAM. We recommend this topology for production environments that support up to 55,000 MBAM Clients. - -![mbam three computer deployment topology](images/mbam-3-server.jpg) - -In this configuration, MBAM features are installed in the following configuration: - -1. Recovery and Hardware Database, Compliance and Audit Database, and Compliance and Audit Reports are installed on a server. - -2. Administration and Monitoring Server feature is installed on a server. - -3. MBAM Group Policy template is installed on a computer that is capable of modifying Group Policy Objects (GPO). - -### Four-computer configuration - -The following diagram displays the four-computer deployment topology for MBAM. We recommended this topology for production environments that support up to 110,000 MBAM Clients. - -![mbam four computer deployment topology.](images/mbam-4-computer.jpg) - -In this configuration, MBAM features are installed in the following configuration: - -1. Recovery and Hardware Database, Compliance and Audit Database, and Compliance and Audit Reports are installed on a server. - -2. Administration and Monitoring Server feature is installed on a server that is configured in a Network Load Balancing (NLB) Server Cluster. - -3. MBAM Group Policy template is installed on a computer that is capable of modifying the Group Policy Objects. - -### Five-computer configuration - -The following diagram displays the five-computer deployment topology for MBAM. We recommend this topology for production environments that support up to 135,000 MBAM Clients. - -![mbam five computer deployment topology.](images/mbam-5-computer.jpg) - -In this configuration, MBAM features are installed in the following configuration: - -1. Recovery and Hardware Database is installed on a server. - -2. The Compliance and Audit Database and Compliance and Audit Reports are installed on a server. - -3. Administration and Monitoring Server feature is installed on a server that is configured in a Network Load Balancing (NLB) Server Cluster. - -4. MBAM Group Policy template is installed on a computer that is capable of modifying Group Policy Objects. - -[How to Install and Configure MBAM on Distributed Servers](how-to-install-and-configure-mbam-on-distributed-servers-mbam-1.md) - -[How to Configure Network Load Balancing for MBAM](how-to-configure-network-load-balancing-for-mbam.md) - -## Other resources for MBAM 1.0 Server features deployment - - -[Deploying MBAM 1.0](deploying-mbam-10.md) - - - - - - - - - diff --git a/mdop/mbam-v1/evaluating-mbam-10.md b/mdop/mbam-v1/evaluating-mbam-10.md deleted file mode 100644 index f4c72234bf..0000000000 --- a/mdop/mbam-v1/evaluating-mbam-10.md +++ /dev/null @@ -1,184 +0,0 @@ ---- -title: Evaluating MBAM 1.0 -description: Evaluating MBAM 1.0 -author: dansimp -ms.assetid: a1e2b674-eda9-4e1c-9b4c-e748470c71f2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Evaluating MBAM 1.0 - - -Before you deploy Microsoft BitLocker Administration and Monitoring (MBAM) into a production environment, you should evaluate it in a lab environment. You can use the information in this topic to set up MBAM in a single server lab environment for evaluation purposes only. - -While the actual deployment steps are very similar to the scenario that is described in [How to Install and Configure MBAM on a Single Server](how-to-install-and-configure-mbam-on-a-single-server-mbam-1.md), this topic contains additional information to enable you to set up an MBAM evaluation environment in the least amount of time. - -## Set up the Lab Environment - - -Even when you set up a non-production instance of MBAM to evaluate in a lab environment, you should still verify that you have met the deployment prerequisites and the hardware and software requirements. For more information, see [MBAM 1.0 Deployment Prerequisites](mbam-10-deployment-prerequisites.md) and [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md). You should also review [Preparing your Environment for MBAM 1.0](preparing-your-environment-for-mbam-10.md) before you begin the MBAM evaluation deployment. - -### Plan for an MBAM Evaluation Deployment - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TaskReferencesNotes
Checklist box

Review the Getting Started information about MBAM to gain a basic understanding of the product before you begin your deployment planning.

Getting Started with MBAM 1.0

Checklist box

-

Prepare your computing environment for the MBAM installation. To do so, you must enable the Transparent Data Encryption (TDE) on the SQL Server instances that will host MBAM databases. To enable TDE in your lab environment, you can create a .sql file to run against the master database that is hosted on the instance of the SQL Server that MBAM will use.

-
-Note

You can use the following example to create a .sql file for your lab environment to quickly enable TDE on the SQL Server instance that will host the MBAM databases. These SQL Server commands will enable TDE by using a locally signed SQL Server certificate. Make sure to back up the TDE certificate and its associated encryption key to the example local backup path of C:\Backup. The TDE certificate and key are required when recover the database or move the certificate and key to another server that has TDE encryption in place.

-
-
- -
-
USE master;
-GO
-CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'P@55w0rd';
-GO
-CREATE CERTIFICATE tdeCert WITH SUBJECT = 'TDE Certificate';
-GO
-BACKUP CERTIFICATE tdeCert TO FILE = 'C:\Backup\TDECertificate.cer'
-   WITH PRIVATE KEY (
-         FILE = 'C:\Backup\TDECertificateKey.pvk',
-         ENCRYPTION BY PASSWORD = 'P@55w0rd');
-GO

MBAM 1.0 Deployment Prerequisites

-

Database Encryption in SQL Server 2008 Enterprise Edition

Checklist box

Plan for and configure MBAM Group Policy requirements.

Planning for MBAM 1.0 Group Policy Requirements

Checklist box

Plan for and create the necessary Active Directory Domain Services security groups and plan for MBAM local security group membership requirements.

Planning for MBAM 1.0 Administrator Roles

Checklist box

Plan for MBAM Server feature deployment.

Planning for MBAM 1.0 Server Deployment

Checklist box

Plan for MBAM Client deployment.

Planning for MBAM 1.0 Client Deployment

- - - -### Perform an MBAM Evaluation Deployment - -After you complete the necessary planning and software prerequisite installations to prepare your computing environment for an MBAM installation, you can begin the MBAM evaluation deployment. - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Checklist box

Review the MBAM supported configurations information to make sure that the selected client and server computers are supported for the MBAM feature installation.

MBAM 1.0 Supported Configurations

Checklist box

Run MBAM Setup to deploy MBAM Server features on a single server for evaluation purposes.

How to Install and Configure MBAM on a Single Server

Checklist box

Add the Active Directory Domain Services security groups that you created during the planning phase to the appropriate local MBAM Server feature local groups on the new MBAM server.

Planning for MBAM 1.0 Administrator Roles and How to Manage MBAM Administrator Roles

Checklist box

Create and deploy the required MBAM Group Policy Objects.

Deploying MBAM 1.0 Group Policy Objects

Checklist box

Deploy the MBAM Client software.

Deploying the MBAM 1.0 Client

- - - -## Configure Lab Computers for MBAM Evaluation - - -You can change the frequency settings on the MBAM Client status reporting by using Registry Editor. However, these modifications should be used for testing purposes only. - -**Warning** -This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk. - - - -### Modify the Frequency Settings on MBAM Client Status Reporting - -The MBAM Client wakeup and status reporting frequencies have a minimum value of 90 minutes when they are set to use Group Policy. You can change these frequencies on MBAM client computers by editing the Windows registry to lower values, which will help speed up the testing. To modify the frequency settings on MBAM Client status reporting, use a registry editor to navigate to **HKLM\\Software\\Policies\\FVE\\MDOPBitLockerManagement**, change the values for **ClientWakeupFrequency** and **StatusReportingFrequency** to **1** as the minimum client supported value, and then restart BitLocker Management Client Service. When you make this change, the MBAM Client will report every minute. You can set values this low only when you do so manually in the registry. - -### Modify the Startup Delay on MBAM Client Service - -In addition to the MBAM Client wakeup and status reporting frequencies, there is a random delay of up to 90 minutes when the MBAM Client agent service starts on client computers. If you do not want the random delay, create a **DWORD** value of **NoStartupDelay** under **HKLM\\Software\\Microsoft\\MBAM**, set its value to **1**, and then restart BitLocker Management Client Service. - -## Related topics - - -[Getting Started with MBAM 1.0](getting-started-with-mbam-10.md) - - - - - - - - - diff --git a/mdop/mbam-v1/getting-started-with-mbam-10.md b/mdop/mbam-v1/getting-started-with-mbam-10.md deleted file mode 100644 index 7d1f4c4060..0000000000 --- a/mdop/mbam-v1/getting-started-with-mbam-10.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: Getting Started with MBAM 1.0 -description: Getting Started with MBAM 1.0 -author: dansimp -ms.assetid: 4fab4e4a-d25e-4661-b235-2b45bf5ac3e4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - -# Getting Started with MBAM 1.0 - -> **IMPORTANT** -> MBAM 1.0 will reach end of support on September 14, 2021. -> See our [lifecycle page](https://support.microsoft.com/lifecycle/search?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%201.0) for more information. We recommend [migrating to MBAM 2.5](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions) or another supported version of MBAM, or migrating your BitLocker management to [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager). - - -Microsoft BitLocker Administration and Monitoring (MBAM) requires thorough planning before you deploy it or use its features. Because this product can affect every computer in your organization, you might disrupt your entire network if you do not plan your deployment carefully. However, if you plan your deployment carefully and manage it so that it meets your business needs, MBAM can help reduce your administrative overhead and total cost of ownership. - -If you are new to this product, we recommend that you read the documentation thoroughly. Before you deploy it to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at . - -**Note**   -You can find a downloadable version of this documentation and the MBAM Evaluation Guide at . - - - -This section of the MBAM Administrator’s Guide includes high-level information about MBAM to provide you with a basic understanding of the product before you begin the deployment planning. Additional MBAM documentation can be found on the MBAM Documentation Resources Download page at . - -## Getting started with MBAM 1.0 - - -- [About MBAM 1.0](about-mbam-10.md) - - Provides a high-level overview of MBAM and how it can be used in your organization. - -- [Evaluating MBAM 1.0](evaluating-mbam-10.md) - - Provides information about how you can best evaluate MBAM for use in your organization. - -- [High Level Architecture for MBAM 1.0](high-level-architecture-for-mbam-10.md) - - Provides a description of the MBAM features and how they work together. - -- [Accessibility for MBAM 1.0](accessibility-for-mbam-10.md) - - Provides information about features and services that make this product and its corresponding documentation more accessible for people with disabilities. - -## Other resources for this product - - -- [Microsoft BitLocker Administration and Monitoring 1 Administrator's Guide](index.md) - -- [Planning for MBAM 1.0](planning-for-mbam-10.md) - -- [Deploying MBAM 1.0](deploying-mbam-10.md) - -- [Operations for MBAM 1.0](operations-for-mbam-10.md) - -- [Troubleshooting MBAM 1.0](troubleshooting-mbam-10.md) - - - - - - - - - diff --git a/mdop/mbam-v1/high-availability-for-mbam-10.md b/mdop/mbam-v1/high-availability-for-mbam-10.md deleted file mode 100644 index 90c23329c3..0000000000 --- a/mdop/mbam-v1/high-availability-for-mbam-10.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: High Availability for MBAM 1.0 -description: High Availability for MBAM 1.0 -author: dansimp -ms.assetid: 5869ecf8-1056-4c32-aecb-838a37e05d39 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# High Availability for MBAM 1.0 - - -This topic describes how to configure a highly available installation of Microsoft BitLocker Administration and Monitoring (MBAM). - -## High Availability Scenarios for MBAM - - -Microsoft BitLocker Administration and Monitoring (MBAM) is designed to be fault-tolerant. If a server becomes unavailable, the users should not be negatively affected. For example, if the MBAM agent cannot connect to the MBAM web server, users should not be prompted for action. - -When you plan your MBAM installation, consider the following concerns that can affect the availability of the MBAM service: - -- Drive encryption and recovery password – If a recovery password cannot be escrowed, the encryption will not start on the client computer. - -- Compliance status data upload – If the server that hosts the compliance status report service is not available, the compliance data will not remain current. - -- Help Desk recovery key access - If the Help Desk cannot access MBAM database information, they will be unable to provide recovery keys to users. - -- Availability of reports – Reports will not be available if the server that hosts the Compliance and Audit Reports is not available. - -The main concern for MBAM high availability is BitLocker key recovery availability. If the help desk cannot provide recovery keys, users who are locked out cannot unlock their computers. To avoid this problem, consider implementing redundant web servers and databases to ensure high availability. - -For more information about MBAM scalability and high availability, see the [MBAM Scalability White Paper](https://go.microsoft.com/fwlink/p/?LinkId=229025) (https://go.microsoft.com/fwlink/p/?LinkId=229025). - -For general guidance on high availability for Microsoft SQL Server, see [High Availability](https://go.microsoft.com/fwlink/p/?LinkId=221504) (https://go.microsoft.com/fwlink/p/?LinkId=221504). - -For general guidance on availability and scalability for web servers, see [Availability and Scalability](https://go.microsoft.com/fwlink/p/?LinkId=221503) (https://go.microsoft.com/fwlink/p/?LinkId=221503). - -## Related topics - - -[Maintaining MBAM 1.0](maintaining-mbam-10.md) - -  - -  - - - - - diff --git a/mdop/mbam-v1/high-level-architecture-for-mbam-10.md b/mdop/mbam-v1/high-level-architecture-for-mbam-10.md deleted file mode 100644 index 4b98af6d48..0000000000 --- a/mdop/mbam-v1/high-level-architecture-for-mbam-10.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: High Level Architecture for MBAM 1.0 -description: High Level Architecture for MBAM 1.0 -author: dansimp -ms.assetid: b1349196-88ed-4d6c-8a1d-998f18127b6b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# High Level Architecture for MBAM 1.0 - - -Microsoft BitLocker Administration and Monitoring (MBAM) is a client/server data encryption solution that can help you simplify BitLocker provisioning and deployment, improve BitLocker compliance and reporting, and reduce support costs. MBAM includes the features that are described in this topic. - -Additionally, there is a video that provides an overview of the MBAM architecture and MBAM Setup. For more information, see [MBAM Deployment and Architecture Overview](https://go.microsoft.com/fwlink/p/?LinkId=258392). - -## Architecture Overview - - -The following diagram displays the MBAM architecture. The single-server MBAM deployment topology is shown to introduce the MBAM features. However, this MBAM deployment topology is recommended only for lab environments. - -**Note**   -At least a three-computer MBAM deployment topology is recommended for a production deployment. For more information about MBAM deployment topologies, see [Deploying the MBAM 1.0 Server Infrastructure](deploying-the-mbam-10-server-infrastructure.md). - - - -![mbam single server deployment topology](images/mbam-1-server.jpg) - -1. **Administration and Monitoring Server**. The MBAM Administration and Monitoring Server is installed on a Windows server and hosts the MBAM Administration and Management website and the monitoring web services. The MBAM Administration and Management website is used to determine enterprise compliance status, to audit activity, to manage hardware capability, and to access recovery data, such as the BitLocker recovery keys. The Administration and Monitoring Server connects to the following databases and services: - - - Recovery and Hardware Database. The Recovery and Hardware database is installed on a Windows-based server and supported SQL Server instance. This database stores recovery data and hardware information that is collected from MBAM client computers. - - - Compliance and Audit Database. The Compliance and Audit Database is installed on a Windows server and supported SQL Server instance. This database stores compliance data for MBAM client computers. This data is used primarily for reports that are hosted by SQL Server Reporting Services (SSRS). - - - Compliance and Audit Reports. The Compliance and Audit Reports are installed on a Windows-based server and supported SQL Server instance that has the SSRS feature installed. These reports provide Microsoft BitLocker Administration and Monitoring reports. These reports can be accessed from the MBAM Administration and Management website or directly from the SSRS Server. - -2. **MBAM Client**. The Microsoft BitLocker Administration and Monitoring Client performs the following tasks: - - - Uses Group Policy to enforce the BitLocker encryption of client computers in the enterprise. - - - Collects the recovery key for the three BitLocker data drive types: operating system drives, fixed data drives, and removable data (USB) drives. - - - Collects recovery information and hardware information about the client computers. - - - Collects compliance data for the computer and passes the data to the reporting system. - -3. **Policy Template**. The MBAM Group Policy template is installed on a supported Windows-based server or client computer. This template is used to specify the MBAM implementation settings for BitLocker drive encryption. - -## Related topics - - -[Getting Started with MBAM 1.0](getting-started-with-mbam-10.md) - - - - - - - - - diff --git a/mdop/mbam-v1/how-to-configure-network-load-balancing-for-mbam.md b/mdop/mbam-v1/how-to-configure-network-load-balancing-for-mbam.md deleted file mode 100644 index aa02943b12..0000000000 --- a/mdop/mbam-v1/how-to-configure-network-load-balancing-for-mbam.md +++ /dev/null @@ -1,119 +0,0 @@ ---- -title: How to Configure Network Load Balancing for MBAM -description: How to Configure Network Load Balancing for MBAM -author: dansimp -ms.assetid: df2208c3-352b-4a48-9722-237b0c8cd6a5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Configure Network Load Balancing for MBAM - - -To verify that you have met the prerequisites and hardware and software requirements to install the Administration and Monitoring Server feature, see [MBAM 1.0 Deployment Prerequisites](mbam-10-deployment-prerequisites.md) and [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md). - -**Note**   -To obtain the setup log files, you must install Microsoft BitLocker Administration and Monitoring (MBAM) by using the **msiexec** package and the **/l** <location> option. The Log files are created in the location that you specify. - -Additional setup log files are created in the %temp% folder of the user who installs MBAM. - - - -The Network Load Balancing (NLB) clusters for the Administration and Monitoring Server feature provides scalability in MBAM and it should support more than 55,000 MBAM client computers. - -**Note**   -Windows Server Network Load Balancing distributes client requests across a set of servers that are configured into a single server cluster. When Network Load Balancing is installed on each of the servers (hosts) in a cluster, the cluster presents a virtual IP address or fully qualified domain name (FQDN) to client requests. The initial client requests go to all the hosts in the cluster, but only one host accepts and handles the request. - -All computers that will be part of a NLB cluster have the following requirements: - -- All computers in the NLB cluster must be in the same domain. - -- Each computer in the NLB cluster must use a static IP address. - -- Each computer in the NLB cluster must have Network Load Balancing enabled. - -- The NLB cluster requires a static IP address, and a host record must be manually created in the domain name system (DNS). - - - -## Configuring Network Load Balancing for MBAM Administration and Monitoring Servers - - -The following steps describe how to configure an NLB cluster virtual name and IP address for two MBAM Administration and Monitoring servers, and how to configure MBAM Clients to use the NLB Cluster. - -Before you begin the procedures described in this topic, you must have the MBAM Administration and Monitoring Server feature successfully installed by using the same IIS port binding on two separate server computers that meet the prerequisites for both MBAM Server feature installation and NLB Cluster configuration. - -**Note**   -This topic describes the basic process of using Network Load Balancing Manager to create an NLB Cluster. The exact steps to configure a Windows Server as part of an NLB cluster depend on the Windows Server version in use.. For more information about how to create NLBs on Windows Server 2008, see [Creating Network Load Balancing Clusters](https://go.microsoft.com/fwlink/?LinkId=197176) in the Windows Server 2008 TechNet library. - - - -**To configure an NLB Cluster Virtual Name and IP address for two MBAM Administration and Monitoring Servers** - -1. Click **Start**, click **All Programs**, click **Administrative Tools**, and then click **Network Load Balancing Manager**. - - **Note**   - If the NLB Manager is not present, you can install it as a Windows Server feature. You must install this feature on both MBAM Administration and Monitoring servers if you want to configure it into the NLB cluster. - - - -2. On the menu bar, click **Cluster**, and then click **New** to open the **Cluster Parameters** dialog box. - -3. In the **Cluster Parameters** dialog box, enter the information for the NLB cluster IP configuration: - - - **IP address:** NLB cluster IP address registered in DNS - - - **Subnet mask:** NLB cluster IP address subnet mask registered in DNS - - - **Full Internet name:** FQDN of NLB cluster name registered in DNS - -4. Ensure that **Unicast** is selected in **Cluster operation mode**, and then click **Next**. - -5. On the **Cluster IP Addresses** page, click **Next**. - -6. On the **Port Rules** page, click **Edit** to define the ports that the NLB cluster will respond to and configure the ports that are used for client-to-site system communication as they are defined for the site, or click **Next** to enable the NLB cluster IP address to respond to all TCP/IP ports. - - **Note**   - Ensure that **Affinity** is set to **Single**. - - - -7. On the **Connect** page, enter an MBAM Administration and Monitoring server instance host name that will be part of the NLB cluster in **Host**, and then click **Connect**. - -8. In **Interfaces available for configuring a new cluster**, select the networking interface that will be configured to respond to NLB cluster communication, and then click **Next**. - -9. On the **Host Parameters** page, review the information displayed to ensure that the **Dedicated IP configuration** settings display the dedicated host IP configuration for the correct NLB cluster host, check that the Initial host state **Default state:** is **Started**, and then click **Finish**. - - **Note**   - The **Host Parameters** page also displays the NLB cluster host priority, which is 1 through 32. As new hosts are added to the NLB cluster, the host priority must differ from the previously added hosts. The priority is automatically incremented when you use the Network Load Balancing Manager. - - - -10. Click **<NLB cluster name>** and ensure that the NLB host interface **Status** displays **Converged** before you continue. This step might require that you refresh the NLB cluster display as the host TCP/IP configuration that is being modified by the NLB Manager. - -11. To add additional hosts to the NLB cluster, right-click **<NLB cluster name>**, click **Add Host to Cluster,** and then repeat steps 7 through 10 for each site system that will be part of the NLB cluster. - -12. On a computer that has MBAM Group Policy template installed, modify the MBAM Group Policy settings to configure the MBAM services endpoints to use the NLB Cluster name and the appropriate IIS port binding to access the MBAM Administration and Monitoring Server features that are installed on the NLB Cluster computers. For more information about how to edit MBAM GPO settings, see [How to Edit MBAM 1.0 GPO Settings](how-to-edit-mbam-10-gpo-settings.md). If the MBAM Administration and Monitoring servers are new to your environment, ensure that the required local security group memberships have been properly configured. For more information about security group requirements, see [Planning for MBAM 1.0 Administrator Roles](planning-for-mbam-10-administrator-roles.md). - -13. When the NLB Cluster configuration is complete, we recommend that you validate that the MBAM Administration and Monitoring NLB Cluster is functional. To do this, open a web browser on a computer other than the servers that are configured in the NLB, and ensure that you can access the MBAM Administration and Monitoring web site by using the NLB FQDN. - -## Related topics - - -[Deploying the MBAM 1.0 Server Infrastructure](deploying-the-mbam-10-server-infrastructure.md) - - - - - - - - - diff --git a/mdop/mbam-v1/how-to-deploy-the-mbam-client-as-part-of-a-windows-deployment-mbam-1.md b/mdop/mbam-v1/how-to-deploy-the-mbam-client-as-part-of-a-windows-deployment-mbam-1.md deleted file mode 100644 index 0653f76736..0000000000 --- a/mdop/mbam-v1/how-to-deploy-the-mbam-client-as-part-of-a-windows-deployment-mbam-1.md +++ /dev/null @@ -1,121 +0,0 @@ ---- -title: How to Deploy the MBAM Client as Part of a Windows Deployment -description: How to Deploy the MBAM Client as Part of a Windows Deployment -author: dansimp -ms.assetid: 8704bf33-535d-41da-b9b2-45b60754367e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Deploy the MBAM Client as Part of a Windows Deployment - - -The Microsoft BitLocker Administration and Monitoring (MBAM) Client enables administrators to enforce and monitor BitLocker drive encryption on computers in the enterprise. The BitLocker Client can be integrated into an organization by enabling BitLocker management and encryption on client computers during the computer imaging and Windows deployment process. - -**Note** -To review the MBAM Client system requirements, see [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md). - - - -Encryption of client computers with BitLocker during the initial imaging stage of a Windows deployment can lower the administrative overhead for MBAM implementation. This approach also ensures that every computer that is deployed already has BitLocker running and is configured correctly. - -**Warning** -This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk. - - - -**To encrypt a computer as part of Windows deployment** - -1. If your organization plans to use the Trusted Platform Module (TPM) protector or the TPM + PIN protector options in BitLocker, you must activate the TPM chip before the initial deployment of MBAM. When you activate the TPM chip, you avoid a reboot later in the process, and you ensure that the TPM chips are correctly configured according to the requirements of your organization. You must activate the TPM chip manually in the computer's BIOS. Refer to the manufacturer documentation for more details about how to configure the TPM chip. - -2. Install the MBAM client agent. - -3. We recommend that you join the computer to a domain... - - - If the computer is not joined to a domain, the recovery password is not stored in the MBAM Key Recovery service. By default, MBAM does not allow encryption to occur unless the recovery key can be stored. - - - If a computer starts in recovery mode before the recovery key is stored on the MBAM server, the computer has to be reimaged. No recovery method is available. - -4. Open a command prompt as an administrator, stop the MBAM service, and then set the service to **manual** or **on demand**. Then, run the following commands: - - **net stop mbamagent** - - **sc config mbamagent start= demand** - -5. Set the registry settings for the MBAM agent to ignore Group Policy and run the TPM for **operating system only encryption** To do this, run **regedit**, and then import the registry key template from C:\\Program Files\\Microsoft\\MDOP MBAM\\MBAMDeploymentKeyTemplate.reg. - -6. In regedit, go to HKLM\\SOFTWARE\\Microsoft\\MBAM and configure the settings that are listed in the following table. - - Registry entry - - Configuration settings - - DeploymentTime - - 0 = OFF - - 1 = Use deployment time policy settings (default) - - UseKeyRecoveryService - - 0 = Do not use key escrow (The next two registry entries are not required in this case.) - - 1 = Use key escrow in Key Recovery system (default) - - Recommended: The computer must be able to communicate with the Key Recovery service. Verify that the computer can communicate with the service before you proceed. - - KeyRecoveryOptions - - 0 = Upload Recovery Key Only - - 1 = Upload Recovery Key and Key Recovery Package (default) - - KeyRecoveryServiceEndPoint - - Set this value to the URL for the Key Recovery web server. - - Example: http://<computer name>/MBAMRecoveryAndHardwareService/CoreService.svc. - - - -~~~ -**Note** -MBAM policy or registry values can be set here to override the previously set values. -~~~ - - - -7. The MBAM agent restarts the system during MBAM client deployment. When you are ready for this reboot, run the following command at a command prompt as an administrator: - - **net start mbamagent** - -8. When the computers restarts and the BIOS prompts you to accept a TPM change, accept the change. - -9. During the Windows client operating system imaging process, when you are ready to start encryption, restart the MBAM agent service. Then, to set start to **automatic**, open a command prompt as an administrator and run the following commands: - - **sc config mbamagent start= auto** - - **net start mbamagent** - -10. Remove the bypass registry values. To do this, run regedit, browse to the HKLM\\SOFTWARE\\Microsoft registry entry, right-click the **MBAM** node, and then click **Delete**. - -## Related topics - - -[Deploying the MBAM 1.0 Client](deploying-the-mbam-10-client.md) - - - - - - - - - diff --git a/mdop/mbam-v1/how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-1.md b/mdop/mbam-v1/how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-1.md deleted file mode 100644 index be6480250c..0000000000 --- a/mdop/mbam-v1/how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-1.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: How to Deploy the MBAM Client to Desktop or Laptop Computers -description: How to Deploy the MBAM Client to Desktop or Laptop Computers -author: dansimp -ms.assetid: f32927a2-4c05-4da8-acca-1108d1dfdb7e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Deploy the MBAM Client to Desktop or Laptop Computers - - -The Microsoft BitLocker Administration and Monitoring (MBAM) Client enables administrators to enforce and monitor BitLocker drive encryption on computers in the enterprise. The MBAM Client can be integrated into an organization by deploying the client through tools, such as Active Directory Domain Services or an enterprise software deployment tool such as Microsoft System Center 2012 Configuration Manager. - -**Note**   -To review the MBAM Client system requirements, see [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md). - - - -**To deploy the MBAM Client to desktop or laptop computers** - -1. Locate the MBAM Client installation files that are provided with the MBAM software. - -2. Deploy the Windows Installer package to target computers by using Active Directory Domain Services or an enterprise software deployment tool, such as Microsoft System Center 2012 Configuration Manager. - - **Note**   - You should not use Group Policy to deploy the Windows Installer package. - - - -3. Configure the distribution settings or Group Policy to run the MBAM Client installation file. After successful installation, the MBAM Client applies the Group Policy settings that are received from a domain controller to begin BitLocker encryption and management functions. For more information about MBAM Group Policy settings, see [Planning for MBAM 1.0 Group Policy Requirements](planning-for-mbam-10-group-policy-requirements.md). - - **Important**   - The MBAM Client will not start BitLocker encryption actions if a remote desktop protocol connection is active. All remote console connections must be closed before BitLocker encryption will begin. - - - -## Related topics - - -[Deploying the MBAM 1.0 Client](deploying-the-mbam-10-client.md) - - - - - - - - - diff --git a/mdop/mbam-v1/how-to-determine-the-bitlocker-encryption-state-of-a-lost-computers-mbam-1.md b/mdop/mbam-v1/how-to-determine-the-bitlocker-encryption-state-of-a-lost-computers-mbam-1.md deleted file mode 100644 index 218739fbbf..0000000000 --- a/mdop/mbam-v1/how-to-determine-the-bitlocker-encryption-state-of-a-lost-computers-mbam-1.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: How to Determine the BitLocker Encryption State of a Lost Computers -description: How to Determine the BitLocker Encryption State of a Lost Computers -author: dansimp -ms.assetid: 9440890a-9c63-463b-9113-f46071446388 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Determine the BitLocker Encryption State of a Lost Computers - - -Microsoft BitLocker Administration and Monitoring (MBAM) enables you to determine the last known BitLocker encryption status of computers that are lost or stolen. Use the following procedure to determine whether the volumes have been encrypted on computers that are no longer in your possession. - -**Determine a Computer's Last Known BitLocker Encryption state** - -1. Open the MBAM website. - - **Note**   - The default address for the MBAM website is http://*<computername>*. Use the fully qualified server name for faster browsing results. - - - -2. Select the **Report** node from the navigation pane, and then select the **Computer Compliance Report**. - -3. Use the filter fields in the right-side pane to narrow the search results, and then click **Search**. Results will be shown below your search query. - -4. Take the appropriate action as determined by your policy for lost devices. - - **Note**   - Device compliance is determined by the deployed BitLocker policies. You should verify these deployed policies when you are trying to determine the BitLocker encryption state of a device. - - - -## Related topics - - -[Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam.md) - - - - - - - - - diff --git a/mdop/mbam-v1/how-to-edit-mbam-10-gpo-settings.md b/mdop/mbam-v1/how-to-edit-mbam-10-gpo-settings.md deleted file mode 100644 index 96e8628560..0000000000 --- a/mdop/mbam-v1/how-to-edit-mbam-10-gpo-settings.md +++ /dev/null @@ -1,91 +0,0 @@ ---- -title: How to Edit MBAM 1.0 GPO Settings -description: How to Edit MBAM 1.0 GPO Settings -author: dansimp -ms.assetid: 03d12fbc-4302-43fc-9b38-440607d778a1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Edit MBAM 1.0 GPO Settings - - -To successfully deploy Microsoft BitLocker Administration and Monitoring (MBAM), you must first determine the Group Policies that you will use in your implementation of Microsoft BitLocker Administration and Monitoring. For more information about the various available policies, see [Planning for MBAM 1.0 Group Policy Requirements](planning-for-mbam-10-group-policy-requirements.md). After you have determined the policies that you are going to use, you then must modify one or more Group Policy Objects (GPO) that include the MBAM policy settings. - -The following steps describe how to configure the basic, recommended Group Policy object (GPO) settings to enable MBAM to manage BitLocker encryption for your organization’s client computers. - -**To edit the MBAM Client GPO settings** - -1. On a computer that has MBAM Group Policy template installed, make sure that MBAM services are enabled. - -2. Use the Group Policy Management Console (GPMC.msc) or the Advanced Group Policy Management (AGPM) MDOP product for these actions: Select **Computer configuration**, choose **Policies**, click **Administrative Templates**, select **Windows Components**, and then click **MDOP MBAM (BitLocker Management)**. - -3. Edit the Group Policy Object settings that are required to enable MBAM Client services on client computers. For each policy in the table that follows, select **Policy Group**, click the **Policy**, and then configure the **Setting**. - - Policy Group - - Policy - - Setting - - Client Management - - Configure MBAM Services - - Enabled. Set **MBAM Recovery and Hardware service endpoint** and **Select BitLocker recovery information to store**. - - Set **MBAM compliance service endpoint** and **Enter status report frequency in (minutes)**. - - Allow hardware compatibility checking - - Disabled. This policy is enabled by default, but is not needed for a basic MBAM implementation. - - Operating System Drive - - Operating system drive encryption settings - - Enabled. Set **Select protector for operating system drive**. This is required to save operating system drive data to the MBAM Key Recovery server. - - Removable Drive - - Control Use of BitLocker on removable drives - - Enabled. This is required if MBAM will save removable drive data to the MBAM Key Recovery server. - - Fixed Drive - - Control Use of BitLocker on fixed drives - - Enabled. This is required if MBAM will save fixed drive data to the MBAM Key Recovery server. - - Set **Choose how BitLocker-protected drives can be recovered** and **Allow data recovery agent**. - - - -~~~ -**Important** -Depending on the policies that your organization decides to deploy, you may have to configure additional policies. See [Planning for MBAM 1.0 Group Policy Requirements](planning-for-mbam-10-group-policy-requirements.md) for Group Policy configuration details for all of the available MBAM GPO policy options. -~~~ - - - -## Related topics - - -[Deploying MBAM 1.0 Group Policy Objects](deploying-mbam-10-group-policy-objects.md) - - - - - - - - - diff --git a/mdop/mbam-v1/how-to-generate-mbam-reports-mbam-1.md b/mdop/mbam-v1/how-to-generate-mbam-reports-mbam-1.md deleted file mode 100644 index 19ff56c01c..0000000000 --- a/mdop/mbam-v1/how-to-generate-mbam-reports-mbam-1.md +++ /dev/null @@ -1,129 +0,0 @@ ---- -title: How to Generate MBAM Reports -description: How to Generate MBAM Reports -author: dansimp -ms.assetid: cdf4ae76-040c-447c-8736-c9e57068d221 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Generate MBAM Reports - - -Microsoft BitLocker Administration and Monitoring (MBAM) generates various reports to monitor BitLocker encryption usage and compliance. This topic describes how to open the MBAM administration website and how to generate MBAM reports on enterprise compliance, individual computers, hardware compatibility, and key recovery activity. For more information about MBAM reports, see [Understanding MBAM Reports](understanding-mbam-reports-mbam-1.md). - -**Note**   -To run the reports, you must be a member of the **Report Users** role on the computers where you have installed the Administration and Monitoring Server features, Compliance and Audit Database, and Compliance and Audit Reports. - - - -**To open the MBAM Administration website** - -1. Open a web browser and navigate to the MBAM website. The default URL for the website is *http://<computername>* of the Microsoft BitLocker Administration and Monitoring server. - - **Note**   - If the MBAM administration website was installed on a port other than port 80, you must specify that port number in the URL. For example, *http://<computername>:<port>*. If you specified a Host Name for the MBAM administration website during the installation, the URL would be *http://<hostname>*. - - - -2. In the navigation pane, click **Reports**. In the main pane, click the tab for your report type: **Enterprise Compliance Report**, **Computer Compliance Report**, **Hardware Audit Report**, or **Recovery Audit Report**. - - **Note**   - Historical MBAM Client data is retained in the compliance database. This retained data may be needed in case a computer is lost or stolen. When running enterprise reports, you should use appropriate start and end dates to scope the time frames for the reports from one to two weeks to increase the reporting data accuracy. - - - -**To generate an enterprise Compliance Report** - -1. On the MBAM administration website, click **Reports** in the navigation pane, then click the **Enterprise Compliance Report** tab and select the appropriate filters for your report. For the Enterprise Compliance Report, you can set the following filters. - - - **Compliance Status**. Use this filter to specify the compliance status types (for example, Compliant or Noncompliant) to include in the report. - - - **Error State**. Use this filter to specify the Error State types, such as No Error or Error, to include in the report. - -2. Click **View Report** to display the specified report. - - The report results can be saved in any of several available file formats such as HTML, Microsoft Word, and Microsoft Excel. - - **Note**   - The Enterprise Compliance report is generated by a SQL job that runs every six hours. Therefore, the first time you try to view the report you may find that some data is missing. - - - -3. To view information about a computer in the Computer Compliance Report, select the computer name. - -4. Select the plus sign (+) next to the computer name to view information about the volumes on the computer. - -**To generate the Computer Compliance Report** - -1. In the MBAM administration website, select the **Report** node in the navigation pane, and then select the **Computer Compliance Report**. Use the Computer Compliance report to search for **user name** or **computer name**. - -2. Click **View Report** to view the computer report. - - Results can be saved in any of several available file formats such as HTML, Microsoft Word, and Microsoft Excel. - -3. To display more information about a computer in the Computer Compliance Report, select the computer name. - -4. Select the plus sign (+) next to the computer name to view information about the volumes on the computer. - - **Note**   - An MBAM Client computer is considered compliant if the computer matches the requirements of the MBAM policy settings or the computer’s hardware model is set to incompatible. Therefore, when you are viewing detailed information about the disk volumes associated with the computer, computers that are exempt from BitLocker encryption due to hardware compatibility can be displayed as compliant even though their drive volume encryption status is displayed as noncompliant. - - - -**To generate the Hardware Compatibility Audit Report** - -1. From the MBAM administration website, select the **Report** node from the navigation pane, and then select the **Hardware Audit Report**. Select the appropriate filters for your Hardware Audit report. The Hardware Audit report offers the following available filters: - - - **User (Domain\\User)**. Specifies the name of the user who made a change. - - - **Change Type**. Specifies the type of changes you are looking for. - - - **Start Date**. Specifies the Start Date part of the date range that you want to report on. - - - **End Date**. Specifies the End Date part of the date range that you want to report on. - -2. Click **View Report** to view the report. - - Results can be saved in several available file formats such as HTML, Microsoft Word, and Microsoft Excel. - -**To generate the Recovery Key Audit Report** - -1. From the MBAM administration website, select the **Report** node in the navigation pane, and then select the **Recovery Audit Report**. Select the filters for your Recovery Key Audit report. The available filters for Recovery Key audits are as follows: - - - **Requestor**. Specifies the user name of the requestor. The requestor is the person in the help desk who accessed the key on behalf of a user. - - - **Requestee**. Specifies the user name of the requestee. The requestee is the person who called the help desk to obtain a recovery key. - - - **Request Result** Specifies the request result types, such as: Success or Failed. For example, you may want to view failed key access attempts. - - - **Key Type**. Specifies the Key Type, such as: Recovery Key Password or TPM Password Hash. - - - **Start Date**. Specifies the Start Date part of the date range. - - - **End Date**. Specifies the End Date part of the date range. - -2. Click **View Report** to display the report. - - Results can be saved in several available file formats such as HTML, Microsoft Word, and Microsoft Excel. - -## Related topics - - -[Monitoring and Reporting BitLocker Compliance with MBAM 1.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-10.md) - - - - - - - - - diff --git a/mdop/mbam-v1/how-to-hide-default-bitlocker-encryption-in-the-windows-control-panel.md b/mdop/mbam-v1/how-to-hide-default-bitlocker-encryption-in-the-windows-control-panel.md deleted file mode 100644 index 4eab4444f5..0000000000 --- a/mdop/mbam-v1/how-to-hide-default-bitlocker-encryption-in-the-windows-control-panel.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: How to Hide Default BitLocker Encryption in The Windows Control Panel -description: How to Hide Default BitLocker Encryption in The Windows Control Panel -author: dansimp -ms.assetid: c8503743-220c-497c-9785-e2feeca484d6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Hide Default BitLocker Encryption in The Windows Control Panel - - -Microsoft BitLocker Administration and Monitoring (MBAM) offers a customized control panel for MBAM client computers that is named called BitLocker Encryption Options. This customized control panel can replace the default Windows BitLocker control panel that is named BitLocker Drive Encryption. The BitLocker Encryption Options control panel, located under System and Security in the Windows control panel, enables users to manage their PIN and passwords, unlock drives, and hides the interface that allows administrators to decrypt a drive or to suspend or resume BitLocker encryption. - -**To hide default BitLocker Encryption in the Windows Control Panel** - -1. Browse to **User configuration** by using the Group Policy Management Console (GPMC), the Advanced Group Policy Management (AGPM), or the Local Group Policy Editor on the BitLocker Group Policies computer. - -2. Click **Policies**, select **Administrative Templates**, and then click **Control Panel**. - -3. In the **Details** pane, double-click **Hide specified Control Panel items**, and then select **Enabled**. - -4. Click **Show**, **click Add…**, and then type Microsoft.BitLockerDriveEncryption. This policy hides the default Windows BitLocker Management tool from the Windows Control Panel and allows the user to open the updated MBAM BitLocker Encryption Options tool from the Windows Control Panel. - -## Related topics - - -[Deploying MBAM 1.0 Group Policy Objects](deploying-mbam-10-group-policy-objects.md) - -  - -  - - - - - diff --git a/mdop/mbam-v1/how-to-install-and-configure-mbam-on-a-single-server-mbam-1.md b/mdop/mbam-v1/how-to-install-and-configure-mbam-on-a-single-server-mbam-1.md deleted file mode 100644 index b4654bbd91..0000000000 --- a/mdop/mbam-v1/how-to-install-and-configure-mbam-on-a-single-server-mbam-1.md +++ /dev/null @@ -1,184 +0,0 @@ ---- -title: How to Install and Configure MBAM on a Single Server -description: How to Install and Configure MBAM on a Single Server -author: dansimp -ms.assetid: 55841c63-bad9-44e7-b7fd-ea7037febbd7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Install and Configure MBAM on a Single Server - - -The procedures in this topic describe the full installation of the Microsoft BitLocker Administration and Monitoring (MBAM) features on a single server. - -Each server feature has certain prerequisites. To verify that you have met the prerequisites and the hardware and software requirements, see [MBAM 1.0 Deployment Prerequisites](mbam-10-deployment-prerequisites.md) and [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md). In addition, some features also have information that must be provided during the installation process to successfully deploy the feature. You should also review [Preparing your Environment for MBAM 1.0](preparing-your-environment-for-mbam-10.md) before you begin the MBAM deployment. - -**Note**   -To obtain the setup log files, you must install MBAM by using the **msiexec** package and the **/l** <location> option. Log files are created in the location that you specify. - -Additional setup log files are created in the %temp% folder of the user who is installing MBAM. - - - -## To install MBAM Server features on a single server - - -The following steps describe how to install general MBAM features. - -**Note**   -Make sure that you use the 32-bit setup on 32-bit servers and the 64-bit setup on 64-bit servers. - - - -**To start MBAM Server features installation** - -1. Start the MBAM installation wizard. Click **Install** at the Welcome page. - -2. Read and accept the Microsoft Software License Terms, and then click **Next** to continue the installation. - -3. By default, all MBAM features are selected for installation. Features that will be installed on the same computer must be installed together at the same time. Clear the features that you want to install elsewhere. You must install the MBAM features in the following order: - - - Recovery and Hardware Database - - - Compliance and Audit Database - - - Compliance Audit and Reports - - - Administration and Monitoring Server - - - MBAM Group Policy Template - - **Note**   - The installation wizard checks the prerequisites for your installation and displays the prerequisites that are missing. If all the prerequisites are met, the installation continues. If a missing prerequisite is detected, you must resolve the missing prerequisites, and then click **Check prerequisites again**. After all prerequisites are met, the installation resumes. - - - -4. You are prompted to configure the network communication security. MBAM can encrypt the communication between the Recovery and Hardware Database, the Administration and Monitoring Server, and the clients. If you decide to encrypt the communication, you are asked to select the authority-provisioned certificate that will be used for encryption. - -5. Click **Next** to continue. - -6. The MBAM Setup wizard will display the installation pages for the selected features. - -**To deploy MBAM Server features** - -1. In the **Configure the Recovery and Hardware database** window, specify the instance of SQL Server and the name of the database that will store the recovery and hardware data. You must also specify both the database files location and the log information location. - -2. Click **Next** to continue. - -3. In the **Configure the Compliance and Audit database** window, specify the instance of the SQL Server and the name of the database that will store the compliance and audit data. Then, specify the database files location and the log information location. - -4. Click **Next** to continue. - -5. In the **Compliance and Audit Reports** window, specify the report service instance that will be used and provide a domain user account for accessing the database. This should be a user account that is provisioned specifically for this use. The user account should be able to access all data available to the MBAM Reports Users group. - -6. Click **Next** to continue. - -7. In the **Configure the Administration and Monitoring Server** window, enter the **Port Binding**, the **Host Name** (optional), and the **Installation Path** for the MBAM Administration and Monitoring server. - - **Warning**   - The port number that you specify must be an unused port number on the Administration and Monitoring server, unless a unique host header name is specified. - - - -8. Click **Next** to continue. - -9. Specify whether to use Microsoft Updates to help keep your computer secure, and then click **Next**. The Microsoft Updates option does not turn on the Automatic Updates in Windows. - -10. When the Setup wizard has collected the necessary feature information, the MBAM installation is ready to start. Click **Back** to move back through the wizard if you want to review or change your installation settings. Click **Install** to begin the installation. Click **Cancel** to exit Setup. Setup installs the MBAM features and notifies you that the installation is completed. - -11. Click **Finish** to exit the wizard. - -12. After you install MBAM server features, you must add users to the MBAM roles. For more information, see [Planning for MBAM 1.0 Administrator Roles](planning-for-mbam-10-administrator-roles.md). - -**To perform post installation configuration** - -1. After Setup is finished, you must add user roles so that you can give users access to features in the MBAM administration website. On the Administration and Monitoring Server, add users to the following local groups: - - - **MBAM Hardware Users**: Members of this local group can access the Hardware feature in the MBAM administration website. - - - **MBAM Helpdesk Users**: Members of this local group can access the Drive Recovery and Manage TPM features in the MBAM administration website. All fields in Drive Recovery and Manage TPM are required fields for a Helpdesk User. - - - **MBAM Advanced Helpdesk Users**: Members of this local group have advanced access to the Drive Recovery and Manage TPM features in the MBAM administration website. For Advanced Helpdesk Users, only the Key ID field is required in Drive Recovery. For Manage TPM users, only the Computer Domain field and Computer Name field are required. - -2. On the Administration and Monitoring Server, Compliance and Audit Database, and on the computer that hosts the Compliance and Audit Reports, add users to the following local group to enable them to access the Reports feature in the MBAM administration website: - - - **MBAM Report Users**: Members of this local group can access the Reports features in the MBAM administration website. - - **Note**   - Identical user membership or group membership of the **MBAM Report Users** local group must be maintained on all computers where the Administration and Monitoring Server features, Compliance and Audit Database, and Compliance and Audit Reports are installed. - - To maintain identical memberships on all computers, you should create a domain security group and add that domain group to each local MBAM Report Users group. When you do this, you can manage the group memberships by using the domain group. - - - -## Validating the MBAM Server feature installation - - -When the MBAM installation is complete, validate that the installation has successfully set up all the necessary MBAM features that are required for BitLocker management. Use the following procedure to confirm that the MBAM service is functional: - -**To validate MBAM Server feature installation** - -1. On each server where an MBAM feature is deployed, open **Control Panel**. Click **Programs**, and then click **Programs and Features**. Verify that **Microsoft BitLocker Administration and Monitoring** appears in the **Programs and Features** list. - - **Note** - To validate the installation, you must use a Domain Account that has local computer administrative credentials on each server. - - - -2. On the server where the Recovery and Hardware Database is installed, open SQL Server Management Studio and verify that the **MBAM Recovery and Hardware** database is installed. - -3. On the server where the Compliance and Audit Database is installed, open SQL Server Management Studio and verify that the **MBAM Compliance and Audit Database** is installed. - -4. On the server where the Compliance and Audit Reports are installed, open a web browser with administrative privileges and browse to the “Home” of the SQL Server Reporting Services site. - - The default Home location of a SQL Server Reporting Services site instance is at http://<NameofMBAMReportsServer>/Reports. To find the actual URL, use the Reporting Services Configuration Manager tool and select the instances specified during setup. - - Confirm that a folder named **Malta Compliance Reports** is listed and that it contains five reports and one data source. - - **Note** - If SQL Server Reporting Services was configured as a named instance, the URL should resemble the following:http://*<NameofMBAMReportsServer>*/Reports\_*<SRSInstanceName>* - - - -5. On the server where the Administration and Monitoring feature is installed, run **Server Manager** and browse to **Roles**, select **Web Server (IIS)**, and click **Internet Information Services (IIS) Manager** - -6. In **Connections**, browse to *<computername>*, select **Sites**, and select **Microsoft BitLocker Administration and Monitoring**. Verify that **MBAMAdministrationService**, **MBAMComplianceStatusService**, and **MBAMRecoveryAndHardwareService** are listed. - -7. On the server where the Administration and Monitoring feature is installed, open a web browser with administrative privileges, and then browse to the following locations in the MBAM website to verify that they load successfully: - - - *http://<computername>/default.aspx* and confirm each of the links for navigation and reports - - - *http://<computername>/MBAMAdministrationService/AdministrationService.svc* - - - *http://<computername>/MBAMComplianceStatusService/StatusReportingService.svc* - - - *http://<computername>/MBAMRecoveryAndHardwareService/CoreService.svc* - - **Note** - Typically, the services are installed on the default port 80 without network encryption. If the services are installed on a different port, change the URLs to include the appropriate port. For example, http://*<computername>:<port>*/default.aspx or http://<hostheadername>/default.aspx. - - If the services are installed with network encryption, change http:// to https://. - - - -## Related topics - - -[Deploying the MBAM 1.0 Server Infrastructure](deploying-the-mbam-10-server-infrastructure.md) - - - - - - - - - diff --git a/mdop/mbam-v1/how-to-install-and-configure-mbam-on-distributed-servers-mbam-1.md b/mdop/mbam-v1/how-to-install-and-configure-mbam-on-distributed-servers-mbam-1.md deleted file mode 100644 index 5801740a1e..0000000000 --- a/mdop/mbam-v1/how-to-install-and-configure-mbam-on-distributed-servers-mbam-1.md +++ /dev/null @@ -1,246 +0,0 @@ ---- -title: How to Install and Configure MBAM on Distributed Servers -description: How to Install and Configure MBAM on Distributed Servers -author: dansimp -ms.assetid: 9ee766aa-6339-422a-8d00-4f58e4646a5e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Install and Configure MBAM on Distributed Servers - - -The procedures in this topic describe the full installation of the Microsoft BitLocker Administration and Monitoring (MBAM) features on distributed servers. - -Each server feature has certain prerequisites. To verify that you have met the prerequisites and hardware and software requirements, see [MBAM 1.0 Deployment Prerequisites](mbam-10-deployment-prerequisites.md) and [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md). In addition, some features require that you provide certain information during the installation process to successfully deploy the feature. - -**Note** -To obtain the setup log files, you have to install MBAM by using the **msiexec** package and the **/l <location>** option. Log files are created in the location that you specify. - -Additional setup log files are created in the %temp% folder of the user that runs the MBAM installation. - - - -## Deploy the MBAM Server features - - -The following steps describe how to install the general MBAM features. - -**Note** -Make sure that you use the 32-bit setup on 32-bit servers and the 64-bit setup on 64-bit servers. - - - -**To Deploy MBAM Server features** - -1. Start the MBAM installation wizard, and click **Install** at the Welcome page. - -2. Read and accept the Microsoft Software License Terms, and then click **Next** to continue the installation. - -3. By default, all MBAM features are selected for installation. Clear the features that you want to install elsewhere. Features that you want to install on the same computer must be installed all at the same time. MBAM features must be installed in the following order: - - - Recovery and Hardware Database - - - Compliance and Audit Database - - - Compliance Audit and Reports - - - Administration and Monitoring Server - - - MBAM Group Policy Template - - **Note** - The installation wizard checks the prerequisites for your installation and displays the prerequisites that are missing. If all the prerequisites are met, the installation continues. If a missing prerequisite is detected, you have to resolve the missing prerequisites, and then click **Check prerequisites again**. If all prerequisites are met this time, the installation will resume. - - - -4. The MBAM Setup wizard will display the installation pages for the selected features. The following sections describe the installation procedures for each feature. - - **Note** - Typically, each feature is installed on a separate server. If you want to install multiple features on a single server, you may change or eliminate some of the following steps. - - - -~~~ -**To install the Recovery and Hardware Database** - -1. Choose an option for MBAM communication encryption. MBAM can encrypt the communication between the Recovery and Hardware Database and the Administration and Monitoring servers. If you choose the option to encrypt communication, you are asked to select the authority-provisioned certificate that is used for encryption. - -2. Click **Next** to continue. - -3. Specify the names of the computers that will be running the Administration and Monitoring Server feature, to configure access to the Recovery and Hardware Database.. Once the Administration and Monitoring Server feature is deployed, it connects to the database by using its domain account. - -4. Click **Next** to continue. - -5. Specify the **Database Configuration** for the SQL Server instance that stores the recovery and hardware data. You must also specify where the database will be located and where the log information will be located. - -6. Click **Next** to continue with the MBAM Setup wizard. - -**To install the Compliance and Audit Database** - -1. Choose an option for the MBAM communication encryption. MBAM can encrypt the communication between the Compliance and Audit Database and the Administration and Monitoring servers. If you choose the option to encrypt communication, you are asked to select the authority-provisioned certificate that will be used for encryption. - -2. Click **Next** to continue. - -3. Specify the user account that will be used to access the database for reports. - -4. Click **Next** to continue. - -5. Specify the computer names of the computers that you want to run the Administration and Monitoring Server and the Compliance and Audit Reports, to configure the access to the Compliance and Audit Database.. After the Administration and Monitoring and the Compliance and Audit Reports Server are deployed, they will connect to the databases by using their domain accounts. - -6. Specify the **Database Configuration** for the SQL Server instance that will store the compliance and audit data. You must also specify where the database will be located and where the log information will be located. - -7. Click **Next** to continue with the MBAM Setup wizard. - -**To install the Compliance and Audit Reports** - -1. Specify the remote SQL Server instance. For example, *<ServerName>*,where the Compliance and Audit Database are installed. - -2. Specify the name of the Compliance and Audit Database. By default, the database name is “MBAM Compliance Status”, but you can change the name when you install the Compliance and Audit Database. - -3. Click **Next** to continue. - -4. Select the SQL Server Reporting Services instance where the Compliance and Audit Reports will be installed. Provide the username and password used to access the compliance database. - -5. Click **Next** to continue with the MBAM Setup wizard. - -**To install the Administration and Monitoring Server feature** - -1. Choose an option for the MBAM communication encryption. MBAM can encrypt the communication between the Recovery and Hardware Database and the Administration and Monitoring servers. If you choose the option to encrypt communication, you are asked to select the authority-provisioned certificate that is used for encryption. - -2. Click **Next** to continue. - -3. Specify the remote SQL Server instance, For example, *<ServerName>*, where the Compliance and Audit Database are installed. - -4. Specify the name of the Compliance and Audit Database. By default, the database name is MBAM Compliance Status, but, you can change the name when you install the Compliance and Audit Database. - -5. Click **Next** to continue. - -6. Specify the remote SQL Server instance. For example, *<ServerName>*,where the Recovery and Hardware Database are installed. - -7. Specify the name of the Recovery and Hardware Database. By default, the database name is **MBAM Recovery and Hardware**, but you can change the name when you install the Recovery and Hardware Database feature. - -8. Click **Next** to continue. - -9. Specify the URL for the “Home” of the SQL Server Reporting Services (SRS) site. The default Home location of a SQL Server Reporting Services site instance is at: - - http://*<NameofMBAMReportsServer>/*ReportServer - - **Note** - If you configured the SQL Server Reporting Services as a named instance, the URL resembles the following:http://*<NameofMBAMReportsServer>*/ReportServer\_*<SRSInstanceName>* - - - -10. Click **Next** to continue. - -11. Enter the **Port Number**, the **Host Name** (optional), and the **Installation Path** for the MBAM Administration and Monitoring server - - **Warning** - The port number that you specify must be an unused port number on the Administration and Monitoring server, unless you specify a unique host header name. - - - -12. Click **Next** to continue with the MBAM Setup wizard. -~~~ - -5. - - Specify whether to use Microsoft Updates to help keep your computer secure, and then click **Next**. - -6. When the selected MBAM feature information is complete, you are ready to start the MBAM installation by using the Setup wizard. Click **Back** to move through the wizard if you have to review or change your installation settings. Click **Install** to begin the installation. Click **Cancel** to exit the Wizard. Setup installs the MBAM features that you selected and notifies you that the installation is finished. - -7. Click **Finish** to exit the wizard. - -8. Add users to appropriate MBAM roles, after the MBAM server features are installed.. For more information, see [Planning for MBAM 1.0 Administrator Roles](planning-for-mbam-10-administrator-roles.md). - -**Post-installation configuration** - -1. After MBAM Setup is finished, you must add user Roles before users can access to features in the MBAM administration website. On the Administration and Monitoring Server, add users to the following local groups. - - - **MBAM Hardware Users**: Members of this local group can access the Hardware feature in the MBAM administration website. - - - **MBAM Helpdesk Users**: Members of this local group can access the Drive Recovery and Manage Trusted Platform Modules (TPM) features in the MBAM administration website. All fields in Drive Recovery and Manage TPM are required fields for a Helpdesk User. - - - **MBAM Advanced Helpdesk Users**: Members of this local group have advanced access to the Drive Recovery and Manage TPM features in the MBAM administration website. For Advanced Helpdesk Users, only the Key ID field is required in Drive Recovery. In Manage TPM, only the Computer Domain field and Computer Name field are required. - -2. On the Administration and Monitoring Server, Compliance and Audit Database, and on the server that hosts the Compliance and Audit Reports, add users to the following local group to give them access to the Reports feature in the MBAM administration website. - - - **MBAM Report Users**: Members of this local group can access the Reports in the MBAM administration website. - - **Note** - Identical user or group membership of the **MBAM Report Users** local group must be maintained on all computers where the MBAM Administration and Monitoring Server features, Compliance and Audit Database, and the Compliance and Audit Reports are installed. - - - -## Validate the MBAM Server feature installation - - -When the MBAM Server feature installation is complete, you should validate that the installation has successfully set up all the necessary features for MBAM. Use the following procedure to confirm that the MBAM service is functional. - -**To validate an MBAM installation** - -1. On each server, where an MBAM feature is deployed, open **Control Panel**, click **Programs**, and then click **Programs and Features**. Verify that **Microsoft BitLocker Administration and Monitoring** appears in the **Programs and Features** list. - - **Note** - To validate the MBAM installation, you must use a Domain Account that has local computer administrative credentials on each server. - - - -2. On the server where the Recovery and Hardware Database is installed, open SQL Server Management Studio and verify that the **MBAM Recovery and Hardware** database is installed. - -3. On the server where the Compliance and Audit Database is installed, open SQL Server Management Studio and verify that the **MBAM Compliance Status** database is installed. - -4. On the server where the Compliance and Audit Reports are installed, open a web browser with administrative privileges and browse to the “Home” of the SQL Server Reporting Services site. - - The default Home location of a SQL Server Reporting Services site instance can be found at http://<NameofMBAMReportsServer>/Reports.aspx. To find the actual URL, use the Reporting Services Configuration Manager tool and select the instances specified during setup. - - Confirm that a folder named **Malta Compliance Reports** is listed and that it contains five reports and one data source. - - **Note** - If SQL Server Reporting Services was configured as a named instance, the URL should resemble the following:http://*<NameofMBAMReportsServer>*/Reports\_*<SRSInstanceName>* - - - -5. On the server where the Administration and Monitoring feature is installed, run **Server Manager** and browse to **Roles**, select **Web Server (IIS)**, and then click **Internet Information Services (IIS) Manager**. In **Connections** browse to *<computername>*, click **Sites**, and click **Microsoft BitLocker Administration and Monitoring**. Verify that **MBAMAdministrationService**, **MBAMComplianceStatusService**, and **MBAMRecoveryAndHardwareService** are listed. - -6. On the server where the Administration and Monitoring feature is installed, open a web browser with administrative privileges and browse to the following locations in the MBAM web site, to verify that they load successfully: - - - *http://<computername>/default.aspx* and confirm each of the links for navigation and reports - - - *http://<computername>/MBAMAdministrationService/AdministrationService.svc* - - - *http://<computername>/MBAMComplianceStatusService/StatusReportingService.svc* - - - *http://<computername>/MBAMRecoveryAndHardwareService/CoreService.svc* - - **Note** - Typically, services are installed on the default port 80 without network encryption. If the services are installed on a different port, change the URLs to include the appropriate port. For example, http://*<computername>:<port>*/default.aspx or http://<hostheadername>/default.aspx - - If the services were installed with network encryption, change http:// to https://. - - - -~~~ -Verify that each web page loads successfully. -~~~ - -## Related topics - - -[Deploying the MBAM 1.0 Server Infrastructure](deploying-the-mbam-10-server-infrastructure.md) - - - - - - - - - diff --git a/mdop/mbam-v1/how-to-install-the-mbam-10-group-policy-template.md b/mdop/mbam-v1/how-to-install-the-mbam-10-group-policy-template.md deleted file mode 100644 index 47f9d4d6f4..0000000000 --- a/mdop/mbam-v1/how-to-install-the-mbam-10-group-policy-template.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: How to Install the MBAM 1.0 Group Policy Template -description: How to Install the MBAM 1.0 Group Policy Template -author: dansimp -ms.assetid: 451a50b0-939c-47ad-9248-a138deade550 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Install the MBAM 1.0 Group Policy Template - - -In addition to the server-related features of Microsoft BitLocker Administration and Monitoring (MBAM), the server setup application includes an MBAM Group Policy template. You can install this template on any computer that is capable of running the Group Policy Management Console (GPMC) or Advanced Group Policy Management (AGPM). - -The following steps describe how to install the MBAM Group Policy template. - -**Note**   -Make sure that you use the 32-bit setup on 32-bit servers and the 64-bit setup on 64-bit servers. - - - -**To install the MBAM Group Policy template** - -1. Start the MBAM installation wizard; then, click **Install** on the Welcome page. - -2. Read and accept the Microsoft Software License Terms, and then click **Next** to continue the installation. - -3. By default, all MBAM features are selected for installation. Clear all feature options except for **Policy Template**, and then click **Next** to continue the installation. - - **Note**   - The installation wizard checks the prerequisites for your installation and displays the prerequisites that are missing. If all the prerequisites are met, the installation continues. If a missing prerequisite is detected, you must resolve the missing prerequisite and then click **Check prerequisites again**. Once all prerequisites are met, the installation will resume. - - - -4. After the MBAM Setup wizard displays installation pages for the selected features, click **Finish** to close MBAM Setup. - -## Related topics - - -[Deploying MBAM 1.0 Group Policy Objects](deploying-mbam-10-group-policy-objects.md) - - - - - - - - - diff --git a/mdop/mbam-v1/how-to-install-the-mbam-language-update-on-a-single-server-mbam-1.md b/mdop/mbam-v1/how-to-install-the-mbam-language-update-on-a-single-server-mbam-1.md deleted file mode 100644 index ae463cffe6..0000000000 --- a/mdop/mbam-v1/how-to-install-the-mbam-language-update-on-a-single-server-mbam-1.md +++ /dev/null @@ -1,70 +0,0 @@ ---- -title: How to Install the MBAM Language Update on a Single Server -description: How to Install the MBAM Language Update on a Single Server -author: dansimp -ms.assetid: e6fe59a3-a3e1-455c-a059-1f23ee083cf6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Install the MBAM Language Update on a Single Server - - -Microsoft BitLocker Administration and Monitoring (MBAM) includes four server roles that can be run on one or more computers. However, only two MBAM Server features require the update to support installation of the MBAM 1.0 language release and the MBAM Policy Template. To update all three of the required MBAM features to be installed on one computer, perform the steps described in this topic. - -**To install the MBAM language update on a single server** - -1. Open the Internet Information Services (IIS) Management Console, go to **Sites**, and then shut down the Microsoft BitLocker Administration and Monitoring website. - -2. Edit the bindings for the MBAM website, and then temporarily modify the bindings of the site. For example, change the port from 443 to 9443. - -3. Locate and run the MBAM setup wizard (MBAMsetup.exe) and select the following three features: - - 1. Compliance and Audit Reports - - 2. Administration and Monitoring Server - - 3. Group Policy Templates - - **Important**   - The MBAM server features must be updated in the following order: Compliance and Audit Reports first, then Administration and Monitoring Server. The Group Policy templates can be updated at any time without concern for sequence. - - - -4. After you upgrade the server database, open the IIS Management Console and review the bindings of the Microsoft BitLocker Administration and Monitoring website. - -5. Delete one of the bindings and ensure that the remaining binding has the correct host name, certificate, and port number for the MBAM enterprise configuration. - -6. Restart the MBAM website. - -7. Test the MBAM website functionality: - - - Open the MBAM web interface and ensure you can fetch a recovery key for a client. - - - Enforce encryption of a new or manually decrypted client computer. - - **Note**   - The MBAM client opens only if it can communicate with the Recovery and Hardware database. - - - -## Related topics - - -[Deploying the MBAM 1.0 Language Release Update](deploying-the-mbam-10-language-release-update.md) - - - - - - - - - diff --git a/mdop/mbam-v1/how-to-install-the-mbam-language-update-on-distributed-servers-mbam-1.md b/mdop/mbam-v1/how-to-install-the-mbam-language-update-on-distributed-servers-mbam-1.md deleted file mode 100644 index 8a88aa7e8a..0000000000 --- a/mdop/mbam-v1/how-to-install-the-mbam-language-update-on-distributed-servers-mbam-1.md +++ /dev/null @@ -1,74 +0,0 @@ ---- -title: How to Install the MBAM Language Update on Distributed Servers -description: How to Install the MBAM Language Update on Distributed Servers -author: dansimp -ms.assetid: 5ddc64c6-0417-4a04-843e-b5e18d9f1a52 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Install the MBAM Language Update on Distributed Servers - - -Microsoft BitLocker Administration and Monitoring (MBAM) includes four server roles that can be run on one or more computers. However, only two MBAM Server features require the update to support the installation of the MBAM 1.0 language release and the MBAM Policy Template. In configurations with the MBAM Server features installed on multiple computers, only the following server features need to be updated: - -- The MBAM Compliance and Audit Reports - -- The MBAM Administration and Monitoring Server - -**Important**   -The MBAM server features must be updated in this order: Compliance and Audit Reports first, and then the Administration and Monitoring Server. The MBAM Group Policy templates can be updated at any time without concern for sequence. - - - -**To install the MBAM Language Update on the MBAM Compliance and Audit Report Server feature** - -1. On the computer running the MBAM Compliance and Audit Report feature, locate and run the MBAM Language Update setup wizard (MBAMsetup.exe). - -2. Complete the wizard for the Compliance and Audit Reports and then close the wizard. - -**To install the MBAM Language Update on the MBAM Administration and Monitoring Server feature** - -1. On the computer that is running the MBAM Administration and Monitoring feature, open the Internet Information Services (IIS) management console, go to **Sites**, and then shut down the Microsoft BitLocker Administration and Monitoring website. - -2. Choose to edit the bindings for the MBAM website, and then modify the bindings of the site. For example, change the port from 443 to 9443. - -3. Locate and run the MBAM Language Update setup wizard (MBAMsetup.exe). Complete the wizard for the Administration and Monitoring Server feature and then close the wizard. - -4. After you upgrade the server database, open IIS Management Console and review the bindings of the Microsoft BitLocker Administration and Monitoring website. - -5. Delete the old binding and ensure that the remaining binding has the correct host name, certificate, and port number for the MBAM enterprise configuration. - -6. Restart the MBAM web site. - -7. Test the MBAM web site functionality: - - - Open the MBAM web interface and ensure that you can obtain a recovery key for a client. - - - Enforce encryption of a new or manually decrypted client computer. - - **Note**   - The MBAM client opens only if it can communicate with the Recovery and Hardware database. - - - -## Related topics - - -[Deploying the MBAM 1.0 Language Release Update](deploying-the-mbam-10-language-release-update.md) - - - - - - - - - diff --git a/mdop/mbam-v1/how-to-manage-computer-bitlocker-encryption-exemptions.md b/mdop/mbam-v1/how-to-manage-computer-bitlocker-encryption-exemptions.md deleted file mode 100644 index 15689e60c3..0000000000 --- a/mdop/mbam-v1/how-to-manage-computer-bitlocker-encryption-exemptions.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: How to Manage Computer BitLocker Encryption Exemptions -description: How to Manage Computer BitLocker Encryption Exemptions -author: dansimp -ms.assetid: d4400a0d-b36b-4cf5-a294-1f53ec47f9ee -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Manage Computer BitLocker Encryption Exemptions - - -Microsoft BitLocker Administration and Monitoring (MBAM) can be used to exempt certain computers from BitLocker protection. For example, an organization may decide to control BitLocker exemption on a computer-by-computer basis. - -To exempt a computer from BitLocker encryption, you must add the computer to a security group in Active Directory Domain Services in order to bypass any computer-based BitLocker protection rules. - -**Note**   -If the computer is already BitLocker-protected, the computer exemption policy has no effect. - - - -**To exempt a computer from BitLocker encryption** - -1. Add the computer account that you want to be exempted to a security group in Active Directory Domain Services. This allows you to bypass any computer-based BitLocker protection rules. - -2. Create a Group Policy Object by using the MBAM Group Policy template, then associate the Group Policy Object with the Active Directory group that you created in the previous step. For more information about creating the necessary Group Policy Objects, see [Deploying MBAM 1.0 Group Policy Objects](deploying-mbam-10-group-policy-objects.md). - -3. When an exempted computer starts, the MBAM client checks the Computer Exemption Policy setting and suspends protection based on whether the computer is part of the BitLocker exemption security group. - -## Related topics - - -[Administering MBAM 1.0 Features](administering-mbam-10-features.md) - - - - - - - - - diff --git a/mdop/mbam-v1/how-to-manage-hardware-compatibility-mbam-1.md b/mdop/mbam-v1/how-to-manage-hardware-compatibility-mbam-1.md deleted file mode 100644 index 0072ad71f7..0000000000 --- a/mdop/mbam-v1/how-to-manage-hardware-compatibility-mbam-1.md +++ /dev/null @@ -1,81 +0,0 @@ ---- -title: How to Manage Hardware Compatibility -description: How to Manage Hardware Compatibility -author: dansimp -ms.assetid: c74b96b9-8161-49bc-b5bb-4838734e7df5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Manage Hardware Compatibility - - -Microsoft BitLocker Administration and Monitoring (MBAM) can collect information about the manufacturer and model of client computers after you deploy the Allow Hardware Compatibility Checking Group Policy. If you configure this policy, the MBAM agent reports the computer make and model information to the MBAM Server when the MBAM Client is deployed on a client computer. - -The Hardware Compatibility feature is helpful when your organization has older computer hardware or computers that do not support Trusted Platform Module (TPM) chips. In these cases, you can use the Hardware Compatibility feature to ensure that BitLocker encryption is applied only to computer models that support it. If all computers in your organization will support BitLocker, you do not have to use the Hardware Compatibility feature. - -**Note**   -By default, MBAM Hardware Compatibility feature is not enabled. To enable it, select the **Hardware Compatibility** feature under the **Administration and Monitoring Server** feature during setup. For more information about how to set up and configure Hardware Compatibility, see [Deploying the MBAM 1.0 Server Infrastructure](deploying-the-mbam-10-server-infrastructure.md). - - - -The Hardware Compatibility feature works in the following way. - -**** - -1. The MBAM client agent discovers basic computer information such as manufacturer, model, BIOS maker, BIOS version, TPM maker, and TPM version, and then passes this information to the MBAM server. - -2. The MBAM server generates a list of client computer makes and models to enable you to differentiate between those that can or cannot support BitLocker - -3. The MBAM client agents that are deployed in the enterprise automatically update this list with all new computer makes and models that are discovered with a state of **Unknown**. An administrator can then use the MBAM administration website to change list entries to specify a particular computer make and model as **Compatible** or **Incompatible**. - -4. Before the MBAM client agent begins encrypting a drive, the agent first verifies the BitLocker encryption compatibility of the hardware it is running on. - - - If the hardware is marked as compatible, the BitLocker encryption process starts. MBAM will also recheck the hardware compatibility status of the computer one time per day. - - - If the hardware is marked as incompatible, the agent logs an event and passes a “hardware exempted” state as part of compliance reporting. The agent checks every seven days to see whether the state has changed to “compatible.” - - - If the hardware is marked as unknown, the BitLocker encryption process will not begin. The MBAM client agent will recheck the hardware compatibility status of the computer one time per day. - -**Warning**   -If the MBAM client agent tries to encrypt a computer that does not support BitLocker drive encryption, there is a possibility that the computer will become corrupted. Ensure that the hardware compatibility feature is correctly configured when your organization has older hardware that does not support BitLocker. - - - -**To manage hardware compatibility** - -1. Open a web browser and navigate to the Microsoft BitLocker Administration and Monitoring website. Select **Hardware** in the left menu bar. - -2. On the right pane, click **Advanced Search**, and then filter to display a list of all computer models that have a **Capability** status of **Unknown**. A list of computer models matching the search criteria is displayed. Administrators can add, edit, or remove new computer types from this page. - -3. Review each unknown hardware configuration to determine whether the configuration should be set to **Compatible** or **Incompatible**. - -4. Select one or more rows, and then click either **Set Compatible** or **Set Incompatible** to set the BitLocker compatibility, as appropriate, for the selected computer models. If set to **Compatible**, BitLocker tries to enforce drive encryption policy on computers that match the supported model. If set to **Incompatible**, BitLocker will not enforce drive encryption policy on those computers. - - **Note**   - After you set a computer model as compatible, it can take more than twenty-four hours for the MBAM Client to begin BitLocker encryption on the computers matching that hardware model. - - - -5. Administrators should regularly monitor the hardware compatibility list to review new models that are discovered by the MBAM agent, and then update their compatibility setting to **Compatible** or **Incompatible** as appropriate. - -## Related topics - - -[Administering MBAM 1.0 Features](administering-mbam-10-features.md) - - - - - - - - - diff --git a/mdop/mbam-v1/how-to-manage-mbam-administrator-roles-mbam-1.md b/mdop/mbam-v1/how-to-manage-mbam-administrator-roles-mbam-1.md deleted file mode 100644 index 748fa21f52..0000000000 --- a/mdop/mbam-v1/how-to-manage-mbam-administrator-roles-mbam-1.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: How to Manage MBAM Administrator Roles -description: How to Manage MBAM Administrator Roles -author: dansimp -ms.assetid: c0f25a42-dbff-418d-a776-4fe23ee07d16 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Manage MBAM Administrator Roles - - -After Microsoft BitLocker Administration and Monitoring (MBAM) Setup is complete for all server features, administrative users must be granted access to these server features. As a best practice, administrators who will manage or use MBAM server features, should be assigned to Active Directory security groups and then those groups should be added to the appropriate MBAM administrative local group. - -**To manage MBAM Administrator Role memberships** - -1. Assign administrative users to security groups in Active Directory Domain Services. - -2. Add Active Directory Domain Services security groups to the roles for MBAM administrative local groups on the Microsoft BitLocker Administration and Monitoring server for the respective features. The user roles are as follows: - - - **MBAM System Administrators** have access to all Microsoft BitLocker Administration and Monitoring features in the MBAM administration website. - - - **MBAM Hardware Users** have access to the Hardware Compatibility features in the MBAM administration website. - - - **MBAM Helpdesk Users** have access to the Manage TPM and Drive Recovery options in the MBAM administration website, but must fill in all fields when they use either option. - - - **MBAM Report Users** have access to the Compliance and Audit reports in the MBAM administration website. - - - **MBAM Advanced Helpdesk Uses** have access to the Manage TPM and Drive Recovery options in the MBAM administration website. These users are not required to fill in all fields when they use either option. - - For more information about roles for Microsoft BitLocker Administration and Monitoring, see [Planning for MBAM 1.0 Administrator Roles](planning-for-mbam-10-administrator-roles.md). - -## Related topics - - -[Administering MBAM 1.0 Features](administering-mbam-10-features.md) - -  - -  - - - - - diff --git a/mdop/mbam-v1/how-to-manage-mbam-client-bitlocker-encryption-options-by-using-the-control-panel-mbam-1.md b/mdop/mbam-v1/how-to-manage-mbam-client-bitlocker-encryption-options-by-using-the-control-panel-mbam-1.md deleted file mode 100644 index 0812e74168..0000000000 --- a/mdop/mbam-v1/how-to-manage-mbam-client-bitlocker-encryption-options-by-using-the-control-panel-mbam-1.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: How to Manage MBAM Client BitLocker Encryption Options by Using the Control Panel -description: How to Manage MBAM Client BitLocker Encryption Options by Using the Control Panel -author: dansimp -ms.assetid: c08077e1-5529-468f-9370-c3b33fc258f3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Manage MBAM Client BitLocker Encryption Options by Using the Control Panel - - -A Microsoft BitLocker Administration and Monitoring (MBAM) control panel application, called BitLocker Encryption Options, will be available under **System and Security** when the MBAM Client is installed. This customized MBAM control panel replaces the default Windows BitLocker control panel. The MBAM control panel enables you to unlock encrypted drives (fixed and removable), and also helps you manage your PIN or password. For more information about enabling the MBAM control panel, see [How to Hide Default BitLocker Encryption in The Windows Control Panel](how-to-hide-default-bitlocker-encryption-in-the-windows-control-panel.md). - -**Note**   -For the BitLocker client, the Admin and Operational log files are located in Event Viewer, under **Application and Services Logs** / **Microsoft** / **Windows** / **BitLockerManagement**. - - - -**To use the MBAM Client Control Panel** - -1. To open BitLocker Encryption Options, click **Start**, and then select **Control Panel**. When **Control Panel** opens, select **System and Security**. - -2. Double-click **BitLocker Encryption Options** to open the customized MBAM control panel. You will see a list of all the hard disk drives on the computer and their encryption status. You will also see an option to manage your PIN or passwords. - -3. Use the list of hard disk drives on the computer to verify the encryption status, unlock a drive, or request an exemption for BitLocker protection if the User and Computer Exemption policies have been deployed. - -4. Non-administrators can use the BitLocker Encryption Options control panel to manage PINs or passwords. A user can select **Manage PIN,** and then enter both a current PIN and a new PIN. Users can also confirm their new PIN. The **Update PIN** function will reset the PIN to the new one that the user selects. - -5. To manage your password, select **Unlock drive** and enter your current password. As soon as the drive is unlocked, select **Reset Password** to change your current password. - -## Related topics - - -[Administering MBAM 1.0 Features](administering-mbam-10-features.md) - - - - - - - - - diff --git a/mdop/mbam-v1/how-to-manage-user-bitlocker-encryption-exemptions-mbam-1.md b/mdop/mbam-v1/how-to-manage-user-bitlocker-encryption-exemptions-mbam-1.md deleted file mode 100644 index 9dee32aef0..0000000000 --- a/mdop/mbam-v1/how-to-manage-user-bitlocker-encryption-exemptions-mbam-1.md +++ /dev/null @@ -1,111 +0,0 @@ ---- -title: How to Manage User BitLocker Encryption Exemptions -description: How to Manage User BitLocker Encryption Exemptions -author: dansimp -ms.assetid: 48d69721-504f-4524-8a04-b9ce213ac9b4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Manage User BitLocker Encryption Exemptions - - -Microsoft BitLocker Administration and Monitoring (MBAM) can be used to manage BitLocker protection by exempting users who do not need or want their drives encrypted. - -To exempt users from BitLocker protection, an organization must first create an infrastructure to support such exemptions. The supporting infrastructure might include a contact telephone number, webpage, or mailing address to request exemption. Also, any exempt user will have to be added to a security group for Group Policy created specifically for exempted users. When members of this security group log on to a computer, the user Group Policy shows that the user is exempted from BitLocker protection. The user policy overwrites the computer policy, and the computer will remain exempt from BitLocker encryption. - -**Note**   -If the computer is already BitLocker-protected, the user exemption policy has no effect. - - - -The following table shows how BitLocker protection is applied based on how exemptions are set. - - ----- - - - - - - - - - - - - - - - - - - - -
User StatusComputer Not ExemptComputer Exempt

User not exempt

BitLocker protection is enforced on the computer.

BitLocker protection is not enforced on the computer.

User exempt

BitLocker protection is not enforced on the computer.

BitLocker protection is not enforced on the computer.

- - - -**To exempt a user from BitLocker Encryption** - -1. Create an Active Directory Domain Services security group that will be used to manage user exemptions from BitLocker encryption. - -2. Create a Group Policy Object setting by using the MBAM Group Policy template. Associate the Group Policy Object with the Active Directory group that you created in the previous step. For more information about the necessary policy settings to enable users to request exemption from BitLocker encryption, see the Configure User Exemption Policy section in [Planning for MBAM 1.0 Group Policy Requirements](planning-for-mbam-10-group-policy-requirements.md). - -3. After creating a security group for BitLocker-exempted users, add to this group the names of the users who are requesting exemption. When a user logs on to a computer controlled by BitLocker, the MBAM client will check the User Exemption Policy setting and will suspend protection based on whether the user is part of the BitLocker exemption security group. - - **Note**   - Shared computer scenarios require special consideration regarding user exemption. If a non-exempt user logs on to a computer shared with an exempt user, the computer may be encrypted. - - - -**To enable users to request exemption from BitLocker Encryption** - -1. After you have configured user-exemption policies by usingwith the MBAM Policy template, a user can request exemption from BitLocker protection through the MBAM client. - -2. When a user logs on to a computer that is marked as **Compatible** in the MBAM Hardware Compatibility list, the system presents the user with a notification that the computer is going to be encrypted. The user can select **Request Exemption** and postpone the encryption by selecting **Later**, or select **Start** to accept the BitLocker encryption. - - **Note**   - Selecting **Request Exemption** will postpone the BitLocker protection until the maximum time set in the User Exemption Policy. - - - -3. When a user selects **Request Exemption**, the user is notified to contact the organization's BitLocker administration group. Depending on how the Configure User Exemption Policy is configured, users are provided with one or more of the following contact methods: - - - Phone Number - - - Webpage URL - - - Mailing Address - - After submittal of the request, the MBAM Administrator can decide if it is appropriate to add the user to the BitLocker Exemption Active Directory group. - - **Note**   - Once the postpone time limit from the User Exemption Policy has expired, users will not see the option to request exemption to the encryption policy. At this point, users must contact the MBAM administrator directly in order to receive exemption from BitLocker Protection. - - - -## Related topics - - -[Administering MBAM 1.0 Features](administering-mbam-10-features.md) - - - - - - - - - diff --git a/mdop/mbam-v1/how-to-move-mbam-10-features-to-another-computer.md b/mdop/mbam-v1/how-to-move-mbam-10-features-to-another-computer.md deleted file mode 100644 index c691779c7b..0000000000 --- a/mdop/mbam-v1/how-to-move-mbam-10-features-to-another-computer.md +++ /dev/null @@ -1,698 +0,0 @@ ---- -title: How to Move MBAM 1.0 Features to Another Computer -description: How to Move MBAM 1.0 Features to Another Computer -author: dansimp -ms.assetid: e1907d92-6b42-4ba3-b0e4-60a9cc8285cc -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Move MBAM 1.0 Features to Another Computer - - -This topic describes the steps that you should take to move one or more Microsoft BitLocker Administration and Monitoring (MBAM) features to a different computer. When you move more than one MBAM feature to another computer, you should move them in the following order: - -1. Recovery and Hardware Database - -2. Compliance and Audit Database - -3. Compliance and Audit Reports - -4. Administration and Monitoring - -## To move the Recovery and Hardware Database - - -You can use the following procedure to move the MBAM Recovery and Hardware Database from one computer to another (you can move this MBAM Server feature from Server A to Server B): - -**** - -1. Stop all instances of the MBAM Administration and Monitoring web site. - -2. Run the MBAM Setup on Server B. - -3. Back up the MBAM Recovery and Hardware database on Server A. - -4. MBAM Recovery and Hardware database from Server A to B - -5. Restore the MBAM Recovery and Hardware database on Server B - -6. Configure the access to the MBAM Recovery and Hardware database on Server B - -7. Update the database connection data on MBAM Administration and Monitoring servers - -8. Resume all instances of the MBAM Administration and Monitoring web site - -**To stop all instances of the MBAM Administration and Monitoring website** - -1. Use the Internet Information Services (IIS) Manager console to stop the MBAM website on each of the servers that run the MBAM Administration and Monitoring feature. The MBAM website is named **Microsoft BitLocker Administration and Monitoring**. - -2. To automate this procedure, you can use a command at the command prompt that is similar to the following, by using Windows PowerShell: - - `PS C:\> Stop-Website “Microsoft BitLocker Administration and Monitoring”` - - **Note** - To run this PowerShell command prompt, you must add the IIS Module for PowerShell to the current instance of PowerShell. In addition, you must update the PowerShell execution policy to enable the execution of scripts. - - - -**To run MBAM setup on Server B** - -1. Run the MBAM setup on Server B and select the Recovery and Hardware Database for installation. - -2. To automate this procedure, you can use a command at the command prompt that is similar to the following, by using Windows PowerShell: - - `PS C:\> MbamSetup.exe /qn I_ACCEPT_ENDUSER_LICENSE_AGREEMENT=1 AddLocal=KeyDatabase ADMINANDMON_MACHINENAMES=$DOMAIN$\$SERVERNAME$$ RECOVERYANDHWDB_SQLINSTANCE=$SERVERNAME$\$SQLINSTANCENAME$` - - **Note** - Replace the following values in the example above with those that match your environment: - - - $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the name of the server and instance to which the Recovery and Hardware database will be moved. - - - $DOMAIN$\\$SERVERNAME$ - Enter the domain and server names of each MBAM Application and Monitoring Server that will contact the Recovery and Hardware database. If there are multiple domain and server names, use a semicolon to separate each one of them in the list. For example, $DOMAIN\\SERVERNAME$;$DOMAIN\\$SERVERNAME$$. Additionally, each server name must be followed by a **$**. For example, MyDomain\\MyServerName1$, MyDomain\\MyServerName2$. - - - -**To back up the Database on Server A** - -1. To back up the Recovery and Hardware database on Server A, use SQL Server Management Studio and the Task named **Back Up…**. By default, the database name is **MBAM Recovery and Hardware Database**. - -2. To automate this procedure, create a SQL file (.sql) that contains the following SQL script: - - Modify the MBAM Recovery and Hardware Database to use the full recovery mode. - - ```sql - USE master; - - GO - - ALTER DATABASE "MBAM Recovery and Hardware" - - SET RECOVERY FULL; - - GO - ``` - - Create MBAM Recovery and Hardware Database Data and MBAM Recovery logical backup devices. - - ```sql - USE master - - GO - - EXEC sp_addumpdevice 'disk', 'MBAM Recovery and Hardware Database Data Device', - - 'Z:\MBAM Recovery and Hardware Database Data.bak'; - - GO - ``` - - Back up the full MBAM Recovery and Hardware database. - - ```sql - BACKUP DATABASE [MBAM Recovery and Hardware] TO [MBAM Recovery and Hardware Database Data Device]; - - GO - - BACKUP CERTIFICATE [MBAM Recovery Encryption Certificate] - - TO FILE = 'Z:\SQLServerInstanceCertificateFile' - - WITH PRIVATE KEY - - ( - - FILE = ' Z:\SQLServerInstanceCertificateFilePrivateKey', - - ENCRYPTION BY PASSWORD = '$PASSWORD$' - - ); - - GO - ``` - - **Note** - Replace the values from the preceding example with those that match your environment: - - - $PASSWORD$ - Enter a password that you will use to encrypt the Private Key file. - - - -3. Execute the SQL file by using SQL Server PowerShell and a command that is similar to the following: - - `PS C:\> Invoke-Sqlcmd -InputFile 'Z:\BackupMBAMRecoveryandHardwarDatabaseScript.sql' -ServerInstance $SERVERNAME$\$SQLINSTANCENAME$` - - **Note** - Replace the value in the previous example with those that match your environment: - - - $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the name of the server and the instance from which you back up the Recovery and Hardware database. - - - -**To move the Database and Certificate from Server A to B** - -1. Move the MBAM Recovery and Hardware database data.bak from Server A to Server B by using Windows Explorer. - -2. To move the certificate for the encrypted database, you will need to use the following automation steps. To automate this procedure, you can use Windows PowerShell to enter a command that is similar to the following: - - `PS C:\> Copy-Item “Z:\MBAM Recovery and Hardware Database Data.bak” \\$SERVERNAME$\$DESTINATIONSHARE$` - - `PS C:\> Copy-Item “Z:\SQLServerInstanceCertificateFile” \\$SERVERNAME$\$DESTINATIONSHARE$` - - `PS C:\> Copy-Item “Z:\SQLServerInstanceCertificateFilePrivateKey” \\$SERVERNAME$\$DESTINATIONSHARE$` - - **Note** - Replace the value from the preceding example with those that match your environment: - - - $SERVERNAME$ - Enter the name of the server to which the files will be copied. - - - $DESTINATIONSHARE$ - Enter the name of the share and path to which the files will be copied. - - - -**To restore the Database on Server B** - -1. Restore the Recovery and Hardware database on Server B by using the SQL Server Management Studio and the Task named **Restore Database**. - -2. Once the task has been executed, choose the database backup file by selecting the **From Device** option, and then use the **Add** command to choose the MBAM Recovery and Hardware database **Data.bak** file. - -3. Select **OK** to complete the restoration process. - -4. To automate this procedure, create a SQL file (.sql) that contains the following SQL script: - - ```sql - -- Restore MBAM Recovery and Hardware Database. - - USE master - - GO - ``` - - Drop the certificate created by MBAM Setup. - - ```sql - DROP CERTIFICATE [MBAM Recovery Encryption Certificate] - - GO - ``` - - Add certificate - - ```sql - CREATE CERTIFICATE [MBAM Recovery Encryption Certificate] - - FROM FILE = 'Z: \SQLServerInstanceCertificateFile' - - WITH PRIVATE KEY - - ( - - FILE = ' Z:\SQLServerInstanceCertificateFilePrivateKey', - - DECRYPTION BY PASSWORD = '$PASSWORD$' - - ); - - GO - ``` - - Restore the MBAM Recovery and Hardware database data and the log files. - - ```sql - RESTORE DATABASE [MBAM Recovery and Hardware] - - FROM DISK = 'Z:\MBAM Recovery and Hardware Database Data.bak' - - WITH REPLACE - ``` - - **Note** - Replace the values from the preceding example with those that match your environment: - - - $PASSWORD$ - Enter the password that you used to encrypt the Private Key file. - - - -5. Use Windows PowerShell to enter a command line that is similar to the following: - - `PS C:\> Invoke-Sqlcmd -InputFile 'Z:\RestoreMBAMRecoveryandHardwarDatabaseScript.sql' -ServerInstance $SERVERNAME$\$SQLINSTANCENAME$` - - **Note** - Replace the value from the receding example with those that match your environment: - - - $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the name of the server and the instance to which the Recovery and Hardware Database will be restored. - - - -**Configure the access to the Database on Server B** - -1. On Server B, use the Local user and Groups snap-in from Server Manager, to add the computer accounts from each server that runs the MBAM Administration and Monitoring feature to the Local Group named **MBAM Recovery and Hardware DB Access**. - -2. To automate this procedure, you can use Windows PowerShell on Server B to enter a command that is similar to the following: - - `PS C:\> net localgroup "MBAM Recovery and Hardware DB Access" $DOMAIN$\$SERVERNAME$$ /add` - - **Note** - Replace the values from the preceding example with the applicable values for your environment: - - - $DOMAIN$\\$SERVERNAME$$ - Enter the domain name and machine name of the MBAM Administration and Monitoring Server. The server name must be followed by a **$**, for example, MyDomain\\MyServerName1$. - - - -~~~ -You must run the command for each Administration and Monitoring Server that will be accessing the database in your environment. -~~~ - -**To update the Database Connection data on MBAM Administration and Monitoring Servers** - -1. On each of the servers that run the MBAM Administration and Monitoring feature, use the Internet Information Services (IIS) Manager console to update the Connection String information for the following applications, which are hosted in the Microsoft BitLocker Administration and Monitoring website: - - - MBAM Administration Service - - - MBAM Recovery And Hardware Service - -2. Select each application and use the **Configuration Editor** feature, which is located under the **Management** section of the **Feature View**. - -3. Select the **configurationStrings** option from the Section list control. - -4. Choose the row named **(Collection)**, and open the **Collection Editor** by selecting the button on the right side of the row. - -5. In the **Collection Editor**, choose the row named **KeyRecoveryConnectionString** when you updated the configuration for the ‘MBAMAdministrationService’ application, or choose the row named Microsoft.Mbam.RecoveryAndHardwareDataStore.ConnectionString, when updating the configuration for the ‘MBAMRecoveryAndHardwareService’. - -6. Update the **Data Source=** value for the **configurationStrings** property to list the server name and the instance where the Recovery and Hardware Database was moved to. For example, $SERVERNAME$\\$SQLINSTANCENAME$. - -7. To automate this procedure, you can use a command that is similar to the following one, by using Windows PowerShell on each Administration and Monitoring Server: - - `PS C:\> Set-WebConfigurationProperty '/connectionStrings/add[@name="KeyRecoveryConnectionString"]' -PSPath "IIS:\sites\Microsoft BitLocker Administration and Monitoring\MBAMAdministrationService" -Name "connectionString" -Value “Data Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Recovery and Hardware;Integrated Security=SSPI;”` - - `PS C:\> Set-WebConfigurationProperty '/connectionStrings/add[@name="Microsoft.Mbam.RecoveryAndHardwareDataStore.ConnectionString"]' -PSPath "IIS:\sites\Microsoft BitLocker Administration and Monitoring\MBAMRecoveryAndHardwareService" -Name "connectionString" -Value "Data Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Recovery and Hardware;Integrated Security=SSPI;"` - - **Note** - Replace the value from the preceding example with those that match your environment: - - - $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the server name and instance where the Recovery and Hardware database is. - - - -**To resume all instances of the MBAM Administration and Monitoring website** - -1. On each of the servers that run the MBAM Administration and Monitoring feature, use the Internet Information Services (IIS) Manager console to Start the MBAM website, which is named **Microsoft BitLocker Administration and Monitoring**. - -2. To automate this procedure, you can use a command that is similar to the following one, by using Windows PowerShell: - - `PS C:\> Start-Website “Microsoft BitLocker Administration and Monitoring”` - -## To move the Compliance Status Database feature - - -If you choose to move the MBAM Compliance Status Database feature from one computer to another, such as from Server A to Server B, you should use the following procedure: - -1. Stop all instances of the MBAM Administration and Monitoring website - -2. Run MBAM setup on Server B - -3. Backup the Database on Server A - -4. Move the Database from Server A to B - -5. Restore the Database on Server B - -6. Configure Access to the Database on Server B - -7. Update database connection data on MBAM Administration and Monitoring servers - -8. Resume all instances of the MBAM Administration and Monitoring website - -**To stop all instances of the MBAM Administration and Monitoring website** - -1. On each of the servers that run the MBAM Administration and Monitoring feature, use the Internet Information Services (IIS) Manager console to Stop the MBAM website, which is named **Microsoft BitLocker Administration and Monitoring**. - -2. To automate this procedure, you can use a command that is similar to the following one,by using Windows PowerShell: - - `PS C:\> Stop-Website “Microsoft BitLocker Administration and Monitoring”` - - **Note** - To execute this command, you must add the IIS Module for PowerShell to current instance of PowerShell. In addition, you must update the PowerShell execution policy to enable the execution of scripts. - - - -**To run MBAM Setup on Server B** - -1. Run MBAM Setup on Server B and select the Compliance Status Database feature for installation. - -2. To automate this procedure, you can use a command that is similar to the following one, by using Windows PowerShell: - - `PS C:\> MbamSetup.exe /qn I_ACCEPT_ENDUSER_LICENSE_AGREEMENT=1 AddLocal= ReportsDatabase ADMINANDMON_MACHINENAMES=$DOMAIN$\$SERVERNAME$ COMPLIDB_SQLINSTANCE=$SERVERNAME$\$SQLINSTANCENAME$ REPORTS_USERACCOUNT=$DOMAIN$\$USERNAME$` - - **Note** - Replace the values from the preceding example with those that match your environment: - - - $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the server name and instance where the Compliance Status Database will be moved to. - - - $DOMAIN$\\$SERVERNAME$ - Enter the domain names and server names of each MBAM Application and Monitoring Server that will contact the Compliance Status Database. If there are multiple domain names and server names, use a semicolon to separate each one of them in the list. For example, $DOMAIN\\SERVERNAME$;$DOMAIN\\$SERVERNAME$$. Each server name must be followed by a **$** as shown in the example. For example, MyDomain\\MyServerName1$, MyDomain\\MyServerName2$. - - - $DOMAIN$\\$USERNAME$ - Enter the domain and user name that will be used by the Compliance and Audit reports feature to connect to the Compliance Status Database. - - - -**To back up the Compliance Database on Server A** - -1. To back up the Compliance Database on Server A, use SQL Server Management Studio and the Task named **Back Up…**. By default, the database name is **MBAM Compliance Status Database**. - -2. To automate this procedure, create a SQL file (.sql) that contains the following-SQL script: - - ```sql - -- Modify the MBAM Compliance Status Database to use the full recovery model. - - USE master; - - GO - - ALTER DATABASE "MBAM Compliance Status" - - SET RECOVERY FULL; - - GO - - -- Create MBAM Compliance Status Data logical backup devices. - - USE master - - GO - - EXEC sp_addumpdevice 'disk', 'MBAM Compliance Status Database Data Device', - - 'Z: \MBAM Compliance Status Database Data.bak'; - - GO - - -- Back up the full MBAM Recovery and Hardware database. - - BACKUP DATABASE [MBAM Compliance Status] TO [MBAM Compliance Status Database Data Device]; - - GO - ``` - -3. Run the SQL file with a command that is similar to the following one, by using the SQL Server PowerShell: - - `PS C:\> Invoke-Sqlcmd -InputFile "Z:\BackupMBAMComplianceStatusDatabaseScript.sql" –ServerInstance $SERVERNAME$\$SQLINSTANCENAME$` - - **Note** - Replace the value from the preceding example with those that match your environment: - - - $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the server name and the instance from where the Compliance Status database will be backed up. - - - -**To move the Database from Server A to B** - -1. Move the following files from Server A to Server B, by using Windows Explorer: - - - MBAM Compliance Status Database Data.bak - -2. To automate this procedure, you can use a command that is similar to the following using Windows PowerShell: - - `PS C:\> Copy-Item “Z:\MBAM Compliance Status Database Data.bak” \\$SERVERNAME$\$DESTINATIONSHARE$` - - **Note** - Replace the value from the preceding example with those that match your environment: - - - $SERVERNAME$ - Enter the server name where the files will be copied to. - - - $DESTINATIONSHARE$ - Enter the name of share and path where the files will be copied to. - - - -**To restore the Database on Server B** - -1. Restore the Compliance Status database on Server B by using SQL Server Management Studio and the Task named **Restore Database…**. - -2. Once the task is executed, select the database backup file, by selecting the From Device option, and then use the Add command to choose the MBAM Compliance Status Database Data.bak file. Click OK to complete the restoration process. - -3. To automate this procedure, create a SQL file (.sql) that contains the following-SQL script: - - ```sql - -- Create MBAM Compliance Status Database Data logical backup devices. - - Use master - - GO - - -- Restore the MBAM Compliance Status database data files. - - RESTORE DATABASE [MBAM Compliance Status Database] - - FROM DISK = 'C:\test\MBAM Compliance Status Database Data.bak' - - WITH REPLACE - ``` - -4. Run the SQL File with a command that is similar to the following one, by using the SQL Server PowerShell: - - `PS C:\> Invoke-Sqlcmd -InputFile "Z:\RestoreMBAMComplianceStatusDatabaseScript.sql" -ServerInstance $SERVERNAME$\$SQLINSTANCENAME$` - - **Note** - Replace the value from the preceding example with those that match your environment: - - - $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the server name and instance where the Compliance Status Database will be restored to. - - - -**To configure the Access to the Database on Server B** - -1. On Server B use the Local user and Groups snap-in from Server Manager to add the machine accounts from each server that runs the MBAM Administration and Monitoring feature to the Local Group named **MBAM Compliance Status DB Access**. - -2. To automate this procedure, you can use a command that is similar to the following one, by using Windows PowerShell on Server B: - - `PS C:\> net localgroup "MBAM Compliance Auditing DB Access" $DOMAIN$\$SERVERNAME$$ /add` - - `PS C:\> net localgroup "MBAM Compliance Auditing DB Access" $DOMAIN$\$REPORTSUSERNAME$ /add` - - **Note** - Replace the value from the preceding example with the applicable values for your environment: - - - $DOMAIN$\\$SERVERNAME$$ - Enter the domain and machine name of the MBAM Administration and Monitoring Server. The server name must be followed by a **$**.For example, MyDomain\\MyServerName1$. - - - $DOMAIN$\\$REPORTSUSERNAME$ - Enter the user account name that was used to configure the data source for the Compliance and Audit reports - - - -~~~ -For each Administration and Monitoring Server that will access the database of your environment, you must run the command that will add the servers to the MBAM Compliance Auditing DB Access local group. -~~~ - -**To update the database connection data on MBAM Administration and Monitoring servers** - -1. On each of the servers that run the MBAM Administration and Monitoring feature, use the Internet Information Services (IIS) Manager console to update the Connection String information for the following Applications, which are hosted in the Microsoft BitLocker Administration and Monitoring website: - - - MBAMAdministrationService - - - MBAMComplianceStatusService - -2. Select each application and use the **Configuration Editor** feature, which is located under the **Management** section of the **Feature View**. - -3. Select the **configurationStrings** option from the Section list control. - -4. Select the row named **(Collection)**, and open the Collection Editor by selecting the button on the right side of the row. - -5. In the **Collection Editor**, select the row named **ComplianceStatusConnectionString**, when you update the configuration for the MBAMAdministrationService application, or the row named **Microsoft.Windows.Mdop.BitLockerManagement.StatusReportDataStore.ConnectionString**, when you update the configuration for the MBAMComplianceStatusService. - -6. Update the **Data Source=** value for the **configurationStrings** property to list the server name and the instance name. For example, $SERVERNAME$\\$SQLINSTANCENAME, to which the Recovery and Hardware Database was moved. - -7. To automate this procedure, you can use Windows PowerShell to enter a command that is similar to the following one on each Administration and Monitoring Server: - - `PS C:\> Set-WebConfigurationProperty '/connectionStrings/add[@name="ComplianceStatusConnectionString"]' -PSPath "IIS:\sites\Microsoft BitLocker Administration and Monitoring\MBAMAdministrationService" -Name "connectionString" -Value "Data Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Compliance Status;Integrated Security=SSPI;"` - - `PS C:\> Set-WebConfigurationProperty '/connectionStrings/add[@name="Microsoft.Windows.Mdop.BitLockerManagement.StatusReportDataStore.ConnectionString"]' -PSPath "IIS:\sites\Microsoft BitLocker Administration and Monitoring\MBAMComplianceStatusService" -Name "connectionString" -Value "Data Source=$SERVERNAME$\$SQLINSTANCENAME;Initial Catalog=MBAM Compliance Status;Integrated Security=SSPI;"` - - **Note** - Replace the value from the preceding example with those that match your environment: - - - $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the server name and instance name where the Recovery and Hardware Database is located. - - - -**To resume all instances of the MBAM Administration and Monitoring website** - -1. On each of the servers running the MBAM Administration and Monitoring feature, use the Internet Information Services (IIS) Manager console to start the MBAM web site named **Microsoft BitLocker Administration and Monitoring**. - -2. To automate this procedure, you can use Windows PowerShell to enter a command that is similar to the following: - - **PS C:\\> Start-Website “Microsoft BitLocker Administration and Monitoring”** - -## To moving the Compliance and Audit Reports - - -If you choose to move the MBAM Compliance and Audit Reports from one computer to another (specifically, if you move feature from Server A to Server B), you should use the following procedure and steps: - -1. Run MBAM setup on Server B - -2. Configure Access to the Compliance and Audit Reports on Server B - -3. Stop all instances of the MBAM Administration and Monitoring website - -4. Update the reports connection data on MBAM Administration and Monitoring servers - -5. Resume all instances of the MBAM Administration and Monitoring website - -**To run MBAM setup on Server B** - -1. Run MBAM setup on Server B and only select the Compliance and Audit feature for installation. - -2. To automate this procedure, you can use a command that is similar to the following, by using Windows PowerShell: - - `PS C:\> MbamSetup.exe /qn I_ACCEPT_ENDUSER_LICENSE_AGREEMENT=1 AddLocal=Reports COMPLIDB_SQLINSTANCE=$SERVERNAME$\$SQLINSTANCENAME$ REPORTS_USERACCOUNTPW=$PASSWORD$` - - **Note** - Replace the values from the preceding example with those that match your environment: - - - $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the server name and instance where the Compliance Status Database is located. - - - $DOMAIN$\\$USERNAME$ - Enter the domain name and user name that will be used by the Compliance and Audit reports feature to connect to the Compliance Status Database. - - - $PASSWORD$ - Enter the password of the user account that will be used to connect to the Compliance Status Database. - - - -**To configure the access to the Compliance and Audit Reports on Server B** - -1. On Server B, use the Local user and Groups snap-in from Server Manager to add the user accounts that will have access to the Compliance and Audit Reports. Add the user accounts to the local group named “MBAM Report Users”. - -2. To automate this procedure, you can use a command that is similar to the following, by using Windows PowerShell on Server B. - - `PS C:\> net localgroup "MBAM Report Users" $DOMAIN$\$REPORTSUSERNAME$ /add` - - **Note** - Replace the following value from the preceding example with the applicable values for your environment: - - - $DOMAIN$\\$REPORTSUSERNAME$ - Enter the user account name that was used to configure the data source for the Compliance and Audit reports - - - -~~~ -The command to add the users to the MBAM Report Users local group must be run for each user that will be accessing the reports in your environment. -~~~ - -**To stop all instances of the MBAM Administration and Monitoring website** - -1. On each of the servers that run the MBAM Administration and Monitoring Feature use the Internet Information Services (IIS) Manager console to Stop the MBAM website named **Microsoft BitLocker Administration and Monitoring**. - -2. To automate this procedure, you can use a command that is similar to the following one, by using Windows PowerShell: - - `PS C:\> Stop-Website “Microsoft BitLocker Administration and Monitoring”` - -**To update the Database Connection Data on MBAM Administration and Monitoring Servers** - -1. On each of the servers that run the MBAM Administration and Monitoring Feature, use the Internet Information Services (IIS) Manager console to update the Compliance Reports URL. - -2. Select the **Microsoft BitLocker Administration and Monitoring** website and use the **Configuration Editor** feature which can be found under the **Management** section of the **Feature View**. - -3. Select the **appSettings** option from the Section list control. - -4. From here, select the row named **(Collection)**, and open the **Collection Editor** by selecting the button on the right side of the row. - -5. In the **Collection Editor**, select the row named “Microsoft.Mbam.Reports.Url”. - -6. Update the value for Microsoft.Mbam.Reports.Url to reflect the server name for Server B. If the Compliance and Audit reports feature was installed on a named SQL Reporting Services instance, make sure that you add or update the name of the instance to the URL. For example, http://$SERVERNAME$/ReportServer\_$SQLSRSINSTANCENAME$/Pages.... - -7. To automate this procedure, you can use Windows PowerShell to enter a command that is similar to the following one on each Administration and Monitoring Server: - - `PS C:\> Set-WebConfigurationProperty '/appSettings/add[@key="Microsoft.Mbam.Reports.Url"]' -PSPath "IIS:\sites\Microsoft BitLocker Administration and Monitoring" -Name "Value" -Value “http://$SERVERNAME$/ReportServer_$SRSINSTANCENAME$/Pages/ReportViewer.aspx?/Malta+Compliance+Reports/”` - - **Note** - Replace the value from the preceding example with those that match your environment: - - - $SERVERNAME$ - Enter the name of the server to which the Compliance and Audit Reports were installed. - - - $SRSINSTANCENAME$ - Enter the name of the SQL Reporting Services instance to which the Compliance and Audit Reports were installed. - - - -**To resume all instances of the MBAM Administration and Monitoring website** - -1. On each of the servers that run the MBAM Administration and Monitoring feature, use the Internet Information Services (IIS) Manager console to Start the MBAM web site named **Microsoft BitLocker Administration and Monitoring**. - -2. To automate this procedure, you can use a command that is similar to the following one, by using Windows PowerShell: - - `PS C:\> Start-Website “Microsoft BitLocker Administration and Monitoring”` - - **Note** - To execute this command, the IIS Module for PowerShell must be added to the current instance of PowerShell. In addition, you must update the PowerShell execution policy to enable execution of scripts. - - - -## To move the Administration and Monitoring feature - - -If you choose to move the MBAM Administration and Monitoring Reports feature from one computer to another, (if you move feature from Server A to Server B), you should use the following procedure. The process includes the following steps: - -1. Run MBAM setup on Server B - -2. Configure Access to the Database on Server B - -**To run MBAM setup on Server B** - -1. Run MBAM setup on Server B and only select the Administration feature for installation. - -2. To automate this procedure, you can use a command that is similar to the following one, by using Windows PowerShell: - - `PS C:\> MbamSetup.exe /qn I_ACCEPT_ENDUSER_LICENSE_AGREEMENT=1 AddLocal=AdministrationMonitoringServer,HardwareCompatibility COMPLIDB_SQLINSTANCE=$SERVERNAME$\$SQLINSTANCENAME$ RECOVERYANDHWDB_SQLINSTANCE=$SERVERNAME$\$SQLINSTANCENAME$ SRS_REPORTSITEURL=$REPORTSSERVERURL$` - - **Note** - Replace the values from the preceding example with those that match your environment: - - - $SERVERNAME$\\$SQLINSTANCENAME$ - For the COMPLIDB\_SQLINSTANCE parameter, input the server name and instance where the Compliance Status Database is located. For the RECOVERYANDHWDB\_SQLINSTANCE parameter, input the server name and instance where the Recovery and Hardware Database is located. - - - $DOMAIN$\\$USERNAME$ - Enter the domain and user name that will be used by the Compliance and Audit reports feature to connect to the Compliance Status Database. - - - $ REPORTSSERVERURL$ - Enter the URL for the Home location of the SQL Reporting Service website. If the reports were installed to a default SRS instance the URL format will formatted “http:// $SERVERNAME$/ReportServer”. If the reports were installed to a default SRS instance, the URL format will be formatted to “http://$SERVERNAME$/ReportServer\_$SQLINSTANCENAME$”. - - - -**To configure the Access to the Databases** - -1. On server or servers where the Recovery and Hardware, and Compliance and Audit databases are deployed, use the Local user and Groups snap-in from Server Manager to add the machine accounts from each server that run the MBAM Administration and Monitoring feature to the Local Groups named “MBAM Recovery and Hardware DB Access” (Recovery and Hardware DB Server) and “MBAM Compliance Status DB Access” (Compliance and Audit DB Server). - -2. To automate this procedure, you can use a command that is similar to the following one, by using Windows PowerShell on the server where the Compliance and Audit databases were deployed. - - `PS C:\> net localgroup "MBAM Compliance Auditing DB Access" $DOMAIN$\$SERVERNAME$$ /add` - - `PS C:\> net localgroup "MBAM Compliance Auditing DB Access" $DOMAIN$\$REPORTSUSERNAME$ /add` - -3. On the server where the Recovery and Hardware databases were deployed, run a command that is similar to the following one, by using Windows PowerShell. - - `PS C:\> net localgroup "MBAM Recovery and Hardware DB Access" $DOMAIN$\$SERVERNAME$$ /add` - - **Note** - Replace the value from the preceding example with the applicable values for your environment: - - - $DOMAIN$\\$SERVERNAME$$ - Enter the domain and machine name of the MBAM Administration and Monitoring Server. The server name must be followed by a **$**. For example, MyDomain\\MyServerName1$) - - - $DOMAIN$\\$REPORTSUSERNAME$ - Enter the user account name that was used to configure the data source for the Compliance and Audit reports. - - - -~~~ -The commands listed for adding the server computer accounts to the MBAM local groups must be run for each Administration and Monitoring Server that will be accessing the databases in your environment. -~~~ - -## Related topics - - -[Administering MBAM 1.0 Features](administering-mbam-10-features.md) - - - - - - - - - diff --git a/mdop/mbam-v1/how-to-recover-a-corrupted-drive-mbam-1.md b/mdop/mbam-v1/how-to-recover-a-corrupted-drive-mbam-1.md deleted file mode 100644 index b0dee3080f..0000000000 --- a/mdop/mbam-v1/how-to-recover-a-corrupted-drive-mbam-1.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: How to Recover a Corrupted Drive -description: How to Recover a Corrupted Drive -author: dansimp -ms.assetid: 715491ae-69c0-4fae-ad3f-3bd19a0db2f2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Recover a Corrupted Drive - - -To recover a corrupted drive that has been protected by BitLocker, a Microsoft BitLocker Administration and Monitoring (MBAM) help desk user must create a recovery key package file. This package file can be copied to the computer that contains the corrupted drive and then used to recover the drive. To accomplish this, use the following procedure. - -**To Recover a Corrupted Drive** - -1. Open the MBAM administration website. - -2. Select **Drive Recovery** from the navigation pane. Enter the user’s domain name and user name, the reason for unlocking the drive, and the user’s recovery password ID. - - **Note**   - If you are a member of the Help Desk Administrators role, you do not have to enter the user’s domain name or user name. - - - -3. Click **Submit**. The recovery key will be displayed. - -4. Click **Save**, and then select **Recovery Key Package**. The recovery key package will be created on your computer. - -5. Copy the recovery key package to the computer that has the corrupted drive. - -6. Open an elevated command prompt. To do this, click **Start** and type `cmd` in the **Search programs and files** box. In the search results list, right-click **cmd.exe** and select **Run as Administrator**. - -7. At the command prompt, type the following: - - `repair-bde -kp -rp ` - - **Note**   - For the <fixed drive> in the command, specify an available storage device that has free space equal to or larger than the data on the corrupted drive. Data on the corrupted drive is recovered and moved to the specified fixed drive. - - - -## Related topics - - -[Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam.md) - - - - - - - - - diff --git a/mdop/mbam-v1/how-to-recover-a-drive-in-recovery-mode-mbam-1.md b/mdop/mbam-v1/how-to-recover-a-drive-in-recovery-mode-mbam-1.md deleted file mode 100644 index fe926539db..0000000000 --- a/mdop/mbam-v1/how-to-recover-a-drive-in-recovery-mode-mbam-1.md +++ /dev/null @@ -1,71 +0,0 @@ ---- -title: How to Recover a Drive in Recovery Mode -description: How to Recover a Drive in Recovery Mode -author: dansimp -ms.assetid: 09d27e4b-57fa-47c7-a004-8b876a49f27e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Recover a Drive in Recovery Mode - - -Microsoft BitLocker Administration and Monitoring (MBAM) includes Encrypted Drive Recovery features. These features ensure the capture and storage of data and availability of tools that are required to access a BitLocker-protected volume when BitLocker puts that volume into recovery mode. A BitLocker-protected volume goes into recovery mode when a PIN or password is lost or forgotten, or when the Trusted Module Platform (TPM) chip detects a change to the computer's BIOS or startup files. - -Use this procedure to access the centralized Key Recovery data system that can provide a recovery password when a recovery password ID and associated user identifier are supplied. - -**Important**   -MBAM generates single-use recovery keys. Under this limitation, a recovery key can be used only once and then it is no longer valid. The single use of a recovery password is automatically applied to operating system drives and fixed drives. On removable drives, the single use is applied when the drive is removed and then re-inserted and unlocked on a computer that has the group policy settings activated to manage removable drives. - - - -**To recover a drive in Recovery Mode** - -1. Open the MBAM website. - -2. In the navigation pane, click **Drive Recovery**. The **Recover access to an encrypted drive** webpage opens. - -3. Enter the user's Windows Logon domain and user name and the first eight digits of the recovery key ID, to receive a list of possible matching recovery keys. Alternatively, enter the entire recovery key ID to receive the exact recovery key. Select one of the predefined options in the **Reason for Drive Unlock** drop-down list, and then click **Submit**. - - **Note**   - If you are an MBAM Advanced Helpdesk User, the user domain and user ID entries are not required. - - - -4. MBAM returns the following: - - 1. An error message if no matching recovery password is found - - 2. Multiple possible matches if the user has multiple matching recovery passwords - - 3. The recovery password and recovery package for the submitted user - - **Note**   - If you are recovering a damaged drive, the recovery package option provides BitLocker with the critical information necessary to attempt the recovery. - - - -5. After the recovery password and recovery package are retrieved, the recovery password is displayed. To copy the password, click **Copy Key**, and then paste the recovery password into an email or other text file for temporary storage. Or, to save the recovery password to a file, click **Save**. - -6. When the user types the recovery password into the system or uses the recovery package, the drive is unlocked. - -## Related topics - - -[Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam.md) - - - - - - - - - diff --git a/mdop/mbam-v1/how-to-recover-a-moved-drive-mbam-1.md b/mdop/mbam-v1/how-to-recover-a-moved-drive-mbam-1.md deleted file mode 100644 index 77052fa258..0000000000 --- a/mdop/mbam-v1/how-to-recover-a-moved-drive-mbam-1.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: How to Recover a Moved Drive -description: How to Recover a Moved Drive -author: dansimp -ms.assetid: 0c7199d8-9463-4f44-9af3-b70eceeaff1d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Recover a Moved Drive - - -When you move an operating system drive that has been previously encrypted by using Microsoft BitLocker Administration and Monitoring (MBAM), you must resolve certain issues. After a PIN is attached to the new computer, the drive will not accept the start-up PIN that was used in previous computer. The system considers the PIN to be invalid because of the change to the Trusted Platform Module (TPM) chip. You must obtain a recovery key ID to retrieve the recovery password in order to use the moved drive. To do this, use the following procedure. - -**To recover a moved drive** - -1. On the computer that contains the moved drive, start in Windows Recovery Environment (WinRE) mode, or start the computer by using the Microsoft Diagnostics and Recovery Toolset (DaRT). - -2. Once the computer has been started with WinRE or DaRT, MBAM will treat the moved operating system drive as a data drive. MBAM will then display the drive’s recovery password ID and ask for the recovery password. - - **Note**   - In some cases, you might be able to click **I forget the PIN** during the startup process to enter the recovery mode. This also displays the recovery key ID. - - - -3. On the MBAM administration website, use the recovery key ID to retrieve the recovery password and unlock the drive. - -4. If the moved drive was configured to use a TPM chip on the original computer, you must take additional steps after you unlock the drive and complete the start process. In WinRE mode, open a command prompt and use the **manage-bde** tool to decrypt the drive. The use of this tool is the only way to remove the TPM-plus-PIN protection without the original TPM chip. - -5. After the removal is complete, start the system normally. The MBAM agent will proceed to enforce the policy to encrypt the drive with the new computer’s TPM plus PIN. - -## Related topics - - -[Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam.md) - - - - - - - - - diff --git a/mdop/mbam-v1/how-to-reset-a-tpm-lockout-mbam-1.md b/mdop/mbam-v1/how-to-reset-a-tpm-lockout-mbam-1.md deleted file mode 100644 index 0dd2c800ef..0000000000 --- a/mdop/mbam-v1/how-to-reset-a-tpm-lockout-mbam-1.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: How to Reset a TPM Lockout -description: How to Reset a TPM Lockout -author: dansimp -ms.assetid: 91ec6666-1ae2-4e76-9459-ad65c405f639 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Reset a TPM Lockout - - -The Encrypted Drive Recovery feature of Microsoft BitLocker Administration and Monitoring (MBAM) encompasses both the capture and storage of data and the availability for tools that are required to manage the Trusted Platform Module (TPM). This topic covers how to access the centralized Key Recovery data system in the bit\_admmon\_tlanextref administration website. The Key Recovery data system can provide a TPM owner password file when the computer identity and the associated user identifier are supplied. - -A TPM lockout can occur if a user enters an incorrect PIN too many times. The number of times that a user can enter an incorrect PIN before the TPM lockout is based on the computer manufacturer's specification. - -**To reset a TPM lockout** - -1. Open the MBAM administration website. - -2. In the navigation pane, select **Manage TPM**. This opens the **Manage TPM** page. - -3. Enter the fully qualified domain name (FQDN) for the computer and the computer name. Enter the user’s Windows Logon domain and the user’s user name. Select one of the predefined options in the **Reason for requesting TPM owner password file** drop-down menu. Click **Submit**. - -4. MBAM will return one of the following: - - - An error message if no matching TPM owner password file is found - - - The TPM owner password file for the submitted computer - - **Note**   - If you are an Advanced Helpdesk User, the user domain and user ID fields are not required. - - - -5. Upon retrieval, the owner password is displayed. To save this password to a .tpm file, click the **Save** button. - -6. The user will run the TPM management console and select the **Reset TPM lockout** option and provide the TPM owner password file to reset the TPM lockout. - -## Related topics - - -[Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam.md) - - - - - - - - - diff --git a/mdop/mbam-v1/images/checklistbox.gif b/mdop/mbam-v1/images/checklistbox.gif deleted file mode 100644 index 8af13c51d1..0000000000 Binary files a/mdop/mbam-v1/images/checklistbox.gif and /dev/null differ diff --git a/mdop/mbam-v1/images/mbam-1-server.jpg b/mdop/mbam-v1/images/mbam-1-server.jpg deleted file mode 100644 index f49d4978c9..0000000000 Binary files a/mdop/mbam-v1/images/mbam-1-server.jpg and /dev/null differ diff --git a/mdop/mbam-v1/images/mbam-3-server.jpg b/mdop/mbam-v1/images/mbam-3-server.jpg deleted file mode 100644 index ffd6420bda..0000000000 Binary files a/mdop/mbam-v1/images/mbam-3-server.jpg and /dev/null differ diff --git a/mdop/mbam-v1/images/mbam-4-computer.jpg b/mdop/mbam-v1/images/mbam-4-computer.jpg deleted file mode 100644 index 9b1aa2ab35..0000000000 Binary files a/mdop/mbam-v1/images/mbam-4-computer.jpg and /dev/null differ diff --git a/mdop/mbam-v1/images/mbam-5-computer.jpg b/mdop/mbam-v1/images/mbam-5-computer.jpg deleted file mode 100644 index cd7b2668ae..0000000000 Binary files a/mdop/mbam-v1/images/mbam-5-computer.jpg and /dev/null differ diff --git a/mdop/mbam-v1/index.md b/mdop/mbam-v1/index.md deleted file mode 100644 index b25186a196..0000000000 --- a/mdop/mbam-v1/index.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Microsoft BitLocker Administration and Monitoring 1 Administrator's Guide -description: Microsoft BitLocker Administration and Monitoring 1 Administrator's Guide -author: dansimp -ms.assetid: 4086e721-db24-4439-bdcd-ac5ef901811f -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 04/19/2017 ---- - -# Microsoft BitLocker Administration and Monitoring 1 Administrator's Guide - -Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative interface that you can use to manage BitLocker drive encryption. With MBAM, you can select BitLocker encryption policy options that are appropriate to your enterprise and then use them to monitor client compliance with those policies. You can also report on the encryption status of an individual computer and on the entire enterprise. In addition, you can access recovery key information when users forget their PIN or password, or when their BIOS or boot record changes. - -- [Getting Started with MBAM 1.0](getting-started-with-mbam-10.md) - - [About MBAM 1.0](about-mbam-10.md) - - [Release Notes for MBAM 1.0](release-notes-for-mbam-10.md) - - [Evaluating MBAM 1.0](evaluating-mbam-10.md) - - [High Level Architecture for MBAM 1.0](high-level-architecture-for-mbam-10.md) - - [Accessibility for MBAM 1.0](accessibility-for-mbam-10.md) - - [Privacy Statement for MBAM 1.0](privacy-statement-for-mbam-10.md) -- [Planning for MBAM 1.0](planning-for-mbam-10.md) - - [Preparing your Environment for MBAM 1.0](preparing-your-environment-for-mbam-10.md) - - [MBAM 1.0 Deployment Prerequisites](mbam-10-deployment-prerequisites.md) - - [Planning to Deploy MBAM 1.0](planning-to-deploy-mbam-10.md) - - [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md) - - [MBAM 1.0 Planning Checklist](mbam-10-planning-checklist.md) -- [Deploying MBAM 1.0](deploying-mbam-10.md) - - [Deploying the MBAM 1.0 Server Infrastructure](deploying-the-mbam-10-server-infrastructure.md) - - [Deploying MBAM 1.0 Group Policy Objects](deploying-mbam-10-group-policy-objects.md) - - [Deploying the MBAM 1.0 Client](deploying-the-mbam-10-client.md) - - [Deploying the MBAM 1.0 Language Release Update](deploying-the-mbam-10-language-release-update.md) - - [MBAM 1.0 Deployment Checklist](mbam-10-deployment-checklist.md) -- [Operations for MBAM 1.0](operations-for-mbam-10.md) - - [Administering MBAM 1.0 Features](administering-mbam-10-features.md) - - [Monitoring and Reporting BitLocker Compliance with MBAM 1.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-10.md) - - [Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam.md) - - [Administering MBAM 1.0 by Using PowerShell](administering-mbam-10-by-using-powershell.md) -- [Troubleshooting MBAM 1.0](troubleshooting-mbam-10.md) - -## More Information -- [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) - Find documentation, videos, and other resources for MDOP technologies. diff --git a/mdop/mbam-v1/known-issues-in-the-mbam-international-release-mbam-1.md b/mdop/mbam-v1/known-issues-in-the-mbam-international-release-mbam-1.md deleted file mode 100644 index 19ad1f3d57..0000000000 --- a/mdop/mbam-v1/known-issues-in-the-mbam-international-release-mbam-1.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: Known Issues in the MBAM International Release -description: Known Issues in the MBAM International Release -author: dansimp -ms.assetid: bbf888dc-93c1-4323-b43c-0ded098e9b93 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Known Issues in the MBAM International Release - -This section contains known issues for Microsoft BitLocker Administration and Monitoring (MBAM) International Release. - -## Known Issues in the MBAM International Release - -### The Installation Process Does Not Specify Update - -Upon updating the Microsoft BitLocker Administration and Monitoring server or servers, the Setup program does not state that an update is being installed. - -**Workaround**: None. - -### Certificates Used for the Administration and Monitoring Server Role - -If you are using a certificate for authentication between MBAM servers, after updating the MBAM Administration and Monitoring server you must ensure that the certificate is valid and not revoked or expired. - -**Workaround**: None. - -### MBAM Svclog File Filling Disk Space - -If you have followed [Knowledge Base article 2668170](https://go.microsoft.com/fwlink/?LinkID=247277), you might have to repeat the KB steps after you install this update. - -**Workaround**: None. - -## Related topics - -[Deploying the MBAM 1.0 Language Release Update](deploying-the-mbam-10-language-release-update.md) - -  - -  - - - - - diff --git a/mdop/mbam-v1/maintaining-mbam-10.md b/mdop/mbam-v1/maintaining-mbam-10.md deleted file mode 100644 index ed8099b713..0000000000 --- a/mdop/mbam-v1/maintaining-mbam-10.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: Maintaining MBAM 1.0 -description: Maintaining MBAM 1.0 -author: dansimp -ms.assetid: 02ffb093-c364-4837-bbe8-23d4c09fbd3d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Maintaining MBAM 1.0 - - -After you complete all the necessary planning and then deploy Microsoft BitLocker Administration and Monitoring (MBAM), you can configure MBAM to run in a highly available fashion while using it to manage enterprise BitLocker encryption operations. The information in this section describes high availability options for MBAM, as well as how to move MBAM Server features if necessary. - -## MBAM Management Pack - - -The Microsoft System Center Operations Manager Management Pack for MBAM is available for download from the Microsoft Download Center. - -This management pack monitors the critical interactions in the server-side infrastructure, such as the connections between the web services and databases and the operational calls between websites and their supportive web service. It also uploads the requests between desktop clients and their respective receiving web service endpoints. - -[Microsoft BitLocker Administration And Monitoring Management Pack](https://go.microsoft.com/fwlink/p/?LinkId=258390) - -## Ensure high availability for MBAM 1.0 - - -MBAM is designed to be fault-tolerant. If a server becomes unavailable, the users should not be negatively affected. The information in this section can be used to configure a highly available MBAM installation. - -[High Availability for MBAM 1.0](high-availability-for-mbam-10.md) - -## Move MBAM 1.0 features to another server - - -When you need to move an MBAM Server feature from one server computer to another, there is a specific order and required steps that you should follow to avoid loss of productivity or data. This section describes the steps that you should take to move one or more MBAM Server features to a different computer. - -[How to Move MBAM 1.0 Features to Another Computer](how-to-move-mbam-10-features-to-another-computer.md) - -## Other resources for maintaining MBAM - - -[Operations for MBAM 1.0](operations-for-mbam-10.md) - -  - -  - - - - - diff --git a/mdop/mbam-v1/mbam-10-deployment-checklist.md b/mdop/mbam-v1/mbam-10-deployment-checklist.md deleted file mode 100644 index 8b7b659b06..0000000000 --- a/mdop/mbam-v1/mbam-10-deployment-checklist.md +++ /dev/null @@ -1,109 +0,0 @@ ---- -title: MBAM 1.0 Deployment Checklist -description: MBAM 1.0 Deployment Checklist -author: dansimp -ms.assetid: 7e00be23-36a0-4b0f-8663-3c4f2c71546d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# MBAM 1.0 Deployment Checklist - - -This checklist is designed to facilitate your deployment of Microsoft BitLocker Administration and Monitoring (MBAM). - -**Note** -This checklist outlines the recommended steps and provides a high-level list of items to consider when you deploy the MBAM features. We recommend that you copy this checklist into a spreadsheet program and customize it for your specific needs. - - - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TaskReferencesNotes
Checklist box

Complete the planning phase to prepare the computing environment for MBAM deployment.

MBAM 1.0 Planning Checklist

Checklist box

Review the information on MBAM supported configurations to make sure that your selected client and server computers are supported for MBAM feature installation.

MBAM 1.0 Supported Configurations

Checklist box

Run MBAM Setup to deploy MBAM Server features in the following order:

-
    -

  1. Recovery and Hardware Database

    2. -

  2. Compliance Status Database

    3. -

  3. Compliance Audit and Reports

    4. -

  4. Administration and Monitoring Server

    5. -

  5. MBAM Group Policy Template

    6. -
-
-Note

Keep track of the names of the servers each feature is installed on. You will use this information throughout the installation process.

-
-
- -

Deploying the MBAM 1.0 Server Infrastructure

Checklist box

Add Active Directory Domain Services security groups created during the planning phase to the appropriate local MBAM Server feature administrators groups on the appropriate servers.

Planning for MBAM 1.0 Administrator Roles and How to Manage MBAM Administrator Roles

Checklist box

Create and deploy the required MBAM Group Policy Objects.

Deploying MBAM 1.0 Group Policy Objects

Checklist box

Deploy the MBAM Client software.

Deploying the MBAM 1.0 Client

- - - -## Related topics - - -[Deploying MBAM 1.0](deploying-mbam-10.md) - - - - - - - - - diff --git a/mdop/mbam-v1/mbam-10-deployment-prerequisites.md b/mdop/mbam-v1/mbam-10-deployment-prerequisites.md deleted file mode 100644 index 0b59eb0f40..0000000000 --- a/mdop/mbam-v1/mbam-10-deployment-prerequisites.md +++ /dev/null @@ -1,167 +0,0 @@ ---- -title: MBAM 1.0 Deployment Prerequisites -description: MBAM 1.0 Deployment Prerequisites -author: dansimp -ms.assetid: bd9e1010-7d25-43e7-8dc6-b521226a659d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# MBAM 1.0 Deployment Prerequisites - - -Before you begin the Microsoft BitLocker Administration and Monitoring (MBAM) Setup, make sure that you meet the necessary prerequisites to install the product. This section contains information to help you successfully prepare your computing environment before you deploy the MBAM Clients and Server features. - -## Installation prerequisites for MBAM Server features - - -Each of the MBAM server features has specific prerequisites that must be met before they can be successfully installed. MBAM Setup verifies if all prerequisites are met before the installation starts. - -### Installation prerequisites for Administration and Monitoring Server - -The following table contains the installation prerequisites for the MBAM Administration and Monitoring Server: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
PrerequisiteDetails

Windows ServerWeb Server Role

This role must be added to a server operating system supported for the mbam Administration and Monitoring Server feature.

Web Server (IIS) Management Tools

IIS Management Scripts and Tools

Web Server Role Services

Common HTTP Features:

-
    -

  • Static Content

    • -

  • Default Document

    • -
-

Application Development:

-
    -

  • ASP.NET

    • -

  • .NET Extensibility

    • -

  • ISAPI Extensions

    • -

  • ISAPI Filters

    • -
-

Security:

-
    -

  • Windows Authentication

    • -

  • Request Filtering

    • -

Windows Server Features

Microsoft .NET Framework 3.5.1 features:

-
    -

  • .NET Framework 3.5.1

    • -

  • WCF Activation

    -
      -

    • HTTP Activation

      • -

    • Non-HTTP Activation

      • -
    • -
-

Windows Process Activation Service

-
    -

  • Process Model

    • -

  • .NET Environment

    • -

  • Configuration APIs

    • -
- - - -**Note**   -For a list of supported operating systems, see [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md). - - - -### Installation prerequisites for the Compliance and Audit Reports - -The Compliance and Audit Reports must be installed on a supported version of SQL Server. Installation prerequisites for this feature include SQL Server Reporting Services (SSRS). - -SSRS must be installed and running during MBAM server installation. SSRS should also be configured in “native” mode, not in the “unconfigured” or “SharePoint” mode. - -**Note**   -For a list of supported operating systems and SQL Server versions, see [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md). - - - -### Installation prerequisites for the Recovery and Hardware Database - -The Recovery and Hardware Database must be installed on a supported version of SQL Server. - -SQL Server must have Database Engine Services installed and running during the MBAM server installation. The Transparent Data Encryption (TDE) feature must be enabled. - -**Note**   -For a list of supported operating systems and SQL Server versions, see [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md). - - - -The TDE SQL Server feature performs real-time input/output (I/O) encryption and decryption of the data and log files. TDE protects data that is "at rest,” which include the data and the log files. It provides the ability to comply with many laws, regulations, and guidelines that are established in various industries. - -**Note**   -Because TDE performs real-time decryption of database information, the recovery key information will be visible if the account under which you are logged in has permissions to the database when you view the recovery key information SQL tables. - - - -### Installation prerequisites for the Compliance and Audit Database - -The Compliance and Audit Database must be installed on a supported version of SQL Server. - -SQL Server must have Database Engine Services installed and running during MBAM server installation. - -**Note**   -For a list of supported operating systems and SQL Server versions, see [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md). - - - -## Installation prerequisites for MBAM Clients - - -The necessary prerequisites that you must meet before you begin the MBAM Client installation are the following: - -- Trusted Platform Module (TPM) v1.2 capability - -- The TPM chip must be turned on in the BIOS and it must be resettable from the operating system. For more information, see the BIOS documentation. - -**Warning**   -Ensure that the keyboard, mouse, and video are directly connected to the computer, instead of to a keyboard, video, mouse (KVM) switch. A KVM switch can interfere with the ability of the computer to detect the physical presence of hardware. - - - -## Related topics - - -[Planning to Deploy MBAM 1.0](planning-to-deploy-mbam-10.md) - -[MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md) - - - - - - - - - diff --git a/mdop/mbam-v1/mbam-10-planning-checklist.md b/mdop/mbam-v1/mbam-10-planning-checklist.md deleted file mode 100644 index 0324216e06..0000000000 --- a/mdop/mbam-v1/mbam-10-planning-checklist.md +++ /dev/null @@ -1,108 +0,0 @@ ---- -title: MBAM 1.0 Planning Checklist -description: MBAM 1.0 Planning Checklist -author: dansimp -ms.assetid: e9439f16-d68b-48ed-99ce-5949356b180b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# MBAM 1.0 Planning Checklist - - -You can use this checklist to plan and prepare your computing environment for Microsoft BitLocker Administration and Monitoring (MBAM) deployment. - -**Note**   -This checklist outlines the recommended steps and a high-level list of items to consider when you plan for an MBAM deployment. We recommend that you copy this checklist into a spreadsheet program and customize it for your use. - - - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TaskReferencesNotes
Checklist box

Review the “getting started” information about MBAM to gain a basic understanding of the product before you begin the deployment planning.

Getting Started with MBAM 1.0

Checklist box

Plan for MBAM 1.0 Deployment Prerequisites and prepare your computing environment.

MBAM 1.0 Deployment Prerequisites

Checklist box

Plan for and configure MBAM Group Policy requirements.

Planning for MBAM 1.0 Group Policy Requirements

Checklist box

Plan for and create necessary Active Directory Domain Services security groups and plan for MBAM local security group membership requirements.

Planning for MBAM 1.0 Administrator Roles

Checklist box

Review the MBAM 1.0 Supported Configurations documentation to ensure hardware that meets MBAM installation system requirements is available.

MBAM 1.0 Supported Configurations

Checklist box

Plan for MBAM Server feature deployment.

Planning for MBAM 1.0 Server Deployment

Checklist box

Plan for MBAM Client deployment.

Planning for MBAM 1.0 Client Deployment

Checklist box

Validate your deployment plan in a lab environment.

Evaluating MBAM 1.0

- - - -## Related topics - - -[Planning for MBAM 1.0](planning-for-mbam-10.md) - - - - - - - - - diff --git a/mdop/mbam-v1/mbam-10-supported-configurations.md b/mdop/mbam-v1/mbam-10-supported-configurations.md deleted file mode 100644 index 80ed363018..0000000000 --- a/mdop/mbam-v1/mbam-10-supported-configurations.md +++ /dev/null @@ -1,193 +0,0 @@ ---- -title: MBAM 1.0 Supported Configurations -description: MBAM 1.0 Supported Configurations -author: dansimp -ms.assetid: 1f5ac58e-6a3f-47df-8a9b-4b57631ab9ee -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# MBAM 1.0 Supported Configurations - - -This topic specifies the necessary requirements to install and run Microsoft BitLocker Administration and Monitoring (MBAM) in your environment. - -## MBAM server system Requirements - - -### Server operating system requirements - -The following table lists the operating systems that are supported for the Microsoft BitLocker Administration and Monitoring Server installation. - -**Note** -Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976). - - - - ------ - - - - - - - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackSystem Architecture

Windows Server 2008

Standard, Enterprise, Datacenter, or Web Server

SP2 only

32-bit or 64-bit

Windows Server 2008 R2

Standard, Enterprise, Datacenter, or Web Server

64-bit

- - - -**Warning** -There is no support for installing MBAM services, reports, or databases on a domain controller computer. - - - -### Server random access memory (RAM) requirements - -There are no RAM requirements that are specific to MBAM Server installation. - -### SQL Server Database requirements - -The following table lists the SQL Server versions that are supported for the MBAM Server feature installation. - - ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
MBAM Server FeatureSQL Server VersionEditionService PackSystem Architecture

Compliance and Audit Reports

Microsoft SQL Server 2008

R2, Standard, Enterprise, Datacenter, or Developer Edition

SP2

32-bit or 64-bit

Recovery and Hardware Database

Microsoft SQL Server 2008

R2, Enterprise, Datacenter, or Developer Edition

-
-Important

SQL Server Standard Editions are not supported for MBAM Recovery and Hardware Database Server feature installation.

-
-
- -

SP2

32-bit or 64-bit

Compliance and Audit Database

Microsoft SQL Server 2008

R2, Standard, Enterprise, Datacenter, or Developer Edition

SP2

32-bit or 64-bit

- - - -## MBAM Client system requirements - - -### Client operating system requirements - -The following table lists the operating systems that are supported for MBAM Client installation. - -**Note** -Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976). - - - - ------ - - - - - - - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackSystem Architecture

Windows 7

Enterprise Edition

None, SP1

32-bit or 64-bit

Windows 7

Ultimate Edition

None, SP1

32-bit or 64-bit

- - - -### Client RAM requirements - -There are no RAM requirements that are specific to the MBAM Client installation. - -## Related topics - - -[Planning to Deploy MBAM 1.0](planning-to-deploy-mbam-10.md) - -[MBAM 1.0 Deployment Prerequisites](mbam-10-deployment-prerequisites.md) - - - - - - - - - diff --git a/mdop/mbam-v1/monitoring-and-reporting-bitlocker-compliance-with-mbam-10.md b/mdop/mbam-v1/monitoring-and-reporting-bitlocker-compliance-with-mbam-10.md deleted file mode 100644 index beb0deea35..0000000000 --- a/mdop/mbam-v1/monitoring-and-reporting-bitlocker-compliance-with-mbam-10.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: Monitoring and Reporting BitLocker Compliance with MBAM 1.0 -description: Monitoring and Reporting BitLocker Compliance with MBAM 1.0 -author: dansimp -ms.assetid: fb497d3f-ff33-4747-8e34-366440ee25c2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Monitoring and Reporting BitLocker Compliance with MBAM 1.0 - - -If you use Microsoft BitLocker Administration and Monitoring (MBAM), you can generate various reports to monitor BitLocker usage and compliance activities. - -## Understand MBAM reports - - -MBAM reports have many fields that you should be familiar with before you generate MBAM reports. - -[Understanding MBAM Reports](understanding-mbam-reports-mbam-1.md) - -## Generate MBAM Reports - - -If you use MBAM reporting, you can generate reports on enterprise compliance, individual computers, hardware compatibility, and key recovery activity. - -[How to Generate MBAM Reports](how-to-generate-mbam-reports-mbam-1.md) - -## Other resources for Monitoring and Reporting BitLocker Compliance with MBAM - - -[Operations for MBAM 1.0](operations-for-mbam-10.md) - -  - -  - - - - - diff --git a/mdop/mbam-v1/operations-for-mbam-10.md b/mdop/mbam-v1/operations-for-mbam-10.md deleted file mode 100644 index 560b76d3ff..0000000000 --- a/mdop/mbam-v1/operations-for-mbam-10.md +++ /dev/null @@ -1,69 +0,0 @@ ---- -title: Operations for MBAM 1.0 -description: Operations for MBAM 1.0 -author: dansimp -ms.assetid: 2c358fa1-4795-45ab-9316-02db4aaa6d5f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Operations for MBAM 1.0 - - -This section of the Administrator’s Guide for Microsoft BitLocker Administration and Monitoring (MBAM) includes information about the various types of Microsoft BitLocker Administration and Monitoring administration and operating tasks that are typically performed by an administrator. This section also includes step-by-step procedures to help you successfully perform those tasks. - -## Operations information - - -- [Administering MBAM 1.0 Features](administering-mbam-10-features.md) - - After you complete all necessary MBAM planning and deploying, you can configure and use MBAM features to manage enterprise BitLocker encryption. The information in this section describes post-installation day-to-day MBAM feature operations and maintenance tasks. - -- [Monitoring and Reporting BitLocker Compliance with MBAM 1.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-10.md) - - This section describes how to generate and understand the various MBAM reports to help you monitor the BitLocker usage and compliance activities throughout your enterprise environment. - -- [Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam.md) - - This section describes post-installation day-to-day BitLocker encryption management tasks that are accomplished by using MBAM. - -- [Maintaining MBAM 1.0](maintaining-mbam-10.md) - - This section describes how to configure MBAM to run in a highly available manner. It also describes how to use MBAM to manage enterprise BitLocker encryption operations. The information in this section describes high availability options for MBAM, as well as how to move MBAM Server features if necessary. - -- [Security and Privacy for MBAM 1.0](security-and-privacy-for-mbam-10.md) - - This section provides an overview of MBAM security considerations and explains many of the data collection and use practices of MBAM. - -- [Administering MBAM 1.0 by Using PowerShell](administering-mbam-10-by-using-powershell.md) - - This section describes the set of Windows PowerShell cmdlets that are available for administrators to perform various MBAM server tasks from the command prompt rather than from the MBAM administration website. - -## Other resources for MBAM operations - - -- [Microsoft BitLocker Administration and Monitoring 1 Administrator's Guide](index.md) - -- [Getting Started with MBAM 1.0](getting-started-with-mbam-10.md) - -- [Planning for MBAM 1.0](planning-for-mbam-10.md) - -- [Deploying MBAM 1.0](deploying-mbam-10.md) - -- [Troubleshooting MBAM 1.0](troubleshooting-mbam-10.md) - -  - -  - - - - - diff --git a/mdop/mbam-v1/performing-bitlocker-management-with-mbam.md b/mdop/mbam-v1/performing-bitlocker-management-with-mbam.md deleted file mode 100644 index b37c05e208..0000000000 --- a/mdop/mbam-v1/performing-bitlocker-management-with-mbam.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: Performing BitLocker Management with MBAM -description: Performing BitLocker Management with MBAM -author: dansimp -ms.assetid: 2d24390a-87bf-48b3-96a9-3882d6f2a15c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Performing BitLocker Management with MBAM - - -After you deploy Microsoft BitLocker Administration and Monitoring (MBAM), you can configure and use MBAM to manage enterprise BitLocker encryption. This section describes post-installation, day-to-day BitLocker encryption management tasks that can be accomplished by using MBAM. - -## Reset a TPM Lockout with MBAM - - -A Trusted Platform Module (TPM) microchip provides basic security-related functions. These functions are accomplished primarily by the use of encryption keys. The TPM is typically installed on the motherboard of a computer or laptop and communicates with the rest of the system by using a hardware bus. Computers that incorporate a TPM can create cryptographic keys that can be decrypted only by the TPM. A TPM lockout can occur if a user enters an incorrect PIN too many times. The number of times that a user can enter an incorrect PIN before the TPM locks varies from manufacturer to manufacturer. The Key Recovery data system on the MBAM administration website enables you to obtain a reset TPM owner password file. - -[How to Reset a TPM Lockout](how-to-reset-a-tpm-lockout-mbam-1.md) - -## Recover drives with MBAM - - -Make sure that you know how to attempt data recovery from encrypted drives in the event of hardware failure, changes in personnel, or other situations in which encryption keys are lost. The Encrypted Drive Recovery features of MBAM provide the capture and storage of data and availability of tools required to access a BitLocker-protected volume when the volume goes into recovery mode, is moved, or becomes corrupted. - -[How to Recover a Drive in Recovery Mode](how-to-recover-a-drive-in-recovery-mode-mbam-1.md) - -[How to Recover a Moved Drive](how-to-recover-a-moved-drive-mbam-1.md) - -[How to Recover a Corrupted Drive](how-to-recover-a-corrupted-drive-mbam-1.md) - -## Determine BitLocker Encryption State of lost computers by Using MBAM - - -When you use MBAM, you can determine the last known BitLocker encryption status of computers that were lost or stolen. - -[How to Determine the BitLocker Encryption State of a Lost Computers](how-to-determine-the-bitlocker-encryption-state-of-a-lost-computers-mbam-1.md) - -## Other resources for performing BitLocker Management with MBAM - - -[Operations for MBAM 1.0](operations-for-mbam-10.md) - -  - -  - - - - - diff --git a/mdop/mbam-v1/planning-for-mbam-10-administrator-roles.md b/mdop/mbam-v1/planning-for-mbam-10-administrator-roles.md deleted file mode 100644 index 6ed9a49fe7..0000000000 --- a/mdop/mbam-v1/planning-for-mbam-10-administrator-roles.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: Planning for MBAM 1.0 Administrator Roles -description: Planning for MBAM 1.0 Administrator Roles -author: dansimp -ms.assetid: 95be0eb4-25e9-43ca-a8e7-27373d35544d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning for MBAM 1.0 Administrator Roles - - -This topic includes and describes the administrator roles that are available in Microsoft BitLocker Administration and Monitoring (MBAM), as well as the server locations where the local groups are created. - -## MBAM Administrator roles - - - **MBAM System Administrators** -Administrators in this role have access to all MBAM features. The local group for this role is installed on the Administration and Monitoring Server. - - **MBAM Hardware Users** -Administrators in this role have access to the Hardware Capability features from MBAM. The local group for this role is installed on the Administration and Monitoring Server. - - **MBAM Helpdesk Users** -Administrators in this role have access to the Helpdesk features from MBAM. The local group for this role is installed on the Administration and Monitoring Server. - - **MBAM Report Users** -Administrators in this role have access to the Compliance and Audit Reports feature from MBAM. The local group for this role is installed on the Administration and Monitoring Server, Compliance and Audit Database, and on the server that hosts the Compliance and Audit Reports. - - **MBAM Advanced Helpdesk Users** -Administrators in this role have increased access to the Helpdesk features from MBAM. The local group for this role is installed on the Administration and Monitoring Server. If a user is a member of both MBAM Helpdesk Users and MBAM Advanced Helpdesk Users, the MBAM Advanced Helpdesk Users permissions will overwrite the MBAM Helpdesk User permissions. - -**Important**   -To view the reports, an administrative user must be a member of the **MBAM Report Users** security group on the Administration and Monitoring Server, Compliance and Audit Database, and on the server that hosts the Compliance and Reports feature. As a best practice, create a security group in Active Directory with rights on the local **MBAM Report Users** security group on both the Administration and Monitoring Server and on the server that hosts the Compliance and Reports. - - - -## Related topics - - -[Preparing your Environment for MBAM 1.0](preparing-your-environment-for-mbam-10.md) - - - - - - - - - diff --git a/mdop/mbam-v1/planning-for-mbam-10-client-deployment.md b/mdop/mbam-v1/planning-for-mbam-10-client-deployment.md deleted file mode 100644 index 352f0f8fba..0000000000 --- a/mdop/mbam-v1/planning-for-mbam-10-client-deployment.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: Planning for MBAM 1.0 Client Deployment -description: Planning for MBAM 1.0 Client Deployment -author: dansimp -ms.assetid: 3af2e7f3-134b-4ab9-9847-b07474ca6ac3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning for MBAM 1.0 Client Deployment - - -Depending on when you deploy the Microsoft BitLocker Administration and Monitoring (MBAM) Client, you can enable BitLocker encryption on a computer in your organization either before the end user receives the computer or afterwards. To enable BitLocker encryption after the end user receives the computer, configure Group Policy. To enable BitLocker encryption before the end user receives the computer, deploy the MBAM Client software by using an enterprise software deployment system. - -You can use one or both methods in your organization. If you use both methods, you can improve compliance, reporting, and key recovery support. - -**Note**   -To review the MBAM Client system requirements, see [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md). - - - -## Deploying the MBAM Client to enable BitLocker encryption after computer distribution to end users - - -After you configure the Group Policy, you can use an enterprise software deployment system product, such as Microsoft System Center Configuration Manager 2012 or Active Directory Domain Services, to deploy the MBAM Client installation Windows Installer files to the target computers. The two MBAM Client installation Windows Installer files are MBAMClient-64bit.msi and MBAMClient-32bit.msi, which are provided with the MBAM software. For more information about how to deploy MBAM Group Policy Objects, see [Deploying MBAM 1.0 Group Policy Objects](deploying-mbam-10-group-policy-objects.md). - -When you deploy the MBAM Client, after you distribute the computers to end users, the end users are prompted to encrypt their computers. This lets MBAM collect the data, to include the PIN and password, and then begin the encryption process. - -**Note**   -In this approach, users are prompted to activate and initialize the Trusted Platform Module (TPM) chip, if it has not been previously activated. - - - -## Using the MBAM Client to enable BitLocker encryption before computer distribution to end users - - -In organizations where computers are received and configured centrally, you can install the MBAM Client to manage BitLocker encryption on each computer before any user data is written on it. The benefit of this process is that every computer will then be compliant with the BitLocker encryption. This method does not rely on user action because the administrator has already encrypted the computer. A key assumption for this scenario is that the policy of the organization installs a corporate Windows image before the computer is delivered to the user. - -If your organization wants to use (TPM) to encrypt computers, the administrator must encrypt the operating system volume of the computer with TPM protector. If your organization wants to use the TPM chip and a PIN protector, the administrator must encrypt the system volume with the TPM protector, and then the users select a PIN the first time they log on. If your organization decides to use only the PIN protector, the administrator does not have to encrypt the volume first. When users log on their computers, MBAM prompts them to provide a PIN or a PIN and a password that they will use when they restart their computer later. - -**Note**   -The TPM protector option requires for the administrator to accept the BIOS prompt to activate and initialize the TPM before delivering the computer to the user. - - - -## Related topics - - -[Planning to Deploy MBAM 1.0](planning-to-deploy-mbam-10.md) - -[Deploying the MBAM 1.0 Client](deploying-the-mbam-10-client.md) - - - - - - - - - diff --git a/mdop/mbam-v1/planning-for-mbam-10-group-policy-requirements.md b/mdop/mbam-v1/planning-for-mbam-10-group-policy-requirements.md deleted file mode 100644 index 4b825a4bea..0000000000 --- a/mdop/mbam-v1/planning-for-mbam-10-group-policy-requirements.md +++ /dev/null @@ -1,328 +0,0 @@ ---- -title: Planning for MBAM 1.0 Group Policy Requirements -description: Planning for MBAM 1.0 Group Policy Requirements -author: dansimp -ms.assetid: 0fc9c509-7850-4a8e-bb82-b949025bcb02 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning for MBAM 1.0 Group Policy Requirements - - -Microsoft BitLocker Administration and Monitoring (MBAM) Client management requires custom Group Policy settings to be applied. This topic describes the available policy options for Group Policy Object (GPO) when you use MBAM to manage BitLocker Drive Encryption in the enterprise. - -**Important** -MBAM does not use the default GPO settings for Windows BitLocker drive encryption. If the default settings are enabled, they can cause conflicting behavior. To enable MBAM to manage BitLocker, you must define the GPO policy settings after you install the MBAM Group Policy Template. - - - -After you install the MBAM Group Policy template, you can view and modify the available custom MBAM GPO policy settings that enable MBAM to manage the enterprise BitLocker encryption. The MBAM Group Policy template must be installed on a computer that is capable of running the Group Policy Management Console (GPMC) or the Advanced Group Policy Management (AGPM) MDOP technology. Next, to edit the applicable GPO, open the GPMC or AGPM, and then navigate to the following GPO node: **Computer Configuration**\\**Administrative Templates**\\**Windows Components**\\**MDOP MBAM (BitLocker Management)**. - -The MDOP MBAM (BitLocker Management) GPO node contains four global policy settings and four child GPO setting nodes, respectively. The four GPO global policy settings are: Client Management, Fixed Drive, Operating System Drive, and Removable Drive. The following sections provide policy definitions and suggested policy settings to help you plan for the MBAM GPO policy setting requirements. - -**Note** -For more information about configuring the minimum suggested GPO settings to enable MBAM to manage BitLocker encryption, see [How to Edit MBAM 1.0 GPO Settings](how-to-edit-mbam-10-gpo-settings.md). - - - -## Global policy definitions - - -This section describes the MBAM Global policy definitions, which can be found at the following GPO node: **Computer Configuration**\\**Administrative Templates**\\**Windows Components**\\**MDOP MBAM (BitLocker Management)**. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
Policy NameOverview and Suggested Policy Setting

Choose drive encryption method and cipher strength

Suggested Configuration: Not Configured

-

Configure this policy to use a specific encryption method and cipher strength.

-

When this policy is not configured, BitLocker uses the default encryption method of AES 128-bit with Diffuser or the encryption method specified by the setup script.

Prevent memory overwrite on restart

Suggested Configuration: Not Configured

-

Configure this policy to improve restart performance without overwriting BitLocker secrets in memory on restart.

-

When this policy is not configured, BitLocker secrets are removed from memory when the computer restarts.

Validate smart card certificate usage rule

Suggested Configuration: Not Configured

-

Configure this policy to use smartcard certificate-based BitLocker protection.

-

When this policy is not configured, a default object identifier 1.3.6.1.4.1.311.67.1.1 is used to specify a certificate.

Provide the unique identifiers for your organization

Suggested Configuration: Not Configured

-

Configure this policy to use a certificate-based data recovery agent or the BitLocker To Go reader.

-

When this policy is not configured, the Identification field is not used.

-

If your company requires higher security measurements, you may want to configure the Identification field to make sure that all USB devices have this field set and that they are aligned with this Group Policy setting.

- - - -## Client Management policy definitions - - -This section describes the Client Management policy definitions for MBAM, found at the following GPO node: **Computer Configuration**\\**Administrative Templates**\\**Windows Components**\\**MDOP MBAM (BitLocker Management)** \\ **Client Management**. - - ---- - - - - - - - - - - - - - - - - - - - - -
Policy NameOverview and Suggested Policy Settings

Configure MBAM Services

Suggested Configuration: Enabled

-
    -

  • MBAM Recovery and Hardware service endpoint. This is the first policy setting that you must configure to enable the MBAM Client BitLocker encryption management. For this setting, enter the endpoint location similar to the following example: http://<MBAM Administration and Monitoring Server Name>:<port the web service is bound to>/MBAMRecoveryAndHardwareService/CoreService.svc.

    • -

  • Select BitLocker recovery information to store. This policy setting lets you configure the key recovery service to back up the BitLocker recovery information. It also lets you configure the status reporting service for collecting compliance and audit reports. The policy provides an administrative method of recovering data encrypted by BitLocker to help prevent data loss due to the lack of key information. Status report and key recovery activity will automatically and silently be sent to the configured report server location.

    -

    If you do not configure or if you disable this policy setting, the key recovery information will not be saved, and status report and key recovery activity will not be reported to server. When this setting is set to Recovery Password and key package, the recovery password and key package will be automatically and silently backed up to the configured key recovery server location.

    • -

  • Enter the client checking status frequency in minutes. This policy setting manages how frequently the client checks the BitLocker protection policies and the status on the client computer. This policy also manages how frequently the client compliance status is saved to the server. The client checks the BitLocker protection policies and status on the client computer, and it also backs up the client recovery key at the configured frequency.

    -

    Set this frequency based on the requirement established by your company on how frequently to check the compliance status of the computer, and how frequently to back up the client recovery key.

    • -

  • MBAM Status reporting service endpoint. This is the second policy setting that you must configure to enable MBAM Client BitLocker encryption management. For this setting, enter the endpoint location by using the following example: http://<MBAM Administration and Monitoring Server Name>:<port the web service is bound to>/MBAMComplianceStatusService/StatusReportingService. svc.

    • -

Allow hardware compatibility checking

Suggested Configuration: Enabled

-

This policy setting lets you manage the verification of hardware compatibility before you enable BitLocker protection on drives of MBAM client computers.

-

You should enable this policy option if your enterprise has older computer hardware or computers that do not support Trusted Platform Module (TPM). If either of these criteria is true, enable the hardware compatibility verification to make sure that MBAM is applied only to computer models that support BitLocker. If all computers in your organization support BitLocker, you do not have to deploy the Hardware Compatibility, and you can set this policy to Not Configured.

-

If you enable this policy setting, the model of the computer is validated against the hardware compatibility list once every 24 hours, before the policy enables BitLocker protection on a computer drive.

-
-Note

Before enabling this policy setting, make sure that you have configured the MBAM Recovery and Hardware service endpoint setting in the Configure MBAM Services policy options.

-
-
- -
-

If you either disable or do not configure this policy setting, the computer model is not validated against the hardware compatibility list.

Configure user exemption policy

Suggested Configuration: Not Configured

-

This policy setting lets you configure a web site address, email address, or phone number that will instruct a user to request an exemption from BitLocker encryption.

-

If you enable this policy setting and provide a web site address, email address, or phone number, users will see a dialog with instructions on how to apply for an exemption from BitLocker protection. For more information about how to enable BitLocker encryption exemptions for users, see How to Manage User BitLocker Encryption Exemptions.

-

If you either disable or do not configure this policy setting, the instructions about how to apply for an exemption request will not be presented to users.

-
-Note

User exemption is managed per user, not per computer. If multiple users log on to the same computer and one user is not exempt, the computer will be encrypted.

-
-
- -
- - - -## Fixed Drive policy definitions - - -This section describes the Fixed Drive policy definitions for MBAM, which can be found at the following GPO node: **Computer Configuration**\\**Administrative Templates**\\**Windows Components**\\**MDOP MBAM (BitLocker Management)** \\ **Fixed Drive**. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Policy NameOverview and Suggested Policy Setting

Fixed data drive encryption settings

Suggested Configuration: Enabled, and select the Enable auto-unlock fixed data drive check box if the operating system volume is required to be encrypted.

-

This policy setting lets you manage whether or not to encrypt the fixed drives.

-

When you enable this policy, do not disable the Configure use of password for fixed data drives policy.

-

If the Enable auto-unlock fixed data drive check box is selected, the operating system volume must be encrypted.

-

If you enable this policy setting, users are required to put all fixed drives under BitLocker protection, which will encrypt the drives.

-

If you do not configure this policy or if you disable this policy, users are not required to put fixed drives under BitLocker protection.

-

If you disable this policy, the MBAM agent decrypts any encrypted fixed drives.

-

If encrypting the operating system volume is not required, clear the Enable auto-unlock fixed data drive check box.

Deny “write” permission to fixed drives that are not protected by BitLocker

Suggested Configuration: Not Configured

-

This policy setting determines if BitLocker protection is required for fixed drives on a computer so that they are writable. This policy setting is applied when you turn on BitLocker.

-

When the policy is not configured, all fixed drives on the computer are mounted with read/write permissions.

Allow access to BitLocker-protected fixed drives from earlier versions of Windows

Suggested configuration: Not Configured

-

Enable this policy to unlock and view the fixed drives that are formatted with the file allocation table (FAT) file system on computers that are running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2.

-

These operating systems have read-only permissions to BitLocker-protected drives.

-

When the policy is disabled, fixed drives formatted with the FAT file system cannot be unlocked and their content cannot be viewed on computers that are running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2.

Configure use of password for fixed drives

Suggested configuration: Not Configured

-

Enable this policy to configure password protection on fixed drives.

-

When the policy is not configured, passwords will be supported with the default settings, which do not include password complexity requirements and require only eight characters.

-

For higher security, enable this policy and select Require password for fixed data drive, select Require password complexity, and set the desired minimum password length.

Choose how BitLocker-protected fixed drives can be recovered

Suggested Configuration: Not Configured

-

Configure this policy to enable the BitLocker data recovery agent or to save BitLocker recovery information to Active Directory Domain Services (AD DS).

-

When this policy is not configured, the BitLocker data recovery agent is allowed, and recovery information is not backed up to AD DS. MBAM does not require the recovery information to be backed up to AD DS.

- - - -## Operating System Drive policy definitions - - -This section describes the Operating System Drive policy definitions for MBAM, found at the following GPO node: **Computer Configuration**\\**Administrative Templates**\\**Windows Components**\\**MDOP MBAM (BitLocker Management)** \\ **Operating System Drive**. - - ---- - - - - - - - - - - - - - - - - - - - - -
Policy NameOverview and Suggested Policy Setting

Operating system drive encryption settings

Suggested configuration: Enabled

-

This policy setting determines if the operating system drive will be encrypted.

-

Configure this policy to do the following:

-
    -

  • Enforce BitLocker protection for the operating system drive.

    • -

  • Configure PIN usage to use a Trusted Platform Module (TPM) PIN for operating system protection.

    • -

  • Configure enhanced startup PINs to permit characters such as uppercase and lowercase letters, and numbers. MBAM does not support the use of symbols and spaces for enhanced PINs, even though BitLocker supports symbols and spaces.

    • -
-

If you enable this policy setting, users are required to secure the operating system drive by using BitLocker.

-

If you do not configure or if you disable the setting, users are not required to secure the operating system drive by using BitLocker.

-

If you disable this policy, the MBAM agent decrypts the operating system volume if it is encrypted.

-

When it is enabled, this policy setting requires users to secure the operating system by using BitLocker protection, and the drive is encrypted. Based on your encryption requirements, you may select the method of protection for the operating system drive.

-

For higher security requirements, use TPM + PIN, allow enhanced PINs, and set the minimum PIN length to eight characters.

-

When this policy is enabled with the TPM + PIN protector, you can consider disabling the following policies under System / Power Management / Sleep Settings:

-
    -

  • Allow Standby States (S1-S3) When Sleeping (Plugged In)

    • -

  • Allow Standby States (S1-S3) When Sleeping (On Battery)

    • -

Configure TPM platform validation profile

Suggested Configuration: Not Configured

-

This policy setting lets you configure how the TPM security hardware on a computer secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker already has TPM protection enabled.

-

When this policy is not configured, the TPM uses the default platform validation profile or the platform validation profile specified by the setup script.

Choose how to recover BitLocker-protected operating system drives

Suggested Configuration: Not Configured

-

Configure this policy to enable the BitLocker data recovery agent or to save BitLocker recovery information to Active Directory Domain Services (AD DS).

-

When this policy is not configured, the data recovery agent is allowed, and the recovery information is not backed up to AD DS.

-

MBAM operation does not require the recovery information to be backed up to AD DS.

- - - -## Removable Drive policy definitions - - -This section describes the Removable Drive Policy definitions for MBAM, found at the following GPO node: **Computer Configuration**\\**Administrative Templates**\\**Windows Components**\\**MDOP MBAM (BitLocker Management)** \\ **Removable Drive**. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Policy NameOverview and Suggested Policy Setting

Control the use of BitLocker on removable drives

Suggested configuration: Enabled

-

This policy controls the use of BitLocker on removable data drives.

-

Enable the Allow users to apply BitLocker protection on removable data drives option, to allow users to run the BitLocker setup wizard on a removable data drive.

-

Enable the Allow users to suspend and decrypt BitLocker on removable data drives option to allow users to remove BitLocker drive encryption from the drive or to suspend the encryption while maintenance is performed.

-

When this policy is enabled and the Allow users to apply BitLocker protection on removable data drives option is selected, the MBAM Client saves the recovery information about removable drives to the MBAM key recovery server, and it allows users to recover the drive if the password is lost.

Deny the “write” permissions to removable drives that are not protected by BitLocker

Suggested Configuration: Not Configured

-

Enable this policy to allow write-only permissions to BitLocker protected drives.

-

When this policy is enabled, all removable data drives on the computer require encryption before write permissions are allowed.

Allow access to BitLocker-protected removable drives from earlier versions of Windows

Suggested Configuration: Not Configured

-

Enable this policy to unlock and view the fixed drives that are formatted with the (FAT) file system on computers that are running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2.

-

These operating systems have read-only permissions to BitLocker-protected drives.

-

When the policy is disabled, removable drives formatted with the FAT file system cannot be unlocked and their content cannot be viewed on computers that are running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2.

Configure the use of password for removable data drives

Suggested configuration: Not Configured

-

Enable this policy to configure password protection on removable data drives.

-

When this policy is not configured, passwords are supported with the default settings, which do not include password complexity requirements and require only eight characters.

-

For increased security, you can enable this policy and select Require password for removable data drive, select Require password complexity, and then set the preferred minimum password length.

Choose how BitLocker-protected removable drives can be recovered

Suggested Configuration: Not Configured

-

You can configure this policy to enable the BitLocker data recovery agent or to save BitLocker recovery information to Active Directory Domain Services (AD DS).

-

When the policy is set to Not Configured, the data recovery agent is allowed and recovery information is not backed up to AD DS.

-

MBAM operation does not require the recovery information to be backed up to AD DS.

- - - -## Related topics - - -[Preparing your Environment for MBAM 1.0](preparing-your-environment-for-mbam-10.md) - - - - - - - - - diff --git a/mdop/mbam-v1/planning-for-mbam-10-server-deployment.md b/mdop/mbam-v1/planning-for-mbam-10-server-deployment.md deleted file mode 100644 index fe9b06d826..0000000000 --- a/mdop/mbam-v1/planning-for-mbam-10-server-deployment.md +++ /dev/null @@ -1,80 +0,0 @@ ---- -title: Planning for MBAM 1.0 Server Deployment -description: Planning for MBAM 1.0 Server Deployment -author: dansimp -ms.assetid: 3cbef284-3092-4c42-9234-2826b18ddef1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Planning for MBAM 1.0 Server Deployment - - -The Microsoft BitLocker Administration and Monitoring (MBAM) server infrastructure depends on a set of server features that can be installed on one or more server computers, based on the requirements of your enterprise. - -## Planning for MBAM Server deployment - - -The following MBAM features represent the server infrastructure for an MBAM server deployment: - -- Recovery and Hardware Database - -- Compliance and Audit Database - -- Compliance and Audit Reports - -- Administration and Monitoring Server - -MBAM server databases and features can be installed in different configurations, depending on your scalability needs. All MBAM Server features can be installed on a single server or distributed across multiple servers. Generally, we recommend that you use a three-server or five-server configuration for production environments, although configurations of two or four servers can also be used, depending on your computing needs. - -**Note**   -For more information about performance scalability of MBAM and recommended deployment topologies, see the MBAM Scalability and High-Availability Guide white paper at . - - - -Each MBAM feature has specific prerequisites. For a full list of server feature prerequisites and hardware and software requirements, see [MBAM 1.0 Deployment Prerequisites](mbam-10-deployment-prerequisites.md) and [MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md). - -In addition to the server-related MBAM features, the server Setup application includes an MBAM Group Policy template. This template can be installed on any computer that is able to run the Group Policy Management Console (GPMC) or Advanced Group Policy Management (AGPM). - -## Order of deployment of MBAM Server Features - - -When you deploy the MBAM Server features, install the features in the following order: - -1. Recovery and Hardware Database - -2. Compliance and Audit Database - -3. Compliance Audit and Reports - -4. Administration and Monitoring Server - -5. Policy Template - -**Note**   -Keep track of the names of the computers on which you install each feature. You will use this information throughout the installation process. You can print and use a deployment checklist to assist you in the installation process. For more information about the MBAM deployment checklist, see [MBAM 1.0 Deployment Checklist](mbam-10-deployment-checklist.md). - - - -## Related topics - - -[Planning to Deploy MBAM 1.0](planning-to-deploy-mbam-10.md) - -[Deploying the MBAM 1.0 Server Infrastructure](deploying-the-mbam-10-server-infrastructure.md) - - - - - - - - - diff --git a/mdop/mbam-v1/planning-for-mbam-10.md b/mdop/mbam-v1/planning-for-mbam-10.md deleted file mode 100644 index 53583513c7..0000000000 --- a/mdop/mbam-v1/planning-for-mbam-10.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: Planning for MBAM 1.0 -description: Planning for MBAM 1.0 -author: dansimp -ms.assetid: d4e8a42f-2836-48c8-83c1-40bd58270e19 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning for MBAM 1.0 - - -The goal of deployment planning is to successfully and efficiently deploy Microsoft BitLocker Administration and Monitoring (MBAM) so that it does not disrupt your users or the network. - -There are a number of different deployment configurations and prerequisites that you should consider before you try to deploy the MBAM. This section includes information that can help you gather the information that you need to formulate a deployment plan that best meets your business requirements. It can assist you in preparing your network and computing environment, and it provides the information necessary for you to properly plan to deploy MBAM features. - -## Planning information - - -- [Preparing your Environment for MBAM 1.0](preparing-your-environment-for-mbam-10.md) - - This section describes the computing environment requirements and installation prerequisites that you should plan for before you begin the MBAM Setup. - -- [Planning to Deploy MBAM 1.0](planning-to-deploy-mbam-10.md) - - This section describes the minimum hardware and software requirements necessary for the MBAM Client and Server feature installation. It also provides information about the MBAM deployment topology that you can use, and other MBAM Server and Client planning considerations. - -- [MBAM 1.0 Planning Checklist](mbam-10-planning-checklist.md) - - This section provides a planning checklist that you can use throughout the MBAM deployment. - -## Other resources for MBAM planning - - -- [Microsoft BitLocker Administration and Monitoring 1 Administrator's Guide](index.md) - -- [Getting Started with MBAM 1.0](getting-started-with-mbam-10.md) - -- [Deploying MBAM 1.0](deploying-mbam-10.md) - -- [Operations for MBAM 1.0](operations-for-mbam-10.md) - -- [Troubleshooting MBAM 1.0](troubleshooting-mbam-10.md) - -  - -  - - - - - diff --git a/mdop/mbam-v1/planning-to-deploy-mbam-10.md b/mdop/mbam-v1/planning-to-deploy-mbam-10.md deleted file mode 100644 index c35e32933a..0000000000 --- a/mdop/mbam-v1/planning-to-deploy-mbam-10.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: Planning to Deploy MBAM 1.0 -description: Planning to Deploy MBAM 1.0 -author: dansimp -ms.assetid: 30ad4304-45c6-427d-8e33-ebe8053c7871 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning to Deploy MBAM 1.0 - - -You should consider a number of different deployment configurations and prerequisites before you create your Microsoft BitLocker Administration and Monitoring (MBAM) 1.0 deployment plan. This section includes information that can help you gather the information that you must have to formulate a deployment plan that best meets your business requirements. - -## Review the MBAM 1.0 supported configurations - - -After you prepare your computing environment for the MBAM Client and Server feature installation, make sure that you review the Supported Configurations information for MBAM to confirm that the computers on which you install MBAM meet the minimum hardware and operating system requirements. For more information about MBAM deployment prerequisites, see [MBAM 1.0 Deployment Prerequisites](mbam-10-deployment-prerequisites.md). - -[MBAM 1.0 Supported Configurations](mbam-10-supported-configurations.md) - -## Plan for MBAM 1.0 Server and Client deployment - - -The MBAM server infrastructure depends on a set of server features that can be installed on one or more server computers, based on the requirements of the enterprise. These features can be installed on a single server or distributed across multiple servers. - -The MBAM Client enables administrators to enforce and monitor the BitLocker drive encryption on computers in the enterprise. The BitLocker client can be integrated into an organization by deploying the client through tools like Active Directory Domain Services or by directly encrypting the client computers as part of the initial imaging process. - -With MBAM, you can encrypt a computer in your organization either before the end user receives the computer or afterwards, by using Group Policy. You can use one or both methods in your organization. If you choose to use both methods, you can improve compliance, reporting, and key recovery support. - -[Planning for MBAM 1.0 Server Deployment](planning-for-mbam-10-server-deployment.md) - -[Planning for MBAM 1.0 Client Deployment](planning-for-mbam-10-client-deployment.md) - -## Other resources for MBAM planning - - -- [Planning for MBAM 1.0](planning-for-mbam-10.md) - -  - -  - - - - - diff --git a/mdop/mbam-v1/preparing-your-environment-for-mbam-10.md b/mdop/mbam-v1/preparing-your-environment-for-mbam-10.md deleted file mode 100644 index 931b7c9924..0000000000 --- a/mdop/mbam-v1/preparing-your-environment-for-mbam-10.md +++ /dev/null @@ -1,69 +0,0 @@ ---- -title: Preparing your Environment for MBAM 1.0 -description: Preparing your Environment for MBAM 1.0 -author: dansimp -ms.assetid: 915f7c3c-70ad-4a90-a434-73e7fba97ecb -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Preparing your Environment for MBAM 1.0 - - -Before you begin the Microsoft BitLocker Administration and Monitoring (MBAM) Setup, make sure that you have met the necessary prerequisites to install the product. If you know the prerequisites in advance, you can efficiently deploy the product and enable its features, which can support the business objectives of your organization more effectively. - -## Review MBAM 1.0 deployment prerequisites - - -The MBAM Client and each of the MBAM Server features have specific prerequisites that must be met before they can be successfully installed. - -To ensure successful installation of MBAM Clients and MBAM Server features, you should plan to ensure that computers specified for MBAM Client or MBAM Server feature installation are properly prepared for MBAM Setup. - -**Note**   -MBAM Setup verifies if all prerequisites are met before installation starts. If they are not met, Setup will fail. - - - -[MBAM 1.0 Deployment Prerequisites](mbam-10-deployment-prerequisites.md) - -## Plan for MBAM 1.0 Group Policy requirements - - -Before MBAM can manage clients in the enterprise, you must define the Group Policy for the encryption requirements of your environment. - -**Important**   -MBAM will not work with policies for stand-alone BitLocker drive encryption. Group Policy must be defined for MBAM; otherwise, the BitLocker encryption and enforcement will fail. - - - -[Planning for MBAM 1.0 Group Policy Requirements](planning-for-mbam-10-group-policy-requirements.md) - -## Plan for MBAM 1.0 administrator roles - - -MBAM administrator roles are managed by local groups that are created by MBAM Setup when you install the following: BitLocker Administration and Monitoring Server, the Compliance and Audit Reports feature, and the Compliance and Audit Status Database. - -The membership of MBAM roles can be managed more effectively if you create security groups in Active Directory Domain Services, add the appropriate administrator accounts to those groups, and then add those security groups to the MBAM local groups. For more information, see [How to Manage MBAM Administrator Roles](how-to-manage-mbam-administrator-roles-mbam-1.md). - -[Planning for MBAM 1.0 Administrator Roles](planning-for-mbam-10-administrator-roles.md) - -## Other resources for MBAM planning - - -[Planning for MBAM 1.0](planning-for-mbam-10.md) - - - - - - - - - diff --git a/mdop/mbam-v1/privacy-statement-for-mbam-10.md b/mdop/mbam-v1/privacy-statement-for-mbam-10.md deleted file mode 100644 index f54a72fb5e..0000000000 --- a/mdop/mbam-v1/privacy-statement-for-mbam-10.md +++ /dev/null @@ -1,69 +0,0 @@ ---- -title: Privacy Statement for MBAM 1.0 -description: Privacy Statement for MBAM 1.0 -author: dansimp -ms.assetid: db18cc93-a1c1-44da-a450-a5399a4427b9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Privacy Statement for MBAM 1.0 - - -## Privacy Statement - - -At Microsoft, we're working hard to protect your privacy while delivering products that bring you the performance, power, and convenience that you want in your personal computing. This privacy statement explains many of the data collection and use practices of Microsoft BitLocker Administration and Monitoring (MBAM). This privacy statement focuses on features that communicate with the Internet and is not intended to be an exhaustive list. This privacy statement does not apply to other online or offline Microsoft sites, products or services. - -Collection and Use of Your Personal Information: - -When we need information that personally identifies you or allows us to contact you, we will explicitly ask you for it. The personal information we collect from you will be used by Microsoft and its controlled subsidiaries and affiliates to provide the service(s) or carry out the transaction(s) you have requested or authorized, and may also be used to request additional information on feedback that you provide about the product or service that you are using; to provide critical updates and notifications regarding the software; to improve the product or service, for example bug and survey form inquiries, or to provide you with advance notice of events or to tell you about new product releases. - -Except as described in this statement, personal information you provide will not be transferred to third parties without your consent. We occasionally hire other companies to provide limited services on our behalf, such as performing statistical analysis of our services. We will only provide those companies the personal information they need to deliver the service, and they are prohibited from using that information for any other purpose. - -Information that is collected by or sent to Microsoft may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries or agents maintain facilities, and by using a Microsoft site or service, you consent to any such transfer of information outside of your country. Microsoft abides by the safe harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union. Microsoft may disclose personal information about you if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on Microsoft or the site; (b) protect and defend the rights or property of Microsoft (including enforcing our agreements); or (c) act in urgent circumstances to protect the personal safety of Microsoft employees, users of Microsoft products or services, or members of the public. - -Collection and Use of Information about Your Computer: - -Microsoft BitLocker Administration and Monitoring contains Internet-enabled features that can collect certain standard information from your computer ("standard computer information") along with information needed for a specific feature and send it to Microsoft. Standard computer information includes information such as your IP address, operating system version, a code that identifies the manufacturer of your computer, and your regional and language settings. This computer information is generally not personally identifiable. - -Security of Your Information: - -Microsoft is committed to protecting the security of your personal information. We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. For example, we store the information you provide on computer servers with limited access that are located in controlled facilities. - -Changes to the Privacy Statement: - -We may occasionally update this privacy statement. When we do, we will revise the "last updated" date at the top of the privacy statement. We encourage you to periodically review this privacy statement to be informed of how Microsoft is protecting your information. - -For More Information: - -Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement, please contact us at: - -Microsoft Privacy - -Microsoft Corporation - -One Microsoft Way - -Redmond, Washington 98052 USA - -## Related topics - - -[Getting Started with MBAM 1.0](getting-started-with-mbam-10.md) - -  - -  - - - - - diff --git a/mdop/mbam-v1/release-notes-for-mbam-10.md b/mdop/mbam-v1/release-notes-for-mbam-10.md deleted file mode 100644 index 61041c666a..0000000000 --- a/mdop/mbam-v1/release-notes-for-mbam-10.md +++ /dev/null @@ -1,160 +0,0 @@ ---- -title: Release Notes for MBAM 1.0 -description: Release Notes for MBAM 1.0 -author: dansimp -ms.assetid: d82fddde-c360-48ef-86a0-d9b5fe066861 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Release Notes for MBAM 1.0 - - -**To search for a specific issue in these release notes, press CTRL+F.** - -Read these release notes thoroughly before you install Microsoft BitLocker Administration and Monitoring (MBAM). - -These release notes contain information that is required to successfully install MBAM. The release notes also contain information that is not available in the product documentation. If there is a difference between these release notes and other MBAM documentation, the latest change should be considered authoritative. These release notes supersede the content that is included with this product. - -## About the Product Documentation - - -For information about MBAM documentation, see the MBAM home page on Microsoft TechNet. - -To obtain a downloadable copy of the MBAM documentation, see on the Microsoft Download Center. - -## Provide Feedback - - -We are interested in your feedback on MBAM. You can send your feedback to . - -**Note**   -This email address is not a support channel, but your feedback will help us to plan for future changes in our documentation and product releases. - - - -For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) page. - -For more information about new updates or to provide feedback, follow us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447). - -## Known Issues with MBAM 1.0 - - -This section contains release notes about the known issues with MBAM setup and installation. - -### If you select the “Use a certificate to encrypt the network communication” option during Setup, existing database connections and dependent applications can stop functioning - -You can configure MBAM for **Encrypted network communication** after you install either the Recovery and Hardware Database or the Compliance Status Database features. If you choose to configure MBAM for Encrypted network communication, MBAM Setup configures the instance of the SQL Server Database Engine to use Secure Sockets Layer (SSL) for communication between the applicable database and both the Administration and Monitoring Server and the Compliance and Audit Report Server features. - -- If the instance of the SQL Server Database Engine is not already configured to use SSL, MBAM Setup configures it to do so. This can prevent applications that try to use non-MBAM databases on the instance of the SQL Server Database Engine from communicating with their databases. - -- If the instance of the SQL Server Database Engine is already configured to use SSL, it is configured to use the certificate that the user selected during setup. If this certificate differs from the one that was already in use, it can prevent applications that use SQL Server databases on the instance of the SQL Server Database Engine from running. - -**WORKAROUND:** None - -### MBAM Setup fails during installation when you use a local Administrator account - -MBAM Setup fails when you use a local Administrator account. The log file contains the following information: - -``` syntax -Locating group 'MBAM Report Users' -Adding ' to group 'MBAM Report Users' -Locating group 'MBAM Recovery and Hardware DB Access' -Adding 'S-1-5-20' to group 'MBAM Recovery and Hardware DB Access' -Exception: A new member could not be added to a local group because the member has the wrong account type. - - StackTrace:    at System.DirectoryServices.AccountManagement.SAMStoreCtx.UpdateGroupMembership(Principal group, DirectoryEntry de, NetCred credentials, AuthenticationTypes authTypes) - at System.DirectoryServices.AccountManagement.SDSUtils.ApplyChangesToDirectory(Principal p, StoreCtx storeCtx, GroupMembershipUpdater updateGroupMembership, NetCred credentials, AuthenticationTypes authTypes) - at System.DirectoryServices.AccountManagement.SAMStoreCtx.Update(Principal p) - at Microsoft.Windows.Mdop.BitlockerManagement.Setup.Groups.CreateGroupsDeferred(Session session) - InnerException:Exception: A new member could not be added to a local group because the member has the wrong account type. - - InnerException:StackTrace:    at System.DirectoryServices.AccountManagement.UnsafeNativeMethods.IADsGroup.Add(String bstrNewItem) - at System.DirectoryServices.AccountManagement.SAMStoreCtx.UpdateGroupMembership(Principal group, DirectoryEntry de, NetCred credentials, AuthenticationTypes authTypes) -CustomAction MbamCreateGroupsDeferred returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox) -Action ended 11:41:29: InstallExecute. Return value 3. -``` - -**WORKAROUND:** Use a domain account with administrative credentials on the server computer when you install MBAM. - -### MBAM Setup reconfigures the instance of the SQL Server Database Engine to not use SSL if you select “Do not encrypt network communication” - -When you install either the Recovery and Hardware Database or the Compliance Status Database, you can use Setup to configure MBAM by selecting **Encrypted network communication**. If you decide not to encrypt the network communication, MBAM Setup reconfigures the instance of the SQL Server Database Engine so that it does not use SSL. - -- If the instance of the SQL Server Database Engine is already configured to use SSL, MBAM Setup disables SSL on the instance of the SQL Server Database Engine. This changes the communication security between the applications that use databases that are not related to MBAM databases on the instance of the SQL Server Database Engine. - -**WORKAROUND:** None - -### Missing prerequisite for the Internet Information Services (IIS) Management Scripts and Tools web server feature - -MBAM Setup is dependent on the IIS Management Scripts and Tools web server feature, but it is not an enforced prerequisite. Server setup lets you install MBAM when this feature is missing. However, this will cause the backup service MBAM VSS Writer to start and then stop, because it cannot locate the Windows Management Instrumentation (WMI) and the Internet Information Services (IIS) provider. There is no error message for this condition, except that which occurs in the event log. Installation of MBAM without IIS Management Scripts and Tools causes the backup operations not to run for MBAM. - -**WORKAROUND:** Ensure that the IIS Management Scripts and Tools web server feature is installed before you start the MBAM Setup. - -### MBAM Setup stops responding during the “Installing selected features” phase when setup is configured to use a certificate - -MBAM Setup stops responding during the **Installing selected features** phase of setup. This occurs during the installation of the Recovery and Hardware Database or the Compliance Status Database, after you select the **Use a certificate to encrypt the network communication** option. Furthermore, the MBAM Setup stops responding if the instance of the SQL Server Database Engine cannot access the certificate that was specified during setup. - -**WORKAROUND:** Update the permissions on the certificate, so that the Windows service for the applicable instance of the SQL Server Database Engine can access the certificate. You can also change the account under which the instance of the SQL Server Database Engine runs, for the database engine to use the certificate. To determine the permissions for the certificate, type the following command at the command prompt: **certutil -v -store MY** - -### MBAM Setup pauses when you install SQL Server Reporting Services - -During MBAM installation, when you select an instance of SQL Server Reporting Services (SSRS) and SSRS instance is not available or it is configured incorrectly, the MBAM Setup might pause for up to one minute while it attempts to communicate with the SSRS instance. - -**WORKAROUND:** Wait for at least one minute for MBAM Setup to resume while the Setup program attempts to contact the instance of SSRS. - -### Administration and Monitoring Server does not run after setup - -After MBAM Setup successfully installs the Administration and Monitoring Server feature, MBAM displays error messages when you try to access the MBAM administrator website. This issue occurs for one of the following reasons: - -- One or more prerequisites on the Administration and Monitoring Server were removed after the MBAM installation. - -- One or more prerequisites were installed on the server and later they were removed before running the MBAM Setup. - -**WORKAROUND:** Review the MBAM documentation and confirm that all MBAM prerequisites are installed. - -### Clicking documentation links during Setup results in an application error after Setup is finished - -When you click a documentation link during setup and then close the Setup program by clicking **Cancel** or **Finish** after Setup has successfully finished, an application error message appears.. The problem is caused by an access violation error in the Windows Task Scheduler. - -**WORKAROUND:** None. You can ignore this error. - -### Failed MBAM Setup does not remove new databases - -If the MBAM Setup fails, Setup might not remove the newly created databases. This can cause failures during subsequent installations. - -**WORKAROUND:** Choose a different name for the database instance during the subsequent installation. - -### MBAM Setup does not recognize valid network load-balancing cluster certificates - -During the MBAM Administration and Monitoring Server installation, with the network encryption option selected, the cluster certificate is not recognized as a valid certificate. It is recognized as valid when the certificate for communication with the database is installed, but it is rejected for communication by the load-balancing cluster. - -**WORKAROUND:** Confirm that the certificate revocation list (CRL) associated with the certificate is accessible, or use a certificate that does not require validation by using the CRL. - -## Release Notes Copyright Information - - -Microsoft, Active Directory, ActiveX, Bing, Excel, Silverlight, SQL Server, Windows, Microsoft Intune, and Windows PowerShell are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners. - - - -## Related topics - - -[About MBAM 1.0](about-mbam-10.md) - - - - - - - - - diff --git a/mdop/mbam-v1/security-and-privacy-for-mbam-10.md b/mdop/mbam-v1/security-and-privacy-for-mbam-10.md deleted file mode 100644 index 8ef48ada78..0000000000 --- a/mdop/mbam-v1/security-and-privacy-for-mbam-10.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: Security and Privacy for MBAM 1.0 -description: Security and Privacy for MBAM 1.0 -author: dansimp -ms.assetid: ba4497f1-b9e3-41be-8953-3637d1f83f01 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Security and Privacy for MBAM 1.0 - - -The topics in this guide will help you plan for security and privacy considerations for Microsoft BitLocker Administration and Monitoring (MBAM). - -## Security considerations for MBAM 1.0 - - -Before you deploy and use MBAM in your computing environment, you should consider potential security-related issues. The information in the Security Considerations topic provides a brief overview of Active Directory Domain Services user accounts and groups, log files, and other security-related considerations for MBAM. - -[Security Considerations for MBAM 1.0](security-considerations-for-mbam-10.md) - -## Privacy for MBAM 1.0 - - -This topic covers many of the data collection and use practices of MBAM. - -[Privacy Statement for MBAM 1.0](privacy-statement-for-mbam-10.md) - -## Other resources MBAM Security and Privacy - - -- [Operations for MBAM 1.0](operations-for-mbam-10.md) - -  - -  - - - - - diff --git a/mdop/mbam-v1/security-considerations-for-mbam-10.md b/mdop/mbam-v1/security-considerations-for-mbam-10.md deleted file mode 100644 index 340bd2e376..0000000000 --- a/mdop/mbam-v1/security-considerations-for-mbam-10.md +++ /dev/null @@ -1,207 +0,0 @@ ---- -title: Security Considerations for MBAM 1.0 -description: Security Considerations for MBAM 1.0 -author: dansimp -ms.assetid: 5e1c8b8c-235b-4a92-8b0b-da50dca17353 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Security Considerations for MBAM 1.0 - - -This topic contains a brief overview of the accounts and groups, log files, and other security-related considerations for Microsoft BitLocker Administration and Monitoring (MBAM). For more information, follow the links in this article. - -## General security considerations - - -**Understand the security risks.** The most serious risk to MBAM is that its functionality could be hijacked by an unauthorized user who could then reconfigure BitLocker encryption and gain BitLocker encryption key data on MBAM Clients. However, the loss of MBAM functionality for a short period of time due to a denial-of-service attack would not generally have a catastrophic impact. - -**Physically secure your computers**. Security is incomplete without physical security. Anyone with physical access to an MBAM Server could potentially attack the entire client base. Any potential physical attacks must be considered high risk and mitigated appropriately. MBAM servers should be stored in a physically secure server room with controlled access. Secure these computers when administrators are not physically present by having the operating system lock the computer, or by using a secured screen saver. - -**Apply the most recent security updates to all computers**. Stay informed about new updates for operating systems, Microsoft SQL Server, and MBAM by subscribing to the Security Notification service (). - -**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all MBAM and MBAM administrator accounts. Never use blank passwords. For more information about password concepts, see the “Account Passwords and Policies” white paper on TechNet (). - -## Accounts and Groups in MBAM - - -A best practice for user account management is to create domain global groups and add user accounts to them. Then, add the domain global accounts to the necessary MBAM local groups on the MBAM Servers. - -### Active Directory Domain Services Groups - -No groups are created automatically during MBAM Setup. However, you should create the following Active Directory Domain Services global groups to manage MBAM operations. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Group NameDetails

MBAM Advanced Helpdesk Users

Create this group to manage members of the MBAM Advanced Helpdesk Users local group that was created during MBAM Setup.

MBAM Compliance Auditing DB Access

Create this group to manage members of the MBAM Compliance Auditing DB Access local group that was created during MBAM Setup.

MBAM Hardware Users

Create this group to manage members of the MBAM Hardware Users local group that was created during MBAM Setup.

MBAM Helpdesk Users

Create this group to manage members of the MBAM Helpdesk Users local group that was created during MBAM Setup.

MBAM Recovery and Hardware DB Access

Create this group to manage members of the MBAM Recovery and Hardware DB Access local group that was created during MBAM Setup.

MBAM Report Users

Create this group to manage members of the MBAM Report Users local group that was created during MBAM Setup.

MBAM System Administrators

Create this group to manage members of the MBAM System Administrators local group that was created during MBAM Setup.

BitLocker Encryption Exemptions

Create this group to manage user accounts that should be exempted from BitLocker encryption starting on computers that they log on to.

- - - -### MBAM Server Local Groups - -MBAM Setup creates local groups to support MBAM operations. You should add the Active Directory Domain Services Global Groups to the appropriate MBAM local groups to configure MBAM security and data access permissions. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Group NameDetails

MBAM Advanced Helpdesk Users

Members of this group have expanded access to the Helpdesk features of Microsoft BitLocker Administration and Monitoring.

MBAM Compliance Auditing DB Access

This group contains the machines that have access to the MBAM Compliance Auditing Database.

MBAM Hardware Users

Members of this group have access to some of the Hardware Capability features from Microsoft BitLocker Administration and Monitoring.

MBAM Helpdesk Users

Members of this group have access to some of the Helpdesk features from Microsoft BitLocker Administration and Monitoring.

MBAM Recovery and Hardware DB Access

This group contains the computers that have access to the MBAM Recovery and Hardware Database.

MBAM Report Users

Members of this group have access to the Compliance and Audit reports from Microsoft BitLocker Administration and Monitoring.

MBAM System Administrators

Members of this group have access to all the features of Microsoft BitLocker Administration and Monitoring.

- - - -### SSRS Reports Access Account - -The SQL Server Reporting Services (SSRS) Reports Service Account provides the security context to run the MBAM reports available through SSRS. This account is configured during MBAM Setup. - -## MBAM Log Files - - -During MBAM Setup, the following MBAM Setup log files are created in the %temp% folder of the user who installs the - -**MBAM Server Setup log files** - -MSI<five random characters>.log -Logs the actions taken during MBAM Setup and MBAM Server Feature installation. - -InstallComplianceDatabase.log -Logs the actions taken to create the MBAM Compliance Status database setup. - -InstallKeyComplianceDatabase.log -Logs the actions taken to create the MBAM Recovery and Hardware database. - -AddHelpDeskDbAuditUsers.log -Logs the actions taken to create the SQL Server logins on the MBAM Compliance Status database and authorize helpdesk web service to the database for reports. - -AddHelpDeskDbUsers.log -Logs the actions taken to authorize web services to database for key recovery and create logins to the MBAM Recovery and Hardware database. - -AddKeyComplianceDbUsers.log -Logs the actions taken to authorize web services to MBAM Compliance Status database for compliance reporting. - -AddRecoveryAndHardwareDbUsers.log -Logs the actions taken to authorize web services to MBAM Recovery and Hardware database for key recovery. - -**Note**   -In order to obtain additional MBAM Setup log files, you must install Microsoft BitLocker Administration and Monitoring by using the **msiexec** package and the **/l** <location> option. Log files are created in the location specified. - - - -**MBAM Client Setup log files** - -MSI<five random characters>.log -Logs the actions taken during MBAM Client installation. - -## MBAM Database TDE considerations - - -The Transparent Data Encryption (TDE) feature available in SQL Server 2008 is a required installation prerequisite for the database instances that will host MBAM database features. - -With TDE, you can perform real-time, full database-level encryption. TDE is a well-suited choice for bulk encryption to meet regulatory compliance or corporate data security standards. TDE works at the file level, which is similar to two Windows features: the Encrypting File System (EFS) and BitLocker Drive Encryption, both of which also encrypt data on the hard drive. TDE does not replace cell-level encryption, EFS, or BitLocker. - -When TDE is enabled on a database, all backups are encrypted. Thus, special care must be taken to ensure that the certificate that was used to protect the Database Encryption Key (DEK) is backed up and maintained with the database backup. Without a certificate, the data will be unreadable. Back up the certificate along with the database. Each certificate backup should have two files; both of these files should be archived .It is best to archive them separately from the database backup file for security. - -For an example of how to enable TDE for MBAM database instances, see [Evaluating MBAM 1.0](evaluating-mbam-10.md). - -For more information about TDE in SQL Server 2008, see [Database Encryption in SQL Server 2008 Enterprise Edition](https://go.microsoft.com/fwlink/?LinkId=269703). - -## Related topics - - -[Security and Privacy for MBAM 1.0](security-and-privacy-for-mbam-10.md) - - - - - - - - - diff --git a/mdop/mbam-v1/troubleshooting-mbam-10.md b/mdop/mbam-v1/troubleshooting-mbam-10.md deleted file mode 100644 index bcf03fa8b3..0000000000 --- a/mdop/mbam-v1/troubleshooting-mbam-10.md +++ /dev/null @@ -1,92 +0,0 @@ ---- -title: Troubleshooting MBAM 1.0 -description: Troubleshooting MBAM 1.0 -author: dansimp -ms.assetid: 7d47fbfe-51c0-4619-bed3-163dfd18cdec -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Troubleshooting MBAM 1.0 - - -Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905). - -## How to Find Troubleshooting Content - - -You can use the following information to find troubleshooting or additional technical content for this product. - -### Search the MDOP Documentation - -The first step to find help content in the Administrator’s Guide is to search the MDOP documentation on TechNet. - -After you search the MDOP documentation, your next step would be to search the troubleshooting information for the product in the TechNet Wiki. - -**To search the MDOP product documentation** - -1. Use a web browser to navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page. - -2. Enter applicable search terms in the **Search TechNet with Bing** search box at the top of the MDOP Information Experience home page. - -3. Review the search results for assistance. - -**To search the TechNet Wiki** - -1. Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page. - -2. Enter applicable search terms in the **Search TechNet Wiki** search box on the TechNet Wiki home page. - -3. Review the search results for assistance. - -## How to Create a Troubleshooting Article - - -If you have a troubleshooting tip or a best practice to share that is not already included in the MDOP OnlineHelp or TechNet Wiki, you can create your own TechNet Wiki articles. - -**To create a TechNet Wiki troubleshooting or best practices article** - -1. Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page. - -2. Log in with your Windows Live ID. - -3. Review the **Getting Started** section to learn the basics of the TechNet Wiki and its articles. - -4. Select **Post an article >>** at the bottom of the **Getting Started** section. - -5. On the Wiki article **Add Page** page, select **Insert Template** from the toolbar, select the troubleshooting article template (**Troubleshooting.html**), and then click **Insert**. - -6. Be sure to give the article a descriptive title and then overwrite the template information as needed to create your troubleshooting or best practice article. - -7. After you review your article, be sure to include a tag that is named **Troubleshooting** and another for the product name. This helps others to find your content. - -8. Click **Save** to publish the article to the TechNet Wiki. - -## Other resources for troubleshooting MBAM 1.0 - - -- [Microsoft BitLocker Administration and Monitoring 1 Administrator's Guide](index.md) - -- [Getting Started with MBAM 1.0](getting-started-with-mbam-10.md) - -- [Planning for MBAM 1.0](planning-for-mbam-10.md) - -- [Deploying MBAM 1.0](deploying-mbam-10.md) - -- [Operations for MBAM 1.0](operations-for-mbam-10.md) - -  - -  - - - - - diff --git a/mdop/mbam-v1/understanding-mbam-reports-mbam-1.md b/mdop/mbam-v1/understanding-mbam-reports-mbam-1.md deleted file mode 100644 index eb7557d3a6..0000000000 --- a/mdop/mbam-v1/understanding-mbam-reports-mbam-1.md +++ /dev/null @@ -1,389 +0,0 @@ ---- -title: Understanding MBAM Reports -description: Understanding MBAM Reports -author: dansimp -ms.assetid: 34e4aaeb-7f89-41a1-b816-c6fe8397b060 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Understanding MBAM Reports - - -Microsoft BitLocker Administration and Monitoring (MBAM) generates various reports to monitor BitLocker usage and compliance. This topic describes the MBAM reports for enterprise compliance, individual computers, hardware compatibility, and key recovery activity. - -## Understanding Reports - - -To access the Reports feature of MBAM, open the MBAM administration website. Select **Reports** in the navigation pane. Then, in the main content pane, click the tab for your report type: **Enterprise Compliance Report**, **Computer Compliance Report**, **Hardware Audit Report**, or **Recovery Audit Report**. - -### Enterprise Compliance Report - -An Enterprise Compliance Report provides information on overall BitLocker compliance in your organization. The available filters for this report allow you to narrow your search results according to Compliance state and Error status. This report runs every six hours. - -**Enterprise Compliance Report fields** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Column NameDescription

Computer Name

The user-specified DNS name that is being managed by MBAM.

Domain Name

The fully qualified domain name where the client computer resides and is managed by MBAM.

Compliance Status

The state of compliance for the computer, according to the policy specified for the computer. The possible states are Noncompliant and Compliant. For more information, see Enterprise Compliance Report Compliance States in this topic.

Exemption

The state of the computer hardware for determining the identification of the hardware type and whether the computer is exempt from policy. There are three possible states: Hardware Unknown (the hardware type has not been identified by MBAM), Hardware Exempt (the hardware type was identified and was marked as exempt from MBAM policy), and Not Exempt (the hardware was identified and is not exempt from policy).

Device Users

Known users on the computer that is being managed by MBAM.

Compliance Status Details

Error and status messages about the compliance state of the computer in accordance to the specified policy.

Last Contact

Date and time when the computer last contacted the server to report compliance status. This time is configurable. See MBAM policy settings.

- - - -**Enterprise Compliance Report Compliance states** - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Compliance StatusExemptionDescriptionUser Action

Noncompliant

Not Exempt

The computer is noncompliant according to the specified policy, and the hardware type has not been indicated as exempt from policy.

Click Computer Name to expand the Computer Compliance Report and determine whether the state of each drive complies with the specified policy. If the encryption state indicates that the computer is not encrypted, encryption might still be in process, or there might be an error on the computer. If there is no error, the likely cause is that the computer is still in the process of connecting or establishing the encryption status. Check back later to determine if the state changes.

Compliant

Not Exempt

The computer is compliant in accordance with the specified policy.

No Action needed. Optionally, you can view the Computer Compliance Report to confirm the state of the computer.

Compliant

Hardware Exempt

If the Hardware type is exempt. Regardless of how the policy is set or the individual status of each hard-drive, the overall state is considered to be compliant.

No action needed.

Compliant

Hardware Unknown

MBAM recognizes the hardware type, but MBAM does not know whether it is exempt or not exempt. This occurs if the administrator has not set the Compatible status for the hardware. Therefore, MBAM reverts to Compliant status by default.

This is the initial state of a newly deployed MBAM client. It is typically only a transient state. Even if the administrator has marked the Hardware as Compatible, there can be a significant delay or configurable wait time before the client computer reports back in. Make note of the time of Last Contact, and check in again after the specified interval to see if the state has changed. If the state has not changed, there may be an error for this computer or hardware type.

- - - -### Computer Compliance Report - -The Computer Compliance Report displays information that is specific to a computer or user. - -The Computer Compliance Report provides detailed encryption information and applicable policies for each drive on a computer, including operating system drives and fixed data drives. To view this report type, click the computer name in the Enterprise Compliance Report or type the computer name in the Computer Compliance Report. To view the details of each drive, expand the Computer Name entry. - -**Note**   -This report does not provide encryption status for Removable Data Volumes. - - - -**Computer Compliance Report fields** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Column NameDescription

Computer Name

The user-specified DNS computer name that is being managed by MBAM.

Domain Name

The fully qualified domain name where the client computer resides and is managed by MBAM.

Computer Type

The portability type of computer. Valid types are non-Portable and Portable.

Operating System

Operating System type installed on the MBAM managed client computer.

Compliance Status

The overall Compliance Status of the computer managed by MBAM. Valid states are Compliant and Noncompliant. While it is possible to have Compliant and Noncompliant drives in the same computer, this field indicates the overall computer compliance per specified policy.

Policy Cypher Strength

The Cipher Strength selected by the Administrator during MBAM policy specification. For example, 128-bit with Diffuser

Policy Operating System Drive

Indicates whether encryption is required for the O/S and the protector type as applicable.

Policy Fixed Data Drive

Indicates whether encryption is required for the Fixed Drive.

Policy Removable Data Drive

Indicates whether encryption is required for the Removable Drive.

Device Users

Provides the identity of known users on the computer.

Exemption

Indicates whether the computer hardware type is recognized by MBAM and, if known, whether the computer has been indicated as exempt from policy. There are three states: Hardware Unknown (the hardware type has not been identified by MBAM); Hardware Exempt (the hardware type was identified and was marked as exempt from MBAM policy); and Not Exempt (the hardware was identified and is not exempt from policy).

Manufacturer

The computer manufacturer name as it appears in the computer BIOS.

Model

The computer manufacturer model name as it appears in the computer BIOS.

Compliance Status Details

Error and status messages of the compliance state of the computer in accordance with the specified policy.

Last Contact

Date and time that the computer last contacted the server to report compliance status. T

- - - -**Computer Compliance Report Drive fields** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Column NameDescription

Drive Letter

Computer drive letter that was assigned to this particular drive by the user.

Drive Type

Type of drive. Valid values are Operating System Drive and Fixed Data Drive. These are physical drives rather than logical volumes.

Cypher Strength

Cipher Strength selected by the Administrator during MBAM policy specification.

Protector Type

Type of protector selected via policy used to encrypt an operating system or Fixed volume. The valid protector types on an operating system drive are TPM or TPM+PIN. The only valid protector type for a Fixed Data Volume is Password.

Protector State

This field indicates whether the computer has enabled the protector type specified in the policy. The valid states are ON or OFF.

Encryption State

This is the current encryption state of the drive. Valid states are Encrypted, Not Encrypted, and Encrypting.

Compliance Status

Indicates whether the drive is in accordance with the policy. States are Noncompliant and Compliant.

Compliance Status Details

Contains error and status messages regarding the compliance state of the computer.

- - - -### Hardware Audit Report - -This report can help you audit changes to the Hardware Compatibility status of specific computer makes and models. To help you narrow your search results, this report includes filtering on criteria such as type of change and time of occurrence. Each state change is tracked by user and date and time. The Hardware Type is automatically populated by the MBAM agent that runs on the client computer. This report tracks user changes to the information collected directly from the MBAM managed computer. A typical administrative change is changing from Compatible to incompatible. However, the administrator can also revise any field. - -**Hardware Audit Report fields** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Column NameDescription

Date and Time

Date and time that a change was made to the Hardware Type. Note that every unique hardware type is assigned to at least one entry.

User

Administrative user that has made the change for the particular entry.

Change Type

Type of change that was made to the hardware type information. Valid values are Addition (new entry), Update (change existing entry), or Deletion (remove existing entry).

Original Value

Value of the hardware type specification before the change was made.

Current Value

Value of the hardware type specification after the change was made.

- - - -### Recovery Audit Report - -The Recovery Audit Report can help you audit users who have requested access to recovery keys. The filter criteria for this report includes type of user making the request, type of key requested, time of occurrence, success or fail, time of occurrence, and type of user requesting (help desk, end user). This report enables administrators to produce contextual reports based on need. - -**Recovery Audit Report Fields** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Column NameDescription

Request Date and Time

The date and time that a key retrieval request was made by an end user or help desk user.

Request Status

Status of the request. Valid statuses are either Successful (the key was retrieved) or Failed (the key was not retrieved).

Helpdesk User

The help desk user who initiated the request for key retrieval. If the help desk user retrieves the key on behalf of an end user, the End User field will be blank.

User

The end user who initiated the request for key retrieval.

Key Type

The type of key that was requested. MBAM collects three key types: Recovery Key Password (to recovery a computer in recovery mode); Recovery Key ID (to recover a computer in recovery mode on behalf of another user); and Trusted Platform Module (TPM) Password Hash (to recover a computer with a locked TPM).

Reason Description

The reason that the specified Key Type was requested. The reasons are specified in the Drive Recovery and Manage TPM features of the Administrative web site. Valid entries include user-entered text or one of the following reason codes:

-
    -

  • Operating System Boot Order changed

    • -

  • BIOS changed

    • -

  • Operating System files changed

    • -

  • Lost Startup key

    • -

  • Lost PIN

    • -

  • TPM Reset

    • -

  • Lost Passphrase

    • -

  • Lost Smartcard

    • -

  • Reset PIN lockout

    • -

  • Turn on TPM

    • -

  • Turn off TPM

    • -

  • Change TPM password

    • -

  • Clear TPM

    • -
-

- - - -**Note**   -To save report results to a file, click the **Export** button on the reports menu bar. - - - -## Related topics - - -[Monitoring and Reporting BitLocker Compliance with MBAM 1.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-10.md) - - - - - - - - - diff --git a/mdop/mbam-v2/TOC.md b/mdop/mbam-v2/TOC.md deleted file mode 100644 index 4bb822bfb4..0000000000 --- a/mdop/mbam-v2/TOC.md +++ /dev/null @@ -1,73 +0,0 @@ -# [Microsoft BitLocker Administration and Monitoring 2](index.md) -## [Getting Started with MBAM 2.0](getting-started-with-mbam-20-mbam-2.md) -### [About MBAM 2.0](about-mbam-20-mbam-2.md) -#### [Release Notes for MBAM 2.0](release-notes-for-mbam-20-mbam-2.md) -### [About MBAM 2.0 SP1](about-mbam-20-sp1.md) -#### [Release Notes for MBAM 2.0 SP1](release-notes-for-mbam-20-sp1.md) -### [Evaluating MBAM 2.0](evaluating-mbam-20-mbam-2.md) -### [High-Level Architecture for MBAM 2.0](high-level-architecture-for-mbam-20-mbam-2.md) -### [Accessibility for MBAM 2.0](accessibility-for-mbam-20-mbam-2.md) -## [Planning for MBAM 2.0](planning-for-mbam-20-mbam-2.md) -### [Preparing your Environment for MBAM 2.0](preparing-your-environment-for-mbam-20-mbam-2.md) -#### [MBAM 2.0 Deployment Prerequisites](mbam-20-deployment-prerequisites-mbam-2.md) -#### [Planning for MBAM 2.0 Group Policy Requirements](planning-for-mbam-20-group-policy-requirements-mbam-2.md) -#### [Planning for MBAM 2.0 Administrator Roles](planning-for-mbam-20-administrator-roles-mbam-2.md) -### [Planning to Deploy MBAM 2.0](planning-to-deploy-mbam-20-mbam-2.md) -#### [MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md) -#### [Planning for MBAM 2.0 Server Deployment](planning-for-mbam-20-server-deployment-mbam-2.md) -#### [Planning for MBAM 2.0 Client Deployment](planning-for-mbam-20-client-deployment-mbam-2.md) -### [MBAM 2.0 Planning Checklist](mbam-20-planning-checklist-mbam-2.md) -## [Deploying MBAM 2.0](deploying-mbam-20-mbam-2.md) -### [Deploying the MBAM 2.0 Server Infrastructure](deploying-the-mbam-20-server-infrastructure-mbam-2.md) -#### [How to Install and Configure MBAM on a Single Server](how-to-install-and-configure-mbam-on-a-single-server-mbam-2.md) -#### [How to Install and Configure MBAM on Distributed Servers](how-to-install-and-configure-mbam-on-distributed-servers-mbam-2.md) -#### [How to Use a Command Line to Install the MBAM Server](how-to-use-a-command-line-to-install-the-mbam-server.md) -#### [How to Brand the Self-Service Portal](how-to-brand-the-self-service-portal.md) -### [Deploying MBAM 2.0 Group Policy Objects](deploying-mbam-20-group-policy-objects-mbam-2.md) -#### [How to Install the MBAM 2.0 Group Policy Template](how-to-install-the-mbam-20-group-policy-template-mbam-2.md) -#### [How to Edit MBAM 2.0 GPO Settings](how-to-edit-mbam-20-gpo-settings-mbam-2.md) -#### [How to Hide Default BitLocker Encryption in the Windows Control Panel](how-to-hide-default-bitlocker-encryption-in-the-windows-control-panel-mbam-2.md) -### [Deploying the MBAM 2.0 Client](deploying-the-mbam-20-client-mbam-2.md) -#### [How to Deploy the MBAM Client to Desktop or Laptop Computers](how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-2.md) -#### [How to Deploy the MBAM Client as Part of a Windows Deployment](how-to-deploy-the-mbam-client-as-part-of-a-windows-deployment-mbam-2.md) -#### [How to Use a Command Line to Install the MBAM Client](how-to-use-a-command-line-to-install-the-mbam-client.md) -### [MBAM 2.0 Deployment Checklist](mbam-20-deployment-checklist-mbam-2.md) -### [Upgrading from Previous Versions of MBAM](upgrading-from-previous-versions-of-mbam.md) -## [Operations for MBAM 2.0](operations-for-mbam-20-mbam-2.md) -### [Using MBAM with Configuration Manager](using-mbam-with-configuration-manager.md) -#### [Getting Started - Using MBAM with Configuration Manager](getting-started---using-mbam-with-configuration-manager.md) -#### [Planning to Deploy MBAM with Configuration Manager](planning-to-deploy-mbam-with-configuration-manager-2.md) -#### [Deploying MBAM with Configuration Manager](deploying-mbam-with-configuration-manager-mbam2.md) -##### [How to Create or Edit the mof Files](how-to-create-or-edit-the-mof-files.md) -###### [Edit the Configuration.mof File](edit-the-configurationmof-file.md) -###### [Create or Edit the Sms_def.mof File](create-or-edit-the-sms-defmof-file.md) -##### [How to Install MBAM with Configuration Manager](how-to-install-mbam-with-configuration-manager.md) -##### [How to Validate the MBAM Installation with Configuration Manager](how-to-validate-the-mbam-installation-with-configuration-manager.md) -#### [Understanding MBAM Reports in Configuration Manager](understanding-mbam-reports-in-configuration-manager.md) -### [Administering MBAM 2.0 Features](administering-mbam-20-features-mbam-2.md) -#### [How to Manage MBAM Administrator Roles](how-to-manage-mbam-administrator-roles-mbam-2.md) -#### [How to Manage User BitLocker Encryption Exemptions](how-to-manage-user-bitlocker-encryption-exemptions-mbam-2.md) -#### [How to Manage MBAM Client BitLocker Encryption Options by Using the Control Panel](how-to-manage-mbam-client-bitlocker-encryption-options-by-using-the-control-panel-mbam-2.md) -### [Monitoring and Reporting BitLocker Compliance with MBAM 2.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-20-mbam-2.md) -#### [Understanding MBAM Reports](understanding-mbam-reports-mbam-2.md) -#### [How to Generate MBAM Reports](how-to-generate-mbam-reports-mbam-2.md) -### [Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam-mbam-2.md) -#### [How to Use the Help Desk Portal](how-to-use-the-help-desk-portal.md) -#### [How to Reset a TPM Lockout](how-to-reset-a-tpm-lockout-mbam-2.md) -#### [How to Recover a Drive in Recovery Mode](how-to-recover-a-drive-in-recovery-mode-mbam-2.md) -#### [How to Recover a Moved Drive](how-to-recover-a-moved-drive-mbam-2.md) -#### [How to Recover a Corrupted Drive](how-to-recover-a-corrupted-drive-mbam-2.md) -#### [How to Determine BitLocker Encryption State of Lost Computers](how-to-determine-bitlocker-encryption-state-of-lost-computers-mbam-2.md) -#### [How to Use the Self-Service Portal to Regain Access to a Computer](how-to-use-the-self-service-portal-to-regain-access-to-a-computer.md) -#### [Helping End Users Manage BitLocker](helping-end-users-manage-bitlocker.md) -##### [Using Your PIN or Password](using-your-pin-or-password.md) -##### [About the Computer TPM Chip](about-the-computer-tpm-chip.md) -### [Maintaining MBAM 2.0](maintaining-mbam-20-mbam-2.md) -#### [High Availability for MBAM 2.0](high-availability-for-mbam-20-mbam-2.md) -#### [How to Move MBAM 2.0 Features to Another Computer](how-to-move-mbam-20-features-to-another-computer-mbam-2.md) -### [Security and Privacy for MBAM 2.0](security-and-privacy-for-mbam-20-mbam-2.md) -#### [MBAM 2.0 Security Considerations](mbam-20-security-considerations-mbam-2.md) -#### [MBAM 2.0 Privacy Statement](mbam-20-privacy-statement-mbam-2.md) -### [Administering MBAM 2.0 Using PowerShell](administering-mbam-20-using-powershell-mbam-2.md) -## [Troubleshooting MBAM 2.0](troubleshooting-mbam-20-mbam-2.md) - diff --git a/mdop/mbam-v2/about-mbam-20-mbam-2.md b/mdop/mbam-v2/about-mbam-20-mbam-2.md deleted file mode 100644 index 9fb055be15..0000000000 --- a/mdop/mbam-v2/about-mbam-20-mbam-2.md +++ /dev/null @@ -1,115 +0,0 @@ ---- -title: About MBAM 2.0 -description: About MBAM 2.0 -author: dansimp -ms.assetid: b43a0ba9-1c83-4854-a2c5-14eea0070e36 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# About MBAM 2.0 - - -Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 provides a simplified administrative interface to BitLocker drive encryption. BitLocker offers enhanced protection against data theft or data exposure for computers that are lost or stolen. BitLocker encrypts all data that is stored on the Windows operating system volume and configured data volumes. - -## About MBAM 2.0 - - -BitLocker Administration and Monitoring 2.0 enforces the BitLocker encryption policy options that you set for your enterprise, monitors the compliance of client computers with those policies, and reports on the encryption status of both the enterprise and the individual computers. In addition, MBAM lets you access the recovery key information when users forget their PIN or password, or when their BIOS or boot record changes. - -**Note**   -BitLocker is not covered in detail in this guide. For an overview of BitLocker, see [BitLocker Drive Encryption Overview](https://go.microsoft.com/fwlink/p/?LinkId=225013). - - - -The following groups might be interested in using MBAM to manage BitLocker: - -- Administrators, IT security professionals, and compliance officers who are responsible for ensuring that confidential data is not disclosed without authorization - -- Administrators who are responsible for computer security in remote or branch offices - -- Administrators who are responsible for client computers that are running Windows - -## What’s New in MBAM 2.0 - - -MBAM 2.0 provides the following new features and functionality. - -### Integration of System Center Configuration Manager with MBAM - -MBAM now supports integration with System Center Configuration Manager. This integration moves the MBAM compliance infrastructure into the native environment of Configuration Manager. IT administrators who use Configuration Manager in their enterprise can now view the compliance status of their enterprise in the Microsoft Management Console and drill into reports to view individual computers. - -### Hardware Compatibility is Available Only in the Configuration Manager Integration Topology - -Integrating Configuration Manager with MBAM enables Configuration Manager capabilities that allow or prohibit the use of certain hardware types with MBAM and provides more flexibility than the hardware compatibility that was available in MBAM 1.0. IT administrators can create their own collections to limit hardware and can deploy the MBAM configuration baseline to those collections. The MBAM hardware compatibility that was present in MBAM 1.0 is now available only in the MBAM Configuration Manager topology and is administered from Configuration Manager. - -### Protectors Flexible Policy - -Computers that are already encrypted with a protector (for example, TPM + PIN or Auto-Unlock and password) and that receive an MBAM policy that requires a subset of that encryption (for example, TPM or Auto-Unlock) are considered compliant. In the example above, PIN and password would not be removed automatically unless the IT administrator specifically defines these features as no longer allowed. - -Computers that are not encrypted and that receive an MBAM policy (for example, TPM or Auto-Unlock) are encrypted accordingly. Users who are local administrators are allowed to use the BitLocker tools (Control Panel item BitLocker Drive Encryption or Manage-bde) to add or modify the existing protectors (for example, TPM + PIN or Auto-Unlock and password). They remain compliant unless MBAM policies specifically define them. - -### Ability to Upgrade the MBAM Client - -The MBAM 2.0 Client Windows Installer detects the version of the existing client and performs the required steps to upgrade to the MBAM 2.0 Client from previous versions. - -### Ability to Upgrade the MBAM Server from Previous Versions - -You can upgrade the MBAM 2.0 Server infrastructure from previous versions of MBAM as follows: - -**Manual in-place server replacement** – You must manually uninstall the existing MBAM server infrastructure, and then install the MBAM 2.0 Server infrastructure. You do not have to remove the databases to do the upgrade. Instead, you select the existing databases, which the previous version of the MBAM Client created. The MBAM 2.0 upgrade installation then migrates the existing databases to MBAM 2.0. - -**Distributed client upgrade** – If you are using the Stand-alone MBAM topology, you can upgrade the MBAM Clients gradually after you install the MBAM 2.0 Server infrastructure. The MBAM 2.0 Server detects the version of the existing Client and performs the required steps to upgrade to the 2.0 Client. - -After you upgrade the MBAM 2.0 Server infrastructure, MBAM 1.0 Clients continue to report to the MBAM 2.0 Server successfully, escrowing recovery data, but compliance will be based on the policies in MBAM 1.0. You must upgrade clients to MBAM 2.0 to have client computers accurately report compliance against the MBAM 2.0 policies. You can upgrade the clients to the MBAM 2.0 Client without uninstalling the previous client, and the client will start to apply and report MBAM 2.0 policies. - -If you are using MBAM with Configuration Manager, you must upgrade the MBAM 1.0 clients to MBAM 2.0. - -### MBAM Support for BitLocker’s Enterprise Scenarios on the Windows 8 Platform - -MBAM supports the Windows 8 operating system as a target platform for the MBAM Client installation. This support enables IT administrators to install the MBAM agent, to encrypt Windows 8 operating system drives, and to report on the compliance of the computers. MBAM leverages the TPM and TPM+PIN protectors to manage the Windows 8 operating system just as it does the Windows 7 operating system. MBAM 2.0 also adds support for encrypting Windows To Go clients. - -### Addition of the Self-Service Portal - -End users can now use the Self-Service Portal to recover their recovery keys. The Self-Service Portal can be deployed on a single server with the other MBAM features, or on a separate server that gives IT administrators the flexibility to expose the Self-Server Portal to users, as required. After the Self-Service Portal authenticates users, users have to enter only the first eight digits of the recovery key ID to receive their recovery key. - -MBAM also secures the key by allowing users to recover keys only for those computers on which they are users, which reduces the risk that other users gain unauthorized access. - -### Ability to Automatically Resume BitLocker Protection from a Suspended State - -MBAM no longer allows IT administrators to keep BitLocker suspended and unprotected for prolonged periods of time. If an IT administrator suspends BitLocker, MBAM re-enables it automatically when the computer is rebooted, which reduces the risk that the computer can be attacked. - -### Fixed Data Drives Can Be Configured to Automatically Unlock Without a Password - -A Fixed Data Drive (FDD) policy can now be configured to allow automatic unlocking of the drive without a password. Users are not prompted for a password before the FDD is encrypted, and the FDD will be secured and auto-unlocked with the operating system drive. - -## MBAM 2.0 Release Notes - - -For more information, and for late-breaking news that is not included in the documentation, see the [Release Notes for MBAM 2.0](release-notes-for-mbam-20-mbam-2.md). - -## How to Get MBAM 2.0 - - -This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Enterprise customers can get MDOP with Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP?](https://go.microsoft.com/fwlink/p/?LinkId=322049) - -## Related topics - - -[Getting Started with MBAM 2.0](getting-started-with-mbam-20-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/about-mbam-20-sp1.md b/mdop/mbam-v2/about-mbam-20-sp1.md deleted file mode 100644 index cb1d4df6a7..0000000000 --- a/mdop/mbam-v2/about-mbam-20-sp1.md +++ /dev/null @@ -1,477 +0,0 @@ ---- -title: About MBAM 2.0 SP1 -description: About MBAM 2.0 SP1 -author: dansimp -ms.assetid: 5ba89ed8-bb6e-407b-82c2-e2e36dd1078e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# About MBAM 2.0 SP1 - -This topic describes the changes in Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 Service Pack 1 (SP1). For a general description of MBAM, see [Getting Started with MBAM 2.0](getting-started-with-mbam-20-mbam-2.md). - -## What’s new in MBAM 2.0 SP1 - -This version of MBAM provides the following new features and functionality. - -### Support for Windows 8.1, Windows Server 2012 R2, and System Center 2012 R2 Configuration Manager - -Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 Service Pack 1 (SP1) adds support for Windows 8.1, Windows Server 2012 R2, and System Center 2012 R2 Configuration Manager. - -### Support for Microsoft SQL Server 2008 R2 SP2 - -Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 Service Pack 1 (SP1) adds support for Microsoft SQL Server 2008 R2 SP2. You must use Microsoft SQL Server 2008 R2 or higher if you are running Microsoft System Center Configuration Manager 2007 R2. - -### Customer feedback rollup - -MBAM 2.0 SP1 includes a rollup of fixes to address issues that were found since the Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 release. As part of these changes, the Computer Name field now appears in the BitLocker Computer Compliance and BitLocker Enterprise Compliance Details reports when you run MBAM with Microsoft System Center Configuration Manager 2007. - -### Firewall exception must be set on ports for the Self-Service Portal and the Administration and Monitoring website - -When you configure the Self-Service Portal and the Administration and Monitoring website, you must set a firewall exception to enable communication through the specified ports. Previously, the MBAM server installation opened the ports automatically in Windows Firewall. - -### Location of MBAM reports has changed in Configuration Manager - -MBAM reports for the Configuration Manager integrated topology are now available under subfolders within the MBAM node. The subfolder names represent the language of the reports within the subfolder. - -### Ability to install MBAM on a primary site server when you install MBAM with Configuration Manager - -You can install MBAM on a primary site server or a central administration site server when you install MBAM with the Configuration Manager integrated topology. Previously, you were required to install MBAM on a central administration site server. - -**Important** -The server on which you install MBAM must be the top-tier server in your hierarchy. - - - -The MBAM installation works differently for Microsoft System Center Configuration Manager 2007 and Microsoft System Center 2012 Configuration Manager as follows: - -- **Configuration Manager 2007** : If you install MBAM on a primary site server that is part of a larger Configuration Manager hierarchy and has a central site parent server, MBAM resolves the central site parent server and performs all of the installation actions on that parent server. The installation actions include checking prerequisites and installing the Configuration Manager objects and reports. For example, if you install MBAM on a primary site server that is a child of a central site parent server, MBAM installs all of the Configuration Manager objects and reports on the parent server. If you install MBAM on the parent server, MBAM performs all of the installation actions on that parent server. - -- **System Center 2012 Configuration Manager** : If you install MBAM on a primary site server or on a central administration server, MBAM performs all of the installation actions on that site server. - -### Configuration Manager Console must be installed on the computer on which you install the MBAM Server - -When you install MBAM with the Configuration Manager integrated topology, you must install the Configuration Manager Console on the same computer on which MBAM will be installed. If you use the recommended architecture, which is described in [Getting Started - Using MBAM with Configuration Manager](getting-started---using-mbam-with-configuration-manager.md), you would install MBAM on the Configuration Manager Primary Site Server. - -### New setup command-line parameters for the Configuration Manager integrated topology - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
Command-Line ParameterDescriptionExample

CM_SSRS_REMOTE_SERVER_NAME

Enables you to install the Configuration Manager reports on a remote SQL Server Reporting Services (SSRS) server that is part of the same Configuration Manager site to which MBAM is installed. You can set the value to the fully qualified domain name of the remote SSRS point role server.

MbamSetup.exe CM_SSRS_REMOTE_SERVER_NAME=ssrsServer.Contoso.com

CM_REPORTS_ONLY

Enables you to install only the Configuration Manager reports, without other Configuration Manager objects, such as the baseline, collection, and configuration items.

-
-Note

You must combine this parameter with the CM_REPORTS_COLLECTION_ID parameter.

-
-
- -
-

Valid parameter values:

-
    -

  • True

    • -

  • False

    • -
-

You can combine this parameter with the CM_SSRS_REMOTE_SERVER_NAME parameter if you want to install the reports only to a remote SSRS point role server.

-

If you do not set the parameter or if you set it to False, MBAM Setup installs all of the Configuration Manager objects, including the reports.

MbamSetup.exe CM_REPORTS_ONLY=True

-

CM_REPORTS_COLLECTION_ID=SMS00001

CM_REPORTS_COLLECTION_ID

An existing collection ID that identifies the collection for which reporting compliance data will be displayed. You can specify any collection ID. You are not required to use the “MBAM Supported Computers” collection ID.

MbamSetup.exe CM_REPORTS_ONLY=True

-

CM_REPORTS_COLLECTION_ID=SMS00001

- - - -### Ability to turn Self-Service Portal notice text on or off - -MBAM 2.0 SP1 enables you to turn off the notice text on the Self-Service Portal. Previously, the notice text displayed by default, and you could not turn it off. - -**To turn off the notice text** - -1. On the server where you installed the Self-Service Portal, open Internet Information Services (IIS) and browse to **Sites > Microsoft BitLocker Administration and Monitoring > SelfService > Application Settings**. - -2. From the **Name** column, select **DisplayNotice**, and set the value to **false**. - -### Ability to localize the HelpdeskText statement that points users to more Self-Service Portal information - -You can configure a localized version of the Self-Service Portal “HelpdeskText” statement, which tells end users how to get additional help when they are using the Self-Service Portal. If you configure localized text for the statement, as described in the following instructions, MBAM will display the localized version. If MBAM does not find the localized version, it displays the value that is in the **HelpdeskText** parameter. - -**To display a localized version of the HelpdeskText statement** - -1. On the server where you installed the Self-Service Portal, open IIS and browse to **Sites > Microsoft BitLocker Administration and Monitoring > SelfService > Application Settings**. - -2. In the **Actions** pane, click **Add** to open the **Add Application Setting** dialog box. - -3. In the **Name** field, type **HelpdeskText**\_<*language*>, where <*language*> is the appropriate language code for the text. For example, to create a localized HelpdeskText statement in Spanish, you would name the parameter HelpdeskText\_es-es. For a list of the valid language codes that you can use, see [National Language Support (NLS) API Reference](https://go.microsoft.com/fwlink/?LinkId=317947). - -4. In the **Value** field, type the localized text that you want to display to end users. - -### Ability to localize the Self-Service Portal HelpdeskURL - -You can configure a localized version of the Self-Service Portal HelpdeskURL to display to end users by default. If you create a localized version, as described in the following instructions, MBAM finds and displays the localized version. If MBAM does not find a localized version, it displays the URL that is configured for the HelpDeskURL parameter. - -**To display a localized HelpdeskURL** - -1. On the server where you installed the Self-Service Portal, open IIS and browse to **Sites > Microsoft BitLocker Administration and Monitoring > SelfService > Application Settings**. - -2. In the **Actions** pane, click **Add** to open the **Add Application Setting** dialog box. - -3. In the **Name** field, type **HelpdeskURL**\_<*language*>, where <*language*> is the appropriate language code for the URL. For example, to create a localized HelpdeskURL in Spanish, you would name the parameter HelpdeskURL\_es-es. For a list of the valid language codes you can use, see [National Language Support (NLS) API Reference](https://go.microsoft.com/fwlink/?LinkId=317947). - -4. In the **Value** field, type the localized HelpdeskURL that you want to display to end users. - -### Ability to localize the Self-Service Portal notice text - -You can configure localized notice text to display to end users by default in the Self-Service Portal. The notice.txt file, which displays the notice text, is located in the following root directory: - -<*MBAM Self-Service Install Directory*>\\Self Service Website\\ - -To display localized notice text, you create a localized notice.txt file and save it under a specific language folder in the following directory: - -<*MBAM Self-Service Install Directory*>\\Self Service Website\\ - -MBAM displays the notice text, based on the following rules: - -- If you create a localized notice.txt file in the appropriate language folder, MBAM displays the localized notice text. - -- If MBAM does not find a localized version of the notice.txt file, it displays the text in the default notice.txt file. - -- If MBAM does not find a default notice.txt file, it displays the default text in the Self-Service Portal. - -**Note** -If an end user’s browser is set to a language that does not have a corresponding language subfolder or notice.txt, the text that is in the notice.txt file in the following root directory is displayed: - -<*MBAM Self-Service Install Directory*>\\Self Service Website\\ - - - -**To create a localized notice.txt file** - -1. On the server where you installed the Self-Service Portal, create a <*language*> folder in the following directory, where <*language*> represents the name of the localized language: - - <*MBAM Self-Service Install Directory*>\\Self Service Website\\ - - **Note** - Some language folders already exist, so you may not have to create one. If you do need to create a language folder, see [National Language Support (NLS) API Reference](https://go.microsoft.com/fwlink/?LinkId=317947) for a list of the valid names that you can use for the <*language*> folder. - - - -2. Create a notice.txt file that contains the localized notice text. - -3. Save the notice.txt file in the <*language*> folder. For example, to create a localized notice.txt file in Spanish, you would save the localized notice.txt file in the following folder: - - <*MBAM Self-Service Install Directory*>\\Self Service Website\\es-es - -## Upgrading to MBAM 2.0 SP1 - - -You can upgrade to MBAM 2.0 SP1 from any previous version of MBAM. - -### Upgrading the MBAM infrastructure - -You can upgrade the MBAM Server infrastructure to MBAM 2.0 SP1 as follows: - -**Manual in-place server replacement**: You must manually uninstall the existing MBAM Server infrastructure, and then install the MBAM 2.0 SP1 Server infrastructure. You do not have to remove the databases to do the upgrade. Instead, you select the existing databases, which the previous version of MBAM created. The MBAM 2.0 SP1 upgrade installation then migrates the existing databases to MBAM 2.0 SP1. - -**Distributed client upgrade**: If you are using the Stand-alone MBAM topology, you can upgrade the MBAM Clients gradually after you install the MBAM 2.0 SP1 Server infrastructure. - -After you upgrade the MBAM Server infrastructure, MBAM 1.0 or 2.0 Clients will report to the MBAM 2.0 SP1 Server successfully and will store the recovery data, but compliance will be based on the policies available for the MBAM Client version that is currently installed. To enable reporting against MBAM 2.0 SP1 policies, you must upgrade client computers to MBAM 2.0 SP1. You can upgrade the client computers to the MBAM 2.0 SP1 Client without uninstalling the previous Client, and the Client will start to apply and report, based on the MBAM 2.0 SP1 policies. - -For more information about upgrading the MBAM servers, see [Upgrading from Previous Versions of MBAM](upgrading-from-previous-versions-of-mbam.md). - -### Upgrading the MBAM Client to MBAM 2.0 SP1 - -To upgrade end-user computers to the MBAM 2.0 SP1 Client, run **MbamClientSetup.exe** on each client computer. The installer automatically updates the Client to the MBAM 2.0 SP1 Client. After the installation, client computers do not have to be rebooted, and the MBAM 2.0 SP1 Client starts to apply and report against MBAM 2.0 SP1 policies. - -If you are using MBAM with Configuration Manager, you must upgrade the MBAM client computers to MBAM 2.0 SP1. - -For more information about upgrading the MBAM client computers, see [Upgrading from Previous Versions of MBAM](upgrading-from-previous-versions-of-mbam.md). - -## Installing or upgrading to MBAM 2.0 SP1 with Configuration Manager - - -This section describes the requirements when you are installing MBAM 2.0 SP1 as a new installation or as an upgrade to a previous MBAM 2.0 SP1 installation. - -### Required files for installing MBAM 2.0 SP1 if you are using MBAM with Configuration Manager - -If you are installing MBAM for the first time and you are using MBAM 2.0 SP1 with System Center Configuration Manager, you must create or edit mof files to enable MBAM to work correctly with Configuration Manager. - -- **configuration.mof file** - - - If you are using Configuration Manager 2007, you must edit the configuration.mof file by completing step 3 from the item **Update the configuration.mof file if you upgrade to MBAM 2.0 SP1 and you are using MBAM with Configuration Manager 2007**, which follows this item. - - - If you are using System Center 2012 Configuration Manager, edit the configuration.mof file by following the instructions in [Edit the Configuration.mof File](edit-the-configurationmof-file.md). - -- **sms\_def.mof file** – follow the instructions in [Create or Edit the Sms\_def.mof File](create-or-edit-the-sms-defmof-file.md). - -### Update the configuration.mof file if you upgrade to MBAM 2.0 SP1 and you are using MBAM with Configuration Manager 2007 - -If you are upgrading to MBAM 2.0 SP1 and you are using MBAM with Configuration Manager 2007, you must update the configuration.mof file to ensure that MBAM 2.0 SP1 works correctly. - -**To update the configuration.mof file:** - -1. On the Configuration Manager Server, browse to the location of the Configuration.mof file: - - <CMInstallLocation>\\Inboxes\\clifiles.src\\hinv\\ - - On a default installation, the installation location is %systemdrive%\\Program Files (x86)\\Microsoft Configuration Manager. - -2. Review the block of code that you appended to the configuration.mof file, and delete it. The block of code will be similar to the one shown in the following step. - -3. Copy the following block of code, and then append it to the configuration.mof file to add the following required MBAM classes to the file: - - ``` syntax - //=================================================== - // Microsoft BitLocker Administration and Monitoring - //=================================================== - - # pragma namespace ("\\\\.\\root\\cimv2") - # pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) - - [Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")] - class Win32_BitLockerEncryptionDetails - { - [PropertySources{"DeviceId"},key] - String DeviceId; - [PropertySources{"BitlockerPersistentVolumeId"}] - String BitlockerPersistentVolumeId; - [PropertySources{"BitLockerManagementPersistentVolumeId"}] - String MbamPersistentVolumeId; - //UNKNOWN = 0, OS_Volume = 1, FIXED_VOLUME = 2, REMOVABLE_VOLUME = 3 - [PropertySources{"BitLockerManagementVolumeType"}] - SInt32 MbamVolumeType; - [PropertySources{"DriveLetter"}] - String DriveLetter; - //VOLUME_NOT_COMPLIANT = 0, VOLUME_COMPLIANT = 1, NOT_APPLICABLE = 2 - [PropertySources{"Compliant"}] - SInt32 Compliant; - [PropertySources{"ReasonsForNonCompliance"}] - SInt32 ReasonsForNonCompliance[]; - [PropertySources{"KeyProtectorTypes"}] - SInt32 KeyProtectorTypes[]; - [PropertySources{"EncryptionMethod"}] - SInt32 EncryptionMethod; - [PropertySources{"ConversionStatus"}] - SInt32 ConversionStatus; - [PropertySources{"ProtectionStatus"}] - SInt32 ProtectionStatus; - [PropertySources{"IsAutoUnlockEnabled"}] - Boolean IsAutoUnlockEnabled; - }; - - # pragma namespace ("\\\\.\\root\\cimv2") - # pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL) - [DYNPROPS] - Class Win32Reg_MBAMPolicy - { - [key] - string KeyName; - - //General encryption requirements - UInt32 OsDriveEncryption; - UInt32 FixedDataDriveEncryption; - UInt32 EncryptionMethod; - - //Required protectors properties - UInt32 OsDriveProtector; - UInt32 FixedDataDriveAutoUnlock; - UInt32 FixedDataDrivePassphrase; - - //MBAM agent fields - Uint32 MBAMPolicyEnforced; - string LastConsoleUser; - datetime UserExemptionDate; - UInt32 MBAMMachineError; - - // Encoded computer name - string EncodedComputerName; - }; - - [DYNPROPS] - Instance of Win32Reg_MBAMPolicy - { - KeyName="BitLocker policy"; - - //General encryption requirements - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")] - OsDriveEncryption; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")] - FixedDataDriveEncryption; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")] - EncryptionMethod; - - //Required protectors properties - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")] - OsDriveProtector; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")] - FixedDataDriveAutoUnlock; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")] - FixedDataDrivePassphrase; - - //MBAM agent fields - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")] - MBAMPolicyEnforced; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")] - LastConsoleUser; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")] - UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")] - MBAMMachineError; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")] - EncodedComputerName; - }; - - # pragma namespace ("\\\\.\\root\\cimv2") - # pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL) - [DYNPROPS] - Class Win32Reg_MBAMPolicy_64 - { - [key] - string KeyName; - - //General encryption requirements - UInt32 OsDriveEncryption; - UInt32 FixedDataDriveEncryption; - UInt32 EncryptionMethod; - - //Required protectors properties - UInt32 OsDriveProtector; - UInt32 FixedDataDriveAutoUnlock; - UInt32 FixedDataDrivePassphrase; - - //MBAM agent fields - Uint32 MBAMPolicyEnforced; - string LastConsoleUser; - datetime UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU - UInt32 MBAMMachineError; - - // Encoded computer name - string EncodedComputerName; - }; - - [DYNPROPS] - Instance of Win32Reg_MBAMPolicy_64 - { - KeyName="BitLocker policy 64"; - - //General encryption requirements - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")] - OsDriveEncryption; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")] - FixedDataDriveEncryption; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")] - EncryptionMethod; - - //Required protectors properties - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")] - OsDriveProtector; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")] - FixedDataDriveAutoUnlock; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")] - FixedDataDrivePassphrase; - - //MBAM agent fields - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")] - MBAMPolicyEnforced; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")] - LastConsoleUser; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")] - UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")] - MBAMMachineError; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")] - EncodedComputerName; - }; - - # pragma namespace ("\\\\.\\root\\cimv2") - # pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL) - [Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, - dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] - class CCM_OperatingSystemExtended - { - [PropertySources{"Name"},key] - string Name; - [PropertySources{"OperatingSystemSKU"}] - uint32 SKU; - }; - - # pragma namespace ("\\\\.\\root\\cimv2") - # pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL) - [Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, - dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] - class CCM_ComputerSystemExtended - { - [PropertySources{"Name"},key] - string Name; - [PropertySources{"PCSystemType"}] - uint16 PCSystemType; - }; - - //======================================================= - // Microsoft BitLocker Administration and Monitoring end - //======================================================= - - ``` - -### Translation of MBAM 2.0 SP1 - -MBAM 2.0 SP1 is now available in the following languages: - -- English (United States) en-US -- French (France) fr-FR -- Italian (Italy) it-IT -- German (Germany) de-DE -- Spanish, International Sort (Spain) es-ES -- Korean (Korea) ko-KR -- Japanese (Japan) ja-JP -- Portuguese (Brazil) pt-BR -- Russian (Russia) ru-RU -- Chinese Traditional zh-TW -- Chinese Simplified zh-CN - -## How to Get MDOP Technologies - -MBAM 2.0 SP1 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049). - -## Related topics - -[Release Notes for MBAM 2.0 SP1](release-notes-for-mbam-20-sp1.md) - - - - - - - - - diff --git a/mdop/mbam-v2/about-the-computer-tpm-chip.md b/mdop/mbam-v2/about-the-computer-tpm-chip.md deleted file mode 100644 index 8c951c73f2..0000000000 --- a/mdop/mbam-v2/about-the-computer-tpm-chip.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: About the Computer TPM Chip -description: About the Computer TPM Chip -author: dansimp -ms.assetid: 6f1cf18c-277a-4932-886d-14202ca8d175 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About the Computer TPM Chip - - -BitLocker provides additional protection when it is used with a Trusted Platform Module (TPM) chip. The TPM chip is a hardware component that is installed in many newer computers by the computer manufacturers. Microsoft BitLocker Administration and Monitoring (MBAM) uses BitLocker, in addition to the TPM chip, to help provide additional protection of your data and to make sure that your computer has not been tampered with. - -## How to Set Up Your TPM - - -When you start the BitLocker Drive Encryption wizard on your computer, BitLocker checks for a TPM chip if your organization has configured BitLocker to use a TPM chip. If BitLocker finds a compatible TPM chip, you may be prompted to restart your computer to enable the TPM chip for use. As soon as your computer has restarted, follow the instructions to configure the TPM chip in the BIOS (the BIOS is a pre-Windows layer of your computer software). - -After BitLocker is configured, you can access additional information about the TPM chip by opening the BitLocker Encryption Options tool in the Windows Control Panel, and then selecting **TPM Administration**. - -**Note**   -You must have administrative credentials on your computer to access this tool. - - - -In a TPM failure, a change in the BIOS, or certain Windows Updates, BitLocker will lock your computer and require you to contact your Help Desk to unlock it. You have to provide the name of your computer as well as your computer’s domain. Help Desk can give you a password file that can be used to unlock your computer. - -## Troubleshooting TPM Issues - - -If a TPM failure, change in the BIOS, or certain Windows Updates occur, BitLocker will lock your computer and require you to contact your Help Desk to unlock it. You have to provide the name of your computer as well as your computer’s domain. The Help Desk can give you a password file that you can use to unlock your computer. - -## Related topics - - -[Helping End Users Manage BitLocker](helping-end-users-manage-bitlocker.md) - -[Using Your PIN or Password](using-your-pin-or-password.md) - - - - - - - - - diff --git a/mdop/mbam-v2/accessibility-for-mbam-20-mbam-2.md b/mdop/mbam-v2/accessibility-for-mbam-20-mbam-2.md deleted file mode 100644 index 0103e4791e..0000000000 --- a/mdop/mbam-v2/accessibility-for-mbam-20-mbam-2.md +++ /dev/null @@ -1,106 +0,0 @@ ---- -title: Accessibility for MBAM 2.0 -description: Accessibility for MBAM 2.0 -author: dansimp -ms.assetid: 9cd628f1-f594-43ab-8095-4663272940a9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Accessibility for MBAM 2.0 - - -Microsoft is committed to making its products and services easier for everyone to use. This section provides information about features and services that make this product and its corresponding documentation more accessible for people with disabilities. - -## Access Any Command with a Few Keystrokes - - -Access keys let you quickly use a command by pressing a few keys. You can get to most commands by using two keystrokes. To use an access key: - -1. Press ALT. - - The keyboard shortcuts are displayed over each feature that is available in the current view. - -2. Press the letter shown in the keyboard shortcut over the feature that you want to use. - -**Note**   -To cancel the action that you are taking and hide the keyboard shortcuts, press ALT. - - - -## Documentation in Alternative Formats - - -If you have difficulty reading or handling printed materials, you can obtain the documentation for many Microsoft products in more accessible formats. You can view an index of accessible product documentation on the Microsoft Accessibility website. In addition, you can obtain additional Microsoft publications from Learning Ally (formerly Recording for the Blind & Dyslexic, Inc.). Learning Ally distributes these documents to registered, eligible members of their distribution service. - -For information about the availability of Microsoft product documentation and books from Microsoft Press, contact: - - ---- - - - - - - - - - - - - - - - - - - - - - - -

Learning Ally (formerly Recording for the Blind & Dyslexic, Inc.)

-

20 Roszel Road

-

Princeton, NJ 08540

Telephone number from within the United States:

(800) 221-4792

Telephone number from outside the United States and Canada:

(609) 452-0606

Fax:

(609) 987-8116

http://www.learningally.org/

Web addresses can change, so you might be unable to connect to the website or sites mentioned here.

- - - -## Customer Service for People with Hearing Impairments - - -If you are deaf or hard-of-hearing, complete access to Microsoft product and customer services is available through a text telephone (TTY/TDD) service: - -- For customer service, contact Microsoft Sales Information Center at (800) 892-5234 between 6:30 AM and 5:30 PM Pacific Time, Monday through Friday, excluding holidays. - -- For technical assistance in the United States, contact Microsoft Product Support Services at (800) 892-5234 between 6:00 AM and 6:00 PM Pacific Time, Monday through Friday, excluding holidays. In Canada, dial (905) 568-9641 between 8:00 AM and 8:00 PM Eastern Time, Monday through Friday, excluding holidays. - -Microsoft Support Services are subject to the prices, terms, and conditions in place at the time the service is used. - -## For More Information - - -For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431). - -## Related topics - - -[Getting Started with MBAM 2.0](getting-started-with-mbam-20-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/administering-mbam-20-features-mbam-2.md b/mdop/mbam-v2/administering-mbam-20-features-mbam-2.md deleted file mode 100644 index fc6335b69f..0000000000 --- a/mdop/mbam-v2/administering-mbam-20-features-mbam-2.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -title: Administering MBAM 2.0 Features -description: Administering MBAM 2.0 Features -author: dansimp -ms.assetid: 065e0704-069e-4372-9b86-0b57dd7638dd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Administering MBAM 2.0 Features - - -After completing all necessary planning and then deploying Microsoft BitLocker Administration and Monitoring (MBAM), you can configure and use it to manage BitLocker encryption across the enterprise The information in this section describes post-installation day-to-day Microsoft BitLocker Administration and Monitoring feature operations tasks. - -## Manage MBAM Administrator Roles - - -After MBAM Setup is complete for all server features, administrative users have to be granted access to them. As a best practice, administrators who will manage or use MBAM server features should be assigned to Active Directory Domain Services security groups, and then those groups should be added to the appropriate MBAM administrative local group. - -[How to Manage MBAM Administrator Roles](how-to-manage-mbam-administrator-roles-mbam-2.md) - -## Manage BitLocker Encryption Exemptions - - -MBAM lets you grant encryption exemptions to specific users who do not need or want their drives encrypted. Computer exemption is typically used when a company has computers that do not have to be encrypted, such as computers that are used in development or testing, or older computers that do not support BitLocker. In some cases, local law may also require that certain computers are not encrypted. - -[How to Manage User BitLocker Encryption Exemptions](how-to-manage-user-bitlocker-encryption-exemptions-mbam-2.md) - -## Manage MBAM Client BitLocker Encryption Options by Using the Control Panel - - -MBAM provides a custom control panel, called BitLocker Encryption Options, that will appear under **System and Security**. The MBAM control panel can be used to unlock encrypted fixed and removable drives, and also manage your PIN or password. - -**Note**   -This customized control panel does not replace the default Windows BitLocker control panel. - - - -[How to Manage MBAM Client BitLocker Encryption Options by Using the Control Panel](how-to-manage-mbam-client-bitlocker-encryption-options-by-using-the-control-panel-mbam-2.md) - -## Other Resources for Administering MBAM Features - - -[Operations for MBAM 2.0](operations-for-mbam-20-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/administering-mbam-20-using-powershell-mbam-2.md b/mdop/mbam-v2/administering-mbam-20-using-powershell-mbam-2.md deleted file mode 100644 index 87d58f9e89..0000000000 --- a/mdop/mbam-v2/administering-mbam-20-using-powershell-mbam-2.md +++ /dev/null @@ -1,72 +0,0 @@ ---- -title: Administering MBAM 2.0 Using PowerShell -description: Administering MBAM 2.0 Using PowerShell -author: dansimp -ms.assetid: d785a8df-0a8c-4d70-abd2-93a762b4f3de -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Administering MBAM 2.0 Using PowerShell - - -Microsoft BitLocker Administration and Monitoring (MBAM) provides the following listed set of Windows PowerShell cmdlets. Administrators can use these PowerShell cmdlets to perform various Microsoft BitLocker Administration and Monitoring server tasks from the command line rather than from the MBAM administration website. - -## How to Administer MBAM Using PowerShell - - -Use the PowerShell cmdlets described here to administer MBAM. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
NameDescription

Install-Mbam

Installs the MBAM features that provide advanced policy, encryption, key recovery, and compliance reporting.

Uninstall-Mbam

Removes the MBAM features that provide advanced policy, encryption, key recovery, and compliance reporting tools.

Get-MbamBitLockerRecoveryKey

Requests an MBAM recovery key that will enable users to unlock a computer or encrypted drive.

Get-MbamTPMOwnerPassword

Provides users with a TPM owner password that they can use to unlock a Trusted Platform Module (TPM) when the TPM has locked them out and will no longer accept their PIN.

- -  - -## Related topics - - -[Operations for MBAM 2.0](operations-for-mbam-20-mbam-2.md) - -  - -  - - - - - diff --git a/mdop/mbam-v2/create-or-edit-the-sms-defmof-file.md b/mdop/mbam-v2/create-or-edit-the-sms-defmof-file.md deleted file mode 100644 index 9d05e02689..0000000000 --- a/mdop/mbam-v2/create-or-edit-the-sms-defmof-file.md +++ /dev/null @@ -1,381 +0,0 @@ ---- -title: Create or Edit the Sms\_def.mof File -description: Create or Edit the Sms\_def.mof File -author: dansimp -ms.assetid: d1747e43-484e-4031-a63b-6342fe588aa2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/04/2017 ---- - - -# Create or Edit the Sms\_def.mof File - - -To enable the client computers to report BitLocker compliance details through the MBAM Configuration Manager reports, you have to create or edit the Sms\_def.mof file. - -If you are using System Center 2012 Configuration Manager, you must create the file. - -In Configuration Manager 2007, the file already exists, so you only have to edit it. **Do not overwrite the existing file**. - -In the following sections, complete the instructions that correspond to the version of Configuration Manager that you are using. - -**To create the Sms\_def.mof file for System Center 2012 Configuration Manager** - -1. On the Configuration Manager Server, browse to the location where you have to create the Sms\_def.mof file, for example, the Desktop. - -2. Create a text file called **Sms\_def.mof** and copy the following code to populate the file with the following Sms\_def.mof MBAM classes: - - ``` syntax - //=================================================== - // Microsoft BitLocker Administration and Monitoring - //=================================================== - - #pragma namespace ("\\\\.\\root\\cimv2\\SMS") - #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) - [ SMS_Report (TRUE), - SMS_Group_Name ("BitLocker Encryption Details"), - SMS_Class_ID ("MICROSOFT|BITLOCKER_DETAILS|1.0")] - class Win32_BitLockerEncryptionDetails : SMS_Class_Template - { - [ SMS_Report (TRUE), key ] - String DeviceId; - [ SMS_Report (TRUE) ] - String BitlockerPersistentVolumeId; - [ SMS_Report (TRUE) ] - String MbamPersistentVolumeId; - [ SMS_Report (TRUE) ] - //UNKNOWN = 0, OS_Volume = 1, FIXED_VOLUME = 2, REMOVABLE_VOLUME = 3 - SInt32 MbamVolumeType; - [ SMS_Report (TRUE) ] - String DriveLetter; - [ SMS_Report (TRUE) ] - //VOLUME_NOT_COMPLIANT = 0, VOLUME_COMPLIANT = 1, NOT_APPLICABLE = 2 - SInt32 Compliant; - [ SMS_Report (TRUE) ] - SInt32 ReasonsForNonCompliance[]; - [ SMS_Report (TRUE) ] - SInt32 KeyProtectorTypes[]; - [ SMS_Report (TRUE) ] - SInt32 EncryptionMethod; - [ SMS_Report (TRUE) ] - SInt32 ConversionStatus; - [ SMS_Report (TRUE) ] - SInt32 ProtectionStatus; - [ SMS_Report (TRUE) ] - Boolean IsAutoUnlockEnabled; - }; - #pragma namespace ("\\\\.\\root\\cimv2\\SMS") - - #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL) - [ SMS_Report(TRUE), - SMS_Group_Name("BitLocker Policy"), - SMS_Class_ID("MICROSOFT|MBAM_POLICY|1.0")] - - Class Win32Reg_MBAMPolicy: SMS_Class_Template - { - [SMS_Report(TRUE),key] - string KeyName; - - //General encryption requirements - [SMS_Report(TRUE)] - UInt32 OsDriveEncryption; - [ SMS_Report (TRUE) ] - UInt32 FixedDataDriveEncryption; - [ SMS_Report (TRUE) ] - UInt32 EncryptionMethod; - - //Required protectors properties - [ SMS_Report (TRUE) ] - UInt32 OsDriveProtector; - [ SMS_Report (TRUE) ] - UInt32 FixedDataDriveAutoUnlock; - [ SMS_Report (TRUE) ] - UInt32 FixedDataDrivePassphrase; - - //MBAM agent fields - //Policy not enforced (0), enforced (1), pending user exemption request (2) or exempted user (3) - [SMS_Report(TRUE)] - Uint32 MBAMPolicyEnforced; - [SMS_Report(TRUE)] - string LastConsoleUser; - //Date of the exemption request of the last logged on user, - //or the first date the exemption was granted to him on this machine. - [SMS_Report(TRUE)] - datetime UserExemptionDate; - //Errors encountered by MBAM agent. - [ SMS_Report (TRUE) ] - UInt32 MBAMMachineError; - [ SMS_Report (TRUE) ] - string EncodedComputerName; - }; - - //Read Win32_OperatingSystem.SKU WMI property in a new class - because SKU is not available before Vista. - #pragma namespace ("\\\\.\\root\\cimv2\\SMS") - #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL) - [ SMS_Report (TRUE), - SMS_Group_Name ("Operating System Ex"), - SMS_Class_ID ("MICROSOFT|OPERATING_SYSTEM_EXT|1.0") ] - class CCM_OperatingSystemExtended : SMS_Class_Template - { - [SMS_Report (TRUE), key ] - string Name; - [SMS_Report (TRUE) ] - uint32 SKU; - }; - - //Read Win32_ComputerSystem.PCSystemType WMI property in a new class - because PCSystemType is not available before Vista. - #pragma namespace ("\\\\.\\root\\cimv2\\SMS") - #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL) - [ SMS_Report (TRUE), - SMS_Group_Name ("Computer System Ex"), - SMS_Class_ID ("MICROSOFT|COMPUTER_SYSTEM_EXT|1.0") ] - class CCM_ComputerSystemExtended : SMS_Class_Template - { - [SMS_Report (TRUE), key ] - string Name; - [SMS_Report (TRUE) ] - uint16 PCSystemType; - }; - //======================================================= - // Microsoft BitLocker Administration and Monitoring end - //======================================================= - ``` - -3. Import the **Sms\_def.mof** file by doing the following: - - 1. Open the **System Center 2012 Configuration Manager console** and select the **Administration** tab. - - 2. On the **Administration** tab, select **Client Settings**. - - 3. Right-click **Default Client Settings**, and then select **Properties**. - - 4. In the **Default Settings** window, select **Hardware Inventory**. - - 5. Click **Set Classes**, and then click **Import**. - - 6. In the browser that opens, select your **.mof** file, and then click **Open**. The **Import Summary** window opens. - - 7. In the **Import Summary** window, ensure that the option to import both hardware inventory classes and class settings is selected, and then click **Import**. - - 8. In both the **Hardware Inventory Classes** window and the **Default Settings** window, click **OK**. - -4. Enable the **Win32\_Tpm** class as follows: - - 1. Open the **System Center 2012 Configuration Manager console** and select the **Administration** tab. - - 2. On the **Administration** tab, select **Client Settings**. - - 3. Right-click **Default Client Settings**, and then select **Properties**. - - 4. In the **Default Settings** window, select **Hardware Inventory**. - - 5. Click **Set Classes**. - - 6. In the main window, scroll down, and then select the **TPM (Win32\_Tpm)** class. - - 7. Under **TPM**, ensure that the **SpecVersion** property is selected. - - 8. In both the **Hardware Inventory Classes** window and the **Default Settings** window, click **OK**. - -**To edit the sms\_def.mof file for Configuration Manager 2007** - -1. On the Configuration Manager Server, browse to the location of the **sms\_def.mof** file: - - <CMInstallLocation>\\Inboxes\\clifiles.src\\hinv\\ - - On a default installation, the installation location is %systemdrive% \\Program Files (x86)\\Microsoft Configuration Manager. - -2. Copy the following code, and then append it to **Sms\_def.mof** file to add the following required MBAM classes to the file: - - ``` syntax - //=================================================== - // Microsoft BitLocker Administration and Monitoring - //=================================================== - - #pragma namespace ("\\\\.\\root\\cimv2\\SMS") - #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) - [ SMS_Report (TRUE), - SMS_Group_Name ("BitLocker Encryption Details"), - SMS_Class_ID ("MICROSOFT|BITLOCKER_DETAILS|1.0")] - class Win32_BitLockerEncryptionDetails : SMS_Class_Template - { - [ SMS_Report (TRUE), key ] - String DeviceId; - [ SMS_Report (TRUE) ] - String BitlockerPersistentVolumeId; - [ SMS_Report (TRUE) ] - String MbamPersistentVolumeId; - [ SMS_Report (TRUE) ] - //UNKNOWN = 0, OS_Volume = 1, FIXED_VOLUME = 2, REMOVABLE_VOLUME = 3 - SInt32 MbamVolumeType; - [ SMS_Report (TRUE) ] - String DriveLetter; - [ SMS_Report (TRUE) ] - //VOLUME_NOT_COMPLIANT = 0, VOLUME_COMPLIANT = 1, NOT_APPLICABLE = 2 - SInt32 Compliant; - [ SMS_Report (TRUE) ] - SInt32 ReasonsForNonCompliance[]; - [ SMS_Report (TRUE) ] - SInt32 KeyProtectorTypes[]; - [ SMS_Report (TRUE) ] - SInt32 EncryptionMethod; - [ SMS_Report (TRUE) ] - SInt32 ConversionStatus; - [ SMS_Report (TRUE) ] - SInt32 ProtectionStatus; - [ SMS_Report (TRUE) ] - Boolean IsAutoUnlockEnabled; - }; - - #pragma namespace ("\\\\.\\root\\cimv2\\SMS") - #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL) - [ SMS_Report(TRUE), - SMS_Group_Name("BitLocker Policy"), - SMS_Class_ID("MICROSOFT|MBAM_POLICY|1.0"), - SMS_Context_1("__ProviderArchitecture=32|uint32"), - SMS_Context_2("__RequiredArchitecture=true|boolean")] - Class Win32Reg_MBAMPolicy: SMS_Class_Template - { - [SMS_Report(TRUE),key] - string KeyName; - - //General encryption requirements - [SMS_Report(TRUE)] - UInt32 OsDriveEncryption; - [ SMS_Report (TRUE) ] - UInt32 FixedDataDriveEncryption; - [ SMS_Report (TRUE) ] - UInt32 EncryptionMethod; - - //Required protectors properties - [ SMS_Report (TRUE) ] - UInt32 OsDriveProtector; - [ SMS_Report (TRUE) ] - UInt32 FixedDataDriveAutoUnlock; - [ SMS_Report (TRUE) ] - UInt32 FixedDataDrivePassphrase; - - //MBAM Agent fields - //Policy not enforced (0), enforced (1), pending user exemption request (2) or exempted user (3) - [SMS_Report(TRUE)] - Uint32 MBAMPolicyEnforced; - [SMS_Report(TRUE)] - string LastConsoleUser; - //Date of the exemption request of the last logged on user, - //or the first date the exemption was granted to him on this machine. - [SMS_Report(TRUE)] - datetime UserExemptionDate; - //Errors encountered by MBAM agent. - [ SMS_Report (TRUE) ] - UInt32 MBAMMachineError; - // Encoded Computer Name - [ SMS_Report (TRUE) ] - string EncodedComputerName; - }; - - #pragma namespace ("\\\\.\\root\\cimv2\\SMS") - #pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL) - [ SMS_Report(TRUE), - SMS_Group_Name("BitLocker Policy"), - SMS_Class_ID("MICROSOFT|MBAM_POLICY|1.0"), - SMS_Context_1("__ProviderArchitecture=64|uint32"), - SMS_Context_2("__RequiredArchitecture=true|boolean")] - Class Win32Reg_MBAMPolicy_64: SMS_Class_Template - { - [SMS_Report(TRUE),key] - string KeyName; - - //General encryption requirements - [SMS_Report(TRUE)] - UInt32 OsDriveEncryption; - [ SMS_Report (TRUE) ] - UInt32 FixedDataDriveEncryption; - [ SMS_Report (TRUE) ] - UInt32 EncryptionMethod; - - //Required protectors properties - [ SMS_Report (TRUE) ] - UInt32 OsDriveProtector; - [ SMS_Report (TRUE) ] - UInt32 FixedDataDriveAutoUnlock; - [ SMS_Report (TRUE) ] - UInt32 FixedDataDrivePassphrase; - - //MBAM Agent fields - //Policy not enforced (0), enforced (1), pending user exemption request (2) or exempted user (3) - [SMS_Report(TRUE)] - Uint32 MBAMPolicyEnforced; - [SMS_Report(TRUE)] - string LastConsoleUser; - //Date of the exemption request of the last logged on user, - //or the first date the exemption was granted to him on this machine. - [SMS_Report(TRUE)] - datetime UserExemptionDate; - //Errors encountered by MBAM agent. - [ SMS_Report (TRUE) ] - UInt32 MBAMMachineError; - // Encoded Computer Name - [ SMS_Report (TRUE) ] - string EncodedComputerName; - }; - - //Read Win32_OperatingSystem.SKU WMI property in a new class - because SKU is not available before Vista. - #pragma namespace ("\\\\.\\root\\cimv2\\SMS") - #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL) - [ SMS_Report (TRUE), - SMS_Group_Name ("Operating System Ex"), - SMS_Class_ID ("MICROSOFT|OPERATING_SYSTEM_EXT|1.0") ] - class CCM_OperatingSystemExtended : SMS_Class_Template - { - [SMS_Report (TRUE), key ] - string Name; - [SMS_Report (TRUE) ] - uint32 SKU; - }; - - //Read Win32_ComputerSystem.PCSystemType WMI property in a new class - because PCSystemType is not available before Vista. - #pragma namespace ("\\\\.\\root\\cimv2\\SMS") - #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL) - [ SMS_Report (TRUE), - SMS_Group_Name ("Computer System Ex"), - SMS_Class_ID ("MICROSOFT|COMPUTER_SYSTEM_EXT|1.0") ] - class CCM_ComputerSystemExtended : SMS_Class_Template - { - [SMS_Report (TRUE), key ] - string Name; - [SMS_Report (TRUE) ] - uint16 PCSystemType; - }; - - //======================================================= - // Microsoft BitLocker Administration and Monitoring end - //======================================================= - ``` - -3. Modify the **Win32\_Tpm** class as follows: - - - Set **SMS\_REPORT** to **TRUE** in the class attributes. - - - Set **SMS\_REPORT** to **TRUE** in the **SpecVersion** property attribute. - -## Related topics - - -[How to Create or Edit the mof Files](how-to-create-or-edit-the-mof-files.md) - -[Deploying MBAM with Configuration Manager](deploying-mbam-with-configuration-manager-mbam2.md) - -  - -  - - - - - diff --git a/mdop/mbam-v2/deploying-mbam-20-group-policy-objects-mbam-2.md b/mdop/mbam-v2/deploying-mbam-20-group-policy-objects-mbam-2.md deleted file mode 100644 index da944127c7..0000000000 --- a/mdop/mbam-v2/deploying-mbam-20-group-policy-objects-mbam-2.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: Deploying MBAM 2.0 Group Policy Objects -description: Deploying MBAM 2.0 Group Policy Objects -author: dansimp -ms.assetid: f17f3897-73ab-431b-a6ec-5a6cff9f279a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploying MBAM 2.0 Group Policy Objects - - -To successfully deploy Microsoft BitLocker Administration and Monitoring (MBAM), you first have to determine the Group Policies that you will use in your implementation of Microsoft BitLocker Administration and Monitoring. See [Planning for MBAM 2.0 Group Policy Requirements](planning-for-mbam-20-group-policy-requirements-mbam-2.md) for more information on the different policies that are available. When you have determined the policies that you are going to use, you then must create and deploy one or more Group Policy Objects (GPO) that include the policy settings for MBAM by using the MBAM 2.0 Group Policy template. - -## Install the MBAM 2.0 Group Policy Template - - -In addition to the server-related Microsoft BitLocker Administration and Monitoring features, the server setup application includes a MBAM Group Policy template. This template can be installed on any computer able to run the Group Policy Management Console (GPMC) or Advanced Group Policy Management (AGPM). - -[How to Install the MBAM 2.0 Group Policy Template](how-to-install-the-mbam-20-group-policy-template-mbam-2.md) - -## Deploy MBAM 2.0 Group Policy Settings - - -After you create the necessary GPOs, you must deploy the MBAM Group Policy settings to your organization’s client computers. - -[How to Edit MBAM 2.0 GPO Settings](how-to-edit-mbam-20-gpo-settings-mbam-2.md) - -## Display the MBAM Control Panel in Windows - - -Because MBAM offers a customized MBAM control panel that can replace the default Windows BitLocker control panel, you can also choose to hide the default BitLocker Control Panel from end users by using Group Policy. - -[How to Hide Default BitLocker Encryption in the Windows Control Panel](how-to-hide-default-bitlocker-encryption-in-the-windows-control-panel-mbam-2.md) - -## Other Resources for Deploying MBAM 2.0 Group Policy Objects - - -[Deploying MBAM 2.0](deploying-mbam-20-mbam-2.md) - -  - -  - - - - - diff --git a/mdop/mbam-v2/deploying-mbam-20-mbam-2.md b/mdop/mbam-v2/deploying-mbam-20-mbam-2.md deleted file mode 100644 index 6f40b9722f..0000000000 --- a/mdop/mbam-v2/deploying-mbam-20-mbam-2.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: Deploying MBAM 2.0 -description: Deploying MBAM 2.0 -author: dansimp -ms.assetid: 4b0eaf10-81b4-427e-9d43-eb833de935a3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploying MBAM 2.0 - - -Microsoft BitLocker Administration and Monitoring (MBAM) supports a number of different deployment configurations. This section includes information that you should consider about the deployment of MBAM and step-by-step procedures to help you successfully perform the tasks that you must complete at different stages of your deployment. - -You can deploy MBAM either in a Stand-alone topology, or with a topology that integrates MBAM with Microsoft System Center Configuration Manager 2007 or Microsoft System Center 2012 Configuration Manager. For information about installing MBAM with the Configuration Manager integrated topology, see [Using MBAM with Configuration Manager](using-mbam-with-configuration-manager.md). - -## Deployment Information - - -- [Deploying the MBAM 2.0 Server Infrastructure](deploying-the-mbam-20-server-infrastructure-mbam-2.md) - - This section describes the different MBAM deployment topology options and how to use MBAM Setup to deploy MBAM Server features. - -- [Deploying MBAM 2.0 Group Policy Objects](deploying-mbam-20-group-policy-objects-mbam-2.md) - - This section describes how to create and deploy MBAM Group Policy Objects that are required for managing MBAM Clients and BitLocker encryption policies throughout the enterprise. - -- [Deploying the MBAM 2.0 Client](deploying-the-mbam-20-client-mbam-2.md) - - This section describes how to use the MBAM Client Installer files to deploy the MBAM Client software. - -- [MBAM 2.0 Deployment Checklist](mbam-20-deployment-checklist-mbam-2.md) - - This section provides a deployment checklist that can be used to assist in MBAM Server feature and MBAM Client deployment. - -- [Upgrading from Previous Versions of MBAM](upgrading-from-previous-versions-of-mbam.md) - - This section provides instructions for upgrading MBAM from previous versions. - -## Other Resources for Deploying MBAM - - -[Microsoft BitLocker Administration and Monitoring 2 Administrator's Guide](index.md) - -[Getting Started with MBAM 2.0](getting-started-with-mbam-20-mbam-2.md) - -[Planning for MBAM 2.0](planning-for-mbam-20-mbam-2.md) - -[Operations for MBAM 2.0](operations-for-mbam-20-mbam-2.md) - -[Troubleshooting MBAM 2.0](troubleshooting-mbam-20-mbam-2.md) - -  - -  - - - - - diff --git a/mdop/mbam-v2/deploying-mbam-with-configuration-manager-mbam2.md b/mdop/mbam-v2/deploying-mbam-with-configuration-manager-mbam2.md deleted file mode 100644 index ae87ad3b57..0000000000 --- a/mdop/mbam-v2/deploying-mbam-with-configuration-manager-mbam2.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: Deploying MBAM with Configuration Manager -description: Deploying MBAM with Configuration Manager -author: dansimp -ms.assetid: 89d03e29-457a-471d-b893-e0b74a83ec50 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Deploying MBAM with Configuration Manager - - -The following procedures describe how to deploy Microsoft BitLocker Administration and Monitoring (MBAM) with Microsoft System Center Configuration Manager 2007 or Microsoft System Center 2012 Configuration Manager by usingthe recommended configuration, which is described in [Getting Started - Using MBAM with Configuration Manager](getting-started---using-mbam-with-configuration-manager.md). The recommended configuration is to install the Administration and Monitoring features on one or more Microsoft BitLocker Administration and Monitoring servers, and install Microsoft System Center Configuration Manager 2007 or Microsoft System Center 2012 Configuration Manager on a separate server. - -Before you start the installation, ensure that you have met the prerequisites and hardware and software requirements for installing MBAM with Configuration Manager by reviewing [Planning to Deploy MBAM with Configuration Manager](planning-to-deploy-mbam-with-configuration-manager-2.md). - -If you ever have to reinstall MBAM with the Configuration Manager topology, you will need to remove certain Configuration Manager objects first. Read the [Knowledge Base article](https://go.microsoft.com/fwlink/?LinkId=286306) for more information. - -The steps to install MBAM with Configuration Manager are grouped into the following categories. Complete the steps for each category to complete the installation. - -## How to Create or Edit the mof Files - - -To enable the client computers to report BitLocker compliance details through the MBAM Configuration Manager reports, you have to edit the **Configuration.mof** file, and either edit or create the Sms\_def.mof file, depending on which version of Configuration Manager you are using. - -[How to Create or Edit the mof Files](how-to-create-or-edit-the-mof-files.md) - -## How to Install MBAM with Configuration Manager - - -This section provides steps about how to install the following: MBAM on the Configuration Manager Server; the Recovery and Audit Databases on the Database Server; and the Administration and Monitoring Server features on the Administration and Monitoring Server. - -[How to Install MBAM with Configuration Manager](how-to-install-mbam-with-configuration-manager.md) - -## How to Validate the MBAM Server Feature Installation on the Configuration Manager Server - - -When the Microsoft BitLocker Administration and Monitoring installation is complete, validate that the installation has successfully set up all the necessary MBAM features required for the Configuration Manager Server. - -[How to Validate the MBAM Installation with Configuration Manager](how-to-validate-the-mbam-installation-with-configuration-manager.md) - -## Related topics - - -[Using MBAM with Configuration Manager](using-mbam-with-configuration-manager.md) - -  - -  - - - - - diff --git a/mdop/mbam-v2/deploying-the-mbam-20-client-mbam-2.md b/mdop/mbam-v2/deploying-the-mbam-20-client-mbam-2.md deleted file mode 100644 index 66a8831e05..0000000000 --- a/mdop/mbam-v2/deploying-the-mbam-20-client-mbam-2.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: Deploying the MBAM 2.0 Client -description: Deploying the MBAM 2.0 Client -author: dansimp -ms.assetid: 3dd584fe-2a54-40f0-9bab-13ea74040b01 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploying the MBAM 2.0 Client - - -The Microsoft BitLocker Administration and Monitoring (MBAM) Client enables administrators to enforce and monitor BitLocker drive encryption on computers in the enterprise. The BitLocker client can be integrated into an organization by deploying the client through an electronic software distribution system, such as Active Directory Domain Services, or by directly encrypting the client computers as part of the initial imaging process. - -Depending on when you deploy the Microsoft BitLocker Administration and Monitoring Client, you can enable BitLocker encryption on a computer in your organization either before the end user receives the computer or afterwards by configuring Group Policy and deploying the MBAM Client software by using an enterprise software deployment system. - -## Deploy the MBAM Client to Desktop or Laptop Computers - - -After configuring Group Policy, you can use an enterprise software deployment system product like Microsoft System Center Configuration Manager 2012 or Active Directory Domain Services to deploy the MBAM Client installation Windows Installer files to target computers. You can deploy the client by using either the 32-bit or 64-bit MbamClientSetup.exe files, or the 32-bit or 64-bit MBAMClient.msi files, which are provided with the MBAM software. For more information about deploying MBAM Group Policy Objects, see [Deploying MBAM 2.0 Group Policy Objects](deploying-mbam-20-group-policy-objects-mbam-2.md). - -[How to Deploy the MBAM Client to Desktop or Laptop Computers](how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-2.md) - -## Deploy the MBAM Client as Part of a Windows Deployment - - -In organizations where computers are received and configured centrally, you can install the MBAM Client to manage BitLocker encryption on each computer before any user data is written to it. The benefit of this process is that every computer is then BitLocker encryption compliant. This method does not rely on user action because the administrator has already encrypted the computer. A key assumption for this scenario is that the policy of the organization installs a corporate Windows image before the computer is delivered to the user. If the Group Policy has been configured to require a PIN, users are prompted to set a PIN after they receive the Group Policy. - -[How to Deploy the MBAM Client as Part of a Windows Deployment](how-to-deploy-the-mbam-client-as-part-of-a-windows-deployment-mbam-2.md) - -## How to Use a Command Line to Install the MBAM Client - - -This section explains how to install the MBAM Client by using a command line. - -[How to Use a Command Line to Install the MBAM Client](how-to-use-a-command-line-to-install-the-mbam-client.md) - -## Other Resources for Deploying the MBAM Client - - -[Deploying MBAM 2.0](deploying-mbam-20-mbam-2.md)[Planning for MBAM 2.0 Client Deployment](planning-for-mbam-20-client-deployment-mbam-2.md) - -  - -  - - - - - diff --git a/mdop/mbam-v2/deploying-the-mbam-20-server-infrastructure-mbam-2.md b/mdop/mbam-v2/deploying-the-mbam-20-server-infrastructure-mbam-2.md deleted file mode 100644 index ba8831debe..0000000000 --- a/mdop/mbam-v2/deploying-the-mbam-20-server-infrastructure-mbam-2.md +++ /dev/null @@ -1,76 +0,0 @@ ---- -title: Deploying the MBAM 2.0 Server Infrastructure -description: Deploying the MBAM 2.0 Server Infrastructure -author: dansimp -ms.assetid: 52e68d94-e2b4-4b06-ae55-f900ea6cc59f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploying the MBAM 2.0 Server Infrastructure - - -Microsoft BitLocker Administration and Monitoring (MBAM) Server features for the Stand-alone topology can be installed in different configurations on two or more servers in a production environment. The recommended configuration is two servers for a production environment, depending on your scalability requirements. Use a single server for an MBAM installation only in test environments. For more information about planning for the MBAM Server feature deployment, see [Planning for MBAM 2.0 Server Deployment](planning-for-mbam-20-server-deployment-mbam-2.md). - -The following diagram shows an example of how you can configure the recommended two-server MBAM deployment. This configuration supports up to 200,000 MBAM clients in a production environment. The server features and databases in the architecture image are described in the following section and are listed under the computer or server where we recommend that you install them. - -![mbam 2 two-server deployment topology](images/mbam2-3-servers.gif) - -## Administration and Monitoring Server - - -The following features are installed on this server: - -- **Administration and Monitoring Server**. The Administration and Monitoring Server feature is installed on a Windows server and consists of the Help Desk website and the monitoring web services. - -- **Self-Service Portal**. The Self-Service Portal is installed on a Windows server. The Self-Service Portal enables end users on client computers to independently log on to a website, where they can obtain a recovery key to recover a locked BitLocker volume. - -## Database Server - - -The following features are installed on this server: - -- **Recovery Database**. The Recovery Database is installed on a Windows server and a supported instance of Microsoft SQL Server. This database stores recovery data that is collected from MBAM client computers. - -- **Compliance and Audit Database**. The Compliance and Audit Database is installed on a Windows server and a supported instance of SQL Server. This database stores compliance data for MBAM client computers. This data is used primarily for reports that SQL Server Reporting Services (SSRS) hosts. - -- **Compliance and Audit Reports**. The Compliance and Audit Reports are installed on a Windows server and a supported instance of SQL Server that has the SQL Server Reporting Services (SSRS) feature installed. These reports provide MBAM reports that you can access from the Help Desk website or directly from the SSRS server. - -## Management Workstation - - -The following feature is installed on the Management Workstation, which can be a Windows server or a client computer. - -- **Policy Template**. The Policy Template consists of Group Policies that define MBAM implementation settings for BitLocker drive encryption. You can install the Policy template on any server or workstation, but it is commonly installed on a management workstation, which is a supported Windows server or client computer. The workstation does not have to be a dedicated computer. - -## MBAM Client - - -The MBAM Client is installed on a Windows computer and has the following characteristics: - -- Uses Group Policy to enforce the BitLocker drive encryption of client computers in the enterprise. - -- Collects the recovery key for the three BitLocker data drive types: operating system drives, fixed data drives, and removable data (USB) drives. - -- Collects compliance data for the computer and passes the data to the reporting system. - -## Other Resources for Deploying MBAM 2.0 Server Features - - -[Deploying MBAM 2.0](deploying-mbam-20-mbam-2.md) - -  - -  - - - - - diff --git a/mdop/mbam-v2/edit-the-configurationmof-file.md b/mdop/mbam-v2/edit-the-configurationmof-file.md deleted file mode 100644 index d1b6c423a7..0000000000 --- a/mdop/mbam-v2/edit-the-configurationmof-file.md +++ /dev/null @@ -1,389 +0,0 @@ ---- -title: Edit the Configuration.mof File -description: Edit the Configuration.mof File -author: dansimp -ms.assetid: 23e50ec9-4083-4b12-ad96-626cf30960bb -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/03/2017 ---- - - -# Edit the Configuration.mof File - - -To enable the client computers to report BitLocker compliance details through the MBAM Configuration Manager reports, you have to edit the **Configuration.mof** file, whether you are using Configuration Manager 2007 or System Center 2012 Configuration Manager. Complete the following instructions for the version of Configuration Manager that you are using. - -**Important**   -If you are installing Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 Service Pack 1 (SP1), either by doing a new installation or by upgrading from a previous version, see the appropriate item in [About MBAM 2.0 SP1](about-mbam-20-sp1.md) as described in the following bullets: - -- For a new MBAM 2.0 SP1 installation, see **Required files for installing MBAM 2.0 SP1 if you are using MBAM with Configuration Manager**. - -- For an upgrade to MBAM 2.0 SP1, see **Update the configuration.mof file if you upgrade to MBAM 2.0 SP1 and you are using MBAM with Configuration Manager 2007**. - - - -**To create the configuration.mof file if you are using MBAM 2.0 SP1 with Configuration Manager** - -- See the “Important” note about MBAM 2.0 SP1 earlier in this topic for the appropriate instructions to follow in [About MBAM 2.0 SP1](about-mbam-20-sp1.md). - -**To edit the Configuration.mof file for System Center 2012 Configuration Manager** - -1. On the Configuration Manager Server, browse to the location of the **Configuration.mof** file: - - <CMInstallLocation>\\Inboxes\\clifiles.src\\hinv\\ - - On a default installation, the installation location is %systemdrive%\\Program Files \\Microsoft Configuration Manager. - -2. Edit the **Configuration.mof** file to append the following MBAM classes: - - ``` syntax - //=================================================== - // Microsoft BitLocker Administration and Monitoring - //=================================================== - #pragma namespace ("\\\\.\\root\\cimv2") - #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) - [Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")] - class Win32_BitLockerEncryptionDetails - { - [PropertySources{"DeviceId"},key] - String DeviceId; - [PropertySources{"BitlockerPersistentVolumeId"}] - String BitlockerPersistentVolumeId; - [PropertySources{"BitLockerManagementPersistentVolumeId"}] - String MbamPersistentVolumeId; - //UNKNOWN = 0, OS_Volume = 1, FIXED_VOLUME = 2, REMOVABLE_VOLUME = 3 - [PropertySources{"BitLockerManagementVolumeType"}] - SInt32 MbamVolumeType; - [PropertySources{"DriveLetter"}] - String DriveLetter; - //VOLUME_NOT_COMPLIANT = 0, VOLUME_COMPLIANT = 1, NOT_APPLICABLE = 2 - [PropertySources{"Compliant"}] - SInt32 Compliant; - [PropertySources{"ReasonsForNonCompliance"}] - SInt32 ReasonsForNonCompliance[]; - [PropertySources{"KeyProtectorTypes"}] - SInt32 KeyProtectorTypes[]; - [PropertySources{"EncryptionMethod"}] - SInt32 EncryptionMethod; - [PropertySources{"ConversionStatus"}] - SInt32 ConversionStatus; - [PropertySources{"ProtectionStatus"}] - SInt32 ProtectionStatus; - [PropertySources{"IsAutoUnlockEnabled"}] - Boolean IsAutoUnlockEnabled; - }; - - #pragma namespace ("\\\\.\\root\\cimv2") - #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL) - [DYNPROPS] - Class Win32Reg_MBAMPolicy - { - [key] - string KeyName; - - //General encryption requirements - UInt32 OsDriveEncryption; - UInt32 FixedDataDriveEncryption; - UInt32 EncryptionMethod; - - //Required protectors properties - UInt32 OsDriveProtector; - UInt32 FixedDataDriveAutoUnlock; - UInt32 FixedDataDrivePassphrase; - - //MBAM agent fields - Uint32 MBAMPolicyEnforced; - string LastConsoleUser; - datetime UserExemptionDate; - UInt32 MBAMMachineError; - - // Encoded computer name - string EncodedComputerName; - }; - - [DYNPROPS] - Instance of Win32Reg_MBAMPolicy - { - KeyName="BitLocker policy"; - - //General encryption requirements - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")] - OsDriveEncryption; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")] - FixedDataDriveEncryption; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")] - EncryptionMethod; - - //Required protectors properties - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")] - OsDriveProtector; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")] - FixedDataDriveAutoUnlock; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")] - FixedDataDrivePassphrase; - - //MBAM agent fields - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")] - MBAMPolicyEnforced; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")] - LastConsoleUser; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")] - UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")] - MBAMMachineError; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")] - EncodedComputerName; - }; - - #pragma namespace ("\\\\.\\root\\cimv2") - #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL) - [Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, - dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] - class CCM_OperatingSystemExtended - { - [PropertySources{"Name"},key] - string Name; - [PropertySources{"OperatingSystemSKU"}] - uint32 SKU; - }; - - #pragma namespace ("\\\\.\\root\\cimv2") - #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL) - [Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, - dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] - class CCM_ComputerSystemExtended - { - [PropertySources{"Name"},key] - string Name; - [PropertySources{"PCSystemType"}] - uint16 PCSystemType; - }; - - //======================================================= - // Microsoft BitLocker Administration and Monitoring end - //======================================================= - ``` - -**To edit the Configuration.mof file for Configuration Manager 2007** - -1. On the Configuration Manager Server, browse to the location of the **Configuration.mof** file: - - <CMInstallLocation>\\Inboxes\\clifiles.src\\hinv\\ - - On a default installation, the installation location is %systemdrive%\\Program Files (x86)\\Microsoft Configuration Manager. - -2. Edit the **Configuration.mof** file to append the following MBAM classes: - - ``` syntax - //=================================================== - // Microsoft BitLocker Administration and Monitoring - //=================================================== - - #pragma namespace ("\\\\.\\root\\cimv2") - #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) - [Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")] - class Win32_BitLockerEncryptionDetails - { - [PropertySources{"DeviceId"},key] - String DeviceId; - [PropertySources{"BitlockerPersistentVolumeId"}] - String BitlockerPersistentVolumeId; - [PropertySources{"BitLockerManagementPersistentVolumeId"}] - String MbamPersistentVolumeId; - //UNKNOWN = 0, OS_Volume = 1, FIXED_VOLUME = 2, REMOVABLE_VOLUME = 3 - [PropertySources{"BitLockerManagementVolumeType"}] - SInt32 MbamVolumeType; - [PropertySources{"DriveLetter"}] - String DriveLetter; - //VOLUME_NOT_COMPLIANT = 0, VOLUME_COMPLIANT = 1, NOT_APPLICABLE = 2 - [PropertySources{"Compliant"}] - SInt32 Compliant; - [PropertySources{"ReasonsForNonCompliance"}] - SInt32 ReasonsForNonCompliance[]; - [PropertySources{"KeyProtectorTypes"}] - SInt32 KeyProtectorTypes[]; - [PropertySources{"EncryptionMethod"}] - SInt32 EncryptionMethod; - [PropertySources{"ConversionStatus"}] - SInt32 ConversionStatus; - [PropertySources{"ProtectionStatus"}] - SInt32 ProtectionStatus; - [PropertySources{"IsAutoUnlockEnabled"}] - Boolean IsAutoUnlockEnabled; - }; - - #pragma namespace ("\\\\.\\root\\cimv2") - #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL) - [DYNPROPS] - Class Win32Reg_MBAMPolicy - { - [key] - string KeyName; - - //General encryption requirements - UInt32 OsDriveEncryption; - UInt32 FixedDataDriveEncryption; - UInt32 EncryptionMethod; - - //Required protectors properties - UInt32 OsDriveProtector; - UInt32 FixedDataDriveAutoUnlock; - UInt32 FixedDataDrivePassphrase; - - //MBAM agent fields - Uint32 MBAMPolicyEnforced; - string LastConsoleUser; - datetime UserExemptionDate; - UInt32 MBAMMachineError; - - // Encoded computer name - string EncodedComputerName; - }; - - [DYNPROPS] - Instance of Win32Reg_MBAMPolicy - { - KeyName="BitLocker policy"; - - //General encryption requirements - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")] - OsDriveEncryption; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")] - FixedDataDriveEncryption; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")] - EncryptionMethod; - - //Required protectors properties - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")] - OsDriveProtector; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")] - FixedDataDriveAutoUnlock; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")] - FixedDataDrivePassphrase; - - //MBAM agent fields - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")] - MBAMPolicyEnforced; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")] - LastConsoleUser; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")] - UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")] - MBAMMachineError; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")] - EncodedComputerName; - }; - - #pragma namespace ("\\\\.\\root\\cimv2") - #pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL) - [DYNPROPS] - Class Win32Reg_MBAMPolicy_64 - { - [key] - string KeyName; - - //General encryption requirements - UInt32 OsDriveEncryption; - UInt32 FixedDataDriveEncryption; - UInt32 EncryptionMethod; - - //Required protectors properties - UInt32 OsDriveProtector; - UInt32 FixedDataDriveAutoUnlock; - UInt32 FixedDataDrivePassphrase; - - //MBAM agent fields - Uint32 MBAMPolicyEnforced; - string LastConsoleUser; - datetime UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU - UInt32 MBAMMachineError; - - // Encoded computer name - string EncodedComputerName; - }; - - [DYNPROPS] - Instance of Win32Reg_MBAMPolicy_64 - { - KeyName="BitLocker policy"; - - //General encryption requirements - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")] - OsDriveEncryption; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")] - FixedDataDriveEncryption; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")] - EncryptionMethod; - - //Required protectors properties - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")] - OsDriveProtector; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")] - FixedDataDriveAutoUnlock; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")] - FixedDataDrivePassphrase; - - //MBAM agent fields - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")] - MBAMPolicyEnforced; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")] - LastConsoleUser; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")] - UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")] - MBAMMachineError; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")] - EncodedComputerName; - }; - - #pragma namespace ("\\\\.\\root\\cimv2") - #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL) - [Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, - dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] - class CCM_OperatingSystemExtended - { - [PropertySources{"Name"},key] - string Name; - [PropertySources{"OperatingSystemSKU"}] - uint32 SKU; - }; - - #pragma namespace ("\\\\.\\root\\cimv2") - #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL) - [Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, - dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] - class CCM_ComputerSystemExtended - { - [PropertySources{"Name"},key] - string Name; - [PropertySources{"PCSystemType"}] - uint16 PCSystemType; - }; - - //======================================================= - // Microsoft BitLocker Administration and Monitoring end - //======================================================= - - ``` - -## Related topics - - -[How to Create or Edit the mof Files](how-to-create-or-edit-the-mof-files.md) - -[Deploying MBAM with Configuration Manager](deploying-mbam-with-configuration-manager-mbam2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/evaluating-mbam-20-mbam-2.md b/mdop/mbam-v2/evaluating-mbam-20-mbam-2.md deleted file mode 100644 index 9381657ebb..0000000000 --- a/mdop/mbam-v2/evaluating-mbam-20-mbam-2.md +++ /dev/null @@ -1,178 +0,0 @@ ---- -title: Evaluating MBAM 2.0 -description: Evaluating MBAM 2.0 -author: dansimp -ms.assetid: bfc77eec-0fd7-4fec-9c78-6870afa87152 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Evaluating MBAM 2.0 - - -Before deploying Microsoft BitLocker Administration and Monitoring (MBAM) into a production environment, you should evaluate it in a test environment. The information in this topic can be used to set up Microsoft BitLocker Administration and Monitoring with a Stand-alone topology in a single-server test environment for evaluation purposes only. A single-server topology is not recommended for production environments. - -For instructions on deploying MBAM in a test environment, see [How to Install and Configure MBAM on a Single Server](how-to-install-and-configure-mbam-on-a-single-server-mbam-2.md). - -## Setting up the Test Environment - - -Even though you are setting up a non-production instance of MBAM to evaluate in a test environment, you should still verify that you have met the prerequisites and hardware and software requirements. Before you start the installation, see [MBAM 2.0 Deployment Prerequisites](mbam-20-deployment-prerequisites-mbam-2.md), [MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md), and [Preparing your Environment for MBAM 2.0](preparing-your-environment-for-mbam-20-mbam-2.md). - -### Plan for an MBAM Evaluation Deployment - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TaskReferencesNotes
Checklist box

Review the Getting Started information about MBAM to gain a basic understanding of the product before beginning deployment planning.

Getting Started with MBAM 2.0

Checklist box

Plan for MBAM 2.0 Deployment Prerequisites and prepare your computing environment.

MBAM 2.0 Deployment Prerequisites

Checklist box

Plan for and configure MBAM Group Policy requirements.

Planning for MBAM 2.0 Group Policy Requirements

Checklist box

Plan for and create necessary Active Directory Domain Services security groups, and plan for MBAM local security group membership requirements.

Planning for MBAM 2.0 Administrator Roles

Checklist box

Plan for deploying MBAM Server feature deployment.

Planning for MBAM 2.0 Server Deployment

Checklist box

Plan for deploying MBAM Client deployment.

Planning for MBAM 2.0 Client Deployment

- - - -### Perform an MBAM Evaluation Deployment - -After completing the necessary planning and software prerequisite installations to prepare your computing environment for the MBAM installation, you can begin the MBAM evaluation deployment. - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Checklist box

Review the MBAM supported configurations information to make sure that selected client and server computers are supported for MBAM feature installation.

MBAM 2.0 Supported Configurations

Checklist box

Run MBAM Setup to deploy MBAM Server features on a single server for evaluation purposes.

How to Install and Configure MBAM on a Single Server

Checklist box

Add Active Directory Domain Services security groups, that you created during the planning phase, to the appropriate local MBAM Server feature local groups on the new MBAM Server.

Planning for MBAM 2.0 Administrator Roles and How to Manage MBAM Administrator Roles

Checklist box

Create and deploy required MBAM Group Policy Objects.

Deploying MBAM 2.0 Group Policy Objects

Checklist box

Deploy the MBAM Client software.

Deploying the MBAM 2.0 Client

- - - -## Configure Lab Computers for MBAM Evaluation - - -This section contains information that can be used to speed up the MBAM Client status reporting. However, these modifications should be used for testing purposes only. - -**Note**   -The information in following section describes how to modify the Windows registry. Using Registry Editor incorrectly can cause serious problems that may require you to reinstall Windows. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. - - - -### Modify MBAM Client Status Reporting Frequency Settings - -The MBAM Client wakeup and status reporting frequencies have a minimum value of 90 minutes when they are set using Group Policy. You can use the Windows registry to change these frequencies to a lower value on MBAM client computers to help speed up testing. - -To modify the MBAM Client status reporting frequency settings: - -1. Use a registry editor to navigate to **HKLM\\Software\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement**. - -2. Change the values for **ClientWakeupFrequency** and **StatusReportingFrequency** to **1** as the minimum client-supported value. This change causes the MBAM Client to report every minute. - -3. Restart **BitLocker Management Client Service**. - -**Note**   -To set values that are this low, you must set them in the registry manually. - - - -### Modify MBAM Client Service Startup Delay - -In addition to the MBAM Client wakeup and status reporting frequencies, there is a random delay of up to 90 minutes when the MBAM Client agent service starts on client computers. If you do not want the random delay, create a **DWORD** value of **NoStartupDelay** under **HKLM\\Software\\Microsoft\\MBAM**, set its value to **1**, and then restart **BitLocker Management Client Service**. - -## Related topics - - -[Getting Started with MBAM 2.0](getting-started-with-mbam-20-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/getting-started---using-mbam-with-configuration-manager.md b/mdop/mbam-v2/getting-started---using-mbam-with-configuration-manager.md deleted file mode 100644 index a2a80d1262..0000000000 --- a/mdop/mbam-v2/getting-started---using-mbam-with-configuration-manager.md +++ /dev/null @@ -1,107 +0,0 @@ ---- -title: Getting Started - Using MBAM with Configuration Manager -description: Getting Started - Using MBAM with Configuration Manager -author: dansimp -ms.assetid: b0a1d3cc-0b01-4b69-a2cd-fd09fb3beda4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Getting Started - Using MBAM with Configuration Manager - - -When you install Microsoft BitLocker Administration and Monitoring (MBAM), you can choose a topology that integrates MBAM with Configuration Manager 2007 or System Center 2012 Configuration Manager. For a list of the supported versions of Configuration Manager that MBAM supports, see [Planning to Deploy MBAM with Configuration Manager](planning-to-deploy-mbam-with-configuration-manager-2.md). In the integrated topology, the hardware compliance and reporting features are removed from MBAM and are accessed from Configuration Manager. - -**Important**   -Windows To Go is not supported when you install the integrated topology of MBAM with Configuration Manager 2007. - - - -## Using MBAM with Configuration Manager - - -The integration of MBAM is based on a new Configuration Pack that installs the following three items into Configuration Manager 2007 or System Center 2012 Configuration Manager, which are described in detail in the following sections: - -Configuration data that consists of configuration items and a configuration baseline - -Collection - -Reports - -### Configuration Data - -The configuration data installs a configuration baseline, called “BitLocker Protection,” which contains two configuration items: “BitLocker Operating System Drive Protection” and “BitLocker Fixed Data Drives Protection.” The configuration baseline is deployed to the collection, which is also created when MBAM is installed. The two configuration items provide the basis for evaluating the compliance status of the client computers. This information is captured, stored, and evaluated in Configuration Manager. The configuration items are based on the compliance requirements for operating system drives (OSDs) and Fixed Data Drives (FDDs). The required details for the deployed computers are collected so that the compliance for those drive types can be evaluated. By default, the configuration baseline evaluates the compliance status every 12 hours and sends the compliance data to Configuration Manager. - -### Collection - -MBAM creates a collection that is called MBAM Supported Computers. The configuration baseline is targeted to client computers that are in this collection. This is a dynamic collection that, by default, runs every 12 hours and evaluates membership. Membership is based on three criteria: - -- It is a supported version of the Windows operating system. Currently, MBAM supports only Windows 7 Enterprise and Windows 7 Ultimate, Windows 8 Enterprise, and Windows To Go, when Windows To Go is running on Windows 8 Enterprise. - -- It is a physical computer. Virtual machines are not supported. - -- Trusted Platform Module (TPM) is available. A compatible version of TPM 1.2 or later is required for Windows 7. Windows 8 and Windows To Go do not require a TPM. - -The collection is evaluated against all computers and creates the subset of compatible computers that provides the basis for compliance evaluation and reporting for the MBAM integration. - -### Reports - -There are four reports that you can use to view compliance. They are: - -- **BitLocker Enterprise Compliance Dashboard** – gives IT administrators three different views of information on a single report: Compliance Status Distribution, Non Compliant – Errors Distribution, and Compliance Status Distribution By Drive Type. Drill-down options on the report let IT administrators click through the data and view a list of computers that match the state that you select. - -- **BitLocker Enterprise Compliance Details** – lets IT administrators view information about the BitLocker encryption compliance status of the enterprise and includes the compliance status for each computer. Drill-down options on the report let IT administrators click through the data and view a list of computers that match the state that you select. - -- **BitLocker Computer Compliance** – lets IT administrators view an individual computer and determine why it was reported with a given status of compliant or not compliant. The report also displays the encryption state of the operating system drives (OSD) and fixed data drives (FDDs). - -- **BitLocker Enterprise Compliance Summary** – lets IT administrators view the status of the compliance of the enterprise with MBAM policy. Each computer’s state is evaluated, and the report shows a summary of the compliance of all computers in the enterprise against the policy. Drill-down options on the report let IT administrators click through the data and view a list of computers that match the state that you select. - -## High-Level Architecture of MBAM with Configuration Manager - - -The following image shows the MBAM architecture with the Configuration Manager topology. This configuration supports up to 200,000 MBAM clients in a production environment. - -![mbam architecture with configuration manager](images/mbam2-cmserver.gif) - -A description of the servers, databases, and features of this architecture follows. The server features and databases in the architecture image are listed under the computer or server where we recommend that you install them. - -- **Database Server** – The **Recovery Database**, **Audit Database**, and **Audit Reports** are installed on a Windows server and supported SQL Server instance. The Recovery database stores recovery data that is collected from MBAM client computers. The Audit Database stores audit activity data that is collected from client computers that have accessed recovery data. The Audit Reports provide data about the compliance status of client computers in your enterprise. - -- **Configuration Manager Primary Site Server** – The Configuration Manager Server contains of the MBAM server installation with the System Center Configuration Manager Integration topology, which must be installed on a Configuration Manager primary site server. The Configuration Manager Server collects the hardware inventory information from client computers and is used to report BitLocker compliance of client computers. When you run the MBAM Setup server installation, a collection and the configuration data are installed on the Configuration Manager Primary Site Server. - -- **Administration and Monitoring Server** - The **Administration and Monitoring Server** is installed on a Windows server and consists of the Administration and Monitoring website and the monitoring web services. The Administration and Monitoring website is used to audit activity and to access recovery data (for example, BitLocker recovery keys). The **Self-Service Portal** is also installed on the Administration and Monitoring Server. The Portal enables end users on client computers to independently log onto a website to get a recovery key if they lose or forget their BitLocker password. The Audit reports are also installed on the Administration and Monitoring Server. - -- **Management Workstation** - The **Policy Template** consists of Group Policy Objects that define MBAM implementation settings for BitLocker drive encryption. You can install the Policy template on any server or workstation, but it is commonly installed on a management workstation that is a supported Windows server or client computer. The workstation does not have to be a dedicated computer. - -- **MBAM Client** and **Configuration Manager Client** computer - - - The **MBAM Client** performs the following tasks: - - - Uses Group Policy Objects to enforce the BitLocker encryption of client computers in the enterprise. - - - Collects the recovery key for the three BitLocker data drive types: operating system drives, fixed data drives, and removable data (USB) drives. - - - Collects recovery information and computer information about the client computers. - - - **Configuration Manager Client** – The Configuration Manager client enables Configuration Manager to collect hardware compatibility data about the client computers, and enables Configuration Manager to report compliance information. - -## Related topics - - -[Using MBAM with Configuration Manager](using-mbam-with-configuration-manager.md) - - - - - - - - - diff --git a/mdop/mbam-v2/getting-started-with-mbam-20-mbam-2.md b/mdop/mbam-v2/getting-started-with-mbam-20-mbam-2.md deleted file mode 100644 index 0183c9e902..0000000000 --- a/mdop/mbam-v2/getting-started-with-mbam-20-mbam-2.md +++ /dev/null @@ -1,65 +0,0 @@ ---- -title: Getting Started with MBAM 2.0 -description: Getting Started with MBAM 2.0 -author: dansimp -ms.assetid: 29f5c9af-5bbf-4d37-aa0f-0716046904af -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Getting Started with MBAM 2.0 - - -Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 requires thorough planning before you deploy it or use its features. Because this product can affect every computer in your organization, you might disrupt your entire network if you do not plan your deployment carefully. However, if you plan your deployment carefully and manage it so that it meets your business requirements, BitLocker Administration and Monitoring 2.0 can help reduce your administrative overhead and total cost of ownership. - -If you are new to this product, we recommend that you read the documentation carefully. To get the MBAM software, see [How Do I Get MDOP?](https://go.microsoft.com/fwlink/p/?LinkId=322049). Before you deploy MBAM to a production environment, we also recommend that you validate your deployment plan in a test environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at . - -This section of the MBAM 2.0 Administrator’s Guide includes high-level information about MBAM 2.0 to provide a basic understanding of the product before you begin to plan deployment. For specific information about deploying MBAM with the Configuration Manager integrated topology, see [Using MBAM with Configuration Manager](using-mbam-with-configuration-manager.md). You can find additional MBAM documentation on the Microsoft BitLocker Administration and Monitoring (MBAM) Documentation Resources Download Page at . - -## Getting Started with MBAM 2.0 - - -- [About MBAM 2.0](about-mbam-20-mbam-2.md) - - Provides a high-level overview of MBAM 2.0 and describes how it can be used in your organization. - -- [Evaluating MBAM 2.0](evaluating-mbam-20-mbam-2.md) - - Provides information about how you can best evaluate MBAM 2.0 for use in your organization. - -- [High-Level Architecture for MBAM 2.0](high-level-architecture-for-mbam-20-mbam-2.md) - - Describes the MBAM 2.0 features and the recommended architecture for a production environment. - -- [Accessibility for MBAM 2.0](accessibility-for-mbam-20-mbam-2.md) - - Describes the keyboard shortcuts that are available for MBAM 2.0. - -## Other Resources for this Product - - -[Microsoft BitLocker Administration and Monitoring 2 Administrator's Guide](index.md) - -[Planning for MBAM 2.0](planning-for-mbam-20-mbam-2.md) - -[Deploying MBAM 2.0](deploying-mbam-20-mbam-2.md) - -[Operations for MBAM 2.0](operations-for-mbam-20-mbam-2.md) - -[Troubleshooting MBAM 2.0](troubleshooting-mbam-20-mbam-2.md) - -  - -  - - - - - diff --git a/mdop/mbam-v2/helping-end-users-manage-bitlocker.md b/mdop/mbam-v2/helping-end-users-manage-bitlocker.md deleted file mode 100644 index b3c0e338c5..0000000000 --- a/mdop/mbam-v2/helping-end-users-manage-bitlocker.md +++ /dev/null @@ -1,91 +0,0 @@ ---- -title: Helping End Users Manage BitLocker -description: Helping End Users Manage BitLocker -author: dansimp -ms.assetid: 47776fb3-2d94-4970-b687-c35ec3dd6c64 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Helping End Users Manage BitLocker - - -Content on a lost or stolen computer is vulnerable to unauthorized access, which can present a security risk to both people and companies. Microsoft BitLocker Administration and Monitoring (MBAM) uses BitLocker to help prevent unauthorized access by locking your computer to help protect sensitive data from malicious users. - -## What is BitLocker? - - -BitLocker Drive Encryption can provide protection for operating system drives, data drives, and removable drives (such as a USB thumb drive) by encrypting the drives. Depending on how BitLocker is configured, users may have to provide a key (a password or PIN) to unlock the information that is stored on the encrypted drives. - -When you add new files to a drive that is encrypted with BitLocker, BitLocker encrypts them automatically. Files remain encrypted only while they are stored in the encrypted drive. Files that are copied to another drive or computer are decrypted. If you share files with other users, such as through a network, these files are encrypted while stored on the encrypted drive, but they can be accessed normally by authorized users. - -If you encrypt the operating system drive, BitLocker checks the computer during startup for any conditions that could represent a security risk (for example, a change to the BIOS or changes to any startup files). If a potential security risk is detected, BitLocker will lock the operating system drive and require a special BitLocker recovery key to unlock it. Make sure that you create this recovery key when you turn on BitLocker for the first time. Otherwise, you could permanently lose access to your files. - -If you encrypt data drives (fixed or removable), you can unlock an encrypted drive with a password or a smart card, or set the drive to automatically unlock when you log on to the computer. - -In addition to passwords and PINs, BitLocker can use the Trusted Platform Module (TPM) chip that is provided in many newer computers. The TPM chip is used to ensure that your computer has not been tampered with before BitLocker will unlock the operating system drive. During the encryption process, you may have to enable the TPM chip. When you start your computer, BitLocker asks the TPM for the keys to the drive and unlocks it. To enable the TPM chip, you will have to restart your computer and then change a setting in the BIOS, a pre-Windows layer of your computer software. For more information about the TPM, see [About the Computer TPM Chip](about-the-computer-tpm-chip.md). - -Once your computer is protected by BitLocker, you may have to enter a PIN or password every time that the computer wakes from hibernation or starts. The Help Desk for your company or organization can help if you ever forget your PIN or password. - -You can turn off BitLocker, either temporarily, by suspending it, or permanently, by decrypting the drive. - -**Note**   -Because BitLocker encrypts the whole drive and not just the individual files themselves, be careful when you move sensitive data between drives. If you move a file from a BitLocker-protected drive to a nonencrypted drive, the file will no longer be encrypted. - - - -## About the BitLocker Encryption Options Application - - -To unlock hard disk drives on your computer and to manage your PIN and passwords, use the BitLocker Encryption Options application in the Windows Control Panel by following the procedure outlined here. You can enter passwords to unlock protected drives and can check the BitLocker status of attached drives by using this application. - -**To open the BitLocker Encryption Options application** - -1. Click **Start**, and select **Control Panel**. The Control Panel opens in a new window. - -2. In **Control Panel**, select **System and Security**. - -3. Select **BitLocker Encryption Options** to open the BitLocker Encryption Options application. - - For a description of the available options, see the following section. - -## Options on the BitLocker Encryption Options Application - - -The BitLocker Encryption Options application on Control Panel lets you manage your PIN and passwords, which BitLocker uses to protect your computer. - -**BitLocker Drive Encryption – Fixed Disk Drives:** - -In this section, you can view information about hard disk drives connected to your computer and their current BitLocker Encryption status. - -- **Manage your PIN** - changes the PIN used by BitLocker to unlock your operating system drive. - -- **Manage your password** - changes the password that is used by BitLocker to unlock your other internal drives. - -**BitLocker Drive Encryption - External Drives:** - -In this section, you can view information about external drives (such as a USB thumb drive) connected to your computer, and their current BitLocker encryption status. - -- **Manage your password** - changes the password that is used by BitLocker to unlock your other internal drives. - -**Advanced:** - -- **TPM Administration** - opens the TPM Administration tool in a separate window. From here you can configure common TPM tasks and obtain information about the TPM chipset. You must have administrative permissions on your computer to access this tool. - -- **Disk Management** -open the Disk Management tool. From here you can view the information for all hard drives connected to the computer and configure partitions and drive options. You must have administrative rights on your computer to access this tool. - - - - - - - - - diff --git a/mdop/mbam-v2/high-availability-for-mbam-20-mbam-2.md b/mdop/mbam-v2/high-availability-for-mbam-20-mbam-2.md deleted file mode 100644 index 810ca0e569..0000000000 --- a/mdop/mbam-v2/high-availability-for-mbam-20-mbam-2.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: High Availability for MBAM 2.0 -description: High Availability for MBAM 2.0 -author: dansimp -ms.assetid: 244ee013-9e2a-48d2-b842-4e10594fd74f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# High Availability for MBAM 2.0 - - -This topic provides basic information about a highly available installation of Microsoft BitLocker Administration and Monitoring (MBAM). High-availability scenarios are not fully supported in this version of MBAM, so they are not described here. It is recommended that you search related blogs and forums, where users describe how they have successfully configured high availability for MBAM in their environments. - -## High Availability Scenarios for MBAM - - -Microsoft BitLocker Administration and Monitoring is designed to be fault-tolerant. If a server becomes unavailable, users should not be negatively affected. For example, if the MBAM agent cannot connect to the MBAM web server, users should not be prompted for action. - -When you plan your MBAM installation, consider the following items, which can affect the availability of the MBAM service: - -- Drive encryption and recovery password – If a recovery password cannot be escrowed, the encryption does not start on the client computer. - -- Compliance status data upload – If the server that hosts the compliance status report service is not available, the compliance data does not remain current. - -- Help Desk recovery key access - If the Help Desk cannot access MBAM database information, the Help Desk cannot provide recovery keys to users. - -- Availability of reports –If the server that hosts the Compliance and Audit Reports is not available, reports will not be available. - -## How the MBAM Backup Uses the Volume Shadow Copy Service (VSS) - - -MBAM 2.0 provides a Volume Shadow Copy Service (VSS) writer, called the Microsoft BitLocker Administration and Management Writer, which facilitates the backup of the Compliance and Audit Database and the Recovery Database. - -The MBAM Server Windows Installer registers the MBAM VSS Writer. Any failure during the VSS writer registration causes the MBAM Server installation to roll back. In a topology where the Compliance and Audit Database and the Recovery Database are installed on different servers, a separate instance of MBAM VSS Writer is registered on each server. The MBAM VSS Writer is dependent on the SQL Server VSS Writer. The SQL Server VSS Writer is registered as part of the Microsoft SQL Server installation. Any backup technology that uses VSS writers to perform backup can discover the MBAM VSS Writer. - -## Related topics - - -[Maintaining MBAM 2.0](maintaining-mbam-20-mbam-2.md) - -  - -  - - - - - diff --git a/mdop/mbam-v2/high-level-architecture-for-mbam-20-mbam-2.md b/mdop/mbam-v2/high-level-architecture-for-mbam-20-mbam-2.md deleted file mode 100644 index 99d1616b22..0000000000 --- a/mdop/mbam-v2/high-level-architecture-for-mbam-20-mbam-2.md +++ /dev/null @@ -1,83 +0,0 @@ ---- -title: High-Level Architecture for MBAM 2.0 -description: High-Level Architecture for MBAM 2.0 -author: dansimp -ms.assetid: 7f73dd3a-0b1f-4af6-a2f0-d0c5bc5d183a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# High-Level Architecture for MBAM 2.0 - - -Microsoft BitLocker Administration and Monitoring (MBAM) is a client/server solution that can help you simplify BitLocker provisioning and deployment, improve compliance and reporting on BitLocker, and reduce support costs. Microsoft BitLocker Administration and Monitoring includes the features that are described in this topic. - -Microsoft BitLocker Administration and Monitoring can be deployed in the Stand-alone topology, or in a topology that is integrated with Microsoft System Center Configuration Manager 2007 or Microsoft System Center 2012 Configuration Manager. This topic describes the architecture for the Stand-alone topology. For information about deploying in the integrated Configuration Manager topology, see [Using MBAM with Configuration Manager](using-mbam-with-configuration-manager.md). - -The following diagram shows the MBAM recommended architecture for a production environment, which consists of two servers and a management workstation. This architecture supports up to 200,000 MBAM clients. The server features and databases in the architecture image are described in the following section and are listed under the computer or server where we recommend that you install them. - -**Note**   -A single-server architecture should be used only in test environments. - - - -![mbam 2 two-server deployment topology](images/mbam2-3-servers.gif) - -## Administration and Monitoring Server - - -The following features are installed on this server: - -- **Administration and Monitoring Server**. The Administration and Monitoring Server feature is installed on a Windows server and consists of the Administration and Monitoring website, which includes the reports and the Help Desk Portal, and the monitoring web services. - -- **Self-Service Portal**. The Self-Service Portal is installed on a Windows server. The Self-Service Portal enables end users on client computers to independently log on to a website, where they can obtain a recovery key to recover a locked BitLocker volume. - -## Database Server - - -The following features are installed on this server: - -- **Recovery Database**. The Recovery Database is installed on a Windows server and a supported instance of Microsoft SQL Server. This database stores recovery data that is collected from MBAM client computers. - -- **Compliance and Audit Database**. The Compliance and Audit Database is installed on a Windows server and a supported instance of SQL Server. This database stores compliance data for MBAM client computers. This data is used primarily for reports that SQL Server Reporting Services (SSRS) hosts. - -- **Compliance and Audit Reports**. The Compliance and Audit Reports are installed on a Windows server and a supported instance of SQL Server that has the SQL Server Reporting Services (SSRS) feature installed. These reports provide MBAM reports that you can access from the Administration and Monitoring website or directly from the SSRS server. - -## Management Workstation - - -The following feature is installed on the Management workstation, which can be a Windows server or a client computer. - -- **Policy Template**. The Policy Template consists of Group Policy settings that define MBAM implementation settings for BitLocker drive encryption. You can install the Policy template on any server or workstation, but it is commonly installed on a management workstation, which is a supported Windows server or client computer. The workstation does not have to be a dedicated computer. - -## MBAM Client - - -The MBAM Client is installed on a Windows computer and has the following characteristics: - -- Uses Group Policy to enforce the BitLocker drive encryption of client computers in the enterprise. - -- Collects the recovery key for the three BitLocker data drive types: operating system drives, fixed data drives, and removable data (USB) drives. - -- Collects compliance data for the computer and passes the data to the reporting system. - -## Related topics - - -[Getting Started with MBAM 2.0](getting-started-with-mbam-20-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/how-to-brand-the-self-service-portal.md b/mdop/mbam-v2/how-to-brand-the-self-service-portal.md deleted file mode 100644 index e7b09a94a5..0000000000 --- a/mdop/mbam-v2/how-to-brand-the-self-service-portal.md +++ /dev/null @@ -1,105 +0,0 @@ ---- -title: How to Brand the Self-Service Portal -description: How to Brand the Self-Service Portal -author: dansimp -ms.assetid: 3ef9e951-7c42-4f7f-b131-3765d39b3207 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Brand the Self-Service Portal - - -After you install the Microsoft BitLocker Administration and Monitoring (MBAM) Self-Service Portal, you can brand the Self-Service Portal with your company name, Help Desk URL, and “notice” text. You can also change the Session Timeout setting to make the end user’s session expire after a specified period of inactivity. - -**To set the session time-out and branding for the Self-Service Portal** - -1. To set the time-out period for the end user’s session, start the **Internet Information Services Manager**, or run **inetmgr.exe**. - -2. Browse to **Sites** > **Microsoft BitLocker Administration and Monitoring** > **SelfService** > **ASP.NET** > **Session State**, and change the **Time-out** value under **Cookie Settings** to the number of minutes after which the end user’s Self-Service Portal session will expire. The default is 5. To disable the setting so that there is no time-out, set the value to **0**. - -3. To set the branding items for the Self-Service Portal, start the **Internet Information Services Manager**, or run **inetmgr.exe**. - -4. Browse to **Sites** > **Microsoft BitLocker Administration and Monitoring** > **SelfService** > **Application Settings**. - -5. From the **Name** column, select the item that you want to change, and change the default value to reflect the name that you want to use. The following table lists the values that you can set. - - **Caution** - Do not change the value in the Name column (CompanyName\*), as it will cause the Self-Service Portal to stop working. - - - -~~~ - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameDefault Value

CompanyName*

Contoso IT

HelpdeskText*

Contact Help Desk or IT Department

HelpdeskUrl*

Http://www.microsoft.com

jQueryPath

//ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.2.min.js

MicrosoftAjaxPath

//ajax.aspnetcdn.com/ajax/3.5/MicrosoftAjax.js

MicrosoftMvcAjaxPath

//ajax.aspnetcdn.com/ajax/mvc/2.0/MicrosoftMvcValidation.js

NoticeTextPath

Notice.txt

-
-Note -

You can edit the Notice text either by using the IIS Manager or by opening and changing the Notice.txt file in the installation directory.

-
-
- -
-~~~ - - - -## Related topics - - -[Deploying the MBAM 2.0 Server Infrastructure](deploying-the-mbam-20-server-infrastructure-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/how-to-create-or-edit-the-mof-files.md b/mdop/mbam-v2/how-to-create-or-edit-the-mof-files.md deleted file mode 100644 index c74822c16c..0000000000 --- a/mdop/mbam-v2/how-to-create-or-edit-the-mof-files.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: How to Create or Edit the mof Files -description: How to Create or Edit the mof Files -author: dansimp -ms.assetid: 4d19d707-b90f-4057-a6e9-e4221a607190 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Create or Edit the mof Files - - -Before you install Microsoft BitLocker Administration and Monitoring (MBAM) with Configuration Manager, you need to edit the Configuration.mof file. You also need to either edit or create the Sms\_def.mof file, depending on which version of Configuration Manager you are using. - -## Edit the Configuration.mof File - - -To enable the client computers to report BitLocker compliance details through the MBAM Configuration Manager reports, you have to edit the Configuration.mof file for Microsoft System Center Configuration Manager 2007 and System Center 2012 Configuration Manager. - -[Edit the Configuration.mof File](edit-the-configurationmof-file.md) - -## Create or Edit the Sms\_def.mof File - - -To enable the client computers to report BitLocker compliance details in the MBAM Configuration Manager reports, you have to create or edit the Sms\_def.mof file. In Configuration Manager 2007, the file already exists, so you need to edit, but not overwrite, the existing file. If you are using System Center 2012 Configuration Manager, you must create the file. - -[Create or Edit the Sms\_def.mof File](create-or-edit-the-sms-defmof-file.md) - -## Related topics - - -[Deploying MBAM with Configuration Manager](deploying-mbam-with-configuration-manager-mbam2.md) - -  - -  - - - - - diff --git a/mdop/mbam-v2/how-to-deploy-the-mbam-client-as-part-of-a-windows-deployment-mbam-2.md b/mdop/mbam-v2/how-to-deploy-the-mbam-client-as-part-of-a-windows-deployment-mbam-2.md deleted file mode 100644 index 59996d8297..0000000000 --- a/mdop/mbam-v2/how-to-deploy-the-mbam-client-as-part-of-a-windows-deployment-mbam-2.md +++ /dev/null @@ -1,124 +0,0 @@ ---- -title: How to Deploy the MBAM Client as Part of a Windows Deployment -description: How to Deploy the MBAM Client as Part of a Windows Deployment -author: dansimp -ms.assetid: 67387de7-8b02-4412-9850-3b8d8e5c18af -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Deploy the MBAM Client as Part of a Windows Deployment - - -The Microsoft BitLocker Administration and Monitoring (MBAM) Client enables administrators to enforce and monitor BitLocker drive encryption on computers in the enterprise. If computers that have a Trusted Platform Module (TPM) chip, the BitLocker client can be integrated into an organization by enabling BitLocker management and encryption on client computers as part of the imaging and Windows deployment process. - -**Note** -To review the Microsoft BitLocker Administration and Monitoring Client system requirements, see [MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md). - - - -Encrypting client computers with BitLocker during the initial imaging stage of a Windows deployment can lower the administrative overhead necessary for implementing MBAM in an organization. It also ensures that every computer that is deployed already has BitLocker running and is configured correctly. - -**Note** -The procedure in this topic describes modifying the Windows registry. Using Registry Editor incorrectly can cause serious problems that may require you to reinstall Windows. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. - - - -**To encrypt a computer as part of Windows deployment** - -1. If your organization is planning to use the Trusted Platform Module (TPM) protector or the TPM + PIN protector options in BitLocker, you must activate the TPM chip before the initial deployment of MBAM. When you activate the TPM chip, you avoid a reboot later in the process, and you ensure that the TPM chips are correctly configured according to the requirements of your organization. You must activate the TPM chip manually in the BIOS of the computer. - - **Note** - Some vendors provide tools to turn on and activate the TPM chip in the BIOS from within the operating system. Refer to the manufacturer documentation for more details about how to configure the TPM chip. - - - -2. Install the Microsoft BitLocker Administration and Monitoring client agent. - -3. Join the computer to a domain (recommended). - - - If the computer is not joined to the domain, the recovery password is not stored in the MBAM Key Recovery service. By default, MBAM does not allow encryption to occur unless the recovery key can be stored. - - - If a computer starts in recovery mode before the recovery key is stored on the MBAM Server, the computer has to be reimaged. No recovery method is available. - -4. Run the command prompt as an administrator, stop the MBAM service, and then set the service to **manual** or **on demand**, and then start by typing the following commands: - - **net stop mbamagent** - - **sc config mbamagent start= demand** - -5. Set the registry settings for the MBAM agent to ignore Group Policy and run the TPM for **operating system only encryption** by running **Regedit**, and then importing the registry key template from C:\\Program Files\\Microsoft\\MDOP MBAM\\MBAMDeploymentKeyTemplate.reg. - -6. In regedit, go to HKLM\\SOFTWARE\\Microsoft\\MBAM, and configure the settings that are listed in the following table. - - Registry entry - - Configuration settings - - DeploymentTime - - 0 = OFF - - 1 = Use deployment time policy settings (default) - - UseKeyRecoveryService - - 0 = Do not use key escrow ( the next two registry entries are not required in this case) - - 1 = Use key escrow in Key Recovery system (default) - - Recommended: The computer must be able to communicate with the Key Recovery service. Verify that the computer can communicate with the service before you proceed. - - KeyRecoveryOptions - - 0 = Uploads Recovery Key Only - - 1 = Uploads Recovery Key and Key Recovery Package (default) - - KeyRecoveryServiceEndPoint - - Set this value to the URL for the Key Recovery web server, for example, http://<computer name>/MBAMRecoveryAndHardwareService/CoreService.svc. - - - -~~~ -**Note** -MBAM policy or registry values can be set here to override previously set values. -~~~ - - - -7. The MBAM agent restarts the system during MBAM client deployment. When you are ready for this reboot, run the following command at a command prompt as an administrator: - - **net start mbamagent** - -8. When the computers restarts, and the BIOS prompts you to accept a TPM change, accept the change. - -9. During the Windows client operating system imaging process, when you are ready to start encryption, restart the MBAM agent service, and set start to **automatic** by running a command prompt as an administrator and typing the following commands: - - **sc config mbamagent start= auto** - - **net start mbamagent** - -10. Remove the bypass registry values by running Regedit and going to the HKLM\\SOFTWARE\\Microsoft registry entry. To delete the **MBAM** node, right-click the node and click **Delete**. - -## Related topics - - -[Deploying the MBAM 2.0 Client](deploying-the-mbam-20-client-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-2.md b/mdop/mbam-v2/how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-2.md deleted file mode 100644 index c7b5c03238..0000000000 --- a/mdop/mbam-v2/how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-2.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: How to Deploy the MBAM Client to Desktop or Laptop Computers -description: How to Deploy the MBAM Client to Desktop or Laptop Computers -author: dansimp -ms.assetid: 56744922-bfdd-48f6-ae01-645ff53b64a8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Deploy the MBAM Client to Desktop or Laptop Computers - - -The Microsoft BitLocker Administration and Monitoring (MBAM) client enables administrators to enforce and monitor BitLocker drive encryption on computers in the enterprise. The BitLocker client can be integrated into an organization by deploying the client through an electronic software distribution system, such as Active Directory Domain Services or Microsoft System Center Configuration Manager. - -**Note**   -To review the Microsoft BitLocker Administration and Monitoring Client system requirements, see [MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md). - - - -**To deploy the MBAM Client to desktop or laptop computers** - -1. Locate the MBAM client installation files that are provided with the MBAM software. - -2. Use Active Directory Domain Services or an enterprise software deployment tool like Microsoft System Center Configuration Manager to deploy the Windows Installer package to target computers. - -3. Configure the distribution settings or Group Policy to run the MBAM Client installation file. After successful installation, the MBAM Client applies the Group Policy settings that are received from a domain controller to begin BitLocker encryption and management functions. For more information about MBAM group policy settings, see [Planning for MBAM 2.0 Group Policy Requirements](planning-for-mbam-20-group-policy-requirements-mbam-2.md). - - **Important**   - The MBAM Client will not start BitLocker encryption actions if a remote desktop protocol connection is active. All remote console connections must be closed before BitLocker encryption will begin. - - - -## Related topics - - -[Deploying the MBAM 2.0 Client](deploying-the-mbam-20-client-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/how-to-determine-bitlocker-encryption-state-of-lost-computers-mbam-2.md b/mdop/mbam-v2/how-to-determine-bitlocker-encryption-state-of-lost-computers-mbam-2.md deleted file mode 100644 index 46c10f9c67..0000000000 --- a/mdop/mbam-v2/how-to-determine-bitlocker-encryption-state-of-lost-computers-mbam-2.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: How to Determine BitLocker Encryption State of Lost Computers -description: How to Determine BitLocker Encryption State of Lost Computers -author: dansimp -ms.assetid: dbd23b64-dff3-4913-9acd-affe67b9462e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Determine BitLocker Encryption State of Lost Computers - - -You can use Microsoft BitLocker Administration and Monitoring (MBAM) to determine the last known BitLocker encryption status of computers that were lost or stolen. The following procedure explains how to determine whether the volumes on a computer are encrypted if there is a loss or theft. - -**To determine the last known BitLocker encryption state of lost computers** - -1. Open a web browser and navigate to the Administration and Monitoring website. - - **Note**   - Note: The default address for the Administration and Monitoring website is http://*<computername>*. Using the fully qualified server name will yield faster browsing results. - - - -2. Selects the **Report** node from the navigation pane, and select the **Computer Compliance Report**. - -3. Use the filter fields in the right pane to narrow the search results, and then click **Search**. Results are shown below your search query. - -4. Take the appropriate action, as determined by your policy for lost devices. - - **Note**   - Device compliance is determined by the BitLocker policies that your enterprise has deployed. You may want to verify your deployed policies before you try to determine the BitLocker encryption state of a device. - - - -## Related topics - - -[Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/how-to-edit-mbam-20-gpo-settings-mbam-2.md b/mdop/mbam-v2/how-to-edit-mbam-20-gpo-settings-mbam-2.md deleted file mode 100644 index 457d479a15..0000000000 --- a/mdop/mbam-v2/how-to-edit-mbam-20-gpo-settings-mbam-2.md +++ /dev/null @@ -1,91 +0,0 @@ ---- -title: How to Edit MBAM 2.0 GPO Settings -description: How to Edit MBAM 2.0 GPO Settings -author: dansimp -ms.assetid: f5ffa93d-b4d2-4317-8a1c-7d2be0264fe3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Edit MBAM 2.0 GPO Settings - - -To successfully deploy Microsoft BitLocker Administration and Monitoring (MBAM), you first have to determine the Group Policies that you will use in your implementation of Microsoft BitLocker Administration and Monitoring. See [Planning for MBAM 2.0 Group Policy Requirements](planning-for-mbam-20-group-policy-requirements-mbam-2.md) for more information on the different policies that are available. After you have determined the policies that you are going to use, you then must modify one or more Group Policy Objects (GPO) that include the policy settings for MBAM. - -You can use the following steps to configure the basic, recommended GPO settings to enable MBAM to manage BitLocker encryption for your organization’s client computers. - -**To Edit MBAM Client GPO Settings** - -1. On a computer that has MBAM Group Policy template installed, make sure that MBAM services are enabled. - -2. Using the Group Policy Management Console (GPMC.msc) or the Advanced Group Policy Management (AGPM) MDOP product on a computer with the MBAM Group Policy template installed, select **Computer configuration**, choose **Policies**, click **Administrative Templates**, select **Windows Components**, and then click **MDOP MBAM (BitLocker Management)**. - -3. Edit the Group Policy Object settings that are required to enable MBAM Client services on client computers. For each policy in the table that follows, select **Policy Group**, click the **Policy**, and then configure the **Setting**: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Policy GroupPolicySetting

Client Management

Configure MBAM Services

Enabled. Set MBAM Recovery and Hardware service endpoint and Select BitLocker recovery information to store. Set MBAM compliance service endpoint and Enter status report frequency in (minutes).

Operating System Drive

Operating system drive encryption settings

Enabled. Set Select protector for operating system drive. Required to save operating system drive data to the MBAMKey Recovery server.

Removable Drive

Control Use of BitLocker on removable drives

Enabled. Required if MBAM will save removable drive data to the MBAM Key Recovery server.

Fixed Drive

Control Use of BitLocker on fixed drives

Enabled. Required if MBAM will save fixed drive data to the MBAM Key Recovery server.

-

Set Choose how BitLocker-protected drives can be recovered and Allow data recovery agent.

- - - -~~~ -**Important** -Depending on the policies that your organization decides to deploy, you may have to configure additional policies. See [Planning for MBAM 2.0 Group Policy Requirements](planning-for-mbam-20-group-policy-requirements-mbam-2.md) for Group Policy configuration details for all of the available MBAM GPO policy options. -~~~ - - - -## Related topics - - -[Deploying MBAM 2.0 Group Policy Objects](deploying-mbam-20-group-policy-objects-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/how-to-generate-mbam-reports-mbam-2.md b/mdop/mbam-v2/how-to-generate-mbam-reports-mbam-2.md deleted file mode 100644 index 601184d6e5..0000000000 --- a/mdop/mbam-v2/how-to-generate-mbam-reports-mbam-2.md +++ /dev/null @@ -1,115 +0,0 @@ ---- -title: How to Generate MBAM Reports -description: How to Generate MBAM Reports -author: dansimp -ms.assetid: 083550cb-8c3f-49b3-a30e-97d85374d2f4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Generate MBAM Reports - - -When you install Microsoft BitLocker Administration and Monitoring (MBAM) with the Stand-alone topology, you can generate different reports to monitor BitLocker encryption usage and compliance. The procedures in this topic describe how to open the Administration and Monitoring website and the steps that are needed to generate Microsoft BitLocker Administration and Monitoring reports on enterprise compliance, individual computers, and key recovery activity. For detailed information to help understand MBAM reports, see [Understanding MBAM Reports](understanding-mbam-reports-mbam-2.md). - -**Note**   -To run the reports, you must be a member of the **Report Users Role** on the computers where the Administration and Monitoring Server features, Compliance and Audit Database, and Compliance and Audit Reports are installed. - - - -**To open the Administration and Monitoring website** - -1. Open a web browser and navigate to the Administration and Monitoring website. The default URL for the Administration and Monitoring website is *http://<computername>*. - - **Note**   - If the Administration and Monitoring website was installed on a port other than 80, you have to specify the port in the URL (for example, *http://<computername>:<port>*. If you specified a host name for the Administration and Monitoring website during the installation, the URL is *http://<hostname>*. - - - -2. In the left pane, click **Reports** and then select the report you want to run from the top menu bar. - - Historical MBAM client data is retained in the compliance database for historical reference in case a computer is lost or stolen. When running enterprise reports, we recommend that you use appropriate start and end dates to scope the time frames for the reports from one to two weeks to increase reporting data accuracy. - - **Note**   - If SSRS was not configured to use Secure Socket Layer, the URL for the reports will be set to HTTP instead of to HTTPS when you install the MBAM Server. If you then go to the Help Desk portal and select a report, the following message displays: “Only Secure Content is Displayed.” To show the report, click **Show All Content**. - - - -**To generate an Enterprise Compliance Report** - -1. From the Administration and Monitoring website, select the **Reports** node from the left navigation pane, select **Enterprise Compliance Report**, and select the filters that you want to use. The available filters for the Enterprise Compliance Report are the following: - - - **Compliance Status**. Use this filter to specify the compliance status types (for example, Compliant, or Noncompliant) of the report. - - - **Error State**. Use this filter to specify the error state types (for example, No Error, or Error) of the report. - -2. Click **View Report** to display the selected report. - - Results can be saved in different formats, such as HTML, Microsoft Word, and Microsoft Excel. - - **Note**   - The Enterprise Compliance report is generated by a SQL job that runs every six hours. Therefore, the first time you view the report, you may find that some data is missing. You can generate updated report data manually by using SQL Management Studio. From the **Object Explorer** window, expand **SQL Server Agent**, expand **Jobs**, right-click the **CreateCache** job, and select **Start Job at Step….** - - - -3. Select a computer name to view information about the computer in the Computer Compliance Report. - -4. Select the plus sign (+) next to the computer name to view information about the volumes on the computer. - -**To generate the Computer Compliance Report** - -1. In the Administration and Monitoring website, select the **Report** node from the left navigation pane, and then select the **Computer Compliance Report**. Use the Computer Compliance report to search for **user name** or **computer name**. - -2. Click **View Report** to view the computer report. - - Results can be saved in different formats, such as HTML, Microsoft Word, and Microsoft Excel. - -3. Select a computer name to display more information about the computer in the Computer Compliance Report. - -4. Select the plus sign (+) next to the computer name to view information about the volumes on the computer. - - **Note**   - An MBAM client computer is considered compliant if the computer matches the requirements of the MBAM policy settings. - - - -**To generate the Recovery Key Audit Report** - -1. From the Administration and Monitoring website, select the **Report** node in the left navigation pane, and then select the **Recovery Audit Report**. Select the filters for your Recovery Key Audit report. The available filters for Recovery Key audits are as follows: - - - **Requestor**. This filter enables users to specify the user name of the requester. The requester is the person in the Help Desk who accessed the key on behalf of a user. - - - **Requestee**. This filter enables users to specify the user name of the requestee. The requestee is the person who called the Help Desk to obtain a recovery key. - - - **Request Result**. This filter enables users to specify the request result types (for example, Success or Failed) that they want to base the report on. For example, users may want to view failed key access attempts. - - - **Key Type**. This filter enables users to specify the Key Type (for example: Recovery Key Password or TPM Password Hash) that they want to base the report on. - - - **Start Date**. This filter is used to define the Start Date part of the date range that the user wants to report on. - - - **End Date**. This filter is used to define the End Date part of the date range that the users want to report on. - -2. Click **View Report** to view the report. - - Results can be saved in different formats, such as HTML, Microsoft Word, and Microsoft Excel. - -## Related topics - - -[Monitoring and Reporting BitLocker Compliance with MBAM 2.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-20-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/how-to-hide-default-bitlocker-encryption-in-the-windows-control-panel-mbam-2.md b/mdop/mbam-v2/how-to-hide-default-bitlocker-encryption-in-the-windows-control-panel-mbam-2.md deleted file mode 100644 index 73915791b9..0000000000 --- a/mdop/mbam-v2/how-to-hide-default-bitlocker-encryption-in-the-windows-control-panel-mbam-2.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: How to Hide Default BitLocker Encryption in the Windows Control Panel -description: How to Hide Default BitLocker Encryption in the Windows Control Panel -author: dansimp -ms.assetid: 6674aa51-2b5d-4e4a-8b43-2cc18d008285 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Hide Default BitLocker Encryption in the Windows Control Panel - - -Microsoft BitLocker Administration and Monitoring (MBAM) offers a customized control panel for Microsoft BitLocker Administration and Monitoring client computers, called BitLocker Encryption Options. This customized control panel can replace the default Windows BitLocker control panel, which is called BitLocker Drive Encryption. The customized control panel, which is in Control Panel under System and Security, enables users to manage their PIN and passwords and to unlock drives, and hides the interface that enables administrators to decrypt a drive or to suspend or resume BitLocker drive encryption. - -**To hide default BitLocker drive encryption in Windows Control Panel** - -1. In the Group Policy Management Console (GPMC), the Advanced Group Policy Management (AGPM), or the Local Group Policy Editor on the BitLocker Group Policies computer, browse to **User configuration**. - -2. Next, click **Policies**, select **Administrative Templates**, and then click **Control Panel**. - -3. Double-click **Hide specified Control Panel items** in the **Details** pane, and then select **Enabled**. - -4. Click **Show**, click **Add**, and then type **Microsoft.BitLockerDriveEncryption**. This policy hides the default Windows BitLocker Management tool from the Windows Control Panel and, in Control Panel, lets the user open the updated MBAM BitLocker Encryption Options tool under System and Security. - -## Related topics - - -[Deploying MBAM 2.0 Group Policy Objects](deploying-mbam-20-group-policy-objects-mbam-2.md) - -  - -  - - - - - diff --git a/mdop/mbam-v2/how-to-install-and-configure-mbam-on-a-single-server-mbam-2.md b/mdop/mbam-v2/how-to-install-and-configure-mbam-on-a-single-server-mbam-2.md deleted file mode 100644 index 593e8d34e5..0000000000 --- a/mdop/mbam-v2/how-to-install-and-configure-mbam-on-a-single-server-mbam-2.md +++ /dev/null @@ -1,206 +0,0 @@ ---- -title: How to Install and Configure MBAM on a Single Server -description: How to Install and Configure MBAM on a Single Server -author: dansimp -ms.assetid: 45e6a012-6c8c-4d90-902c-d09de9a0cbea -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Install and Configure MBAM on a Single Server - - -The procedures in this topic describe how to install Microsoft BitLocker Administration and Monitoring (MBAM) in the Stand-alone topology on a single server. Use the single-server configuration only in a test environment. For production environments, use two or more servers. If you are installing Microsoft BitLocker Administration and Monitoring by using the Configuration Manager topology, see [Deploying MBAM with Configuration Manager](deploying-mbam-with-configuration-manager-mbam2.md). - -The following diagram shows an example of a single-server architecture. For a description of the databases and features, see [High-Level Architecture for MBAM 2.0](high-level-architecture-for-mbam-20-mbam-2.md). - -![mbam 2 single server deployment topology](images/mbam2-1-server.gif) - -Each server feature has certain prerequisites. To verify that you have met the prerequisites and hardware and software requirements, see [MBAM 2.0 Deployment Prerequisites](mbam-20-deployment-prerequisites-mbam-2.md) and [MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md). In addition, some features also have information that must be provided during the installation process to successfully deploy the feature. You should also review [Preparing your Environment for MBAM 2.0](preparing-your-environment-for-mbam-20-mbam-2.md) before you start MBAM deployment. - -**Note** -To obtain the setup log files, you have use the Msiexec package and the **/L** <location> option to install MBAM. Log files are created in the location that you specify. - -Additional setup log files are created in the %temp% folder on the server of the user who is installing MBAM. - - - -## To install MBAM Server features on a single server - - -The following steps describe how to install general MBAM features. - -**To start the MBAM Server features installation** - -1. On the server where you want to install MBAM, run **MBAMSetup.exe** to start the MBAM installation wizard. - -2. On the **Welcome** page, optionally select the **Customer Experience Improvement Program**, and then click **Start**. - -3. Read and accept the Microsoft Software License Agreement, and then click **Next** to continue the installation. - -4. On the **Topology Selection** page, select the **Stand-alone** topology, and then click **Next**. - -5. On the **Select features to install** page, select the features that you want to install. By default, all MBAM features are selected for installation. Features that are to be installed on the same computer must be installed together at the same time. Clear the check boxes for any features that you want to install elsewhere. You must install MBAM features in the following order: - - - Recovery Database - - - Compliance and Audit Database - - - Compliance and Audit Reports - - - Self-Service Server - - - Administration and Monitoring Server - - - MBAM Group Policy template - - **Note** - The installation wizard checks the prerequisites for your installation and displays the prerequisites that are missing. If all of the prerequisites are met, the installation continues. If a missing prerequisite is detected, you have to resolve the missing prerequisites, and then click **Check prerequisites again**. If all prerequisites are met this time, the installation resumes. - - - -6. On the **Configure network communication security** page, choose whether to encrypt the communication between the Web Services on the Administration and Monitoring Server and the clients. If you decide to encrypt the communication, select the certification authority-provisioned certificate to use for encryption. The certificate must be created prior to this step to enable you to select it on this page. - - **Note** - This page appears only if you selected the Self-Service Portal or the Administration and Monitoring Server feature on the **Select features to install** page. - - - -7. Click **Next**, and then continue to the next set of steps to configure the MBAM Server features. - -**To configure the MBAM Server features** - -1. On the **Configure the Recovery database** page, specify the SQL Server instance name and the name of the database that will store the recovery data. You must also specify both where the database files will be located and where the log information will be located. - -2. Click **Next** to continue. - -3. On the **Configure the Compliance and Audit database** page, specify the SQL Server instance name and the name of the database that will store the compliance and audit data. You must also specify where the database files will be located and where the log information will be located. - -4. Click **Next** to continue. - -5. On the **Configure the Compliance and Audit Reports** page, specify the SQL Server Reporting Services instance where the Compliance and Audit reports will be installed, and provide a domain user account and password for accessing the Compliance and Audit database. Configure the password for this account to never expire. The user account should be able to access all data available to the MBAM Reports Users group. - -6. Click **Next** to continue. - -7. On the **Configure the Self-Service Portal** page, enter the port number, host name, virtual directory name, and installation path for the Self-Service Portal. - - **Note** - The port number that you specify must be an unused port number on the Administration and Monitoring Server unless you specify a unique host header name. If you are using Windows Firewall, the port will be opened automatically. - - - -8. Click **Next** to continue. - -9. Specify whether to use Microsoft Updates to help keep your computer secure, and then click **Next**. This does not turn on Automatic Updates in Windows. - -10. On the **Configure the Administration and Monitoring Server** page, enter the port number, host name, virtual directory name, and installation path for the Help Desk website. - - **Note** - The port number that you specify must be an unused port number on the Administration and Monitoring Server unless you specify a unique host header name. If you are using Windows Firewall, the port will be opened automatically. - - - -11. On the **Installation Summary** page, review the list of features that will be installed, and click **Install** to start installing the MBAM features. Click **Back** to move back through the wizard if you have to review or change your installation settings, or click **Cancel** to exit Setup. Setup installs the MBAM features and notifies you that the installation is complete. - -12. Click **Finish** to exit the wizard. After the Microsoft BitLocker Administration and Monitoring Server features have been installed, continue to the next section and complete the steps have to add users to the Microsoft BitLocker Administration and Monitoring roles. For more information about roles, see [Planning for MBAM 2.0 Administrator Roles](planning-for-mbam-20-administrator-roles-mbam-2.md). - -**To perform post-installation configuration** - -1. On the Administration and Monitoring Server, add users to the following local groups to give them access to the MBAM Help Desk website features: - - - **MBAM Helpdesk Users**: Members of this local group can access the Drive Recovery and Manage TPM features on the MBAM Administration and Monitoring website. All fields in Drive Recovery and Manage TPM are required fields for a Helpdesk User. - - - **MBAM Advanced Helpdesk Users**: Members of this local group have advanced access to the Drive Recovery and Manage TPM features on the MBAM Administration and Monitoring website. For Advanced Helpdesk Users, only the **Key ID** field is required in Drive Recovery. In Manage TPM, only the **Computer Domain** field and **Computer Name** field are required. - -2. On the Administration and Monitoring Server, add users to the following local group to enable them to access the Reports feature on the MBAM Administration and Monitoring website: - - - **MBAM Report Users**: Members of this local group can access the Reports features on the MBAM Administration and Monitoring website. - - - Brand the Self-Service Portal with your company name, notice text, and other company-specific information. For instructions, see [How to Brand the Self-Service Portal](how-to-brand-the-self-service-portal.md). - - **Note** - Identical user or group membership of the **MBAM Report Users** local group must be maintained on all computers where the MBAM Administration and Monitoring Server features, Compliance and Audit Database, and Compliance and Audit Reports are installed. The recommended way to do this is to create a domain security group and add that domain group to each local MBAM Report Users group. When you use this process, manage the group memberships by way of the domain group. - - - -## Validating the MBAM Server feature installation - - -When the Microsoft BitLocker Administration and Monitoring installation is completed, validate that the installation has successfully set up all the necessary MBAM features that are required for BitLocker management. Use the following procedure to confirm that the MBAM service is functional. - -**To validate the MBAM Server feature installation** - -1. On each server where a MBAM feature is deployed, open **Control Panel**. Select **Programs**, and then select **Programs and Features**. Verify that **Microsoft BitLocker Administration and Monitoring** appears in the **Programs and Features** list. - - **Note** - To validate the installation, you must use a domain account that has local computer administrative credentials on each server. - - - -2. On the server where the Recovery Database is installed, open SQL Server Management Studio, and verify that the **MBAM Recovery and Hardware** database is installed. - -3. On the server where the Compliance and Audit Database is installed, open SQL Server Management Studio, and verify that the **MBAM Compliance Status Database** is installed. - -4. On the server where the Compliance and Audit Reports are installed, open a web browser with administrative credentials and browse to the “Home” of the SQL Server Reporting Services site. - - The default Home location of a SQL Server Reporting Services site instance is at http://<NameofMBAMReportsServer>/Reports. To find the actual URL, use the Reporting Services Configuration Manager tool and select the instances that are specified during setup. - - Confirm that a Reports folder named Microsoft BitLocker Administration and Monitoring contains a data source called **MaltaDataSource** and that an **en-us** folder contains four reports. - - **Note** - If SQL Server Reporting Services was configured as a named instance, the URL should resemble the following: http://*<NameofMBAMReportsServer>*/Reports\_*<SRSInstanceName>* - - - -~~~ -**Note** -If SSRS was not configured to use Secure Socket Layer (SSL), the URL for the reports will be set to HTTP instead of HTTPS when you install the MBAM Server. If you then go to the Administration and Monitoring website and select a report, the following message appears: “Only Secure Content is Displayed.” To show the report, click **Show All Content**. -~~~ - - - -5. On the server where the Administration and Monitoring feature is installed, run **Server Manager** and browse to **Roles**. Select **Web Server (IIS)**, and then click **Internet Information Services (IIS) Manager.** - -6. In **Connections,** browse to *<computername>*, select **Sites**, and then select **Microsoft BitLocker Administration and Monitoring**. Verify that **MBAMAdministrationService**, **MBAMUserSupportService**, **MBAMComplianceStatusService**, and **MBAMRecoveryAndHardwareService** are listed. - -7. On the server where the Administration and Monitoring features and Self-Service Portal are installed, open a web browser with administrative credentials and browse to the following locations to verify that they load successfully: - - - *http://<hostname>/HelpDesk/default.aspx* and confirm each of the links for navigation and reports - - - *http://<hostname>/SelfService>/* - - - *http://<computername>/MBAMAdministrationService/AdministrationService.svc* - - - *http://<hostname>/MBAMUserSupportService/UserSupportService.svc* - - - *http://<computername>/MBAMComplianceStatusService/StatusReportingService.svc* - - - *http://<computername>/MBAMRecoveryAndHardwareService/CoreService.svc* - - **Note** - It is assumed that the server features were installed on the default port without network encryption. If you installed the server features on a different port or virtual directory, change the URLs to include the appropriate port, for example, *http://<hostname>:<port>/HelpDesk/default.asp*x or*http://<hostname>:<port>/<virtualdirectory>/default.aspx* - - If the server features were installed with network encryption, change http:// to https://. - - - -## Related topics - - -[Deploying the MBAM 2.0 Server Infrastructure](deploying-the-mbam-20-server-infrastructure-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/how-to-install-and-configure-mbam-on-distributed-servers-mbam-2.md b/mdop/mbam-v2/how-to-install-and-configure-mbam-on-distributed-servers-mbam-2.md deleted file mode 100644 index c4e74fd53a..0000000000 --- a/mdop/mbam-v2/how-to-install-and-configure-mbam-on-distributed-servers-mbam-2.md +++ /dev/null @@ -1,345 +0,0 @@ ---- -title: How to Install and Configure MBAM on Distributed Servers -description: How to Install and Configure MBAM on Distributed Servers -author: dansimp -ms.assetid: 67b91e6b-ae2e-4e47-9ef2-6819aba95976 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Install and Configure MBAM on Distributed Servers - - -The procedures in this topic describe how to install Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 in the Stand-alone topology on distributed servers. To see a diagram of the recommended architecture, along with a description of the databases and features, see [Deploying the MBAM 2.0 Server Infrastructure](deploying-the-mbam-20-server-infrastructure-mbam-2.md). To install Microsoft BitLocker Administration and Monitoring with the Configuration Manager topology, see [Deploying MBAM with Configuration Manager](deploying-mbam-with-configuration-manager-mbam2.md). - -Each server feature has certain prerequisites. To verify that you have met the prerequisites and hardware and software requirements, see [MBAM 2.0 Deployment Prerequisites](mbam-20-deployment-prerequisites-mbam-2.md) and [MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md). In addition, some features require that you provide certain information during the installation process to successfully deploy the feature. You should also review [Planning for MBAM 2.0 Server Deployment](planning-for-mbam-20-server-deployment-mbam-2.md) before you start the MBAM deployment. - -**Note** -To obtain the setup log files, you have to use the Msiexec package and the **/L** <location> option to install MBAM. Log files are created in the location that you specify. - -Additional setup log files are created in the %temp% folder on the server of the user who is installing MBAM. - - - -## Deploying MBAM Server Features - - -The following steps describe how to install general MBAM features. - -**To start the MBAM Server installation wizard** - -1. On the server where you want to install Microsoft BitLocker Administration and Monitoring, run **MBAMSetup.exe** to start the MBAM installation wizard. - -2. On the **Welcome** page, optionally select the **Customer Experience Improvement Program**, and then click **Start**. - -3. Read and accept the Microsoft Software License Agreement, and then click **Next** to continue the installation. - -4. On the **Topology Selection** page, select the **Stand-alone** topology, and then click **Next**. - - **Note** - If you want to install MBAM with the Configuration Manager integrated topology, see [Deploying MBAM with Configuration Manager](deploying-mbam-with-configuration-manager-mbam2.md). - - - -5. Select the features that you want to install. By default, all MBAM features are selected for installation. Clear the features that you want to install elsewhere. Features that will be installed on the same computer must be installed together at the same time. You must install MBAM features in the following order: - - - Recovery Database - - - Compliance and Audit Database - - - Compliance and Audit Reports - - - Self-Service Portal - - - Administration and Monitoring Server - - - MBAM Group Policy template - - **Note** - The installation wizard checks the prerequisites for your installation and displays the prerequisites that are missing. If all of the prerequisites are met, the installation continues. If a missing prerequisite is detected, you have to resolve the missing prerequisites, and then click **Check prerequisites again**. If all prerequisites are met this time, the installation resumes. - - - -~~~ -The MBAM Setup wizard displays installation pages for the features that you select. The following sections describe the installation procedures for each feature. - -**Note** -For the following instructions, it is assumed that each feature is to be installed on a separate server. If you install multiple features on a single server, you can change or eliminate some steps. -~~~ - - - -**To install the Recovery Database** - -1. On the **Configure the Recovery database** page, specify the names of the computers that will be running the Administration and Monitoring Server feature. After the Administration and Monitoring Server feature is deployed, it uses its domain account to connect to the database. - -2. Click **Next** to continue. - -3. Specify the SQL Server instance name and the name of the database that will store the recovery data. You must also specify both where the database will be located and where the log information will be located. - -4. Click **Next** to continue with the MBAM Setup wizard. - -**To install the Compliance and Audit Database** - -1. On the **Configure the Compliance and Audit Database** page, specify the user account that will be used to access the database for reports. - -2. Specify the computer names of the computers that will be running the Administration and Monitoring Server and the Compliance and Audit Reports. After the Administration and Monitoring and the Compliance and Audit Reports Server are deployed, they use their domain accounts to connect to the databases. - - **Note** - If you are installing the Compliance and Audit Database without the Compliance and Audit Reports feature, you must add an exception on the Compliance and Audit Database computer to enable inbound traffic on the Microsoft SQL Server port. The default port number is 1433. - - - -3. Specify the SQL Server instance name and the name of the database that will store the compliance and audit data. You must also specify where the database and log information will be located. - -4. Click **Next** to continue with the Microsoft BitLocker Administration and Monitoring Setup wizard. - -**To install the Compliance and Audit Reports** - -1. On the **Configure the Compliance and Audit Reports** page, specify the remote SQL Server instance name (for example, <ServerName>) where the Compliance and Audit Database was installed. - - **Note** - If you are installing the Compliance and Audit Reports without the Administration and Monitoring Server, you must add an exception on the Compliance and Audit Report computer to enable inbound traffic on the Reporting Server port (the default port is 80). - - - -2. Specify the name of the Compliance and Audit Database. By default, the database name is MBAM Compliance Status, although you can change the name when you install the Compliance and Audit Database. - -3. Click **Next** to continue. - -4. Select the instance of SQL Server Reporting Services where the Compliance and Audit Reports will be installed. Provide a domain user account and password to access the Compliance and Audit Database. Configure the password for this account to never expire. The user account should be able to access all data that is available to the MBAM Reports Users group. - -5. Click **Next** to continue with the Microsoft BitLocker Administration and Monitoring Setup wizard. - -**To install the Self-Service Portal** - -1. On the **Configure the Self-Service Portal** page, you can optionally encrypt the communication between the Self-Service Portal and the Administration and Monitoring servers. If you choose the option to encrypt the communication, you are prompted to select the certification authority-provisioned certificate to use for encryption. - -2. Click **Next** to continue. - -3. Specify the remote instance of SQL Server (for example, *<ServerName>*) where the Compliance and Audit Database was installed. - -4. Specify the name of the Compliance and Audit Database. By default, the database name is MBAM Compliance Status. However, you can change the name when you install the Compliance and Audit Database. - -5. Click **Next** to continue. - -6. Specify the remote instance of SQL Server (for example, *<ServerName>*) where the Recovery Database was installed. - -7. Specify the name of the Recovery Database. By default, the database name is **MBAM Recovery and Hardware**. However, you can change the name when you install the Recovery Database feature. - -8. Click **Next** to continue. - -9. Enter the **Port Number**, the **Host Name** (optional), and the **Installation Path** for the MBAM Administration and Monitoring Server. - - **Note** - The port number that you specify must be an unused port number on the Administration and Monitoring server unless you specify a unique host header name. If you are using Windows Firewall, the port will be opened automatically. - - - -10. To optionally register a Service Principal Name (SPN) for the Self-Service Portal, select **Register this machine’s Service Principal Names (SPN) with Active Directory (Required for Windows Authentication)**. If you select this check box, MBAM Setup will not try to register the existing SPNs, and you can manually register the SPN before or after the MBAM installation. For instructions on registering the SPN manually, see [Manual SPN Registration](https://go.microsoft.com/fwlink/?LinkId=286758). - -11. Click **Next** to continue with the Microsoft BitLocker Administration and Monitoring Setup wizard. - -12. Specify whether to use Microsoft Updates to help keep your computer secure, and then click **Next**. - -13. When the selected MBAM feature information is completed, you are ready to start the MBAM installation by using the Setup wizard. Click **Back** to move through the wizard if you have to review or change your installation settings. Click **Install** to start the installation. Click **Cancel** to exit the wizard. Setup installs the MBAM features that you selected and notifies you that the installation is finished. - -14. Click **Finish** to exit the wizard. - - **Note** - To configure the Self-Service Portal after you installed it, brand the Self-Service Portal with your company name and other company-specific information, see [How to Brand the Self-Service Portal](how-to-brand-the-self-service-portal.md) for instructions. - - - -15. If the client computers have access to the Microsoft Content Delivery Network (CDN), which gives the Self-Service Portal the required access to certain JavaScript files, you are finished with the Self-Service Portal installation. If the client computers does not have access to the Microsoft CDN, complete the steps in the next section to configure the Self-Service Portal to reference the JavaScript files from an accessible source. - -**To configure the Self-Service Portal when end users cannot access the Microsoft Content Delivery Network** - -1. If the client computers have access to the Microsoft Content Delivery Network (CDN), which gives the Self-Service Portal the required access to certain JavaScript files, the Self-Service Portal installation is completed. If the client computers do not have access to the Microsoft CDN, complete the remaining steps in this section to configure the Self-Service Portal to reference the JavaScript files from an accessible source. - -2. Download the four JavaScript files from the Microsoft CDN: - - - jQuery-1.7.2.min.js - [https://go.microsoft.com/p/fwlink/?LinkID=271736](https://go.microsoft.com/fwlink/p/?LinkID=271736) - - - MicrosoftAjax.js –[https://go.microsoft.com/p/fwlink/?LinkId=272283](https://go.microsoft.com/fwlink/p/?LinkId=272283) - - - MicrosoftMvcAjax.js - [https://go.microsoft.com/p/fwlink/?LinkId=272284](https://go.microsoft.com/fwlink/p/?LinkId=272284) - - - MicrosoftMvcValidation.js - - -3. Copy the JavaScript files to the **Scripts** directory of the Self-Service Portal. This directory is located in <MBAM Self-Service Install Directory>\\Self Service Website\\Scripts. - -4. Open **Internet Information Services (IIS) Manager**. - -5. Expand **Sites** > **Microsoft BitLocker Administration and Monitoring**, and highlight **SelfService**. - - **Note** - *SelfService* is the default virtual directory name. If you chose a different name for this directory during installation, remember to replace *SelfService* in the rest of these instructions with the name you chose. - - - -6. In the middle pane, double-click **Application Settings**. - -7. For each item in the following list, edit the application settings to reference the new location by replacing <virtual directory> with /SelfService/ (or the name you chose during installation). For example, the virtual directory path will be similar to /selfservice/scripts/jquery-1.7.2.min.js. - - - jQueryPath: /<virtual directory>/Scripts/ jQuery-1.7.2.min.js - - - MicrosoftAjaxPath: /<virtual directory>/Scripts/ MicrosoftAjax.js - - - MicrosoftMvcAjaxPath: /<virtual directory>/Scripts/ MicrosoftMvcAjax.js - - - MicrosoftMvcValidationPath: /<virtual directory>/Scripts/ MicrosoftMvcValidation.js - -**To install the Administration and Monitoring Server feature** - -1. MBAM can encrypt the communication between the Web Services and the Administration and Monitoring servers. If you choose the option to encrypt the communication, you are prompted to select the certification authority-provisioned certificate to use for encryption. - -2. Click **Next** to continue. - -3. Specify the remote instance of SQL Server (for example: *<ServerName>*) where the Compliance and Audit Database was installed. - -4. Specify the name of the Compliance and Audit Database. By default, the database name is MBAM Compliance Status. However, you can change the name when you install the Compliance and Audit Database. - -5. Click **Next** to continue. - -6. Specify the remote instance of SQL Server (for example: *<ServerName>*) where the Recovery Database was installed. - -7. Specify the name of the Recovery Database. By default, the database name is **MBAM Recovery and Hardware**. However, you can change the name when you install the Recovery Database feature. - -8. Click **Next** to continue. - -9. Specify the URL for the “Home” of the SQL Server Reporting Services (SRS) site. The default Home location of a SQL Server Reporting Services site instance is at: - - http://<NameofMBAMReportsServer>/ReportServer - - **Note** - If SQL Server Reporting Services was configured as a named instance, the URL resembles the following: http://*<NameofMBAMReportsServer>*/ReportServer\_*<SRSInstanceName>*. - - - -10. Click **Next** to continue. - -11. Enter the **Port Number**, the **Host Name** (optional), and the **Installation Path** for the MBAM Administration and Monitoring Server. - - **Note** - The port number that you specify must be an unused port number on the Administration and Monitoring server unless you specify a unique host header name. If you are using Windows Firewall, the port will be opened automatically. - - - -12. To optionally register a Service Principal Name (SPN) for the Self-Service Portal, select **Register this machine’s Service Principal Names (SPN) with Active Directory (Required for Windows Authentication)**. If you select this check box, MBAM Setup will not try to register the existing SPNs, and you can manually register the SPN before or after the MBAM installation. For instructions on registering the SPN manually, see [Manual SPN Registration](https://go.microsoft.com/fwlink/?LinkId=286758). - -13. Click **Next** to continue with the Microsoft BitLocker Administration and Monitoring Setup wizard. - -14. Specify whether to use Microsoft Updates to help keep your computer secure, and then click **Next**. - -15. When the selected MBAM feature information is completed, you are ready to start the MBAM installation by using the Setup wizard. Click **Back** to move through the wizard if you have to review or change your installation settings. Click **Install** to being the installation. Click **Cancel** to exit the wizard. Setup installs the MBAM features that you selected and notifies you that the installation is finished. - -16. Click **Finish** to exit the wizard. - -**To perform post-installation configuration** - -1. On the Administration and Monitoring Server, add users to the following local groups to give them access to the features on the MBAM Administration and Monitoring website. - - - **MBAM Helpdesk Users**: Members of this local group can access the Drive Recovery and Manage TPM features on the MBAM Administration and Monitoring website. All fields in Drive Recovery and Manage TPM are required fields for a Helpdesk User. - - - **MBAM Advanced Helpdesk Users**: Members of this local group have advanced access to the Drive Recovery and Manage TPM features on the MBAM Administration and Monitoring website. For Advanced Helpdesk Users, only the Key ID field is required in Drive Recovery. In **Manage TPM**, only the **Computer Domain** field and **Computer Name** field are required. - -2. On the server that hosts Administration and Monitoring Server and the Compliance and Audit Database and on the server that hosts the Compliance and Audit Reports, add users to the following local group to give them access to the Reports feature on the MBAM Administration and Monitoring website. - - - **MBAM Report Users**: Members of this local group can access the reports on the MBAM Administration and Monitoring website. - - **Note** - Identical user or group membership of the **MBAM Report Users** local group must be maintained on all computers where the MBAM Administration and Monitoring Server features, Compliance and Audit Database, and the Compliance and Audit Reports are installed. - - - -## Validating the MBAM Server Feature Installation - - -When Microsoft BitLocker Administration and Monitoring Server feature installation is completed, we recommend that you validate that the installation has successfully set up all the necessary features for MBAM. Use the following procedure to confirm that the Microsoft BitLocker Administration and Monitoring service is functional. - -**To validate an MBAM Server installation** - -1. On each server where an MBAM feature is deployed, open **Control Panel**, select **Programs**, and then select **Programs and Features**. Verify that **Microsoft BitLocker Administration and Monitoring** appears in the **Programs and Features** list. - - **Note** - To validate the MBAM installation, you must use a domain account that has local computer administrative credentials on each server. - - - -2. On the server where the Recovery Database is installed, open SQL Server Management Studio and verify that the **MBAM Recovery and Hardware** database is installed. - -3. On the server where the Compliance and Audit Database is installed, open SQL Server Management Studio and verify that the **MBAM Compliance Status Database** is installed. - -4. On the server where the Compliance and Audit Reports are installed, open a web browser with administrative credentials and browse to the “Home” of the SQL Server Reporting Services site. - - The default Home location of a SQL Server Reporting Services site instance can be found is at http://<NameofMBAMReportsServer>/Reports.aspx. To find the actual URL, use the Reporting Services Configuration Manager tool and select the instances that were specified during setup. - - Confirm that a reports folder named **Microsoft BitLocker Administration and Monitoring** contains a data source called **MaltaDataSource** and that an **en-us** folder contains four reports. - - **Note** - If SQL Server Reporting Services was configured as a named instance, the URL should resemble the following:http://*<NameofMBAMReportsServer>*/Reports\_*<SRSInstanceName>* - - - -~~~ -**Note** -If SSRS was not configured to use Secure Socket Layer (SSL), the URL for the reports will be set to HTTP instead of HTTPS when you install the MBAM Server. If you then go to the Administration and Monitoring website and select a report, the following message appears: “Only Secure Content is Displayed.” To show the report, click **Show All Content**. -~~~ - - - -5. On the server where the Administration and Monitoring feature is installed, run **Server Manager** and browse to **Roles**. Select **Web Server (IIS)**, and then click **Internet Information Services (IIS) Manager**. - -6. In **Connections**, browse to *<computername>*, select **Sites**, and select **Microsoft BitLocker Administration and Monitoring**. Verify that **MBAMAdministrationService**, **MBAMComplianceStatusService**, and **MBAMRecoveryAndHardwareService** are listed. - -7. On the server where the Administration and Monitoring features and Self-Service Portal are installed, open a web browser with administrative credentials and browse to the following locations to verify that they load successfully. - - **Note** - The URLs ending in “.svc” do not display a website. Success is indicated by the message “Metadata publishing for this service is currently disabled” or by information resembling code. If you see some other error message or if the page cannot be found, the page has not loaded successfully. - - - -~~~ -- *http://<hostname>/HelpDesk/default.aspx* and confirm each of the links for navigation and reports - -- *http://<hostname>/SelfService>/* - -- *http://<computername>/MBAMAdministrationService/AdministrationService.svc* - -- *http://<hostname>/MBAMUserSupportService/UserSupportService.svc* - -- *http://<computername>/MBAMComplianceStatusService/StatusReportingService.svc* - -- *http://<computername>/MBAMRecoveryAndHardwareService/CoreService.svc* - -**Note** -It is assumed that the server features were installed on the default port without network encryption. If you installed the server features on a different port or virtual directory, change the URLs to include the appropriate port, for example, *http://<hostname>:<port>/HelpDesk/default.aspx* or*http://<hostname>:<port>/<virtualdirectory>/default.aspx* - -If the server features were installed with network encryption, change http:// to https://. -~~~ - - - -8. Verify that each webpage loads successfully. - -## Related topics - - -[Deploying the MBAM 2.0 Server Infrastructure](deploying-the-mbam-20-server-infrastructure-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/how-to-install-mbam-with-configuration-manager.md b/mdop/mbam-v2/how-to-install-mbam-with-configuration-manager.md deleted file mode 100644 index ef5c19da6f..0000000000 --- a/mdop/mbam-v2/how-to-install-mbam-with-configuration-manager.md +++ /dev/null @@ -1,149 +0,0 @@ ---- -title: How to Install MBAM with Configuration Manager -description: How to Install MBAM with Configuration Manager -author: dansimp -ms.assetid: fd0832e4-3b79-4e56-9550-d2f396be6d09 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Install MBAM with Configuration Manager - - -This section describes the steps to install MBAM with Configuration Manager by using the recommended configuration, which is illustrated in [Getting Started - Using MBAM with Configuration Manager](getting-started---using-mbam-with-configuration-manager.md). The steps are divided into the following tasks: - -- Install and configure MBAM on the Configuration Manager Server - -- Install the Recovery and Audit Databases on the Database Server - -- Install the Administration and Monitoring Server features on the Administration and Monitoring Server - -Before you begin the installation, ensure that you have edited or created the necessary mof files. For instructions, see [How to Create or Edit the mof Files](how-to-create-or-edit-the-mof-files.md). - -**Important**   -If you are using a non-default SQL Server Reporting Services (SSRS) instance, you must start the MBAM Setup by using the following command line to specify the SSRS named instance: - -`MbamSetup.exe CM_SSRS_INSTANCE_NAME=` - - - -**To install MBAM on the Configuration Manager Server** - -1. On the Configuration Manager Server, run **MBAMSetup.exe** to start the MBAM installation wizard. - - **Note**   - To obtain the setup log files, you have to use the Msiexec package and the **/L** <location> option to install Configuration Manager. Log files are created in the location that you specify. - - Additional setup log files are created in the %temp% folder on the computer of the user who is installing Configuration Manager. - - - -2. On the **Welcome** page, optionally select the **Customer Experience Improvement Program**, and then click **Start**. - -3. Read and accept the Microsoft Software License Agreement, and then click **Next** to continue the installation. - -4. On the **Topology Selection** page, select **System Center Configuration Manager Integration**, and then click **Next**. - -5. On the **Select features to install** page, select **System Center Configuration Manager Integration**. - - **Note**   - On the **Checking Prerequisites** page, click **Next** after the installation wizard checks the prerequisites for your installation and confirms that none are missing. If a missing prerequisite is detected, you have to resolve the missing prerequisites, and then click **Check prerequisites again.** - - - -6. Specify whether to use Microsoft Updates to help keep your computer secure, and then click **Next**. Using Microsoft Updates does not turn on Automatic Updates in Windows. - -7. Click **Next** to continue. - -8. On the **Installation Summary** page, review the list of features that will be installed, and click **Install** to start installing the MBAM features. Click **Back** to move back through the wizard if you have to review or change your installation settings, or click **Cancel** to exit Setup. Setup installs the MBAM features and notifies you that the installation is completed. - -9. Click **Finish** to exit the wizard. - -**To install the Recovery and Audit Databases on the Database Server** - -1. On the Database Server, run **MBAMSetup.exe** to start the MBAM installation wizard. - -2. On the **Welcome** page, optionally select the **Customer Experience Improvement Program**, and then click **Start**. - -3. Read and accept the Microsoft Software License Agreement, and then click **Next** to continue the installation. - -4. On the **Topology Selection** page, select the **System Center Configuration Manager Integration** topology, and then click **Next**. - -5. From the list of features to install, select **Recovery Database** and **Audit Database**, and clear the remaining features. - - **Note**   - The installation wizard checks the prerequisites for your installation and displays the prerequisites that are missing. If all of the prerequisites are met, the installation continues. If a missing prerequisite is detected, you have to resolve the missing prerequisites, and then click **Check prerequisites again**. If all prerequisites are met this time, the installation resumes. - - - -6. On the **Configure the Recovery Database** page, specify the names of the computers that will be running the Administration and Monitoring Server feature. After the Administration and Monitoring Server feature is deployed, it uses its domain account to connect to the database. - -7. Click **Next** to continue. - -8. Specify the SQL Server instance name and the name of the database that will store the recovery data. You must also specify both where the database will be located and where the log information will be located. - -9. Click **Next** to continue with the MBAM Setup installation wizard. - -10. On the **Configure the Audit Database** page, specify the user account that will be used to access the database for reports. - -11. Specify the computer names of the computers that will be running the Administration and Monitoring Server and the Audit Reports. After the Administration and Monitoring and the Audit Reports features are deployed, their domain accounts will be used to connect to the databases. - - **Note**   - If you are installing the Audit Database without the Audit Reports feature, you must add an exception on the Audit Database computer to enable inbound traffic on the Microsoft SQL Server port. The default port number is 1433. - - - -12. Specify the SQL Server instance name and the name of the database that will store the audit data. You must also specify where the database and log information will be located. - -13. Click **Install** to start the installation, and then click **Finish** to complete the installation. - -**To install the Administration and Monitoring Server features on the Administration and Monitoring Server** - -1. On the Administration and Monitoring Server, run **MBAMSetup.exe** to start the MBAM installation wizard. - -2. On the **Welcome** page, optionally select the **Customer Experience Improvement Program**, and then click **Start**. - -3. Read and accept the Microsoft Software License Agreement, and then click **Next** to continue the installation. - -4. On the **Topology Selection** page, select the **System Center Configuration Manager Integration** topology, and then click **Next**. - -5. From the list of features to install, select **Administration and Monitoring Server** and **Self-Service Portal**, and clear the remaining features. - - **Note**   - The installation wizard checks the prerequisites for your installation and displays the prerequisites that are missing. If all of the prerequisites are met, the installation continues. If a missing prerequisite is detected, you have to resolve the missing prerequisites, and then click **Check prerequisites again**. If all prerequisites are met this time, the installation resumes. - - - -6. Install the Self-Service Portal by following the steps in the **To install the Self-Service Portal** section in [How to Install and Configure MBAM on Distributed Servers](how-to-install-and-configure-mbam-on-distributed-servers-mbam-2.md). - - **Note**   - If the client computers will not have access to the Microsoft Content Delivery Network (CDN), which gives the Self-Service Portal the required access to certain JavaScript files, complete the steps in the **To configure the Self-Service Portal when end users cannot access the Microsoft Content Delivery Network** section [How to Install and Configure MBAM on Distributed Servers](how-to-install-and-configure-mbam-on-distributed-servers-mbam-2.md) to configure the Self-Service Portal to reference the JavaScript files from an accessible source. - - - -7. Install the Administration and Monitoring Server features by following the steps in the **To install the Administration and Monitoring Server feature** section in [How to Install and Configure MBAM on Distributed Servers](how-to-install-and-configure-mbam-on-distributed-servers-mbam-2.md). - -8. Click **Finish** to complete the installation. - -## Related topics - - -[How to Validate the MBAM Installation with Configuration Manager](how-to-validate-the-mbam-installation-with-configuration-manager.md) - -[Deploying MBAM with Configuration Manager](deploying-mbam-with-configuration-manager-mbam2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/how-to-install-the-mbam-20-group-policy-template-mbam-2.md b/mdop/mbam-v2/how-to-install-the-mbam-20-group-policy-template-mbam-2.md deleted file mode 100644 index 88d1e84dc4..0000000000 --- a/mdop/mbam-v2/how-to-install-the-mbam-20-group-policy-template-mbam-2.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -title: How to Install the MBAM 2.0 Group Policy Template -description: How to Install the MBAM 2.0 Group Policy Template -author: dansimp -ms.assetid: bc193232-d060-4285-842e-d194a74dd3c9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Install the MBAM 2.0 Group Policy Template - - -In addition to the server-related Microsoft BitLocker Administration and Monitoring (MBAM) features, the server setup application includes an Microsoft BitLocker Administration and Monitoring Group Policy template. This template can be installed on any computer capable of running the Group Policy Management Console (GPMC) or Advanced Group Policy Management (AGPM). - -The following steps describe how to install the MBAM Group Policy template. - -**Note**   -Make sure that you use the 32-bit setup on 32-bit servers and the 64-bit setup on 64-bit servers. - - - -**To install the MBAM Group Policy template** - -1. On the server where you want to install MBAM, run **MBAMSetup.exe** to start the MBAM installation wizard. - -2. On the **Welcome** page, optionally select the **Customer Experience Improvement Program**, and then click **Start**. - -3. Read and accept the Microsoft Software License Terms, and then click **Next** to continue the installation. - -4. By default, all Microsoft BitLocker Administration and Monitoring features are selected for installation. Clear all feature options except for **Policy Template**, and then click **Next** to continue the installation. - - **Note**   - The installation wizard checks the prerequisites for your installation and displays prerequisites that are missing. If all the prerequisites are met, the installation continues. If a missing prerequisite is detected, you have to resolve the missing prerequisites, and then click **Check prerequisites again**. Once all prerequisites are met, the installation will resume. - - - -5. For specific steps about how and where to install the templates, see [How to Download and Deploy MDOP Group Policy (.admx) Templates](https://technet.microsoft.com/library/dn659707.aspx). - -6. After the Microsoft BitLocker Administration and Monitoring Setup wizard displays installation pages for the selected features, click **Finish** to close MBAM Setup. - -## Related topics - - -[Deploying MBAM 2.0 Group Policy Objects](deploying-mbam-20-group-policy-objects-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/how-to-manage-mbam-administrator-roles-mbam-2.md b/mdop/mbam-v2/how-to-manage-mbam-administrator-roles-mbam-2.md deleted file mode 100644 index 4f2389ef54..0000000000 --- a/mdop/mbam-v2/how-to-manage-mbam-administrator-roles-mbam-2.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: How to Manage MBAM Administrator Roles -description: How to Manage MBAM Administrator Roles -author: dansimp -ms.assetid: 813ac0c4-3cf9-47af-b4cb-9395fd915e5c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Manage MBAM Administrator Roles - - -After Microsoft BitLocker Administration and Monitoring (MBAM) Setup is complete for all server features, administrative users will have to be granted access to them. As a best practice, administrators who will manage or use Microsoft BitLocker Administration and Monitoring Server features should be assigned to Domain Services security groups, and then those groups should be added to the appropriate MBAM administrative local group. - -**To manage MBAM Administrator Role memberships** - -1. Assign administrative users to security groups in Active Directory Domain Services. - -2. Add Active Directory security groups to the roles for MBAM administrative local groups on the MBAM server for the respective features. - - - **MBAM System Administrators** have access to all MBAM features in the MBAM Administration and Monitoring website. - - - **MBAM Helpdesk Users** have access to the Manage TPM and Drive Recovery options in the MBAM Administration and Monitoring website, but must fill in all fields when they use either option. - - - **MBAM Report Users** have access to the Compliance and Audit reports in the MBAM Administration and Monitoring website. - - - **MBAM Advanced Helpdesk Users** have access to the Manage TPM and Drive Recovery options in the MBAM Administration and Monitoring website, but are not required to fill in all fields when they use either option. - - For more information about roles for Microsoft BitLocker Administration and Monitoring, see [Planning for MBAM 2.0 Administrator Roles](planning-for-mbam-20-administrator-roles-mbam-2.md). - -## Related topics - - -[Administering MBAM 2.0 Features](administering-mbam-20-features-mbam-2.md) - -  - -  - - - - - diff --git a/mdop/mbam-v2/how-to-manage-mbam-client-bitlocker-encryption-options-by-using-the-control-panel-mbam-2.md b/mdop/mbam-v2/how-to-manage-mbam-client-bitlocker-encryption-options-by-using-the-control-panel-mbam-2.md deleted file mode 100644 index fafcf4f205..0000000000 --- a/mdop/mbam-v2/how-to-manage-mbam-client-bitlocker-encryption-options-by-using-the-control-panel-mbam-2.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: How to Manage MBAM Client BitLocker Encryption Options by Using the Control Panel -description: How to Manage MBAM Client BitLocker Encryption Options by Using the Control Panel -author: dansimp -ms.assetid: e2ff153e-5770-4a12-b79d-cda998b8a8ab -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Manage MBAM Client BitLocker Encryption Options by Using the Control Panel - - -A Microsoft BitLocker Administration and Monitoring (MBAM) control panel application, called BitLocker Encryption Options, will be available under **System and Security** when the Microsoft BitLocker Administration and Monitoring Client is installed. This custom MBAM control panel is an additional control panel. It does not replace the default Windows BitLocker control panel. The MBAM control panel can be used to unlock encrypted fixed and removable drives, and also manage your PIN or password. For more information about enabling the MBAM control panel, see [How to Hide Default BitLocker Encryption in the Windows Control Panel](how-to-hide-default-bitlocker-encryption-in-the-windows-control-panel-mbam-2.md). - -**To use the MBAM Client Control Panel** - -1. To open BitLocker Encryption Options, click **Start** and then select **Control Panel**. When **Control Panel** opens, select **System and Security**. - -2. Double-click **BitLocker Encryption Options** to open the customized MBAM control panel. You will see a list of all the hard disk drives on the computer and their encryption status, in addition to an option to manage your PIN or passwords. - - The list of hard disk drives on the computer can be used to verify encryption status, unlock a drive, or request an exemption for BitLocker protection if the User and Computer Exemption policies have been deployed. - - The BitLocker Encryption Options control panel also allows for non-administrator users to manage their PIN or passwords. By selecting **Manage PIN**, users are prompted to enter both a current PIN and a new PIN (in addition to confirming the new PIN). Selecting **Update PIN** will reset the PIN to the new one that the users selected. - - To manage your password, select **Unlock drive** and enter your current password. As soon as the drive is unlocked, select **Reset Password** to change your current password. - -## Related topics - - -[Administering MBAM 2.0 Features](administering-mbam-20-features-mbam-2.md) - -  - -  - - - - - diff --git a/mdop/mbam-v2/how-to-manage-user-bitlocker-encryption-exemptions-mbam-2.md b/mdop/mbam-v2/how-to-manage-user-bitlocker-encryption-exemptions-mbam-2.md deleted file mode 100644 index a19aea482c..0000000000 --- a/mdop/mbam-v2/how-to-manage-user-bitlocker-encryption-exemptions-mbam-2.md +++ /dev/null @@ -1,111 +0,0 @@ ---- -title: How to Manage User BitLocker Encryption Exemptions -description: How to Manage User BitLocker Encryption Exemptions -author: dansimp -ms.assetid: 1bfd9d66-6a9a-4d0e-b54a-e5a6627f5ada -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Manage User BitLocker Encryption Exemptions - - -Microsoft BitLocker Administration and Monitoring (MBAM) can be used to manage BitLocker protection by exempting users if there are users who do not need or want their drives encrypted. - -To exempt users from BitLocker protection, an organization will have to create an infrastructure to support exempted users, such as giving the user a contact telephone number, webpage, or mailing address to use to request an exemption. Also, an exempt user will have to be added to a security group for a Group Policy Object that was created specifically for exempted users. When members of this security group log on to a computer, the user’s Group Policy setting shows that the user is exempted from BitLocker protection. The user’s Group Policy setting overwrites the computer policy, and the computer will remain exempt from BitLocker encryption. - -**Note**   -If the computer is already BitLocker-protected, the user exemption policy has no effect. - - - -The following table shows how BitLocker protection is applied based on how exemptions are set. - - ----- - - - - - - - - - - - - - - - - - - - -
User StatusComputer Not ExemptComputer Exempt

User not exempt

BitLocker protection is enforced on computer

BitLocker protection is not enforced on computer

User exempt

BitLocker protection is not enforced on computer

BitLocker protection is not enforced on computer

- - - -**To exempt a user from BitLocker encryption** - -1. Create an Active Directory Domain Services security group that will be used to manage user exemptions from BitLocker encryption requirements. - -2. Create a Group Policy Object setting by using the Microsoft BitLocker Administration and Monitoring Group Policy template and associate it with the Active Directory group that you created in the previous step. The policy settings to exempt users can be found under **UserConfiguration\\Administrative Templates\\Windows Components\\MDOP MBAM (BitLocker Management)**. - -3. After creating a security group for BitLocker-exempted users, add to this group the names of the users who are requesting an exemption. When users log on to a computer controlled by BitLocker, the MBAM client will check the User Exemption Policy setting and will suspend protection based on whether the user is part of the BitLocker exemption security group. - - **Important**   - Shared computer scenarios require special consideration when using user exemptions. If a non-exempt user logs on to a computer shared with an exempt user, the computer may be encrypted. - - - -**To enable users to request an exemption from BitLocker encryption** - -1. If you have configured user exemption policies by using the MBAM policy template, a user can request an exemption from BitLocker protection through the MBAM client. - -2. When users log on to a computer that is required to be encrypted, they receive a notification that their computer is going to be encrypted. They can select **Request Exemption** and postpone the encryption by selecting **Later**, or select **Start** to accept the BitLocker encryption. - - **Note**   - Selecting **Request Exemption** postpones the BitLocker protection until the maximum time that is set in the User Exemption Policy. - - - -3. If users select **Request Exemption**, they receive a notification telling them to contact your organization’s BitLocker administration group. Depending on how the Configure User Exemption Policy is configured, users are provided with one or more of the following contact methods: - - - Phone Number - - - Webpage URL - - - Mailing Address - - After the exemption request is received, the MBAM Administrator can take decide if it is appropriate to add the user to the BitLocker Exemption Active Directory group. - - **Note**   - Once a user submits an exemption request, the MBAM agent reports the user as “temporarily exempt” and then waits a configurable number of days before it checks the computer’s compliance again. If the MBAM administrator rejects the exemption request, the exemption request option is deactivated, which prevents the user from being able to request the exemption again. - - - -## Related topics - - -[Administering MBAM 2.0 Features](administering-mbam-20-features-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/how-to-move-mbam-20-features-to-another-computer-mbam-2.md b/mdop/mbam-v2/how-to-move-mbam-20-features-to-another-computer-mbam-2.md deleted file mode 100644 index 353753ffd1..0000000000 --- a/mdop/mbam-v2/how-to-move-mbam-20-features-to-another-computer-mbam-2.md +++ /dev/null @@ -1,700 +0,0 @@ ---- -title: How to Move MBAM 2.0 Features to Another Computer -description: How to Move MBAM 2.0 Features to Another Computer -author: dansimp -ms.assetid: 49bc0792-60a4-473f-89cc-ada30191e04a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Move MBAM 2.0 Features to Another Computer - - -This topic describes the steps that you should take to move one or more Microsoft BitLocker Administration and Monitoring (MBAM) features to a different computer. When moving more than one Microsoft BitLocker Administration and Monitoring feature, you should move them in the following order: - -1. Recovery Database - -2. Compliance and Audit Database - -3. Compliance and Audit Reports - -4. Administration and Monitoring - -## Moving the Recovery Database - - -To move the Recovery Database from one computer to another (for example, from Server A to Server B), use the following procedure. - -1. Stop all instances of the Administration and Monitoring web site. - -2. Run MBAM Setup on Server B. - -3. Back up the MBAM Recovery Database on Server A. - -4. Move the MBAM Recovery Database from Server A to B. - -5. Restore the MBAM Recovery Database on Server B. - -6. Configure access to the MBAM Recovery Database on Server B. - -7. Update the database connection data on MBAM Administration and Monitoring servers. - -8. Resume all instances of the MBAM Administration and Monitoring website. - -**Stop All Instances of the MBAM Administration and Monitoring Website** - -1. On each of the servers running the MBAM Administration and Monitoring feature, use the Internet Information Services (IIS) Manager console to stop the MBAM website, which is named **Microsoft BitLocker Administration and Monitoring**. - -2. To automate this procedure, you can use Windows PowerShell to enter command line that is similar to the: - - `PS C:\> Stop-Website “Microsoft BitLocker Administration and Monitoring”` - - **Note** - To run this PowerShell command line, the IIS Module for PowerShell must be added to current instance of PowerShell. In addition, you must update the PowerShell execution policy to enable execution of scripts. - - - -**Run MBAM Setup on Server B** - -1. Run MBAM Setup on Server B and select only the **Recovery Database** for installation. - -2. To automate this procedure, you can use Windows PowerShell to enter command line that is similar to the following: - - `PS C:\> MbamSetup.exe /qn I_ACCEPT_ENDUSER_LICENSE_AGREEMENT=1 AddLocal=KeyDatabase ADMINANDMON_MACHINENAMES=$DOMAIN$\$SERVERNAME$$ RECOVERYANDHWDB_SQLINSTANCE=$SERVERNAME$\$SQLINSTANCENAME$ TOPOLOGY=$X$` - - **Note** - Replace the following values in the example above with those that match your environment: - - - $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the name of the server and instance to which the Recovery Database will be moved. - - - $DOMAIN$\\$SERVERNAME$ - Enter the domain and server names of each MBAM Administration and Monitoring Server that will contact the Recovery Database. Use a semi-colon to separate each domain and server pairs in the list (for example, $DOMAIN\\SERVERNAME$;$DOMAIN\\$SERVERNAME$$). Each server name must be followed by a “$” symbol, as shown in the example (MyDomain\\MyServerName1$; MyDomain\\MyServerName2$). - - - $X$ - Enter **0** if you are installing the MBAM Stand-alone topology, or **1** if you are installing the MBAM Configuration Manager topology. - - - -**Back Up the Recovery Database on Server A** - -1. To back up the Recovery Database on Server A, use SQL Server Management Studio and the Task named Back Up. By default, the database name is **MBAM Recovery Database**. - -2. To automate this procedure, create a SQL file (.sql) that contains the following SQL script: - - Modify the MBAM Recovery Database to use the full recovery mode. - - ```sql - USE master; - - GO - - ALTER DATABASE "MBAM Recovery and Hardware" - - SET RECOVERY FULL; - - GO - - -- Create MBAM Recovery Database Data and MBAM Recovery logical backup devices. - - USE master - - GO - - EXEC sp_addumpdevice 'disk', 'MBAM Recovery and Hardware Database Data Device', - - 'Z:\MBAM Recovery Database Data.bak'; - - GO - - -- Back up the full MBAM Recovery Database. - - BACKUP DATABASE [MBAM Recovery and Hardware] TO [MBAM Recovery and Hardware Database Data Device]; - - GO - - BACKUP CERTIFICATE [MBAM Recovery Encryption Certificate] - - TO FILE = 'Z:\SQLServerInstanceCertificateFile' - - WITH PRIVATE KEY - - ( - - FILE = ' Z:\SQLServerInstanceCertificateFilePrivateKey', - - ENCRYPTION BY PASSWORD = '$PASSWORD$' - - ); - - GO - ``` - - **Note** - Replace the following values in the example above with those that match your environment: - - - $PASSWORD$ - Enter a password that you will use to encrypt the Private Key file. - - - -3. Run the SQL File by using SQL Server PowerShell and a command line that is similar to the following: - - `PS C:\> Invoke-Sqlcmd -InputFile 'Z:\BackupMBAMRecoveryandHardwarDatabaseScript.sql' -ServerInstance $SERVERNAME$\$SQLINSTANCENAME$` - - **Note** - Replace the following values in the example above with those that match your environment: - - - $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the name of the server and instance from which the Recovery Database will be backed up. - - - -**Move the Recovery Database and Certificate from Server A to Server B** - -1. Move the following file from Server A to Server B by using Windows Explorer. - - - MBAM Recovery Database data.bak - -2. To move the certificate for the encrypted database, use the following automation steps. To automate this procedure, you can use Windows PowerShell to enter a command line that is similar to the following: - - `PS C:\> Copy-Item “Z:\MBAM Recovery Database Data.bak” \\$SERVERNAME$\$DESTINATIONSHARE$` - - `PS C:\> Copy-Item “Z:\SQLServerInstanceCertificateFile” \\$SERVERNAME$\$DESTINATIONSHARE$` - - `PS C:\> Copy-Item “Z:\SQLServerInstanceCertificateFilePrivateKey” \\$SERVERNAME$\$DESTINATIONSHARE$` - - **Note** - Replace the following value in the example above with those that match your environment: - - - $SERVERNAME$ - Enter the name of the server to which the files will be copied. - - - $DESTINATIONSHARE$ - Enter the name of the share and path to which the files will be copied. - - - -**Restore the Recovery Database on Server B** - -1. Restore the Recovery Database on Server B by using SQL Server Management Studio and the task named **Restore Database**. - -2. Once the task has been completed, select the database backup file by selecting the **From Device** option and then use the **Add** command to select the MBAM Recovery database **Data.bak** file. - -3. Select **OK** to complete the restoration process. - -4. To automate this procedure, create a SQL file (.sql) that contains the following-SQL script: - - ```sql - -- Restore MBAM Recovery Database. - - USE master - - GO - - -- Drop certificate created by MBAM Setup. - - DROP CERTIFICATE [MBAM Recovery Encryption Certificate] - - GO - - --Add certificate - - CREATE CERTIFICATE [MBAM Recovery Encryption Certificate] - - FROM FILE = 'Z: \SQLServerInstanceCertificateFile' - - WITH PRIVATE KEY - - ( - - FILE = ' Z:\SQLServerInstanceCertificateFilePrivateKey', - - DECRYPTION BY PASSWORD = '$PASSWORD$' - - ); - - GO - - -- Restore the MBAM Recovery Database data and log files. - - RESTORE DATABASE [MBAM Recovery and Hardware] - - FROM DISK = 'Z:\MBAM Recovery Database Data.bak' - - WITH REPLACE - ``` - - **Note** - Replace the following values in the example above with those that match your environment: - - - $PASSWORD$ - Enter a password that you used to encrypt the Private Key file. - - - -5. You can use Windows PowerShell to enter a command line that is similar to the following: - - `PS C:\> Invoke-Sqlcmd -InputFile 'Z:\RestoreMBAMRecoveryandHardwarDatabaseScript.sql' -ServerInstance $SERVERNAME$\$SQLINSTANCENAME$` - - **Note** - Replace the following value in the example above with those that match your environment: - - - $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the name of the server and instance to which the Recovery Database will be restored. - - - -**Configure Access to the Recovery Database on Server B** - -1. On Server B, use the Local user and Groups snap-in from Server Manager to add the computer accounts from each server that is running the MBAM Administration and Monitoring feature to the Local Group named **MBAM Recovery and Hardware DB Access**. - -2. Verify that the SQL login **MBAM Recovery and Hardware DB Access** on the restored database is mapped to the login name **$MachineName$\\MBAM Recovery and Hardware DB Access**. If it is not mapped as described, create another login with similar group memberships, and map it to the login name **$MachineName$\\MBAM Recovery and Hardware DB Access**. - -3. To automate this procedure, you can use Windows PowerShell on Server B to enter a command line that is similar to the following: - - `PS C:\> net localgroup "MBAM Recovery and Hardware DB Access" $DOMAIN$\$SERVERNAME$$ /add` - - **Note** - Replace the following values in the example above with the applicable values for your environment: - - - $DOMAIN$\\$SERVERNAME$$ - Enter the domain and machine name of the MBAM Administration and Monitoring Server. The server name must be followed by a $, as shown in the example (for example, MyDomain\\MyServerName1$). - - - -~~~ -This command line must be run for each Administration and Monitoring Server that will be accessing the database in your environment. -~~~ - -**Update the Recovery Database Connection Data on the MBAM Administration and Monitoring Servers** - -1. On each of the servers running the MBAM Administration and Monitoring feature, use the Internet Information Services (IIS) Manager console to update the Connection String information for the following applications, which are hosted in the Administration and Monitoring website: - - - MBAMAdministrationService - - - MBAMRecoveryAndHardwareService - -2. Select each application and use the **Configuration Editor** feature, which is located under the **Management** section of the **Feature View**. - -3. Select the **configurationStrings** option from the **Section list** control. - -4. Select the row named **(Collection)** and open the **Collection Editor** by selecting the button on the right side of the row. - -5. In the **Collection Editor**, select the row named **KeyRecoveryConnectionString** when updating the configuration for the MBAMAdministrationService application or the row named Microsoft.Mbam.RecoveryAndHardwareDataStore.ConnectionString when updating the configuration for the MBAMRecoveryAndHardwareService. - -6. Update the **Data Source=** value for the **configurationStrings** property to list the server name and instance (for example, $SERVERNAME$\\$SQLINSTANCENAME$) where the Recovery Database was moved to. - -7. To automate this procedure, you can use Windows to enter a command line, that is similar to the following, on each Administration and Monitoring Server: - - `PS C:\> Set-WebConfigurationProperty '/connectionStrings/add[@name="KeyRecoveryConnectionString"]' -PSPath "IIS:\sites\Microsoft Bitlocker Administration and Monitoring\MBAMAdministrationService" -Name "connectionString" -Value “Data Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Recovery and Hardware;Integrated Security=SSPI;”` - - `PS C:\> Set-WebConfigurationProperty '/connectionStrings/add[@name="Microsoft.Mbam.RecoveryAndHardwareDataStore.ConnectionString"]' -PSPath "IIS:\sites\Microsoft Bitlocker Administration and Monitoring\MBAMRecoveryAndHardwareService" -Name "connectionString" -Value "Data Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Recovery and Hardware;Integrated Security=SSPI;"` - - **Note** - Replace the following value in the example above with those that match your environment: - - - $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the server name and instance where the Recovery Database is. - - - -**Resume all Instances of the MBAM Administration and Monitoring Website** - -1. On each server that is running the MBAM Administration and Monitoring feature, use the Internet Information Services (IIS) Manager console to start the MBAM website, which is named **Microsoft BitLocker Administration and Monitoring**. - -2. To automate this procedure, you can use Windows PowerShell to enter a command line that is similar to the: - - `PS C:\> Start-Website “Microsoft BitLocker Administration and Monitoring”` - -## Moving the Compliance and Audit Database Feature - - -If you want to move the MBAM Compliance and Audit Database from one computer to another (that is, move the database from Server A to Server B), use the following procedure. The process includes the following high-level steps: - -1. Stop all instances of the Administration and Monitoring website. - -2. Run MBAM setup on Server B. - -3. Back up the Database on Server A. - -4. Move the Database from Server A to B. - -5. Restore the Database on Server B. - -6. Configure access to the Database on Server B. - -7. Update the database connection data on the MBAM Administration and Monitoring servers. - -8. Update the SSRS reports data source connection string with the new location of the Compliance and Audit Database. - -9. Resume all instances of the Administration and Monitoring website. - -**Stop All Instances of the Administration and Monitoring Website** - -1. On each server that is running the MBAM Administration and Monitoring feature, use the Internet Information Services (IIS) Manager console to stop the MBAM website named **Microsoft BitLocker Administration and Monitoring**. - -2. To automate this procedure, you can use Windows PowerShell to enter a command line that is similar to the following: - - `PS C:\> Stop-s “Microsoft BitLocker Administration and Monitoring”` - - **Note** - To run this command line, you must add the IIS Module for PowerShell to the current instance of PowerShell. In addition, you must update the PowerShell execution policy to enable scripts to be run. - - - -**Run MBAM Setup on Server B** - -1. Run MBAM Setup on Server B and select only the **Compliance and Audit Database** for installation. - -2. To automate this procedure, you can use Windows PowerShell to enter a command line that is similar to the following: - - `PS C:\> MbamSetup.exe /qn I_ACCEPT_ENDUSER_LICENSE_AGREEMENT=1 AddLocal= ReportsDatabase ADMINANDMON_MACHINENAMES=$DOMAIN$\$SERVERNAME$ COMPLIDB_SQLINSTANCE=$SERVERNAME$\$SQLINSTANCENAME$ REPORTS_USERACCOUNT=$DOMAIN$\$USERNAME$ TOPOLOGY=$X$` - - **Note** - Note: Replace the following values in the example above with those that match your environment: - - - $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the server name and instance where the Compliance and Audit Database will be moved to. - - - $DOMAIN$\\$SERVERNAME$ - Enter the domain and server names of each MBAM Administration and Monitoring Server that will contact the Compliance and Audit Database. Use a semi-colon to separate each domain and server pair in the list (for example, $DOMAIN\\SERVERNAME$;$DOMAIN\\$SERVERNAME$$). Each server name must be followed by a “$” symbol, as shown in the example (MyDomain\\MyServerName1$; MyDomain\\MyServerName2$). - - - $DOMAIN$\\$USERNAME$ - Enter the domain and user name that will be used by the Compliance and Audit Reports feature to connect to the Compliance and Audit Database. - - - $X$ - Enter **0** if you are installing the MBAM Stand-alone topology, or **1** if you are installing the MBAM Configuration Manager topology. - - - -**Back Up the Compliance and Audit Database on Server A** - -1. To back up the Compliance and Audit Database on Server A, use SQL Server Management Studio and the task named **Back Up**. By default, the database name is **MBAM Compliance Status Database**. - -2. To automate this procedure, create a SQL file (.sql) that contains the following-SQL script: - - ```sql - -- Modify the MBAM Compliance Status Database to use the full recovery model. - - USE master; - - GO - - ALTER DATABASE "MBAM Compliance Status" - - SET RECOVERY FULL; - - GO - - -- Create MBAM Compliance Status Data logical backup devices. - - USE master - - GO - - EXEC sp_addumpdevice 'disk', 'MBAM Compliance Status Database Data Device', - - 'Z: \MBAM Compliance Status Database Data.bak'; - - GO - - -- Back up the full MBAM Recovery database. - - BACKUP DATABASE [MBAM Compliance Status] TO [MBAM Compliance Status Database Data Device]; - - GO - ``` - -3. Run the SQL file by using a Windows PowerShell command line that is similar to the following: - - `PS C:\> Invoke-Sqlcmd -InputFile "Z:\BackupMBAMComplianceStatusDatabaseScript.sql" –ServerInstance $SERVERNAME$\$SQLINSTANCENAME$` - - **Note** - Replace the following value in the example above with those that match your environment: - - - $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the server name and instance where the Compliance and Audit database will be backed up from. - - - -**Move the Compliance and Audit Database from Server A to B** - -1. Move the following files from Server A to Server B using Windows Explorer. - - - MBAM Compliance Status Database Data.bak - -2. To automate this procedure, you can use Windows PowerShell to enter a command line that is similar to the following: - - `PS C:\> Copy-Item “Z:\MBAM Compliance Status Database Data.bak” \\$SERVERNAME$\$DESTINATIONSHARE$` - - **Note** - Replace the following values in the example above with those that match your environment: - - - $SERVERNAME$ - Enter the server name where the files will be copied to. - - - $DESTINATIONSHARE$ - Enter the name of share and path where the files will be copied to. - - - -**Restore the Compliance and Audit Database on Server B** - -1. Restore the Compliance and Audit Database on Server B by using SQL Server Management Studio and the task named **Restore Database**. - -2. Once the task has been completed, select the database backup file by selecting the **From Device** option and then use the **Add** command to select the MBAM Compliance Status Database Data.bak file. Select **OK** to complete the restoration process. - -3. To automate this procedure, create a SQL file (.sql) that contains the following-SQL script: - - ```sql - -- Create MBAM Compliance Status Database Data logical backup devices. - - Use master - - GO - - -- Restore the MBAM Compliance Status database data files. - - RESTORE DATABASE [MBAM Compliance Status] - - FROM DISK = 'C:\test\MBAM Compliance Status Database Data.bak' - - WITH REPLACE - ``` - -4. Run the SQL File by using a Windows PowerShell command line that is similar to the following: - - `PS C:\> Invoke-Sqlcmd -InputFile "Z:\RestoreMBAMComplianceStatusDatabaseScript.sql" -ServerInstance $SERVERNAME$\$SQLINSTANCENAME$` - - **Note** - Replace the following value in the example above with those that match your environment: - - - $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the server name and instance where the Compliance and Audit Database will be restored to. - - - -**Configure Access to the Compliance and Audit Database on Server B** - -1. On Server B, use the Local user and Groups snap-in from Server Manager to add the computer accounts from each server that is running the MBAM Administration and Monitoring feature to the local group named **MBAM Compliance Status DB Access**. - -2. Verify that the SQL login **MBAM Compliance Auditing DB Access** on the restored database is mapped to the login name **$MachineName$\\ MBAM Compliance Auditing DB Access**. If it is not mapped as described, create another login with similar group memberships, and map it to the login name **$MachineName$\\ MBAM Compliance Auditing DB Access**. - -3. To automate this procedure, you can use Windows PowerShell to enter a command line on Server B that is similar to the following: - - `PS C:\> net localgroup "MBAM Compliance Auditing DB Access" $DOMAIN$\$SERVERNAME$$ /add` - - `PS C:\> net localgroup "MBAM Compliance Auditing DB Access" $DOMAIN$\$REPORTSUSERNAME$ /add` - - **Note** - Replace the following values in the example above with the applicable values for your environment: - - - $DOMAIN$\\$SERVERNAME$$ - Enter the domain and machine name of the MBAM Administration and Monitoring Server. The server name must be followed by a “$” as shown in the example. (for example, MyDomain\\MyServerName1$) - - - $DOMAIN$\\$REPORTSUSERNAME$ - Enter the user account name that was used to configure the data source for the Compliance and Audit Reports. - - - -~~~ -The command line for adding the servers to the MBAM Compliance and Audit Database access local group must be run for each Administration and Monitoring Server that will be accessing the database in your environment. -~~~ - -**Update the Database Connection Data on MBAM Administration and Monitoring Servers** - -1. On each server that is running the MBAM Administration and Monitoring feature, use the Internet Information Services (IIS) Manager console to update the connection string information for the following applications, which are hosted in the Administration and Monitoring website: - - - MBAMAdministrationService - - - MBAMComplianceStatusService - -2. Select each application and use the **Configuration Editor** feature, which is located under the **Management** section of the **Feature View**. - -3. Select the **configurationStrings** option from the **Section list** control. - -4. Select the row named **(Collection)**, and open the **Collection Editor** by selecting the button on the right side of the row. - -5. In the **Collection Editor**, select the row named **ComplianceStatusConnectionString** when updating the configuration for the MBAMAdministrationService application, or the row named **Microsoft.Windows.Mdop.BitLockerManagement.StatusReportDataStore.ConnectionString** when updating the configuration for the MBAMComplianceStatusService. - -6. Update the **Data Source=** value for the **configurationStrings** property to list the name of the server and instance (for example, $SERVERNAME$\\$SQLINSTANCENAME) to which the Recovery Database was moved. - -7. To automate this procedure, you can use Windows to enter a command line on each Administration and Monitoring Server that is similar to the following: - - `PS C:\> Set-WebConfigurationProperty '/connectionStrings/add[@name="ComplianceStatusConnectionString"]' -PSPath "IIS:\sites\Microsoft Bitlocker Administration and Monitoring\MBAMAdministrationService" -Name "connectionString" -Value "Data Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Compliance Status;Integrated Security=SSPI;"` - - `PS C:\> Set-WebConfigurationProperty '/connectionStrings/add[@name="Microsoft.Windows.Mdop.BitLockerManagement.StatusReportDataStore.ConnectionString"]' -PSPath "IIS:\sites\Microsoft Bitlocker Administration and Monitoring\MBAMComplianceStatusService" -Name "connectionString" -Value "Data Source=$SERVERNAME$\$SQLINSTANCENAME;Initial Catalog=MBAM Compliance Status;Integrated Security=SSPI;"` - - **Note** - Replace the following values in the example above with those that match your environment: - - - $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the server name and instance where the Recovery Database is located. - - - -**Resume All Instances of the MBAM Administration and Monitoring Website** - -1. On each server that is running the MBAM Administration and Monitoring feature, use the Internet Information Services (IIS) Manager console to start the MBAM website named **Microsoft BitLocker Administration and Monitoring**. - -2. To automate this procedure, you can use Windows PowerShell to enter a command line that is similar to the following: - - `PS C:\> Start-Website “Microsoft BitLocker Administration and Monitoring”` - -## Moving the Compliance and Audit Reports - - -If you want to move the MBAM Compliance and Audit Reports from one computer to another (that is, move the reports from Server A to Server B), use the following procedure, which includes the following high-level steps: - -1. Run MBAM setup on Server B. - -2. Configure access to the Compliance and Audit Reports on Server B. - -3. Stop all instances of the MBAM Administration and Monitoring website. - -4. Update the reports connection data on MBAM Administration and Monitoring servers. - -5. Resume all instances of the MBAM Administration and Monitoring website. - -**Run MBAM Setup on Server B** - -1. Run MBAM Setup on Server B and select only the **Compliance and Audit Reports** feature for installation. - -2. To automate this procedure, you can use Windows PowerShell to enter a command line that is similar to the following: - - `PS C:\> MbamSetup.exe /qn I_ACCEPT_ENDUSER_LICENSE_AGREEMENT=1 AddLocal=Reports COMPLIDB_SQLINSTANCE=$SERVERNAME$\$SQLINSTANCENAME$ REPORTS_USERACCOUNTPW=$PASSWORD$ TOPOLOGY=$X$` - - **Note** - Replace the following values in the example above with those that match your environment: - - - $SERVERNAME$\\$SQLINSTANCENAME$ - Enter the server name and instance where the Compliance and Audit Database is located. - - - $DOMAIN$\\$USERNAME$ - Enter the domain and user name that will be used by the Compliance and Audit Reports feature to connect to the Compliance and Audit Database. - - - $PASSWORD$ - Enter the password of the user account that will be used to connect to the Compliance and Audit Database. - - - $X$ - Enter **0** if you are installing the MBAM Stand-alone topology, or **1** if you are installing the MBAM Configuration Manager topology. - - - -**Configure Access to the Compliance and Audit Reports on Server B** - -1. On Server B, use the Local user and Groups snap-in from Server Manager to add the user accounts that will have access to the Compliance and Audit Reports. Add the user accounts to the local group named MBAM Report Users. - -2. To automate this procedure, you can use Windows PowerShell to enter a command line on Server B that is similar to the following: - - `PS C:\> net localgroup "MBAM Report Users" $DOMAIN$\$REPORTSUSERNAME$ /add` - - **Note** - Replace the following values in the example above with the applicable values for your environment: - - - $DOMAIN$\\$REPORTSUSERNAME$ - Enter the user account name that was used to configure the data source for the Compliance and Audit reports. - - - -~~~ -The command line for adding the users to the MBAM Report Users local group must be run for each user that will be accessing the reports in your environment. -~~~ - -**Stop All Instances of the MBAM Administration and Monitoring Website** - -1. On each server that is running the MBAM Administration and Monitoring Server feature, use the Internet Information Services (IIS) Manager console to stop the MBAM website named **Microsoft BitLocker Administration and Monitoring**. - -2. To automate this procedure, you can use Windows PowerShell to enter a command line that is similar to the following: - - `PS C:\> Stop-Website “Microsoft BitLocker Administration and Monitoring”` - -**Update the Database Connection Data on the MBAM Administration and Monitoring Servers** - -1. On each server that is running the MBAM Administration and Monitoring Server feature, use the Internet Information Services (IIS) Manager console to update the Compliance and Audit Reports URL. - -2. Select the **Microsoft BitLocker Administration and Monitoring** website, and use the **Configuration Editor** feature that is location under the **Management** section of the **Feature View**. - -3. Select the **appSettings** option from the **Section list** control. - -4. Select the row named **(Collection)** and open the **Collection Editor** by selecting the button on the right side of the row. - -5. In the **Collection Editor**, select the row named **Microsoft.Mbam.Reports.Url**. - -6. Update the value for **Microsoft.Mbam.Reports.Url** to reflect the server name for Server B. If the Compliance and Audit Reports feature was installed on a named SQL Reporting Services instance, be sure to add or update the name of the instance to the URL (for example, http://$SERVERNAME$/ReportServer\_$SQLSRSINSTANCENAME$/Pages....) - -7. To automate this procedure, you can use Windows PowerShell to enter a command line on each Administration and Monitoring Server that is similar to the following: - - `PS C:\> Set-WebConfigurationProperty '/appSettings/add[@key="Microsoft.Mbam.Reports.Url"]' -PSPath "IIS:\ \sites\Microsoft Bitlocker Administration and Monitoring\HelpDesk" -Name "Value" -Value “http://$SERVERNAME$/ReportServer_$SRSINSTANCENAME$/Pages/ReportViewer.aspx?/ Microsoft+BitLocker+Administration+and+Monitoring/”` - - **Note** - Replace the following values in the example above with those that match your environment: - - - $SERVERNAME$ - Enter the name of the server name to which the Compliance and Audit Reports were installed. - - - $SRSINSTANCENAME$ - Enter the name of the SQL Reporting Services instance to which the Compliance and Audit Reports were installed. - - - -**Resume All Instances of the MBAM Administration and Monitoring Website** - -1. On each server that is running the MBAM Administration and Monitoring Server feature, use the Internet Information Services (IIS) Manager console to Start the MBAM website named **Microsoft BitLocker Administration and Monitoring**. - -2. To automate this procedure, you can use Windows PowerShell to enter a command line that is similar to the following: - - `PS C:\> Start-Website “Microsoft BitLocker Administration and Monitoring”` - - **Note** - To run this command line, you must add the IIS Module for PowerShell to current instance of PowerShell. In addition, you must update the PowerShell execution policy to enable scripts to be run. - - - -## Moving the Administration and Monitoring Feature - - -If you want to move the MBAM Administration and Monitoring Reports feature from one computer to another (that is, move the feature from Server A to Server B), use the following procedure, which includes the following high-level steps: - -1. Run MBAM Setup on Server B. - -2. Configure access to the Database on Server B. - -**Run MBAM Setup on Server B** - -1. Run MBAM Setup on Server B and select only the **Administration and Monitoring Server** feature for installation. - -2. To automate this procedure, you can use Windows PowerShell to enter a command line that is similar to the following: - - `PS C:\> MbamSetup.exe /qn I_ACCEPT_ENDUSER_LICENSE_AGREEMENT=1 AddLocal=AdministrationMonitoringServer, COMPLIDB_SQLINSTANCE=$SERVERNAME$\$SQLINSTANCENAME$ RECOVERYANDHWDB_SQLINSTANCE=$SERVERNAME$\$SQLINSTANCENAME$ SRS_REPORTSITEURL=$REPORTSSERVERURL$ TOPOLOGY=$X$` - - **Note** - Replace the following values in the example above with those that match your environment: - - - $SERVERNAME$\\$SQLINSTANCENAME$ - For the COMPLIDB\_SQLINSTANCE parameter, enter the server name and instance where the Compliance and Audit Database is located. For the RECOVERYANDHWDB\_SQLINSTANCE parameter, enter the server name and instance where the Recovery Database is located. - - - $DOMAIN$\\$USERNAME$ - Enter the domain and user name that will be used by the Compliance and Audit Reports feature to connect to the Compliance and Audit Database. - - - $ REPORTSSERVERURL$ - Enter the URL for the Home location of the SQL Reporting Service website. If the reports were installed to a default SRS instance, the URL format will have the format “http:// $SERVERNAME$/ReportServer”. If the reports were installed to a default SRS instance, the URL format will have the format “http://$SERVERNAME$/ReportServer\_$SQLINSTANCENAME$”. - - - $X$ - Enter **0** if you are installing the MBAM Stand-alone topology, or **1** if you are installing the MBAM Configuration Manager topology. - - - -**Configure Access to the Databases** - -1. On the server or servers where the Recovery Database and Compliance and Audit Database are deployed, use the Local user and Groups snap-in from Server Manager to add the computer accounts from each server that is running the MBAM Administration and Monitoring Server feature to the local groups named **MBAM Recovery and Hardware DB Access** (Recovery DB Server) and **MBAM Compliance Status DB Access** (Compliance and Audit Database Server). - -2. To automate this procedure, you can use Windows PowerShell to enter a command line, that is similar to the following, on the server where the Compliance and Audit Database was deployed. - - `PS C:\> net localgroup "MBAM Compliance Auditing DB Access" $DOMAIN$\$SERVERNAME$$ /add` - -3. On the server where the Recovery database was deployed, you can use Windows PowerShell to enter a command line that is similar to the following: - - `PS C:\> net localgroup "MBAM Recovery and Hardware DB Access" $DOMAIN$\$SERVERNAME$$ /add` - - **Note** - Replace the following value in the example above with the applicable values for your environment: - - - $DOMAIN$\\$SERVERNAME$$ - Enter the domain and machine name of the Administration and Monitoring Server. The server name must be followed by a “$” symbol, as shown in the example (for example, MyDomain\\MyServerName1$). - - - $DOMAIN$\\$REPORTSUSERNAME$ - Enter the user account name that was used to configure the data source for the Compliance and Audit Reports. - - - -~~~ -The command lines that are listed for adding server computer accounts to the MBAM local groups must be run for each Administration and Monitoring Server that will be accessing the databases in your environment. -~~~ - -## Related topics - - -[Maintaining MBAM 2.0](maintaining-mbam-20-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/how-to-recover-a-corrupted-drive-mbam-2.md b/mdop/mbam-v2/how-to-recover-a-corrupted-drive-mbam-2.md deleted file mode 100644 index 0bc49581fa..0000000000 --- a/mdop/mbam-v2/how-to-recover-a-corrupted-drive-mbam-2.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: How to Recover a Corrupted Drive -description: How to Recover a Corrupted Drive -author: dansimp -ms.assetid: b0457a00-f72e-4ad8-ab3b-7701851ca87e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Recover a Corrupted Drive - - -To recover a corrupted drive protected by BitLocker, a Microsoft BitLocker Administration and Monitoring (MBAM) Help Desk user will need to create a recovery key package file. This package file can then be copied to the computer that contains the corrupted drive, and then used to recover the drive. Use the following procedure for the steps needed to do this. - -**Important**   -To avoid a potential loss of data, it is strongly recommended that you read the “repair-bde” help and clearly understand how to use the command before completing the following instructions. - - - -**To recover a corrupted drive** - -1. To create the recovery key package necessary to recover a corrupted drive, start a web browser and open the MBAM Administration and Monitoring website. - -2. Select **Drive Recovery** from the left navigation pane. Enter the user’s domain name, user name, reason for unlocking the drive, and the user’s recovery password ID. - - **Note**   - If you are a member of the Help Desk Administrators role, you do not have to enter the user’s domain name or user name. - - - -3. Click **Submit**. The recovery key will be displayed. - -4. Click **Save**, and then select **Recovery Key Package**. The recovery key package will be created on your computer. - -5. Copy the recovery key package to the computer that has the corrupted drive. - -6. Open an elevated command prompt. To do this, click **Start** and type `cmd` in the **Search programs and files box**. Right-click **cmd.exe** and select **Run as Administrator**. - -7. At the command prompt, type the following: - - `repair-bde -kp -rp ` - - **Note**   - Replace <fixed drive> with an available hard disk drive that has free space equal to or larger than the data on the corrupted drive. Data on the corrupted drive is recovered and moved to the specified hard disk drive. - - - -## Related topics - - -[Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/how-to-recover-a-drive-in-recovery-mode-mbam-2.md b/mdop/mbam-v2/how-to-recover-a-drive-in-recovery-mode-mbam-2.md deleted file mode 100644 index a4e2df88a3..0000000000 --- a/mdop/mbam-v2/how-to-recover-a-drive-in-recovery-mode-mbam-2.md +++ /dev/null @@ -1,77 +0,0 @@ ---- -title: How to Recover a Drive in Recovery Mode -description: How to Recover a Drive in Recovery Mode -author: dansimp -ms.assetid: 8b792bc8-b671-4345-9d37-0208db3e5b03 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Recover a Drive in Recovery Mode - - -The encrypted drive recovery features of Microsoft BitLocker Administration and Monitoring (MBAM) ensure the capture and storage of data and availability of tools required to access a BitLocker-protected volume when BitLocker goes into recovery mode. A BitLocker-protected volume goes into recovery mode when a PIN or password is lost or forgotten, or when the Trusted Module Platform (TPM) chip detects changes to the BIOS or startup files of a computer. - -Use this procedure to access the centralized key recovery data system, which can provide a recovery password if a recovery password ID and associated user identifier are supplied. - -**Important** -Microsoft BitLocker Administration and Monitoring uses single-use recovery keys that expire upon use. The single use of a recovery password is automatically applied to operating system drives and fixed drives. On removable drives, it is applied when the drive is removed and then re-inserted and unlocked on a computer that has Group Policy settings activated to manage removable drives. - - - -**To recover a drive in recovery mode** - -1. Open a web browser and navigate to the Administration and Monitoring website. - -2. In the navigation pane, click **Drive Recovery**. The “Recover access to an encrypted drive” webpage opens. - -3. Enter the Windows Logon domain and user name of the user to view recovery information and the first eight digits of the recovery key ID to receive a list of possible matching recovery keys or the entire recovery key ID to receive the exact recovery key. - -4. Select one of the predefined options from the **Reason for Drive Unlock** list, and then click **Submit**. - - **Note** - If you are an MBAM Advanced Helpdesk user, the user domain and user ID entries are not required. - - - -~~~ -MBAM returns the following: - -- An error message if no matching recovery password is found - -- Multiple possible matches if the user has multiple matching recovery passwords - -- The recovery password and recovery package for the submitted user - - **Note** - If you are recovering a damaged drive, the recovery package option provides BitLocker with critical information that it needs to recover the drive. - - - -After the recovery password and recovery package are retrieved, the recovery password is displayed. -~~~ - -5. To copy the password, click **Copy Key**, and then paste the recovery password into an email message. Alternatively, click **Save** to save the recovery password to a file. - - When the user types the recovery password into the system or uses the recovery package, the drive is unlocked. - -## Related topics - - -[Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/how-to-recover-a-moved-drive-mbam-2.md b/mdop/mbam-v2/how-to-recover-a-moved-drive-mbam-2.md deleted file mode 100644 index 8c02d3e434..0000000000 --- a/mdop/mbam-v2/how-to-recover-a-moved-drive-mbam-2.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: How to Recover a Moved Drive -description: How to Recover a Moved Drive -author: dansimp -ms.assetid: 697cd78d-962c-411e-901a-2e9220ba6552 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Recover a Moved Drive - - -When you move an operating system drive that is encrypted by using Microsoft BitLocker Administration and Monitoring (MBAM), the drive will not accept the PIN that was used in a previous computer because of the change to the Trusted Platform Module (TPM) chip. To use the moved drive, you will need a way to obtain the recovery key ID to retrieve the recovery password. Use the following procedure to recover a drive that has moved. - -**To recover a moved drive** - -1. On the computer that contains the moved drive, start the computer in Windows recovery environment (WinRE) mode, or start the computer by using the Microsoft Diagnostic and Recovery Toolset (DaRT). - -2. Once the computer has been started with WinRE or DaRT, Microsoft BitLocker Administration and Monitoring will treat the moved operating system drive as a data drive. MBAM will then display the drive’s recovery password ID and ask for the recovery password. - - **Note**   - In some cases, you may be able to click **I forgot the PIN** during the startup process, and then enter the recovery mode to display the recovery key ID. - - - -3. Use the recovery key ID to retrieve the recovery password and unlock the drive from the Administration and Monitoring website. - -4. If the moved drive was configured to use a TPM chip on the original computer, you must take additional steps after unlocking the drive and completing the start process. In WinRE mode, open a command prompt and use the **manage-bde** tool to decrypt the drive. Using this tool is the only way to remove the TPM plus PIN protector without the original TPM chip. - -5. Once the removal is completed, start the computer normally. The MBAM agent will now enforce the policy to encrypt the drive with the new computer’s TPM plus PIN. - -## Related topics - - -[Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/how-to-reset-a-tpm-lockout-mbam-2.md b/mdop/mbam-v2/how-to-reset-a-tpm-lockout-mbam-2.md deleted file mode 100644 index b41efb0bd6..0000000000 --- a/mdop/mbam-v2/how-to-reset-a-tpm-lockout-mbam-2.md +++ /dev/null @@ -1,72 +0,0 @@ ---- -title: How to Reset a TPM Lockout -description: How to Reset a TPM Lockout -author: dansimp -ms.assetid: 20719ab2-18ae-4d3b-989a-539341909816 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Reset a TPM Lockout - - -The Encrypted Drive Recovery feature of Microsoft BitLocker Administration and Monitoring (MBAM) encompasses both the capture and storage of data and the availability for tools that are needed to manage the Trusted Platform Module (TPM). This topic covers how to access the centralized Key Recovery data system in the Administration and Monitoring website, which can provide a TPM owner password file when a computer ID and associated user identifier are supplied. - -A TPM lockout can occur if a user enters the incorrect PIN too many times. The number of times that a user can enter an incorrect PIN before the TPM locks varies from manufacturer to manufacturer. - -You can reset a TPM lockout only if MBAM owns the TPM. - -**To reset a TPM lockout** - -1. Open a web browser and navigate to the Administration and Monitoring website. - -2. In the left navigation pane, select **Manage TPM** to open the **Manage TPM** page. - -3. Enter the fully qualified domain name for the computer and the computer name, and enter the user’s Windows logon domain and the user’s user name to retrieve the TPM owner password file. - -4. From the **Reason for requesting TPM owner password file** list, select a reason for the request, and click **Submit**. - - MBAM returns one of the following: - - - An error message, if no matching TPM owner password file is found - - - The TPM owner password file for the submitted computer - - **Note** - If you are an Advanced Helpdesk user, the user domain and user ID fields are not required. - - - -~~~ -After the TPM owner password is retrieved, the owner password is displayed. -~~~ - -5. To save the password to a .tpm file, click the **Save** button. - - The user will run the TPM management console, select the **Reset TPM lockout** option, and provide the TPM owner password file to reset the TPM lockout. - - **Important** - Help Desk administrators should not give the TPM hash value or TPM owner password file to end users. The TPM information does not change, so it could pose a security risk if the file is given to end users. - - - -## Related topics - - -[Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/how-to-use-a-command-line-to-install-the-mbam-client.md b/mdop/mbam-v2/how-to-use-a-command-line-to-install-the-mbam-client.md deleted file mode 100644 index b28772f06b..0000000000 --- a/mdop/mbam-v2/how-to-use-a-command-line-to-install-the-mbam-client.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: How to Use a Command Line to Install the MBAM Client -description: How to Use a Command Line to Install the MBAM Client -author: dansimp -ms.assetid: 4dc8f944-c2fd-4d89-aed6-e9dc77de3ae4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Use a Command Line to Install the MBAM Client - - -You can use a command line to deploy the Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 Client. - -## Command Line for Deploying the MBAM 2.0 Client - - -Use the following command line to deploy the MBAM Client: - -`MBAMClientSetup.exe /q` - -## Related topics - - -[Deploying the MBAM 2.0 Client](deploying-the-mbam-20-client-mbam-2.md) - -  - -  - - - - - diff --git a/mdop/mbam-v2/how-to-use-a-command-line-to-install-the-mbam-server.md b/mdop/mbam-v2/how-to-use-a-command-line-to-install-the-mbam-server.md deleted file mode 100644 index 856a5c7584..0000000000 --- a/mdop/mbam-v2/how-to-use-a-command-line-to-install-the-mbam-server.md +++ /dev/null @@ -1,219 +0,0 @@ ---- -title: How to Use a Command Line to Install the MBAM Server -description: How to Use a Command Line to Install the MBAM Server -author: dansimp -ms.assetid: 6ffc6d41-a793-42c2-b997-95ba47550648 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Use a Command Line to Install the MBAM Server - - -You can use a command line to install the MBAM Server with either the Stand-alone or Configuration Manager topology. The following command line example is for deploying MBAM on a single server, which is an architecture that should be used only in a test environment. You will need to change the command line accordingly when you deploy MBAM to a production environment, which should have multiple servers. - -## Command Line for Deploying the MBAM 2.0 Server with the Stand-alone Topology - - -You can use a command line that is similar to the following to install the MBAM Server with the Stand-alone topology. - -``` syntax -MbamSetup.exe /qb /l*v MaltaServerInstall.log TOPOLOGY=0 I_ACCEPT_ENDUSER_LICENSE_AGREEMENT=1 ADDLOCAL=KeyDatabase,ReportsDatabase,Reports,AdministrationMonitoringServer,SelfServiceServer,PolicyTemplate,REPORTS_USERACCOUNT=[UserDomain]\[UserName1] REPORTS_USERACCOUNTPW=[UserPwd1] COMPLIDB_SQLINSTANCE=%computername% RECOVERYANDHWDB_SQLINSTANCE=%computername% SRS_INSTANCENAME=%computername% ADMINANDMON_WEBSITE_PORT=83 WEBSITE_PORT=83 -``` - -The following table describes the command line parameters for deploying the MBAM Server with the Stand-alone topology. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterParameter ValueDescription

TOPOLOGY

0

0 – Stand-alone topology

I_ACCEPT_ENDUSER_LICENSE_AGREEMENT

01

0 – do not accept the license agreement1 – accept the license agreement

ADDLOCAL

Features to be installed on the Server

KeyDatabase

Recovery Database

ReportsDatabase

Compliance and Audit Reports Database

Reports

Compliance and Audit Reports

AdministrationMonitoringServer

Administration and Monitoring website

SelfServiceServer

Self-Service Portal

PolicyTemplate

MBAM Group Policy template

REPORTS_USERACCOUNT

[UserDomain][UserName1]

Domain and user account of the Reporting Services service account that will access the Compliance and Audit database

REPORTS_USERACCOUNTPW

[UserPwd1]

Password of the Reporting Services service account that will access the Compliance and Audit database

COMPLIDB_SQLINSTANCE

%computername%

SQL Server instance name for the Compliance and Audit Database – replace %computername% with the computer name

RECOVERYANDHWDB_SQLINSTANCE

%computername%

SQL Server instance name for the Recovery Database – replace %computername% with the computer name

SRS_INSTANCENAME

%computername%

SQL Server Reporting Server instance where the Compliance and Audit reports will be installed – replace %computername% with the computer name

ADMINANDMON_WEBSITE_PORT

83

Port for the Administration and Monitoring website; “83” is only an example

WEBSITE_PORT

83

Port for the Self-Service Portal website; “83” is only an example

- - - -## Command Line for Deploying the MBAM 2.0 Server with the Configuration Manager Topology - - -You can use a command line that is similar to the following to install the MBAM Server with the Configuration Manager topology. - -``` syntax -MbamSetup.exe /qn /l*v MaltaServerInstall.log I_ACCEPT_ENDUSER_LICENSE_AGREEMENT=1 TOPOLOGY=1 COMPLIDB_SQLINSTANCE=%computername% RECOVERYANDHWDB_SQLINSTANCE=%computername% SRS_INSTANCENAME=%computername% REPORTS_USERACCOUNT=[UserDomain]\[UserName] REPORTS_USERACCOUNTPW=[UserPwd] ADMINANDMON_WEBSITE_PORT=83 WEBSITE_PORT=83 -``` - -The following table describes the command line parameters for installing the MBAM 2.0 Server with the Configuration Manager topology. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterParameter ValueDescription

TOPOLOGY

1

1 – Configuration Manager topology

I_ACCEPT_ENDUSER_LICENSE_AGREEMENT

01

0 – do not accept the license agreement1 – accept the license agreement

COMPLIDB_SQLINSTANCE

%computername%

SQL Server instance name for the Audit Database – replace %computername% with the computer name

RECOVERYANDHWDB_SQLINSTANCE

%computername%

SQL Server instance name for the Recovery Database - replace %computername% with the computer name

SRS_INSTANCENAME

%computername%

SQL Server Reporting Server instance where the Audit reports will be installed – replace %computername% with the computer name

REPORTS_USERACCOUNT

[UserDomain][UserName1]

Domain and user account of the Reporting Services service account that will access the Compliance and Audit database

REPORTS_USERACCOUNTPW

[UserPwd1]

Password of the Reporting Services service account that will access the Compliance and Audit database

ADMINANDMON_WEBSITE_PORT

83

Port for the Administration and Monitoring website; “83” is only an example

WEBSITE_PORT

83

Port for the Self-Service Portal website; “83” is only an example

- - - -## Related topics - - -[Deploying the MBAM 2.0 Server Infrastructure](deploying-the-mbam-20-server-infrastructure-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/how-to-use-the-help-desk-portal.md b/mdop/mbam-v2/how-to-use-the-help-desk-portal.md deleted file mode 100644 index 4b4a4b1d73..0000000000 --- a/mdop/mbam-v2/how-to-use-the-help-desk-portal.md +++ /dev/null @@ -1,84 +0,0 @@ ---- -title: How to Use the Help Desk Portal -description: How to Use the Help Desk Portal -author: dansimp -ms.assetid: c27f7737-10c8-4164-9de8-57987292c89c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Use the Help Desk Portal - - -The MBAM Administration and Monitoring website, also referred to as the Help Desk Portal, is an administrative interface to BitLocker drive encryption that is installed as part of the Microsoft BitLocker Administration and Monitoring (MBAM) server infrastructure. The following sections describe how you can use this website to review reports, recover end users’ drives, and manage end users’ TPMs. - -## Reports - - -MBAM collects information from Active Directory and client computers, which enables you to run different reports to monitor BitLocker usage and compliance. Using the **Reports** section of the Administration and Monitoring website, you can generate reports on enterprise compliance, individual computers, and key recovery activity. For a description of each report, see [Understanding MBAM Reports](understanding-mbam-reports-mbam-2.md). - -**To access reports** - -1. Open a web browser and navigate to the MBAM Administration and Monitoring website. - -2. Select **Reports** in the left pane. - -3. From the top menu bar, select the report type you want to generate. To save reports, click the **Export** button on the Reports menu bar. - -For additional information about how to run MBAM reports, see [How to Generate MBAM Reports](how-to-generate-mbam-reports-mbam-2.md). - -## Drive Recovery - - -The **Drive Recovery** feature of the Administration and Monitoring website allows users with specific administrator roles (for example, Help Desk Users) to access recovery key data that has been collected by the MBAM Client. This data can be used to access a BitLocker-protected drive when BitLocker goes into recovery mode. For instructions on how to recover a drive that is in recovery mode, see [How to Recover a Drive in Recovery Mode](how-to-recover-a-drive-in-recovery-mode-mbam-2.md). - -You can also recover drives that have been moved or that are corrupted: - -- [How to Recover a Moved Drive](how-to-recover-a-moved-drive-mbam-2.md) - -- [How to Recover a Corrupted Drive](how-to-recover-a-corrupted-drive-mbam-2.md) - -For additional information about how to recover a BitLocker-protected drive, see [Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam-mbam-2.md). - -## Manage TPM - - -The Manage TPM feature of the Administration and Monitoring website gives users with certain administrator roles (for example, “MBAM Helpdesk Users”) access to TPM data that has been collected by the MBAM Client. In a TPM lockout, an administrator can use the Administration and Monitoring website to retrieve the necessary password file to unlock the TPM. For instructions on how to reset a TPM after a TPM lockout, see [How to Reset a TPM Lockout](how-to-reset-a-tpm-lockout-mbam-2.md). - -## MBAM Help Desk Tasks - - -You can use the Administration and Monitoring website for many administrative tasks, such as managing BitLocker-protected hardware, recovering drives, and running reports. By default, the URL for the Administration and Monitoring website is http://<*MBAMAdministrationServername*>, although you can customize it during the installation process. - -**Note**   -To access the various features offered by the Administration and Monitoring website, you must have the appropriate roles associated with your user account. For more information about understanding user roles, see [How to Manage MBAM Administrator Roles](how-to-manage-mbam-administrator-roles-mbam-2.md). - - - -Use the following links to find information about the tasks that you can perform by using the Administration and Monitoring website: - -- [How to Reset a TPM Lockout](how-to-reset-a-tpm-lockout-mbam-2.md) - -- [How to Recover a Drive in Recovery Mode](how-to-recover-a-drive-in-recovery-mode-mbam-2.md) - -- [How to Recover a Moved Drive](how-to-recover-a-moved-drive-mbam-2.md) - -- [How to Recover a Corrupted Drive](how-to-recover-a-corrupted-drive-mbam-2.md) - -- [How to Determine BitLocker Encryption State of Lost Computers](how-to-determine-bitlocker-encryption-state-of-lost-computers-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/how-to-use-the-self-service-portal-to-regain-access-to-a-computer.md b/mdop/mbam-v2/how-to-use-the-self-service-portal-to-regain-access-to-a-computer.md deleted file mode 100644 index bb6cf70424..0000000000 --- a/mdop/mbam-v2/how-to-use-the-self-service-portal-to-regain-access-to-a-computer.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: How to Use the Self-Service Portal to Regain Access to a Computer -description: How to Use the Self-Service Portal to Regain Access to a Computer -author: dansimp -ms.assetid: bcf095de-0237-4bb0-b450-da8fb6d6f3d0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Use the Self-Service Portal to Regain Access to a Computer - - -If end users get locked out of Windows by BitLocker because they forgot their password or PIN, or because they changed operating system files or changed the BIOS or the Trusted Platform Module (TPM), they can use the Self-Service Portal to regain access to Windows without having to ask their Help Desk for assistance. - -**Note**   -If the IT administrator configured an IIS Session State time-out, a message is displayed 60 seconds prior to the time-out. - - - -**Note**   -These instructions are written for and from the perspective of end users. - - - -**To use the Self-Service Portal to regain access to a computer** - -1. In the **Recovery KeyId** field, enter a minimum of eight of the 32-digit BitLocker Key ID that is displayed on the BitLocker recovery screen of your computer. - - **Note**   - If the first eight digits match multiple keys, a message displays that requires you to enter all 32 digits of the recovery key ID. - - - -2. In the **Reason** field, select a reason for your request for the recovery key. - -3. Click **Get Key**. Your BitLocker recovery key is displayed in the “Your BitLocker Recovery Key” field. - -4. Enter the 48-digit code into the BitLocker recovery screen on your computer to regain access to the computer. - -## Related topics - - -[Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/how-to-validate-the-mbam-installation-with-configuration-manager.md b/mdop/mbam-v2/how-to-validate-the-mbam-installation-with-configuration-manager.md deleted file mode 100644 index ad2f0f4528..0000000000 --- a/mdop/mbam-v2/how-to-validate-the-mbam-installation-with-configuration-manager.md +++ /dev/null @@ -1,79 +0,0 @@ ---- -title: How to Validate the MBAM Installation with Configuration Manager -description: How to Validate the MBAM Installation with Configuration Manager -author: dansimp -ms.assetid: 8e268539-91c3-4e8a-baae-faf3605da818 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Validate the MBAM Installation with Configuration Manager - - -After installing Microsoft BitLocker Administration and Monitoring (MBAM) with Configuration Manager, validate that the installation has successfully set up all the necessary features for MBAM by completing the following steps. - -**To validate the MBAM Server feature installation with Configuration Manager** - -1. On the server where System Center Configuration Manager is deployed, open **Control Panel**. Select the program that is used to uninstall or change a program. Verify that **Microsoft BitLocker Administration and Monitoring** appears in the list of programs and features. - - **Note**   - To validate the installation, you must use a domain account that has local computer administrative credentials on each server. - - - -2. Use the Configuration Manager console to confirm that a new collection, called “MBAM Supported Computers,” is displayed. - - To view the collection with Configuration Manager 2007: Click **Site Database** (<**SiteCode**> - <**ServerName**>, <**SiteName**>), **Computer Management**. - - To view the collection with System Center 2012 Configuration Manager: Click the **Assets and Compliance** workspace, **Device Collections**. - -3. Use the Configuration Manager console to verify that the following reports are listed in the **MBAM** folder: - - - BitLocker Computer Compliance - - - BitLocker Enterprise Compliance Dashboard - - - BitLocker Enterprise Compliance Details - - - BitLocker Enterprise Compliance Summary - - To view the reports with Configuration Manager 2007: Click **Reporting**, **Reporting Services**, \\\\<**ServerName**>, **Report Folders** - - To view the reports with System Center 2012 Configuration Manager: Click the **Monitoring** workspace, **Reporting**, **Reports**. - -4. Use the Configuration Manager console to confirm that the configuration baseline “BitLocker Protection” is listed. - - To view the configuration baselines with Configuration Manager 2007: Click **Desired Configuration Management**, **Configuration Baselines**. - - To view the configuration baselines with System Center 2012 Configuration Manager: Click the **Assets and Compliance** workspace, **Compliance Settings**, **Configuration Baselines**. - -5. Use the Configuration Manager console to confirm that the following new configuration items are displayed: - - - BitLocker Fixed Data Drives Protection - - - BitLocker Operating System Drive Protection - - To view the configuration items with Configuration Manager 2007: Click **Desired Configuration Management**, **Configuration Items**. - - To view the configuration items with System Center 2012 Configuration Manager: Click the **Assets and Compliance** workspace, **Compliance Settings**, **Configuration Items**. - -## Related topics - - -[Deploying MBAM with Configuration Manager](deploying-mbam-with-configuration-manager-mbam2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/images/checklistbox.gif b/mdop/mbam-v2/images/checklistbox.gif deleted file mode 100644 index 8af13c51d1..0000000000 Binary files a/mdop/mbam-v2/images/checklistbox.gif and /dev/null differ diff --git a/mdop/mbam-v2/images/mbam2-1-server.gif b/mdop/mbam-v2/images/mbam2-1-server.gif deleted file mode 100644 index 20f3f5adcb..0000000000 Binary files a/mdop/mbam-v2/images/mbam2-1-server.gif and /dev/null differ diff --git a/mdop/mbam-v2/images/mbam2-3-servers.gif b/mdop/mbam-v2/images/mbam2-3-servers.gif deleted file mode 100644 index 62f5d02a39..0000000000 Binary files a/mdop/mbam-v2/images/mbam2-3-servers.gif and /dev/null differ diff --git a/mdop/mbam-v2/images/mbam2-cmserver.gif b/mdop/mbam-v2/images/mbam2-cmserver.gif deleted file mode 100644 index 80a0444483..0000000000 Binary files a/mdop/mbam-v2/images/mbam2-cmserver.gif and /dev/null differ diff --git a/mdop/mbam-v2/index.md b/mdop/mbam-v2/index.md deleted file mode 100644 index ba76b06b55..0000000000 --- a/mdop/mbam-v2/index.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Microsoft BitLocker Administration and Monitoring 2 Administrator's Guide -description: Microsoft BitLocker Administration and Monitoring 2 Administrator's Guide -author: dansimp -ms.assetid: fdb43f62-960a-4811-8802-50efdf04b4af -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 04/19/2017 ---- - -# Microsoft BitLocker Administration and Monitoring 2 Administrator's Guide - -Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 provides a simplified administrative interface that you can use to manage BitLocker drive encryption. In BitLocker Administration and Monitoring 2.0, you can select BitLocker drive encryption policy options that are appropriate for your enterprise, and then use them to monitor client compliance with those policies. You can also report on the encryption status of an individual computer and on the enterprise as a whole. In addition, you can access recovery key information when users forget their PIN or password or when their BIOS or boot record changes. - -## Outline - -- [Getting Started with MBAM 2.0](getting-started-with-mbam-20-mbam-2.md) - - [About MBAM 2.0](about-mbam-20-mbam-2.md) - - [Release Notes for MBAM 2.0](release-notes-for-mbam-20-mbam-2.md) - - [About MBAM 2.0 SP1](about-mbam-20-sp1.md) - - [Release Notes for MBAM 2.0 SP1](release-notes-for-mbam-20-sp1.md) - - [Evaluating MBAM 2.0](evaluating-mbam-20-mbam-2.md) - - [High-Level Architecture for MBAM 2.0](high-level-architecture-for-mbam-20-mbam-2.md) - - [Accessibility for MBAM 2.0](accessibility-for-mbam-20-mbam-2.md) -- [Planning for MBAM 2.0](planning-for-mbam-20-mbam-2.md) - - [Preparing your Environment for MBAM 2.0](preparing-your-environment-for-mbam-20-mbam-2.md) - - [MBAM 2.0 Deployment Prerequisites](mbam-20-deployment-prerequisites-mbam-2.md) - - [Planning to Deploy MBAM 2.0](planning-to-deploy-mbam-20-mbam-2.md) - - [MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md) - - [MBAM 2.0 Planning Checklist](mbam-20-planning-checklist-mbam-2.md) -- [Deploying MBAM 2.0](deploying-mbam-20-mbam-2.md) - - [Deploying the MBAM 2.0 Server Infrastructure](deploying-the-mbam-20-server-infrastructure-mbam-2.md) - - [Deploying MBAM 2.0 Group Policy Objects](deploying-mbam-20-group-policy-objects-mbam-2.md) - - [Deploying the MBAM 2.0 Client](deploying-the-mbam-20-client-mbam-2.md) - - [MBAM 2.0 Deployment Checklist](mbam-20-deployment-checklist-mbam-2.md) - - [Upgrading from Previous Versions of MBAM](upgrading-from-previous-versions-of-mbam.md) -- [Operations for MBAM 2.0](operations-for-mbam-20-mbam-2.md) - - [Using MBAM with Configuration Manager](using-mbam-with-configuration-manager.md) - - [Administering MBAM 2.0 Features](administering-mbam-20-features-mbam-2.md) - - [Monitoring and Reporting BitLocker Compliance with MBAM 2.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-20-mbam-2.md) - - [Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam-mbam-2.md) - - [Maintaining MBAM 2.0](maintaining-mbam-20-mbam-2.md) - - [Security and Privacy for MBAM 2.0](security-and-privacy-for-mbam-20-mbam-2.md) - - [Administering MBAM 2.0 Using PowerShell](administering-mbam-20-using-powershell-mbam-2.md) -- [Troubleshooting MBAM 2.0](troubleshooting-mbam-20-mbam-2.md) - -## More Information - -- [MDOP Information Experience](index.md) - - Find documentation, videos, and other resources for MDOP technologies. - -  - -  - - - - - diff --git a/mdop/mbam-v2/maintaining-mbam-20-mbam-2.md b/mdop/mbam-v2/maintaining-mbam-20-mbam-2.md deleted file mode 100644 index d83b165ded..0000000000 --- a/mdop/mbam-v2/maintaining-mbam-20-mbam-2.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: Maintaining MBAM 2.0 -description: Maintaining MBAM 2.0 -author: dansimp -ms.assetid: 6479e093-840d-45d5-b759-1179aeeeefeb -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Maintaining MBAM 2.0 - - -After completing all necessary planning and then deploying Microsoft BitLocker Administration and Monitoring (MBAM), you can configure Microsoft BitLocker Administration and Monitoring to run in a highly available fashion while using it to manage enterprise BitLocker encryption operations. The information in this section describes high availability options for MBAM as well as how to move MBAM Server features. - -## Ensure High Availability for MBAM 2.0 - - -MBAM was designed to be fault-tolerant and not negatively affect the users if a server is not available. The information in this section can be used to configure a highly available MBAM installation. - -[High Availability for MBAM 2.0](high-availability-for-mbam-20-mbam-2.md) - -## Move MBAM 2.0 Features to Another Server - - -If you need to move an MBAM Server feature from one server computer to another, you must complete required steps in a specific order to avoid a loss of productivity or data. This section describes the steps that you must complete to move one or more MBAM Server features to a different computer. - -[How to Move MBAM 2.0 Features to Another Computer](how-to-move-mbam-20-features-to-another-computer-mbam-2.md) - -## Other resources for Maintaining MBAM - - -[Operations for MBAM 2.0](operations-for-mbam-20-mbam-2.md) - -  - -  - - - - - diff --git a/mdop/mbam-v2/mbam-20-deployment-checklist-mbam-2.md b/mdop/mbam-v2/mbam-20-deployment-checklist-mbam-2.md deleted file mode 100644 index 74f3cbeaca..0000000000 --- a/mdop/mbam-v2/mbam-20-deployment-checklist-mbam-2.md +++ /dev/null @@ -1,110 +0,0 @@ ---- -title: MBAM 2.0 Deployment Checklist -description: MBAM 2.0 Deployment Checklist -author: dansimp -ms.assetid: 7905d31d-f21c-4683-b9c4-95b815e08fab -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# MBAM 2.0 Deployment Checklist - - -This checklist can be used to help you during Microsoft BitLocker Administration and Monitoring (MBAM) deployment with a Stand-alone topology. - -**Note** -This checklist outlines the recommended steps and a high-level list of items to consider when deploying Microsoft BitLocker Administration and Monitoring features. It is recommended that you copy this checklist into a spreadsheet program and customize it for your use. - - - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TaskReferencesNotes
Checklist box

Complete the planning phase to prepare the computing environment for MBAM deployment.

MBAM 2.0 Planning Checklist

Checklist box

Review the MBAM supported configurations information to make sure selected client and server computers are supported for MBAM feature installation.

MBAM 2.0 Supported Configurations

Checklist box

Run MBAM Setup to deploy MBAM Server features in the following order:

-
    -

  1. Recovery Database

    2. -

  2. Compliance and Audit Database

    3. -

  3. Compliance Audit and Reports

    4. -

  4. Self-Service Server

    5. -

  5. Administration and Monitoring Server

    6. -

  6. MBAM Group Policy template

    7. -
-
-Note

Keep track of the names of the servers each feature is installed on. This information will be used throughout the installation process.

-
-
- -

Deploying the MBAM 2.0 Server Infrastructure

Checklist box

Add Active Directory Domain Services security groups created during the planning phase to the appropriate local MBAM Server feature administrators groups on appropriate servers.

Planning for MBAM 2.0 Administrator Roles and How to Manage MBAM Administrator Roles

Checklist box

Create and deploy required MBAM Group Policy Objects.

Deploying MBAM 2.0 Group Policy Objects

Checklist box

Deploy the MBAM Client software.

Deploying the MBAM 2.0 Client

- - - -## Related topics - - -[Deploying MBAM 2.0](deploying-mbam-20-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/mbam-20-deployment-prerequisites-mbam-2.md b/mdop/mbam-v2/mbam-20-deployment-prerequisites-mbam-2.md deleted file mode 100644 index 4901f54cfe..0000000000 --- a/mdop/mbam-v2/mbam-20-deployment-prerequisites-mbam-2.md +++ /dev/null @@ -1,347 +0,0 @@ ---- -title: MBAM 2.0 Deployment Prerequisites -description: MBAM 2.0 Deployment Prerequisites -author: dansimp -ms.assetid: 57d1c2bb-5ea3-457e-badd-dd9206ff0f20 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# MBAM 2.0 Deployment Prerequisites - - -Before you start Microsoft BitLocker Administration and Monitoring (MBAM) Setup, you should ensure that you have met the prerequisites to install the product. This section contains information to help you successfully plan your computing environment before you deploy Microsoft BitLocker Administration and Monitoring Server features and Clients. If you are installing MBAM with Configuration Manager, see [Planning to Deploy MBAM with Configuration Manager](planning-to-deploy-mbam-with-configuration-manager-2.md) for additional prerequisites. - -## Installation Prerequisites for MBAM Server Features - - -Each of the MBAM Server features has specific prerequisites that must be met before the MBAM features can be successfully installed. MBAM Setup checks that all prerequisites are met before the installation starts. - -### Prerequisites for Administration and Monitoring Server - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PrerequisiteDetails

Windows Server Web Server Role

This role must be added to a server operating system that is supported for the Administration and Monitoring Server feature.

Web Server (IIS) Management Tools

Select IIS Management Scripts and Tools.

SSL Certificate

Optional. To secure communication between the clients and the web services, you have to obtain and install a certificate that a trusted security authority signed.

Web Server Role Services

Common HTTP Features:

-
    -

  • Static Content

    • -

  • Default Document

    • -
-

Application Development:

-
    -

  • ASP.NET

    • -

  • .NET Extensibility

    • -

  • ISAPI Extensions

    • -

  • ISAPI Filters

    • -
-

Security:

-
    -

  • Windows Authentication

    • -

  • Request Filtering

    • -

Windows Server Features

.NET Framework 3.5.1 features:

-
    -

  • .NET Framework 3.5.1

    • -

  • WCF Activation

    -
      -

    • HTTP Activation

      • -

    • Non-HTTP Activation

      • -
    • -
-

Windows Process Activation Service:

-
    -

  • Process Model

    • -

  • .NET Environment

    • -

  • Configuration APIs

    • -
- - - -**Note** -For a list of supported operating systems, see [MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md). - - - -### Prerequisites for the Compliance and Audit Reports - - ---- - - - - - - - - - - - - - - - - - - - - -
PrerequisiteDetails

Supported version of SQL Server

-

See MBAM 2.0 Supported Configurations for supported versions.

Install SQL Server with:

-
    -

  • SQL_Latin1_General_CP1_CI_AS collation

    • -

SQL Server Reporting Services (SSRS)

SSRS instance rights – required for installing reports only if you are installing databases on a separate server from the reports.

Required instance rights:

-
    -

  • Create Folders

    • -

  • Publish Reports

    • -
-

SSRS must be installed and running during the MBAM Server installation. Configure SSRS in “native” mode and not in unconfigured or “SharePoint” mode.

- - - -### Prerequisites for the Recovery Database - - ---- - - - - - - - - - - - - - - - - - - - - -
PrerequisiteDetails

Supported version of SQL Server

-

See MBAM 2.0 Supported Configurations for supported versions.

Install SQL Server with:

-
    -

  • SQL_Latin1_General_CP1_CI_AS collation

    • -

  • SQL Server Management Tools

    • -

Required SQL Server permissions

Required permissions:

-
    -

  • SQL instance Login Server roles:

    -
      -

    • dbcreator

      • -

    • processadmin

      • -
    • -

  • SQL Server Reporting Services instance rights:

    -
      -

    • Create Folders

      • -

    • Publish Reports

      • -
    • -

Optional - Install Transparent Data Encryption (TDE) feature available in SQL Server

The TDE SQL Server feature performs real-time I/O encryption and decryption of the data and log files, which can help you to comply with many laws, regulations, and guidelines established in various industries.

-
-Note

TDE performs real-time decryption of database information, which means that, if the account under which you are logged on has permissions to the database while you are viewing the recovery key information in the SQL Server tables, the recovery key information is visible.

-
-
- -
-

More about TDE: MBAM 2.0 Security Considerations.

- - - -### Prerequisites for the Compliance and Audit Database - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PrerequisiteDetails

Supported version of SQL Server

-

See MBAM 2.0 Supported Configurations for supported versions.

Install SQL Server with:

-
    -

  • SQL_Latin1_General_CP1_CI_AS collation

    • -

  • SQL Server Management Tools

    • -

Required SQL Server permissions

Required permissions:

-
    -

  • SQL instance Login Server roles:

    -
      -

    • dbcreator

      • -

    • processadmin

      • -
    • -

  • SQL Server Reporting Services instance rights:

    -
      -

    • Create Folders

      • -

    • Publish Reports

      • -
    • -

Optional - Install Transparent Data Encryption (TDE) feature in SQL Server.

The TDE SQL Server feature performs real-time I/O encryption and decryption of the data and log files, which can help you to comply with many laws, regulations, and guidelines established in various industries.

-
-Note

TDE performs real-time decryption of database information, which means that, if the account under which you are logged on has permissions to the database while you are viewing the recovery key information in the SQL Server tables, the recovery key information is visible.

-
-
- -
-

More about TDE: MBAM 2.0 Security Considerations

SQL Server must have Database Engine Services installed and running during MBAM Server installation.

The SQL Server Agent service must be running and set to auto-start on the selected instances of SQL Server.

- - - -### Prerequisites for the Self-Service Portal - - ---- - - - - - - - - - - - - - - - - - - - - -
PrerequisiteDetails

Supported version of Windows Server

-

See MBAM 2.0 Supported Configurations for supported versions.

ASP.NET MVC 2.0

ASP.NET MVC 2 download

Web Service IIS Management Tools

- - - -## Prerequisites for MBAM Clients - - - ---- - - - - - - - - - - - - - - - - - - - - -
PrerequisiteDetails

Windows 7 clients only - must have Trusted Platform Module (TPM) capability.

TPM version must be 1.2 or later.

The TPM chip must be turned on in the BIOS and be resettable from the operating system.

For more information, see the BIOS documentation.

Windows 8 clients only: To have MBAM store and manage the TPM recovery keys: TPM auto-provisioning must be turned off, and MBAM must be set as the owner of the TPM before you deploy MBAM. To turn off TPM auto-provisioning, see Disable-TpmAutoProvisioning.

-
    -

  • TPM auto-provisioning must be turned off.

    • -

  • MBAM must be set as the owner of the TPM before you deploy MBAM.

    • -

To turn off TPM auto-provisioning, see Disable-TpmAutoProvisioning.

-
-Note

Ensure that the keyboard, video, or mouse are directly connected and not managed through a keyboard, video, or mouse (KVM) switch. A KVM switch can interfere with the ability of the computer to detect the physical presence of hardware.

-
-
- -
- - - -## Related topics - - -[Planning to Deploy MBAM 2.0](planning-to-deploy-mbam-20-mbam-2.md) - -[MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/mbam-20-planning-checklist-mbam-2.md b/mdop/mbam-v2/mbam-20-planning-checklist-mbam-2.md deleted file mode 100644 index dd323a9429..0000000000 --- a/mdop/mbam-v2/mbam-20-planning-checklist-mbam-2.md +++ /dev/null @@ -1,108 +0,0 @@ ---- -title: MBAM 2.0 Planning Checklist -description: MBAM 2.0 Planning Checklist -author: dansimp -ms.assetid: 16b27c27-5f5e-41e2-b526-89a036672fb8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# MBAM 2.0 Planning Checklist - - -This checklist can be used to help you plan for preparing your computing environment for Microsoft BitLocker Administration and Monitoring (MBAM) deployment. - -**Note**   -This checklist outlines the recommended steps and a high-level list of items to consider when planning for an Microsoft BitLocker Administration and Monitoring deployment. It is recommended that you copy this checklist into a spreadsheet program and customize it for your use. - - - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TaskReferencesNotes
Checklist box

Review the getting started information about MBAM to gain a basic understanding of the product before beginning deployment planning.

Getting Started with MBAM 2.0

Checklist box

Plan for MBAM 2.0 Deployment Prerequisites and prepare your computing environment.

MBAM 2.0 Deployment Prerequisites

Checklist box

Plan for and configure MBAM Group Policy requirements.

Planning for MBAM 2.0 Group Policy Requirements

Checklist box

Plan for and create necessary Active Directory Domain Services security groups and plan for MBAM local security group membership requirements.

Planning for MBAM 2.0 Administrator Roles

Checklist box

Review the MBAM 2.0 Supported Configurations documentation to ensure that hardware that meets MBAM installation system requirements is available.

MBAM 2.0 Supported Configurations

Checklist box

Plan for deploying MBAM Server feature deployment.

Planning for MBAM 2.0 Server Deployment

Checklist box

Plan for deploying MBAM Client deployment.

Planning for MBAM 2.0 Client Deployment

Checklist box

Validate your deployment plan in a test environment.

Evaluating MBAM 2.0

- - - -## Related topics - - -[Planning for MBAM 2.0](planning-for-mbam-20-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/mbam-20-privacy-statement-mbam-2.md b/mdop/mbam-v2/mbam-20-privacy-statement-mbam-2.md deleted file mode 100644 index 55aa14a2c0..0000000000 --- a/mdop/mbam-v2/mbam-20-privacy-statement-mbam-2.md +++ /dev/null @@ -1,132 +0,0 @@ ---- -title: MBAM 2.0 Privacy Statement -description: MBAM 2.0 Privacy Statement -author: dansimp -ms.assetid: fce72ad4-a837-4d17-8d3b-4d93f1a399be -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# MBAM 2.0 Privacy Statement - -## Microsoft BitLocker Administration and Monitoring (MBAM) v2 Privacy Statement - -Microsoft is committed to protecting your privacy, while delivering software that brings you the performance, power, and convenience you desire in your personal computing. This privacy statement explains many of the data collection and use practices of Microsoft BitLocker Administration and Monitoring v2 (MBAM). This is a preliminary disclosure that focuses on features that communicate with the Internet and is not intended to be an exhaustive list. - -Microsoft BitLocker Administration and Monitoring (MBAM) enhances BitLocker by simplifying deployment and key recovery, centralizing provisioning, monitoring and reporting of encryption status for fixed and removable drives, and minimizing support costs. This release provides support for Windows 8 as well as improvements on Configuration Manager Integration and key recovery functionality. - -### Collection and Use of Your Information - -The information we collect from you will be used by Microsoft and its controlled subsidiaries and affiliates to enable the features you are using and provide the service(s) or carry out the transaction(s) you have requested or authorized. It may also be used to analyze and improve Microsoft products and services. - -We may send certain mandatory service communications such as welcome letters, billing reminders, information on technical service issues, and security announcements. Some Microsoft services may send periodic member letters that are considered part of the service. We may occasionally request your feedback, invite you to participate in surveys, or send you promotional mailings to inform you of other products or services available from Microsoft and its affiliates. - -In order to offer you a more consistent and personalized experience in your interactions with Microsoft, information collected through one Microsoft service may be combined with information obtained through other Microsoft services. We may also supplement the information we collect with information obtained from other companies. For example, we may use services from other companies that enable us to derive a general geographic area based on your IP address in order to customize certain services to your geographic area. - -Except as described in this statement, personal information you provide will not be transferred to third parties without your consent. We occasionally hire other companies to provide limited services on our behalf, such as packaging, sending and delivering purchases and other mailings, answering customer questions about products or services, processing event registration, or performing statistical analysis of our services. We will only provide those companies the personal information they need to deliver the service, and they are prohibited from using that information for any other purpose. - -Microsoft may access or disclose information about you, including the content of your communications, in order to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft or our customers, including the enforcement of our agreements or policies governing your use of the services; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers, or the public.  We may also disclose personal information as part of a corporate transaction such as a merger or sale of assets. - -Information that is collected by or sent to Microsoft by MBAM may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries, or service providers maintain facilities. Microsoft abides by the safe harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union, the European Economic Area, and Switzerland. - -### Collection and Use of Information about Your Computer - -When you use software with Internet-enabled features, information about your computer ("standard computer information") is sent to the Web sites you visit and online services you use. Microsoft uses standard computer information to provide you Internet-enabled services, to help improve our products and services, and for statistical analysis. Standard computer information typically includes information such as your IP address, operating system version, browser version, and regional and language settings. In some cases, standard computer information may also include hardware ID, which indicates the device manufacturer, device name, and version. If a particular feature or service sends information to Microsoft, standard computer information will be sent as well. - -Because this is a pre-release version of the software, some of these Internet-enabled features are turned on by default so that we can collect enough information about how the software is working in order to improve the commercially released software. The default settings in this pre-release software do not necessarily reflect how these features will be configured in the commercially released software. - -The privacy details for each MBAM feature, software or service listed in this privacy statement describe what additional information is collected and how it is used. - -### Security of your information - -Microsoft is committed to helping protect the security of your information. We use a variety of security technologies and procedures to help protect your information from unauthorized access, use, or disclosure. For example, we store the information you provide on computer systems with limited access, which are located in controlled facilities. - -### Changes to this privacy statement - -We will occasionally update this privacy statement to reflect changes in our products, services, and customer feedback. When we post changes, we will revise the "last updated" date at the top of this statement. If there are material changes to this statement or in how Microsoft will use your personal information, we will notify you either by posting a notice of such changes prior to implementing the change or by directly sending you a notification. We encourage you to periodically review this statement to be informed of how Microsoft is protecting your information. - -### For More Information - -Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement or believe that we have not adhered to it, please contact us. - -Microsoft Privacy Microsoft Corporation One Microsoft Way Redmond, Washington 98052 USA - -### Specific Features - -### Microsoft Error Reporting - -The remainder of this document will address the following specific features: - -**What This Feature Does:** - -Microsoft Error Reporting provides a service that allows you to report problems you may be having with MBAM to Microsoft and to receive information that may help you avoid or solve such problems. - -**Information Collected, Processed, or Transmitted:** - -For information about the information collected, processed, or transmitted by Microsoft Error Reporting, see the Microsoft Error Reporting privacy statement at [https://go.microsoft.com](https://go.microsoft.com/fwlink/?LinkID=244395). - -**Use of Information:** - -We use the error reporting data to solve customer problems and improve our software and services. - -**Choice and control:** - -Microsoft Error Reporting is not turned on or off by MBAM. MBAM will utilize whatever configuration is active in Windows. You can change your Microsoft Error Reporting settings at any time disabling the automatic reporting of errors that may contain the names of folders on your PC by creating a registry value named "DisableGenericReports" with any type or value under: - -"HKLM\\Software\\Microsoft\\Microsoft Standalone System Sweeper Tool" (for the 32-bit version) - -"HKLM\\Software\\Wow6432Node\\Microsoft\\Microsoft Standalone System Sweeper Tool" (for the 64-bit version) - -> [!Warning] -> Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the PC. You can also use the Last Known Good Configuration startup option if you encounter problems after manual changes have been applied. - -Important Information: Enterprise customers can use Group Policy to configure how Microsoft Error Reporting behaves on their PCs. Configuration options include the ability to turn off Microsoft Error Reporting. If you are an administrator and wish to configure Group Policy for Microsoft Error Reporting, technical details are available on [TechNet](https://technet.microsoft.com/library/cc709644.aspx). - -Additional information on how to modify enable and disable error reporting is available at this support article: [How to disable or enable Dr. Watson for Windows](https://support.microsoft.com/kb/188296). - -### Microsoft Update - -**What This Feature Does:** - -Microsoft Update is a service that provides Windows updates as well as updates for other Microsoft software. - -**Information Collected, Processed, or Transmitted:** - -For details about what information is collected and how it is used, see the [Update Services Privacy Statement](https://go.microsoft.com/fwlink/?LinkId=244400). - -**Use of Information:** - -For details about what information is collected and how it is used, see the [Update Services Privacy Statement](https://go.microsoft.com/fwlink/?LinkId=244400). - -**Choice/Control:** - -For details about controlling this feature, see the [Update Services Privacy Statement](https://go.microsoft.com/fwlink/?LinkId=244000). - -### Customer Experience Improvement Program - -**What This Feature Does:** - -The Customer Experience Improvement Program (“CEIP”) collects basic information about your hardware configuration and how you use our software and services in order to identify trends and usage patterns. CEIP also collects the type and number of errors you encounter, software and hardware performance, and the speed of services. We won't collect your name, address, or other contact information. - -**Information Collected, Processed, or Transmitted:** - -For more information about the information collected, processed, or transmitted by CEIP, see the [CEIP privacy statement](https://go.microsoft.com/fwlink/?LinkID=52097). - -**Use of Information:** - -We use this information to improve the quality, reliability, and performance of Microsoft software and services. - -**Choice/Control:** - -CEIP is off by default. You're offered the opportunity to participate in CEIP during setup. If you choose to participate and later change your mind, you can turn off CEIP at any time by: Using the CEIP Opt-out run-time dialog. From the Help menu, open the link named “Customer Experience Improvement Program” and check the ‘Don’t Join’ radio button. - -## Related topics - -[Security and Privacy for MBAM 2.0](security-and-privacy-for-mbam-20-mbam-2.md) diff --git a/mdop/mbam-v2/mbam-20-security-considerations-mbam-2.md b/mdop/mbam-v2/mbam-20-security-considerations-mbam-2.md deleted file mode 100644 index 74670be60b..0000000000 --- a/mdop/mbam-v2/mbam-20-security-considerations-mbam-2.md +++ /dev/null @@ -1,206 +0,0 @@ ---- -title: MBAM 2.0 Security Considerations -description: MBAM 2.0 Security Considerations -author: dansimp -ms.assetid: 0aa5c6e2-d92c-4e30-9f6a-b48abb667ae5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# MBAM 2.0 Security Considerations - - -This topic contains a brief overview about the accounts and groups, log files, and other security-related considerations for Microsoft BitLocker Administration and Monitoring (MBAM). For more information, follow the links within this article. - -## General Security Considerations - - -**Understand the security risks.** The most serious risk from Microsoft BitLocker Administration and Monitoring is that its functionality could be hijacked by an unauthorized user who could then reconfigure BitLocker encryption and gain BitLocker encryption key data on MBAM Clients. However, the loss of MBAM functionality for a short period of time, due to a denial-of-service attack, does not generally have a catastrophic impact, unlike, for example, e-mail, network communications, light, and power. - -**Physically secure your computers**. There is no security without physical security. An attacker who gets physical access to an MBAM Server could potentially use it to attack the entire client base. All potential physical attacks must be considered high risk and mitigated appropriately. MBAM servers should be stored in a secure server room with controlled access. Secure these computers when administrators are not physically present by having the operating system lock the computer, or by using a secured screen saver. - -**Apply the most recent security updates to all computers**. Stay informed about new updates for operating systems, Microsoft SQL Server, and MBAM by subscribing to the Security Notification service (). - -**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all MBAM and MBAM administrator accounts. Never use blank passwords. For more information about password concepts, see the “Account Passwords and Policies” white paper on TechNet (). - -## Accounts and Groups in MBAM - - -The best practice for managing user accounts is to create domain global groups and add user accounts to them. Then, add the domain global accounts to the necessary MBAM local groups on the MBAM Servers. - -### Active Directory Domain Services Groups - -No Active Directory groups are created automatically during the MBAM setup process. However, it is recommended that you create the following Active Directory Domain Services global groups to manage MBAM operations. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Group NameDetails

MBAM Advanced Helpdesk Users

Create this group to manage members of the MBAM Advanced Helpdesk Users local group created during MBAM Setup.

MBAM Compliance Auditing DB Access

Create this group to manage members of the MBAM Compliance Auditing DB Access local group created during MBAM Setup.

MBAM Helpdesk Users

Create this group to manage members of the MBAM Helpdesk Users local group created during MBAM Setup.

MBAM Recovery and Hardware DB Access

Create this group to manage members of the MBAM Recovery and Hardware DB Access local group created during MBAM Setup.

MBAM Report Users

Create this group to manage members of the MBAM Report Users local group created during MBAM Setup.

MBAM System Administrators

Create this group to manage members of the MBAM System Administrators local group created during MBAM Setup.

BitLocker Encryption Exemptions

Create this group to manage user accounts that should be exempted from BitLocker encryption starting on computers that they log on to.

- - - -### MBAM Server Local Groups - -MBAM Setup creates local groups to support MBAM operations. You should add the Active Directory Domain Services global groups to the appropriate MBAM local groups to configure MBAM security and data access permissions. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Group NameDetails

MBAM Advanced Helpdesk Users

Members of this group have increased access to the Help Desk features from MBAM.

MBAM Compliance Auditing DB Access

Contains the machines that have access to the MBAM Compliance and Auditing Database.

MBAM Helpdesk Users

Members of this group have access to some of the Help Desk features from MBAM.

MBAM Recovery and Hardware DB Access

Contains the machines that have access to the MBAM Recovery Database.

MBAM Report Users

Members of this group have access to the Compliance and Audit reports from MBAM.

MBAM System Administrators

Members of this group have access to all MBAM features.

- - - -### SSRS Reports Service Account - -The SSRS Reports service account provides the security context to run the MBAM reports available through SSRS. It is configured during MBAM Setup. - -When you configure the SSRS Reports service account, specify a domain user account, and configure the password to never expire. - -**Note**   -If you change the name of the service account after you deploy MBAM, you must reconfigure the reporting data source to use the new service account credentials. Otherwise, you will not be able to access the Help Desk Portal. - - - -## MBAM Log Files - - -The following MBAM Setup log files are created in the installing user’s %temp% folder during MBAM Setup: - -**MBAM Server Setup log files** - -MSI<five random characters>.log -Logs the actions taken during MBAM Setup and MBAM Server Feature installation. - -InstallComplianceDatabase.log -Logs actions taken to create the MBAM Compliance and Audit Database setup. - -InstallKeyComplianceDatabase.log -Logs actions taken to create the MBAM Recovery Database. - -AddHelpDeskDbAuditUsers.log -Logs actions taken to create the SQL Server logins on the MBAM Compliance and Audit database and authorize the HelpDesk web service to the database for reports. - -AddHelpDeskDbUsers.log -Logs actions taken to authorize web services to database for key recovery and create logins to the MBAM Recovery Database. - -AddKeyComplianceDbUsers.log -Logs actions taken to authorize web services to MBAM Compliance and Audit Database for compliance reporting. - -AddRecoveryAndHardwareDbUsers.log -Logs actions taken to authorize web services to the MBAM Recovery database for key recovery. - -**Note**   -In order to obtain additional MBAM Setup log files, you have to install MBAM by using the msiexec package and the /L <location> option. Log files are created in the location specified. - - - -**MBAM Client Setup log files** - -MSI<five random characters>.log -Logs the actions taken during MBAM Client installation. - -## MBAM Database TDE Considerations - - -The transparent data encryption (TDE) feature that is available in SQL Server is an optional installation for the database instances that will host MBAM database features. - -With TDE, you can perform real-time, full database-level encryption. TDE is the optimal choice for bulk encryption to meet regulatory compliance or corporate data security standards. TDE works at the file level, which is similar to two Windows features: the Encrypting File System (EFS) and BitLocker Drive Encryption, both of which also encrypt data on the hard drive. TDE does not replace cell-level encryption, EFS, or BitLocker. - -When TDE is enabled on a database, all backups are encrypted. Thus, special care must be taken to ensure that the certificate that was used to protect the database encryption key is backed up and maintained with the database backup. If this certificate (or certificates) is lost, the data will be unreadable. Back up the certificate along with the database. Each certificate backup should have two files. Both of these files should be archived (ideally separately from the database backup file for security). You can alternatively consider using the extensible key management (EKM) feature (see Extensible Key Management) for storage and maintenance of keys used for TDE. - -For an example of how to enable TDE for MBAM database instances, see [Evaluating MBAM 2.0](evaluating-mbam-20-mbam-2.md). - -For more information about TDE in SQL Server 2008, see [SQL Server Encryption]( https://go.microsoft.com/fwlink/?LinkId=299883). - -## Related topics - - -[Security and Privacy for MBAM 2.0](security-and-privacy-for-mbam-20-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/mbam-20-supported-configurations-mbam-2.md b/mdop/mbam-v2/mbam-20-supported-configurations-mbam-2.md deleted file mode 100644 index 43687475bb..0000000000 --- a/mdop/mbam-v2/mbam-20-supported-configurations-mbam-2.md +++ /dev/null @@ -1,302 +0,0 @@ ---- -title: MBAM 2.0 Supported Configurations -description: MBAM 2.0 Supported Configurations -author: dansimp -ms.assetid: dca63391-39fe-4273-a570-76d0a2f8a0fd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# MBAM 2.0 Supported Configurations - - -This topic specifies the requirements to install and run Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 in your environment by using the Stand-alone topology. For supported configurations that apply to later releases, see the documentation for the applicable release. - -If you plan to install MBAM 2.0 by using the Configuration Manager topology and want to review a list of the system requirements, see [Planning to Deploy MBAM with Configuration Manager](planning-to-deploy-mbam-with-configuration-manager-2.md). - -The recommended configuration for running MBAM in a production environment is with two servers, depending on your scalability requirements. This configuration supports up to 200,000 MBAM clients. For an image and descriptions of the Stand-alone MBAM server infrastructure, see [High-Level Architecture for MBAM 2.0](high-level-architecture-for-mbam-20-mbam-2.md). - -**Note**   -Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976). - - - -## MBAM Server System Requirements - - -### Server Operating System Requirements - -The following table lists the operating systems that are supported for the Microsoft BitLocker Administration and Monitoring Server installation. - - ------ - - - - - - - - - - - - - - - - - - - - - - -
Operating systemEditionService packSystem architecture

Windows Server 2008 R2

Standard, Enterprise, or Datacenter Edition

SP1

64-bit

Windows Server 2012

Standard or Datacenter Edition

64-bit

- - - -**Note**   -There is no support for installing MBAM services, reports, or databases on a domain controller computer. - - - -### Server Processor, RAM, and Disk Space Requirements - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
Hardware componentMinimum requirementRecommended requirement

Processor

2.33 GHz

2.33 GHz or greater

RAM

8 GB

12 GB

Free disk space

1 GB

2 GB

- - - -### SQL Server Database Requirements - -The following table lists the SQL Server versions that are supported for the Administration and Monitoring Server feature installation, which includes the Recovery Database, Compliance and Audit Database, and Compliance and Audit Reports. The databases additionally require the installation of SQL Server Management Tools. - -**Note**   -MBAM does not natively support SQL clustering, mirroring, or Availability Groups. To install the databases, you must run the MBAM Server installation on a stand-alone SQL server. - - - - ------ - - - - - - - - - - - - - - - - - - - - - - -
SQL Server versionEditionService packSystem architecture

Microsoft SQL Server 2008 R2

Standard, Enterprise, or Datacenter Edition

SP1

64-bit

Microsoft SQL Server 2012

Standard, Enterprise, or Datacenter Edition

SP1

64-bit

- - - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
Hardware componentMinimum requirementRecommended requirement

Processor

2.33 GHz

2.33 GHz or greater

RAM

8 GB

12 GB

Free disk space

5 GB

5 GB or greater

- - - -## MBAM Client System Requirements - - -### Client Operating System Requirements - -The following table lists the operating systems that are supported for Microsoft BitLocker Administration and Monitoring Client installation. - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating systemEditionService packSystem architecture

Windows 7

Enterprise or Ultimate Edition

SP1

32-bit or 64-bit

Windows 8

Enterprise Edition

32-bit or 64-bit

Windows To Go

Windows 8 Enterprise Edition

32-bit or 64-bit

- - - -### Client RAM Requirements - -There are no RAM requirements that are specific to the Microsoft BitLocker Administration and Monitoring Client installation. - -## MBAM Group Policy System Requirements - - -The following table lists the operating systems that are supported for Microsoft BitLocker Administration and Monitoring Group Policy template installation. - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating systemEditionService packSystem architecture

Windows 7

Enterprise, or Ultimate Edition

SP1

32-bit or 64-bit

Windows 8

Enterprise Edition

32-bit or 64-bit

Windows Server 2008 R2

Standard, Enterprise, or Datacenter Edition

SP1

64-bit

Windows Server 2012

Standard or Datacenter Edition

64-bit

- - - -## Related topics - - -[Planning to Deploy MBAM 2.0](planning-to-deploy-mbam-20-mbam-2.md) - -[MBAM 2.0 Deployment Prerequisites](mbam-20-deployment-prerequisites-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/monitoring-and-reporting-bitlocker-compliance-with-mbam-20-mbam-2.md b/mdop/mbam-v2/monitoring-and-reporting-bitlocker-compliance-with-mbam-20-mbam-2.md deleted file mode 100644 index be5f19b3a8..0000000000 --- a/mdop/mbam-v2/monitoring-and-reporting-bitlocker-compliance-with-mbam-20-mbam-2.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: Monitoring and Reporting BitLocker Compliance with MBAM 2.0 -description: Monitoring and Reporting BitLocker Compliance with MBAM 2.0 -author: dansimp -ms.assetid: 0b9ba701-0aad-4e16-9b32-73d358047ccc -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Monitoring and Reporting BitLocker Compliance with MBAM 2.0 - - -You can generate different reports to monitor BitLocker usage and compliance activities. - -If you chose the Configuration Manager topology when you installed Microsoft BitLocker Administration and Monitoring (MBAM), reports are generated from Configuration Manager rather than from MBAM. See [Understanding MBAM Reports in Configuration Manager](understanding-mbam-reports-in-configuration-manager.md) for more information. - -## Understand MBAM Reports - - -MBAM reports have many fields that you may want to be familiar with before generating MBAM reports. - -[Understanding MBAM Reports](understanding-mbam-reports-mbam-2.md) - -## Generate MBAM Reports - - -You can generate reports on enterprise compliance, individual computer compliance, and key recovery activity. - -[How to Generate MBAM Reports](how-to-generate-mbam-reports-mbam-2.md) - -## Other Resources for Monitoring and Reporting BitLocker Compliance with MBAM - - -[Operations for MBAM 2.0](operations-for-mbam-20-mbam-2.md) - -  - -  - - - - - diff --git a/mdop/mbam-v2/operations-for-mbam-20-mbam-2.md b/mdop/mbam-v2/operations-for-mbam-20-mbam-2.md deleted file mode 100644 index 5de22fee46..0000000000 --- a/mdop/mbam-v2/operations-for-mbam-20-mbam-2.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: Operations for MBAM 2.0 -description: Operations for MBAM 2.0 -author: dansimp -ms.assetid: ece72016-4ffa-48df-8c12-1e442ee9e980 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Operations for MBAM 2.0 - - -This section of the Microsoft BitLocker Administration and Monitoring (MBAM) Administrator’s Guide includes information about the various types of Microsoft BitLocker Administration and Monitoring administration and operating tasks that are typically performed by an administrator. This section also includes step-by-step procedures to help you successfully perform those tasks. - -## Operations Information - - -- [Using MBAM with Configuration Manager](using-mbam-with-configuration-manager.md) - - If you want to install MBAM to work with Configuration Manager 2007 or Microsoft System Center 2012 Configuration Manager, refer to this section for information about architecture, planning, deployment, and reporting. - -- [Administering MBAM 2.0 Features](administering-mbam-20-features-mbam-2.md) - - After completing all necessary planning and then deploying MBAM, you can configure and use it to manage enterprise BitLocker encryption. The information in this section describes post-installation day-to-day MBAM feature operations and maintenance tasks. - -- [Monitoring and Reporting BitLocker Compliance with MBAM 2.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-20-mbam-2.md) - - This section describes how to generate and understand the different MBAM reports to monitor BitLocker usage and compliance activities throughout your enterprise environment. - -- [Performing BitLocker Management with MBAM](performing-bitlocker-management-with-mbam-mbam-2.md) - - This section describes post-installation day-to-day BitLocker encryption management tasks that are accomplished by using MBAM. - -- [Maintaining MBAM 2.0](maintaining-mbam-20-mbam-2.md) - - This section describes how to configure MBAM to run in a highly available fashion while using it to manage enterprise BitLocker encryption operations. The information in this section describes high availability options for MBAM as well as how to move MBAM Server features if necessary. - -- [Security and Privacy for MBAM 2.0](security-and-privacy-for-mbam-20-mbam-2.md) - - This section describes an overview of MBAM security considerations and explains many of the data collection and use practices of MBAM. - -- [Administering MBAM 2.0 Using PowerShell](administering-mbam-20-using-powershell-mbam-2.md) - - This section describes the set of Windows PowerShell cmdlets available for administrators performing various MBAM Server tasks from the command line rather than from the Administration and Monitoring website. - -## Other Resources for MBAM Operations - - -[Microsoft BitLocker Administration and Monitoring 2 Administrator's Guide](index.md) - -[Getting Started with MBAM 2.0](getting-started-with-mbam-20-mbam-2.md) - -[Planning for MBAM 2.0](planning-for-mbam-20-mbam-2.md) - -[Deploying MBAM 2.0](deploying-mbam-20-mbam-2.md) - -[Troubleshooting MBAM 2.0](troubleshooting-mbam-20-mbam-2.md) - -  - -  - - - - - diff --git a/mdop/mbam-v2/performing-bitlocker-management-with-mbam-mbam-2.md b/mdop/mbam-v2/performing-bitlocker-management-with-mbam-mbam-2.md deleted file mode 100644 index c132428d23..0000000000 --- a/mdop/mbam-v2/performing-bitlocker-management-with-mbam-mbam-2.md +++ /dev/null @@ -1,70 +0,0 @@ ---- -title: Performing BitLocker Management with MBAM -description: Performing BitLocker Management with MBAM -author: dansimp -ms.assetid: 9bfc6c67-f12c-4daa-8f08-5884fb47443c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Performing BitLocker Management with MBAM - - -After planning and then deploying Microsoft BitLocker Administration and Monitoring (MBAM), you can configure and use it to manage enterprise BitLocker encryption. The information in this section describes post-installation day-to-day BitLocker encryption management tasks that are accomplished by using Microsoft BitLocker Administration and Monitoring. - -## Reset a TPM Lockout by Using MBAM - - -A Trusted Platform Module (TPM) is a microchip that is designed to provide basic security-related functions, primarily involving encryption keys. The TPM is usually installed on the motherboard of a computer or laptop, and communicates with the rest of the system by using a hardware bus. Computers that incorporate a TPM have the ability to create cryptographic keys and encrypt them so that they can be decrypted only by the TPM. - -A TPM lockout can occur if a user enters the incorrect PIN too many times. The number of times that a user can enter an incorrect PIN before the TPM locks varies from manufacturer to manufacturer. You can use MBAM to access the centralized Key Recovery data system in the Administration and Monitoring website, where you can retrieve a TPM owner password file when you supply a computer ID and associated user identifier. - -[How to Reset a TPM Lockout](how-to-reset-a-tpm-lockout-mbam-2.md) - -## Recover Drives with MBAM - - -When you are dealing with the encryption of data, especially in an enterprise environment, consider how that data can be recovered in the event of a hardware failure, changes in personnel, or other situations in which encryption keys can be lost. - -The encrypted drive recovery features of MBAM ensure that data can be captured and stored and that the required tools are available to access a BitLocker-protected volume when BitLocker goes into recovery mode, is moved, or becomes corrupted. - -[How to Recover a Drive in Recovery Mode](how-to-recover-a-drive-in-recovery-mode-mbam-2.md) - -[How to Recover a Moved Drive](how-to-recover-a-moved-drive-mbam-2.md) - -[How to Recover a Corrupted Drive](how-to-recover-a-corrupted-drive-mbam-2.md) - -## Determine BitLocker Encryption State of Lost Computers by Using MBAM - - -Using MBAM, you can determine the last known BitLocker encryption status of computers that were lost or stolen. - -[How to Determine BitLocker Encryption State of Lost Computers](how-to-determine-bitlocker-encryption-state-of-lost-computers-mbam-2.md) - -## Use the Self-Service Portal to Regain Access to a Computer - - -If end users get locked out of Windows by BitLocker, they can use the instructions in this section to get a BitLocker recovery key to regain access to their computer. - -[How to Use the Self-Service Portal to Regain Access to a Computer](how-to-use-the-self-service-portal-to-regain-access-to-a-computer.md) - -## Other Resources for Performing BitLocker Management with MBAM - - -[Operations for MBAM 2.0](operations-for-mbam-20-mbam-2.md) - -  - -  - - - - - diff --git a/mdop/mbam-v2/planning-for-mbam-20-administrator-roles-mbam-2.md b/mdop/mbam-v2/planning-for-mbam-20-administrator-roles-mbam-2.md deleted file mode 100644 index dcc4dfb344..0000000000 --- a/mdop/mbam-v2/planning-for-mbam-20-administrator-roles-mbam-2.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: Planning for MBAM 2.0 Administrator Roles -description: Planning for MBAM 2.0 Administrator Roles -author: dansimp -ms.assetid: 6f813297-6479-42d3-a21b-896d54466b5b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning for MBAM 2.0 Administrator Roles - - -This topic lists and describes the available administrator roles that are available in Microsoft BitLocker Administration and Monitoring (MBAM) as well as the server locations where the local groups are created. - -## MBAM Administrator Roles - - - **MBAM System Administrators** -Administrators in this role have access to all Microsoft BitLocker Administration and Monitoring features. The local group for this role is installed on the Administration and Monitoring Server. - - **MBAM Helpdesk Users** -Administrators in this role have access to the Help Desk features from MBAM. The local group for this role is installed on the Administration and Monitoring Server. - - **MBAM Report Users** -Administrators in this role have access to the Compliance and Audit Reports from MBAM. The local group for this role is installed on the Administration and Monitoring Server, Compliance and Audit Database, and on the server that hosts the Compliance and Audit Reports. - - **MBAM Advanced Helpdesk Users** -Administrators in this role have increased access to the Help Desk features from MBAM. The local group for this role is installed on the Administration and Monitoring Server. If a user is a member of both MBAM Helpdesk Users and MBAM Advanced Helpdesk Users, the MBAM Advanced Helpdesk Users permissions will override the MBAM Helpdesk User permissions. - -**Important**   -To view reports, an administrative user must be a member of the **MBAM Report Users** security group on the Administration and Monitoring Server, Compliance and Audit Database, and on the server that hosts the Compliance and Audit Reports feature. As a best practice, create a security group in Active Directory Domain Services with rights on the local **MBAM Report Users** security group on both the Administration and Monitoring Server and the server that hosts the Compliance and Audit Reports. - - - -## Related topics - - -[Preparing your Environment for MBAM 2.0](preparing-your-environment-for-mbam-20-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/planning-for-mbam-20-client-deployment-mbam-2.md b/mdop/mbam-v2/planning-for-mbam-20-client-deployment-mbam-2.md deleted file mode 100644 index cc8dfa17dc..0000000000 --- a/mdop/mbam-v2/planning-for-mbam-20-client-deployment-mbam-2.md +++ /dev/null @@ -1,69 +0,0 @@ ---- -title: Planning for MBAM 2.0 Client Deployment -description: Planning for MBAM 2.0 Client Deployment -author: dansimp -ms.assetid: 3a92cf29-092f-4cad-bdfa-d5f6aafe554b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning for MBAM 2.0 Client Deployment - - -Depending on when you deploy the Microsoft BitLocker Administration and Monitoring (MBAM) Client, you can enable BitLocker drive encryption on a computer in your organization either before the end user receives the computer or afterwards. For both the MBAM Stand-alone and the Configuration Manager topologies, you have to configure Group Policy settings for MBAM. - -If you are using the MBAM Stand-alone topology, it is recommended that you use an enterprise software deployment system to deploy the MBAM Client software to end-user computers. - -If you deploy MBAM with the Configuration Manager topology, you can use Configuration Manager to deploy the MBAM Client software to end-user computers. In Configuration Manager, the MBAM installation creates a collection of computers that MBAM can manage. This collection includes workstations and devices that do not have a Trusted Platform Module (TPM), but that are running Windows 8. - -**Note**   -Windows To Go is not supported for integrated Configuration Manager installations of MBAM if you are using Configuration Manager 2007. - - - -## Deploying the MBAM Client to Enable BitLocker Encryption After Computer Distribution to End Users - - -After you configure Group Policy, you can use an enterprise software deployment system product like Microsoft System Center Configuration Manager or Active Directory Domain Services (AD DS) to deploy the Windows Installer files of the MBAM Client installation to target computers. To deploy the MBAM Client, you can use either the 32-bit or 64-bit MbamClientSetup.exe files or MBAMClient.msi files, which are provided with the MBAM software. - -When you deploy the MBAM Client after you distribute computers to client computers, end users are prompted to encrypt their computer. This enables MBAM to collect the data, which includes the PIN and password, and then to begin the encryption process. - -**Note**   -In this approach, users who have computers with a TPM chip are prompted to activate and initialize the TPM chip if the chip has not been previously activated. - - - -## Using the MBAM Client to Enable BitLocker Encryption Before Computer Distribution to End Users - - -In organizations where computers are received and configured centrally, and where computers have a compliant TPM chip, you can install the MBAM Client to manage BitLocker encryption on each computer before any user data is written to it. The benefit of this process is that every computer will then be BitLocker encryption-compliant. This method does not rely on user action because the administrator has already encrypted the computer. A key assumption for this scenario is that the policy of the organization installs a corporate Windows image before the computer is delivered to the user. - -If your organization wants to use the TPM chip to encrypt computers, the administrator adds the TPM protector to encrypt the operating system volume of the computer. If your organization wants to use the TPM chip and a PIN protector, the administrator encrypts the operating system volume with the TPM protector, and then users select a PIN when they log on for the first time. If your organization decides to use only the PIN protector, the administrator does not have to encrypt the volume first. When users log on, Microsoft BitLocker Administration and Monitoring prompts them to provide a PIN, or a PIN and password to be used on later computer restarts. - -**Note**   -The TPM protector option requires the administrator to accept the BIOS prompt to activate and initialize the TPM before the computer is delivered to the user. - - - -## Related topics - - -[Planning to Deploy MBAM 2.0](planning-to-deploy-mbam-20-mbam-2.md) - -[Deploying the MBAM 2.0 Client](deploying-the-mbam-20-client-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/planning-for-mbam-20-group-policy-requirements-mbam-2.md b/mdop/mbam-v2/planning-for-mbam-20-group-policy-requirements-mbam-2.md deleted file mode 100644 index d5311487bf..0000000000 --- a/mdop/mbam-v2/planning-for-mbam-20-group-policy-requirements-mbam-2.md +++ /dev/null @@ -1,328 +0,0 @@ ---- -title: Planning for MBAM 2.0 Group Policy Requirements -description: Planning for MBAM 2.0 Group Policy Requirements -author: dansimp -ms.assetid: f5e19dcb-eb15-4722-bb71-0734b3799eb8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning for MBAM 2.0 Group Policy Requirements - - -To manage Microsoft BitLocker Administration and Monitoring (MBAM) client computers, you need to consider the types of BitLocker protectors that you want to support in your organization, and then configure the corresponding Group Policy settings that you want to apply. This topic describes the Group Policy settings that are available for use when you are using Microsoft BitLocker Administration and Monitoring to manage BitLocker Drive Encryption in the enterprise. - -MBAM supports the following types of BitLocker protectors for operating system drives: Trusted Platform Module (TPM), TPM + PIN, TPM + USB key, and TPM + PIN + USB key, password, numerical password, and Data Recovery Agent. The password protector is supported only for Windows To Go devices and for Windows 8 devices that do not have a TPM. MBAM supports the TPM + USB key and the TPM + PIN + USB key protectors only when the operating system volume is encrypted before MBAM is installed. - -MBAM supports the following types of BitLocker protectors for fixed data drives: password, auto-unlock, numerical password, and Data Recovery Agent. - -The numeric password protector is applied automatically as part of volume encryption and does not need to be configured. - -**Important** -The default Windows BitLocker drive encryption Group Policy Object (GPO) settings are not used by MBAM and can cause conflicting behavior if they are enabled. To enable MBAM to manage BitLocker, you must define the MBAM Group Policy settings only after installing the MBAM Group Policy template. - - - -Enhanced startup PINs can contain characters, such as uppercase and lowercase letters, and numbers. Unlike BitLocker, MBAM does not support the use of symbols and spaces for enhanced PINs. - -Install the MBAM Group Policy template on a computer that is capable of running the Group Policy Management Console (GPMC) or the Advanced Group Policy Management (AGPM) MDOP technology. To edit the GPO settings that enable MBAM functionality, you must first install the MBAM Group Policy template, open the GPMC or AGPM to edit the applicable GPO, and then navigate to the following GPO node: **Computer Configuration**\\**Policies**\\**Administrative Templates**\\**Windows Components**\\**MDOP MBAM (BitLocker Management).** - -The MDOP MBAM (BitLocker Management) GPO node contains four global policy settings and four child GPO settings nodes: Client Management, Fixed Drive, Operating System Drive, and Removable Drive. The following sections provide policy definitions and suggested policy settings to assist you in planning for MBAM GPO policy setting requirements. - -**Note** -For more information about configuring the minimum, recommended GPO settings to enable MBAM to manage BitLocker encryption, see [How to Edit MBAM 2.0 GPO Settings](how-to-edit-mbam-20-gpo-settings-mbam-2.md). - - - -## Global Policy Definitions - - -This section describes MBAM Global policy definitions found at the following GPO node: **Computer Configuration**\\**Policies**\\**Administrative Templates**\\**Windows Components**\\**MDOP MBAM (BitLocker Management)**. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
Policy NameOverview and Suggested Policy Setting

Choose drive encryption method and cipher strength

Suggested Configuration: Not Configured

-

Configure this policy to use a specific encryption method and cipher strength.

-

When this policy is not configured, BitLocker uses the default encryption method of AES 128-bit with Diffuser or the encryption method specified by the setup script.

Prevent memory overwrite on restart

Suggested Configuration: Not Configured

-

Configure this policy to improve restart performance without overwriting BitLocker secrets in memory on restart.

-

When this policy is not configured, BitLocker secrets are removed from memory when the computer restarts.

Validate smart card certificate usage rule

Suggested Configuration: Not Configured

-

Configure this policy to use smartcard certificate-based BitLocker protection.

-

When this policy is not configured, a default object identifier 1.3.6.1.4.1.311.67.1.1 is used to specify a certificate.

Provide the unique identifiers for your organization

Suggested Configuration: Not Configured

-

Configure this policy to use a certificate-based data recovery agent or the BitLocker To Go reader.

-

When this policy is not configured, the Identification field is not used.

-

If your company requires higher security measurements, you may want to configure the Identification field to make sure that all USB devices have this field set and that they are aligned with this Group Policy setting.

- - - -## Client Management Policy Definitions - - -This section describes Client Management policy definitions for Microsoft BitLocker Administration and Monitoring found at the following GPO node: **Computer Configuration**\\**Policies**\\**Administrative Templates**\\**Windows Components**\\**MDOP MBAM (BitLocker Management)**\\**Client Management**. - - ---- - - - - - - - - - - - - - - - - - - - - -
Policy NameOverview and Suggested Policy Settings

Configure MBAM Services

Suggested Configuration: Enabled

-
    -

  • MBAM Recovery and Hardware service endpoint. Use this setting to enable MBAM Client BitLocker encryption management. Enter an endpoint location that is similar to the following example: http://<MBAM Administration and Monitoring Server Name>:<port the web service is bound to>/MBAMRecoveryAndHardwareService/CoreService.svc.

    • -

  • Select BitLocker recovery information to store. This policy setting lets you configure the key recovery service to back up BitLocker recovery information. It also lets you configure status reporting service for collecting compliance and audit reports. The policy provides an administrative method of recovering data encrypted by BitLocker to prevent data loss due to the lack of key information. Status report and key recovery activity will automatically and silently be sent to the configured report server location.

    -

    If you do not configure or if you disable this policy setting, the Key recovery information will not be saved, and status report and key recovery activity will not be reported to server. When this setting is set to Recovery Password and key package, the recovery password and key package will be automatically and silently backed up to the configured key recovery server location.

    • -

  • Enter client checking status frequency in minutes. This policy setting manages how frequently the client checks the BitLocker protection policies and status on the client computer. This policy also manages how frequently the client compliance status is saved to the server. The client checks the BitLocker protection policies and status on the client computer and also backs up the client recovery key at the configured frequency.

    -

    Set this frequency based on the requirement set by your company on how frequently to check the compliance status of the computer, and how frequently to back up the client recovery key.

    • -

  • MBAM Status reporting service endpoint. You must configure this setting to enable MBAM Client BitLocker encryption management. Enter an endpoint location that is similar to the following example: http://<MBAM Administration and Monitoring Server Name>:<port the web service is bound to>/MBAMComplianceStatusService/StatusReportingService.svc.

    • -

Configure user exemption policy

Suggested Configuration: Not Configured

-

This policy setting lets you configure a web site address, email address, or phone number that will instruct a user to request an exemption from BitLocker encryption.

-

If you enable this policy setting and provide a web site address, email address, or phone number, users will see a dialog that gives them instructions on how to apply for an exemption from BitLocker protection. For more information about enabling BitLocker encryption exemptions for users, see How to Manage User BitLocker Encryption Exemptions.

-

If you either disable or do not configure this policy setting, the exemption request instructions will not be presented to users.

-
-Note

User exemption is managed per user, not per computer. If multiple users log on to the same computer and any one user is not exempt, the computer will be encrypted.

-
-
- -

Configure customer experience improvement program

This policy setting lets you configure how MBAM users can join the Customer Experience Improvement Program. This program collects information about computer hardware and how users use MBAM without interrupting their work. The information helps Microsoft to identify which MBAM features to improve. Microsoft will not use this information to identify or contact MBAM users.

-

If you enable this policy setting, users will be able to join the Customer Experience Improvement Program.

-

If you disable this policy setting, users will not be able to join the Customer Experience Improvement Program.

-

If you do not configure this policy setting, users will have the option to join the Customer Experience Improvement Program.

- - - -## Fixed Drive Policy Definitions - - -This section describes Fixed Drive policy definitions for Microsoft BitLocker Administration and Monitoring found at the following GPO node: **Computer Configuration**\\**Policies**\\**Administrative Templates**\\**Windows Components**\\**MDOP MBAM (BitLocker Management)**\\**Fixed Drive**. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Policy NameOverview and Suggested Policy Setting

Fixed data drive encryption settings

Suggested Configuration: Enabled

-

This policy setting let you manage whether fixed drives must be encrypted.

-

If the operating system volume is required to be encrypted, select the Enable auto-unlock fixed data drive option.

-

When enabling this policy, you must not disable the Configure use of password for fixed data drives policy unless the use of Auto-Unlock for fixed data drives is allowed or required.

-

If you require the use of Auto-Unlock for fixed data drives, you must configure operating system volumes to be encrypted.

-

If you enable this policy setting, users are required to put all fixed drives under BitLocker protection, and the drives will be encrypted.

-

If you do not configure this policy setting, users are not required to put fixed drives under BitLocker protection. If you apply this policy after fixed data drives are encrypted, the MBAM agent decrypts the encrypted fixed drives.

-

If you disable this policy setting, users will not be able to put their fixed data drives under BitLocker protection.

Deny write access to fixed drives not protected by BitLocker

Suggested Configuration: Not Configured

-

This policy setting determines whether BitLocker protection is required for fixed drives to be writable on a computer. This policy setting is applied when you turn on BitLocker.

-

When the policy is not configured, all fixed data drives on the computer are mounted with read and write access.

Allow access to BitLocker-protected fixed drives from earlier versions of Windows

Suggested configuration: Not Configured

-

Enable this policy to let fixed drives with the FAT file system be unlocked and viewed on computers that are running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2.

-

When the policy is enabled or not configured, fixed drives formatted with the FAT file system can be unlocked and their content can be viewed on computers that are running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2. These operating systems have read-only access to BitLocker-protected drives.

-

When the policy is disabled, fixed drives formatted with the FAT file system cannot be unlocked and their content cannot be viewed on computers that are running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2.

Configure use of password for fixed drives

Suggested configuration: Not Configured

-

Use this policy to specify whether a password is required to unlock BitLocker-protected fixed data drives.

-

If you enable this policy setting, users can configure a password that meets the requirements you define. BitLocker will allow users to unlock a drive with any of the protectors that are available on the drive.

-

These settings are enforced when turning on BitLocker, not when unlocking a volume.

-

If you disable this policy setting, users are not allowed to use a password.

-

When the policy is not configured, passwords are supported with the default settings, which do not include password complexity requirements and which require only eight characters.

-

For higher security, enable this policy and select Require password for fixed data drive, select Require password complexity, and set the desired minimum password length.

-

If you disable this policy setting, users are not allowed to use a password.

-

If you do not configure this policy setting, passwords will be supported with the default settings, which do not include password complexity requirements and which require only eight characters.

Choose how BitLocker-protected fixed drives can be recovered

Suggested Configuration: Not Configured

-

Configure this policy to enable the BitLocker data recovery agent or to save BitLocker recovery information to Active Directory Domain Services (AD DS).

-

When the policy is not configured, the BitLocker data recovery agent is allowed, and recovery information is not backed up to AD DS. MBAM does not require recovery information to be backed up to AD DS.

- - - -## Operating System Drive Policy Definitions - - -This section describes Operating System Drive policy definitions for Microsoft BitLocker Administration and Monitoring found at the following GPO node: **Computer Configuration**\\**Policies**\\**Administrative Templates**\\**Windows Components**\\**MDOP MBAM (BitLocker Management)**\\**Operating System Drive**. - - ---- - - - - - - - - - - - - - - - - - - - - -
Policy NameOverview and Suggested Policy Setting

Operating system drive encryption settings

Suggested configuration: Enabled

-

This policy setting lets you manage whether the operating system drive must be encrypted.

-

For higher security, consider disabling the following policy settings in System/Power Management/Sleep Settings when you enable them with TPM + PIN protector:

-
    -

  • Allow Standby States (S1-S3) When Sleeping (Plugged In)

    • -

  • Allow Standby States (S1-S3) When Sleeping (On Battery)

    • -
-

If you are running Microsoft Windows 8 or later, and you want to use BitLocker on a computer without a TPM, select the Allow BitLocker without a compatible TPM check box. In this mode, a password is required for startup. If you forget the password, you have to use one of the BitLocker recovery options to access the drive.

-

On a computer with a compatible TPM, two types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use only the TPM for authentication, or it can also require the entry of a personal identification number (PIN).

-

If you enable this policy setting, users have to put the operating system drive under BitLocker protection, and the drive will be encrypted.

-

If you disable this policy, users will not be able to put the operating system drive under BitLocker protection. If you apply this policy after the operating system drive is encrypted, the drive will be decrypted.

-

If you do not configure this policy, the operating system drive is not required to be placed under BitLocker protection.

Configure TPM platform validation profile

Suggested Configuration: Not Configured

-

This policy setting lets you configure how the TPM security hardware on a computer secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection.

-

When this policy setting is not configured, the TPM uses the default platform validation profile or the platform validation profile that is specified by the setup script.

Choose how BitLocker-protected operating system drives can be recovered

Suggested Configuration: Not Configured

-

Configure this policy to enable the BitLocker data recovery agent or to save BitLocker recovery information to Active Directory Domain Services (AD DS).

-

When this policy is not configured, the data recovery agent is allowed, and recovery information is not backed up to AD DS.

-

MBAM operation does not require recovery information to be backed up to AD DS.

- - - -## Removable Drive Policy Definitions - - -This section describes Removable Drive Policy definitions for Microsoft BitLocker Administration and Monitoring found at the following GPO node: **Computer Configuration**\\**Policies**\\**Administrative Templates**\\**Windows Components**\\**MDOP MBAM (BitLocker Management)** \\ **Removable Drive**. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Policy NameOverview and Suggested Policy Setting

Control use of BitLocker on removable drives

Suggested configuration: Enabled

-

This policy controls the use of BitLocker on removable data drives.

-

Enable the Allow users to apply BitLocker protection on removable data drives option to allow users to run the BitLocker setup wizard on a removable data drive.

-

Enable the Allow users to suspend and decrypt BitLocker on removable data drives option to allow users to remove BitLocker drive encryption from the drive or to suspend the encryption while maintenance is performed.

-

When this policy is enabled and the Allow users to apply BitLocker protection on removable data drives option is selected, the MBAM Client saves the recovery information about removable drives to the MBAM key recovery server and allows users to recover the drive if the password is lost.

Deny write access to removable drives not protected by BitLocker

Suggested Configuration: Not Configured

-

Enable this policy to allow only write access to BitLocker protected drives.

-

When this policy is enabled, all removable data drives on the computer require encryption before write access is allowed.

Allow access to BitLocker-protected removable drives from earlier versions of Windows

Suggested Configuration: Not Configured

-

Enable this policy to allow fixed drives with the FAT file system to be unlocked and viewed on computers that are running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2.

-

When this policy is not configured, removable data drives formatted with the FAT file system can be unlocked on computers that are running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2, and their content can be viewed. These operating systems have read-only access to BitLocker-protected drives.

-

When the policy is disabled, removable drives formatted with the FAT file system cannot be unlocked and their content cannot be viewed on computers that are running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2.

Configure use of password for removable data drives

Suggested configuration: Not Configured

-

Enable this policy to configure password protection on removable data drives.

-

When this policy is not configured, passwords are supported with the default settings, which do not include password complexity requirements and which require only eight characters.

-

For increased security, you may enable this policy and check Require password for removable data drive, select Require password complexity, and set the preferred minimum password length.

Choose how BitLocker-protected removable drives can be recovered

Suggested Configuration: Not Configured

-

Configure this policy to enable the BitLocker data recovery agent or to save BitLocker recovery information to Active Directory Domain Services (AD DS).

-

When set to Not Configured, the data recovery agent is allowed and recovery information is not backed up to AD DS.

-

MBAM operation does not require recovery information to be backed up to AD DS.

- - - -## Related topics - - -[MBAM 2.0 Deployment Prerequisites](mbam-20-deployment-prerequisites-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/planning-for-mbam-20-mbam-2.md b/mdop/mbam-v2/planning-for-mbam-20-mbam-2.md deleted file mode 100644 index 32ad03c576..0000000000 --- a/mdop/mbam-v2/planning-for-mbam-20-mbam-2.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: Planning for MBAM 2.0 -description: Planning for MBAM 2.0 -author: dansimp -ms.assetid: 1206bd18-05ea-4ca8-9362-07e512503c3f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning for MBAM 2.0 - - -The goal of deployment planning is to successfully and efficiently deploy Microsoft BitLocker Administration and Monitoring (MBAM) with the Stand-alone topology so that it does not disrupt your users or the network. If you want to install Microsoft BitLocker Administration and Monitoring with the Configuration Manager topology, see [Planning to Deploy MBAM with Configuration Manager](planning-to-deploy-mbam-with-configuration-manager-2.md). - -You should consider a number of different deployment configurations and prerequisites before you deploy MBAM. This section describes the information that you need to formulate a deployment plan that best meets your business requirements, assists you in preparing your network and computing environment, and provides the information necessary for you to properly plan to deploy MBAM features. - -## Planning Information - - -- [Preparing your Environment for MBAM 2.0](preparing-your-environment-for-mbam-20-mbam-2.md) - - This section describes the computing environment requirements and installation prerequisites that you should consider before beginning MBAM Setup. - -- [Planning to Deploy MBAM 2.0](planning-to-deploy-mbam-20-mbam-2.md) - - This section describes the minimum hardware and software requirements for MBAM Client and Server feature installation. It also provides information about choosing an MBAM deployment topology, and lists other MBAM Server and Client planning considerations. - -- [MBAM 2.0 Planning Checklist](mbam-20-planning-checklist-mbam-2.md) - - This section provides a planning checklist that can assist you in MBAM deployment planning. - -## Other Resources for Planning for MBAM - - -[Microsoft BitLocker Administration and Monitoring 2 Administrator's Guide](index.md) - -[Getting Started with MBAM 2.0](getting-started-with-mbam-20-mbam-2.md) - -[Deploying MBAM 2.0](deploying-mbam-20-mbam-2.md) - -[Operations for MBAM 2.0](operations-for-mbam-20-mbam-2.md) - -[Troubleshooting MBAM 2.0](troubleshooting-mbam-20-mbam-2.md) - -  - -  - - - - - diff --git a/mdop/mbam-v2/planning-for-mbam-20-server-deployment-mbam-2.md b/mdop/mbam-v2/planning-for-mbam-20-server-deployment-mbam-2.md deleted file mode 100644 index c345da750c..0000000000 --- a/mdop/mbam-v2/planning-for-mbam-20-server-deployment-mbam-2.md +++ /dev/null @@ -1,88 +0,0 @@ ---- -title: Planning for MBAM 2.0 Server Deployment -description: Planning for MBAM 2.0 Server Deployment -author: dansimp -ms.assetid: b57f1a42-134f-4997-8697-7fbed08e2fc4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning for MBAM 2.0 Server Deployment - - -The Microsoft BitLocker Administration and Monitoring (MBAM) server infrastructure depends on a set of server features that can be installed on one or more server computers, based on the requirements of the enterprise. If you are installing Microsoft BitLocker Administration and Monitoring with the Configuration Manager topology, see [Planning to Deploy MBAM with Configuration Manager](planning-to-deploy-mbam-with-configuration-manager-2.md). - -**Note**   -Installations of Microsoft BitLocker Administration and Monitoring on a single server are recommended only for test environments. - - - -## Planning for MBAM Server Deployment - - -The infrastructure for an MBAM Server deployment includes the following features: - -- Recovery Database - -- Compliance and Audit Database - -- Compliance and Audit Reports - -- Self-Service Portal - -- Administration and Monitoring Server - -- MBAM Group Policy Template - -MBAM Server databases and features can be installed in different configurations, depending on your scalability requirements. All MBAM Server features can be installed on a single server or distributed across multiple servers. We recommend that you use a two-server configuration for production environments, although configurations of two to four servers can also be used, depending on your computing requirements. - -Each MBAM feature has specific prerequisites. For a full list of server feature prerequisites and hardware and software requirements, see [MBAM 2.0 Deployment Prerequisites](mbam-20-deployment-prerequisites-mbam-2.md) and [MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md). - -In addition to the server-related MBAM features, the Server Setup application includes an MBAM Group Policy template. The template contains Group Policy Object (GPO) settings that you configure to manage BitLocker Drive Encryption in the enterprise. You can install this template on any computer that can run the Group Policy Management Console (GPMC) or Advanced Group Policy Management (AGPM). - -As you plan the MBAM Server deployment, consider that BitLocker recovery keys in MBAM are intended for single use only, after which recovery keys expire. In order for the keys to expire after use, they must be retrieved through the Help Desk Portal or the Self-Service Portal. - -## Order of Deployment of MBAM Server Features - - -To deploy MBAM features on multiple servers, you have to install the features in the following order: - -1. Recovery Database - -2. Compliance and Audit Database - -3. Compliance Audit and Reports - -4. Self-Service Portal - -5. Administration and Monitoring Server - -6. MBAM Group Policy Template - -**Note**   -Keep track of the names of the computers on which you install each feature. You have to use this information throughout the installation process. You can print and use a deployment checklist to assist in this effort. For more information about the MBAM Deployment Checklist, see [MBAM 2.0 Deployment Checklist](mbam-20-deployment-checklist-mbam-2.md). - - - -## Related topics - - -[Planning to Deploy MBAM 2.0](planning-to-deploy-mbam-20-mbam-2.md) - -[Deploying the MBAM 2.0 Server Infrastructure](deploying-the-mbam-20-server-infrastructure-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/planning-to-deploy-mbam-20-mbam-2.md b/mdop/mbam-v2/planning-to-deploy-mbam-20-mbam-2.md deleted file mode 100644 index 118968c502..0000000000 --- a/mdop/mbam-v2/planning-to-deploy-mbam-20-mbam-2.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: Planning to Deploy MBAM 2.0 -description: Planning to Deploy MBAM 2.0 -author: dansimp -ms.assetid: 2dc05fcd-aed9-4315-aeaf-92aaa9e0e955 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning to Deploy MBAM 2.0 - - -You should consider a number of different deployment configurations and prerequisites before you create your deployment plan for Microsoft BitLocker Administration and Monitoring (MBAM). This section includes information that can help you gather the necessary information to formulate a deployment plan that best meets your business requirements. If you are installing MBAM with the Configuration Manager topology, see [Planning to Deploy MBAM with Configuration Manager](planning-to-deploy-mbam-with-configuration-manager-2.md) for additional planning information. - -## Review the MBAM 2.0 Supported Configurations - - -After preparing your computing environment for the MBAM Server and Client feature installation, make sure that you review the Supported Configurations to confirm that the computers on which you are installing MBAM meet the minimum hardware and operating system requirements. For more information about MBAM deployment prerequisites, see [MBAM 2.0 Deployment Prerequisites](mbam-20-deployment-prerequisites-mbam-2.md). - -[MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md) - -## Plan for MBAM 2.0 Server and Client Deployment - - -The MBAM Server infrastructure depends on a set of server features that can be installed on one or more server computers, based on the requirements of the enterprise. These features can be installed in a distributed configuration across multiple servers. - -**Note**   -An MBAM installation on a single server is recommended only for lab environments. - - - -The MBAM Client enables administrators to enforce and monitor BitLocker drive encryption on computers in the enterprise. The BitLocker client can be integrated into an organization by deploying the client through an enterprise software delivery system or by installing the client agent on client computers as part of the initial imaging process. - -With MBAM, you can encrypt a computer in your organization either before the end user receives the computer, or afterwards by using Group Policy. - -[Planning for MBAM 2.0 Server Deployment](planning-for-mbam-20-server-deployment-mbam-2.md) - -[Planning for MBAM 2.0 Client Deployment](planning-for-mbam-20-client-deployment-mbam-2.md) - -## Other Resources for MBAM Planning - - -[Planning for MBAM 2.0](planning-for-mbam-20-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/planning-to-deploy-mbam-with-configuration-manager-2.md b/mdop/mbam-v2/planning-to-deploy-mbam-with-configuration-manager-2.md deleted file mode 100644 index 59aa487003..0000000000 --- a/mdop/mbam-v2/planning-to-deploy-mbam-with-configuration-manager-2.md +++ /dev/null @@ -1,368 +0,0 @@ ---- -title: Planning to Deploy MBAM with Configuration Manager -description: Planning to Deploy MBAM with Configuration Manager -author: dansimp -ms.assetid: fb768306-48c2-40b4-ac4e-c279db987391 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Planning to Deploy MBAM with Configuration Manager - - -To deploy MBAM with the Configuration Manager topology, a three-server architecture, which supports 200,000 clients, is recommended. Use a separate server to run Configuration Manager, and install the basic Administration and Monitoring features on two servers, as shown in the architecture image in [Getting Started - Using MBAM with Configuration Manager](getting-started---using-mbam-with-configuration-manager.md). - -**Important** -Windows To Go is not supported when you install the integrated topology of MBAM with Configuration Manager 2007. - - - -## Deployment Prerequisites for Installing MBAM with Configuration Manager - - -Ensure that you have met the following prerequisites before you install MBAM with Configuration Manager: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
PrerequisiteAdditional Information

Ensure that the Configuration Manager Server is a primary site in the Configuration Manager system.

N/A

Enable the Hardware Inventory Client Agent on the Configuration Manager Server.

For Configuration Manager 2007, see How to Configure Hardware Inventory for a Site.

-

For System Center 2012 Configuration Manager, see How to Configure Hardware Inventory in Configuration Manager.

Enable the Desired Configuration Management (DCM) agent or the compliance settings, depending on the version of Configuration Manager that you are using.

For Configuration Manager 2007, enable the see Desired Configuration Management Client Agent Properties.

-

For System Center 2012 Configuration Manager, see Configuring Compliance Settings in Configuration Manager.

Define a reporting services point in Configuration Manager. Required for SQL Reporting Services.

For Configuration Manager 2007, see How to Create a Reporting Services Point for SQL Reporting Services.

-

For System Center 2012 Configuration Manager, see Prerequisites for Reporting in Configuration Manager.

- - - -## Configuration Manager Supported Versions - - -MBAM supports the following versions of Configuration Manager: - - ----- - - - - - - - - - - - - - - - - - - - -
Supported versionService packSystem architecture

Microsoft System Center Configuration Manager 2007 R2

SP1 or later

64-bit

-
-Note

Although Configuration Manager 2007 is 32 bit, you must install it and SQL Server on a 64-bit operating system in order to match the 64-bit MBAM software.

-
-
- -

Microsoft System Center 2012 Configuration Manager

SP1

64-bit

- - - -For a list of supported configurations for the Configuration Manager Server, see the appropriate webpage for the version of Configuration Manager that you are using. MBAM has no additional system requirements for the Configuration Manager Server. - -## MBAM and SQL Server System Requirements - - -The supported configurations and system requirements for the MBAM servers and SQL Server for the Configuration Manager topology are the same as those for the Stand-alone topology. For the Stand-alone system requirements, see [MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md). For the MBAM Server and SQL Server processor, RAM, and disk space requirements for the Configuration Manager topology, see the following sections. - -## MBAM Server Processor, RAM, and Disk Space Requirements for MBAM - - -The following table lists the server processor, RAM, and disk space requirements for MBAM servers when you are using the Configuration Manager Integration topology. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
Hardware ComponentMinimum RequirementRecommended Requirement

Processor

2.33 GHz

2.33 GHz or greater

RAM

4 GB

8 GB

Free disk space

1 GB

2 GB

- - - -## SQL Server Processor, RAM, and Disk Space Requirements - - -The following table lists the server processor, RAM, and disk space requirements for the SQL Server computer when you are using the Configuration Manager Integration topology. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
Hardware ComponentMinimum RequirementRecommended Requirement

Processor

2.33 GHz

2.33 GHz or greater

RAM

4 GB

8 GB

Free disk space

5 GB

5 GB or greater

- - - -## Required permissions to install the MBAM Server - - -To install MBAM with Configuration Manager, you must have an administrative user in Configuration Manager who has a security role with the minimum permissions listed in the following table. The table also shows the rights that you must have, beyond basic computer administrator rights, to install the MBAM Server. - - ---- - - - - - - - - - - - - - - - - -
PermissionsMBAM Server Feature

SQL instance Login Server Roles: - dbcreator- processadmin

- Recovery Database- Audit Database

SQL Server Reporting Services instance rights: - Create Folders- Publish Reports

- System Center Configuration Manager Integration

- - - -**System Center 2012 Configuration Manager** - - ---- - - - - - - - - - - - - - - - - - - - - -
PermissionsConfiguration Manager Server Feature

Configuration Manager site rights:- Read

System Center Configuration Manager integration

Configuration Manager collection rights: - Create- Delete- Read- Modify- Deploy Configuration Items

System Center Configuration Manager integration

Configuration Manager configuration item rights: - Create- Delete- Read

System Center Configuration Manager integration

- - - -**Configuration Manager 2007** - - ---- - - - - - - - - - - - - - - - - - - - - -
PermissionsConfiguration Manager Server Feature

Configuration Manager site rights:- Read

System Center Configuration Manager integration

Configuration Manager collection rights: - Create- Delete- Read- ReadResource

System Center Configuration Manager integration

Configuration Manager configuration item rights: - Create- Delete- Read- Distribute

System Center Configuration Manager integration

- - - -## Order of Deployment of MBAM Features for the Configuration Manager Topology - - -When deploying MBAM on the Configuration Manager Server, you must complete the deployment tasks in the following order: - -1. Edit the configuration.mof file on the Configuration Manager Server. - -2. Create or edit the sms\_def.mof file Configuration Manager Server. - -3. Install MBAM on the Configuration Manager Server. - -4. Install the Recovery Database and the Audit Database on the Database server. - -5. Install the MBAM features on the Administration and Monitoring Server. - -## Planning Checklist for Installing MBAM with Configuration Manager - - -This checklist outlines the recommended steps and a high-level list of items to consider when planning for an Microsoft BitLocker Administration and Monitoring deployment with Configuration Manager. It is recommended that you copy this checklist into a spreadsheet program and customize it for your use. - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TaskReferencesNotes
Checklist box

Review the getting started information, which describes how Configuration Manager works with MBAM and shows the recommended high-level architecture.

Getting Started - Using MBAM with Configuration Manager

Checklist box

Review the planning information, which describes the deployment prerequisites, supported configurations, required permissions, and deployment order for each feature.

Planning to Deploy MBAM with Configuration Manager

Checklist box

Plan for and configure MBAM Group Policy requirements.

Planning for MBAM 2.0 Group Policy Requirements

Checklist box

Plan for and create necessary Active Directory Domain Services security groups and plan for MBAM local security group membership requirements.

Planning for MBAM 2.0 Administrator Roles

Checklist box

Plan for deploying MBAM Client deployment.

Planning for MBAM 2.0 Client Deployment

- - - -## Related topics - - -[Using MBAM with Configuration Manager](using-mbam-with-configuration-manager.md) - - - - - - - - - diff --git a/mdop/mbam-v2/preparing-your-environment-for-mbam-20-mbam-2.md b/mdop/mbam-v2/preparing-your-environment-for-mbam-20-mbam-2.md deleted file mode 100644 index c726106add..0000000000 --- a/mdop/mbam-v2/preparing-your-environment-for-mbam-20-mbam-2.md +++ /dev/null @@ -1,71 +0,0 @@ ---- -title: Preparing your Environment for MBAM 2.0 -description: Preparing your Environment for MBAM 2.0 -author: dansimp -ms.assetid: 5fb01da9-620e-4992-9e54-2ed3fb69e6af -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Preparing your Environment for MBAM 2.0 - - -Before beginning Microsoft BitLocker Administration and Monitoring (MBAM) Setup, you should make sure that you have met the prerequisites to install the product. When you know what the prerequisites are ahead of time, you can efficiently deploy the product and enable its features so that it most effectively supports your organization’s business objectives. - -If you are deploying Microsoft BitLocker Administration and Monitoring with Microsoft System Center Configuration Manager 2007 or Microsoft System Center 2012 Configuration Manager, see [Planning to Deploy MBAM with Configuration Manager](planning-to-deploy-mbam-with-configuration-manager-2.md). - -## Review MBAM 2.0 Deployment Prerequisites - - -The MBAM Client and each of the MBAM Server features have specific prerequisites that must be met before they can be successfully installed. - -To ensure successful installation of MBAM Clients and MBAM Server features, ensure that computers specified for MBAM Client or MBAM Server feature installation are properly prepared for MBAM Setup. - -**Note**   -MBAM Setup checks that all prerequisites are met before installation starts. If all prerequisites are not met, Setup will fail. - - - -[MBAM 2.0 Deployment Prerequisites](mbam-20-deployment-prerequisites-mbam-2.md) - -## Plan for MBAM 2.0 Group Policy Requirements - - -Before MBAM can manage clients in the enterprise, you must define Group Policy for the encryption requirements of your environment. - -**Important**   -MBAM will not work with policies for stand-alone BitLocker drive encryption. Group Policy settings must be defined for MBAM, or BitLocker encryption and enforcement will fail. - - - -[Planning for MBAM 2.0 Group Policy Requirements](planning-for-mbam-20-group-policy-requirements-mbam-2.md) - -## Plan for MBAM 2.0 Administrator Roles - - -MBAM administrator roles are managed by local groups that are created by MBAM Setup when you install the BitLocker Administration and Monitoring Server, the Compliance and Audit Reports feature, and the Compliance and Audit Status Database. - -The membership of Microsoft BitLocker Administration and Monitoring roles can best be managed by creating security groups in Active Directory Domain Services, adding the appropriate administrator accounts to those groups, and then adding those security groups to the BitLocker Administration and Monitoring local groups. For more information, see [How to Manage MBAM Administrator Roles](how-to-manage-mbam-administrator-roles-mbam-2.md). - -## Other Resources for MBAM Planning - - -[Planning for MBAM 2.0](planning-for-mbam-20-mbam-2.md) - -[MBAM 2.0 Supported Configurations](mbam-20-supported-configurations-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/release-notes-for-mbam-20-mbam-2.md b/mdop/mbam-v2/release-notes-for-mbam-20-mbam-2.md deleted file mode 100644 index 2bbbd782ed..0000000000 --- a/mdop/mbam-v2/release-notes-for-mbam-20-mbam-2.md +++ /dev/null @@ -1,296 +0,0 @@ ---- -title: Release Notes for MBAM 2.0 -description: Release Notes for MBAM 2.0 -author: dansimp -ms.assetid: c3f16cf3-94f2-47ac-b3a4-3dc505c6a8dd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Release Notes for MBAM 2.0 - - -To search these release notes, press Ctrl+F. - -Read these release notes thoroughly before you install Microsoft BitLocker Administration and Monitoring (MBAM) 2.0. These release notes contain information that is required to successfully install BitLocker Administration and Monitoring 2.0 and contain information that is not available in the product documentation. If there is a difference between these release notes and other MBAM 2.0 documentation, the latest change should be considered authoritative. These release notes supersede the content that is included with this product. - -## MBAM 2.0 Known Issues - - -This section contains release notes for MBAM 2.0. - -### Computer Name field may not appear in the BitLocker Computer Compliance and BitLocker Enterprise Compliance Details reports when you run MBAM with Microsoft System Center Configuration Manager 2007 - -The Computer Name field may be blank in the BitLocker Computer Compliance and BitLocker Enterprise Compliance Details reports when you use MBAM with Configuration Manager 2007. - -WORKAROUND: None. - -### Enterprise Compliance Report fails to update after you upgrade the Stand-alone MBAM server infrastructure - -If you are using the MBAM Stand-alone topology, and you upgrade the server infrastructure from version 1.0 to 2.0, the Enterprise Compliance Report fails to update. - -WORKAROUND: After the upgrade, run the following script on the Compliance and Audit Database: - -```sql --- ============================================= --- Script Template --- ============================================= - -DECLARE @DatabaseName nvarchar(255); -SET @DatabaseName = DB_NAME() - -USE msdb; - -DECLARE @JobID BINARY(16) -SELECT @JobID = job_id -FROM msdb.dbo.sysjobs -WHERE (name = N'CreateCache') - -if (@JobID IS NOT NULL) -BEGIN - EXEC dbo.sp_delete_job - @job_name = N'CreateCache'; -END - -EXEC dbo.sp_add_job - @job_name = N'CreateCache', - @enabled = 1; - -EXEC dbo.sp_add_jobstep - @job_name = N'CreateCache', - @step_name = N'Copy Data', - @subsystem = N'TSQL', - @command = N'EXEC [ComplianceCore].UpdateCache', - @database_name = @DatabaseName, - @retry_attempts = 5, - @retry_interval = 5; - - -EXEC dbo.sp_add_jobschedule - @job_name = N'CreateCache', - @name = N'ReportCacheSchedule1am', - @freq_type = 4, - @freq_interval = 1, - @active_start_time = 010000, - @active_end_time = 020000; - -EXEC dbo.sp_attach_schedule - @job_name = N'CreateCache', - @schedule_name = N'ReportCacheSchedule1am'; - -EXEC dbo.sp_add_jobschedule - @job_name = N'CreateCache', - @name = N'ReportCacheSchedule7am', - @freq_type = 4, - @freq_interval = 1, - @active_start_time = 070000, - @active_end_time = 080000; - -EXEC dbo.sp_attach_schedule - @job_name = N'CreateCache', - @schedule_name = N'ReportCacheSchedule7am'; - -EXEC dbo.sp_add_jobschedule - @job_name = N'CreateCache', - @name = N'ReportCacheSchedule1pm', - @freq_type = 4, - @freq_interval = 1, - @active_start_time = 130000, - @active_end_time = 140000; - -EXEC dbo.sp_attach_schedule - @job_name = N'CreateCache', - @schedule_name = N'ReportCacheSchedule1pm'; - -EXEC dbo.sp_add_jobschedule - @job_name = N'CreateCache', - @name = N'ReportCacheSchedule7pm', - @freq_type = 4, - @freq_interval = 1, - @active_start_time = 190000, - @active_end_time = 200000; - -EXEC dbo.sp_attach_schedule - @job_name = N'CreateCache', - @schedule_name = N'ReportCacheSchedule7pm'; - -EXEC dbo.sp_add_jobserver - @job_name = N'CreateCache'; -``` - -### Reports in the Help Desk Portal display a warning if SSL is not configured in SSRS - -If SQL Server Reporting Services (SSRS) was not configured to use Secure Socket Layer (SSL), the URL for the reports will be set to HTTP instead of HTTPS when you install the MBAM Server. If you then browse to the Help Desk Portal and select a report, the following message displays: “Only Secure Content is Displayed.” - -WORKAROUND: To show the report, click **Show All Content**. To address this issue, go to the MBAM computer where SQL Server Reporting Services is installed, run **Reporting Services Configuration Manager**, and then click **Web Service URL**. Select the appropriate SSL certificate for the server, enter the appropriate SSL port (the default port is 443), and then click **Apply**. - -### Non-default instances of the Configuration Manager database are not supported - -MBAM looks only for the default instance of the Configuration Manager database in Configuration Manager 2007 and System Center 2012 Configuration Manager. If you use a non-default instance, you cannot install MBAM. - -WORKAROUND: None. - -### Clicking “Back” in the Compliance Summary report might throw an error - -If you drill down into a Compliance Summary report, and then click the **Back** link in the SSRS report, an error might be thrown. - -WORKAROUND: None. - -### Used Space Only Encryption does not work correctly - -If you encrypt a computer for the first time after you install the MBAM Client, and you have set a Group Policy Object to implement Used Space Only encryption, MBAM erroneously encrypts the entire disk instead of encrypting only the disk’s used space. If a computer is already encrypted when you install the MBAM Client, and you have set the same Group Policy Object, the encryption works correctly and encrypts only the used disk space on your computer. - -WORKAROUND: None. - -### Cipher strength displays incorrectly on the Computer Compliance report - -If you do not set a specific cipher strength in the **Choose drive encryption method and cipher strength** Group Policy Object, the Computer Compliance report in the Configuration Manager Integration topology always displays “unknown” for the cipher strength, even when the cipher strength uses the default of 128-bit encryption. The report displays the correct cipher strength if you set a specific cipher strength in the Group Policy Object. - -WORKAROUND: Always set a specific cipher strength in the **Choose drive encryption method and cipher strength** Group Policy Object. - -### Compliance Status Distribution By Drive Type displays old data after you update configuration items - -After you update MBAM configuration items in System Center 2012 Configuration Manager, the Compliance Status Distribution By Drive Type bar chart on the BitLocker Enterprise Compliance Dashboard shows data that is based on information from old versions of the configuration items. - -WORKAROUND: None. Modification of the MBAM configuration items is not supported, and the report might not appear as expected. - -### Enhanced Security Configuration may cause reports to display incorrectly - -If Internet Explorer Enhanced Security Configuration (ESC) is turned on, an “Access Denied” message might appear when you try to view reports on the MBAM Server. By default, ESC is turned on to protect the server by decreasing the server’s exposure to potential attacks that can occur through web content and application scripts. - -WORKAROUND: If the “Access Denied” message appears when you try to view reports on the MBAM Server, you can set a Group Policy Object or change the default manually in your image to disable Enhanced Security Configuration. You can also alternatively view the reports from another computer on which ESC is not enabled. - -### MBAM Server installation fails when you upgrade from SQL Server 2008 to SQL Server 2012 - -If you upgrade from SQL Server 2008 to SQL Server 2012, and then try to install the Compliance and Audit Database or the Recovery Database, the installation fails and rolls back. The failure occurs because the required SQLCMD.exe file was removed during the SQL upgrade and cannot be found by the MBAM installer. The MSI log file lines may look similar to the following: - -RunDbInstallScript Recovery Db CA: BinDir - E:\\MSSQL\\100\\Tools\\Binn\\SqlCmd.exeRunDbInstallScript Recovery Db CA: dbInstance - xxxxxx\\I01RunDbInstallScript Recovery Db CA: sqlScript- C:\\Program Files\\Microsoft\\Microsoft BitLocker Administration and Monitoring\\Setup\\KeyRecovery.sqlRunDbInstallScript Recovery Db CA: dbName- MBAM\_Recovery\_and\_HardwareRunDbInstallScript Recovery Db CA: defaultFileName- MBAM\_Recovery\_and\_HardwareRunDbInstallScript Recovery Db CA: defaultDataPath- F:\\MSSQL\\MSSQL10.I01\\MSSQL\\DATA\\RunDbInstallScript Recovery Db CA: defaultLogPath- K:\\MSSQL\\MSSQL10.I01\\MSSQL\\Data\\RunDbInstallScript Recovery Db CA: scriptLogPath - C:\\Users\\xxxxxx\\AppData\\Local\\Temp\\InstallKeyComplianceDatabase.log-e -E -S xxxxxxx\\I01 -i "C:\\Program Files\\Microsoft\\Microsoft BitLocker Administration and Monitoring\\Setup\\KeyRecovery.sql" -v DatabaseName="MBAM\_Recovery\_and\_Hardware" DefaultFileName="MBAM\_Recovery\_and\_Hardware" DefaultDataPath="F:\\MSSQL\\MSSQL10.I01\\MSSQL\\DATA\\" DefaultLogPath="K:\\MSSQL\\MSSQL10.I01\\MSSQL\\Data\\" -o "C:\\Users\\xxxxxx\\AppData\\Local\\Temp\\InstallKeyComplianceDatabase.log"RunDbInstallScript Recovery Db CA:Starting to run the Recovery database install scriptRunDbInstallScript Recovery Db CA: Sqlcmd log file is located in C:\\Users\\xxxxxx\\AppData\\Local\\Temp\\\\InstallKeyRecoveryDatabase.logRunDbInstallScript Recovery Db CA Exception: Install Recovery database Custom Action command line output Exception: The system cannot find the file specified - -The MBAM Server Windows Installer is hardcoded to find the SQLCMD.exe path by looking in the Path string value in the registry under HKLM\\Software\\Microsoft\\Microsoft SQL Server\\100\\Tools\\ClientSetup. The key is still present during the migration from SQL Server 2008 to SQL Server 2012, but the path that is referenced by the data value does not contain the SQLCMD.exe file, because the SQL upgrade process removed the file. - -WORKAROUND: Temporarily rename the HKLM\\Software\\Microsoft\\Microsoft SQL Server\\100\\Tools\\ClientSetup Path string value to **Path\_old**, and then re-run the MBAM Server Windows Installer. When the installation completes successfully and creates the databases in SQL Server 2012, rename the **Path\_old** value to **Path**. - -## Hotfixes and Knowledge Base articles for MBAM 2.0 - - -This section contains hotfixes and KB articles for MBAM 2.0. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
KB ArticleTitleLink

2831166

Installing Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 fails with "System Center CM Objects Already Installed"

support.microsoft.com/kb/2831166/EN-US

2870849

Users cannot retrieve BitLocker Recovery key using MBAM 2.0 Self Service Portal

support.microsoft.com/kb/2870849/EN-US

2756402

MBAM client would fail with Event ID 4 and error code 0x8004100E in the Event description

support.microsoft.com/kb/2756402/EN-US

2620287

Error Message “Server Error in ‘/Reports’ Application” When You Click Reports Tab in MBAM

support.microsoft.com/kb/2620287/EN-US

2639518

Error opening Enterprise or Computer Compliance Reports in MBAM

support.microsoft.com/kb/2639518/EN-US

2620269

MBAM Enterprise Reporting Not Getting Updated

support.microsoft.com/kb/2620269/EN-US

2712461

Installing MBAM on a Domain Controller is not supported

support.microsoft.com/kb/2712461/EN-US

2876732

You receive error code 0x80071a90 during Standalone or Configuration Manager Integration setup of MBAM 2.0

support.microsoft.com/kb/2876732/EN-US

2754259

MBAM and Secure Network Communication

support.microsoft.com/kb/2754259/EN-US

2870842

MBAM 2.0 Setup fails during Configuration Manager Integration Scenario with SQL Server 2008

support.microsoft.com/kb/2870842/EN-US

2668533

MBAM Setup fails if SQL SSRS is not configured properly

support.microsoft.com/kb/2668533/EN-US

2870847

MBAM 2.0 Setup fails with "Error retrieving Configuration Manager Server role settings for 'Reporting Services Point' role"

support.microsoft.com/kb/2870847/EN-US

2870839

MBAM 2.0 Enterprise Reports are not refreshed in MBAM 2.0 Standalone topology due to SQL job CreateCache failure

support.microsoft.com/kb/2870839/EN-US

2620269

MBAM Enterprise Reporting Not Getting Updated

support.microsoft.com/kb/2620269/EN-US

2935997

MBAM Supported Computers compliance reporting incorrectly includes unsupported products

support.microsoft.com/kb/2935997/EN-US

2612822

Computer Record is Rejected in MBAM

support.microsoft.com/kb/2612822/EN-US

- - - -## Related topics - - -[About MBAM 2.0](about-mbam-20-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/release-notes-for-mbam-20-sp1.md b/mdop/mbam-v2/release-notes-for-mbam-20-sp1.md deleted file mode 100644 index 9fb4028a56..0000000000 --- a/mdop/mbam-v2/release-notes-for-mbam-20-sp1.md +++ /dev/null @@ -1,244 +0,0 @@ ---- -title: Release Notes for MBAM 2.0 SP1 -description: Release Notes for MBAM 2.0 SP1 -author: dansimp -ms.assetid: b39002ba-33c6-45ec-9d1b-464327b60f5c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Release Notes for MBAM 2.0 SP1 - - -To search these release notes, press Ctrl+F. - -Read these release notes thoroughly before you install Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 Service Pack 1 (SP1). These release notes contain information that is required to successfully install BitLocker Administration and Monitoring 2.0 SP1, and they contain information that is not available in the product documentation. If there is a difference between these release notes and other MBAM 2.0 SP1 documentation, the latest change should be considered authoritative. These release notes supersede the content that is included with this product. - -## MBAM 2.0 SP1 known issues - - -This section contains known issues for MBAM 2.0 SP1. - -### Upgrade of MBAM with Configuration Manager Integrated topology to MBAM 2.0 SP1 requires manual removal of Configuration Manager objects - -If you are using MBAM with Configuration Manager, and you want to upgrade to MBAM 2.0 SP1, you must manually remove all of the Configuration Manager objects that were installed into Configuration Manager as a part of the MBAM installation. The objects that you must manually remove are the MBAM reports, MBAM Supported Computers collection, and the BitLocker Protection Configuration Baseline and its associated configuration items. - -**Workaround**: Upgrade the Configuration Manager objects by completing the following steps: - -1. Back up existing compliance data to an external file, as described in the following steps. - - **Note**   - All existing BitLocker compliance data will be deleted when you delete the existing baseline in Configuration Manager. The data will be regenerated over time, but it is recommended that you save a copy of the data in case you need the compliance data for a particular computer before the compliance data has been regenerated. - - - - 1. To save historical BitLocker compliance data, open the **BitLocker Enterprise Compliance Details** Report. - - 2. Click the **Save** icon in the report and select **Excel**. - - The saved report will contain data such as the computer name, domain name, compliance status, exemption, device users, compliance status details, and last contact date/time. Some information, such as detailed volume information and encryption strength, are not saved. - -2. Uninstall **MBAM** from the server by using the **MBAM** installer. - -3. Manually delete the following objects from Configuration Manager: - - - MBAM Supported Computers collection - - - BitLocker Protection baseline - - - BitLocker Operating System Drive Protection configuration item - - - BitLocker Fixed Data Drives Protection configuration item - -4. Manually delete the MBAM Reports folder in the Configuration Manager SQL Server Reporting Services site. To do this: - - 1. Use Internet Explorer to browse to the reporting services point, for example, http://<yourcmserver>/reports. - - 2. Click the appropriate Configuration Manager site code link. - - 3. Delete the MBAM folder. - -5. Use the MBAM Server installer to reinstall the Configuration Manager Integration objects. The client computers will begin to upload BitLocker compliance data again over time. - -### Submit button on Self-Service Portal does not work in Internet Explorer 10 - -When you use Internet Explorer 10 to access the Administration and Monitoring Website, the **Submit** button on the website does not work. - -**Workaround**: On the server where you installed the Administration and Monitoring Website, install [Hotfix for ASP.NET browser definition files](https://go.microsoft.com/fwlink/?LinkId=317798). - -### International domain names are not supported - -MBAM 2.0 SP1 does not support international domain names. - -**Workaround**: None. - -### Reports in the Administration and Monitoring website display a warning if SSL is not configured in SSRS - -If SQL Server Reporting Services (SSRS) was not configured to use Secure Socket Layer (SSL), the URL for the reports will be set to HTTP instead of HTTPS when you install the MBAM Server. If you then browse to the Administration and Monitoring website and select a report, the following message displays: “Only Secure Content is Displayed.” - -**Workaround**: To correct this issue, configure SSL in **Reporting Services Configuration Manager** on the MBAM server where SQL Server Reporting Services is installed. Uninstall and then reinstall the Administration and Monitoring Server website. - -### Clicking Back in the Compliance Summary report might create an error - -If you drill down into a Compliance Summary report, and then click the **Back** link in the SSRS report, an error might occur. - -**Workaround**: None. - -### Used Space Only Encryption does not work correctly - -If you encrypt a computer for the first time after you install the MBAM Client, and you have set a Group Policy Object to implement Used Space Only Encryption, MBAM erroneously encrypts the entire disk instead of encrypting only the disk’s used space. If a computer is already encrypted with Used Space Only Encryption before you install the MBAM Client, and you have set the same Used Space Only Encryption Group Policy Object, MBAM recognizes the setting and reports the encryption correctly in the compliance reports. - -**Workaround**: None. - -### Cipher strength displays incorrectly in the Computer Compliance report - -If you do not set a specific cipher strength in the **Choose drive encryption method and cipher strength** Group Policy Object, the Computer Compliance report in the Configuration Manager integrated topology always displays **Unknown** for the cipher strength, even when the cipher strength uses the default of 128-bit encryption. The report displays the correct cipher strength if you set a specific cipher strength in the Group Policy Object. - -**Workaround**: Always set a specific cipher strength in the **Choose drive encryption method and cipher strength** Group Policy Object. - -### Compliance Status Distribution By Drive Type displays old data after you update configuration items - -After you update MBAM configuration items in System Center 2012 Configuration Manager, the Compliance Status Distribution By Drive Type bar chart on the BitLocker Enterprise Compliance Dashboard shows data that is based on information from old versions of the configuration items. - -**Workaround**: None. Modification of the MBAM configuration items is not supported, and the report might not appear as expected. - -### Enhanced Security Configuration may cause reports to display incorrectly - -If Internet Explorer Enhanced Security Configuration (ESC) is turned on, an **Access Denied** message might appear when you try to view reports on the MBAM Server. By default, Enhanced Security Configuration is turned on to protect the server by decreasing the server’s exposure to potential attacks that can occur through web content and application scripts. - -**Workaround**: If the **Access Denied** message appears when you try to view reports on the MBAM Server, you can set a Group Policy Object or change the default manually in your image to disable Enhanced Security Configuration. You can also alternatively view the reports from another computer on which Enhanced Security Configuration is not enabled. - -### MBAM Server installation fails when you upgrade from SQL Server 2008 to SQL Server 2012 - -If you upgrade from SQL Server 2008 to SQL Server 2012, and then try to install the Compliance and Audit Database or the Recovery Database, the installation fails and rolls back. The failure occurs because the required SQLCMD.exe file was removed during the SQL Server upgrade, and it cannot be found by the MBAM installer. The MSI log file lines may look similar to the following: - -RunDbInstallScript Recovery Db CA: BinDir - E:\\MSSQL\\100\\Tools\\Binn\\SqlCmd.exeRunDbInstallScript Recovery Db CA: dbInstance - xxxxxx\\I01RunDbInstallScript Recovery Db CA: sqlScript- C:\\Program Files\\Microsoft\\Microsoft BitLocker Administration and Monitoring\\Setup\\KeyRecovery.sqlRunDbInstallScript Recovery Db CA: dbName- MBAM\_Recovery\_and\_HardwareRunDbInstallScript Recovery Db CA: defaultFileName- MBAM\_Recovery\_and\_HardwareRunDbInstallScript Recovery Db CA: defaultDataPath- F:\\MSSQL\\MSSQL10.I01\\MSSQL\\DATA\\RunDbInstallScript Recovery Db CA: defaultLogPath- K:\\MSSQL\\MSSQL10.I01\\MSSQL\\Data\\RunDbInstallScript Recovery Db CA: scriptLogPath - C:\\Users\\xxxxxx\\AppData\\Local\\Temp\\InstallKeyComplianceDatabase.log-e -E -S xxxxxxx\\I01 -i "C:\\Program Files\\Microsoft\\Microsoft BitLocker Administration and Monitoring\\Setup\\KeyRecovery.sql" -v DatabaseName="MBAM\_Recovery\_and\_Hardware" DefaultFileName="MBAM\_Recovery\_and\_Hardware" DefaultDataPath="F:\\MSSQL\\MSSQL10.I01\\MSSQL\\DATA\\" DefaultLogPath="K:\\MSSQL\\MSSQL10.I01\\MSSQL\\Data\\" -o "C:\\Users\\xxxxxx\\AppData\\Local\\Temp\\InstallKeyComplianceDatabase.log"RunDbInstallScript Recovery Db CA:Starting to run the Recovery database install scriptRunDbInstallScript Recovery Db CA: Sqlcmd log file is located in C:\\Users\\xxxxxx\\AppData\\Local\\Temp\\\\InstallKeyRecoveryDatabase.logRunDbInstallScript Recovery Db CA Exception: Install Recovery database Custom Action command line output Exception: The system cannot find the file specified - -The MBAM Server Windows Installer is hardcoded to find the SQLCMD.exe path by looking in the Path string value in the registry under HKLM\\Software\\Microsoft\\Microsoft SQL Server\\100\\Tools\\ClientSetup. The key is still present during the migration from SQL Server 2008 to SQL Server 2012, but the path that is referenced by the data value does not contain the SQLCMD.exe file, because the SQL upgrade process removed the file. - -**Workaround**: Temporarily rename the HKLM\\Software\\Microsoft\\Microsoft SQL Server\\100\\Tools\\ClientSetup path string value to **Path\_old**, and then run Windows Installer on the MBAM Server again. When the installation completes successfully and creates the databases in SQL Server 2012, rename **Path\_old** to **Path**. - -## Hotfixes and Knowledge Base articles for MBAM 2.0 SP1 - - -This section contains hotfixes and KB articles for MBAM 2.0 SP1. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
KB ArticleTitleLink

2831166

Installing Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 fails with "System Center CM Objects Already Installed"

support.microsoft.com/kb/2831166/EN-US

2870849

Users cannot retrieve BitLocker Recovery key using MBAM 2.0 Self Service Portal

support.microsoft.com/kb/2870849/EN-US

2756402

MBAM client would fail with Event ID 4 and error code 0x8004100E in the Event description

support.microsoft.com/kb/2756402/EN-US

2620287

Error Message “Server Error in ‘/Reports’ Application” When You Click Reports Tab in MBAM

support.microsoft.com/kb/2620287/EN-US

2639518

Error opening Enterprise or Computer Compliance Reports in MBAM

support.microsoft.com/kb/2639518/EN-US

2620269

MBAM Enterprise Reporting Not Getting Updated

support.microsoft.com/kb/2620269/EN-US

2712461

Installing MBAM on a Domain Controller is not supported

support.microsoft.com/kb/2712461/EN-US

2876732

You receive error code 0x80071a90 during Standalone or Configuration Manager Integration setup of MBAM 2.0

support.microsoft.com/kb/2876732/EN-US

2754259

MBAM and Secure Network Communication

support.microsoft.com/kb/2754259/EN-US

2870842

MBAM 2.0 Setup fails during Configuration Manager Integration Scenario with SQL Server 2008

support.microsoft.com/kb/2870842/EN-US

2668533

MBAM Setup fails if SQL SSRS is not configured properly

support.microsoft.com/kb/2668533/EN-US

2870847

MBAM 2.0 Setup fails with "Error retrieving Configuration Manager Server role settings for 'Reporting Services Point' role"

support.microsoft.com/kb/2870847/EN-US

2870839

MBAM 2.0 Enterprise Reports are not refreshed in MBAM 2.0 Standalone topology due to SQL job CreateCache failure

support.microsoft.com/kb/2870839/EN-US

2620269

MBAM Enterprise Reporting Not Getting Updated

support.microsoft.com/kb/2620269/EN-US

2935997

MBAM Supported Computers compliance reporting incorrectly includes unsupported products

support.microsoft.com/kb/2935997/EN-US

2612822

Computer Record is Rejected in MBAM

support.microsoft.com/kb/2612822/EN-US

- - - -## Related topics - - -[About MBAM 2.0 SP1](about-mbam-20-sp1.md) - - - - - - - - - diff --git a/mdop/mbam-v2/security-and-privacy-for-mbam-20-mbam-2.md b/mdop/mbam-v2/security-and-privacy-for-mbam-20-mbam-2.md deleted file mode 100644 index 0a0a6f60c0..0000000000 --- a/mdop/mbam-v2/security-and-privacy-for-mbam-20-mbam-2.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: Security and Privacy for MBAM 2.0 -description: Security and Privacy for MBAM 2.0 -author: dansimp -ms.assetid: 1b2859f8-2381-4ad7-8744-2caed88570ad -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Security and Privacy for MBAM 2.0 - - -Use the following information to help you plan for security and privacy considerations in Microsoft BitLocker Administration and Monitoring (MBAM). - -## Security Considerations for MBAM 2.0 - - -There are many security-related considerations that should be planned for when deploying and using MBAM in your environment. The information in this section provides a brief overview about the Active Directory Domain Services user accounts and groups, log files, and other security-related considerations for MBAM. - -[MBAM 2.0 Security Considerations](mbam-20-security-considerations-mbam-2.md) - -## Privacy for MBAM 2.0 - - -The information in this section explains many of the data collection and use practices of MBAM. - -[MBAM 2.0 Privacy Statement](mbam-20-privacy-statement-mbam-2.md) - -## Other resources MBAM Security and Privacy - - -[Operations for MBAM 2.0](operations-for-mbam-20-mbam-2.md) - -  - -  - - - - - diff --git a/mdop/mbam-v2/troubleshooting-mbam-20-mbam-2.md b/mdop/mbam-v2/troubleshooting-mbam-20-mbam-2.md deleted file mode 100644 index 7ea7004d1c..0000000000 --- a/mdop/mbam-v2/troubleshooting-mbam-20-mbam-2.md +++ /dev/null @@ -1,92 +0,0 @@ ---- -title: Troubleshooting MBAM 2.0 -description: Troubleshooting MBAM 2.0 -author: dansimp -ms.assetid: 43933ec7-b5b8-49c5-813f-4c06aa7314ed -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Troubleshooting MBAM 2.0 - - -Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905). - -## How to Find Troubleshooting Content - - -You can use the following information to find troubleshooting or additional technical content for this product. - -### Search the MDOP Documentation - -The first step to find help content in the Administrator’s Guide is to search the MDOP documentation on TechNet. - -After you search the MDOP documentation, your next step would be to search the troubleshooting information for the product in the TechNet Wiki. - -**To search the MDOP product documentation** - -1. Use a web browser to navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page. - -2. Enter applicable search terms in the **Search TechNet with Bing** search box at the top of the MDOP Information Experience home page. - -3. Review the search results for assistance. - -**To search the TechNet Wiki** - -1. Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page. - -2. Enter applicable search terms in the **Search TechNet Wiki** search box on the TechNet Wiki home page. - -3. Review the search results for assistance. - -## How to Create a Troubleshooting Article - - -If you have a troubleshooting tip or a best practice to share that is not already included in the MDOP OnlineHelp or TechNet Wiki, you can create your own TechNet Wiki articles. - -**To create a TechNet Wiki troubleshooting or best practices article** - -1. Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page. - -2. Log in with your Windows Live ID. - -3. Review the **Getting Started** section to learn the basics of the TechNet Wiki and its articles. - -4. Select **Post an article >>** at the bottom of the **Getting Started** section. - -5. On the Wiki article **Add Page** page, select **Insert Template** from the toolbar, select the troubleshooting article template (**Troubleshooting.html**), and then click **Insert**. - -6. Be sure to give the article a descriptive title and then overwrite the template information as needed to create your troubleshooting or best practice article. - -7. After you review your article, be sure to include a tag that is named **Troubleshooting** and another for the product name. This helps others to find your content. - -8. Click **Save** to publish the article to the TechNet Wiki. - -## Other resources for troubleshooting MBAM - - -[Microsoft BitLocker Administration and Monitoring 2 Administrator's Guide](index.md) - -[Getting Started with MBAM 2.0](getting-started-with-mbam-20-mbam-2.md) - -[Planning for MBAM 2.0](planning-for-mbam-20-mbam-2.md) - -[Deploying MBAM 2.0](deploying-mbam-20-mbam-2.md) - -[Operations for MBAM 2.0](operations-for-mbam-20-mbam-2.md) - -  - -  - - - - - diff --git a/mdop/mbam-v2/understanding-mbam-reports-in-configuration-manager.md b/mdop/mbam-v2/understanding-mbam-reports-in-configuration-manager.md deleted file mode 100644 index 4e367f90d7..0000000000 --- a/mdop/mbam-v2/understanding-mbam-reports-in-configuration-manager.md +++ /dev/null @@ -1,450 +0,0 @@ ---- -title: Understanding MBAM Reports in Configuration Manager -description: Understanding MBAM Reports in Configuration Manager -author: dansimp -ms.assetid: b2582190-c9de-4e64-bd5a-f31ac1916f53 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Understanding MBAM Reports in Configuration Manager - - -When Microsoft BitLocker Administration and Monitoring (MBAM) is installed with the Configuration Manager Integrated topology, the hardware compliance and reporting features are moved into the Configuration Manager infrastructure and out of MBAM. When you use the Configuration Manager topology, you run reports from Configuration Manager rather than from MBAM, except for the Recovery Audit Report, which you continue to access by using the Administration and Monitoring Website. - -The reports for the Configuration Manager Integrated topology show BitLocker compliance for the enterprise and for individual computers and devices that MBAM manages. The reports provide both tabular information and charts, and enable you to filter reports to view data from different perspectives. - -The information in this topic describes the MBAM reports that you run from Configuration Manager. For information about MBAM reports for the Stand-alone topology, see [Understanding MBAM Reports](understanding-mbam-reports-mbam-2.md). - -## Accessing Reports in Configuration Manager - - -To access the Reports feature in Configuration Manager, open the **Configuration Manager console**. To display the list of available reports: - -- In Configuration Manager 2007, expand the **Computer Management** node, and then expand the **Reporting** node. - -- In System Center 2012 Configuration Manager, in the Monitoring workspace under **Overview**, expand the **Reporting** node and then click **Reports**. - -### BitLocker Enterprise Compliance Dashboard - -The BitLocker Enterprise Compliance Dashboard provides the following graphs, which show BitLocker compliance status across the enterprise: - -- Compliance Status Distribution - -- Non Compliant Errors Distribution - -- Compliance Status Distribution by Drive Type - -**Compliance Status Distribution** - -This pie chart shows computer compliance statuses within the enterprise, and shows the percentage of computers, compared to the total number of computers in the selected collection, that have that compliance status. The actual number of computers with each status is also shown. The pie chart shows the following compliance statuses: - -- Compliant - -- Non Compliant - -- User Exempt - -- Temporary User Exempt - -- Policy Not Enforced - -- Unknown -computers whose status was reported as an error, or devices that are part of the collection but have never reported their compliance status, for example, if they are disconnected from the organization - -**Non Compliant Errors Distribution** - -This pie chart shows the categories of computers in the enterprise that are not compliant with the BitLocker drive encryption policy, and shows the number of computers in each category. Each category percentage is calculated from the total number of non-compliant computers in the collection. - -- User postponed encryption - -- Unable to find compatible TPM - -- System Partition not available or large enough - -- Policy conflict - -- Waiting for TPM auto provisioning - -- An unknown error has occurred - -- No information – computers that do not have the MBAM Client installed, or that have the MBAM Client installed but not activated, for example, the service is not working - -**Compliance Status Distribution by Drive Type** - -This bar chart shows the current BitLocker compliance status by drive type. The statuses are “Compliant” and “Non Compliant.” Bars are shown for fixed data drives and operating system drives. Computers that do not have a fixed data drive are included and show a value only in the Operating System Drive bar. The chart does not include users who have been granted an exemption from the BitLocker drive encryption policy or the “No Policy” category. - -### BitLocker Enterprise Compliance Details Report - -This report shows information about the overall BitLocker compliance across your enterprise for the collection of computers that is targeted for BitLocker use. - -**BitLocker Enterprise Compliance Details Report Fields** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Column NameDescription

Managed Computers

Number of computers that MBAM manages.

% Compliant

Percentage of compliant computers in the enterprise.

% Non-Compliant

Percentage of non-compliant computers in the enterprise.

% Unknown Compliance

Percentage of computers whose compliance state is not known.

% Exempt

Percentage of computers exempt from the BitLocker encryption requirement.

% Non-Exempt

Percentage of computers exempt from the BitLocker encryption requirement.

Compliant

Percentage of compliant computers in the enterprise.

Non-Compliant

Percentage of non-compliant computers in the enterprise.

Unknown Compliance

Percentage of computers whose compliance state is not known.

Exempt

Total computers that are exempt from the BitLocker encryption requirement.

Non-Exempt

Total computers that are not exempt from the BitLocker encryption requirement.

- - - -**BitLocker Enterprise Compliance Details Report - Compliance States** - - ----- - - - - - - - - - - - - - - - - - - - -
Compliance StatusExemptionDescription

Noncompliant

Not Exempt

The computer is noncompliant, according to the specified policy.

Compliant

Not Exempt

The computer is compliant in accordance with the specified policy.

- - - -### BitLocker Enterprise Compliance Summary Report - -Use this report type to show information about the overall BitLocker compliance across your enterprise and to show the compliance for individual computers that are in the collection of computers that is targeted for BitLocker use. - -**BitLocker Enterprise Compliance Summary Report Fields** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Column NameDescription

Managed Computers

Number of computers that MBAM manages.

% Compliant

Percentage of compliant computers in the enterprise.

% Non-Compliant

Percentage of non-compliant computers in the enterprise.

% Unknown Compliance

Percentage of computers whose compliance state is not known.

% Exempt

Percentage of computers exempt from the BitLocker encryption requirement.

% Non-Exempt

Percentage of computers exempt from the BitLocker encryption requirement.

Compliant

Percentage of compliant computers in the enterprise.

Non-Compliant

Percentage of non-compliant computers in the enterprise.

Unknown Compliance

Percentage of computers whose compliance state is not known.

Exempt

Total computers that are exempt from the BitLocker encryption requirement.

Non-Exempt

Total computers that are not exempt from the BitLocker encryption requirement.

- - - -**BitLocker Enterprise Compliance Summary Report - Computer Details** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Column NameDescription

Computer Name

User-specified DNS computer name that is being managed by MBAM.

Domain Name

Fully qualified domain name, where the client computer resides and is managed by MBAM.

Compliance Status

Overall Compliance Status of the computer managed by MBAM. Valid states are Compliant and Noncompliant. Notice that the compliance status per drive (see table that follows) may indicate different compliance states. However, this field represents that compliance state, in accordance with the policy specified.

Exemption

Status that indicates whether the user is exempt or non-exemption from the BitLocker policy.

Device Users

User of the device.

Compliance Status Details

Error and status messages of the compliance state of the computer in accordance to the policy specified.

Last Contact

Date and time that the computer last contacted the server to report compliance status. The contact frequency is configurable (see MBAM policy settings).

- - - -### BitLocker Computer Compliance Report - -Use this report type to collect information that is specific to a computer. The Computer Compliance Report provides detailed encryption information about each drive (Operating System and Fixed data drives) on a computer, and also an indication of the policy that is applied to each drive type on the computer. To view the details of each drive, expand the Computer Name entry. - -**Note**   -Removable Data Volume encryption status is not shown in the report. - - - -**BitLocker Computer Compliance Report – Computer Details Fields** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Column NameDescription

Computer Name

User-specified DNS computer name that is being managed by MBAM.

Domain Name

Fully qualified domain name, where the client computer resides and is managed by MBAM.

Computer Type

Type of computer. Valid types are non-Portable and Portable.

Operating System

Operating System type found on the MBAM managed client computer.

Overall Compliance

Overall Compliance Status of the computer managed by MBAM. Valid states are Compliant and Noncompliant. Notice that the compliance status per drive (see table that follows) may indicate different compliance states. However, this field represents that compliance state, in accordance with the policy specified.

Operating System Compliance

Compliance status of the operating system that is managed by MBAM. Valid states are Compliant and Noncompliant.

Fixed Data Drive Compliance

Compliance status of the Fixed Data Drive that is managed by MBAM. Valid states are Compliant and Noncompliant.

Last Update Date

Date and time that the computer last contacted the server to report compliance status. The contact frequency is configurable (see MBAM policy settings).

Exemption

Status that indicates whether the user is exempt or non-exemption from the BitLocker policy.

Exempted User

User who is exempt from the BitLocker policy.

Exemption Date

Date on which the exemption was granted.

Compliance Status Details

Error and status messages of the compliance state of the computer in accordance to the policy specified.

Policy Cipher Strength

Cipher Strength selected by the Administrator during MBAM policy specification. (for example, 128-bit with Diffuser).

Policy: Operating System Drive

Indicates if encryption is required for the O/S and the appropriate protector type.

Policy:Fixed Data Drive

Indicates if encryption is required for the Fixed Drive.

Manufacturer

Computer manufacturer name as it appears in the computer BIOS.

Model

Computer manufacturer model name as it appears in the computer BIOS.

Device Users

Known users on the computer that is being managed by MBAM.

- - - -**BitLocker Computer Compliance Report – Computer Volume Fields** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Column NameDescription

Drive Letter

Computer drive letter that was assigned to the particular drive by the user.

Drive Type

Type of drive. Valid values are Operating System Drive and Fixed Data Drive. These are physical drives rather than logical volumes.

Cipher Strength

Cipher Strength selected by the Administrator during MBAM policy specification.

Protector Types

Type of protector selected via policy used to encrypt an operating system or Fixed volume. The valid protector types on an operating system are TPM or TPM+PIN and for a Fixed Data Volume is Password.

Protector State

Indicates that the computer being managed by MBAM has enabled the protector type specified in the policy. The valid states are ON or OFF.

Encryption State

Encryption state of the drive. Valid states are Encrypted, Not Encrypted, and Encrypting.

- - - -## Related topics - - -[Using MBAM with Configuration Manager](using-mbam-with-configuration-manager.md) - - - - - - - - - diff --git a/mdop/mbam-v2/understanding-mbam-reports-mbam-2.md b/mdop/mbam-v2/understanding-mbam-reports-mbam-2.md deleted file mode 100644 index 4e1f2addc4..0000000000 --- a/mdop/mbam-v2/understanding-mbam-reports-mbam-2.md +++ /dev/null @@ -1,326 +0,0 @@ ---- -title: Understanding MBAM Reports -description: Understanding MBAM Reports -author: dansimp -ms.assetid: 8778f333-760e-4f26-acb4-4e73b6fbb536 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Understanding MBAM Reports - - -If you chose the Stand-alone topology when you installed Microsoft BitLocker Administration and Monitoring (MBAM), you can run different reports in MBAM to monitor BitLocker usage and compliance. MBAM reports compliance and other information about all of the computers and devices it manages. The information in this topic can be used to help you understand the Microsoft BitLocker Administration and Monitoring reports for enterprise and individual computer compliance and for key recovery activity. - -**Note**   -If you chose the Configuration Manager topology when you installed Microsoft BitLocker Administration and Monitoring (MBAM), reports are generated from Configuration Manager rather than from MBAM. For more information about reports that are run from Configuration Manager, see [Understanding MBAM Reports in Configuration Manager](understanding-mbam-reports-in-configuration-manager.md). - - - -## Understanding Reports - - -To access the Reports feature of Microsoft BitLocker Administration and Monitoring, open a web browser and open the Administration and Monitoring website. Select **Reports** in the left menu bar and then select from the top menu bar the kind of report that you want to generate. - -### Enterprise Compliance Report - -Use this report type to collect information on overall BitLocker compliance in your organization. You can use different filters to narrow your search results to Compliance state and Error status. The report information is updated every six hours. - -**Enterprise Compliance Report Fields** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Column NameDescription

Computer Name

User-specified DNS name that is being managed by MBAM.

Domain Name

Fully qualified domain name where the client computer resides and is managed by MBAM.

Compliance Status

State of compliance for the computer, according to the policy specified for the computer. The states are Noncompliant and Compliant. See the Enterprise Compliance Report Compliance States table for more information about how to interpret compliance states.

Compliance Status Details

Error and status messages of the compliance state of the computer in accordance to the policy specified.

Last Contact

Date and time when the computer last contacted the server to report compliance status. The contact frequency is configurable (see MBAM policy settings).

- - - -**Enterprise Compliance Report Compliance States** - - ------ - - - - - - - - - - - - - - - - - - - - - - -
Compliance StatusExemptionDescriptionUser Action

Noncompliant

Not Exempt

The computer is noncompliant, according to the specified policy.

Expand the Computer Compliance Report details by clicking Computer Name, and determine whether the state of each drive complies with the specified policy. If the encryption state indicates that the computer is not encrypted, encryption may be in process, or there is an error on the computer. If there is no error, the likely cause is that the computer is still in the process of connecting or establishing the encryption status. Check back later to determine if the state changes.

Compliant

Not Exempt

The computer is compliant, according to the specified policy.

No action needed; the state of the computer can be confirmed by viewing the Computer Compliance Report.

- - - -### Computer Compliance Report - -Use this report type to collect information that is specific to a computer or user. - -This report can be viewed by clicking the computer name in the Enterprise Compliance Report, or by typing the computer name in the Computer Compliance Report. The Computer Compliance Report provides detailed encryption information about each drive (operating system and fixed data drives) on a computer, and also an indication of the policy that is applied to each drive type on the computer. To view the details of each drive, expand the Computer Name entry. - -**Note**   -Removable Data Volume encryption status will not be shown in the report. - - - -**Computer Compliance Report Fields** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Column NameDescription

Computer Name

User-specified DNS computer name that is being managed by MBAM.

Domain Name

Fully qualified domain name, where the client computer resides and is managed by MBAM.

Computer Type

Type of computer. Valid types are non-Portable and Portable.

Operating System

Operating system type found on the MBAM-managed client computer.

Compliance Status

Overall compliance status of the computer managed by MBAM. Valid states are Compliant and Noncompliant. Notice that the compliance status per drive (see the following table) may indicate different compliance states. However, this field represents that compliance state, according to the specified policy.

Policy Cipher Strength

Cipher strength selected by the administrator during MBAM policy specification (for example, 128-bit with Diffuser).

Policy Operating System Drive

Indicates if encryption is required for the operating system and shows the appropriate protector type.

Policy-Fixed Data Drive

Indicates if encryption is required for the fixed data drive.

Policy Removable Data Drive

Indicates if encryption is required for the removable drive.

Device Users

Known users on the computer that is being managed by MBAM.

Manufacturer

Computer manufacturer name, as it appears in the computer BIOS.

Model

Computer manufacturer model name, as it appears in the computer BIOS.

Compliance Status Details

Error and status messages of the compliance state of the computer, in accordance with the specified policy.

Last Contact

Date and time that the computer last contacted the server to report compliance status. The contact frequency is configurable (see MBAM policy settings).

- - - -**Computer Compliance Report Drive Fields** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Column NameDescription

Drive Letter

Computer drive letter that was assigned to the particular drive by the user.

Drive Type

Type of drive. Valid values are Operating System Drive and Fixed Data Drive. These are physical drives rather than logical volumes.

Cipher Strength

Cipher strength selected by the administrator during MBAM policy specification.

Protector Type

Type of protector selected via the policy used to encrypt an operating system or fixed data volume.

Protector State

Indicates that the computer being managed by MBAM has enabled the protector type that is specified in the policy. The valid states are ON or OFF.

Encryption State

Encryption state of the drive. Valid states are Encrypted, Not Encrypted, and Encrypting.

Compliance Status

State that indicates whether the drive is in accordance with the policy. States are Noncompliant and Compliant.

Compliance Status Details

Error and status messages of the compliance state of the computer, according to the specified policy.

- - - -### Recovery Audit Report - -Use this report type to audit users who have requested access to recovery keys. The report offers several filters based on the desired filtering criteria. Users can filter on a specific type of user, either a Help Desk user or an end user, whether the request failed or was successful, the specific type of key requested, and a date range during which the retrieval occurred. The administrator can produce contextual reports based on need. - -**Recovery Audit Report Fields** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Column NameDescription

Request Date and Time

Date and time that a key retrieval request was made by an end user or Help Desk user.

Request Status

Status of the request. Valid statuses are either Successful (the key was retrieved), or Failed (the key was not retrieved).

Helpdesk User

Help Desk user that initiated the request for key retrieval. Note: If the Help Desk user retrieves the key on behalf on an end-user, the End User field will be blank.

User

End user who initiated the request for key retrieval.

Key Type

Type of key that was requested by either the Help Desk user or the end user. The three types of keys that MBAM collects are: Recovery Key Password (used to recovery a computer in recovery mode), Recovery Key ID (used to recover a computer in recovery mode on behalf of another user), and TPM Password Hash (used to recover a computer with a locked TPM).

Reason Description

Reason the specified Key Type was requested by the Help Desk user or the end user. The reasons are specified in the Drive Recovery and Manage TPM features of the Administration and Monitoring website. The valid entries are either user-entered text, or one of the following reason codes:

-
    -

  • Operating System Boot Order changed

    • -

  • BIOS Changed

    • -

  • Operating System files changed

    • -

  • Lost Startup key

    • -

  • Lost PIN

    • -

  • TPM Reset

    • -

  • Lost Passphrase

    • -

  • Lost Smartcard

    • -

  • Reset PIN lockout

    • -

  • Turn on TPM

    • -

  • Turn off TPM

    • -

  • Change TPM password

    • -

  • Clear TPM

    • -
- - - -**Note**   -Report results can be saved to a file by clicking the **Export** button on the reports menu bar. For more information about how to run MBAM reports, see [How to Generate MBAM Reports](how-to-generate-mbam-reports-mbam-2.md). - - - -## Related topics - - -[Monitoring and Reporting BitLocker Compliance with MBAM 2.0](monitoring-and-reporting-bitlocker-compliance-with-mbam-20-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/upgrading-from-previous-versions-of-mbam.md b/mdop/mbam-v2/upgrading-from-previous-versions-of-mbam.md deleted file mode 100644 index ab076703c4..0000000000 --- a/mdop/mbam-v2/upgrading-from-previous-versions-of-mbam.md +++ /dev/null @@ -1,140 +0,0 @@ ---- -title: Upgrading from Previous Versions of MBAM -description: Upgrading from Previous Versions of MBAM -author: dansimp -ms.assetid: 73b425cf-9cd9-4ebc-a35e-1b3bf18596ce -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Upgrading from Previous Versions of MBAM - - -You can upgrade Microsoft BitLocker Administration and Monitoring (MBAM) to MBAM 2.0, with the Stand-alone topology or Configuration Manager topology, by doing the following: - -- **Manual in-place server replacement** – To upgrade the MBAM Server, manually uninstall MBAM by using either the installer or Control Panel, and then install the MBAM 2.0 infrastructure. You do not have to remove the databases. Uninstalling the MBAM 1.0 Server leaves the MBAM databases intact. If you specify the same databases that MBAM 1.0 was using, the MBAM 2.0 installation retains MBAM 1.0 data in the databases and converts the databases to work with MBAM 2.0. - -- **Distributed Client Upgrade** - If you are using the Stand-alone MBAM topology, you can upgrade the MBAM Clients gradually after you install the MBAM 2.0 Server infrastructure. The MBAM 2.0 Server detects the version of the existing Client and performs the required steps to upgrade to the 2.0 Client. - - After you upgrade the MBAM 2.0 Server infrastructure, MBAM 1.0 Clients continue to report to the MBAM 2.0 Server successfully, escrowing recovery data, but compliance will be based on the policies in MBAM 1.0. You must upgrade clients to MBAM 2.0 to have client computers accurately report compliance against the MBAM 2.0 policies. You can upgrade the clients to the MBAM 2.0 Client without uninstalling the previous client, and the client will start to apply and report MBAM 2.0 policies. - - If you are using MBAM with Configuration Manager, you must upgrade the MBAM 1.0 clients to MBAM 2.0. - -## Upgrading MBAM from a Two-Server Architecture - - -Use the following instructions to upgrade from a previous version of MBAM when you are using a two-server architecture, where one server is hosting the Microsoft SQL Server components, and the other server is hosting the websites and services. - -**To upgrade MBAM from a two-server architecture** - -1. On the server with the SQL Server features, in Control Panel, select **Programs and Features**, and then uninstall **Microsoft BitLocker Administration and Monitoring**. The Recovery Database and Compliance and Audit database remain unchanged. - -2. Run **MBAMSetup.exe** for version MBAM 2.0, optionally select the **Customer Experience Improvement Program**, and then click **Start**. - -3. Read and accept the Microsoft Software License Agreement, and then click **Next** to continue the installation. - -4. On the **Topology Selection** page, select the **Stand-alone** or **System Center Configuration Manager Integration** topology, and then click **Next**. - -5. On the **Select features to install** page, clear the **Self-Service Server** and **Administration and Monitoring Server** features, and then click **Next**. - -6. Wait for the prerequisite checks to finish, and then click **Next**. If a missing prerequisite is detected, resolve the missing prerequisites, and then click **Check prerequisites again**. - -7. On the **Provide account used to access the MBAM databases** page, provide the computer name for the server that will host the sites and services, and then click **Next**. - -8. On the **Configure the Recovery database** page, specify the SQL Server instance name and the name of the database that will store the recovery data. You must also specify where the database files and log information will be located. - -9. Click **Next** to continue. - -10. On the **Configure the Compliance and Audit database** page, specify the SQL Server instance name and the name of the database that will store the compliance and audit data. - -11. Click **Next** to continue. - -12. On the **Configure the Compliance and Audit Reports** page, specify the SQL Server Reporting Services instance where the Compliance and Audit reports will be installed, and provide a domain user account and password to access the Compliance and Audit database. Configure the password for this account to never expire. The user account can access all data available to the MBAM Reports Users group. - -13. Click **Next** to continue. - -14. Specify whether to use Microsoft Updates to help keep your computer secure, and then click **Next**. This does not turn on Automatic Updates in Windows. If you previously chose to use Microsoft Update for this product or another product, the Microsoft Update page does not appear. - -15. On the **Installation Summary** page, review the features that will be installed, and then click **Install** to start the installation. - -**To uninstall the Administration and Monitoring Server features and to complete the upgrade** - -1. On the computer that hosts the Administration and Monitoring Server features, in Control Panel, select **Programs and Features**, and then uninstall MBAM to remove the previously installed websites and services. - -2. Run the **MBAMSetup.exe** for version 2.0, optionally select the **Customer Experience Improvement Program**, and then click **Start**. - -3. Read and accept the Microsoft Software License Agreement, and then click **Next** to continue the installation. - -4. On the **Topology Selection** page, select the **Stand-alone** or **System Center Configuration Manager Integration** topology, and then click **Next**. - -5. On the **Select features to install** page, clear the **Recovery Database** and **Compliance and Audit Database** and **Compliance and Audit Reports** features, and then click **Next**. - -6. Wait for the prerequisite checks to finish, and then click **Next**. If a missing prerequisite is detected, resolve the missing prerequisites first, and then click **Check prerequisites again**. - -7. On the **Configure network communication security** page, choose whether to use Secure Socket Layer (SSL) encryption for the websites and services. If you decide to encrypt the communication, select the certification authority (CA) certificate to use for encryption. - - **Note**   - The certificate must be created before this step to enable you to select it on this page. - - - -8. On the **Configure the location of the Compliance Status database** page, specify the SQL Server instance name and the name of the database that stores the compliance and audit data. You must also specify where the database files and log information will be located. - -9. Click **Next** to continue. - -10. On the **Configure the location of the Recovery Database** page, specify the SQL Server instance name and the name of the database that stores the recovery data. - -11. Click **Next** to continue. - -12. On the **Configure the Compliance and Audit Reports** page, enter the URL for the reporting instance that you configured on the other server. Use the **Test** button to verify that you can reach the site. - -13. Click **Next** to continue. - -14. On the **Configure the Self-Service Portal** page, enter the port number, host name, virtual directory name, and installation path for the Self-Service Portal. - - **Note**   - The port number that you specify must be an unused port number on the Administration and Monitoring Server unless you specify a unique host header name. - - - -15. On the **Configure the Administration and Monitoring Server** page, specify the desired virtual directory for the Help Desk website. - -16. Specify whether to use Microsoft Updates to help keep your computer secure, and then click **Next**. This step does not turn on Automatic Updates in Windows. If you previously chose to use Microsoft Update for this product or another product, the Microsoft Update page does not appear. - -17. On the **Installation Summary** page, review the features that will be installed, and then click **Install** to start the installation. - -18. To validate that the upgrade was successful, verify that you can reach each site from another computer in the domain. - -## Upgrading the MBAM Client on End-User Computers - - -To upgrade end-user computers to the MBAM 2.0 Client, run **MbamClientSetup.exe** on each client computer. The installer automatically updates the Client to the MBAM 2.0 Client. You can install the MBAM Client through an electronic software distribution system, tools such as Active Directory Domain Services or System Center Configuration Manager. - -To validate the Client upgrade, do the following: - -1. Wait until the configured reporting cycle is finished, and then start **SQL Server Management Studio** on the SQL Server computer. - -2. On the SQL Server computer, start **SQL Server Management Studio**. - -3. Verify that the **RecoveryAndHardwareCore.Machines** table contains a row that shows the end-user’s computer name. - -## Related topics - - -[Deploying MBAM 2.0](deploying-mbam-20-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/using-mbam-with-configuration-manager.md b/mdop/mbam-v2/using-mbam-with-configuration-manager.md deleted file mode 100644 index 10be5afa15..0000000000 --- a/mdop/mbam-v2/using-mbam-with-configuration-manager.md +++ /dev/null @@ -1,69 +0,0 @@ ---- -title: Using MBAM with Configuration Manager -description: Using MBAM with Configuration Manager -author: dansimp -ms.assetid: 03868717-4aa7-4897-8166-9a3df5e9519e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Using MBAM with Configuration Manager - - -When you install Microsoft BitLocker Administration and Monitoring (MBAM), you can choose an installation that integrates Microsoft BitLocker Administration and Monitoring with System Center Configuration Manager. For a list of the supported versions of Configuration Manager, see [Planning to Deploy MBAM with Configuration Manager](planning-to-deploy-mbam-with-configuration-manager-2.md). - -This integration moves the Microsoft BitLocker Administration and Monitoring compliance and reporting infrastructure into the native environment of Microsoft System Center Configuration Manager. With the Configuration Manager topology, IT administrators can view reports and the compliance status of their enterprise from the Configuration Manager Management Console. - -**Important**   -Windows To Go is not supported when you install the integrated topology of MBAM with Configuration Manager 2007. - - - -## Getting Started – Using MBAM with Configuration Manager - - -This section describes how MBAM works with Configuration Manager and explains the recommended architecture for deploying MBAM with the Configuration Manager Integration topology. - -[Getting Started - Using MBAM with Configuration Manager](getting-started---using-mbam-with-configuration-manager.md) - -## Planning to Deploy MBAM with Configuration Manager - - -This section describes the installation prerequisites, supported configurations, and hardware and software requirements that you need to consider before you install MBAM with the Configuration Manager topology. - -[Planning to Deploy MBAM with Configuration Manager](planning-to-deploy-mbam-with-configuration-manager-2.md) - -## Deploying MBAM with Configuration Manager - - -This section describes how to deploy MBAM with Configuration Manager, and includes instructions for installing and configuring the MBAM on the Administration and Monitoring Server and Configuration Manager Server. - -[Deploying MBAM with Configuration Manager](deploying-mbam-with-configuration-manager-mbam2.md) - -## Understanding MBAM Reports in Configuration Manager - - -This section describes the MBAM reports that you can run from Configuration Manager to show the compliance of your enterprise and compliance of individual computers in your enterprise. - -[Understanding MBAM Reports in Configuration Manager](understanding-mbam-reports-in-configuration-manager.md) - -## Related topics - - -[Operations for MBAM 2.0](operations-for-mbam-20-mbam-2.md) - - - - - - - - - diff --git a/mdop/mbam-v2/using-your-pin-or-password.md b/mdop/mbam-v2/using-your-pin-or-password.md deleted file mode 100644 index b2e8471007..0000000000 --- a/mdop/mbam-v2/using-your-pin-or-password.md +++ /dev/null @@ -1,81 +0,0 @@ ---- -title: Using Your PIN or Password -description: Using Your PIN or Password -author: dansimp -ms.assetid: 7fe2aef4-d3e0-49c8-877d-7fee13dc5b7b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Using Your PIN or Password - - -BitLocker helps secure your computer by requiring a personal identification number (PIN) or password to unlock the information that is stored on your computer. The PIN or password requirements are set by your organization and depend on the kind of drive being encrypted. Data on the encrypted drives cannot be viewed without entering the PIN or password. If your computer hardware includes an enabled Trusted Platform Module (TPM), the TPM chip prompts you for your PIN before Windows starts on your computer. - -## About Your BitLocker PIN and Passwords - - -Your company specifies the complexity required for your PIN or password. These requirements for your PIN or password are explained during the BitLocker setup process. - -The password is used to unlock drives on your computer that do not contain the operating system. BitLocker will ask for your password after the PIN is requested during startup. Each BitLocker protected hard disk on your computer has its own unique password. You cannot unlock a BitLocker protected drive until you provide your password. - -**Note**   -Your Help Desk may set drives to unlock automatically. This eliminates the need to provide a PIN or password to view the information on the drives. - - - -## Unlocking Your Computer if You Forget Your PIN or Password - - -If you forget your PIN or password, your Help Desk can help you unlock BitLocker protected drives. To unlock a drive protected with BitLocker, contact your Help Desk if you need help. - -**How to unlock your computer if you forget your PIN or password** - -1. When you contact your Help Desk, you will need to provide them with the following information: - - - Your user name - - - Your domain - - - The first eight digits of your recovery key ID. This is a 32-digit code that BitLocker will display if you forget your PIN or password. - - - If you forget your PIN, you will have to enter the first eight digits of the recovery key ID, which will appear in the BitLocker Recovery console. The BitLocker Recovery console is a pre-Windows screen that will be displayed if you do not enter the correct PIN. - - - If you forget your password, look for the recovery key ID in the BitLocker Encryption Options Control Panel application. Select **Unlock Drive** and then click **I cannot remember my password**. The BitLocker Encryption Options application will then display a recovery key ID that you provide to Help Desk. - -2. Once your Help Desk receives the necessary information, it will provide you with a recovery key over the phone or through e-mail. - - - If you forgot your PIN, enter the recovery key in the BitLocker Recovery console to unlock your computer. - - - If you forgot your password, enter the recovery key in the BitLocker Encryption Options Control Panel application, in the same location where you found the recovery key ID earlier. This will unlock the protected hard drive. - -## Changing your PIN or Password - - -Before you can change the password on a BitLocker protected drive, you must unlock the drive. If the drive is not unlocked, select **Unlock Drive**, and then enter your current password. As soon as the drive is unlocked, you can select **Manage your Password** to change your current password. - -**How to Change your PIN or password** - -1. Click **Start**, and then select **Control Panel**. Control Panel opens in a new window. - -2. Select **System and Security**, and then select **BitLocker Encryption Options**. - - - To change your PIN, select **Manage Your PIN**. Type your new PIN into both fields and select **Reset PIN**. - - - To change your password, select **Manage Your Password**. Enter your new password into both fields and select **Reset Password**. - - - - - - - - - diff --git a/mdop/mbam-v25/TOC.md b/mdop/mbam-v25/TOC.md deleted file mode 100644 index 8a6984ffb5..0000000000 --- a/mdop/mbam-v25/TOC.md +++ /dev/null @@ -1,94 +0,0 @@ -# [Microsoft BitLocker Administration and Monitoring 2.5](index.md) -## [Getting Started with MBAM 2.5](getting-started-with-mbam-25.md) -### [About MBAM 2.5](about-mbam-25.md) -#### [Release Notes for MBAM 2.5](release-notes-for-mbam-25.md) -### [About MBAM 2.5 SP1](about-mbam-25-sp1.md) -#### [Release Notes for MBAM 2.5 SP1](release-notes-for-mbam-25-sp1.md) -### [Evaluating MBAM 2.5 in a Test Environment](evaluating-mbam-25-in-a-test-environment.md) -### [High-Level Architecture for MBAM 2.5](high-level-architecture-for-mbam-25.md) -#### [High-Level Architecture of MBAM 2.5 with Stand-alone Topology](high-level-architecture-of-mbam-25-with-stand-alone-topology.md) -#### [High-Level Architecture of MBAM 2.5 with Configuration Manager Integration Topology](high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md) -#### [Illustrated Features of an MBAM 2.5 Deployment](illustrated-features-of-an-mbam-25-deployment.md) -### [Accessibility for MBAM 2.5](accessibility-for-mbam-25.md) -## [Planning for MBAM 2.5](planning-for-mbam-25.md) -### [Preparing your Environment for MBAM 2.5](preparing-your-environment-for-mbam-25.md) -#### [MBAM 2.5 Deployment Prerequisites](mbam-25-deployment-prerequisites.md) -##### [MBAM 2.5 Server Prerequisites for Stand-alone and Configuration Manager Integration Topologies](mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md) -##### [MBAM 2.5 Server Prerequisites that Apply Only to the Configuration Manager Integration Topology](mbam-25-server-prerequisites-that-apply-only-to-the-configuration-manager-integration-topology.md) -###### [Prerequisites for the Configuration Manager Integration Feature](prerequisites-for-the-configuration-manager-integration-feature.md) -###### [Edit the Configuration.mof File](edit-the-configurationmof-file-mbam-25.md) -###### [Create or Edit the Sms_def.mof File](create-or-edit-the-sms-defmof-file-mbam-25.md) -##### [Prerequisites for MBAM 2.5 Clients](prerequisites-for-mbam-25-clients.md) -#### [Planning for MBAM 2.5 Group Policy Requirements](planning-for-mbam-25-group-policy-requirements.md) -#### [Planning for MBAM 2.5 Groups and Accounts](planning-for-mbam-25-groups-and-accounts.md) -#### [Planning How to Secure the MBAM Websites](planning-how-to-secure-the-mbam-websites.md) -### [Planning to Deploy MBAM 2.5](planning-to-deploy-mbam-25.md) -#### [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md) -#### [Planning for MBAM 2.5 Server Deployment](planning-for-mbam-25-server-deployment.md) -#### [Planning for MBAM 2.5 Client Deployment](planning-for-mbam-25-client-deployment.md) -#### [Planning for MBAM 2.5 High Availability](planning-for-mbam-25-high-availability.md) -#### [MBAM 2.5 Security Considerations](mbam-25-security-considerations.md) -### [MBAM 2.5 Planning Checklist](mbam-25-planning-checklist.md) -## [Deploying MBAM 2.5](deploying-mbam-25.md) -### [Deploying the MBAM 2.5 Server Infrastructure](deploying-the-mbam-25-server-infrastructure.md) -#### [Installing the MBAM 2.5 Server Software](installing-the-mbam-25-server-software.md) -#### [Configuring the MBAM 2.5 Server Features](configuring-the-mbam-25-server-features.md) -##### [How to Configure the MBAM 2.5 Databases](how-to-configure-the-mbam-25-databases.md) -##### [How to Configure the MBAM 2.5 Reports](how-to-configure-the-mbam-25-reports.md) -##### [How to Configure the MBAM 2.5 Web Applications](how-to-configure-the-mbam-25-web-applications.md) -###### [How to Configure the Self-Service Portal When Client Computers Cannot Access the Microsoft Content Delivery Network](how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network.md) -###### [Customizing the Self-Service Portal for Your Organization](customizing-the-self-service-portal-for-your-organization.md) -####### [How to Set the Self-Service Portal Branding and Session Time-out](how-to-set-the-self-service-portal-branding-and-session-time-out.md) -####### [How to Turn the Self-Service Portal Notice Text On or Off](how-to-turn-the-self-service-portal-notice-text-on-or-off.md) -####### [How to Localize the “HelpdeskText” Statement that Points Users to More Self-Service Portal Information](how-to-localize-the-helpdesktext-statement-that-points-users-to-more-self-service-portal-information.md) -####### [How to Localize the Self-Service Portal “HelpdeskURL”](how-to-localize-the-self-service-portal-helpdeskurl.md) -####### [How to Localize the Self-Service Portal Notice Text](how-to-localize-the-self-service-portal-notice-text.md) -##### [How to Configure the MBAM 2.5 System Center Configuration Manager Integration](how-to-configure-the-mbam-25-system-center-configuration-manager-integration.md) -##### [Configuring MBAM 2.5 Server Features by Using Windows PowerShell](configuring-mbam-25-server-features-by-using-windows-powershell.md) -#### [Validating the MBAM 2.5 Server Feature Configuration](validating-the-mbam-25-server-feature-configuration.md) -### [Deploying MBAM 2.5 Group Policy Objects](deploying-mbam-25-group-policy-objects.md) -#### [Copying the MBAM 2.5 Group Policy Templates](copying-the-mbam-25-group-policy-templates.md) -#### [Editing the MBAM 2.5 Group Policy Settings](editing-the-mbam-25-group-policy-settings.md) -#### [Hiding the Default BitLocker Drive Encryption Item in Control Panel](hiding-the-default-bitlocker-drive-encryption-item-in-control-panel-mbam-25.md) -### [Deploying the MBAM 2.5 Client](deploying-the-mbam-25-client.md) -#### [How to Deploy the MBAM Client to Desktop or Laptop Computers](how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-25.md) -#### [How to Enable BitLocker by Using MBAM as Part of a Windows Deployment](how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md) -#### [How to Deploy the MBAM Client by Using a Command Line](how-to-deploy-the-mbam-client-by-using-a-command-line.md) -### [MBAM 2.5 Deployment Checklist](mbam-25-deployment-checklist.md) -### [Upgrading to MBAM 2.5 SP1 from MBAM 2.5](upgrading-to-mbam-25-sp1-from-mbam-25.md) -### [Upgrading to MBAM 2.5 or MBAM 2.5 SP1 from Previous Versions](upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md) -### [Removing MBAM Server Features or Software](removing-mbam-server-features-or-software.md) -## [Operations for MBAM 2.5](operations-for-mbam-25.md) -### [Administering MBAM 2.5 Features](administering-mbam-25-features.md) -#### [How to Manage User BitLocker Encryption Exemptions](how-to-manage-user-bitlocker-encryption-exemptions-mbam-25.md) -#### [Understanding the BitLocker Encryption Options and BitLocker Drive Encryption Items in Control Panel](understanding-the-bitlocker-encryption-options-and-bitlocker-drive-encryption-items-in-control-panel.md) -### [Monitoring and Reporting BitLocker Compliance with MBAM 2.5](monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md) -#### [Viewing MBAM 2.5 Reports for the Stand-alone Topology](viewing-mbam-25-reports-for-the-stand-alone-topology.md) -##### [Understanding MBAM 2.5 Stand-alone Reports](understanding-mbam-25-stand-alone-reports.md) -##### [Generating MBAM 2.5 Stand-alone Reports](generating-mbam-25-stand-alone-reports.md) -#### [Viewing MBAM 2.5 Reports for the Configuration Manager Integration Topology](viewing-mbam-25-reports-for-the-configuration-manager-integration-topology.md) -### [Performing BitLocker Management with MBAM 2.5](performing-bitlocker-management-with-mbam-25.md) -#### [How to Use the Administration and Monitoring Website](how-to-use-the-administration-and-monitoring-website.md) -##### [How to Reset a TPM Lockout](how-to-reset-a-tpm-lockout-mbam-25.md) -##### [How to Recover a Drive in Recovery Mode](how-to-recover-a-drive-in-recovery-mode-mbam-25.md) -##### [How to Recover a Moved Drive](how-to-recover-a-moved-drive-mbam-25.md) -##### [How to Recover a Corrupted Drive](how-to-recover-a-corrupted-drive-mbam-25.md) -##### [How to Determine BitLocker Encryption State of Lost Computers](how-to-determine-bitlocker-encryption-state-of-lost-computers-mbam-25.md) -#### [How to Use the Self-Service Portal to Regain Access to a Computer](how-to-use-the-self-service-portal-to-regain-access-to-a-computer-mbam-25.md) -### [Maintaining MBAM 2.5](maintaining-mbam-25.md) -#### [Moving MBAM 2.5 Features to Another Server](moving-mbam-25-features-to-another-server.md) -##### [How to Move the MBAM 2.5 Databases](how-to-move-the-mbam-25-databases.md) -##### [How to Move the MBAM 2.5 Reports](how-to-move-the-mbam-25-reports.md) -##### [How to Move the MBAM 2.5 Websites](how-to-move-the-mbam-25-websites.md) -#### [Monitoring Web Service Request Performance Counters](monitoring-web-service-request-performance-counters.md) -### [Using Windows PowerShell to Administer MBAM 2.5](using-windows-powershell-to-administer-mbam-25.md) -## [Troubleshooting MBAM 2.5](troubleshooting-mbam-25.md) -### [Upgrade from MBAM 2.5 to MBAM 2.5 SP1](upgrade-mbam2.5-sp1.md) -### [Troubleshooting MBAM 2.5 installation problems](troubleshooting-mbam-installation.md) -### [Deploying MBAM 2.5 in a stand-alone configuration](deploy-mbam.md) -## [Applying hotfixes on MBAM 2.5 SP1](apply-hotfix-for-mbam-25-sp1.md) -## [Technical Reference for MBAM 2.5](technical-reference-for-mbam-25.md) -### [Client Event Logs](client-event-logs.md) -### [Server Event Logs](server-event-logs.md) -### [Determining why a Device Receives a Noncompliance Message](determining-why-a-device-receives-a-noncompliance-message.md) - diff --git a/mdop/mbam-v25/about-mbam-25-sp1.md b/mdop/mbam-v25/about-mbam-25-sp1.md deleted file mode 100644 index e9fefc297b..0000000000 --- a/mdop/mbam-v25/about-mbam-25-sp1.md +++ /dev/null @@ -1,253 +0,0 @@ ---- -title: About MBAM 2.5 SP1 -description: About MBAM 2.5 SP1 -author: dansimp -ms.assetid: 6f12e605-44e6-4646-9c20-aee89c8ff0b7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 09/27/2016 ---- - - -# About MBAM 2.5 SP1 - - -MBAM 2.5 SP1 provides a simplified administrative interface for BitLocker Drive Encryption. BitLocker offers enhanced protection against data theft or data exposure for computers that are lost or stolen. BitLocker encrypts all data that is stored on the Windows operating system and drives and configured data drives. - -## Overview of MBAM - - -MBAM 2.5 SP1 has the following features: - -- Enables administrators to automate the process of encrypting volumes on client computers across the enterprise. - -- Enables security officers to quickly determine the compliance state of individual computers or even of the enterprise itself. - -- Provides centralized reporting and hardware management with Microsoft System Center Configuration Manager. - -- Reduces the workload on the Help Desk to assist end users with BitLocker PIN and recovery key requests. - -- Enables end users to recover encrypted devices independently by using the Self-Service Portal. - -- Enables security officers to easily audit access to recover key information. - -- Empowers Windows Enterprise users to continue working anywhere with the assurance that their corporate data is protected. - -MBAM enforces the BitLocker encryption policy options that you set for your enterprise, monitors the compliance of client computers with those policies, and reports on the encryption status of the enterprise’s and individual’s computers. In addition, MBAM lets you access the recovery key information when users forget their PIN or password, or when their BIOS or boot records change. - -The following groups might be interested in using MBAM to manage BitLocker: - -- Administrators, IT security professionals, and compliance officers who are responsible for ensuring that confidential data is not disclosed without authorization - -- Administrators who are responsible for computer security in remote or branch offices - -- Administrators who are responsible for client computers that are running Windows - -**Note**   -BitLocker is not explained in detail in this MBAM documentation. For more information, see [BitLocker Drive Encryption Overview](https://go.microsoft.com/fwlink/p/?LinkId=225013). - - - -## What’s new in MBAM 2.5 SP1 - - -This section describes the new features in MBAM 2.5 SP1. - -### Newly Supported Languages for the MBAM 2.5 SP1 Client - -The following additional languages are now supported in MBAM 2.5 SP1 for the MBAM Client only, including the Self-Service Portal: - -Czech (Czech Republic) cs-CZ - -Danish (Denmark) da-DK - -Dutch (Netherlands) nl-NL - -Finnish (Finland) fi-FI - -Greek (Greece) el-GR - -Hungarian (Hungary) hu-HU - -Norwegian, Bokmål (Norway) nb-NO - -Polish (Poland) pl-PL - -Portuguese (Portugal) pt-PT - -Slovak (Slovakia) sk-SK - -Slovenian (Slovenia) sl-SI - -Swedish (Sweden) sv-SE - -Turkish (Turkey) tr-TR - -For a list of all languages supported for client and server in MBAM 2.5 and MBAM 2.5 SP1, see [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md). - -### Support for Windows 10 - -MBAM 2.5 SP1 adds support for Windows 10 and Windows Server 2016, in addition to the same software that is supported in earlier versions of MBAM. - -Windows 10 is supported in both MBAM 2.5 and MBAM 2.5 SP1. - -### Support for Microsoft SQL Server 2014 SP1 - -MBAM 2.5 SP1 adds support for Microsoft SQL Server 2014 SP1, in addition to the same software that is supported in earlier versions of MBAM. - -### MBAM no longer ships with separate MSI - -Beginning in MBAM 2.5 SP1, a separate MSI is no longer included with the MBAM product. However, you can extract the MSI from the executable file (.exe) that is included with the product. - -### MBAM can escrow OwnerAuth passwords without owning the TPM - -Previously, if MBAM did not own the TPM, the TPM OwnerAuth could not be escrowed to the MBAM database. To configure MBAM to own the TPM and to store the passwords, you had to disable TPM auto-provisioning and clear the TPM on the client computer. - -In Windows 8 and higher, MBAM 2.5 SP1 can now escrow the OwnerAuth passwords without owning the TPM. During service startup, MBAM queries to see if the TPM is already owned and if so, it requests the passwords from the operating system. The passwords are then escrowed to the MBAM database. In addition, Group Policy must be set to prevent the OwnerAuth from being deleted locally. - -In Windows 7, MBAM must own the TPM to automatically escrow TPM OwnerAuth information in the MBAM database. If MBAM does not own the TPM and Active Directory (AD) backup of the TPM is configured through Group Policy, you must use the **MBAM Active Directory (AD) Data Import cmdlets** to copy TPM OwnerAuth from AD into the MBAM database. These are five new PowerShell cmdlets that pre-populate MBAM databases with the Volume recovery and TPM owner information stored in Active Directory. - -For more information, see [MBAM 2.5 Security Considerations](mbam-25-security-considerations.md#bkmk-tpm). - -### MBAM can automatically unlock the TPM after a lockout - -On computers running TPM 1.2, you can now configure MBAM to automatically unlock the TPM in case of a lockout. If the TPM lockout auto reset feature is enabled, MBAM can detect that a user is locked out and then get the OwnerAuth password from the MBAM database to automatically unlock the TPM for the user. - -This feature must be enabled on both the server side and in Group Policy on the client side. For more information, see [MBAM 2.5 Security Considerations](mbam-25-security-considerations.md#bkmk-autounlock). - -### Support for FIPS-compliant BitLocker numerical password protectors - -In MBAM 2.5, support was added for Federal Information Processing Standard (FIPS)-compliant BitLocker recovery keys on devices running the Windows 8.1 operating system. However, Windows did not implement FIPS-compliant recovery keys in Windows 7. Therefore, Windows 7 and Windows 8 devices still required a Data Recovery Agent (DRA) protector for recovery. - -The Windows team has backported FIPS-compliant recovery keys with a hotfix, and MBAM 2.5 SP1 has added support for them as well. - -**Note**   -Client computers that are running the Windows 8 operating system still require a DRA protector since the hotfix was not backported to that OS. See [Hotfix Package 2 for BitLocker Administration and Monitoring 2.5](https://support.microsoft.com/kb/3015477) to download and install the BitLocker hotfix for Windows 7 and Windows 8 computers. For information about DRA, see [Using Data Recovery Agents with BitLocker](https://go.microsoft.com/fwlink/?LinkId=393557). - - - -To enable FIPS compliance in your organization, you must configure the Federal Information Processing Standard (FIPS) Group Policy settings. For configuration instructions, see [BitLocker Group Policy Settings](https://go.microsoft.com/fwlink/?LinkId=393560). - -### Customize pre-boot recovery message and URL with new Group Policy setting - -A new Group Policy setting, **Configure pre-boot recovery message and URL**, lets you configure a custom recovery message or specify a URL that is then displayed on the pre-boot BitLocker recovery screen when the OS drive is locked. This setting is only available on client computers running Windows 10. - -If you enable this policy setting, you can you can select one of these options for the pre-boot recovery message: - -- **Use custom recovery message**: Select this option to include a custom message in the pre-boot BitLocker recovery screen. - -- **Use custom recovery URL**: Select this option to replace the default URL that is displayed in the pre-boot BitLocker recovery screen. - -- **Use default recovery message and URL**: Select this option to display the default BitLocker recovery message and URL in the pre-boot BitLocker recovery screen. If you previously configured a custom recovery message or URL and want to revert to the default message, you must enable this policy and select this option. - -The new Group Policy setting is located in the following GPO node: **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDOP MBAM (BitLocker Management)** > **Operating System Drive**. For more information, see [Planning for MBAM 2.5 Group Policy Requirements](planning-for-mbam-25-group-policy-requirements.md). - -### MBAM added support for Used Space Encryption - -In MBAM 2.5 SP1, if you enable Used Space Encryption via BitLocker Group Policy, the MBAM Client honors it. - -This Group Policy setting is called **Enforce drive encryption type on operating system drives** and is located in the following GPO node: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **BitLocker Drive Encryption** > **Operating System Drives**. If you enable this policy and select the encryption type as **Used Space Only encryption**, MBAM will honor the policy and BitLocker will only encrypt disk space that is used on the volume. - -For more information, see [Planning for MBAM 2.5 Group Policy Requirements](planning-for-mbam-25-group-policy-requirements.md). - -### MBAM Client support for Encrypted Hard Drives - -MBAM supports BitLocker on Encrypted Hard Drives that meet TCG specification requirements for Opal as well as IEEE 1667 standards. When BitLocker is enabled on these devices, it will generate keys and perform management functions on the encrypted drive. See [Encrypted Hard Drive](https://technet.microsoft.com/library/hh831627.aspx) for more information. - -### Delegation configuration no longer required when registering SPNs - -The requirement to configure constrained delegation for SPNs that you register for the application pool account is no longer necessary in MBAM 2.5 SP1. However, it is still a requirement for MBAM 2.5. - -### Enable BitLocker using MBAM as Part of a Windows Deployment - -In MBAM 2.5 SP1, you can use a PowerShell script to configure BitLocker drive encryption and escrow recovery keys to the MBAM Server. - -For more information, see [How to Enable BitLocker by Using MBAM as Part of a Windows Deployment](how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md) - -### Self-Service Portal can be customized by using either PowerShell or the SSP customization wizard - -As of MBAM 2.5 SP1, the Self-Service Portal can be configured by using the customization wizard as well as by using PowerShell. See [How to Configure the MBAM 2.5 Web Applications](how-to-configure-the-mbam-25-web-applications.md). - -### Web browser no longer unintentionally runs as administrator - -An issue in MBAM 2.5 caused help links in the Server Configuration tool to cause browser windows to open with administrator rights. This issue is fixed in MBAM 2.5 SP1. - -### No longer need to download the JavaScript files to configure the Self-Service Portal when the CDN is inaccessible - -In MBAM 2.5 and earlier, the jQuery files used for configuration of the Self-Service Portal had to be downloaded from the CDN in advance if clients accessing the Self-Service Portal did not have internet access. In MBAM 2.5 SP1, all JavaScript files are included in the product, so downloading them is unnecessary. - -### Reports can be opened in Report Builder 3.0 - -In MBAM 2.5 SP1, the reports have been updated to the latest report definition language schema, allowing users to open and customize the reports in Report Builder 3.0 and save them immediately without corrupting the report file. - -### New PowerShell cmdlets - -New PowerShell cmdlets for MBAM 2.5 SP1 enable you to configure and manage different MBAM features, including databases, reports, and web applications. Each feature has a corresponding PowerShell cmdlet that you can use to enable or disable features, or to get information about the feature. - -The following cmdlets have been implemented for MBAM 2.5 SP1: - -- Write-MbamTpmInformation - -- Write-MbamRecoveryInformation - -- Read-ADTpmInformation - -- Read-ADRecoveryInformation - -- Write-MbamComputerUser - -The following parameters have been implemented in the Enable-MbamWebApplication and Test-MbamWebApplication cmdlets for MBAM 2.5 SP1: - -- DataMigrationAccessGroup - -- TpmAutoUnlock - -For information about the cmdlets, see [MBAM 2.5 Security Considerations](mbam-25-security-considerations.md) and [Microsoft Bitlocker Administration and Monitoring Cmdlet Help](https://technet.microsoft.com/library/dn720418.aspx). - -### MBAM agent detects presentation mode - -The MBAM agent can detect when the computer is in presentation mode and avoid invoking the MBAM UI at that time. - -### MBAM agent service now configured to use delayed start - -After installation, the service will now set the MBAM agent service to use delayed start, decreasing the amount of time it takes to start Windows. - -### Locked Fixed Data volumes now report as Compliant - -The compliance calculation logic for "Locked Fixed Data" volumes has been changed to report the volumes as "Compliant," but with a Protector State and Encryption State of "Unknown" and with a Compliance Status Detail of "Volume is locked". Previously, locked volumes were reported as “Non-Compliant”, a Protector State of "Encrypted", an Encryption State of "Unknown", and a Compliance Status Detail of "An unknown error". - - -## How to Get MDOP Technologies - - -MBAM is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of the Microsoft Software Assurance program. For more information about the Microsoft Software Assurance program and how to acquire the MDOP, see [How Do I Get MDOP?](https://go.microsoft.com/fwlink/?LinkId=322049). - -## MBAM 2.5 SP1 Release Notes - - -For more information and late-breaking news that is not included in this documentation, see [Release Notes for MBAM 2.5 SP1](release-notes-for-mbam-25-sp1.md). - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - -## Related topics - - -[Microsoft BitLocker Administration and Monitoring 2.5](index.md) - -[Getting Started with MBAM 2.5](getting-started-with-mbam-25.md) - - - - - - - - - diff --git a/mdop/mbam-v25/about-mbam-25.md b/mdop/mbam-v25/about-mbam-25.md deleted file mode 100644 index 7afb0c3d9f..0000000000 --- a/mdop/mbam-v25/about-mbam-25.md +++ /dev/null @@ -1,378 +0,0 @@ ---- -title: About MBAM 2.5 -description: About MBAM 2.5 -author: dansimp -ms.assetid: 1ce218ec-4d2e-4a75-8d1a-68d737a8f3c9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# About MBAM 2.5 - - -Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 provides a simplified administrative interface for BitLocker Drive Encryption. BitLocker offers enhanced protection against data theft or data exposure for computers that are lost or stolen. BitLocker encrypts all data that is stored on the Windows operating system volumes and drives and configured data drives. - -## Overview of MBAM - - -MBAM 2.5 has the following features: - -- Enables administrators to automate the process of encrypting volumes on client computers across the enterprise. - -- Enables security officers to quickly determine the compliance state of individual computers or even of the enterprise itself. - -- Provides centralized reporting and hardware management with Microsoft System Center Configuration Manager. - -- Reduces the workload on the Help Desk to assist end users with BitLocker PIN and recovery key requests. - -- Enables end users to recover encrypted devices independently by using the Self-Service Portal. - -- Enables security officers to easily audit access to recover key information. - -- Empowers Windows Enterprise users to continue working anywhere with the assurance that their corporate data is protected. - -MBAM enforces the BitLocker encryption policy options that you set for your enterprise, monitors the compliance of client computers with those policies, and reports on the encryption status of the enterprise’s and individual’s computers. In addition, MBAM lets you access the recovery key information when users forget their PIN or password, or when their BIOS or boot records change. - -The following groups might be interested in using MBAM to manage BitLocker: - -- Administrators, IT security professionals, and compliance officers who are responsible for ensuring that confidential data is not disclosed without authorization - -- Administrators who are responsible for computer security in remote or branch offices - -- Administrators who are responsible for client computers that are running Windows - -**Note**   -BitLocker is not explained in detail in this MBAM documentation. For more information, see [BitLocker Drive Encryption Overview](https://go.microsoft.com/fwlink/p/?LinkId=225013). - - - -## What’s new in MBAM 2.5 - - -This section describes the new features in MBAM 2.5. - -### Support for Microsoft SQL Server 2014 - -MBAM adds support for Microsoft SQL Server 2014, in addition to the same software that is supported in earlier versions of MBAM. - -### MBAM Group Policy Templates downloaded separately - -The MBAM Group Policy Templates must be downloaded separately from the MBAM installation. In previous versions of MBAM, the MBAM installer included an MBAM Policy Template, which contained the required MBAM-specific Group Policy Objects (GPOs) that define MBAM implementation settings for BitLocker Drive Encryption. These GPOs have been removed from the MBAM installer. You now download the GPOs from [How to Get MDOP Group Policy (.admx) Templates](https://go.microsoft.com/fwlink/p/?LinkId=393941) and copy them to a server or workstation before you begin the MBAM Client installation. You can copy the Group Policy Templates to any server or workstation that is running a supported version of the Windows Server or Windows operating system. - -**Important**   -Do not change the Group Policy settings in the **BitLocker Drive Encryption** node, or MBAM will not work correctly. When you configure the Group Policy settings in the **MDOP MBAM (BitLocker Management)** node, MBAM automatically configures the BitLocker Drive Encryption settings for you. - - - -The template files that you need to copy to a server or workstation are: - -- BitLockerManagement.adml - -- BitLockerManagement.admx - -- BitLockerUserManagement.adml - -- BitLockerUserManagement.admx - -Copy the template files to the location that best meets your needs. For the language-specific files, which must be copied to a language-specific folder, the Group Policy Management Console is required to view the files. - -- To install the template files locally on a server or workstation, copy the files to one of the following locations. - - - - - - - - - - - - - - - - - - - - - - -
File typeFile location

language neutral (.admx)

%systemroot%\policyDefinitions

language specific (.adml)

%systemroot%\policyDefinitions[MUIculture] (for example, the U.S. English language specific file will be stored in %systemroot%</em>policyDefinitions\en-us)

- - - -- To make the templates available to all Group Policy administrators in a domain, copy the files to one of the following locations on a domain controller. - - - - - - - - - - - - - - - - - - - - - - -
File typeDomain controller file location

Language neutral (.admx)

%systemroot%sysvol\domain\policies\PolicyDefinitions

Language specific (.adml)

%systemroot%\sysvol\domain\policies\PolicyDefinitions[MUIculture] (for example, the U.S. English language-specific file will be stored in %systemroot%\sysvol\domain\policies\PolicyDefinitions\en-us)

- - - -For more information about template files, see [Managing Group Policy ADMX Files Step-by-Step Guide](https://go.microsoft.com/fwlink/?LinkId=392818). - -### Ability to enforce encryption policies on operating system and fixed data drives - -MBAM 2.5 enables you to enforce encryption policies on operating system and fixed data drives for computers in your organization and limit the number of days that end users can request a postponement of the requirement to comply with MBAM encryption policies. - -To enable you to configure encryption policy enforcement, a new Group Policy setting, called Encryption Policy Enforcement Settings, has been added for operating system drives and fixed data drives. This policy is described in the following table. - - ----- - - - - - - - - - - - - - - - - - - - -
Group Policy settingDescriptionGroup Policy node used to configure this setting

Encryption Policy Enforcement Settings (Operating System Drive)

For this setting, use the option Configure the number of noncompliance grace period days for operating system drives to configure a grace period.

-

The grace period specifies the number of days that end users can postpone compliance with MBAM policies for their operating system drive after the drive is first detected as noncompliant.

-

After the configured grace period expires, users cannot postpone the required action or request an exemption from it.

-

If user interaction is required (for example, if you are using the Trusted Platform Module (TPM) + PIN or using a password protector), a dialog box appears, and users cannot close it until they provide the required information. If the protector is TPM only, encryption begins immediately in the background without user input.

-

Users cannot request exemptions through the BitLocker encryption wizard. Instead, they must contact their Help Desk or use whatever process their organization uses for exemption requests.

Computer Configuration > Policies > Administrative Templates > Windows Components > MDOP MBAM (BitLocker Management) > Operating System Drive

Encryption Policy Enforcement Settings (Fixed Data Drives)

For this setting, use the option Configure the number of noncompliance grace period days for fixed drives to configure a grace period.

-

The grace period specifies the number of days that end users can postpone compliance with MBAM policies for their fixed drive after the drive is first detected as noncompliant.

-

The grace period begins when the fixed drive is determined to be noncompliant. If you are using auto-unlock, the policy will not be enforced until the operating system drive is compliant. However, if you are not using auto-unlock, encryption of the fixed data drive can begin before the operating system drive is fully encrypted.

-

After the configured grace period expires, users cannot postpone the required action or request an exemption from it. If user interaction is required, a dialog box appears and users cannot close it until they provide the required information.

Computer Configuration > Policies > Administrative Templates > Windows Components > MDOP MBAM (BitLocker Management) > Fixed Drive

- - - -### Ability to provide a URL in the BitLocker Drive Encryption wizard to point to your security policy - -A new Group Policy setting, **Provide the URL for the Security Policy link**, enables you to configure a URL that will be presented to end users as a link called **Company Security Policy**. This link will appear when MBAM prompts users to encrypt a volume. - -If you enable this policy setting, you can configure the URL for the **Company Security Policy** link. If you disable or do not configure this policy setting, the **Company Security Policy** link is not displayed to users. - -The new Group Policy setting is located in the following GPO node: **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDOP MBAM (BitLocker Management) > Client Management**. - -### Support for FIPS-compliant recovery keys - -MBAM 2.5 supports Federal Information Processing Standard (FIPS)-compliant BitLocker recovery keys on devices that are running the Windows 8.1 operating system. The recovery key was not FIPS compliant in earlier versions of Windows. This enhancement improves the drive recovery process in organizations that require FIPS compliance because it enables end users to use the Self-Service Portal or Administration and Monitoring Website (Help Desk) to recover their drives if they forget their PIN or password or get locked out of their computers. The new FIPS compliance feature does not extend to password protectors. - -To enable FIPS compliance in your organization, you must configure the Federal Information Processing Standard (FIPS) Group Policy settings. For configuration instructions, see [BitLocker Group Policy Settings](https://go.microsoft.com/fwlink/?LinkId=393560). - -For client computers that are running the Windows 8 or Windows 7 operating systems without the [installed BitLocker hotfix](https://support.microsoft.com/kb/3015477), IT administrators will continue to use the Data Recovery Agents (DRA) protector in FIPS-compliant environments. For information about DRA, see [Using Data Recovery Agents with BitLocker](https://go.microsoft.com/fwlink/?LinkId=393557). - -See [Hotfix Package 2 for BitLocker Administration and Monitoring 2.5](https://support.microsoft.com/kb/3015477) to download and install the BitLocker hotfix for Windows 7 and Windows 8 computers. - -### Support for high availability deployments - -MBAM supports the following high-availability scenarios in addition to the standard two-server and Configuration Manager Integration topologies: - -- SQL Server AlwaysOn availability groups - -- SQL Server clustering - -- Network load balancing (NLB) - -- SQL Server mirroring - -- Volume Shadow Copy Service (VSS) Backup - -For more information about these features, see [Planning for MBAM 2.5 High Availability](planning-for-mbam-25-high-availability.md). - -### Management of roles for Administration and Monitoring Website changed - -In MBAM 2.5, you must create security groups in Active Directory Domain Services (AD DS) to manage the roles that provide access rights to the Administration and Monitoring Website. Roles enable users who are in specific security groups to perform different tasks in the website such as viewing reports or helping end users recover encrypted drives. In previous versions of MBAM, roles were managed by using local groups. - -In MBAM 2.5, the term “roles” replaces the term “administrator roles,” which was used in earlier versions of MBAM. In addition, in MBAM 2.5 the “MBAM System Administrators” role has been removed. - -The following table lists the security groups that you must create in AD DS. You can use any name for the security groups. - - ---- - - - - - - - - - - - - - - - - - - - - -
RoleAccess rights for this role on the Administration and Monitoring Website

MBAM Helpdesk Users

Provides access to the Manage TPM and Drive Recovery areas of the MBAM Administration and Monitoring Website. Users who have access to these areas must fill in all fields when they use either area.

MBAM Report Users

Provides access to the Reports in the Administration and Monitoring Website.

MBAM Advanced Helpdesk Users

Provides access to all areas in the Administration and Monitoring Website. Users in this group have to enter only the recovery key, not the end user’s domain and user name, when helping end users recover their drives. If a user is a member of the MBAM Helpdesk Users group and the MBAM Advanced Helpdesk Users group, the MBAM Advanced Helpdesk Users group permissions override the MBAM Helpdesk Users group permissions.

- - - -After you create the security groups in AD DS, assign users and/or groups to the appropriate security group to enable the corresponding level of access to the Administration and Monitoring Website. To enable individuals with each role to access the Administration and Monitoring Website, you must also specify each security group when you are configuring the Administration and Monitoring Website. - -### Windows PowerShell cmdlets for configuring MBAM Server features - -Windows PowerShell cmdlets for MBAM 2.5 enable you to configure and manage the MBAM Server features. Each feature has a corresponding Windows PowerShell cmdlet that you can use to enable or disable features, or to get information about the feature. - -For prerequisites and prerequisites for using Windows PowerShell, see [Configuring MBAM 2.5 Server Features by Using Windows PowerShell](configuring-mbam-25-server-features-by-using-windows-powershell.md). - -**To load the MBAM 2.5 Help for Windows PowerShell cmdlets after installing the MBAM Server software** - -1. Open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE). - -2. Type **Update-Help –Module Microsoft.MBAM**. - -Windows PowerShell Help for MBAM is available in the following formats: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
Windows PowerShell Help formatMore information

At a Windows PowerShell command prompt, type Get-Help <cmdlet>

To upload the latest Windows PowerShell cmdlets, follow the instructions in the previous section on how to load Windows PowerShell Help for MBAM.

On TechNet as webpages

https://go.microsoft.com/fwlink/?LinkId=393498

On the Download Center as a Word .docx file

https://go.microsoft.com/fwlink/?LinkId=393497

On the Download Center as a .pdf file

https://go.microsoft.com/fwlink/?LinkId=393499

- - - -### Support for ASCII-only and enhanced PINs and ability to prevent sequential and repeating characters - -**Allow enhanced PINs for startup Group Policy setting** - -The Group Policy setting, **Allow enhanced PINs for startup**, enables you to configure whether enhanced startup PINs are used with BitLocker. Enhanced startup PINs permit users to enter any keys on a full keyboard, including uppercase and lowercase letters, symbols, numbers, and spaces. If you enable this policy setting, all new BitLocker startup PINs that are set will be enhanced PINs. If you disable or do not configure this policy setting, enhanced PINs cannot be used. - -Not all computers support the entry of enhanced PINs in the Pre-Boot Execution Environment (PXE). Before you enable this Group Policy setting for your organization, run a system check during the BitLocker setup process to ensure that the computer’s BIOS supports the use of the full keyboard in PXE. For more information, see [Planning for MBAM 2.5 Group Policy Requirements](planning-for-mbam-25-group-policy-requirements.md). - -**Require ASCII-only PINs check box** - -The **Allow enhanced PINs for startup** Group Policy setting also contains a **Require ASCII-only PINs** check box. If the computers in your organization do not support the use of the full keyboard in PXE, you can enable the **Allow enhanced PINs for startup** Group Policy setting, and then select the **Require ASCII-only PINs** check box to require that enhanced PINs use only printable ASCII characters. - -**Enforced use of nonsequential and nonrepeating characters** - -MBAM 2.5 prevents end users from creating PINs that consist of repeating numbers (such as 1111) or sequential numbers (such as 1234). If end users try to enter a password that contains three or more repeating or sequential numbers, the Bitlocker Drive Encryption wizard displays an error message and prevents users from entering a PIN with the prohibited characters. - -### Addition of DRA Certificate to BitLocker Computer Compliance report - -A new protector type, the Data Recovery Agent (DRA) Certificate, has been added to the BitLocker Computer Compliance Report in Configuration Manager. This protector type applies to operating system drives, and it appears in the **Computer Volume(s)** section in the **Protector Types** column. - -### Support for multi-forest support deployments - -MBAM 2.5 supports the following types of multi-forest deployments: - -- Single forest with single domain - -- Single forest with a single tree and multiple domains - -- Single forest with multiple trees and disjoint namespaces - -- Multiple forests in a central forest topology - -- Multiple forests in a resource forest topology - -There is no support for forest migration (going from single to multiple, multiple to single, resource to across the forest, etc.), or upgrade or downgrade. - -The prerequisites for deploying MBAM in multi-forest deployments are: - -- Forest must be running on supported versions of Windows Server. - -- A two-way or one-way trust is required. One-way trusts require that the server’s domain trusts the client’s domain. In other words, the server’s domain is pointed at the client’s domain. - -### MBAM Client support for Encrypted Hard Drives - -MBAM supports BitLocker on Encrypted Hard Drives that meet TCG specification requirements for Opal as well as IEEE 1667 standards. When BitLocker is enabled on these devices, it will generate keys and perform management functions on the encrypted drive. See [Encrypted Hard Drive](https://technet.microsoft.com/library/hh831627.aspx) for more information. - -## How to Get MDOP Technologies - - -MBAM is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of the Microsoft Software Assurance program. For more information about the Microsoft Software Assurance program and how to acquire the MDOP, see [How Do I Get MDOP?](https://go.microsoft.com/fwlink/?LinkId=322049). - -## MBAM 2.5 Release Notes - - -For more information and late-breaking news that is not included in this documentation, see [Release Notes for MBAM 2.5](release-notes-for-mbam-25.md). - -## Got a suggestion for MBAM? -- Send your feedback [here](https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - -## Related topics - - -[Microsoft BitLocker Administration and Monitoring 2.5](index.md) - -[Getting Started with MBAM 2.5](getting-started-with-mbam-25.md) - - - - - - - - - diff --git a/mdop/mbam-v25/accessibility-for-mbam-25.md b/mdop/mbam-v25/accessibility-for-mbam-25.md deleted file mode 100644 index 5618291576..0000000000 --- a/mdop/mbam-v25/accessibility-for-mbam-25.md +++ /dev/null @@ -1,110 +0,0 @@ ---- -title: Accessibility for MBAM 2.5 -description: Accessibility for MBAM 2.5 -author: dansimp -ms.assetid: 03b343a6-9e8e-4868-a52b-cedf0b696d56 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Accessibility for MBAM 2.5 - - -Microsoft is committed to making its products and services easier for everyone to use. This section provides information about features and services that make this product and its corresponding documentation more accessible for people with disabilities. - -## Access any command with a few keystrokes - - -Access keys let you quickly use a command by pressing a few keys. You can get to most commands by using two keystrokes. To use an access key: - -1. Press ALT. - - The keyboard shortcuts are displayed over each feature that is available in the current view. - -2. Press the letter shown in the keyboard shortcut over the feature that you want to use. - -**Note**   -To cancel the action that you are taking and hide the keyboard shortcuts, press ALT. - - - -## Documentation in alternative formats - - -If you have difficulty reading or handling printed materials, you can obtain the documentation for many Microsoft products in more accessible formats. You can view an index of accessible product documentation on the Microsoft Accessibility website. In addition, you can obtain additional Microsoft publications from Learning Ally (formerly Recording for the Blind & Dyslexic, Inc.). Learning Ally distributes these documents to registered, eligible members of their distribution service. - -For information about the availability of Microsoft product documentation and books from Microsoft Press, contact: - - ---- - - - - - - - - - - - - - - - - - - - - - - -

Learning Ally (formerly Recording for the Blind & Dyslexic, Inc.)

-

20 Roszel Road

-

Princeton, NJ 08540

Telephone number from within the United States:

(800) 221-4792

Telephone number from outside the United States and Canada:

(609) 452-0606

Fax:

(609) 987-8116

http://www.learningally.org/

Web addresses can change, so you might be unable to connect to the website or sites mentioned here.

- - - -## Customer service for people with hearing impairments - - -If you are deaf or hard-of-hearing, complete access to Microsoft product and customer services is available through a text telephone (TTY/TDD) service: - -- For customer service, contact Microsoft Sales Information Center at (800) 892-5234 between 6:30 AM and 5:30 PM Pacific Time, Monday through Friday, excluding holidays. - -- For technical assistance in the United States, contact Microsoft Product Support Services at (800) 892-5234 between 6:00 AM and 6:00 PM Pacific Time, Monday through Friday, excluding holidays. In Canada, dial (905) 568-9641 between 8:00 AM and 8:00 PM Eastern Time, Monday through Friday, excluding holidays. - -Microsoft Support Services are subject to the prices, terms, and conditions in place at the time the service is used. - -## For more information - - -For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431). - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - -## Related topics - - -[Getting Started with MBAM 2.5](getting-started-with-mbam-25.md) - - - - - - - - - diff --git a/mdop/mbam-v25/administering-mbam-25-features.md b/mdop/mbam-v25/administering-mbam-25-features.md deleted file mode 100644 index ba93616f8c..0000000000 --- a/mdop/mbam-v25/administering-mbam-25-features.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: Administering MBAM 2.5 Features -description: Administering MBAM 2.5 Features -author: dansimp -ms.assetid: ca15f818-cf07-4437-8ffa-425af603a3c8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Administering MBAM 2.5 Features - - -After completing all necessary planning and then deploying Microsoft BitLocker Administration and Monitoring (MBAM), you can configure and use it to manage BitLocker encryption across the enterprise The information in this section describes post-installation day-to-day Microsoft BitLocker Administration and Monitoring feature operations tasks. - -## Manage BitLocker Encryption Exemptions - - -MBAM lets you grant encryption exemptions to specific users who do not need or want their drives encrypted. Computer exemption is typically used when a company has computers that do not have to be encrypted, such as computers that are used in development or testing, or older computers that do not support BitLocker. In some cases, local law may also require that certain computers are not encrypted. - -[How to Manage User BitLocker Encryption Exemptions](how-to-manage-user-bitlocker-encryption-exemptions-mbam-25.md) - -## Understand the BitLocker Encryption Options and BitLocker Drive Encryption Items in Control Panel - - -MBAM provides a custom control panel, called BitLocker Encryption Options, that appears under **System and Security**. The MBAM control panel can be used to unlock encrypted fixed and removable drives, and also manage your PIN or password. - -**Note**   -This customized control panel does not replace the default Windows BitLocker control panel. - - - -[Understanding the BitLocker Encryption Options and BitLocker Drive Encryption Items in Control Panel](understanding-the-bitlocker-encryption-options-and-bitlocker-drive-encryption-items-in-control-panel.md) - -## Other Resources for Administering MBAM Features - - -[Operations for MBAM 2.5](operations-for-mbam-25.md) - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - - - - - diff --git a/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md b/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md deleted file mode 100644 index 8a255ed548..0000000000 --- a/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md +++ /dev/null @@ -1,34 +0,0 @@ ---- -title: Applying hotfixes on MBAM 2.5 SP1 -description: Applying hotfixes on MBAM 2.5 SP1 -ms.author: ppriya-msft -author: dansimp -ms.assetid: -ms.reviewer: -manager: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 8/30/2018 -ms.author: dansimp ---- - -# Applying hotfixes on MBAM 2.5 SP1 -This topic describes the process for applying the hotfixes for Microsoft BitLocker Administration and Monitoring (MBAM) Server 2.5 SP1 - -### Before you begin, download the latest hotfix of Microsoft BitLocker Administration and Monitoring (MBAM) Server 2.5 SP1 -[Desktop Optimization Pack](https://www.microsoft.com/download/details.aspx?id=57157) - -> [!NOTE] -> For more information about the hotfix releases, see the [MBAM version chart](https://docs.microsoft.com/archive/blogs/dubaisec/mbam-version-chart). - -#### Steps to update the MBAM Server for existing MBAM environment -1. Remove MBAM server feature (do this by opening the MBAM Server Configuration Tool, then selecting Remove Features). -2. Remove MDOP MBAM from Control Panel | Programs and Features. -3. Install MBAM 2.5 SP1 RTM server components. -4. Install lastest MBAM 2.5 SP1 hotfix rollup. -5. Configure MBAM features using MBAM Server Configurator. - -#### Steps to install the new MBAM 2.5 SP1 server hotfix -Refer to the document for [new server installation](deploying-the-mbam-25-server-infrastructure.md). diff --git a/mdop/mbam-v25/client-event-logs.md b/mdop/mbam-v25/client-event-logs.md deleted file mode 100644 index 747ad55211..0000000000 --- a/mdop/mbam-v25/client-event-logs.md +++ /dev/null @@ -1,275 +0,0 @@ ---- -title: Client Event Logs -description: Client Event Logs -author: dansimp -ms.assetid: d5c2f270-db6a-45f1-8557-8c6fb28fd568 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Client Event Logs - -MBAM Client event logs are located in Event Viewer – Applications and Services Logs – Microsoft – Windows – MBAM - Operational path. -The following table contains event IDs that can occur on the MBAM Client. - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Event IDChannelEvent symbolMessage

1

Operational

VolumeEnactmentSuccessful

The MBAM policies were applied successfully.

2

Admin

VolumeEnactmentFailed

An error occurred while applying MBAM policies.

3

Operational

TransferStatusDataSuccessful

The encryption status data was sent successfully.

4

Admin

TransferStatusDataFailed

An error occurred while sending encryption status data.

8

Admin

SystemVolumeNotFound

The system volume is missing. SystemVolume is needed to encrypt the operating system drive.

9

Admin

TPMNotFound

The TPM hardware is missing. TPM is needed to encrypt the operating system drive with any TPM protector.

10

Admin

MachineHWExempted

The computer is exempted from Encryption. Machine’s hardware status: Exempted

11

Admin

MachineHWUnknown

The computer is exempted from encryption. Machine’s hardware status: Unknown

12

Admin

HWCheckFailed

Hardware exemption check failed.

13

Admin

UserIsExempted

The user is exempt from encryption.

14

Admin

UserIsWaiting

The user requested an exemption.

15

Admin

UserExemptionCheckFailed

User exemption check failed.

16

Admin

UserPostponed

The user postponed the encryption process.

17

Admin

TPMInitializationFailed

TPM initialization failed. The user rejected the BIOS changes.

18

Admin

CoreServiceDown

Unable to connect to the MBAM Recovery and Hardware service.

19

Operational

CoreServiceUp

Successfully connected to the MBAM Recovery and Hardware service.

20

Admin

PolicyMismatch

The MBAM policy is in conflict or corrupt.

21

Admin

ConflictingOSVolumePolicies

Detected OS volume encryption policies conflict. Check BitLocker and MBAM policies related to OS drive protectors.

22

Admin

ConflictingFDDVolumePolicies

Detected Fixed Data Drive volume encryption policies conflict. Check BitLocker and MBAM policies related to FDD drive protectors.

27

Admin

EncryptionFailedNoDra

An error occurred while encrypting. A Data Recovery Agent (DRA) protector is required in FIPS mode for pre-Windows 8.1 machines.

28

Operational

TpmOwnerAuthEscrowed

The TPM OwnerAuth has been escrowed.

29

Operational

RecoveryKeyEscrowed

The BitLocker recovery key for the volume has been escrowed.

30

Operational

RecoveryKeyReset

The BitLocker recovery key for the volume has been updated.

31

Operational

EnforcePolicyDateSet

The enforce policy date, <date>, has been set for the volume

32

Operational

EnforcePolicyDateCleared

The enforce policy date, <date>, has been cleared for the volume.

33

Operational

TpmLockOutResetSucceeded

Successfully reset TPM lockout.

34

Admin

TpmLockOutResetFailed

Failed to reset TPM lockout.

35

Operational

TpmOwnerAuthRetrievalSucceeded

Successfully retrieved TPM OwnerAuth from MBAM services.

36

Admin

TpmOwnerAuthRetrievalFailed

Failed to retrieve TPM OwnerAuth from MBAM services.

37

Admin

WmiProviderDllSearchPathUpdateFailed

Failed to update the DLL search path for WMI provider.

38

Admin

TimedOutWaitingForWmiProvider

Agent Stopping - Timed-out waiting for MBAM WMI Provider Instance.

39

Operational

RemovableDriveMounted

Removable drive was mounted.

40

Operational

RemovableDriveDismounted

Removable drive was unmounted.

41

Operational

FailedToEnactEndpointUnreachable

Failure to connect to the MBAM Recovery and Hardware service prevented MBAM policies from being applied successfully to the volume.

42

Operational

FailedToEnactLockedVolume

Locked volume state prevented MBAM policies from being applied successfully to the volume.

43

Operational

TransferStatusDataFailedEndpointUnreachable

Failure to connect to the MBAM Compliance and Status service prevented the transfer of encryption status data.

- -  - - -## Related topics -[Technical Reference for MBAM 2.5](technical-reference-for-mbam-25.md) - -[Server Event Logs](server-event-logs.md) - -  - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).  - - - - - diff --git a/mdop/mbam-v25/configuring-mbam-25-server-features-by-using-windows-powershell.md b/mdop/mbam-v25/configuring-mbam-25-server-features-by-using-windows-powershell.md deleted file mode 100644 index 3e68d38e01..0000000000 --- a/mdop/mbam-v25/configuring-mbam-25-server-features-by-using-windows-powershell.md +++ /dev/null @@ -1,376 +0,0 @@ ---- -title: Configuring MBAM 2.5 Server Features by Using Windows PowerShell -description: Configuring MBAM 2.5 Server Features by Using Windows PowerShell -author: dansimp -ms.assetid: 826429fd-29bb-44be-b47e-5f5c7d20dd1d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Configuring MBAM 2.5 Server Features by Using Windows PowerShell - - -After you install the MBAM 2.5 Server software, you can use configure MBAM 2.5 Server features by using Windows PowerShell cmdlets or the MBAM Server Configuration wizard. This topic describes how to configure MBAM 2.5 by using the Windows PowerShell cmdlets. To use the wizard instead, see [Configuring the MBAM 2.5 Server Features](configuring-the-mbam-25-server-features.md). - -## In this topic - - -This topic includes the following information about using Windows PowerShell to configure MBAM: - -- [How to load Windows PowerShell Help for MBAM 2.5](#bkmk-load-posh-help) - -- [How to get Help about an MBAM Windows PowerShell cmdlet](#bkmk-help-specific-cmdlet) - -- [Configurations that you can do only with Windows PowerShell but not with the MBAM Server Configuration wizard](#bkmk-config-only-posh) - -- [Prerequisites and requirements for using Windows PowerShell to configure MBAM Server features](#bkmk-prereqs-posh-mbamsvr) - -- [Using Windows PowerShell to configure MBAM on a remote computer](#bkmk-remote-config) - -- [Required accounts and corresponding Windows PowerShell cmdlet parameters](#bkmk-reqd-posh-accts) - -For information about the **Get-MbamBitLockerRecoveryKey** and **Get-MbamTPMOwnerPassword** Windows PowerShell cmdlets, which are used to administer MBAM, see [Using Windows PowerShell to Administer MBAM 2.5](using-windows-powershell-to-administer-mbam-25.md). - -## How to load Windows PowerShell Help for MBAM 2.5 - - -For a list of the Windows PowerShell cmdlets on TechNet, see [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](https://go.microsoft.com/fwlink/?LinkId=392816). - -**To load the MBAM 2.5 Help for Windows PowerShell cmdlets after installing the MBAM Server software** - -1. Open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE). - -2. Type **Update-Help –Module Microsoft.MBAM**. - -## How to get Help about an MBAM Windows PowerShell cmdlet - - -Windows PowerShell Help for MBAM is available in the following formats: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
Windows PowerShell Help formatMore information

At a Windows PowerShell command prompt, type Get-Help <cmdlet>

To upload the latest Windows PowerShell cmdlets, follow the instructions in the previous section on how to load Windows PowerShell Help for MBAM.

On TechNet as webpages

https://go.microsoft.com/fwlink/?LinkId=393498

On the Download Center as a Word .docx file

https://go.microsoft.com/fwlink/?LinkId=393497

On the Download Center as a .pdf file

https://go.microsoft.com/fwlink/?LinkId=393499

- - - -## Configurations that you can do only with Windows PowerShell but not with the MBAM Server Configuration wizard - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Configurations that you can do only by using Windows PowerShellDetails

Install the web services on a separate computer from the web applications.

Using the wizard, you must install the web services and web applications on the same computer.

Enable reports on a separate reporting services point without installing all of the Configuration Manager objects.

Delete all of the objects from Configuration Manager.

Deleting the objects in turn deletes all of the compliance data from Configuration Manager.

Enter a custom connection string for the databases.

Example: To configure the web applications to work with mirroring, you must use the Enable-MbamWebApplication cmdlet to specify the appropriate failover partner syntax in the connection string.

Skip validation and configure a feature even though the prerequisite check failed.

- - - -**Note**   -You cannot disable the MBAM databases with a Windows PowerShell cmdlet or the MBAM Server Configuration wizard. To prevent the accidental removal of your compliance and audit data, database administrators must remove databases manually. - - - -## Prerequisites and requirements for using Windows PowerShell to configure MBAM Server features - - -Before starting the configuration, complete the following prerequisites. - -**Account-related prerequisites** - - ---- - - - - - - - - - - - - - - - - - - - - -
PrerequisiteDetails or additional information

Create the required accounts.

See section Required accounts and corresponding Windows PowerShell cmdlet parameters later in this topic.

User accounts and groups that you pass as parameters to the Windows PowerShell cmdlets must be valid accounts in the domain.

You cannot use local accounts.

Specify accounts in the down-level format.

Examples:

-

domainNetBiosName\userdomainNetBiosName\group

- - - -**Permission-related prerequisites** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
PrerequisiteDetails or additional information

You must be an administrator on the local computer where you are configuring the MBAM feature.

Use an elevated Windows PowerShell command prompt to run all Windows PowerShell cmdlets.

For the Enable-MbamDatabase cmdlet only:

-

You must have "create any database" permissions on the instance of the target Microsoft SQL Server database.

-

This user account must be a part of the local administrators group or the Backup Operators group to register the MBAM Volume Shadow Copy Service (VSS) Writer.

By default, the database administrator or system administrator has the required "create any database" permissions.

-

-

For more information about VSS Writer, see Volume Shadow Copy Service.

For the System Center Configuration Manager Integration feature only:

-

The user who enables this feature must have these rights in Configuration Manager:

 ---- - - - - - - - - - - - - - - - - - - - - -
Type of rights in Configuration ManagerRequired rights

Configuration Manager Site rights:

- Read

Configuration Manager Collection rights:

- Create- Delete- Read- Modify- Deploy Configuration Items

Configuration Manager Configuration item rights:

- Create- Delete- Read

-

 

-

- - - -## Using Windows PowerShell to configure MBAM on a remote computer - - - ---- - - - - - - - - - - - - - - - - - - -

When to use this capability

When you want to configure the MBAM 2.5 Server features on a remote computer. The Windows PowerShell cmdlets are running on one computer, and you are configuring the features on a different, remote computer.

What you have to do

To use Windows PowerShell to configure MBAM 2.5 Server features on a remote computer, you must:

-
    -

  • Ensure that the MBAM 2.5 Server software has been installed on the remote computer.

    • -

  • Use the Credential Security Support Provider (CredSSP) Protocol to open the Windows PowerShell session.

    • -

  • Enable Windows Remote Management (WinRM). If you fail to enable WinRM and to configure it correctly, the New-PSSession cmdlet that is described in this table displays an error and describes how to fix the issue. For more information about WinRM, see Using Windows Remote Management.

    • -

Why you have to do it

This protocol enables the Windows PowerShell cmdlets to connect to Active Directory Domain Services by using the user’s administrative credentials. You might get a validation error if you start the Windows PowerShell session without this protocol.

How to start a Windows PowerShell session with the CredSSP protocol

Type the following code at the Windows PowerShell prompt:

-

$s = New-PSSession -ComputerName xxx -Authentication Credssp -Credential xxx

-

The following code shows an example.

-

$session = New-PSSession -ComputerName <MBAM_server_name> -Authentication Credssp -Credential (Get-Credential)

-

Enter-PSSession $session

- - - -## Required accounts and corresponding Windows PowerShell cmdlet parameters - - -The following table describes the accounts that are required to configure MBAM 2.5 Server features. It also lists the corresponding Windows PowerShell cmdlet and parameter for which you have to specify the account during configuration. - -Cmdlet -Parameter -Type (User or Group) -Description -Enable-MBAMDatabase - -AccessAccount - -User or Group - -Specify a domain user or group that has read/write permission to this database to give the web applications access to data and reports in this database. If the value is a domain user, then the **WebServiceApplicationPoolCredential** parameter that is used when running the **Enable-MbamWebApplication** cmdlet must use the same user account. If the value is a domain Users group, then the domain account that is used by the **WebServiceApplicationPoolCredential** parameter must be a member of this group. - -ReportAccount - -User or Group - -Specify a domain user or Users group that has read-only permission to this database to provide the MBAM reports access to the compliance and audit data. If the value is a domain user, then the **ComplianceAndAuditDBCredential** parameter of the **Enable-MbamReport** cmdlet must use the same user account. If the value is a domain Users group, then the domain account that is used by the **ComplianceAndAuditDBCredential** parameter must be a member of this group. - -Enable-MbamReport - -ComplianceAndAuditDBCredential - -User - -Specifies the administrative credential that the local SSRS instance uses to connect to the MBAM Compliance and Audit Database. The domain user in the administrative credential must be the same as the user account that is used for the **ReportAccount** parameter, which is used while running the **Enable-MbamDatabase** cmdlet. If a domain Users group was used with the **ReportAccount** parameter, this account should be a member of that group. - -**Important**   -The account specified in the administrative credentials should have limited user rights for improved security. Also, the password of the account should be set to not expire. - - - -ReportsReadOnlyAccessGroup - -Group - -Specifies the domain user group that has read permissions to the reports. The specified group must be the same group that is used for the **ReportsReadOnlyAccessGroup** parameter in the **Enable-MbamWebApplication** cmdlet. - -Enable-MBAMWebApplication - -AdvancedHelpdeskAccessGroup - -Group - -Specifies the domain Users group that has access to all areas of the Administration and Monitoring Website except the Reports area. - -HelpdeskAccessGroup - -Group - -Specifies the domain Users group that has access to the **Manage TPM** and **Drive Recovery** areas of the Administration and Monitoring Website. - -ReportsReadOnlyAccessGroup - -Group - -Specifies the domain Users group that has read permission to the **Reports** area of the Administration and Monitoring Website. The specified group must be the same group that is used for the **ReportsReadOnlyAccessGroup** parameter in the **Enable-MbamReport** cmdlet. - -WebServiceApplicationPoolCredential - -User - -Specifies the domain user to be used by the application pool for the MBAM web applications. It must be the same domain user account that is specified in the **AccessAccount** parameter of the **Enable-MbamDatabase** cmdlet. If a domain Users group was used by the **AccessAccount** parameter when running the **Enable-MbamDatabase** cmdlet, the domain user that is specified here must be a member of that group. If you do not specify the administrative credentials, the administrative credentials that were specified by any previously enabled web application are used. All of the web applications use the same application pool identity. If it is specified multiple times, the most recently specified value is used. - -**Important**   -For improved security, set the account that is specified in the administrative credentials to limited user rights. Also, set the password of the account to never expire. Ensure that either the built-in IIS\_IUSRS account or the account that is used for the **WebServiceApplicationPoolCredential** parameter has been added to the **Impersonate a client after authentication** local security setting. - -To view the local security setting, open the **Local Security Policy editor**, expand the **Local Policies** node, select the **User Rights Assignment** node, and then double-click the **Impersonate a client after authentication** and **Log on as a batch job** Group Policy settings in the details pane. - - - - - - - - -## Related topics - - -[Configuring the MBAM 2.5 Server Features](configuring-the-mbam-25-server-features.md) - -[Validating the MBAM 2.5 Server Feature Configuration](validating-the-mbam-25-server-feature-configuration.md) - -[Using Windows PowerShell to Administer MBAM 2.5](using-windows-powershell-to-administer-mbam-25.md) - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - - diff --git a/mdop/mbam-v25/configuring-the-mbam-25-server-features.md b/mdop/mbam-v25/configuring-the-mbam-25-server-features.md deleted file mode 100644 index d5431e95f6..0000000000 --- a/mdop/mbam-v25/configuring-the-mbam-25-server-features.md +++ /dev/null @@ -1,126 +0,0 @@ ---- -title: Configuring the MBAM 2.5 Server Features -description: Configuring the MBAM 2.5 Server Features -author: dansimp -ms.assetid: 894d1080-5f13-48f7-8fde-82f8d440a4ed -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configuring the MBAM 2.5 Server Features - - -Use this information as a starting place for configuring Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 Server features after [Installing the MBAM 2.5 Server Software](installing-the-mbam-25-server-software.md). There are two methods you can use to configure MBAM: - -- MBAM Server Configuration wizard - -- Windows PowerShell cmdlets - -## Before you start configuring MBAM Server features - - -Review and complete the following steps before you start configuring the MBAM Server features: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
StepWhere to get instructions

Review the recommended architecture for MBAM.

High-Level Architecture for MBAM 2.5

Review the supported configurations for MBAM.

MBAM 2.5 Supported Configurations

Complete the required prerequisites on each server.

Install the MBAM Server software on each server where you will configure an MBAM Server feature.

Installing the MBAM 2.5 Server Software

Review the prerequisites for using Windows PowerShell to configure MBAM Server features (if you are using this method to configure MBAM Server features).

Configuring MBAM 2.5 Server Features by Using Windows PowerShell

- - - -## Steps for configuring MBAM Server features - - -Each row in the following table describes the features that you will configure on a separate server, according to the recommended [High-Level Architecture for MBAM 2.5](high-level-architecture-for-mbam-25.md). - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
Features to installWhere to get instructions

Configure the databases.

How to Configure the MBAM 2.5 Databases

Configure the reports.

How to Configure the MBAM 2.5 Reports

Configure the web applications.

How to Configure the MBAM 2.5 Web Applications

Configure the System Center Configuration Manager Integration (if applicable).

How to Configure the MBAM 2.5 System Center Configuration Manager Integration

- - - -For a list of events about MBAM Server feature configuration, see [Server Event Logs](server-event-logs.md). - - - -## Related topics - - -Configuring the MBAM 2.5 Server Features - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - diff --git a/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md b/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md deleted file mode 100644 index 166bfb30c5..0000000000 --- a/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md +++ /dev/null @@ -1,120 +0,0 @@ ---- -title: Copying the MBAM 2.5 Group Policy Templates -description: Copying the MBAM 2.5 Group Policy Templates -author: dansimp -ms.assetid: e526ecec-07ff-435e-bc90-3084b617b84b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/28/2017 ---- - - -# Copying the MBAM 2.5 Group Policy Templates - - -Before deploying the MBAM Client installation, you must download the MBAM Group Policy Templates, which contain Group Policy settings that define MBAM implementation settings for BitLocker Drive Encryption. After downloading the templates, you then set the Group Policy settings to implement across your enterprise. - -## Downloading and deploying the MDOP Group Policy templates - - -MDOP Group Policy templates are available for download in a self-extracting, compressed file, grouped by technology and version. - -**How to download and deploy the MDOP Group Policy templates** - -1. Download the MDOP Group Policy templates from [Microsoft Desktop Optimization Pack Group Policy Administrative Templates](https://www.microsoft.com/download/details.aspx?id=55531). - -2. Run the downloaded file to extract the template folders. - - **Warning** - Do not extract the templates directly to the Group Policy deployment directory. Multiple technologies and versions are bundled in this file. - - - -3. In the extracted folder, locate the technology-version .admx file. Certain MDOP technologies have multiple sets of Group Policy Objects (GPOs). For example, MBAM includes MBAM Management settings and MBAM User settings. - -4. Locate the appropriate .adml file by language-culture (that is, *en* for English-United States). - -5. Copy the .admx and .adml files to a policy definition folder. Depending on where you store the templates, you can configure Group Policy settings from the local device or from any computer on the domain. - - **Local files.** To configure Group Policy settings from the local device, copy template files to the following locations: - - - - - - - - - - - - - - - - - - - - - - -
File typeFile location

Group Policy template (.admx)

%systemroot%<strong>policyDefinitions

Group Policy language file (.adml)

%systemroot%<strong>policyDefinitions[MUIculture]

- - - -~~~ -**Domain central store.** To enable Group Policy settings configuration by a Group Policy administrator from any computer on the domain, copy files to the following locations on the domain controller: - - ---- - - - - - - - - - - - - - - - - -
File typeFile location

Group Policy template (.admx)

%systemroot%\sysvol\domain\policies\PolicyDefinitions

Group Policy language file (.adml)

%systemroot%\sysvol\domain\policies\PolicyDefinitions\[MUIculture]\[MUIculture]

-

For example, the U.S. English ADML language-specific file will be stored in %systemroot%\sysvol\domain\policies\PolicyDefinitions\en-us.

-~~~ - - - -6. Edit the Group Policy settings using Group Policy Management Console (GPMC) or Advanced Group Policy Management (AGPM) to configure Group Policy settings for the MDOP technology. See [Editing the MBAM 2.5 Group Policy Settings](editing-the-mbam-25-group-policy-settings.md) for more information. - - For descriptions of the Group Policy settings, see [Planning for MBAM 2.5 Group Policy Requirements](planning-for-mbam-25-group-policy-requirements.md). - - -## Related topics - - -[Deploying MBAM 2.5 Group Policy Objects](deploying-mbam-25-group-policy-objects.md) - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - - diff --git a/mdop/mbam-v25/create-or-edit-the-sms-defmof-file-mbam-25.md b/mdop/mbam-v25/create-or-edit-the-sms-defmof-file-mbam-25.md deleted file mode 100644 index efae4b682d..0000000000 --- a/mdop/mbam-v25/create-or-edit-the-sms-defmof-file-mbam-25.md +++ /dev/null @@ -1,395 +0,0 @@ ---- -title: Create or Edit the Sms\_def.mof File -description: Create or Edit the Sms\_def.mof File -author: dansimp -ms.assetid: 0bc5e7d8-9747-4da6-a1b3-38d8f27ba121 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Create or Edit the Sms\_def.mof File - - -To enable the client computers to report BitLocker compliance details through the MBAM Configuration Manager reports, you have to create or edit the Sms\_def.mof file. - -If you are using System Center 2012 Configuration Manager, you must create the file. Create the file on the top-tier site. The changes will be replicated to the other sites in your infrastructure. - -In Configuration Manager 2007, the file already exists, so you only have to edit it. **Do not overwrite the existing file.** - -In the following sections, complete the instructions that correspond to the version of Configuration Manager that you are using. - -**To create the Sms\_def.mof file for System Center 2012 Configuration Manager** - -1. On the Configuration Manager Server, browse to the location where you have to create the Sms\_def.mof file, for example, the Desktop. - -2. Create a text file called **Sms\_def.mof** and copy the following code to populate the file with the following Sms\_def.mof MBAM classes: - - ``` syntax - //=================================================== - // Microsoft BitLocker Administration and Monitoring - //=================================================== - - #pragma namespace ("\\\\.\\root\\cimv2\\SMS") - #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) - [ SMS_Report (TRUE), - SMS_Group_Name ("BitLocker Encryption Details"), - SMS_Class_ID ("MICROSOFT|BITLOCKER_DETAILS|1.0")] - class Win32_BitLockerEncryptionDetails : SMS_Class_Template - { - [ SMS_Report (TRUE), key ] - String DeviceId; - [ SMS_Report (TRUE) ] - String BitlockerPersistentVolumeId; - [ SMS_Report (TRUE) ] - String MbamPersistentVolumeId; - [ SMS_Report (TRUE) ] - //UNKNOWN = 0, OS_Volume = 1, FIXED_VOLUME = 2, REMOVABLE_VOLUME = 3 - SInt32 MbamVolumeType; - [ SMS_Report (TRUE) ] - String DriveLetter; - [ SMS_Report (TRUE) ] - //VOLUME_NOT_COMPLIANT = 0, VOLUME_COMPLIANT = 1, NOT_APPLICABLE = 2 - SInt32 Compliant; - [ SMS_Report (TRUE) ] - SInt32 ReasonsForNonCompliance[]; - [ SMS_Report (TRUE) ] - SInt32 KeyProtectorTypes[]; - [ SMS_Report (TRUE) ] - SInt32 EncryptionMethod; - [ SMS_Report (TRUE) ] - SInt32 ConversionStatus; - [ SMS_Report (TRUE) ] - SInt32 ProtectionStatus; - [ SMS_Report (TRUE) ] - Boolean IsAutoUnlockEnabled; - [ SMS_Report (TRUE) ] - String NoncomplianceDetectedDate; - [ SMS_Report (TRUE) ] - String EnforcePolicyDate; - }; - - #pragma namespace ("\\\\.\\root\\cimv2\\SMS") - #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL) - [ SMS_Report(TRUE), - SMS_Group_Name("BitLocker Policy"), - SMS_Class_ID("MICROSOFT|MBAM_POLICY|1.0")] - Class Win32Reg_MBAMPolicy: SMS_Class_Template - { - [SMS_Report(TRUE),key] - string KeyName; - - //General encryption requirements - [SMS_Report(TRUE)] - UInt32 OsDriveEncryption; - [ SMS_Report (TRUE) ] - UInt32 FixedDataDriveEncryption; - [ SMS_Report (TRUE) ] - UInt32 EncryptionMethod; - - //Required protectors properties - [ SMS_Report (TRUE) ] - UInt32 OsDriveProtector; - [ SMS_Report (TRUE) ] - UInt32 FixedDataDriveAutoUnlock; - [ SMS_Report (TRUE) ] - UInt32 FixedDataDrivePassphrase; - - //MBAM Agent fields - //Policy not enforced (0), enforced (1), pending user exemption request (2) or exempted user (3) - [SMS_Report(TRUE)] - Uint32 MBAMPolicyEnforced; - [SMS_Report(TRUE)] - string LastConsoleUser; - //Date of the exemption request of the last logged on user, - //or the first date the exemption was granted to him on this machine. - [SMS_Report(TRUE)] - datetime UserExemptionDate; - //Errors encountered by MBAM agent. - [ SMS_Report (TRUE) ] - UInt32 MBAMMachineError; - [ SMS_Report (TRUE) ] - string EncodedComputerName; - }; - - //Read Win32_OperatingSystem.SKU WMI property in a new class - because SKU is not available before Vista. - #pragma namespace ("\\\\.\\root\\cimv2\\SMS") - #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL) - [ SMS_Report (TRUE), - SMS_Group_Name ("Operating System Ex"), - SMS_Class_ID ("MICROSOFT|OPERATING_SYSTEM_EXT|1.0") ] - class CCM_OperatingSystemExtended : SMS_Class_Template - { - [SMS_Report (TRUE), key ] - string Name; - [SMS_Report (TRUE) ] - uint32 SKU; - }; - - //Read Win32_ComputerSystem.PCSystemType WMI property in a new class - because PCSystemType is not available before Vista. - #pragma namespace ("\\\\.\\root\\cimv2\\SMS") - #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL) - [ SMS_Report (TRUE), - SMS_Group_Name ("Computer System Ex"), - SMS_Class_ID ("MICROSOFT|COMPUTER_SYSTEM_EXT|1.0") ] - class CCM_ComputerSystemExtended : SMS_Class_Template - { - [SMS_Report (TRUE), key ] - string Name; - [SMS_Report (TRUE) ] - uint16 PCSystemType; - }; - - //======================================================= - // Microsoft BitLocker Administration and Monitoring end - //======================================================= - ``` - -3. Import the **Sms\_def.mof** file by doing the following: - - 1. Open the **System Center 2012 Configuration Manager console** and select the **Administration** tab. - - 2. On the **Administration** tab, select **Client Settings**. - - 3. Right-click **Default Client Settings**, and then select **Properties**. - - 4. In the **Default Settings** window, select **Hardware Inventory**. - - 5. Click **Set Classes**, and then click **Import**. - - 6. In the browser that opens, select your **.mof** file, and then click **Open**. The **Import Summary** window opens. - - 7. In the **Import Summary** window, ensure that the option to import both hardware inventory classes and class settings is selected, and then click **Import**. - - 8. In both the **Hardware Inventory Classes** window and the **Default Settings** window, click **OK**. - -4. Enable the **Win32\_Tpm** class as follows: - - 1. Open the **System Center 2012 Configuration Manager console** and select the **Administration** tab. - - 2. On the **Administration** tab, select **Client Settings**. - - 3. Right-click **Default Client Settings**, and then select **Properties**. - - 4. In the **Default Settings** window, select **Hardware Inventory**. - - 5. Click **Set Classes**. - - 6. In the main window, scroll down, and then select the **TPM (Win32\_Tpm)** class. - - 7. Under **TPM**, ensure that the **SpecVersion** property is selected. - - 8. In both the **Hardware Inventory Classes** window and the **Default Settings** window, click **OK**. - -**To edit the sms\_def.mof file for Configuration Manager 2007** - -1. On the Configuration Manager Server, browse to the location of the **sms\_def.mof** file: - - <CMInstallLocation>\\Inboxes\\clifiles.src\\hinv\\ - - On a default installation, the installation location is %systemdrive% \\Program Files (x86)\\Microsoft Configuration Manager. - -2. Copy the following code, and then append it to **Sms\_def.mof** file to add the following required MBAM classes to the file: - - ``` syntax - //=================================================== - // Microsoft BitLocker Administration and Monitoring - //=================================================== - - #pragma namespace ("\\\\.\\root\\cimv2\\SMS") - #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) - [ SMS_Report (TRUE), - SMS_Group_Name ("BitLocker Encryption Details"), - SMS_Class_ID ("MICROSOFT|BITLOCKER_DETAILS|1.0")] - class Win32_BitLockerEncryptionDetails : SMS_Class_Template - { - [ SMS_Report (TRUE), key ] - String DeviceId; - [ SMS_Report (TRUE) ] - String BitlockerPersistentVolumeId; - [ SMS_Report (TRUE) ] - String MbamPersistentVolumeId; - [ SMS_Report (TRUE) ] - //UNKNOWN = 0, OS_Volume = 1, FIXED_VOLUME = 2, REMOVABLE_VOLUME = 3 - SInt32 MbamVolumeType; - [ SMS_Report (TRUE) ] - String DriveLetter; - [ SMS_Report (TRUE) ] - //VOLUME_NOT_COMPLIANT = 0, VOLUME_COMPLIANT = 1, NOT_APPLICABLE = 2 - SInt32 Compliant; - [ SMS_Report (TRUE) ] - SInt32 ReasonsForNonCompliance[]; - [ SMS_Report (TRUE) ] - SInt32 KeyProtectorTypes[]; - [ SMS_Report (TRUE) ] - SInt32 EncryptionMethod; - [ SMS_Report (TRUE) ] - SInt32 ConversionStatus; - [ SMS_Report (TRUE) ] - SInt32 ProtectionStatus; - [ SMS_Report (TRUE) ] - Boolean IsAutoUnlockEnabled; - [ SMS_Report (TRUE) ] - String NoncomplianceDetectedDate; - [ SMS_Report (TRUE) ] - String EnforcePolicyDate; - }; - - #pragma namespace ("\\\\.\\root\\cimv2\\SMS") - #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL) - [ SMS_Report(TRUE), - SMS_Group_Name("BitLocker Policy"), - SMS_Class_ID("MICROSOFT|MBAM_POLICY|1.0"), - SMS_Context_1("__ProviderArchitecture=32|uint32"), - SMS_Context_2("__RequiredArchitecture=true|boolean")] - Class Win32Reg_MBAMPolicy: SMS_Class_Template - { - [SMS_Report(TRUE),key] - string KeyName; - - //General encryption requirements - [SMS_Report(TRUE)] - UInt32 OsDriveEncryption; - [ SMS_Report (TRUE) ] - UInt32 FixedDataDriveEncryption; - [ SMS_Report (TRUE) ] - UInt32 EncryptionMethod; - - //Required protectors properties - [ SMS_Report (TRUE) ] - UInt32 OsDriveProtector; - [ SMS_Report (TRUE) ] - UInt32 FixedDataDriveAutoUnlock; - [ SMS_Report (TRUE) ] - UInt32 FixedDataDrivePassphrase; - - //MBAM Agent fields - //Policy not enforced (0), enforced (1), pending user exemption request (2) or exempted user (3) - [SMS_Report(TRUE)] - Uint32 MBAMPolicyEnforced; - [SMS_Report(TRUE)] - string LastConsoleUser; - //Date of the exemption request of the last logged on user, - //or the first date the exemption was granted to him on this machine. - [SMS_Report(TRUE)] - datetime UserExemptionDate; - //Errors encountered by MBAM agent. - [ SMS_Report (TRUE) ] - UInt32 MBAMMachineError; - // Encoded Computer Name - [ SMS_Report (TRUE) ] - string EncodedComputerName; - }; - - #pragma namespace ("\\\\.\\root\\cimv2\\SMS") - #pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL) - [ SMS_Report(TRUE), - SMS_Group_Name("BitLocker Policy"), - SMS_Class_ID("MICROSOFT|MBAM_POLICY|1.0"), - SMS_Context_1("__ProviderArchitecture=64|uint32"), - SMS_Context_2("__RequiredArchitecture=true|boolean")] - Class Win32Reg_MBAMPolicy_64: SMS_Class_Template - { - [SMS_Report(TRUE),key] - string KeyName; - - //General encryption requirements - [SMS_Report(TRUE)] - UInt32 OsDriveEncryption; - [ SMS_Report (TRUE) ] - UInt32 FixedDataDriveEncryption; - [ SMS_Report (TRUE) ] - UInt32 EncryptionMethod; - - //Required protectors properties - [ SMS_Report (TRUE) ] - UInt32 OsDriveProtector; - [ SMS_Report (TRUE) ] - UInt32 FixedDataDriveAutoUnlock; - [ SMS_Report (TRUE) ] - UInt32 FixedDataDrivePassphrase; - - //MBAM Agent fields - //Policy not enforced (0), enforced (1), pending user exemption request (2) or exempted user (3) - [SMS_Report(TRUE)] - Uint32 MBAMPolicyEnforced; - [SMS_Report(TRUE)] - string LastConsoleUser; - //Date of the exemption request of the last logged on user, - //or the first date the exemption was granted to him on this machine. - [SMS_Report(TRUE)] - datetime UserExemptionDate; - //Errors encountered by MBAM agent. - [ SMS_Report (TRUE) ] - UInt32 MBAMMachineError; - // Encoded Computer Name - [ SMS_Report (TRUE) ] - string EncodedComputerName; - }; - - //Read Win32_OperatingSystem.SKU WMI property in a new class - because SKU is not available before Vista. - #pragma namespace ("\\\\.\\root\\cimv2\\SMS") - #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL) - [ SMS_Report (TRUE), - SMS_Group_Name ("Operating System Ex"), - SMS_Class_ID ("MICROSOFT|OPERATING_SYSTEM_EXT|1.0") ] - class CCM_OperatingSystemExtended : SMS_Class_Template - { - [SMS_Report (TRUE), key ] - string Name; - [SMS_Report (TRUE) ] - uint32 SKU; - }; - - //Read Win32_ComputerSystem.PCSystemType WMI property in a new class - because PCSystemType is not available before Vista. - #pragma namespace ("\\\\.\\root\\cimv2\\SMS") - #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL) - [ SMS_Report (TRUE), - SMS_Group_Name ("Computer System Ex"), - SMS_Class_ID ("MICROSOFT|COMPUTER_SYSTEM_EXT|1.0") ] - class CCM_ComputerSystemExtended : SMS_Class_Template - { - [SMS_Report (TRUE), key ] - string Name; - [SMS_Report (TRUE) ] - uint16 PCSystemType; - }; - - //======================================================= - // Microsoft BitLocker Administration and Monitoring end - //======================================================= - ``` - -3. Modify the **Win32\_Tpm** class as follows: - - - Set **SMS\_REPORT** to **TRUE** in the class attributes. - - - Set **SMS\_REPORT** to **TRUE** in the **SpecVersion** property attribute. - - **Got a suggestion for MBAM**? Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). **Got a MBAM issue**? Use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - -## Related topics - - -[MBAM 2.5 Server Prerequisites that Apply Only to the Configuration Manager Integration Topology](mbam-25-server-prerequisites-that-apply-only-to-the-configuration-manager-integration-topology.md) - -[Edit the Configuration.mof File](edit-the-configurationmof-file-mbam-25.md) - -[MBAM 2.5 Server Prerequisites for Stand-alone and Configuration Manager Integration Topologies](mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md) - -  - -  -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - diff --git a/mdop/mbam-v25/customizing-the-self-service-portal-for-your-organization.md b/mdop/mbam-v25/customizing-the-self-service-portal-for-your-organization.md deleted file mode 100644 index b5343853e6..0000000000 --- a/mdop/mbam-v25/customizing-the-self-service-portal-for-your-organization.md +++ /dev/null @@ -1,80 +0,0 @@ ---- -title: Customizing the Self-Service Portal for Your Organization -description: Customizing the Self-Service Portal for Your Organization -author: dansimp -ms.assetid: f007e02b-e2df-47a9-9762-5909e230aa3f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Customizing the Self-Service Portal for Your Organization - - -After configuring the Self-Service Portal, you will want to customize it for your organization by adding custom notice text, your company name, and other company-specific information. - -## Customizing the Self-Service Portal information - - -You can customize the Self-Service Portal in the following ways: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
What you can doInstructions

You can brand the Self-Service Portal with your company name, Help Desk URL, and can change the Session Time-out setting to make the end user’s session expire after a specified period of inactivity.

How to Set the Self-Service Portal Branding and Session Time-out

You can turn the Self-Service Portal notice text on or off.

How to Turn the Self-Service Portal Notice Text On or Off

You can configure a localized version of the Self-Service Portal "HelpdeskText" statement, which tells end users how to get additional help when they are using the Self-Service Portal.

How to Localize the “HelpdeskText” Statement that Points Users to More Self-Service Portal Information

You can configure a localized version of the Self-Service Portal "HelpdeskURL" to display to end users by default.

How to Localize the Self-Service Portal “HelpdeskURL”

You can configure localized notice text to display to end users by default in the Self-Service Portal.

How to Localize the Self-Service Portal Notice Text

- - - - - -## Related topics - - -[How to Configure the MBAM 2.5 Web Applications](how-to-configure-the-mbam-25-web-applications.md) - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).  - - - - - diff --git a/mdop/mbam-v25/deploy-mbam.md b/mdop/mbam-v25/deploy-mbam.md deleted file mode 100644 index c035e3eadb..0000000000 --- a/mdop/mbam-v25/deploy-mbam.md +++ /dev/null @@ -1,594 +0,0 @@ ---- -title: Deploying MBAM 2.5 in a stand-alone configuration -description: Introducing how to deploy MBAM 2.5 in a stand-alone configuration. -author: Deland-Han -ms.reviewer: dcscontentpm -manager: dansimp -ms.author: delhan -ms.sitesec: library -ms.prod: w10 -ms.date: 09/16/2019 ---- - -# Deploying MBAM 2.5 in a standalone configuration - -This article provides step-by-step instructions for installing Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 in a standalone configuration. In this guide we will use a two-server configuration. One of the two servers will be a database server running Microsoft SQL Server 2012. This server will host the MBAM databases and reports. The additional server will be a Windows Server 2012 web server hosting "Administration and Monitoring Server" and "Self-Service Portal." - -## Preparation steps before installing MBAM 2.5 server software - -### Step 1: Installation and configuration of servers - -Before we start configuring MBAM 2.5, we have to make sure that both servers are configured as per MBAM system requirements. See the [MBAM minimum system requirements](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/mbam-25-supported-configurations#-mbam-server-system-requirements), and select a configuration that meets these requirements. - -#### Step 1.1: Deploying prerequisites for database and reporting server - -1. Install and configure a server running Windows Server 2008 R2 (or later) operating system. - -2. Install Windows PowerShell 3.0. - -3. Install Microsoft SQL Server 2008 R2 or a later version that includes the latest service pack. If you are installing a new instance of SQL Server for MBAM, make sure the SQL Server you install includes the SQL_Latin1_General_CP1_CI_AS collation. You’ll have to install the following SQL Server features: - - * Database Engine - * Reporting Services - * Client Tools Connectivity - * Management Tools – Complete - - > [!Note] - > Optionally, you can also install the [Transparent Data Encryption (TDE) feature in SQL Server](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/mbam-25-security-considerations). - - SQL Server Reporting Services must be installed and configured in "native" mode and not in unconfigured or "SharePoint" mode. - - ![The required SQL Server features](images/deploying-MBAM-1.png) - -4. If you plan to use SSL for the Administration and Monitoring website, make sure that you configure SQL Server Reporting Services (SSRS) to use the Secure Sockets Layer (SSL) protocol before you configure the Administration and Monitoring website. Otherwise, the Reports feature will use unencrypted (HTTP) data transport instead of encrypted (HTTPS). - - You can follow [Configure SSL Connections](https://docs.microsoft.com/sql/reporting-services/security/configure-ssl-connections-on-a-native-mode-report-server?view=sql-server-2017) on a Native Mode Report Server to configure SSL on Report Server. - - > [!Note] - > You can follow the SQL Server Installation Guide for your respective version of SQL Server to install SQL Server. The links are as follows: - > * [SQL Server 2014](https://docs.microsoft.com/sql/sql-server/install/planning-a-sql-server-installation?view=sql-server-2014) - > * [SQL Server 2012](https://docs.microsoft.com/previous-versions/sql/sql-server-2012/bb500442(v=sql.110)) - > * [SQL Server 2008 R2](https://docs.microsoft.com/previous-versions/sql/sql-server-2012/bb500442(v=sql.110)) - -5. In the post-installation of SQL Server, make sure that you provision the user account in SQL Server, and assign the following permissions to the user who will configure the MBAM database and reporting roles on the database server. - - Roles for the instance of SQL Server: - - * dbcreator - * processadmin - - Rights for the instance of SQL Server Reporting Services: - - * Create Folders - * Publish Reports - -Your database server is ready for configuration of MBAM 2.5 roles. Let’s move to the next server. - -#### Step 1.2: Deploying prerequisites for administration and monitoring server - -Choose a server that meets the hardware configuration as explained in the [MBAM system requirements document](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/mbam-25-supported-configurations#-mbam-server-system-requirements). It must be running Windows Server 2008 R2 or a later operating system together with latest service pack and updates. After the server is ready, install the following roles and features: - -##### Roles - -* Web Server (IIS) Management Tools (Select IIS Management Scripts and Tools.) - -* Web Server Role Services - - * Common HTTP features
- Static Content
- Default Document - - * Application development
- ASP.NET
- .NET Extensibility
- ISAPI Extensions
- ISAPI Filters
- Security
- Windows Authentication
- Request Filtering - - * Web Service IIS Management Tools - -##### Feature - -* .NET Framework 4.5 features - - * Microsoft .NET Framework 4.5 - - For Windows Server 2012 or Windows Server 2012 R2, .NET Framework 4.5 is already installed for these versions of Windows Server. However, you must enable it. - - For Windows Server 2008 R2, .NET Framework 4.5 is not included with Windows Server 2008 R2. So, you must download .NET Framework 4.5 and install it separately. - - * WCF Activation
- HTTP Activation
- Non-HTTP Activation - - * TCP Activation - - * Windows Process Activation Service:
- Process Model
- .NET Framework Environment
- Configuration APIs - -For the self-service portal to work, you should also [download and install ASP.NET MVC 4.0](https://go.microsoft.com/fwlink/?linkid=392271). - -The next step is to create the required MBAM users and groups in Active Directory. - -### Step 2: Creating users and groups in Active Directory Domain Services - -As part of the prerequisites, you must define certain roles and accounts that are used in MBAM to provide security and access rights to specific servers and features, such as the databases that are running on the instance of SQL Server and the web applications that are running on the Administration and Monitoring Server. - -Create the following groups and users in Active Directory. (You can use any name for the groups and users.) Users do not have to have greater user rights. A domain user account is sufficient. You’ll have to specify the name of these groups during configuration of MBAM 2.5: - -* **MBAMAppPool** - - **Type**: Domain User - - **Description**: Domain user who has Read or Write permission to the Compliance and Audit Database and the Recovery Database to enable the web applications to access the data and reports in these databases. It will also be used by the application pool for the web applications. - - **Account Roles (During Configuration of MBAM)**: - - 1. Web service application pool domain account - - 2. Compliance and Audit Database and Recovery Database read/write user for reports - -* **MBAMROUser** - - **Type**: Domain User - - **Description**: Domain user who will have Read-Only access to the Compliance and Audit Database to enable the reports to access the compliance and audit data in this database. It will also be the domain user account that the local SQL Server Reporting Services instance uses to access the Compliance and Audit Database. - - **Account Roles (During Configuration of MBAM)**: - - 1. Compliance and Audit Database read-only user for reports - - 2. Compliance and Audit Database domain user account - -* **MBAMAdvHelpDsk** - - **Type**: Domain Group - - **Description**: MBAM Advanced Helpdesk Users access group: Domain user group whose members have access to all areas of the Administration and Monitoring Website. Users who have this role have to enter only the recovery key, not the user’s domain and user name, when they are helping users recover their drives. If a user is a member of both the MBAM Helpdesk Users group and the MBAM Advanced Helpdesk Users group, the MBAM Advanced Helpdesk Users group permissions override the MBAM Helpdesk Group permissions. - - **Account Roles (During Configuration of MBAM)**: MBAM Advanced Helpdesk Users - -* **MBAMHelpDsk** - - **Type**: Domain Group - - **Description**: MBAM Helpdesk Users access group: Domain user group whose members have access to the Manage TPM and Drive Recovery areas of the MBAM Administration and Monitoring Website. People who have this role must fill in all fields when they use either option. This includes the user’s domain and account name. - - **Account Roles (During Configuration of MBAM)**: MBAM Helpdesk Users - -* **MBAMRUGrp** - - **Type**: Domain Group - - **Description**: Domain user group whose members have read-only access to the reports in the Reports area of the Administration and Monitoring Website. - - **Account Roles (During Configuration of MBAM)**: - - 1. Reports read-only domain access group - - 2. MBAM Report Users access group - -### Step 3 (Optional): Configure and install SSL certificate on administration and monitoring server - -Although it’s optional, we highly recommend that you use a certificate to help secure the communication between the MBAM Client and the Administration and Monitoring Website and the Self-Service Portal websites. We do not recommend that you use self-signed certificates because of obvious security reasons. We suggest that you use a Web Server Type Certificate from a trusted Certification Authority. To do this, you can refer the "Using Certificate Approved by Certificate Authority" section from [KB 2754259](https://support.microsoft.com/help/2754259). - -After the certificate is issued, you should add the certificate to the personal store of the Administration and Monitoring Server. To add the certificate, open the Certificates store on the local computer. To do this, follow these steps: - -1. Right-select Start, and then select Run. - - ![Select ](images/deploying-MBAM-2.png) - -2. Type "MMC.EXE" (without the quotation marks), and then select **OK**. - - ![Run box](images/deploying-MBAM-3.png) - -3. Select **File** in the new MMC that you opened, and then select **Add/Remove Snap-in**. - - ![Select](images/deploying-MBAM-4.png) - -4. Highlight the **Certificates** snap-in, and then select **Add**. - - ![Add or Remove Snap-ins window](images/deploying-MBAM-5.png) - -5. Select the **Computer account** option, and then select **Next**. - - ![Certificates snap-in window](images/deploying-MBAM-6.png) - -6. Select **Local Computer** on the next screen, and then select **Finish**. - - ![Select Computer window](images/deploying-MBAM-7.png) - -7. You have now added the Certificates snap-in. This will enable you to work with any certificates in your computer's certificate store. - - ![Add or Remove Snap-ins window](images/deploying-MBAM-8.png) - -8. Import the web server certificate into your computer's certificate store. - - Now that you have access to the Certificates snap-in, you can import the web server certificate into your computer's certificate store. To do this, follow the next steps. - -9. Open the Certificates (Local Computer) snap-in, and browse to **Personal** and then **Certificates**. - - ![Certificates (Local Computer) snap-in window](images/deploying-MBAM-9.png) - - > [!Note] - > The Certificates snap-in may not be listed. If it is not, no certificates are installed. - -10. Right-select **Certificates**, select **All Tasks**, and then select **Import**. - - ![Certificates (Local Computer) snap-in window](images/deploying-MBAM-10.png) - -11. When the wizard starts, select **Next**. Browse to the file that you created that contains your server certificate and private key, and then select **Next**. - - ![Certificate Import Wizard window](images/deploying-MBAM-11.png) - -12. Enter the password if you specified one for the file when you created it. - - ![Enter password window](images/deploying-MBAM-12.png) - - > [!Note] - > Make sure that the **Mark the key as exportable** option is selected if you want to be able to export the key pair again from this computer. As an added security measure, you may want to leave this option cleared to make sure that no one can make a backup of your private key. - -13. Select **Next**, and then select the **Certificate Store** to which you want to save the certificate. - - ![Certificate Import Wizard window](images/deploying-MBAM-13.png) - - > [!Note] - > You should select **Personal**, because it is a web server certificate. If you included the certificate in the certification hierarchy, it will also be added to this store. - -14. Select **Next**, and then select **Finish**. - - ![Certificate Import Wizard window](images/deploying-MBAM-14.png) - -You will now see the server certificate for your web server in the Personal Certificates list. It will be denoted by the common name of the server. (You can find this in the subject section of the certificate.) - -For further reference: - -[MBAM 2.5 Security Considerations](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/mbam-25-security-considerations) - -[Planning How to Secure the MBAM Websites](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/planning-how-to-secure-the-mbam-websites) - -The next step is to register a service principle name for the application pool account. - -### Step 4: Configuring SSL certificate for MBAM Web Server - -If you are using SSL communication between the client and server, you should make sure that the certificate has Enhanced Key Usage OIDs (1.3.6.1.5.5.7.3.1) and (1.3.6.1.5.5.7.3.2). That is, you should make sure that Server Authentication and Client Authentication are added. - -If you receive a certificate error when you try to browse service URLs, you are using a certificate that was issued to a different name, or you are browsing by using an incorrect URL. - -Although the browser may prompt you with a certificate error message but let you continue, the MBAM web service will not ignore certificate errors and will block the connection. You will notice certificate-related errors in the MBAM client’s MBAM Admin event log. If you are using an alias to connect to the Administration and Monitoring server, you should issue a certificate to the alias name. That is, the subject name of the certificate should be the alias name, and the local server’s DNS name should be added to the **Subject Alternative Name** field of the certificate. - -Example: - -If the virtual name is "bitlocker.contoso.com" and the MBAM Administration and Monitoring server name is "adminserver.contoso.com," the certificate should be issued to bitlocker.contoso.com (subject name), and adminserver.contoso.com should be added to **Subject Alternative Name** field of the certificate. - -Similarly, if you have multiple Administration and Monitoring servers installed to balance the load by using a load balancer, you should issue the SSL certificate to the virtual name. That is, the subject name field of the certificate should have the virtual name, and the names of all the local servers should be added in the **Subject Alternative Name** field of the certificate. - -Example: - -If the virtual name is "bitlocker.contoso.com" and the servers are "adminserver1.contoso.com" and "adminiserver2.contoso.com," the certificate should be issued to bitlocker.contoso.com (subject name) and adminserver1.contoso.com, and adminiserver2.contoso.com should be added to the **Subject Alternative Name** field of the certificate. - -The steps to configure SSL communication by using MBAM are described in the following Knowledge Base article: [KB 2754259](https://support.microsoft.com/help/2754259). - -### Step 5: Register SPNS for the application pool account and configure constrained delegation - -> [!Note] -> Constrained delegation is required only for 2.5 and is not required for 2.5 Service Pack 1 and later. - -To enable the MBAM servers to authenticate communication from the Administration and Monitoring Website and the Self-Service Portal, you must register a Service Principal Name (SPN) for the host name under the domain account that you are using for the web application pool. The following article contains step-by-step instructions to register SPNs: [Planning How to Secure the MBAM Websites](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/planning-how-to-secure-the-mbam-websites) - -After you have the SPN configured, you should set up constrained delegation on the SPN. To do this, follow these steps: - -1. Go to Active Directory, and find the app pool credentials that you configured for MBAM websites in the previous steps. - -2. Right-click the credentials, and then select **properties**. - -3. Select the **delegation** tab. - -4. Select the option for Kerberos authentication. - -5. Select **browse**, and browse again for your app pool credentials. You should then see the all the SPNs that are set up on the app pool creds account. (The SPN should resemble "http/bitlocker.fqdn.com"). Highlight the SPN that is the same as the host name that you specified during the MBAM installation. - -6. Select **OK**. - -Now you are good with prerequisites. In the next steps, you will install the MBAM software on the servers and configure it. - -## Installing and configuring MBAM 2.5 server software - -### Step 6: Install MBAM 2.5 server software - -To install the MBAM Server software by using the Microsoft BitLocker Administration and Monitoring Setup wizard both on Database Server and on Administration and Monitoring Server, follow these steps. - -1. On the server on which you want to install MBAM, run MBAMserversetup.exe to start the Microsoft BitLocker Administration and Monitoring Setup wizard. - -2. On the Welcome page, select **Next**. - -3. Read and accept the Microsoft Software License Agreement, and then select **Next** to continue the installation. - -4. Decide whether to use Microsoft Update when you check for updates, and then select **Next**. - -5. Decide whether to participate in the Customer Experience Improvement Program, and then select **Next**. - -6. To start the installation, select **Install**. - -7. To configure the server features after the MBAM Server software finishes installing, select the **Run MBAM Server Configuration after the wizard closes** check box. Or, you can configure MBAM later by using the **MBAM Server Configuration** shortcut that the server installation creates on your **Start** menu. - -8. Select **Finish**. - -For more information, see [Installing the MBAM 2.5 Server Software](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/installing-the-mbam-25-server-software). - -### Step 7: Configure MBAM 2.5 database and reports role - -In this step, we will configure the MBAM 2.5 databases and reporting component by using the MBAM Wizard: - -1. Configure the Compliance and Audit Database and the Recovery Database by using the wizard: - - 1. On the server on which you want to configure the databases, start the **MBAM Server Configuration wizard**. You can select **MBAM Server Configuration** on the **Start** menu to open the wizard. - - 2. Select **Add New Features**, select **Compliance and Audit Database**, **Recovery Database and Reports**, and then select **Next**. The wizard checks that all prerequisites for the databases are met. - - 3. If the prerequisite check is successful, select **Next** to continue. Otherwise, resolve any missing prerequisites, and then select **Check prerequisites again**. - - 4. Using the following descriptions, enter the field values in the wizard: - -2. Compliance and audit database - - |Field |Description| - |-------|-------| - |SQL Server name |Name of the server on which you are configuring the Compliance and Audit Database.
You must add an exception on the Compliance and Audit Database computer to enable incoming inbound traffic on the SQL Server port. The default port number is 1433.| - |SQL Server database instance |Name of the database instance where the compliance and audit data will be stored. If you are using the default instance, you must leave this field blank. You must also specify where the database information will be located.| - |Database name |Name of the database that will store the compliance data. You must note the name of the database that you are specifying here because you will have to provide this information in later steps.| - |Read/write permission domain user or group |Specify the name of the MBAMAppPool user as configured in step 2.| - |Read-only access domain user or group |Specify the name of the MBAMROUser user as configured in step 2.| - -3. Recovery database. - - |Field |Description| - |-----|-----| - |SQL Server name |Name of the server on which you are configuring the Recovery Database. You must add an exception on the Recovery Database computer to enable incoming inbound traffic on the SQL Server port. The default port number is 1433.| - |SQL Server database instance |Name of the database instance where the recovery data will be stored. If you are using the default instance, you must leave this field blank. You must also specify where the database information will be located.| - |Database name |Name of the database that will store the recovery data.| - |Read/write permission domain user or group |Domain user or group that has read/write permission to this database to enable the web applications to access the data and reports in this database.
If you enter a user in this field, it must be the same value as the value in the **Web service application pool domain account** field on the **Configure Web Applications** page.
If you enter a group in this field, the value in the **Web service application pool domain account** field on the **Configure Web Applications** page must be a member of the group that you enter in this field.| - - When you finish your entries, select **Next**. The wizard checks that all prerequisites for the databases are met. - - If the prerequisite check is successful, select **Next** to continue. Otherwise, resolve any missing prerequisites, and then select **Next** again. - -4. Reports. - - |Field |Description| - |----|----| - |SQL Server Reporting Services instance |Instance of SQL Server Reporting Services where the reports will be configured. If you are using the default instance, you must leave this field blank.| - |Reporting role domain group |Specify the name of the MBAMRUGrp as mentioned in step 2.| - |SQL Server name |Name of the server on which the Compliance and Audit Database is configured.| - |SQL Server database instance |Name of the database instance where the compliance and audit data is configured. If you are using the default instance, you must leave this field blank.
You must add an exception on the Reports computer to enable incoming traffic on the port of the Reporting Server. (The default port is 80.)| - |Database name| Name of the Compliance and Audit Database. By default, the database name is MBAM Compliance Status.| - |Compliance and Audit Database domain account |Specify the name of the MBAMROUser user as configured in step 2.| - - When you finish your entries, select **Next**. The wizard checks that all prerequisites for the Reports feature are met. Select Next to continue. On the **Summary** page, review the features that will be added. - - For more information, see the following article: [How to Configure the MBAM 2.5 Databases](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/how-to-configure-the-mbam-25-databases). - -### Step 8: Configure the MBAM 2.5 Web applications role - -1. On the server on which you want to configure the web applications, start the MBAM Server Configuration wizard. You can select **MBAM Server Configuration** on the **Start** menu to open the wizard. - -2. Select **Add New Features**, select **Administration and Monitoring Website** and **Self-Service Portal**, and then select **Next**. The wizard checks that all prerequisites for the databases are met. - -3. If the prerequisite check is successful, select **Next** to continue. Otherwise, resolve any missing prerequisites, and then select **Check prerequisites again**. - -4. Use the following descriptions to enter the field values in the wizard. - - |Field |Description| - |-----|-----| - |Security certificate |Select a previously created certificate in step 3 to optionally encrypt the communication between the web services and the server on which you are configuring the Administration and Monitoring Website. If you select Do not use a certificate, your web communication may not be secure.| - |Host name |Name of the host computer on which you are configuring the Administration and Monitoring Website.
It does not have to be the hostname of the machine, it could be anything. However, if the hostname is different than the netbios name of the computer, you have to create an A record and make sure the SPN uses the custom hostname, not the netbios name. This is common on load balancing scenarios.| - |Installation path |Path on which you are installing the Administration and Monitoring Website.| - |Port |Port number to use for website communication.
You must set a firewall exception to enable communication through the specified port.| - |Web service application pool domain account and password |Specify the user account and password of the MBAMAppPool user as configured in step 2.
For improved security, set the account that is specified in the credentials to have limited user rights. Also, set the password of the account to never expire.| - -5. Verify that the built-in IIS_IUSRS account or the application pool account was added to the **Impersonate a client after authentication** and the **Log on as a batch job** local security settings. - - To check whether the account was added to the local security settings, open the **Local Security Policy editor**, expand the **Local Policies** node, select the **User Rights Assignment** node, and double-select **Impersonate a client after authentication** and **Log on as a batch job** policies in the right-side pane. - -6. Use the following field descriptions to configure the connection information in the wizard for the Compliance and Audit Database. - |Field |Description| - |------|------| - |SQL Server name |Name of the server on which the Compliance and Audit Database is configured.| - |SQL Server database instance |Name of the instance of SQL Server (for example, \) and on which the Compliance and Audit Database is configured. Leave this blank if you are using the default instance.| - |Database name |Name of the Compliance and Audit Database. By default, it’s "MBAM Compliance Status".| - -7. Use the following field descriptions to configure the connection information in the wizard for the Recovery Database. - |Field |Description| - |----|----| - |SQL Server name |Name of the server on which the Recovery Database is configured.| - |SQL Server database instance |Name of the instance of SQL Server (for example, \) on which the Recovery Database is configured. Leave this blank if you are using the default instance.| - |Database name |Name of the Recovery Database. By default, it’s "MBAM Recovery and Hardware".| - -8. Use the following descriptions to enter the field values in the wizard to configure the Administration and Monitoring Website. - |Field |Description| - |----|----| - |Advanced Helpdesk role domain group |Specify the name of the MBAMAdvHelpDsk Group as configured in step 2.| - |Helpdesk role domain group |Specify the name of the MBAMHelpDsk Group as configured in step 2.| - |Use System Center Configuration Manager Integration |Select to clear this check box. | - |Reporting role domain group |Specify the name of the MBAMRUGrp Group as configured in step 2. | - |SQL Server Reporting Services URL |Specify the Web Service URL for the SSRS server on which the MBAM reports are configured. You can find this information by logging in to Reporting Services Configuration Manager on the Database Server.
Example of a fully qualified domain name: https://MyReportServer.Contoso.com/ReportServer
Example of a custom host name: https://MyReportServer/ReportServer| - |Virtual directory |Virtual directory of the Administration and Monitoring Website. This name corresponds to the website’s physical directory on the server and is appended to the website’s host name. For example:
http(s)://*\*:*\*/HelpDesk/
If you do not specify a virtual directory, the value HelpDesk will be used. | - -9. Use the following description to enter the field values in the wizard to configure the Self-Service Portal. - - |Field |Description| - |----|----| - |Virtual directory |Virtual directory of the web application. This name corresponds to the website’s physical directory on the server and is appended to the website’s host name. For example:
http(s)://*\*:*\*/SelfService/
If you do not specify a virtual directory, the value "SelfService" will be used.| - -10. When you finish your entries, select **Next**. The wizard checks that all prerequisites for the web applications are met. - -11. Select **Next** to continue. - -12. On the **Summary** page, review the features that will be added. - -13. Select **Add** to add the web applications to the server, and then select **Close**. - -## Customizing and validating steps after installing MBAM 2.5 server software - -### Step 9: Customizing the self-server portal for your organization - -To customize the Self-Service Portal by adding custom notice text, your company name, pointers to more information, and so on, see [Customizing the Self-Service Portal for Your Organization](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/customizing-the-self-service-portal-for-your-organization). - -### Step 10: Configure the self-server portal if client computers cannot access the CDN - -Determine whether your client computers have access to the Microsoft AJAX Content Delivery Network (CDN). The CDN gives the Self-Service Portal the access it requires to certain JavaScript files. If you don’t configure the Self-Service Portal when client computers cannot access the CDN, only the company name and the account under which the user signed in will be displayed. No error message will be shown. - -Do one of the following: - -* If your client computers have access to the CDN, do nothing. Your Self-Service Portal configuration is complete. - -* If your client computers do not have access to the CDN, follow the steps in [How to Configure the Self-Service Portal When Client Computers Cannot Access the Microsoft Content Delivery Network](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network). - -### Step 11: Validate the MBAM 2.5 server feature configuration - -To validate your MBAM Server deployment to use the standalone topology, follow these steps. - -1. On each server on which an MBAM feature is deployed, select **Control Panel** > **Programs** > **Programs and Features**. Verify that **Microsoft BitLocker Administration and Monitoring** appears in the **Programs and Features** list. - > [!Note] - > To perform the validation, you must use a domain account that has local computer administrative credentials on each server. - -2. On the server on which the Recovery Database is configured, open SQL Server Management Studio, and verify that the **MBAM Recovery and Hardware** database is configured. - -3. On the server om which the Compliance and Audit Database is configured, open SQL Server Management Studio, and verify that the MBAM Compliance Status Database is configured. - -4. On the server onm which the Reports feature is configured, open a web browser by using administrative credentials, and browse to the homepage of the SQL Server Reporting Services site. - - The default homepage location of a SQL Server Reporting Services site instance is as follows: - http(s)://*\*:*\*/Reports.aspx - - To find the actual URL, use the Reporting Services Configuration Manager tool, and select the instances that you specified during setup. - -5. Verify that a reports folder that is named Microsoft BitLocker Administration and Monitoring contains a data source that is named MaltaDataSource. This data source contains folders that have names that represent language locales (for example, en-us). The reports are in the language folders. - - > [!Note] - > If SQL Server Reporting Services (SSRS) was configured as a named instance, the URL should resemble the following: - > http(s)://\:\/Reports_\ - > - > If SSRS was not configured to use Secure Socket Layer (SSL), the URL for the reports will be set to "HTTP" instead of "HTTPS" when you install the MBAM server. If you then go to the Administration and Monitoring Website (also known as Helpdesk) and select a report, you receive the following message: "Only Secure Content is Displayed." To show the report, select **Show All Content**. - -6. On the server on which the Administration and Monitoring Website feature is configured, run Server Manager, browse to **Roles**, and then select **Web Server (IIS)** > **Internet Information Services (IIS)** Manager. - -7. In **Connections**, browse to \ and then select **Sites** > **Microsoft BitLocker Administration and Monitoring**. Verify that the following are listed: - - * MBAMAdministrationService - * MBAMComplianceStatusService - * MBAMRecoveryAndHardwareService - -8. On the server on which the Administration and Monitoring Website and Self-Service Portal are configured, open a web browser by using administrative credentials. - -9. Browse to the following websites to verify that they load successfully: - * https(s)://\:\/HelpDesk/ (confirm each link for navigation and reports) - * http(s)://\:\/SelfService/ - - > [!Note] - > It is assumed that you configured the server features on the default port without network encryption. If you configured the server features on a different port or virtual directory, change the URLs to include the appropriate port. For example: - > http(s)://\:\/HelpDesk/ - > http(s)://\:\/\/ - > If the server features were configured to use network encryption, change http:// to https://. - -10. Browse to the following web services to verify that they load successfully. A page opens to indicate that the service is running. However, the page displays no metadata. - - * http(s)://\:\/MBAMAdministrationService/AdministrationService.svc - * http(s)://\:\/MBAMUserSupportService/UserSupportService.svc - * http(s)://\:\/MBAMComplianceStatusService/StatusReportingService.svc - * http(s)://\:\/MBAMRecoveryAndHardwareService/CoreService.svc - -### Step 12: Configure the MBAM Group policy templates - -To deploy MBAM, you have to set Group Policy settings that define MBAM implementation settings for BitLocker Drive Encryption. To complete this task, you must copy the MBAM Group Policy templates to a server or workstation that can run Group Policy Management Console (GPMC) or Advanced Group Policy Management (AGPM), and then edit the settings. - -> [!Important] -> Do not change the Group Policy settings in the **BitLocker Drive Encryption** node or MBAM will not work correctly. When you configure the Group Policy settings in the **MDOP MBAM (BitLocker Management)** node, MBAM automatically configures the **BitLocker Drive Encryption** settings for you. - -#### Copying the MBAM 2.5 Group Policy templates - -Before you install the MBAM Client, you must copy MBAM-specific Group Policy Objects (GPOs) to the management workstation. These GPOs define MBAM implementation settings for BitLocker. You can copy the Group Policy templates to any server or workstation that is a supported Windows-based server or client computer and that can run the Group Policy Management Console (GPMC) or Advanced Group Policy Management (AGPM). - -For more information, see [Copying the MBAM 2.5 Group Policy Templates](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/copying-the-mbam-25-group-policy-templates). - -#### Editing MBAM 2.5 GPO settings - -After you create the necessary GPOs, you must deploy the MBAM Group Policy settings to your organization’s client computers. To view and create GPOs, you must have Group Policy Management Console (GPMC) or Advanced Group Policy Management (AGPM) installed. - -For more information, see [Editing the MBAM 2.5 Group Policy Settings](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/editing-the-mbam-25-group-policy-settings) and [Planning for MBAM 2.5 Group Policy Requirements](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/planning-for-mbam-25-group-policy-requirements). - -### Step 13: Deploying the MBAM 2.5 Client - -Depending on when you deploy the Microsoft BitLocker Administration and Monitoring Client software, you can enable BitLocker on a computer in your organization either before the user receives the computer or afterward by configuring Group Policy and deploying the MBAM Client software by using an enterprise software deployment system. - -#### Deploy the MBAM Client to desktop or portable computers - -After you configure Group Policy settings, you can use an enterprise software deployment system product such as Microsoft System Center 2012 Configuration Manager or Active Directory Domain Services (AD DS) to deploy the MBAM client installation Windows Installer files to target computers. You can use either the 32-bit or 64-bit MbamClientSetup.exe files or the 32-bit or 64-bit MBAMClient.msi files. These are provided together with the MBAM Client software. - -For more information, see [How to Deploy the MBAM Client to Desktop or Laptop Computers](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-25). - -#### Deploy the MBAM Client as part of a Windows deployment - -In organizations in which computers are received and configured centrally, you can install the MBAM Client to manage BitLocker Drive Encryption on each computer before any user data is written to it. The benefit of this process is that every computer is then BitLocker-compliant. This method does not rely on user action because the administrator has already encrypted the computer. A key assumption for this scenario is that the policy of the organization is to install a corporate Windows image before the computer is delivered to the user. If the Group Policy settings are configured to require a PIN, users are prompted to set a PIN after they receive the policy. - -For more information, see [How to Deploy the MBAM Client as Part of a Windows Deployment](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25). - -#### How to deploy the MBAM Client by using a command line - -For more information see [How to Deploy the MBAM Client by Using a Command Line](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/how-to-deploy-the-mbam-client-by-using-a-command-line). - -#### Post-deployment of clients - -Now that you have finished the deployment activity, you should review the following logs and determine whether the clients are reporting successfully to the MBAM database. - -## FAQ - -### How to create a Load balanced IIS servers - -* SPN must be registered only to the friendly name (for example: bitlocker.corp.net), and must not be registered to individual IIS servers. - -* If a certificate is used, the certificate must have both FQDN and NetBIOS names entered into the **Subject Alternative Name** field for all IIS servers in the load balance group and also as the Friendly Name (for example: bitlocker.corp.net). Otherwise, the certificate will be reported as not trusted by the browser when you browse load-balanced addresses. - -For more information, see [IIS Network Load Balancing](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/planning-for-mbam-25-high-availability#a-href-idbkmk-load-balanceaiis-network-load-balancing) and [Registering SPNs for the application pool account](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/planning-how-to-secure-the-mbam-websites#registering-spns-for-the-application-pool-account). - -### How to configure a certificate - -* You’ll have to have two certificates. One certificate is used for SQL server, and the other is used for IIS. They must be installed before starting MBAM installation. - -* We recommend that you use the installer to add the certificate to the IIS configuration instead of manually editing the web.config file. - -* The certificate will not be accepted by the MBAM Configurator if the “Issued To” field on the certificate does not match the name of the server. In this case, temporarily create a self-signed certificate from the IIS Console, and use it in the Configurator. This will make nsure that the Web Apps are installed for SSL and HTTPS. After that, you can change the certificate to one from IIS bindings for the MBAM Website. - -### The SQL permissions requirement for installation - -Create an account for MBAM App Pool, and give it only SecurityAdmin, Public, and DBCreator permissions. - -See [MBAM Database configuration – minimum permissions](https://blogs.technet.microsoft.com/dubaisec/2016/02/02/mbam-database-configuration-minimum-permissions/) for more information. - -> [!Note] -> * In some situations, more permissions are required for the initial installation and upgrade operations. -> * Use an account that has temporary SA for the installation. -> * Do not start the Configurator in the context of a user account (Run As) that does not have enough permissions to make changes to SQL Server because this will cause installation errors. -> * You must be logged on by using an account that has permissions on SQL Server. Only SQL Server databases can be created or updated by running MBAM Configurator remotely. For SSRS server, you must install MBAM and run Configurator locally to install or update the MBAM SSRS reports. - -### The permission required for SPN Registration - -An account that's used for IIS portal installation must have Write ServicePrincipalName and Write Validated SPN permissions. Without these permissions, the installation will return a warning message that states that it cannot register the SPN. - -> [!Note] -> You will this receive this warning message twice. This does not mean that the SPN must have two objects registered to it. - -For more information, see [MBAM Setup fails with “Register SPN Deferred” error message](https://support.microsoft.com/help/2754138/). - -### Did I have to update the ADMX templates to the latest version? - -You'll see multiple OS options in the MBAM root node for GPO after you update the ADMX templates to their latest versions. For example, Windows 7, Windows 8.1, and Windows 10, version 1511 and later versions. - -For more information about how to update the ADMX templates, see the following articles: -* [How to Download and Deploy MDOP Group Policy (.admx) Templates](https://docs.microsoft.com/microsoft-desktop-optimization-pack/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates) -* [Planning for MBAM 2.5 Group Policy Requirements](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/planning-for-mbam-25-group-policy-requirements) -* [Microsoft Desktop Optimization Pack Group Policy Administrative Templates](https://www.microsoft.com/en-us/download/details.aspx?id=55531) diff --git a/mdop/mbam-v25/deploying-mbam-25-group-policy-objects.md b/mdop/mbam-v25/deploying-mbam-25-group-policy-objects.md deleted file mode 100644 index ea0c9dff8f..0000000000 --- a/mdop/mbam-v25/deploying-mbam-25-group-policy-objects.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: Deploying MBAM 2.5 Group Policy Objects -description: Deploying MBAM 2.5 Group Policy Objects -author: dansimp -ms.assetid: 4b835054-6846-463d-af58-8ac4639a1188 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploying MBAM 2.5 Group Policy Objects - - -To deploy MBAM, you have to set Group Policy settings that define MBAM implementation settings for BitLocker drive encryption. To complete this task, you must copy the MBAM Group Policy Templates to a server or workstation that are capable of running Group Policy Management Console (GPMC) or Advanced Group Policy Management (AGPM), and then edit the settings. - -**Important**   -Do not change the Group Policy settings in the **BitLocker Drive Encryption** node, or MBAM will not work correctly. When you configure the Group Policy settings in the **MDOP MBAM (BitLocker Management)** node, MBAM automatically configures the **BitLocker Drive Encryption** settings for you. - - - -## Copying the MBAM 2.5 Group Policy Templates - - -Before you install the MBAM Client, you must copy MBAM-specific Group Policy Objects (GPOs) to the Management Workstation. These GPOs define MBAM implementation settings for BitLocker drive encryption. You can copy the Group Policy templates to any server or workstation that is a supported Windows server or client computer and that is able to run the Group Policy Management Console (GPMC) or Advanced Group Policy Management (AGPM). - -[Copying the MBAM 2.5 Group Policy Templates](copying-the-mbam-25-group-policy-templates.md) - -## Editing MBAM 2.0 GPO settings - - -After you create the necessary GPOs, you must deploy the MBAM Group Policy settings to your organization’s client computers. To view and create GPOs, you must have Group Policy Management Console (GPMC) or Advanced Group Policy Management (AGPM) installed. - -[Editing the MBAM 2.5 Group Policy Settings](editing-the-mbam-25-group-policy-settings.md) - -## Showing or hiding the MBAM Control Panel in Windows Control Panel - - -Since MBAM offers a customized MBAM control panel that can replace the default Windows BitLocker control panel, you can also choose to show or hide the default BitLocker Control Panel from end users by using Group Policy settings. - -[Hiding the Default BitLocker Drive Encryption Item in Control Panel](hiding-the-default-bitlocker-drive-encryption-item-in-control-panel-mbam-25.md) - -## Other Resources for deploying MBAM 2.0 Group Policy Objects - - -[Deploying MBAM 2.5](deploying-mbam-25.md) - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - - - - - diff --git a/mdop/mbam-v25/deploying-mbam-25.md b/mdop/mbam-v25/deploying-mbam-25.md deleted file mode 100644 index 48ab4bb17d..0000000000 --- a/mdop/mbam-v25/deploying-mbam-25.md +++ /dev/null @@ -1,98 +0,0 @@ ---- -title: Deploying MBAM 2.5 -description: Deploying MBAM 2.5 -author: dansimp -ms.assetid: 45403607-1f4d-42fe-8413-0d4da01808a6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploying MBAM 2.5 - - -Use this information to identify the procedures you can follow to deploy and configure Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 Server features to upgrade to MBAM 2.5 from previous versions, or to remove MBAM Server features. - -## Deployment information - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Topic descriptionLinks to topics
    -

  • Deployment topology options.

    • -

  • How to install the MBAM Server software.

    • -

  • How to configure the MBAM Server features.

    • -

Deploying the MBAM 2.5 Server Infrastructure

How to download and deploy the MBAM Group Policy Templates, which are required to manage MBAM Clients and BitLocker encryption policies in the enterprise.

Deploying MBAM 2.5 Group Policy Objects

How to use the MBAM Client Windows Installer files to deploy the MBAM Client software.

Deploying the MBAM 2.5 Client

Checklist that can assist you in deploying the MBAM Server features and MBAM Client.

MBAM 2.5 Deployment Checklist

How to upgrade MBAM from previous versions.

Upgrading to MBAM 2.5 or MBAM 2.5 SP1 from Previous Versions

How to remove MBAM Server features or software.

Removing MBAM Server Features or Software

- - - -## Other resources for deploying MBAM - - -[Microsoft BitLocker Administration and Monitoring 2.5](index.md) - -[Getting Started with MBAM 2.5](getting-started-with-mbam-25.md) - -[Planning for MBAM 2.5](planning-for-mbam-25.md) - -[Operations for MBAM 2.5](operations-for-mbam-25.md) - -[Troubleshooting MBAM 2.5](troubleshooting-mbam-25.md) - -[Technical Reference for MBAM 2.5](technical-reference-for-mbam-25.md) - -[Deploying MBAM 2.5 in a stand-alone configuration](https://support.microsoft.com/kb/3046555) - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - - - - - diff --git a/mdop/mbam-v25/deploying-the-mbam-25-client.md b/mdop/mbam-v25/deploying-the-mbam-25-client.md deleted file mode 100644 index 0a20208aa0..0000000000 --- a/mdop/mbam-v25/deploying-the-mbam-25-client.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: Deploying the MBAM 2.5 Client -description: Deploying the MBAM 2.5 Client -author: dansimp -ms.assetid: 0a96a0ee-f280-49d9-a244-88f4147fe9fd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploying the MBAM 2.5 Client - - -The Microsoft BitLocker Administration and Monitoring (MBAM) Client software enables administrators to enforce and monitor BitLocker Drive Encryption on computers in the enterprise. The BitLocker client can be integrated into an organization by deploying the client through an electronic software distribution system, such as Active Directory Domain Services, or by directly encrypting the client computers as part of the initial imaging process. - -Depending on when you deploy the Microsoft BitLocker Administration and Monitoring Client software, you can enable BitLocker Drive Encryption on a computer in your organization either before the end user receives the computer or afterwards by configuring Group Policy and deploying the MBAM Client software by using an enterprise software deployment system. - -## Deploy the MBAM Client to desktop or laptop computers - - -After configuring Group Policy settings, you can use an enterprise software deployment system product like Microsoft System Center 2012 Configuration Manager or Active Directory Domain Services to deploy the MBAM Client installation Windows Installer files to target computers. You can use either the 32-bit or 64-bit MbamClientSetup.exe files or the 32-bit or 64-bit MBAMClient.msi files, which are provided with the MBAM Client software. For more information about deploying MBAM Group Policy settings, see [Deploying MBAM 2.5 Group Policy Objects](deploying-mbam-25-group-policy-objects.md). - -**Note**   -Beginning in MBAM 2.5 SP1, a separate MSI is no longer included with the MBAM product. However, you can extract the MSI from the executable file (.exe) that is included with the product. - - - -[How to Deploy the MBAM Client to Desktop or Laptop Computers](how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-25.md) - -## Deploy the MBAM Client as part of a Windows deployment - - -In organizations where computers are received and configured centrally, you can install the MBAM Client to manage BitLocker Drive Encryption on each computer before any user data is written to it. The benefit of this process is that every computer is then BitLocker Drive Encryption-compliant. This method does not rely on user action because the administrator has already encrypted the computer. A key assumption for this scenario is that the policy of the organization installs a corporate Windows image before the computer is delivered to the user. If the Group Policy settings has been configured to require a PIN, users are prompted to set a PIN after they receive the policy. - -[How to Enable BitLocker by Using MBAM as Part of a Windows Deployment](how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md) - -## How to deploy the MBAM Client by using a command line - - -This section explains how to install the MBAM Client by using a command line. - -[How to Deploy the MBAM Client by Using a Command Line](how-to-deploy-the-mbam-client-by-using-a-command-line.md) - -## Other resources for deploying the MBAM Client - - -[Deploying MBAM 2.5](deploying-mbam-25.md) - - - -## Related topics - - -[Deploying MBAM 2.5](deploying-mbam-25.md) - -[Planning for MBAM 2.5](planning-for-mbam-25.md) - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - - diff --git a/mdop/mbam-v25/deploying-the-mbam-25-server-infrastructure.md b/mdop/mbam-v25/deploying-the-mbam-25-server-infrastructure.md deleted file mode 100644 index d60e1044e5..0000000000 --- a/mdop/mbam-v25/deploying-the-mbam-25-server-infrastructure.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -title: Deploying the MBAM 2.5 Server Infrastructure -description: Deploying the MBAM 2.5 Server Infrastructure -author: dansimp -ms.assetid: e85a60cf-4cc1-4906-8da3-442232c374af -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploying the MBAM 2.5 Server Infrastructure - - -To deploy the Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 Server infrastructure, you complete the following three high-level tasks: - - ---- - - - - - - - - - - - - - - - - - - - - -
TaskWhere to get instructions

Install the MBAM 2.5 Server software on each server where you want to configure an MBAM Server feature.

Installing the MBAM 2.5 Server Software

Configure the databases, reports, web applications, and the optional System Center Configuration Manager Integration topology.

-

You can use the MBAM Server Configuration wizard or Windows PowerShell cmdlets to do the configuration.

Configuring the MBAM 2.5 Server Features

Validate the MBAM Server configuration.

Validating the MBAM 2.5 Server Feature Configuration

- - - -## Related topics - - -[Deploying MBAM 2.5](deploying-mbam-25.md) - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - - diff --git a/mdop/mbam-v25/determining-why-a-device-receives-a-noncompliance-message.md b/mdop/mbam-v25/determining-why-a-device-receives-a-noncompliance-message.md deleted file mode 100644 index 9ce836f5eb..0000000000 --- a/mdop/mbam-v25/determining-why-a-device-receives-a-noncompliance-message.md +++ /dev/null @@ -1,125 +0,0 @@ ---- -title: Determining why a Device Receives a Noncompliance Message -description: Determining why a Device Receives a Noncompliance Message -author: dansimp -ms.assetid: 793df330-a0ee-4759-b53a-95618ac74428 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/22/2017 ---- - - -# Determining why a Device Receives a Noncompliance Message - - -The following noncompliance codes are provided by WMI and describe the reasons why a particular device is reported by MBAM as noncompliant. - -You can use your preferred method to view WMI. If you use PowerShell, run `gwmi -class mbam_volume -Namespace root\microsoft\mbam` from a PowerShell prompt and search for ReasonsForNoncompliance. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Non-Compliance CodeReason for Non-Compliance

0

Cipher strength not AES 256.

1

MBAM Policy requires this volume to be encrypted but it is not.

2

MBAM Policy requires this volume to NOT be encrypted, but it is.

3

MBAM Policy requires this volume use a TPM protector, but it does not.

4

MBAM Policy requires this volume use a TPM+PIN protector, but it does not.

5

MBAM Policy does not allow non TPM machines to report as compliant.

6

Volume has a TPM protector but the TPM is not visible (booted with recover key after disabling TPM in BIOS?).

7

MBAM Policy requires this volume use a password protector, but it does not have one.

8

MBAM Policy requires this volume NOT use a password protector, but it has one.

9

MBAM Policy requires this volume use an auto-unlock protector, but it does not have one.

10

MBAM Policy requires this volume NOT use an auto-unlock protector, but it has one.

11

Policy conflict detected preventing MBAM from reporting this volume as compliant.

12

A system volume is needed to encrypt the OS volume but it is not present.

13

Protection is suspended for the volume.

14

AutoUnlock unsafe unless the OS volume is encrypted.

15

Policy requires minimum cypher strength is XTS-AES-128 bit, actual cypher strength is weaker than that.

16

Policy requires minimum cypher strength is XTS-AES-256 bit, actual cypher strength is weaker than that.

- -  - -## Related topics - - -[Technical Reference for MBAM 2.5](technical-reference-for-mbam-25.md) - -[Configuring MBAM 2.5 Server Features by Using Windows PowerShell](configuring-mbam-25-server-features-by-using-windows-powershell.md) - -  -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). -  - - - - - diff --git a/mdop/mbam-v25/edit-the-configurationmof-file-mbam-25.md b/mdop/mbam-v25/edit-the-configurationmof-file-mbam-25.md deleted file mode 100644 index a3a45c975d..0000000000 --- a/mdop/mbam-v25/edit-the-configurationmof-file-mbam-25.md +++ /dev/null @@ -1,389 +0,0 @@ ---- -title: Edit the Configuration.mof File -description: Edit the Configuration.mof File -author: dansimp -ms.assetid: 5d8cd76b-8ffc-4d46-b761-1b8350310c48 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Edit the Configuration.mof File - - -To enable the client computers to report BitLocker compliance details through the MBAM Configuration Manager reports, you have to edit the **Configuration.mof** file, whether you are using System Center 2012 Configuration Manager or Configuration Manager 2007. Complete the following instructions for the version of Configuration Manager that you are using. - -**To edit the Configuration.mof file for System Center 2012 Configuration Manager** - -1. On the Configuration Manager Server, browse to the location of the **Configuration.mof** file: - - <CMInstallLocation>\\Inboxes\\clifiles.src\\hinv\\ - - On a default installation, the installation location is %systemdrive%\\Program Files \\Microsoft Configuration Manager. - -2. Edit the **Configuration.mof** file to append the following MBAM classes: - - ``` syntax - //=================================================== - // Microsoft BitLocker Administration and Monitoring - //=================================================== - - #pragma namespace ("\\\\.\\root\\cimv2") - #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) - [Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled, NoncomplianceDetectedDate, EnforcePolicyDate from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")] - class Win32_BitLockerEncryptionDetails - { - [PropertySources{"DeviceId"},key] - String DeviceId; - [PropertySources{"BitlockerPersistentVolumeId"}] - String BitlockerPersistentVolumeId; - [PropertySources{"BitLockerManagementPersistentVolumeId"}] - String MbamPersistentVolumeId; - //UNKNOWN = 0, OS_Volume = 1, FIXED_VOLUME = 2, REMOVABLE_VOLUME = 3 - [PropertySources{"BitLockerManagementVolumeType"}] - SInt32 MbamVolumeType; - [PropertySources{"DriveLetter"}] - String DriveLetter; - //VOLUME_NOT_COMPLIANT = 0, VOLUME_COMPLIANT = 1, NOT_APPLICABLE = 2 - [PropertySources{"Compliant"}] - SInt32 Compliant; - [PropertySources{"ReasonsForNonCompliance"}] - SInt32 ReasonsForNonCompliance[]; - [PropertySources{"KeyProtectorTypes"}] - SInt32 KeyProtectorTypes[]; - [PropertySources{"EncryptionMethod"}] - SInt32 EncryptionMethod; - [PropertySources{"ConversionStatus"}] - SInt32 ConversionStatus; - [PropertySources{"ProtectionStatus"}] - SInt32 ProtectionStatus; - [PropertySources{"IsAutoUnlockEnabled"}] - Boolean IsAutoUnlockEnabled; - [PropertySources{"NoncomplianceDetectedDate"}] - String NoncomplianceDetectedDate; - [PropertySources{"EnforcePolicyDate"}] - String EnforcePolicyDate; - }; - - #pragma namespace ("\\\\.\\root\\cimv2") - #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL) - [DYNPROPS] - Class Win32Reg_MBAMPolicy - { - [key] - string KeyName; - - //General encryption requirements - UInt32 OsDriveEncryption; - UInt32 FixedDataDriveEncryption; - UInt32 EncryptionMethod; - - //Required protectors properties - UInt32 OsDriveProtector; - UInt32 FixedDataDriveAutoUnlock; - UInt32 FixedDataDrivePassphrase; - - //MBAM Agent fields - Uint32 MBAMPolicyEnforced; - string LastConsoleUser; - datetime UserExemptionDate; - UInt32 MBAMMachineError; - - // Encoded Computer Name - string EncodedComputerName; - }; - - [DYNPROPS] - Instance of Win32Reg_MBAMPolicy - { - KeyName="BitLocker policy"; - - //General encryption requirements - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")] - OsDriveEncryption; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")] - FixedDataDriveEncryption; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")] - EncryptionMethod; - - //Required protectors properties - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")] - OsDriveProtector; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")] - FixedDataDriveAutoUnlock; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")] - FixedDataDrivePassphrase; - - //MBAM agent fields - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")] - MBAMPolicyEnforced; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")] - LastConsoleUser; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")] - UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")] - MBAMMachineError; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")] - EncodedComputerName; - }; - - #pragma namespace ("\\\\.\\root\\cimv2") - #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL) - [Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, - dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] - class CCM_OperatingSystemExtended - { - [PropertySources{"Name"},key] - string Name; - [PropertySources{"OperatingSystemSKU"}] - uint32 SKU; - }; - - #pragma namespace ("\\\\.\\root\\cimv2") - #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL) - [Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, - dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] - class CCM_ComputerSystemExtended - { - [PropertySources{"Name"},key] - string Name; - [PropertySources{"PCSystemType"}] - uint16 PCSystemType; - }; - - //======================================================= - // Microsoft BitLocker Administration and Monitoring end - //======================================================= - ``` - -**To edit the Configuration.mof file for Configuration Manager 2007** - -1. On the Configuration Manager Server, browse to the location of the **Configuration.mof** file: - - <CMInstallLocation>\\Inboxes\\clifiles.src\\hinv\\ - - On a default installation, the installation location is %systemdrive%\\Program Files (x86)\\Microsoft Configuration Manager. - -2. Edit the **Configuration.mof** file to append the following MBAM classes: - - ``` syntax - //=================================================== - // Microsoft BitLocker Administration and Monitoring - //=================================================== - - #pragma namespace ("\\\\.\\root\\cimv2") - #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) - [Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled, NoncomplianceDetectedDate, EnforcePolicyDate from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")] - class Win32_BitLockerEncryptionDetails - { - [PropertySources{"DeviceId"},key] - String DeviceId; - [PropertySources{"BitlockerPersistentVolumeId"}] - String BitlockerPersistentVolumeId; - [PropertySources{"BitLockerManagementPersistentVolumeId"}] - String MbamPersistentVolumeId; - //UNKNOWN = 0, OS_Volume = 1, FIXED_VOLUME = 2, REMOVABLE_VOLUME = 3 - [PropertySources{"BitLockerManagementVolumeType"}] - SInt32 MbamVolumeType; - [PropertySources{"DriveLetter"}] - String DriveLetter; - //VOLUME_NOT_COMPLIANT = 0, VOLUME_COMPLIANT = 1, NOT_APPLICABLE = 2 - [PropertySources{"Compliant"}] - SInt32 Compliant; - [PropertySources{"ReasonsForNonCompliance"}] - SInt32 ReasonsForNonCompliance[]; - [PropertySources{"KeyProtectorTypes"}] - SInt32 KeyProtectorTypes[]; - [PropertySources{"EncryptionMethod"}] - SInt32 EncryptionMethod; - [PropertySources{"ConversionStatus"}] - SInt32 ConversionStatus; - [PropertySources{"ProtectionStatus"}] - SInt32 ProtectionStatus; - [PropertySources{"IsAutoUnlockEnabled"}] - Boolean IsAutoUnlockEnabled; - [PropertySources{"NoncomplianceDetectedDate"}] - String NoncomplianceDetectedDate; - [PropertySources{"EnforcePolicyDate"}] - String EnforcePolicyDate; - }; - - #pragma namespace ("\\\\.\\root\\cimv2") - #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL) - [DYNPROPS] - Class Win32Reg_MBAMPolicy - { - [key] - string KeyName; - - //General encryption requirements - UInt32 OsDriveEncryption; - UInt32 FixedDataDriveEncryption; - UInt32 EncryptionMethod; - - //Required protectors properties - UInt32 OsDriveProtector; - UInt32 FixedDataDriveAutoUnlock; - UInt32 FixedDataDrivePassphrase; - - //MBAM Agent fields - Uint32 MBAMPolicyEnforced; - string LastConsoleUser; - datetime UserExemptionDate; - UInt32 MBAMMachineError; - - // Encoded Computer Name - string EncodedComputerName; - }; - - [DYNPROPS] - Instance of Win32Reg_MBAMPolicy - { - KeyName="BitLocker policy"; - - //General encryption requirements - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")] - OsDriveEncryption; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")] - FixedDataDriveEncryption; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")] - EncryptionMethod; - - //Required protectors properties - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")] - OsDriveProtector; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")] - FixedDataDriveAutoUnlock; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")] - FixedDataDrivePassphrase; - - //MBAM agent fields - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")] - MBAMPolicyEnforced; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")] - LastConsoleUser; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")] - UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")] - MBAMMachineError; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")] - EncodedComputerName; - }; - - #pragma namespace ("\\\\.\\root\\cimv2") - #pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL) - [DYNPROPS] - Class Win32Reg_MBAMPolicy_64 - { - [key] - string KeyName; - - //General encryption requirements - UInt32 OsDriveEncryption; - UInt32 FixedDataDriveEncryption; - UInt32 EncryptionMethod; - - //Required protectors properties - UInt32 OsDriveProtector; - UInt32 FixedDataDriveAutoUnlock; - UInt32 FixedDataDrivePassphrase; - - //MBAM Agent fields - Uint32 MBAMPolicyEnforced; - string LastConsoleUser; - datetime UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU - UInt32 MBAMMachineError; - - // Encoded Computer Name - string EncodedComputerName; - }; - - [DYNPROPS] - Instance of Win32Reg_MBAMPolicy_64 - { - KeyName="BitLocker policy"; - - //General encryption requirements - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptOsDrive"),Dynamic,Provider("RegPropProv")] - OsDriveEncryption; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|ShouldEncryptFixedDataDrive"),Dynamic,Provider("RegPropProv")] - FixedDataDriveEncryption; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|EncryptionMethod"),Dynamic,Provider("RegPropProv")] - EncryptionMethod; - - //Required protectors properties - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|OSVolumeProtectorPolicy"),Dynamic,Provider("RegPropProv")] - OsDriveProtector; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE\\MDOPBitLockerManagement|AutoUnlockFixedDataDrive"),Dynamic,Provider("RegPropProv")] - FixedDataDriveAutoUnlock; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\FVE|FDVPassphrase"),Dynamic,Provider("RegPropProv")] - FixedDataDrivePassphrase; - - //MBAM agent fields - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMPolicyEnforced"),Dynamic,Provider("RegPropProv")] - MBAMPolicyEnforced; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|LastConsoleUser"),Dynamic,Provider("RegPropProv")] - LastConsoleUser; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|UserExemptionDate"),Dynamic,Provider("RegPropProv")] - UserExemptionDate; //Registry value should be string in the format of yyyymmddHHMMSS.mmmmmmsUUU - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|MBAMMachineError"),Dynamic,Provider("RegPropProv")] - MBAMMachineError; - [PropertyContext("Local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MBAM|EncodedComputerName"),Dynamic,Provider("RegPropProv")] - EncodedComputerName; - }; - - #pragma namespace ("\\\\.\\root\\cimv2") - #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL) - [Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, - dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] - class CCM_OperatingSystemExtended - { - [PropertySources{"Name"},key] - string Name; - [PropertySources{"OperatingSystemSKU"}] - uint32 SKU; - }; - - #pragma namespace ("\\\\.\\root\\cimv2") - #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL) - [Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, - dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] - class CCM_ComputerSystemExtended - { - [PropertySources{"Name"},key] - string Name; - [PropertySources{"PCSystemType"}] - uint16 PCSystemType; - }; - - //======================================================= - // Microsoft BitLocker Administration and Monitoring end - //======================================================= - ``` - - -## Related topics - - -[MBAM 2.5 Server Prerequisites that Apply Only to the Configuration Manager Integration Topology](mbam-25-server-prerequisites-that-apply-only-to-the-configuration-manager-integration-topology.md) - -[Create or Edit the Sms\_def.mof File](create-or-edit-the-sms-defmof-file-mbam-25.md) - -[MBAM 2.5 Server Prerequisites for Stand-alone and Configuration Manager Integration Topologies](mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md) - -  - -  -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - diff --git a/mdop/mbam-v25/editing-the-mbam-25-group-policy-settings.md b/mdop/mbam-v25/editing-the-mbam-25-group-policy-settings.md deleted file mode 100644 index 8e285009f6..0000000000 --- a/mdop/mbam-v25/editing-the-mbam-25-group-policy-settings.md +++ /dev/null @@ -1,113 +0,0 @@ ---- -title: Editing the MBAM 2.5 Group Policy Settings -description: Editing the MBAM 2.5 Group Policy Settings -author: dansimp -ms.assetid: a50b6b0c-6818-4419-8447-d0520a533dba -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Editing the MBAM 2.5 Group Policy Settings - - -To successfully deploy Microsoft BitLocker Administration and Monitoring (MBAM), you have to: - - ---- - - - - - - - - - - - - - - - - - - - - -
TaskMore information

Copy the MBAM 2.5 Group Policy Templates.

Copying the MBAM 2.5 Group Policy Templates

Determine which Group Policy Objects (GPOs) you want to use in your MBAM implementation. Based on the needs of your organization, you might have to configure additional Group Policy settings.

Planning for MBAM 2.5 Group Policy Requirements – contains descriptions of the GPOs

Set the Group Policy settings for your organization.

- - - -**Important**   -Do not change the Group Policy settings in the **BitLocker Drive Encryption** node, or MBAM will not work correctly. When you configure the Group Policy settings in the **MDOP MBAM (BitLocker Management)** node, MBAM automatically configures the **BitLocker Drive Encryption** settings for you. - - - -**To edit MBAM Client Group Policy settings** - -1. On a computer that has the MBAM Group Policy Templates installed, make sure that MBAM Services are enabled. - -2. Using the Group Policy Management Console (GPMC.msc) or the Microsoft Advanced Group Policy Management MDOP product on a computer with the MBAM Group Policy Templates installed, select **Computer configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDOP MBAM (BitLocker Management)**. - -3. Edit the Group Policy settings that are required to enable MBAM Client services on client computers. For each policy in the following table, select **Policy Group**, click the **Policy** you want, and then configure the settings. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Policy GroupPolicy

Client Management

Configure MBAM Services

Operating System Drive

Operating system drive encryption settings

Removable Drive

Control use of BitLocker on removable drives

Fixed Drive

Control use of BitLocker on fixed drives

- - - -## Related topics - - -[Planning for MBAM 2.5 Group Policy Requirements](planning-for-mbam-25-group-policy-requirements.md) - -[Copying the MBAM 2.5 Group Policy Templates](copying-the-mbam-25-group-policy-templates.md) - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - - diff --git a/mdop/mbam-v25/evaluating-mbam-25-in-a-test-environment.md b/mdop/mbam-v25/evaluating-mbam-25-in-a-test-environment.md deleted file mode 100644 index 67c54060da..0000000000 --- a/mdop/mbam-v25/evaluating-mbam-25-in-a-test-environment.md +++ /dev/null @@ -1,413 +0,0 @@ ---- -title: Evaluating MBAM 2.5 in a Test Environment -description: Evaluating MBAM 2.5 in a Test Environment -author: dansimp -ms.assetid: 72959b7a-e55f-4797-91b3-5be23c8c2844 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Evaluating MBAM 2.5 in a Test Environment - - -This topic describes how you can set up a test environment to evaluate Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 in the Stand-alone or System Center Configuration Manager Integration topology. - -## Evaluating MBAM 2.5 by using the Stand-alone topology - - -To evaluate MBAM by using the Stand-alone topology, use the information in the following tables to install the MBAM Server software, and then configure the MBAM Server features in your test environment. - -**To evaluate MBAM 2.5 by using the Stand-alone topology** - -1. Before installing MBAM, do the following: - - - - - - - - - - - - - - - - - - - - - - - - - - -
TaskWhere to get instructions

Ensure that you have installed all of the prerequisite software.

MBAM 2.5 Server Prerequisites for Stand-alone and Configuration Manager Integration Topologies

Check the required hardware, RAM, and other specifications.

MBAM 2.5 Supported Configurations

Review the prerequisites for using Windows PowerShell if you plan to use the cmdlets to configure MBAM.

Configuring MBAM 2.5 Server Features by Using Windows PowerShell

- - - -2. Install the MBAM Server software, and then configure the features you want. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TaskWhere to get instructions

Install the MBAM Server software on each server where you want to configure an MBAM Server feature.

Installing the MBAM 2.5 Server Software

Configure the Compliance and Audit Database and the Recovery Database.

How to Configure the MBAM 2.5 Databases

Configure the Reports feature.

How to Configure the MBAM 2.5 Reports

Configure the web applications.

How to Configure the MBAM 2.5 Web Applications

- - - -3. On a client computer, do the following: - - 1. Install the MBAM Client on a client computer. - - 2. Apply the MBAM Group Policy Objects (GPOs) to the computer. - - 3. Set the following registry keys to force the MBAM Client to wake up faster and at regular intervals: - - ``` syntax - [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement - "ClientWakeupFrequency"=dword:00000001 - "StatusReportingFrequency"=dword:00000001 - ``` - - ``` syntax - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM] - "NoStartupDelay"=dword:00000001 - ``` - - **Note** - Because these keys wake up the MBAM Client every minute, we recommend that you use these registry key settings only in a test environment. - - - - 4. Restart the **BitLocker Management Client Service**. - -## Evaluating MBAM 2.5 by using the System Center 2012 Configuration Manager Integration topology - - -To evaluate MBAM by using the Configuration Manager Integration topology, use the information in the following tables to install the MBAM Server software, and then configure the MBAM Server features in your test environment. After installing the MBAM Client on a client computer, you will complete additional steps to force the MBAM Client to report the computer’s status to MBAM more quickly. - -**To evaluate MBAM 2.5 by using the System Center 2012 Configuration Manager Integration topology** - -1. Before installing MBAM, review the prerequisite software and supported configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TaskWhere to get instructions

Ensure that you have installed all of the prerequisite software.

MBAM 2.5 Server Prerequisites for Stand-alone and Configuration Manager Integration Topologies

-

MBAM 2.5 Server Prerequisites that Apply Only to the Configuration Manager Integration Topology

Check the required hardware, RAM, and other specifications.

MBAM 2.5 Supported Configurations

Review the prerequisites for using Windows PowerShell if you plan to use the cmdlets to configure MBAM.

Configuring MBAM 2.5 Server Features by Using Windows PowerShell

Create or edit the .mof files.

Edit the Configuration.mof File

-

Create or Edit the Sms_def.mof File

- - - -2. Install the MBAM Server software, and then configure the features you want. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TaskWhere to get instructions

Install the MBAM Server software on each server where you want to configure an MBAM Server feature.

-
- Note

You can install the databases to a remote SQL Server computer by using Windows PowerShell or an exported data-tier application (DAC) package. For more information about DAC packages, see Data-tier Applications.

-
-
- -

Installing the MBAM 2.5 Server Software

Configure the Compliance and Audit Database and the Recovery Database.

How to Configure the MBAM 2.5 Databases

Configure the Reports feature.

How to Configure the MBAM 2.5 Reports

Configure the web applications.

How to Configure the MBAM 2.5 Web Applications

Configure the System Center Configuration Manager to install the Configuration Manager objects.

How to Configure the MBAM 2.5 System Center Configuration Manager Integration

- - - -3. On a client computer, do the following: - - 1. Install the MBAM Client and the Configuration Manager Client on a client computer. - - 2. Apply the MBAM Group Policy Objects to the computer. - - 3. Set the following registry keys to force the MBAM Client to wake up faster and at regular intervals: - - ``` syntax - [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement - "ClientWakeupFrequency"=dword:00000001 - "StatusReportingFrequency"=dword:00000001 - ``` - - ``` syntax - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM] - "NoStartupDelay"=dword:00000001 - ``` - - **Note** - Because these keys wake up the MBAM Client every minute, we recommend that you use these registry key settings only in a test environment. - - - - 4. Restart the **BitLocker Management Client Service**. - - 5. In Control Panel, open **Configuration Manager**, and then click the **Actions** tab. - - 6. Select **Hardware Inventory Cycle**, and then click **Run Now**. This step runs the hardware inventory by using the new classes that you imported to your .mof files, and then sends the data to the Configuration Manager server. - - 7. Select **Machine Policy Retrieval & Evaluation Cycle**, and then click **Run Now** to apply the Group Policy Objects that are relevant to that client computer. - - - -4. In the Configuration Manager console, do the following: - - 1. In the navigation pane, right-click **MBAM Supported Computers**, click **Update Membership**, and then click **Yes** to force the client computer to report its membership immediately. - - 2. In the navigation pane, click **MBAM Supported Computers** to verify that the client computer appears in the collection. - -5. On the client computer, in Control Panel, reopen **Configuration Manager** again, and do the following: - - 1. Click the **Actions** tab, and then rerun **Machine Policy Retrieval & Evaluation Cycle**. - - 2. Click the **Configurations** tab, select the BitLocker baseline, and then click **Evaluate**. - -6. In the Configuration Manager console, verify that the client computer appears on the Enterprise Compliance Report: as follows: - - 1. In the navigation pane, select the **Monitoring** workspace. - - 2. In the console tree, expand **Overview** > **Reporting** > **Reports** > **MBAM**. - - 3. Select the folder that represents the language in which you want to view reports, and then select the report in the results pane. - -## Evaluating MBAM 2.5 by using the System Center Configuration Manager 2007 Integration topology - - -To evaluate MBAM by using the Configuration Manager Integration topology, follow the same steps to install and configure MBAM in your test environment as you use in a production environment. After installing the MBAM Client on a client computer, complete the additional steps in this topic to enable the MBAM Client to start reporting the computer’s status to MBAM more quickly. - -**To evaluate MBAM by using the Configuration Manager 2007 Integration topology** - -1. Before you install MBAM, do the following: - - - - - - - - - - - - - - - - - - - - - - - - - - -
TaskWhere to get instructions

Ensure that you have installed all of the prerequisite software.

MBAM 2.5 Server Prerequisites for Stand-alone and Configuration Manager Integration Topologies

-

MBAM 2.5 Server Prerequisites that Apply Only to the Configuration Manager Integration Topology

Check the required hardware, RAM, and other specifications.

MBAM 2.5 Supported Configurations

Create or edit the .mof files.

Edit the Configuration.mof File

-

Create or Edit the Sms_def.mof File

- - - -2. Install the MBAM Server software, and then configure the features you want. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TaskWhere to get instructions

Install the MBAM Server software on each server where you want to configure an MBAM Server feature.

-
- Note

You can install the databases to a remote SQL Server computer by using Windows PowerShell or an exported data-tier application (DAC) package. For more information about DAC packages, see Data-tier Applications.

-
-
- -

Installing the MBAM 2.5 Server Software

Configure the Compliance and Audit Database and the Recovery Database.

How to Configure the MBAM 2.5 Databases

Configure the Reports feature.

How to Configure the MBAM 2.5 Reports

Configure the web applications.

How to Configure the MBAM 2.5 Web Applications

Configure the System Center Configuration Manager to install the Configuration Manager objects.

How to Configure the MBAM 2.5 System Center Configuration Manager Integration

- - - -3. On a client computer, do the following: - - 1. Install the MBAM Client on a client computer. - - 2. Apply the MBAM Group Policy Objects to the computer. - - 3. Set the following registry keys to force the MBAM Client to wake up more quickly and at faster intervals: - - ``` syntax - [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement - "ClientWakeupFrequency"=dword:00000001 - "StatusReportingFrequency"=dword:00000001 - ``` - - ``` syntax - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM] - "NoStartupDelay"=dword:00000001 - ``` - - **Note** - Because these keys wake up the MBAM Client every minute, we recommend that you use these registry key settings only in an evaluation environment. - - - - 4. Restart the **BitLocker Management Client Service**. - - 5. In Control Panel, open **Configuration Manager**, and then click the **Actions** tab. - - 6. Select **Machine Policy Retrieval & Evaluation Cycle**, and then click **Run Now** to apply the Group Policy Objects that are relevant to that client computer. - - 7. Select **Hardware Inventory Cycle**, and then click **Run Now**. This step runs the hardware inventory by using the new classes that you imported to your .mof files and then sends the data to the Configuration Manager server. - -4. In the Configuration Manager console, do the following: - - 1. In the navigation pane, right-click **MBAM Supported Computers**, click **Update Membership**, and then click **Yes** to force the client computer to report its membership immediately. - - 2. In the navigation pane, click **MBAM Supported Computers** to verify that the client computer appears in the collection. - -5. On the client computer, in Control Panel, reopen **Configuration Manager** again, and do the following: - - 1. Click the **Actions** tab, and then rerun **Machine Policy Retrieval & Evaluation Cycle**. - - 2. Click the **Configurations** tab, select the BitLocker baseline, and click **Evaluate**. - -6. In the Configuration Manager console, verify that the client computer appears on the Enterprise Compliance Report, as follows - - 1. In the navigation pane, expand **Computer Management** > **Reporting** > **Reporting Services** > **<server name>MBAM**. - - 2. Within the **MBAM** node, select the folder that represents the language in which you want to view reports, and then select the report from the results pane. - - -## Related topics - - -[Getting Started with MBAM 2.5](getting-started-with-mbam-25.md) - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - diff --git a/mdop/mbam-v25/generating-mbam-25-stand-alone-reports.md b/mdop/mbam-v25/generating-mbam-25-stand-alone-reports.md deleted file mode 100644 index 9fe1680548..0000000000 --- a/mdop/mbam-v25/generating-mbam-25-stand-alone-reports.md +++ /dev/null @@ -1,117 +0,0 @@ ---- -title: Generating MBAM 2.5 Stand-alone Reports -description: Generating MBAM 2.5 Stand-alone Reports -author: dansimp -ms.assetid: 0ec623ff-5155-4906-aef2-20cdc0f84667 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 11/01/2016 ---- - - -# Generating MBAM 2.5 Stand-alone Reports - - -When you configure Microsoft BitLocker Administration and Monitoring (MBAM) with the Stand-alone topology, you can generate reports to monitor BitLocker drive encryption usage and compliance. This topic contains the following procedures: - -- [To open the Administration and Monitoring Website](#bkmk-openadmin) - -- [To generate an Enterprise Compliance Report](#bkmk-enterprise) - -- [To generate a Computer Compliance Report](#bkmk-computercomp) - -- [To generate a Recovery Key Audit Report](#bkmk-recoverykey) - -For descriptions of the Stand-alone reports, see [Understanding MBAM 2.5 Stand-alone Reports](understanding-mbam-25-stand-alone-reports.md). - -**Note**   -To run the reports, you must be a member of the **MBAM Report Users** group, which you configure in Active Directory Domain Services. For more information, see [Planning for MBAM 2.5 Groups and Accounts](planning-for-mbam-25-groups-and-accounts.md). - - - -**To open the Administration and Monitoring Website** - -1. Open a web browser and navigate to the Administration and Monitoring Website. The default URL for the Administration and Monitoring Website is: - - *http(s)://<MBAMAdministrationServerName>:<port>/Helpdesk* - -2. In the left pane, click **Reports**. From the top menu bar, select the report you want to run. - - MBAM client data is retained in the Compliance and Audit Database for historical reference in case a computer is lost or stolen. When running enterprise reports, we recommend that you use appropriate start and end dates to scope the time frames for the reports from one to two weeks to increase reporting data accuracy. - - After you generate a report, you can save the results in different formats, such as HTML, Microsoft Word, and Microsoft Excel. - - **Note**   - Configure SQL Server Reporting Services (SSRS) to use Secure Sockets Layer (SSL) before configuring the Administration and Monitoring Website. If, for any reason, SSRS is not configured to use SSL, the URL for the Reports will be set to HTTP instead of to HTTPS when you configure the Administration and Monitoring Website. If you then go to the Administration and Monitoring Website and select a report, the following message displays: “Only Secure Content is Displayed.” To show the report, click **Show All Content**. - - - -**To generate an Enterprise Compliance Report** - -1. From the Administration and Monitoring Website, select the **Reports** node from the left navigation pane, select **Enterprise Compliance Report**, and select the filters that you want to use. The available filters for the Enterprise Compliance Report are: - - - **Compliance Status**. Use this filter to specify the compliance status types of the report (for example, Compliant or Noncompliant). - - - **Error State**. Use this filter to specify the error state types of the report (for example, No Error or Error). - -2. Click **View Report** to display the selected report. - -3. Select a computer name to view information about the computer in the Computer Compliance Report. - -4. Select the plus sign (+) next to the computer name to view information about the volumes on the computer. - -**To generate a Computer Compliance Report** - -1. From the Administration and Monitoring Website, select the **Report** node from the left navigation pane, and then select **Computer Compliance Report**. Use the Computer Compliance Report to search for **User name** or **Computer name**. - -2. Click **View Report** to view the Computer Compliance Report. - -3. Select a computer name to display more information about the computer in the Computer Compliance Report. - -4. Select the plus sign (+) next to the computer name to view information about the volumes on the computer. - - **Note**   - An MBAM client computer is considered compliant if the computer matches or exceeds the requirements of the MBAM Group Policy settings. - -**To generate a Recovery Key Audit Report** - -1. From the Administration and Monitoring Website, select the **Report** node in the left navigation pane, and then select **Recovery Audit Report**. Select the filters for your Recovery Key Audit Report. The available filters for recovery key audits are as follows: - - - **Helpdesk User**. This filter enables users to specify the user name of the requester. The requester is the person in the Help Desk who accessed the key on behalf of an end user. - - - **End User**. This filter enables users to specify the user name of the requestee. The requestee is the end user who called the Help Desk to obtain a recovery key. - - - **Request Result**. This filter enables users to specify the request result types (for example, Success or Failed) that they want to base the report on. For example, users may want to view failed key access attempts. - - - **Key Type**. This filter enables users to specify the key type (for example, Recovery Key Password or TPM Password Hash) that they want to base the report on. - - - **Start Date**. This filter is used to define the Start Date part of the date range that the user wants to report on. - - - **End Date**. This filter is used to define the End Date part of the date range that the users want to report on. - -2. Click **View Report** to view the report. - - - -## Related topics - - -[Monitoring and Reporting BitLocker Compliance with MBAM 2.5](monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md) - -[Understanding MBAM 2.5 Stand-alone Reports](understanding-mbam-25-stand-alone-reports.md) - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).  - - - - - diff --git a/mdop/mbam-v25/getting-started-with-mbam-25.md b/mdop/mbam-v25/getting-started-with-mbam-25.md deleted file mode 100644 index 27038fd66a..0000000000 --- a/mdop/mbam-v25/getting-started-with-mbam-25.md +++ /dev/null @@ -1,105 +0,0 @@ ---- -title: Getting Started with MBAM 2.5 -description: Getting Started with MBAM 2.5 -author: dansimp -ms.assetid: 23d0cfbb-e2ef-4c34-bf29-1b7ab4c48f00 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Getting Started with MBAM 2.5 - - -This topic provides a list of links to help you learn about Microsoft BitLocker Administration and Monitoring (MBAM) 2.5, its purpose, features, recommended architecture, and steps for evaluating MBAM in a test environment. - -See the following resources for additional MBAM documentation: - -- [Microsoft BitLocker Administration and Monitoring Deployment Guide](https://go.microsoft.com/fwlink/?LinkId=396653) - -Before you deploy MBAM to a production environment, we recommend that you validate your deployment plan in a test environment. - -## Getting started with MBAM 2.5 - - -Before you start planning your MBAM deployment, review the following topics. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Topic descriptionLinks to topics

High-level overview of MBAM 2.5 that describes how you can use it in your organization.

About MBAM 2.5

Release notes, which lists known issues in the product.

Release Notes for MBAM 2.5

Information about how you can evaluate MBAM 2.5 in a test environment.

Evaluating MBAM 2.5 in a Test Environment

Description of the MBAM 2.5 features and the recommended architecture of the Stand-alone and Configuration Manager Integration topologies in a production environment.

High-Level Architecture for MBAM 2.5

Description and illustration of each MBAM Server feature, without the recommended architecture.

Illustrated Features of an MBAM 2.5 Deployment

Describes the keyboard shortcuts that are available for MBAM 2.5.

Accessibility for MBAM 2.5

- - - -## How to get MDOP technologies - - -MBAM 2.5 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and about acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049). - -## Other resources for this product - - -[Microsoft BitLocker Administration and Monitoring 2.5](index.md) - -[Planning for MBAM 2.5](planning-for-mbam-25.md) - -[Deploying MBAM 2.5](deploying-mbam-25.md) - -[Operations for MBAM 2.5](operations-for-mbam-25.md) - -[Troubleshooting MBAM 2.5](troubleshooting-mbam-25.md) - -[Technical Reference for MBAM 2.5](technical-reference-for-mbam-25.md) - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - - - - - diff --git a/mdop/mbam-v25/hiding-the-default-bitlocker-drive-encryption-item-in-control-panel-mbam-25.md b/mdop/mbam-v25/hiding-the-default-bitlocker-drive-encryption-item-in-control-panel-mbam-25.md deleted file mode 100644 index 5ef9f09421..0000000000 --- a/mdop/mbam-v25/hiding-the-default-bitlocker-drive-encryption-item-in-control-panel-mbam-25.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: Hiding the Default BitLocker Drive Encryption Item in Control Panel -description: Hiding the Default BitLocker Drive Encryption Item in Control Panel -author: dansimp -ms.assetid: 6e2a9a02-a809-43a1-80a3-1b03c7192c89 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Hiding the Default BitLocker Drive Encryption Item in Control Panel - - -This topic describes how to hide the **BitLocker Drive Encryption** Control Panel item, which appears by default on Control Panel as part of the Windows operating system. - -**Note**   -Microsoft BitLocker Administration and Monitoring (MBAM) creates an additional, custom Control Panel item, called **BitLocker Encryption Options**, which enables end users to manage their PIN and password, turn on BitLocker for a drive, and check encryption. - - - -See [Understanding the BitLocker Encryption Options and BitLocker Drive Encryption Items in Control Panel](understanding-the-bitlocker-encryption-options-and-bitlocker-drive-encryption-items-in-control-panel.md) to read about: - -- Differences between the MBAM and the default Control Panel items - -- **Manage BitLocker** shortcut menu that appears when you right-click a drive in Windows Explorer - -**Important**   -Do not change the Group Policy settings in the **BitLocker Drive Encryption** node. If you do, MBAM will not work correctly. When you configure the Group Policy settings in the **MDOP MBAM (BitLocker Management)** node, MBAM automatically configures the **BitLocker Drive Encryption** settings for you. - - - -**To hide the default BitLocker Drive Encryption item in Control Panel** - -1. In the Group Policy Management Console (GPMC) or in Advanced Group Policy Management, browse to **User configuration** > **Policies** > **Administrative Templates** > **Control Panel**. - -2. In the **Details** pane, double-click **Hide specified Control Panel items**, and then click **Enabled**. - -3. Click **Show**, click **Add**, and then type **Microsoft.BitLockerDriveEncryption**. - - - -## Related topics - - -[Understanding the BitLocker Encryption Options and BitLocker Drive Encryption Items in Control Panel](understanding-the-bitlocker-encryption-options-and-bitlocker-drive-encryption-items-in-control-panel.md) - -[Deploying MBAM 2.5 Group Policy Objects](deploying-mbam-25-group-policy-objects.md) - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).  - - - - - diff --git a/mdop/mbam-v25/high-level-architecture-for-mbam-25.md b/mdop/mbam-v25/high-level-architecture-for-mbam-25.md deleted file mode 100644 index 10db3f3710..0000000000 --- a/mdop/mbam-v25/high-level-architecture-for-mbam-25.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: High-Level Architecture for MBAM 2.5 -description: High-Level Architecture for MBAM 2.5 -author: dansimp -ms.assetid: b42af25c-961b-4a6a-92d2-916a373eb68b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# High-Level Architecture for MBAM 2.5 - - -Microsoft BitLocker Administration and Monitoring can be deployed in a Stand-alone topology, where you run MBAM as a stand-alone product, or in a topology that is integrated with System Center 2012 R2 Configuration Manager, System Center 2012 Configuration Manager, or Microsoft System Center Configuration Manager 2007. The high-level architecture information describes and illustrates the recommended architecture and servers for each topology and the features that you configure on each server. - -## High-level architecture information - - -- [High-Level Architecture of MBAM 2.5 with Stand-alone Topology](high-level-architecture-of-mbam-25-with-stand-alone-topology.md) - - This section describes and illustrates the recommended MBAM architecture for the MBAM Stand-alone topology. It also lists the servers and the features that you configure on the servers. - -- [High-Level Architecture of MBAM 2.5 with Configuration Manager Integration Topology](high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md) - - This section describes and illustrates the recommended MBAM architecture for the System Center Configuration Manager Integration topology. It also lists the servers and the features that you configure on the servers. - -## Other resources - - -[Getting Started with MBAM 2.5](getting-started-with-mbam-25.md) - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - -  - -  - - - - - diff --git a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md b/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md deleted file mode 100644 index 3f47fccbd0..0000000000 --- a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md +++ /dev/null @@ -1,297 +0,0 @@ ---- -title: High-Level Architecture of MBAM 2.5 with Configuration Manager Integration Topology -description: High-Level Architecture of MBAM 2.5 with Configuration Manager Integration Topology -author: dansimp -ms.assetid: 075bafa1-792b-4c24-9d8e-5d3153e2112c -ms.reviewer: -manager: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/23/2018 -ms.author: dansimp ---- - - -# High-level architecture of MBAM 2.5 with Configuration Manager Integration topology - -This topic describes the recommended architecture for deploying Microsoft BitLocker Administration and Monitoring (MBAM) with the Configuration Manager Integration topology. This topology integrates MBAM with System Center Configuration Manager. To deploy MBAM with the Stand-alone topology, see [High-Level Architecture of MBAM 2.5 with Stand-alone Topology](high-level-architecture-of-mbam-25-with-stand-alone-topology.md). - -For a list of the supported versions of the software mentioned in this topic, see [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md). - -**Important**   -Windows To Go is not supported for the Configuration Manager Integration topology installation when you are using Configuration Manager 2007. - - - -## Recommended number of servers and supported number of clients - - -The recommended number of servers and supported number of clients in a production environment is as follows: - - ---- - - - - - - - - - - - - - - - - -
Recommended architectureDetails

Number of servers and other computers

Three servers

-

One workstation

Number of client computers supported

500,000

- - - -## Differences between Configuration Manager Integration and stand-alone topologies - - -The main differences between the topologies are: - -- The compliance and reporting features are removed from MBAM and are accessed from Configuration Manager. - -- Reports are viewed from the Configuration Manager Management Console, with the exception of the Recovery Audit Report, which you continue to view from the MBAM Administration and Monitoring Website. - -## Recommended MBAM high-level architecture with the Configuration Manager Integration topology - - -The following diagram and table describe the recommended high-level architecture for MBAM with the Configuration Manager Integration topology. MBAM multi-forest deployments require a one-way or two-way trust. One-way trusts require that the server domain trusts the client domain. - -![mbam2\-5](images/mbam2-5-cmserver.png) - -### Database server - -#### Recovery database - -This feature is configured on a computer running Windows Server and supported SQL Server instance. - -The **Recovery Database** stores recovery data that is collected from MBAM Client computers. - -#### Audit database - -This feature is configured on a computer running Windows Server and supported SQL Server instance. - -The **Audit Database** stores audit activity data that is collected from client computers that have accessed recovery data. - -#### Reports - -This feature is configured on a computer running Windows Server and supported SQL Server instance. - -The **Reports** provide recovery audit data for the client computers in your enterprise. You can view reports from the Configuration Manager console or directly from SQL Server Reporting Services. - -### Configuration Manager primary site server - -System Center Configuration Manager Integration feature - -- This feature is configured on the Configuration Manager Primary Site Server, which is the top-tier server in your Configuration Manager infrastructure. - -- The **Configuration Manager Server** collects the hardware inventory information from client computers and is used to report BitLocker compliance of client computers. - -- When you run the Microsoft BitLocker Administration and Monitoring Setup wizard to install the server software, the MBAM Supported Computers collection, configuration baseline, and reports are configured on the Configuration Manager Primary Site Server. - -- The **Configuration Manager console** must be installed on the same computer on which you install the MBAM Server software. - -### Administration and monitoring server - -#### Administration and monitoring website - -This feature is configured on a computer running Windows Server. - -The **Administration and monitoring website** is used to: - -- Help end users regain access to their computers when they are locked out. (This area of the Website is commonly called the Help Desk.) - -- View the Recovery Audit Report, which shows recovery activity for client computers. Other reports are viewed from the Configuration Manager console. - -#### Self-service portal - -This feature is configured on a computer running Windows Server. - -The **Self-Service Portal** is a website that enables end users on client computers to independently log on to a website to get a recovery key if they lose or forget their BitLocker password. - -#### Monitoring web services for this website - -This feature is installed on a computer running Windows Server. - -The **monitoring web services** are used by the MBAM Client and the websites to communicate to the database. - -**Important**
The Monitoring Web Service is no longer available in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1 since the MBAM websites communicate directly with the Recovery Database. - - - -### Management workstation - -#### MBAM group policy templates - -- The **MBAM Group Policy Templates** are Group Policy settings that define implementation settings for MBAM, which enable you to manage BitLocker drive encryption. - -- Before you run MBAM, you must download the Group Policy Templates from [How to Get MDOP Group Policy (.admx) Templates](https://go.microsoft.com/fwlink/p/?LinkId=393941) and copy them to a server or workstation that is running a supported Windows Server or Windows operating system. - - **NOTE**
The workstation does not have to be a dedicated computer. - - - -### MBAM Client and Configuration Manager Client computer - -#### MBAM Client software - -The **MBAM Client**: - -- Uses Group Policy Objects to enforce BitLocker drive encryption on client computers in the enterprise. - -- Collects the BitLocker recovery key for three data drive types: operating system drives, fixed data drives, and removable (USB) data drives. - -- Collects recovery information and computer information about the client computers. - -#### Configuration Manager Client - -The **Configuration Manager Client** enables Configuration Manager to collect hardware compatibility data about the client computers and report compliance information. - - - -## Differences in MBAM deployment for supported Configuration Manager versions - - -When you deploy MBAM with the Configuration Manager Integration topology, you can install MBAM on a primary site server. However, the MBAM installation works differently for System Center 2012 Configuration Manager and Configuration Manager 2007. - - ---- - - - - - - - - - - - - - - - - -
Configuration Manager versionDescription

System Center 2012 R2 Configuration Manager

-

System Center 2012 Configuration Manager

If you install MBAM on a primary site server or on a central administration server, MBAM performs all of the installation actions on that site server.

Configuration Manager 2007 R2

-

Configuration Manager 2007

If you install MBAM on a primary site server that is part of a larger Configuration Manager hierarchy with a central site parent server, MBAM identifies the central site parent server and performs all of the installation actions on that parent server. The installation includes checking prerequisites and installing the Configuration Manager objects and reports.

-

For example, if you install MBAM on a primary site server that is a child of a central site parent server, MBAM installs all of the Configuration Manager objects and reports on the parent server. If you install MBAM on the parent server, MBAM performs all of the installation actions on that parent server.

- - - -## How MBAM works with Configuration Manager - - -The integration of MBAM with Configuration Manager is based on a configuration pack that installs the items described in the following table. - - ---- - - - - - - - - - - - - - - - - - - - - -
Items installed into Configuration ManagerDescription

Configuration data

The configuration data installs a configuration baseline, called “BitLocker Protection,” which contains two configuration items:

-
    -

  • BitLocker Operating System Drive Protection

    • -

  • BitLocker Fixed Data Drives Protection

    • -
-

The configuration baseline is deployed to the MBAM Supported Computers collection, which is also created when MBAM is installed.

-

The two configuration items provide the basis for evaluating the compliance status of the client computers. This information is captured, stored, and evaluated in Configuration Manager.

-

The configuration items are based on the compliance requirements for operating system drives and fixed data drives. The required details for the deployed computers are collected so that the compliance for those drive types can be evaluated.

-

By default, the configuration baseline evaluates the compliance status every 12 hours and sends the compliance data to Configuration Manager.

MBAM Supported Computers collection

MBAM creates a collection that is called MBAM Supported Computers. The configuration baseline is targeted to client computers that are in this collection.

-

This is a dynamic collection. By default, it runs every 12 hours and evaluates membership, based on three criteria:

-
    -

  • The computer is a supported version of the Windows operating system.

    • -

  • The computer is a physical computer. Virtual machines are not supported.

    • -

  • The computer has a Trusted Platform Module (TPM) that is available. A compatible version of TPM 1.2 or later is required for Windows 7. Windows 10, Windows 8.1, Windows 8, and Windows To Go do not require a TPM.

    • -
-

The collection is evaluated against all computers and a subset of compatible computers is created, which provides the basis for compliance evaluation and reporting for the MBAM integration.

Reports

When you configure MBAM with the Configuration Manager Integration topology, you view all reports in Configuration Manager, except the Recovery Audit Report, the latter of which you continue to view in the MBAM Administration and Monitoring Website. The reports available in Configuration Manager are:

- ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ReportDescription

BitLocker Enterprise Compliance Dashboard

Gives IT administrators three views of information in a single report: Compliance Status Distribution, Non Compliant – Errors Distribution, and Compliance Status Distribution By Drive Type. Drill-down options on the report let IT administrators click through the data and view a list of computers that match the selected state.

BitLocker Enterprise Compliance Details

Lets IT administrators view information about the BitLocker encryption compliance status of the enterprise and includes the compliance status for each computer. Drill-down options on the report let IT administrators click through the data and view a list of computers that match the selected state.

BitLocker Computer Compliance

Lets IT administrators view an individual computer and determine why it was reported with a status of compliant or not compliant. The report also displays the encryption state of the operating system drives and fixed data drives.

BitLocker Enterprise Compliance Summary

Lets IT administrators view the status of MBAM policy compliance in the enterprise. Each computer’s state is evaluated, and the report shows a summary of the compliance of all computers in the enterprise against the policy. Drill-down options on the report let IT administrators click through the data and view a list of computers that match the selected state.

-

 

- - - - -## Related topics - - -[Getting Started with MBAM 2.5](getting-started-with-mbam-25.md) - -[High-Level Architecture of MBAM 2.5 with Stand-alone Topology](high-level-architecture-of-mbam-25-with-stand-alone-topology.md) - -[Illustrated Features of an MBAM 2.5 Deployment](illustrated-features-of-an-mbam-25-deployment.md) - - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - diff --git a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-stand-alone-topology.md b/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-stand-alone-topology.md deleted file mode 100644 index 48a70ddaaa..0000000000 --- a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-stand-alone-topology.md +++ /dev/null @@ -1,161 +0,0 @@ ---- -title: High-Level Architecture of MBAM 2.5 with Stand-alone Topology -description: High-Level Architecture of MBAM 2.5 with Stand-alone Topology -author: dansimp -ms.assetid: 35f8c5f6-8be3-443d-baf0-56d68b08f3bc -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# High-Level Architecture of MBAM 2.5 with Stand-alone Topology - - -This topic describes the recommended architecture for deploying Microsoft BitLocker Administration and Monitoring (MBAM) with the Configuration Manager Stand-alone topology. In this topology, MBAM is deployed as a stand-alone product. You can alternatively deploy MBAM with the Configuration Manager Integration topology, which integrates MBAM with Configuration Manager. For more information, see [High-Level Architecture of MBAM 2.5 with Configuration Manager Integration Topology](high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md). - -For a list of the supported versions of the software mentioned in this topic, see [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md). - -**Note**   -We recommend you use a single-server architecture in test environments only. - - - -## Recommended number of servers and supported number of clients - - -The recommended number of servers and supported number of clients in a production environment is as follows: - - ---- - - - - - - - - - - - - - - - - -
Recommended architecture in a production environmentDetails

Number of servers and other computers

Two servers

-

One workstation

Number of client computers supported

500,000

- - - -## Recommended MBAM high-level architecture with the Stand-alone topology - - -The following diagram and table describe the recommended high-level, two-server architecture for MBAM with the Stand-alone topology. MBAM multi-forest deployments require a one-way or two-way trust. One-way trusts require that the server domain trusts the client domain. - -![mbam2](images/mbam2-5-2servers.png) - -Server -Features to configure on this server -Description -Database server - -Compliance and Audit Database - -This feature is configured on a server running Windows Server and supported SQL Server instance. - -The **Compliance and Audit Database** stores compliance data, which is used primarily for reports that SQL Server Reporting Services hosts. - -Recovery Database - -This feature is configured on a server running Windows Server and supported SQL Server instance. - -The **Recovery Database** stores recovery data that is collected from MBAM client computers. - -Reports - -This feature is configured on a server running Windows Server and supported SQL Server instance. - -The **Reports** provide recovery audit and compliance status data about the client computers in your enterprise. You can access the reports from the Administration and Monitoring Website or directly from SQL Server Reporting Services. - -Administration and Monitoring Server - -Administration and Monitoring Website - -This feature is configured on a computer running Windows Server. - -The **Administration and Monitoring Website** is used to: - -- Help end users regain access to their computers when they are locked out. (This area of the Website is commonly called the Help Desk.) - -- View reports that show compliance status and recovery activity for client computers. - -Self-Service Portal - -This feature is configured on a computer running Windows Server. - -The **Self-Service Portal** is a website that enables end users on client computers to independently log on to a website to get a recovery key if they lose or forget their BitLocker password. - -Monitoring web services for this website - -This feature is configured on a computer running Windows Server. - -The **monitoring web services** are used by the MBAM Client and the websites to communicate to the database. - -**Important**   -The Monitoring Web Service is no longer available in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1 since the MBAM websites communicate directly with the Recovery Database. - - - -Management workstation - -MBAM Group Policy Templates - -- The MBAM Group Policy Templates are Group Policy settings that define implementation settings for MBAM, which enable you to manage BitLocker Drive Encryption. - -- Before you run MBAM, you must download the Group Policy Templates from [How to Get MDOP Group Policy (.admx) Templates](https://go.microsoft.com/fwlink/p/?LinkId=393941) and copy them to a server or workstation that is running a supported Windows Server or Windows operating system. - -- The workstation does not have to be a dedicated computer. - -MBAM Client and Configuration Manager client computer - -MBAM Client software - -The MBAM Client: - -- Uses Group Policy Objects to enforce BitLocker Drive Encryption on client computers in the enterprise. - -- Collects the Bitlocker recovery key for three data drive types: operating system drives, fixed data drives, and removable (USB) data drives. - -- Collects recovery information and computer information about the client computers. - - - -## Related topics - - -[Getting Started with MBAM 2.5](getting-started-with-mbam-25.md) - -[High-Level Architecture of MBAM 2.5 with Configuration Manager Integration Topology](high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md) - -[Illustrated Features of an MBAM 2.5 Deployment](illustrated-features-of-an-mbam-25-deployment.md) - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).  - - - - - diff --git a/mdop/mbam-v25/how-to-configure-the-mbam-25-databases.md b/mdop/mbam-v25/how-to-configure-the-mbam-25-databases.md deleted file mode 100644 index 1c818b89dc..0000000000 --- a/mdop/mbam-v25/how-to-configure-the-mbam-25-databases.md +++ /dev/null @@ -1,237 +0,0 @@ ---- -title: How to Configure the MBAM 2.5 Databases -description: How to Configure the MBAM 2.5 Databases -author: dansimp -ms.assetid: 66e1c81b-f785-4398-9175-bb5f112c2a35 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure the MBAM 2.5 Databases - - -This topic explains how to configure the Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 Compliance and Audit Database and the Recovery Database by using: - -- A Windows PowerShell cmdlet - -- The MBAM Server Configuration wizard - -The instructions are based on the recommended architecture in [High-Level Architecture for MBAM 2.5](high-level-architecture-for-mbam-25.md). - -**Before you start the configuration:** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
StepWhere to get instructions

Review the recommended architecture for MBAM.

High-Level Architecture for MBAM 2.5

Review the supported configurations for MBAM.

MBAM 2.5 Supported Configurations

Complete the required prerequisites on each server.

Install the MBAM Server software on each server where you plan to configure an MBAM Server feature.

-
-Note

You can install the databases to a remote SQL Server computer by using Windows PowerShell or an exported data-tier application (DAC) package. For more information about DAC packages, see Data-tier Applications.

-
-
- -

Installing the MBAM 2.5 Server Software

Review the prerequisites for using Windows PowerShell if you plan to use Windows PowerShell cmdlets to configure MBAM Server features.

Configuring MBAM 2.5 Server Features by Using Windows PowerShell

- - - -**To configure the databases by using Windows PowerShell** - -1. Before you start the configuration, see [Configuring MBAM 2.5 Server Features by Using Windows PowerShell](configuring-mbam-25-server-features-by-using-windows-powershell.md) to review the prerequisites for using Windows PowerShell. - -2. Use the **Enable-MbamDatabase** Windows PowerShell cmdlet to configure the databases. To get information about this Windows PowerShell cmdlet, type **Get-Help Enable-MbamDatabase**. - -**To configure the Compliance and Audit Database by using the wizard** - -1. On the server where you want to configure the databases, start the **MBAM Server Configuration** wizard. You can select **MBAM Server Configuration** from the **Start** menu to open the wizard. - -2. Click **Add New Features**, select **Compliance and Audit Database** and **Recovery Database**, and then click **Next**. The wizard checks that all prerequisites for the databases have been met. - -3. If the prerequisite check is successful, click **Next** to continue. Otherwise, resolve any missing prerequisites, and then click **Check prerequisites again**. - -4. Using the following descriptions, enter the field values in the wizard: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription

SQL Server name

Name of the server where you are configuring the Compliance and Audit Database.

-
- Note

You must add an exception on the Compliance and Audit Database computer to enable inbound traffic on the Microsoft SQL Server port. The default port number is 1433.

-
-
- -

SQL Server database instance

Name of the database instance where the compliance and audit data will be stored. You must also specify where the database information will be located.

Database name

Name of the database that will store the compliance data.

-
- Note

If you are upgrading from a previous version of MBAM, you must use the same database name as the name that was used in your previous deployment.

-
-
- -

Read/write access domain user or group

Domain user or group that has read/write permission to this database to enable the web applications to access the data and reports in this database.

-

If you enter a user in this field, it must be the same value as the value in the Web service application pool domain account field on the Configure Web Applications page.

-

If you enter a group in this field, the value in the Web service application pool domain account field on the Configure Web Applications page must be a member of the group you enter in this field.

Read-only access domain user or group

Name of the user or group that will have read-only permission to this database to enable the reports to access the compliance data in this database.

-

If you enter a user in this field, it must be the same user as the one you specify in the Compliance and Audit Database domain account field on the Configure Reports page.

-

If you enter a group in this field, the value that you specify in the Compliance and Audit Database domain account field on the Configure Reports page must be a member of the group that you specify in this field.

- - - -5. Continue to the next section to configure the Recovery Database. - -**To configure the Recovery Database by using the wizard** - -1. Using the following descriptions, enter the field values in the wizard: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription

SQL Server name

Name of the server where you are configuring the Recovery Database.

-
- Note

You must add an exception on the Recovery Database computer to enable inbound traffic on the Microsoft SQL Server port. The default port number is 1433.

-
-
- -

SQL Server database instance

Name of the database instance where the recovery data will be stored. You must also specify where the database information will be located.

Database name

Name of the database that will store the recovery data.

-
- Note

If you are upgrading from a previous version of MBAM, you must use the same database name as the name that was used in your previous deployment.

-
-
- -

Read/write access domain user or group

Domain user or group that has read/write permission to this database to enable the web applications to access the data and reports in this database.

-

If you enter a user in this field, it must be the same value as the value in the Web service application pool domain account field on the Configure Web Applications page.

-

If you enter a group in this field, the value in the Web service application pool domain account field on the Configure Web Applications page must be a member of the group you enter in this field.

- - - -2. When you finish your entries, click **Next**. - - The wizard checks that all prerequisites for the databases have been met. - -3. If the prerequisite check is successful, click **Next** to continue. Otherwise, resolve any missing prerequisites, and then click **Next** again. - -4. On the **Summary** page, review the features that will be added. - - **Note** - To create a Windows PowerShell script of the entries that you just made, click **Export PowerShell Script**, and then save the script. - - - -5. Click **Add** to add the MBAM databases on the server, and then click **Close**. - - - -## Related topics - - -[Server Event Logs](server-event-logs.md) - -[Configuring the MBAM 2.5 Server Features](configuring-the-mbam-25-server-features.md) - -[How to Configure the MBAM 2.5 Reports](how-to-configure-the-mbam-25-reports.md) - -[How to Configure the MBAM 2.5 Web Applications](how-to-configure-the-mbam-25-web-applications.md) - -[Validating the MBAM 2.5 Server Feature Configuration](validating-the-mbam-25-server-feature-configuration.md) - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - diff --git a/mdop/mbam-v25/how-to-configure-the-mbam-25-reports.md b/mdop/mbam-v25/how-to-configure-the-mbam-25-reports.md deleted file mode 100644 index b76b25843c..0000000000 --- a/mdop/mbam-v25/how-to-configure-the-mbam-25-reports.md +++ /dev/null @@ -1,179 +0,0 @@ ---- -title: How to Configure the MBAM 2.5 Reports -description: How to Configure the MBAM 2.5 Reports -author: dansimp -ms.assetid: ec462879-0253-4d9c-83c7-a9bcad479725 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure the MBAM 2.5 Reports - - -This topic explains how to configure the Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 Reports feature by using: - -- A Windows PowerShell cmdlet - -- The MBAM Server Configuration wizard - -The instructions are based on the recommended architecture in [High-Level Architecture for MBAM 2.5](high-level-architecture-for-mbam-25.md). - -**Before you start the configuration:** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
StepWhere to get instructions

Review the recommended architecture for MBAM.

High-Level Architecture for MBAM 2.5

Review the supported configurations for MBAM.

MBAM 2.5 Supported Configurations

Complete the required prerequisites on each server.

Install the MBAM Server software on each server where you plan to configure an MBAM Server feature.

Installing the MBAM 2.5 Server Software

Review the prerequisites for using Windows PowerShell if you plan to use Windows PowerShell cmdlets to configure MBAM Server features.

Configuring MBAM 2.5 Server Features by Using Windows PowerShell

- - - -**To configure the Reports by using Windows PowerShell** - -1. Before you start the configuration, see [Configuring MBAM 2.5 Server Features by Using Windows PowerShell](configuring-mbam-25-server-features-by-using-windows-powershell.md) to review the prerequisites for using Windows PowerShell. - -2. Use the **Enable-MbamReport** Windows PowerShell cmdlet to configure the Reports. To get information about this Windows PowerShell cmdlet, type **Get-Help Enable-MbamReport**. - -**To configure the Reports by using the wizard** - -1. On the server where you want to configure the Reports, start the **MBAM Server Configuration** wizard. You can select **MBAM Server Configuration** from the **Start** menu to open the wizard. - -2. Click **Add New Features**, select **Reports**, and then click **Next**. The wizard checks that all prerequisites for the Reports have been met. - -3. Click **Next** to continue. - -4. Using the following descriptions, enter the field values in the wizard: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription

SQL Server Reporting Services instance

Instance of SQL Server Reporting Services where the Reports will be configured.

Reporting role domain group

Name of the domain Users group whose members have rights to access the reports on the Administration and Monitoring Server.

SQL Server name

Name of the server where the Compliance and Audit Database is configured.

SQL Server database instance

Name of the instance of SQL Server (for example, MSSQLSERVER) where the Compliance and Audit Database is configured.

-
- Note

You must add an exception on the Reports computer to enable inbound traffic on the port of the Reporting Server (the default port is 80).

-
-
- -

Database name

Name of the Compliance and Audit Database. By default, the database name is MBAM Compliance Status, although you can change the name when you configure the Compliance and Audit Database.

-
- Note

If you are upgrading from a previous version of MBAM, you must use the same database name as the name used in your previous deployment.

-
-
- -

Compliance and Audit Database domain account

Domain user account and password to access the Compliance and Audit Database.

-

If the value you enter in the Read-only access domain user or group field on the Configure Databases page is a user, you must enter that same value in this field.

-

If the value that you enter in the Read-only access domain user or group field on the Configure Databases page is a group, the value that you enter in this field must be a member of that group.

-

Configure the password for this account to never expire. The user account should be able to access all data that is available to the MBAM Reports Users group.

- - - -5. When you finish your entries, click **Next**. - - The wizard checks that all prerequisites for the Reports feature have been met. - -6. Click **Next** to continue. - -7. On the **Summary** page, review the features that will be added. - - **Note** - To create a Windows PowerShell script of the entries that you just made, click **Export PowerShell Script**, and then save the script. - - - -8. Click **Add** to add the Reports on the server, and then click **Close**. - - - -## Related topics - - -[Server Event Logs](server-event-logs.md) - -[Configuring the MBAM 2.5 Server Features](configuring-the-mbam-25-server-features.md) - -[How to Configure the MBAM 2.5 Web Applications](how-to-configure-the-mbam-25-web-applications.md) - -[Validating the MBAM 2.5 Server Feature Configuration](validating-the-mbam-25-server-feature-configuration.md) - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - - diff --git a/mdop/mbam-v25/how-to-configure-the-mbam-25-system-center-configuration-manager-integration.md b/mdop/mbam-v25/how-to-configure-the-mbam-25-system-center-configuration-manager-integration.md deleted file mode 100644 index 38766dc323..0000000000 --- a/mdop/mbam-v25/how-to-configure-the-mbam-25-system-center-configuration-manager-integration.md +++ /dev/null @@ -1,150 +0,0 @@ ---- -title: How to Configure the MBAM 2.5 System Center Configuration Manager Integration -description: How to Configure the MBAM 2.5 System Center Configuration Manager Integration -author: dansimp -ms.assetid: 2b8a4c13-1dad-41e8-89ac-6889c5f7e051 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure the MBAM 2.5 System Center Configuration Manager Integration - - -This topic explains how to configure Microsoft BitLocker Administration and Monitoring (MBAM) to use the System Center Configuration Manager Integration topology, which integrates MBAM with Configuration Manager. - -The instructions explain how to configure Configuration Manager Integration by using: - -- A Windows PowerShell cmdlet - -- The MBAM Server Configuration wizard - -The instructions are based on the recommended architecture in [High-Level Architecture for MBAM 2.5](high-level-architecture-for-mbam-25.md). - -**Before you start the configuration:** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
StepWhere to get instructions

Review the recommended architecture for MBAM.

High-Level Architecture of MBAM 2.5 with Configuration Manager Integration Topology

Review the supported configurations for MBAM.

MBAM 2.5 Supported Configurations

Complete the required prerequisites on each server.

Install the MBAM Server software on each server where you will configure an MBAM Server feature.

-
-Note

For this topology, you must install the Configuration Manager console on the computer where you are installing the MBAM Server software.

-
-
- -

Installing the MBAM 2.5 Server Software

Review Windows PowerShell prerequisites (applicable only if you are going to use Windows PowerShell cmdlets to configure MBAM).

Configuring MBAM 2.5 Server Features by Using Windows PowerShell

- - - -**To configure Configuration Manager Integration by using Windows PowerShell** - -1. Before you start the configuration, see [Configuring MBAM 2.5 Server Features by Using Windows PowerShell](configuring-mbam-25-server-features-by-using-windows-powershell.md) to review the prerequisites for using Windows PowerShell. - -2. Use the **Enable-MbamCMIntegration** Windows PowerShell cmdlet to configure the Reports. To get information about this cmdlet, type **Get-Help Enable-MbamCMIntegration**. - -**To configure the System Center Configuration Manager Integration by using the wizard** - -1. On the server where you want to configure the System Center Configuration Manager Integration feature, start the MBAM Server Configuration wizard. You can select **MBAM Server Configuration** from the **Start** menu to open the wizard. - -2. Click **Add New Features**, select **System Center Configuration Manager Integration**, and then click **Next**. - - The wizard checks that all prerequisites for the Configuration Manager Integration have been met. - -3. If the prerequisite check is successful, click **Next** to continue. Otherwise, resolve any missing prerequisites, and then click **Check prerequisites again**. - -4. Use the following descriptions to enter the field values in the wizard: - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription

SQL Server Reporting Services server

Fully qualified domain name (FQDN) of the server with the Reporting Service point role. This is the server to which the MBAM Configuration Manager Reports are deployed.

-

If you don’t specify a server, the Configuration Manager Reports will be deployed to the local server.

SQL Server Reporting Services instance

Name of the SQL Server Reporting Services (SSRS) instance where the Configuration Manager Reports are deployed.

-

If you don’t specify an instance, the Configuration Manager Reports will be deployed to the default SSRS instance name. The value you enter is ignored if the server has System Center 2012 Configuration Manager installed.

- - - -5. On the **Summary** page, review the features that will be added. - - **Note** - To create a Windows PowerShell script of the entries you just made, click **Export PowerShell Script** and save the script. - - - -6. Click **Add** to add the Configuration Manager Integration feature to the server, and then click **Close**. - - - -## Related topics - - -[Configuring the MBAM 2.5 Server Features](configuring-the-mbam-25-server-features.md) - -[Validating the MBAM 2.5 Server Feature Configuration](validating-the-mbam-25-server-feature-configuration.md) - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - - diff --git a/mdop/mbam-v25/how-to-configure-the-mbam-25-web-applications.md b/mdop/mbam-v25/how-to-configure-the-mbam-25-web-applications.md deleted file mode 100644 index dba8888b3b..0000000000 --- a/mdop/mbam-v25/how-to-configure-the-mbam-25-web-applications.md +++ /dev/null @@ -1,430 +0,0 @@ ---- -title: How to Configure the MBAM 2.5 Web Applications -description: How to Configure the MBAM 2.5 Web Applications -author: dansimp -ms.assetid: 909bf2d3-028c-4ac1-9247-171532a1eeae -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure the MBAM 2.5 Web Applications - - -This topic explains how to configure the Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 web applications for the recommended [High-Level Architecture for MBAM 2.5](high-level-architecture-for-mbam-25.md) by using one of the following methods: - -- A Windows PowerShell cmdlet - -- The MBAM Server Configuration wizard - -The web applications comprise the following websites and their corresponding web services: - - ---- - - - - - - - - - - - - - - - - -
WebsiteDescription

Administration and Monitoring Website

Website where specified users can view reports and help end users recover their computers when they forget their PIN or password

Self-Service Portal

Website that end users can access to independently regain access to their computers if they forget their PIN or password

- - - -**Before you start the configuration:** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
StepWhere to get instructions

Review the recommended architecture for MBAM.

High-Level Architecture for MBAM 2.5

Review the supported configurations for MBAM.

MBAM 2.5 Supported Configurations

Complete the required prerequisites on each server.

-
-Note

Ensure that you configure SQL ServerReporting Services (SSRS) to use the Secure Sockets Layer (SSL) before you configure the Administration and Monitoring Website. Otherwise, the Reports feature will use HTTP instead of HTTPS.

-
-
- -

Register service principal names (SPNs) for the application pool account for the websites. You need to do this step only if you do not have administrative domain rights in Active Directory Domain Services (AD DS). If you do have these rights in AD DS, MBAM will create the SPNs for you.

Planning How to Secure the MBAM Websites

Install the MBAM Server software on each server where you will configure an MBAM Server feature.

-
-Note

If you plan to install the websites on one server and the web services on another, you will be able to configure them only by using the Enable-MbamWebApplication Windows PowerShell cmdlet. The MBAM Server Configuration wizard does not support configuring these items on separate servers.

-
-
- -

Installing the MBAM 2.5 Server Software

Review the prerequisites for using Windows PowerShell if you plan to use cmdlets to configure MBAM Server features.

Configuring MBAM 2.5 Server Features by Using Windows PowerShell

- - - -**To configure the web applications by using Windows PowerShell** - -1. Before you start the configuration, see [Configuring MBAM 2.5 Server Features by Using Windows PowerShell](configuring-mbam-25-server-features-by-using-windows-powershell.md) to review the prerequisites for using Windows PowerShell. - -2. Use the **Enable-MbamWebApplication** cmdlet to configure the web applications using Windows PowerShell. To get information about this cmdlet, type **Get-Help Enable-MbamWebApplication**. - -**To configure the settings for all web applications using the wizard** - -1. On the server where you want to configure the web applications, start the MBAM Server Configuration wizard. You can select **MBAM Server Configuration** from the **Start** menu to open the wizard. - -2. Click **Add New Features**, select **Administration and Monitoring Website** and **Self-Service Portal**, and then click **Next**. The wizard checks that all prerequisites for the web applications have been met. - -3. If the prerequisite check is successful, click **Next** to continue. Otherwise, resolve any missing prerequisites, and then click **Check prerequisites again**. - -4. Use the following descriptions to enter the field values in the wizard. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription

Security certificate

Select a previously created certificate to optionally encrypt the communication between the web services and the server on which you are configuring the websites. If you choose Do not use a certificate, your web communication may not be secure.

Host name

Name of the host computer where you are configuring the websites.

Installation path

Path where you are installing the websites.

Port

Port number to use for website and service communication.

-
- Note

You must set a firewall exception to enable communication through the specified port.

-
-
- -

Web service application pool domain account and password

Domain user account and password for the web service application pool.

-

If you enter a user name in the Read/write access domain user or group field on the Configure Databases page, you must enter that same value in this field.

-

If you enter a group name in the Read/write access domain user or group field on the Configure Databases page, the value you enter in this field must be a member of that group.

-

If you do not specify credentials, the credentials that were specified for any previously enabled web application will be used. All web applications must use the same application pool credentials. If you specify different credentials for different web applications, the most recently specified value will be used.

-
- Important

For improved security, set the account that is specified in the credentials to have limited user rights. Also, set the password of the account to never expire.

-
-
- -
- - - -5. Verify that the built-in IIS\_IUSRS account or the application pool account has been added to the **Impersonate a client after authentication** and the **Log on as a batch job** local security settings. - - To check whether it has been added to the local security settings, open the **Local Security Policy editor**, expand the **Local Policies** node, click the **User Rights Assignment** node, and double-click **Impersonate a client after authentication** and **Log on as a batch job** policies in the right pane. - -**To configure connection information for the databases by using the wizard** - -1. Use the following field descriptions to configure the connection information in the wizard for the Compliance and Audit Database. - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription

SQL Server name

Name of the server where the Compliance and Audit Database is configured.

SQL Server database instance

SQL Server instance name where the Compliance and Audit Database is configured.

Database name

Name of the Compliance and Audit Database.

- - - -2. Use the following field descriptions to configure the connection information in the wizard for the Recovery Database. - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription

SQL Server name

Name of the server where the Recovery Database is configured.

SQL Server database instance

SQL Server instance name where the Recovery Database is configured.

Database name

Name of the Recovery Database.

- - - -**To configure the web applications by using the wizard** - -1. Use the following descriptions to enter the field values in the wizard to configure the Administration and Monitoring Website. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription

Advanced Helpdesk role domain group

Domain user group whose members have access to all areas of the Administration and Monitoring Website except the Reports area.

Helpdesk role domain group

Domain user group whose members have access to the Manage TPM and Drive Recovery areas of the Administration and Monitoring Website.

Use System Center Configuration Manager Integration

Select this check box if you are configuring MBAM with the Configuration Manager Integration topology. Selecting this check box makes all reports, except the Recovery Audit report, appear in Configuration Manager instead of in the Administration and Monitoring Website.

Reporting role domain group

Domain user group whose members have read-only access to the Reports area of the Administration and Monitoring Website.

SQL Server Reporting Services URL

URL for the SSRS server where the MBAM Reports are configured.

-

Examples of report URLs:

- - - - - - - - - - - - - - - - - - - - - -
Type of host nameExample

Example with a fully qualified domain name

https://MyReportServer.Contoso.com/ReportServer

Example with a custom host name

https://MyReportServer/ReportServer

-

Virtual directory

Virtual directory of the Administration and Monitoring Website. This name corresponds to the website’s physical directory on the server and is appended to the website’s host name, for example:

-

http(s)://<hostname>:<port>/HelpDesk/

-

If you do not specify a virtual directory, the value HelpDesk will be used.

Data Migration role domain group (optional)

Domain user group whose members have access to use the Write-Mbam*Information Cmdlets to write recovery information via this endpoint.

- - - -2. Use the following description to enter the field values in the wizard to configure the Self-Service Portal. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription

Virtual directory

Virtual directory of the web application. This name corresponds to the website’s physical directory on the server, and is appended to the website’s host name, for example:

-

http(s)://<hostname>:<port>/SelfService/

-

If you do not specify a virtual directory, the value SelfService will be used.

Company name

Specify a company name for the Self-Service Portal, for example:

-

Contoso IT

-

This company name is viewed by all Self-Service Portal users.

Helpdesk URL text

Specify a text statement that directs users to your organization's Helpdesk website, for example:

-

Contact Helpdesk or IT department

Helpdesk URL

Specify the URL for your organization's Helpdesk website, for example:

-

http(s)://<companyHelpdeskURL>/

Notice text file

Select a file that contains the notice you want displayed to users on the Self-Service Portal landing page.

Do not display notice text to users

Select this check box to specify that the notice text is not displayed to users.

- - - -3. When you finish your entries, click **Next**. - - The wizard checks that all prerequisites for the web applications have been met. - -4. Click **Next** to continue. - -5. On the **Summary** page, review the features that will be added. - - **Note** - To create a Windows PowerShell script for the entries you made, click **Export PowerShell Script** and save the script. - - - -6. Click **Add** to add the web applications to the server, and then click **Close**. - - To customize the Self-Service Portal by adding custom notice text, your company name, pointers to more information, and so on, see [Customizing the Self-Service Portal for Your Organization](customizing-the-self-service-portal-for-your-organization.md). - -**To configure the Self-Service Portal if client computers cannot access the CDN** - -1. Determine whether you are running Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1. If so, do nothing. Your Self-Service Portal configuration is complete. - - **Note** - Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1 installs the JavaScript files in setup, and so does not need to be connected to the Microsoft Ajax Content Delivery Network in order to configure the Self-Service Portal. The following steps are necessary only if you are using a version of Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 previous to SP1. - - - -2. Determine if your client computers have access to the Microsoft Ajax Content Delivery Network (CDN). - - The CDN gives the Self-Service Portal the access it requires to certain JavaScript files. If you don’t configure the Self-Service Portal when client computers cannot access the CDN, only the company name and the account under which the end user signed in will be displayed. No error message will be shown. - -3. Do one of the following: - - - If your client computers have access to the CDN, do nothing. Your Self-Service Portal configuration is complete. - - - If your client computers do not have access to the CDN, complete the steps in [How to Configure the Self-Service Portal When Client Computers Cannot Access the Microsoft Content Delivery Network](how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network.md). - - -## Related topics - - -[Server Event Logs](server-event-logs.md) - -[Configuring the MBAM 2.5 Server Features](configuring-the-mbam-25-server-features.md) - -[How to Configure the Self-Service Portal When Client Computers Cannot Access the Microsoft Content Delivery Network](how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network.md) - -[Customizing the Self-Service Portal for Your Organization](customizing-the-self-service-portal-for-your-organization.md) - -[Validating the MBAM 2.5 Server Feature Configuration](validating-the-mbam-25-server-feature-configuration.md) - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - diff --git a/mdop/mbam-v25/how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network.md b/mdop/mbam-v25/how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network.md deleted file mode 100644 index c187bc1e3c..0000000000 --- a/mdop/mbam-v25/how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network.md +++ /dev/null @@ -1,78 +0,0 @@ ---- -title: How to Configure the Self-Service Portal When Client Computers Cannot Access the Microsoft Content Delivery Network -description: How to Configure the Self-Service Portal When Client Computers Cannot Access the Microsoft Content Delivery Network -author: dansimp -ms.assetid: 90ee76db-9876-41b5-994a-118556d5ed3b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Configure the Self-Service Portal When Client Computers Cannot Access the Microsoft Content Delivery Network - - -Follow these instructions if the client computers in your organization do not have access to the Microsoft Ajax Content Delivery Network (CDN). - -**Why you need to configure this:** - -Your client computers need access to the CDN, which gives the Self-Service Portal the required access to certain JavaScript files. If you don’t configure the Self-Service Portal when client computers cannot access CDN, only the company name and the account under which the end user logs in will be displayed. No error message will be shown. - -**Note**   -In MBAM 2.5 SP1, the JavaScript files are included in the product, and you do not need to follow the instructions in this section to configure the SSP to support clients that cannot access the internet. - - - -**How to configure the Self-Service Portal when client computers cannot access the CDN** - -1. Download the following JavaScript files from the CDN: - - - [jQuery-1.10.2.min.js](https://go.microsoft.com/fwlink/?LinkID=390515) - - - [jQuery.validate.min.js](https://go.microsoft.com/fwlink/?LinkID=390516) - - - [jQuery.validate.unobtrusive.min.js](https://go.microsoft.com/fwlink/?LinkID=390517) - -2. Copy the JavaScript files to the **Scripts** directory of the Self-Service Portal. This directory is located in <MBAM Self-Service Install Directory>\\Self Service Website\\Scripts. - -3. Open Internet Information Services (IIS) Manager. - -4. Expand **Sites** > **Microsoft BitLocker Administration and Monitoring**, and highlight **SelfService**. - - **Note** - *SelfService* is the default virtual directory name. If you chose a different name for this directory during the configuration, remember to replace *SelfService* in these instructions with the name you chose. - - - -5. In the middle pane, double-click **Application Settings**. - -6. For each item in the following list, edit the application settings to reference the new location by replacing /<*virtual directory*>/ with /SelfService/ (or whatever name you chose during configuration). For example, the virtual directory path will be similar to /selfservice/Scripts/ jQuery-1.10.2.min.js. - - - jQueryPath: /<*virtual directory*>/Scripts/jQuery-1.10.2.min.js - - - jQueryValidatePath: /<*virtual directory*>/Scripts/jQuery.validate.min.js - - - jQueryValidateUnobtrusivePath: /<*virtual directory*>/Scripts/jQuery.validate.unobtrusive.min.js - - - -## Related topics - - -[How to Configure the MBAM 2.5 Web Applications](how-to-configure-the-mbam-25-web-applications.md) - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).  - - - - - diff --git a/mdop/mbam-v25/how-to-deploy-the-mbam-client-by-using-a-command-line.md b/mdop/mbam-v25/how-to-deploy-the-mbam-client-by-using-a-command-line.md deleted file mode 100644 index 27bfffcf2d..0000000000 --- a/mdop/mbam-v25/how-to-deploy-the-mbam-client-by-using-a-command-line.md +++ /dev/null @@ -1,94 +0,0 @@ ---- -title: How to Deploy the MBAM Client by Using a Command Line -description: How to Deploy the MBAM Client by Using a Command Line -author: dansimp -ms.assetid: ac1d4ffe-c26d-41c9-9737-a4f2b37fde24 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Deploy the MBAM Client by Using a Command Line - - -You can use a command line to deploy the Microsoft BitLocker Administration and Monitoring (MBAM) Client software. - -## Command Line to deploy the MBAM Client software - - -Type the following command at the command prompt to automatically accept the end user license agreement when deploying the MBAM Client software. - -**MBAMClientSetup.exe /acceptEula=Yes** - -**Note**   -The **/ju** and **/jm** command-line options are not supported and cannot be used to install the MBAM Client software. - - - -Type the following command at the command prompt to extract and install the MSP: - -**MBAMClientSetup.exe /extract <path to extract MSI> /acceptEula=Yes** - -Then, install the MSI silently by running the following command: - -**msiexec /i <path to extracted MSI> /qb ALLUSERS=1 REBOOT=ReallySuppress** - -**Note**   -Beginning in MBAM 2.5 SP1, a separate MSI is no longer included with the MBAM product. However, you can extract the MSI from the executable file (.exe) that is included with the product, after accepting the EULA. - - - -## OPTIN\_FOR\_MICROSOFT\_UPDATES=1 command-line option - - -You can optionally specify the command-line option `OPTIN_FOR_MICROSOFT_UPDATES=1` during the Client software installation to automatically install Microsoft Updates on client computers. Specifying this option makes Microsoft Update automatically start and search for available updates to install after the Client software installation finishes. - -You can use this command-line option with either of the following installation methods. - - ---- - - - - - - - - - - - - - - - - -
Install the MBAM Client software by usingExample

MBAMClientSetup.exe

MbamClientSetup.exe OPTIN_FOR_MICROSOFT_UPDATES=1

msiexec /i MBAMClient.msi

msiexec /i MBAMClient.msi OPTIN_FOR_MICROSOFT_UPDATES=1

- - - - -## Related topics - - -[Deploying the MBAM 2.5 Client](deploying-the-mbam-25-client.md) - - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - diff --git a/mdop/mbam-v25/how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-25.md b/mdop/mbam-v25/how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-25.md deleted file mode 100644 index 04cb113b89..0000000000 --- a/mdop/mbam-v25/how-to-deploy-the-mbam-client-to-desktop-or-laptop-computers-mbam-25.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: How to Deploy the MBAM Client to Desktop or Laptop Computers -description: How to Deploy the MBAM Client to Desktop or Laptop Computers -author: dansimp -ms.assetid: 3a7639e0-468e-4496-8be2-ed29b8e07c53 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Deploy the MBAM Client to Desktop or Laptop Computers - - -This topic explains how to deploy the MBAM Client to end users’ computers. You can deploy the MBAM Client through an electronic software distribution system, such as Active Directory Domain Services or Microsoft System Center Configuration Manager. - -To deploy the MBAM Client as part of a Windows deployment, see [How to Enable BitLocker by Using MBAM as Part of a Windows Deployment](how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md). - -Before you start the MBAM Client deployment, review the [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md). - -**To deploy the MBAM Client to desktop or laptop computers** - -1. Locate the MBAM Client installation files that are provided with the MBAM software. - -2. Use Active Directory Domain Services or an enterprise software deployment tool like Microsoft System Center Configuration Manager to deploy the Windows Installer package to target computers. - -3. Configure the distribution settings or Group Policy settings to run the MBAM Client installation file. - - After successful installation, the MBAM Client applies the Group Policy settings that are received from a domain controller to begin BitLocker Drive Encryption and management functions. - - **Important**   - The MBAM Client does not start BitLocker Drive Encryption actions if a remote desktop protocol connection is active. All remote console connections must be closed and a user must be logged on to a physical console session before BitLocker Drive Encryption begins. - - - - -## Related topics -[Deploying the MBAM 2.5 Client](deploying-the-mbam-25-client.md) - -[Planning for MBAM 2.5 Client Deployment](planning-for-mbam-25-client-deployment.md) - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).  - - - - - diff --git a/mdop/mbam-v25/how-to-determine-bitlocker-encryption-state-of-lost-computers-mbam-25.md b/mdop/mbam-v25/how-to-determine-bitlocker-encryption-state-of-lost-computers-mbam-25.md deleted file mode 100644 index 58fc45a61e..0000000000 --- a/mdop/mbam-v25/how-to-determine-bitlocker-encryption-state-of-lost-computers-mbam-25.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: How to Determine BitLocker Encryption State of Lost Computers -description: How to Determine BitLocker Encryption State of Lost Computers -author: dansimp -ms.assetid: 4f4bec1b-df3e-40ee-b431-291440268d64 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Determine BitLocker Encryption State of Lost Computers - - -Use this procedure with the Administration and Monitoring Website to determine the following: - -- The last known BitLocker encryption status of lost or stolen computers - -- Whether the volumes on a lost or stolen computer were encrypted - -To complete this task, you need access to the **Reports** area of the Administration and Monitoring Website. To get access to this area, you must be assigned the MBAM Report Users role. You may have given these roles different names when you created them. For more information, see [Planning for MBAM 2.5 Groups and Accounts](planning-for-mbam-25-groups-and-accounts.md#bkmk-helpdesk-roles). - -**Note**   -Device compliance is determined by the BitLocker policies that your enterprise has deployed. You may want to verify your deployed policies before you try to determine the BitLocker encryption state of a device. - - - -**To determine the last known BitLocker encryption state of lost computers** - -1. Open a web browser and navigate to the **Administration and Monitoring Website**. - -2. In the left pane, select **Reports** to open the Reports page. - -3. Select the **Computer Compliance Report**. - -4. Use the filter fields in the right pane to narrow the search results, and then click **Search**. Results are shown under your search query. - -5. Take the appropriate action, as determined by your policy for lost devices. - - - -## Related topics - - -[Performing BitLocker Management with MBAM 2.5](performing-bitlocker-management-with-mbam-25.md) - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - - diff --git a/mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md b/mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md deleted file mode 100644 index 1eacd30123..0000000000 --- a/mdop/mbam-v25/how-to-enable-bitlocker-by-using-mbam-as-part-of-a-windows-deploymentmbam-25.md +++ /dev/null @@ -1,336 +0,0 @@ ---- -title: How to Enable BitLocker by Using MBAM as Part of a Windows Deployment -description: How to Enable BitLocker by Using MBAM as Part of a Windows Deployment -author: dansimp -ms.assetid: 7609ad7a-bb06-47be-b186-0a2db787c8a5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 04/23/2017 ---- - - -# How to Enable BitLocker by Using MBAM as Part of a Windows Deployment - - -This topic explains how to enable BitLocker on an end user's computer by using MBAM as part of your Windows imaging and deployment process. If you see a black screen at restart (after Install phase concludes) indicating that the drive cannot be unlocked, see [Earlier Windows versions don't start after "Setup Windows and Configuration Manager" step if Pre-Provision BitLocker is used with Windows 10, version 1511](https://support.microsoft.com/en-us/help/4494799/earlier-windows-versions-don-t-start-after-you-use-pre-provision-bitlo). - -**Prerequisites:** - -- An existing Windows image deployment process – Microsoft Deployment Toolkit (MDT), Microsoft System Center Configuration Manager, or some other imaging tool or process – must be in place - -- TPM must be enabled in the BIOS and visible to the OS - -- MBAM server infrastructure must be in place and accessible - -- The system partition required by BitLocker must be created - -- The machine must be domain joined during imaging before MBAM fully enables BitLocker - -**To enable BitLocker using MBAM 2.5 SP1 as part of a Windows deployment** - -1. In MBAM 2.5 SP1, the recommended approach to enable BitLocker during a Windows Deployment is by using the `Invoke-MbamClientDeployment.ps1` PowerShell script. - - - The `Invoke-MbamClientDeployment.ps1` script enacts BitLocker during the imaging process. When required by BitLocker policy, the MBAM agent immediately prompts the domain user to create a PIN or password when the domain user first logs on after imaging. - - - Easy to use with MDT, System Center Configuration Manager, or standalone imaging processes - - - Compatible with PowerShell 2.0 or higher - - - Encrypt OS volume with TPM key protector - - - Fully support BitLocker pre-provisioning - - - Optionally encrypt FDDs - - - Escrow TPM OwnerAuth - For Windows 7, MBAM must own the TPM for escrow to occur. - For Windows 8.1, Windows 10 RTM and Windows 10 version 1511, escrow of TPM OwnerAuth is supported. - For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](https://docs.microsoft.com/windows/security/hardware-protection/tpm/change-the-tpm-owner-password) for further details. - - - Escrow recovery keys and recovery key packages - - - Report encryption status immediately - - - New WMI providers - - - Detailed logging - - - Robust error handling - - You can download the `Invoke-MbamClientDeployment.ps1` script from [Microsoft.com Download Center](https://www.microsoft.com/download/details.aspx?id=54439). This is the main script that your deployment system will call to configure BitLocker drive encryption and record recovery keys with the MBAM Server. - - **WMI deployment methods for MBAM:** The following WMI methods have been added in MBAM 2.5 SP1 to support enabling BitLocker by using the `Invoke-MbamClientDeployment.ps1` PowerShell script. - - **MBAM\_Machine WMI Class** - **PrepareTpmAndEscrowOwnerAuth:** Reads the TPM OwnerAuth and sends it to the MBAM recovery database by using the MBAM recovery service. If the TPM is not owned and auto-provisioning is not on, it generates a TPM OwnerAuth and takes ownership. If it fails, an error code is returned for troubleshooting. - - **Note** For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](https://docs.microsoft.com/windows/security/hardware-protection/tpm/change-the-tpm-owner-password) for further details. - -| Parameter | Description | -| -------- | ----------- | -| RecoveryServiceEndPoint | A string specifying the MBAM recovery service endpoint. | - -Here are a list of common error messages: - -| Common return values | Error message | -| -------------------- | ------------- | -| **S_OK**
0 (0x0) | The method was successful. | -| **MBAM_E_TPM_NOT_PRESENT**
2147746304 (0x80040200) | TPM is not present in the computer or is disabled in the BIOS configuration. | -| **MBAM_E_TPM_INCORRECT_STATE**
2147746305 (0x80040201) | TPM is not in the correct state (enabled, activated and owner installation allowed). | -| **MBAM_E_TPM_AUTO_PROVISIONING_PENDING**
2147746306 (0x80040202) | MBAM cannot take ownership of TPM because auto-provisioning is pending. Try again after auto-provisioning is completed. | -| **MBAM_E_TPM_OWNERAUTH_READFAIL**
2147746307 (0x80040203) | MBAM cannot read the TPM owner authorization value. The value might have been removed after a successful escrow. On Windows 7, MBAM cannot read the value if the TPM is owned by others. | -| **MBAM_E_REBOOT_REQUIRED**
2147746308 (0x80040204) | The computer must be restarted to set TPM to the correct state. You might need to manually reboot the computer. | -| **MBAM_E_SHUTDOWN_REQUIRED**
2147746309 (0x80040205) | The computer must be shut down and turned back on to set TPM to the correct state. You might need to manually reboot the computer. | -| **WS_E_ENDPOINT_ACCESS_DENIED**
2151481349 (0x803D0005) | Access was denied by the remote endpoint. | -| **WS_E_ENDPOINT_NOT_FOUND**
2151481357 (0x803D000D) | The remote endpoint does not exist or could not be located. | -| **WS_E_ENDPOINT_FAILURE
2151481357 (0x803D000F) | The remote endpoint could not process the request. | -| **WS_E_ENDPOINT_UNREACHABLE**
2151481360 (0x803D0010) | The remote endpoint was not reachable. | -| **WS_E_ENDPOINT_FAULT_RECEIVED**
2151481363 (0x803D0013) | A message containing a fault was received from the remote endpoint. Make sure you are connecting to the correct service endpoint. | -| **WS_E_INVALID_ENDPOINT_URL** 2151481376 (0x803D0020) | The endpoint address URL is not valid. The URL must start with “http” or “https”. | - - **ReportStatus:** Reads the compliance status of the volume and sends it to the MBAM compliance status database by using the MBAM status reporting service. The status includes cipher strength, protector type, protector state and encryption state. If it fails, an error code is returned for troubleshooting. - - | Parameter | Description | - | --------- | ----------- | - | ReportingServiceEndPoint | A string specifying the MBAM status reporting service endpoint. | - - Here are a list of common error messages: - - | Common return values | Error message | - | -------------------- | ------------- | - | **S_OK**
0 (0x0) | The method was successful | - | **WS_E_ENDPOINT_ACCESS_DENIED**
2151481349 (0x803D0005) | Access was denied by the remote endpoint.| - | **WS_E_ENDPOINT_NOT_FOUND**
2151481357 (0x803D000D) | The remote endpoint does not exist or could not be located. | - | **WS_E_ENDPOINT_FAILURE**
2151481357 (0x803D000F) | The remote endpoint could not process the request. | - | **WS_E_ENDPOINT_UNREACHABLE**
2151481360 (0x803D0010) | The remote endpoint was not reachable. | - | **WS_E_ENDPOINT_FAULT_RECEIVED**
2151481363 (0x803D0013) | A message containing a fault was received from the remote endpoint. Make sure you are connecting to the correct service endpoint. | - | **WS_E_INVALID_ENDPOINT_URL**
2151481376 (0x803D0020) | The endpoint address URL is not valid. The URL must start with “http” or “https”. | - - **MBAM\_Volume WMI Class** - **EscrowRecoveryKey:** Reads the recovery numerical password and key package of the volume and sends them to the MBAM recovery database by using the MBAM recovery service. If it fails, an error code is returned for troubleshooting. - - | Parameter | Description | - | --------- | ----------- | - | RecoveryServiceEndPoint | A string specifying the MBAM recovery service endpoint. | - - Here are a list of common error messages: - - | Common return values | Error message | - | -------------------- | ------------- | - | **S_OK**
0 (0x0) | The method was successful | - | **FVE_E_LOCKED_VOLUME**
2150694912 (0x80310000) | The volume is locked. | - | **FVE_E_PROTECTOR_NOT_FOUND**
2150694963 (0x80310033) | A Numerical Password protector was not found for the volume. | - | **WS_E_ENDPOINT_ACCESS_DENIED**
2151481349 (0x803D0005) | Access was denied by the remote endpoint. | - | **WS_E_ENDPOINT_NOT_FOUND**
2151481357 (0x803D000D) | The remote endpoint does not exist or could not be located. | - | **WS_E_ENDPOINT_FAILURE**
2151481357 (0x803D000F) | The remote endpoint could not process the request. | - | **WS_E_ENDPOINT_UNREACHABLE**
2151481360 (0x803D0010) | The remote endpoint was not reachable. | - | **WS_E_ENDPOINT_FAULT_RECEIVED**
2151481363 (0x803D0013) | A message containing a fault was received from the remote endpoint. Make sure you are connecting to the correct service endpoint. | - | **WS_E_INVALID_ENDPOINT_URL**
2151481376 (0x803D0020) | The endpoint address URL is not valid. The URL must start with “http” or “https”. | - - -2. **Deploy MBAM by using Microsoft Deployment Toolkit (MDT) and PowerShell** - - 1. In MDT, create a new deployment share or open an existing deployment share. - - **Note** - The `Invoke-MbamClientDeployment.ps1` PowerShell script can be used with any imaging process or tool. This section shows how to integrate it by using MDT, but the steps are similar to integrating it with any other process or tool. - - **Caution** - If you are using BitLocker pre-provisioning (WinPE) and want to maintain the TPM owner authorization value, you must add the `SaveWinPETpmOwnerAuth.wsf` script in WinPE immediately before the installation reboots into the full operating system. **If you do not use this script, you will lose the TPM owner authorization value on reboot.** - - 2. Copy `Invoke-MbamClientDeployment.ps1` to **<DeploymentShare>\\Scripts**. If you are using pre-provisioning, copy the `SaveWinPETpmOwnerAuth.wsf` file into **<DeploymentShare>\\Scripts**. - - 3. Add the MBAM 2.5 SP1 client application to the Applications node in the deployment share. - - 1. Under the **Applications** node, click **New Application**. - - 2. Select **Application with Source Files**. Click **Next**. - - 3. In **Application Name**, type “MBAM 2.5 SP1 Client”. Click **Next**. - - 4. Browse to the directory containing `MBAMClientSetup-.msi`. Click **Next**. - - 5. Type “MBAM 2.5 SP1 Client” as the directory to create. Click **Next**. - - 6. Enter `msiexec /i MBAMClientSetup-.msi /quiet` at the command line. Click **Next**. - - 7. Accept the remaining defaults to complete the New Application wizard. - - 4. In MDT, right-click the name of the deployment share and click **Properties**. Click the **Rules** tab. Add the following lines: - - `SkipBitLocker=YES``BDEInstall=TPM``BDEInstallSuppress=NO``BDEWaitForEncryption=YES` - - Click OK to close the window. - - 5. Under the Task Sequences node, edit an existing task sequence used for Windows Deployment. If you want, you can create a new task sequence by right-clicking the **Task Sequences** node, selecting **New Task Sequence**, and completing the wizard. - - On the **Task Sequence** tab of the selected task sequence, perform these steps: - - 1. Under the **Preinstall** folder, enable the optional task **Enable BitLocker (Offline)** if you want BitLocker enabled in WinPE, which encrypts used space only. - - 2. To persist TPM OwnerAuth when using pre-provisioning, allowing MBAM to escrow it later, do the following: - - 1. Find the **Install Operating System** step - - 2. Add a new **Run Command Line** step after it - - 3. Name the step **Persist TPM OwnerAuth** - - 4. Set the command line to `cscript.exe "%SCRIPTROOT%/SaveWinPETpmOwnerAuth.wsf"` - **Note:** For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](https://docs.microsoft.com/windows/security/hardware-protection/tpm/change-the-tpm-owner-password) for further details. - - 3. In the **State Restore** folder, delete the **Enable BitLocker** task. - - 4. In the **State Restore** folder under **Custom Tasks**, create a new **Install Application** task and name it **Install MBAM Agent**. Click the **Install Single Application** radio button and browse to the MBAM 2.5 SP1 client application created earlier. - - 5. In the **State Restore** folder under **Custom Tasks**, create a new **Run PowerShell Script** task (after the MBAM 2.5 SP1 Client application step) with the following settings (update the parameters as appropriate for your environment): - - - Name: Configure BitLocker for MBAM - - - PowerShell script: `Invoke-MbamClientDeployment.ps1` - - - Parameters: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

-RecoveryServiceEndpoint

Required

MBAM recovery service endpoint

-StatusReportingServiceEndpoint

Optional

MBAM status reporting service endpoint

-EncryptionMethod

Optional

Encryption method (default: AES 128)

-EncryptAndEscrowDataVolume

Switch

Specify to encrypt data volume(s) and escrow data volume recovery key(s)

-WaitForEncryptionToComplete

Switch

Specify to wait for the encryption to complete

-DoNotResumeSuspendedEncryption

Switch

Specify that the deployment script will not resume suspended encryption

-IgnoreEscrowOwnerAuthFailure

Switch

Specify to ignore TPM owner-auth escrow failure. It should be used in the scenarios where MBAM is not able to read the TPM owner-auth, e.g. if TPM auto provisioning is enabled

-IgnoreEscrowRecoveryKeyFailure

Switch

Specify to ignore volume recovery key escrow failure

-IgnoreReportStatusFailure

Switch

Specify to ignore status reporting failure

- - - -**To enable BitLocker using MBAM 2.5 or earlier as part of a Windows deployment** - -1. Install the MBAM Client. For instructions, see [How to Deploy the MBAM Client by Using a Command Line](how-to-deploy-the-mbam-client-by-using-a-command-line.md). - -2. Join the computer to a domain (recommended). - - - If the computer is not joined to a domain, the recovery password is not stored in the MBAM Key Recovery service. By default, MBAM does not allow encryption to occur unless the recovery key can be stored. - - - If a computer starts in recovery mode before the recovery key is stored on the MBAM Server, no recovery method is available, and the computer has to be reimaged. - -3. Open a command prompt as an administrator, and stop the MBAM service. - -4. Set the service to **Manual** or **On demand** by typing the following commands: - - **net stop mbamagent** - - **sc config mbamagent start= demand** - -5. Set the registry values so that the MBAM Client ignores the Group Policy settings and instead sets encryption to start the time Windows is deployed to that client computer. - - **Caution**   - This step describes how to modify the Windows registry. Using Registry Editor incorrectly can cause serious issues that can require you to reinstall Windows. We cannot guarantee that issues resulting from the incorrect use of Registry Editor can be resolved. Use Registry Editor at your own risk. - - 1. Set the TPM for **Operating system only encryption**, run Regedit.exe, and then import the registry key template from C:\\Program Files\\Microsoft\\MDOP MBAM\\MBAMDeploymentKeyTemplate.reg. - - 2. In Regedit.exe, go to HKLM\\SOFTWARE\\Microsoft\\MBAM, and configure the settings that are listed in the following table. - - **Note**   - You can set Group Policy settings or registry values related to MBAM here. These settings will override previously set values. - - Registry entry - Configuration settings - - DeploymentTime - - 0 = Off - - 1 = Use deployment time policy settings (default) – use this setting to enable encryption at the time Windows is deployed to the client computer. - - UseKeyRecoveryService - - 0 = Do not use key escrow (the next two registry entries are not required in this case) - - 1 = Use key escrow in Key Recovery system (default) - - This is the recommended setting, which enables MBAM to store the recovery keys. The computer must be able to communicate with the MBAM Key Recovery service. Verify that the computer can communicate with the service before you proceed. - - KeyRecoveryOptions - - 0 = Uploads Recovery Key only - - 1 = Uploads Recovery Key and Key Recovery Package (default) - - KeyRecoveryServiceEndPoint - - Set this value to the URL for the server running the Key Recovery service, for example, http://<computer name>/MBAMRecoveryAndHardwareService/CoreService.svc. - - -6. The MBAM Client will restart the system during the MBAM Client deployment. When you are ready for this restart, run the following command at a command prompt as an administrator: - - **net start mbamagent** - -7. When the computers restarts, and the BIOS prompts you, accept the TPM change. - -8. During the Windows client operating system imaging process, when you are ready to start encryption, open a command prompt as an administrator, and type the following commands to set the start to **Automatic** and to restart the MBAM Client agent: - - **sc config mbamagent start= auto** - - **net start mbamagent** - -9. To delete the bypass registry values, run Regedit.exe, and go to the HKLM\\SOFTWARE\\Microsoft registry entry. Right-click the **MBAM** node, and then click **Delete**. - -## Related topics - -[Deploying the MBAM 2.5 Client](deploying-the-mbam-25-client.md) - -[Planning for MBAM 2.5 Client Deployment](planning-for-mbam-25-client-deployment.md) - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). diff --git a/mdop/mbam-v25/how-to-localize-the-helpdesktext-statement-that-points-users-to-more-self-service-portal-information.md b/mdop/mbam-v25/how-to-localize-the-helpdesktext-statement-that-points-users-to-more-self-service-portal-information.md deleted file mode 100644 index ff06699bd3..0000000000 --- a/mdop/mbam-v25/how-to-localize-the-helpdesktext-statement-that-points-users-to-more-self-service-portal-information.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: How to Localize the “HelpdeskText” Statement that Points Users to More Self-Service Portal Information -description: How to Localize the “HelpdeskText” Statement that Points Users to More Self-Service Portal Information -author: dansimp -ms.assetid: 09ba2a07-3186-45d9-adef-4034c70ae7cf -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Localize the “HelpdeskText” Statement that Points Users to More Self-Service Portal Information - - -You can configure a localized version of the Self-Service Portal "HelpdeskText" statement, which informs end users about how to get additional help when they are using the Self-Service Portal. If you configure localized text for the statement, as described in the following instructions, MBAM displays the localized version. If MBAM does not find the localized version, it displays the value that is in the **HelpdeskText** parameter. - -**Note**   -In the following instructions, *SelfService* is the default virtual directory name for the Self-Service Portal. You might have used a different name when you configured the Self-Service Portal. - - - -**To display a localized version of the HelpdeskText statement** - -1. On the server where you configured the Self-Service Portal, browse to **Sites** > **Microsoft BitLocker Administration and Monitoring** > **SelfService** > **Application Settings**. - -2. In the **Actions** pane, click **Add** to open the **Add Application Setting** dialog box. - -3. In the **Name** field, type **HelpdeskText**\_<*Language*>, where <*Language*> is the appropriate language code for the text. - - For example, to create a localized HelpdeskText statement in Spanish, name the parameter **HelpdeskText\_es-es**. - - The name of the Language folder can also be the language neutral name **es** instead of **es-es**. If the end user’s browser is set to **es-es** and that folder does not exist, the parent locale (as defined in .NET) is recursively retrieved and checked, resolving to <MBAM Self-Service Install Directory>\\SelfServiceWebsite\\es\\Notice.txt before finally becoming the default Notice.txt file. This recursive fallback mimics the .NET resource loading rules. - - For a list of the valid language codes you can use, see [National Language Support (NLS) API Reference](https://go.microsoft.com/fwlink/?LinkId=317947). - -4. In the **Value** field, type the localized text that you want to display to end users. - - - -## Related topics - - -[Customizing the Self-Service Portal for Your Organization](customizing-the-self-service-portal-for-your-organization.md) - - - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - diff --git a/mdop/mbam-v25/how-to-localize-the-self-service-portal-helpdeskurl.md b/mdop/mbam-v25/how-to-localize-the-self-service-portal-helpdeskurl.md deleted file mode 100644 index 39f6b21718..0000000000 --- a/mdop/mbam-v25/how-to-localize-the-self-service-portal-helpdeskurl.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: How to Localize the Self-Service Portal “HelpdeskURL” -description: How to Localize the Self-Service Portal “HelpdeskURL” -author: dansimp -ms.assetid: 86798460-077b-459b-8d54-4b605e07d2f1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Localize the Self-Service Portal “HelpdeskURL” - - -You can configure a localized version of the Self-Service Portal URL to display to end users by default. The Self-Service Portal URL is represented by the parameter **HelpdeskURL**. - -If you create a localized version, as described in the following instructions, Microsoft BitLocker Administration and Monitoring (MBAM) finds and displays the localized version. If MBAM does not find a localized version, it displays the URL that is configured for the parameter **HelpDeskURL**. - -**Note**   -In the following instructions, *SelfService* is the default virtual directory name for the Self-Service Portal. You might have used a different name when you configured the Self-Service Portal. - - - -**To localize the Self-Service Portal URL** - -1. On the server where you configured the Self-Service Portal, browse to **Sites** > **Microsoft BitLocker Administration and Monitoring** > **SelfService** > **Application Settings**. - -2. In the **Actions** pane, click **Add** to open the **Add Application Setting** dialog box. - -3. In the **Name** field, type **HelpdeskURL**\_<*Language*>, where <*Language*> is the appropriate language code for the URL. - - For example, to create a localized version of the `HelpdeskURL` value in Spanish, name the parameter **HelpdeskURL\_es-es**. - - The name of the Language folder can also be the language neutral name **es** instead of **es-es**. If the end user’s browser is set to **es-es** and that folder does not exist, the parent locale (as defined in .NET) is recursively retrieved and checked, resolving to <MBAM Self-Service Install Directory>\\SelfServiceWebsite\\es\\Notice.txt before finally becoming the default Notice.txt file. This recursive fallback mimics the .NET resource loading rules. - - For a list of the valid language codes you can use, see [National Language Support (NLS) API Reference](https://go.microsoft.com/fwlink/?LinkId=317947). - -4. In the **Value** field, type the localized version of the `HelpdeskURL` value that you want to display to end users. - - - -## Related topics - - -[Customizing the Self-Service Portal for Your Organization](customizing-the-self-service-portal-for-your-organization.md) - - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - diff --git a/mdop/mbam-v25/how-to-localize-the-self-service-portal-notice-text.md b/mdop/mbam-v25/how-to-localize-the-self-service-portal-notice-text.md deleted file mode 100644 index 65d97745b3..0000000000 --- a/mdop/mbam-v25/how-to-localize-the-self-service-portal-notice-text.md +++ /dev/null @@ -1,83 +0,0 @@ ---- -title: How to Localize the Self-Service Portal Notice Text -description: How to Localize the Self-Service Portal Notice Text -author: dansimp -ms.assetid: a4c878b7-e5c8-45af-a537-761bb2991659 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Localize the Self-Service Portal Notice Text - - -You can configure localized notice text to display to end users by default in the Self-Service Portal. The Notice.txt file that displays the notice text is in the following root directory: - -<*MBAM Self-Service Install Directory*>\\Self Service Website\\ - -To display localized notice text, you create a localized Notice.txt file, and then save it under a specific language folder in the following example directory: - -<*MBAM Self-Service Install Directory*>\\Self Service Website\\ - -**Note**   -You can configure the path by using the **NoticeTextPath** item in **Application Settings**. - - - -MBAM displays the notice text, based on the following rules: - -- If you create a localized **Notice.txt** file in the appropriate language folder, MBAM displays the localized notice text if the default **Notice.txt** file exists. If the default **Notice.txt** file is missing, a message displays indicating that the default file is missing. - -- If MBAM does not find a localized version of the Notice.txt file, it displays the text in the default Notice.txt file. - -- If MBAM does not find a default Notice.txt file, it displays the default text in the Self-Service Portal. - -**Note**   -If an end user’s browser is set to a language that does not have a corresponding language subfolder or Notice.txt, the text in the Notice.txt file in the following root directory is displayed: - -<*MBAM Self-Service Install Directory*>\\Self Service Website\\ - - - -**To create a localized Notice.txt file** - -1. On the server where you configured the Self-Service Portal, create a <*Language*> folder in the following example directory, where <*Language*> represents the name of the localized language: - - <*MBAM Self-Service Install Directory*>\\Self Service Website\\ - - **Note**   - Some language folders already exist, so you might not have to create a folder. If you do have to create a language folder, see [National Language Support (NLS) API Reference](https://go.microsoft.com/fwlink/?LinkId=317947) for a list of the valid names that you can use for the <*Language*> folder. - - - -2. Create a Notice.txt file that contains the localized notice text. - -3. Save the Notice.txt file in the <*Language*> folder. For example, to create a localized Notice.txt file in Spanish, save the localized Notice.txt file in the following example directory: - - <*MBAM Self-Service Install Directory*>\\Self Service Website\\Es-es - - The name of the Language folder can also be the language neutral name **es** instead of **es-es**. If the end user’s browser is set to **es-es** and that folder does not exist, the parent locale (as defined in .NET) is recursively retrieved and checked, resolving to <MBAM Self-Service Install Directory>\\SelfServiceWebsite\\es\\Notice.txt before finally becoming the default Notice.txt file. This recursive fallback mimics the .NET resource loading rules. - - - -## Related topics - - -[Customizing the Self-Service Portal for Your Organization](customizing-the-self-service-portal-for-your-organization.md) - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).  - - - - - diff --git a/mdop/mbam-v25/how-to-manage-user-bitlocker-encryption-exemptions-mbam-25.md b/mdop/mbam-v25/how-to-manage-user-bitlocker-encryption-exemptions-mbam-25.md deleted file mode 100644 index 5cb63887d0..0000000000 --- a/mdop/mbam-v25/how-to-manage-user-bitlocker-encryption-exemptions-mbam-25.md +++ /dev/null @@ -1,166 +0,0 @@ ---- -title: How to Manage User BitLocker Encryption Exemptions -description: How to Manage User BitLocker Encryption Exemptions -author: dansimp -ms.assetid: f582ab82-5bb5-4cd3-ad7c-483240533cf9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Manage User BitLocker Encryption Exemptions - - -Microsoft BitLocker Administration and Monitoring (MBAM) enables you to exempt users from BitLocker Drive Encryption requirements. - -To exempt users from BitLocker protection, you have to: - - ---- - - - - - - - - - - - - - - - - -
TaskDetails

Create an infrastructure to support exempted users.

Examples of this infrastructure include providing users with a contact telephone number, webpage, or mailing address that they can use to request an exemption.

Add the exempted user to a security group for a Group Policy Object that is configured specifically for exempted users.

When members of this security group sign in to a computer, the user’s Group Policy setting exempts the user from BitLocker protection. The user’s Group Policy setting overwrites the computer policy, and the computer will remain exempt from BitLocker encryption.

-
-Note

MBAM does not enact the encryption policy if the computer is already BitLocker-protected and the user is exempted. However, if another user who is not exempt from the encryption policy signs in to the computer, encryption will take place.

-
-
- -
- - - -The following steps describe what occurs when end users request an exemption from the BitLocker Drive Encryption exemption process through the MBAM Client or through whatever process your organization uses. You must configure MBAM Group Policy settings to allow end users to request an exemption from BitLocker Drive Encryption. - -1. When end users sign in to a computer that is required to be encrypted, they receive a notification that their computer is going to be encrypted. They can select **Request Exemption** and postpone the encryption by selecting **Postpone**, or they can select **Start Encryption** to accept the BitLocker encryption. - - **Note** - Selecting **Request Exemption** postpones the BitLocker protection until the maximum time that is set in the User Exemption Policy. - - - -2. If end users select **Request Exemption**, they receive a notification telling them to contact the organization’s BitLocker administration group. Depending on how the **Configure User Exemption Policy** is configured, users are provided with one or more of the following contact methods: - - - Phone number - - - Webpage URL - - - Mailing address - -3. After the exemption request is received, the MBAM administrator decides whether to add the user to the BitLocker Exemption Active Directory Domain Services (AD DS) group. - -4. After an end user submits an exemption request, the MBAM Client reports the user as “Temporarily exempt.” The Client then waits a specified number of days, which IT administrators configure, before it checks the computer’s compliance again. If the MBAM administrator rejects the exemption request, the exemption request option is deactivated, which prevents the user from requesting the exemption again. - -Microsoft BitLocker Administration and Monitoring (MBAM) enables you to exempt users from BitLocker Drive Encryption requirements. - -To exempt users from BitLocker protection, you have to: - - ---- - - - - - - - - - - - - - - - - -
TaskDetails

Create an infrastructure to support exempted users.

Examples of this infrastructure include providing users with a contact telephone number, webpage, or mailing address that they can use to request an exemption.

Add the exempted user to a security group for a Group Policy Object that is configured specifically for exempted users.

When members of this security group sign in to a computer, the user’s Group Policy setting exempts the user from BitLocker protection. The user’s Group Policy setting overwrites the computer policy, and the computer will remain exempt from BitLocker encryption.

-
-Note

If the computer is already BitLocker-protected, the User Exemption Policy has no effect. In addition, if another user signs in to a computer that is not exempt from the encryption policy, encryption will take place.

-
-
- -
- - - -The following steps describe what occurs when end users request an exemption from the BitLocker Drive Encryption exemption process through the MBAM Client or through whatever process your organization uses. You must configure MBAM Group Policy settings to allow end users to request an exemption from BitLocker Drive Encryption. - -1. When end users sign in to a computer that is required to be encrypted, they receive a notification that their computer is going to be encrypted. They can select **Request Exemption** and postpone the encryption by selecting **Postpone**, or they can select **Start Encryption** to accept the BitLocker encryption. - - **Note** - Selecting **Request Exemption** postpones the BitLocker protection until the maximum time that is set in the User Exemption Policy. - - - -2. If end users select **Request Exemption**, they receive a notification telling them to contact the organization’s BitLocker administration group. Depending on how the **Configure User Exemption Policy** is configured, users are provided with one or more of the following contact methods: - - - Phone number - - - Webpage URL - - - Mailing address - -3. After the exemption request is received, the MBAM administrator decides whether to add the user to the BitLocker Exemption Active Directory Domain Services (AD DS) group. - -4. After an end user submits an exemption request, the MBAM Client reports the user as “Temporarily exempt.” The Client then waits a specified number of days, which IT administrators configure, before it checks the computer’s compliance again. If the MBAM administrator rejects the exemption request, the exemption request option is deactivated, which prevents the user from requesting the exemption again. - -**To exempt a user from BitLocker Drive Encryption** - -1. Create an AD DS security group that will be used to manage user exemptions from BitLocker encryption requirements. - -2. Create a Group Policy Object by using the Microsoft BitLocker Administration and Monitoring Group Policy Templates. - -3. Associate the Group Policy Object with the AD DS group that you created in the previous step. The policy settings to exempt users are located at: **UserConfiguration** > **Administrative Templates** > **Windows Components** > **MDOP MBAM (BitLocker Management)**. - -4. To the security group you created for BitLocker exempted users, add the names of the users who are requesting an exemption. - - When a user signs in to a computer controlled by BitLocker, the MBAM Client checks the User Exemption Policy setting. If the computer is already encrypted, BitLocker protection is not suspended. If the computer is not encrypted, MBAM does not prompt the user to encrypt. - - **Important** - Shared computer scenarios require special consideration when you are using BitLocker user exemptions. If a non-exempt user signs in to a computer that is shared with an exempt user, the computer may be encrypted. - - - - -## Related topics - - -[Administering MBAM 2.5 Features](administering-mbam-25-features.md) - -[Planning for MBAM 2.5 Group Policy Requirements](planning-for-mbam-25-group-policy-requirements.md) - - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - diff --git a/mdop/mbam-v25/how-to-move-the-mbam-25-databases.md b/mdop/mbam-v25/how-to-move-the-mbam-25-databases.md deleted file mode 100644 index 2500ec0e02..0000000000 --- a/mdop/mbam-v25/how-to-move-the-mbam-25-databases.md +++ /dev/null @@ -1,497 +0,0 @@ ---- -title: How to Move the MBAM 2.5 Databases -description: How to Move the MBAM 2.5 Databases -author: dansimp -ms.assetid: 34b46f2d-0add-4377-8e4e-04b628fdfcf1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/15/2018 ---- - -# How to Move the MBAM 2.5 Databases - -Use these procedures to move the following databases from one computer to another; from Server A to Server B, for example: - -- Compliance and Audit Database - -- Recovery Database - ->[!NOTE] ->It is important that the databases be restored to Machine B PRIOR to running the MBAM Configuration Wizard to update/configure them. - -If the databases are NOT present, the Configuration Wizard creates NEW, empty, databases. When your existing databases are then restored, this process will break the MBAM configuration. - -Restore the databases FIRST, then run the MBAM Configuration Wizard, choose the database option, and the Configuration Wizard will “connect” to the databases you restored; upgrading them if needed as part of the process. - -**If you are moving multiple features, move them in the following order:** - -1. Recovery Database - -2. Compliance and Audit Database - -3. Reports - -4. Administration and Monitoring Website - -5. Self-Service Portal - ->[!Note] ->To run the example Windows PowerShell scripts provided in this topic, you must update the Windows PowerShell execution policy to enable scripts to be run. See [Running Windows PowerShell Scripts](https://technet.microsoft.com/library/ee176949.aspx) for instructions. - -## Move the Recovery Database - -The high-level steps for moving the Recovery Database are: - -1. Stop all instances of the MBAM Administration and Monitoring Website - -2. Back up the Recovery Database on Server A - -3. Move the Recovery Database from Server A to Server B - -4. Restore the Recovery Database on Server B - -5. Configure access to the Database on Server B and update connection data - -6. Install MBAM Server software and run the MBAM Server Configuration wizard on Server B - -7. Resume the instance of the Administration and Monitoring Website - -### How to move the Recovery Database - -**Stop all instances of the MBAM Administration and Monitoring Website.** On each server that is running the MBAM Administration and Monitoring Server Website, use the Internet Information Services (IIS) Manager console to stop the Administration and Monitoring Website. - -To automate this procedure, you can use Windows PowerShell to enter a command that is similar to the following: - -```powershell -Stop-Website "Microsoft BitLocker Administration and Monitoring" -``` - ->[!NOTE] ->To run this command, you must add the Internet Information Services (IIS) module for Windows PowerShell to the current instance of Windows PowerShell. - -### Back up the Recovery Database on Server A - -1. Use the **Back Up** task in SQL Server Management Studio to back up the Recovery Database on Server A. By default, the database name is **MBAM Recovery Database**. - -2. To automate this procedure, create a SQL file (.sql) that contains the following SQL script, and change the MBAM Recovery Database to use the full recovery mode: - - ``` - USE master; - - GO - - ALTER DATABASE "MBAM Recovery and Hardware" - - SET RECOVERY FULL; - - GO - - -- Create MBAM Recovery Database Data and MBAM Recovery logical backup devices. - - USE master - - GO - - EXEC sp_addumpdevice 'disk', 'MBAM Recovery and Hardware Database Data Device', - - 'Z:\MBAM Recovery Database Data.bak'; - - GO - - -- Back up the full MBAM Recovery Database. - - BACKUP DATABASE [MBAM Recovery and Hardware] TO [MBAM Recovery and Hardware Database Data Device]; - - GO - - BACKUP CERTIFICATE [MBAM Recovery Encryption Certificate] - - TO FILE = 'Z:\SQLServerInstanceCertificateFile' - - WITH PRIVATE KEY - - ( - - FILE = ' Z:\SQLServerInstanceCertificateFilePrivateKey', - - ENCRYPTION BY PASSWORD = '$PASSWORD$' - - ); - - GO - ``` - -3. Use the following value to replace the values in the code example with values that match your environment: - - **$PASSWORD$** - password that you use to encrypt the Private Key file. - -4. In Windows PowerShell, run the script that is stored in the file and similar to the following: - - ```powershell - Invoke-Sqlcmd -InputFile - 'Z:\BackupMBAMRecoveryandHardwarDatabaseScript.sql' -ServerInstance $SERVERNAME$\$SQLINSTANCENAME$ - ``` -5. Use the following value to replace the values in the code example with values that match your environment: - - **$SERVERNAME$\$SQLINSTANCENAME$** - server name and instance from which the Recovery Database will be backed up. - -### Move the Recovery Database from Server A to Server B - -Use Windows Explorer to move the **MBAM Recovery Database Data.bak** file from Server A to Server B. - -To automate this procedure, you can use Windows PowerShell to run a command that is similar to the following: - -```powershell -Copy-Item "Z:\MBAM Recovery Database Data.bak" -\\$SERVERNAME$\$DESTINATIONSHARE$ - -Copy-Item "Z:\SQLServerInstanceCertificateFile" -\\$SERVERNAME$\$DESTINATIONSHARE$ - -Copy-Item "Z:\SQLServerInstanceCertificateFilePrivateKey" -\\$SERVERNAME$\$DESTINATIONSHARE$ -``` -Use the information in the following table to replace the values in the code example with values that match your environment. - -| **Parameter** | **Description** | -|----------------------|------------------| -| $SERVERNAME$ | Name of the server to which the files will be copied. | -| $DESTINATIONSHARE$ | Name of the share and path to which the files will be copied. | - - -### Restore the Recovery Database on Server B - -1. Restore the Recovery Database on Server B by using the **Restore Database** task in SQL Server Management Studio. - -2. When the previous task finishes, select **From Device**, and then select the database backup file. - -3. Use the **Add** command to select the **MBAM Recovery Database Data.bak** file, and click **OK** to complete the restoration process. - -4. To automate this procedure, create a SQL file (.sql) that contains the following SQL script: - - ``` - -- Restore MBAM Recovery Database. - - USE master - - GO - - -- Drop certificate created by MBAM Setup. - - DROP CERTIFICATE [MBAM Recovery Encryption Certificate] - - GO - - --Add certificate - - CREATE CERTIFICATE [MBAM Recovery Encryption Certificate] - - FROM FILE = 'Z:\SQLServerInstanceCertificateFile' - - WITH PRIVATE KEY - - ( - - FILE = ' Z:\SQLServerInstanceCertificateFilePrivateKey', - - DECRYPTION BY PASSWORD = '$PASSWORD$' - - ); - - GO - - -- Restore the MBAM Recovery Database data and log files. - - RESTORE DATABASE [MBAM Recovery and Hardware] - - FROM DISK = 'Z:\MBAM Recovery Database Data.bak' - - WITH REPLACE - ``` - -5. Use the following value to replace the values in the code example with values that match your environment. - - **$PASSWORD$** - password that you used to encrypt the Private Key file. - -6. In Windows PowerShell, run the script that is stored in the file and similar to the following: - - ```powershell - Invoke-Sqlcmd -InputFile 'Z:\RestoreMBAMRecoveryandHardwarDatabaseScript.sql' -ServerInstance $SERVERNAME$\$SQLINSTANCENAME$ - ``` -7. Use the following value to replace the values in the code example with values that match your environment. - - **$SERVERNAME$\$SQLINSTANCENAME$** - Server name and instance to which the Recovery Database will be restored. - -### Configure access to the Database on Server B and update connection data - -1. Verify that the Microsoft SQL Server user login that enables Recovery Database access on the restored database is mapped to the access account that you provided during the configuration process. - - >[!NOTE] - >If the login is not the same, create a login by using SQL Server Management Studio, and map it to the existing database user. - -2. On the server that is running the Administration and Monitoring Website, use the Internet Information Services (IIS) Manager console to update the connection string information for the MBAM websites. - -3. Edit the following registry key: - - **HKLM\\Software\\Microsoft\\MBAM Server\\Web\\RecoveryDBConnectionString** - -4. Update the **Data Source** value with the name of the server and instance (for example, \$SERVERNAME\$\\\$SQLINSTANCENAME) to which the Recovery Database was moved. - -5. Update the **Initial Catalog** value with the recovered database name. - -6. To automate this process, you can use the Windows PowerShell command prompt to enter a command line on the Administration and Monitoring Server that is similar to the following: - - ```powershell - reg add "HKEY_LOCAL_MACHINE\SOFTWARE\\Microsoft\MBAM Server\\Web" /v - RecoveryDBConnectionString /t REG_SZ /d "Integrated Security=SSPI;Initial - Catalog=$DATABASE$;Data Source=$SERVERNAME$\$SQLINSTANCENAME$" /f - - Set-WebConfigurationProperty - 'connectionStrings/add[@name="KeyRecoveryConnectionString"]' -PSPath - "IIS:\sites\Microsoft Bitlocker Administration and - Monitoring\MBAMAdministrationService" -Name "connectionString" -Value "Data - Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Recovery and - Hardware;Integrated Security=SSPI;" - - Set-WebConfigurationProperty - 'connectionStrings/add[\@name="Microsoft.Mbam.RecoveryAndHardwareDataStore.ConnectionString"]' - -PSPath "IIS:\sites\Microsoft Bitlocker Administration and - Monitoring\MBAMRecoveryAndHardwareService" -Name "connectionString" -Value - "Data Source=$SERVERNAME$\$SQLINSTANCENAME$;Initial Catalog=MBAM Recovery - and Hardware;Integrated Security=SSPI;" - ``` - - >[!Note] - >This connection string is shared by all local MBAM web applications. Therefore, it needs to be updated only once per server. - - -7. Use the following table to replace the values in the code example with values that match your environment. - - |Parameter|Description| - |---------|-----------| - |$SERVERNAME$/\$SQLINSTANCENAME$|Server name and instance of SQL Server where the Recovery Database is located.| - |$DATABASE$|Name of the Recovery database.| - - -### Install MBAM Server software and run the MBAM Server Configuration wizard on Server B - -1. Install the MBAM 2.5 Server software on Server B. For details, see [Installing the MBAM 2.5 Server Software](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/installing-the-mbam-25-server-software). - -2. On Server B, start the MBAM Server Configuration wizard, click **Add New Features**, and then select only the **Recovery Database** feature. For details on how to configure the databases, see [How to Configure the MBAM 2.5 Databases](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/how-to-configure-the-mbam-25-databases). - - >[!TIP] - >Alternatively, you can use the **Enable-MbamDatabase** Windows PowerShell cmdlet to configure the Recovery Database. - - -### Resume the instance of the Administration and Monitoring Website - -On the server that is running the Administration and Monitoring Website, use the Internet Information Services (IIS) Manager console to start the Administration and Monitoring Website. - -To automate this procedure, you can use Windows PowerShell to run a command that is similar to the following: - -```powershell -Start-Website "Microsoft BitLocker Administration and Monitoring" -``` - ->[!NOTE] ->To run this command, you must add the IIS module for Windows PowerShell to the current instance of Windows PowerShell. - -## Move the Compliance and Audit Database - -The high-level steps for moving the Compliance and Audit Database are: - -1. Stop all instances of the MBAM Administration and Monitoring Website - -2. Back up the Compliance and Audit Database on Server A - -3. Move the Compliance and Audit Database from Server A to Server B - -4. Restore the Compliance and Audit Database on Server B - -5. Configure access to the Database on Server B and update connection data - -6. Install MBAM Server software and run the MBAM Server Configuration wizard on - Server B - -7. Resume the instance of the Administration and Monitoring Website - -### How to move the Compliance and Audit Database - -**Stop all instances of the MBAM Administration and Monitoring Website.** On each server that is running the MBAM Administration and Monitoring Server Website, use the Internet Information Services (IIS) Manager console to stop the Administration and Monitoring Website. - -To automate this procedure, you can use Windows PowerShell to enter a command that is similar to the following: - -```powershell -Stop-Website "Microsoft BitLocker Administration and Monitoring" -``` - ->[!NOTE] ->To run this command, you must add the Internet Information Services (IIS) module for Windows PowerShell to the current instance of Windows PowerShell. - -### Back up the Compliance and Audit Database on Server A - -1. Use the **Back Up** task in SQL Server Management Studio to back up the Compliance and Audit Database on Server A. By default, the database name is **MBAM Compliance Status Database**. - -2. To automate this procedure, create a SQL file (.sql) that contains the following SQL script: - - ``` - USE master; - - GO - - ALTER DATABASE "MBAM Compliance Status" - - SET RECOVERY FULL; - - GO - - -- Create MBAM Compliance Status Data logical backup devices. - - USE master - - GO - - EXEC sp_addumpdevice 'disk', 'MBAM Compliance Status Database Data Device', - - 'Z: \MBAM Compliance Status Database Data.bak'; - - GO - - -- Back up the full MBAM Compliance Recovery database. - - BACKUP DATABASE [MBAM Compliance Status] TO [MBAM Compliance Status Database Data Device]; - - GO - - ``` - -3. Run the script that is stored in the .sql file by using a Windows PowerShell command that is similar to the following: - - ```powershell - Invoke-Sqlcmd -InputFile "Z:\BackupMBAMComplianceStatusDatabaseScript.sql" –ServerInstance $SERVERNAME$\$SQLINSTANCENAME$ - - ``` - -4. Using the following value, replace the values in the code example with values that match your environment: - - **$SERVERNAME$\$SQLINSTANCENAME$** - server name and instance from which the Compliance and Audit Database will be backed up. - -### Move the Compliance and Audit Database from Server A to Server B** - -1. Use Windows Explorer to move the **MBAM Compliance Status Database Data.bak** file from Server A to Server B. - -2. To automate this procedure, you can use Windows PowerShell to run a command that is similar to the following: - - ```powershell - Copy-Item "Z:\MBAM Compliance Status Database Data.bak" - \\$SERVERNAME$\$DESTINATIONSHARE$ - ``` - -3. Using the following table, replace the values in the code example with values that match your environment. - - | **Parameter** | **Description** | - |----------------------|---------------------------------------------------------------| - | $SERVERNAME$ | Name of the server to which the files will be copied. | - | $DESTINATIONSHARE$ | Name of the share and path to which the files will be copied. | - - -### Restore the Compliance and Audit Database on Server B - -1. Restore the Compliance and Audit Database on Server B by using the **Restore Database** task in SQL Server Management Studio. - -2. When the previous task finishes, select **From Device**, and then select the database backup file. - -3. Use the **Add** command to select the **MBAM Compliance Status Database Data.bak** file and click **OK** to complete the restoration process. - -4. To automate this procedure, create a SQL file (.sql) that contains the following SQL script: - - ``` - -- Create MBAM Compliance Status Database Data logical backup devices. - - Use master - - GO - - -- Restore the MBAM Compliance Status database data files. - - RESTORE DATABASE [MBAM Compliance Status] - - FROM DISK = 'C:\test\MBAM Compliance Status Database Data.bak' - - WITH REPLACE - - ``` - -5. In Windows PowerShell, run the script that is stored in the file and similar to the following: - - ```powershell - Invoke-Sqlcmd -InputFile "Z:\RestoreMBAMComplianceStatusDatabaseScript.sql" -ServerInstance $SERVERNAME$\$SQLINSTANCENAME$ - - ``` - -6. Using the following value, replace the values in the code example with values that match your environment. - - **$SERVERNAME$\$SQLINSTANCENAME$** - Server name and instance to which the Compliance and Audit Database will be restored. - -### Configure access to the Database on Server B and update connection data - -1. Verify that the Microsoft SQL Server user login that enables Compliance and Audit Database access on the restored database is mapped to the access account that you provided during the configuration process. - - >[!NOTE] - >If the login is not the same, create a login by using SQL Server Management Studio, and map it to the existing database user. - -2. On the server that is running the Administration and Monitoring Website, use the Internet Information Services (IIS) Manager console to update the connection string information for the Website. - -3. Edit the following registry key: - - **HKLM\\Software\\Microsoft\\MBAM Server\\Web\\ComplianceDBConnectionString** - -4. Update the **Data Source** value with the name of the server and instance (for example, \$SERVERNAME\$\\\$SQLINSTANCENAME) to which the Recovery Database was moved. - -5. Update the **Initial Catalog** value with the recovered database name. - -6. To automate this process, you can use the Windows PowerShell command prompt to enter a command line on the Administration and Monitoring Server that is similar to the following: - - ```powershell - reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM Server\Web" /v - ComplianceDBConnectionString /t REG_SZ /d "Integrated Security=SSPI;Initial - Catalog=$DATABASE$;Data Source=$SERVERNAME$\$SQLINSTANCENAME$" /f - ``` - >[!NOTE] - >This connection string is shared by all local MBAM web applications. Therefore, it needs to be updated only once per server. - - -7. Using the following table, replace the values in the code example with values that match your environment. - - |Parameter | Description | - |---------|------------| - |$SERVERNAME$\$SQLINSTANCENAME$ | Server name and instance of SQL Server where the Recovery Database is located.| - |$DATABASE$|Name of the recovered database.| - -### Install MBAM Server software and run the MBAM Server Configuration wizard on Server B - -1. Install the MBAM 2.5 Server software on Server B. For details, see [Installing the MBAM 2.5 Server Software](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/installing-the-mbam-25-server-software). - -2. On Server B, start the MBAM Server Configuration wizard, click **Add New Features**, and then select only the **Compliance and Audit Database** feature. For details on how to configure the databases, see [How to Configure the MBAM 2.5 Databases](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/how-to-configure-the-mbam-25-databases). - - >[!TIP] - >Alternatively, you can use the **Enable-MbamDatabase** Windows PowerShell cmdlet to configure the Compliance and Audit Database. - - -### Resume the instance of the Administration and Monitoring Website - -On the server that is running the Administration and Monitoring Website, use the Internet Information Services (IIS) Manager console to start the Administration and Monitoring Website. - -To automate this procedure, you can use Windows PowerShell to run a command that is similar to the following: - -```powershell -Start-Website "Microsoft BitLocker Administration and Monitoring" -``` - ->[!NOTE] ->To run this command, you must add the IIS module for Windows PowerShell to the current instance of Windows PowerShell. diff --git a/mdop/mbam-v25/how-to-move-the-mbam-25-reports.md b/mdop/mbam-v25/how-to-move-the-mbam-25-reports.md deleted file mode 100644 index c77b29982c..0000000000 --- a/mdop/mbam-v25/how-to-move-the-mbam-25-reports.md +++ /dev/null @@ -1,143 +0,0 @@ ---- -title: How to Move the MBAM 2.5 Reports -description: How to Move the MBAM 2.5 Reports -author: dansimp -ms.assetid: c8223656-ca9d-41c8-94a3-64d07a6b99e9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Move the MBAM 2.5 Reports - - -Use these procedures to move the Reports feature from one computer to another, that is, to move the Reports feature from Server A to Server B. - -The high-level steps for moving the Reports feature are: - -1. Stop all instances of the MBAM Administration and Monitoring Website. - -2. Install the MBAM 2.5 Server software on Server B and configure the Reports feature on Server B. - -3. Update the reports connection data on the MBAM Administration and Monitoring servers. - -4. Resume the instance of the MBAM Administration and Monitoring Website. - -**Note**   -To run the example Windows PowerShell scripts in this topic, you must update the Windows PowerShell execution policy to enable scripts to be run. See [Running Windows PowerShell Scripts](https://technet.microsoft.com/library/ee176949.aspx) for instructions. - - - -**Stop the MBAM Administration and Monitoring Website** - -- On the server that is running the Administration and Monitoring Website, use the Internet Information Services (IIS) Manager console to stop the Administration and Monitoring Website. - - To automate this procedure, you can use Windows PowerShell to enter a command that is similar to the following: - - ``` syntax - PS C:\> Stop-Website "Microsoft BitLocker Administration and Monitoring" - ``` - -**Install MBAM Server software and run the MBAM Server Configuration wizard on Server B** - -1. Install the MBAM Server software on Server B. For instructions, see [Installing the MBAM 2.5 Server Software](installing-the-mbam-25-server-software.md). - -2. On Server B, start the MBAM Server Configuration wizard, click **Add New Features**, and then select only the **Reports** feature. - - Alternatively, you can use the **Enable-MbamReport** Windows PowerShell cmdlet to configure the Reports. - - For instructions on how to configure the Reports, see [How to Configure the MBAM 2.5 Reports](how-to-configure-the-mbam-25-reports.md). - -**Update the reports connection data on the Administration and Monitoring Server** - -1. On the server that is running the Reports feature, use the Internet Information Services (IIS) Manager console to update the Reports URL. - -2. Expand **Microsoft BitLocker Administration and Monitoring**, and then select the **HelpDesk** node. - -3. In the **Management** section of the **Features View**, select **Configuration Editor**. - -4. In the **Section** field, select **appSettings**. - -5. Select the **Collection** row, and then click the "ellipses" button **(…)** at the far right of the pane to open the **Collection Editor**. - -6. In the **Collection Editor**, select the row that contains **Microsoft.Mbam.Reports.Url**, and update the value for **Microsoft.Mbam.Reports.Url** to reflect the server name for Server B. - - If you previously configured the Reports feature on a named instance of SQL Server Reporting Services, add or update the name of the instance to the URL, for example: - - `http://$SERVERNAME$/ReportServer_$SQLSRSINSTANCENAME$/Pages....)` - -7. To automate this procedure, you can use Windows PowerShell to run a command on the Administration and Monitoring Server that is similar to the following code example. - - ``` syntax - PS C:\> Set-WebConfigurationProperty '/appSettings/add[@key="Microsoft.Mbam.Reports.Url"]' -PSPath "IIS:\\sites\Microsoft Bitlocker Administration and Monitoring\HelpDesk" -Name "Value" -Value "http://$SERVERNAME$/ReportServer[_$SRSINSTANCENAME$]/Pages/ReportViewer.aspx?/Microsoft+BitLocker+Administration+and+Monitoring/" - ``` - - Using the descriptions in the following table, replace the values in the code example with values that match your environment. - - - - - - - - - - - - - - - - - - - - - - -
ParameterDescription

$SERVERNAME$

Name of the server to which the Reports were moved.

$SRSINSTANCENAME$

Name of the instance of SQL Server Reporting Services to which the Reports were moved.

- - - -**Resume the instance of the Administration and Monitoring Website** - -1. On the server that is running the Administration and Monitoring Website, use the Internet Information Services (IIS) Manager console to start the Administration and Monitoring Website. - -2. To automate this procedure, you can use Windows PowerShell to run a command that is similar to the following: - - ``` syntax - PS C:\> Start-Website "Microsoft BitLocker Administration and Monitoring" - ``` - - **Note**   - To run this command, you must add the IIS module for Windows PowerShell to the current instance of Windows PowerShell. - - - - - -## Related topics - - -[How to Configure the MBAM 2.5 Reports](how-to-configure-the-mbam-25-reports.md) - -[Configuring MBAM 2.5 Server Features by Using Windows PowerShell](configuring-mbam-25-server-features-by-using-windows-powershell.md) - -[Moving MBAM 2.5 Features to Another Server](moving-mbam-25-features-to-another-server.md) - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - - diff --git a/mdop/mbam-v25/how-to-move-the-mbam-25-websites.md b/mdop/mbam-v25/how-to-move-the-mbam-25-websites.md deleted file mode 100644 index 6b57070737..0000000000 --- a/mdop/mbam-v25/how-to-move-the-mbam-25-websites.md +++ /dev/null @@ -1,75 +0,0 @@ ---- -title: How to Move the MBAM 2.5 Websites -description: How to Move the MBAM 2.5 Websites -author: dansimp -ms.assetid: 71af9a54-c27b-408f-9d75-37c0d02e730e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Move the MBAM 2.5 Websites - - -Use these procedures to move the following MBAM websites from one computer to another, that is, to move the following features from Server A to Server B: - -- Administration and Monitoring Website - -- Self-Service Portal - -**Important**   -During the configuration of both websites, you must provide the same connection string, Reports URL, group accounts, and web service application pool domain account as the ones that you are currently using. If you don’t use the same values, you cannot access some of the servers. To get the current values, use the **Get-MbamWebApplication** Windows PowerShell cmdlet. - - - -**To move the Administration and Monitoring Website to another server** - -1. On Server B, install the MBAM 2.5 Server software. For instructions, see [Installing the MBAM 2.5 Server Software](installing-the-mbam-25-server-software.md). - -2. On Server B, start the MBAM Server Configuration wizard, click **Add New Features**, and then select only the **Administration and Monitoring Website** feature. - - Alternatively, you can use the **Enable-MbamWebApplication** Windows PowerShell cmdlet to configure the Administration and Monitoring Website. - - For instructions on how to configure the Administration and Monitoring Website, see [How to Configure the MBAM 2.5 Web Applications](how-to-configure-the-mbam-25-web-applications.md). - -**To move the Self-Service Portal to another server** - -1. On Server B, install the MBAM 2.5 Server software. For instructions, see [Installing the MBAM 2.5 Server Software](installing-the-mbam-25-server-software.md). - -2. On Server B, start the MBAM Server Configuration wizard, click **Add New Features**, and then select only the **Self-Service Portal** feature. - - Alternatively, you can use the **Enable-MbamWebApplication** Windows PowerShell cmdlet to configure the Self-Service Portal. - - For instructions on how to configure the Administration and Monitoring Website, see [How to Configure the MBAM 2.5 Web Applications](how-to-configure-the-mbam-25-web-applications.md). - -3. If the client computers in your organization do not have access to the Microsoft Content Delivery Network, you also have to move the JavaScript files. See [How to Configure the Self-Service Portal When Client Computers Cannot Access the Microsoft Content Delivery Network](how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network.md) for more information. - -4. Customize the Self-Service Portal for your organization. Use the instructions in [Customizing the Self-Service Portal for Your Organization](customizing-the-self-service-portal-for-your-organization.md) to review your current customizations and to configure custom settings on the Self-Server Portal on Server B. - - - -## Related topics - - -[How to Configure the MBAM 2.5 Web Applications](how-to-configure-the-mbam-25-web-applications.md) - -[Configuring MBAM 2.5 Server Features by Using Windows PowerShell](configuring-mbam-25-server-features-by-using-windows-powershell.md) - -[Moving MBAM 2.5 Features to Another Server](moving-mbam-25-features-to-another-server.md) - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).  - - - - - diff --git a/mdop/mbam-v25/how-to-recover-a-corrupted-drive-mbam-25.md b/mdop/mbam-v25/how-to-recover-a-corrupted-drive-mbam-25.md deleted file mode 100644 index 5ee41f6f49..0000000000 --- a/mdop/mbam-v25/how-to-recover-a-corrupted-drive-mbam-25.md +++ /dev/null @@ -1,96 +0,0 @@ ---- -title: How to Recover a Corrupted Drive -description: How to Recover a Corrupted Drive -author: dansimp -ms.assetid: fa5b846b-dda6-4ae4-bf6c-39e4f1d8aa00 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Recover a Corrupted Drive - - -You can use this procedure with the Administration and Monitoring Website (also referred to as the Help Desk) Website to recover a corrupted drive that is protected by BitLocker. To do this, you will complete the tasks outlined in the following table. - - ---- - - - - - - - - - - - - - - - - - - - - -
TaskDetails and more information

Create a recovery key package file by accessing the Drive Recovery area of the Administration and Monitoring Website.

To access the Drive Recovery area, you must be assigned the MBAM Helpdesk Users role or the MBAM Advanced Helpdesk Users role. You may have given these roles different names when you created them. For more information, see Planning for MBAM 2.5 Groups and Accounts.

Copy the package file to the computer that contains the corrupted drive.

Use the repair-bde command to complete the recovery process.

To avoid a potential loss of data, it is strongly recommended that you review the Manage-bde command before using it.

- - - -**To recover a corrupted drive** - -1. Open a web browser and navigate to the **Administration and Monitoring Website**. - -2. In the left pane, select **Drive Recovery** to open the **Recover access to an encrypted drive** page. - -3. Enter the end user’s Windows log-on domain and user name, the reason for unlocking the drive, and the end user’s recovery password ID. - - **Note**   - If you are a member of the Advanced Helpdesk Users access group, you do not have to enter the user’s domain name or user name. - - - -4. Click **Submit**. The recovery key will be displayed. - -5. Click **Save**, and then select **Recovery Key Package**. The recovery key package will be created on your computer. - -6. Copy the recovery key package to the computer that has the corrupted drive. - -7. Open an elevated command prompt. To do this, click **Start** and type `cmd` in the **Search programs and files** text box. Right-click **cmd.exe**, and select **Run as Administrator**. - -8. At the command prompt, type the following: - - `repair-bde -kp -rp ` - - **Note**   - Replace <*fixed drive*> with an available hard disk drive that has free space equal to or larger than the data on the corrupted drive. Data on the corrupted drive is recovered and moved to the specified hard disk drive. - - - - -## Related topics - - -[Performing BitLocker Management with MBAM 2.5](performing-bitlocker-management-with-mbam-25.md) - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - - diff --git a/mdop/mbam-v25/how-to-recover-a-drive-in-recovery-mode-mbam-25.md b/mdop/mbam-v25/how-to-recover-a-drive-in-recovery-mode-mbam-25.md deleted file mode 100644 index 9dec2442fb..0000000000 --- a/mdop/mbam-v25/how-to-recover-a-drive-in-recovery-mode-mbam-25.md +++ /dev/null @@ -1,88 +0,0 @@ ---- -title: How to Recover a Drive in Recovery Mode -description: How to Recover a Drive in Recovery Mode -author: dansimp -ms.assetid: e126eaf8-9ae7-40fe-a28e-dbd78d26859e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Recover a Drive in Recovery Mode - - -This topic explains how to use the Administration and Monitoring Website (also referred to as the Help Desk) to get a recovery password to give to end users if their BitLocker-protected drive goes into recovery mode. Drives go into recovery mode if users lose or forget their PIN or password or if the Trusted Module Platform (TPM) chip detects changes to the BIOS or startup files of a computer. - -To get a recovery password, use the **Drive Recovery** area of the Administration and Monitoring Website. You must be assigned the MBAM Helpdesk Users role or the MBAM Advanced Helpdesk Users role to access this area of the website. - -**Note** -You may have given these roles different names when you created them. For more information, see [Planning for MBAM 2.5 Groups and Accounts](planning-for-mbam-25-groups-and-accounts.md#bkmk-helpdesk-roles). - - - -**Important** -Recovery passwords expire after a single use. On operating system drives and fixed data drives, the single-use rule is applied automatically. On removable drives, it is applied when the drive is removed and then reinserted and unlocked on a computer that has Group Policy settings activated to manage removable drives. - - - -**To recover a drive in recovery mode** - -1. Open a web browser and navigate to the **Administration and Monitoring Website**. - -2. In the left pane, select **Drive Recovery** to open the **Recover access to an encrypted drive** page. - -3. Enter the end user’s Windows log-on domain and user name to view recovery information. - - **Note** - If you are in the MBAM Advanced Helpdesk Users group, the user domain and user ID fields are not required. - - - -4. Enter the first eight digits of the recovery key ID to see a list of possible matching recovery keys, or enter the entire recovery key ID to get the exact recovery key. - -5. From the **Reason for Drive Unlock** list, select one of the predefined options, and then click **Submit**. - - MBAM returns the following: - - - An error message if no matching recovery password is found - - - Multiple possible matches if the user has multiple matching recovery passwords - - - The recovery password and recovery package for the submitted user - - **Note** - If you are recovering a damaged drive, the recovery package option provides BitLocker with critical information that it needs to recover the drive. - - - -~~~ -After the recovery password and recovery package are retrieved, the recovery password is displayed. -~~~ - -6. To copy the password, click **Copy Key**, and then paste the recovery password into an email message. Alternatively, click **Save** to save the recovery password to a file. - - When the user types the recovery password into the system or uses the recovery package, the drive is unlocked. - - - -## Related topics - - -[Performing BitLocker Management with MBAM 2.5](performing-bitlocker-management-with-mbam-25.md) - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - diff --git a/mdop/mbam-v25/how-to-recover-a-moved-drive-mbam-25.md b/mdop/mbam-v25/how-to-recover-a-moved-drive-mbam-25.md deleted file mode 100644 index 59ee1c423d..0000000000 --- a/mdop/mbam-v25/how-to-recover-a-moved-drive-mbam-25.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: How to Recover a Moved Drive -description: How to Recover a Moved Drive -author: dansimp -ms.assetid: 0d38ce7e-bc64-473e-ae85-99b7099ca758 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 11/01/2016 ---- - - -# How to Recover a Moved Drive -This topic explains how to use the Administration and Monitoring Website (also referred to as the Help Desk) to recover an operating system drive that was moved after being encrypted by Microsoft BitLocker Administration and Monitoring (MBAM). When a drive is moved, it no longer accepts the PIN that was used in the previous computer because the Trusted Platform Module (TPM) chip has changed. To recover the moved drive, you must obtain the recovery key ID to retrieve the recovery password. - -To recover a moved drive, you must use the **Drive Recovery** area of the Administration and Monitoring Website. To access the **Drive Recovery** area, you must be assigned the MBAM Helpdesk Users role or the MBAM Advanced Helpdesk Users role. For more information about these roles, see [Planning for MBAM 2.5 Groups and Accounts](planning-for-mbam-25-groups-and-accounts.md#bkmk-helpdesk-roles). - -**To recover a moved drive** -1. On the computer that contains the moved drive, start the computer in Windows Recovery Environment (WinRE) mode, or start the computer by using the Microsoft Diagnostic and Recovery Toolset (DaRT). - -2. After the computer has been started with WinRE or DaRT, MBAM will treat the moved operating system drive as a fixed data drive. MBAM will then display the drive’s recovery password ID and ask for the recovery password. - - **Note**   - In some cases, you may be able to click **I forgot the PIN** during the startup process, and then enter the recovery mode to display the recovery key ID. - - - -3. Use the recovery key ID to retrieve the recovery password and unlock the drive from the Administration and Monitoring Website. For instructions, see [How to Recover a Drive in Recovery Mode](how-to-recover-a-drive-in-recovery-mode-mbam-25.md). - - If the moved drive was configured to use a TPM chip on the original computer, complete the following additional steps. Otherwise, the recovery process is complete. - -4. After unlocking the drive and completing the start process, open a command prompt in WinRE mode and use the `manage-bde` command to decrypt the drive. Using this tool is the only way to remove the TPM plus the PIN protector without the original TPM chip. For information about the `manage-bde` command, see [Manage-bde](https://go.microsoft.com/fwlink/?LinkId=393567). - -5. When the removal is completed, start the computer normally. The MBAM agent will now enforce the policy to encrypt the drive with the new computer’s TPM plus the PIN. - - - -## Related topics - - -[Performing BitLocker Management with MBAM 2.5](performing-bitlocker-management-with-mbam-25.md) - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).  - - - - - diff --git a/mdop/mbam-v25/how-to-reset-a-tpm-lockout-mbam-25.md b/mdop/mbam-v25/how-to-reset-a-tpm-lockout-mbam-25.md deleted file mode 100644 index fc80c4324c..0000000000 --- a/mdop/mbam-v25/how-to-reset-a-tpm-lockout-mbam-25.md +++ /dev/null @@ -1,80 +0,0 @@ ---- -title: How to Reset a TPM Lockout -description: How to Reset a TPM Lockout -author: dansimp -ms.assetid: dd20a728-c52e-48e6-9f6c-1311c71dee74 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Reset a TPM Lockout - - -This topic explains how to use the Administration and Monitoring Website (also referred to as the Help Desk) to reset a TPM lockout. TPM lockouts can occur if an end user enters the incorrect PIN too many times. The number of times that a user can enter an incorrect PIN before the TPM locks varies from manufacturer to manufacturer. - -From the **Manage TPM** area of the Administration and Monitoring Website, you can access the centralized Key Recovery data system, which provides a TPM owner password file when you supply a computer ID and associated user identifier. - -To access the Manage TPM area of the Administration and Monitoring Website, you must be assigned the MBAM Helpdesk Users role or the MBAM Advanced Helpdesk Users role. These roles are groups that administrators create in Active Directory. You can use any name for these groups. For more information, see [Planning for MBAM 2.5 Groups and Accounts](planning-for-mbam-25-groups-and-accounts.md#bkmk-helpdesk-roles). - -For information about MBAM and TPM ownership, see [MBAM 2.5 Security Considerations](mbam-25-security-considerations.md#bkmk-tpm). - -**To reset a TPM lockout** - -1. Open a web browser and navigate to the **Administration and Monitoring Website**. - -2. In the left pane, click **Manage TPM** to open the **Manage TPM** page. - -3. Enter the fully qualified domain name for the computer and the computer name. - -4. Enter the end user’s Windows log-on domain and user name to retrieve the TPM owner password file. - - **Note**   - If you are in the MBAM Advanced Helpdesk Users group, the user domain and user ID fields are not required. - - - -5. From the **Reason for requesting TPM owner password file** list, select a reason for the request, and click **Submit**. - - MBAM returns one of the following: - - - An error message if no matching TPM owner password file is found - - - The TPM owner password file for the submitted computer - - After the TPM owner password is retrieved, the owner password is displayed. - -6. To save the password to a .tpm file, click the **Save** button. - -7. In the **Manage TPM** area of the **Administration and Monitoring Website**, select the **Reset TPM lockout** option and provide the TPM owner password file. - - The TPM lockout is reset and the end user’s access is restored. - - **Important**   - Do not give the TPM hash value or TPM owner password file to end users. Because the TPM information does not change, giving the file to end users creates a security risk. - - - - - -## Related topics - - -[Performing BitLocker Management with MBAM 2.5](performing-bitlocker-management-with-mbam-25.md) - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).  - - - - - diff --git a/mdop/mbam-v25/how-to-set-the-self-service-portal-branding-and-session-time-out.md b/mdop/mbam-v25/how-to-set-the-self-service-portal-branding-and-session-time-out.md deleted file mode 100644 index 67f433c862..0000000000 --- a/mdop/mbam-v25/how-to-set-the-self-service-portal-branding-and-session-time-out.md +++ /dev/null @@ -1,159 +0,0 @@ ---- -title: How to Set the Self-Service Portal Branding and Session Time-out -description: How to Set the Self-Service Portal Branding and Session Time-out -author: dansimp -ms.assetid: 031eedfc-fade-4d2f-8771-b329e1d38c0d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Set the Self-Service Portal Branding and Session Time-out - - -After you configure the Self-Service Portal, you can brand it with your company name, Help Desk URL, and "notice" text. You can also change the Session Time-out setting to make the end user’s session expire after a specified period of inactivity. - -**Note** -You can also brand the Self-Service Portal by using the **Enable-MbamWebApplication** Windows PowerShell cmdlet or the MBAM Server Configuration wizard. For instructions on using the wizard, see [How to Configure the MBAM 2.5 Web Applications](how-to-configure-the-mbam-25-web-applications.md). - - - -**Note** -In the following instructions, *SelfService* is the default virtual directory name for the Self-Service Portal. You might have used a different name when you configured the Self-Service Portal. - - - -**To set the session time-out and branding for the Self-Service Portal** - -1. To set the time-out period for the end user’s session, start the **Internet Information Services Manager**, or run **inetmgr.exe**. - -2. Browse to **Sites** > **Microsoft BitLocker Administration and Monitoring** > **SelfService** > **ASP.NET** > **Session State**, and change the **Time-out** value under **Cookie Settings** to the number of minutes after which the end user’s Self-Service Portal session expires. The default value is **5**. To disable the setting so that there is no time-out, set the value to **0**. - -3. To set the branding items for the Self-Service Portal, start the **Internet Information Services Manager** or run **inetmgr.exe**. - -4. Browse to **Sites** > **Microsoft BitLocker Administration and Monitoring** > **SelfService** > **Application Settings**. - -5. In the **Name** column, select the item that you want to change, and change the default value to reflect the name that you want to use. The following table lists the values that you can set. - - **Caution** - Do not change the value in the Name column (CompanyName\*), as it will cause Self-Service Portal to stop working. - - - -~~~ - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameDefault value

ClientValidationEnabled

true

CompanyName

Contoso IT

DisplayNotice

true

HelpdeskText

Contact Helpdesk or IT Department

HelpdeskUrl

#

-
-Note -

In MBAM 2.5 SP1, the HelpdeskUrl default value is empty.

-
-
- -

jQueryPath

[//go.microsoft.com/fwlink/?LinkID=390515](//go.microsoft.com/fwlink/?LinkID=390515)

-
-Note -

In MBAM 2.5 SP1, this has been changed to a local JavaScript file shipped with the product, located at ~/Scripts/jquery-1.10.2.min.js

-
-
- -

jQueryValidatePath

[//go.microsoft.com/fwlink/?LinkID=390516](//go.microsoft.com/fwlink/?LinkID=390516)

-
-Note -

In MBAM 2.5 SP1, this has been changed to a local JavaScript file shipped with the product, located at ~/Scripts/jquery.validate.min.js

-
-
- -

jQueryValidateUnobtrusivePath

[//go.microsoft.com/fwlink/?LinkID=390517](//go.microsoft.com/fwlink/?LinkID=390517)

-
-Note -

In MBAM 2.5 SP1, this has been changed to a local JavaScript file shipped with the product, located at ~/Scripts/jquery.validate.unobtrusive.min.js

-
-
- -

NoticeTextPath

Notice.txt

-
-Note -

You can edit the notice text either by using the Internet Information Services (IIS) Manager or by opening and changing the Notice.txt file in the installation directory.

-
-
- -

UnobtrusiveJavaScriptEnabled

true

-~~~ - - - - - -## Related topics - - -[Customizing the Self-Service Portal for Your Organization](customizing-the-self-service-portal-for-your-organization.md) - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - diff --git a/mdop/mbam-v25/how-to-turn-the-self-service-portal-notice-text-on-or-off.md b/mdop/mbam-v25/how-to-turn-the-self-service-portal-notice-text-on-or-off.md deleted file mode 100644 index 015d00c47f..0000000000 --- a/mdop/mbam-v25/how-to-turn-the-self-service-portal-notice-text-on-or-off.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: How to Turn the Self-Service Portal Notice Text On or Off -description: How to Turn the Self-Service Portal Notice Text On or Off -author: dansimp -ms.assetid: e786685b-ffdb-4557-ae71-e79528097264 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Turn the Self-Service Portal Notice Text On or Off - - -You can turn the Self-Service Portal notice text on or off. By default, the notice text is turned on. To set the notice text, see [How to Set the Self-Service Portal Branding and Session Time-out](how-to-set-the-self-service-portal-branding-and-session-time-out.md). - -**Note**   -In the following instructions, *SelfService* is the default virtual directory name for the Self-Service Portal. You might have used a different name when you configured the Self-Service Portal. - - - -**To turn off the notice text** - -1. On the server where you configured the Self-Service Portal, browse to **Sites** > **Microsoft BitLocker Administration and Monitoring** > **SelfService** > **Application Settings**. - -2. In the **Name** column, select **DisplayNotice**, and set the value to **false**. - - - -## Related topics - - -[Customizing the Self-Service Portal for Your Organization](customizing-the-self-service-portal-for-your-organization.md) - - - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - diff --git a/mdop/mbam-v25/how-to-use-the-administration-and-monitoring-website.md b/mdop/mbam-v25/how-to-use-the-administration-and-monitoring-website.md deleted file mode 100644 index 6999def5bb..0000000000 --- a/mdop/mbam-v25/how-to-use-the-administration-and-monitoring-website.md +++ /dev/null @@ -1,137 +0,0 @@ ---- -title: How to Use the Administration and Monitoring Website -description: How to Use the Administration and Monitoring Website -author: dansimp -ms.assetid: bb96a4e8-d4f4-4e6f-b7db-82d96998bfa6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Use the Administration and Monitoring Website - - -The Administration and Monitoring Website, also referred to as the Help Desk, is an administrative interface for BitLocker Drive Encryption. Use the website to review reports, recover end users’ drives, and manage end users’ TPMs, as described in the following sections. - -**Note**   -If you are using MBAM in the Stand-alone topology, you view all reports from the Administration and Monitoring Website. If you are using the Configuration Manager Integration topology, you view all reports in Configuration Manager, except the Recovery Audit report, which you continue to view from the Administration and Monitoring Website. For more information about reports, see [Monitoring and Reporting BitLocker Compliance with MBAM 2.5](monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md). - - - -## Required roles for using the Administration and Monitoring Website - - -To access specific areas of the Administration and Monitoring Website, you must have one of the following roles, which are groups that you create in Active Directory. You can use any name for these groups. - - ---- - - - - - - - - - - - - - - - - - - - - -
AccountDescription

MBAM Advanced Helpdesk Users

Provides access to all areas of the Administration and Monitoring Website. Users who have this role enter only the recovery key, and not the end user’s domain and user name, when helping end users recover their drives. If a user is a member of both the MBAM Helpdesk Users group and the MBAM Advanced Helpdesk Users group, the MBAM Advanced Helpdesk Users group permissions override the MBAM Helpdesk Users Group permissions.

-

MBAM Helpdesk Users

Provides access to the Manage TPM and Drive Recovery areas of the Administration and Monitoring Website. Individuals who have this role must fill in all fields, including the end-user’s domain and account name, when they use either area.

-

If a user is a member of both the MBAM Helpdesk Users group and the MBAM Advanced Helpdesk Users group, the MBAM Advanced Helpdesk Users group permissions override the MBAM Helpdesk Users Group permissions.

MBAM Report Users

Provides access to the reports in the Reports area of the Administration and Monitoring Website.

- - - -## Tasks you can perform on the Administration and Monitoring Website - - -The following table summarizes the tasks you can perform on the Administration and Monitoring Website and provides links to more information about each task. - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TaskArea of the Website where you access the taskDescriptionFor more information

View reports

Reports

Enables you to run reports to monitor BitLocker usage, compliance, and key recovery activity. Reports provide data about enterprise compliance, individual computers, and who requested recovery keys or the TPM OwnerAuth package for a specific computer.

Viewing MBAM 2.5 Reports for the Stand-alone Topology

Determine the BitLocker encryption status of lost or stolen computers

Reports

Determine if a volume was encrypted if the computer is lost or stolen.

How to Determine BitLocker Encryption State of Lost Computers

Recover lost drives

Drive Recovery

Recover drives that are:

-
    -

  • In recovery mode

    • -

  • Have been moved

    • -

  • Are corrupted

    • -

Reset a TPM lockout

Manage TPM

Provides access to TPM data that has been collected by the MBAM Client. In a TPM lockout, use the Administration and Monitoring Website to retrieve the necessary password file to unlock the TPM.

How to Reset a TPM Lockout

- - - - -## Related topics - - -[Performing BitLocker Management with MBAM 2.5](performing-bitlocker-management-with-mbam-25.md) - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).  - - - - - diff --git a/mdop/mbam-v25/how-to-use-the-self-service-portal-to-regain-access-to-a-computer-mbam-25.md b/mdop/mbam-v25/how-to-use-the-self-service-portal-to-regain-access-to-a-computer-mbam-25.md deleted file mode 100644 index 3be2d5cf4a..0000000000 --- a/mdop/mbam-v25/how-to-use-the-self-service-portal-to-regain-access-to-a-computer-mbam-25.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -title: How to Use the Self-Service Portal to Regain Access to a Computer -description: How to Use the Self-Service Portal to Regain Access to a Computer -author: dansimp -ms.assetid: 3c24b13a-d1b1-4763-8ac0-0b2db46267e3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Use the Self-Service Portal to Regain Access to a Computer - - -The Self-Service Portal is a website that IT administrators configure as part of their Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 deployment. The website enables end users to independently regain access to their computers if they get locked out of Windows. The Self-Service Portal requires no assistance from Help Desk staff. - -The following instructions are written from the perspective of end users, but the information may be useful for IT administrators to understand. - -**Important**   -An end user must have physically logged on to the computer (not remotely) at least one time successfully to be able to recover their key using the Self-Service Portal. Otherwise, they must use the Helpdesk Portal for key recovery. - - - -End users may experience lockouts if they: - -- Forget their password or PIN - -- Change operating system files, the BIOS, or the Trusted Platform Module (TPM) - -**Note**   -If the IT administrator configured an IIS Session State time-out, a message is displayed in the Self-Service Portal 60 seconds prior to the time-out. - - - -**To use the Self-Service Portal to regain access to a computer** - -1. In the **Recovery KeyId** field, enter a minimum of eight of the 32-digit BitLocker Key ID that is displayed on the BitLocker recovery screen of your computer. If the first eight digits match multiple keys, a message displays that requires you to enter all 32 digits of the recovery key ID. - -2. In the **Reason** field, select a reason for your request for the recovery key. - -3. Click **Get Key**. Your BitLocker recovery key is displayed in the **Your BitLocker Recovery Key** field. - -4. Enter the 48-digit code into the BitLocker recovery screen on your computer to regain access to the computer. - - - -## Related topics - - -[Performing BitLocker Management with MBAM 2.5](performing-bitlocker-management-with-mbam-25.md) - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - - diff --git a/mdop/mbam-v25/illustrated-features-of-an-mbam-25-deployment.md b/mdop/mbam-v25/illustrated-features-of-an-mbam-25-deployment.md deleted file mode 100644 index 7d2a8d5f0e..0000000000 --- a/mdop/mbam-v25/illustrated-features-of-an-mbam-25-deployment.md +++ /dev/null @@ -1,102 +0,0 @@ ---- -title: Illustrated Features of an MBAM 2.5 Deployment -description: Illustrated Features of an MBAM 2.5 Deployment -author: dansimp -ms.assetid: 7b5eff42-af8c-4bd0-a20a-18cc2e779f01 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/15/2018 ---- - - -# Illustrated Features of an MBAM 2.5 Deployment - - -This topic describes the individual features that make up a Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 deployment for the following topologies: - -- MBAM Stand-alone - -- System Center Configuration Manager Integration - -**Important** -These features do not represent the recommended architecture for deploying MBAM. Use this information only as a guide to understand the individual features that make up an MBAM deployment. See [High-Level Architecture for MBAM 2.5](high-level-architecture-for-mbam-25.md) for the recommended architecture for MBAM. - - - -For a list of the supported versions of the software mentioned in this topic, see [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md). - -## MBAM Stand-alone topology - - -The following image and table explain the features in an MBAM Stand-alone topology. - -![mbab2\-5](images/mbam2-5-standalonecomponents.png) - -|Feature type|Description|Database| -|-|-|-| -|Recovery Database|This database stores recovery data that is collected from MBAM client computers.|This feature is configured on a server running Windows Server and a supported SQL Server instance.| -|Compliance and Audit Database|This database stores compliance data, which is used primarily for the Reports that SQL Server Reporting Services hosts.|This feature is configured on a server running Windows Server and a supported SQL Server instance.| -|Compliance and Audit Reports||| -|Reporting Web Service|This web service enables communication between the Administration and Monitoring Website and the SQL Server instance where reporting data is stored.|This feature is installed on a server running Windows Server.| -|Reporting Website (Administration and Monitoring Website)|You view Reports from the Administration and Monitoring Website. The Reports provide recovery audit and compliance status data about the client computers in your enterprise.|This feature is configured on a server running Windows Server.| -|SQL Server Reporting Services (SSRS)|Reports are configured in an SSRS database instance. Reports can be viewed directly from SSRS or from the Administration and Monitoring Website.|This feature is configured on a server running Windows Server and a supported SQL Server instance that is running SSRS.| -|Self-Service Server||| -|Self-Service Web Service|This web service is used by the MBAM Client and the Administration and Monitoring Website and Self-Service Portal to communicate to the Recovery Database.|This feature is installed on a computer running Windows Server.| -|Self-Service Website (Self-Service Portal)|This website enables end users on client computers to independently sign in to a website to get a recovery key if they lose or forget their BitLocker password.|This feature is configured on a computer running Windows Server.| -|Administration and Monitoring Server||| -|Administration and Monitoring Web Service|The Monitoring Web Service is used by the MBAM Client and the websites to communicate to the databases.|This feature is installed on a computer running Windows Server.| - -**Important** -The Self-Service Web Service is no longer available in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1, in which the MBAM Client, the Administration and Monitoring Website, and the Self-Service Portal communicate directly with the Recovery Database. - -**Important** -The Monitoring Web Service is no longer available in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1 since the MBAM Client and the websites communicate directly with the Recovery Database. - - -## System Center Configuration Manager Integration topology - -The following image and table explain the features in the System Center Configuration Manager Integration topology. - -![mbam2\-5](images/mbam2-5-cmcomponents.png) - -**Important** -The Self-Service Web Service is no longer available in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1, in which the MBAM Client, the Administration and Monitoring Website, and the Self-Service Portal communicate directly with the Recovery Database. - -**Warning** -The Monitoring Web Service is no longer available in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1 since the MBAM Client and the websites communicate directly with the Recovery Database. - - -| Feature type | Description | -|------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Self-Service Server | | -| Self-Service Web Service | This web service is used by the MBAM Client and the Self-Service Portal to communicate to the Recovery Database. | -| Self-Service Website | This website enables end users on client computers to independently sign in to a website to get a recovery key if they lose or forget their BitLocker password. | -| Administration and Monitoring Server/Recovery Audit Report | | -| Administration and Monitoring Web Service | This web service enables communication between the Administration and Monitoring Website and the SQL Server databases where reporting data is stored. | -| Administration and Monitoring Website | The Recovery Audit report is viewed from the Administration and Monitoring Website. Use the Configuration Manager console to view all other reports, or view reports directly from SQL Server Reporting Services. | -| Databases | | -| Recovery Database | This database stores recovery data that is collected from MBAM client computers. | -| Audit Database | This database stores audit information about recovery attempts and activity. | -| Configuration Manager Features | | -| Configuration Manager Management console | This console is built into Configuration Manager and is used to view reports. | -| Configuration Manager Reports | Reports show compliance and recovery audit data for client computers in your enterprise. | -| SQL Server Reporting Services | SSRS enables the MBAM Reports. Reports can be viewed directly from SSRS or from the Configuration Manager console. | - -## Related topics - -[High-Level Architecture for MBAM 2.5](high-level-architecture-for-mbam-25.md) - -[Getting Started with MBAM 2.5](getting-started-with-mbam-25.md) - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - diff --git a/mdop/mbam-v25/images/checklistbox.gif b/mdop/mbam-v25/images/checklistbox.gif deleted file mode 100644 index 8af13c51d1..0000000000 Binary files a/mdop/mbam-v25/images/checklistbox.gif and /dev/null differ diff --git a/mdop/mbam-v25/images/deploying-MBAM-1.png b/mdop/mbam-v25/images/deploying-MBAM-1.png deleted file mode 100644 index eeb70cba71..0000000000 Binary files a/mdop/mbam-v25/images/deploying-MBAM-1.png and /dev/null differ diff --git a/mdop/mbam-v25/images/deploying-MBAM-10.png b/mdop/mbam-v25/images/deploying-MBAM-10.png deleted file mode 100644 index 69c5ddf7c5..0000000000 Binary files a/mdop/mbam-v25/images/deploying-MBAM-10.png and /dev/null differ diff --git a/mdop/mbam-v25/images/deploying-MBAM-11.png b/mdop/mbam-v25/images/deploying-MBAM-11.png deleted file mode 100644 index 6a33a96097..0000000000 Binary files a/mdop/mbam-v25/images/deploying-MBAM-11.png and /dev/null differ diff --git a/mdop/mbam-v25/images/deploying-MBAM-12.png b/mdop/mbam-v25/images/deploying-MBAM-12.png deleted file mode 100644 index c21dda4c80..0000000000 Binary files a/mdop/mbam-v25/images/deploying-MBAM-12.png and /dev/null differ diff --git a/mdop/mbam-v25/images/deploying-MBAM-13.png b/mdop/mbam-v25/images/deploying-MBAM-13.png deleted file mode 100644 index 3fec7c2d3a..0000000000 Binary files a/mdop/mbam-v25/images/deploying-MBAM-13.png and /dev/null differ diff --git a/mdop/mbam-v25/images/deploying-MBAM-14.png b/mdop/mbam-v25/images/deploying-MBAM-14.png deleted file mode 100644 index 514a80cce5..0000000000 Binary files a/mdop/mbam-v25/images/deploying-MBAM-14.png and /dev/null differ diff --git a/mdop/mbam-v25/images/deploying-MBAM-2.png b/mdop/mbam-v25/images/deploying-MBAM-2.png deleted file mode 100644 index c7f7bc2b42..0000000000 Binary files a/mdop/mbam-v25/images/deploying-MBAM-2.png and /dev/null differ diff --git a/mdop/mbam-v25/images/deploying-MBAM-3.png b/mdop/mbam-v25/images/deploying-MBAM-3.png deleted file mode 100644 index a4c20e2096..0000000000 Binary files a/mdop/mbam-v25/images/deploying-MBAM-3.png and /dev/null differ diff --git a/mdop/mbam-v25/images/deploying-MBAM-4.png b/mdop/mbam-v25/images/deploying-MBAM-4.png deleted file mode 100644 index e1f8c45c3f..0000000000 Binary files a/mdop/mbam-v25/images/deploying-MBAM-4.png and /dev/null differ diff --git a/mdop/mbam-v25/images/deploying-MBAM-5.png b/mdop/mbam-v25/images/deploying-MBAM-5.png deleted file mode 100644 index 93886bc19e..0000000000 Binary files a/mdop/mbam-v25/images/deploying-MBAM-5.png and /dev/null differ diff --git a/mdop/mbam-v25/images/deploying-MBAM-6.png b/mdop/mbam-v25/images/deploying-MBAM-6.png deleted file mode 100644 index 4822eaf50b..0000000000 Binary files a/mdop/mbam-v25/images/deploying-MBAM-6.png and /dev/null differ diff --git a/mdop/mbam-v25/images/deploying-MBAM-7.png b/mdop/mbam-v25/images/deploying-MBAM-7.png deleted file mode 100644 index 11232fc2ed..0000000000 Binary files a/mdop/mbam-v25/images/deploying-MBAM-7.png and /dev/null differ diff --git a/mdop/mbam-v25/images/deploying-MBAM-8.png b/mdop/mbam-v25/images/deploying-MBAM-8.png deleted file mode 100644 index 707cf78794..0000000000 Binary files a/mdop/mbam-v25/images/deploying-MBAM-8.png and /dev/null differ diff --git a/mdop/mbam-v25/images/deploying-MBAM-9.png b/mdop/mbam-v25/images/deploying-MBAM-9.png deleted file mode 100644 index cdd490f4d5..0000000000 Binary files a/mdop/mbam-v25/images/deploying-MBAM-9.png and /dev/null differ diff --git a/mdop/mbam-v25/images/mbam2-5-2servers.png b/mdop/mbam-v25/images/mbam2-5-2servers.png deleted file mode 100644 index 2db19008d6..0000000000 Binary files a/mdop/mbam-v25/images/mbam2-5-2servers.png and /dev/null differ diff --git a/mdop/mbam-v25/images/mbam2-5-cmcomponents.png b/mdop/mbam-v25/images/mbam2-5-cmcomponents.png deleted file mode 100644 index 8b5f59f115..0000000000 Binary files a/mdop/mbam-v25/images/mbam2-5-cmcomponents.png and /dev/null differ diff --git a/mdop/mbam-v25/images/mbam2-5-cmserver.png b/mdop/mbam-v25/images/mbam2-5-cmserver.png deleted file mode 100644 index 2fb56b9435..0000000000 Binary files a/mdop/mbam-v25/images/mbam2-5-cmserver.png and /dev/null differ diff --git a/mdop/mbam-v25/images/mbam2-5-standalonecomponents.png b/mdop/mbam-v25/images/mbam2-5-standalonecomponents.png deleted file mode 100644 index 8a96c611d0..0000000000 Binary files a/mdop/mbam-v25/images/mbam2-5-standalonecomponents.png and /dev/null differ diff --git a/mdop/mbam-v25/images/troubleshooting-MBAM-installation-1.png b/mdop/mbam-v25/images/troubleshooting-MBAM-installation-1.png deleted file mode 100644 index 3ae07ddf32..0000000000 Binary files a/mdop/mbam-v25/images/troubleshooting-MBAM-installation-1.png and /dev/null differ diff --git a/mdop/mbam-v25/images/troubleshooting-MBAM-installation-10.png b/mdop/mbam-v25/images/troubleshooting-MBAM-installation-10.png deleted file mode 100644 index d4f0ccd596..0000000000 Binary files a/mdop/mbam-v25/images/troubleshooting-MBAM-installation-10.png and /dev/null differ diff --git a/mdop/mbam-v25/images/troubleshooting-MBAM-installation-11.png b/mdop/mbam-v25/images/troubleshooting-MBAM-installation-11.png deleted file mode 100644 index c6835166f1..0000000000 Binary files a/mdop/mbam-v25/images/troubleshooting-MBAM-installation-11.png and /dev/null differ diff --git a/mdop/mbam-v25/images/troubleshooting-MBAM-installation-2.png b/mdop/mbam-v25/images/troubleshooting-MBAM-installation-2.png deleted file mode 100644 index 488b60ea4c..0000000000 Binary files a/mdop/mbam-v25/images/troubleshooting-MBAM-installation-2.png and /dev/null differ diff --git a/mdop/mbam-v25/images/troubleshooting-MBAM-installation-3.png b/mdop/mbam-v25/images/troubleshooting-MBAM-installation-3.png deleted file mode 100644 index 3ad922e3a5..0000000000 Binary files a/mdop/mbam-v25/images/troubleshooting-MBAM-installation-3.png and /dev/null differ diff --git a/mdop/mbam-v25/images/troubleshooting-MBAM-installation-4.png b/mdop/mbam-v25/images/troubleshooting-MBAM-installation-4.png deleted file mode 100644 index 3bfaf4918a..0000000000 Binary files a/mdop/mbam-v25/images/troubleshooting-MBAM-installation-4.png and /dev/null differ diff --git a/mdop/mbam-v25/images/troubleshooting-MBAM-installation-5.png b/mdop/mbam-v25/images/troubleshooting-MBAM-installation-5.png deleted file mode 100644 index 1cf43b2ba3..0000000000 Binary files a/mdop/mbam-v25/images/troubleshooting-MBAM-installation-5.png and /dev/null differ diff --git a/mdop/mbam-v25/images/troubleshooting-MBAM-installation-6.png b/mdop/mbam-v25/images/troubleshooting-MBAM-installation-6.png deleted file mode 100644 index 8aab8a27a5..0000000000 Binary files a/mdop/mbam-v25/images/troubleshooting-MBAM-installation-6.png and /dev/null differ diff --git a/mdop/mbam-v25/images/troubleshooting-MBAM-installation-7.png b/mdop/mbam-v25/images/troubleshooting-MBAM-installation-7.png deleted file mode 100644 index 35d487937f..0000000000 Binary files a/mdop/mbam-v25/images/troubleshooting-MBAM-installation-7.png and /dev/null differ diff --git a/mdop/mbam-v25/images/troubleshooting-MBAM-installation-8.png b/mdop/mbam-v25/images/troubleshooting-MBAM-installation-8.png deleted file mode 100644 index 11a30cde0f..0000000000 Binary files a/mdop/mbam-v25/images/troubleshooting-MBAM-installation-8.png and /dev/null differ diff --git a/mdop/mbam-v25/images/troubleshooting-MBAM-installation-9.png b/mdop/mbam-v25/images/troubleshooting-MBAM-installation-9.png deleted file mode 100644 index 0c7ab8f429..0000000000 Binary files a/mdop/mbam-v25/images/troubleshooting-MBAM-installation-9.png and /dev/null differ diff --git a/mdop/mbam-v25/index.md b/mdop/mbam-v25/index.md deleted file mode 100644 index 3f71f9edd8..0000000000 --- a/mdop/mbam-v25/index.md +++ /dev/null @@ -1,70 +0,0 @@ ---- -title: Microsoft BitLocker Administration and Monitoring 2.5 -description: Microsoft BitLocker Administration and Monitoring 2.5 -author: dansimp -ms.assetid: fd81d7de-b166-47e8-b6c7-d984830762b6 -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 04/19/2017 ---- - -# Microsoft BitLocker Administration and Monitoring 2.5 - -Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 provides a simplified administrative interface that you can use to manage BitLocker Drive Encryption. You configure MBAM Group Policy Templates that enable you to set BitLocker Drive Encryption policy options that are appropriate for your enterprise, and then use them to monitor client compliance with those policies. You can also report on the encryption status of an individual computer and on the enterprise as a whole. In addition, you can access recovery key information when users forget their PIN or password or when their BIOS or boot record changes. For a more detailed description of MBAM, see [About MBAM 2.5](about-mbam-25.md). - -To obtain MBAM, see [How Do I Get MDOP](https://docs.microsoft.com/microsoft-desktop-optimization-pack/index#how-to-get-mdop). - -## Outline - -- [Getting Started with MBAM 2.5](getting-started-with-mbam-25.md) - - [About MBAM 2.5](about-mbam-25.md) - - [Release Notes for MBAM 2.5](release-notes-for-mbam-25.md) - - [About MBAM 2.5 SP1](about-mbam-25-sp1.md) - - [Release Notes for MBAM 2.5 SP1](release-notes-for-mbam-25-sp1.md) - - [Evaluating MBAM 2.5 in a Test Environment](evaluating-mbam-25-in-a-test-environment.md) - - [High-Level Architecture for MBAM 2.5](high-level-architecture-for-mbam-25.md) - - [Accessibility for MBAM 2.5](accessibility-for-mbam-25.md) -- [Planning for MBAM 2.5](planning-for-mbam-25.md) - - [Preparing your Environment for MBAM 2.5](preparing-your-environment-for-mbam-25.md) - - [MBAM 2.5 Deployment Prerequisites](mbam-25-deployment-prerequisites.md) - - [Planning for MBAM 2.5 Group Policy Requirements](planning-for-mbam-25-group-policy-requirements.md) - - [Planning for MBAM 2.5 Groups and Accounts](planning-for-mbam-25-groups-and-accounts.md) - - [Planning How to Secure the MBAM Websites](planning-how-to-secure-the-mbam-websites.md) - - [Planning to Deploy MBAM 2.5](planning-to-deploy-mbam-25.md) - - [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md) - - [Planning for MBAM 2.5 High Availability](planning-for-mbam-25-high-availability.md) - - [MBAM 2.5 Security Considerations](mbam-25-security-considerations.md) - - [MBAM 2.5 Planning Checklist](mbam-25-planning-checklist.md) -- [Deploying MBAM 2.5](deploying-mbam-25.md) - - [Deploying the MBAM 2.5 Server Infrastructure](deploying-the-mbam-25-server-infrastructure.md) - - [Deploying MBAM 2.5 Group Policy Objects](deploying-mbam-25-group-policy-objects.md) - - [Deploying the MBAM 2.5 Client](deploying-the-mbam-25-client.md) - - [MBAM 2.5 Deployment Checklist](mbam-25-deployment-checklist.md) - - [Upgrading to MBAM 2.5 or MBAM 2.5 SP1 from Previous Versions](upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md) - - [Removing MBAM Server Features or Software](removing-mbam-server-features-or-software.md) -- [Operations for MBAM 2.5](operations-for-mbam-25.md) - - [Administering MBAM 2.5 Features](administering-mbam-25-features.md) - - [Monitoring and Reporting BitLocker Compliance with MBAM 2.5](monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md) - - [Performing BitLocker Management with MBAM 2.5](performing-bitlocker-management-with-mbam-25.md) - - [Maintaining MBAM 2.5](maintaining-mbam-25.md) - - [Using Windows PowerShell to Administer MBAM 2.5](using-windows-powershell-to-administer-mbam-25.md) -- [Troubleshooting MBAM 2.5](troubleshooting-mbam-25.md) -- [Technical Reference for MBAM 2.5](technical-reference-for-mbam-25.md) - - [Client Event Logs](client-event-logs.md) - - [Server Event Logs](server-event-logs.md) - -## More Information - -- [MDOP Information Experience](index.md) - - Find documentation, videos, and other resources for MDOP technologies. - -- [MBAM Deployment Guide](https://www.microsoft.com/download/details.aspx?id=38398) - - Get help in choosing a deployment method for MBAM, including step-by-step instructions for each method. - -- [Apply Hotfixes on MBAM 2.5 SP1 Server](apply-hotfix-for-mbam-25-sp1.md) - - Guide of how to apply MBAM 2.5 SP1 Server hotfixes diff --git a/mdop/mbam-v25/installing-the-mbam-25-server-software.md b/mdop/mbam-v25/installing-the-mbam-25-server-software.md deleted file mode 100644 index d238b982fe..0000000000 --- a/mdop/mbam-v25/installing-the-mbam-25-server-software.md +++ /dev/null @@ -1,150 +0,0 @@ ---- -title: Installing the MBAM 2.5 Server Software -description: Installing the MBAM 2.5 Server Software -author: dansimp -ms.assetid: b9dbe697-5400-4bac-acfb-ee6dc6586c30 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Installing the MBAM 2.5 Server Software - - -This topic describes how to install the Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 Server software by using the Microsoft BitLocker Administration and Monitoring Setup wizard or by using command-line parameters. Repeat the server installation process for each server on which you are configuring MBAM 2.5 Server features. After you finish the installation, see [Configuring the MBAM 2.5 Server Features](configuring-the-mbam-25-server-features.md) for steps about configuring the Server features. - - ---- - - - - - - - - - - - - - - - - -
Before you startDescription

Review the MBAM 2.5 planning information

Read how to get log files

By default, log files are created in the local computer’s %temp% folder. To write the log files to a specific location rather than to the %temp% folder, use the /log <location> argument.

-

Additional events might be logged in Event Viewer in the MBAM-Setup or MBAM-Web nodes under Applications and Services Logs > Microsoft > Windows. For example, if you uninstall MBAM, the uninstaller will also uninstall the MBAM-Setup and MBAM-Web logs in EventViewer.

- - - -## Installing the MBAM 2.5 Server software by using the Microsoft BitLocker Administration and Monitoring Setup wizard - - -Use these steps to install the MBAM Server software by using the Microsoft BitLocker Administration and Monitoring Setup wizard. - -**To install the MBAM 2.5 Server software by using the wizard** - -1. On the server where you want to install MBAM, run **MBAMserversetup.exe** to start the Microsoft BitLocker Administration and Monitoring Setup wizard. - -2. On the **Welcome** page, click **Next**. - -3. Read and accept the Microsoft Software License Agreement, and then click **Next** to continue the installation. - -4. Choose whether to use Microsoft Update when you check for updates, and then click **Next**. - -5. Choose whether to participate in the Customer Experience Improvement Program, and then click **Next**. - -6. To start the installation, click **Install**. - -7. To configure the server features after the MBAM Server software finishes installing, select the **Run MBAM Server Configuration after the wizard closes** check box. Alternatively, you can configure MBAM later by using the **MBAM Server Configuration** shortcut that the server installation creates on your **Start** menu. - -8. Click **Finish**. - -## Installing the MBAM 2.5 Server software by using a Command Prompt window - - -At a command prompt, type a command similar to the following command to install the MBAM Server software. - -``` syntax -MbamServerSetup.exe MBAMServerInstall.log -CEIPENABLED=True OPTIN_FOR_MICROFOST_UPDATES=True INSTALLDIR=c:\mbaminstall -``` - -The following table describes the command-line parameters for installing the MBAM 2.5 Server software. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterParameter valueDescription

CEIPENABLED

True False

True - participate in the Customer Improvement Experience Program, which helps Microsoft identify which MBAM features to improve.

-

False – do not participate in the Customer Improvement Experience Program.

OPTIN_FOR_MICROSOFT_UPDATES

True False

True - use Microsoft Update to keep your computer secure and up-to-date for Windows and other Microsoft products, including MBAM.

-

False – do not use Microsoft Update

INSTALLDIR

<Path>

Location where you want to install MBAM.

-

Example:

-

INSTALLDIR=c:\mbaminstall

FORCE_UNINSTALL

True False

True - continue the process of uninstalling MBAM, even if any features fail to be removed.

-

False (default) if the uninstallation custom action fails to remove an added MBAM Server feature, the uninstallation fails, and MBAM remains installed.

-

In both instances, any features that were successfully removed during the attempt to uninstall MBAM stay removed.

- - - - - -## Related topics - - -[Deploying MBAM 2.5](deploying-mbam-25.md) - -[Configuring the MBAM 2.5 Server Features](configuring-the-mbam-25-server-features.md) - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).  - - - - - diff --git a/mdop/mbam-v25/maintaining-mbam-25.md b/mdop/mbam-v25/maintaining-mbam-25.md deleted file mode 100644 index 56128367b9..0000000000 --- a/mdop/mbam-v25/maintaining-mbam-25.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: Maintaining MBAM 2.5 -description: Maintaining MBAM 2.5 -author: dansimp -ms.assetid: 44d398a0-2ca0-4d47-943c-322345409b59 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Maintaining MBAM 2.5 - - -The topics in this section describe maintenance tasks that you can perform with Microsoft BitLocker Administration and Monitoring (MBAM) 2.5. - -## Moving MBAM 2.5 features to another server - - -Use the steps in this topic to move an MBAM Server feature from one server computer to another. - -[Moving MBAM 2.5 Features to Another Server](moving-mbam-25-features-to-another-server.md) - -## Monitoring web service request performance counters - - -Use the steps in this topic to monitor the performance counters that record the performance of requests that are sent to the web services for the Administration and Monitoring Website and the Self-Service Portal. - -[Monitoring Web Service Request Performance Counters](monitoring-web-service-request-performance-counters.md) - -## Other resources for maintaining MBAM - - -[Operations for MBAM 2.5](operations-for-mbam-25.md) - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - -  - -  - - - - - diff --git a/mdop/mbam-v25/mbam-25-deployment-checklist.md b/mdop/mbam-v25/mbam-25-deployment-checklist.md deleted file mode 100644 index 660b1ebf79..0000000000 --- a/mdop/mbam-v25/mbam-25-deployment-checklist.md +++ /dev/null @@ -1,117 +0,0 @@ ---- -title: MBAM 2.5 Deployment Checklist -description: MBAM 2.5 Deployment Checklist -author: dansimp -ms.assetid: 2ba7de17-e3a4-4798-99e0-cd1dc28c5b76 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# MBAM 2.5 Deployment Checklist - - -You can use this checklist to help you during Microsoft BitLocker Administration and Monitoring (MBAM) deployment with a Stand-alone topology. - -**Note** -This checklist outlines the recommended steps and a high-level list of items to consider when you deploy Microsoft BitLocker Administration and Monitoring features. We recommend that you copy this checklist into a spreadsheet program and customize it for your use. - - - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TaskReferencesNotes
Checklist box

Review and complete all planning steps to prepare your environment for MBAM deployment.

MBAM 2.5 Planning Checklist

Checklist box

Review the supported configurations information to ensure that MBAM supports the selected client and server computers.

MBAM 2.5 Supported Configurations

Checklist box

Install the MBAM Server software.

Installing the MBAM 2.5 Server Software

Checklist box

Configure the MBAM Server features:

-
    -

  • Compliance and Audit Database and Recovery Database

    • -

  • Reports

    • -

  • Web applications

    • -

  • Configuration Manager Integration topology (needed only if you are running MBAM with this topology)

    • -
-
-Note

Note the names of the servers on which you configure each feature. You will use this information throughout the configuration process.

-
-
- -

Configuring the MBAM 2.5 Server Features

Checklist box

Validate the MBAM configuration.

Validating the MBAM 2.5 Server Feature Configuration

Checklist box

Copy the MBAM Group Policy Template and edit the Group Policy settings.

Copying the MBAM 2.5 Group Policy Templates and Editing the MBAM 2.5 Group Policy Settings

Checklist box

Deploy the MBAM Client software.

Deploying the MBAM 2.5 Client

- - - - -## Related topics - - -[Deploying MBAM 2.5](deploying-mbam-25.md) - - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - diff --git a/mdop/mbam-v25/mbam-25-deployment-prerequisites.md b/mdop/mbam-v25/mbam-25-deployment-prerequisites.md deleted file mode 100644 index aecfb3c56b..0000000000 --- a/mdop/mbam-v25/mbam-25-deployment-prerequisites.md +++ /dev/null @@ -1,69 +0,0 @@ ---- -title: MBAM 2.5 Deployment Prerequisites -description: MBAM 2.5 Deployment Prerequisites -author: dansimp -ms.assetid: a7b02d01-d182-4031-b373-0271177af14e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# MBAM 2.5 Deployment Prerequisites - - -This section contains the software that you must install before starting the Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 installation. - -## MBAM 2.5 prerequisites topics - - -- [MBAM 2.5 Server Prerequisites for Stand-alone and Configuration Manager Integration Topologies](mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md) - - This topic lists the prerequisites that apply to the Stand-alone topology and System Center Configuration Manager Integration topology. - -- [MBAM 2.5 Server Prerequisites that Apply Only to the Configuration Manager Integration Topology](mbam-25-server-prerequisites-that-apply-only-to-the-configuration-manager-integration-topology.md) - - This topic lists the prerequisites that apply only to the System Center Configuration Manager Integration topology. - - - [Prerequisites for the Configuration Manager Integration Feature](prerequisites-for-the-configuration-manager-integration-feature.md) - - This topic lists the software prerequisites for the System Center Configuration Manager Integration topology. - - - [Edit the Configuration.mof File](edit-the-configurationmof-file-mbam-25.md) - - Instructions for editing the **Configuration.mof** file are described. - - - [Create or Edit the Sms\_def.mof File](create-or-edit-the-sms-defmof-file-mbam-25.md) - - Instructions for editing or creating the **Sms\_def.mof** file are described. - -- [Prerequisites for MBAM 2.5 Clients](prerequisites-for-mbam-25-clients.md) - - This topic lists the MBAM 2.5 Client prerequisites. - -## Other resources for MBAM 2.5 prerequisites - - -- [Preparing your Environment for MBAM 2.5](preparing-your-environment-for-mbam-25.md) - -- [Planning to Deploy MBAM 2.5](planning-to-deploy-mbam-25.md) - -- [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md) - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - -  - -  - - - - - diff --git a/mdop/mbam-v25/mbam-25-planning-checklist.md b/mdop/mbam-v25/mbam-25-planning-checklist.md deleted file mode 100644 index 015403224b..0000000000 --- a/mdop/mbam-v25/mbam-25-planning-checklist.md +++ /dev/null @@ -1,145 +0,0 @@ ---- -title: MBAM 2.5 Planning Checklist -description: MBAM 2.5 Planning Checklist -author: dansimp -ms.assetid: ffe11eb8-44db-4886-8300-6dffec8bcfa4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# MBAM 2.5 Planning Checklist - - -You can use the following checklists to help you prepare your computing environment for the Microsoft BitLocker Administration and Monitoring (MBAM) deployment. The checklists provide a high-level list of items to consider when planning the deployment. There are separate checklists for the Stand-alone topology and the Configuration Manager Integration topology. You might want to copy the desired checklist into a spreadsheet and customize it for your use. - -**Planning checklist for an MBAM deployment** - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TaskReferencesNotes
Checklist box

Review the "Getting started" information to understand the product before you start deployment planning.

Getting Started with MBAM 2.5

Checklist box

Review the recommended high-level architecture for an MBAM deployment. You might also want to review an illustration and description of the individual parts (databases, websites, Reports) of an MBAM deployment.

High-Level Architecture for MBAM 2.5

-

Illustrated Features of an MBAM 2.5 Deployment

Checklist box

Review and complete the prerequisites for the MBAM Stand-alone and Configuration Manager Integration topologies.

MBAM 2.5 Server Prerequisites for Stand-alone and Configuration Manager Integration Topologies

Checklist box

If you plan to use the Configuration Manager Integration topology, complete the additional prerequisites that apply only to this topology.

MBAM 2.5 Server Prerequisites that Apply Only to the Configuration Manager Integration Topology

Checklist box

Review and meet the MBAM 2.5 prerequisites for the MBAM Client.

Prerequisites for MBAM 2.5 Clients

Checklist box

Plan for and configure MBAM Group Policy requirements.

Planning for MBAM 2.5 Group Policy Requirements

Checklist box

Plan for and create the necessary Active Directory Domain Services security groups.

Planning for MBAM 2.5 Groups and Accounts

Checklist box

Plan how you will secure the MBAM websites.

Planning How to Secure the MBAM Websites

Checklist box

Review the MBAM Supported Configurations to ensure that your hardware meets the installation system requirements.

MBAM 2.5 Supported Configurations

Checklist box

Review the considerations for deploying the MBAM Server features.

Planning for MBAM 2.5 Server Deployment

Checklist box

Review the considerations for deploying the MBAM Client.

Planning for MBAM 2.5 Client Deployment

Checklist box

Review the requirements and steps to deploy MBAM in a highly available configuration.

Planning for MBAM 2.5 High Availability

Checklist box

Review the MBAM security considerations that pertain to the Trusted Platform Module, log files, and transparent data encryption.

MBAM 2.5 Security Considerations

Checklist box

Optionally, review the steps to evaluate MBAM in a test environment.

Evaluating MBAM 2.5 in a Test Environment

- - - - -## Related topics - - -[Planning for MBAM 2.5](planning-for-mbam-25.md) - - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - diff --git a/mdop/mbam-v25/mbam-25-security-considerations.md b/mdop/mbam-v25/mbam-25-security-considerations.md deleted file mode 100644 index 05695a6beb..0000000000 --- a/mdop/mbam-v25/mbam-25-security-considerations.md +++ /dev/null @@ -1,317 +0,0 @@ ---- -title: MBAM 2.5 Security Considerations -description: MBAM 2.5 Security Considerations -author: dansimp -ms.assetid: f6613c63-b32b-45fb-a6e8-673d6dae7d16 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 04/23/2017 ---- - - -# MBAM 2.5 Security Considerations - - -This topic contains the following information about how to secure Microsoft BitLocker Administration and Monitoring (MBAM): - -- [Configure MBAM to escrow the TPM and store OwnerAuth passwords](#bkmk-tpm) - -- [Configure MBAM to automatically unlock the TPM after a lockout](#bkmk-autounlock) - -- [Secure connections to SQL Server](#bkmk-secure-databases) - -- [Create accounts and groups](#bkmk-accts-groups) - -- [Use MBAM log files](#bkmk-logfiles) - -- [Review MBAM database TDE considerations](#bkmk-tde) - -- [Understand general security considerations](#bkmk-general-security) - -## Configure MBAM to escrow the TPM and store OwnerAuth passwords - -**Note** For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addition, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](https://docs.microsoft.com/windows/security/information-protection/tpm/change-the-tpm-owner-password) for further details. - -Depending on its configuration, the Trusted Platform Module (TPM) will lock itself in certain situations ─ such as when too many incorrect passwords are entered ─ and can remain locked for a period of time. During TPM lockout, BitLocker cannot access the encryption keys to perform unlock or decryption operations, requiring the user to enter their BitLocker recovery key to access the operating system drive. To reset TPM lockout, you must provide the TPM OwnerAuth password. - -MBAM can store the TPM OwnerAuth password in the MBAM database if it owns the TPM or if it escrows the password. OwnerAuth passwords are then easily accessible on the Administration and Monitoring Website when you must recover from a TPM lockout, eliminating the need to wait for the lockout to resolve on its own. - -### Escrowing TPM OwnerAuth in Windows 8 and higher - -**Note** For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. See [TPM owner password](https://docs.microsoft.com/windows/security/information-protection/tpm/change-the-tpm-owner-password) for further details. - -In Windows 8 or higher, MBAM no longer must own the TPM to store the OwnerAuth password, as long as the OwnerAuth is available on the local machine. - -To enable MBAM to escrow and then store TPM OwnerAuth passwords, you must configure these Group Policy settings. - - ---- - - - - - - - - - - - - - - - - -
Group Policy SettingConfiguration

Turn on TPM backup to Active Directory Domain Services

Disabled or Not Configured

Configure the level of TPM owner authorization information available to the operating system

Delegated/None or Not Configured

- - - -The location of these Group Policy settings is **Computer Configuration** > **Administrative Templates** > **System** > **Trusted Platform Module Services**. - -**Note**   -Windows removes the OwnerAuth locally after MBAM successfully escrows it with these settings. - - - -### Escrowing TPM OwnerAuth in Windows 7 - -In Windows 7, MBAM must own the TPM to automatically escrow TPM OwnerAuth information in the MBAM database. If MBAM does not own the TPM, you must use the MBAM Active Directory (AD) Data Import cmdlets to copy TPM OwnerAuth from Active Directory into the MBAM database. - -### MBAM Active Directory Data Import cmdlets - -The MBAM Active Directory Data Import cmdlets let you retrieve recovery key packages and OwnerAuth passwords that are stored in Active Directory. - -The MBAM 2.5 SP1 server ships with four PowerShell cmdlets that pre-populate MBAM databases with the Volume recovery and TPM owner information stored in Active Directory. - -For Volume Recovery keys and packages: - -- Read-ADRecoveryInformation - -- Write-MbamRecoveryInformation - -For TPM Owner Information: - -- Read-ADTpmInformation - -- Write-MbamTpmInformation - -For Associating Users to Computers: - -- Write-MbamComputerUser - -The Read-AD\* cmdlets read information from Active Directory. The Write-Mbam\* cmdlets push the data into the MBAM databases. See [Cmdlet Reference for Microsoft Bitlocker Administration and Monitoring 2.5](https://technet.microsoft.com/library/dn459018.aspx) for detailed information about these cmdlets, including syntax, parameters, and examples. - -**Create user-to-computer associations:** The MBAM Active Directory Data Import cmdlets gather information from Active Directory and insert the data into MBAM database. However, they do not associate users to volumes. You can download the Add-ComputerUser.ps1 PowerShell script to create user-to-machine associations, which let users regain access to a computer through the Administration and Monitoring Website or by using the Self-Service Portal for recovery. The Add-ComputerUser.ps1 script gathers data from the **Managed By** attribute in Active Directory (AD), the object owner in AD, or from a custom CSV file. The script then adds the discovered users to the recovery information pipeline object, which must be passed to Write-MbamRecoveryInformation to insert the data into the recovery database. - -Download the Add-ComputerUser.ps1 PowerShell script from the [Microsoft Download Center](https://go.microsoft.com/fwlink/?LinkId=613122). - -You can specify **help Add-ComputerUser.ps1** to get help for the script, including examples of how to use the cmdlets and the script. - -To create user-to-computer associations after you have installed the MBAM server, use the Write-MbamComputerUser PowerShell cmdlet. Similar to the Add-ComputerUser.ps1 PowerShell script, this cmdlet lets you specify users that can use the Self-Service Portal to get TPM OwnerAuth information or volume recovery passwords for the specified computer. - -**Note**   -The MBAM agent will override user-to-computer associations when that computer begins reporting up to the server. - - - -**Prerequisites:** The Read-AD\* cmdlets can retrieve information from AD only if they are either run as a highly privileged user account, such as a Domain Administrator, or run as an account in a custom security group granted read access to the information (recommended). - -[BitLocker Drive Encryption Operations Guide: Recovering Encrypted Volumes with AD DS](https://technet.microsoft.com/library/cc771778(WS.10).aspx) provides details about creating a custom security group (or multiple groups) with read access to the AD information. - -**MBAM Recovery and Hardware Web Service Write Permissions:** The Write-Mbam\* cmdlets accept the URL of the MBAM Recovery and Hardware Service, used to publish the recovery or TPM information. Typically, only a domain computer service account can communicate with the MBAM Recovery and Hardware Service. In MBAM 2.5 SP1, you can configure the MBAM Recovery and Hardware Service with a security group called DataMigrationAccessGroup whose members are allowed to bypass the domain computer service account check. The Write-Mbam\* cmdlets must be run as a user belonging to this configured group. (Alternatively, the credentials of an individual user in the configured group can be specified by using the –Credential parameter in the Write-Mbam\* cmdlets.) - -You can configure the MBAM Recovery and Hardware Service with the name of this security group in one of these ways: - -- Provide the name of the security group (or individual) in the -DataMigrationAccessGroup parameter of the Enable-MbamWebApplication –AgentService Powershell cmdlet. - -- Configure the group after the MBAM Recovery and Hardware Service has been installed by editing the web.config file in the <inetpub>\\Microsoft Bitlocker Management Solution\\Recovery and Hardware Service\\ folder. - - ```xml - - ``` - - where <groupName> is replaced with the domain and the group name (or the individual user) that will be used to allow data migration from Active Directory. - -- Use the Configuration Editor in IIS Manager to edit this appSetting. - -In the following example, the command, when run as a member of both the ADRecoveryInformation group and the Data Migration Users group, will pull the volume recovery information from computers in the WORKSTATIONS organizational unit (OU) in the contoso.com domain and write them to MBAM by using the MBAM Recovery and Hardware Service running on the mbam.contoso.com server. - -``` syntax -PS C:\> Read-ADRecoveryInformation -Server contoso.com -SearchBase "OU=WORKSTATIONS,DC=CONTOSO,DC=COM" | Write-MbamRecoveryInformation -RecoveryServiceEndPoint "https://mbam.contoso.com/MBAMRecoveryAndHardwareService/CoreService.svc" -``` - -**Read-AD\* cmdlets** accept the name or IP address of an Active Directory hosting server machine to query for recovery or TPM information. We recommend providing the distinguished names of the AD containers in which the computer object resides as the value of the SearchBase parameter. If computers are stored across several OUs, the cmdlets can accept pipeline input to run once for each container. The distinguished name of an AD container will look similar to OU=Machines,DC=contoso,DC=com. Performing a search targeted to specific containers provides the following benefits: - -- Reduces the risk of timeout while querying a large AD dataset for computer objects. - -- Can omit OUs containing datacenter servers or other classes of computers for which the backup might not be desired or necessary. - -Another option is to provide the –Recurse flag with or without the optional SearchBase to search for computer objects across all containers under the specified SearchBase or the entire domain respectively. When you use the -Recurse flag, you can also use the -MaxPageSize parameter to control the amount of local and remote memory required to service the query. - -These cmdlets write to the pipeline objects of type PsObject. Each PsObject instance contains a single volume recovery key or TPM owner string with its associated computer name, timestamp, and other information required to publish it to the MBAM data store. - -**Write-Mbam\* cmdlets** accept recovery information parameter values from the pipeline by property name. This allows the Write-Mbam\* cmdlets to accept the pipeline output of the Read-AD\* cmdlets (for example, Read-ADRecoveryInformation –Server contoso.com –Recurse | Write-MbamRecoveryInformation –RecoveryServiceEndpoint mbam.contoso.com). - -The **Write-Mbam\* cmdlets** include optional parameters that provide options for fault tolerance, verbose logging, and preferences for WhatIf and Confirm. - -The **Write-Mbam\* cmdlets** also include an optional *Time* parameter whose value is a **DateTime** object. This object includes a *Kind* attribute that can be set to `Local`, `UTC`, or `Unspecified`. When the *Time* parameter is populated from data taken from the Active Directory, the time is converted to UTC and this *Kind* attribute is set automatically to `UTC`. However, when populating the *Time* parameter using another source, such as a text file, you must explicitly set the *Kind* attribute to its appropriate value. - -**Note**   -The Read-AD\* cmdlets do not have the ability to discover the user accounts that represent the computer users. User account associations are needed for the following: - -- Users to recover volume passwords/packages by using the Self-Service portal - -- Users who are not in the MBAM Advanced Helpdesk Users security group as defined during installation, recovering on behalf of other users - - - -## Configure MBAM to automatically unlock the TPM after a lockout - - -You can configure MBAM 2.5 SP1 to automatically unlock the TPM in case of a lockout. If TPM lockout auto reset is enabled, MBAM can detect that a user is locked out and then get the OwnerAuth password from the MBAM database to automatically unlock the TPM for the user. TPM lockout auto reset is only available if the OS recovery key for that computer was retrieved by using the Self Service Portal or the Administration and Monitoring Website. - -**Important**   -To enable TPM lockout auto reset, you must configure this feature on both the server side and in Group Policy on the client side. - - - -- To enable TPM lockout auto reset on the client side, configure the Group Policy setting "Configure TPM lockout auto reset" located at **Computer Configuration** > **Administrative Templates** > **Windows Components** > **MDOP MBAM** > **Client Management**. - -- To enable TPM lockout auto reset on the server side, you can check "Enable TPM lockout auto reset" in the MBAM Server Configuration wizard during setup. - - You can also enable TPM lockout auto reset in PowerShell by specifying the "-TPM lockout auto reset" switch while enabling the agent service web component. - -After a user enters the BitLocker recovery key they obtained from the Self Service Portal or the Administration and Monitoring Website, the MBAM agent will determine if the TPM is locked out. If it is locked out, it will attempt to retrieve the TPM OwnerAuth for the computer from the MBAM database. If the TPM OwnerAuth is successfully retrieved, it will be used to unlock the TPM. Unlocking the TPM makes the TPM fully functional and the user will not be forced to enter the recovery password during subsequent reboots from a TPM lockout. - -TPM lockout auto reset is disabled by default. - -**Note**   -TPM lockout auto reset is only supported on computers running TPM version 1.2. TPM 2.0 provides built-in lockout auto reset functionality. - - - -**The Recovery Audit Report** includes events related to TPM lockout auto reset. If a request is made from the MBAM client to retrieve a TPM OwnerAuth password, an event is logged to indicate recovery. Audit entries will include the following events: - - ---- - - - - - - - - - - - - - - - - - - - - -
EntryValue

Audit Request Source

Agent TPM unlock

Key Type

TPM Password Hash

Reason Description

TPM Reset

- - - -## Secure connections to SQL Server - - -In MBAM, SQL Server communicates with SQL Server Reporting Services and with the web services for the Administration and Monitoring Website and Self-Service Portal. We recommend that you secure the communication with SQL Server. For more information, see [Encrypting Connections to SQL Server](https://technet.microsoft.com/library/ms189067.aspx). - -For more information about securing the MBAM websites, see [Planning How to Secure the MBAM Websites](planning-how-to-secure-the-mbam-websites.md). - -## Create accounts and groups - - -The best practice for managing user accounts is to create domain global groups and add user accounts to them. For a description of the recommended accounts and groups, see [Planning for MBAM 2.5 Groups and Accounts](planning-for-mbam-25-groups-and-accounts.md). - -## Use MBAM log files - - -This section describes the MBAM Server and MBAM Client log files. - -**MBAM Server Setup log files** - -The **MBAMServerSetup.exe** file generates the following log files in the user’s **%temp%** folder during the MBAM installation: - -- **Microsoft\_BitLocker\_Administration\_and\_Monitoring\_<14 numbers>.log** - - Logs the actions taken during the MBAM setup and the MBAM Server feature configuration. - -- **Microsoft\_BitLocker\_Administration\_and\_Monitoring\_<14\_numbers>\_0\_MBAMServer.msi.log** - - Logs additional action taken during installation. - -**MBAM Server Configuration log files** - -- **Applications and Services Logs/Microsoft Windows/MBAM-Setup** - - Logs the errors that occur when you are using Windows Powershell cmdlets or the MBAM Server Configuration wizard to configure the MBAM Server features. - -**MBAM Client setup log files** - -- **MSI<five random characters>.log** - - Logs the actions taken during the MBAM Client installation. - -**MBAM-Web log files** - -- Shows activity from the web portals and services. - -## Review MBAM database TDE considerations - - -The transparent data encryption (TDE) feature that is available in SQL Server is an optional installation for the database instances that will host the MBAM database features. - -With TDE, you can perform real-time, full database-level encryption. TDE is the optimal choice for bulk encryption to meet regulatory compliance or corporate data security standards. TDE works at the file level, which is similar to two Windows features: the Encrypting File System (EFS) and BitLocker Drive Encryption. Both features also encrypt data on the hard drive. TDE does not replace cell-level encryption, EFS, or BitLocker. - -When TDE is enabled on a database, all backups are encrypted. Thus, special care must be taken to ensure that the certificate that was used to protect the database encryption key is backed up and maintained with the database backup. If this certificate (or certificates) is lost, the data will be unreadable. - -Back up the certificate with the database. Each certificate backup should have two files. Both of these files should be archived. Ideally for security, they should be backed up separately from the database backup file. You can alternatively consider using the extensible key management (EKM) feature (see Extensible Key Management) for storage and maintenance of keys that are used for TDE. - -For an example of how to enable TDE for MBAM database instances, see [Understanding Transparent Data Encryption (TDE)](https://technet.microsoft.com/library/bb934049.aspx). - -## Understand general security considerations - - -**Understand the security risks.** The most serious risk when you use Microsoft BitLocker Administration and Monitoring is that its functionality could be compromised by an unauthorized user who could then reconfigure BitLocker Drive Encryption and gain BitLocker encryption key data on MBAM Clients. However, the loss of MBAM functionality for a short period of time, due to a denial-of-service attack, does not generally have a catastrophic impact, unlike, for example, losing e-mail or network communications, or power. - -**Physically secure your computers**. There is no security without physical security. An attacker who gets physical access to an MBAM Server could potentially use it to attack the entire client base. All potential physical attacks must be considered high risk and mitigated appropriately. MBAM Servers should be stored in a secure server room with controlled access. Secure these computers when administrators are not physically present by having the operating system lock the computer, or by using a secured screen saver. - -**Apply the most recent security updates to all computers**. Stay informed about new updates for Windows operating systems, SQL Server, and MBAM by subscribing to the Security Notification service at the [Security TechCenter](https://go.microsoft.com/fwlink/?LinkId=28819). - -**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all MBAM administrator accounts. Never use blank passwords. For more information about password concepts, see [Password Policy](https://technet.microsoft.com/library/hh994572.aspx). - - - -## Related topics - - -[Planning to Deploy MBAM 2.5](planning-to-deploy-mbam-25.md) - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - - diff --git a/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md b/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md deleted file mode 100644 index b95c5a854c..0000000000 --- a/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md +++ /dev/null @@ -1,430 +0,0 @@ ---- -title: MBAM 2.5 Server Prerequisites for Stand-alone and Configuration Manager Integration Topologies -description: MBAM 2.5 Server Prerequisites for Stand-alone and Configuration Manager Integration Topologies -author: dansimp -ms.assetid: 76a6047a-5c6e-42ff-af09-a6f382a69537 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# MBAM 2.5 Server Prerequisites for Stand-alone and Configuration Manager Integration Topologies - - -Before starting the Microsoft BitLocker Administration and Monitoring (MBAM) installation, you must complete the prerequisites listed in this topic. These prerequisites apply to the MBAM Stand-alone topology and System Center Configuration Manager Integration topology. - -If you are deploying MBAM with System Center Configuration Manager, you must complete additional prerequisites, which are listed in [MBAM 2.5 Server Prerequisites that Apply Only to the Configuration Manager Integration Topology](mbam-25-server-prerequisites-that-apply-only-to-the-configuration-manager-integration-topology.md). - -For a list of the supported hardware and operating systems for MBAM, see [MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md). - -**Important** -If BitLocker was used without MBAM, you must decrypt the drive and then clear TPM using tpm.msc. MBAM cannot take ownership of TPM if the client PC is already encrypted and the TPM owner password created. - - - -## Required MBAM roles and accounts - - - ---- - - - - - - - - - - - - -
PrerequisiteDetails

Groups created in Active Directory Domain Services (AD DS)

See Planning for MBAM 2.5 Groups and Accounts for a description of these groups and accounts.

- - - -## Prerequisites for the Recovery Database - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PrerequisiteDetails

Supported version of SQL Server

Install Microsoft SQL Server with SQL_Latin1_General_CP1_CI_AS collation.

-

See MBAM 2.5 Supported Configurations for supported versions.

Required SQL Server permissions

Required permissions:

-
    -

  • SQL Server instance login server roles:

    -
      -

    • dbcreator

      • -

    • processadmin

      • -
    • -

  • SQL Server Reporting Services instance rights:

    -
      -

    • Create Folders

      • -

    • Publish Reports

      • -
    • -

Optional - Install the Transparent Data Encryption (TDE) feature available in SQL Server

The TDE SQL Server feature performs real-time I/O encryption and decryption of the data and log files, which can help you to comply with laws, regulations, and guidelines that apply to various industries.

-
-Note

TDE performs real-time decryption of database information. This means that, if you are viewing recovery key information in the SQL Server database and you are logged on under an account that has permissions to the database, the recovery key information is visible. To read more about TDE, see MBAM 2.5 Security Considerations.

-
-
- -

SQL Server Database Engine Services

SQL Server Database Engine Services must be installed and running during MBAM Server installation.

Windows PowerShell 3.0 or later

Windows PowerShell does not have to be installed on the Recovery Database server if you are using Windows PowerShell to configure the database from a remote computer.

- - - -## Prerequisites for the Compliance and Audit Database - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PrerequisiteDetails

Supported version of SQL Server

Install SQL Server with SQL_Latin1_General_CP1_CI_AS collation.

-

See MBAM 2.5 Supported Configurations for supported versions.

Required SQL Server permissions

Required permissions:

-
    -

  • SQL Server instance login server roles:

    -
      -

    • dbcreator

      • -

    • processadmin

      • -
    • -

  • SQL Server Reporting Services instance rights:

    -
      -

    • Create Folders

      • -

    • Publish Reports

      • -
    • -

Optional - Install the Transparent Data Encryption (TDE) feature in SQL Server

The TDE SQL Server feature performs real-time I/O encryption and decryption of the data and log files, which can help you to comply with laws, regulations, and guidelines that apply to various industries.

-

TDE performs real-time decryption of database information. This means that, if you are viewing recovery key information in the SQL Server database and you are logged on under an account that has permissions to the database, the recovery key information is visible. To read more about TDE, see MBAM 2.5 Security Considerations.

SQL Server Database Engine Services

SQL Server Database Engine Services must be installed and running during MBAM Server installation. However, SQL Server can be running remotely; it doesn’t have to be on the same server on which you are installing the MBAM Server software.

Windows PowerShell 3.0 or later

Windows PowerShell does not have to be installed on the Compliance and Audit Database server if you are using Windows PowerShell to configure the database from a remote computer.

- - - -## Prerequisites for the Reports - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
PrerequisiteDetails

Supported version of SQL Server

Install SQL Server with SQL_Latin1_General_CP1_CI_AS collation.

-

See MBAM 2.5 Supported Configurations for supported versions.

SQL Server Reporting Services (SSRS)

SSRS must be installed and running during the MBAM Server installation.

-

Configure SSRS in "native" mode and not in unconfigured or "SharePoint" mode.

SSRS instance rights – required for configuring Reports only if you are installing databases on a separate server from the server where Reports are configured.

Required instance rights:

-
    -

  • Create Folders

    • -

  • Publish Reports

    • -

Windows PowerShell 3.0 or later

Windows PowerShell does not have to be installed on this Database server if you are using Windows PowerShell to configure the database from a remote computer.

- - - -## Prerequisites for the Administration and Monitoring Server - - -The following table lists the installation prerequisites for the MBAM Administration and Monitoring Server. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PrerequisiteDetails

Windows Server Web Server Role

This role must be added to a server operating system that is supported for the Administration and Monitoring Server feature.

Web Server (IIS) Management Tools

Click IIS Management Scripts and Tools.

SSL Certificate

Optional. To secure communication between the client computers and the web services, you must obtain and install a certificate that a trusted security authority signed.

Web Server Role Services

Common HTTP Features:

-
    -

  • Static Content

    • -

  • Default Document

    • -
-

Application Development:

-
    -

  • ASP.NET

    • -

  • .NET Extensibility

    • -

  • ISAPI Extensions

    • -

  • ISAPI Filters

    • -
-

Security:

-
    -

  • Windows Authentication

    • -

  • Request Filtering

    • -

Windows Server Features

.NET Framework 4.5 features:

-
    -

  • .NET Framework 4.5 or 4.6

    -
      -

    • Windows Server 2016 - .NET Framework 4.6 is already installed for these versions of Windows Server, but you must enable it.

      • -

    • Windows Server 2012 or Windows Server 2012 R2 - .NET Framework 4.5 is already installed for these versions of Windows Server, but you must enable it.

      • -

    • Windows Server 2008 R2 - .NET Framework 4.5 is not included with Windows Server 2008 R2, so you must download Microsoft .NET Framework 4.5 and install it separately.

      -
      -Note

      If you are upgrading from MBAM 2.0 or MBAM 2.0 SP1 and need to install .NET Framework 4.5, see Release Notes for MBAM 2.5 for an additional required step to make the websites work.

      -
      -
      - -
      • -
    • -

  • WCF Activation

    -
      -

    • HTTP Activation

      • -

    • Non-HTTP Activation (Only for Windows Server 2008, 2012, and 2012 R2)

      -

      • -
    • -

  • TCP Activation

    • -
-

Windows Process Activation Service:

-
    -

  • Process Model

    • -

  • .NET Framework Environment

    • -

  • Configuration APIs

    • -

ASP.NET MVC 4.0

ASP.NET MVC 4 download

Service Principal Name (SPN)

The web applications require an SPN for the virtual host name under the domain account that you use for the web application pools.

-

If your administrative rights permit you to create SPNs in Active Directory Domain Services, MBAM creates the SPN for you. See Setspn for information about the rights required to create SPNs.

-

If you do not have administrative rights to create SPNs, you must ask the Active Directory administrators in your organization to create the SPN for you by using the following command.

-
Setspn -s http/mbamvirtual contoso\mbamapppooluser
-Setspn -s http/mbamvirtual.contoso.com contoso\mbamapppooluser
-

In the code example, the virtual host name is mbamvirtual.contoso.com, and the domain account used for the web application pools is contoso\mbamapppooluser.

-
-Note

If you are setting up Load Balancing, use the same application pool account on all servers.

-
-
- -
-

For more information about registering SPNs for fully qualified, NetBIOS, and custom host names, see Planning How to Secure the MBAM Websites.

- - - -## Prerequisites for the Self-Service Portal - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
PrerequisiteDetails

Supported version of Windows Server

See MBAM 2.5 Supported Configurations for supported versions.

ASP.NET MVC 4.0

ASP.NET MVC 4 download

Web Service IIS Management Tools

Service Principal Name (SPN)

The web applications require an SPN for the virtual host name under the domain account that you use for the web application pools.

-

If your administrative rights permit you to create SPNs in Active Directory Domain Services, MBAM creates the SPN for you. See Setspn for information about the rights required to create SPNs.

-

If you do not have administrative rights to create SPNs, you must ask the Active Directory administrators in your organization administrators in your organization to create the SPN for you by using the following command.

-
Setspn -s http/mbamvirtual contoso\mbamapppooluser
-Setspn -s http/mbamvirtual.contoso.com contoso\mbamapppooluser
-

In the code example, the virtual host name is mbamvirtual.contoso.com, and the domain account used for the web application pools is contoso\mbamapppooluser.

-
-Note

If you are setting up Load Balancing, use the same application pool account on all servers.

-
-
- -
-

For more information about registering SPNs for fully qualified, NetBIOS, and custom host names, see Planning How to Secure the MBAM Websites.

- - - -## Prerequisites for the Management Workstation - - - ---- - - - - - - - - - - - - -
PrerequisiteDetails

Before installing the MBAM Client, download the MBAM Group Policy Templates from How to Get MDOP Group Policy (.admx) Templates and configure them with the settings that you want to implement in your enterprise for BitLocker Drive Encryption.

Before installing the MBAM Client, do the following:

- ---- - - - - - - - - - - - - - - - - -
What to doWhere to get instructions

Copy the MBAM Group Policy Templates

Copying the MBAM 2.5 Group Policy Templates

Edit the Group Policy settings

Editing the MBAM 2.5 Group Policy Settings

-

- - - - - -## Related topics - - -[Preparing your Environment for MBAM 2.5](preparing-your-environment-for-mbam-25.md) - -[Planning to Deploy MBAM 2.5](planning-to-deploy-mbam-25.md) - -[MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md) - - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - diff --git a/mdop/mbam-v25/mbam-25-server-prerequisites-that-apply-only-to-the-configuration-manager-integration-topology.md b/mdop/mbam-v25/mbam-25-server-prerequisites-that-apply-only-to-the-configuration-manager-integration-topology.md deleted file mode 100644 index 58cc6cf2fe..0000000000 --- a/mdop/mbam-v25/mbam-25-server-prerequisites-that-apply-only-to-the-configuration-manager-integration-topology.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: MBAM 2.5 Server Prerequisites that Apply Only to the Configuration Manager Integration Topology -description: MBAM 2.5 Server Prerequisites that Apply Only to the Configuration Manager Integration Topology -author: dansimp -ms.assetid: 74180d8d-7b0f-460f-b301-53595cde8381 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# MBAM 2.5 Server Prerequisites that Apply Only to the Configuration Manager Integration Topology - - -If you are installing Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 by using the System Center Configuration Manager Integration feature, you must complete the prerequisites described in this topic, in addition to those in [MBAM 2.5 Server Prerequisites for Stand-alone and Configuration Manager Integration Topologies](mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md). You must also create or modify .mof files that are needed for the Configuration Manager Integration topology. - -## Prerequisites for the Configuration Manager Integration Feature - - -If you are configuring MBAM with the System Center Configuration Manager Integration topology, you must complete additional prerequisites that are required for Configuration Manager. - -[Prerequisites for the Configuration Manager Integration Feature](prerequisites-for-the-configuration-manager-integration-feature.md) - -## Edit the Configuration.mof file - - -To enable the client computers to report BitLocker compliance details through the MBAM Configuration Manager Reports, you have to edit the Configuration.mof file for System Center 2012 Configuration Manager and Microsoft System Center Configuration Manager 2007. - -[Edit the Configuration.mof File](edit-the-configurationmof-file-mbam-25.md) - -## Create or edit the Sms\_def.mof file - - -To enable the client computers to report BitLocker compliance details in the MBAM Configuration Manager Reports, you have to create or edit the Sms\_def.mof file. If you are using System Center 2012 Configuration Manager, you must create the file. In Configuration Manager 2007, the file already exists, so you need to edit, but not overwrite, the existing file. - -[Create or Edit the Sms\_def.mof File](create-or-edit-the-sms-defmof-file-mbam-25.md) - - -## Related topics - - -[Preparing your Environment for MBAM 2.5](preparing-your-environment-for-mbam-25.md) - -[MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md) - -[Planning to Deploy MBAM 2.5](planning-to-deploy-mbam-25.md) - -  - -  -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - diff --git a/mdop/mbam-v25/mbam-25-supported-configurations.md b/mdop/mbam-v25/mbam-25-supported-configurations.md deleted file mode 100644 index 95405633b3..0000000000 --- a/mdop/mbam-v25/mbam-25-supported-configurations.md +++ /dev/null @@ -1,619 +0,0 @@ ---- -title: MBAM 2.5 Supported Configurations -description: MBAM 2.5 Supported Configurations -author: dansimp -ms.assetid: ce689aff-9a55-4ae7-a968-23c7bda9b4d6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 10/24/2018 ---- - - -# MBAM 2.5 Supported Configurations - - -You can run Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 in a Stand-alone topology or in a Configuration Manager Integration topology that integrates MBAM with System Center Configuration Manager. If you use the recommended configuration for either topology in a production environment, MBAM supports up to 500,000 MBAM clients. For information about the recommended architecture and features that are configured on each server for each topology, see [High-Level Architecture for MBAM 2.5](high-level-architecture-for-mbam-25.md). - -For additional configurations that are specific to the Configuration Manager Integration topology, see [Versions of Configuration Manager that MBAM supports](#bkmk-cm-ramreqs). - -**Note** -Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976). - - - -## MBAM Supported Languages - - -The following tables show the languages that are supported for the MBAM Client (including the Self-Service Portal) and the MBAM Server in MBAM 2.5 and MBAM 2.5 SP1. - -**Supported Languages in MBAM 2.5 SP1:** - - ---- - - - - - - - - - - - - -
Client LanguagesServer Languages

Czech (Czech Republic) cs-CZ

-

Danish (Denmark) da-DK

-

Dutch (Netherlands) nl-NL

-

English (United States) en-US

-

Finnish (Finland) fi-FI

-

French (France) fr-FR

-

German (Germany) de-DE

-

Greek (Greece) el-GR

-

Hungarian (Hungary) hu-HU

-

Italian (Italy) it-IT

-

Japanese (Japan) ja-JP

-

Korean (Korea) ko-KR

-

Norwegian, Bokmål (Norway) nb-NO

-

Polish (Poland) pl-PL

-

Portuguese (Brazil) pt-BR

-

Portuguese (Portugal) pt-PT

-

Russian (Russia) ru-RU

-

Slovak (Slovakia) sk-SK

-

Spanish (Spain) es-ES

-

Swedish (Sweden) sv-SE

-

Turkish (Turkey) tr-TR

-

Slovenian (Slovenia) sl-SI

-

Simplified Chinese (PRC) zh-CN

-

Traditional Chinese (Taiwan) zh-TW

    -

  • English (United States) en-US

    • -

  • French (France) fr-FR

    • -

  • German (Germany) de-DE

    • -

  • Italian (Italy) it-IT

    • -

  • Japanese (Japan) ja-JP

    • -

  • Korean (Korea) ko-KR

    • -

  • Portuguese (Brazil) pt-BR

    • -

  • Russian (Russia) ru-RU

    • -

  • Spanish (Spain) es-ES

    • -

  • Simplified Chinese (PRC) zh-CN

    • -

  • Traditional Chinese (Taiwan) zh-TW

    • -
- - - -**Supported Languages in MBAM 2.5:** - - ---- - - - - - - - - - - - - -
Client LanguagesServer Languages
    -

  • English (United States) en-US

    • -

  • French (France) fr-FR

    • -

  • German (Germany) de-DE

    • -

  • Italian (Italy) it-IT

    • -

  • Japanese (Japan) ja-JP

    • -

  • Korean (Korea) ko-KR

    • -

  • Portuguese (Brazil) pt-BR

    • -

  • Russian (Russia) ru-RU

    • -

  • Spanish (Spain) es-ES

    • -

  • Simplified Chinese (PRC) zh-CN

    • -

  • Traditional Chinese (Taiwan) zh-TW

    • -
    -

  • English (United States) en-US

    • -

  • French (France) fr-FR

    • -

  • German (Germany) de-DE

    • -

  • Italian (Italy) it-IT

    • -

  • Japanese (Japan) ja-JP

    • -

  • Korean (Korea) ko-KR

    • -

  • Portuguese (Brazil) pt-BR

    • -

  • Russian (Russia) ru-RU

    • -

  • Spanish (Spain) es-ES

    • -

  • Simplified Chinese (PRC) zh-CN

    • -

  • Traditional Chinese (Taiwan) zh-TW

    • -
- - - -## MBAM Server system requirements - - -### MBAM Server operating system requirements - -We strongly recommend that you run the MBAM Client and MBAM Server on the same line of operating systems. For example, Windows 10 with Windows Server 2016, Windows 8.1 with Windows Server 2012 R2, and so on. - -The following table lists the operating systems that are supported for the MBAM Server installation. - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating systemEditionService packSystem architecture

Windows Server 2016

Standard or Datacenter

64-bit

Windows Server 2012 R2

Standard or Datacenter

64-bit

Windows Server 2012

Standard or Datacenter

64-bit

Windows Server 2008 R2

Standard, Enterprise, or Datacenter

SP1

64-bit

- - - -The enterprise domain must contain at least one Windows Server 2008 (or later) domain controller. - -### MBAM Server processor, RAM, and disk space requirements – Stand-alone topology - -These requirements are for the MBAM Stand-alone topology. For the requirements for the Configuration Manager Integration topology, see [MBAM Server Processor, RAM, and Disk Space Requirements - Configuration Manager Integration Topology](#bkmk-cm-ramreqs). - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
Hardware itemMinimum requirementRecommended requirement

Processor

2.33 GHz

2.33 GHz or greater

RAM

8 GB

12 GB

Free disk space

1 GB

2 GB

- - - -### MBAM Server processor, RAM, and disk space requirements - Configuration Manager Integration topology - -The following table lists the server processor, RAM, and disk space requirements for MBAM servers when you are using the Configuration Manager Integration topology. For the requirements for the Stand-alone topology, see [MBAM Server Processor, RAM, and Disk Space Requirements – Stand-alone Topology](#bkmk-stand-alone-ramreqs). - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
Hardware itemMinimum requirementRecommended requirement

Processor

2.33 GHz

2.33 GHz or greater

RAM

4 GB

8 GB

Free disk space

1 GB

2 GB

- - - -### Versions of Configuration Manager that MBAM supports - -MBAM supports the following versions of Configuration Manager. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Supported versionService packSystem architecture

Microsoft System Center Configuration Manager (Current Branch), versions up to 1902

64-bit

Microsoft System Center Configuration Manager 1806

64-bit

Microsoft System Center Configuration Manager (LTSB - version 1606)

64-bit

Microsoft System Center 2012 Configuration Manager

SP1

64-bit

Microsoft System Center Configuration Manager 2007 R2 or later

64-bit

- ->Note Although Configuration Manager 2007 R2 is 32 bit, you must install it and SQL Server on a 64-bit operating system in order to match the 64-bit MBAM software. -
- - - -For a list of supported configurations for the Configuration Manager Server, see the appropriate TechNet documentation for the version of Configuration Manager that you are using. MBAM has no additional system requirements for the Configuration Manager Server. - -### SQL Server database requirements - -The following table lists the Microsoft SQL Server versions that are supported for the MBAM Server features, which include the Recovery Database, Compliance and Audit Database, and the Reports feature. The required versions apply to the Stand-alone or the Configuration Manager Integration topologies. - -You must install SQL Server with the **SQL\_Latin1\_General\_CP1\_CI\_AS** collation. - - ------ - - - - - - - - - - - - - -
- - - -https://www.microsoft.com/download/details.aspx?id=54967 - - - - - - - - - - - - - - - - - -
SQL Server versionEditionService packSystem architecture

Microsoft SQL Server 2017

Standard, Enterprise, or Datacenter

64-bit

Microsoft SQL Server 2016

Standard, Enterprise, or Datacenter

SP1

64-bit

Microsoft SQL Server 2014

Standard, Enterprise, or Datacenter

SP1, SP2

64-bit

Microsoft SQL Server 2012

Standard, Enterprise, or Datacenter

SP3

64-bit

Microsoft SQL Server 2008 R2

Standard or Enterprise

SP3

64-bit

- -**Note** -In order to support SQL 2016 you must install the March 2017 Servicing Release for MDOP https://www.microsoft.com/download/details.aspx?id=54967 and to support SQL 2017 you must install the July 2018 Servicing Release for MDOP https://www.microsoft.com/download/details.aspx?id=57157. In general stay current by always using the most recent servicing update as it also includes all bugfixes and new features. - - -### SQL Server processor, RAM, and disk space requirements – Stand-alone topology - -The following table lists the recommended server processor, RAM, and disk space requirements for the SQL Server computer when you are using the Stand-alone topology. Use these requirements as a guide. Your specific requirements will vary based on the number of client computers you are supporting in your enterprise. To view the requirements for the Configuration Manager Integration topology, see [SQL Server Processor, RAM, and Disk Space Requirements - Configuration Manager Integration Topology](#bkmk-cm-sql-ramreqs). - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
Hardware itemMinimum requirementRecommended requirement

Processor

2.33 GHz

2.33 GHz or greater

RAM

8 GB

12 GB

Free disk space

5 GB

5 GB or greater

- - - -### SQL Server processor, RAM, and disk space requirements - Configuration Manager Integration topology - -The following table lists the server processor, RAM, and disk space requirements for the Microsoft SQL Server computer when you are using the Configuration Manager Integration topology, see [SQL Server Processor, RAM, and Disk Space Requirements – Stand-alone Topology](#bkmk-sql-stand-alone-ramreqs). - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
Hardware itemMinimum requirementRecommended requirement

Processor

2.33 GHz

2.33 GHz or greater

RAM

4 GB

8 GB

Free disk space

5 GB

5 GB

- - - -## MBAM Client system requirements - - -### Client operating system requirements - -We strongly recommend that you run the MBAM Client and MBAM Server on the same line of operating systems. For example, Windows 10 with Windows Server 2016, Windows 8.1 with Windows Server 2012 R2, and so on. - -The following table lists the operating systems that are supported for MBAM Client installation. The same requirements apply to the Stand-alone and the Configuration Manager Integration topologies. - - ------ - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - -
Operating systemEditionService packSystem architecture

Windows 10 IoT

Enterprise

32-bit or 64-bit

Windows 10

Enterprise

32-bit or 64-bit

Windows 8.1

Enterprise

32-bit or 64-bit

Windows 7

Enterprise or Ultimate

SP1

32-bit or 64-bit

Windows To Go

Windows 8.1 and Windows 10 Enterprise

32-bit or 64-bit

- - - -### Client RAM requirements - -There are no RAM requirements that are specific to the MBAM Client installation. - -## MBAM Group Policy system requirements - - -The following table lists the operating systems that are supported for MBAM Group Policy Templates installation. - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating systemEditionService packSystem architecture

Windows 10 IoT

Enterprise

32-bit or 64-bit

Windows 10

Enterprise

32-bit or 64-bit

Windows 8.1

Enterprise

32-bit or 64-bit

Windows 7

Enterprise, or Ultimate

SP1

32-bit or 64-bit

Windows Server 2012 R2

Standard or Datacenter

64-bit

Windows Server 2012

Standard or Datacenter

64-bit

Windows Server 2008 R2

Standard, Enterprise, or Datacenter

SP1

64-bit

- -## MBAM In Azure IaaS - -The MBAM server can be deployed in Azure Infrastructure as a Service (IaaS) on any of the supported OS versions listed above, connecting to an Active Directory hosted on premises or an Active Directory also hosted in Azure IaaS. Documentation for setting up and configuring Active Directory on Azure IaaS is [here](https://msdn.microsoft.com/library/azure/jj156090.aspx). - -The MBAM client is not supported on virtual machines and is also not supported on Azure IaaS. - - -## Service releases - -- [April 2016 hotfix](https://support.microsoft.com/help/3144445/april-2016-hotfix-rollup-for-microsoft-desktop-optimization-pack) -- [September 2016](https://support.microsoft.com/ms-my/help/3168628/september-2016-servicing-release-for-microsoft-desktop-optimization-pa) -- [December 2016](https://support.microsoft.com/help/3198158/december-2016-servicing-release-for-microsoft-desktop-optimization-pac) -- [March 2017](https://support.microsoft.com/en-ie/help/4014009/march-2017-servicing-release-for-microsoft-desktop-optimization-pack) -- [June 2017](https://support.microsoft.com/af-za/help/4018510/june-2017-servicing-release-for-microsoft-desktop-optimization-pack) -- [September 2017](https://support.microsoft.com/en-ie/help/4041137/september-2017-servicing-release-for-microsoft-desktop-optimization) -- [March 2018](https://support.microsoft.com/help/4074878/march-2018-servicing-release-for-microsoft-desktop-optimization-pack) -- [July 2018](https://support.microsoft.com/help/4340040/july-2018-servicing-release-for-microsoft-desktop-optimization-pack) -- [May 2019](https://support.microsoft.com/help/4505175/may-2019-servicing-release-for-microsoft-desktop-optimization-pack) - -## Related topics - - -[Planning to Deploy MBAM 2.5](planning-to-deploy-mbam-25.md) - -[Preparing your Environment for MBAM 2.5](preparing-your-environment-for-mbam-25.md) - - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - diff --git a/mdop/mbam-v25/monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md b/mdop/mbam-v25/monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md deleted file mode 100644 index 45f2ee0794..0000000000 --- a/mdop/mbam-v25/monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -title: Monitoring and Reporting BitLocker Compliance with MBAM 2.5 -description: Monitoring and Reporting BitLocker Compliance with MBAM 2.5 -author: dansimp -ms.assetid: 24a3bccd-8b67-4baa-a181-e4572eaba5bf -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Monitoring and Reporting BitLocker Compliance with MBAM 2.5 - - -Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 provides several reports that you can use to monitor BitLocker usage and compliance activities in your enterprise. - -Reports for the MBAM Stand-alone topology and the MBAM Configuration Manager Integration topology differ in the following ways: - -- In the Stand-alone topology, you view reports in the Administration and Monitoring Website. In the Configuration Manager Integration topology, you view reports in the Configuration Manager console, with one exception: you continue to view the Recovery Audit report from the Administration and Monitoring Website. - -- The names of the reports differ slightly between the two topologies. Visit the following links for the names and descriptions of the reports for each topology. - -## Viewing MBAM 2.5 Reports – Stand-alone topology - - -The following topics describe the reports and explain how to generate and view them in the Administration and Monitoring Website. - -[Understanding MBAM 2.5 Stand-alone Reports](understanding-mbam-25-stand-alone-reports.md) - -[Generating MBAM 2.5 Stand-alone Reports](generating-mbam-25-stand-alone-reports.md) - -## Viewing MBAM 2.5 Reports – Configuration Manager Integration topology - - -The topic in this section describes the reports for the Configuration Manager Integration topology and explains how to view them in the Configuration Manager console. - -[Viewing MBAM 2.5 Reports for the Configuration Manager Integration Topology](viewing-mbam-25-reports-for-the-configuration-manager-integration-topology.md) - -## Other resources for monitoring and reporting BitLocker compliance with MBAM - - -[Operations for MBAM 2.5](operations-for-mbam-25.md) - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - -  - -  - - - - - diff --git a/mdop/mbam-v25/monitoring-web-service-request-performance-counters.md b/mdop/mbam-v25/monitoring-web-service-request-performance-counters.md deleted file mode 100644 index 6a03158661..0000000000 --- a/mdop/mbam-v25/monitoring-web-service-request-performance-counters.md +++ /dev/null @@ -1,103 +0,0 @@ ---- -title: Monitoring Web Service Request Performance Counters -description: Monitoring Web Service Request Performance Counters -author: dansimp -ms.assetid: bdb812a1-465a-4098-b4c0-cb99890d1b0d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Monitoring Web Service Request Performance Counters - - -Microsoft BitLocker Administration and Monitoring (MBAM) provides performance counters that record the performance of requests that are sent to the following web services: - -- **StatusReportingService.svc** – service that receives requests for compliance status - -- **CoreService.svc** – service that receives requests for key recovery attempts - -## Performance counters that MBAM provides - - -MBAM provides the following performance counters for each of the public methods that is implemented by its StatusReportingService and CoreService web services: - - ---- - - - - - - - - - - - - - - - - - - - - -
Type of performance counterDescription

Total number of requests

Provides an incrementing count that starts from zero when the server is started or restarted.

-

Provides an overall view of system activity. Can be monitored by automated tools to ensure the health of the server and to validate that the counter continually increments over a specified period of time.

Requests per second

Indicates the current throughput of the MBAM Server as it supports the MBAM client base.

-

Enables site administrators to:

-
    -

  • Calculate the average number of requests per second, based on the number of MBAM Clients and their reporting frequency.

    • -

  • Validate that the number of requests per second broadly correlates with the calculated average number of requests per second. A significant variance can indicate that the MBAM Client isn't installed on a percentage of the client base or that an MBAM Group Policy Object hasn't been successfully deployed.

    • -

Request duration

Records the duration of requests in milliseconds.

-

Although this counter is updated with the duration of each request, Windows Performance Monitor samples it only periodically (typically every second), so you might see some variability in the value. For this reason, consider using the average value displayed by Performance Monitor.

- -  - -## Performance counter results and recommendations - - -As you add new MBAM Clients to an MBAM Server with spare capacity, expect to see an increase in the number of requests per second. This increase will be proportional to the number of new client computers. The average request duration will remain relatively static. As the server nears its maximum capacity, the requests per second start to level out, and the average request duration starts to get longer. - -If you are concerned about whether your MBAM Servers can support your client base, consider deploying MBAM in phases across different collections of client computers. As you deploy MBAM to each collection of client computers, we recommend that you take snapshots of the performance counters to see the relative impact of deploying to each new client collection. If the number of requests per second starts to level off and the average request duration increases, consider enhancing your MBAM Server infrastructure by doing one of the following: - -- Moving the MBAM database onto a dedicated Microsoft SQL Server or SQL Server cluster - -- Load-balancing MBAM across multiple Internet Information Services (IIS) web servers - -- Deploying MBAM on more powerful server hardware - -## Viewing performance counters - - -The recommended tool for viewing MBAM performance counters is Windows Performance Monitor, which comes with Windows. If you are using Windows PowerShell, you don’t need to enable the counters before viewing them, as they are automatically registered by the Windows PowerShell **Enable-webapplication** cmdlet. - -For detailed instructions on how to view performance counters, see [How to View MBAM Performance Counters](https://go.microsoft.com/fwlink/?LinkId=393457). - - - -## Related topics - - -[Maintaining MBAM 2.5](maintaining-mbam-25.md) - -  - -  - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - diff --git a/mdop/mbam-v25/moving-mbam-25-features-to-another-server.md b/mdop/mbam-v25/moving-mbam-25-features-to-another-server.md deleted file mode 100644 index 75b47a4907..0000000000 --- a/mdop/mbam-v25/moving-mbam-25-features-to-another-server.md +++ /dev/null @@ -1,57 +0,0 @@ ---- -title: Moving MBAM 2.5 Features to Another Server -description: Moving MBAM 2.5 Features to Another Server -author: dansimp -ms.assetid: 9767a0e4-e8ab-49f0-98c5-5cd671975501 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Moving MBAM 2.5 Features to Another Server - - -Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 enables you to move the databases, Reports feature, and the websites to another server. - -## Moving MBAM Server features topics - - -- [How to Move the MBAM 2.5 Databases](how-to-move-the-mbam-25-databases.md) - - This topic explains how to move the Compliance and Audit Database (or Audit Database, if you are using the Configuration Manager Integration topology) and the Recovery Database. - -- [How to Move the MBAM 2.5 Reports](how-to-move-the-mbam-25-reports.md) - - This topic explains how to move the Reports to another server. - -- [How to Move the MBAM 2.5 Websites](how-to-move-the-mbam-25-websites.md) - - This topic explains how to move the Administration and Monitoring Website and Self-Service Portal to another server. - -## Other resources for moving MBAM features - - -- [Microsoft BitLocker Administration and Monitoring 2.5](index.md) - -- [Maintaining MBAM 2.5](maintaining-mbam-25.md) - -- [Configuring the MBAM 2.5 Server Features](configuring-the-mbam-25-server-features.md) - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - -  - -  - - - - - diff --git a/mdop/mbam-v25/operations-for-mbam-25.md b/mdop/mbam-v25/operations-for-mbam-25.md deleted file mode 100644 index e318d1bba3..0000000000 --- a/mdop/mbam-v25/operations-for-mbam-25.md +++ /dev/null @@ -1,71 +0,0 @@ ---- -title: Operations for MBAM 2.5 -description: Operations for MBAM 2.5 -author: dansimp -ms.assetid: da0e35be-2dc4-4a24-b69a-530436eb48fc -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Operations for MBAM 2.5 - - -This topic describes the types of administrative tasks that you can perform with Microsoft BitLocker Administration and Monitoring (MBAM) 2.5. - -## Operations information - - -- [Administering MBAM 2.5 Features](administering-mbam-25-features.md) - - After deploying MBAM, you can use it to manage BitLocker encryption in your enterprise. The information in this section describes day-to-day MBAM feature operations and maintenance tasks. - -- [Monitoring and Reporting BitLocker Compliance with MBAM 2.5](monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md) - - This section describes the MBAM reports that you use to monitor BitLocker usage and compliance activities throughout your enterprise. - -- [Performing BitLocker Management with MBAM 2.5](performing-bitlocker-management-with-mbam-25.md) - - This section describes the day-to-day BitLocker encryption management tasks that you can do with MBAM. - -- [Maintaining MBAM 2.5](maintaining-mbam-25.md) - - This section describes how to move MBAM Server features and how to monitor web service request performance counters. - -- [Using Windows PowerShell to Administer MBAM 2.5](using-windows-powershell-to-administer-mbam-25.md) - - This section describes Windows PowerShell cmdlets that administrators can use to perform various MBAM Server tasks. - -## Other resources for MBAM operations - - -[Microsoft BitLocker Administration and Monitoring 2.5](index.md) - -[Getting Started with MBAM 2.5](getting-started-with-mbam-25.md) - -[Planning for MBAM 2.5](planning-for-mbam-25.md) - -[Deploying MBAM 2.5](deploying-mbam-25.md) - -[Troubleshooting MBAM 2.5](troubleshooting-mbam-25.md) - -[Technical Reference for MBAM 2.5](technical-reference-for-mbam-25.md) - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - -  - -  - - - - - diff --git a/mdop/mbam-v25/performing-bitlocker-management-with-mbam-25.md b/mdop/mbam-v25/performing-bitlocker-management-with-mbam-25.md deleted file mode 100644 index d6ef03091b..0000000000 --- a/mdop/mbam-v25/performing-bitlocker-management-with-mbam-25.md +++ /dev/null @@ -1,74 +0,0 @@ ---- -title: Performing BitLocker Management with MBAM 2.5 -description: Performing BitLocker Management with MBAM 2.5 -author: dansimp -ms.assetid: 068f3ee0-300c-4083-ba18-7065eef997ad -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Performing BitLocker Management with MBAM 2.5 - - -After planning and then deploying Microsoft BitLocker Administration and Monitoring (MBAM), you can configure and use it to manage BitLocker Drive Encryption across your enterprise. The information in this section describes post-installation, day-to-day BitLocker encryption management tasks that are accomplished by using Microsoft BitLocker Administration and Monitoring. - -## Reset a TPM lockout - - -A Trusted Platform Module (TPM) is a microchip that is designed to provide basic security-related functions, primarily involving encryption keys. The TPM is usually installed on the motherboard of a computer, and it communicates with the rest of the system by using a host bus adapter. On computers that incorporate a TPM, you can create cryptographic keys and encrypt them so that they can be decrypted only by the TPM. - -A TPM lockout can occur if a user enters the incorrect PIN too many times. The number of times that a user can enter an incorrect PIN before the TPM locks varies by manufacturer. You can use MBAM to access the centralized key recovery data system on the Administration and Monitoring Website, where you can retrieve a TPM owner password file when you supply a computer ID and an associated user identifier. - -[How to Reset a TPM Lockout](how-to-reset-a-tpm-lockout-mbam-25.md) - -## Recover drives - - -When you are dealing with the encryption of data, especially in an enterprise environment, consider how that data can be recovered in the event of a hardware failure, changes in personnel, or other situations in which encryption keys can be lost. - -The encrypted drive recovery features in MBAM ensure that data can be captured and stored and that the required tools are available to access a BitLocker-protected volume when BitLocker goes into recovery mode, is moved, or becomes corrupted. - -[How to Recover a Drive in Recovery Mode](how-to-recover-a-drive-in-recovery-mode-mbam-25.md) - -[How to Recover a Moved Drive](how-to-recover-a-moved-drive-mbam-25.md) - -[How to Recover a Corrupted Drive](how-to-recover-a-corrupted-drive-mbam-25.md) - -## Determine BitLocker encryption state of lost computers - - -By using MBAM, you can determine the last known BitLocker encryption status of computers that were lost or stolen. - -[How to Determine BitLocker Encryption State of Lost Computers](how-to-determine-bitlocker-encryption-state-of-lost-computers-mbam-25.md) - -## Use the Self-Service Portal to regain access to a computer - - -If end users get locked out of Windows by BitLocker, they can use the instructions in this section to get a BitLocker recovery key to regain access to their computer. - -[How to Use the Self-Service Portal to Regain Access to a Computer](how-to-use-the-self-service-portal-to-regain-access-to-a-computer-mbam-25.md) - - - -## Related topics - - -[Operations for MBAM 2.5](operations-for-mbam-25.md) - -  - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).  - - - - - diff --git a/mdop/mbam-v25/planning-for-mbam-25-client-deployment.md b/mdop/mbam-v25/planning-for-mbam-25-client-deployment.md deleted file mode 100644 index 6fce394daa..0000000000 --- a/mdop/mbam-v25/planning-for-mbam-25-client-deployment.md +++ /dev/null @@ -1,82 +0,0 @@ ---- -title: Planning for MBAM 2.5 Client Deployment -description: Planning for MBAM 2.5 Client Deployment -author: dansimp -ms.assetid: 23c89976-af24-4753-9412-ce0ea42d1964 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning for MBAM 2.5 Client Deployment - - -Depending on when you deploy the Microsoft BitLocker Administration and Monitoring (MBAM) Client software, you can enable BitLocker Drive Encryption on a computer in your organization either before the end user receives the computer or afterwards. For both the MBAM Stand-alone and the System Center Configuration Manager Integration topologies, you have to configure Group Policy settings for MBAM. - -If you are using the MBAM Stand-alone topology, we recommend that you use an enterprise software deployment system to deploy the MBAM Client software to end-user computers. - -If you deploy MBAM with the Configuration Manager Integration topology, you can use Configuration Manager to deploy the MBAM Client software to end-user computers. In Configuration Manager, the MBAM installation creates a collection of computers that MBAM can manage. This collection includes workstations and devices that do not have a Trusted Platform Module (TPM), but that are running Windows 8, Windows 8.1, or Windows 10. - -**Note**   -Windows To Go is not supported for the Configuration Manager Integration topology installation when you are using Configuration Manager 2007. - - - -## Deploying the MBAM Client to enable BitLocker Drive Encryption after computer distribution to end users - - -After you configure Group Policy, you can use an enterprise software deployment system product like Microsoft System Center Configuration Manager or Active Directory Domain Services (AD DS) to deploy the Windows Installer files of the MBAM Client installation to target computers. To deploy the MBAM Client, you can use either the 32-bit or 64-bit MbamClientSetup.exe files or MBAMClient.msi files, which are provided with the MBAM Client software. - -**Note**   -Beginning in MBAM 2.5 SP1, a separate MSI is no longer included with the MBAM product. However, you can extract the MSI from the executable file (.exe) that is included with the product. - - - -When you deploy the MBAM Client after you distribute computers to client computers, end users are prompted to encrypt their computer. This action enables MBAM to collect the data, which includes the PIN and password (if required by policy), and then to begin the encryption process. - -**Note**   -In this approach, end users who have computers with a TPM chip are prompted to activate and initialize the TPM chip if the chip has not been previously activated. - - - -## Using the MBAM Client to enable BitLocker Drive Encryption before computer distribution to end users - - -In organizations where computers are received and configured centrally, and where computers have a compliant TPM chip, you can use the MBAM Client to manage BitLocker Drive Encryption on each computer before any user data is written to it. The benefit of this process is that every computer is then compliant. This method does not rely on end-user action because the administrator has already encrypted the computer. A key assumption for this scenario is that the policy of the organization installs a corporate Windows image before the computer is delivered to the end user. - -If your organization wants to use the TPM chip to encrypt computers, the administrator adds the TPM protector to encrypt the operating system volume of the computer. If your organization wants to use the TPM chip and a PIN protector, the administrator encrypts the operating system volume with the TPM protector, and then end users select a PIN when they log on for the first time. If your organization decides to use only the PIN protector, the administrator does not have to encrypt the volume first. When end users log on, Microsoft BitLocker Administration and Monitoring prompts them to provide a PIN, or a PIN and password to be used on later computer restarts. - -**Note**   -The TPM protector option requires the administrator to accept the BIOS prompt to activate and initialize the TPM before the computer is delivered to the end user. - - - -## MBAM Client support for Encrypted Hard Drives - - -MBAM supports BitLocker on Encrypted Hard Drives that meet TCG specification requirements for Opal as well as IEEE 1667 standards. When BitLocker is enabled on these devices, it will generate keys and perform management functions on the encrypted drive. See [Encrypted Hard Drive](https://technet.microsoft.com/library/hh831627.aspx) for more information. - - -## Related topics - - -[Planning to Deploy MBAM 2.5](planning-to-deploy-mbam-25.md) - -[Deploying the MBAM 2.5 Client](deploying-the-mbam-25-client.md) - - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - diff --git a/mdop/mbam-v25/planning-for-mbam-25-group-policy-requirements.md b/mdop/mbam-v25/planning-for-mbam-25-group-policy-requirements.md deleted file mode 100644 index 9003490cee..0000000000 --- a/mdop/mbam-v25/planning-for-mbam-25-group-policy-requirements.md +++ /dev/null @@ -1,528 +0,0 @@ ---- -title: Planning for MBAM 2.5 Group Policy Requirements -description: Planning for MBAM 2.5 Group Policy Requirements -author: dansimp -ms.assetid: 82d545dc-3fbf-4b46-b62f-47fe178a7c44 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Planning for MBAM 2.5 Group Policy Requirements - - -Use the following information to determine the types of BitLocker protectors that you can use to manage the Microsoft BitLocker Administration and Monitoring (MBAM) client computers in your enterprise. - -## Types of BitLocker protectors that MBAM supports - - -MBAM supports the following types of BitLocker protectors. - - ---- - - - - - - - - - - - - - - - - - - - - -
Type of drive or volumeSupported BitLocker protectors

Operating system volumes

    -

  • Trusted Platform Module (TPM)

    • -

  • TPM + PIN

    • -

  • TPM + USB key – supported only when the operating system volume is encrypted before MBAM is installed

    • -

  • TPM + PIN + USB key - supported only when the operating system volume is encrypted before MBAM is installed

    • -

  • Password - supported only for Windows To Go devices, fixed data drives, and Windows 8, Windows 8.1, and Windows 10 devices that do not have a TPM

    • -

  • Numerical password - applied automatically as part of volume encryption and does not need to be configured except in FIPS mode on Windows 7

    • -

  • Data recovery agent (DRA)

    • -

Fixed data drives

    -

  • Password

    • -

  • Auto-unlock

    • -

  • Numerical password - applied automatically as part of volume encryption and does not need to be configured except in FIPS mode on Windows 7

    • -

  • Data recovery agent (DRA)

    • -

Removable drives

    -

  • Password

    • -

  • Auto-unlock

    • -

  • Numerical password - applied automatically as part of volume encryption and does not need to be configured

    • -

  • Data recovery agent (DRA)

    • -
- - - -### Support for the Used Space Encryption BitLocker policy - -In MBAM 2.5 SP1, if you enable Used Space Encryption via BitLocker Group policy, the MBAM Client honors it. - -This Group Policy setting is called **Enforce drive encryption type on operating system drives** and is located in the following GPO node: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **BitLocker Drive Encryption** > **Operating System Drives**. If you enable this policy and select the encryption type as **Used Space Only encryption**, MBAM will honor the policy and BitLocker will only encrypt disk space that is used on the volume. - -## How to get the MBAM Group Policy Templates and edit the settings - - -When you are ready to configure the MBAM Group Policy settings you want, do the following: - - ---- - - - - - - - - - - - - - - - - -
Steps to followWhere to get instructions

Copy the MBAM Group Policy Templates from How to Get MDOP Group Policy (.admx) Templates and install them on a computer that is capable of running the Group Policy Management Console (GPMC) or Advanced Group Policy Management (AGPM).

Copying the MBAM 2.5 Group Policy Templates

Configure the Group Policy settings that you want to use in your enterprise.

Editing the MBAM 2.5 Group Policy Settings

- - - -## Descriptions of the MBAM Group Policy settings - - -The **MDOP MBAM (BitLocker Management)** GPO node contains four global policy settings and four child GPO nodes: **Client Management**, **Fixed Drive**, **Operating System Drive**, and **Removable Drive**. The following sections describe and suggest settings for the MBAM Group Policy settings. - -**Important** -Do not change the Group Policy settings in the **BitLocker Drive Encryption** node, or MBAM will not work correctly. MBAM automatically configures the settings in this node for you when you configure the settings in the **MDOP MBAM (BitLocker Management)** node. - - - -### Global Group Policy definitions - -This section describes MBAM Global Group Policy definitions at the following GPO node: **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDOP MBAM (BitLocker Management)**. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
Policy nameOverview and suggested Group Policy settings

Choose drive encryption method and cipher strength

Suggested configuration: Enabled

-

Configure this policy to use a specific encryption method and cipher strength.

-

When this policy is not configured, BitLocker uses the default encryption method: AES 128-bit with Diffuser.

-
-Note

An issue with the BitLocker Computer Compliance report causes it to display "unknown" for the cipher strength, even if you are using the default value. To work around this issue, make sure you enable this setting and set a value for cipher strength.

-
-
- -
-
    -

  • AES 128-bit with Diffuser – for Windows 7 only

    • -

  • AES 128 for Windows 8, Windows 8.1, and Windows 10

    • -

Prevent memory overwrite on restart

Suggested configuration: Not Configured

-

Configure this policy to improve restart performance without overwriting BitLocker secrets in memory on restart.

-

When this policy is not configured, BitLocker secrets are removed from memory when the computer restarts.

Validate smart card certificate usage rule

Suggested configuration: Not Configured

-

Configure this policy to use smartcard certificate-based BitLocker protection.

-

When this policy is not configured, the default object identifier 1.3.6.1.4.1.311.67.1.1 is used to specify a certificate.

Provide the unique identifiers for your organization

Suggested configuration: Not Configured

-

Configure this policy to use a certificate-based data recovery agent or the BitLocker To Go reader.

-

When this policy is not configured, the Identification field is not used.

-

If your company requires higher security measurements, you can configure the Identification field to make sure that all USB devices have this field set and that they are aligned with this Group Policy setting.

- - - -### Client Management Group Policy definitions - -This section describes Client Management policy definitions for MBAM at the following GPO node: **Computer Configuration** > **Policies** >**Administrative Templates** > **Windows Components** > **MDOP MBAM (BitLocker Management)** > **Client Management**. - -You can set the same Group Policy settings for the Stand-alone and System Center Configuration Manager Integration topologies, with one exception: Disable the **Configure MBAM Services > MBAM Status reporting service endpoint** setting if you are using the Configuration Manager Integration topology, as indicated in the following table. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
Policy nameOverview and suggested Group Policy settings

Configure MBAM Services

Suggested configuration: Enabled

-
    -

  • MBAM Recovery and Hardware service endpoint. Use this setting to enable MBAM Client BitLocker encryption management. Enter an endpoint location that is similar to the following example: http(s)://<MBAM Administration and Monitoring Server Name>:<the port the web service is bound to>/MBAMRecoveryAndHardwareService/CoreService.svc.

    • -

  • Select BitLocker recovery information to store. This policy setting lets you configure the key recovery service to back up BitLocker recovery information. It also lets you configure a status reporting service for collecting reports. The policy provides an administrative method of recovering data encrypted by BitLocker to prevent data loss due to the lack of key information. The status report and key recovery activity are automatically and silently sent to the configured report server location.

    -

    If you do not configure this policy setting or if you disable it, the key recovery information is not saved, and the status report and key recovery activity are not reported to the server. When this setting is set to Recovery Password and key package, the recovery password and key package are automatically and silently backed up to the configured key recovery server location.

    • -

  • Enter client checking status frequency in minutes. This policy setting manages how frequently the client checks the BitLocker protection policies and status on the client computer. This policy also manages how frequently the client compliance status is saved to the server. The client checks the BitLocker protection policies and status on the client computer and also backs up the client recovery key at the configured frequency.

    -

    Set this frequency based on the requirement set by your company on how frequently to check the compliance status of the computer and how frequently to back up the client recovery key.

    • -

  • MBAM Status reporting service endpoint:

    -

    For MBAM in a Stand-alone topology: You must configure this setting to enable MBAM Client BitLocker encryption management.

    -

    Enter an endpoint location that is similar to the following example:

    -

    http(s)://<MBAM Administration and Monitoring Server Name>:<the port the web service is bound to>/MBAMComplianceStatusService/StatusReportingService.svc

    -

    For MBAM in the Configuration Manager Integration topology: Disable this setting.

    • -

Configure user exemption policy

Suggested configuration: Not Configured

-

This policy setting lets you configure a website address, email address, or phone number that instructs a user to request an exemption from BitLocker encryption.

-

If you enable this policy setting and provide a website address, email address, or phone number, users see a dialog box with instructions on how to apply for an exemption from BitLocker protection. For more information about enabling BitLocker encryption exemptions for users, see How to Manage User BitLocker Encryption Exemptions.

-

If you either disable or do not configure this policy setting, the exemption request instructions are not displayed to users.

-
-Note

User exemption is managed per user, not per computer. If multiple users log on to the same computer and any one user is not exempt, the computer is encrypted.

-
-
- -

Configure customer experience improvement program

Suggested configuration: Enabled

-

This policy setting lets you configure how MBAM users can join the Customer Experience Improvement Program. This program collects information about computer hardware and how users use MBAM without interrupting their work. The information helps Microsoft to identify which MBAM features to improve. Microsoft does not use this information to identify or contact MBAM users.

-

If you enable this policy setting, users can join the Customer Experience Improvement Program.

-

If you disable this policy setting, users cannot join the Customer Experience Improvement Program.

-

If you do not configure this policy setting, users have the option to join the Customer Experience Improvement Program.

Provide the URL for the Security Policy link

Suggested configuration: Enabled

-

Use this policy setting to specify a URL that is displayed to end users as a link named "Company Security Policy." The link points to your company’s internal security policy and provides end users with information about encryption requirements. The link appears when users are prompted by MBAM to encrypt a drive.

-

If you enable this policy setting, you can configure the URL for the Security Policy link.

-

If you disable or do not configure this policy setting, the Security Policy link is not displayed to users.

- - - -### Fixed Drive Group Policy definitions - -This section describes Fixed Drive policy definitions for Microsoft BitLocker Administration and Monitoring at the following GPO node: **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDOP MBAM (BitLocker Management)** > **Fixed Drive**. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Policy nameOverview and suggested Group Policy settings

Fixed data drive encryption settings

Suggested configuration: Enabled

-

This policy setting lets you manage whether fixed data drives must be encrypted.

-

If the operating system volume is required to be encrypted, click Enable auto-unlock fixed data drive.

-

When you enable this policy, you must not disable the Configure use of password for fixed data drives policy unless you are enabling or requiring the use of auto-unlock for fixed data drives.

-

If you have to use auto-unlock for fixed data drives, you must configure operating system volumes to be encrypted.

-

If you enable this policy setting, users are required to put all fixed data drives under BitLocker protection, and the data drives are then encrypted.

-

If you do not configure this policy setting, users are not required to put fixed data drives under BitLocker protection. If you apply this policy after fixed data drives are encrypted, the MBAM agent decrypts the encrypted fixed data drives.

-

If you disable this policy setting, users cannot put their fixed data drives under BitLocker protection.

Deny write access to fixed drives not protected by BitLocker

Suggested configuration: Not Configured

-

This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer. This policy setting is applied when you turn on BitLocker.

-

When the policy is not configured, all fixed data drives on the computer are mounted with read/write permission.

Allow access to BitLocker-protected fixed drives from earlier versions of Windows

Suggested configuration: Not Configured

-

Enable this policy so that fixed drives with the FAT file system can be unlocked and viewed on computers that are running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2.

-

When the policy is enabled or not configured, fixed drives that are formatted with the FAT file system can be unlocked and their content can be viewed on computers that are running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2. These operating systems have read-only permission to BitLocker-protected drives.

-

When the policy is disabled, fixed drives that are formatted with the FAT file system cannot be unlocked and their content cannot be viewed on computers that are running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2.

Configure use of password for fixed drives

Suggested configuration: Not Configured

-

Use this policy to specify whether a password is required to unlock BitLocker-protected fixed data drives.

-

If you enable this policy setting, users can configure a password that meets the requirements that you define. BitLocker enables users to unlock a drive with any of the protectors that are available on the drive.

-

These settings are enforced when you turn on BitLocker, not when you unlock a volume.

-

If you disable this policy setting, users are not allowed to use a password.

-

When the policy is not configured, passwords are supported with the default settings, which do not include password complexity requirements and which require only eight characters.

-

For higher security, enable this policy, and then select Require password for fixed data drive, click Require password complexity, and set the minimum password length that you want.

-

If you disable this policy setting, users are not allowed to use a password.

-

If you do not configure this policy setting, passwords are supported with the default settings, which do not include password complexity requirements and which require only eight characters.

Choose how BitLocker-protected fixed drives can be recovered

Suggested configuration: Not Configured

-

Configure this policy to enable the BitLocker data recovery agent or to save BitLocker recovery information to Active Directory Domain Services (AD DS).

-

When the policy is not configured, the BitLocker data recovery agent is allowed, and recovery information is not backed up to AD DS. MBAM does not require recovery information to be backed up to AD DS.

Encryption Policy Enforcement Settings

Suggested configuration: Enabled

-

Use this policy setting to configure the number of days that fixed data drives can remain noncompliant until they are forced to comply with MBAM policies. Users cannot postpone the required action or request an exemption from it after the grace period. The grace period starts when the fixed data drive is determined to be noncompliant. However, the fixed data drive policy is not enforced until the operating system drive is compliant.

-

If the grace period expires and the fixed data drive is still not compliant, users do not have the option to postpone or to request an exemption. If the encryption process requires user input, a dialog box appears that users cannot close until they provide the required information.

-

Enter 0 in the Configure the number of noncompliance grace period days for fixed drives to force the encryption process to begin immediately after the grace period expires for the operating system drive.

-

If you disable or do not configure this setting, users are not forced to comply with MBAM policies.

-

If no user interaction is required to add a protector, encryption begins in the background after the grace period expires.

- - - -### Operating System Drive Group Policy definitions - -This section describes Operating System Drive policy definitions for Microsoft BitLocker Administration and Monitoring at the following GPO node: **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDOP MBAM (BitLocker Management)** > **Operating System Drive**. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Policy nameOverview and suggested Group Policy settings

Operating system drive encryption settings

Suggested configuration: Enabled

-

This policy setting lets you manage whether the operating system drive must be encrypted.

-

For higher security, consider disabling the following policy settings in System > Power Management > Sleep Settings when you enable them with TPM + PIN protector:

-
    -

  • Allow Standby States (S1-S3) When Sleeping (Plugged In)

    • -

  • Allow Standby States (S1-S3) When Sleeping (On Battery)

    • -
-

If you are running Microsoft Windows 8 or later, and you want to use BitLocker on a computer without a TPM, select the Allow BitLocker without a compatible TPM check box. In this mode, a password is required for startup. If you forget the password, you have to use one of the BitLocker recovery options to access the drive.

-

On a computer with a compatible TPM, two types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use only the TPM for authentication, or it can also require the entry of a personal identification number (PIN).

-

If you enable this policy setting, users have to put the operating system drive under BitLocker protection, and the drive is then encrypted.

-

If you disable this policy, users cannot put the operating system drive under BitLocker protection. If you apply this policy after the operating system drive is encrypted, the drive is then decrypted.

-

If you do not configure this policy, the operating system drive is not required to be placed under BitLocker protection.

Allow enhanced PINs for startup

Suggested configuration: Not Configured

-

Use this policy setting to configure whether enhanced startup PINs are used with BitLocker. Enhanced startup PINs permit the use of characters including uppercase and lowercase letters, symbols, numbers, and spaces. This policy setting is applied when you turn on BitLocker.

-

If you enable this policy setting, all new BitLocker startup PINs set will enable end user to create enhanced PINs. However, not all computers can support enhanced PINs in the pre-boot environment. We strongly recommend that administrators evaluate whether their systems are compatible with this feature before enabling its use.

-

Select the Require ASCII-only PINs check box to help make enhanced PINs more compatible with computers that limit the type or number of characters that can be entered in the pre-boot environment.

-

If you disable or do not configure this policy setting, enhanced PINs are not used.

Choose how BitLocker-protected operating system drives can be recovered

Suggested configuration: Not Configured

-

Configure this policy to enable the BitLocker data recovery agent or to save BitLocker recovery information to Active Directory Domain Services (AD DS).

-

When this policy is not configured, the data recovery agent is allowed, and recovery information is not backed up to AD DS.

-

MBAM operation does not require recovery information to be backed up to AD DS.

Configure use of passwords for operating system drives

Suggested configuration: Not Configured

-

Use this policy setting to set the constraints for passwords that are used to unlock BitLocker-protected operating system drives. If non-TPM protectors are allowed on operating system drives, you can provision a password, enforce complexity requirements on the password, and configure a minimum length for the password. For the complexity requirement setting to be effective, you must also enable the Group Policy setting "Password must meet complexity requirements" located in Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy.

-
-Note

These settings are enforced when you turn on BitLocker, not when you unlock a volume. BitLocker lets you unlock a drive with any of the protectors that are available on the drive.

-
-
- -
-

If you enable this policy setting, users can configure a password that meets the requirements that you define. To enforce complexity requirements on the password, click Require password complexity.

Configure TPM platform validation profile for BIOS-based firmware configurations

Suggested configuration: Not Configured

-

This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection.

-
-Important

This Group Policy setting applies only to computers with BIOS configurations or to computers with UEFI firmware with a Compatibility Service Module (CSM) enabled. Computers that use a native UEFI firmware configuration store different values into the Platform Configuration Registers (PCRs). Use the "Configure TPM platform validation profile for native UEFI firmware configurations" Group Policy setting to configure the TPM PCR profile for computers that use native UEFI firmware.

-
-
- -
-

If you enable this policy setting before you turn on BitLocker, you can configure the boot components that the TPM validates before you unlock access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM does not release the encryption key to unlock the drive and the computer instead displays the BitLocker Recovery console and requires that you provide either the recovery password or recovery key to unlock the drive.

-

If you disable or do not configure this policy setting, BitLocker uses the default platform validation profile or the platform validation profile that is specified by the Setup script.

Configure TPM platform validation profile

Suggested configuration: Not Configured

-

This policy setting enables you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection.

-

If you enable this policy setting before you turn on BitLocker, you can configure the boot components that the TPM validates before you unlock access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM does not release the encryption key to unlock the drive and the computer instead displays the BitLocker Recovery console and requires that you provide either the recovery password or recovery key to unlock the drive.

-

If you disable or do not configure this policy setting, BitLocker uses the default platform validation profile or the platform validation profile that is specified by the setup script.

Configure TPM platform validation profile for native UEFI firmware configurations

Suggested configuration: Not Configured

-

This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the BitLocker encryption key. This policy setting does not apply if the computer does not have a compatible TPM or if BitLocker has already been turned on with TPM protection.

-
-Important

This Group Policy setting applies only to computers with a native UEFI firmware configuration.

-
-
- -
-

If you enable this policy setting before you turn on BitLocker, you can configure the boot components that the TPM validates before unlocking access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM does not release the encryption key to unlock the drive and the computer instead displays the BitLocker Recovery console and requires that you provide either the recovery password or recovery key to unlock the drive.

-

If you disable or do not configure this policy setting, BitLocker uses the default platform validation profile or the platform validation profile that is specified by the setup script.

Reset platform validation data after BitLocker recovery

Suggested configuration: Not Configured

-

Use this policy setting to control whether platform validation data is refreshed when Windows is started after BitLocker recovery.

-

If you enable this policy setting, platform validation data are refreshed when Windows is started after BitLocker recovery. If you disable this policy setting, platform validation data are not refreshed when Windows is started after BitLocker recovery. If you do not configure this policy setting, platform validation data are refreshed when Windows is started after BitLocker recovery.

Use enhanced Boot Configuration Data validation profile

Suggested configuration: Not Configured

-

This policy setting allows you to choose specific Boot Configuration Data (BCD) settings to verify during platform validation.

-

If you enable this policy setting, you can add additional settings, remove the default settings, or both. If you disable this policy setting, the computer reverts to a BCD profile similar to the default BCD profile that is used by Windows 7. If you do not configure this policy setting, the computer verifies the default Windows BCD settings.

-
-Note

When BitLocker uses Secure Boot for platform and Boot Configuration Data (BCD) integrity validation, as defined by the "Allow Secure Boot for integrity validation" policy, the "Use enhanced Boot Configuration Data validation profile" policy is ignored.

-
-
- -
-

The setting that controls boot debugging (0x16000010) is always validated and has no effect if it is included in the provided fields.

Encryption Policy Enforcement Settings

Suggested configuration: Enabled

-

Use this policy setting to configure the number of days that users can postpone complying with MBAM policies for their operating system drive. The grace period begins when the operating system is first detected as noncompliant. After this grace period expires, users cannot postpone the required action or request an exemption from it.

-

If the encryption process requires user input, a dialog box appears that users cannot close until they provide the required information.

-

If you disable or do not configure this setting, users are not forced to comply with MBAM policies.

-

If no user interaction is required to add a protector, encryption begins in the background after the grace period expires.

Configure pre-boot recovery message and URL

Suggested configuration: Not Configured

-

Enable this policy setting to configure a custom recovery message or to specify a URL that is then displayed on the pre-boot BitLocker recovery screen when the OS drive is locked. This setting is only available on client computers running Windows 10.

-

When this policy is enabled, you can select one of these options for the pre-boot recovery message:

-
    -

  • Use custom recovery message: Select this option to include a custom message in the pre-boot BitLocker recovery screen. In the Custom recovery message option box, type the message that you want displayed. If you also want to specify a recovery URL, include it as part of your custom recovery message.

    • -

  • Use custom recovery URL: Select this option to replace the default URL that is displayed in the pre-boot BitLocker recovery screen. In the Custom recovery URL option box, type the URL that you want displayed.

    • -

  • Use default recovery message and URL: Select this option to display the default BitLocker recovery message and URL in the pre-boot BitLocker recovery screen. If you previously configured a custom recovery message or URL and want to revert to the default message, you must enable this policy and select the Use default recovery message and URL option.

    • -
-
-Note

Not all characters and languages are supported in pre-boot. We recommend that you test that the characters you use for the custom message or URL appear correctly on the pre-boot BitLocker recovery screen.

-
-
- -
- - - -### Removable Drive Group Policy definitions - -This section describes Removable Drive Group Policy definitions for Microsoft BitLocker Administration and Monitoring at the following GPO node: **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDOP MBAM (BitLocker Management)** > **Removable Drive**. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Policy nameOverview and suggested Group Policy settings

Control use of BitLocker on removable drives

Suggested configuration: Enabled

-

This policy controls the use of BitLocker on removable data drives.

-

Click Allow users to apply BitLocker protection on removable data drives to allow users to run the BitLocker setup wizard on a removable data drive.

-

Click Allow users to suspend and decrypt BitLocker on removable data drives to enable users to remove BitLocker drive encryption from the drive or to suspend the encryption while maintenance is performed.

-

When this policy is enabled, and you click Allow users to apply BitLocker protection on removable data drives, the MBAM Client saves the recovery information about removable drives to the MBAM key recovery server and allows users to recover the drive if the password is lost.

Deny write access to removable drives not protected by BitLocker

Suggested configuration: Not Configured

-

Enable this policy to allow only write permission to BitLocker-protected drives.

-

When this policy is enabled, all removable data drives on the computer require encryption before write permission is allowed.

Allow access to BitLocker-protected removable drives from earlier versions of Windows

Suggested configuration: Not Configured

-

Enable this policy to allow fixed drives with the FAT file system to be unlocked and viewed on computers that are running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2.

-

When this policy is not configured, removable drives that are formatted with the FAT file system can be unlocked on computers that are running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2, and their content can be viewed. These operating systems have read-only permission to BitLocker-protected drives.

-

When the policy is disabled, removable drives formatted with the FAT file system cannot be unlocked and their content cannot be viewed on computers that are running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2.

Configure use of password for removable data drives

Suggested configuration: Not Configured

-

Enable this policy to configure password protection on removable data drives.

-

When this policy is not configured, passwords are supported with the default settings, which do not include password complexity requirements and which require only eight characters.

-

For increased security, you can enable this policy and select Require password for removable data drive, click Require password complexity, and set the preferred minimum password length.

Choose how BitLocker-protected removable drives can be recovered

Suggested configuration: Not Configured

-

Configure this policy to enable the BitLocker data recovery agent or to save BitLocker recovery information to Active Directory Domain Services (AD DS).

-

When set to Not Configured, the data recovery agent is allowed, and recovery information is not backed up to AD DS.

-

MBAM operation does not require recovery information to be backed up to AD DS.

- - - - -## Related topics - - -[Preparing your Environment for MBAM 2.5](preparing-your-environment-for-mbam-25.md) - -[MBAM 2.5 Deployment Prerequisites](mbam-25-deployment-prerequisites.md) - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - - diff --git a/mdop/mbam-v25/planning-for-mbam-25-groups-and-accounts.md b/mdop/mbam-v25/planning-for-mbam-25-groups-and-accounts.md deleted file mode 100644 index 7f91892a01..0000000000 --- a/mdop/mbam-v25/planning-for-mbam-25-groups-and-accounts.md +++ /dev/null @@ -1,194 +0,0 @@ ---- -title: Planning for MBAM 2.5 Groups and Accounts -description: Planning for MBAM 2.5 Groups and Accounts -author: dansimp -ms.assetid: 73bb9fe5-5900-4b6f-b271-ade62991fca1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 11/02/2016 ---- - - -# Planning for MBAM 2.5 Groups and Accounts - - -This topic lists the roles and accounts that you must create in Active Directory Domain Services (AD DS) to provide security and access rights for the Microsoft BitLocker Administration and Monitoring (MBAM) databases, reports, and web applications. For each role and account, the corresponding field in the MBAM Server Configuration wizard is provided. For a list of Windows PowerShell cmdlets and parameters that correspond to these accounts, see [Configuring MBAM 2.5 Server Features by Using Windows PowerShell](configuring-mbam-25-server-features-by-using-windows-powershell.md#bkmk-reqd-posh-accts). - -**Note** -MBAM does not support the use of managed service accounts. - - - -## Database accounts - - -Create the following accounts for the Compliance and Audit Database and the Recovery Database. - - ------ - - - - - - - - - - - - - - - - - - - - - - -
Account name and purposeAccount typeMBAM Server Configuration wizard field that corresponds to this accountDescription of the MBAM Server Configuration wizard field that corresponds to this account

Compliance and Audit Database and Recovery Database read/write user or group for reports

User or Group

Read/write access domain user or group

Domain user or group that has read/write access to the Compliance and Audit Database and the Recovery Database to enable the web applications to access the data and reports in these databases.

-

If you enter a user name in this field, it must be the same value as the value in the Web service application pool domain account field on the Configure Web Applications page.

-

If you enter a group name in this field, the value in the Web service application pool domain account field on the Configure Web Applications page must be a member of the group you enter in this field.

Compliance and Audit Database read-only user or group for reports

User or Group

Read-only access domain user or group

Name of the user or group that will have read-only access to the Compliance and Audit Database to enable the reports to access the compliance and audit data in this database.

-

If you enter a user name in this field, it must be the same user as the one you specify in the Compliance and Audit Database domain account field on the Configure Reports page.

-

If you enter a group name in this field, the value that you specify in the Compliance and Audit Database domain account field on the Configure Reports page must be a member of the group that you specify in this field.

- - - -## Reporting accounts - - -Create the following accounts for the Reports feature. - - ------ - - - - - - - - - - - - - - - - - - - - - - -
Account name/purposeAccount typeMBAM Server Configuration wizard field that corresponds to this accountDescription of the MBAM Server Configuration wizard field that corresponds to this account

Reports read-only domain access group

Group

Reporting role domain group

Specifies the domain user group that has read-only access to the reports in the Administration and Monitoring Website. The group you specify must be the same group you specified for the Reports Read Only Access Group parameter when the web apps are enabled.

Compliance and Audit Database domain user account

User

Compliance and Audit Database domain account

Domain user account and password that the local SQL Server Reporting Services instance uses to access the Compliance and Audit Database. This account requires Log On as Batch rights to the SQL Server Reporting Services server.

-

If the value you enter in the Read-only access domain user or group field on the Configure Databases page is a user name, you must enter that same value in this field.

-

If the value you enter in the Read-only access domain user or group field on the Configure Databases page is a group name, the value that you enter in this field must be a member of that group.

-

Configure the password for this account to never expire. The user account should be able to access all data that is available to the MBAM Reports Users group.

- - - -## Administration and Monitoring Website (Help Desk) accounts - - -Create the following accounts for the Administration and Monitoring Website. - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Account name/purposeAccount typeMBAM Server Configuration wizard field that corresponds to this accountDescription of the MBAM Server Configuration wizard field that corresponds to this account

Web service application pool domain account

User

Web service application pool domain account

Domain user account to be used by the application pool for the web applications.

-

If you enter a user name in the Read/write access domain user or group field on the Configure Databases page, you must enter that same value in this field.

-

If you enter a group name in the Read/write access domain user or group field on the Configure Databases page, the value you enter in this field must be a member of that group.

-

If you do not specify credentials, the credentials that were specified for any previously enabled web application will be used. All web applications must use the same application pool credentials. If you specify different credentials for different web applications, the most recently specified value will be used.

-
-Important

For improved security, set the account that is specified in the credentials to have limited user rights.

-
-
- -

MBAM Advanced Helpdesk Users access group

Group

MBAM Advanced Helpdesk Users

Domain user group whose members have access to all recovery areas of the Administration and Monitoring Website. Users who have this role have to enter only the recovery key, and not the end user’s domain and user name, when helping end users recover their drives. If a user is a member of both the MBAM Helpdesk Users group and the MBAM Advanced Helpdesk Users group, the MBAM Advanced Helpdesk Users group permissions override the MBAM Helpdesk Group permissions.

MBAM Helpdesk Users access group

Group

MBAM Helpdesk Users

Domain user group whose members have access to the Manage TPM and Drive Recovery areas of the MBAM Administration and Monitoring Website. Individuals who have this role must fill-in all fields, including the end-user’s domain and account name, when they use either option.

-

If a user is a member of both the MBAM Helpdesk Users group and the MBAM Advanced Helpdesk Users group, the MBAM Advanced Helpdesk Users group permissions override the MBAM Helpdesk Group permissions.

MBAM Report Users access group

Group

MBAM Report Users

Domain user group whose members have read-only access to the reports in the Reports area of the Administration and Monitoring Website.

MBAM Data Migration User Group

Group

MBAM Data Migration Users

Optional domain user group whose members have permissions to write data to MBAM by using the MBAM Recovery and Hardware Service running on the MBAM server. This account is generally used with the Write-Mbam* cmdlets to write recovery and TPM data from Active Directory into the MBAM database.

-

For more information, see MBAM 2.5 Security Considerations.

- - - - -## Related topics - - -[Preparing your Environment for MBAM 2.5](preparing-your-environment-for-mbam-25.md) - -[MBAM 2.5 Deployment Prerequisites](mbam-25-deployment-prerequisites.md) - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - diff --git a/mdop/mbam-v25/planning-for-mbam-25-high-availability.md b/mdop/mbam-v25/planning-for-mbam-25-high-availability.md deleted file mode 100644 index 0a95efbd31..0000000000 --- a/mdop/mbam-v25/planning-for-mbam-25-high-availability.md +++ /dev/null @@ -1,145 +0,0 @@ ---- -title: Planning for MBAM 2.5 High Availability -description: Planning for MBAM 2.5 High Availability -author: dansimp -ms.assetid: 1e29b30c-33f1-4a52-9442-8c1391f0049c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Planning for MBAM 2.5 High Availability - - -Microsoft BitLocker Administration and Monitoring (MBAM) can maintain high availability through use of one or more of the following technologies, which are described in the following sections: - -- [SQL Server AlwaysOn availability groups](#bkmk-alwayson) - -- [Microsoft SQL Server clustering](#bkmk-sql-clustering) - -- [IIS Network Load Balancing](#bkmk-load-balance) - -- [Database mirroring in SQL Server](#bkmk-db-mirroring) - -- [Backing up MBAM databases by using the Volume Shadow Copy Service (VSS)](#bkmk-vss) - -Use the information in the following sections to help you understand the options to deploy MBAM in a highly available configuration. - -## Support for SQL Server AlwaysOn availability groups - - -MBAM enables you to configure and manage availability groups for the databases in Microsoft SQL Server. An availability group for MBAM supports a failover environment where the Compliance and Audit Database and the Recovery Database fail over together rather than separately. - -An availability group supports a set of read/write primary databases and one to four sets of corresponding secondary databases. Optionally, secondary databases can be made available for read-only permission, some backup operations, or for both. - -For information about how to set up availability groups, see [AlwaysOn Availability Groups](https://go.microsoft.com/fwlink/?LinkId=393277). - -## Microsoft SQL Server clustering - - -You can run the MBAM 2.5 Compliance and Audit Database and the Recovery Database on computers that are running SQL Server clusters. - -## IIS Network Load Balancing - - -You can use Network Load Balancing to configure a highly available environment for computers that are running the Administration and Monitoring Website (also known as Help Desk), the Self-Service Portal, and the web services, which are deployed through Internet Information Services (IIS). - -### Prerequisites - -Before configuring load balancing, ensure that you have met the following prerequisites: - -- A load balancer must be available. You can use load balancers from Microsoft or another company. For more information about Microsoft load balancer technology, see [Build a Web Farm with IIS Servers](https://go.microsoft.com/fwlink/?LinkId=393326). - -- At least two servers are running IIS and have met all of the MBAM prerequisites to support its web features, including ASP.NET MVC 4. - -- MBAM databases and reports are running on a server. - -### MBAM-specific changes that are required to enable Load Balancing - -Complete the following tasks: - -1. Register a Service Principal Name (SPN) for the virtual host name under the domain account that you are using for the web application pools. For example, if the virtual host name is mbamvirtual.contoso.com, and the domain account used for the web application pools is contoso\\mbamapppooluser, the following command registers the SPN appropriately. - - `Setspn -s http//mbamvirtual contoso\mbamapppooluser` - - `Setspn -s http//mbamvirtual.contoso.com contoso\mbamapppooluser` - -2. Configure the following MBAM web features: - - - On each server that will host the MBAM web features, use the same domain account for the application pool administrative credentials. - - - Specify a host name that matches the virtual host name (DNS name) of the Load Balancing cluster. For example, when you install MBAM on a server called "NLB1" with a virtual host name of **mbamvirtual.contoso.com**, ensure that the host name that you specify in the Windows PowerShell cmdlet is **mbamvirtual.contoso.com**. - -3. If you are configuring the websites in a web farm with a load balancer, you must configure the websites to use the same machine key. - - For more information, see the following sections in [machineKey Element (ASP.NET Settings Schema)](https://msdn.microsoft.com/library/vstudio/w8h3skw9.aspx): - - - Machine Key Explained - - - Web Farm Deployment Considerations - - For instructions about how to automatically generate a key, see [Generate a Machine Key (IIS 7)](https://technet.microsoft.com/library/cc772287.aspx). - -The information about Load Balancing also applies to IIS Network Load Balancing (NLB) clusters in Windows Server 2012 or Windows Server 2008 R2. The IIS Network Load Balancing functionality in Windows Server 2012 is generally the same as in Windows Server 2008 R2. However, some task details are different in Windows Server 2012. For information about new ways to do tasks, see [Common Management Tasks and Navigation in Windows Server 2012 R2 Preview and Windows Server 2012](https://go.microsoft.com/fwlink/?LinkId=316371). - -## Database mirroring in SQL Server - - -MBAM supports the use of SQL Server mirroring, where the Compliance and Audit Database and the Recovery Database are mirrored by using two instances of SQL Server for each database. Before implementing mirroring, be aware that mirroring is slowly being phased out, in favor of availability groups, which are discussed earlier in this topic. - -To implement mirroring for MBAM, you must specify the appropriate connection strings for the mirrored database configuration by using the **Enable-MbamWebApplication** Windows PowerShell cmdlet. For more information about the MBAM 2.5 Windows PowerShell cmdlets, see [Configuring MBAM 2.5 Server Features by Using Windows PowerShell](configuring-mbam-25-server-features-by-using-windows-powershell.md). - -### Examples of implementing SQL Server mirroring by using Windows PowerShell - -The following examples show how you might implement SQL Server mirroring by using Windows PowerShell cmdlets. - -**Example 1** - -``` syntax -Enable-MbamWebApplication -AdministrationPortal -ComplianceAndAuditDBConnectionString 'Integrated Security=SSPI;Data Source=MyDatabaseServer;Failover Partner=myMirrorServerAddress;Initial Catalog="MBAM Compliance Status";' -RecoveryDBConnectionString 'Integrated Security=SSPI;Data Source=MyDatabaseServer;Failover Partner=myMirrorServerAddress;Initial Catalog="MBAM Recovery and Hardware";' -AdvancedHelpdeskAccessGroup “MyDomain\AdvancedUserGroup” -HelpdeskAccessGroup “MyDomain\StandardUserGroup” -ReportsReadOnlyAccessGroup "MyDomain\ReportUserGroup" -ReportUrl "https://MyReportServer/ReportServer" -Port 443 -WebServiceApplicationPoolCredential (Get-Credential) -Certificate (dir cert:\LocalMachine\My\E2A7EA5533890D6567E40DFC46F53B3D31D6B689) -``` - -**Example 2** - -``` syntax -Enable-MbamWebApplication -SelfServicePortal -ComplianceAndAuditDBConnectionString 'Integrated Security=SSPI;Data Source=MyDatabaseServer; Failover Partner=myMirrorServerAddress;Initial Catalog="MBAM Compliance Status";' -RecoveryDBConnectionString 'Integrated Security=SSPI;Data Source=MyDatabaseServer;I Failover Partner=myMirrorServerAddress;Initial Catalog="MBAM Recovery and Hardware";' -Port 443 -WebServiceApplicationPoolCredential (Get-Credential) -Certificate (dir cert:\LocalMachine\My\E2A7EA5533890D6567E40DFC46F53B3D31D6B689) -``` - -### More information about SQL Server mirroring - -The following links provide more information about configuring SQL Server mirroring: - -- [How to: Prepare a Mirror Database for Mirroring (Transact-SQL)](https://go.microsoft.com/fwlink/?LinkId=316375) - -- [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](https://go.microsoft.com/fwlink/?LinkId=316377) - -## Backing up MBAM databases by using the Volume Shadow Copy Service (VSS) - - -MBAM provides a Volume Shadow Copy Service (VSS) writer, called the Microsoft BitLocker Administration and Management Writer. This VSS writer facilitates the backup of the Compliance and Audit Database and the Recovery Database. - -The VSS writer is registered on every server where you enable an MBAM web application. The MBAM VSS writer depends on the SQL Server VSS Writer, which is registered as part of the Microsoft SQL Server installation. Any backup technology that uses VSS writers to perform backup can discover the MBAM VSS writer. - - - -## Related topics - - -[Planning to Deploy MBAM 2.5](planning-to-deploy-mbam-25.md) - -  - -  -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - diff --git a/mdop/mbam-v25/planning-for-mbam-25-server-deployment.md b/mdop/mbam-v25/planning-for-mbam-25-server-deployment.md deleted file mode 100644 index 41ccde26df..0000000000 --- a/mdop/mbam-v25/planning-for-mbam-25-server-deployment.md +++ /dev/null @@ -1,120 +0,0 @@ ---- -title: Planning for MBAM 2.5 Server Deployment -description: Planning for MBAM 2.5 Server Deployment -author: dansimp -ms.assetid: 88774c89-31c8-4eb8-a845-a00bbec8c870 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning for MBAM 2.5 Server Deployment - - -This topic lists the features that you deploy for the MBAM Stand-alone and Configuration Manager topologies and lists the order in which you need to deploy them. There is a recommended configuration for each topology. However, you can configure MBAM server databases and features in different configurations and across multiple servers, depending on your scalability requirements. - -## Important planning considerations for both topologies - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
ConsiderationsDetails or purpose

Review the following before you start the deployment:

-

Each MBAM feature has specific prerequisites that must be met before you start the MBAM installation.

BitLocker recovery keys in MBAM expire after a single use.

A single use means that the recovery key has been retrieved through the Administration and Monitoring Website (also known as Help Desk), Self-Service Portal, or by using the Get-MbamBitLockerRecoveryKey Windows PowerShell cmdlet.

Keep track of the names of the computers on which you configure each feature. You will use this information throughout the configuration process.

You may want to use the MBAM 2.5 Deployment Checklist for this purpose.

Configure only the Group Policy settings in the MDOP MBAM (BitLocker Management) node. Do not change the Group Policy settings in the BitLocker Drive Encryption node.

If you change the Group Policy settings in the BitLocker Drive Encryption node, MBAM will not work.

- - - -## Planning for MBAM Server deployment – Stand-alone topology - - -For the Stand-alone topology, a two-server configuration is recommended for production environments, although configurations of three to four servers can be used. - -The Server infrastructure for the MBAM Stand-alone topology contains the following features, which must be configured in the order listed: - -1. Databases (Compliance and Audit Database and Recovery Database) - -2. Reports - -3. Web applications (and their corresponding web services) - - - Administration and Monitoring Website - - - Self-Service Portal - -For a description of these features, see [High-Level Architecture of MBAM 2.5 with Stand-alone Topology](high-level-architecture-of-mbam-25-with-stand-alone-topology.md). - -## Planning for MBAM Server deployment – Configuration Manager topology - - -For the Configuration Manager Integration topology, a three-server configuration is recommended for production environments, although configurations of additional servers can be used. - -The Server infrastructure for the MBAM Configuration Manager topology contains the following features, which must be configured or performed in the order listed: - -1. Databases (Compliance and Audit Database and Recovery Database) - -2. Reports - -3. Web applications (and their corresponding web services) - - - Administration and Monitoring Website - - - Self-Service Portal - -4. System Center Configuration Manager Integration - -For a description of these features, see [High-Level Architecture of MBAM 2.5 with Configuration Manager Integration Topology](high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md). - - - -## Related topics - - -[Planning to Deploy MBAM 2.5](planning-to-deploy-mbam-25.md) - -[Deploying the MBAM 2.5 Server Infrastructure](deploying-the-mbam-25-server-infrastructure.md) - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).  - - - - - diff --git a/mdop/mbam-v25/planning-for-mbam-25.md b/mdop/mbam-v25/planning-for-mbam-25.md deleted file mode 100644 index 5be4741f7c..0000000000 --- a/mdop/mbam-v25/planning-for-mbam-25.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: Planning for MBAM 2.5 -description: Planning for MBAM 2.5 -author: dansimp -ms.assetid: aebe82c0-e3b6-4bfb-beb0-b99f9c5c5267 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning for MBAM 2.5 - - -This topic lists the tasks, prerequisites, and requirements that you need to complete when you are planning to deploy Microsoft BitLocker Administration and Monitoring (MBAM) 2.5. - -## Planning information - - -- [Preparing your Environment for MBAM 2.5](preparing-your-environment-for-mbam-25.md) - - This section describes the installation prerequisites, Group Policy settings, groups and accounts, and website security that are required before you deploy MBAM. - -- [Planning to Deploy MBAM 2.5](planning-to-deploy-mbam-25.md) - - This section describes the minimum hardware and software requirements for installing the MBAM Client and configuring the MBAM Server features, and describes the MBAM Server features to be deployed and the order in which to deploy them. It also explains how to configure a highly available environment and lists some security considerations to be aware of. - -- [MBAM 2.5 Planning Checklist](mbam-25-planning-checklist.md) - - This section provides a planning checklist that can assist you in MBAM deployment planning. - -## Other resources for planning for MBAM - - -[Microsoft BitLocker Administration and Monitoring 2.5](index.md) - -[Getting Started with MBAM 2.5](getting-started-with-mbam-25.md) - -[Deploying MBAM 2.5](deploying-mbam-25.md) - -[Operations for MBAM 2.5](operations-for-mbam-25.md) - -[Troubleshooting MBAM 2.5](troubleshooting-mbam-25.md) - -[Technical Reference for MBAM 2.5](technical-reference-for-mbam-25.md) - - - -  - -  -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - diff --git a/mdop/mbam-v25/planning-how-to-secure-the-mbam-websites.md b/mdop/mbam-v25/planning-how-to-secure-the-mbam-websites.md deleted file mode 100644 index 56e258088e..0000000000 --- a/mdop/mbam-v25/planning-how-to-secure-the-mbam-websites.md +++ /dev/null @@ -1,336 +0,0 @@ ---- -title: Planning How to Secure the MBAM Websites -description: Planning How to Secure the MBAM Websites -author: dansimp -ms.assetid: aea1d137-62cf-4da4-9989-541e0b5ad8d8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Planning How to Secure the MBAM Websites - - -This topic describes the following methods for securing the Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 Administration and Monitoring Website and Self-Service Portal: - - ---- - - - - - - - - - - - - - - - - -
MethodRequired or optional?

Using certificates to secure MBAM websites

Optional, but highly recommended

Registering Service Principal Names (SPN) for the application pool account

Required

- - - -For more information about how to secure your MBAM deployment, see [MBAM 2.5 Security Considerations](mbam-25-security-considerations.md). - -## Using certificates to secure MBAM websites - - -We recommend that you use a certificate to secure the communication between the: - -- MBAM Client and the web services - -- Browser and the Administration and Monitoring Website and the Self-Service Portal websites - -For information about requesting and installing a certificate, see [Configuring Internet Server Certificates](https://technet.microsoft.com/library/cc731977.aspx). - -**Note** -You can configure the websites and web services on different servers only if you are using Windows PowerShell. If you use the MBAM Server Configuration wizard to configure the websites, you must configure the websites and the web services on the same server. - - - -To secure the communication between the web services and the databases, we also recommend that you force encryption in SQL Server. For information about securing all connections to SQL Server, including communication between the web services and SQL Server, see [MBAM 2.5 Security Considerations](mbam-25-security-considerations.md#bkmk-secure-databases). - -## Registering SPNs for the application pool account - - -To enable the MBAM Servers to authenticate communication from the Administration and Monitoring Website and the Self-Service Portal, you must register a Service Principal Name (SPN) for the host name under the domain account that you are using for the web application pool. - -This topic contains instructions on how to register SPNs for the following types of host names: - -- Fully qualified domain name - -- NetBIOS name - -- Virtual name - -### Before you create SPNs for an initial MBAM installation - -Review the information in the following table before you start creating SPNs. - - ---- - - - - - - - - - - - - - - - - - - - - -
Task or itemMore information

Create a service account in Active Directory Domain Services (AD DS).

The service account is a user account that you create in AD DS to provide security for the MBAM websites. The MBAM websites run under an application pool, whose identity is the name of the service account. The SPNs are then registered in the application pool account.

-
-Note

You must use the same application pool account for all web servers.

-
-
- -

Verify that either the IIS-IUSRS group account or the application pool account has been granted the necessary rights.

To check this, follow these steps:

-
    -

  1. Open the Local Security Policy editor and expand the Local Policies node.

    2. -

  2. Select the User Rights Assignment node, and double-click the Impersonate a client after authentication and Log on as a batch job Group Policy settings in the right pane.

    3. -

If you configure the MBAM websites by using a domain administrative account, MBAM will create the SPNs for you.

If you configure the MBAM websites by using a domain administrative account, follow the steps in this topic to register SPNs manually for the type of host name that you are using.

- - - -### Registering SPNs when you use a fully qualified domain host name - -If you use a fully qualified domain host name when you configure MBAM, you have to register only one SPN, as shown in the following example. - - ---- - - - - - - - - - - - - - - - - -
What you need to doExamples and more information

Register an SPN for the fully qualified domain name.

Setspn -s http/mybitlockerrecovery.contoso.com contoso\mbamapppooluser

-

The fully qualified host name is mybitlockerrecovery.contoso.com, and the domain account used for the web application pool is contoso\mbamapppooluser.

Configure constrained delegation for the SPN that you are registering for the application pool account.

Configuring Constrained Delegation

-

This requirement only applies to MBAM 2.5; it is not necessary in MBAM 2.5 SP1.

- - - -### Registering SPNs when you use a NetBIOS host name - -If you use a NetBIOS host name when you configure MBAM, register one SPN for the NetBIOS name, and another SPN for the fully qualified domain name, as shown in the following examples. - - ---- - - - - - - - - - - - - - - - - - - - - -
What you need to doExamples and more information

Register an SPN for the NetBIOS host name.

Setspn -s http/nbname01 contoso\mbamapppooluser

-

The NetBIOS host name is nbname01, and the domain account used for the web application pool is contoso\mbamapppooluser.

Register an SPN for the fully qualified domain name.

Setspn –s http/nbname01.corp.contoso.com contoso\mbamapppooluser

-

The fully qualified domain name is nbname01.contoso.com, and the domain account used for the web application pool is contoso\mbamapppooluser.

Configure constrained delegation for the SPNs that you are registering for the application pool account.

Configuring Constrained Delegation

-

This requirement only applies to MBAM 2.5; it is not necessary in MBAM 2.5 SP1.

- - - -### Registering SPNs when you use a virtual host name - -If you configure MBAM with a virtual host name that is a fully qualified domain name, register only one SPN for the virtual host name. If the virtual host name that you configure is not a fully qualified domain name, you must create a second SPN that specifies the fully qualified domain name, as described in the following examples. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
What you need to doExamples and more information

If your virtual host name is a fully qualified domain name, as in this example, register only one SPN.

Setspn -s http/mbamvirtual.contoso.com contoso\mbamapppooluser

-

In the example, the virtual host name is mbamvirtual.contoso.com, and the domain account used for the web application pool is contoso\mbamapppooluser.

Register this additional SPN if your virtual host name is not a fully qualified domain name.

Setspn -s http/mbamvirtual contoso\mbamapppooluser

-

In the example, the virtual host name is mbamvirtual, and the domain account used for the web application pool is contoso\mbamapppooluser.

Register this additional SPN if your virtual host name is not a fully qualified domain name.

Setspn -s http/mbamvirtual.contoso.com contoso\mbamapppooluser

-

In the example, the virtual host name is mbamvirtual.contoso.com, and the domain account used for the web application pool is contoso\mbamapppooluser.

On the Domain Name Server (DNS) server, create an “A record” for the custom host name and point it to a web server or a load balancer.

See the “To configure DNS Host A Records” section in Configure DNS Host Records.

-

We recommend that you use A records instead of CNAMES. If you use CNAMES to point to the domain address, you must also register SPNs for the web server name in the application pool account.

Configure constrained delegation for the SPNs that you are registering for the application pool account.

Configuring Constrained Delegation

-

This requirement only applies to MBAM 2.5; it is not necessary in MBAM 2.5 SP1.

- - - -### Registering an SPN when you upgrade from previous versions of MBAM - -Complete the steps in this section only if you want to: - -- Upgrade from a previous version of MBAM. - -- Run the websites in MBAM 2.5 in a load-balanced or distributed configuration, and you are currently running in a configuration that is not load balanced. - -If you already registered SPNs on the machine account rather than in an application pool account, MBAM uses the existing SPNs, and you cannot configure the websites in a load-balanced or distributed configuration. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
What you need to doExamples and more information

Create an application pool account in Active Directory Domain Services (AD DS).

Remove the currently installed websites and web services.

Removing MBAM Server Features or Software

Remove SPNs from the machine account.

Setspn –d http/mbamwebserver mbamwebserver

-

Setspn –d http/mbamwebserver.contoso.com mbamwebserver

Register SPNs in the application pool account.

Follow the steps for Registering SPNs when you use a virtual host name.

Reconfigure the web applications and web services.

How to Configure the MBAM 2.5 Web Applications

Do one of the following, depending on the method you use for the configuration:

- ---- - - - - - - - - - - - - - - - - -
MethodDetails

MBAM Server Configuration wizard

Enter the application pool account in the Web service application pool domain account field.

Enable-MbamWebApplication Windows PowerShell cmdlet

Enter the account in the WebServiceApplicationPoolCredential parameter.

-

-Important

The host name that you enter must be the same name as the virtual host name for which you are creating the SPNs. Also, in your web farm, the host names and the application pool credentials must be the same on every server that you are configuring.

-
-
- -
-

When MBAM configures the web applications, it will try to register the SPNs for you, but it can do so only if you have Domain Admin rights on the server on which you are installing MBAM. If you do not have these rights, you can complete the configuration, but you will have to set the SPNs before or after you configure MBAM.

- -## Required Request Filtering Settings - - 'Allow unlisted file name extensions' is required for the application to operate as expected. This can be found by navigating to the 'Microsoft BitLocker Administration and Monitoring' -> Request Filtering -> Edit Feature Settings. - - -## Related topics - - -[Preparing your Environment for MBAM 2.5](preparing-your-environment-for-mbam-25.md) - -[MBAM 2.5 Deployment Prerequisites](mbam-25-deployment-prerequisites.md) - - - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - diff --git a/mdop/mbam-v25/planning-to-deploy-mbam-25.md b/mdop/mbam-v25/planning-to-deploy-mbam-25.md deleted file mode 100644 index e0e73d9033..0000000000 --- a/mdop/mbam-v25/planning-to-deploy-mbam-25.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: Planning to Deploy MBAM 2.5 -description: Planning to Deploy MBAM 2.5 -author: dansimp -ms.assetid: 1343b80c-d87a-42e7-b912-e84ba997d7e3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning to Deploy MBAM 2.5 - - -You should consider a number of different deployment configurations and prerequisites before you create your deployment plan for Microsoft BitLocker Administration and Monitoring (MBAM). This section includes information that can help you gather the necessary information to formulate a deployment plan that best meets your business requirements. - -## Review the MBAM 2.5 supported configurations - - -After preparing your computing environment for the MBAM Server and Client feature deployment, make sure that you review the Supported Configurations to confirm that the computers on which you are installing MBAM meet the minimum hardware and operating system requirements. For more information about MBAM deployment prerequisites, see [MBAM 2.5 Deployment Prerequisites](mbam-25-deployment-prerequisites.md). - -[MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md) - -## Plan for MBAM 2.5 Server and Client deployment - - -The MBAM Server infrastructure depends on a set of server features that can be configured on one or more server computers, based on the requirements of the enterprise. These features can be configured in a distributed configuration across multiple servers. - -**Note**   -An MBAM installation on a single server is recommended only for lab environments. - - - -The MBAM Client enables administrators to enforce and monitor BitLocker drive encryption on computers in the enterprise. The BitLocker client can be integrated into an organization by deploying the client through an enterprise software delivery system or by installing the Client on client computers as part of the initial imaging process. - -With MBAM, you can encrypt a computer in your organization either before the end user receives the computer, or afterwards by using Group Policy. - -[Planning for MBAM 2.5 Server Deployment](planning-for-mbam-25-server-deployment.md) - -[Planning for MBAM 2.5 Client Deployment](planning-for-mbam-25-client-deployment.md) - -## Other resources for MBAM planning - - -[Planning for MBAM 2.5](planning-for-mbam-25.md) - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - - - - - diff --git a/mdop/mbam-v25/preparing-your-environment-for-mbam-25.md b/mdop/mbam-v25/preparing-your-environment-for-mbam-25.md deleted file mode 100644 index bfc0fff5d3..0000000000 --- a/mdop/mbam-v25/preparing-your-environment-for-mbam-25.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: Preparing your Environment for MBAM 2.5 -description: Preparing your Environment for MBAM 2.5 -author: dansimp -ms.assetid: 7552ba08-9dbf-40cd-8920-203d733fd242 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Preparing your Environment for MBAM 2.5 - - -Before beginning Microsoft BitLocker Administration and Monitoring (MBAM) Setup, you should make sure that you have met the prerequisites to install the product. When you know what the prerequisites are ahead of time, you can efficiently deploy the product and enable its features so that it most effectively supports your organization’s business objectives. - -If you are deploying Microsoft BitLocker Administration and Monitoring with Configuration Manager, ensure that you meet the additional requirements for Configuration Manager, which are listed later in this topic. - -## Review MBAM 2.5 deployment prerequisites - - -To ensure that your MBAM deployment is successful, make sure that you review and complete the required software prerequisites before you install the MBAM Client and configure the MBAM Server features. - -[MBAM 2.5 Deployment Prerequisites](mbam-25-deployment-prerequisites.md) - -## Plan for MBAM 2.5 Group Policy requirements - - -Before MBAM can manage clients in the enterprise, you must download and configure Group Policy templates that are specific to MBAM, and then configure the Group Policy settings that you want for your environment. - -[Planning for MBAM 2.5 Group Policy Requirements](planning-for-mbam-25-group-policy-requirements.md) - -## Plan for MBAM 2.5 roles and accounts - - -As part of the prerequisites, you must define certain roles and accounts, which are used in MBAM to provide security and access rights to specific servers and features, such as the databases running on SQL Server and the web applications running on the Administration and Monitoring Server. - -[Planning for MBAM 2.5 Groups and Accounts](planning-for-mbam-25-groups-and-accounts.md) - -## Other resources for MBAM planning - - -[Planning for MBAM 2.5](planning-for-mbam-25.md) - -[MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md) - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - -  - -  - - - - - diff --git a/mdop/mbam-v25/prerequisites-for-mbam-25-clients.md b/mdop/mbam-v25/prerequisites-for-mbam-25-clients.md deleted file mode 100644 index 2329a20a37..0000000000 --- a/mdop/mbam-v25/prerequisites-for-mbam-25-clients.md +++ /dev/null @@ -1,106 +0,0 @@ ---- -title: Prerequisites for MBAM 2.5 Clients -description: Prerequisites for MBAM 2.5 Clients -author: dansimp -ms.assetid: fc230679-9c84-4b99-a77c-bae7e7bf8145 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 04/23/2017 ---- - - -# Prerequisites for MBAM 2.5 Clients - - -Before you install the MBAM Client software on end users' computers, ensure that your environment and the client computers meet the following prerequisites. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PrerequisiteDetails

The enterprise domain must contain at least one Windows Server 2008 (or later) domain controller.

The client computer must be logged on to the enterprise intranet.

For Windows 7 client computers only: Each client must have Trusted Platform Module (TPM) capability (TPM 1.2 or later).

For Windows 8.1, Windows 10 RTM or Windows 10 version 1511 client computers only: If you want MBAM to be able to store and manage the TPM recovery keys, TPM auto-provisioning must be turned off, and MBAM must be set as the owner of the TPM before you deploy MBAM.

-

In MBAM 2.5 SP1 only, you no longer need to turn off TPM auto-provisioning, but you must make sure that the TPM Group Policy Objects are set to not escrow TPM OwnerAuth to Active Directory.

MBAM 2.5 Security Considerations

For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM.

-

In MBAM 2.5 SP1, you must turn on auto-provisioning.

-

See TPM owner password for further details. -

The TPM chip must be turned on in the BIOS and be resettable from the operating system.

See the BIOS documentation for more information.

The computer’s hard disk must have at least two partitions and must be formatted with the NTFS file system.

The computer’s hard disk must have a BIOS that is compatible with TPM and that supports USB devices during computer startup.

-Note

Ensure that the keyboard, video, or mouse are directly connected and not managed through a keyboard, video, or mouse (KVM) switch. A KVM switch can interfere with the ability of the computer to detect the physical presence of hardware.

-
-
- -

If you use a proxy, it must be visible in the system context. MBAM runs under the system context, not the user context.

- - - -**Important** -If BitLocker was used without MBAM, MBAM can be installed and utilize the existing TPM information. - - - - -## Related topics - - -[MBAM 2.5 Supported Configurations](mbam-25-supported-configurations.md) - -[Planning to Deploy MBAM 2.5](planning-to-deploy-mbam-25.md) - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - - diff --git a/mdop/mbam-v25/prerequisites-for-the-configuration-manager-integration-feature.md b/mdop/mbam-v25/prerequisites-for-the-configuration-manager-integration-feature.md deleted file mode 100644 index f7ff13527a..0000000000 --- a/mdop/mbam-v25/prerequisites-for-the-configuration-manager-integration-feature.md +++ /dev/null @@ -1,199 +0,0 @@ ---- -title: Prerequisites for the Configuration Manager Integration Feature -description: Prerequisites for the Configuration Manager Integration Feature -author: dansimp -ms.assetid: b318cbd3-b009-44b8-991b-f7364c1cae88 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Prerequisites for the Configuration Manager Integration Feature - - -If you deploy MBAM with the System Center Configuration Manager Integration topology, we recommend a three-server architecture, as described in [High-Level Architecture of MBAM 2.5 with Configuration Manager Integration Topology](high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md). This architecture can support 500,000 client computers. - -**Important** -Windows To Go is not supported for the Configuration Manager Integration topology installation when you are using Configuration Manager 2007. - - - -## General prerequisites for the Configuration Manager Integration feature - - -When you install MBAM with Configuration Manager, the following additional prerequisites are required in addition to the prerequisites for the Stand-alone topology. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PrerequisiteAdditional information

The Configuration Manager Server is a primary site in the Configuration Manager system.

N/A

The Hardware Inventory Client Agent is on the Configuration Manager Server.

For System Center 2012 Configuration Manager, see How to Configure Hardware Inventory in Configuration Manager.

-

For Configuration Manager 2007, see How to Configure Hardware Inventory for a Site.

One of the following is enabled, depending on the version of Configuration Manager that you are using:

-
    -

  • Compliance Settings - (System Center 2012 Configuration Manager)

    • -

  • Desired Configuration Management (DCM) Client Agent – (Configuration Manager 2007)

    • -

For System Center 2012 Configuration Manager, see Configuring Compliance Settings in Configuration Manager.

-

For Configuration Manager 2007, see Desired Configuration Management Client Agent Properties.

A reporting services point is defined in Configuration Manager. Required for SQL Server Reporting Services (SSRS).

For System Center 2012 Configuration Manager, see Prerequisites for Reporting in Configuration Manager.

-

For Configuration Manager 2007, see How to Create a Reporting Services Point for SQL Reporting Services.

Configuration Manager 2007 requires Microsoft .NET Framework 2.0

The Desired Configuration Management (DCM) Client Agent in Configuration Manager 2007 requires .NET Framework 2.0 to report compliance.

-
-Note

Installing .NET Framework 3.5 automatically installs .NET Framework 2.0.

-
-
- -
- - - -## Required permissions to install MBAM with Configuration Manager - - -To install MBAM with Configuration Manager, you must have an administrative user in Configuration Manager who has a security role with the minimum permissions listed in the following table. The table also shows the rights that you must have, beyond basic computer administrator rights, to install the MBAM Server. - -**The permissions in the following table apply to both versions of Configuration Manager.** - - ---- - - - - - - - - - - - - - - - - -
PermissionsMBAM Server feature

SQL Server instance login server roles: - dbcreator- processadmin

- Recovery Database- Audit Database

SSRS instance rights: - Create Folders- Publish Reports

- System Center Configuration Manager Integration

- - - -**System Center 2012 Configuration Manager** - - ---- - - - - - - - - - - - - - - - - - - - - -
PermissionsConfiguration Manager Server feature

Configuration Manager site rights:- Read

System Center Configuration Manager Integration

Configuration Manager collection rights: - Create- Delete- Read- Modify- Deploy Configuration Items

System Center Configuration Manager Integration

Configuration Manager configuration item rights: - Create- Delete- Read

System Center Configuration Manager Integration

- - - -**Configuration Manager 2007** - - ---- - - - - - - - - - - - - - - - - - - - - -
PermissionsConfiguration Manager Server feature

Configuration Manager site rights:- Read

System Center Configuration Manager Integration

Configuration Manager collection rights: - Create- Delete- Read- ReadResource

System Center Configuration Manager Integration

Configuration Manager configuration item rights: - Create- Delete- Read- Distribute

System Center Configuration Manager Integration

- - - -## Required changes for the .mof files - - -To enable the client computers to report BitLocker compliance details through the MBAM Configuration Manager reports, you have to edit the Configuration.mof file and Sms\_def.mof file for System Center 2012 Configuration Manager and Microsoft System Center Configuration Manager 2007. For instructions, see [MBAM 2.5 Server Prerequisites that Apply Only to the Configuration Manager Integration Topology](mbam-25-server-prerequisites-that-apply-only-to-the-configuration-manager-integration-topology.md). - - - -## Related topics - - -[MBAM 2.5 Server Prerequisites for Stand-alone and Configuration Manager Integration Topologies](mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md) - -[MBAM 2.5 Server Prerequisites that Apply Only to the Configuration Manager Integration Topology](mbam-25-server-prerequisites-that-apply-only-to-the-configuration-manager-integration-topology.md) - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - diff --git a/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md b/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md deleted file mode 100644 index 3e71f9ec51..0000000000 --- a/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md +++ /dev/null @@ -1,167 +0,0 @@ ---- -title: Release Notes for MBAM 2.5 SP1 -description: Release Notes for MBAM 2.5 SP1 -author: dansimp -ms.assetid: 3ac424c8-c490-4d62-aba4-1b462c02e962 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 09/06/2017 ---- - - -# Release Notes for MBAM 2.5 SP1 - - -To search these release notes, press Ctrl+F. - -Read these release notes thoroughly before you install Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1. These release notes contain information that is required to successfully install MBAM and can contain information that is not available in the product documentation. If these release notes differ from other MBAM 2.5 SP1 documentation, consider the latest change to be authoritative. These release notes supersede the content that is included with this product. - -## MBAM 2.5 SP1 known issues - - -This section contains release notes for MBAM 2.5 SP1. - -### PowerShell Read-AD\* cmdlets do not provide feedback if user does not have sufficient rights - -If a user trying to use the PowerShell Read-AD\* cmdlets for the MBAM Server does not have user rights to read the Active Directory recovery information or to read the TPM information, the cmdlets will not provide the user with any error or warning. - -**Workaround:** Only use the PowerShell Read-AD\* cmdlets if you have the required user rights. - -### MBAM Active Directory (AD) Migration cmdlets do not retrieve volume recovery information - -MBAM Active Directory (AD) Migration cmdlets fail to retrieve volume recovery information for computers in organizational units (OUs) if the forward slash character (/) is part of the OU name. Repeated AD pulls will fail with a pipeline terminating error when this error is encountered. - -**Technical Details:** You will see this error when running the command: - -``` syntax -Read-ADRecoveryInformation : Unknown error (0x80005000) -At line:1 char:1 -+ Read-ADRecoveryInformation -Server "…" -SearchBase " ... -+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - + CategoryInfo : NotSpecified: (:) [Read-ADRecoveryInformation], COMException - + FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Microsoft.Mbam.Server.Commands.ADPullCommands.ReadADRecoveryInformationCommand -``` - -In addition, the Exception stack trace `Error[0].Exception.StackTrace` will look like this: - -``` syntax - at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) - at System.DirectoryServices.DirectoryEntry.Bind() - at System.DirectoryServices.DirectoryEntry.get_AdsObject() - at System.DirectoryServices.PropertyValueCollection.PopulateList() - at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) - at System.DirectoryServices.PropertyCollection.get_Item(String propertyName) - at Microsoft.Mbam.Server.Commands.ADPullCommands.ReadCore.VerifySettingsConnectivity() - at Microsoft.Mbam.Server.Commands.ADPullCommands.ReadCore.ExecuteRead() - at Microsoft.Mbam.Server.Commands.ADPullCommands.ReadADInformationBase.ProcessRecord() - at System.Management.Automation.CommandProcessor.ProcessRecord() -``` - -**Workaround:** Perform one of these tasks to resolve this situation: - -- Rename the OU to remove the forward slash character and then run the script. - -- To exclude any problematic OU from the backup process, find a list of OUs whose names do not contain the forward slash character. Run the script on these OUs, one OU at a time. - -### MBAM fails to encrypt a volume and reports an error if you set a TPM + PIN protector on a tablet device - -If end users try to set a TPM + PIN protector on a tablet device, MBAM fails to encrypt, and it reports an error. This issue occurs because tablet devices do not have a pre-boot environment keyboard. - -**Workaround:** Enable the **Enable use of BitLocker authentication requiring preboot keyboard input on tablets** Group Policy setting. This setting is a BitLocker Group Policy setting and is not available in the MBAM Group Policy Templates. - -### User principal name is required for all service accounts - -A user principal name (UPN) must be set for all service accounts in MBAM. If you fail to create a UPN for an account, an error message appears during the configuration process to indicate that the user or group could not be found in Active Directory. - -**Workaround:** Add the UPN to the service account. - -### Self-Service Portal and the Administration and Monitoring Website do not open after you upgrade IIS to .NET Framework 4.5 - -When you upgrade Internet Information Services (IIS) to the Microsoft .NET Framework 4.5, the Self-Service Portal and the Administration and Monitoring Website do not open. - -**Workaround:** See the article [Error message after you install the .NET Framework 4.0: "Could not load type 'System.ServiceModel.Activation.HttpModule'](https://go.microsoft.com/fwlink/?LinkId=393568). - -### Administration and Monitoring Website displays a "Report cannot be found" error message when Reports are not configured - -If you configure the Administration and Monitoring Website and then try to view a report without configuring the Reports feature first, an error message indicates that the report cannot be found. - -**Workaround:** Configure the Reports feature before you configure the web applications. - -### Reports in the Administration and Monitoring Website display a warning if SSL is not configured in SSRS - -If SQL Server Reporting Services (SSRS) was not configured to use Secure Socket Layer (SSL), the URL for the Reports feature will be set to HTTP instead of to HTTPS when you configure the MBAM Server. If you then open the Administration and Monitoring Website and select a report, the following error message appears: "Only Secure Content is Displayed." - -**Workaround:** To show the report, click **Show All Content**. To correct this issue, go to the MBAM computer where SQL Server Reporting Services is installed, run **Reporting Services Configuration Manager**, and then click **Web Service URL**. Select the appropriate SSL certificate for the server, enter the appropriate SSL port (the default port is 443), and then click **Apply**. - -### Clicking "Back" in the BitLocker Compliance Summary report might throw an error - -If you drill down into a BitLocker Compliance Summary report, and then click the **Back** link in the SSRS report, an error might be thrown. - -**Workaround:** None. - -### Cipher strength displays incorrectly on the BitLocker Computer Compliance report - -If you do not set a specific cipher strength in the **Choose drive encryption method and cipher strength** Group Policy Object, the BitLocker Computer Compliance report in the Configuration Manager Integration topology always displays "unknown" for the cipher strength, even when the cipher strength uses the default of 128-bit encryption. The report displays the correct cipher strength if you set a specific cipher strength in the Group Policy Object. - -**Workaround:** Always set a specific cipher strength in the **Choose drive encryption method and cipher strength** Group Policy Object. - -### Compliance Status Distribution By Drive Type displays old data after you update configuration items - -After you update MBAM configuration items in System Center 2012 Configuration Manager, the Compliance Status Distribution By Drive Type bar chart on the BitLocker Enterprise Compliance Dashboard shows data that is based on information from old versions of the configuration items. - -**Workaround:** None. Modification of the MBAM configuration items is not supported, and the report might not appear as expected. - -### Enhanced Security Configuration might cause reports to display an error message incorrectly - -If Internet Explorer Enhanced Security Configuration (ESC) is turned on, an "Access Denied" error message might appear when you try to view reports on the MBAM Server. By default, ESC is turned on to protect the server by decreasing the server’s exposure to potential attacks that can occur through web content and application scripts. - -**Workaround:** If the "Access Denied" error message appears when you try to view reports on the MBAM Server, you can set a Group Policy Object or change the default manually in your image to disable Enhanced Security Configuration. You can also alternatively view the reports from another computer on which ESC is not enabled. - -### Support for Bitlocker XTS-AES encryption algorithm -Bitlocker added support for the XTS-AES encryption algorithm in Windows 10, version 1511. With HF02, MBAM added client support for this Bitlocker option and in HF04, the server-side support was added. However, there is one known limitation: - -* Customers must use the same encryption strength for OS and data volumes on the same machine. -If different encryption strengths are used, MBAM will report the machine as **non-compliant**. - -### Self-Service Portal automatically adds "-" on Key ID entry -As of HF02, the MBAM Self-Service Portal automatically adds the '-' on Key ID entry. -**Note:** The Server has to be reconfigured for the Javascript to take effect. - -### MBAM 2.5 Sp1 Reports does not work / render properly -Reports Page does not render properly when SSRS is hosted on SQL Server 2016 edition.  -For example – Browsing to Helpdesk – Clicking on Reports –  ( Highlighted portion have “x”  on it ) -Digging this further with Fiddler – it does look like once we click on Reports – it calls the SSRS page with HTML 4.0 rendering format. - -**Workaround:** Looking at the site.master code and noticed the X-UA mode was dictated as IE8. As IE8 is WAY past the end of life, and customer is using IE11. Update the setting to the below code. This allows the site to utilize IE11 rendering technologies - - - -Original setting is: - - - - -This is the reason why the issue was not seen with other browsers like Chrome, Firefox etc. - - - -## Related topics - - -[About MBAM 2.5](about-mbam-25.md) - -  - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).  - - - - - diff --git a/mdop/mbam-v25/release-notes-for-mbam-25.md b/mdop/mbam-v25/release-notes-for-mbam-25.md deleted file mode 100644 index ca65e45a7a..0000000000 --- a/mdop/mbam-v25/release-notes-for-mbam-25.md +++ /dev/null @@ -1,186 +0,0 @@ ---- -title: Release Notes for MBAM 2.5 -description: Release Notes for MBAM 2.5 -author: dansimp -ms.assetid: fcaf03e6-5e39-4771-af3c-a3cd468f3961 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Release Notes for MBAM 2.5 - - -To search these release notes, press Ctrl+F. - -Read these release notes thoroughly before you install Microsoft BitLocker Administration and Monitoring (MBAM) 2.5. These release notes contain information that is required to successfully install MBAM and can contain information that is not available in the product documentation. If these release notes differ from other MBAM 2.5 documentation, consider the latest change to be authoritative. These release notes supersede the content that is included with this product. - -## MBAM 2.5 known issues - - -This section contains release notes for MBAM 2.5. - -### Web browser unintentionally run as administrator - -Help links in the MBAM Server Configuration tool can cause browser windows to open with administrator rights. - -**Workaround:** Enable Internet Explorer Enhanced Security Configuration (IESC) or close your web browser before navigating to other sites. - -**Note**   -This is fixed in MBAM 2.5 SP1. - - - -### MBAM reports as noncompliant a client encrypted with AES 256-bit encryption keys and Diffuser - -If a computer has the MBAM 2.5 client installed and is encrypted by using the AES 256-bit with Diffuser cipher strength, the MBAM client is reported as noncompliant in the MBAM compliance reports. - -**Workaround:** Install the hotfix at [KB2975636](https://go.microsoft.com/fwlink/?LinkId=511972). - -### MBAM fails to encrypt a volume and reports an error if you set a TPM + PIN protector on a tablet device - -If end users try to set a TPM + PIN protector on a tablet device, MBAM fails to encrypt, and it reports an error. This issue occurs because tablet devices do not have a pre-boot environment keyboard. - -**Workaround:** Enable the **Enable use of BitLocker authentication requiring preboot keyboard input on tablets** Group Policy setting. This setting is a BitLocker Group Policy setting and is not available in the MBAM Group Policy Templates. - -### User principal name is required for all service accounts - -A user principal name (UPN) must be set for all service accounts in MBAM. If you fail to create a UPN for an account, an error message appears during the configuration process to indicate that the user or group could not be found in Active Directory. - -**Workaround:** Add the UPN to the service account. - -### Self-Service Portal requires additional configuration if client computers cannot access Microsoft Ajax Content Delivery Network - -If your client computers do not have access to the Microsoft Ajax Content Delivery Network (CDN), which gives the Self-Service Portal the access that it requires to certain JavaScript files, you must configure the Self-Service Portal to reference the JavaScript files from an accessible source. If you don’t configure the Self-Service Portal when client computers cannot access CDN, only the company name and the account under which you logged on is displayed. No error message appears. - -**Workaround:** Install MBAM 2.5 SP1. or configure the Self-Service Portal by following these instructions: [How to Configure the Self-Service Portal When Client Computers Cannot Access the Microsoft Content Delivery Network](how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network.md). - -### Self-Service Portal and the Administration and Monitoring Website do not open after you upgrade IIS to .NET Framework 4.5 - -When you upgrade Internet Information Services (IIS) to the Microsoft .NET Framework 4.5, the Self-Service Portal and the Administration and Monitoring Website do not open. - -**Workaround:** See the article [Error message after you install the .NET Framework 4.0: "Could not load type 'System.ServiceModel.Activation.HttpModule'](https://go.microsoft.com/fwlink/?LinkId=393568). - -### Administration and Monitoring Website displays a "Report cannot be found" error message when Reports are not configured - -If you configure the Administration and Monitoring Website and then try to view a report without configuring the Reports feature first, an error message indicates that the report cannot be found. - -**Workaround:** Configure the Reports feature before you configure the web applications. - -### Reports in the Administration and Monitoring Website display a warning if SSL is not configured in SSRS - -If SQL Server Reporting Services (SSRS) was not configured to use Secure Socket Layer (SSL), the URL for the Reports feature will be set to HTTP instead of to HTTPS when you configure the MBAM Server. If you then open the Administration and Monitoring Website and select a report, the following error message appears: "Only Secure Content is Displayed." - -**Workaround:** To show the report, click **Show All Content**. To correct this issue, go to the MBAM computer where SQL Server Reporting Services is installed, run **Reporting Services Configuration Manager**, and then click **Web Service URL**. Select the appropriate SSL certificate for the server, enter the appropriate SSL port (the default port is 443), and then click **Apply**. - -### Clicking "Back" in the BitLocker Compliance Summary report might throw an error - -If you drill down into a BitLocker Compliance Summary report, and then click the **Back** link in the SSRS report, an error might be thrown. - -**Workaround:** None. - -### Used Space Only Encryption does not work correctly - -If you encrypt a computer for the first time after you install the MBAM Client, and you have configured a Group Policy setting to implement Used Space Only encryption, MBAM erroneously encrypts the entire disk instead of encrypting only the disk’s used space. If a computer is already encrypted with Used Space Only when you install the MBAM Client, and you have configured the same Group Policy setting, MBAM reports that the drive is encrypted correctly, and does not try to re-encrypt the drive. - -**Workaround:** None. - -### Cipher strength displays incorrectly on the BitLocker Computer Compliance report - -If you do not set a specific cipher strength in the **Choose drive encryption method and cipher strength** Group Policy Object, the BitLocker Computer Compliance report in the Configuration Manager Integration topology always displays "unknown" for the cipher strength, even when the cipher strength uses the default of 128-bit encryption. The report displays the correct cipher strength if you set a specific cipher strength in the Group Policy Object. - -**Workaround:** Always set a specific cipher strength in the **Choose drive encryption method and cipher strength** Group Policy Object. - -### Compliance Status Distribution by Drive Type displays old data after you update configuration items - -After you update MBAM configuration items in System Center 2012 Configuration Manager, the Compliance Status Distribution By Drive Type bar chart on the BitLocker Enterprise Compliance Dashboard shows data that is based on information from old versions of the configuration items. - -**Workaround:** None. Modification of the MBAM configuration items is not supported, and the report might not appear as expected. - -### Enhanced Security Configuration might cause reports to display an error message incorrectly - -If Internet Explorer Enhanced Security Configuration (ESC) is turned on, an "Access Denied" error message might appear when you try to view reports on the MBAM Server. By default, ESC is turned on to protect the server by decreasing the server’s exposure to potential attacks that can occur through web content and application scripts. - -**Workaround:** If the "Access Denied" error message appears when you try to view reports on the MBAM Server, you can set a Group Policy Object or change the default manually in your image to disable Enhanced Security Configuration. You can also alternatively view the reports from another computer on which ESC is not enabled. - -## Hotfixes and Knowledge Base articles for MBAM 2.5 - - -This table lists the hotfixes and KB articles for MBAM 2.5. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
KB ArticleTitleLink

2975636

Hotfix Package 1 for Microsoft BitLocker Administration and Monitoring 2.5

support.microsoft.com/kb/2975636/EN-US

3015477

Hotfix Package 2 for BitLocker Administration and Monitoring 2.5

support.microsoft.com/kb/3015477

3011022

MBAM 2.5 installation or Configuration Manager reporting fails if the name of SSRS instance contains an underscore

support.microsoft.com/kb/3011022/EN-US

2756402

MBAM client would fail with Event ID 4 and error code 0x8004100E in the Event description

support.microsoft.com/kb/2756402/EN-US

2639518

Error opening Enterprise or Computer Compliance Reports in MBAM

support.microsoft.com/kb/2639518/EN-US

2870842

MBAM 2.0 Setup fails during Configuration Manager Integration Scenario with SQL Server 2008

support.microsoft.com/kb/2870842/EN-US

2975472

SQL deadlocks when many MBAM clients connect to the MBAM recovery database

support.microsoft.com/kb/2975472/EN-US

- - - - -## Related topics - - -[About MBAM 2.5](about-mbam-25.md) - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).  - - - - - diff --git a/mdop/mbam-v25/removing-mbam-server-features-or-software.md b/mdop/mbam-v25/removing-mbam-server-features-or-software.md deleted file mode 100644 index 640588cc30..0000000000 --- a/mdop/mbam-v25/removing-mbam-server-features-or-software.md +++ /dev/null @@ -1,93 +0,0 @@ ---- -title: Removing MBAM Server Features or Software -description: Removing MBAM Server Features or Software -author: dansimp -ms.assetid: 5212ba3f-124d-43c5-824a-608e9a192e86 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Removing MBAM Server Features or Software - - -These instructions explain how to remove software and features from Microsoft BitLocker Administration and Monitoring (MBAM). If you remove MBAM Server features, only the configured features are removed from the server, not the MBAM Server software. If you remove the MBAM Server software, the software and any MBAM Server features that you configured on that server are removed. - -**Note**   -To prevent the accidental removal of data, MBAM provides no mechanism for removing the databases; you must do that manually. - - - -## Removing MBAM Server features - - -You can use either of the following methods to remove MBAM Server features that you have configured: - -- MBAM Server Configuration wizard - -- Windows PowerShell cmdlets - -### Using the MBAM Server Configuration wizard to remove features - -Follow these instructions to use the MBAM Server Configuration wizard to remove configured MBAM Server features from a server. - -**To remove MBAM features by using the wizard** - -1. On the server where you want to remove features, select **MBAM Server Configuration** to open the configuration wizard. - -2. Click **Remove Features**, select the features to remove, and then click **Next**. A **Summary** page displays the features you selected for removal. - -3. Click **Remove** to start removing the features, and then click **Close**. - -### Using Windows PowerShell to remove features - -Use the following steps as a general guide to remove MBAM Server features by using Windows PowerShell cmdlets. - -**To remove MBAM features by using Windows PowerShell** - -1. Before removing any features, see [Configuring MBAM 2.5 Server Features by Using Windows PowerShell](configuring-mbam-25-server-features-by-using-windows-powershell.md) to review the prerequisites for using Windows PowerShell. - -2. Use the following cmdlets to remove MBAM Server features: - - - Disable-MbamReport - - - Disable-MbamWebApplication - - - Disable-MbamCMIntegration - - To get help with Windows PowerShell cmdlets, type **Get-Help** <*cmdlet*> or see the [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](https://go.microsoft.com/fwlink/?LinkId=393498) page for the MBAM Windows PowerShell cmdlets. - -## Removing MBAM Server software - - -Use the following steps to remove the MBAM Server software and any MBAM Server features that you configured on that server. - -**To remove the MBAM Server software** - -1. On the server where you want to uninstall the MBAM Server software, run **MBAMserversetup.exe** to start the Microsoft BitLocker Administration and Monitoring Setup wizard. - -2. Select **Uninstall**, and follow the remaining prompts to complete the process of uninstalling the MBAM Server software. - - - -## Related topics - - -[Deploying MBAM 2.5](deploying-mbam-25.md) - - - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - diff --git a/mdop/mbam-v25/server-event-logs.md b/mdop/mbam-v25/server-event-logs.md deleted file mode 100644 index b02ad84d6d..0000000000 --- a/mdop/mbam-v25/server-event-logs.md +++ /dev/null @@ -1,683 +0,0 @@ ---- -title: Server Event Logs -description: Server Event Logs -author: dansimp -ms.assetid: 04e724d2-28cc-4fa8-86a1-0d4ab0234b11 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Server Event Logs - - -The tables in this section provide information about MBAM Server log event IDs. - -## Configuration - - -The following table contains messages and troubleshooting information for event IDs that can occur on the MBAM Server during configuration. - - ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Event IDSourceEvent symbolMessageTroubleshooting

103

Microsoft-Windows-MBAM-Server/Operational

VssRegistrationException

An exception was thrown during VSS registration.

104

Microsoft-Windows-MBAM-Server/Operational

VssDeregistrationException

An exception was thrown during VSS deregistration.

300

Microsoft-Windows-MBAM-Server /Admin

CmdletError

Failed in removing folder.

Indicates that a terminating error occurred while performing a task. Inspect other event messages in the log to further diagnose MBAM setup.

301

Microsoft-Windows-MBAM-Server /Admin

cmdletUnexpectedError

Unexpected Cmdlet error.

302

Microsoft-Windows-MBAM-Server /Admin

CmdletWarning

Cmdlet warning.

303

Microsoft-Windows-MBAM-Server/Operational

CmdletInformation

Cmdlet information.

Informational only; no troubleshooting required. The event indicates that a task is taking place by the Cmdlets such as enabling\disabling a feature or cancelling an operation.

400

Microsoft-Windows-MBAM-Server /Admin

ConfiguratorError

Configurator error.

Indicates that an error has occurred while launching the MBAM Configurator. Ensure that the user has adequate privileges to launch the MBAM Configurator.

401

Microsoft-Windows-MBAM-Server /Admin

ConfiguratorUnexpectedError

Unexpected Configurator error.

Indicates that a terminating error has occurred while performing an MBAM Configurator task. The error message will contain more details about the error. Inspect other error messages in the event log to further diagnose MBAM setup. Known errors include:

-
    -

  • Failure to retrieve or validate a Certificate that was selected by the user

    • -

  • Failure to parse the Reports URL

    • -

  • Failure to open Event Logs for the user

    • -

402

Microsoft-Windows-MBAM-Server /Admin

ConfiguratorWarning

Configurator warning.

Indicates that an MBAM Configurator task is not complete as expected but did not fail completely. Known tasks include missing certificate in the LocalMachine\My store that was configured in the web application feature, or a timeout for a pending task.

410

Microsoft-Windows-MBAM-Server/Operational

ConfiguratorInformation

Configurator information.

Informational only; no troubleshooting required. The event indicates that a task is being invoked by the MBAM Configurator. Known tasks include:

-
    -

  • Launching the configurator

    • -

  • Checking software prerequisites for an MBAM feature

    • -

  • Validating parameters for an MBAM feature

    • -

  • Enabling\disabling\committing an MBAM feature

    • -

  • Generating a PowerShell script from the configurator

    • -

500

Microsoft_Windows_MBAM_Server_Admin

WebProviderUnexpectedError

Web application provider unexpected error.

Indicates that an error has occurred while enabling and configuring an MBAM web site or web service in IIS. Known errors include:

-
    -

  • Failure to find IIS WWW root folder

    • -

  • Failure to access IIS configuration in web.config due to malformed files or missing settings

    • -

  • Failure to create or remove a web application

    • -

  • IIS access violation

    • -
-

This error is also logged if MBAM cannot access Active Directory (AD) to validate user accounts. Verify that IIS is installed, correctly configured, and the IIS service is running. Verify that all the MBAM software prerequisite checks pass. Verify that the user has the correct permissions to create web applications on the IIS instance. Verify that the user has access to read user account objects in AD.

501

Microsoft-Windows-MBAM-Server /Admin

WebProviderError

Web application provider unexpected error.

Indicates that an error has occurred while enabling, disabling, or configuring an MBAM web site or web service in IIS. Known errors include:

-
    -

  • Failure to read basic or WSHttp binding information from IIS

    • -

  • Missing identity section or DNS entry in identity section in IIS config files

    • -

  • Failure to open registry key HKLM\SOFTWARE\Microsoft\InetStp

    • -

  • Failure to read value PathWWWRoot from registry key HKLM\SOFTWARE\Microsoft\InetStp

    • -

  • User is trying to specify a virtual directory name with a reserved name for MBAM

    • -
-

Verify that IIS is installed and correctly configured. Verify that the registry key HKLM\SOFTWARE\Microsoft\InetStp:PathWWWRoot exists and accessible. Verify that the binding information in IIS is not corrupt.

502

Microsoft-Windows-MBAM-Server /Admin

WebProviderWarning

Web application provider warning.

Indicates that a non-terminating error has occurred while enabling an MBAM web site or web service. Known errors include:

-
    -

  • Failure to access AD to validate the Service Principal Name (SPN) on the app pool account

    • -

  • Failure to validate SPN because it is assigned to multiple accounts in AD

    • -

  • Failure to register an SPN on the app pool account in AD

    • -

  • SPN is registered on an account other than the app pool in AD

    • -

  • Failure to remove SPN from the app pool account in AD during a rollback operation

    • -

  • Failure to check if the IIS_IUSRS group has been granted the logon as batch privilege on the IIS server

    • -
-

The event message will contain more information about the specific error. Verify that AD is reachable from the server where MBAM setup is running. Verify that the user who is running the MBAM setup has read permissions on the app pool account in AD. If an SPN is already registered on the app pool account in AD then make sure that it is not registered on other accounts.

503

Microsoft-Windows-MBAM-Server/Operational

WebProviderInformation

Web application provider information. {Description}

Informational only; no troubleshooting required. The event indicates that a task is being invoked by the MBAM Setup. Known tasks include getting IIS configuration such as binding information and root site, and configuring Service Principal Name (SPN).

600

Microsoft-Windows-MBAM-Server /Admin

SetupUnexpectedError

Unexpected setup error.

Indicates that a terminating error has occurred while enabling\disabling or configuring an MBAM feature. Known errors include:

-
    -

  • Failure to rollback a task after an error

    • -

  • Failure to read from the registry

    • -

  • Failure to create or delete a folder in the file system

    • -

  • Failure to read SQL version information

    • -

  • Failure to register VSS writer in SQL

    • -
-

The event message will contain more information about the specific error. Verify that all MBAM software prerequisite checks pass. Make sure the MBAM registry path, if exists, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM Server and all the subkeys are readable. Verify that AD is reachable from the server where MBAM setup is running. Verify that the user who is running the MBAM setup has read permissions in AD.

-

For a successful VSS writer registration, verify that a supported version of SQL is installed and an instance is accessible to the user who is running the MBAM setup. If disabling an MBAM feature or uninstalling MBAM verify that all files such as log files and web.config files are closed so MBAM can remove its web sites and web services.

601

Microsoft-Windows-MBAM-Server /Admin

SetupError

Setup error.

Indicates that a terminating error has occurred while enabling\disabling or configuring an MBAM feature. Known errors include:

-
    -

  • Failure to read MBAM configuration in IIS

    • -

  • Corrupt appSettings section in IIS configuration or misconfigured settings

    • -

  • Failure to validate host name

    • -

  • Failure to read SQL version information

    • -

  • Failure to register VSS writer in SQL

    • -
-

The event message will contain more information about the specific error. Verify that IIS is installed and configured correctly. Verify that all MBAM software prerequisite checks pass. For a successful VSS writer registration, verify that a supported version of SQL is installed and an instance is accessible to the user who is running the MBAM setup.

602

Microsoft-Windows-MBAM-Server /Admin

SetupWarning

Setup warning.

Indicates that a non-terminating error has occurred while enabling\disabling or configuring an MBAM feature such as Configuration Manager (CM) Integration or MBAM web application. Known errors include: failure to delete MBAM Reports from SRS Role point in the CM, and failure to resolve a host name from the domain controller. The event message will contain more information about the specific error.

-

Verify that AD is reachable from the server where MBAM setup is running. Verify that the user who is running the MBAM setup has remove permissions on the SSRS instance that is configured as an SRS Role point in CM.

603

Microsoft-Windows-MBAM-Server/Operational

SetupInformation

Setup information.

Informational only; no troubleshooting required.

605

Microsoft-Windows-MBAM-Server /Admin

WebProviderSoftwareCheckFailure

Web application cannot be enabled because one or more software dependencies are not being met.

During MBAM web site/web service installation, MBAM setup verifies if necessary prerequisites are in place. This message indicates that MBAM failed to install the requested web site/web service as the necessary prerequisite is missing. Refer to error messages preceding this message to get more information about missing prerequisites.

606

Microsoft-Windows-MBAM-Server /Admin

SetupParameterValidationFailure

The parameter that is needed to enable the server feature was either not specified or it did not pass the validation.

Indicates that the parameter that is needed to configure an MBAM feature was either not specified or it did not pass the validation.

607

Microsoft-Windows-MBAM-Server /Admin

SetupParameterValidationFailureWithError

Error encountered while trying to validate specified parameter that is needed to enable the server feature.

Indicates that an error was encountered while trying to validate specified parameter that is needed to enable the server feature.

700

Microsoft-Windows-MBAM-Server /Admin

DbProviderUnexpectedError

DB provider unexpected error.

701

Microsoft-Windows-MBAM-Server /Admin

DbProviderError

DB provider error.

The message contained in the EventDetails section should provide more information about actual error. These are some of the areas to verify:

-
    -

  • MBAM Setup failed to connect to Database using the provided connection information. Verify the connection string details provided to MBAM setup.

    • -

  • MBAM Setup could not connect to the given database using the supplied domain account credentials. Verify that domain account user name and password are valid.

    • -

  • MBAM Setup could not connect to the given database using the supplied domain account credentials. Verify that the provided domain account has necessary permissions in place to connect to MBAM database.

    • -

  • MBAM Dac pac will fail if a newer version of MBAM database is already installed. Verify that a new version of MBAM DBs does not exist on the given SQL server.

    • -

702

Microsoft-Windows-MBAM-Server /Admin

DbProviderWarning

DB provider warning.

703

Microsoft-Windows-MBAM-Server/Operational

DbProviderInformation

DB provider information.

Informational only; no troubleshooting required.

704

Microsoft-Windows-MBAM-Server /Admin

DbProviderDacError

An error occurred while deploying the Data-Tier Application.

MBAM packages its databases as data tier applications and tries to register them using Microsoft.SqlServer.Dac.DacServices. The error message in context is reported by DAC service. The event should contain detailed information about what caused it. Read the information in the error message to troubleshoot and fix the issue.

705

Microsoft-Windows-MBAM-Server /Admin

DbProviderDacWarning

A warning occurred while deploying the Data-Tier Application.

MBAM packages its databases as data tier application and tries to register them using Microsoft.SqlServer.Dac.DacServices. The warning message in context is reported by DAC service. The event should contain detailed information about what caused it. Read the information in the warning message to troubleshoot and fix the issue.

706

Microsoft-Windows-MBAM-Server/Operational

DbProviderDacInformation

A message was raised while deploying the Data-Tier Application.

Informational only; no troubleshooting required.

800

Microsoft-Windows-MBAM-Server /Admin

ReportProviderUnexpectedError

Report provider unexpected error.

Report provider unexpected error. {Description} {exceptionDetails} These are some of the possible exception details:

-

An error occurred while getting the name of directory '{directoryName}'

-

An exception occurred while getting files for directory '{directoryName}'

-

An exception occurred while enumerating directories in directory '{directoryName}'

-

An exception occurred while reading all bytes for file '{fileName}'

-

During MBAM installation, MBAM setup unzips all the report files to the specified installation path. As a part of report installation, install module tries to access the unzipped report files at installation path and communicates with SQL Reporting services to publish the report files. The above errors occur when MBAM cannot access the files/folders at unzipped Installation path. These are some tips to troubleshoot this issue:

-
    -

  • Verify that MBAM is installed.

    • -

  • Verify that regkey HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM Server\InstallationPath is present and accessible to the executing user.

    • -

  • Verify that Path to Report files under MBAM InstallationPath does not exceed 248 characters.

    • -

  • Verify that MBAM Setup folder or the files contained in MBAM Installation path has not been modified since installation.

    • -

  • Verify that user running the setup is authorized to read from/write to MBAM Installation folder.

    • -
-

Reporting Services connectivity failed.{exceptionDetails}

-

During MBAM reports installation, modules tries to communicate with SSRS web services to create folders and publish reports. The above message indicates that MBAM could not find or communicate with SSRS web services. These are some tips to troubleshoot this issue:

-
    -

  • Verify that SSRS is installed on the specified machine.

    • -

  • Using SSRS console verify that SSRS is enabled and running.

    • -

  • Verify that user running the setup is authorized to access SSRS.

    • -
-

Failed to remove the MBAM Reports using Reporting Services instance URL '{SSRSInstanceUrl}'.Make sure the SSRS instance required for MBAM Reports is running and configured correctly.

-

When MBAM installation fails or When user disables MBAM Reporting features, setup module removes SSRS reports. The above message indicates that MBAM failed to remove SSRS reports. These are some tips to troubleshoot this issue:

-
    -

  • Verify that SSRS is installed on the specified machine.

    • -

  • Using SSRS console verify that SSRS is enabled and running.

    • -

  • Verify that the user running the setup is authorized to access SSRS.

    • -
-

An error occurred while publishing reports.{exceptionDetails}.

-

During MBAM reports installation, modules tries to communicate with SSRS web services to create folders and publish reports. The above message indicates that SSRS web service reported and exception while publishing reports. These are some tips to troubleshoot this issue:

-
    -

  • Using SSRS console verify that SSRS is enabled and running.

    • -

  • Verify that the user running the setup is authorized to access/publish reports to SSRS.

    • -
-

A policy for group user name '{userName}' already exists. In case this is not correct, manually revise the Reporting Service for duplicate or invalid policies.

-

After Publishing MBAM reports, MBAM setup tries to create a MBAM Report Users roles (if it does not exist already) and sets corresponding user policy. The above error indicates that SSRS web service threw an exception while setting up report user role policy. Follow the instructions in the event message and refer to "https://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=SQL+Server+Reporting+Services&ProdVer=8.00&EvtID=rsInvalidPolicyDefinition&EvtSrc=Microsoft.ReportingServices.Diagnostics.ErrorStrings.resources.Strings&LCID=1033"; for more help.

-

An error occurred while validating access to SSRS {exceptionDetails}.

-

As part of prerequisite check, MBAM setup verifies if the user has necessary permissions to access/create folder under SSRS. The error message indicates that an exception has occurred while verifying access to SSRS. Refer to the exception details for debugging tips.

-

A SOAP error occurred while checking the SSRS URL.{exceptionDetails}

-

A web error occurred while checking the SSRS URL.{exceptionDetails}

-

An http/https error occurred while checking the SSRS URL.{exceptionDetails}

-

An error occurred while checking the SSRS URL.{exceptionDetails}

-

As part of prerequisite check, MBAM setup retrieves URLs associated with the supplied SSRS instance and tries to communicate with SSRS web service. The above error message indicates that SSRS web service at the given URL threw an exception, Refer to exception details for more information. These are some tips to resolve SSRS communication issues.

-
    -

  • Verify that SSRS is installed on the specified machine.

    • -

  • Using SSRS console verify that SSRS is enabled and running.

    • -

  • Verify that the user running the setup is authorized to access SSRS.

    • -
-

An error occurred while retrieving the SSRS version. {exceptionDetails}

-

As part of prerequisite check, MBAM setup queries WMI to retrieve the version number associated to the supplied SSRS instance. The above error message indicates that an exception occurred while querying WMI. Refer to exceptionDetails for more information. These are some checks you can perform:

-
    -

  • Verify that SSRS with given instance name is installed on the specified machine.

    • -

  • Using SSRS console verify that SSRS is enabled and running.

    • -

  • Verify that the user executing the setup is authorized to query SSRS class under WMI namespace.

    • -
-

The current user is not authorized to access the WMI namespace '{ssrsWMINamespace}'.

-

An error occurred while enumerating the namespace '{ssrsWMINamespace}'. RPC server for SSRS WMI provider on the local host is not found.

-

An error occurred while enumerating the namespace '{ssrsNamespace}'. Unable to find an instance of SSRS on the local host.

-

An error occurred while accessing WMI. RPC server for instance '{ssrsInstance}' was not found.

-

An error occurred while accessing WMI. Instance name '{ssrsInstanceName}' is not correct.

-

An error occurred while accessing WMI. Unable to find instance '{ssrsInstanceName}' on the local host.

-

As part of prerequisite check, MBAM setup queries WMI to retrieve WMI namespace associated to given instance. The above error message indicates that and exception was occurred while querying WMI. Refer to exceptionDetails for more information. These are some checks you can perform:

-
    -

  • Verify that SSRS with given instance name is installed on the specified machine.

    • -

  • Using SSRS console verify that SSRS is enabled and running.

    • -

  • Verify that the user running the setup is authorized to access/query SSRS class under WMI namespace.

    • -

801

Microsoft-Windows-MBAM-Server /Admin

ReportProviderError

Report provider unexpected error.

Given the SQL server reporting services instance name, MBAM tries to find the WMI namespace corresponding to the reporting instance and connect to it. This error occurs if MBAM encounters an exception when MBAM searches for or tries to connect to SSRS WMI namespace. Read the information in the error messages logged in the MBAM setup channel before this message to get more details. Here are some things you can check:

-
    -

  • Verify that SSRS with supplied instance name is up and running

    • -

  • Verify that the user account running MBAM installation has necessary permissions to query/connect to SSRS WMI namespace

    • -

802

Microsoft-Windows-MBAM-Server /Admin

ReportProviderWarning

Report provider warning.

803

Microsoft-Windows-MBAM-Server/Operational

ReportProviderInformation

Report provider information.

Informational only; no troubleshooting required.

900

Microsoft-Windows-MBAM-Server /Admin

CMProviderUnexpectedError

CM provider unexpected error.

Indicates that a terminating error has occurred while enabling\disabling or configuring the Configuration Manager (CM) Integration feature in MBAM. Known errors include:

-
    -

  • Failure to connect to the CM site server via the SMS Provider

    • -

  • Failure to read from the registry

    • -

  • Failure to create or delete a folder in the file system

    • -

  • Failure to locate the Configuration Manager Console installation on the local machine

    • -

  • Failure to retrieve information for the SSRS instance that is configured as an SRS Role point in CM

    • -
-

The event message will contain more information about the specific error. Verify that all MBAM software prerequisite checks pass. Verify that the MBAM registry path, if exists, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM Server and all the subkeys are readable. Verify that MBAM is being integrated with a supported version of Configuration Manager. Verify that the Configuration Manager Console is installed on the machine where the MBAM setup is being invoked and that the console can be used to connect to the target CM Site Server. Verify that a valid SSRS instance is configured as an SRS Role point in CM and that the user who is running the MBAM setup has read\write permissions on the SSRS instance.

901

Microsoft-Windows-MBAM-Server /Admin

CMProviderError

CM provider unexpected error.

Indicates that a terminating error has occurred while enabling\disabling or configuring the Configuration Manager (CM) Integration feature in MBAM. Known errors include:

-
    -

  • failure to connect to the CM Site Server via the SMS Provider

    • -

  • failure to read from the registry

    • -

  • failure to create or delete a folder in the file system

    • -

  • failure to locate the Configuration Manager Console installation on the local machine

    • -

  • missing ConfigMgr folder in SSRS as the root folder for the SRS Role point reports

    • -

  • missing ConfigMgr shared data source in SSRS

    • -

  • failure to deploy SSRS reports in the SSRS instance that is configured as an SRS Role point in CM

    • -

  • failure to create Configuration Items and baselines in CM

    • -
-

The event message will contain more information about the specific error. Verify that all MBAM software prerequisite checks pass. Verify that the MBAM registry path, if exists, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM Server and all the subkeys are readable. Verify that MBAM is being integrated with a supported version of Configuration Manager. Verify that the Configuration Manager Console is installed on the machine where the MBAM setup is being invoked and that the console can be used to connect to the target CM Site Server. Verify that the user has the required read\write permissions to create Configuration Items, Baselines, and Collections in CM. Verify that a valid SSRS instance is configured as an SRS Role point in CM and that the user who is running the MBAM setup has read\write permissions on the SSRS instance.

902

Microsoft_Windows_MBAM_Server_Admin

CMProviderWarning

CM provider warning.

Indicates that a non-terminating error has occurred while enabling the Configuration Manager (CM) Integration feature. Known errors include: failure to commit collection rules in the MBAM Supported Computers collection in CM, and other SSRS and network related errors.

-

The event message will contain more information about the specific error. Some operations that caused this warning are retired after the warning. If after several retries the error persists, then MBAM might end with an actual error. Inspect other event messages in the log to further diagnose MBAM setup.

903

Microsoft-Windows-MBAM-Server/Operational

CMProviderInformation

CM provider information.

Informational only; no troubleshooting required.

- - - -## Operation - - -The following table contains messages and troubleshooting information for event IDs that can occur while MBAM is running. - - ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Event IDSourceEvent SymbolMessageTroubleshooting

1

Microsoft-Windows-MBAM-Web/Admin

WebAppSpnError

Application: {SiteName}{VirtualDirectory} is missing the following Service Principal Names (SPNs):{ListOfSpns} Register the required SPNs on the account: {ExecutionAccount}.

For Integrated Windows Authentication to succeed, necessary SPNs needs to be in place. This message indicates that the SPN required for MBAM application has not been correctly configured. Details contained in this event should provide more information.

-

See “Service Principal Name (SPN)” in MBAM 2.5 Server Prerequisites for Stand-alone and Configuration Manager Integration Topologies for more information.

4

Microsoft-Windows-MBAM-Web/Operational

PerformanceCounterError

An error occurred while retrieving a performance counter.

-

Message:{EventMessage}Category:{CategoryOfPerformanceCounter} Performance Counter:{NameOfPerformanceCounter} Instance:{Name of performance counter category instance} Exception:{ExceptionThrown}

-

Trace message will contain the actual exception message, some of which are explained here:

-

ArgumentNullException: This exception is thrown if the category, counter or instance of requested Performance counter is invalid.

-

System.InvalidOperationException: categoryName is an empty string ("").-or- counterName is an empty string("").

-

-or- The read/write permission setting requested is invalid for this counter.

-

-or- The category specified does not exist (if readOnly is true).

-

-or- The category specified is not a .NET Framework custom category (if readOnly is false).

-

-or-The category specified is marked as multi-instance and requires the performance counter to be created with an instance name.

-

-or-instanceName is longer than 127 characters.

-

-or-categoryName and counterName have been localized into different languages.

-

System.ComponentModel.Win32Exception: An error occurred when accessing a system API.

-

System.PlatformNotSupportedException: The platform is Windows 98 or Windows Millennium Edition (ME), which does not support performance counters.

-

System.UnauthorizedAccessException: Code that is executing without administrative privileges attempted to read a performance counter.

The message contained in the event will provide more details around the exception that was thrown. If a System.UnauthorizedAccessException was thrown, verify that MBAM execution account (app pool) has access to performance counter APIs.

100

Microsoft-Windows-MBAM-Web/Admin

AdminServiceRecoveryDbError

GetMachineUsers: An error occurred while getting user information from the database. Message:{message} -or-

-

GetRecoveryKey: an error occurred while getting recovery key from the database. Message:{message} -or-

-

GetRecoveryKey: an error occurred while getting user information from the database. Message:{message} -or-

-

GetRecoveryKeyIds: an error occurred while getting recovery key Ids from the database. Message:{message} -or-

-

GetTpmHashForUser: An error occurred while getting TPM hash data from the recovery database. Message:{message} -or-

-

GetTpmHashForUser: An error occurred while getting TPM hash data from the recovery database. Message:{message}-or-

-

QueryDriveRecoveryData: An error occurred while getting drive recovery data from the database. Message:{message}-or-

-

QueryRecoveryKeyIdsForUser: An error occurred while getting recovery key Ids from the database. Message:{message} -or-

-

QueryVolumeUsers: An error occurred while getting user information from the database.

This message is logged whenever there is an exception while communicating with the MBAM recovery database. Read through the information contained in the trace to get specific details about the exception.

-

For detailed troubleshooting steps, see the TechNet article How to Troubleshoot Connecting to the SQL Server Database Engine.

101

Microsoft-Windows-MBAM-Web/Admin

AdminServiceComplianceDbError

GetRecoveryKey: An error occurred while logging an audit event to the compliance database. Message:{message} -or-

-

GetRecoveryKeyIds: An error occurred while logging an audit event to the compliance database. Message:{message} -or-

-

GetTpmHashForUser: An error occurred while logging an audit event to the compliance database. Message:{message} -or-

-

QueryRecoveryKeyIdsForUser: An error occurred while logging an audit event to the compliance database. Message:{message} -or-

-

QueryDriveRecoveryData: An error occurred while logging an audit event to the compliance database. Message:{message}

This message is logged whenever there is an exception while communicating the MBAM compliance database. Read through the information contained in the trace to get specific details about the exception.

-

For detailed troubleshooting steps, see the TechNet article How to Troubleshoot Connecting to the SQL Server Database Engine.

102

Microsoft-Windows-MBAM-Web/Admin

AgentServiceRecoveryDbError

This message indicates an exception when MBAM Agent service tries to communicate with the recovery database. Read through the message contained in the event to get specific information about the exception.

-

See the TechNet article How to Troubleshoot Connecting to the SQL Server Database Engine to verify whether the MBAM app pool account has required permissions in place to connect or execute on MBAM recovery database.

103

Microsoft-Windows-MBAM-Web/Admin

AgentServiceError

Unable to detect client machine account or data migration user account. -or-

-

Account verification failed for caller identity.

Whenever a call is made to the "PostKeyRecoveryInfo", "IsRecoveryKeyResetRequired", "CommitRecoveryKeyRest", or "GetTpmHash" web methods on MBAM Agent services, it retrieves the caller context to obtain caller credentials. If the caller context is null or empty, the MBAM Agent service logs "Unable to detect client machine account or data migration user account."

-

The message "Account verification failed for caller identity " is logged if the web method is expecting the caller to a be computer account and the caller is not a computer account, or if the web method is excepting the caller to be a user account and the caller is not a user account or member of data migration group account.

104

Microsoft-Windows-MBAM-Web/Admin

StatusServiceComplianceDbConfigError

"The Compliance database connection string in the registry is empty."

This message is logged whenever the compliance db connection string is invalid.

-

Verify the value at the registry key HKLM\Software\Microsoft\MBAM Server\Web\ComplianceDBConnectionString

105

Microsoft-Windows-MBAM-Web/Admin

StatusServiceComplianceDbError

This error indicates that MBAM websites/web services were unable to connect to the MBAMCompliance database.

-

See the TechNet article How to Troubleshoot Connecting to the SQL Server Database Engine to verify that the IIS app pool account could connect to the MBAM compliance database.

106

Microsoft-Windows-MBAM-Web/Admin

HelpdeskError

The request to URL {url} caused an internal error. -or-

-

An error occurred while obtaining execution context information. Unable to verify Service Principal Name (SPN) registration. -or-

-

An error occurred while verifying Service Principal Name (SPN) registration.

Indicates that an unhandled exception has been raised in Helpdesk application. Review the log entries in the MBAM Admin operational channel to find the specific exception. –or-

-

During the initial Helpdesk website load operation, an SPN check is performed. To verify SPN, the Helpdesk requires execution account information, IIS Sitename, and ApplicationVirtualPath corresponding to Helpdesk website. This error message is logged when one or more of these is invalid or missing. –or-

-

This message indicates that a security exception is thrown while performing SPN verification. Refer to the exception contained in event details section.

107

Microsoft-Windows-MBAM-Web/Admin

SelfServicePortalError

An error occurred while getting recovery key for a user. EventDetails:{ExceptionMessage} -or-

-

An error occurred while obtaining execution context information. Unable to verify Service Principal Name (SPN) registration. EventDetails: User: {username Identity} Application:{SiteName\ApplicationVirtualPath} -or-

-

An error occurred while verifying Service Principal Name (SPN) registration. EventDetails:{ExceptionMessage}

Indicates that an unexpected exception was thrown when a request was made to retrieve recovery key. Refer to the exception message contained in event details section. If tracing is enabled on MBAM Helpdesk, refer to trace data to obtain detailed exception messages. –or-

-

During an initial load operation, the Self-Service Portal (SSP) retrieves execution account information, IIS Sitename, and ApplicationVirtualPath corresponding to the Self-Service website to verify SPN. This error message is logged when one or more of these is invalid. –or-

-

This message indicates that a security exception was thrown while performing SPN verification. Refer to the exception contained in event details section.

108

Microsoft-Windows-MBAM-Web/Admin

DomainControllerError

An error occurred while resolving domain name {DomainName}, A memory allocation failure occurred. -or-

-

Could not invoke DsGetDcName method. EventDetails:{ExceptionMessage}

To resolve Domain name, MBAM leverages "DsGetDcName" windows API. This message is logged when "DsGetDcName" returns "ERROR_NOT_ENOUGH_MEMORY" indicating a memory allocation failure. –or-

-

This message indicates that "DsGetDcName" API method is unavailable on the hosting system.

109

Microsoft-Windows-MBAM-Web/Admin

WebAppRecoveryDbError

An error occurred while reading the configuration of the Recovery database. The connection string to the Recovery database is not configured. Message:{message} -or-

-

DoesUserHaveMatchingRecoveryKey: an error occurred while getting recovery key Ids for a user. Message:{message} -or-

-

QueryDriveRecoveryData: an error occurred while getting drive recovery data. Message:{message} -or-

-

QueryRecoveryKeyIdsForUser: an error occurred while getting recovery key Ids for a user. Message:{message} -or-

-

An error occurred while getting TPM password hash from the Recovery database. EventDetails:{ExceptionMessage}

This message indicates that recovery database connection string information at "HKLM\Software\Microsoft\MBAM Server\Web\RecoveryDBConnectionString" is invalid. Verify the given registry key value. –or-

-

If any of the remaining messages are logged, refer to the troubleshooting steps listed at the TechNet article How to Troubleshoot Connecting to the SQL Server Database Engine to verify whether a connection could be made to the MBAM Recovery database from IIS server using app pool credentials.

110

Microsoft-Windows-MBAM-Web/Admin

WebAppComplianceDbError

An error occurred while reading the configuration of the Compliance database. The connection string to the Compliance database is not configured. -or-

-

GetRecoveryKeyForCurrentUser: an error occurred while logging an audit event to the Compliance database. Message:{message} -or-

-

QueryRecoveryKeyIdsForUser: an error occurred while logging an audit event to the Compliance database. Message:{message} -or-

-

QueryRecoveryKeyIdsForUser: an error occurred while logging an audit event to the compliance database. Message:{message}

This message indicates that compliance db connection string information at "HKLM\Software\Microsoft\MBAM Server\Web\ComplianceDBConnectionString" is invalid. Verify the value corresponding to above registry key. –or-

-

If any of the remaining messages are logged, refer to the troubleshooting steps listed at the TechNet article How to Troubleshoot Connecting to the SQL Server Database Engine to verify whether a connection could be made to the MBAM Compliance database from IIS server using app pool credentials.

111

Microsoft-Windows-MBAM-Web/Admin

WebAppDbError

These errors indicate one of the following two conditions

-
    -

  • MBAM websites/webservices were unable to either connect to MBAMCompliance OR MBAMRecovery database

    • -

  • MBAM websites/webservices execution account(app pool account) could not run the GetVersion stored procedure on MBAMCompliance OR MBAMRecovery database

    • -
-

The message contained in the event will provide more details about the exception.

-

Refer to the troubleshooting steps listed at the TechNet article How to Troubleshoot Connecting to the SQL Server Database Engine to verify that the MBAM execution account (app pool account) could connect to MBAM compliance/recovery database and it has permissions in place to execute GetVersion stored procedure.

112

Microsoft-Windows-MBAM-Web/Admin

WebAppError

An error occurred while verifying Service Principal Name (SPN) registration. EventDetails:{ExceptionMessage}

To perform SPN verification, MBAM queries Active Directory to retrieve a list of SPNs mapped execution account. MBAM also queries the "ApplicationHost.config" to obtain MBAM website bindings. This error message indicates that MBAM could not communicate with Active Directory or it could not load the applicationHost.config file.

-

Verify that the execution account (app pool account) has permissions to query AD or the ApplicationHost.config file. Also verify the site binding entries in ApplicationHost.config file.

200

Microsoft-Windows-MBAM-Web/Operational

HelpDeskInformation

The administration website application successfully found and connected to a supported version of the Recovery database. -or-

-

The administration website application successfully found and connected to a supported version of the Compliance database.

Indicates successful connection to the Recovery/Compliance database from the MBAM Helpdesk website.

201

Microsoft-Windows-MBAM-Web/Operational

SelfServicePortalInformation

The Self-Service Portal application successfully found and connected to a supported version of the Recovery database. -or-

-

The Self-Service Portal application successfully found and connected to a supported version of the Compliance database.

Indicates successful connection to the Recovery/Compliance database from the MBAM Self-Service Portal.

202

Microsoft-Windows-MBAM-Web/Operational

WebAppInformation

Application has its SPNs registered correctly.

Indicates that the SPNs required for the MBAM Helpdesk website are correctly registered against the executing account.

- - - - -## Related topics - - -[Technical Reference for MBAM 2.5](technical-reference-for-mbam-25.md) - -[Client Event Logs](client-event-logs.md) - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - - diff --git a/mdop/mbam-v25/technical-reference-for-mbam-25.md b/mdop/mbam-v25/technical-reference-for-mbam-25.md deleted file mode 100644 index a8b62bb56d..0000000000 --- a/mdop/mbam-v25/technical-reference-for-mbam-25.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: Technical Reference for MBAM 2.5 -description: Technical Reference for MBAM 2.5 -author: dansimp -ms.assetid: da77a5b6-d5cf-4bae-9475-13a75088ab23 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Technical Reference for MBAM 2.5 - - -This section includes technical information about features in Microsoft BitLocker Administration and Monitoring (MBAM) 2.5. - -## Technical reference information - - -- [Client Event Logs](client-event-logs.md) - - This topic provides a list of Client events for MBAM. - -- [Server Event Logs](server-event-logs.md) - - This topic provides a list of Server events for MBAM. - -## Other resources for MBAM operations - - -[Microsoft BitLocker Administration and Monitoring 2.5](index.md) - -[Getting Started with MBAM 2.5](getting-started-with-mbam-25.md) - -[Planning for MBAM 2.5](planning-for-mbam-25.md) - -[Deploying MBAM 2.5](deploying-mbam-25.md) - -[Operations for MBAM 2.5](operations-for-mbam-25.md) - -[Troubleshooting MBAM 2.5](troubleshooting-mbam-25.md) - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - -  - -  - - - - - diff --git a/mdop/mbam-v25/troubleshooting-mbam-25.md b/mdop/mbam-v25/troubleshooting-mbam-25.md deleted file mode 100644 index e756c4cc34..0000000000 --- a/mdop/mbam-v25/troubleshooting-mbam-25.md +++ /dev/null @@ -1,100 +0,0 @@ ---- -title: Troubleshooting MBAM 2.5 -description: Troubleshooting MBAM 2.5 -author: dansimp -ms.assetid: f35e7aef-2c3c-4d43-b170-6830d2756063 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Troubleshooting MBAM 2.5 - - -Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905). - -## How to find troubleshooting content - - -You can use the following information to find troubleshooting or additional technical content for this product. - -### Search the MDOP documentation - -The first step to find help content in the Administrator’s Guide is to search the MDOP documentation on TechNet. - -After you search the MDOP documentation, your next step would be to search the troubleshooting information for the product in the TechNet Wiki. - -**To search the MDOP product documentation** - -1. Use a web browser to navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page. - -2. Enter applicable search terms in the **Search TechNet with Bing** search box at the top of the MDOP Information Experience home page. - -3. Review the search results for assistance. - -**To search the TechNet Wiki** - -1. Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page. - -2. Enter applicable search terms in the **Search TechNet Wiki** search box on the TechNet Wiki home page. - -3. Review the search results for assistance. - -## How to create a troubleshooting article - - -If you have a troubleshooting tip or a best practice to share that is not already included in the MDOP OnlineHelp or TechNet Wiki, you can create your own TechNet Wiki articles. - -**To create a TechNet Wiki troubleshooting or best practices article** - -1. Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page. - -2. Log in with your Windows Live ID. - -3. Review the **Getting Started** section to learn the basics of the TechNet Wiki and its articles. - -4. Select **Post an article >>** at the bottom of the **Getting Started** section. - -5. On the Wiki article **Add Page** page, select **Insert Template** from the toolbar, select the troubleshooting article template (**Troubleshooting.html**), and then click **Insert**. - -6. Be sure to give the article a descriptive title and then overwrite the template information as needed to create your troubleshooting or best practice article. - -7. After you review your article, be sure to include a tag that is named **Troubleshooting** and another for the product name. This helps others to find your content. - -8. Click **Save** to publish the article to the TechNet Wiki. - -## Other resources for troubleshooting MBAM - - -[Microsoft BitLocker Administration and Monitoring 2.5](index.md) - -[Getting Started with MBAM 2.5](getting-started-with-mbam-25.md) - -[Planning for MBAM 2.5](planning-for-mbam-25.md) - -[Deploying MBAM 2.5](deploying-mbam-25.md) - -[Operations for MBAM 2.5](operations-for-mbam-25.md) - -[Technical Reference for MBAM 2.5](technical-reference-for-mbam-25.md) - -[Troubleshooting MBAM 2.5 installation problems](https://support.microsoft.com/kb/3049652) - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - -  - -  - - - - - diff --git a/mdop/mbam-v25/troubleshooting-mbam-installation.md b/mdop/mbam-v25/troubleshooting-mbam-installation.md deleted file mode 100644 index 9dce3b1297..0000000000 --- a/mdop/mbam-v25/troubleshooting-mbam-installation.md +++ /dev/null @@ -1,644 +0,0 @@ ---- -title: Troubleshooting MBAM 2.5 installation problems -description: Introducing how to troubleshoot MBAM 2.5 installation problems. -author: Deland-Han -ms.reviewer: dcscontentpm -manager: dansimp -ms.author: delhan -ms.sitesec: library -ms.prod: w10 -ms.date: 09/16/2019 ---- - -# Troubleshooting MBAM 2.5 installation problems - -This article introduces how to troubleshoot Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 installation issues in a standalone configuration. - -## Referring MBAM log files for troubleshooting - -MBAM includes logging for server installation, client installation, and events. This logging should be referred to for troubleshooting. - -### MBAM server installation log files - -MBAMServerSetup.exe generates the following log files in the user’s %temp% folder during MBAM installation:
**Microsoft_BitLocker_Administration_and_Monitoring_<14 numbers>.log** - -MBAMServerSetup.exe logs the actions that were taken during MBAM setup and MBAM server feature installation:
**Microsoft_BitLocker_Administration_and_Monitoring_<14_numbers>_0_MBAMServer.msi.log** - -MBAMServerSetup.exe logs additional actions that were taken during installation. - -### MBAM client installation log file - -The client installation is recorded in the following log file in the %temp% folder (or a custom location, depending on how the client was installed):
**MSI\.log** - -This log contains the actions that are taken during MBAM client installation. - -### MBAM client event-logging channel - -MBAM has separate event-logging channels. The Admin, Analytical, and Operational log files are located in Event Viewer, under **Application and Services Logs** > **Microsoft** > **Windows** > **MBAM**. - -The following table provides a brief description of each event log. - -|Event log| Description| -|----------|-------| -|Microsoft-Windows-MBAM/Admin| Contains error messages| -|Microsoft-Windows-MBAM/Analytic| Contains advanced logging information| -|Microsoft-Windows-MBAM/Operational| Contains success messages| - -### MBAM server event-logging channel - -The log files are located in Event Viewer, under **Application and Services Logs** > **Microsoft** > **Windows** > **MBAM**. The following table includes server event logs that were introduced in MBAM 2.5: - -|Event log| Description| -|--------|-------------| -|Microsoft-Windows-MBAM/Admin| Contains error messages| -|Microsoft-Windows-MBAM/Analytic| Contains advanced logging information| -|Microsoft-Windows-MBAM/Operational| Contains success messages| - -### MBAM web service logs - -Each MBAM web service log writes logging information to an SVCLOG file. By default, each web service writes the trace file under a folder that uses its name in the C:\inetpub\Microsoft BitLocker Management Solution\Logs folder. - -You can use the service trace viewer tool (part of Microsoft Visual Studio) to review the svclog traces. - -## Troubleshooting encryption and reporting issues - -This section contains troubleshooting information for server functionality, client functionality, configuration settings, and known issues: - -### MBAM client installation, Group Policy settings - -Determine whether the MBAM agent is installed on the client computer. When MBAM is installed, it creates a service that is named BitLocker Management Client Service. This service is configured to start automatically. Determine whether the service is running. - -Make sure that MBAM Group Policy settings are applied on the client computer. The following registry subkey is created if the Group Policy settings were applied on the client computer: -**HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement** - -Verify that this key exists and is populated by using values per Group Policy settings. - -### MBAM Agent in the initial delay period - -The MBAM client doesn't start the operation immediately after installation. There is an initial random delay of 1–18 minutes before the MBAM Agent starts its operation. In addition to the initial delay, there is a delay of at least 90 minutes. (The delay depends on the Group Policy settings that are configured for the frequency of checking the client status.) Therefore, the total delay before a client starts operation is *random startup delay* + *client checking frequency delay*. - -If the Operational and Admin event logs are blank, the client has not started the operation yet and is in the delay period that was mentioned earlier. If you want to bypass the delay, follow these steps: - -1. Stop the BitLocker Management Client Service service. - -2. Under the **HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM** registry subkey, create the **NoStartupDelay** registry value, set its type to **REG_DWORD**, and then set its value to **1**. - -3. Under **HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement**, set the **ClientWakeupFrequency** and **StatusReportingFrequency** values to **1**. These values will revert to their original settings after Group Policy updates are on the computer. - -4. Start the BitLocker Management Client Service service. - -After the service starts, if you log in locally on the computer and there are no errors, you should receive a request to encrypt the computer within one minute. If you do not receive a request, you should review the MBAM Admin logs for any error entries. - -### Computer does not have a TPM device, or the TPM device is not enabled in the BIOS - -Review the MBAM Admin event log. You will see an event entry that resembles the following in the MBAM Admin event log: - - Log Name: Microsoft-Windows-MBAM/Admin - Source: Microsoft-Windows-MBAM - Date: 8/3/2013 12:31:10 PM - Event ID: 9 - Task Category: None - Level: Error - Keywords: - User: SYSTEM - Computer: Mbamclient.contoso.com - Description: - The TPM hardware is missing. - TPM is needed to encrypt the operating system drive with any TPM protector. - -Open TPM Management (tpm.msc), and check whether the computer has a TPM device. If tpm.msc does not show a device, open Device Manager (devmgmt.msc), and check for a Trusted Platform Module under Security Devices. If you do not see a Trusted Platform Module device, this might be true for one of the following reasons: - -* Your system doesn't have a Trusted Platform Module (TPM/Security) device. - -* The TPM device is disabled in the BIOS. - -* TPM Device is enabled in the BIOS, but management of the TPM device from the operating system setting is disabled in the BIOS. - -* You aren't using a Microsoft driver for the TPM device. Review the devices that are listed in device manager to identify the Microsoft TPM device driver. - -If the TPM device is not using the C:\Windows\System32\tpm.sys driver, you should update the driver by selecting the C:\Windows\Inf\tpm.inf file. - -### Computer does not have a valid SYSTEM partition - -Review the MBAM Admin event log. You will see an event entry that resembles the following in the MBAM Admin event log: - - Log Name: Microsoft-Windows-MBAM/Admin - Source: Microsoft-Windows-MBAM - Date: 8/3/2013 4:13:37 AM - Event ID: 8 - Task Category: None - Level: Error - Keywords: - User: SYSTEM - Computer: BITTESTVM.xtremelabs.com - Description: - The system volume is missing. - SystemVolume is needed to encrypt the operating system drive. - -BitLocker requires a SYSTEM partition to enable encryption ([BitLocker Drive Encryption in Windows 7: Frequently Asked Questions](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-7/ee449438(v=ws.10)?redirectedfrom=MSDN#bkmk_partitions)). - -MBAM doesn't create the system partition automatically. You can use the BitLocker drive preparation utility (bdehdcfg.exe) to create the system partition and move the required startup files. - -For example, you can use the command **%windir%\system32\bdeHdCfg.exe -target default -size 300 –quiet** to prepare the drive silently before you deploy MBAM to encrypt the drives. This requires a restart. You can also script the action if this is required. The following document describes the BitLocker Drive Preparation Tool: - -[Description of the BitLocker Drive Preparation Tool](https://support.microsoft.com/help/933246) - -### Drives are not formatted to have a compatible file system - -See the [TechNet article for file system requirements for BitLocker](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-7/ee449438(v=ws.10)?redirectedfrom=MSDN#bkmk_hsrequirements). - -### Group Policy conflict - -You will see an event entry that resembles the following in the MBAM Admin event log: - - Log Name: Microsoft-Windows-MBAM/Admin - Source: Microsoft-Windows-MBAM - Date: 7/25/2013 9:27:58 PM - Event ID: 22 - Task Category: None - Level: Error - Keywords: - User: SYSTEM - Computer: Mbamclient.contoso.com - Description: - Detected Fixed Data Drive volume encryption policies conflict. - Check BitLocker and MBAM policies related to FDD drive protectors. - -Verify your Group Policy settings to make sure that you do not have a conflicting setting among the MBAM Group Policy settings. - -You should configure Group Policy by using the MDOP MBAM template and not the BitLocker Drive Encryption template. - -For example: - -Under Operating system drive encryption settings, you selected TPM as the protector, and you also selected **Allow enhanced PINs for startup**. These are conflicting settings because TPM-only protection doesn't require a PIN. Therefore, you should disable the enhanced PINs setting. - -### User may have requested an exemption - -If you enabled the Computer Configuration\Administrative Templates\Windows Components\MDOP MBAM (BitLocker Management)\Client Management\Configure user exemption policy Group Policy setting, users will be offered the option to request an exemption. - -By default, if the user requests an exemption, the exemption will be valid for 7 days, and the user will not receive prompts to encrypt during this period. (The default value can be increased or decreased during policy configuration.) After the exemption period is over, the user is prompted to encrypt. - -You will see the following entry in the MBAM Admin event log when a computer is under user exemption: - - Log Name: Microsoft-Windows-MBAM/Admin - Source: Microsoft-Windows-MBAM - Date: 8/3/2013 3:06:40 PM - Event ID: 13 - Task Category: None - Level: Warning - Keywords: - User: SYSTEM - Computer: MBAMCLIENT.contoso.com - Description: - The user is exempt from encryption. - -If you want to manually override user exemption for a computer, follow these steps: - -1. Set the AllowUserExemption value to **0** under the following registry subkey:
-**HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement** - -2. Delete all the registry values under the following registry subkey except for **AgentVersion**, **EncodedComputerName**, and **Installed**:
-**HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM** - - **Note** You must restart the MBAM agent for the changes to take effect. - -Be aware that after you apply Group Policy to the computer, these values may revert to their original settings. - -### WMI issue - -MBAM uses methods of the win32_encryptablevolume class to manage BitLocker. If this module is unregistered or corrupted, the MBAM client will not operate correctly, and you will see the following event entry in the MBAM Admin event log: - - Log Name: Microsoft-Windows-MBAM/Admin - Source: Microsoft-Windows-MBAM - Date: 7/27/2013 11:18:51 PM - Event ID: 4 - Task Category: None - Level: Error - Keywords: - User: SYSTEM - Computer: BITTEST.xtremelabs.com - Description: - An error occurred while sending encryption status data. - Error code: - 0x80041016 - Details: - NULL - -Additionally, you may notice that the Recovery and Hardware policies do not apply with Error Code 0x8007007e. This translates to "The specified module could not be found." - -To resolve this issue, you should reregister the **win32_encryptablevolume** class by using the following command: - -```cmd -mofcomp c:\Windows\System32\wbem\win32_encryptablevolume.mof -``` - -## Troubleshooting MBAM Agent communication issues - -This section contains troubleshooting information for the following issues that are related to MBAM agent communication: - -### Incorrect MBAM service URL - -If the value of MBAM Compliance Status Service or Recovery and Hardware Service is incorrect, you'll see an event entry that resembles the following in the MBAM Admin event log on the client computer: - - Log Name: Microsoft-Windows-MBAM/Admin - Source: Microsoft-Windows-MBAM - Date: 8/3/2013 4:13:36 PM - Event ID: 4 - Task Category: None - Level: Error - Keywords: - User: SYSTEM - Computer: Mbamclient.contoso.com - Description: - An error occurred while sending encryption status data. - Error code: - 0x803d0010 - Details: - The remote endpoint was not reachable. - - Log Name: Microsoft-Windows-MBAM/Admin - Source: Microsoft-Windows-MBAM - Date: 8/3/2013 4:13:33 PM - Event ID: 18 - Task Category: None - Level: Error - Keywords: - User: SYSTEM - Computer: Mbamclient.contoso.com - Description: - Unable to connect to the MBAM Recovery and Hardware service. - Error code: - 0x803d0010 - Details: - The remote endpoint was not reachable. - - Log Name: Microsoft-Windows-MBAM/Admin - Source: Microsoft-Windows-MBAM - Date: 8/3/2013 4:20:32 PM - Event ID: 4 - Task Category: None - Level: Error - Keywords: - User: SYSTEM - Computer: Mbamclient.contoso.com - Description: - An error occurred while sending encryption status data. - Error code: - 0x803d0020 - Details: - The endpoint address URL is invalid. - - Log Name: Microsoft-Windows-MBAM/Admin - Source: Microsoft-Windows-MBAM - Date: 8/3/2013 4:20:32 PM - Event ID: 18 - Task Category: None - Level: Error - Keywords: - User: SYSTEM - Computer: Mbamclient.contoso.com - Description: - Unable to connect to the MBAM Recovery and Hardware service. - Error code: - 0x803d0020 - Details: - The endpoint address URL is invalid. - -Verify the values of **KeyRecoveryServiceEndPoint** and **StatusReportingServiceEndpoint** under the following registry subkey on the client computer:
-**HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement** - -By default, the URL for KeyRecoveryServiceEndPoint (MBAM Recovery and Hardware service endpoint) is in the following format:
-**http://\:\/MBAMRecoveryAndHardwareService/CoreService.svc** - -By default, the URL for StatusReportingServiceEndpoint (MBAM Status reporting service endpoint) is in the following format:
-**http://\:\/MBAMComplianceStatusService/StatusReportingService.svc** - -> [!Note] -> There should be no spaces in the URL. - -If the service URL is incorrect, you should correct the service URL in the following Group Policy setting: - -**Computer configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDOP MBAM (BitLocker Management)** > **Client Management** > **Configure MBAM Services** - -### Connectivity issue that affects the MBAM administration server - -The MBAM agent will be unable to post any updates to the database if connectivity issues exist between the client agent and the MBAM administration server. In this case, you will notice connectivity failure entries in the MBAM Admin event log on the client computer: - - Log Name: Microsoft-Windows-MBAM/Admin - Source: Microsoft-Windows-MBAM - Date: 29-04-2014 18:21:22 - Event ID: 2 - Task Category: None - Level: Error - Keywords: - User: SYSTEM - Computer: TESTLABS.CONTOSO.COM - Description: - An error occurred while applying MBAM policies. - Volume ID:\\?\Volume{871c5858-2467-4d0b-8c83-d68af8ce10e5}\ - Error code: - 0x803D0010 - Details: - The remote endpoint was not reachable. - - Log Name: Microsoft-Windows-MBAM/Admin - Source: Microsoft-Windows-MBAM - Date: 29-04-2014 23:06:48 - Event ID: 2 - Task Category: None - Level: Error - Keywords: - User: SYSTEM - Computer: TESTLABS.CONTOSO.COM - Description: - An error occurred while applying MBAM policies. - Volume ID:\\?\Volume{871c5858-2467-4d0b-8c83-d68af8ce10e5}\ - Error code: - 0x803D0006 - Details: - The operation did not complete within the time allotted. - - Log Name: Microsoft-Windows-MBAM/Admin - Source: Microsoft-Windows-MBAM - Date: 02-09-2013 02:02:04 - Event ID: 18 - Task Category: None - Level: Error - Keywords: - User: SYSTEM - Computer: TESTLABS.CONTOSO.COM - Description: - Unable to connect to the MBAM Recovery and Hardware service. - Error code: - 0x803D0010 - Details: - The remote endpoint was not reachable. - -Basic checks: - -* Verify basic connectivity by pinging the MBAM administration server by name and IP. Check whether you can connect to the MBAM administration website or service port by using telnet or portqry. - -* Verify that the IIS service is running on the MBAM administration and monitoring server and that the MBAM web service is listening on the same port that is configured on the MBAM client computer (`netstat –ano | find "portnumber"`). - -* Verify that the port number that is configured for the MBAM website is using IIS Manager (inetmgr). Make sure that the port number is the same as the port number on which the client is listening. Make sure that the port number is not shared by another application. For example, another application on the server should not be using the same port. - -* If there is a firewall, make sure that the port is open in the firewall or proxy server. - -* If the communication between client and server is secure, make sure that you are using a valid SSL certificate. - -* Verify network connectivity between the web server and the database server to which the data is sent for insertion. You can check database connectivity from the web server to the database server by using ODBC Data Source Administrator. Detailed SQL Server connection troubleshooting information is available in [How to Troubleshoot Connecting to the SQL Server Database Engine](https://social.technet.microsoft.com/wiki/contents/articles/2102.how-to-troubleshoot-connecting-to-the-sql-server-database-engine.aspx). - -#### Troubleshooting the connectivity issue - -Make sure that the service URL that is configured on the client is correct. Copy the value of the URL for KeyRecoveryServiceEndPoint (**HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement**) from the registry, and open it in Internet Explorer. - -Similarly, copy the value of the URL for StatusReportingServiceEndpoint (**HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement**), and open it in Internet Explorer. - -> [!Note] -> If you cannot browse to the URL from the client computer, you should test basic network connectivity from the client to the server that is running IIS. See points 1, 2, 3, and 4 in the previous section. - -Additionally, review the Application logs on the administration and monitoring server for any errors. - -You can make a concurrent network trace between the client and the server, and review the trace to determine the cause of connection failure between the client agent and the MBAM administration server. - -> [!Note] -> If you can browse to the service URLs from the client computer and there are connectivity error entries in the MBAM admin event logs, this might be because of a connectivity failure between the administration server and the database server. - -If you can successfully browse to both service URLs, and there is connectivity between the client and the server that is running, IIS is working. However, there may be a problem in communication between the server that is running IIS and the database server. - -The MBAM services may be unable to connect to the database server because of a network issue or an incorrect database connection string setting. Review the Application logs on the administration and monitoring server. You might see errors entries or warnings from source ASP.NET 2.0.50727.0 that resemble the following log entry: - - Log Name: Application - Source: ASP.NET 2.0.50727.0 - Date: 7/11/2013 6:16:34 PM - Event ID: 1310 - Task Category: Web Event - Level: Warning - Keywords: Classic - User: N/A - Computer: MBAM2-Admin.contoso.com - Description: - Event code: 100001 - Event message: SQL error occurred - Event time: 7/11/2013 6:16:34 PM - Event time (UTC): 7/11/2013 12:46:34 PM - Event ID: 6615fb8eb9d54e778b933d5bb7ca91ed - Event sequence: 2 - Event occurrence: 1 - Event detail code: 0 - Application information: - Application domain: /LM/W3SVC/2/ROOT/MBAMAdministrationService-1-130180202570338699 - Trust level: Full - Application Virtual Path: /MBAMAdministrationService - Application Path: C:\inetpub\Microsoft BitLocker Management Solution\Administration Service\ - Machine name: MBAM2-ADMIN - - Process information: - Process ID: 1940 - Process name: w3wp.exe - Account name: NT AUTHORITY\NETWORK SERVICE - - Exception information: - Exception type: SqlException - Exception message: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) - - Request information: - Request URL: - Request path: - User host address: - User: - Is authenticated: False - Authentication Type: - Thread account name: NT AUTHORITY\NETWORK SERVICE - - Thread information: - Thread ID: 7 - Thread account name: NT AUTHORITY\NETWORK SERVICE - Is impersonating: False - Stack trace: at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) - at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) - at System.Data.SqlClient.TdsParser.Connect(ServerInfo serverInfo, SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, Int64 timerExpire, Boolean encrypt, Boolean trustServerCert, Boolean integratedSecurity, SqlConnection owningObject) - at System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, Boolean ignoreSniOpenTimeout, Int64 timerExpire, SqlConnection owningObject) - at System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(String host, String newPassword, Boolean redirectedUserInstance, SqlConnection owningObject, SqlConnectionString connectionOptions, Int64 timerStart) - at System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection owningObject, SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance) - at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, Object providerInfo, String newPassword, SqlConnection owningObject, Boolean redirectedUserInstance) - at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection) - at System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection owningConnection, DbConnectionPool pool, DbConnectionOptions options) - at System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject) - at System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject) - at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject) - at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection) - at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory) - at System.Data.SqlClient.SqlConnection.Open() - at System.Data.Linq.SqlClient.SqlConnectionManager.UseConnection(IConnectionUser user) - at System.Data.Linq.SqlClient.SqlProvider.get_IsSqlCe() - at System.Data.Linq.SqlClient.SqlProvider.InitializeProviderMode() - at System.Data.Linq.SqlClient.SqlProvider.System.Data.Linq.Provider.IProvider.Execute(Expression query) - at System.Data.Linq.DataContext.ExecuteMethodCall(Object instance, MethodInfo methodInfo, Object[] parameters) - at Microsoft.Mbam.Server.ServiceCommon.KeyRecoveryModelDataContext.GetRecoveryKeyIds(String partialRecoveryKeyId, String reason) - at Microsoft.Mbam.ApplicationSupportService.AdministrationService.GetRecoveryKeyIds(String partialRecoveryKeyId, String reasonCode) - - Custom event details: - Application: MBAMAdministrationService - Sql Server: - Database: MBAM Recovery and Hardware - Database: MBAM Compliance Status - Sql ErrorCode: 5 - Error Message: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) - -#### Possible causes - -##### Cause 1 - -The administrator may have specified an invalid database instance name/database name during installation of administration and monitoring server components. - -You can verify and correct the database connection strings by using the IIS Management console. To do this, open IIS Manager, and browse to Microsoft BitLocker Administration and Monitoring. For each service that is listed on the left side, follow these steps to change the database connection strings: - -1. In **Features View**, double-select **Connection Strings**. - -2. On the **Connection Strings** page, select the connection string that you want to change. - -3. In the **Actions** pane, select **Edit**. - -4. In the **Edit Connection String** dialog box, change the properties that you want to change, and then select **OK**. - -##### Cause 2 - -SQL Server port blocked in firewall. Verify the port number to which SQL Server is configured to listen, and make sure that the port is open in the firewall between the administration server and database server. - -##### Cause 3 - -Incorrect SQL server TCP/IP bindings. Verify SQL TCP/IP bindings in SQL Server Configuration Manager on the database server. MBAM requires that the TCP/IP and Named Pipes protocols are enabled to connect to the database. - -##### Cause 4 - -The NT Authority\Network Service account or the MBAM Administration Server’s computer account doesn't have the required permissions to connect to the SQL database. - -During the installation of database components on the database server, the installer creates two local groups: MBAM Compliance Auditing DB Access and MBAM Recovery and Hardware DB Access. - -The NT Authority\Network Service account, the MBAM administration server’s computer account, and the user who installs the database components are automatically added to these groups. - -These groups are granted the required permissions on the database during the installation. All users who are part of this group automatically receive the required permissions on the database. - -The web service may not connect to the database server because of a permissions issue if one or more of the following conditions are true: - -* The groups that were mentioned earlier are removed from the local groups on the database server. - -* The NT Authority\Network Service account and the MBAM administration server’s computer account are not members of these groups. - -* These groups do not have the required permissions on the database. - -You will notice permissions-related errors in the Application logs on the MBAM administration and monitoring server if any of the previous conditions are true. In that case, you should manually add the NT Authority\Network Service account and MBAM administration server’s computer account and grant them a server-wide public role on the SQL database server that is using SQL Server Management Studio (https://msdn.microsoft.com/library/aa337562.aspx). - -#### Review the web service logs - -If no events are logged in the Application logs on the MBAM administration server, it’s time to review the web service logs (.svclog) of the MBAM web service that is hosted on the MBAM administration and monitoring server. You will have to use the Service Trace Viewer Tool (SvcTraceViewer.exe) https://msdn.microsoft.com/library/ms732023.aspx to view the log file. - -You should primarily investigate the service trace logs of RecoveryandHardwareService and ComplianceStatusService. By default, web service logs are located in the C:\inetpub\Microsoft BitLocker Management Solution\Logs folder. There, each service writes its .svclog file under its own folder. - -Review the activity in the service trace log for any error or warning entries. By default, error entries are highlighted in red. Select the error description on the right pane of the trace viewer to view detailed information about the error entry. The following is a sample error entry from the trace log: - - - - 15183 - 3 - 0 - 2 - - - - - - XXXXXXXXXXX - - AddUpdateVolume: While executing sql transaction for add volume to store exception occurred Key Recovery Data Store processing error: Violation of UNIQUE KEY constraint 'UniqueRecoveryKeyId'. Cannot insert duplicate key in object 'RecoveryAndHardwareCore.Keys'. The duplicate key value is (8637036e-b379-4798-bd9e-5a0b36296de3). - - - -## Re-installation or reconfiguration of MBAM infrastructure - -To re-install or reconfigure MBAM infrastructure, you must know the following things: - -* Application Pool account - -* MBAM Groups (Helpdesk, Advanced, Report Users Group) - -* MBAM Reports URL - -* SQL Server name and database names - -* MBAM ReadWrite and ReadOnly Accounts - -### Application Pool account - -To find the Application Pool account, log on to the MBAM Web Server, open **Internet Information Services (IIS) Manager**, and then select **Application Pools**: - -![application pools](images/troubleshooting-MBAM-installation-1.png) - -The Service Principal Name (SPN) must be set in this account. This setting is very important to the functionality of MBAM. - -### MBAM Groups (Helpdesk, Advanced, Report Users Group and Reports URL) - -![MBAM Groups](images/troubleshooting-MBAM-installation-2.png) - -This provides information such as Helpdesk Group, Advanced Helpdesk Group, Report Users group, and MBAM Reports URL. The MBAM Reports URL must be provided in the MBAM setup and should read as: http(s)://servername/ReportServer. - -### SQL Server name and database (DB) names - -To find the SQL Server names and instances hosting the MBAM DBs, log on to the MBAM Web (IIS) server and browse to the folowing registry subkey: - -**HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM Server\Web** - -![Regedit](images/troubleshooting-MBAM-installation-3.png) - -The highlighted portions are connection strings. These should have the SQL Server name, database names, and instances (if named). - -### MBAM ReadWrite and ReadOnly accounts - -This information will be in the SQL Server database, for which we already found the name from the web server. - -#### ReadWrite account - -1. Log in to the SQL Management Studio. - -2. Right-click **MBAM Recovery and Hardware**, select **Properties**, and then select **Permissions**. - -For example, The the lab account name is **MBAMWrite**. The Application Pool and ReadWrite accounts are set to be the same. - -![SQL DB](images/troubleshooting-MBAM-installation-4.png) - -![DB properties](images/troubleshooting-MBAM-installation-5.png) - -Browse to **Security** and then **Logins** in SQL Management Studio. Browse to the account shown in the previous screenshot. - -![SQL Security](images/troubleshooting-MBAM-installation-6.png) - -Right-click the accounts, go to **Properties User Mapping**, and locate the MBAM Recovery and Hardware database: - -![User Mapping](images/troubleshooting-MBAM-installation-7.png) - -#### ReadOnly account - -Open SQL Server Reporting Services Configuration Manager on the SSRS Server. Select **Report Manager URL**, and then browse the **URLs**: - -![Report Manager](images/troubleshooting-MBAM-installation-8.png) - -Select **Microsoft Bitlocker Administration and Monitoring**: - -![Bitlocker Administration and Monitoring](images/troubleshooting-MBAM-installation-9.png) - -Select **MaltaDatasource**: - -![DBs](images/troubleshooting-MBAM-installation-10.png) - -![MaltaDatasource](images/troubleshooting-MBAM-installation-11.png) - -MaltaDataSource should have the ReadOnly Account name and should be used in MBAM setup. - -## Reference - -For more information, see the following articles: - -[Deploying MBAM 2.5 in a standalone configuration](https://support.microsoft.com/help/3046555) - -[Microsoft BitLocker Administration and Monitoring 2.5](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/) diff --git a/mdop/mbam-v25/understanding-mbam-25-stand-alone-reports.md b/mdop/mbam-v25/understanding-mbam-25-stand-alone-reports.md deleted file mode 100644 index 5f546b0f97..0000000000 --- a/mdop/mbam-v25/understanding-mbam-25-stand-alone-reports.md +++ /dev/null @@ -1,388 +0,0 @@ ---- -title: Understanding MBAM 2.5 Stand-alone Reports -description: Understanding MBAM 2.5 Stand-alone Reports -author: dansimp -ms.assetid: 78b5aaf4-8257-4722-8eb9-e0de48db6a11 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Understanding MBAM 2.5 Stand-alone Reports - - -This topic describes the reports that are available when you are running Microsoft BitLocker Administration and Monitoring (MBAM) in the Stand-alone topology. - -**Note** -If you are running MBAM with the Configuration Manager Integration topology, you generate reports from Configuration Manager rather than from MBAM. See [Viewing MBAM 2.5 Reports for the Configuration Manager Integration Topology](viewing-mbam-25-reports-for-the-configuration-manager-integration-topology.md) for more information about these reports. - - - -## Understanding the MBAM Stand-alone topology reports - - -MBAM provides three report types that you can use to monitor your organization for BitLocker compliance: - -- [Enterprise Compliance Report](#bkmk-enterprisecompliance) - -- [Computer Compliance Report](#bkmk-compliance) - -- [Recovery Audit Report](#bkmk-recovery) - -To access MBAM reports when you are running MBAM in the Stand-alone topology, open a web browser, and then open the Administration and Monitoring Website. Select **Reports** in the left menu bar. From the top menu bar, select the kind of report that you want to generate. For more information about generating these reports, see [Generating MBAM 2.5 Stand-alone Reports](generating-mbam-25-stand-alone-reports.md). - -### Enterprise Compliance Report - -Use this report type to collect information about overall BitLocker compliance in your organization. You can use filters to narrow your search results to learn more about the compliance state and error status of computers in your organization. - -**Enterprise Compliance Overview** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Column NameDescription

Managed Computers

Number of computers that MBAM manages.

% Compliant

Percentage of compliant computers in the enterprise.

% Non-Compliant

Percentage of non-compliant computers in the enterprise.

% Exempt

Percentage of computers exempt from the BitLocker encryption requirement.

% Non-Exempt

Percentage of computers not exempt from the BitLocker encryption requirement.

Compliant

Percentage of compliant computers in the enterprise.

Non-Compliant

Percentage of non-compliant computers in the enterprise.

Exempt

Total computers that are exempt from the BitLocker encryption requirement.

Non-Exempt

Total computers that are not exempt from the BitLocker encryption requirement.

- - - -**Enterprise Compliance Computer Details** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Column NameDescription

Computer Name

User-specified DNS name that is managed by MBAM.

Domain Name

Fully qualified domain name where the client computer resides and is managed by MBAM.

Compliance Status

State of compliance for the computer, according to the policy specified for the computer. The states are Noncompliant and Compliant. See the following Enterprise Compliance Report Compliance States table for more information about how to interpret compliance states.

Exemption

Status that indicates whether this computer is exempt from the BitLocker policy.

Compliance Status Details

Error and status messages about the compliance state of the computer in accordance to the policy specified.

Last Contact

Date and time when the computer last contacted the server to report compliance status. The contact frequency is configurable. For more information, see the MBAM Group Policy settings.

- - - -### Computer Compliance Report - -Use this report type to collect information that is specific to a computer or user. - -View this report by clicking the computer name in the Enterprise Compliance Report, or by typing the computer name in the Computer Compliance Report. This report shows detailed encryption information about each drive (operating system and fixed data drives) on a computer. It also indicates the policy that is applied to each drive type on the computer. To view the details of each drive, expand the Computer Name entry. - -**Note** -Removable Data Volume encryption status is not shown in this report. - - - -**Computer Compliance Report Fields** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Column NameDescription

Computer Name

User-specified DNS computer name that is managed by MBAM.

Domain Name

Fully qualified domain name where the client computer resides and is managed by MBAM.

Computer Type

Type of computer. Valid types are Non-Portable and Portable.

Operating System

Operating system type found on the client computer that is managed by MBAM.

Compliance Status

Overall compliance status of the computer that is managed by MBAM. Valid states are Compliant and Noncompliant.

-

Notice that the compliance status per drive (see the following table) may indicate different compliance states. However, this field represents that compliance state, according to the specified policy.

Policy Cipher Strength

Cipher strength selected by the administrator during MBAM policy specification (for example, 128-bit with diffuser).

Policy Operating System Drive

Indicates if encryption is required for the operating system and shows the appropriate protector type.

Policy-Fixed Data Drive

Indicates if encryption is required for the fixed data drive.

Policy Removable Data Drive

Indicates if encryption is required for the removable drive.

Device Users

Known users on the computer that is managed by MBAM.

Exemption

Status that indicates whether this computer is exempt from the BitLocker policy.

Manufacturer

Computer manufacturer name, as it appears in the computer BIOS.

Model

Computer manufacturer model name, as it appears in the computer BIOS.

Compliance Status Details

Error and status messages about the compliance state of the computer, in accordance with the specified policy.

Last Contact

Date and time that the computer last contacted the server to report compliance status. The contact frequency is configurable. For more information, see the MBAM Group Policy settings.

- - - -**Computer Compliance Report Drive Fields** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Column NameDescription

Drive Letter

Computer drive letter that was assigned to the particular drive by the user.

Drive Type

Type of drive. Valid values are Operating System Drive and Fixed Data Drive. These are physical drives rather than logical volumes.

Cipher Strength

Cipher strength selected by the administrator during MBAM policy specification.

Protector Type

Type of protector selected through the Group Policy setting used to encrypt an operating system or fixed data volume.

Protector State

Indicates that the computer being managed by MBAM has enabled the protector type that is specified in the policy. The valid states are ON or OFF.

Encryption State

Encryption state of the drive. Valid states are Encrypted, Not Encrypted, and Encrypting.

Compliance Status

State that indicates whether the drive is in accordance with the policy. States are Noncompliant and Compliant.

Compliance Status Details

Error and status messages of the compliance state of the computer, according to the specified policy.

- - - -### Recovery Audit Report - -Use this report type to audit users who have requested access to BitLocker recovery keys. The report offers several filters based on the desired filtering criteria. You can filter on a specific type of user (a Help Desk user or an end user), whether the request failed or was successful, the specific type of key requested, and a date range during which the retrieval occurred. - -**Recovery Audit Report Fields** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Column NameDescription

Request Date and Time

Date and time that a key retrieval request was made by an end user or Help Desk user.

Audit Request Source

The site from which the request was initiated. This entry will have one of two values: Self-Service Portal or Helpdesk.

Request Status

Status of the request. Valid statuses are Successful (the key was retrieved), or Failed (the key was not retrieved).

Helpdesk User

Help Desk user who initiated the request for key retrieval.

-
-Note

If an Advanced Helpdesk User recovers the key without specifying the end user, the End User field will be blank. A standard Helpdesk User must specify the end user, and that user will appear in this field.

-

A recovery via the Self-Service Portal will list the requesting end user both in this field and in the End User field.

-
-
- -

End User

End user who initiated the request for key retrieval.

Computer

Computer name of the computer that was recovered.

Key Type

Type of key that was requested by the Help Desk user or the end user. The three types of keys that MBAM collects are:

-
    -

  • Recovery Key Password (used to recover a computer in recovery mode)

    • -

  • Recovery Key ID (used to recover a computer in recovery mode on behalf of another user)

    • -

  • TPM Password Hash (used to recover a computer with a locked TPM)

    • -

Reason Description

Reason the specified key type was requested by the Help Desk user or the end user. The reasons are specified in the Drive Recovery and Manage TPM features of the Administration and Monitoring Website. The valid entries are user-entered text or one of the following reason codes:

-
    -

  • Operating System Boot Order changed

    • -

  • BIOS Changed

    • -

  • Operating System files changed

    • -

  • Lost Startup key

    • -

  • Lost PIN

    • -

  • TPM Reset

    • -

  • Lost Passphrase

    • -

  • Lost Smartcard

    • -

  • Reset PIN lockout

    • -

  • Turn on TPM

    • -

  • Turn off TPM

    • -

  • Change TPM password

    • -

  • Clear TPM

    • -
- - - -**Note** -Report results can be saved to a file by clicking the **Export** button on the **Reports** menu bar. - - - - -## Related topics - - -[Monitoring and Reporting BitLocker Compliance with MBAM 2.5](monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md) - -[Generating MBAM 2.5 Stand-alone Reports](generating-mbam-25-stand-alone-reports.md) - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - diff --git a/mdop/mbam-v25/understanding-the-bitlocker-encryption-options-and-bitlocker-drive-encryption-items-in-control-panel.md b/mdop/mbam-v25/understanding-the-bitlocker-encryption-options-and-bitlocker-drive-encryption-items-in-control-panel.md deleted file mode 100644 index 39cd813d57..0000000000 --- a/mdop/mbam-v25/understanding-the-bitlocker-encryption-options-and-bitlocker-drive-encryption-items-in-control-panel.md +++ /dev/null @@ -1,133 +0,0 @@ ---- -title: Understanding the BitLocker Encryption Options and BitLocker Drive Encryption Items in Control Panel -description: Understanding the BitLocker Encryption Options and BitLocker Drive Encryption Items in Control Panel -author: dansimp -ms.assetid: f8a01cc2-0c77-48b9-8351-8194e80b0cf8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Understanding the BitLocker Encryption Options and BitLocker Drive Encryption Items in Control Panel - - -This topic describes the **BitLocker Encryption Options** and **BitLocker Drive Encryption** Control Panel items and explains the following: - -- How these items are created - -- Tasks they enable you to perform - -- **Manage BitLocker** “right-click” shortcut menu, when it is visible versus hidden, and how to set it to be visible by default - -## BitLocker Encryption Options and BitLocker Drive Encryption Control Panel items - - -The following table lists the tasks you can perform from each Control Panel item and describes how these items are created. - - ----- - - - - - - - - - - - - - - - - - - - -
BitLocker Encryption Options (MBAM)BitLocker Drive Encryption (Windows)

Tasks you can do

    -

  • Change your PIN or password

    • -

  • Check encryption status for a drive

    • -

  • Open the TPM Management console

    • -

  • Turn on BitLocker

    • -
    -

  • Suspend protection for a drive

    • -

  • Back up your recovery key

    • -

  • Change your PIN

    • -

  • Turn off BitLocker for a drive

    • -

  • Turn on BitLocker for a drive

    • -

  • Open the TPM Management console

    • -

  • Decrypt a drive (appears only if the MBAM Client is NOT installed)

    • -

How the Control Panel item is created

Created in Control Panel when you install the MBAM Client. This item cannot be hidden.

-
-Note

This item appears in addition to, but does not replace, the default BitLocker Drive Encryption Control Panel item.

-
-
- -

Appears by default in Control Panel as part of the Windows operating system, but you can hide it.

-

To hide it, see Hiding the Default BitLocker Drive Encryption Item in Control Panel.

- - - -## “Manage BitLocker” shortcut menu - - -The following table describes how the **Manage BitLocker** shortcut menu differs depending on whether the MBAM Client is installed. The term “shortcut menu” refers to options that appear when you right-click a drive in Windows Explorer. - - ----- - - - - - - - - - - - - - - - - - - - -
When MBAM Client is installedWhen MBAM Client is not installed

Visibility of shortcut menu

The Manage BitLocker option is hidden.

-

To make the Manage BitLocker option visible on the shortcut menu, which displays the option to decrypt a drive, delete the following registry key:

-
HKEY_CLASSES_ROOT\Drive\Shell\manage-bde \REG_SZ LegacyDisable

The Manage BitLocker option appears on the shortcut menu.

What users can do

With the shortcut hidden, users can open the BitLocker Drive Encryption Control Panel item, but the option to decrypt a drive is not available.

With the shortcut visible, selecting the Manage BitLocker option opens the BitLocker Drive Encryption Control Panel item, which displays the option to decrypt a drive.

- - - - -## Related topics - - -[Administering MBAM 2.5 Features](administering-mbam-25-features.md) - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - diff --git a/mdop/mbam-v25/upgrade-mbam2.5-sp1.md b/mdop/mbam-v25/upgrade-mbam2.5-sp1.md deleted file mode 100644 index 0e55529039..0000000000 --- a/mdop/mbam-v25/upgrade-mbam2.5-sp1.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: Upgrading from MBAM 2.5 to MBAM 2.5 SP1 Servicing Release Update -author: dansimp -ms.author: ksharma -manager: miaposto -audience: ITPro -ms.topic: article -ms.prod: w10 -ms.localizationpriority: Normal ---- - -# Upgrade from MBAM 2.5 to MBAM 2.5 SP1 Servicing Release Update - -This article provides step-by-step instructions to upgrade Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 to MBAM 2.5 Service Pack 1 (SP1) together with the [Microsoft Desktop Optimization Pack (MDOP) May 2019 servicing update](https://support.microsoft.com/help/4505175/may-2019-servicing-release-for-microsoft-desktop-optimization-pack) in a standalone configuration. - -In this guide, we will use a two-server configuration. One server will be a database server that's running Microsoft SQL Server 2016. This server will host the MBAM databases and reports. The other server will be a Windows Server 2012 R2 web server. This server will host "Administration and Monitoring" and "Self-Service Portal." - -## Prepare to upgrade MBAM 2.5 SP1 - -### Know the MBAM servers in your environment - -1. SQL Server Database Engine: Server that hosts the MBAM databases. -2. SQL Server Reporting Services: Server that hosts the MBAM reports. -3. Internet Information Services (IIS) web servers: Server that hosts MBAM Web Applications and MBAM services. -4. (Optional) Microsoft System Center Configuration Manager primary site server: The MBAM configuration application is run on this server to integrate MBAM reports with Configuration Manager. These reports are then merged with existing Configuration Manager reports on the Configuration Manager SQL Server Reporting Services (SSRS) instance. - -### Identify service accounts, groups, server name, and reports URL - -1. Identify the MBAM application pool service account that's used by IIS web servers to read and write data to MBAM databases. -2. Identify the groups that are used during the MBAM web features configuration and the reports web service URL. -3. Identify the SQL Server name and instance name. Watch this video to learn more. - - > [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE3ANP1] - -4. Identify the SQL Server Reporting Services Account that's used for reading compliance data from the Compliance and Audit database. Watch this video to learn more. - - > [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE3ALdZ] - -## Upgrade the MBAM infrastructure to the latest version available - -MBAM Server infrastructure installation or upgrade is always performed in the order listed below: - -- SQL Server Database Engine: Databases -- SQL Server Reporting Services: Reports -- Web Server: Web Applications -- SCCM Server: SCCM Integrated Reports if applicable -- Clients: MBAM Agent or Client Update -- Group Policy Templates: Update the existing Group Policy with new templates and enable new settings on existing MBAM Group Policy - -> [!NOTE] -> We recommend that you create a full database backup of the MBAM databases before you run the upgrades. - -### Upgrade the MBAM SQL Server - -Watch this video to learn how to upgrade the MBAM SQL Server: - - > [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE3ALew] - -### Upgrade the MBAM Web Server - -Watch this video to learn how to upgrade the MBAM Web Server: - - > [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE3ALex] - -## More information - -For more information about known issues in MBAM 2.5 SP1, see [Release Notes for MBAM 2.5 SP1](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/release-notes-for-mbam-25-sp1). diff --git a/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md b/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md deleted file mode 100644 index eb867b9ba1..0000000000 --- a/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md +++ /dev/null @@ -1,173 +0,0 @@ ---- -title: Upgrading to MBAM 2.5 or MBAM 2.5 SP1 from Previous Versions -description: Upgrading to MBAM 2.5 or MBAM 2.5 SP1 from Previous Versions -author: dansimp -ms.assetid: a9edb4b8-5d5e-42ab-8db6-619db2878e50 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Upgrading to MBAM 2.5 or MBAM 2.5 SP1 from Previous Versions - - -This topic describes the process for upgrading the Microsoft BitLocker Administration and Monitoring (MBAM) Server and the MBAM Client from earlier versions of MBAM. - -**Note**   -You can upgrade directly to MBAM 2.5 or MBAM 2.5 SP1 from any previous version of MBAM. - - - -## Before you start the upgrade - - -Review the following information before you start the upgrade. - - ---- - - - - - - - - - - - - - - - - - - - - -
What to know before you startDetails

If you are installing the MBAM websites on one server and the web services on another server, you have to use Windows PowerShell cmdlets to configure them.

The MBAM Server Configuration wizard does not support configuring the websites on one server and the web services on a different server.

If you are upgrading to MBAM 2.5 or 2.5 SP1 from MBAM 2.0 or 2.0 SP1 in Windows Server 2008 R2:

-

The Administration and Monitoring Website and the Self-Service Portal will not work if you install the required .NET Framework 4.5 software after Internet Information Services (IIS) is already installed.

-

This issue occurs because ASP.NET cannot be registered correctly with IIS if the .NET Framework is installed after IIS has already been installed.

To resolve this issue:

-

Run aspnet_regiis –i from the following location:

-

C:\windows\microsoft.net\Framework\v4.0.30319

-

For more information, see: ASP.NET IIS Registration Tool.

Register an SPN on the application pool account if all of the following are true:

-
    -

  • You are upgrading from a previous version of MBAM.

    • -

  • Currently, you are not running the MBAM websites in a load-balanced or distributed configuration, but you would like to do so when you upgrade to MBAM 2.5 or 2.5 SP1.

    • -

For instructions, see Planning How to Secure the MBAM Websites.

- ---- - - - - - - - - - - - - - - -

What we recommend

Register a service principal name (SPN) for the application pool account, even though you may already have registered SPNs for the machine account.

Why we recommend it

Registering an SPN on the application pool account is required to configure the websites in a load-balanced or distributed configuration.

What happens if SPNs are already configured on a machine account?

MBAM will use the SPNs that you have already registered, and you don’t need to configure additional SPNs, but you are not able to configure the websites in a load-balanced or distributed configuration.

-

 

- - - -## Steps to upgrade the MBAM Server infrastructure - - -Use the steps in the following sections to upgrade MBAM for the Stand-alone topology or the System Center Configuration Manager Integration topology. - -**To upgrade the MBAM Server infrastructure for Stand-alone topology** - -1. Uninstall previous versions of MBAM from **Programs and Features** and from web servers to make sure that information is not being written from MBAM clients to the MBAM infrastructure. For instructions, see [Removing MBAM Server Features or Software](removing-mbam-server-features-or-software.md#bkmk-removeserverfeatures). - -2. Back up your databases. - -3. Uninstall previous versions of MBAM from SQL Server by using **Programs and Features**, including SQL Servers hosting the MBAM reports via SQL Server Reporting Services. Remove any remaining MBAM server temporary files or folders from the database server and reporting services. - - **Note**   - The databases will not be removed, and all compliance and recovery data is maintained in the database. - - - -4. Install and configure the MBAM 2.5 or 2.5 SP1 databases, reports, and web applications, in that order. The databases are upgraded in place. - -5. Update the Group Policy Objects (GPOs) using the MBAM 2.5 Templates to leverage the new features in MBAM, such as enforced encryption. If you do not update the GPOs and the MBAM client to MBAM 2.5, earlier versions of MBAM clients will continue to report against your current GPOs with reduced functionality. See [How to Get MDOP Group Policy (.admx) Templates](https://www.microsoft.com/download/details.aspx?id=41183) to download the latest ADMX templates. - - After you upgrade the MBAM Server infrastructure, the existing client computers continue to successfully report to the MBAM 2.5 or 2.5 SP1 Server, and recovery data continues to be stored. - -6. Install the latest MBAM 2.5 or 2.5 SP1 Client. Client computers do not need to be rebooted after the deployment. - -**To upgrade the MBAM infrastructure for System Center Configuration Manager Integration topology** - -1. Uninstall previous versions of MBAM from **Programs and Features** and from web servers to make sure that information is not being written from MBAM clients to the MBAM infrastructure. For instructions, see [Removing MBAM Server Features or Software](removing-mbam-server-features-or-software.md#bkmk-removeserverfeatures). - -2. Back up your databases. - -3. Uninstall previous versions of MBAM from SQL Server by using **Programs and Features**, including SQL Servers hosting the MBAM reports via SQL Server Reporting Services. Remove any remaining MBAM server temporary files or folders from the database server and reporting services. - -4. Uninstall MBAM from the Configuration Manager server. - - **Note**   - The databases and the Configuration Manager objects (baseline, MBAM supported computers collection, and Reports) will not be removed, and all compliance and recovery data is maintained in the database. - - - -5. Update the .mof files. - -6. Install and configure the MBAM 2.5 or 2.5 SP1 databases, reports, web applications, and Configuration Manager integration, in that order. The databases and Configuration Manager objects are upgraded in place. - -7. Optionally, update the Group Policy Objects (GPOs), and edit the settings if you want to implement new features in MBAM, such as enforced encryption. If you do not update the GPOs, MBAM will continue to report against your current GPOs. See [How to Get MDOP Group Policy (.admx) Templates](https://docs.microsoft.com/microsoft-desktop-optimization-pack/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates) to download the latest ADMX templates. - - After you upgrade the MBAM Server infrastructure, the existing client computers continue to successfully report to the MBAM 2.5 or 2.5 SP1 Server, and recovery data continues to be stored. - -8. Install the latest MBAM 2.5 or 2.5 SP1 Client. Client computers do not need to be rebooted after the deployment. - -## Upgrade support for the MBAM Client - - -MBAM supports upgrades to the MBAM 2.5 Client from any earlier version of the MBAM Client. - -**Ways to install the MBAM Client:** - -- Upgrade the computers running MBAM Client all at once or gradually after you install the MBAM 2.5 Server infrastructure. - -- Install the MBAM Client through an electronic software distribution system or through tools such as Active Directory Domain Services or System Center Configuration Manager. - - - -## Related topics - - -[Deploying MBAM 2.5](deploying-mbam-25.md) - -[Deploying the MBAM 2.5 Client](deploying-the-mbam-25-client.md) - -[Configuring the MBAM 2.5 Server Features](configuring-the-mbam-25-server-features.md) - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).  - - - - - diff --git a/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md b/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md deleted file mode 100644 index 436bbbe48d..0000000000 --- a/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: Upgrading to MBAM 2.5 SP1 from MBAM 2.5 -description: Upgrading to MBAM 2.5 SP1 from MBAM 2.5 -author: dansimp -ms.assetid: -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 2/16/2018 ---- - -# Upgrading to MBAM 2.5 SP1 from MBAM 2.5 -This topic describes the process for upgrading the Microsoft BitLocker Administration and Monitoring (MBAM) Server 2.5 and the MBAM Client from 2.5 to MBAM 2.5 SP1. - -### Before you begin -#### Download the May 2019 servicing release -[Desktop Optimization Pack](https://www.microsoft.com/download/details.aspx?id=58345) - -#### Verify the installation documentaion -Verify you have a current documentation of your MBAM environment, including all server names, database names, service accounts and their passwords. - -### Upgrade steps -#### Steps to upgrade the MBAM Database (SQL Server) -1. Using the MBAM Configurator; remove the Reports role from the SQL server, or wherever the SSRS database is hosted. Depending on your environment, this can be the same server or a separate one. - > [!NOTE] - > You will not see an option to remove the Databases; this is expected. -2. Install 2.5 SP1 (Located with MDOP - Microsoft Desktop Optimization Pack 2015 from the Volume Licensing Service Center site: -3. Do not configure it at this time  -4. Using the MBAM Configurator; re-add the Reports role -5. Using the MBAM Configurator; re-add the SQL Database role on the SQL Server -6. At the end, you will be warned that the DBs already exist and weren’t created, but this is expected -7. This process updates the existing databases to the current version being installed. - -#### Steps to upgrade the MBAM Server (Running MBAM and IIS) -1. Using the MBAM Configurator; remove the Admin and Self Service Portals from the IIS server -2. Install MBAM 2.5 SP1 -3. Do not configure it at this time   -4. Using the MBAM Configurator; re-add the Admin and Self Service Portals to the IIS server  -5. Open an elevated command prompt, type **IISRESET**, and hit Enter. - -#### Steps to upgrade the MBAM Clients/Endpoints -1. Uninstall the 2.5 Agent from client endpoints -2. Install the 2.5 SP1 Agent on the client endpoints -3. Push out the May 2019 Rollup Client update to clients running the 2.5 SP1 Agent  -4. There is no need to uninstall the existing client prior to installing the May 2019 Rollup.   diff --git a/mdop/mbam-v25/using-windows-powershell-to-administer-mbam-25.md b/mdop/mbam-v25/using-windows-powershell-to-administer-mbam-25.md deleted file mode 100644 index 33509cf80e..0000000000 --- a/mdop/mbam-v25/using-windows-powershell-to-administer-mbam-25.md +++ /dev/null @@ -1,110 +0,0 @@ ---- -title: Using Windows PowerShell to Administer MBAM 2.5 -description: Using Windows PowerShell to Administer MBAM 2.5 -author: dansimp -ms.assetid: 64668e76-2cba-433d-8d2d-50df0a4b2997 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 11/02/2016 ---- - - -# Using Windows PowerShell to Administer MBAM 2.5 - - -This topic describes Windows PowerShell cmdlets for Microsoft BitLocker Administration and Monitoring (MBAM) that relate to recovering computers or drives when users get locked out. - -For cmdlets that you use to configure MBAM Server features, see [Configuring MBAM 2.5 Server Features by Using Windows PowerShell](configuring-mbam-25-server-features-by-using-windows-powershell.md). - -## Cmdlets for recovering computers or drives that are managed by MBAM - - -Use the following Windows PowerShell cmdlets to recover computers or drives that are managed by MBAM. - - ---- - - - - - - - - - - - - - - - - -
NameDescription

Get-MbamBitLockerRecoveryKey

Requests an MBAM recovery key that enables users to unlock a computer or encrypted drive.

Get-MbamTPMOwnerPassword

Provides users with a TPM owner password that they can use to unlock a Trusted Platform Module (TPM) when the TPM has locked them out and will no longer accept their PIN.

- - - -## MBAM cmdlet Help - - -Windows PowerShell Help for MBAM cmdlets is available in the following formats: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
Windows PowerShell Help formatMore information

At a Windows PowerShell command prompt, type Get-Help <cmdlet>

To upload the latest Windows PowerShell cmdlets, follow the instructions in Configuring MBAM 2.5 Server Features by Using Windows PowerShell

On TechNet as webpages

https://go.microsoft.com/fwlink/?LinkId=393498

On the Download Center as a Word .docx file

https://go.microsoft.com/fwlink/?LinkId=393497

On the Download Center as a .pdf file

https://go.microsoft.com/fwlink/?LinkId=393499

- - - - - -## Related topics - - -[Administering MBAM 2.5 Features](administering-mbam-25-features.md) - -[Configuring MBAM 2.5 Server Features by Using Windows PowerShell](configuring-mbam-25-server-features-by-using-windows-powershell.md) - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).  - - - - - diff --git a/mdop/mbam-v25/validating-the-mbam-25-server-feature-configuration.md b/mdop/mbam-v25/validating-the-mbam-25-server-feature-configuration.md deleted file mode 100644 index 76b918713f..0000000000 --- a/mdop/mbam-v25/validating-the-mbam-25-server-feature-configuration.md +++ /dev/null @@ -1,192 +0,0 @@ ---- -title: Validating the MBAM 2.5 Server Feature Configuration -description: Validating the MBAM 2.5 Server Feature Configuration -author: dansimp -ms.assetid: f4983a33-ce18-4186-a471-dd6415940504 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Validating the MBAM 2.5 Server Feature Configuration - - -When you finish the Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 Server feature deployment, we recommend that you validate the deployment to ensure that all features have been successfully configured. Use the procedure that matches the topology (Stand-alone or System Center Configuration Manager Integration) that you deployed. - -## Validating the MBAM Server deployment with the Stand-alone topology - - -Use the following steps to validate your MBAM Server deployment with the Stand-alone topology. - -**To validate a Stand-alone MBAM Server deployment** - -1. On each server where an MBAM feature is deployed, click **Control Panel** > **Programs** > **Programs and Features**. Verify that **Microsoft BitLocker Administration and Monitoring** appears in the **Programs and Features** list. - - **Note** - To do the validation, you must use a domain account that has local computer administrative credentials on each server. - - - -2. On the server where the Recovery Database is configured, open SQL Server Management Studio and verify that the **MBAM Recovery and Hardware** database is configured. - -3. On the server where the Compliance and Audit Database is configured, open SQL Server Management Studio and verify that the **MBAM Compliance Status Database** is configured. - -4. On the server where the Reports feature is configured, open a web browser with administrative credentials and browse to the "Home" of the SQL Server Reporting Services site. - - The default Home location of a SQL Server Reporting Services site instance is at: - - http(s)://< *MBAMReportsServerName*>:<*port*>/Reports.aspx - - To find the actual URL, use the Reporting Services Configuration Manager tool and select the instances that you specified during setup. - -5. Confirm that a reports folder named **Microsoft BitLocker Administration and Monitoring** contains a data source called **MaltaDataSource** as well as the language folders. The data source contains folders with names that represent languages (for example, en-us). The reports are in the language folders. - - **Note** - If SQL Server Reporting Services (SSRS) was configured as a named instance, the URL should resemble the following: http(s)://< *MBAMReportsServerName*>:<*port*>/Reports\_<*SSRSInstanceName*> - - - -~~~ -**Note** -If SSRS was not configured to use Secure Socket Layer (SSL), the URL for the reports will be set to HTTP instead of HTTPS when you install the MBAM Server. If you then go to the Administration and Monitoring Website (also known as Help Desk) and select a report, the following message appears: "Only Secure Content is Displayed." To show the report, click **Show All Content**. -~~~ - - - -6. On the server where the Administration and Monitoring Website feature is configured, run **Server Manager**, browse to **Roles**, and then select **Web Server (IIS)** > **Internet Information Services (IIS) Manager**. - -7. In **Connections**, browse to *<computer name>* and select **Sites** > **Microsoft BitLocker Administration and Monitoring**. Verify that the following are listed: - - - **MBAMAdministrationService** - - - **MBAMComplianceStatusService** - - - **MBAMRecoveryAndHardwareService** - -8. On the server where the Administration and Monitoring Website and Self-Service Portal are configured, open a web browser with administrative credentials. - -9. Browse to the following websites to verify that they load successfully: - - - https(s)://<*MBAMAdministrationServerName*>:<*port*>/HelpDesk/ - confirm each of the links for navigation and reports - - - http(s)://< *MBAMAdministrationServerName*>:<*port*>/SelfService/ - - **Note** - It is assumed that you configured the server features on the default port without network encryption. If you configured the server features on a different port or virtual directory, change the URLs to include the appropriate port, for example: - - http(s)://< *host name*>:<*port*>/HelpDesk/ - - http(s)://< *host name*>:<*port*>/<*virtualdirectory*>/ - - If the server features were configured with network encryption, change http:// to https://. - - - -10. Browse to the following web services to verify that they load successfully. A page opens to indicate that the service is running, but the page does not display any metadata. - - - http(s)://< *MBAMAdministrationServerName*>:<*port*>/MBAMAdministrationService/AdministrationService.svc - - - http(s)://< *MBAMAdministrationServerName*>:<*port*>/MBAMUserSupportService/UserSupportService.svc - - - http(s)://< *MBAMAdministrationServerName*>:<*port*>/MBAMComplianceStatusService/StatusReportingService.svc - - - http(s)://< *MBAMAdministrationServerName*>:<*port*>/MBAMRecoveryAndHardwareService/CoreService.svc - -## Validating the MBAM Server deployment with the Configuration Manager Integration topology - - -Use the following steps to validate your MBAM deployment with the Configuration Manager Integration topology. Complete the validation steps that match the version of Configuration Manager that you are using. - -### Validating the MBAM Server deployment with System Center 2012 Configuration Manager - -Use these steps to validate your MBAM Server deployment when you are using MBAM with System Center 2012 Configuration Manager. - -**To validate a Configuration Manager Integration MBAM Server deployment – System Center 2012 Configuration Manager** - -1. On the server where System Center 2012 Configuration Manager is deployed, open **Programs and Features** in **Control Panel**, and verify that **Microsoft BitLocker Administration and Monitoring** appears. - - **Note** - To validate the configuration, you must use a domain account that has local computer administrative credentials on each server. - - - -2. In the Configuration Manager console, click the **Assets and Compliance** workspace > **Device Collections**, and confirm that a new collection called **MBAM Supported Computers** is displayed. - -3. In the Configuration Manager console, click the **Monitoring** workspace > **Reporting** > **Reports** > **MBAM**. - -4. Verify that the **MBAM** folder contains subfolders, with names that represent different languages, and that the following reports are listed in each language subfolder: - - - BitLocker Computer Compliance - - - BitLocker Enterprise Compliance Dashboard - - - BitLocker Enterprise Compliance Details - - - BitLocker Enterprise Compliance Summary - -5. In the Configuration Manager console, click the **Assets and Compliance** workspace > **Compliance Settings** > **Configuration Baselines**, and confirm that the configuration baseline **BitLocker Protection** is listed. - -6. In the Configuration Manager console, click the **Assets and Compliance** workspace > **Compliance Settings** > **Configuration Items**, and confirm that the following new configuration items are displayed: - - - BitLocker Fixed Data Drives Protection - - - BitLocker Operating System Drive Protection - -### Validating the MBAM Server deployment with Configuration Manager 2007 - -Use these steps to validate your MBAM Server deployment when you are using MBAM with Configuration Manager 2007. - -**To validate a Configuration Manager Integration MBAM Server deployment – Configuration Manager 2007** - -1. On the server where Configuration Manager 2007 is deployed, open **Programs and Features** on **Control Panel** , and verify that **Microsoft BitLocker Administration and Monitoring** appears. - - **Note** - To validate the configuration, you must use a domain account that has local computer administrative credentials on each server. - - - -2. In the Configuration Manager console, click **Site Database <SiteCode> - <ServerName>, <SiteName>), Computer Management**, and confirm that a new collection called **MBAM Supported Computers** is displayed. - -3. In the Configuration Manager console, click **Reporting** > **Reporting Services** > **\\\\<ServerName>** > **Report Folders** > **MBAM**. - - Verify that the **MBAM** folder contains subfolders, with names that represent different languages, and that the following reports are listed in each language subfolder: - - - BitLocker Computer Compliance - - - BitLocker Enterprise Compliance Dashboard - - - BitLocker Enterprise Compliance Details - - - BitLocker Enterprise Compliance Summary - -4. In the Configuration Manager console, click **Desired Configuration Management** > **Configuration Baselines**, and confirm that the configuration baseline **BitLocker Protection** is listed. - -5. In the Configuration Manager console, click **Desired Configuration Management** > **Configuration Items**, and confirm that the following new configuration items are displayed: - - - BitLocker Fixed Data Drives Protection - - - BitLocker Operating System Drive Protection - - - -## Related topics - - -[Configuring the MBAM 2.5 Server Features](configuring-the-mbam-25-server-features.md) - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - - - - diff --git a/mdop/mbam-v25/viewing-mbam-25-reports-for-the-configuration-manager-integration-topology.md b/mdop/mbam-v25/viewing-mbam-25-reports-for-the-configuration-manager-integration-topology.md deleted file mode 100644 index 66de3b12f9..0000000000 --- a/mdop/mbam-v25/viewing-mbam-25-reports-for-the-configuration-manager-integration-topology.md +++ /dev/null @@ -1,493 +0,0 @@ ---- -title: Viewing MBAM 2.5 Reports for the Configuration Manager Integration Topology -description: Viewing MBAM 2.5 Reports for the Configuration Manager Integration Topology -author: dansimp -ms.assetid: 60d11b2f-3a76-4023-8da4-f89e9f35b790 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Viewing MBAM 2.5 Reports for the Configuration Manager Integration Topology - - -This topic describes the reports that are available when you configure Microsoft BitLocker Administration and Monitoring (MBAM) with the Configuration Manager Integration topology. The reports show BitLocker compliance for the enterprise and for individual computers and devices that MBAM manages. The reports provide tabular information and charts, and they have filters that let you view data from different perspectives. - -In the Configuration Manager Integration topology, you view reports from Configuration Manager rather than from the Administration and Monitoring Website, with the exception of the **Recovery Audit Report**, which you continue to view from the Administration and Monitoring Website. - -For information about MBAM reports for the Stand-alone topology, see [Viewing MBAM 2.5 Reports for the Stand-alone Topology](viewing-mbam-25-reports-for-the-stand-alone-topology.md). - -## Accessing reports in Configuration Manager - - -To access the Reports feature in Configuration Manager: - - ---- - - - - - - - - - - - - - - - - -
Version of Configuration ManagerHow to view the reports

System Center 2012 Configuration Manager

    -

  1. In the left pane, select the Monitoring workspace.

    2. -

  2. In the tree, expand Overview > Reporting > Reports > MBAM.

    3. -

  3. Select the folder that represents the language in which you want to view reports, and then select the report from the right pane.

    4. -

Configuration Manager 2007

    -

  1. In the left pane, expand Computer Management > Reporting > Reporting Services > <server name> > Report folders > MBAM.

    2. -

  2. Select the folder that represents the language in which you want to view reports, and then select the report from the right pane.

    3. -
- - - -## Description of reports in Configuration Manager - - -There are a few minor differences in the reports for the Configuration Manager Integration topology and the Stand-alone topology. The following sections describe the data in the MBAM reports for the Configuration Manager Integration topology: - -- [BitLocker Enterprise Compliance Dashboard](#bkmk-dashboard) - -- [BitLocker Enterprise Compliance Details](#bkmk-compliancedetails) - -- [BitLocker Enterprise Compliance Summary](#bkmk-compliancesummary) - -- [BitLocker Computer Compliance Report](#bkmk-compliancereport) - -### BitLocker Enterprise Compliance Dashboard - -The BitLocker Enterprise Compliance Dashboard provides the following graphs, which show BitLocker compliance status across the enterprise: - -- Compliance Status Distribution - -- Non Compliant Errors Distribution - -- Compliance Status Distribution by Drive Type - -**Compliance Status Distribution** - -This pie chart shows compliance status for computers within the enterprise. It also shows the percentage of computers, compared to the total number of computers in the selected collection, that has that compliance status. The actual number of computers with each status is also shown. The pie chart shows the following compliance statuses: - -- Compliant - -- Non Compliant - -- User Exempt - -- Temporary User Exempt - -- Policy Not Enforced - -- Unknown. These computers reported a status error, or they are part of the collection, but have never reported their compliance status. The lack of a compliance status could occur if the computer is disconnected from the organization. - -**Non Compliant Errors Distribution** - -This pie chart shows the categories of computers in the enterprise that are not compliant with the BitLocker Drive Encryption policy, and shows the number of computers in each category. Each category percentage is calculated from the total number of non-compliant computers in the collection. - -- User postponed encryption - -- Unable to find compatible TPM - -- System partition not available or large enough - -- Policy conflict - -- Waiting for TPM auto provisioning - -- An unknown error has occurred - -- No information. These computers do not have the MBAM Client installed, or they have the MBAM Client installed but not activated (for example, the service is not working). - -**Compliance Status Distribution by Drive Type** - -This bar chart shows the current BitLocker compliance status by drive type. The statuses are **Compliant** and **Non Compliant**. Bars are shown for fixed data drives and operating system drives. Computers that do not have a fixed data drive are included and show a value only in the **Operating System Drive** bar. The chart does not include users who have been granted an exemption from the BitLocker Drive Encryption policy or the No Policy category. - -### BitLocker Enterprise Compliance Details - -This report shows information about the overall BitLocker compliance across your enterprise for the collection of computers that is targeted for BitLocker use. - -**BitLocker Enterprise Compliance Details Fields** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Column NameDescription

Managed Computers

Number of computers that MBAM manages.

% Compliant

Percentage of compliant computers in the enterprise.

% Non-Compliant

Percentage of non-compliant computers in the enterprise.

% Unknown Compliance

Percentage of computers with a compliance state that is not known.

% Exempt

Percentage of computers exempt from the BitLocker encryption requirement.

% Non-Exempt

Percentage of computers not exempt from the BitLocker encryption requirement.

Compliant

Percentage of compliant computers in the enterprise.

Non-Compliant

Percentage of non-compliant computers in the enterprise.

Unknown Compliance

Percentage of computers with a compliance state that is not known.

Exempt

Total computers that are exempt from the BitLocker encryption requirement.

Non-Exempt

Total computers that are not exempt from the BitLocker encryption requirement.

- - - -**BitLocker Enterprise Compliance Details States** - - ----- - - - - - - - - - - - - - - - - - - - -
Compliance StatusExemptionDescription

Noncompliant

Not exempt

The computer is noncompliant, according to the specified policy.

Compliant

Not exempt

The computer is compliant in accordance with the specified policy.

- - - -### BitLocker Enterprise Compliance Summary - -Use this report type to show information about the overall BitLocker compliance across your enterprise and to show the compliance for individual computers that are in the collection of computers that is targeted for BitLocker use. - -**BitLocker Enterprise Compliance Summary Fields** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Column NameDescription

Managed Computers

Number of computers that MBAM manages.

% Compliant

Percentage of compliant computers in the enterprise.

% Non-Compliant

Percentage of non-compliant computers in the enterprise.

% Unknown Compliance

Percentage of computers with a compliance state that is not known.

% Exempt

Percentage of computers exempt from the BitLocker encryption requirement.

% Non-Exempt

Percentage of computers not exempt from the BitLocker encryption requirement.

Compliant

Percentage of compliant computers in the enterprise.

Non-Compliant

Percentage of non-compliant computers in the enterprise.

Unknown Compliance

Percentage of computers with a compliance state that is not known.

Exempt

Total computers that are exempt from the BitLocker encryption requirement.

Non-Exempt

Total computers that are not exempt from the BitLocker encryption requirement.

- - - -**BitLocker Enterprise Compliance Summary Computer Details** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Column NameDescription

Computer Name

User-specified DNS computer name that is being managed by MBAM.

Domain Name

Fully qualified domain name, where the client computer resides and is managed by MBAM.

Compliance Status

Overall compliance status of the computer managed by MBAM. Valid states are Compliant and Noncompliant. Notice that the compliance status per drive (see the table that follows) may indicate different compliance states. However, this field represents that compliance state, in accordance with the policy specified.

Exemption

Status that indicates whether the user is exempt or non-exempt from the BitLocker policy.

Device Users

User of the device.

Compliance Status Details

Error and status messages about the compliance state of the computer in accordance with the policy specified.

Last Contact

Date and time that the computer last contacted the server to report compliance status. The contact frequency is configurable through the Group Policy settings.

- - - -### BitLocker Computer Compliance Report - -Use this report type to collect information that is specific to a computer. The BitLocker Computer Compliance Report provides detailed encryption information about each drive on a computer (operating system and fixed data drives). It also provides an indication of the policy that is applied to each drive type on the computer. To view the details of each drive, expand the Computer Name entry. - -**Note**   -The Removable Data Volume encryption status is not shown in this report. - - - -**BitLocker Computer Compliance Report: Computer Details Fields** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Column NameDescription

Computer Name

User-specified DNS computer name that is being managed by MBAM.

Domain Name

Fully qualified domain name, where the client computer resides and is managed by MBAM.

Computer Type

Type of computer. Valid types are Non-Portable and Portable.

Operating System

Operating System type found on the MBAM managed client computer.

Overall Compliance

Overall compliance status of the computer managed by MBAM. Valid states are Compliant and Noncompliant. Notice that the compliance status per drive (see the table that follows) may indicate different compliance states. However, this field represents that compliance state in accordance with the policy specified.

Operating System Compliance

Compliance status of the operating system that is managed by MBAM. Valid states are Compliant and Noncompliant.

Fixed Data Drive Compliance

Compliance status of the fixed data drive that is managed by MBAM. Valid states are Compliant and Noncompliant.

Last Update Date

Date and time that the computer last contacted the server to report compliance status. The contact frequency is configurable through the Group Policy settings.

Exemption

Status that indicates whether the user is exempt or non-exempt from the BitLocker policy.

Exempted User

User who is exempt from the BitLocker policy.

Exemption Date

Date on which the exemption was granted.

Compliance Status Details

Error and status messages about the compliance state of the computer in accordance with the policy specified.

Policy Cipher Strength

Cipher strength selected by the Administrator during the MBAM policy specification (for example, 128-bit with diffuser).

Policy: Operating System Drive

Indicates if encryption is required for the operating system and the appropriate protector type.

Policy: Fixed Data Drive

Indicates if encryption is required for the fixed data drive.

Manufacturer

Computer manufacturer name as it appears in the computer BIOS.

Model

Computer manufacturer model name as it appears in the computer BIOS.

Device Users

Known users on the computer that is being managed by MBAM.

- - - -**BitLocker Computer Compliance Report: Computer Volume Fields** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Column NameDescription

Drive Letter

Computer drive letter that was assigned to the particular drive by the user.

Drive Type

Type of drive. Valid values are Operating System Drive and Fixed Data Drive. These are physical drives rather than logical volumes.

Cipher Strength

Cipher strength selected by the Administrator during MBAM policy specification.

Protector Types

Type of protector selected through the policy used to encrypt an operating system or fixed data drive. The valid protector types for an operating system are TPM or TPM+PIN. The valid protector type for a fixed data drive is a password.

Protector State

Indicates that the computer being managed by MBAM has enabled the protector type specified in the policy. The valid states are ON or OFF.

Encryption State

Encryption state of the drive. Valid states are Encrypted, Not Encrypted, and Encrypting.

- - - -## Related topics - - -[Monitoring and Reporting BitLocker Compliance with MBAM 2.5](monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md) - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam).  - - - - - diff --git a/mdop/mbam-v25/viewing-mbam-25-reports-for-the-stand-alone-topology.md b/mdop/mbam-v25/viewing-mbam-25-reports-for-the-stand-alone-topology.md deleted file mode 100644 index 9de3997194..0000000000 --- a/mdop/mbam-v25/viewing-mbam-25-reports-for-the-stand-alone-topology.md +++ /dev/null @@ -1,69 +0,0 @@ ---- -title: Viewing MBAM 2.5 Reports for the Stand-alone Topology -description: Viewing MBAM 2.5 Reports for the Stand-alone Topology -author: dansimp -ms.assetid: 50e93c3a-baf1-4378-8fc0-74dd65d76306 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, security -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Viewing MBAM 2.5 Reports for the Stand-alone Topology - - -The Microsoft BitLocker Administration and Monitoring (MBAM) Stand-alone topology provides reports that you use to monitor BitLocker usage and compliance. MBAM reports key recovery activity and the compliance status of the computers and devices that it manages across your enterprise. - -See the following topics for information about Stand-alone reports: - - ---- - - - - - - - - - - - - - - - - -
Report informationLink to detailed information

Report descriptions - MBAM Stand-alone topology

Understanding MBAM 2.5 Stand-alone Reports

Instructions for generating reports - MBAM Stand-alone topology

Generating MBAM 2.5 Stand-alone Reports

- - - -**Note**   -If you are using the Configuration Manager Integration topology, most reports are generated from Configuration Manager rather than from MBAM. See [Viewing MBAM 2.5 Reports for the Configuration Manager Integration Topology](viewing-mbam-25-reports-for-the-configuration-manager-integration-topology.md). - - - - -## Related topics - - -[Monitoring and Reporting BitLocker Compliance with MBAM 2.5](monitoring-and-reporting-bitlocker-compliance-with-mbam-25.md) - - - - - -## Got a suggestion for MBAM? -- Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). -- For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). - - - diff --git a/mdop/medv-v1/TOC.md b/mdop/medv-v1/TOC.md deleted file mode 100644 index c6dd794c5c..0000000000 --- a/mdop/medv-v1/TOC.md +++ /dev/null @@ -1,87 +0,0 @@ -# [Microsoft Enterprise Desktop Virtualization 1](index.md) -## [About This Guide](about-this-guidemedv.md) -## [Getting Started with MED-V](getting-started-with-med-v.md) -### [Overview of MED-V](overview-of-med-v.md) -### [High-Level Architecture](high-level-architecturemedv.md) -### [Key Scenarios for Using MED-V](key-scenarios-for-using-med-v.md) -### [About MED-V 1.0](about-med-v-10.md) -#### [MED-V 1.0 Supported Configurations](med-v-10-supported-configurationsmedv-10.md) -#### [MED-V 1.0 Installation Checklist](med-v-10-installation-checklist.md) -#### [MED-V 1.0 Release Notes](med-v-10-release-notesmedv-10.md) -### [About MED-V 1.0 SP1](about-med-v-10-sp1.md) -#### [MED-V 1.0 SP1 Supported Configurations](med-v-10-sp1-supported-configurationsmedv-10-sp1.md) -#### [MED-V 1.0 SP1 Upgrade Checklist](med-v-10-sp1-upgrade-checklistmedv-10-sp1.md) -#### [MED-V 1.0 SP1 and SP2 Release Notes](med-v-10-sp1-and-sp2-release-notesmedv-10-sp1.md) -## [MED-V Infrastructure Planning and Design](med-v-infrastructure-planning-and-design.md) -### [Define the Project Scope](define-the-project-scope.md) -### [Identify the Number of MED-V Instances](identify-the-number-of-med-v-instances.md) -### [Design the MED-V Server Infrastructure](design-the-med-v-server-infrastructure.md) -### [Design the MED-V Image Repositories](design-the-med-v-image-repositories.md) -## [MED-V Deployment and Configuration](med-v-deployment-and-configuration.md) -### [MED-V Installation Prerequisites](med-v-installation-prerequisites.md) -### [Supported Configurations](supported-configurationsmedv-orientation.md) -#### [MED-V 1.0 Supported Configurations](med-v-10-supported-configurationsmedv-10.md) -#### [MED-V 1.0 SP1 Supported Configurations](med-v-10-sp1-supported-configurationsmedv-10-sp1.md) -### [Installation and Upgrade Checklists](installation-and-upgrade-checklists.md) -#### [MED-V 1.0 Installation Checklist](med-v-10-installation-checklist.md) -#### [MED-V 1.0 SP1 Upgrade Checklist](med-v-10-sp1-upgrade-checklistmedv-10-sp1.md) -### [Installing and Configuring MED-V Components](installing-and-configuring-med-v-components.md) -#### [How to Install and Configure the MED-V Server Component](how-to-install-and-configure-the-med-v-server-component.md) -#### [How to Configure the Image Web Distribution Server](how-to-configure-the-image-web-distribution-server.md) -#### [How to Install MED-V Client and MED-V Management Console](how-to-install-med-v-client-and-med-v-management-console.md) -#### [How to Uninstall MED-V Components](how-to-uninstall-med-v-componentsmedvv2.md) -### [Creating a Virtual PC Image for MED-V](creating-a-virtual-pc-image-for-med-v.md) -### [Creating a MED-V Workspace](creating-a-med-v-workspacemedv-10-sp1.md) -### [Configuring MED-V Workspace Policies](configuring-med-v-workspace-policies.md) -#### [How to Apply General Settings to a MED-V Workspace](how-to-apply-general-settings-to-a-med-v-workspace.md) -#### [How to Apply Virtual Machine Settings to a MED-V Workspace](how-to-apply-virtual-machine-settings-to-a-med-v-workspace.md) -#### [How to Configure a Domain User or Group](how-to-configure-a-domain-user-or-groupmedvv2.md) -#### [How to Configure Published Applications](how-to-configure-published-applicationsmedvv2.md) -#### [How to Configure Web Settings for a MED-V Workspace](how-to-configure-web-settings-for-a-med-v-workspace.md) -#### [How to Configure the Virtual Machine Setup for a MED-V Workspace](how-to-configure-the-virtual-machine-setup-for-a-med-v-workspace.md) -##### [How to Configure the Virtual Machine Setup for a MED-V Workspace](how-to-configure-the-virtual-machine-setup-for-a-med-v-workspacemedvv2.md) -##### [How to Configure VM Computer Name Pattern Properties](how-to-configure-vm-computer-name-pattern-propertiesmedvv2.md) -##### [Examples of Virtual Machine Configurations](examples-of-virtual-machine-configurationsv2.md) -#### [How to Apply Network Settings to a MED-V Workspace](how-to-apply-network-settings-to-a-med-v-workspace.md) -#### [How to Apply Performance Settings to a MED-V Workspace](how-to-apply-performance-settings-to-a-med-v-workspace.md) -#### [How to Import and Export a Policy](how-to-import-and-export-a-policy.md) -### [Configuring MED-V for Remote Networks](configuring-med-v-for-remote-networks.md) -### [Configuring MED-V Server for Cluster Mode](configuring-med-v-server-for-cluster-mode.md) -## [MED-V Operations](med-v-operations.md) -### [Using the MED-V Management Console User Interface](using-the-med-v-management-console-user-interface.md) -### [Creating a MED-V Image](creating-a-med-v-image.md) -#### [How to Create and Test a MED-V Image](how-to-create-and-test-a-med-v-image.md) -#### [How to Pack a MED-V Image](how-to-pack-a-med-v-image.md) -#### [How to Upload a MED-V Image to the Server](how-to-upload-a-med-v-image-to-the-server.md) -#### [How to Localize a MED-V Image](how-to-localize-a-med-v-image.md) -#### [How to Update a MED-V Image](how-to-update-a-med-v-image.md) -#### [How to Delete a MED-V Image](how-to-delete-a-med-v-image.md) -### [Deploying a MED-V Workspace Using an Enterprise Software Distribution System](deploying-a-med-v-workspace-using-an-enterprise-software-distribution-system.md) -#### [How to Install MED-V Client](how-to-install-med-v-clientesds.md) -#### [How to Deploy a Workspace Image](how-to-deploy-a-workspace-imageesds.md) -### [Deploying a MED-V Workspace Using a Deployment Package](deploying-a-med-v-workspace-using-a-deployment-package.md) -#### [How to Configure a Deployment Package](how-to-configure-a-deployment-package.md) -#### [How to Install MED-V Client](how-to-install-med-v-clientdeployment-package.md) -#### [How to Deploy a Workspace Image](how-to-deploy-a-workspace-imagedeployment-package.md) -### [Updating a MED-V Workspace Image](updating-a-med-v-workspace-image.md) -### [MED-V Client Operations](med-v-client-operations.md) -#### [How to Start and Exit the MED-V Client](how-to-start-and-exit-the-med-v-client.md) -#### [How to Start, Stop, and Restart a MED-V Workspace](how-to-start-stop-and-restart-a-med-v-workspace.md) -#### [How to View MED-V Settings and General Information](how-to-view-med-v-settings-and-general-information.md) -#### [How to Lock and Unlock a Workspace](how-to-lock-and-unlock-a-workspace.md) -#### [MED-V Client Tools](med-v-client-toolsv2.md) -## [Troubleshooting MED-V](troubleshooting-med-v.md) -## [Technical Reference](technical-referencemedv-10-sp1.md) -### [MED-V Reporting](med-v-reporting.md) -#### [How to Generate Reports](how-to-generate-reports-medvv2.md) -#### [How to Work with Reports](how-to-work-with-reports.md) -### [MED-V Trim Transfer Technology](med-v-trim-transfer-technology-medvv2.md) -### [How to Back Up and Restore a MED-V Server](how-to-back-up-and-restore-a-med-v-server.md) -### [How to Share Folders Between the Host and the MED-V Workspace](how-to-share-folders-between-the-host-and-the-med-v-workspace.md) -### [How to Set MED-V Workspace Deletion Options](how-to-set-med-v-workspace-deletion-options.md) -### [How to Set Advanced File Transfer Options](how-to-set-advanced-file-transfer-options.md) -### [How to Edit a Published Application with Advanced Settings](how-to-edit-a-published-application-with-advanced-settings.md) -### [How to Set Up Script Actions](how-to-set-up-script-actions.md) -### [Client Installation Command Line Reference](client-installation-command-line-reference.md) -### [How to Configure Image Pre-staging](how-to-configure-image-pre-staging.md) - diff --git a/mdop/medv-v1/about-med-v-10-sp1.md b/mdop/medv-v1/about-med-v-10-sp1.md deleted file mode 100644 index f9d3fc4573..0000000000 --- a/mdop/medv-v1/about-med-v-10-sp1.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: About MED-V 1.0 SP1 -description: About MED-V 1.0 SP1 -author: dansimp -ms.assetid: 4c16e935-46c4-49c3-9e53-c60404d5da0c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About MED-V 1.0 SP1 - - -Microsoft Enterprise Desktop Virtualization (MED-V) 1.0 Service Pack 1 (SP1) provides support for Windows 7 and Windows Server 2008 R2. - -The topics in this section provide information relating specifically to MED-V 1.0 SP1. - -## In This Section - - -[MED-V 1.0 SP1 Supported Configurations](med-v-10-sp1-supported-configurationsmedv-10-sp1.md) -Delineates the supported configurations for MED-V 1.0 SP1. - -[MED-V 1.0 SP1 Upgrade Checklist](med-v-10-sp1-upgrade-checklistmedv-10-sp1.md) -Provides a step-by-step procedure for upgrading from MED-V 1.0 to MED-V 1.0 SP1. - -[MED-V 1.0 SP1 and SP2 Release Notes](med-v-10-sp1-and-sp2-release-notesmedv-10-sp1.md) -Provides known issues specific to MED-V 1.0 SP1. - -## Related topics - - -[MED-V 1.0 Release Notes](med-v-10-release-notesmedv-10.md) - -  - -  - - - - - diff --git a/mdop/medv-v1/about-med-v-10.md b/mdop/medv-v1/about-med-v-10.md deleted file mode 100644 index 8a99314de9..0000000000 --- a/mdop/medv-v1/about-med-v-10.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: About MED-V 1.0 -description: About MED-V 1.0 -author: dansimp -ms.assetid: 89651022-a2ba-4d8a-a3ff-68539ea7a235 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About MED-V 1.0 - - -## In This Section - - -This section provides information related specifically to MED-V 1.0 and includes the following topics: - -[MED-V 1.0 Supported Configurations](med-v-10-supported-configurationsmedv-10.md) -Delineates the supported configurations for MED-V 1.0. - -[MED-V 1.0 Installation Checklist](med-v-10-installation-checklist.md) -Provides a list of all the steps required for installing MED-V 1.0. - -[MED-V 1.0 Release Notes](med-v-10-release-notesmedv-10.md) -Provides a list of known issues with MED-V. - -## Related topics - - -[MED-V 1.0 SP1 and SP2 Release Notes](med-v-10-sp1-and-sp2-release-notesmedv-10-sp1.md) - -  - -  - - - - - diff --git a/mdop/medv-v1/about-this-guidemedv.md b/mdop/medv-v1/about-this-guidemedv.md deleted file mode 100644 index cf20d13c06..0000000000 --- a/mdop/medv-v1/about-this-guidemedv.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: About This Guide -description: About This Guide -author: dansimp -ms.assetid: 17d8f150-226e-45f8-87e3-f425a77243e4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About This Guide - - -This Planning, Deployment, and Operations guide for Microsoft Enterprise Desktop Virtualization (MED-V) provides background information about MED-V, installing MED-V, and how it works and explains how to correctly use the product. The guide includes the following: - -- System requirements and supported platforms - -- Environmental prerequisites and considerations - -- Step-by-step instructions for installing MED-V server, management, and client - -- Step-by-step instructions for configuring MED-V image, workspace, and policy - -- Step-by-step instructions for deploying a MED-V workspace - -- MED-V client operations - -  - -  - - - - - diff --git a/mdop/medv-v1/client-installation-command-line-reference.md b/mdop/medv-v1/client-installation-command-line-reference.md deleted file mode 100644 index 44326e2a47..0000000000 --- a/mdop/medv-v1/client-installation-command-line-reference.md +++ /dev/null @@ -1,130 +0,0 @@ ---- -title: Client Installation Command Line Reference -description: Client Installation Command Line Reference -author: dansimp -ms.assetid: 122a593d-3314-4e9b-858a-08a25ed00c32 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Client Installation Command Line Reference - - -**To install MED-V from the command line** - -1. From the command line, run the MED-V .msi package followed by any of the optional parameters described in the following table. - -2. The MED-V .msi package is called *MED-V\_x.msi*, where *x* is the version number. - - For example, *MED-V\_1.0.65.msi*. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterValueDescription

/quiet

Silent installation

/log <full path to log file>

The full path to the log file.

INSTALLDIR

The full path to the installation directory.

VMSFOLDER

The full path to the virtual machine folder.

INSTALL_ADMIN_TOOLS

1,0

-

Default: 0

Installs MED-V administration tools.

START_AUTOMATICALLY

1,0

-

Default: 0

Automatically starts MED-V client every time the user logs on to Windows.

SERVER_ADDRESS

host name or IP

SERVER_PORT

port

SERVER_SSL

1,0

-

for https or http

START_MEDV

1,0

-

Default: 1

Starts MED-V at the completion of the MED-V installation.

-
-Note

It is recommended to set START_MEDV=0 in case MED-V is installed by the system.

-
-
- -

DESKTOP_SHORTCUT

1,0

-

Default: 1

Creates a shortcut on the desktop, which starts MED-V client.

MINIMAL_RAM_REQUIRED

RAM in MB

When installing MED-V, checks whether the computer has the minimum amount of RAM specified. If not, installation is aborted.

SKIP_OS_CHECK

1,0

Omits the operating system validation.

- - - - - - - - - - - diff --git a/mdop/medv-v1/configuring-med-v-for-remote-networks.md b/mdop/medv-v1/configuring-med-v-for-remote-networks.md deleted file mode 100644 index cdb27ae2fd..0000000000 --- a/mdop/medv-v1/configuring-med-v-for-remote-networks.md +++ /dev/null @@ -1,82 +0,0 @@ ---- -title: Configuring MED-V for Remote Networks -description: Configuring MED-V for Remote Networks -author: dansimp -ms.assetid: 4d2f0081-622f-4a6f-8d73-f8c2108036e0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configuring MED-V for Remote Networks - - -You can configure MED-V to work from inside a network, remotely, or both from inside the network and remotely. - -## - - -**To configure MED-V to work from inside a network** - -- Configure a MED-V server and image distribution inside the network. - -**To configure MED-V to work remotely** - -1. Configure a MED-V server and an image distribution server that are accessible from the Internet. - -2. If needed, configure a perimeter network (also called a DMZ) reverse proxy. - -3. Set the authentication method, in the *ClientSettings.xml* file, which can be found in the **Servers\\Configuration Server\\** folder. - -**To configure MED-V to work both from inside a network and remotely** - -1. Configure a MED-V server and image distribution server inside the network. - -2. Ensure that the servers are accessible from the Internet. - -3. Configure the DNS resolution so that when the client attempts to connect to a server, it automatically connects to the correct server (within the network or over the Internet) based on the client location. - -4. If needed, configure a perimeter network reverse proxy. - -5. Set the authentication method, in the *ClientSettings.xml* file, which can be found in the **Servers\\Configuration Server\\** folder. - -**Note**   -When applying new settings, the service must be restarted. - - - -- You can change the IIS authentication scheme to one of the following: BASIC, DIGEST, NTLM, or NEGOTIATE. The default is NEGOTIATE and uses the following entry: - - ```xml - - - - - - - - - BG_AUTH_SCHEME_NEGOTIATE - - - ``` - -## Related topics - - -[MED-V Infrastructure Planning and Design](med-v-infrastructure-planning-and-design.md) - - - - - - - - - diff --git a/mdop/medv-v1/configuring-med-v-server-for-cluster-mode.md b/mdop/medv-v1/configuring-med-v-server-for-cluster-mode.md deleted file mode 100644 index 1b03f70a10..0000000000 --- a/mdop/medv-v1/configuring-med-v-server-for-cluster-mode.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Configuring MED-V Server for Cluster Mode -description: Configuring MED-V Server for Cluster Mode -author: dansimp -ms.assetid: 41f0b2a3-4ce9-48e1-a6fb-4c13c4228515 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configuring MED-V Server for Cluster Mode - - -You can configure the MED-V server in cluster mode. In cluster mode, two servers are used and all files identified as mutual to both servers are placed on a file system. The server accesses the files from the file system rather than storing the files locally. - -## - - -**To configure the MED-V server in cluster mode** - -1. Install and configure MED-V on one of the servers. - -2. Create a shared network in a central location where all of the servers can access it. - -3. Copy the contents of the *<InstallDir>/Servers/ConfigurationServer* folder to the shared network. - -4. Install MED-V server on all designated servers. - -5. On the shared network, assign full access to all MED-V server system accounts. - -6. On each server, do the following: - - 1. In the *<InstallDir>/Servers/ServerConfiguration.xml* file, set the value of *<StorePath>* to the shared network path. - - 2. Copy the *<InstsallDir>/Servers/KeyPair.xml* file from the original server to all MED-V servers. - - 3. Restart the MED-V service. - -**Note**   -If all servers have the same local settings (such as listening ports, IIS server, management permissions, report database, and so on), the *<InstallDir>/Servers/ServerSettings.xml* can be shared by all servers as well. - - - -## Related topics - - -[MED-V Infrastructure Planning and Design](med-v-infrastructure-planning-and-design.md) - - - - - - - - - diff --git a/mdop/medv-v1/configuring-med-v-workspace-policies.md b/mdop/medv-v1/configuring-med-v-workspace-policies.md deleted file mode 100644 index 34784f4a18..0000000000 --- a/mdop/medv-v1/configuring-med-v-workspace-policies.md +++ /dev/null @@ -1,72 +0,0 @@ ---- -title: Configuring MED-V Workspace Policies -description: Configuring MED-V Workspace Policies -author: dansimp -ms.assetid: 0eaed981-cbf3-4b16-a4b7-4705c5705dc7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configuring MED-V Workspace Policies - - -A MED-V workspace policy is a group of configurable settings that define how the virtualized environment and applications perform on the host machine. The topics in this section describe all the configurable settings in the MED-V workspace policy as well as how these settings influence the MED-V workspace. - -The following MED-V workspace types are available: - -- **Persistent**—In a persistent MED-V workspace, all changes and additions the user makes to the MED-V workspace are saved in the MED-V workspace between sessions. Additionally, a persistent MED-V workspace is generally used in a domain environment. - -- **Revertible**—In a revertible MED-V workspace, at the completion of each session (that is, when the MED-V workspace is stopped), the MED-V workspace reverts to its original state during deployment. No changes or additions that the user made are saved on the MED-V workspace between sessions. A revertible MED-V workspace cannot be used in a domain environment. - -It is important to decide on the type of MED-V workspace you are creating before deploying the MED-V workspace, because it is not recommended to reconfigure the type of MED-V workspace after a policy has been deployed to users. - -**Note**   -When configuring a policy, a warning symbol appears next to mandatory fields that are not filled in. If a mandatory field is not filled in, the symbol appears on the tab as well. - - - -## In This Section - - -[How to Apply General Settings to a MED-V Workspace](how-to-apply-general-settings-to-a-med-v-workspace.md) -Describes the general settings of a MED-V workspace, and how to apply them to a policy. - -[How to Apply Virtual Machine Settings to a MED-V Workspace](how-to-apply-virtual-machine-settings-to-a-med-v-workspace.md) -Describes the virtual machine settings for a MED-V workspace, and how to apply them to a policy. - -[How to Configure a Domain User or Group](how-to-configure-a-domain-user-or-groupmedvv2.md) -Describes how to configure domain users and groups. - -[How to Configure Published Applications](how-to-configure-published-applicationsmedvv2.md) -Describes published applications and menus, and how to apply them to a policy. - -[How to Configure Web Settings for a MED-V Workspace](how-to-configure-web-settings-for-a-med-v-workspace.md) -Describes the Web settings available for a MED-V workspace, and how to apply them to a policy. - -[How to Configure the Virtual Machine Setup for a MED-V Workspace](how-to-configure-the-virtual-machine-setup-for-a-med-v-workspace.md) -Describes the virtual machine setup for a MED-V workspace, and how to apply it to a policy. - -[How to Apply Network Settings to a MED-V Workspace](how-to-apply-network-settings-to-a-med-v-workspace.md) -Describes the network settings of a MED-V workspace, and how to apply them to a policy. - -[How to Apply Performance Settings to a MED-V Workspace](how-to-apply-performance-settings-to-a-med-v-workspace.md) -Describes the performance settings of a MED-V workspace, and how to apply them to a policy. - -[How to Import and Export a Policy](how-to-import-and-export-a-policy.md) -Describes how to import and export a policy. - - - - - - - - - diff --git a/mdop/medv-v1/creating-a-med-v-image.md b/mdop/medv-v1/creating-a-med-v-image.md deleted file mode 100644 index 4b9d3222fb..0000000000 --- a/mdop/medv-v1/creating-a-med-v-image.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: Creating a MED-V Image -description: Creating a MED-V Image -author: dansimp -ms.assetid: 7cbbcd22-83f5-4b60-825f-781b4c6a2d36 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Creating a MED-V Image - - -## In This Section - - -This section describes how to configure a MED-V image on a computer on which the MED-V client and MED-V management application are installed, and explains the following: - -[How to Create and Test a MED-V Image](how-to-create-and-test-a-med-v-image.md) -Describes how to create a MED-V image, and then test the image locally. - -[How to Pack a MED-V Image](how-to-pack-a-med-v-image.md) -Describes how to pack a MED-V image so that it can be added to a deployment package or uploaded to the server. - -[How to Upload a MED-V Image to the Server](how-to-upload-a-med-v-image-to-the-server.md) -Describes how to upload a MED-V image to the server. - -[How to Localize a MED-V Image](how-to-localize-a-med-v-image.md) -Describes how to localize a MED-V image either through extracting or downloading the image. - -[How to Update a MED-V Image](how-to-update-a-med-v-image.md) -Describes how to update a MED-V image to create a new version of the image. - -[How to Delete a MED-V Image](how-to-delete-a-med-v-image.md) -Describes how to delete a MED-V image. - -**Note**   -After the MED-V image is configured, the computer should not be part of a domain because the join domain procedure should be performed on the client after the deployment, as part of the MED-V workspace setup. - - - - - - - - - - - diff --git a/mdop/medv-v1/creating-a-med-v-workspacemedv-10-sp1.md b/mdop/medv-v1/creating-a-med-v-workspacemedv-10-sp1.md deleted file mode 100644 index 49db131ccf..0000000000 --- a/mdop/medv-v1/creating-a-med-v-workspacemedv-10-sp1.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: Creating a MED-V Workspace -description: Creating a MED-V Workspace -author: dansimp -ms.assetid: 9578bb99-8a09-44c1-b88f-538901f16ad3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Creating a MED-V Workspace - - -A MED-V workspace is the desktop environment in which end users interact with the virtual machine provided by MED-V. The MED-V workspace is created and customized by the administrator. It consists of an image and the policy, which defines the rules and functionality of the MED-V workspace. Multiple MED-V workspaces can be created, each customized with its own configuration, settings, and rules. A user, group, or multiple users or groups can be associated with each MED-V workspace, thereby making the MED-V workspace available only for the associated user's or group's computers. - -## How to Add a MED-V Workspace - - -**To add a MED-V workspace** - -1. Click the **Policy** management button to open the **Policy** module. - - The **Policy** module consists of the **Workspaces** menu on the left and the **General**, **Virtual Machine**, **Deployment**, **Applications**, **Web**, **VM Setup**, **Network**, and **Performance** tabs. - -2. On the **Policy** menu, select **New Workspace**, or click **Add** to create a new MED-V workspace. - -3. On the **General** tab, in the **Name** field, enter the name of the MED-V workspace. - -4. In the **Description** field, enter a description for the MED-V workspace. - -5. In the **Support contact info** field, enter the contact information for technical support. - - For more information about configuring a MED-V workspace, see [Configuring MED-V Workspace Policies](configuring-med-v-workspace-policies.md). - -## How to Clone a MED-V Workspace - - -A MED-V workspace can be cloned so that you can create a MED-V workspace identical to an existing MED-V workspace. - -**To clone a MED-V workspace** - -1. Click the MED-V workspace to clone. - -2. On the **Policy** menu, select **Clone Workspace**. - - A new MED-V workspace is created with the name <Original MED-V workspace name> - 2. - -## How to Delete a MED-V Workspace - - -**To delete a MED-V workspace** - -- In the **Policy** module, while the workspace pane is in focus, click **Remove**. - -## Related topics - - -[Using the MED-V Management Console User Interface](using-the-med-v-management-console-user-interface.md) - -  - -  - - - - - diff --git a/mdop/medv-v1/creating-a-virtual-pc-image-for-med-v.md b/mdop/medv-v1/creating-a-virtual-pc-image-for-med-v.md deleted file mode 100644 index c73b1b9457..0000000000 --- a/mdop/medv-v1/creating-a-virtual-pc-image-for-med-v.md +++ /dev/null @@ -1,256 +0,0 @@ ---- -title: Creating a Virtual PC Image for MED-V -description: Creating a Virtual PC Image for MED-V -author: dansimp -ms.assetid: 5e02ea07-25b9-41a5-a803-d70c55eef586 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Creating a Virtual PC Image for MED-V - - -To create a Virtual PC (VPC) image for MED-V, you must perform the following: - -1. [Create a VPC image](#bkmk-creatingavirtualmachinebyusingmicrosoftvirtualpc). - -2. [Install the MED-V workspace .msi package onto the VPC image](#bkmk-howtoinstallthemedvworkspacemsipackage). - -3. [Run the MED-V virtual machine prerequisites tool on the VPC image](#bkmk-howtorunthevirtualmachineprerequisitestool). - -4. [Manually configure virtual machine prerequisites on the VPC image](#bkmk-howtoconfiguremedvvirtualmachinemanualinstallationprerequisites). - -5. [Configure Sysprep for MED-V images](#bkmk-howtoconfiguresysprepformedvimages) (optional). - -6. [Turn off Microsoft Virtual PC](#bkmk-turningoffmicrosoftvirtualpc). - -## Creating a Virtual PC Image by Using Microsoft Virtual PC - - -To create a Virtual PC image using Microsoft Virtual PC, refer to the Virtual PC documentation. - -For more information, see the following: - -- [Windows Virtual PC Help](https://go.microsoft.com/fwlink/?LinkId=182378) - -- [Create a virtual machine and install a guest operating system](https://go.microsoft.com/fwlink/?LinkId=182379) - -## How to Install the MED-V Workspace .msi Package - - -After the Virtual PC image is created, install the MED-V workspace .msi package onto the image. - -**To install the MED-V workspace image** - -1. Start the virtual machine, and copy the MED-V workspace .msi package inside. - - The MED-V workspace .msi package is called *MED-V\_workspace\_x.msi*, where *x* is the version number. - - For example, *MED-V\_workspace\_1.0.65.msi*. - -2. Double-click the MED-V workspace .msi package, and follow the installation wizard instructions. - - **Note** - When a new MED-V version is released, and an existing Virtual PC image is updated, uninstall the existing MED-V workspace .msi package, reboot the computer, and install the new MED-V workspace .msi package. - - - -~~~ -**Note** -After the MED-V workspace .msi package is installed, other products that replace GINA cannot be installed. -~~~ - - - -## How to Run the Virtual Machine Prerequisites Tool - - -The virtual machine (VM) prerequisites tool is a wizard that automates several of the prerequisites. - -**Note** -Although many parameters are configurable in the wizard, the properties required for the proper functioning of MED-V are not configurable. - - - -**To run the virtual machine prerequisites tool** - -1. After the MED-V workspace .msi package is installed, on the Windows **Start** menu, select **All Programs > MED-V > VM Prerequisites Tool**. - - **Note** - The user running the virtual machine prerequisites tool must have local administrator rights and must be the only user logged in. - - - -~~~ -The **MED-V VM Prerequisite Wizard Welcome** page appears. -~~~ - -2. Click **Next**. - -3. On the **Windows Settings** page, from the following configurable properties, select the ones to be configured: - - - **Clear users’ personal history information** - - - **Clear local profiles temp directory** - - - **Disable sounds on following Windows events: start, logon, logoff** - - **Note** - Do not enable Windows page saver in a group policy. - - - -4. Click **Next**. - -5. On the **Internet Explorer Settings** page, from the following configurable properties, select the ones to be configured: - - - **Don't use auto complete features** - - - **Disable reuse of windows for launching shortcuts** - - - **Clear browsing history** - - - **Enable tabbed browsing in Internet Explorer 7** - -6. Click **Next**. - -7. On the **Windows Services** page, from the following configurable properties, select the ones to be configured: - - - **Security center service** - - - **Task scheduler service** - - - **Automatic updates service** - - - **System restore service** - - - **Indexing service** - - - **Wireless Zero Configuration** - - - **Fast User Switching Compatibility** - -8. Click **Next**. - -9. On the **Windows Auto Logon** page, do the following: - - 1. Select the **Enable Windows Auto Logon** check box. - - 2. Assign a **User name** and **Password**. - -10. Click **Apply**, and in the confirmation box that appears, click **Yes**. - -11. On the **Summary** page, click **Finish** to quit the wizard - -**Note** -Verify that group policies do not overwrite the mandatory settings set in the prerequisites tool. - - - -## How to Configure MED-V Virtual Machine Manual Installation Prerequisites - - -Several of the configurations cannot be configured through the virtual machine prerequisites tool and must be performed manually. - -- Virtual Machine Settings - - It is recommended to configure the following virtual machine settings in the Microsoft Virtual PC console: - - - Disable floppy disk drives. - - - Disable undo-disks (**Settings > undo-disks**). - - - Ensure that the image has only one virtual CPU. - - - Eliminate interactions between the virtual machine and the user, where they are not related to published applications (such as, messages requiring user input). - -- Image Settings - - Configure the following manual settings inside the image: - - 1. In the **Power Options Properties** window, disable hibernation and sleep. - - 2. Apply the most recent Windows updates. - - 3. In the **Windows Startup and Recovery** dialog box, in the **System Failure** section, clear the **Automatically restart** check box. - - 4. Ensure that the image uses a VLK license key. - -- Installing VPC Additions - - On the **Action** menu, select **Install or Update Virtual Machine Additions**. - -- Configuring Printing - - You can configure printing from the MED-V workspace in either of the following ways: - - - Add a printer to the virtual machine. - - - Allow printing with printers that are configured on the host computer. - -## How to Configure Sysprep for MED-V Images - - -In a MED-V workspace, Sysprep can be configured in order to assign unique security ID (SID), particularly when multiple MED-V workspaces are run on a single computer. It is not recommended to use Sysprep to join a domain; instead, use the MED-V join domain script action as described in [How to Set Up Script Actions](how-to-set-up-script-actions.md). - -**Note** -Sysprep is Microsoft's system preparation utility for the Windows operating system. - - - -**To configure Sysprep in a MED-V workspace** - -1. Create a directory in the root of the system drive named *Sysprep*. - -2. From the Windows installation CD, extract *deploy.cab* to the root of the system drive, or download the latest Deployment Tools update from the Microsoft Web site. - - - For Windows 2000, see [Deployment Tools update for Windows 2000](https://go.microsoft.com/fwlink/?LinkId=143001). - - - For Windows XP, see [Deployment Tools update for Windows XP](https://go.microsoft.com/fwlink/?LinkId=143000). - -3. Run **Setup Manager** (setupmgr.exe). - -4. Follow the Setup Manager wizard. - -After Sysprep is configured and the MED-V workspace is created, Sysprep must be executed. - -**To run Sysprep** - -1. From the Sysprep folder located in the root of the system drive, run the System Preparation Tool (Sysprep.exe). - -2. In the warning message box that appears, click **OK**. - -3. In the **Sysprep Properties** dialog box, select the **Don't reset grace period for activation** and **Use Mini-Setup** check boxes. - -4. Click **Reseal**. - -5. If you are not satisfied with the information listed in the confirmation message box that appears, click **Cancel** and change the selections. - -6. Click **OK** to complete the system preparation process. - -## Turning Off Microsoft Virtual PC - - -After all the components are installed and configured, close Microsoft Virtual PC and select **Turn Off**. - -## Related topics - - -Creating a MED-V Image -[How to Set Up Script Actions](how-to-set-up-script-actions.md) - - - - - - - - - diff --git a/mdop/medv-v1/define-the-project-scope.md b/mdop/medv-v1/define-the-project-scope.md deleted file mode 100644 index 2d628bd096..0000000000 --- a/mdop/medv-v1/define-the-project-scope.md +++ /dev/null @@ -1,65 +0,0 @@ ---- -title: Define the Project Scope -description: Define the Project Scope -author: dansimp -ms.assetid: 84637d2a-2e30-417d-b150-dc81f414b3a5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Define the Project Scope - - -When defining the project scope, determine the following: - -1. The MED-V end users—the location and number of end users are used in determining the location of MED-V client installations and the number of MED-V instances, as well as the number and placement of MED-V image repositories. - -2. The virtual machine (VM) images to be managed by MED-V—to determine the method of distributing images and placement of image repositories. - -3. The organization’s service level expectations—to determine the performance and fault-tolerance requirements for the MED-V server and database as well as the image repository. - -4. Validate with the business—ensure there is a complete understanding of how the planned infrastructure affects the business. - -## Define the MED-V End Users - - -First, determine where the end users are located, as well as the number of users in each location. Second, obtain a network infrastructure diagram that displays the user locations and the available bandwidth to those locations. Third, find out if users travel between locations. If users travel, additional capacity may be required in the design of the server infrastructure and image repositories. - -## Determine the MED-V Images to Be Managed by MED-V - - -After the MED-V end users have been defined, determine which VMs will be managed by MED-V for the users in each location. - -If any of the VMs are stored in a centralized library, determine the location of the library so that it may be evaluated for use as a MED-V repository. - -## Determine the Organization’s Service Level Expectations - - -For each MED-V workspace, note the acceptable time for a new image to load and the timeframe for critical updates to be deployed. - -If applicable, record the service level expectations for MED-V reporting, to be used in the design of the server infrastructure. - -## Validate with the Business - - -Ask business stakeholders and application owners the following questions: - -- Are there any existing images that can be combined? For example, if application A on Windows XP is one VPC image and application B on Windows XP is another VPC image, perhaps a single image can contain both applications, thereby reducing repository space and bandwidth required for image download. - -- Are the in-scope applications licensable and supportable if delivered in a VM by MED-V? Check with the application supplier to ensure that licensing and support terms will not be violated by delivering the application through MED-V. - -  - -  - - - - - diff --git a/mdop/medv-v1/deploying-a-med-v-workspace-using-a-deployment-package.md b/mdop/medv-v1/deploying-a-med-v-workspace-using-a-deployment-package.md deleted file mode 100644 index 52e0292edc..0000000000 --- a/mdop/medv-v1/deploying-a-med-v-workspace-using-a-deployment-package.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: Deploying a MED-V Workspace Using a Deployment Package -description: Deploying a MED-V Workspace Using a Deployment Package -author: dansimp -ms.assetid: e07fa70a-1a9f-486f-9a86-b33593b234da -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploying a MED-V Workspace Using a Deployment Package - - -The deployment package installation provides a method of installing MED-V client together with all its required prerequisites as well as any settings predefined by the administrator. - -When using a deployment package, the package is distributed via a shared network or removable media. The image can be included in the package or can be distributed separately. - -Before creating a deployment package, ensure that you have created a MED-V image ready for deployment. For more information on creating a MED-V image, see [Creating a MED-V Image](creating-a-med-v-image.md). - -After the MED-V image is prepared, consider the best method for distributing the image in your environment. The image can be distributed in one of the following ways: - -- Uploaded to the Web and distributed via Web download, optionally using Trim Transfer technology. - -- Distributed using image pre-staging. - -- Included in the deployment package and distributed together with all the other MED-V components. - -If the image will be included in the package, no other configurations are necessary for the image. If the image will not be included in the deployment package, do one of the following: - -- If you are deploying the image via the Web, upload the MED-V image to the image Web distribution server. For information on configuring an image Web distribution server, see [How to Configure the Image Web Distribution Server](how-to-configure-the-image-web-distribution-server.md). For information on uploading an image to the server, see [How to Upload a MED-V Image to the Server](how-to-upload-a-med-v-image-to-the-server.md). - -- If you are deploying the image via image pre-staging, configure the pre-stage folder, and push the MED-V image to the folder. For more information on configuring the image pre-staging, see [How to Configure Image Pre-staging](how-to-configure-image-pre-staging.md). - -**Note**   -If you are using image pre-staging, it is important to configure the image pre-stage folder prior to creating the deployment package. The folder path needs to be included in the deployment package. - - - -Finally, create the deployment package. For more information on creating a deployment package, see [How to Configure a Deployment Package](how-to-configure-a-deployment-package.md). After the package is complete, distribute it for deployment. - -After the deployment package is distributed, MED-V client can be installed and the image deployed. For more information on installing MED-V client, see [How to Install MED-V Client](how-to-install-med-v-clientdeployment-package.md). For more information on deploying the image, see [How to Deploy a Workspace Image](how-to-deploy-a-workspace-imagedeployment-package.md). - - - - - - - - - diff --git a/mdop/medv-v1/deploying-a-med-v-workspace-using-an-enterprise-software-distribution-system.md b/mdop/medv-v1/deploying-a-med-v-workspace-using-an-enterprise-software-distribution-system.md deleted file mode 100644 index 4167d9099f..0000000000 --- a/mdop/medv-v1/deploying-a-med-v-workspace-using-an-enterprise-software-distribution-system.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: Deploying a MED-V Workspace Using an Enterprise Software Distribution System -description: Deploying a MED-V Workspace Using an Enterprise Software Distribution System -author: dansimp -ms.assetid: 867faed6-74ce-4573-84be-8bf26e66c08c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploying a MED-V Workspace Using an Enterprise Software Distribution System - - -MED-V client can be distributed using an enterprise software distribution system, such as Microsoft System Center Configuration Manager. - -**Note**   -If MED-V is installed by using Microsoft System Center Configuration Manager, when creating a package for MED-V, set the run mode to administrative rights. - - - -Before deploying MED-V using an enterprise software distribution system, ensure that you have created a MED-V image ready for deployment. For more information on creating a MED-V image, see [Creating a MED-V Image](creating-a-med-v-image.md). - -After the MED-V image is prepared, consider the best method for distributing the image in your environment. The image can be distributed in one of the following ways: - -- Uploaded to the Web and distributed via Web download, optionally utilizing Trim Transfer technology. - -- Distributed using image pre-staging. - -## Deploying the Image via the Web - - -If you are deploying the image via the Web, upload the MED-V image to an image Web distribution server. For information on configuring an image Web distribution server, see [How to Configure the Image Web Distribution Server](how-to-configure-the-image-web-distribution-server.md). For information on uploading an image to the server, see [How to Upload a MED-V Image to the Server](how-to-upload-a-med-v-image-to-the-server.md). - -## Deploying the Image via Pre-staging - - -If you are deploying the image via image pre-staging, configure the pre-stage folder, and push the MED-V image to the folder. For more information on configuring image pre-staging, see [How to Configure Image Pre-staging](how-to-configure-image-pre-staging.md). - -**Note**   -If you are using image pre-staging, it is important to configure the image pre-stage folder prior to pushing the client .msi package. The folder path needs to be included in the client .msi package. - - - -Finally, push the client .msi package using your enterprise software distribution center. MED-V can then be installed and the image deployed. For more information on installing MED-V client, see [How to Install MED-V Client](how-to-install-med-v-clientesds.md). For more information on deploying the image, see [How to Deploy a Workspace Image](how-to-deploy-a-workspace-imageesds.md). - - - - - - - - - diff --git a/mdop/medv-v1/design-the-med-v-image-repositories.md b/mdop/medv-v1/design-the-med-v-image-repositories.md deleted file mode 100644 index 8302861536..0000000000 --- a/mdop/medv-v1/design-the-med-v-image-repositories.md +++ /dev/null @@ -1,96 +0,0 @@ ---- -title: Design the MED-V Image Repositories -description: Design the MED-V Image Repositories -author: dansimp -ms.assetid: e153154d-2751-4990-b94d-a2d76242c15f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Design the MED-V Image Repositories - - -After MED-V images are created and packed, they can be stored on a file server in any location. The files may be sent over HTTP or HTTPS by one or more IIS servers. The image repository can be shared by multiple MED-V instances. - -To design the image repositories, you must first decide how the images will be deployed to each client and then whether that client requires a local image repository. Each repository is then designed and placed, along with its accompanying IIS server. - -## Determine How Images Will Be Deployed - - -For each MED-V workspace, decide how you plan to deploy MED-V images to the client. This is important in determining how many repositories are necessary to store the packed images, where those repositories will be placed, and then to design those repositories. - -Packed images can be deployed in the following ways: - -- Downloaded over the network from an image distribution server, which comprises a file server and IIS server. - -- On removable media, such as a USB drive or DVD. - -- Pre-staged to an image store directory on the client computer using an enterprise software distribution center. - -Decide which method, or methods, will be used to deploy MED-V images to each of the clients and whether the location will require an image repository. - -## Determine the Number of Image Repositories - - -Now that you have determined the minimum number of repositories you need, add more if any of the following criteria apply: - -- Organizational or regulatory reasons to separate the MED-V images—some MED-V images may not be able to coexist in the same repository. For example, sensitive personal data may require storage on a server that is only available to a limited set of employees who need access to the data. - -- Clients in isolated networks—if images will be deployed over the network, determine whether any networks are isolated and require a separate repository. For example, organizations often isolate lab networks from production networks. - -- Clients in remote networks—if images will be deployed over the network, some client machines may be separated from the repository by network links that have insufficient bandwidth to provide an adequate experience when a client loads a MED-V workspace. If necessary, design additional MED-V instances to address this need. - -Add these repositories to the design. Decide on a name for each repository and the reason for designing it. Decide which MED-V images the repositories will hold and which MED-V clients will load MED-V workspaces with images from the repository. - -## Design and Place the Image Repositories - - -When a new image is available to clients, clients begin downloading the image, possibly simultaneously. This creates a high demand on the repository and must be taken into account when designing the image repository. - -For each repository, determine the amount of data it will store. Sum the sizes of images that will be stored in the repository. This is the value of the disk space required on the file server. - -Next, add up the number of clients that may download MED-V images from the repository. This is the maximum number of concurrent downloads that can occur when a new MED-V image is loaded into the repository. The file server must be designed with a disk subsystem that can meet the IO demands this will create. - -The image repository can reside on the same system as the MED-V server and the server running SQL Server, or on a remote file share. You can also run it in a Windows Server 2008 Hyper-V VM. Check the network location of the clients that the image repository will service, and place the repository in a network location where it will have sufficient bandwidth to meet the service level expectations of those clients. - -### Fault Tolerance - -If the image repository is unavailable, clients will not be able to download new or updated MED-V images. To design fault-tolerance options for the file server and fault-tolerant disks, see the [Infrastructure Planning and Design Microsoft SQL Server 2008](https://go.microsoft.com/fwlink/?LinkId=163302) guide. - -## Design and Place the IIS Servers - - -This section is only relevant if clients will download image files over the network using HTTP or HTTPS. - -The IIS server can coexist on the same system as the MED-V server and the server running SQL Server. It can also run in a Windows Server 2008 Hyper-V VM. The IIS server infrastructure must have sufficient throughput to deliver images to clients within the service level expectations of the organization. It must be designed with a disk subsystem that can meet the IO demands this creates. - -For each image repository, sum the number of clients that may download MED-V images using IIS. This is the maximum number of concurrent downloads that can occur when an image is loaded into the repository. Use the throughput sum and the service level expectations determined in [Define the Project Scope](define-the-project-scope.md) to plan the design of the IIS server infrastructure and to determine the appropriate amount of bandwidth to allocate for the repository. - -To design the IIS infrastructure, see the [Infrastructure Planning and Design Microsoft Internet Information Services](https://go.microsoft.com/fwlink/?LinkId=160826) guide. - -### Fault Tolerance - -If the IIS server infrastructure is unavailable, clients will not be able to download new or updated images. To configure fault tolerance, the Windows Server 2008-based IIS server can be placed in a failover cluster. To design the fault tolerance for the IIS server infrastructure, see the [Infrastructure Planning and Design Microsoft Internet Information Services](https://go.microsoft.com/fwlink/?LinkId=160826) guide. - -## Related topics - - -[Deploying a MED-V Workspace Using an Enterprise Software Distribution System](deploying-a-med-v-workspace-using-an-enterprise-software-distribution-system.md) - -[Deploying a MED-V Workspace Using a Deployment Package](deploying-a-med-v-workspace-using-a-deployment-package.md) - -  - -  - - - - - diff --git a/mdop/medv-v1/design-the-med-v-server-infrastructure.md b/mdop/medv-v1/design-the-med-v-server-infrastructure.md deleted file mode 100644 index 40536204ff..0000000000 --- a/mdop/medv-v1/design-the-med-v-server-infrastructure.md +++ /dev/null @@ -1,111 +0,0 @@ ---- -title: Design the MED-V Server Infrastructure -description: Design the MED-V Server Infrastructure -author: dansimp -ms.assetid: 2781040f-880e-4e16-945d-a38c0adb4151 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Design the MED-V Server Infrastructure - - -In this topic, you will design the server infrastructure for each MED-V instance. This includes determining whether the SQL Server instance will exist on the MED-V server or on a remote server, as well as the size of the SQL Server database. You will also determine the location of the management console. - -## Design and Place the Server for Each MED-V Instance - - -The MED-V server implements policies and stores state and history data about its clients. - -### Form Factor - -MED-V recommends using a 2.8-GHz dual core CPU server with 2 GB of RAM. This recommendation is based on the assumption that the MED-V server will run on a dedicated machine and that SQL Server and the MED-V management console will run on separate machines. - -Given this workload, the MED-V server should be relatively lightly loaded. In the absence of specific architectural guidance on the server form factor, design the server using the MED-V recommendation, with memory that matches the organization’s standard form factor. The MED-V server can be run on a virtual machine (VM) on Windows Server 2008 Hyper-V. If a VM will be used, ensure that it has access to CPU and memory resources equivalent to those specified for a physical machine. - -The disk capacity the MED-V server requires must be sufficient to store the MED-V workspace configuration files. A MED-V workspace can only use one VM, and one policy, for one or more users. Therefore, the number of MED-V workspaces that must be stored depends on the degree to which different policies are required for different users of the same VM, as well as the number of VMs that will be used. The MED-V workspace XML files are around 30 KB in size for a typical MED-V workspace. To determine the required disk capacity, multiply 30 KB by the number of MED-V workspaces that the MED-V server will store. - -The MED-V server’s most important network connections are the links to its clients, therefore place the server in a network location that provides the most available bandwidth and the most robust links to its clients. - -### Fault Tolerance - -There can only be one active MED-V server in a MED-V instance, and MED-V does not include standard capabilities to place the server in a Microsoft Cluster Server (MSCS) cluster to provide fault tolerance. A passive backup server can be manually configured. - -To decide whether a passive backup server should be manually configured for the MED-V instance, determine whether users will be permitted to use the MED-V images in offline mode. For information on offline mode, see [How to Configure a Domain User or Group](how-to-configure-a-domain-user-or-groupmedvv2.md). If users are not allowed to work offline, they will be unable to continue working in the event of a MED-V server failure, even if the MED-V workspace has already been started on the client. If offline work is permitted, for each MED-V workspace, determine how long the client is allowed to work offline before it must authenticate. This is the maximum amount of time that the server can be unavailable. - -## Design and Place the SQL Server Database - - -The MED-V server uses the SQL Server database to store client status and events. You can install the SQL Server database on the same machine as the MED-V server or you can place it on a separate server running SQL Server, which can optionally be remote. You can share the database with other MED-V instances, in which case events and alerts from those instances will be stored in the same database, and reports will include events from all instances. You can install the database in an existing SQL Server instance, and the databases of other MED-V servers can reside in that same instance. - -If you place the database server in a location that is remote from the MED-V server, across networks links that do not have sufficient bandwidth available, reports may be slow to load in the console and may not display the latest data from clients. Refer to the organization service level expectations that you determined in [Define the Project Scope](define-the-project-scope.md) and use that information to decide where to place the SQL Server database. - -### Form Factor - -If you will run SQL Server on the same server as MED-V, and if SQL Server will only be used to store data for that server, start with the MED-V recommendation and add resources for the SQL Server load. If SQL Server will store events and alerts from more than one MED-V instance, for information on how to scale up the server form factor, see the [Infrastructure Planning and Design Microsoft SQL Server 2008](https://go.microsoft.com/fwlink/?LinkId=163302) guide (http:// go.microsoft.com/fwlink/?LinkId=163302). - -The size of the database depends on the number of client events that the database will store. Events are created by normal operation of the client, such as when a MED-V workspace is started, or when there is an error in the MED-V workspace. The default interval at which the client sends events is 1 minute. - -To estimate the size of the database, determine the following: - -- Number of clients in the MED-V instance. The maximum is 5,000. - -- Typical event arrival rate. This rate depends on client usage behavior but is approximately 15 to 20 events per day per client. - -- Event size. The size is typically around 200 bytes. - -- Storage amount. The number of days for which events will be stored. - -Multiply these values together to calculate the size of the required data storage in bytes, and then add a safety factor to account for the following: - -- Errors, which could create a large number of events from a client in a short period of time. - -- Database table and organizational space. - -To approximate the infrastructure optimization per second (IOPs) requirement, use the above values, multiplying the typical event arrival rate by the number of clients in the instance. This yields the number of records that can be written per day. Divide that number by 86,400 to derive the number of records written per second. If a write operations can be equated with a single infrastructure optimization (IO) operation, this number is the write IOPs required. Add a buffer to that for reporting activity. This is difficult to determine but depends on the number of consoles in use with the instance and the frequency with which they are used to generate reports. - -### Fault Tolerance - -When MED-V client is running, if the server is unavailable, events will be backed up on the client and reports will be unavailable in the management console. Refer to the organization’s service level expectations determined in [Define the Project Scope](define-the-project-scope.md) to decide whether the design of a fault-tolerant SQL Server infrastructure is necessary. - -MED-V does not provide support for running SQL Server in an MSCS cluster. In order to provide warm standby and to avoid data loss in the event of a failure, you can place SQL Server in a log shipping configuration. For information on log shipping, see the [Infrastructure Planning and Design Microsoft SQL Server 2008](https://go.microsoft.com/fwlink/?LinkId=163302) guide (https://go.microsoft.com/fwlink/?LinkId=163302). - -## Design the Management Console - - -Part of the functionality of the MED-V management console is to test VMs before they are packed for distribution to MED-V clients. Therefore, the management console should be designed with a form factor that resembles, as closely as possible, the form factor of a typical MED-V client machine. - -The management console application is installed together with the MED-V client and uses Microsoft Virtual PC 2007 SP1 with the hotfix that is described in Microsoft Knowledge Base article 974918. A client operating system must be used; the MED-V management console cannot run on the same system as the MED-V server. - -You cannot share a management console with multiple MED-V server instances. The address of the MED-V server is specified during the installation of the management console’s MED-V client; this can be changed after installation, but at any time the management console can only work with a single MED-V server. - -You can use multiple management consoles with a single MED-V server. To avoid conflicts, a mechanism is available that notifies other console users when one console has made changes to a MED-V workspace. - -For each MED-V instance, determine how many management consoles will be needed and where they will be placed. Select a typical MED-V client form factor to be used for the management console. - -## Related topics - - -[MED-V 1.0 SP1 Supported Configurations](med-v-10-sp1-supported-configurationsmedv-10-sp1.md) - -[Configuring MED-V Server for Cluster Mode](configuring-med-v-server-for-cluster-mode.md) - -[How to Install MED-V Client and MED-V Management Console](how-to-install-med-v-client-and-med-v-management-console.md) - -[Using the MED-V Management Console User Interface](using-the-med-v-management-console-user-interface.md) - -  - -  - - - - - diff --git a/mdop/medv-v1/examples-of-virtual-machine-configurationsv2.md b/mdop/medv-v1/examples-of-virtual-machine-configurationsv2.md deleted file mode 100644 index 5165183f3c..0000000000 --- a/mdop/medv-v1/examples-of-virtual-machine-configurationsv2.md +++ /dev/null @@ -1,75 +0,0 @@ ---- -title: Examples of Virtual Machine Configurations -description: Examples of Virtual Machine Configurations -author: dansimp -ms.assetid: 5937601e-41ab-4ca2-8fa1-3c9154710cd6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Examples of Virtual Machine Configurations - - -The following are examples of typical virtual machine configurations: one in a persistent MED-V workspace and one in a revertible MED-V workspace. - -**Note**   -These examples are not intended for use in all environments. Adjust the configuration according to your environment. - - - -**To configure a typical domain setup in a persistent MED-V workspace** - -1. Configure Sysprep on the base image to create a unique SID. For more information, see [Creating a Virtual PC Image for MED-V](creating-a-virtual-pc-image-for-med-v.md#bkmk-howtoconfiguresysprepformedvimages). - -2. On the **VM Setup** tab, select the **Run VM Setup** check box. - -3. In the **VM Computer Name Pattern** section, configure the pattern for the machine image name. For more information, see [How to Configure VM Computer Name Pattern Properties](how-to-configure-vm-computer-name-pattern-propertiesmedvv2.md). - -4. Click **Script Editor**, and in the **VM Setup Script Editor** dialog box, configure the following actions: - - 1. **Rename Computer** - - 2. **Restart Windows** - - 3. **Check Connectivity** - - 4. **Join Domain** - - 5. **Disable Auto-Logon** - - For more information, see [How to Set Up Script Actions](how-to-set-up-script-actions.md). - -5. On the **Policy** menu, click **Commit**. - -**To configure a typical setup in a revertible workspace** - -1. On the **VM Setup** tab, select the **Rename the VM based on the computer name pattern** check box. - -2. In the **VM Computer Name Pattern** section, configure the pattern for the machine image name. For more information, see [How to Configure VM Computer Name Pattern Properties](how-to-configure-vm-computer-name-pattern-propertiesmedvv2.md). - -3. On the **Policy** menu, click **Commit**. - -## Related topics - - -[How to Configure the Virtual Machine Setup for a MED-V Workspace](how-to-configure-the-virtual-machine-setup-for-a-med-v-workspacemedvv2.md) - -[How to Configure VM Computer Name Pattern Properties](how-to-configure-vm-computer-name-pattern-propertiesmedvv2.md) - -[How to Set Up Script Actions](how-to-set-up-script-actions.md) - - - - - - - - - diff --git a/mdop/medv-v1/getting-started-with-med-v.md b/mdop/medv-v1/getting-started-with-med-v.md deleted file mode 100644 index 969a8b0a46..0000000000 --- a/mdop/medv-v1/getting-started-with-med-v.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: Getting Started with MED-V -description: Getting Started with MED-V -author: dansimp -ms.assetid: 5832cdb3-3892-4048-b29d-7644e75117f0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Getting Started with MED-V - - -This section provides general information for administrators using Microsoft Enterprise Desktop Virtualization (MED-V) 1.0 and MED-V 1.0 SP1. - -## In This Section - - -[Overview of MED-V](overview-of-med-v.md) - -[High-Level Architecture](high-level-architecturemedv.md) - -[Key Scenarios for Using MED-V](key-scenarios-for-using-med-v.md) - -[About MED-V 1.0](about-med-v-10.md) - -[About MED-V 1.0 SP1](about-med-v-10-sp1.md) - -  - -  - - - - - diff --git a/mdop/medv-v1/high-level-architecturemedv.md b/mdop/medv-v1/high-level-architecturemedv.md deleted file mode 100644 index 7badb94bbd..0000000000 --- a/mdop/medv-v1/high-level-architecturemedv.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: High-Level Architecture -description: High-Level Architecture -author: dansimp -ms.assetid: a78e12ad-5aa6-40e0-ae8b-51acaf005712 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# High-Level Architecture - - -The MED-V solution comprises the following elements: - -- **Administrator-defined virtual machine**—Encapsulates a full desktop environment, including an operating system, applications, and optional management and security tools. - -- **Image repository**—Stores all virtual images on a standard IIS server and enables virtual images version management, client-authenticated image retrieval, and efficient download (of a new image or updates) via Trim Transfer technology. - -- **Management server**—Associates virtual images from the image repository along with administrator usage policies to Active Directory® users or groups. The management server also aggregates clients' events and stores them in an external database (Microsoft SQL Server®) for monitoring and reporting purposes. - -- **Management console**—Enables administrators to control the management server and the image repository. - -- **End-user client** - - 1. Virtual image life-cycle—Authentication, image retrieval, enforcement of usage policies. - - 2. Virtual machine session management—Start, stop, lock the virtual machine. - - 3. Single desktop experience—Applications installed in the virtual machine seamlessly available through the standard desktop Start menu and integrated with other applications on the user desktop. - -All communication between the client and the servers (management server and image repository) is carried on top of a standard HTTP or HTTPS channel. - -![](images/506f54d0-38fa-446a-8070-17ae26da5355.gif) - -  - -  - - - - - diff --git a/mdop/medv-v1/how-to-apply-general-settings-to-a-med-v-workspace.md b/mdop/medv-v1/how-to-apply-general-settings-to-a-med-v-workspace.md deleted file mode 100644 index 5d9bdb7412..0000000000 --- a/mdop/medv-v1/how-to-apply-general-settings-to-a-med-v-workspace.md +++ /dev/null @@ -1,108 +0,0 @@ ---- -title: How to Apply General Settings to a MED-V Workspace -description: How to Apply General Settings to a MED-V Workspace -author: dansimp -ms.assetid: 6152dced-e301-4fa2-bfa0-aecf3c23f23a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Apply General Settings to a MED-V Workspace - - -The general settings enable you to configure the basic user experience when working with a MED-V workspace, by defining whether the MED-V workspace will appear in seamless integration or full desktop mode. Seamless integration includes legacy applications in the host desktop so that they appear as if they are installed directly on the host. Full desktop presents the desktop of the MED-V workspace operating system in a separate window on the host. - -All general settings are configured in the **Policy** module, on the **General** tab. - -**To apply general settings to a MED-V workspace** - -1. Click the MED-V workspace to configure. - -2. Configure the general properties as described in the following table. - -3. On the **Policy** menu, select **Commit**. - -**General Workspace Properties** - -Property -Description -*Workspace Properties* - -Name - -The name of the MED-V workspace. - -**Warning**   -Do not rename an existing MED-V workspace while it is running on a client computer. - - - -Description - -Description of the MED-V workspace, which can include the content or status of the MED-V workspace and any other useful information. - -**Note**   -The description is for administrator use and has no impact on the policy. - - - -Support contact info - -The contact information for technical support. The information entered will be displayed in the support contact information screen that can be accessed from the MED-V client notification area. - -*Workspace UI* - -Seamless Integration - -Select this option for the MED-V workspace windows, taskbar, and notification area icons to integrate seamlessly into the host desktop. - -Draw a frame around each workspace window - -When using seamless integration, select this option to create a colored border around all applications running within the MED-V workspace and a colored background for all taskbar button icons. In the **Frame color** field, select the color. - -Full Desktop - -Select this option to display the MED-V workspace as the entire desktop, without integrating with the host. - -*Host Verification* - -Command line - -Type a command line to run on the host before starting the MED-V workspace. - -Do not start the Workspace if the verification fails (exit code is not '0') - -Select this check box if you are using a command line and want to start the MED-V workspace only if the script is completed successfully. - - - -A command line can be run on the host prior to starting the MED-V workspace. - -**To run a command line before starting a MED-V workspace** - -1. In the **Command line** field, enter a command line. - -2. To start the MED-V workspace only if the command line was successful, select the **Do not start the workspace if the verification fails** check box. - -## Related topics - - -[Using the MED-V Management Console User Interface](using-the-med-v-management-console-user-interface.md) - -[Creating a MED-V Workspace](creating-a-med-v-workspacemedv-10-sp1.md) - - - - - - - - - diff --git a/mdop/medv-v1/how-to-apply-network-settings-to-a-med-v-workspace.md b/mdop/medv-v1/how-to-apply-network-settings-to-a-med-v-workspace.md deleted file mode 100644 index 4846278e8e..0000000000 --- a/mdop/medv-v1/how-to-apply-network-settings-to-a-med-v-workspace.md +++ /dev/null @@ -1,90 +0,0 @@ ---- -title: How to Apply Network Settings to a MED-V Workspace -description: How to Apply Network Settings to a MED-V Workspace -author: dansimp -ms.assetid: 641f46b3-a56f-478a-823b-1d90aa1716b3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Apply Network Settings to a MED-V Workspace - - -Administrators can define the network settings for each MED-V workspace. - -All network settings are configured in the **Policy** module, on the **Network** tab. - -**To apply network settings to a MED-V workspace** - -1. Click the MED-V workspace to configure. - -2. In the **Network** pane, configure the settings as described in the following table. - -3. On the **Policy** menu, select **Commit**. - -**MED-V Workspace Network Properties** - - ---- - - - - - - - - - - - - - - - - - - - - -
PropertyDescription

TCP/IP Properties

    -

  • Use host's IP address (NAT)—The workspace will use NAT to share the host's IP for outgoing traffic.

    • -

  • Use different IP address than host (Bridge)—The MED-V workspace will have its own network address, usually obtained via DHCP.

    • -
-

Select the Map multiple adapters into Workspace check box when the host computer has multiple adapters. It is recommended to use this configuration when the host moves between different networks using different adapters.

DNS Server

    -

  • Don't change—DNS settings that are set within the MED-V workspace virtual machine will not be changed.

    • -

  • Use Host's DNS address—MED-V workspace DNS settings will be synchronized to match the host's settings. The DNS synchronization is dynamic. It is synchronized periodically with the host so that if it is changed on the host, it will change dynamically in the MED-V workspace.

    • -

  • Use specific DNS addresses—The MED-V workspace will use a specific DNS, as specified.

    -

    In the Primary and Secondary fields, enter the primary and secondary DNS addresses.

    -

    Select the Append Host's DNS addresses check box to append the host to the configured DNS addresses.

    • -

Assign DNS Suffixes

    -

  • Assign the following suffixes—Select this check box to assign specific DNS suffixes; in the box, enter a suffix or multiple suffixes separated by commas.

    • -

  • Append host suffixes—Select this check box to append the host suffixes to the DNS address.

    • -
- -  - -## Related topics - - -[Creating a MED-V Workspace](creating-a-med-v-workspacemedv-10-sp1.md) - -[Using the MED-V Management Console User Interface](using-the-med-v-management-console-user-interface.md) - -  - -  - - - - - diff --git a/mdop/medv-v1/how-to-apply-performance-settings-to-a-med-v-workspace.md b/mdop/medv-v1/how-to-apply-performance-settings-to-a-med-v-workspace.md deleted file mode 100644 index bb5b64f7e8..0000000000 --- a/mdop/medv-v1/how-to-apply-performance-settings-to-a-med-v-workspace.md +++ /dev/null @@ -1,75 +0,0 @@ ---- -title: How to Apply Performance Settings to a MED-V Workspace -description: How to Apply Performance Settings to a MED-V Workspace -author: dansimp -ms.assetid: e0fed1e1-6e8f-4d65-ab83-b950a17661c0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Apply Performance Settings to a MED-V Workspace - - -The following performance setting can be defined for each MED-V workspace: - -VM memory allocation - -Performance settings are configured in the **Policy** module, on the **Performance** tab. - -**To apply performance settings to a MED-V workspace** - -1. Click the MED-V workspace to configure. - -2. In the **Performance** pane, configure the settings as described in the following table. - -3. On the **Policy** menu, select **Commit**. - -**Performance Settings Properties** - - ---- - - - - - - - - - - - - -
PropertyDescription

Adjust VM memory, based on amount of the Host machine's physical memory

Select this check box, and configure the following virtual machine properties in the table:

-
    -

  • Host Memory—Define the common host RAM configuration in your organization based on any numbers of groups to configure.

    • -

  • VM Memory—Enter the amount of host memory to allocate to the virtual machine.

    • -
- -  - -## Related topics - - -[Creating a MED-V Workspace](creating-a-med-v-workspacemedv-10-sp1.md) - -[Using the MED-V Management Console User Interface](using-the-med-v-management-console-user-interface.md) - -  - -  - - - - - diff --git a/mdop/medv-v1/how-to-apply-virtual-machine-settings-to-a-med-v-workspace.md b/mdop/medv-v1/how-to-apply-virtual-machine-settings-to-a-med-v-workspace.md deleted file mode 100644 index 197b944570..0000000000 --- a/mdop/medv-v1/how-to-apply-virtual-machine-settings-to-a-med-v-workspace.md +++ /dev/null @@ -1,157 +0,0 @@ ---- -title: How to Apply Virtual Machine Settings to a MED-V Workspace -description: How to Apply Virtual Machine Settings to a MED-V Workspace -author: dansimp -ms.assetid: b50d0dfb-8d61-4543-9607-a29bbb1ed45f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Apply Virtual Machine Settings to a MED-V Workspace - - -Every MED-V workspace must have a Microsoft Virtual PC image associated with it. The virtual machine settings enable you to assign a Virtual PC image as well as set other virtual machine properties. - -All virtual machine settings are configured in the **Policy** module, on the **Virtual Machine Settings** tab. - -**To apply virtual machine settings to a MED-V workspace** - -1. Click the MED-V workspace to configure. - -2. Configure the virtual machine properties as described in the following table. - -3. On the **Policy** menu, select **Commit**. - -**Virtual Machine Properties** - -Property -Description -*Virtual Machine Settings* - -Assigned Image - -The actual Microsoft Virtual PC image assigned to the MED-V workspace. The menu provides a list of all available Virtual PC images. The following image types are in the **Active** image list: - -- **Local test images**—Images on the local computer that are not yet packed. These image names are followed by the word “test” in parentheses (test) and are for testing purposes only. - -- **Local packed images**—Packed images on the local computer. These images are followed by the word “local” in parentheses (local) and cannot be downloaded by clients until the administrator uploads them to the server. - - A local image can be selected if you are creating a package that will be distributed to the client via removable media (such as USB or DVD). - -- **Packed images on server**—Images that are on the server and are available for download by clients. Click Refresh to refresh the images list. - - **Note**   - Each MED-V workspace image can only be used by one Windows user. - - - -Workspace is persistent - -Select this check box to configure the MED-V workspace as persistent. In a persistent MED-V workspace, when the MED-V workspace is stopped, changes and additions to the MED-V workspace are saved in the MED-V workspace. - -For a Domain MED-V workspace, this option must be selected. - -**Note**   -This setting should not be changed after a MED-V workspace is deployed to users. - - - -Shut down the VM when stopping the Workspace - -Select this check box to shut down the virtual machine when stopping the MED-V workspace. If this check box is cleared, at the completion of each session, the virtual machine is not shut down but instead takes a snapshot of the virtual machine. Upon the initiation of a new session, Windows starts from the snapshot (that is, Windows does not restart and no login is required). - -**Note**   -This property is enabled only if **Workspace is persistent** is selected. - - - -Logon to Windows in VM using MED-V credentials (SSO) - -Select this check box to log in to Windows on the virtual machine by using the MED-V credentials entered when logging in to MED-V client. - -**Note**   -This property is enabled only when **Workspace is persistent** is selected. - - - -Workspace is revertible - -Select this check box to configure the MED-V workspace as revertible. In a revertible MED-V workspace, at the completion of each session (that is, when the user stops the MED-V workspace), the MED-V workspace reverts to the original state it was in during deployment. No changes or additions that the user made are saved on the MED-V workspace between sessions. - -**Note**   -This setting should not be changed after a MED-V workspace is deployed to users. - - - -Synchronize Workspace time zone with host - -Select this check box to synchronize the time zone in the MED-V workspace with the host. - -The synchronization works differently depending on whether the MED-V workspace is persistent or revertible, as follows: - -- In a persistent MED-V workspace, the time zone first tries to synchronize with the server. If that fails, it synchronizes with the host. - -- In a revertible MED-V workspace, the time zone synchronizes with the host. - -*Lock Settings* - -Lock the Workspace on host standby/hibernate event - -Select this check box to automatically lock the MED-V workspace when the host computer goes into standby or hibernate. - -Lock the Workspace after - -Select this check box to lock the MED-V workspace when the MED-V workspace is idle for a specified period of time. When selected, the number box is enabled. Enter the number of minutes of idle time before locking the MED-V workspace. - -**Note**   -The idle time refers to the MED-V workspace applications (not the host applications). - - - -*Image Update Settings* - -Keep only - -Select this check box to limit the number of old image versions to keep. - -When selected, the number box is enabled. Enter the number of old versions to keep. - -Suggest update when a new version is available - -Select this check box to suggest (but not force) an update when a new version of the image is available. - -Clients should use Trim Transfer when downloading images for this Workspace - -Select this check box to enable Trim Transfer (for more information, see [MED-V Trim Transfer Technology](med-v-trim-transfer-technology-medvv2.md)) when downloading images associated with this MED-V workspace. If this check box is cleared, the full image will be downloaded. - -**Note**   -Trim Transfer requires indexing the hard drive, which might take a considerable amount of time. It is recommended to use Trim Transfer when indexing the hard drive is more efficient than downloading the new image version, such as when downloading an image version that is similar to the existing version. - - - - - -## Related topics - - -[Creating a MED-V Image](creating-a-med-v-image.md) - -[Using the MED-V Management Console User Interface](using-the-med-v-management-console-user-interface.md) - -[Creating a MED-V Workspace](creating-a-med-v-workspacemedv-10-sp1.md) - - - - - - - - - diff --git a/mdop/medv-v1/how-to-back-up-and-restore-a-med-v-server.md b/mdop/medv-v1/how-to-back-up-and-restore-a-med-v-server.md deleted file mode 100644 index 3a7c44c436..0000000000 --- a/mdop/medv-v1/how-to-back-up-and-restore-a-med-v-server.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: How to Back Up and Restore a MED-V Server -description: How to Back Up and Restore a MED-V Server -author: dansimp -ms.assetid: 8d05e3a4-279b-4ce6-a319-8a09e7a30c60 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Back Up and Restore a MED-V Server - - -XML files located on the server can be backed up and then restored in case of loss of data on the server. - -**To back up a MED-V server** - -- Back up the following files, located in *<InstallDir>\\Servers\\ConfigurationServer*: - - **Note**   - If the configuration has been changed from the default, the files might be stored in a different location. - - - - - ClientPolicy.xml - - - ClientSettings.xml - - - ConfigurationFiles.xml - - - OrganizationPolicy.xml - - - WorkspaceKeys.xml - - **Note**   - The ServerSettings.xml file can be backed up as well. However, if a specific configuration has been changed (for example, on the original server, the MED-V VMS directory is located in "*C:\\Vms*" and such a directory does not exist on the new server), it can cause an error. - - - -**To restore a MED-V server** - -1. Install a new MED-V server. - -2. Copy the backup files to the following directory: - - *<InstallDir>\\Servers\\ConfigurationServer* - -3. Restart the MED-V service. - - - - - - - - - diff --git a/mdop/medv-v1/how-to-configure-a-deployment-package.md b/mdop/medv-v1/how-to-configure-a-deployment-package.md deleted file mode 100644 index 6d2a5b4f31..0000000000 --- a/mdop/medv-v1/how-to-configure-a-deployment-package.md +++ /dev/null @@ -1,162 +0,0 @@ ---- -title: How to Configure a Deployment Package -description: How to Configure a Deployment Package -author: dansimp -ms.assetid: 748272a1-6af2-476e-a3f1-87435b8e94b1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure a Deployment Package - - -The Packaging wizard walks you through the creation of a package by creating a folder on your local computer and transferring all the required installation files to the single folder. The contents of the folder can then be moved to multiple removable media drives for distribution. - -**Note** -A single package cannot contain installation files for both x86 and x64 systems. - - - -## How to Create a Deployment Package - - -**To create a deployment package** - -1. Verify in the **Images** module that you have created at least one local packed image. - -2. On the **Tools** menu, select **Packaging wizard**. - -3. On the **Packaging wizard** welcome page, click **Next**. - -4. On the **Workspace Image** page, select the **Include image in the package** check box to include an image in the package. - - The **Image** field is enabled. - - **Note** - An image is not required in a MED-V package; the package can be created without an image. In such a case, the image should be uploaded to the server so that it can later be downloaded over the network to the client, or pushed to an image pre-stage folder. - - - -5. Click the **Image** list to view all available images. Select the image to be copied to the package. Click **Refresh** to refresh the list of available images. - -6. Click **Next**. - -7. On the **MED-V Installation Settings** page, select the MED-V installation file by doing one of the following: - - - In the **MED-V installation file** field, type the full path to the directory where the installation file is located. - - - Click **...** to browse to the directory where the installation file is located. - - **Note** - This field is mandatory, and the wizard will not continue without a valid file name. - - - -8. In the **Server address** field, type the server name or IP address. - -9. In the **Server port** field, type the server port. - -10. Select the **Server is accessed using https** check box to require an https connection to connect to the server. - -11. Do one of the following: - - - Click **Default installation settings**, and then click **Next** to continue and leave the default settings. - - - Click **Custom installation settings**, and then click **Next** to customize the installation settings. - - 1. On the **MED-V Installation Custom Settings** page, in the **Installation folder** field, type the path of the folder where the MED-V files will be installed on the host computer. - - **Note** - It is recommended to use variables in the path rather than constants, which might vary from computer to computer. - - For example, use *%ProgramFiles%\\MED-V* instead of *c:\\MED-V*. - - - - ~~~ - 2. In the **Virtual machines images folder** field, type the path of the folder where the virtual images files will be installed on the host computer. - - **Note** - If you are using image pre-staging, this is the image pre-stage folder where the image is located. - - - - 3. In the **Minimal required RAM** field, enter the RAM required to install a MED-V package. If the user installing the MED-V package does not have the minimal required RAM, the installation will fail. - - 4. Select the **Install the MED-V management application** check box to include the MED-V management console application in the installation. - - 5. Select the **Create a shortcut to MED-V on the desktop** check box to create a shortcut to MED-V on the host's desktop. - - 6. Select the **Start automatically on computer startup** check box to start MED-V automatically on startup. - - 7. Click **Next**. - ~~~ - -12. On the **Additional Installations** page, select the **Include installation of virtualization software** check box to include the Virtual PC installation in the package. - - The **Installation file** field is enabled. Type the full path of the virtualization software installation file, or click **...** to browse to the directory. - -13. Select the **Include installation of Virtual PC QFE** check box to include Virtual PC update installation in the package. - - The **Installation file** field is enabled. Type the full path of the Virtual PC update installation file, or click **...** to browse to the directory. - -14. Select the **Include installation of Microsoft .NET Framework 2.0** check box to include the Microsoft .NET Framework 2.0 installation in the package. - - The **Installation file** field is enabled. Type the full path of the Microsoft .NET Framework 2.0 installation file, or click **...** to browse to the directory. - -15. Click **Next**. - -16. On the **Finalize** page, select the location where the package should be saved by doing one of the following: - - - In the **Package destination** field, type the full path to the directory where the package should be saved. - - - Click **...** to browse to the directory where the installation files should be saved. - - **Note** - Building the package might consume more space than the actual package size. It is therefore recommended to build the package on the hard drive. After the package is created, it can then be copied to the USB. - - - -17. In the **Package name** field, enter a name for the package. - -18. Click **Finish** to create the package. - - The package is created. This might take several minutes. - - After the package is created, a message appears notifying you that it has been completed successfully. - -**Note** -If you saved all the files locally, and not directly on the removable media, ensure that you copy only the contents of the folder and not the folder itself to the removable media. - - - -**Note** -The removable media must be large enough so that the package contents consume a maximum of only three-quarters of the removable media's memory. - - - -**Note** -When creating the package, up to double the size of the actual package size might be required when the build is complete. - - - -## Related topics - - -[Creating a MED-V Image](creating-a-med-v-image.md) - - - - - - - - - diff --git a/mdop/medv-v1/how-to-configure-a-domain-user-or-groupmedvv2.md b/mdop/medv-v1/how-to-configure-a-domain-user-or-groupmedvv2.md deleted file mode 100644 index 7669269fc7..0000000000 --- a/mdop/medv-v1/how-to-configure-a-domain-user-or-groupmedvv2.md +++ /dev/null @@ -1,174 +0,0 @@ ---- -title: How to Configure a Domain User or Group -description: How to Configure a Domain User or Group -author: dansimp -ms.assetid: 055aba81-a9c9-4b98-969d-775e603becf3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure a Domain User or Group - - -The deployment settings enable you to control which users or groups can access the MED-V workspace, as well as how long the MED-V workspace can be utilized and whether it can be used offline. You can also configure additional rules to control access between the MED-V workspace and the host. - -All MED-V workspace permissions are configured in the **Policy** module, on the **Deployment** tab. - -To allow users to utilize the MED-V workspace, you must first add domain users or groups to the MED-V workspace permissions. You can then set permissions for each user or group. - -## How to Add a Domain User or Group - - -**To add a domain user or group** - -1. In the **Users / Groups** window, click **Add.** - -2. In the **Enter User or Group names** dialog box, select domain users or groups by doing one of the following: - - - In the **Enter User or Group names** field, type a user or group that exists in the domain or as a local user or group on the computer. Then click **Check Names** to resolve it to the full existent name. - - - Click **Find** to open the standard **Select Users or Groups** dialog box. Then select domain users or groups. - -3. Click **OK**. - - The domain users or groups are added. - - **Note** - Users from trusted domains should be added manually. - - - -~~~ -**Warning** -Do not run the management application from a computer that is part of a domain that is not trusted by the domain the server is installed on. -~~~ - - - -## How to Remove a Domain User or Group - - -**To remove a domain user or group** - -1. In the **Users / Groups** window, select a user or group. - -2. Click **Remove**. - - The user or group is deleted. - -## How to Set Permissions for a User or a Group - - -**To set permissions for a user or a group** - -1. Click the user or group for which you are setting the permissions. - -2. Configure the MED-V workspace properties as described in the following table. - -3. On the **Policy** menu, select **Commit**. - -**Workspace Deployment Properties** - -Property -Description -*General* - -Enable Workspace for <user or group> - -Select this check box to enable the MED-V workspace for this user or group. - -Workspace expires on this date - -Select this check box to assign an expiration date for the permissions set for this user or group. - -When selected, the date box is enabled. Set the date, and permissions will expire at the end of the date specified. - -Offline work is restricted to - -Select this check box to assign a time period in which the policy must be refreshed for this user or group. When selected, the time period box is enabled. Set the number of days or hours, and at the end of the specified time period, the user or group will not be able to connect if the policy is not refreshed. - -Workspace deletion options - -Click to set the MED-V workspace deletion options. For more information, see [How to Set MED-V Workspace Deletion Options](how-to-set-med-v-workspace-deletion-options.md). - -*Data Transfer* - -Support clipboard between host and Workspace - -Select this check box to enable copying and pasting between the host and the MED-V workspace. - -Support file transfer between the host and Workspace - -Select this check box to enable transferring files between the host and MED-V workspace. Select one of the following options from the **File Transfer** box: - -- **Both**—Enable transferring files between the host and the MED-V workspace. - -- **Host to Workspace**—Enable transferring files from the host to the MED-V workspace. - -- **Workspace to Host**—Enable transferring files from the MED-V workspace to the host. - -**Note** -If a user without permissions attempts to transfer files, a window will appear prompting him to enter the credentials of a user with permissions to perform the file transfer. - - - -**Important** -To support file transfer in Windows XP SP3, you must disable offline file synchronization by editing the registry as follows: - -`REG ADD HKLM\software\microsoft\windows\currentversion\netcache /V Enabled /T REG_DWORD /F /D 0` - - - -Advanced - -Click to set the advanced file transfer options. For more information, see [How to Set Advanced File Transfer Options](how-to-set-advanced-file-transfer-options.md). - -*Device Control* - -Enable printing to printers connected to the host - -Select this check box to enable users to print from the MED-V workspace using the host printer. - -**Note** -The printing is performed by the printers defined on the host. - - - -Enable access to CD / DVD - -Select this check box to allow access to a CD or DVD drive from this MED-V workspace. - - - -**Multiple Memberships** - -1. If the user is part of a group and permissions are applied to the user as well as to the group they are part of, all permissions are applied. - -2. If the user is a member of two different groups, the least restrictive permissions are applied. - -## Related topics - - -[Using the MED-V Management Console User Interface](using-the-med-v-management-console-user-interface.md) - -[Creating a MED-V Workspace](creating-a-med-v-workspacemedv-10-sp1.md) - -[How to Set MED-V Workspace Deletion Options](how-to-set-med-v-workspace-deletion-options.md) - -[How to Set Advanced File Transfer Options](how-to-set-advanced-file-transfer-options.md) - - - - - - - - - diff --git a/mdop/medv-v1/how-to-configure-image-pre-staging.md b/mdop/medv-v1/how-to-configure-image-pre-staging.md deleted file mode 100644 index 5503edfefa..0000000000 --- a/mdop/medv-v1/how-to-configure-image-pre-staging.md +++ /dev/null @@ -1,125 +0,0 @@ ---- -title: How to Configure Image Pre-staging -description: How to Configure Image Pre-staging -author: dansimp -ms.assetid: 92781b5a-208f-45a4-a078-ee90cf9efd9d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure Image Pre-staging - - -**Note**   -Image pre-staging is useful only for the initial image download. It is not supported for image update. - - - -## How to Configure Image Pre-staging - - -**To configure image pre-staging** - -1. On the client computer, under the image store directory, create a folder for the pre-staging image, and name it *MED-V Images*. - - **Note**   - This folder must be called *MED-V Images*. - - - -2. Inside the MED-V Images folder, create a subfolder and name it *PrestagedImages*. - - **Note**   - This folder must be called *PrestagedImages*. - - - -3. To apply Access Control Lists (ACL) security to the *MED-V Images* folder, set the following ACL: - - **NT AUTHORITY\\Authenticated Users:(OI)(CI)(special access:)** - - **READ\_CONTROL** - - **SYNCHRONIZE** - - **FILE\_GENERIC\_READ** - - **FILE\_READ\_DATA** - - **                                 FILE\_APPEND\_DATA** - - **FILE\_READ\_EA** - - **FILE\_READ\_ATTRIBUTES** - - **NT AUTHORITY\\SYSTEM:(OI)(CI)F** - - **BUILTIN\\Administrators:(OI)(CI)F** - - **Note**   - It is recommended to apply ACL security to the *MED-V Images* folder. - - - -4. To apply ACL security to the *PrestagedImages* folder, set the following ACL: - - **NT AUTHORITY\\Authenticated Users:(OI)(CI)(special access:)** - - **READ\_CONTROL** - - **SYNCHRONIZE** - - **FILE\_GENERIC\_READ** - - **FILE\_READ\_DATA** - - **FILE\_READ\_EA** - - **FILE\_READ\_ATTRIBUTES** - - **NT AUTHORITY\\SYSTEM:(OI)(CI)F** - - **BUILTIN\\Administrators:(OI)(CI)F** - - **Note**   - It is recommended to apply ACL security to the *PrestagedImages* folder. - - - -5. Push the image files (CKM and INDEX files) to the *PrestagedImages* folder. - - **Note**   - After the image files have been pushed to the pre-stage folder, it is recommended to run a data integrity check and to mark the files as read-only. - - - -6. Include the following parameter in the MED-V client installation: *Client.MSI VMSFOLDER=”C:\\MED-V Images”*. - -## How to Update the Pre-stage Location - - -**To update the pre-stage location** - -1. The registry key, *PrestagedImagesPath*, points to the default image location. It is located in the following directory: - - - On an x86 - `KEY_LOCAL_MACHINE\SOFTWARE\Kidaro` - - - On an x64 - `HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432node` - -2. If the image is in a different location, change the path. - - - - - - - - - diff --git a/mdop/medv-v1/how-to-configure-published-applicationsmedvv2.md b/mdop/medv-v1/how-to-configure-published-applicationsmedvv2.md deleted file mode 100644 index 5d812e35d6..0000000000 --- a/mdop/medv-v1/how-to-configure-published-applicationsmedvv2.md +++ /dev/null @@ -1,240 +0,0 @@ ---- -title: How to Configure Published Applications -description: How to Configure Published Applications -author: dansimp -ms.assetid: 43a59ff7-5d4e-49dc-84e5-1082bc4dd8f4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure Published Applications - - -Applications that are not compatible with the host operating system can be run within the MED-V workspace and initiated from within the MED-V workspace the same way they are initiated from the desktop—from the Start menu or from a local host shortcut. Applications selected and defined are called published applications. The procedures in this section describe how to add and remove published applications. - -An application can be published in one of the following ways: - -- As an application—Select a specific application by typing in the command line for the application. Only the application selected is published. - -- As a menu—Select a folder that contains multiple applications. All applications within the folder are published and displayed as a menu. - -## How to Add a Published Application to a MED-V Workspace - - -**To add an application to the MED-V workspace** - -1. Click the MED-V workspace to configure. - -2. In the **Applications** pane, in the **Published Applications** section, click **Add** to add a new application. - -3. Configure the application properties as described in the following table. - -4. On the **Policy** menu, select **Commit**. - - **Note** - If you are setting Internet Explorer as a published application to ensure that Web redirection works properly, make certain that any parameters are not in parentheses. - - - -**Published Application Properties** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PropertyDescription

Enabled

Select this check box to enable the published application.

Display name

The name of the shortcut in the user's Windows Start menu.

-
-Note

The display name is not case sensitive.

-
-
- -

Description

A description of the published application, which appears as a tooltip when the user's mouse hovers over the shortcut.

Command line

The command used to run the application from within the MED-V workspace. The full path is required, and the parameters can be passed to the application in a similar fashion as in any other Windows command.

-

In a revertible MED-V workspace, you can map a network drive with MapNetworkDrive syntax: "MapNetworkDrive <drive> <path>"—for example, "MapNetworkDrive t: \tux\date".

-

For example, to publish Windows Explorer, use the following syntax: "c:</em>" or "c:\windows."

-
-Note

To have a name resolution, you need to perform one of the following:

-
-
- -
-
    -

  • Configure the DNS in the base MED-V workspace image.

    • -

  • Verify the DNS resolution is defined in the host, and configure it to use the host DNS.

    • -

  • Use the IP for defining the network drive.

    • -
-
-Note

If the path includes spaces, the entire path must be inside quotation marks.

-
-
- -
-
-Note

The path should not end with a backslash ().

-
-
- -

Start menu

Select this check box to create a shortcut for the application in the user's Windows Start menu.

- - - -All published applications appear as shortcuts in the Windows **Start** menu (**Start >All Programs> MED-V Applications**). - -## How to Remove a Published Application from a MED-V Workspace - - -**To remove an application from the MED-V workspace** - -1. Click a MED-V workspace. - -2. In the **Applications** pane, in the **Published Applications** section, select an application to remove. - -3. Click **Remove**. - - The application is removed from the list of published applications. - -4. On the **Policy** menu, select **Commit**. - -## How to Add a Published Menu to a MED-V Workspace - - -**To add a published menu to the MED-V workspace** - -1. Click the MED-V workspace to configure. - -2. In the **Applications** pane, in the **Published Menus** section, click **Add** to add a new menu. - -3. Configure the menu properties as described in the following table. - -4. On the **Policy** menu, select **Commit**. - -**Published Menu Properties** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
PropertyDescription

Enabled

Select this check box to enable the published menu.

Display name

The name of the shortcut in the user's Windows Start menu.

Description

The description, which appears as a tooltip when the user's mouse hovers over the shortcut.

Folder in workspace

Select the folder to publish as a menu containing all the applications within the folder.

-

The text displayed is a relative path from the Programs folder.

-
-Note

If left blank, all programs on the host will be published as a menu.

-
-
- -
- - - -All published menus appear as shortcuts in the Windows **Start** menu (**Start >All Programs> MED-V Applications**). You can change the name of the shortcut in the **Start-menu shortcuts folder** field. - -**Note** -When configuring two MED-V workspaces, it is recommended to configure a different name for the Start menu shortcuts folder. - - - -## How to Remove a Published Menu from a MED-V Workspace - - -**To remove a published menu from a MED-V workspace** - -1. Click a MED-V workspace. - -2. In the **Applications** pane, in the **Published Menus** section, select a menu to remove. - -3. Click **Remove**. - - The menu is removed from the list of published menus. - -4. On the **Policy** menu, select **Commit**. - -## Running a Published Application from a Command Line on the Client - - -The administrator can run published applications from any location, such as a desktop shortcut, using the following command: - -``` syntax -"\Manager\KidaroCommands.exe" /run "" "" -``` - -**Note** -The MED-V workspace in which the published application is defined must be running. - - - -## Related topics - - -[How to Edit a Published Application with Advanced Settings](how-to-edit-a-published-application-with-advanced-settings.md) - -[Using the MED-V Management Console User Interface](using-the-med-v-management-console-user-interface.md) - -[Creating a MED-V Workspace](creating-a-med-v-workspacemedv-10-sp1.md) - - - - - - - - - diff --git a/mdop/medv-v1/how-to-configure-the-image-web-distribution-server.md b/mdop/medv-v1/how-to-configure-the-image-web-distribution-server.md deleted file mode 100644 index 3db5f49a03..0000000000 --- a/mdop/medv-v1/how-to-configure-the-image-web-distribution-server.md +++ /dev/null @@ -1,69 +0,0 @@ ---- -title: How to Configure the Image Web Distribution Server -description: How to Configure the Image Web Distribution Server -author: dansimp -ms.assetid: 2d32ae79-dff5-4c05-a412-dd15452b6007 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Configure the Image Web Distribution Server - - -An image repository is an optional server that is used for image distribution (where administrators upload new images and client computers check the server every 15 minutes and update their image if a new one is available). - -## - - -An image distribution server requires the following: - -- Internet Information Services (IIS)—For information, see [Internet Information Services](https://go.microsoft.com/fwlink/?LinkId=142995). - - During the IIS installation, when adding role services, select the following supported authentication methods: - - - **Basic Authentication** - - - **Windows Authentication** - - - **Client Certificate Mapping Authentication** - - When configuring IIS, include the following: - - - Add a virtual directory, with the alias named **MEDVImages**. The physical path should point to the location of the images. - - - Enable BITS. - - - Add the following MIME types: - - - **.ckm (application/octet-stream)** - - - **.index (application/octet-stream**) - - - On the MED-V site, add read permissions to **Everyone**. - - - Restart IIS. - -- BITS Server Extensions for IIS—For information, see [Install BITS Server Extensions](https://go.microsoft.com/fwlink/?LinkId=142996). - -## Related topics - - -[Supported Configurations](supported-configurationsmedv-orientation.md) - -[Design the MED-V Image Repositories](design-the-med-v-image-repositories.md) - -  - -  - - - - - diff --git a/mdop/medv-v1/how-to-configure-the-virtual-machine-setup-for-a-med-v-workspace.md b/mdop/medv-v1/how-to-configure-the-virtual-machine-setup-for-a-med-v-workspace.md deleted file mode 100644 index 61a363f290..0000000000 --- a/mdop/medv-v1/how-to-configure-the-virtual-machine-setup-for-a-med-v-workspace.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: How to Configure the Virtual Machine Setup for a MED-V Workspace -description: How to Configure the Virtual Machine Setup for a MED-V Workspace -author: dansimp -ms.assetid: a4659b4d-18b2-45b1-9605-8b5adc438f53 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure the Virtual Machine Setup for a MED-V Workspace - - -The procedures in this section describe how to configure the virtual machine for first-time setup. - -The virtual machine setup configures the setup performed when the virtual machine is run on the client for the first time. The virtual machine setup is configured differently for persistent and revertible MED-V workspaces. For more information about persistent and revertible MED-V workspaces, see [Configuring MED-V Workspace Policies](configuring-med-v-workspace-policies.md). - -## In This Section - - -[How to Configure the Virtual Machine Setup for a MED-V Workspace](how-to-configure-the-virtual-machine-setup-for-a-med-v-workspacemedvv2.md) -Describes how to configure the virtual machine setup for persistent and revertible MED-V workspaces. - -[How to Configure VM Computer Name Pattern Properties](how-to-configure-vm-computer-name-pattern-propertiesmedvv2.md) -Describes how to configure virtual machine computer name pattern properties for persistent and revertible MED-V workspaces. - -[Examples of Virtual Machine Configurations](examples-of-virtual-machine-configurationsv2.md) -Provides examples of virtual machine configurations in both persistent and revertible MED-V workspaces. - -## Related topics - - -[Using the MED-V Management Console User Interface](using-the-med-v-management-console-user-interface.md) - -[Creating a MED-V Workspace](creating-a-med-v-workspacemedv-10-sp1.md) - -[How to Set Up Script Actions](how-to-set-up-script-actions.md) - -  - -  - - - - - diff --git a/mdop/medv-v1/how-to-configure-the-virtual-machine-setup-for-a-med-v-workspacemedvv2.md b/mdop/medv-v1/how-to-configure-the-virtual-machine-setup-for-a-med-v-workspacemedvv2.md deleted file mode 100644 index aded377291..0000000000 --- a/mdop/medv-v1/how-to-configure-the-virtual-machine-setup-for-a-med-v-workspacemedvv2.md +++ /dev/null @@ -1,137 +0,0 @@ ---- -title: How to Configure the Virtual Machine Setup for a MED-V Workspace -description: How to Configure the Virtual Machine Setup for a MED-V Workspace -author: dansimp -ms.assetid: 50bbf58b-842c-4b63-bb93-3783903f6c7d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure the Virtual Machine Setup for a MED-V Workspace - - -All virtual machine setup configuration settings are configured in the **Policy** module, on the **VM Setup** tab. - -## How to Configure the Virtual Machine Setup for a Persistent MED-V Workspace - - -**To configure the virtual machine setup for a persistent MED-V workspace** - -1. Click a persistent MED-V workspace to be configured. - -2. In the **Persistent VM Setup** section, configure the properties as described in the following table. - - **Note** - The persistent VM setup properties are enabled only for a persistent MED-V workspace. - - - -3. On the **Policy** menu, select **Commit**. - -**Persistent VM Setup Properties** - - ---- - - - - - - - - - - - - - - - - - - - - -
PropertyDescription

Run VM Setup

Select this check box to run a setup script the first time the MED-V workspace is run.

Script Editor

Click to configure the setup script. For more information, see How to Set Up Script Actions.

-
-Note

This button is enabled only when Run VM Setup script is selected.

-
-
- -

Message displayed when script is running

A message to be displayed while the script is running. If left blank, the default message is displayed.

-
-Note

This field is enabled only when Run VM Setup script is checked.

-
-
- -
- - - -## How to Configure the Virtual Machine Setup for a Revertible MED-V Workspace - - -**To configure the virtual machine setup for a revertible MED-V workspace** - -1. Click a revertible MED-V workspace to configure. - -2. In the **Revertible VM Setup** section, configure the properties as described in the following table. - - **Note** - The revertible VM setup properties are enabled only for a revertible MED-V workspace. - - - -3. On the **Policy** menu, select **Commit**. - -**Revertible VM Setup Properties** - - ---- - - - - - - - - - - - - -
PropertyDescription

Rename the VM based on the computer name pattern

Select this check box to assign a unique name to each computer using the MED-V workspace so that you can differentiate between multiple computers using the same MED-V workspace.

-

For more information on configuring computer image names, see How to Configure VM Computer Name Pattern Properties.

- - - -## Related topics - - -[Using the MED-V Management Console User Interface](using-the-med-v-management-console-user-interface.md) - -[Creating a MED-V Workspace](creating-a-med-v-workspacemedv-10-sp1.md) - -[Examples of Virtual Machine Configurations](examples-of-virtual-machine-configurationsv2.md) - - - - - - - - - diff --git a/mdop/medv-v1/how-to-configure-vm-computer-name-pattern-propertiesmedvv2.md b/mdop/medv-v1/how-to-configure-vm-computer-name-pattern-propertiesmedvv2.md deleted file mode 100644 index 6bea34fef3..0000000000 --- a/mdop/medv-v1/how-to-configure-vm-computer-name-pattern-propertiesmedvv2.md +++ /dev/null @@ -1,137 +0,0 @@ ---- -title: How to Configure VM Computer Name Pattern Properties -description: How to Configure VM Computer Name Pattern Properties -author: dansimp -ms.assetid: ddf79ace-8cc3-4ee6-be5a-5940b4df5c36 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure VM Computer Name Pattern Properties - - -A virtual machine computer name pattern can be assigned both for revertible and for persistent MED-V workspaces. - -- Revertible—Administrators can assign a unique name to each revertible MED-V workspace instance to differentiate between multiple computers using the same MED-V workspace. - -- Persistent—In a persistent MED-V workspace, administrators can set a computer to be renamed during a setup script. - -## How to Assign a Virtual Machine Computer Name Pattern to a Revertible MED-V Workspace - - -**To assign a virtual machine computer name pattern to a revertible MED-V workspace** - -1. Click the revertible MED-V workspace to configure. - -2. In the **Revertible VM Setup** section, select the **Rename the VM based on the computer name pattern** check box. - -3. In the **VM Computer Name Pattern** section, enter the pattern to use for naming virtual machine images, using the following options: - - - **Constant**—Enter free text that will be constant on all computers using the MED-V workspace. - - - **Variable**—Enter a variable, by clicking **Insert Variable**, and select from one of the following: - - - **User name** - - - **Domain name** - - - **Host name** - - - **Workspace name** - - - **Virtual machine name** - - The variable selected will be specific to the computer using the MED-V workspace. For example, if **Domain name** is selected, the unique name for each computer will include the computer's domain name. - - - **Random characters**—Enter “\#” for each random character to include in the pattern. Each computer using the MED-V workspace will have a suffix of the length specified, which is generated randomly. - - **Note** - The computer name has a limit of 15 characters. If the pattern exceeds the limit, it will be truncated. - - - -4. On the **Policy** menu, select **Commit**. - - **Note** - A revertible VM computer name pattern can be assigned only when **Rename the VM based on the computer name patterns** (in the **Revertible VM Setup** section) is checked. - - - -~~~ -**Note** -A unique computer name can be assigned only if it is configured prior to MED-V workspace setup. Changing the name will not affect MED-V workspaces that were already set up. -~~~ - - - -## How to Assign a Virtual Machine Computer Name Pattern to a Persistent MED-V Workspace - - -**To assign a virtual machine computer name pattern to a persistent MED-V workspace** - -1. Click the persistent MED-V workspace to configure. - -2. In the **Persistent VM Setup** section, click **Script Editor**. - -3. In the **Script Actions** dialog box, click **Add**, and on the submenu, click **Rename Computer**. - -4. Click **OK** to close the **Script Actions** dialog box. - -5. On the **VM Setup** tab, in the **VM Computer Name Pattern** section, enter the pattern to use for renaming the computer, using the following: - - - **Constant**— Enter free text that will be included in the computer name. - - - **Variable**—Enter a variable, by clicking **Insert Variable**, and select from one of the following: - - - **User name** - - - **Domain name** - - - **Host name** - - - **Workspace name** - - - **Virtual machine name** - - The variable selected will be specific to the computer that is being renamed. For example, if **Domain name** is selected, the computer name will include the computer's domain name. - - - **Random characters**— Enter “\#” for each random character to include in the pattern. The computer will have a suffix of the length specified, which is generated randomly. - - **Note** - The computer name has a limit of 15 characters. If the pattern exceeds the limit, it will be truncated. - - - -6. On the **Policy** menu, select **Commit**. - - **Note** - The computer will be renamed only if it is set as an action in the **Script Actions** dialog box. For detailed information, see [How to Set Up Script Actions](how-to-set-up-script-actions.md). - - - -## Related topics - - -[Using the MED-V Management Console User Interface](using-the-med-v-management-console-user-interface.md) - -[Creating a MED-V Workspace](creating-a-med-v-workspacemedv-10-sp1.md) - -[How to Set Up Script Actions](how-to-set-up-script-actions.md) - -[Examples of Virtual Machine Configurations](examples-of-virtual-machine-configurationsv2.md) - - - - - - - - - diff --git a/mdop/medv-v1/how-to-configure-web-settings-for-a-med-v-workspace.md b/mdop/medv-v1/how-to-configure-web-settings-for-a-med-v-workspace.md deleted file mode 100644 index 463ab388e1..0000000000 --- a/mdop/medv-v1/how-to-configure-web-settings-for-a-med-v-workspace.md +++ /dev/null @@ -1,139 +0,0 @@ ---- -title: How to Configure Web Settings for a MED-V Workspace -description: How to Configure Web Settings for a MED-V Workspace -author: dansimp -ms.assetid: 9a6cd28f-7e4f-468f-830a-7b1d9abd3af3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Configure Web Settings for a MED-V Workspace - - -Web sites that can only be displayed in older versions of Internet Explorer and that do not exist in the host operating system can be viewed in older versions of Internet Explorer within the MED-V workspace. The user does not need to open a browser in the MED-V workspace to view the specified Web sites. The user can open a browser on the host and automatically be redirected to the MED-V workspace and vice versa. - -The following procedures describe how you can set a list of Web browsing rules for a MED-V workspace. All sites included in the rules can be browsed either in the MED-V workspace or on the host, as defined by the administrator. All sites not defined within the rules are browsed from the environment in which they were requested. However, you can configure them as a group as well, to be browsed in the MED-V workspace or the host. - -**Note** -Web settings are applied only to Internet Explorer and to no other browsers. - - - -All Web settings are configured in the **Policy** module, on the **Web** tab. - -## How to Configure Web Settings for the MED-V Workspace - - -**To configure Web settings for the MED-V workspace** - -1. Click the MED-V workspace to be configured. - -2. Select the **Browse the list of URLs defined in the following table** check box to redirect the user to a browser within the MED-V workspace or host, when the user browses to a URL that conforms to the Web rules specified. - -3. Click one of the following: - - - **In the Workspace**—Redirect to a browser in the MED-V workspace. - - - **In the host**—Redirect to a browser on the host. - -4. Select the **Browse all other URLs** check box to redirect all URLs excluded from the Web rules to the host or MED-V workspace. - -5. Click one of the following: - - - **In the Workspace**—Redirect all other URLs to a browser in the MED-V workspace. - - - **In the host**—Redirect all other URLs to a browser on the host. - -6. On the **Policy** menu, select **Commit**. - -## How to Add a Web Rule - - -**To add a Web rule** - -1. Select the **Browse the list of URLs defined in the following table** check box to enable the Web browsing rules. - -2. Click **Add**. - - A new Web rule is added. - -3. Configure the Web rule properties as described in the following table. - -4. On the **Policy** menu, select **Commit**. - -**MED-V Workspace Web Properties** - - ---- - - - - - - - - - - - - - - - - -
PropertyDescription

Type

    -

  • Domain suffix—Access to any host address ending with the suffix specified in the Value property and is set according to the option set in Web Browsing.

    • -

  • IP Prefix—Access to any full or partial IP address in the range of the prefix specified in the Value property and is set according to the option set in Web Browsing.

    • -

  • All Local Addresses—Access to all addresses without a '.' and is set according to the option set in Web Browsing.

    • -

Value

    -

  • If Domain suffix is selected in the Type property, enter a domain suffix.

    -
    -Note
      -

    • Do not enter "*" before the suffix.

      • -

    • Domain suffixes support aliases as well.

      • -
    -
    -
    - -
    • -

  • If IP Prefix is selected in the Type property, enter a full or partial IP address.

    • -
- - - -## How to Delete a Web Rule - - -**To delete a Web rule** - -1. In the **Web** pane, select the Web rule to delete. - -2. Click **Remove**. - - The Web rule is deleted. - -## Related topics - - -[Using the MED-V Management Console User Interface](using-the-med-v-management-console-user-interface.md) - -[Creating a MED-V Workspace](creating-a-med-v-workspacemedv-10-sp1.md) - - - - - - - - - diff --git a/mdop/medv-v1/how-to-create-and-test-a-med-v-image.md b/mdop/medv-v1/how-to-create-and-test-a-med-v-image.md deleted file mode 100644 index c63893f150..0000000000 --- a/mdop/medv-v1/how-to-create-and-test-a-med-v-image.md +++ /dev/null @@ -1,156 +0,0 @@ ---- -title: How to Create and Test a MED-V Image -description: How to Create and Test a MED-V Image -author: dansimp -ms.assetid: 40e4aba6-12cb-4794-967d-2c09dc20d808 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Create and Test a MED-V Image - - -The MED-V administrator creates a MED-V image so that it can be uploaded, associated with a MED-V workspace, and then distributed to the client over the Web, added to a MED-V package, or downloaded to the client by using a third-party system. It is recommended to first create a test image and test it on MED-V client before deploying it. - -When creating a MED-V image, it goes through the following stages: - -1. **Local test image**—A basic image that can be tested locally. - -2. **Local packed image**—After the image is tested, the image is packed as it existed prior to testing. No changes made during testing are included in the packed image. - -3. **Packed image on server**—The packed image is uploaded to the server. - -## How to Create a MED-V Test Image - - -**To create a new MED-V test image** - -1. Click the **Images** management button. - - The **Images** module appears. - - - The **Images** module consists of the following panes: - - - **Local Test Images**—Local unpacked images. - - - **Local Packed Images**—All packed images on the local computer. - - - **Packed Images on Server**—All images that have been packed and uploaded to the server. - - - In the **Local Packed Images** and **Packed Images on Server** panes, the most recent version of each image is displayed as the parent node. Click the parent node to view all other existing versions of the image. - -2. In the **Local Test Images** pane, click **New**. - -3. On the **Test Image Creation** dialog box, select the virtual machine image that you want to configure as a MED-V test image by doing one of the following: - - - In the **Base image** file field, type the full path to the directory where the Microsoft Virtual PC image prepared for MED-V is located. - - - Click **Browse** to browse to the directory where the Microsoft Virtual PC image prepared for MED-V is located. - -4. In the **Image name** field, type or select the desired name. - - **Note**   - The following characters cannot be included in the image name: space " < > | \\ / : \* ? - - - -5. Click **OK**. - - A new MED-V test image is created on your host computer with the properties defined in the following table. - - For more information about configuring the MED-V workspace image, refer to [Configuring MED-V Workspace Policies](configuring-med-v-workspace-policies.md). - -**Local Test Images Properties** - - ---- - - - - - - - - - - - - - - - - - - - - -
PropertyDescription

Image Name

The name of the test image as it was defined when the administrator created the image.

Image Path

The local path of the test image.

Created

The date the test image was created.

- - - -## How to Test a MED-V Image from the MED-V Client - - -After a MED-V test image is created, use the following procedure to test the image locally. - -**To test a MED-V image** - -1. Click the **Policy** management button. - -2. In the **Policy** module, assign the MED-V test image to a MED-V workspace by doing the following: - - 1. Click the **Virtual Machine** tab. - - 2. In the **Assigned Image** field, select the MED-V test image you created. If your test image is not in the list, click **Refresh**. - - 3. On the toolbar, click **Save changes**. - -3. Configure any other MED-V workspace settings to be tested. For more information, see [Configuring MED-V Workspace Policies](configuring-med-v-workspace-policies.md). - -4. Start MED-V client. - -5. In the **Confirm Running Test** confirmation box, click **Use Test Image**. - -6. Test the MED-V workspace test image. - - For information about starting and running MED-V client, see [MED-V Client Operations](med-v-client-operations.md). - -**Note**   -While testing an image, do not open VPC and make changes to the image. - - - -**Note**   -When testing an image, no changes are saved to the image between sessions; instead, they are saved in a separate, temporary file. This is to ensure that when the image is packed and run on the production environment, it is the original, clean image. - - - -## Related topics - - -[Creating a Virtual PC Image for MED-V](creating-a-virtual-pc-image-for-med-v.md) - -[Creating a MED-V Workspace](creating-a-med-v-workspacemedv-10-sp1.md) - -[Configuring MED-V Workspace Policies](configuring-med-v-workspace-policies.md) - -[MED-V Client Operations](med-v-client-operations.md) - - - - - - - - - diff --git a/mdop/medv-v1/how-to-delete-a-med-v-image.md b/mdop/medv-v1/how-to-delete-a-med-v-image.md deleted file mode 100644 index 02d9bb6115..0000000000 --- a/mdop/medv-v1/how-to-delete-a-med-v-image.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: How to Delete a MED-V Image -description: How to Delete a MED-V Image -author: dansimp -ms.assetid: 974a493a-7627-4c64-9294-89441f127916 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Delete a MED-V Image - - -## How to Delete a MED-V Image - - -**To delete a MED-V image** - -1. Click the image or the version of the image to delete. - -2. On the **Images** menu, click **Delete**. - - The image is deleted. - -## Related topics - - -[How to Create and Test a MED-V Image](how-to-create-and-test-a-med-v-image.md) - -  - -  - - - - - diff --git a/mdop/medv-v1/how-to-deploy-a-workspace-imagedeployment-package.md b/mdop/medv-v1/how-to-deploy-a-workspace-imagedeployment-package.md deleted file mode 100644 index d849956376..0000000000 --- a/mdop/medv-v1/how-to-deploy-a-workspace-imagedeployment-package.md +++ /dev/null @@ -1,95 +0,0 @@ ---- -title: How to Deploy a Workspace Image -description: How to Deploy a Workspace Image -author: dansimp -ms.assetid: b2c77e0d-101d-4956-a27c-8beb0e4f262e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Deploy a Workspace Image - - -When using a deployment package, a new image can be deployed onto client computers in one of the following ways: - -- [Web download](#bkmk-howtodeployaworkspaceimageviatheweb) - -- [Image pre-staging](#bkmk-howtodeployaworkspaceimageusingimageprestaging) - -- [Deploying the image inside the deployment package](#bkmk-howtodeployaworkspaceimageusingadeploymentapackage) - -## How to Deploy a Workspace Image via the Web - - -**To deploy a workspace image via the Web** - -1. Upload the MED-V image to the server. - - For information on uploading the image, see [How to Upload a MED-V Image to the Server](how-to-upload-a-med-v-image-to-the-server.md). - -2. Create a deployment package, and include the server path to the location of the image. - - For information on creating a deployment package, see [How to Configure a Deployment Package](how-to-configure-a-deployment-package.md). - -3. Deploy the package to end users. - - For information on deploying the package, see [How to Install MED-V Client](how-to-install-med-v-clientdeployment-package.md). - - MED-V client is installed and started for the first time. On first-time startup, the client downloads the image from the server address specified in the client installation. - -## How to Deploy a Workspace Image Using Image Pre-staging - - -**To deploy a workspace image using image pre-staging** - -1. Create an image pre-stage folder, and push the image to the folder. - - For information on configuring image pre-staging, see [How to Configure Image Pre-staging](how-to-configure-image-pre-staging.md). - -2. Create a deployment package, and include the path to the image pre-stage folder. - - For information on creating a deployment package, see [How to Configure a Deployment Package](how-to-configure-a-deployment-package.md). - -3. Deploy the package to end users. - - For information on deploying the package, see [How to Install MED-V Client](how-to-install-med-v-clientdeployment-package.md). - - MED-V client is installed and started for the first time. On first-time startup, the client fetches the image from the pre-stage folder specified in the client installation. - -## How to Deploy a Workspace Image Using a Deployment Package - - -**To deploy a workspace image using a deployment package** - -1. Create a deployment package, and include the image in the package. - - For information on creating a deployment package, see [How to Configure a Deployment Package](how-to-configure-a-deployment-package.md). - -2. Deploy the package to end users. - - For information on deploying the package, see [How to Install MED-V Client](how-to-install-med-v-clientdeployment-package.md). - - The image is imported to the host as part of the package installation. - -## Related topics - - -[How to Configure the Image Web Distribution Server](how-to-configure-the-image-web-distribution-server.md) - -[How to Configure a Deployment Package](how-to-configure-a-deployment-package.md) - -  - -  - - - - - diff --git a/mdop/medv-v1/how-to-deploy-a-workspace-imageesds.md b/mdop/medv-v1/how-to-deploy-a-workspace-imageesds.md deleted file mode 100644 index 5eb6dd5c1c..0000000000 --- a/mdop/medv-v1/how-to-deploy-a-workspace-imageesds.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: How to Deploy a Workspace Image -description: How to Deploy a Workspace Image -author: dansimp -ms.assetid: ccc8e89b-1625-4b58-837e-4c6d93d46070 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Deploy a Workspace Image - - -When using an enterprise software distribution system, a new image can be deployed onto client computers in one of the following ways: - -- [Web download](#bkmk-howtodeployaworkspaceimageviatheweb) - -- [Image pre-staging](#bkmk-howtodeployaworkspaceimageusingimageprestaging) - -## How to Deploy a Workspace Image via the Web - - -**To deploy a workspace image via the Web** - -1. Upload the MED-V image to the server. - - For information on uploading the image, see [How to Upload a MED-V Image to the Server](how-to-upload-a-med-v-image-to-the-server.md). - -2. Using your enterprise software distribution system, install the MED-V client .msi package on users’ computers. - - For information on installing the MED-V client .msi package, see [How to Install MED-V Client](how-to-install-med-v-clientesds.md). - - MED-V client is installed and started for the first time. On first-time startup, the client downloads the image from the server address specified in the client installation. - -## How to Deploy a Workspace Image Using Image Pre-staging - - -**To deploy a workspace image using image pre-staging** - -1. Create an image pre-stage folder, and push the image to the folder. - - For information on configuring image pre-staging, see [How to Configure Image Pre-staging](how-to-configure-image-pre-staging.md). - -2. Using your enterprise software distribution system, install the MED-V client .msi package on users’ computers. - - For information on installing the MED-V client .msi package, see [How to Install MED-V Client](how-to-install-med-v-clientesds.md). - - MED-V client is installed and started for the first time. On first-time startup, the client fetches the image from the pre-stage folder specified in the client installation. - -## Related topics - - -[How to Configure the Image Web Distribution Server](how-to-configure-the-image-web-distribution-server.md) - -  - -  - - - - - diff --git a/mdop/medv-v1/how-to-edit-a-published-application-with-advanced-settings.md b/mdop/medv-v1/how-to-edit-a-published-application-with-advanced-settings.md deleted file mode 100644 index babf8996d1..0000000000 --- a/mdop/medv-v1/how-to-edit-a-published-application-with-advanced-settings.md +++ /dev/null @@ -1,140 +0,0 @@ ---- -title: How to Edit a Published Application with Advanced Settings -description: How to Edit a Published Application with Advanced Settings -author: dansimp -ms.assetid: 06a79049-9ce9-490f-aad7-fd4fdf185590 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Edit a Published Application with Advanced Settings - - -After a published application has been added and configured, the published application can be edited and additional advanced settings can be configured. - -**To edit a published application with advanced settings** - -1. In the **Applications** pane, add and configure a published application. - -2. Select the published application to edit. - -3. Click **Edit**. - -4. In the **Published Application** dialog box, configure the parameters as described in the following table. - -5. Click **OK**. - -6. On the **Policy** menu, select **Commit**. - -**Editing Published Application Properties** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PropertyDescription

Display name

The name of the shortcut in the user's Windows Start menu.

-
-Note

The display name is not case sensitive.

-
-
- -

Description

A description of the published menu.

Start in

The directory from which to start the application.

-
-Note

The path does not need to include quotation marks.

-
-
- -

Command line

The command with which to run the application from within the MED-V workspace.

-

The full path is required, and the parameters can be passed to the application in a similar fashion as in any other Windows command.

-

In a domain configuration, a shared drive usually exists on the server where all domain computers map to. The directory should be mapped here, and if it is a folder that requires user authentication, the Use MED-V credentials to run this application check box must be selected.

-

In a revertible MED-V workspace, you can map a network drive with MapNetworkDrive syntax: "MapNetworkDrive <drive> <path>"—for example, "MapNetworkDrive t: \tux\data".

-

For example, to publish Windows Explorer, use the following syntax: "c:&quot; or "c:\windows".

-
-Note

To have a name resolution, you need to perform one of the following:

-
-
- -
-
    -

  • Configure the DNS in the base MED-V workspace image.

    • -

  • Verify that the DNS resolution is defined in the host, and configure it to use the host DNS.

    • -

  • Use the IP for defining the network drive.

    • -
-
-Note

If the path includes spaces, the entire path must be inside quotation marks.

-
-
- -
-
-Note

The path should not end with a backslash ().

-
-
- -

Add a shortcut in the host Windows Start menu

Select this check box to create a shortcut for the application in the user's Windows Start menu.

Launch this application when the Workspace is started

Select this check box to run the application automatically when the MED-V workspace starts.

Use MED-V credentials to run this application

Select this check box to authenticate applications that request a user name and password using the MED-V credentials instead of the credentials set for the application.

-
-Note

When using SSO, the command line should be C:\Windows\Explorer.exe "folder path". When not using SSO, the command line should be "folder path".

-
-
- -
- - - -## Related topics - - -[How to Configure Published Applications](how-to-configure-published-applicationsmedvv2.md) - - - - - - - - - diff --git a/mdop/medv-v1/how-to-generate-reports-medvv2.md b/mdop/medv-v1/how-to-generate-reports-medvv2.md deleted file mode 100644 index e9219aa508..0000000000 --- a/mdop/medv-v1/how-to-generate-reports-medvv2.md +++ /dev/null @@ -1,313 +0,0 @@ ---- -title: How to Generate Reports -description: How to Generate Reports -author: dansimp -ms.assetid: 9f8ba28e-1993-4c11-a28a-493718051e5d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Generate Reports - - -The following report types can be created by administrators in MED-V: - -- [Status](#bkmk-generatingastatusreport)—Use the status report to review the current status of all active users and all MED-V workspaces of each user based on a defined period of time. This includes viewing computers that are currently connected to the server or, if they are not currently connected, the date and time they were last connected to the server, the status of each computer, and other relevant information. - -- [Activity Log](#bkmk-generatinganactivitylogreport)—Use this report to review events that originated from a specific host or user in a defined date range. - -- [Error Log](#bkmk-generatinganerrorlogreport)—Use this report to view errors that originated from a specific host or user in a defined date range. - -The report results can be sorted by any column by clicking the appropriate column name. - -The report results can be grouped by dragging a column header to the top of the report. Drag multiple column headers to group one column after another. - -## How to Generate a Status Report - - -**To generate a status report** - -1. Click the **Reports** management button. - -2. In the **Reports** module, on the **Report Types** menu, select **Status**, and click **Generate**. - - The Report Parameters dialog box appears. - -3. In the **Report Parameters** dialog box, in the **Number of days** field, enter a number or use the arrows to select the number of days to include in the status report, and click **OK**. - - A status report is generated. The report parameters are defined in the following table. - -**Client MED-V Workspace Properties** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PropertyDescription

Time

The date and time the event occurred.

-
-Note

By default, the events are displayed in descending date order. However, it can be changed by clicking the Time Received column.

-
-
- -

User Name

The user who initiated the event.

-
-Note

If the event occurred before a user logged on, the user name is SYSTEM.

-
-
- -

Host Name

The name of the host computer.

Workspace Name

The name of the MED-V workspace.

Workspace Computer Name

The name of the computer the MED-V workspace is running on.

Online

The current state of the client computer:

-
    -

  • Stopped

    • -

  • Started at <date and time the workspace was started>

    • -

Client Version

The version number of the client.

Policy Version

The policy version that the MED-V workspace is currently using.

Image Name

The name of the image.

Image Version

The image version that the MED-V workspace is currently using.

-
-Note

MED-V workspace version can be Unknown if it has not yet been downloaded onto a computer.

-
-
- -
- - - -## How to Generate an Activity Log Report - - -**To generate an activity log report** - -1. Click the **Reports** management button. - - The Reports module appears. - -2. In the **Reports** module, on the **Report Types** menu, select **Activity Log**, and click **Generate**. - -3. In the **Report Parameters** dialog box, configure one or more of the following parameters: - - - **Number of days**—The number of days to display in the report. - - - **User name contains**—Any event where the user name contains the text entered is included in the report. - - - **Host name contains**—Any event where the host name contains the text entered is included in the report. - -4. Click **OK**. - - A report is generated with the events and dates selected. The report parameters are defined in the following table. - -**Activity Log Report Properties** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PropertyDescription

Event ID

The event ID.

Severity

Information, Error, Warning

Category

The module that the report is referring to.

Description

A description of the event.

Time Received

The date and time the event was received on the server.

-
-Note

If the client is working offline, the server receives the reports when the client is online.

-
-
- -
-
-Note

By default, the events are displayed in descending date order. However, it can be changed by clicking the Time Received column.

-
-
- -

Client Time

The date and time the event occurred according to the client clock.

Host Name

The name of the host computer.

User Name

The user who initiated the event.

Workspace Name

The name of the MED-V workspace.

Workspace Computer Name

The name of the computer the MED-V workspace is running on.

- - - -## How to Generate an Error Log Report - - -**To generate an error log report** - -1. Click the **Reports** management button. - -2. In the **Reports** module, on the **Report Types** menu, select **Error Log**, and click **Generate**. - -3. In the **Report Parameters** dialog box, configure one or more of the following parameters: - - - **Number of days**—The number of days to display in the report. - - - **User name contains**—Any event where the user name contains the text entered is included in the report. - - - **Host name contains**—Any event where the host name contains the text entered is included in the report. - -4. Click **OK**. - - A report is generated with the events and dates selected. The report parameters are defined in the following table. - -**Error Log Report Properties** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PropertyDescription

Event ID

The event ID.

Category

The module that the report is referring to.

Description

A description of the event.

Time Received

The date and time the event was received on the server.

-
-Note

If the client is working offline, the server receives the reports when the client is online.

-
-
- -
-
-Note

By default, the events are displayed in descending date order. However, it can be changed by clicking the Time Received column.

-
-
- -

Client Time

The date and time the event occurred according to the client clock.

Host Name

The name of the host computer.

User Name

The user who initiated the event.

Workspace Name

The name of the MED-V workspace.

- - - - - - - - - - - diff --git a/mdop/medv-v1/how-to-import-and-export-a-policy.md b/mdop/medv-v1/how-to-import-and-export-a-policy.md deleted file mode 100644 index aaa08137dc..0000000000 --- a/mdop/medv-v1/how-to-import-and-export-a-policy.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: How to Import and Export a Policy -description: How to Import and Export a Policy -author: dansimp -ms.assetid: c86455de-2096-4bb1-b9d3-22efb42f3317 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Import and Export a Policy - - -A MED-V workspace policy can be imported into MED-V or exported from MED-V. - -## How to Import a Policy - - -**To import an existing policy** - -1. In the **Policy** module, on the **Policy** menu, select **Import**. - -2. In the **Import policy** dialog box, browse to the file containing the policy to import. - -3. Click **Open**. - - The policy is imported, replacing the existing policy. - -## How to Export a Policy - - -**To export a policy** - -1. In the **Policy** module, on the **Policy** menu, select **Export**. - -2. In the **Export policy** dialog box, browse to the directory where the policy will be exported. - -3. Enter a name for the policy file. - -4. Click **Save**. - - The policy is exported. - -## Related topics - - -[Creating a MED-V Workspace](creating-a-med-v-workspacemedv-10-sp1.md) - -[Using the MED-V Management Console User Interface](using-the-med-v-management-console-user-interface.md) - -  - -  - - - - - diff --git a/mdop/medv-v1/how-to-install-and-configure-the-med-v-server-component.md b/mdop/medv-v1/how-to-install-and-configure-the-med-v-server-component.md deleted file mode 100644 index 16597d58b2..0000000000 --- a/mdop/medv-v1/how-to-install-and-configure-the-med-v-server-component.md +++ /dev/null @@ -1,197 +0,0 @@ ---- -title: How to Install and Configure the MED-V Server Component -description: How to Install and Configure the MED-V Server Component -author: dansimp -ms.assetid: 2d3c5b15-df2c-4ab6-bf78-f47ef8ae7418 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Install and Configure the MED-V Server Component - - -This section explains how to [install](#bkmk-howtoinstallthemedvserver) and [configure](#bkmk-howtoconfigurethemedvserver) the MED-V server. - -## How to Install the MED-V Server - - -**To install the MED-V server** - -1. Install the MED-V Server .msi package. - - The MED-V Server .msi package is called *MED-V\_Server\_x.msi*, where x is the version number. - - For example, *MED-V\_Server\_1.0.65.msi*. - -2. When the **InstallShield Wizard Welcome** screen appears, click **Next**. - -3. On the **License Agreement** screen, read the license agreement, click **I accept the terms in the license agreement**, and then click **Next**. - - The **Destination Folder** screen appears, with the default installation folder displayed. - - The default installation folder is *%systemdrive%\\Program Files\\Microsoft Enterprise Desktop Virtualization\\*. - - - To change the folder where MED-V should be installed, click **Change** and browse to an existing folder. - -4. Click **Next**. - -5. On the **Ready to Install the Program** screen, click **Install**. - - The MED-V server installation starts. This can take several minutes, and the screen might not display text. During installation, several progress screens appear. If a message appears, follow the instructions provided. - -6. When the **InstallShield Wizard Completed** screen appears, click **Finish** to complete the wizard. - -**Note** -If you are installing the MED-V server via Microsoft Remote Desktop, use the following syntax: **mstsc/admin**. Ensure that your RDP session is directed to the console. - - - -## How to Configure the MED-V Server - - -The following server settings can be configured: - -- [Connections](#bkmk-configuringconnections) - -- [Images](#bkmk-configuringimages) - -- [Permissions](#bkmk-configuringpermissions) - -- [Reports](#bkmk-configuringreports) - -### Configuring Connections - -**To configure connections** - -1. On the Windows Start menu, select **All Programs > MED-V > MED-V Server Configuration Manager**. - - **Note** - Note: If you selected the **Launch MED-V Server Configuration Manager** check box during the server installation, the MED-V server configuration manager starts automatically after the server installation is complete. - - - -~~~ -The MED-V Server Configuration Manager appears. -~~~ - -2. On the **Connections** tab, configure the following client connections settings: - - - **Enable unencrypted connections (http), using port**—Select this check box to enable unencrypted connections using a specified port. In the port box, enter the server port on which to accept unencrypted connections (http). - - - **Enable encrypted connections (https), using port**—Select this check box to enable encrypted connections using a specified port. In the port box, enter the server port on which to accept encrypted connections (https). - - Https is an optional configuration which can be set to ensure secure transactions between the MED-V server and MED-V clients. To configure https, you must perform the following procedures: - - - Configure a certificate on the server. - - - Associate the server certificate with the port specified using netsh. For information, see the following: - - - [Netsh Commands for Hypertext Transfer Protocol (HTTP)](https://go.microsoft.com/fwlink/?LinkId=183314) - - - [How to: Configure a Port with an SSL Certificate](https://go.microsoft.com/fwlink/?LinkID=183315) - - - [How to: Configure a Port with an SSL Certificate](https://msdn.microsoft.com/library/ms733791.aspx) - -3. Click **OK**. - -### Configuring Images - -**To configure images** - -1. Click the **Images** tab. - -2. Configure the following image management settings: - - - **VMs Directory**—The virtual machine directory (the directory where the images are stored). This field contains a UNC path to the image directory on the image distribution server that should be accessible from the MED-V server. - - - **VMs URL**—The location of the server where the images are stored. - -3. Click **OK**. - -### Configuring Permissions - -**To configure permissions** - -1. Click the **Permissions** tab. - -2. A list of all users who can log in is provided. To apply read and write permissions to a user, select the check box next to the user. To apply read-only permissions to a user, clear the check box. - -3. To add domain users or groups, click **Add**. - - The **Enter User or Group names** dialog box appears. - - 1. Select domain users or groups by doing one of the following: - - - In the **Enter User or Group names** field, type a user or group that exists in the domain or exists as a local user or group on the computer. Then click **Check Names** to resolve it to the full existent name. - - - Click **Find** to open the standard **Select Users or Groups** dialog box. Then select domain users or groups. - - 2. Click **OK**. - -4. To remove domain users or groups, select a user or group and click **Remove**. - -5. Click **OK**. - -### Configuring Reports - -**To configure reports** - -1. Click the **Reports** tab. - -2. To support reports, select **Enable reports**. - -3. In the **Connection String** box, enter a connection string for the MSSQL database. - - - When SQL Server is installed on a remote server, use the following connection string: - - `Data Source=;Initial Catalog=;uid=sa;pwd=;` - - **Note** - Note: To connect to SQL Express, use: `Data Source=\sqlexpress.` - - - -4. To create the database, click **Create Database**. - -5. To test the connection, click **Test Connection**. - -6. To configure database clearing options, click **Clear Options**. - - The **Clear Database Options** dialog box appears. - - 1. Choose one of the following options: - - - **Clear data older than**—Clear all data older than the number of days specified; in the number box, enter a number of days. - - - **Clear all data from database**—Clear all existent data in the database. - - - **Drop database**—Delete the database. - - 2. Click **OK** to apply changes and close the dialog box. - -7. Click **OK** to save the changes, or click **Cancel** to close the dialog box without saving changes. - -8. If prompted, restart the MED-V server service to apply changes to the network settings. - -## Related topics - - -[Supported Configurations](supported-configurationsmedv-orientation.md) - -[Design the MED-V Server Infrastructure](design-the-med-v-server-infrastructure.md) - - - - - - - - - diff --git a/mdop/medv-v1/how-to-install-med-v-client-and-med-v-management-console.md b/mdop/medv-v1/how-to-install-med-v-client-and-med-v-management-console.md deleted file mode 100644 index 2ab92353b5..0000000000 --- a/mdop/medv-v1/how-to-install-med-v-client-and-med-v-management-console.md +++ /dev/null @@ -1,107 +0,0 @@ ---- -title: How to Install MED-V Client and MED-V Management Console -description: How to Install MED-V Client and MED-V Management Console -author: dansimp -ms.assetid: 8a5f3010-3a50-487e-99d8-e352e5cb51c6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Install MED-V Client and MED-V Management Console - - -The following MED-V components are included in the client .msi package: - -- MED-V client—The MED-V software that must be installed on client computers for running MED-V workspaces. - -- MED-V management console—The administrative tool that administrators can use to create and maintain images, MED-V workspaces, and policies. - -The MED-V management console and the MED-V client are both installed from the MED-V client .msi package. The MED-V client, however, can be installed independently without the MED-V management console by clearing the **Install the MED-V Management application** check box during installation. - -**Note** -The MED-V client and MED-V management console can only be installed on Windows 7-, Windows Vista-, and Windows XP-based computers. They cannot be installed on server products. - - - -**Note** -Do not install the MED-V client using the Windows **runas** command. - - - -**To install the MED-V client** - -1. Log in as a user with local administrator rights on the local computer. - -2. Run the MED-V .msi package. - - The MED-V .msi package is called *MED-V\_x.msi*, where *x* is the version number. - - For example, *MED-V\_1.0.65.msi*. - -3. When the **InstallShield Wizard Welcome** screen appears, click **Next**. - -4. On the **License Agreement** screen, read the license agreement, click **I accept the terms in the license agreement**, and click **Next**. - - The **Destination Folder** screen appears, with the default installation folder displayed. - - The default installation folder is the directory where the operating system is installed. - - - To change the folder where MED-V should be installed, click **Change**, and browse to an existing folder. - -5. Click **Next**. - -6. On the **MED-V Settings** screen, configure the MED-V installation as follows: - - - Select the **Install the MED-V management application** check box to include the management component in the installation. - - **Note** - Enterprise Desktop Virtualization administrators should install the MED-V management application. This application is required for configuring desktop images and MED-V workspaces. - - - -~~~ -- Select the **Load MED-V when Windows starts** check box to start MED-V automatically on startup. - -- Select the **Add a MED-V shortcut to my desktop** check box to create a MED-V shortcut on your desktop. - -- In the **Server address** field, type the server address. - -- In the **Server port** field, type the server's port. - -- Select the **Server requires encrypted connections (https)** check box to work with https. - -- The default virtual machine images folder is displayed. The default installation folder is *%systemdrive%\\MED-V Images\\*. To change the folder where MED-V should be installed, click **Change**, and browse to an existing folder. -~~~ - -7. Click **Next**. - -8. On the **Ready to Install the Program** screen, click **Install**. - - The MED-V client installation starts. This can take several minutes, and the screen might not display text. During installation, several progress screens appear. If a message appears, follow the instructions provided. - - Upon successful installation, the **InstallShield Wizard Completed** screen appears. - -9. Click **Finish** to close the wizard. - -## Related topics - - -[Supported Configurations](supported-configurationsmedv-orientation.md) - -[Installation and Upgrade Checklists](installation-and-upgrade-checklists.md) - - - - - - - - - diff --git a/mdop/medv-v1/how-to-install-med-v-clientdeployment-package.md b/mdop/medv-v1/how-to-install-med-v-clientdeployment-package.md deleted file mode 100644 index 908b387c82..0000000000 --- a/mdop/medv-v1/how-to-install-med-v-clientdeployment-package.md +++ /dev/null @@ -1,79 +0,0 @@ ---- -title: How to Install MED-V Client -description: How to Install MED-V Client -author: dansimp -ms.assetid: bfac6de7-d96d-4b3e-bd8b-183e051e53c8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Install MED-V Client - - -In a deployment package-based scenario, the MED-V client installation is included in the deployment package and installed directly from the package. - -**Important** -When using a deployment package that does not include an image, ensure that the image is uploaded to the Web or pushed to the pre-stage folder prior to installing the deployment package. - - - -**To install a deployment package** - -1. Do one of the following: - - - Download the MED-V package from the Web. - - - Insert the deployment USB or DVD into the host drive. - -2. If MED-V does not launch automatically, double-click MED-VAutoInstaller.exe. - - A dialog box appears listing the components that are already installed and those that are currently being installed. - - **Note** - If a version of the Microsoft Virtual PC that is not supported exists on the host computer, a message will appear telling you to uninstall the existing version and run the installer again. - - - -~~~ -**Note** -If an older version of the MED-V client exists, it will prompt you asking whether you want to upgrade. - - - -Depending on the components that have been installed, you might need to reboot. If rebooting is necessary, a message appears notifying you that you must reboot. -~~~ - -3. If necessary, reboot the computer. - - When the installation is complete, MED-V starts and a message appears notifying you that the installation is complete. - -4. Log in to MED-V using the following user name and password: - - - Type in the domain name and user name followed by the password of the domain user who is permitted to work with MED-V. - - Example: "domain\_name\\user\_name", "password" - -## Related topics - - -[How to Configure a Deployment Package](how-to-configure-a-deployment-package.md) - -[How to Upload a MED-V Image to the Server](how-to-upload-a-med-v-image-to-the-server.md) - -[Client Installation Command Line Reference](client-installation-command-line-reference.md) - - - - - - - - - diff --git a/mdop/medv-v1/how-to-install-med-v-clientesds.md b/mdop/medv-v1/how-to-install-med-v-clientesds.md deleted file mode 100644 index 46cf4d5fea..0000000000 --- a/mdop/medv-v1/how-to-install-med-v-clientesds.md +++ /dev/null @@ -1,31 +0,0 @@ ---- -title: How to Install MED-V Client -description: How to Install MED-V Client -author: dansimp -ms.assetid: fb35f618-684c-474f-9053-b70bb29c3cc0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Install MED-V Client - - -Before installing the MED-V client .msi package on users’ computers, ensure that the image is uploaded to the Web or pushed to the image pre-stage folder. - -To install MED-V client using an enterprise software distribution center, refer to the documentation on how to install applications using the system you are using. - -  - -  - - - - - diff --git a/mdop/medv-v1/how-to-localize-a-med-v-image.md b/mdop/medv-v1/how-to-localize-a-med-v-image.md deleted file mode 100644 index b5f0bdf42a..0000000000 --- a/mdop/medv-v1/how-to-localize-a-med-v-image.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: How to Localize a MED-V Image -description: How to Localize a MED-V Image -author: dansimp -ms.assetid: adc148b3-8cfe-42a0-8847-be6b689a673a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Localize a MED-V Image - - -A MED-V image can be localized, either by unpacking a packed image or by downloading an image from the server. All local images appear in the local repository. - -## How to Extract a MED-V Image for Use by the Local Client - - -A packed image can be unpacked to the local repository by extracting it. It then does not need to be downloaded from the server. - -**To extract a MED-V image** - -1. In the **Local Packed Images** pane, select an image. - -2. Right-click, and from the drop-down menu, select **Extract image**. - - The image is extracted to the local drive and can now be used by the local client running on the computer. - -## How to Download a MED-V Image to the Local Repository - - -**To download a MED-V image** - -1. In the **Packed Images on Server** pane, select the image or version of the image to download. - -2. Click **Download**. - - The image is downloaded to your local computer. - - **Note**   - The downloaded image will not appear in the **Local Images** pane until you refresh the page. Click Refresh to see the downloaded image in the **Local Images** pane. - - - -## Related topics - - -[How to Install MED-V Client and MED-V Management Console](how-to-install-med-v-client-and-med-v-management-console.md) - -[Using the MED-V Management Console User Interface](using-the-med-v-management-console-user-interface.md) - -[How to Upload a MED-V Image to the Server](how-to-upload-a-med-v-image-to-the-server.md) - - - - - - - - - diff --git a/mdop/medv-v1/how-to-lock-and-unlock-a-workspace.md b/mdop/medv-v1/how-to-lock-and-unlock-a-workspace.md deleted file mode 100644 index e620f98a5e..0000000000 --- a/mdop/medv-v1/how-to-lock-and-unlock-a-workspace.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -title: How to Lock and Unlock a Workspace -description: How to Lock and Unlock a Workspace -author: dansimp -ms.assetid: 027166b9-0e06-4a4e-a8ac-a4d5f429656f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Lock and Unlock a Workspace - - -## How to Lock a Workspace - - -**To lock a MED-V workspace that is currently running** - -1. In the notification area, right-click the MED-V icon. - -2. On the submenu, click **Lock Workspace**. - - The MED-V workspace is locked. - -## How to Unlock a Workspace - - -**To unlock a MED-V workspace** - -1. In the notification area, right-click the MED-V icon. - -2. On the submenu, click **Unlock Workspace**. - -3. In the **Unlock Workspace** dialog box, enter your **Password**. - -4. Click **Unlock**. - - The MED-V workspace is unlocked. - -  - -  - - - - - diff --git a/mdop/medv-v1/how-to-pack-a-med-v-image.md b/mdop/medv-v1/how-to-pack-a-med-v-image.md deleted file mode 100644 index 08ccd86ef5..0000000000 --- a/mdop/medv-v1/how-to-pack-a-med-v-image.md +++ /dev/null @@ -1,117 +0,0 @@ ---- -title: How to Pack a MED-V Image -description: How to Pack a MED-V Image -author: dansimp -ms.assetid: e1ce2307-0f1b-4bf8-b146-e4012dc138d2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Pack a MED-V Image - - -A MED-V image must be packed before it can be added to a deployment package or uploaded to the server. - -**To create a packed MED-V image** - -1. Click the **Images** management button. - -2. In the **Images** module, in the **Local Packed Images** pane, click **New**. - -3. In the **Packed Image Creation** dialog box, select the virtual machine image by doing one of the following: - - - In the **Base image file** field, type the full path to the directory where the Microsoft Virtual PC image prepared for MED-V is located. - - - Click **Browse** to browse to the directory where the Microsoft Virtual PC image prepared for MED-V is located. - -4. Specify the name of the new image by doing one of the following: - - - In the **Image name** field, type the desired name. - - **Note** - The following characters cannot be included in the image name: space " < > | \\ / : \* ? - - - -~~~ - A new packed image will be created. - -- From the drop-down list, select an existing name. - - A new version of the existing image will be created. -~~~ - -5. Click **OK**. - - A new MED-V packed image is created on your host computer with the properties defined in the following table. - -**Note** -In the **Local Packed Images** and **Packed Images on Server** panes, the most recent version of each image is displayed as the parent node. Click the parent node to view all other existing versions of the image. - - - -**Local Packed Images Properties** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
PropertyDescription

Image Name

The name of the packed image as it was defined when the administrator created the image.

Version

The version of the displayed image.

-
-Note

All previous versions are kept unless deleted.

-
-
- -

File Size (compressed)

The physical compressed size of the image.

Image Size (uncompressed)

The physical uncompressed size of the image.

- - - -## Related topics - - -[How to Install MED-V Client and MED-V Management Console](how-to-install-med-v-client-and-med-v-management-console.md) - -[Using the MED-V Management Console User Interface](using-the-med-v-management-console-user-interface.md) - -[Creating a Virtual PC Image for MED-V](creating-a-virtual-pc-image-for-med-v.md) - - - - - - - - - diff --git a/mdop/medv-v1/how-to-set-advanced-file-transfer-options.md b/mdop/medv-v1/how-to-set-advanced-file-transfer-options.md deleted file mode 100644 index 9c9183aebe..0000000000 --- a/mdop/medv-v1/how-to-set-advanced-file-transfer-options.md +++ /dev/null @@ -1,70 +0,0 @@ ---- -title: How to Set Advanced File Transfer Options -description: How to Set Advanced File Transfer Options -author: dansimp -ms.assetid: 5e9f8749-a5a9-48c6-9bfc-6b8e0cbe6cab -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Set Advanced File Transfer Options - - -**To set advanced file transfer options** - -1. In the **Deployment** pane, click **Advanced**. - -2. In the **File Transfer Options** dialog box, configure the parameters as described in the following table. - -3. Click **OK**. - -**File Transfer Options Properties** - -Property -Description -*Workspace to Host* - -Run command on received files - -Select this check box to run a command line on all files transferred to the host. In the command-line box, enter the command line to run on all received files. - -File types - -- **Allow all file extensions**—Click to enable transferring files of any file name extension from the MED-V workspace to the host. - -- **Allow the following file extensions**—Click to enable only files with specified file name extensions to be transferred. In the empty field, enter all file name extensions allowed, separated by commas. - -*Host to Workspace* - -Run command on received files - -Select this check box to run a command line on all files transferred to the MED-V workspace. In the command-line box, enter the command line to run on all transferred files. - -File types - -- **Allow all file extensions**—Click to enable transferring files of any file name extension. - -- **Allow the following file extensions**—Click to enable only files with specified file name extensions to be transferred from the host to the MED-V workspace. In the empty field, enter all file name extensions allowed, separated by colons. - -  - -## Related topics - - -[How to Configure a Domain User or Group](how-to-configure-a-domain-user-or-groupmedvv2.md) - -  - -  - - - - - diff --git a/mdop/medv-v1/how-to-set-med-v-workspace-deletion-options.md b/mdop/medv-v1/how-to-set-med-v-workspace-deletion-options.md deleted file mode 100644 index f06380a126..0000000000 --- a/mdop/medv-v1/how-to-set-med-v-workspace-deletion-options.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: How to Set MED-V Workspace Deletion Options -description: How to Set MED-V Workspace Deletion Options -author: dansimp -ms.assetid: 0f85aa81-c188-4115-9141-ceba2473c00e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Set MED-V Workspace Deletion Options - - -## Workspace Deletion Options - - -The administrator can set the MED-V workspace deletion options for each user or group so that the MED-V workspace is automatically deleted under certain conditions. - -**To set MED-V workspace deletion options** - -1. In the **Deployment** pane, click **Workspace deletion options**. - -2. In the **Workspace Deletion Options** dialog box, select from the following options: - - - **The Workspace has been disabled**—If the administrator disables the MED-V workspace, the MED-V workspace is deleted from the user or group computer. - - - **The Workspace has expired**—If the MED-V workspace expires according to the date specified, the MED-V workspace is deleted from the user or group computer. - - - **User is offline for more than the allowed period**—If the policy is not refreshed in the time period specified since the user was offline, the MED-V workspace is deleted from the user or group computer. - -3. Click **OK**. - -## Related topics - - -[How to Configure a Domain User or Group](how-to-configure-a-domain-user-or-groupmedvv2.md) - -  - -  - - - - - diff --git a/mdop/medv-v1/how-to-set-up-script-actions.md b/mdop/medv-v1/how-to-set-up-script-actions.md deleted file mode 100644 index cff5da73d1..0000000000 --- a/mdop/medv-v1/how-to-set-up-script-actions.md +++ /dev/null @@ -1,274 +0,0 @@ ---- -title: How to Set Up Script Actions -description: How to Set Up Script Actions -author: dansimp -ms.assetid: 367e28f1-d8c2-4845-a01b-2fff9128ccfd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Set Up Script Actions - - -The script actions editor allows the administrator to create actions to be performed during MED-V workspace setup, as well as to define the order in which they are performed. - -The following is a list of actions that can be added to the domain setup script: - -- **Restart Windows**—Restart Windows. - -- **Join Domain**—If joining a domain, include this action and configure the user name, password, fully qualified domain name, NetBIOS domain name, and organization unit (optional). - -- **Check Connectivity**—Configure a server to connect to and verify that the MED-V workspace can connect to a network resource (such as the domain server). - -- **Command Line**—Configure a script in the MED-V workspace, and enter a command line that includes the path of the script and the script arguments. - -- **Rename Computer**—Rename the virtual machine computer based on the defined settings. - -- **Disable Auto-Logon**—Disable Windows Auto-Logon. This action should be added at the end of scripts that add the computer to the domain. - -## How to Set Up Script Actions - - -**To set up script actions** - -1. On the **VM Setup** tab, click **Script Editor**. - -2. In the **Script Actions** dialog box, click **Add**, and on the submenu, click the desired actions. - -3. Configure the actions as described in the following tables. - - **Note**   - **Rename Computer** is configured in the **VM Settings** tab. For more information, see [How to Configure VM Computer Name Pattern Properties](how-to-configure-vm-computer-name-pattern-propertiesmedvv2.md). - - - -~~~ -**Note** -To rename a computer, Windows must be restarted. It is recommended to add a Restart Windows action following a Rename Computer action. -~~~ - - - -4. Set the order of the actions by selecting an action and clicking **Up** or **Down**. - -5. Click **OK**. - -**Note** -When running the Join Domain script, for the script to work, the user logged into the MED-V workspace virtual machine must have local administrator rights. - - - -**Note** -When running the Disable Auto-Logon script, it is recommended to disable the local guest account used for the auto-logon once the initial setup is complete. - - - -### - -**Join Domain Properties** - - ---- - - - - - - - - - - - - - - - - - - - - -
PropertyDescription

Credentials to use when joining the VM to the domain

Select one of the following credentials to use when joining the VM to the domain:

-
    -

  • Use MED-V credentials—The end-user credentials.

    • -

  • Use the following credentials—The credentials specified; enter a user name and password in the corresponding fields.

    • -
-
-Note

The credentials you enter are visible to all MED-V workspace users. It is not recommended to provide domain administrator credentials.

-
-
- -

Domain to join

Select one of the following:

-
    -

  • Use the domain name utilized in starting the Workspace—Join the domain entered by the end user when logging into the MED-V client.

    -

    To define the mapping from NetBIOS to fully qualified domain names, click Global domain mapping table. In the global domain mapping table, click Add, enter a NetBIOS domain name and a Fully qualified domain name, and click OK.

    • -

  • Use the following domain name—Join the domain specified; enter a domain name and NetBIOS domain name in the corresponding fields.

    • -

Organization Unit

An organization unit (OU) may be specified to join the computer to a specific OU. The format must follow an OU distinguished name: OU=<Organization Unit>,<Domain Controller> (for example, OU=QATest, DC=il, DC=MED-V, DC=com).

-
-Warning

Only a single level OU is supported as is shown in the example above.

-
-
- -
- - - -### - -**Check Connectivity Properties** - - ---- - - - - - - - - - - - - - - - - - - - - -
PropertyDescription

IP Address

The IP Address of the server that you are verifying connection to.

Port

The port of the server that you are verifying connection to.

Timeout

The number of seconds to wait for a response before timing out.

- - - -### - -**Command-Line Properties** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PropertyDescription

Path

The path of the command line.

Arguments

Command-line arguments.

Wait for exit

Select the check box to wait for a return before continuing with the script actions.

Fail on error

Select this check box if the return is anything but the value specified.

-

Enter the value that will indicate the command as a success.

-

Default: 0

Perform only once

Select this check box to run the command line only once. If the script fails or is canceled, this command will not be performed again.

This command line causes a restart of Windows in the Workspace

Select this check box if the command line causes a restart after completion.

Allow interaction

Select this check box if the command will require user interaction.

Progress message

Message to be displayed to the user while the command is running.

Failure message

Message to be displayed to the user if the command fails.

- - - -When configuring the command-line action, several variables can be used as defined in the following table. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterValueDescription

%MEDVUser%

An authenticated user name.

MED-V authenticated user name. The user name and password can be used in the join domain VM setup script.

%MEDVPassword%

An authenticated password.

MED-V authenticated password. The user name and password can be used in the join domain VM setup script.

%MEDVDomain%

Configured domain.

The domain configured in the MED-V authentication. It can be used on the VM setup script.

%DesiredMachineName%

Computer name.

The unique computer name configured in the management application. It can be used in the VM setup script.

- - - -## Related topics - - -[How to Configure the Virtual Machine Setup for a MED-V Workspace](how-to-configure-the-virtual-machine-setup-for-a-med-v-workspacemedvv2.md) - -[How to Configure VM Computer Name Pattern Properties](how-to-configure-vm-computer-name-pattern-propertiesmedvv2.md) - - - - - - - - - diff --git a/mdop/medv-v1/how-to-share-folders-between-the-host-and-the-med-v-workspace.md b/mdop/medv-v1/how-to-share-folders-between-the-host-and-the-med-v-workspace.md deleted file mode 100644 index d77de77862..0000000000 --- a/mdop/medv-v1/how-to-share-folders-between-the-host-and-the-med-v-workspace.md +++ /dev/null @@ -1,75 +0,0 @@ ---- -title: How to Share Folders Between the Host and the MED-V Workspace -description: How to Share Folders Between the Host and the MED-V Workspace -author: dansimp -ms.assetid: 3cb295f2-c07e-4ee6-aa3c-ce4c8c45c191 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Share Folders Between the Host and the MED-V Workspace - - -You can share folders between the host and the MED-V workspace. The shared folders can be stored on the following: - -- An external computer on the network - -- The host computer - -The following procedures demonstrate how to share folders between the host and the MED-V workspace. - -**To share folders located on the network** - -1. Configure MED-V in full desktop mode. - -2. In MED-V management, on the Network tab, click **Use different IP address than host (Bridge)**. - -3. Do the following on the host computer: - - 1. In Control Panel, click **View network status and tasks**, and set **Network discovery** to **On**. - - 2. On the Start menu, right-click **Computer**, and click **Map network drive**. - - 3. In the **Map Network Drive** dialog box, in the **Drive** field, select a drive. - - **Note**   - Ensure that the same drive letter is not in use on both computers. - - - - 4. Click **Browse**. - - 5. In the **Browse For Folder** dialog box, browse to the shared drive, and click **OK**. - - 6. Click **Finish**. - -4. Repeat step 3 in the MED-V workspace. Point to the same drive as on the host computer. - -**To share folders located on the host** - -1. Configure the folder to be shared with the appropriate permissions. - -2. From the MED-V workspace, go to **My network places** and locate the shared folder. - -3. From the MED-V workspace, locate the shared folder. - -**Note**   -Ensure that both the host and MED-V workspace computers are in the same domain or workgroup. - - - - - - - - - - - diff --git a/mdop/medv-v1/how-to-start-and-exit-the-med-v-client.md b/mdop/medv-v1/how-to-start-and-exit-the-med-v-client.md deleted file mode 100644 index 491c545b20..0000000000 --- a/mdop/medv-v1/how-to-start-and-exit-the-med-v-client.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: How to Start and Exit the MED-V Client -description: How to Start and Exit the MED-V Client -author: dansimp -ms.assetid: 3762bad1-6937-40fa-ab5d-61a905865214 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Start and Exit the MED-V Client - - -## - - -**To start the MED-V client** - -- On the Windows Start menu, point to **All Programs**, point to **MED V**, and then click **MED-V** or, on the desktop, double-click the **MED-V** icon. - -**Note**   -MED-V cannot be started from an elevated command prompt. - - - -**To exit the MED-V client** - -1. In the notification area, right-click the MED-V icon. - -2. On the submenu, click **Exit**. - - The MED-V client exits. - - - - - - - - - diff --git a/mdop/medv-v1/how-to-start-stop-and-restart-a-med-v-workspace.md b/mdop/medv-v1/how-to-start-stop-and-restart-a-med-v-workspace.md deleted file mode 100644 index b765e2f19c..0000000000 --- a/mdop/medv-v1/how-to-start-stop-and-restart-a-med-v-workspace.md +++ /dev/null @@ -1,96 +0,0 @@ ---- -title: How to Start, Stop, and Restart a MED-V Workspace -description: How to Start, Stop, and Restart a MED-V Workspace -author: dansimp -ms.assetid: 54ce139c-8f32-499e-944b-72f123ebfd2d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Start, Stop, and Restart a MED-V Workspace - - -**To start a MED-V workspace** - -1. In the notification area, right-click the MED-V icon. - -2. On the submenu, click **Start Workspace**. - - - If there are multiple MED-V workspaces running on the computer, the **Workspace Selection** window appears. - - 1. Select a MED-V workspace. - - 2. Select the **Start the selected Workspace without asking me** check box to skip this window the next time the client is started and to automatically open the selected MED-V workspace. - - 3. Click **OK**. - - The **Start Workspace Authentication** window appears. - - - If there are several MED-V workspaces on the computer and you have opted to use a specified MED-V workspace, the window shown in the following figure appears. - - ![](images/medv-logon.gif) - - - If there is only one MED-V workspace on the computer, the “Start last used Workspace” option is unavailable. - -3. Type in your domain user credentials. - - **Note**   - The first time a MED-V workspace is started, the user name should be in the following format: <domain name>\\<user name>. - - - -4. Select **Save my password** to save your password between sessions. - - **Note**   - To enable the save password feature, the EnableSavePassword attribute must be set to True in the ClientSettings.xml file. The file can be found in the *Servers\\Configuration Server\\* folder. - - - -5. Clear the **Start last used workspace** check box to choose a different MED-V workspace. - -6. Click **OK**. - - Several status screens appear depending on the MED-V workspace configuration. - - The **Starting Workspace** screen appears. - -**To restart a MED-V workspace** - -1. When the client is running, in the notification area, right-click the MED-V icon. - -2. On the submenu, click **Restart Workspace**. - - The MED-V workspace is restarted. - - - In a persistent MED-V workspace, the virtual machine is shut down and then restarted. - - - In a revertible MED-V workspace, the virtual machine does not actually shut down; instead, it returns to its original state. - -**To stop a MED-V workspace** - -1. In the notification area, right-click the MED-V icon. - -2. On the submenu, click **Stop Workspace**. - - The MED-V workspace is stopped. - -## Related topics - - -[How to Start and Exit the MED-V Client](how-to-start-and-exit-the-med-v-client.md) - - - - - - - - - diff --git a/mdop/medv-v1/how-to-uninstall-med-v-componentsmedvv2.md b/mdop/medv-v1/how-to-uninstall-med-v-componentsmedvv2.md deleted file mode 100644 index 125a45d5b6..0000000000 --- a/mdop/medv-v1/how-to-uninstall-med-v-componentsmedvv2.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: How to Uninstall MED-V Components -description: How to Uninstall MED-V Components -author: dansimp -ms.assetid: 91bdf488-14e7-43ab-972d-9d92421acb86 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Uninstall MED-V Components - - -This section explains how to uninstall the MED-V client and server. - -## How to Uninstall the MED-V Client - - -**To uninstall MED-V client** - -1. If using Windows XP: - - - In Control Panel, open **Add or Remove Programs**. - -2. If using Windows Vista: - - - In Control Panel, open **Uninstall a Program**. - -3. Select **Microsoft Enterprise Desktop Virtualization**, and click **Uninstall**. - -4. It is recommended to delete the MED-V virtual machine folder. (The default folder is *C:\\MED-V Images*.) - -## How to Uninstall the MED-V Server - - -**To uninstall the MED-V server** - -1. In Control Panel, open **Add or Remove Programs**. - -2. Select **Microsoft Enterprise Desktop Virtualization (Server)**, and click **Uninstall**. - -  - -  - - - - - diff --git a/mdop/medv-v1/how-to-update-a-med-v-image.md b/mdop/medv-v1/how-to-update-a-med-v-image.md deleted file mode 100644 index 742368d6ac..0000000000 --- a/mdop/medv-v1/how-to-update-a-med-v-image.md +++ /dev/null @@ -1,69 +0,0 @@ ---- -title: How to Update a MED-V Image -description: How to Update a MED-V Image -author: dansimp -ms.assetid: 61eacf50-3a00-4bb8-b2f3-7350a6467fa1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Update a MED-V Image - - -## How to Update a MED-V Image - - -An existing MED-V image can be updated, thereby creating a new version of the image. The new version can then be deployed on client computers, replacing the existing image. - -**Note**   -When a new version is deployed on the client, it overwrites the existing image. When updating an image, ensure that no data on the client needs to be saved. - - - -**To update a MED-V image** - -1. Open the existing image in Virtual PC 2007. - -2. Make the required changes to the image, updating the image (such as installing new software). - -3. Close Virtual PC 2007. - -4. Test the image. - -5. After the image is tested, pack it to the local repository, using the same name as the existing image. - - **Note**   - If you name the image a different name than the existing version, a new image will be created rather than a new version of the existing image. - - - -6. Upload the new version to the server or distribute it via a deployment package. - -## Related topics - - -[Creating a Virtual PC Image for MED-V](creating-a-virtual-pc-image-for-med-v.md) - -[How to Create and Test a MED-V Image](how-to-create-and-test-a-med-v-image.md) - -[How to Pack a MED-V Image](how-to-pack-a-med-v-image.md) - -[How to Upload a MED-V Image to the Server](how-to-upload-a-med-v-image-to-the-server.md) - -[Updating a MED-V Workspace Image](updating-a-med-v-workspace-image.md) - - - - - - - - - diff --git a/mdop/medv-v1/how-to-upload-a-med-v-image-to-the-server.md b/mdop/medv-v1/how-to-upload-a-med-v-image-to-the-server.md deleted file mode 100644 index 18cf02c554..0000000000 --- a/mdop/medv-v1/how-to-upload-a-med-v-image-to-the-server.md +++ /dev/null @@ -1,98 +0,0 @@ ---- -title: How to Upload a MED-V Image to the Server -description: How to Upload a MED-V Image to the Server -author: dansimp -ms.assetid: 0e70dfdf-3e3a-4860-970c-535806caa907 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Upload a MED-V Image to the Server - - -After a MED-V image has been tested, it can be packed and then uploaded to the server. For information on configuring an image Web distribution server, see [How to Configure the Image Web Distribution Server](how-to-configure-the-image-web-distribution-server.md). - -Once a MED-V image is packed and uploaded to the server, it can be distributed to users by using an enterprise software distribution center, or it can be downloaded by users using a deployment package. For information on deployment using an enterprise software distribution center, see [Deploying a MED-V Workspace Using an Enterprise Software Distribution System](deploying-a-med-v-workspace-using-an-enterprise-software-distribution-system.md). For information on deployment using a package, see [Deploying a MED-V Workspace Using a Deployment Package](deploying-a-med-v-workspace-using-a-deployment-package.md). - -**Note** -Before uploading an image, verify that a Web proxy is not defined in your browser settings and that Windows Update is not currently running. - - - -**To upload a MED-V image to the server** - -1. In the **Local Packed Images** pane, select the image you created. - -2. Click **Upload**. - - The image is uploaded to the server. This might take a considerable amount of time. - - Images on the server are defined with the properties listed in the following table. - -**Packed Images on Server Properties** - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
PropertyDescription

Image Name

The name of the packed image as it was defined when the administrator created the image.

Version

The version of the displayed image.

-
-Note

All previous versions are kept unless deleted.

-
-
- -

File Size (compressed)

The physical compressed size of the image.

Image Size (uncompressed)

The physical uncompressed size of the image.

- - - -## Related topics - - -[How to Install MED-V Client and MED-V Management Console](how-to-install-med-v-client-and-med-v-management-console.md) - -[Using the MED-V Management Console User Interface](using-the-med-v-management-console-user-interface.md) - -[Creating a Virtual PC Image for MED-V](creating-a-virtual-pc-image-for-med-v.md) - -[How to Pack a MED-V Image](how-to-pack-a-med-v-image.md) - - - - - - - - - diff --git a/mdop/medv-v1/how-to-view-med-v-settings-and-general-information.md b/mdop/medv-v1/how-to-view-med-v-settings-and-general-information.md deleted file mode 100644 index cae37d85c9..0000000000 --- a/mdop/medv-v1/how-to-view-med-v-settings-and-general-information.md +++ /dev/null @@ -1,84 +0,0 @@ ---- -title: How to View MED-V Settings and General Information -description: How to View MED-V Settings and General Information -author: dansimp -ms.assetid: c14e3f30-c4e5-47a3-8ad1-0570fc62d991 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to View MED-V Settings and General Information - - -## How to View MED-V Settings - - -**To view MED-V settings** - -1. In the notification area, right-click the MED-V icon. - -2. On the submenu, click **Settings**. - -3. In the **Settings** dialog box, select the **Load MED-V after Windows logon** check box to load MED-V on startup. - -4. Select the **Start Workspace when MED-V starts** check box to automatically start the MED-V workspace on startup. - -5. Configure the server properties described in the following table. - -**Server Settings** - - ---- - - - - - - - - - - - - - - - - - - - - -
PropertyDescription

Server address

The server's DNS name or IP address.

Server port

The server's port.

Encrypt connections (HTTPS)

Select this check box to use encrypted connections.

- -  - -## How to View MED-V General Information - - -**To view MED-V general information** - -1. In the notification area, right-click the MED-V icon. - -2. On the submenu, point to **Help**, and then click **About**. - - The **About Microsoft Enterprise Desktop Virtualization** screen appears. - -  - -  - - - - - diff --git a/mdop/medv-v1/how-to-work-with-reports.md b/mdop/medv-v1/how-to-work-with-reports.md deleted file mode 100644 index d9c80fd178..0000000000 --- a/mdop/medv-v1/how-to-work-with-reports.md +++ /dev/null @@ -1,91 +0,0 @@ ---- -title: How to Work with Reports -description: How to Work with Reports -author: dansimp -ms.assetid: b7a660c6-74c3-4ced-a395-9e76a4362a46 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Work with Reports - - -The following functions can be used to work with MED-V reports: - -- [Refreshing an existing report](#bkmk-howtorefreshanexistingreport) - -- [Editing report parameters](#bkmk-howtoeditreportparameters) - -- [Exporting a report to Microsoft Excel](#bkmk-howtoexportareporttoexcel) - -- [Closing a report](#bkmk-howtocoseareport) - -Report results can be sorted by any column by clicking the appropriate column name. - -The report results can be grouped by dragging a column header to the top of the report. Drag multiple column headers to group one column after another. - -## How to Refresh an Existing Report - - -**To refresh an existing report** - -1. Select the report to refresh. - -2. On the management toolbar, click **Refresh**. - - The report is regenerated. - -## How to Edit Report Parameters - - -**To edit report parameters** - -1. Generate a report. - -2. On the management toolbar, click **Edit report**. - - The Report Parameters dialog box appears. - -3. In the **Report Parameters** dialog box, configure the parameters, and click **OK**. - - The report is regenerated with the new parameters. - -## How to Export a Report to Microsoft Excel - - -**To export a report to Microsoft Excel** - -1. Generate a report. - -2. On the management toolbar, click **Export to Excel**. - -3. In the **Save Report** dialog box, enter a name, and click **Save**. - - The report is exported to Microsoft Excel. - -## How to Close a Report - - -**To close a report** - -1. Select the report to close. - -2. On the management toolbar, click **Close report**. - - The report closes. - -  - -  - - - - - diff --git a/mdop/medv-v1/identify-the-number-of-med-v-instances.md b/mdop/medv-v1/identify-the-number-of-med-v-instances.md deleted file mode 100644 index 1d78567667..0000000000 --- a/mdop/medv-v1/identify-the-number-of-med-v-instances.md +++ /dev/null @@ -1,58 +0,0 @@ ---- -title: Identify the Number of MED-V Instances -description: Identify the Number of MED-V Instances -author: dansimp -ms.assetid: edea9bdf-a28c-4d24-9298-7bd6536c3a94 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Identify the Number of MED-V Instances - - -You need to determine the number of MED-V instances, as well as define the scope for each instance so that you can design the server infrastructure. A MED-V instance includes the following: - -- The MED-V server and the MED-V workspaces stored on the server, including Active Directory permissions. - -- A SQL Server database that stores client events. The database may be shared by multiple MED-V instances. - -- The image repository for the packed MED-V images. The repository may be shared by multiple MED-V instances. - -- The management console used to create and pack images and to create MED-V workspaces. The console cannot be used simultaneously by multiple MED-V instances, but it can be disconnected from one MED-V server and then connected to a different MED-V server. - -- MED-V clients that receive MED-V workspaces, and authorization to use them, from the server. - -Separate MED-V instances cannot be integrated or share MED-V workspaces. Therefore, each additional instance decentralizes the virtualization management. - -## Determine the Number of MED-V Instances Required - - -Start by assuming you are using one MED-V instance. Then, consider the following conditions, and add additional instances for each condition that applies to your infrastructure. - -- Number of supported users—Each MED-V instance can support up to 5,000 concurrently active clients. Concurrently active means the client is online with the MED-V server and sending polls to the server for policy and image updates, as well as events. If your infrastructure will include more than 5,000 active users, add one instance for every 5,000 users. - -- Users in untrusted domains—The MED-V server associates MED-V workspace permissions with Active Directory users and/or groups. This requires MED-V users to exist within the trust boundary of the MED-V server. Add one MED-V instance for each group of MED-V users that is in a separate, untrusted domain. - -- Clients in isolated networks—Determine whether any clients reside in networks that are isolated and therefore require a separate MED-V instance. For example, organizations often isolate lab networks from production networks. Add a MED-V instance for each isolated network that will contain MED-V clients. - -- Organizational requirements—The organization may require that a group of clients be managed by a separate MED-V instance for security reasons, such as when sensitive applications are delivered only to a restricted set of users within a domain. For example, the payroll department may deny users from other departments access to the MED-V instance that stores policy for payroll processing. Additionally, if the organization uses a distributed management model, a separate MED-V instance may be required for each business group having MED-V clients in order to enable the group to manage its own virtualized environment. Add one MED-V instance for each separate organizational requirement. - -- Legal considerations—National security or privacy issues and fiduciary laws could require the separation of certain data or prevent other data from crossing national borders. If necessary, add additional MED-V instances to address this need. - -After you determine the number of MED-V instances required for your infrastructure, as well as the reasoning for each one, provide a name for each instance. - -  - -  - - - - - diff --git a/mdop/medv-v1/images/506f54d0-38fa-446a-8070-17ae26da5355.gif b/mdop/medv-v1/images/506f54d0-38fa-446a-8070-17ae26da5355.gif deleted file mode 100644 index 751dd1cdd0..0000000000 Binary files a/mdop/medv-v1/images/506f54d0-38fa-446a-8070-17ae26da5355.gif and /dev/null differ diff --git a/mdop/medv-v1/images/medv-logon.gif b/mdop/medv-v1/images/medv-logon.gif deleted file mode 100644 index bcc102a289..0000000000 Binary files a/mdop/medv-v1/images/medv-logon.gif and /dev/null differ diff --git a/mdop/medv-v1/images/medv-ui-console-general.gif b/mdop/medv-v1/images/medv-ui-console-general.gif deleted file mode 100644 index 128e43aea0..0000000000 Binary files a/mdop/medv-v1/images/medv-ui-console-general.gif and /dev/null differ diff --git a/mdop/medv-v1/images/medv.gif b/mdop/medv-v1/images/medv.gif deleted file mode 100644 index 29b45a998f..0000000000 Binary files a/mdop/medv-v1/images/medv.gif and /dev/null differ diff --git a/mdop/medv-v1/index.md b/mdop/medv-v1/index.md deleted file mode 100644 index c056dfeeaf..0000000000 --- a/mdop/medv-v1/index.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: Microsoft Enterprise Desktop Virtualization Planning, Deployment, and Operations Guide -description: Microsoft Enterprise Desktop Virtualization Planning, Deployment, and Operations Guide -author: dansimp -ms.assetid: 7bc3e120-df77-4f4c-bc8e-7aaa4c2a6525 -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Microsoft Enterprise Desktop Virtualization Planning, Deployment, and Operations Guide - - -![microsoft enterprise desktop virtualization](images/medv.gif) - -Microsoft Enterprise Desktop Virtualization (MED-V) uses Microsoft Virtual PC to provide an enterprise solution for desktop virtualization. With MED-V, you can easily create, deliver, and manage corporate Virtual PC images on any Windows®-based desktop. - -MED-V is an integral component of the Microsoft Desktop Optimization Pack, a dynamic solution available to Software Assurance customers, which helps reduce application deployment costs, enables delivery of applications as services, and helps to better manage and control enterprise desktop environments. - -## In This Section - - -The following topics are covered in this guide: - -[About This Guide](about-this-guidemedv.md) - -[Getting Started with MED-V](getting-started-with-med-v.md) - -[MED-V Infrastructure Planning and Design](med-v-infrastructure-planning-and-design.md) - -[MED-V Deployment and Configuration](med-v-deployment-and-configuration.md) - -[MED-V Operations](med-v-operations.md) - -[Troubleshooting MED-V](troubleshooting-med-v.md) - -[Technical Reference](technical-referencemedv-10-sp1.md) - -  - -  - - - - - diff --git a/mdop/medv-v1/installation-and-upgrade-checklists.md b/mdop/medv-v1/installation-and-upgrade-checklists.md deleted file mode 100644 index 581101261f..0000000000 --- a/mdop/medv-v1/installation-and-upgrade-checklists.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -title: Installation and Upgrade Checklists -description: Installation and Upgrade Checklists -author: dansimp -ms.assetid: ccfdde26-4a28-4c14-888d-71b96fe7626e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Installation and Upgrade Checklists - - -This section provides installation and upgrade checklists for MED-V 1.0 and MED-V 1.0 SP1. - -## In This Section - - -[MED-V 1.0 Installation Checklist](med-v-10-installation-checklist.md) -Provides a list of all the steps required for installing MED-V 1.0. - -[MED-V 1.0 SP1 Upgrade Checklist](med-v-10-sp1-upgrade-checklistmedv-10-sp1.md) -Provides a step-by-step procedure for upgrading from MED-V 1.0 to MED-V 1.0 SP1. - -  - -  - - - - - diff --git a/mdop/medv-v1/installing-and-configuring-med-v-components.md b/mdop/medv-v1/installing-and-configuring-med-v-components.md deleted file mode 100644 index 8128182f05..0000000000 --- a/mdop/medv-v1/installing-and-configuring-med-v-components.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: Installing and Configuring MED-V Components -description: Installing and Configuring MED-V Components -author: dansimp -ms.assetid: 4af90e9f-3c6b-4f7c-8274-56ad24173662 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Installing and Configuring MED-V Components - - -This section explains how to install the MED-V server, MED-V client, and MED-V management, as well as how to configure the MED-V server and image repository. It includes the procedure on uninstalling the components as well. - -## In This Section - - -[How to Install and Configure the MED-V Server Component](how-to-install-and-configure-the-med-v-server-component.md) -Describes how to install the MED-V server and configure connections, images, permissions, and report settings. - -[How to Configure the Image Web Distribution Server](how-to-configure-the-image-web-distribution-server.md) -Describes how to configure an image Web distribution server using IIS. - -[How to Install MED-V Client and MED-V Management Console](how-to-install-med-v-client-and-med-v-management-console.md) -Describes how to install the MED-V client and MED-V management using the client .msi package. - -[How to Uninstall MED-V Components](how-to-uninstall-med-v-componentsmedvv2.md) -Describes how to uninstall the MED-V components. - -  - -  - - - - - diff --git a/mdop/medv-v1/key-scenarios-for-using-med-v.md b/mdop/medv-v1/key-scenarios-for-using-med-v.md deleted file mode 100644 index 377facde64..0000000000 --- a/mdop/medv-v1/key-scenarios-for-using-med-v.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -title: Key Scenarios for Using MED-V -description: Key Scenarios for Using MED-V -author: dansimp -ms.assetid: e35075e2-3401-49ae-810d-1bd51ebc7924 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Key Scenarios for Using MED-V - - -## Enable Legacy Applications and Accelerate Upgrades to New Operating Systems - - -Incompatibility of legacy applications with new versions of Windows can often delay enterprise upgrades to the latest version of Windows. Testing and migrating applications takes time, and users are unable to take advantage of the new capabilities and enhancements offered by the newest operating system. - -By delivering applications in a Virtual PC that runs a previous version of the operating system (for example, Windows XP or Windows 2000), MED-V removes the barriers to operating system upgrades and allows administrators to complete testing and address incompatible applications after the upgrade. - -From the user's perspective, these applications are accessible from the standard desktop Start menu and appear side-by-side with native applications—so there is minimal change to the user experience. - -  - -  - - - - - diff --git a/mdop/medv-v1/med-v-10-installation-checklist.md b/mdop/medv-v1/med-v-10-installation-checklist.md deleted file mode 100644 index 6e306306a6..0000000000 --- a/mdop/medv-v1/med-v-10-installation-checklist.md +++ /dev/null @@ -1,70 +0,0 @@ ---- -title: MED-V 1.0 Installation Checklist -description: MED-V 1.0 Installation Checklist -author: dansimp -ms.assetid: a81fd5b0-29b3-4ddc-8f60-7d44c2be9794 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# MED-V 1.0 Installation Checklist - - -The following checklist is intended to provide a high-level list of items to consider and outlines the steps you should take to install Microsoft Enterprise Desktop Virtualization (MED-V) 1.0. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
StepReference

Ensure your computing environment meets the supported configurations required for installing MED-V 1.0.

MED-V 1.0 Supported Configurations

Plan and design the MED-V server infrastructure.

MED-V Infrastructure Planning and Design

Verify the required prerequisites are configured.

MED-V Installation Prerequisites

Install and configure the MED-V server.

How to Install and Configure the MED-V Server Component

If using an image repository, configure the image Web distribution server.

How to Configure the Image Web Distribution Server

Install the MED-V client and management console.

How to Install MED-V Client and MED-V Management Console

- - - - - - - - - - - diff --git a/mdop/medv-v1/med-v-10-release-notesmedv-10.md b/mdop/medv-v1/med-v-10-release-notesmedv-10.md deleted file mode 100644 index ba7e8f9ef6..0000000000 --- a/mdop/medv-v1/med-v-10-release-notesmedv-10.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -title: MED-V 1.0 Release Notes -description: MED-V 1.0 Release Notes -author: dansimp -ms.assetid: 006a3537-5c5b-43b5-8df8-4bf6ddd3cd2f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# MED-V 1.0 Release Notes - - -## Known Issues with MED-V - - -This section provides the most up-to-date information about general issues with the Microsoft Enterprise Desktop Virtualization (MED-V) platform. These issues do not appear in the product documentation and in some cases might contradict existing product documentation. Whenever possible, these issues will be addressed in later releases. - -### File downloads do not follow Web redirection rules - -File downloads do not follow Web redirection rules set in a MED-V workspace policy. - -### When expanding a console-published application window to full screen, it disappears - -If you expand a console-published application (such as cmd.exe) window to full screen inside a MED-V workspace configured in seamless integration mode, the application window might disappear or not respond. - -### When working in full desktop mode, icon locations on the desktop are not saved - -When working in full desktop mode, manual location changes of icons on the desktop are not saved between MED-V workspace sessions. - -### A local image and a test image with the same name cannot exist in the same domain - -If a local image is joined to the domain and the administrator creates a new version of the same image with the same computer name as a test image, when the test image joins the domain, either the join domain action fails or it succeeds and the local image is removed from the domain. - -### MED-V does not support Windows Aero features - -MED-V does not support Windows Aero features (such as Aero Flip 3D). - -### The management console can be used by only one Windows user per computer - -The MED-V management console can be used only by administrators and the Windows user who installed the management application. - -### The MED-V Server configuration utility tests Microsoft SQL Server connectivity under user context rather than under MED-V Server service context - -MED-V uses MED-V Server service context to collect reports from the Microsoft SQL Server reports database. The MED-V Server configuration utility verifies the database and tests the database connection string. It does not validate the access of MED-V Server service to the database. - -  - -  - - - - - diff --git a/mdop/medv-v1/med-v-10-sp1-and-sp2-release-notesmedv-10-sp1.md b/mdop/medv-v1/med-v-10-sp1-and-sp2-release-notesmedv-10-sp1.md deleted file mode 100644 index dce6ffe881..0000000000 --- a/mdop/medv-v1/med-v-10-sp1-and-sp2-release-notesmedv-10-sp1.md +++ /dev/null @@ -1,81 +0,0 @@ ---- -title: MED-V 1.0 SP1 and SP2 Release Notes -description: MED-V 1.0 SP1 and SP2 Release Notes -author: dansimp -ms.assetid: 0fde8732-8ad2-483c-b094-7996ed9f2766 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# MED-V 1.0 SP1 and SP2 Release Notes - - -To search these Release Notes, press CTRL+F. - -**Note**   -Read these Release Notes thoroughly before you install the Microsoft Enterprise Desktop Virtualization (MED-V) platform. These Release Notes contain information that you must have to successfully install the MED-V platform. This document contains information that is not available in the product documentation. If there is a discrepancy between these Release Notes and other MED-V platform documentation, the latest change should be considered authoritative. These Release Notes supersede the content included with this product. - - - -## About the Product Documentation - - -Comprehensive documentation for Microsoft Enterprise Desktop Virtualization (MED-V) platform is available. Refer to the Microsoft Enterprise Desktop Virtualization Planning, Deployment, and Operations Guide. - -## Protect Against Security Vulnerabilities and Viruses - - -To help protect against security vulnerabilities and viruses, you should install the latest available security updates for any new software that you are installing. For more information, see the Microsoft Security website at . - -## What’s New in MED-V 1.0 SP2 - - -MED-V 1.0 SP2 includes the following updates to the MED-V 1.0 SP1 features and functionality: - -- Support for running MED-V on a Chinese traditional or Chinese simplified workstation. - -- Support for the MED-V 1.0 SP2 client to run on Windows 7 SP1. - -- Improved performance for the applications that are running in the MED-V workspace when MED-V frames around the published applications are turned-on. Previously, under some instances the MED-V frames had to be turned-off for the applications to run correctly. - -## Known Issues with MED-V 1.0 SP1 and MED-V 1.0 SP2 - - -This section provides the most up-to-date information about issues with the Microsoft Enterprise Desktop Virtualization (MED-V) 1.0 SP1 platform. These issues do not appear in the product documentation and in some cases may contradict existing product documentation. Whenever possible, these issues are addressed in later releases. - -### MED-V does not provide Windows 7 advanced user experience support - -MED-V 1.0 SP1 does not provide Windows 7 advanced user experience support, such as the following: - -Docking windows to the top, left, or right is not applied to published application windows. - -The Windows 7 taskbar preview does not display the published application content. - -## Release Notes Copyright Information - - -Information in this document, including URL and other Internet website references, is subject to change without notice, and is provided for informational purposes only. The entire risk of the use or results of the use of this document remains with the user, and Microsoft Corporation makes no warranties, either express or implied. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. - -Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. - - - -Microsoft, Microsoft Enterprise Desktop Virtualization, MS-DOS, Windows, Windows Server, Windows Vista, Active Directory, and ActiveSync are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries. - -The names of actual companies and products mentioned herein may be the trademarks of their respective owners. - - - - - - - - - diff --git a/mdop/medv-v1/med-v-10-sp1-supported-configurationsmedv-10-sp1.md b/mdop/medv-v1/med-v-10-sp1-supported-configurationsmedv-10-sp1.md deleted file mode 100644 index 6beb4ac562..0000000000 --- a/mdop/medv-v1/med-v-10-sp1-supported-configurationsmedv-10-sp1.md +++ /dev/null @@ -1,349 +0,0 @@ ---- -title: MED-V 1.0 SP1 Supported Configurations -description: MED-V 1.0 SP1 Supported Configurations -author: dansimp -ms.assetid: 4dcf37c4-a061-43d2-878c-28efc87c3cdd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# MED-V 1.0 SP1 Supported Configurations - - -This topic specifies the requirements necessary to install and run Microsoft Enterprise Desktop Virtualization (MED-V) 1.0 Service Pack 1 (SP1) in your environment. - -## MED-V 1.0 SP1 Client System Requirements - - -### MED-V Client Operating System Requirements - -The following table lists the operating systems that are supported for MED-V 1.0 SP1 client installation. - -**Note** -Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/?LinkId=31975) (https://go.microsoft.com/fwlink/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/?LinkId=31976) (https://go.microsoft.com/fwlink/?LinkId=31976). - - - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackSystem Architecture

Windows XP

Professional Edition

SP2 or SP3

x86

Windows Vista

Business, Enterprise, or Ultimate

SP1 or SP2

x86

Windows 7

Professional, Enterprise, or Ultimate

None

x86 or x64

- - - -**Note** -MED-V client does not run in native x64 mode. Instead, MED-V runs in Windows on Windows 64-bit (WOW64) mode on 64-bit computers. - - - -The following table lists the minimal RAM required for each operating system supported in MED-V 1.0 SP1. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
Operating SystemMinimal Required RAM

Windows XP Professional

1 GB

Windows Vista

2 GB

Windows 7 x86

2 GB

Windows 7 x64

3 GB

- - - -### MED-V 1.0 SP1 Client Configuration - -**.NET Framework Version** - -The following versions of the Microsoft .NET Framework are supported for MED-V 1.0 SP1 client installation: - -- .NET Framework 2.0 or .NET Framework 2.0 SP1 - -- .NET Framework 3.0 or .NET Framework 3.0 SP1 - -- .NET Framework 3.5 or .NET Framework 3.5 SP1 - -**Virtualization Engine** - -Microsoft Virtual PC 2007 SP1 with the hotfix that is described in Microsoft Knowledge Base article 974918 is supported for MED-V 1.0 SP1 client installation in the following configurations: - -- Static Virtual Hard Disk (VHD) file - -- Multiple VHD files located within the same directory - -- Dynamic VHD file - -**Internet Browser** - -Windows Internet Explorer 7 and Windows Internet Explorer 8 are supported for MED-V 1.0 SP1 client installation. - -**Microsoft Hyper-V Server** - -The MED-V client is not supported in a Microsoft Hyper-V Server environment. - -## MED-V 1.0 SP1 Workspace System Requirements - - -MED-V 1.0 SP1 introduces changes to system requirements from those for MED-V 1.0. - -### MED-V Workspace Operating System Requirements - -The following table lists the operating systems supported for MED-V 1.0 SP1 workspaces. - -**Note** -Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/?LinkId=31975) (https://go.microsoft.com/fwlink/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/?LinkId=31976) (https://go.microsoft.com/fwlink/?LinkId=31976). - - - - ------ - - - - - - - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackSystem Architecture

Windows 2000

Professional

SP4

X86

Windows XP

Professional Edition

SP2 or SP3

-
-Note

SP3 is recommended to ensure that the MED-V workspace will be compatible with future versions of MED-V.

-
-
- -

x86

- - - -### MED-V 1.0 SP1 Workspace Configuration - -**.NET Framework Version** - -MED-V requires one of the following supported versions of the Microsoft .NET Framework for MED-V 1.0 SP1 workspace installation: - -- .NET Framework 2.0 SP1 - -- .NET Framework 3.0 SP1 - -- .NET Framework 3.5 or .NET Framework 3.5 SP1 - -**Note** -We recommend the .NET Framework 3.5 SP1 to ensure that the MED-V workspace is compatible with future versions of MED-V. - - - -**Internet Browser** - -Windows Internet Explorer 6 SP2 and Windows Internet Explorer 7 are supported for the MED-V 1.0 SP1 workspace installation. - -### MED-V Workspace Images - -MED-V workspace images must be created by using Virtual PC 2007 SP1. - -## MED-V 1.0 SP1 Server System Requirements - - -MED-V 1.0 SP1 introduces changes to system requirements from those for MED-V 1.0. - -### MED-V 1.0 Server Operating System Requirements - -The following table lists the operating systems supported for MED-V 1.0 SP1 server installations. - -**Note** -Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/?LinkId=31975) (https://go.microsoft.com/fwlink/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/?LinkId=31976) (https://go.microsoft.com/fwlink/?LinkId=31976). - - - - ------ - - - - - - - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackSystem Architecture

Windows Server 2008

Standard or Enterprise

SP1 or SP2

X86 or x64

Windows Server 2008 R2

Standard or Enterprise

None

x64

- - - -### MED-V 1.0 SP1 Server Configuration - -**.NET Framework Version** - -MED-V requires one of the following supported versions of the Microsoft .NET Framework for MED-V 1.0 SP1 workspace installation: - -- .NET Framework 2.0 or .NET Framework 2.0 SP1 - -- .NET Framework 3.0 or .NET Framework 3.0 SP1 - -- .NET Framework 3.5 or .NET Framework 3.5 SP1 - -**Microsoft SQL Server Version** - -The following versions of Microsoft SQL Server are supported for MED-V 1.0 SP1 when SQL Server is installed locally or remotely from the MED-V 1.0 SP1 Server: - - ------ - - - - - - - - - - - - - - - - - - - - - - -
SQL Server VersionEditionService PackSystem Architecture

SQL Server 2005

Express, Standard, or Enterprise Edition

SP2

X86 or x64

SQL Server 2008

Express, Standard, or Enterprise

None

X86 or x64

- - - -**Microsoft Hyper-V Server** - -The MED-V server is supported in a Microsoft Hyper-V server environment. - -## MED-V 1.0 SP1 Globalization Information - - -Although MED-V is not released in languages other than English, the following Windows operating system language versions are supported for the MED-V 1.0 SP1 client, workspace, and server installations: - -- English - -- French - -- German - -- Italian - -- Spanish - -- Portuguese (Brazil) - -- Dutch (Netherlands) - -- Japanese - - - - - - - - - diff --git a/mdop/medv-v1/med-v-10-sp1-upgrade-checklistmedv-10-sp1.md b/mdop/medv-v1/med-v-10-sp1-upgrade-checklistmedv-10-sp1.md deleted file mode 100644 index 2ae432d713..0000000000 --- a/mdop/medv-v1/med-v-10-sp1-upgrade-checklistmedv-10-sp1.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: MED-V 1.0 SP1 Upgrade Checklist -description: MED-V 1.0 SP1 Upgrade Checklist -author: dansimp -ms.assetid: 1a462b37-8c7a-4826-9175-0b1b701d345b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# MED-V 1.0 SP1 Upgrade Checklist - - -To upgrade Microsoft Enterprise Desktop Virtualization (MED-V) 1.0 to MED-V 1.0 Service Pack 1 (SP1), the client must be upgraded. The server can optionally be upgraded. - -## Server Upgrade - - -**To upgrade the MED-V 1.0 server to MED-V 1.0 SP1** - -1. Back up the following files that are located in the *<InstallDir> / Servers / ConfigurationServer* directory: - - - OrganizationalPolicy.XML - - - ClientPolicy.XML - - - WorkspaceKeys.XML - -2. Back up the *<InstallDir> / Servers / ServerSettings.xml* file. - -3. Uninstall the MED-V 1.0 server. - -4. Install the MED-V 1.0 SP1 server. - -5. Restore the backup files to the appropriate directories. - -6. Restart the MED-V server service. - -**Note**   -If the server configuration has been changed from the default, the files might be stored in a different location. - - - -## Client Upgrade - - -To upgrade the MED-V 1.0 client to MED-V 1.0 SP1, install the .msp file on a MED-V 1.0 client. The client and MED-V are automatically upgraded. - - - - - - - - - diff --git a/mdop/medv-v1/med-v-10-supported-configurationsmedv-10.md b/mdop/medv-v1/med-v-10-supported-configurationsmedv-10.md deleted file mode 100644 index 0ad376e710..0000000000 --- a/mdop/medv-v1/med-v-10-supported-configurationsmedv-10.md +++ /dev/null @@ -1,279 +0,0 @@ ---- -title: MED-V 1.0 Supported Configurations -description: MED-V 1.0 Supported Configurations -author: dansimp -ms.assetid: 74643de6-549e-4177-a559-6407e156ed3a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# MED-V 1.0 Supported Configurations - - -This topic specifies the requirements necessary to install and run Microsoft Enterprise Desktop Virtualization (MED-V) 1.0 in your environment. - -## MED-V 1.0 Client System Requirements - - -### MED-V Client Operating System Requirements - -The following table lists the operating systems that are supported for MED-V 1.0 client installation. - - ------ - - - - - - - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackSystem Architecture

Windows XP

Professional Edition

SP2 or SP3

x86

Windows Vista

Business, Enterprise, or Ultimate Edition

SP1 or SP2

x86

- - - -**Note** -MED-V client does not run in native x64 mode. Instead, MED-V runs in Windows on Windows 64-bit (WOW64) mode on 64-bit computers. - - - -### MED-V 1.0 Client Configuration - -**.NET Framework Version** - -The following versions of the Microsoft .NET Framework are supported for MED-V 1.0 client installation: - -- .NET Framework 2.0 or .NET Framework 2.0 SP1 - -- .NET Framework 3.0 or .NET Framework 3.0 SP1 - -- .NET Framework 3.5 or .NET Framework 3.5 SP1 - -**Virtualization Engine** - -Microsoft Virtual PC 2007 SP1 with the hotfix that is described in Microsoft Knowledge Base article 974918 is supported for MED-V 1.0 client installation in the following configurations: - -- Static Virtual Hard Disk (VHD) file - -- Multiple VHD files located within the same directory - -- Dynamic VHD file - -**Internet Browser** - -Windows Internet Explorer 7 and Windows Internet Explorer 8 are supported for MED-V 1.0 client installation. - -**Microsoft Hyper-V Server** - -The MED-V client is not supported in a Microsoft Hyper-V server environment. - -## MED-V 1.0 Workspace System Requirements - - -### MED-V Workspace Operating System Requirements - -The following table lists the operating systems supported for MED-V 1.0 workspaces. - - ------ - - - - - - - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackSystem Architecture

Windows 2000

Professional

SP4

X86

Windows XP

Professional Edition

SP2 or SP3

-
-Note

SP3 is recommended to ensure that the MED-V workspace will be compatible with future versions of MED-V.

-
-
- -

x86

- - - -### MED-V 1.0 Workspace Configuration - -**.NET Framework Version** - -MED-V requires one of the following supported versions of the Microsoft .NET Framework for MED-V 1.0 workspace installation: - -- .NET Framework 2.0 SP1 - -- .NET Framework 3.0 SP1 - -- .NET Framework 3.5 or .NET Framework 3.5 SP1 - -**Note** -.NET Framework 3.5 SP1 is recommended to ensure that the MED-V workspace will be compatible with future versions of MED-V. - - - -**Internet Browser** - -Windows Internet Explorer 6 SP2 and Windows Internet Explorer 7 are supported for the MED-V 1.0 workspace installation. - -### MED-V Workspace Images - -MED-V workspace images must be created by using Virtual PC 2007 SP1. - -## MED-V 1.0 Server System Requirements - - -### MED-V 1.0 Server Operating System Requirements - -The following table lists the operating systems supported for MED-V 1.0 server installations. - - ------ - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackSystem Architecture

Windows Server 2008

Standard or Enterprise

None

X86 or x64

- - - -### MED-V 1.0 Server Configuration - -**.NET Framework Version** - -MED-V requires one of the following supported versions of the Microsoft .NET Framework for MED-V 1.0 workspace installation: - -- .NET Framework 2.0 or .NET Framework 2.0 SP1 - -- .NET Framework 3.0 or .NET Framework 3.0 SP1 - -- .NET Framework 3.5 or .NET Framework 3.5 SP1 - -**Microsoft SQL Server Version** - -The following versions of Microsoft SQL Server are supported for MED-V 1.0 when SQL Server is installed locally or remotely from the MED-V 1.0 Server: - - ------ - - - - - - - - - - - - - - - - - - - - - - -
SQL Server VersionEditionService PackSystem Architecture

SQL Server 2005

Express, Standard, or Enterprise Edition

SP2

X86 or x64

SQL Server 2008

Express, Standard, or Enterprise

None

X86 or x64

- - - -**Microsoft Hyper-V Server** - -The MED-V server is supported in a Microsoft Hyper-V server environment. - -## MED-V 1.0 Globalization Information - - -Although MED-V is not released in languages other than English, the following Windows operating system language versions are supported for the MED-V 1.0 client, workspace, and server installations: - -- English - -- French - -- German - -- Italian - -- Spanish - -- Portuguese (Brazil) - - - - - - - - - diff --git a/mdop/medv-v1/med-v-client-operations.md b/mdop/medv-v1/med-v-client-operations.md deleted file mode 100644 index e295ac9750..0000000000 --- a/mdop/medv-v1/med-v-client-operations.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: MED-V Client Operations -description: MED-V Client Operations -author: dansimp -ms.assetid: 4a5fffd2-f3f4-4e86-8529-e1386ba46c9a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# MED-V Client Operations - - -## In This Section - - -This section describes the MED-V operations and explains the following tasks: - -[How to Start and Exit the MED-V Client](how-to-start-and-exit-the-med-v-client.md) -Describes how to start and exit the MED-V client. - -[How to Start, Stop, and Restart a MED-V Workspace](how-to-start-stop-and-restart-a-med-v-workspace.md) -Describes how to start, stop, and restart a MED-V workspace. - -[How to View MED-V Settings and General Information](how-to-view-med-v-settings-and-general-information.md) -Describes how to view MED-V settings and general information. - -[How to Lock and Unlock a Workspace](how-to-lock-and-unlock-a-workspace.md) -Describes how to lock and unlock a MED-V workspace. - -[MED-V Client Tools](med-v-client-toolsv2.md) -Describes the file transfer tool, image downloads, and diagnostics. - -  - -  - - - - - diff --git a/mdop/medv-v1/med-v-client-toolsv2.md b/mdop/medv-v1/med-v-client-toolsv2.md deleted file mode 100644 index a49324c8b9..0000000000 --- a/mdop/medv-v1/med-v-client-toolsv2.md +++ /dev/null @@ -1,111 +0,0 @@ ---- -title: MED-V Client Tools -description: MED-V Client Tools -author: dansimp -ms.assetid: ea18d82e-2433-4754-85ac-6eac84bcbb01 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# MED-V Client Tools - - -MED-V includes the following client tools: - -- [File Transfer Tool](#bkmk-filetransfertool) - -- [Image Downloads](#bkmk-imagedownloads) - -- [Diagnostics](#bkmk-diagnostics) - -## File Transfer Tool - - -The File Transfer Tool can be used to copy files or folders from the MED-V workspace to the host and vice versa. - -**Note**   -The File Transfer Tool is enabled only when the MED-V workspace is running. - - - -**To copy files or folders from a MED-V workspace that is currently running** - -1. In the notification area, right-click the MED-V icon. - -2. On the submenu, point to **Tools**, and then click **File Transfer**. - -3. In the **File Transfer** tool, in the **Select transfer direction** field, click one of the following transfer options: - - - **Copy from My Computer to 'default workspace' Workspace**—Transfer a file or folder from the host to the active MED-V workspace. - - - **Copy from 'default workspace' Workspace to My Computer**—Transfer a file or folder from the active MED-V workspace to the host. - -4. Select the file or folder to copy by doing one of the following: - - - In the **File to copy** field, type the full path to the directory where the file or folder to copy is located. - - - Click **Browse** to browse the directory where the file or folder to copy is located. - -5. Select the **Copy a folder** check box to copy an entire folder. - -6. Select the destination where the file is being transferred by doing one of the following: - - - In the **Destination** field, type the full path of the directory where the file or folder will be transferred. - - - Click **Browse** to browse to the directory where the file or folder will be transferred. - -7. Click **Start**. - - The file transfer begins. - -## Image Downloads - - -When a new image update is available for a MED-V workspace and the MED-V workspace is active, the user receives a message indicating that a new image is ready for download. - -**To view available images for download** - -1. In the notification area, right-click the MED-V icon. - -2. On the submenu, point to **Tools**, and then click **Image Downloads**. - - All available image downloads are displayed. - -## Diagnostics - - -The diagnostics tool provides all diagnostic information. - -**To view diagnostics** - -1. In the notification area, right-click the MED-V icon. - -2. On the submenu, point to **Help**, and then click **MED-V Diagnostics**. - -3. In the **Diagnostics** tool, review all diagnostic information. - -The following functions can be performed using the diagnostic tool: - -- Gather diagnostic logs—Gather the diagnostic logs, and place them on the desktop. - -- Update policy—The MED-V workspace policy automatically connects to the MED-V server to refresh the policy every 15 minutes. However, a user can use this option to perform a manual refresh immediately. - -- Enable or Disable diagnostic mode—Display the virtual machine window. This function is helpful when, for example, you need to see MED-V workspace windows that are not displayed. - -- Browse image store—View all available MED-V workspace images. - - - - - - - - - diff --git a/mdop/medv-v1/med-v-deployment-and-configuration.md b/mdop/medv-v1/med-v-deployment-and-configuration.md deleted file mode 100644 index 38648cf7f4..0000000000 --- a/mdop/medv-v1/med-v-deployment-and-configuration.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: MED-V Deployment and Configuration -description: MED-V Deployment and Configuration -author: dansimp -ms.assetid: 3a224c78-58b0-454c-ad6d-5ce87fbb2526 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# MED-V Deployment and Configuration - - -## In This Section - - -This section describes Microsoft Enterprise Desktop Virtualization (MED-V) deployment and configuration and includes the following: - -[MED-V Installation Prerequisites](med-v-installation-prerequisites.md) -Describes the prerequisites required before installing MED-V. - -[Supported Configurations](supported-configurationsmedv-orientation.md) -Describes the supported configurations for both MED-V 1.0 and MED-V 1.0 SP1. - -[Installation and Upgrade Checklists](installation-and-upgrade-checklists.md) -Provides the installation checklist for MED-V 1.0 and an upgrade checklist for MED-V 1.0 SP1. - -[Installing and Configuring MED-V Components](installing-and-configuring-med-v-components.md) -Provides procedures for installing and configuring the MED-V server, image repository, MED-V client, and MED-V management console, and the procedure for uninstalling the MED-V components. - -[Creating a Virtual PC Image for MED-V](creating-a-virtual-pc-image-for-med-v.md) -Describes how to create and configure a VPC image for MED-V. - -[Creating a MED-V Workspace](creating-a-med-v-workspacemedv-10-sp1.md) -Describes how to create a MED-V workspace. - -[Configuring MED-V Workspace Policies](configuring-med-v-workspace-policies.md) -Describes how to configure MED-V workspace policies. - -[Configuring MED-V for Remote Networks](configuring-med-v-for-remote-networks.md) -Describes how to configure MED-V to work from inside a network, remotely, or both from inside the network and remotely. - -[Configuring MED-V Server for Cluster Mode](configuring-med-v-server-for-cluster-mode.md) -Describes how to configure MED-V server using two servers and place all files mutual to both servers on a file system. - -  - -  - - - - - diff --git a/mdop/medv-v1/med-v-infrastructure-planning-and-design.md b/mdop/medv-v1/med-v-infrastructure-planning-and-design.md deleted file mode 100644 index a0654e7a12..0000000000 --- a/mdop/medv-v1/med-v-infrastructure-planning-and-design.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: MED-V Infrastructure Planning and Design -description: MED-V Infrastructure Planning and Design -author: dansimp -ms.assetid: 6129b8f6-4b20-4403-8edd-68b007791139 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# MED-V Infrastructure Planning and Design - - -## In This Section - - -This section provides direction in planning and designing a Microsoft Enterprise Desktop Virtualization (MED-V) infrastructure and addresses the following tasks: - -[Define the Project Scope](define-the-project-scope.md) -Describes how to define the project scope by defining the end users, determining the MED-V images to be managed, determining the organization’s service level expectations, and validating with the business. - -[Identify the Number of MED-V Instances](identify-the-number-of-med-v-instances.md) -Describes how to identify the number of MED-V instances required. - -[Design the MED-V Server Infrastructure](design-the-med-v-server-infrastructure.md) -Describes how to design the server for each MED-V instance, the SQL Server database, and the management console. - -[Design the MED-V Image Repositories](design-the-med-v-image-repositories.md) -Describes the steps required in designing the MED-V image repositories. - -  - -  - - - - - diff --git a/mdop/medv-v1/med-v-installation-prerequisites.md b/mdop/medv-v1/med-v-installation-prerequisites.md deleted file mode 100644 index 08db5ec442..0000000000 --- a/mdop/medv-v1/med-v-installation-prerequisites.md +++ /dev/null @@ -1,126 +0,0 @@ ---- -title: MED-V Installation Prerequisites -description: MED-V Installation Prerequisites -author: dansimp -ms.assetid: cf3c0906-23eb-4c4a-8951-a65741720f95 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# MED-V Installation Prerequisites - - -The following are prerequisites for installing MED-V: - -[Active Directory Requirements](#bkmk-activedirectoryrequirements) - -[Report Database](#bkmk-howtoinstallthereportdatabase) - -[Antivirus/Backup Software Configuration](#bkmk-antivirusbackupsoftwareconfiguration) - -[Microsoft Virtual PC 2007 SP1](#bkmk-howtoinstallandconfiguremicrosoftvirtualpc2007sp1) - -## Active Directory Requirements - - -When configuring the MED-V server, if users are not part of the same domain the server belongs to, a trust must be set between the domains. - -## How to Install the Report Database - - -The report database is required for storing all MED-V workspace logs. The log database is then used for generating MED-V reports. For information about reports, see [MED-V Reporting](med-v-reporting.md). - -SQL Server can be installed on the same server as the MED-V server or on a remote server. If installing on a remote server, see [Installing SQL Server on a Remote Server](#bkmk-installingsqlserveronaremoteserver). - -### Installing SQL Server on a Remote Server - -**To install SQL Server on a remote server** - -1. Configure the following on the remote server: - - - Instance name—Default instance - - - Authentication mode—Mixed mode - - - User—The default user created is “sa” - - - Password—Desired password - - - Collation Settings—Default - - - Error in usage report settings—Default - -2. Install the following files on the MED-V server: - - - To install the prerequisites for the management pack objects collection for Microsoft SQL Server 2008, download [Microsoft SQL Server 2008 Native Client](https://go.microsoft.com/fwlink/?LinkId=164039) from the Microsoft Download Center. - - - To install the prerequisites for the management pack objects collection for Microsoft SQL Server 2005, download [Microsoft SQL Server 2005 Native Client](https://go.microsoft.com/fwlink/?LinkId=164038) from the Microsoft Download Center. - - - To install the required dll files for Microsoft SQL Server 2008, download [Microsoft SQL Server 2008 Management Objects Collection](https://go.microsoft.com/fwlink/?LinkId=164041) from the Microsoft Download Center. - - - To install the required dll files for Microsoft SQL Server 2005, download [Microsoft SQL Server 2005 Management Objects](https://go.microsoft.com/fwlink/?LinkId=164040) from the Microsoft Download Center. - - - To install the stand-alone install packages that provide additional value for SQL Server 2008, download the [Microsoft SQL Server 2008 Feature Pack](https://go.microsoft.com/fwlink/?LinkId=163960) from the Microsoft Download Center. - - - To install the stand-alone install packages that provide additional value for SQL Server 2005, download the [Feature Pack for Microsoft SQL Server 2005]( https://go.microsoft.com/fwlink/?LinkId=163961) from the Microsoft Download Center. - - For more information about these files, see [Microsoft SQL Server 2008 Feature Pack](https://go.microsoft.com/fwlink/?LinkId=163960) on the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=163960) or [Feature Pack for Microsoft SQL Server 2005](https://go.microsoft.com/fwlink/?LinkId=163961) on the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=163961). - -## Antivirus/Backup Software Configuration - - -To prevent antivirus activity from affecting the performance of the virtual desktop, it is recommended where possible to exclude the following virtual machine file types from any antivirus or backup processing running on the host: - -- \*.VMC - -- \*.VUD - -- \*.VSV - -- \*.CKM - -- \*.EVHD - -## How to Install and Configure Microsoft Virtual PC 2007 SP1 - - -**Important**   -If Virtual PC for Windows exists on the host computer, uninstall it before installing Virtual PC 2007 SP1. - - - -**To install Microsoft Virtual PC 2007 SP1** - -1. Download Virtual PC 2007 SP1 from the Microsoft Download Center [Virtual PC 2007 SP1](https://go.microsoft.com/fwlink/?LinkId=142994). - -2. Run the installation file on the host computer, and follow the wizard. - -3. Install Virtual PC 2007 SP1 update on the host computer in elevated mode. - - For more information, see [the description of the hotfix package for Virtual PC 2007 SP1](https://go.microsoft.com/fwlink/?LinkId=150575). - - **Note**   - The Virtual PC 2007 SP1 update is required for running Virtual PC 2007 SP1. - - - -## Related topics - - -[Supported Configurations](supported-configurationsmedv-orientation.md) - - - - - - - - - diff --git a/mdop/medv-v1/med-v-operations.md b/mdop/medv-v1/med-v-operations.md deleted file mode 100644 index c76249664e..0000000000 --- a/mdop/medv-v1/med-v-operations.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: MED-V Operations -description: MED-V Operations -author: dansimp -ms.assetid: ce362dc0-47a4-4e66-af64-66734fa50c08 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# MED-V Operations - - -## In This Section - - -[Using the MED-V Management Console User Interface](using-the-med-v-management-console-user-interface.md) -Describes the Microsoft Enterprise Desktop Virtualization (MED-V) management console, as well as how to open it and log in. - -[Creating a MED-V Image](creating-a-med-v-image.md) -Describes how to configure a MED-V image on a computer on which the MED-V client and MED-V management application are installed. - -[Deploying a MED-V Workspace Using an Enterprise Software Distribution System](deploying-a-med-v-workspace-using-an-enterprise-software-distribution-system.md) -Describes how to deploy a MED-V workspace using an enterprise software distribution system. - -[Deploying a MED-V Workspace Using a Deployment Package](deploying-a-med-v-workspace-using-a-deployment-package.md) -Describes how to deploy a MED-V workspace using a deployment package. - -[Updating a MED-V Workspace Image](updating-a-med-v-workspace-image.md) -Describes the various ways of updating a MED-V workspace image. - -[MED-V Client Operations](med-v-client-operations.md) -Describes the operations that can be performed using MED-V client. - -  - -  - - - - - diff --git a/mdop/medv-v1/med-v-reporting.md b/mdop/medv-v1/med-v-reporting.md deleted file mode 100644 index 17674e3619..0000000000 --- a/mdop/medv-v1/med-v-reporting.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: MED-V Reporting -description: MED-V Reporting -author: dansimp -ms.assetid: b379153b-be89-4a76-a284-2bb4591c3490 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# MED-V Reporting - - -MED-V provides status, activity log, and error reports to help the administrator review the status, activity, and errors of MED-V users and MED-V workspace. - -## In This Section - - -[How to Generate Reports](how-to-generate-reports-medvv2.md) -Describes how to generate the different types of reports. - -[How to Work with Reports](how-to-work-with-reports.md) -Describes the functions used when working with reports. - -## Related topics - - -[How to Install and Configure the MED-V Server Component](how-to-install-and-configure-the-med-v-server-component.md) - -  - -  - - - - - diff --git a/mdop/medv-v1/med-v-trim-transfer-technology-medvv2.md b/mdop/medv-v1/med-v-trim-transfer-technology-medvv2.md deleted file mode 100644 index 1aaecaa5a4..0000000000 --- a/mdop/medv-v1/med-v-trim-transfer-technology-medvv2.md +++ /dev/null @@ -1,81 +0,0 @@ ---- -title: MED-V Trim Transfer Technology -description: MED-V Trim Transfer Technology -author: dansimp -ms.assetid: 2744e855-a486-4028-9606-f0084794ec65 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# MED-V Trim Transfer Technology - - -## - - -The MED-V advanced Trim Transfer de-duplication technology accelerates the download of initial and updated virtual machine images over the LAN or WAN, thereby reducing the network bandwidth needed to transport a MED-V workspace virtual machine to multiple end users. - -This breakthrough technology uses existing local data to build the virtual machine image, leveraging the fact that in many cases, much of the virtual machine (for example, system and application files) already exists on the end user's disk. For example, if a virtual machine containing Windows XP is delivered to a client running a local copy of Windows XP, MED-V will automatically remove the redundant Windows XP elements from the transfer. To ensure a valid and functional workspace, the MED-V client cryptographically verifies the integrity of local data before it is utilized, guaranteeing that the local blocks of data are absolutely bit-by-bit identical to those in the desired virtual machine image. Blocks that do not match are not used. - -The process is bandwidth-efficient and transparent, and transfers run in the background, utilizing unused network and CPU resources. - -When updating to a new image version (for example, when administrators want to distribute a new application or patch), only the elements that have changed ("deltas") are downloaded, and not the entire virtual machine, significantly reducing the required network bandwidth and delivery time. - -You can configure which folders are indexed on the host as part of the Trim Transfer protocol, based on the host operating system. These settings are configured in the *ClientSettings.xml* file, which can be found in the **Servers\\Configuration Server\\** folder. - -When applying new settings, the service must be restarted. - -```xml - -- -%WINDIR% -%ProgramFiles%\Common Files -%ProgramFiles%\Internet Explorer -%ProgramFiles%\MED-V -%ProgramFiles%\Microsoft Office -%ProgramFiles%\Windows NT -%ProgramFiles%\Messenger -%ProgramFiles%\Adobe -%ProgramFiles%\Outlook Express - - -- -- -%WINDIR%\MSAgent -%WINDIR%\winsxs -%WINDIR%\system -%WINDIR%\system32 -%WINDIR%\Microsoft.NET -%WINDIR%\SoftwareDistribution -%WINDIR%\L2Schemas -%WINDIR%\Cursors -%WINDIR%\Boot -%WINDIR%\Help -%WINDIR%\assembly -%WINDIR%\inf -%WINDIR%\fonts -%WINDIR%\Installer -%WINDIR%\IME -%WINDIR%\Resources -%WINDIR%\servicing -%ProgramFiles%\MED-V -%ProgramFiles%\Microsoft Office - - -``` - -  - -  - - - - - diff --git a/mdop/medv-v1/overview-of-med-v.md b/mdop/medv-v1/overview-of-med-v.md deleted file mode 100644 index 0d46bf93a7..0000000000 --- a/mdop/medv-v1/overview-of-med-v.md +++ /dev/null @@ -1,31 +0,0 @@ ---- -title: Overview of MED-V -description: Overview of MED-V -author: dansimp -ms.assetid: 32a85b79-91b0-4507-a57a-01ff0fa029f5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Overview of MED-V - - -MED-V uses Microsoft Virtual PC to provide an enterprise solution for desktop virtualization. With MED-V, you can easily create, deliver, and manage corporate Virtual PC images on any Windows®-based desktop. - -MED-V is an integral component of the Microsoft Desktop Optimization Pack, a dynamic solution available to Software Assurance customers, which helps reduce application deployment costs, enables delivery of applications as services, and helps to better manage and control enterprise desktop environments. - -  - -  - - - - - diff --git a/mdop/medv-v1/supported-configurationsmedv-orientation.md b/mdop/medv-v1/supported-configurationsmedv-orientation.md deleted file mode 100644 index c66ad41ec2..0000000000 --- a/mdop/medv-v1/supported-configurationsmedv-orientation.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -title: Supported Configurations -description: Supported Configurations -author: dansimp -ms.assetid: c1438455-445a-4bc8-ae20-483b26181f6f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Supported Configurations - - -This section provides the supported configurations for MED-V 1.0 and MED-V 1.0 SP1. - -## In This Section - - -[MED-V 1.0 Supported Configurations](med-v-10-supported-configurationsmedv-10.md) -Delineates the supported configurations for MED-V 1.0. - -[MED-V 1.0 SP1 Supported Configurations](med-v-10-sp1-supported-configurationsmedv-10-sp1.md) -Delineates the supported configurations for MED-V 1.0 SP1. - -  - -  - - - - - diff --git a/mdop/medv-v1/technical-referencemedv-10-sp1.md b/mdop/medv-v1/technical-referencemedv-10-sp1.md deleted file mode 100644 index 77b1fc1045..0000000000 --- a/mdop/medv-v1/technical-referencemedv-10-sp1.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Technical Reference -description: Technical Reference -author: dansimp -ms.assetid: 387462c7-bb46-40b8-b4cf-ee9453972582 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Technical Reference - - -## In This Section - - -This section provides the following technical references for Microsoft Enterprise Desktop Virtualization (MED-V): - -[MED-V Reporting](med-v-reporting.md) -Describes how to generate reports and how to work with reports. - -[MED-V Trim Transfer Technology](med-v-trim-transfer-technology-medvv2.md) -Describes the MED-V Trim Transfer technology concept. - -[How to Back Up and Restore a MED-V Server](how-to-back-up-and-restore-a-med-v-server.md) -Describes how to back up and restore a MED-V server. - -[How to Share Folders Between the Host and the MED-V Workspace](how-to-share-folders-between-the-host-and-the-med-v-workspace.md) -Describes how to share folders located on the network and folders located on the host. - -[How to Set MED-V Workspace Deletion Options](how-to-set-med-v-workspace-deletion-options.md) -Describes how to set MED-V workspace deletion options for each user or group. - -[How to Set Advanced File Transfer Options](how-to-set-advanced-file-transfer-options.md) -Describes the advanced file transfer options. - -[How to Edit a Published Application with Advanced Settings](how-to-edit-a-published-application-with-advanced-settings.md) -Describes editing a published application with advanced settings. - -[How to Set Up Script Actions](how-to-set-up-script-actions.md) -Describes the script actions editor. - -[Client Installation Command Line Reference](client-installation-command-line-reference.md) -Describes how to install MED-V from the command line. - -[How to Configure Image Pre-staging](how-to-configure-image-pre-staging.md) -Describes how to configure image pre-staging and how to update the pre-stage location. - -  - -  - - - - - diff --git a/mdop/medv-v1/troubleshooting-med-v.md b/mdop/medv-v1/troubleshooting-med-v.md deleted file mode 100644 index 52b110ec3b..0000000000 --- a/mdop/medv-v1/troubleshooting-med-v.md +++ /dev/null @@ -1,193 +0,0 @@ ---- -title: Troubleshooting MED-V -description: Troubleshooting MED-V -author: dansimp -ms.assetid: f43dae36-6485-4e06-9c66-0a646e27079d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Troubleshooting MED-V - - -This section provides information to help troubleshoot general issues with Microsoft Enterprise Desktop Virtualization (MED-V). - -## Changing the host resolution and then maximizing the MED-V workspace causes the desktop to appear black - - -When working in full desktop mode, if you change the host resolution and then maximize the MED-V workspace window, the desktop appears black and the MED-V workspace might not respond. - -### Solution - -Stop and then start the MED-V workspace. - -## Starting a MED-V workspace with a network adapter disabled and then later enabling the adapter does not restore network connectivity - - -If you configure a MED-V workspace in bridge mode and then start the MED-V workspace while a network adapter is disabled, if the adapter is later enabled, the network connectivity through that adapter is not restored. - -### Solution - -Stop and then start the MED-V workspace. - -## An image can be used by only one Windows user per computer - - -A MED-V workspace image can be used only by the Windows user who downloaded or imported the image. This user is the only user aside from administrators who have permissions to the folder where the downloaded images are located. - -### Solution - -Manually change the access control list (ACL) on the image store. - -## When installing MED-V by using Configuration Manager with users rights enabled, uninstall fails - - -If MED-V is installed by using Microsoft System Center Configuration Manager and the run mode of the package is set to users rights, uninstall fails with an error message that says that only administrative users can uninstall MED-V. - -### Solution - -When creating a Configuration Manager package for MED-V, set the run mode to administrative rights. - -## When installing MED-V by using a corporate deployment system, where the installation is configured to run the client following installation, you cannot run the client - - -If MED-V is installed by using a corporate deployment system and the installation package is configured to run MED-V client following the installation, after the client is running under the system account, you cannot see that the client is running (except in the notification area), and you cannot interact with it. - -### Solution - -When installing MED-V by using a corporate deployment system, use the *START\_MEDV=0* .msi parameter. - -## MED-V test image fails to start - - -If a MED-V test image fails to start, it will never recover and all future startups will fail with a “GINA fail to load” error message. - -### Solution - -Delete the existing test image and then re-create it. - -## After attempting to join a domain with the wrong credentials, the image never succeeds in joining the domain - - -If there is a configuration error in the join domain building block, which is part of the virtual machine first-time setup script, it causes the MED-V workspace to fail when attempting to join a domain. After the configuration error is repaired, the image included in the MED-V workspace cannot join the domain. - -### Solution - -If the image was deployed, redistribute the image. If the image was a test image, re-create the image. - -## MED-V does not support multiple monitors - - -MED-V does not support displaying published applications across multiple monitors. Published applications and other client windows may be displayed in the wrong screen, and sometimes after a screen is disconnected, MED-V attempts to send the screen to the monitor so that the connected monitor appears blank. - -### Solution - -Disconnect the additional screen, and restart the client. - -## MED-V workspace might fail to start if the host crashes during MED-V workspace startup - - -If the host crashes during the MED-V workspace startup process and an error message appears that says “Root element is missing,” the MED-V workspace might add data to an empty virtual machine configuration (VMC) file, which will cause the startup process to fail. - -### Solution - -Replace the empty VMC file with a VMC file from the base image. - -## The keyboard does not respond in published application windows - - -In a MED-V workspace, if you press the Windows logo key when a published application is in focus, the keyboard no longer responds in published application windows. - -### Solution - -Press the Windows logo key while a published application is in focus. - -## A domain MED-V workspace does not update domain credentials - - -When using a persistent MED-V workspace in a domain environment, if you change your domain password, the MED-V client does not update the MED-V workspace domain credentials. When a published application attempts to access a network resource, you will receive an error message notifying you that your credentials expired. - -### Solution - -Restart the MED-V workspace operating system. - -## Maximized published application windows cover the host taskbar - - -If you maximize a published application window to full screen, it might cover the host taskbar. - -### Solution - -Do one of the following: - -Minimize the published application window to gain access to the notification area, and restart the MED-V workspace. - -Minimize the published application window, and then restore the window to its maximized state. - -## Adding users or groups in the MED-V Server Configuration Manager does not work - - -When adding users or groups in the **Select Users or Groups** dialog box, the selected users or groups are not added to the access control list in the MED-V Server Configuration Manager. - -### Solution - -Add users or groups using the **Enter User or Group names** dialog box. For detailed information, see [How to Install and Configure the MED-V Server Component](how-to-install-and-configure-the-med-v-server-component.md#bkmk-configuringpermissions). - -## MED-V does not work on computers with Windows Virtual PC for Windows 7 installed - - -MED-V requires Windows Virtual PC 2007. Windows Virtual PC for Windows 7 and Virtual PC 2007 SP1 cannot be installed on the same computer. - -### Solution - -Uninstall Virtual PC for Windows 7 before installing Virtual PC 2007 SP1 and MED-V. - -## MED-V does not support Virtual PC and Windows XP Mode images - - -MED-V 1.0 SP1 does not support images created by Windows Virtual PC for Windows 7. If a Virtual PC for Windows 7 image is used, the client will fail during startup. - -### Solution - -Create MED-V images by using Virtual PC 2007 SP1. - -## Windows firewall blocks Virtual PC 2007 SP1 network activity - - -By default, Windows firewall blocks Virtual PC 2007 SP1 network activity, and when Virtual PC 2007 SP1 initiates on the client computer, there is a firewall message that blocks its startup sequence and all network access. - -### Solution - -Update the firewall exception by using Group Policy before MED-V is used by the end user. - -## When upgrading the client an error message appears - - -When upgrading the client from MED-V 1.0 to MED-V 1.0 SP1, a message may appear notifying you that no MED-V workspace is defined. - -### Solution - -Close the client and restart it. - -## Related topics - - -[MED-V 1.0 Release Notes](med-v-10-release-notesmedv-10.md) - -[MED-V 1.0 SP1 and SP2 Release Notes](med-v-10-sp1-and-sp2-release-notesmedv-10-sp1.md) - -  - -  - - - - - diff --git a/mdop/medv-v1/updating-a-med-v-workspace-image.md b/mdop/medv-v1/updating-a-med-v-workspace-image.md deleted file mode 100644 index c030f2922c..0000000000 --- a/mdop/medv-v1/updating-a-med-v-workspace-image.md +++ /dev/null @@ -1,92 +0,0 @@ ---- -title: Updating a MED-V Workspace Image -description: Updating a MED-V Workspace Image -author: dansimp -ms.assetid: 1b9c4a73-3487-43d2-98e3-43dbc79e10e3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Updating a MED-V Workspace Image - - -An image can be updated in one of the following ways: - -- The update can be pushed to the guest operating system using your enterprise software distribution system. - -- The update can be uploaded to the image Web distribution server, and then downloaded by the client and applied to the MED-V image. - -- The MED-V base image can be updated and redeployed. - -## How to Update a MED-V Image Using an Enterprise Software Distribution System - - -**To update a MED-V image using an enterprise software distribution system** - -- Refer to the documentation of the system you are using. - -## How to Update a MED-V Image Using Web Download - - -**To update a MED-V image using Web download** - -1. In MED-V management, on the **Virtual Machine** tab, ensure that the following settings are applied to the MED-V workspace policies that are associated with the MED-V image being updated: - - - The **Suggest update when a new version is available** check box is selected. - - - Optionally, the **Clients should use Trim Transfer when downloading images for this Workspace** check box is selected. - - For more information, see [How to Apply Virtual Machine Settings to a MED-V Workspace](how-to-apply-virtual-machine-settings-to-a-med-v-workspace.md). - -2. Upload the image update to the image Web distribution server. - - All clients with images that need to be updated automatically download the update and apply it to the image. - -## How to Update a MED-V Base Image - - -**To update a MED-V base image** - -1. Open the existing image in Virtual PC 2007. - -2. Make the required changes to the image, updating the image (such as installing new software). - -3. Close Virtual PC 2007. - -4. Test the image. - -5. After the image is tested, pack it to the local repository, using the same name as the existing image. - - **Note**   - If you name the image a different name than the existing version, a new image will be created rather than a new version of the existing image. - - - -6. Upload the new version to the server, push it to the image pre-stage folder, or distribute it via a deployment package. - -## Related topics - - -[Creating a MED-V Image](creating-a-med-v-image.md) - -[How to Update a MED-V Image](how-to-update-a-med-v-image.md) - -[Configuring MED-V Workspace Policies](configuring-med-v-workspace-policies.md) - -[How to Configure the Image Web Distribution Server](how-to-configure-the-image-web-distribution-server.md) - - - - - - - - - diff --git a/mdop/medv-v1/using-the-med-v-management-console-user-interface.md b/mdop/medv-v1/using-the-med-v-management-console-user-interface.md deleted file mode 100644 index 58bf527214..0000000000 --- a/mdop/medv-v1/using-the-med-v-management-console-user-interface.md +++ /dev/null @@ -1,77 +0,0 @@ ---- -title: Using the MED-V Management Console User Interface -description: Using the MED-V Management Console User Interface -author: dansimp -ms.assetid: f42714d7-6f0c-4995-ab31-d4ef0845a22c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Using the MED-V Management Console User Interface - - -The console user interface is divided into the following sections: - -- The following **MED-V management buttons**, which correspond to the three modules: - - - **Policy**—The **Policy** module is used to define the MED-V workspaces and their related settings and permissions. - - - **Images**—The **Images** module is used to manage MED-V workspace images. - - - **Reports**—The **Reports** module is used for generating and viewing MED-V workspace reports. - -- The **toolbar** displays shortcuts relevant to the button selected. - -- The **display pane** displays a module corresponding to the button that is selected. - -![](images/medv-ui-console-general.gif) - -## How to Log In to the MED-V Management Console - - -**To open the MED-V management console** - -- On the Windows **Start** menu, select **All Programs > MED-V > MED-V Management**, or on the desktop, double-click the MED-V Management icon. - - The **MED-V Management Login** window appears. - -**Note**   -For security reasons, the first user to log in to the MED-V management console will become the only user on that computer allowed to access the management console. - - - -**To log in** - -1. Type in your domain user credentials in the following format: - - "domain\_name\\user\_name", "password" - - **Note**   - When configuring the server, users with full access as well as users with read-only access are defined. All users must be domain users. The domain user name and password is used for MED-V management login. - - - -2. Click **OK**. - - The **MED-V Management** console appears. - -## Related topics - - -[How to Install MED-V Client and MED-V Management Console](how-to-install-med-v-client-and-med-v-management-console.md) - - - - - - - - - diff --git a/mdop/medv-v2/TOC.md b/mdop/medv-v2/TOC.md deleted file mode 100644 index 80bb2410e7..0000000000 --- a/mdop/medv-v2/TOC.md +++ /dev/null @@ -1,85 +0,0 @@ -# [Microsoft Enterprise Desktop Virtualization 2](index.md) -## [Getting Started with MED-V](getting-started-with-med-vmedv2.md) -### [Overview of MED-V](overview-of-med-vmedv2.md) -### [Planning for Application Operating System Compatibility](planning-for-application-operating-system-compatibility.md) -### [High-Level Architecture](high-level-architecturemedv2.md) -### [About MED-V 2.0](about-med-v-20.md) -#### [What's New in MED-V 2.0](whats-new-in-med-v-20.md) -#### [MED-V 2.0 Supported Configurations](med-v-20-supported-configurations.md) -#### [MED-V 2.0 Release Notes](med-v-20-release-notes.md) -## [Planning for MED-V](planning-for-med-v.md) -### [End-to-End Planning Scenario for MED-V 2.0](end-to-end-planning-scenario-for-med-v-20.md) -### [Define and Plan your MED-V Deployment](define-and-plan-your-med-v-deployment.md) -#### [Determining How MED-V Will Be Deployed](determining-how-med-v-will-be-deployed.md) -#### [Identifying the Number and Types of MED-V Workspaces](identifying-the-number-and-types-of-med-v-workspaces.md) -### [MED-V 2.0 Best Practices](med-v-20-best-practices.md) -## [Deployment of MED-V](deployment-of-med-v.md) -### [End-to-End Deployment Scenario for MED-V 2.0](end-to-end-deployment-scenario-for-med-v-20.md) -### [MED-V 2.0 Supported Configurations](med-v-20-supported-configurations.md) -### [MED-V 2.0 Deployment Overview](med-v-20-deployment-overview.md) -### [Prepare the Deployment Environment for MED-V](prepare-the-deployment-environment-for-med-v.md) -#### [Configure Environment Prerequisites](configure-environment-prerequisites.md) -#### [Configure Installation Prerequisites](configure-installation-prerequisites.md) -### [Deploy the MED-V Components](deploy-the-med-v-components.md) -#### [How to Install the MED-V Workspace Packager](how-to-install-the-med-v-workspace-packager.md) -#### [How to Deploy the MED-V Components Through an Electronic Software Distribution System](how-to-deploy-the-med-v-components-through-an-electronic-software-distribution-system.md) -#### [How to Manually Install the MED-V Host Agent](how-to-manually-install-the-med-v-host-agent.md) -#### [How to Uninstall the MED-V Components](how-to-uninstall-the-med-v-components.md) -## [Operations for MED-V](operations-for-med-v.md) -### [End-to-End Operations Scenario for MED-V 2.0](end-to-end-operations-scenario-for-med-v-20.md) -### [Prepare a MED-V Image](prepare-a-med-v-image.md) -#### [Creating a Windows Virtual PC Image for MED-V](creating-a-windows-virtual-pc-image-for-med-v.md) -#### [Installing Applications on a Windows Virtual PC Image](installing-applications-on-a-windows-virtual-pc-image.md) -#### [Configuring a Windows Virtual PC Image for MED-V](configuring-a-windows-virtual-pc-image-for-med-v.md) -### [Create a MED-V Workspace Package](create-a-med-v-workspace-package.md) -#### [Configuring Advanced Settings by Using Windows PowerShell](configuring-advanced-settings-by-using-windows-powershell.md) -### [Test And Deploy the MED-V Workspace Package](test-and-deploy-the-med-v-workspace-package.md) -#### [Testing the MED-V Workspace Package](testing-the-med-v-workspace-package.md) -##### [How to Create a Test Environment](how-to-create-a-test-environment.md) -##### [How to Verify First Time Setup Settings](how-to-verify-first-time-setup-settings.md) -##### [How to Test URL Redirection](how-to-test-url-redirection.md) -##### [How to Test Application Publishing](how-to-test-application-publishing.md) -#### [Deploying the MED-V Workspace Package](deploying-the-med-v-workspace-package.md) -##### [How to Deploy a MED-V Workspace Through an Electronic Software Distribution System](how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md) -##### [How to Deploy a MED-V Workspace in a Windows 7 Image](how-to-deploy-a-med-v-workspace-in-a-windows-7-image.md) -##### [How to Deploy a MED-V Workspace Manually](how-to-deploy-a-med-v-workspace-manually.md) -### [Monitor MED-V Workspaces](monitor-med-v-workspaces.md) -#### [Monitoring MED-V Workspace Deployments](monitoring-med-v-workspace-deployments.md) -#### [Detecting Network Changes that Affect MED-V](detecting-network-changes-that-affect-med-v.md) -### [Manage MED-V Workspace Applications](manage-med-v-workspace-applications.md) -#### [Managing Applications Deployed to MED-V Workspaces](managing-applications-deployed-to-med-v-workspaces.md) -##### [Installing and Removing an Application on the MED-V Workspace](installing-and-removing-an-application-on-the-med-v-workspace.md) -##### [How to Publish and Unpublish an Application on the MED-V Workspace](how-to-publish-and-unpublish-an-application-on-the-med-v-workspace.md) -#### [Managing Software Updates for MED-V Workspaces](managing-software-updates-for-med-v-workspaces.md) -#### [Managing Automatic Updates for MED-V Workspaces](managing-automatic-updates-for-med-v-workspaces.md) -### [Manage MED-V URL Redirection](manage-med-v-url-redirection.md) -#### [How to Add or Remove URL Redirection Information in a Deployed MED-V Workspace](how-to-add-or-remove-url-redirection-information-in-a-deployed-med-v-workspace.md) -#### [How to Manage URL Redirection by Using the MED-V Workspace Packager](how-to-manage-url-redirection-by-using-the-med-v-workspace-packager.md) -### [Manage MED-V Workspace Settings](manage-med-v-workspace-settings.md) -#### [Managing MED-V Workspace Settings by Using the MED-V Workspace Packager](managing-med-v-workspace-settings-by-using-the-med-v-workspace-packager.md) -#### [Managing MED-V Workspace Settings by Using a WMI](managing-med-v-workspace-settings-by-using-a-wmi.md) -#### [Managing MED-V Workspace Configuration Settings](managing-med-v-workspace-configuration-settings.md) -#### [Managing Printers on a MED-V Workspace](managing-printers-on-a-med-v-workspace.md) -## [Troubleshooting MED-V](troubleshooting-med-vmedv2.md) -### [Deployment Troubleshooting](deployment-troubleshooting.md) -### [Operations Troubleshooting](operations-troubleshooting-medv2.md) -### [Troubleshooting MED-V by Using the Administration Toolkit](troubleshooting-med-v-by-using-the-administration-toolkit.md) -#### [Viewing and Configuring MED-V Logs](viewing-and-configuring-med-v-logs.md) -#### [Restarting and Resetting a MED-V Workspace](restarting-and-resetting-a-med-v-workspace.md) -#### [Viewing MED-V Workspace Configurations](viewing-med-v-workspace-configurations.md) -## [Security and Protection for MED-V](security-and-protection-for-med-v.md) -### [Security Best Practices for MED-V Operations](security-best-practices-for-med-v-operations.md) -### [Authentication of MED-V End Users](authentication-of-med-v-end-users.md) -## [Technical Reference for MED-V](technical-reference-for-med-v.md) -### [Command-Line Options for MED-V Installation Files](command-line-options-for-med-v-installation-files.md) -### [Compacting the MED-V Virtual Hard Disk](compacting-the-med-v-virtual-hard-disk.md) -### [MED-V Event Log Messages](med-v-event-log-messages.md) -### [Updating MED-V 2.0](updating-med-v-20.md) -### [Windows Virtual PC Application Exclude List](windows-virtual-pc-application-exclude-list.md) -### [Example MED-V Checklists](example-med-v-checklists.md) -#### [Example MED-V Environment Planning Checklist](example-med-v-environment-planning-checklist.md) -#### [Example MED-V Project Planning Checklist](example-med-v-project-planning-checklist.md) -#### [Example MED-V System Installation Checklist](example-med-v-system-installation-checklist.md) -#### [Example MED-V Image Preparation Checklist](example-med-v-image-preparation-checklist.md) -#### [Example MED-V Workspace Deployment Checklist](example-med-v-workspace-deployment-checklist.md) - diff --git a/mdop/medv-v2/about-med-v-20.md b/mdop/medv-v2/about-med-v-20.md deleted file mode 100644 index dd2c32be10..0000000000 --- a/mdop/medv-v2/about-med-v-20.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: About MED-V 2.0 -description: About MED-V 2.0 -author: dansimp -ms.assetid: 7ec53f2c-db6e-4a6b-a069-99d0c25cd101 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About MED-V 2.0 - - -## In This Section - - -This section provides information related specifically to MED-V 2.0 and includes the following topics: - -[What's New in MED-V 2.0](whats-new-in-med-v-20.md) -Describes system requirements and new and changed features in MED-V 2.0. - -[MED-V 2.0 Supported Configurations](med-v-20-supported-configurations.md) -Describes the supported configurations for MED-V 2.0. - -[MED-V 2.0 Release Notes](med-v-20-release-notes.md) -Provides a list of known issues with MED-V 2.0. - -## Related topics - - -[Getting Started with MED-V](getting-started-with-med-vmedv2.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/authentication-of-med-v-end-users.md b/mdop/medv-v2/authentication-of-med-v-end-users.md deleted file mode 100644 index 843a257c5b..0000000000 --- a/mdop/medv-v2/authentication-of-med-v-end-users.md +++ /dev/null @@ -1,135 +0,0 @@ ---- -title: Authentication of MED-V End Users -description: Authentication of MED-V End Users -author: dansimp -ms.assetid: aaf96eb6-91d1-4f4d-9854-5fc73c7ae7ab -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Authentication of MED-V End Users - - -The authentication of Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 end users is a very important security issue. In this context, authentication refers to verifying the identity of the MED-V end user. - -The following section provides information and guidance about end-user authentication in MED-V. - -## User Authentication in MED-V - - -Authentication in MED-V generally occurs at two levels: when a user first accesses MED-V and every time that they change their password. - -Depending on how you have configured MED-V settings for authentication, the end user is typically prompted at some point to enter their password, either the first time MED-V is started or the first time that they try to open a published application. - -There are several aspects of end-user authentication that you can control, including the following: - -Whether the credentials the end user enters are stored in Credential Manager - -In what manner the end user is presented with the option of entering and saving their password - -Depending on your company’s preferred process for managing end-user authentication, you can specify whether credential caching occurs for a particular MED-V workspace. Caching the credentials of an end user is helpful because they are only prompted one time for their password. If the end user is not allowed to save their password or they decide not to, every time that they start a new MED-V session, they must enter it again. For example, if MED-V is configured to start when the end user logs on to the host but Authentication is disabled, the end user is only prompted one time during logon. In this case, credentials are valid until the end user logs off from the host. - -If it is necessary, you can use Credential Manager to remove any stored end-user credentials. - -By default, credential storing is disabled, but you can change this setting through one of the following methods: - -**While you are creating the MED-V workspace package**. For more information, see [Create a MED-V Workspace Package](create-a-med-v-workspace-package.md). - -**After you have deployed the MED-V workspace**. Edit the MED-V cmdlet parameter UxCredentialCacheEnabled to set the Terminal Services registry key. For more information, see Windows PowerShell Help. - -After MED-V workspace deployment, you can set your preference for end-user authentication by modifying the Terminal Services policy named DisablePasswordSaving. DisablePasswordSaving controls whether the password saving check box appears on the RDP client dialog window and whether the MED-V credential prompt is displayed. - -Following is the policy path for the Terminal Services policy named DisablePasswordSaving. - -**Regedit:** - -HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Virtual Machine\\Policies\\DisablePasswordSaving - -**Note** -The changes that you make to DisablePasswordSaving only affect the RDP prompt to a virtual machine. - - - -The following table lists the different ways you can configure your settings for credential storing and the effects of the different configurations: - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
ValueConfigurationResult

DisablePasswordSaving

Disabled

The MED-V prompt is presented and a check box to accept is available and cleared. If the end user selects the check box, credentials are cached for subsequent use. The end user also has the benefit of only being prompted when the password expires.

-

If the end user does not select the check box, the Remote Desktop Connection (RDC) Client prompt is presented instead of the MED-V prompt, and the check box to accept is cleared. If the end user selects the check box, the RDC Client credential is stored for later use.

-
-Important

RDC does not validate credentials when the end user enters them. If the end user caches the credentials through the RDC prompt, there is a risk that incorrect credentials might be stored. In this case, the incorrect credentials must be deleted in the Windows Credential Manager.

-
-
- -

DisablePasswordSaving

Enabled

-Note

This configuration is more secure because it does not allow end user credentials to be cached.

-
-
- -
- - - -By default, the MED-V installation sets a registry key in the guest to suppress the "password about to expire" prompt. The end user is only prompted for a password change on the host. Credentials that are updated on the host are passed to the guest. - -**Caution** -If you use Group Policy in your environment, know that it can override the registry key causing the password prompts from the guest to reappear. - - - -### Security Concerns with Authentication - -Even though caching the end user’s credentials provides the best user experience, you must be aware of the risks involved. - -When credential caching is enabled, the end user’s domain credential is stored in a reversible format within the Windows Credential Manager. As a result, an attacker could write a tool that runs as either a system level process or an end user process and that retrieves the end user's credentials. You can only lessen this risk by setting DisablePasswordSaving to **Enabled**. - -This same concern exists when MED-V authentication is disabled but the Terminal Services policy setting is enabled. - -## Related topics - - -[Security Best Practices for MED-V Operations](security-best-practices-for-med-v-operations.md) - - - - - - - - - diff --git a/mdop/medv-v2/command-line-options-for-med-v-installation-files.md b/mdop/medv-v2/command-line-options-for-med-v-installation-files.md deleted file mode 100644 index f6e9a21158..0000000000 --- a/mdop/medv-v2/command-line-options-for-med-v-installation-files.md +++ /dev/null @@ -1,127 +0,0 @@ ---- -title: Command-Line Options for MED-V Installation Files -description: Command-Line Options for MED-V Installation Files -author: dansimp -ms.assetid: 7b8cd3e4-1d09-44a0-b690-f85b0d0a6b02 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Command-Line Options for MED-V Installation Files - - -When you install or uninstall Microsoft Enterprise Desktop Virtualization (MED-V) 2.0, you have the option of running the installation files at the command prompt. This section describes different options that you can specify when you install or uninstall MED-V at the command prompt. - -### Command-Line Arguments - -You can use the following command-line arguments together with their respective MED-V installation files. - - -------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Installation FileArgumentAccepted ValuesTypeDescriptionDefault

Host Agent

MEDVDIR

<install path>

Installation

Change installed directory

Installation goes to Program Files\Microsoft Enterprise Desktop Virtualization.

MED-V Workspace Packager

MEDVDIR

<install path>

Installation

Change installed directory

Installation goes to Program Files\Microsoft Enterprise Desktop Virtualization.

MED-V workspace

INSTALLDIR

<install path>

Installation

Change installed directory

Installation goes to ProgramData\Microsoft\Medv\Workspace.

MED-V workspace

OVERWRITE VHD

0 or 1

Installation

Fail installation if VHD exists(0) or overwrite existing VHD(1).

Overwrite does not occur and installation fails if a virtual hard disk (VHD) already exists.

MED-V workspace

SUPPRESSMEDVLAUNCH

0 or 1

Installation

Start(0) or do not start(1) MED-V after MED-V workspace is installed.

If the MED-V workspace was installed with the user interface (UI), a check box on the Finish page controls whether to start MED-V.

MED-V workspace

DELETEDIFFDISKS

0 or 1

Uninstallation

Keep(0) or delete(1) VHDs created by MED-V

No VHDs are deleted.

- -  - -### Examples of Command-Line Arguments - -The following example installs the MED-V workspace created by the MED-V workspace Packager. The installation file creates a log file in the Temp directory and runs the installation file in quiet mode, but does not start the MED-V Host Agent on completion. The installation file overwrites any VHD left behind by a previous installation that has the same name. - -``` syntax -setup.exe /l* %temp%\medv-workspace-install.log /qn SUPPRESSMEDVLAUNCH=1 OVERWRITEVHD=1 -``` - -The following example uninstalls the MED-V workspace that was previously installed. The installation file creates a log file in the Temp directory and runs the installation file in quiet mode. The installation file deletes any remaining virtual hard disk files from the file system. - -``` syntax -%ProgramData%\Microsoft\Medv\Workspace\uninstall.exe /l* %temp%\medv-workspace-uninstall.log /qn DELETEDIFFDISKS=1 -``` - -## Related topics - - -[Deploy the MED-V Components](deploy-the-med-v-components.md) - -[Technical Reference for MED-V](technical-reference-for-med-v.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/compacting-the-med-v-virtual-hard-disk.md b/mdop/medv-v2/compacting-the-med-v-virtual-hard-disk.md deleted file mode 100644 index 66fc177330..0000000000 --- a/mdop/medv-v2/compacting-the-med-v-virtual-hard-disk.md +++ /dev/null @@ -1,123 +0,0 @@ ---- -title: Compacting the MED-V Virtual Hard Disk -description: Compacting the MED-V Virtual Hard Disk -author: dansimp -ms.assetid: 5e6122d1-9847-4b33-adab-594919eec3c5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Compacting the MED-V Virtual Hard Disk - - -Although it is optional, you can compact the virtual hard disk (VHD) to reclaim empty disk space and reduce the size of the VHD before you configure the Windows Virtual PC image. - -**Important**   -Before you proceed, create a backup copy of your Windows XP image. - - - -**Preparing the Virtual Hard Disk** - -1. Open your Windows XP image. - - Click **Start**, click **All Programs**, click **Windows Virtual PC**, click **Windows Virtual PC**, then double-click your Windows XP image. - -2. Clear the DLL cache. - - 1. At a command prompt in the virtual machine, type **sfc /cachesize=1**. - - 2. Restart the virtual machine. - - 3. At a command prompt in the virtual machine, type **sfc /purgecache**. - -3. Delete unnecessary files, such as uninstallers, temp files, log files, page files, shared folders, and so on. - -4. Turn off System Restore. You can also specify this step in your Sysprep.inf file. - - 1. In **Control Panel**, double-click **System**, and then select the **System Restore** tab. - - 2. Select **Turn off System Restore**, and then click **OK**. - -5. Set maximum event log sizes and clear all events. - - 1. Open the event viewer. - - Click **Start**, click **Control Panel**, double-click **Administrative Tools**, then double-click **Event Viewer**. - - 2. Right-click **Application**, and click **Properties**. - - 3. In the **Log Size** area, set **Maximum Log Size** to 512KB and then select **Overwrite events as needed**. - - 4. Click **Clear Log**. In the **Event Viewer** dialog box that appears, click **No**. - - 5. In the **Properties** window, click **OK**. - - 6. Repeat steps a through e for the **Security** and **System** logs. - -6. Run the Disk Cleanup Tool. - - Click **Start**, click **All Programs**, click **Accessories**, click **System Tools**, and then click **Disk Cleanup**. - -7. Configure your page file as needed for your applications. - - 1. In **Control Panel**, double-click **System**, and then select the **Advanced** tab. - - 2. In the **Performance** area, click **Settings**. - - 3. In the **Virtual Memory** area, click **Change**. - - 4. Configure your page file settings. - -8. Shut down the Windows XP image. - -**Defragmenting and Pre-compacting the Virtual Hard Disk** - -1. In **Control Panel** on the host computer that is running Windows 7, click **Administrative Tools**, double-click **Computer Management**, then click **Disk Management**. - -2. By using the Disk Management Console, attach (mount) the virtual hard disk and then defragment the disk. - -3. By using an ISO extraction tool, extract the precompact.iso located in the \\Program Files\\Windows Virtual PC\\Integration Components folder. - -4. Use the precompact.exe program to compress the Windows XP virtual hard disk. - -5. By using the Disk Management Console, detach the virtual hard disk. - -**Compacting the Virtual Hard Disk** - -1. Open Windows Virtual PC. - - Click **Start**, click **All Programs**, click **Windows Virtual PC**, then click **Windows Virtual PC**. - -2. Right-click your Windows XP image and select **Settings**. - -3. Click **Hard Disk** for the one that corresponds to your Windows XP image, and then click **Modify**. - -4. Click **Compact virtual hard disk**. - -5. Click **Compact** and then click **OK**. - -Create a backup copy of your compacted virtual hard disk. - -## Related topics - - -[Configuring a Windows Virtual PC Image for MED-V](configuring-a-windows-virtual-pc-image-for-med-v.md) - -[Technical Reference for MED-V](technical-reference-for-med-v.md) - - - - - - - - - diff --git a/mdop/medv-v2/configure-environment-prerequisites.md b/mdop/medv-v2/configure-environment-prerequisites.md deleted file mode 100644 index 061ec06592..0000000000 --- a/mdop/medv-v2/configure-environment-prerequisites.md +++ /dev/null @@ -1,64 +0,0 @@ ---- -title: Configure Environment Prerequisites -description: Configure Environment Prerequisites -author: dansimp -ms.assetid: 7379e8e5-1cb2-4b8e-8acc-5c04e26f8c91 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Configure Environment Prerequisites - - -Before you can deploy and run Microsoft Enterprise Desktop Virtualization (MED-V) 2.0, you must ensure that your environment meets the following minimum prerequisites. - -**Windows 7** - -The MED-V Host Agent and the MED-V Workspace Packager are only supported in Windows 7 or newer. - -**Windows XP SP3** - -The MED-V Guest Agent is only supported in Windows XP SP3. - -**.NET Framework 3.5 SP1** - -The MED-V Host and Guest agents and the MED-V Workspace Packager require the Microsoft .NET Framework 3.5 SP1. - -**Important**   -You must also install the update [KB959209](https://go.microsoft.com/fwlink/?LinkId=204950) (https://go.microsoft.com/fwlink/?LinkId=204950), which addresses several known application compatibility issues. - - - -**Note**   -You must manually install the .NET Framework 3.5 SP1 and the update KB959209 into the Windows Virtual PC image that you prepare for use with MED-V. However, by default, the Microsoft .NET Framework 3.5 SP1 and the update are included when you install Windows 7 on the host computer. - - - -**An Active Directory Infrastructure** - -Group Policy provides the centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment. - -## Related topics - - -[Configure Installation Prerequisites](configure-installation-prerequisites.md) - -[High-Level Architecture](high-level-architecturemedv2.md) - -[MED-V 2.0 Supported Configurations](med-v-20-supported-configurations.md) - - - - - - - - - diff --git a/mdop/medv-v2/configure-installation-prerequisites.md b/mdop/medv-v2/configure-installation-prerequisites.md deleted file mode 100644 index efb17dc81e..0000000000 --- a/mdop/medv-v2/configure-installation-prerequisites.md +++ /dev/null @@ -1,103 +0,0 @@ ---- -title: Configure Installation Prerequisites -description: Configure Installation Prerequisites -author: dansimp -ms.assetid: ff9cf28a-3eac-4b6c-8ce9-bfc202f57947 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Configure Installation Prerequisites - - -The following instructions are prerequisites for installing and using Microsoft Enterprise Desktop Virtualization (MED-V) 2.0: - -[Windows Virtual PC](#bkmk-howtoinstallandconfiguremicrosoftvirtualpc7) - -[Windows Virtual PC Update](#bkmk-howtoinstallandconfiguremicrosoftvirtualpc7update) - -[Antivirus/Backup Software Configuration](#bkmk-antivirusbackupsoftwareconfiguration) - -## How to Install and Configure Windows Virtual PC - - -**Important**   -If a version of Virtual PC for Windows already exists on the host computer, you must uninstall it before you install Windows Virtual PC. - - - -**To install Windows Virtual PC** - -1. Download [Windows Virtual PC](https://go.microsoft.com/fwlink/?LinkId=195918) from the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=195918). - -2. Run the installation file on the host computer, and follow the steps in the wizard. - -**Important**   -Windows Virtual PC includes the Integration Components package, which provides features that improve the interaction between the virtual environment and the physical computer. For example, it lets your mouse move between the host and the guest computers. MED-V requires the installation of the Integration Components package. - - - -## How to Install and Configure the Windows Virtual PC Update - - -The Microsoft update associated with article KB977206 enables Windows XP Mode for computers without hardware-assisted virtualization (HAV) technology. We recommended that you install this update because some integration features might not work correctly if the Integration Components package in the guest operating system do not match the version of Windows Virtual PC that is installed on the host computer. - -**Important**   -You do not have to install this update when you are installing MED-V on host computers that are running Windows 7 with Service Pack 1. - - - -**Tip**   -In addition to the update listed here, we recommend that you review all available Windows Virtual PC updates and apply those updates that are appropriate or necessary for your environment. - - - -**To install the Windows Virtual PC Update** - -1. Download the required Windows Virtual PC update from the Microsoft Download Center. - - [32-bit Update](https://go.microsoft.com/fwlink/?LinkId=195919) (https://go.microsoft.com/fwlink/?LinkId=195919). - - [64-bit Update](https://go.microsoft.com/fwlink/?LinkId=195920) (https://go.microsoft.com/fwlink/?LinkId=195920). - -2. Run the installation file on the host computer in elevated mode, and follow the steps in the wizard. - - For more information about the hotfix package for Windows Virtual PC, see [article 977206](https://go.microsoft.com/fwlink/?LinkId=195921) (https://go.microsoft.com/fwlink/?LinkId=195921). - -## How to Configure Antivirus/Backup Software - - -To prevent antivirus activity from affecting the performance of the virtual desktop, we recommend, where you can, to exclude the following virtual machine file types from any antivirus or backup process that is running on the host computer: - -- \*.VMC - -- \*.VUD - -- \*.VSV - -- \*.VHD - -## Related topics - - -[Configure Environment Prerequisites](configure-environment-prerequisites.md) - -[High-Level Architecture](high-level-architecturemedv2.md) - -[MED-V 2.0 Supported Configurations](med-v-20-supported-configurations.md) - - - - - - - - - diff --git a/mdop/medv-v2/configuring-a-windows-virtual-pc-image-for-med-v.md b/mdop/medv-v2/configuring-a-windows-virtual-pc-image-for-med-v.md deleted file mode 100644 index 93373c0249..0000000000 --- a/mdop/medv-v2/configuring-a-windows-virtual-pc-image-for-med-v.md +++ /dev/null @@ -1,218 +0,0 @@ ---- -title: Configuring a Windows Virtual PC Image for MED-V -description: Configuring a Windows Virtual PC Image for MED-V -author: dansimp -ms.assetid: d87a0df8-9e08-4d1e-bfb0-9dc3cebf0d28 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 11/01/2016 ---- - - -# Configuring a Windows Virtual PC Image for MED-V - - -After you have installed everything that you want to include in your MED-V image, you can configure the image for use in Microsoft Enterprise Desktop Virtualization (MED-V) 2.0. The topics in this section provide guidance for configuring your MED-V image to run first time setup before you create your MED-V workspace package. - -First time setup prepares the MED-V workspace for an end user. The process creates a virtual machine from the image packaged in the MED-V workspace and then runs Windows Mini-Setup on the virtual machine. This includes the running of both custom setup scripts and the first time setup completion application, FtsCompletion.exe. - -Follow these steps to configure your MED-V image for running first time setup: - -1. As an option, you can compact the virtual hard disk (VHD) to reclaim empty disk space and reduce the size of the VHD before you continue with configuring the Windows Virtual PC image. For more information, see [Compacting the MED-V Virtual Hard Disk](compacting-the-med-v-virtual-hard-disk.md). - -2. Customize the virtual machine setup process. - -3. Seal the MED-V image by using Sysprep. - - **Customizing the Virtual Machine Setup Process** - -4. As part of preparing your image for use with MED-V, you can configure various settings on the virtual machine, such as specifying the settings for running Windows Update. Specify all the necessary virtual machine settings before you create the MED-V workspace package. - -5. Before you create the MED-V workspace package, we recommend that you disable restore points on the virtual machine to prevent the differencing disk from growing unbounded. For more information, see [How to turn off and turn on System Restore in Windows XP](https://go.microsoft.com/fwlink/?LinkId=195927) (https://go.microsoft.com/fwlink/?LinkId=195927). - - **Note** - You can set up your Sysprep.inf file to disable restore points when first time setup is run. For an example of setting this GuiRunOnce key, see the sample Sysprep.inf file later in this section. - - - -6. Configure the setup process to run Mini-Setup instead of the default Windows Welcome. You must either run the Sysprep tool by using the **-mini** switch, or select the **MiniSetup** check box in the graphical user interface. For more information, see [How to Seal the Image with Sysprep](#bkmk-seal). - - **Calling the First time setup Completion File** - - 1. An executable called FtsCompletion.exe is included as part of the installation of the MED-V Guest Agent. By default, it is located in the system drive of your MED-V image under **Program Files – Microsoft Enterprise Desktop Virtualization**. - - **Important** - As the final step in the first time setup process, you must run this executable program. The user for whom the executable program is being called must be a member of the guest’s local administrator group. - - - - 2. You can decide how you want to call this executable program, for example, through a script that is deployed with the MED-V workspace. You can call this executable as the last line of your Sysprep.inf file. For an example of how to call this executable program in your Sysprep.inf file, see the sample file later in this section. - -After you have completed customization of your MED-V image, you are ready to seal the image by using Sysprep. - -**Sealing the MED-V Image by Using Sysprep** - -1. The System Preparation tool (Sysprep) is a technology that you can use to perform image-based installations throughout the network with minimal intervention by an administrator or IT-Professional. - -2. In a MED-V environment, you can use Sysprep to assign unique security IDs (SID) and other settings to each MED-V workspace the first time that they are started. - - **Note** - For more information about how to use Sysprep, see [Sysprep Technical Reference](https://go.microsoft.com/fwlink/?LinkId=195930) (https://go.microsoft.com/fwlink/?LinkId=195930). - - - -~~~ -**Caution** -When you use non-ASCII characters in the Sysprep.inf file, you must save the file by using the encoding appropriate for the characters entered. Windows XP expects the Sysprep.inf file to be encoded by using the code page for the language that you are targeting. - -You must also make sure that the System Locale of the computers to which the MED-V workspace is deployed is set to handle the language specific characters that might be present in the Sysprep.inf file. To change the settings for the System Locale, follow these steps: - -1. To open Region and Language, click **Start**, click **Control Panel**, and then click **Region and Language**. - -2. Click the **Administrative** tab, and then click **Change System Locale** under **Language for non-Unicode programs**. - - If you are prompted for an administrator password or confirmation, type the administrator password or provide confirmation. - -3. Select your preferred language and then click **OK**. - - - -**To configure Sysprep on the MED-V Guest Computer** - -1. Create a folder named *Sysprep* in the root of the MED-V image system drive. - -2. Download the deploy.cab file. For more information, see [Windows XP Service Pack 3 Deployment Tools](https://go.microsoft.com/fwlink/?LinkId=195928) From the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=195928). - -3. From the deploy.cab file, copy or extract the Setupmgr.exe, Sysprep.exe, and Setupcl.exe files to the Sysprep folder. - -4. In the Sysprep folder, run **Setup Manager** (Setupmgr.exe) to create a Sysprep.inf answer file. - - Or, you can create this file manually or use your company’s existing file. For more information, see [How to use the Sysprep tool to automate successful deployment of Windows XP](https://go.microsoft.com/fwlink/?LinkId=195929) (https://go.microsoft.com/fwlink/?LinkId=195929). - -5. Follow the **Setup Manager** wizard. - - **Important** - You must configure the MED-V guest to join a domain that lets users log on by using the credentials that they use to log on to the MED-V host. - - - - **Caution** - When you configure a proxy account for joining virtual machines to the domain, know that it is possible for an end user to obtain the proxy account credentials. Take all the necessary security precautions to minimize risk, such as limiting account user rights. For more information about security concerns when you configure a Windows Virtual PC image for MED-V, see [Security Best Practices for MED-V Operations](security-best-practices-for-med-v-operations.md). - - - - If end users must provide information during the first time setup process based on the parameters specified in the Sysprep.inf file, you must also specify that first time setup is run in **Attended** mode when you are creating your MED-V workspace package. If no information will be required from the end user, you can specify that first time setup is run in **Unattended** mode when you are creating your MED-V workspace package. For more information, see [Create a MED-V Workspace Package](create-a-med-v-workspace-package.md). - - Although you can specify any settings that you prefer, a MED-V best practice is that you create the Sysprep.inf file so that first time setup can be run in **Unattended** mode. This requires that you provide all of the required settings information as you continue through the **Setup Manager** wizard. - - **Caution** - If you have set a local policy or registry entry to include a service level agreement (SLA) in your image (VHD), you must specify that first time setup is run in **Attended** mode or first time setup will fail. Or, a MED-V best practice is to enforce the SLA through Group Policy later so that the SLA is displayed to the end user after first time setup is finished. - - - - **Note** - You can configure the MED-V workspace to set certain Sysprep.inf settings based on the configuration of the host and the identity of the end user. For more information, see [Create a MED-V Workspace Package](create-a-med-v-workspace-package.md). - - - -6. Seal the MED-V image. - - **Important** - We recommend that you make a backup copy of the MED-V image before sealing it. - - - - After you have completed all the steps in the **Setup Manager** wizard, you are ready to run Sysprep to seal the MED-V image. - -**To run Sysprep** - -1. Run the System Preparation Tool (Sysprep.exe) from the *Sysprep* folder that you created when you configured Sysprep in the MED-V virtual machine. - -2. In the warning message box that appears, click **OK**. - -3. In the **Options** dialog box, select the **Don't reset grace period for activation** and **Use Mini-Setup** check boxes. Also, make sure that the **Shutdown mode** box is set to **Shut down**. - -4. Click **Reseal**. This removes identity information and clears event logs to prepare for first time setup. - -5. If you are not satisfied with the information listed in the confirmation message box that appears, click **Cancel** and then change the selections. - -6. Click **OK** to complete the system preparation process. - -After you have run Sysprep on your MED-V image, the virtual machine shuts down and is ready for use in creating a MED-V workspace. -~~~ - -## Example - - -Here is an example of a Sysprep.inf file. - -``` syntax -;SetupMgrTag -[GuiUnattended] - EncryptedAdminPassword=NO - TimeZone=10 - OEMDuplicatorstring="MED_V v2 Host" - AdminPassword="administrator" - AutoLogon=Yes - AutoLogonCount=1 - OEMSkipRegional=1 - OemSkipWelcome=1 - -[UserData] - ProductKey= - FullName="MED-V User" - OrgName="Contoso" - ComputerName=* - -[Identification] - JoinDomain=domain.corp.contoso.com - DomainAdmin=UserName - DomainAdminPassword=Password - -[Networking] - InstallDefaultComponents=Yes - -[Branding] - BrandIEUsingUnattended=Yes - -[Proxy] - Proxy_Enable=0 - Use_Same_Proxy=0 - -[Unattended] - InstallFilesPath=C:\sysprep\i386 - TargetPath=\WINDOWS - UpdateServerProfileDirectory=1 - OemSkipEula=Yes - -[RegionalSettings] - LanguageGroup=1 - Language=00000409 - -[GuiRunOnce] - Command0="wmic /namespace:\\root\default path SystemRestore call Disable %SystemDrive%\" - Command1="c:\Program Files\Microsoft Enterprise Desktop Virtualization\FtsCompletion.exe" - -[sysprepcleanup] -``` - -## Related topics - - -[Create a MED-V Workspace Package](create-a-med-v-workspace-package.md) - -[Prepare a MED-V Image](prepare-a-med-v-image.md) - - - - - - - - - diff --git a/mdop/medv-v2/configuring-advanced-settings-by-using-windows-powershell.md b/mdop/medv-v2/configuring-advanced-settings-by-using-windows-powershell.md deleted file mode 100644 index 36f93794e4..0000000000 --- a/mdop/medv-v2/configuring-advanced-settings-by-using-windows-powershell.md +++ /dev/null @@ -1,112 +0,0 @@ ---- -title: Configuring Advanced Settings by Using Windows PowerShell -description: Configuring Advanced Settings by Using Windows PowerShell -author: dansimp -ms.assetid: 437a31cc-2a11-456f-b448-b0b869fb53f7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configuring Advanced Settings by Using Windows PowerShell - - -The MED-V workspace package that you create includes a Windows PowerShell script (.ps1) file that you can edit before you test and deploy your MED-V workspace package. This section provides information and guidance to help you manage MED-V configuration settings by using Windows PowerShell before you deploy the MED-V workspaces. - -## Using Windows PowerShell Cmdlets in MED-V - - -The following Windows PowerShell cmdlets are available in Microsoft Enterprise Desktop Virtualization (MED-V) 2.0: - -**New-MedvConfiguration** - -**Export-MedvConfiguration** - -**New-MedvWorkspace** - -**Export-MedvWorkspace** - -To access Windows PowerShell cmdlets for MED-V, open Windows PowerShell and type the following command to import the MED-V modules. - -``` syntax -Import-Module microsoft.medv -``` - -After the modules are imported, you can access inline help for the cmdlets by using the standard Windows PowerShell Help commands, **man** or **get-help**. For example, to access a description of the **New-MedvConfiguration** cmdlet including a complete list of available parameters, type the following command. - -``` syntax -get-help New-MedvConfiguration -``` - -You can also view help for specific parameters. For example, to view help for the parameter VmMemory, type the following: - -``` syntax -get-help New-MedvConfiguration -parameter VmMemory -``` - -To view a list of all MED-V configuration settings and their defaults, type the following command. - -``` syntax -New-MedvConfiguration -ForceDefaults -``` - -To view a list of all MED-V configuration settings and their current values, type the following command. - -``` syntax -gwmi -Class "Setting” -Namespace "root/microsoft/medv” -``` - -## Creating a MED-V Workspace with Custom Settings - - -After you successfully create a MED-V workspace package by using the MED-V Workspace Packager, a Windows PowerShell script is generated in the folder you specified for saving your packager files. The contents of this script show some of the available MED-V configuration settings that you can edit. - -Following these steps, you can customize the script and then run it in Windows PowerShell to create a MED-V workspace with the new settings. - -**Important**   -Run Windows PowerShell with administrative credentials, and ensure that the Windows PowerShell execution policy allows the running of scripts. - -1. Edit the Windows PowerShell script that was generated by the MED-V Workspace Packager, or author a new script with the configuration settings that you want. - -2. Run Windows PowerShell with administrative credentials and at the command prompt, type the following command. - - ``` syntax - & “.\.ps1” - ``` - - This command runs the Windows PowerShell script and runs the **New-MedvWorkspace** cmdlet to generate a new MED-V workspace package. The new packager files are saved in the folder that you originally specified for storing your MED-V Workspace Packager files. For additional help about this cmdlet, see the Windows PowerShell Help. - - - -## Exporting a MED-V Configuration to a Registry File - - -You can update MED-V configuration settings after the MED-V workspace is installed. Use the **New-MedvConfiguration** cmdlet to specify the parameters that you want to change. For example, to create a registry file that changes the virtual machine memory setting, type the following commands. - -``` syntax -New-MedvConfiguration -VmMemory 1024 | Export-MedvConfiguration -Path c:\medvConfiguration\myConfig.reg -``` - -You can import the resultant registry file from the host computer to a MED-V workspace to apply the new configuration settings. - -## Related topics - - -[Managing MED-V Workspace Configuration Settings](managing-med-v-workspace-configuration-settings.md) - -[Test And Deploy the MED-V Workspace Package](test-and-deploy-the-med-v-workspace-package.md) - - - - - - - - - diff --git a/mdop/medv-v2/create-a-med-v-workspace-package.md b/mdop/medv-v2/create-a-med-v-workspace-package.md deleted file mode 100644 index 900ad453d6..0000000000 --- a/mdop/medv-v2/create-a-med-v-workspace-package.md +++ /dev/null @@ -1,460 +0,0 @@ ---- -title: Create a MED-V Workspace Package -description: Create a MED-V Workspace Package -author: dansimp -ms.assetid: 3f75fe73-41ac-4389-ae21-5efb2d437f4d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Create a MED-V Workspace Package - - -A MED-V workspace is the Windows XP desktop environment where end users interact with the virtual machine provided by MED-V. The administrator creates and customizes the MED-V workspace. The workspace consists of an image and the Group Policy that defines the rules and functionality of the MED-V workspace. - -You can create multiple MED-V workspaces, each customized with its own configuration, settings, and rules. A user, group, or multiple users or groups can be associated with each MED-V workspace. The customization makes that MED-V workspace available only for that user or group. - -Use the **MED-V Workspace Packager** to create MED-V workspaces. The **MED-V Workspace Packager** is divided into two main sections: - -- A main panel that includes three buttons that you use to create and manage MED-V workspaces. The **Create a MED-V Workspace Package** button opens the **Create MED-V Workspace Package Wizard** that you use to create your MED-V workspaces. - -- A **Help Center** on the right-hand side of the window that provides information and guidance to help you create, test, and manage your MED-V workspaces. - -**Important** -Before you can use the **MED-V Workspace Packager**, you must first make sure that the Windows PowerShell execution policy is set to Unrestricted. - -`Set-ExecutionPolicy Unrestricted` - -In addition, the SAN policy for the computer on which the **MED-V Workspace Packager** is run must be set to “Online All”. To check the setting of the SAN policy, run the following commands at a command prompt with administrative credentials: - -`diskpart.exe` - -`DISKPART> san` - -`DISKPART> exit` - -If it is necessary, change the SAN policy to "Online All" by typing the following commands at the command prompt with administrative credentials: - -`diskpart.exe` - -`DISKPART> san policy=onlineall` - -`DISKPART> exit` - - - -**Important** -If automatic disk encryption software is installed on the computer that you use to mount the virtual hard disk and build the MED-V workspace package, you must disable the software before you start. Otherwise, you cannot use the MED-V workspace on any other computer. - - - -The information we provide here can help you create your MED-V workspace deployment package. - -## Prerequisites - - -Before you start to build your MED-V workspace deployment package, verify that you have access to the following items: - -- **A prepared Windows XP image** - - For more information about how to create a Windows XP image for use with MED-V, see [Prepare a MED-V Image](prepare-a-med-v-image.md). - -- **A text file or list that contains URL redirection information** - - Your URL redirection text file or list contains those URLs that you want redirected from the host computer to Internet Explorer in the MED-V workspace. When you are using the packaging wizard to create your MED-V workspace, you import, type, or copy and paste this redirection information as one of the steps in the package creation process. - - **Note** - URL redirection in MED-V only supports the protocols HTTP and HTTPS. MED-V does not provide support for FTP or any other protocols. - - - -~~~ -Enter each web address on a single line, for example: - -http://www.contoso.com/webapps/webapp1 - -http://www.contoso.com/webapps/webapp2 - -http://\*.contoso.com - -http://www.contoso.com/webapps/\* - -**Important** -If you import a text file that includes a URL that uses special characters (such as ~ ! @ \# and so on), make sure that you specify UTF-8 encoding when you save the text file. Special characters do not import correctly into the MED-V Workspace Packager if the text file was saved using the default ANSI encoding. -~~~ - - - -## Packaging a MED-V Workspace for a Language Other than the Language of the MED-V Workspace Packager Computer - - -By default, the MED-V workspace supports characters in both the language of the computer and in English. To create a MED-V workspace for a language other than the one installed on the computer, specify **-loc \[locale\]** in the PowerShell script (.ps1) after the MED-V workspace name. - -To create a MED-V workspace package in a language other than the default language of the MED-V Workspace Packager computer, generate a script in the default language by running the MED-V Workspace Packager and then modifying the output script as required for your locale. The script is located in the MED-V workspace output directory that was specified during packaging. The names of the locale settings are on the .WXL files in the following directory: - -C:\\Program Files\\Microsoft Enterprise Desktop Virtualization\\WindowsPowerShell\\Modules\\Microsoft.Medv.Administration.Commands.WorkspacePackager\\locale - -## Creating a MED-V Workspace Package - - -To create a MED-V workspace package, follow these steps: - -**** - -1. To open the **MED-V Workspace Packager**, click **Start**, click **All Programs**, click **Microsoft Enterprise Desktop Virtualization**, and then click **MED-V Workspace Packager**. - -2. On the **MED-V Workspace Packager** main panel, click **Create a MED-V Workspace Package**. - - The MED-V **Create MED-V Workspace Package Wizard** appears. The wizard consists of the following pages: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Package Information

Specify a name for the MED-V workspace and select a folder where the MED-V workspace package files are saved.

Select Windows XP Image

Specify your prepared Windows XP Virtual PC image.

First Time Setup

Specify the setup process that MED-V follows during first time setup.

MED-V Messages

Specify the messages and optional URL for Help information that the end user sees during first time setup.

Naming Computers

Specify how the MED-V virtual machine is named.

Copy Settings from Host

Specify how the settings for the MED-V workspace are defined.

Startup and Networking

Specify the settings for starting the MED-V workspace, networking, and user credentials.

Web Redirection

Specify a text file or a list of the URLs you want redirected to Internet Explorer in the MED-V workspace.

Summary

Verify your MED-V workspace settings and start to build your MED-V workspace deployment package.

- - - -3. On the **Package Information** page, enter a name for the MED-V workspace and select a folder where the MED-V workspace package files are saved. - - **Warning** - You must name the MED-V workspace and specify a folder to continue. - - - -~~~ -After you have finished, click **Next**. -~~~ - -4. On the **Select Windows XP Image** page, specify the location of your prepared MED-V Windows XP Virtual PC image (.vhd file). - - **Warning** - You must specify a Windows XP VHD image to continue. - - - -~~~ -After you have finished, click **Next**. -~~~ - -5. On the **First Time Setup** page, select whether you want first time setup to run while attended or unattended and whether you want the MED-V workspace used separately or used by all end users on a shared computer. - - If you select **Unattended setup, without any notification**, the end user is not informed before first time setup is run and the virtual machine is not shown to the end user during first time setup. In addition, the **MED-V Messages** page of the wizard is hidden because no messages are required if first time setup runs in a completely unattended mode. - - If you select **Unattended setup, but notify end users before first time setup begins**, the end user is informed before first time setup is run. However, the virtual machine is not shown to the end user during first time setup. - - Select **Attended setup** if the end user must enter information during first time setup. - - The default behavior is **Unattended setup, but notify end users before first time setup begins**. - - **Caution** - If you created the Sysprep.inf file so that Mini-Setup requires user input to complete, you must select **Attended setup** or problems might occur during first time setup. - - - -~~~ -You can also specify how a MED-V workspace is used on computers that are shared by multiple end users. You can decide that you want to create a unique MED-V workspace for each end user or that you want the MED-V workspace made available to all end users who share the computer. The default is that the MED-V workspace is unique for each end user. - -**Important** -We recommend that you disable the fast user switching feature in Windows if you configure the MED-V workspace to be accessed by all users on a shared computer. Problems can occur if an end user logs on by using the fast user switching feature in Windows when another user is still logged on. - - - -**Tip** -When you create a name mask for the MED-V workspace on the **Naming Computers** page, make sure that each virtual machine on a shared computer has a unique computer name. - - - -You can also specify whether the MED-V workspace is added to the Administrators group or administrator credentials are managed outside MED-V. By default, the MED-V workspace is not automatically added to the Administrators group. - -After you have finished, click **Next**. -~~~ - -6. On the **MED-V Messages** page, specify the following messages that the end user sees during first time setup: - - - The message that the end user sees when first time setup starts. - - - The message that the end user sees if first time setup fails or an error occurs. - - **Note** - The **MED-V Messages** page of the wizard is hidden if you selected **Unattended setup, without any notification** on the **First Time Setup** page. - - - -~~~ -You can also specify an optional URL location for help information that is provided to the end user when first time setup is running. - -For example, the URL can point to an internal IT webpage with answers to questions such as "How long will this take and how will I know when it has completed?" or "What do you do if you get an error message?" - -**Note** -If you specify a URL, a link is shown during first time setup that points the end user to this help information. If you do not specify a URL, no link is provided. - - - -After you have finished, click **Next**. -~~~ - -7. On the **Naming Computers** page, you can specify whether computer naming is managed by MED-V or by a system management tool, such as Sysprep. The default is that computer naming is managed by a system management tool. - - If you specify that computer naming is managed by MED-V, select a predefined computer naming convention (mask) from the drop-down list. A preview of a sample computer name appears that is based on the computer that you are using to build the MED-V workspace package. - - If you select one of the custom naming conventions, the fields you can specify are limited to the following characters: - - - The prefix and suffix fields are limited to the characters A-Z, a-z, 0-9, and the special characters ! @ \# $ % ^ & ( ) - \_ ' { } . and ~. - - - The hostname and username fields are limited to the digits 0 through 9. - - **Important** - Computer names must be unique and are limited to a maximum of 15 characters. When you decide on your computer naming method, consider end users who have multiple computers or that share a computer, and avoid using computer name masks that could cause a collision on the network. - - - -~~~ -**Caution** -The computer name settings that you specify on this page override those specified in the Sysprep.inf answer file. - - - -After you have finished, click **Next**. -~~~ - -8. On the **Copy Settings from Host** page, you can select the following settings to specify how the MED-V workspace is configured: - - **Caution** - The settings that you specify on this page that are copied from the host computer to the MED-V workspace override those specified in the Sysprep.inf answer file. - - - -~~~ - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Copy regional settings

Select this check box to copy the regional settings from the host computer to the MED-V workspace.

If you select this check box, the following settings are set in the Sysprep.inf file:

-
[RegionalSettings]
-Language
-SystemLocale
-UserLocale
-UserLocale_DefaultUser
-InputLocale
-InputLocale_DefaultUser
-

Copy user settings

Select this check box to copy certain user settings, such as user name and company name, from the host to the MED-V workspace.

If you select this check box, the following settings are set in the Sysprep.inf file:

-
[UserData]
-OrgName
-FullName
-
-Note -

Personal settings, such as Internet browsing history, are not copied over to the MED-V workspace.

-
-
- -

Copy domain name

Select this check box to let the guest join the same domain as the host.

-Important -

The MED-V guest must be configured to join a domain that lets users log on by using the credentials that they use to log on to the MED-V host.

-
-
- -

Copy domain organizational unit

Select this check box to copy the domain organizational unit from the host computer to the MED-V workspace. This check box is only enabled if you select to copy the domain name from the host computer.

- - - -After you have finished, click **Next**. -~~~ - -9. On the **Startup and Networking** page, you can change the default behavior for the following settings: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Start MED-V workspace

Choose whether to start the MED-V workspace at user logon, at first use, or to let the end user decide when the MED-V workspace starts.

The MED-V workspace starts in one of two ways: either when the end user logs on or when they first start an action that requires MED-V, such as opening a published application or entering a URL that requires redirection.

-

You can either define this setting for the end user or let the end user control how MED-V starts.

-
- Note

If you specify that the end user decides, the default behavior they experience is that the MED-V workspace starts when they log on. They can change the default by right-clicking the MED-V icon in the notification area and selecting MED-V User Settings. If you define this setting for the end user, they cannot change how MED-V starts.

-
-
- -

Networking

Select Shared or Bridged for your networking setting. The default is Shared.

Shared - The MED-V workspace uses Network Address Translation (NAT) to share the host's IP for outgoing traffic.

-

Bridged - The MED-V workspace has its own network address, typically obtained through DHCP.

Store credentials

Choose whether you want to store the end user credentials.

The default behavior is that credential storing is disabled so that the end user must be authenticated every time that they log on.

-
- Important

Even though caching the end user’s credentials provides the best user experience, you should be aware of the risks involved.

-

The end user’s domain credential is stored in a reversible format in the Windows Credential Manager. As a result, an attacker could write a program that retrieves the password and could gain access to the user’s credentials. You can only lessen this risk by disabling the storing of end-user credentials.

-
-
- -
- - - -~~~ -After you have finished, click **Next**. -~~~ - -10. On the **Web Redirection** page, you can enter, paste, or import a list of the URLs that are redirected to Internet Explorer in the MED-V workspace. For more information about how to configure your URL redirection information, see [Prerequisites](#bkmk-prereq). - - You can also specify how Internet Explorer in the MED-V workspace is configured for end users. By default, the Internet zone security level is set to High. Also, certain default browsing capabilities, such as the address bar, are removed. This default configuration of Internet Explorer in the MED-V workspace provides a more secure browsing environment for end users. - - **Caution** - By changing the default settings, you can customize Internet Explorer in the MED-V workspace. However, realize that if you change the default settings so as to make them less secure, you can expose your organization to those security risks that are present in older versions of Internet Explorer. For more information, see [Security Best Practices for MED-V Operations](security-best-practices-for-med-v-operations.md). - - - -~~~ -After you have finished, click **Next**. -~~~ - -11. On the **Summary** page, you can review the packaging settings for this MED-V workspace. If you want to change any settings, click the **Previous** button to return to the relevant page. After you have finished reviewing the settings, click **Create**. - - The **Completion** page of the **Create MED-V Workspace Package Wizard** opens to show the progress of the package creation. - - **Note** - The MED-V workspace package creation process might take several minutes to complete, depending on the size of the VHD specified. - - - -~~~ -If the MED-V workspace package is created successfully, the **Completion** page displays a list of the files that you created and their respective locations. The following is a list of the files that are created and their descriptions: - -- **setup.exe**—an installation program that you deploy and run on end-user computers to install the MED-V workspaces. - -- **<*workspace\_name*>.msi**—an installer file that you deploy to the end-user computers. The setup.exe file will run this file to install the MED-V workspaces. - -- **<*vhd\_name*>.medv**—a compressed VHD file that you deploy to the end-user computers. The setup.exe file uses it when it installs the MED-V workspaces. - -- **<*workspace\_name*>.reg**—the configuration settings that are installed when the setup.exe, <*workspace\_name*>.msi, and <*vhd\_name*>.medv files are deployed and setup.exe is run. - -- **<*workspace\_name*>.ps1**—a Windows PowerShell script that you can use to rebuild the registry file and re-build the MED-V workspace package. - - **Important** - Before deployment, you can edit configuration settings by updating the .ps1 file that has your preferred method of script editing, such as Windows PowerShell. After you change the .ps1 file, use that file to rebuild the MED-V workspace package that you deploy to your enterprise. For more information, see [Configuring Advanced Settings by Using Windows PowerShell](configuring-advanced-settings-by-using-windows-powershell.md). - - However, after the MED-V workspace is deployed, you must edit configuration settings through the registry. For a list and description of the configuration settings, see [Managing MED-V Workspace Configuration Settings](managing-med-v-workspace-configuration-settings.md). -~~~ - - - -12. Click **Close** to close the packaging wizard and return to the **MED-V Workspace Packager**. - -Your MED-V workspace package is now ready for testing before deployment. - -## Related topics - - -[Configuring Advanced Settings by Using Windows PowerShell](configuring-advanced-settings-by-using-windows-powershell.md) - -[Testing the MED-V Workspace Package](testing-the-med-v-workspace-package.md) - -[Prepare a MED-V Image](prepare-a-med-v-image.md) - - - - - - - - - diff --git a/mdop/medv-v2/creating-a-windows-virtual-pc-image-for-med-v.md b/mdop/medv-v2/creating-a-windows-virtual-pc-image-for-med-v.md deleted file mode 100644 index d501b3826f..0000000000 --- a/mdop/medv-v2/creating-a-windows-virtual-pc-image-for-med-v.md +++ /dev/null @@ -1,159 +0,0 @@ ---- -title: Creating a Windows Virtual PC Image for MED-V -description: Creating a Windows Virtual PC Image for MED-V -author: dansimp -ms.assetid: fd7c0b1a-0769-4e7b-ad1a-dad19cca081f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Creating a Windows Virtual PC Image for MED-V - - -Before you can deliver a MED-V workspace to users, you have to first prepare a virtual hard disk that you use to build the MED-V workspace installer package for Microsoft Enterprise Desktop Virtualization (MED-V) 2.0. To prepare the necessary virtual hard disk, you must create a Windows Virtual PC image that contains the required operating system, updates, and software to let you later deploy applications and URL redirection information to users. This section provides guidance about how to create the virtual hard disk. - -To create a virtual image for MED-V, you must follow these steps. - -1. [Create a Windows Virtual PC image](#bkmk-creatingavirtualmachinebyusingmicrosoftvirtualpc) - -2. [Install Windows XP on the image](#bkmk-installingwindowsxpontovpc) - -3. [Install the .NET Framework on the image](#bkmk-installingnet) - -4. [Apply updates to the image](#bkmk-applypatchestovpc) - -5. [Install Integration Components](#bkmk-installintegration) - -## Creating a Windows Virtual PC Image - - -To create a Windows Virtual PC image, see the Windows Virtual PC documentation: - -- [Windows Virtual PC Home Page](https://go.microsoft.com/fwlink/?LinkId=148103) (https://go.microsoft.com/fwlink/?LinkId=148103). - -- [Windows Virtual PC Help](https://go.microsoft.com/fwlink/?LinkId=182378) (https://go.microsoft.com/fwlink/?LinkId=182378). - -Alternately, if you already have a Windows Imaging (WIM) file that you want to use as the basis for your virtual image, you can convert it to a VHD that you use to build the MED-V workspace. For more information about how to convert a WIM to a virtual hard disk, see [Native VHD Support in Windows 7](https://go.microsoft.com/fwlink/?LinkId=195922) (https://go.microsoft.com/fwlink/?LinkId=195922). - -**Important**   -MED-V only supports one virtual hard disk per virtual machine and only one partition on each virtual disk. - - - -After you have created your virtual hard disk, install Windows XP on the image. - -## Installing Windows XP on a Windows Virtual PC Image - - -MED-V requires that Windows XP SP3 is installed on the Windows Virtual PC image before you build the MED-V workspace. - -For more information about how to install Windows XP, see [Create a virtual machine and install a guest operating system](https://go.microsoft.com/fwlink/?LinkId=182379) (https://go.microsoft.com/fwlink/?LinkId=182379). - -## Installing the .NET Framework 3.5 SP1 on a Windows Virtual PC Image - - -You must manually install the .NET Framework 3.5 SP1 and the update KB959209 into the Windows Virtual PC image that you prepare for use with MED-V. The update [KB959209](https://go.microsoft.com/fwlink/?LinkId=204950) (https://go.microsoft.com/fwlink/?LinkId=204950) addresses several known application compatibility issues. - -## Applying Updates to the Windows Virtual PC Image - - -After you have installed Windows XP on your virtual machine, install any required Windows XP updates on the image, such as SP3. You can also install certain optional updates for better performance. - -**Important**   -MED-V requires that Windows XP SP3 be running on the guest operating system. - - - -**Warning**   -When you install updates to Windows XP, make sure that you remain on the version of Internet Explorer in the guest that you intend to use in the MED-V workspace. For example, if you intend to run Internet Explorer 6 in the MED-V workspace, make sure that any updates that you install now do not include Internet Explorer 7 or Internet Explorer 8. In addition, we recommend that you configure the registry to prevent automatic updates from upgrading Internet Explorer. - - - -### Installing an Optional Performance Update - -Although it is optional, we recommend that you install the following update for [hotfix KB972435](https://go.microsoft.com/fwlink/?LinkId=201077) (https://go.microsoft.com/fwlink/?LinkId=201077). This update increases the performance of shared folders in a Terminal Services session: - -**Note**   -The update is publicly available. However, you might be prompted to accept an agreement for Microsoft Services. Follow the prompts on the successive webpages to retrieve this hotfix. - - - -### Configuring a Group Policy Performance Update - -By default, Group Policy is downloaded to a computer one byte at a time. This causes delays while MED-V is being joined to the domain. To increase the performance of Group Policy, set the following registry key value to the registry: - -Registry subkey: HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon - -Entry: BufferPolicyReads - -Type: DWORD - -Value: 1 - -## Installing Integration Components - - -Windows Virtual PC includes the Integration Components package. This provides features that improve the interaction between the virtual environment and the physical computer. For example, the Integration Components package lets your mouse move between the host and the guest computers. - -**Important**   -MED-V requires the installation of the Integration Components package. - - - -When you configure the virtual image to work with MED-V, you must manually install the Integration Components package on the guest operating system to make the integration features that are available. - -For more information about how to install and use the Integration Components package, see the following: - -- [Install or Upgrade the Integration Components Package](https://go.microsoft.com/fwlink/?LinkId=195923) (https://go.microsoft.com/fwlink/?LinkId=195923). - -- [About Integration Features](https://go.microsoft.com/fwlink/?LinkId=195924) (https://go.microsoft.com/fwlink/?LinkId=195924). - -### Installing RemoteApp Update - -After you install the Integration Components package, you are prompted to install the following update: "Update for Windows XP SP3 to enable RemoteApp." This is a required component for MED-V. - -**Important**   -If you are not prompted to install the RemoteApp update, you must download and install it manually. For more information and instructions about how to download this update, see [Update for Windows XP SP3 to enable RemoteApp](https://go.microsoft.com/fwlink/?LinkId=195925) (https://go.microsoft.com/fwlink/?LinkId=195925). - - - -### Enabling Remote Desktop - -By default, Remote Desktop is enabled after you install the Integration Components package. For MED-V to be operational, ensure that Remote Desktop is enabled, and do not distribute any Group Policy that disables it. - -For information about how to enable Remote Desktop, see [Enable or disable Remote Desktop](https://go.microsoft.com/fwlink/?LinkId=201162) (https://go.microsoft.com/fwlink/?LinkId=201162). - -## Customizing Internet Explorer by Using the Internet Explorer Administration Kit - - -If you want, you can use the Internet Explorer Administration Kit to customize Internet Explorer on the guest operating system. For more information, see the [Internet Explorer 6 Administration Kit and Deployment Guide](https://go.microsoft.com/fwlink/?LinkId=200007) (http:// go.microsoft.com/fwlink/?LinkId=200007). - -**Warning**   -You should consider security concerns associated with customizing Internet Explorer in the MED-V workspace. For more information, see [Security Best Practices for MED-V Operations](security-best-practices-for-med-v-operations.md). - - - -After your virtual hard disk is installed with an up-to-date guest operating system, you can install applications on the image. - -## Related topics - - -[Installing Applications on a Windows Virtual PC Image](installing-applications-on-a-windows-virtual-pc-image.md) - -[Configuring a Windows Virtual PC Image for MED-V](configuring-a-windows-virtual-pc-image-for-med-v.md) - - - - - - - - - diff --git a/mdop/medv-v2/define-and-plan-your-med-v-deployment.md b/mdop/medv-v2/define-and-plan-your-med-v-deployment.md deleted file mode 100644 index 6c0b8e2772..0000000000 --- a/mdop/medv-v2/define-and-plan-your-med-v-deployment.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Define and Plan your MED-V Deployment -description: Define and Plan your MED-V Deployment -author: dansimp -ms.assetid: a90945cc-dc37-4548-963d-e0c6f8ba0467 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Define and Plan your MED-V Deployment - - -Use the information in this section when you plan your Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 project. - -## In This Section - - -[Determining How MED-V Will Be Deployed](determining-how-med-v-will-be-deployed.md) -Provides information to help you determine how to deploy MED-V throughout your enterprise. - -[Identifying the Number and Types of MED-V Workspaces](identifying-the-number-and-types-of-med-v-workspaces.md) -Provides information to help you identify the computers in your enterprise that require MED-V and to calculate the disk space necessary for a MED-V deployment. - -## Related topics - - -[End-to-End Planning Scenario for MED-V 2.0](end-to-end-planning-scenario-for-med-v-20.md) - -[Planning for MED-V](planning-for-med-v.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/deploy-the-med-v-components.md b/mdop/medv-v2/deploy-the-med-v-components.md deleted file mode 100644 index 103992785c..0000000000 --- a/mdop/medv-v2/deploy-the-med-v-components.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Deploy the MED-V Components -description: Deploy the MED-V Components -author: dansimp -ms.assetid: fc2c5ef2-9c71-412a-8f6c-93df248f77d6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploy the MED-V Components - - -This section provides information about how to deploy the Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 components and how to uninstall the components. - -## In This Section - - -[How to Install the MED-V Workspace Packager](how-to-install-the-med-v-workspace-packager.md) -Describes how to install the MED-V Workspace Packager, which you use to create MED-V workspaces. - -[How to Deploy the MED-V Components Through an Electronic Software Distribution System](how-to-deploy-the-med-v-components-through-an-electronic-software-distribution-system.md) -Describes how to manually install the MED-V components by using an electronic software distribution (ESD) system. - -[How to Manually Install the MED-V Host Agent](how-to-manually-install-the-med-v-host-agent.md) -Describes how to install the MED-V Host Agent. - -[How to Uninstall the MED-V Components](how-to-uninstall-the-med-v-components.md) -Describes how to uninstall the MED-V components. - -## Related topics - - -[MED-V 2.0 Deployment Overview](med-v-20-deployment-overview.md) - -[Prepare the Deployment Environment for MED-V](prepare-the-deployment-environment-for-med-v.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/deploying-the-med-v-workspace-package.md b/mdop/medv-v2/deploying-the-med-v-workspace-package.md deleted file mode 100644 index b75d781a80..0000000000 --- a/mdop/medv-v2/deploying-the-med-v-workspace-package.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Deploying the MED-V Workspace Package -description: Deploying the MED-V Workspace Package -author: dansimp -ms.assetid: f314425a-d60f-4b8d-b71f-d13d1da9297f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploying the MED-V Workspace Package - - -After you have tested your Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 installer package, you can deploy it throughout your enterprise by using your company’s preferred method of provisioning software and other applications. - -**Note**   -When you are ready to deploy, we recommend that you install the MED-V workspace by running the setup.exe executable program that is included in your MED-V workspace installer package. - - - -**Warning**   -Before you can install the MED-V workspace, you must first install the MED-V Host Agent. - - - -## In This Section - - -[How to Deploy a MED-V Workspace Through an Electronic Software Distribution System](how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md) -Provides information about how to deploy MED-V workspaces by using an ESD system. - -[How to Deploy a MED-V Workspace in a Windows 7 Image](how-to-deploy-a-med-v-workspace-in-a-windows-7-image.md) -Provides information about how to deploy a MED-V workspace in a Windows 7 image. - -[How to Deploy a MED-V Workspace Manually](how-to-deploy-a-med-v-workspace-manually.md) -Provides information about how to manually deploy a MED-V workspace. - - - - - - - - - diff --git a/mdop/medv-v2/deployment-of-med-v.md b/mdop/medv-v2/deployment-of-med-v.md deleted file mode 100644 index 40216dcce3..0000000000 --- a/mdop/medv-v2/deployment-of-med-v.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: Deployment of MED-V -description: Deployment of MED-V -author: dansimp -ms.assetid: 52ea8ae4-ec2e-4cb8-ab38-e6400f47d3ba -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deployment of MED-V - - -The topics in this section help you prepare your environment for deploying Microsoft Enterprise Desktop Virtualization (MED-V) 2.0. - -## In This Section - - -[End-to-End Deployment Scenario for MED-V 2.0](end-to-end-deployment-scenario-for-med-v-20.md) -Describes an end-to-end deployment scenario for MED-V 2.0. - -[MED-V 2.0 Supported Configurations](med-v-20-supported-configurations.md) -Describes the supported configurations for MED-V 2.0. - -[MED-V 2.0 Deployment Overview](med-v-20-deployment-overview.md) -Describes the requirements for deploying MED-V 2.0. - -[Prepare the Deployment Environment for MED-V](prepare-the-deployment-environment-for-med-v.md) -Provides procedures for configuring the MED-V 2.0 environment and installation prerequisites. - -[Deploy the MED-V Components](deploy-the-med-v-components.md) -Describes how to install the MED-V Host Agent, the MED-V Workspace Packager, and other components required to run MED-V 2.0. - -## Related topics - - -[Microsoft Enterprise Desktop Virtualization 2.0](index.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/deployment-troubleshooting.md b/mdop/medv-v2/deployment-troubleshooting.md deleted file mode 100644 index 3fafc1ed70..0000000000 --- a/mdop/medv-v2/deployment-troubleshooting.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: Deployment Troubleshooting -description: Deployment Troubleshooting -author: dansimp -ms.assetid: 9ee980f2-4e77-4020-9f0e-8c2ffdc390ad -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deployment Troubleshooting - - -This topic includes information to help you troubleshoot deployment issues in Microsoft Enterprise Desktop Virtualization (MED-V) 2.0. - -## Troubleshooting Issues in MED-V Deployment - - -The following issue might occur when you deploy MED-V. The solution helps troubleshoot this issue. - -**Problems Occur if Installing MED-V for Current User Only.** MED-V only supports the installation of the MED-V Workspace Packager, the MED-V Host Agent, and the MED-V workspace for all users. Installing for the current user only causes failures in the installation of the components and in the setup of the MED-V workspace. - -**Solution** - -Never use the option **ALLUSERS=””** when installing the MED-V components. - -**MED-V Requires Exclusive Use of the Virtualization Stack.** Only one virtualization stack can be run at a time on a computer. Windows Virtual PC must use the virtual stack, and MED-V depends on Windows Virtual PC. Therefore, if you try to deploy or use MED-V when other applications are running that use the virtual stack, MED-V cannot run or be successfully installed. - -**Solution** - -Close any application that is running that uses the virtualization stack before you install or run MED-V. - -**Shortcuts Remain after Uninstall.** By default, when you uninstall MED-V, shortcuts in the end user’s **Start** menu are removed. However, in certain situations, such as for end users who are running roaming profiles, shortcuts to MED-V published applications remain in the end user’s **Start** menu. - -**Solution** - -To manually delete the remaining shortcuts on the **Start** menu, right-click the shortcuts, and then click **Remove**. - -**Disable Logon Message Group Policy Setting in the MED-V Workspace.** If the Windows XP logon message is enabled in the MED-V workspace, the end user must log on every time they want to open a MED-V virtual application. This creates a poor user experience. - -**Solution** - -Disable the following Group Policy settings in the MED-V virtual machine: - -**Interactive logon: Message text for users attempting to log on** - -**Interactive logon: Message title for users attempting to log on** - -## Related topics - - -[Operations Troubleshooting](operations-troubleshooting-medv2.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/detecting-network-changes-that-affect-med-v.md b/mdop/medv-v2/detecting-network-changes-that-affect-med-v.md deleted file mode 100644 index 41e3e7e9ff..0000000000 --- a/mdop/medv-v2/detecting-network-changes-that-affect-med-v.md +++ /dev/null @@ -1,96 +0,0 @@ ---- -title: Detecting Network Changes that Affect MED-V -description: Detecting Network Changes that Affect MED-V -author: dansimp -ms.assetid: fd29b95a-cda2-464d-b86d-50b6bd64b4ca -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Detecting Network Changes that Affect MED-V - - -The Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 solution lets you configure your environment to detect certain network changes that might occur after MED-V workspaces are deployed and that can affect MED-V. - -The feature includes a component running in the guest operating system that is notified of network configuration changes on the host computer. It allows a non-Microsoft ESD or other application that is running in the guest to resolve to the same network endpoints that the host ESD or application resolves to. - -**Note**   -This feature is only available if the virtual machine is configured for network address translation (NAT) mode. If the virtual machine is configured for BRIDGED mode, no change indications are generated. - - - -This section provides information and instruction to assist you in monitoring those network changes that can affect MED-V. - -## To detect network changes for MED-V - - -After you have deployed your MED-V workspaces, you can monitor changes to certain network configurations by preforming the following tasks: - -1. Create a Managed Object Format (MOF) file that will look for the network configuration changes that you want to monitor. The following code shows an example of the MOF file that you can create. - - ``` syntax - #pragma namespace ("\\\\.\\root\\ccm\\NetworkConfig") - - class CCM_IPConfig - { - [NotNull: ToInstance ToSubClass] uint32 AddressFamily; // AF_INET, AF_INET6 - [Key, NotNull: ToInstance ToSubClass] string IPAddress; // IPv4 or IPv6 address - [NotNull: ToInstance ToSubClass] string SubnetMask; // IPv4 subnet mask - }; - - class CCM_NetworkAdapter - { - [Key, NotNull: ToInstance ToSubClass] string Name; - [NotNull: ToInstance ToSubClass] uint32 DHCPEnabled = 0; - [NotNull: ToInstance ToSubClass] uint32 Quarantined = 0; // To check if it is quarantined. - CCM_IPConfig IPConfigInfo[]; - }; - - [singleton] - class CCM_NetworkAdapters - { - [NotNull: ToInstance ToSubClass] String ProviderName; // MED-V or other provider - CCM_NetworkAdapter AdaptersInfo[]; - }; - ``` - -2. Compile the MOF file. - -3. Install the MOF file in the guest. - -After you have installed the MOF file, you can create an event subscription that subscribes to Windows Management Instrumentation (WMI) creation, modification, or deletion events for the **CCM\_NetworkAdapters** class. This detects the following changes to the host: - -Are there any configuration changes to the network, such as changes to the IP address or network adapter? - -Is the network available or unavailable? - -Was the network setup changed from BRIDGED mode to NAT mode? - -Was the network setup changed from NAT mode to BRIDGED mode? - -A MED-V component on the host monitors the network for these changes and then signals the guest of the change. A component in the guest creates a WMI instance to monitor the MED-V workspace for these changes. - -The event subscription you created provides notification through the WMI system when one or more of these network changes – creation, modification, or deletion – occurs. - -## Related topics - - -[Monitor MED-V Workspaces](monitor-med-v-workspaces.md) - -[Manage MED-V Workspace Settings](manage-med-v-workspace-settings.md) - - - - - - - - - diff --git a/mdop/medv-v2/determining-how-med-v-will-be-deployed.md b/mdop/medv-v2/determining-how-med-v-will-be-deployed.md deleted file mode 100644 index c618873c30..0000000000 --- a/mdop/medv-v2/determining-how-med-v-will-be-deployed.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: Determining How MED-V Will Be Deployed -description: Determining How MED-V Will Be Deployed -author: dansimp -ms.assetid: addbfef6-799e-4fe7-87d2-7e096a5ef5a5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Determining How MED-V Will Be Deployed - - -You can determine how you might deploy MED-V throughout your enterprise by evaluating your existing infrastructure, a review of which you can take advantage of for your deployment. - -## Determine How You Will Deploy MED-V - - -Because MED-V is a desktop-based solution, it works with your existing infrastructure. For example, if you currently deploy applications to physical computers by using an electronic software distribution system, you can also use your electronic software distribution system to deploy to MED-V workspaces. - -If you are currently using an electronic software distribution solution, you can use that to distribute MED-V workspaces and their dependent applications. You can also use this solution for distribution of subsequent applications after MED-V is deployed. For more information about deploying MED-V with an ESD, see [How to Deploy a MED-V Workspace Through an Electronic Software Distribution System](how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md). - -**Note**   -Whichever electronic software distribution solution that you use, you must be familiar with the requirements of your particular solution. If you are using System Center Configuration Manager 2007 R2 or a later version, see the [Configuration Manager Documentation Library](https://go.microsoft.com/fwlink/?LinkId=66999) in the Microsoft Technical Library (https://go.microsoft.com/fwlink/?LinkId=66999). - - - -You might prefer to install MED-V in a Windows 7 image. Then, after you deploy the Windows 7 images throughout your enterprise, MED-V is ready to be installed when an end user needs it. For more information, see [How to Deploy a MED-V Workspace in a Windows 7 Image](how-to-deploy-a-med-v-workspace-in-a-windows-7-image.md). - -## Related topics - - -[Define and Plan your MED-V Deployment](define-and-plan-your-med-v-deployment.md) - -[Planning for MED-V](planning-for-med-v.md) - - - - - - - - - diff --git a/mdop/medv-v2/end-to-end-deployment-scenario-for-med-v-20.md b/mdop/medv-v2/end-to-end-deployment-scenario-for-med-v-20.md deleted file mode 100644 index 7f0d4b42e8..0000000000 --- a/mdop/medv-v2/end-to-end-deployment-scenario-for-med-v-20.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: End-to-End Deployment Scenario for MED-V 2.0 -description: End-to-End Deployment Scenario for MED-V 2.0 -author: dansimp -ms.assetid: 91bb5a9a-5fb1-4743-8494-9d4dee2ec222 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# End-to-End Deployment Scenario for MED-V 2.0 - - -This sample scenario for Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 helps you deploy the MED-V components in your enterprise by using multiple scenarios end-to-end. You can think of this sample scenario as a case study that helps put the individual scenarios and procedures in context. - -This section provides basic information and directions for deploying MED-V components as an end-to-end solution in your enterprise. - -## MED-V Deployment Step-by-step Scenario - - -The topics in this step-by-step scenario include the following: - -- [MED-V 2.0 Supported Configurations](med-v-20-supported-configurations.md) discusses the requirements that you must have to install and run Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 in your environment. This topic specifies the operating system requirements, configuration requirements, and MED-V workspace requirements. This topic also includes localization information about the languages that MED-V 2.0 supports. - -- [MED-V 2.0 Deployment Overview](med-v-20-deployment-overview.md) discusses general information and instructions to help you install and deploy MED-V throughout your enterprise. The MED-V components are client-based and are delivered and managed by using your existing enterprise infrastructure and processes. This topic provides an overview of the MED-V solution that includes information about the MED-V installation files and the MED-V components that you deploy. This topic also provides a high-level overview of the MED-V installation and deployment process. - -- [Prepare the Deployment Environment for MED-V](prepare-the-deployment-environment-for-med-v.md) discusses how to prepare your environment for a MED-V 2.0 deployment. This section describes the prerequisites that are required for the MED-V environment, such as Microsoft Windows 7 and an Active Directory infrastructure in which you use Group Policy to provide centralized management and configuration of operating systems, applications, and users' settings. This section also describes the prerequisites that you must have for installing and deploying MED-V 2.0 throughout your enterprise, such as Windows Virtual PC and the required Windows Virtual PC update. - -- [Deploy the MED-V Components](deploy-the-med-v-components.md) discusses the different ways you can install all of the necessary installation files and MED-V components throughout your enterprise. To install and deploy MED-V, you typically follow these steps: - - 1. Install the **MED-V Workspace Packager** on the administrator computer that you will use to build the MED-V workspace packages. For more information, see [How to Install the MED-V Workspace Packager](how-to-install-the-med-v-workspace-packager.md). - - 2. Create and test your MED-V workspace packages. For more information, see [Create a MED-V Workspace Package](create-a-med-v-workspace-package.md) and [Testing the MED-V Workspace Package](testing-the-med-v-workspace-package.md). - - 3. Deploy MED-V throughout your enterprise by using your company’s existing method for deploying applications. For more information, see [Deploying the MED-V Workspace Package](deploying-the-med-v-workspace-package.md). - -## Related topics - - -[Deployment of MED-V](deployment-of-med-v.md) - -[End-to-End Planning Scenario for MED-V 2.0](end-to-end-planning-scenario-for-med-v-20.md) - -[End-to-End Operations Scenario for MED-V 2.0](end-to-end-operations-scenario-for-med-v-20.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/end-to-end-operations-scenario-for-med-v-20.md b/mdop/medv-v2/end-to-end-operations-scenario-for-med-v-20.md deleted file mode 100644 index 526c5d24da..0000000000 --- a/mdop/medv-v2/end-to-end-operations-scenario-for-med-v-20.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: End-to-End Operations Scenario for MED-V 2.0 -description: End-to-End Operations Scenario for MED-V 2.0 -author: dansimp -ms.assetid: 1d87f5f3-9fc5-4731-8bd1-c155714f34ee -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# End-to-End Operations Scenario for MED-V 2.0 - - -This sample scenario for Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 helps you deploy and manage MED-V by using multiple scenarios end-to-end. You can think of this sample scenario as a case study that helps put the individual scenarios and procedures in context. - -This section provides basic information and directions for creating, deploying, and managing MED-V workspaces as an end-to-end solution in your enterprise. - -## MED-V Operations Step-by-step Scenario - - -The step-by-step procedures that you follow in a MED-V operations scenario include the following: - -- [Creating a Windows Virtual PC Image for MED-V](creating-a-windows-virtual-pc-image-for-med-v.md#bkmk-creatingavirtualmachinebyusingmicrosoftvirtualpc) reviews how to create and configure a Windows Virtual PC image for MED-V. Before you can deliver a MED-V workspace to users, you must first prepare a virtual hard disk (VHD) that you use to build the MED-V workspace installer package for MED-V. - -- [Creating a Windows Virtual PC Image for MED-V](creating-a-windows-virtual-pc-image-for-med-v.md#bkmk-installingwindowsxpontovpc) reviews how to install the Windows XP SP3 operating system on your Windows Virtual PC image. MED-V requires that Windows XP SP3 is installed on the Windows Virtual PC image before you build the MED-V workspace. - -- [Creating a Windows Virtual PC Image for MED-V](creating-a-windows-virtual-pc-image-for-med-v.md#bkmk-installingnet) reviews how to manually install the .NET Framework 3.5 SP1 and the update KB959209 into the Windows Virtual PC image that you prepare for use with MED-V. MED-V requires the .NET Framework 3.5 SP1, and the update [KB959209](https://go.microsoft.com/fwlink/?LinkId=204950) (https://go.microsoft.com/fwlink/?LinkId=204950) addresses several known application compatibility issues. - -- [Creating a Windows Virtual PC Image for MED-V](creating-a-windows-virtual-pc-image-for-med-v.md#bkmk-applypatchestovpc) reviews how to update your Windows XP image with the latest software updates and other hotfixes necessary or important for running MED-V. - -- [Creating a Windows Virtual PC Image for MED-V](creating-a-windows-virtual-pc-image-for-med-v.md#bkmk-installintegration) reviews how to install the integration components package in your Windows XP image. These provide features that improve the interaction between the virtual environment and the physical computer. - -- [Installing Applications on a Windows Virtual PC Image](installing-applications-on-a-windows-virtual-pc-image.md) reviews how you can install certain kinds of software on your Windows XP image that are helpful when you are running MED-V, such as an electronic software distribution system and antivirus software. - -- [Configuring a Windows Virtual PC Image for MED-V](configuring-a-windows-virtual-pc-image-for-med-v.md) discusses how to configure the image by using Sysprep to make sure that it is ready for use with MED-V. The prepared MED-V image is then used to create your MED-V workspace package. - -- [Create a MED-V Workspace Package](create-a-med-v-workspace-package.md) reviews how to build the MED-V workspace package that you deploy throughout your enterprise. You deploy the MED-V workspace package to install the MED-V workspace on end-user computers. A MED-V workspace is the Windows XP desktop environment from which end users interact with the virtual machine provided by MED-V. - -- [Testing the MED-V Workspace Package](testing-the-med-v-workspace-package.md) discusses how to create a test environment in which you can test the functionality of the MED-V workspace package, such as first time setup settings and application publishing. After you have completed testing your MED-V workspace package and have verified that it is functioning as intended, you can deploy it throughout your enterprise. - -- [Deploying the MED-V Workspace Package](deploying-the-med-v-workspace-package.md) discusses how to deploy the MED-V workspace either by using an electronic software distribution system or in a Windows 7 image. Or if you prefer, this section also shows you how you can deploy the MED-V workspace manually. - -- [Monitor MED-V Workspaces](monitor-med-v-workspaces.md) reviews how to monitor the deployment of MED-V workspaces to determine whether first time setup completed successfully. Monitoring the success of first time setup is important because MED-V is not in a usable state until first time setup has completed successfully. This section also shows you can set up your environment to detect those network changes that can affect MED-V. - -- [Manage MED-V Workspace Applications](manage-med-v-workspace-applications.md) reviews how to install and remove or publish and unpublish applications on a deployed MED-V workspace. This section also shows how to manually update software in a MED-V workspace and how to manage automatic updates. The MED-V workspace is a virtual machine that contains a separate operating system whose automatic software update process must be managed exactly like the physical computers in your enterprise. - -- [Manage MED-V URL Redirection](manage-med-v-url-redirection.md) reviews how to add and remove web address redirection settings on the deployed MED-V workspace. You can add or remove URL redirection information through the registry or by rebuilding the MED-V workspace. You can also use the wizard on the MED-V Workspace Packager to manage web address redirection. - -- [Manage MED-V Workspace Settings](manage-med-v-workspace-settings.md) reviews how to view and edit MED-V configuration settings by using the MED-V Workspace Packager. This section lists all the configurable MED-V registry keys and includes the type, default, and description of each. This section also includes information about how to manage printers in MED-V workspaces. In MED-V 2.0, printer redirection gives users a consistent printing experience between the MED-V virtual machine and the host computer. - -## Related topics - - -[Operations for MED-V](operations-for-med-v.md) - -[End-to-End Planning Scenario for MED-V 2.0](end-to-end-planning-scenario-for-med-v-20.md) - -[End-to-End Deployment Scenario for MED-V 2.0](end-to-end-deployment-scenario-for-med-v-20.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/end-to-end-planning-scenario-for-med-v-20.md b/mdop/medv-v2/end-to-end-planning-scenario-for-med-v-20.md deleted file mode 100644 index f266500d1b..0000000000 --- a/mdop/medv-v2/end-to-end-planning-scenario-for-med-v-20.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: End-to-End Planning Scenario for MED-V 2.0 -description: End-to-End Planning Scenario for MED-V 2.0 -author: dansimp -ms.assetid: e7833883-be93-4b42-9fa3-5c4d9a919058 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# End-to-End Planning Scenario for MED-V 2.0 - - -This sample scenario for Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 helps you achieve your goal of planning your MED-V deployment by using multiple scenarios end-to-end. You can think of this sample scenario as a case study that helps put the individual scenarios and procedures in context. - -This section provides basic information and directions for planning you MED-V deployment as an end-to-end solution in your enterprise. - -## MED-V Planning Step-by-Step Scenario - - -The topics in this step-by-step scenario include the following: - -- [High-Level Architecture](high-level-architecturemedv2.md) discusses the high-level system architecture and component design of MED-V 2.0. MED-V enhances Windows Virtual PC to run two operating systems on one device, adding virtual image delivery, Group Policy-based provisioning, and centralized management. By using MED-V, you can easily configure, deploy, and manage corporate Windows Virtual PC images on any Windows-based desktop running Windows 7 Professional, Enterprise, or Windows 7 Ultimate. - -- [Define and Plan your MED-V Deployment](define-and-plan-your-med-v-deployment.md) discusses the considerations for planning your MED-V 2.0 deployment. This topic provides direction about identifying the systems in your enterprise that receive MED-V and calculating disk space requirements. This topic also helps evaluate your existing infrastructure and determines how it can be used for MED-V deployment. - -- [MED-V 2.0 Best Practices](med-v-20-best-practices.md) discusses the recommended best practices for planning, installing, deploying, and managing MED-V 2.0 in your environment. These best practices include recommendations that produce faster run times, better operability during first time setup, increased performance, and better virtual machine management. - -## Related topics - - -[Planning for MED-V](planning-for-med-v.md) - -[End-to-End Deployment Scenario for MED-V 2.0](end-to-end-deployment-scenario-for-med-v-20.md) - -[End-to-End Operations Scenario for MED-V 2.0](end-to-end-operations-scenario-for-med-v-20.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/example-med-v-checklists.md b/mdop/medv-v2/example-med-v-checklists.md deleted file mode 100644 index 1e439600b8..0000000000 --- a/mdop/medv-v2/example-med-v-checklists.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: Example MED-V Checklists -description: Example MED-V Checklists -author: dansimp -ms.assetid: cf9c33e8-1b7a-4306-92f6-edbb70ab23b5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Example MED-V Checklists - - -This section provides example checklists that you can reference when you plan your MED-V project, prepare your environment, and deploy the MED-V components and MED-V workspaces throughout your enterprise. - -## In this Section - - -[Example MED-V Environment Planning Checklist](example-med-v-environment-planning-checklist.md) -Describes the tasks to be completed when planning your MED-V environment. - -[Example MED-V Project Planning Checklist](example-med-v-project-planning-checklist.md) -Describes the tasks to be completed when planning your MED-V project. - -[Example MED-V System Installation Checklist](example-med-v-system-installation-checklist.md) -Provides a list of all the steps required for installing MED-V 2.0. - -[Example MED-V Image Preparation Checklist](example-med-v-image-preparation-checklist.md) -Describes the tasks to be completed when you prepare your MED-V image for deployment. - -[Example MED-V Workspace Deployment Checklist](example-med-v-workspace-deployment-checklist.md) -Describes the tasks to be completed when you deploy your MED-V workspace. - -## Related topics - - -[Technical Reference for MED-V](technical-reference-for-med-v.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/example-med-v-environment-planning-checklist.md b/mdop/medv-v2/example-med-v-environment-planning-checklist.md deleted file mode 100644 index 088faff234..0000000000 --- a/mdop/medv-v2/example-med-v-environment-planning-checklist.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Example MED-V Environment Planning Checklist -description: Example MED-V Environment Planning Checklist -author: dansimp -ms.assetid: 877d1660-abef-4e81-ab3a-a8a3ec181d26 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Example MED-V Environment Planning Checklist - - -The following checklist provides a high-level list of items to consider and outlines the steps that you should take when planning your Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 environment. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
StepReference

Review the components of a MED-V deployment.

High-Level Architecture

Ensure that your computing environment meets the supported configurations required for installing MED-V 2.0.

MED-V 2.0 Supported Configurations

Determine how you want to design your MED-V deployment.

Define and Plan your MED-V Deployment

Review the list of best practices for ensuring that your MED-V deployment environment is more secure.

Security and Protection for MED-V

- - - - - - - - - - - diff --git a/mdop/medv-v2/example-med-v-image-preparation-checklist.md b/mdop/medv-v2/example-med-v-image-preparation-checklist.md deleted file mode 100644 index 2a7a612cb8..0000000000 --- a/mdop/medv-v2/example-med-v-image-preparation-checklist.md +++ /dev/null @@ -1,58 +0,0 @@ ---- -title: Example MED-V Image Preparation Checklist -description: Example MED-V Image Preparation Checklist -author: dansimp -ms.assetid: d69f252f-624b-439e-814b-b68cdaf7d582 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Example MED-V Image Preparation Checklist - - -The following checklist provides a high-level list of items to consider and outlines the steps to take when you prepare your MED-V image for deployment. - - ---- - - - - - - - - - - - - - - - - - - - - -
StepReference

Create a virtual machine that is running Windows XP SP3 with updates and additions.

Creating a Windows Virtual PC Image for MED-V

Install any predeployment software that you want on the MED-V image.

Installing Applications on a Windows Virtual PC Image

Package the MED-V image by using Sysprep.

Configuring a Windows Virtual PC Image for MED-V

- - - - - - - - - - - diff --git a/mdop/medv-v2/example-med-v-project-planning-checklist.md b/mdop/medv-v2/example-med-v-project-planning-checklist.md deleted file mode 100644 index f89d1d89ea..0000000000 --- a/mdop/medv-v2/example-med-v-project-planning-checklist.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Example MED-V Project Planning Checklist -description: Example MED-V Project Planning Checklist -author: dansimp -ms.assetid: 2b599bcb-1808-43ba-a689-1642bda24511 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Example MED-V Project Planning Checklist - - -The following checklist provides a high-level list of items to consider and outlines the steps that you can take when planning your Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 project. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
StepReference

Determine how you can use MED-V to help solve your application compatibility issues.

Planning for Application Operating System Compatibility

Plan an end-to-end deployment scenario for your organization.

End-to-End Planning Scenario for MED-V 2.0

Define the project scope by defining the end users and determining the MED-V images to be managed.

Define and Plan your MED-V Deployment

Review the list of best practices for ensuring that your MED-V deployment is more secure.

Security and Protection for MED-V

- - - - - - - - - - - diff --git a/mdop/medv-v2/example-med-v-system-installation-checklist.md b/mdop/medv-v2/example-med-v-system-installation-checklist.md deleted file mode 100644 index e5a0c45347..0000000000 --- a/mdop/medv-v2/example-med-v-system-installation-checklist.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Example MED-V System Installation Checklist -description: Example MED-V System Installation Checklist -author: dansimp -ms.assetid: 9e5673ba-dee4-4680-9c57-a149beab14d3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Example MED-V System Installation Checklist - - -The following checklist provides a high-level list of items to consider and outlines the steps to take when you install Microsoft Enterprise Desktop Virtualization (MED-V) 2.0. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
StepReference

Ensure that your computing environment meets the supported configurations that are required for installing MED-V 2.0.

MED-V 2.0 Supported Configurations

Plan and design the MED-V deployment.

Planning for MED-V

Verify that the required installation prerequisites are configured.

Configure Installation Prerequisites

Install the MED-V Host Agent and MED-V Workspace Packager.

Deploy the MED-V Components

- - - - - - - - - - - diff --git a/mdop/medv-v2/example-med-v-workspace-deployment-checklist.md b/mdop/medv-v2/example-med-v-workspace-deployment-checklist.md deleted file mode 100644 index 67505667a8..0000000000 --- a/mdop/medv-v2/example-med-v-workspace-deployment-checklist.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Example MED-V Workspace Deployment Checklist -description: Example MED-V Workspace Deployment Checklist -author: dansimp -ms.assetid: d8857883-9b2d-40ac-9136-59e4e20e02fe -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Example MED-V Workspace Deployment Checklist - - -The following checklist provides a high-level list of items to consider and outlines the steps that you should take when you deploy your MED-V workspace. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
StepReference

Prepare the MED-V image for deployment.

Prepare a MED-V Image

Create the MED-V workspace deployment package.

Create a MED-V Workspace Package

Test the MED-V workspace installer package.

Testing the MED-V Workspace Package

Deploy the MED-V workspace installer package.

Deploying the MED-V Workspace Package

- - - - - - - - - - - diff --git a/mdop/medv-v2/getting-started-with-med-vmedv2.md b/mdop/medv-v2/getting-started-with-med-vmedv2.md deleted file mode 100644 index a6a566459a..0000000000 --- a/mdop/medv-v2/getting-started-with-med-vmedv2.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: Getting Started with MED-V -description: Getting Started with MED-V -author: dansimp -ms.assetid: 283734d7-231c-45b6-92c9-c95a46ec3628 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Getting Started with MED-V - - -This section provides general information for administrators who are evaluating and using Microsoft Enterprise Desktop Virtualization (MED-V) 2.0. - -## In This Section - - -[Overview of MED-V](overview-of-med-vmedv2.md) -Provides general information about the MED-V solution to your application compatibility issues. - -[Planning for Application Operating System Compatibility](planning-for-application-operating-system-compatibility.md) -Provides planning guidance for evaluating MED-V to help solve application operating system compatibility issues. - -[High-Level Architecture](high-level-architecturemedv2.md) -Describes the components of a MED-V deployment. - -[About MED-V 2.0](about-med-v-20.md) -Provides information specifically related to MED-V including what’s new in MED-V 2.0 and MED-V 2.0 supported configurations. - -## Related topics - - -[Microsoft Enterprise Desktop Virtualization 2.0](index.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/high-level-architecturemedv2.md b/mdop/medv-v2/high-level-architecturemedv2.md deleted file mode 100644 index d4ad41a552..0000000000 --- a/mdop/medv-v2/high-level-architecturemedv2.md +++ /dev/null @@ -1,81 +0,0 @@ ---- -title: High-Level Architecture -description: High-Level Architecture -author: dansimp -ms.assetid: a00edb9f-207b-4f32-9e8f-522ea2739d2f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# High-Level Architecture - - -This section describes the high-level system architecture and component design of Microsoft Enterprise Desktop Virtualization (MED-V) 2.0. - -## System Architecture - - -MED-V enhances Windows Virtual PC to run two operating systems on one device, adding virtual image delivery, Group Policy-based provisioning, and centralized management. By using MED-V, you can easily configure, deploy, and manage corporate Windows Virtual PC images on any Windows-based desktop running Windows 7 Professional, Enterprise, or Windows 7 Ultimate. The MED-V solution includes the following components: - - **MED-V Host** -A Windows 7 environment that includes a MED-V Host Agent, an electronic software distribution (ESD) system, a registry management system, and a MED-V guest. The MED-V host interacts with the MED-V guest so that certain setup functions and system information can be processed. - - **MED-V Host Agent** -The MED-V software contained in the MED-V host that provides a channel to communicate with the MED-V guest. It also provides functionality such as first time setup and application publishing. - -**Note**   -After MED-V and its required components are installed MED-V must be configured. The configuration of MED-V is referred to as first time setup. - - - -**ESD System** -Your existing software distribution method that lets you deploy and install the MED-V workspace package files that MED-V creates. - -**Registry Management System** -Your existing method of managing Group Policy settings and preferences. - -**Windows Virtual PC Image** -An administrator-defined virtual machine that contains the following components: - -**Corporate Operating System** -Your standard corporate operating system. - -**Management and Security Tools** -Your standard management and security tools, such as virus protection. - - **MED-V Guest** -A Windows XP SP3 environment, as part of a Windows Virtual PC running on Windows 7 that contains the following components: - - **MED-V Guest Agent** -The MED-V software contained in the MED-V guest that provides a channel to communicate with the MED-V host. It also supports the MED-V Host Agent with functions like performing first time setup. - -**Note**   -The MED-V Guest Agent is installed automatically during first time setup. - - - -**ESD Client** -An optional part of your ESD system that installs software packages and reports status to the ESD system. - -## Related topics - - -[Planning for Application Operating System Compatibility](planning-for-application-operating-system-compatibility.md) - -[Prepare the Deployment Environment for MED-V](prepare-the-deployment-environment-for-med-v.md) - - - - - - - - - diff --git a/mdop/medv-v2/how-to-add-or-remove-url-redirection-information-in-a-deployed-med-v-workspace.md b/mdop/medv-v2/how-to-add-or-remove-url-redirection-information-in-a-deployed-med-v-workspace.md deleted file mode 100644 index 231cef0574..0000000000 --- a/mdop/medv-v2/how-to-add-or-remove-url-redirection-information-in-a-deployed-med-v-workspace.md +++ /dev/null @@ -1,76 +0,0 @@ ---- -title: How to Add or Remove URL Redirection Information in a Deployed MED-V Workspace -description: How to Add or Remove URL Redirection Information in a Deployed MED-V Workspace -author: dansimp -ms.assetid: bf55848d-bf77-452e-aaa5-4dd4868ff5bd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 11/01/2016 ---- - - -# How to Add or Remove URL Redirection Information in a Deployed MED-V Workspace - - -To edit URL redirection information in a deployed MED-V workspace, we recommend that you update the system registry by using Group Policy. Although we do not recommend it, you can also rebuild and redeploy the MED-V workspace with the updated URL redirection information. - -The registry key is usually located at: - -Computer\\HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\MEDV\\v2\\UserExperience - -The following multi-string value must be present: `RedirectUrls` - -The value data for `RedirectUrls` is a list of all of the URLs that you specified for redirection when you built the MED-V workspace package by using the **MED-V Workspace Packager**. For more information, see [Create a MED-V Workspace Package](create-a-med-v-workspace-package.md). - -You can add and remove URL redirection information by performing one of the following tasks: - -- [Edit the URL Redirection Registry Key and Deploy Using Group Policy](#bkmk-editreg) - -- [Edit the URL Redirection Text File and Rebuild the MED-V Workspace](#bkmk-edittext) - -**To update URL Redirection information by using Group Policy** - -1. Edit the registry key multi-string value that is named `RedirectUrls`. This value is typically located at: - - Computer\\HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\MEDV\\v2\\UserExperience - - If you are adding URLs to the registry key, enter them one per line, as was required when you built the MED-V workspace package. For more information, see [Create a MED-V Workspace Package](create-a-med-v-workspace-package.md). - -2. Deploy the updated registry key by using Group Policy. For more information about how to use Group Policy, see [Group Policy Software Installation](https://go.microsoft.com/fwlink/?LinkId=195931) (https://go.microsoft.com/fwlink/?LinkId=195931). - -**Note**   -This method of editing URL redirection information is a MED-V best practice. - - - -**To rebuild the MED-V workspace by using an updated URL text file** - -- Another method of adding and removing URLs from the redirection list is to update the URL redirection text file and then use it to build a new MED-V workspace. You can then redeploy the MED-V workspace as before, by using your standard process of deployment, such as an ESD system. - - **Important**   - We do not recommend this method of editing URL redirection information. In addition, any time that you redeploy the MED-V workspace back out to your enterprise, first time setup must run again, and any data saved in the virtual machine is lost. - - - -## Related topics - - -[How to Test URL Redirection](how-to-test-url-redirection.md) - -[Managing Applications Deployed to MED-V Workspaces](managing-applications-deployed-to-med-v-workspaces.md) - -[Create a MED-V Workspace Package](create-a-med-v-workspace-package.md) - - - - - - - - - diff --git a/mdop/medv-v2/how-to-create-a-test-environment.md b/mdop/medv-v2/how-to-create-a-test-environment.md deleted file mode 100644 index fd2ddea698..0000000000 --- a/mdop/medv-v2/how-to-create-a-test-environment.md +++ /dev/null @@ -1,94 +0,0 @@ ---- -title: How to Create a Test Environment -description: How to Create a Test Environment -author: dansimp -ms.assetid: a0db2299-16f3-4516-8769-7d55ca4a1e98 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Create a Test Environment - - -The following are some steps and instructions to help you create a test environment that you can use to test your MED-V workspace package locally before deploying it throughout your enterprise. This section provides guidance about how to create a test environment, either manually or by using an electronic software distribution system. - -**To create a test environment by using an ESD** - -1. Use your company’s method of deploying software throughout the enterprise to deploy the following necessary components to a test computer. Install them in the following order: - - - **Windows Virtual PC** – if not already installed. For more information, see [Configure Installation Prerequisites](configure-installation-prerequisites.md). - - - **Windows Virtual PC Additions and Updates**– if not already installed. For more information, see [Configure Installation Prerequisites](configure-installation-prerequisites.md). - - - **MED-V Host Agent Installation File** – installs the Host Agent (MED-V\_HostAgent\_Setup installation file). For more information, see [How to Manually Install the MED-V Host Agent](how-to-manually-install-the-med-v-host-agent.md). - - - **MED-V Workspace Installer, VHD, and Setup Executable** – created in the **MED-V Workspace Packager**. For more information, see [Create a MED-V Workspace Package](create-a-med-v-workspace-package.md). - - **Important**   - The VHD and Setup executable program must be in the same folder as the MED-V workspace installer. Then, install the MED-V workspace installer by running setup.exe. - - - -2. After all of the components are installed on the test computer, run the MED-V Host Agent to start first time setup. - - Click **Start**, click **All Programs**, click **Microsoft Enterprise Desktop Virtualization**, and then click **MED-V Host Agent**. - - **Note**   - If you cannot physically run the MED-V Host Agent on the test computer, first time setup starts automatically the next time that the computer restarts. - - - -First time setup starts and can take ten minutes or more to finish. - -For information about testing your configuration settings when first time setup is running, see [How to Verify First Time Setup Settings](how-to-verify-first-time-setup-settings.md). - -**To create a test environment manually** - -1. Install the MED-V Host Agent in a local test environment that includes MED-V prerequisites, such as Windows Virtual PC with additions and updates. For information, see [How to Manually Install the MED-V Host Agent](how-to-manually-install-the-med-v-host-agent.md). - -2. Copy the MED-V workspace files to your test environment. The MED-V workspace files are located in the destination folder that you specified in the **MED-V Workspace Packager**. - - **Important**   - The VHD and Setup executable program must be in the same folder on your test environment as the MED-V workspace installer. - - - -3. Install the MED-V workspace by running setup.exe. - -4. Start first time setup by running the MED-V Host Agent. - - Click **Start**, click **All Programs**, click **Microsoft Enterprise Desktop Virtualization**, and then click **MED-V Host Agent**. - -First time setup starts and might take several minutes to complete, depending on the size of the VHD specified. - -You are now ready to test the different settings for configuration, application publishing, and URL redirection that you specified for your MED-V workspace. - -**Note**   -By default, MED-V overrides the screen lock policy in the guest. However, this does not pose a security problem because the host computer still honors the screen lock policy. - - - -## Related topics - - -[How to Verify First Time Setup Settings](how-to-verify-first-time-setup-settings.md) - -[How to Test Application Publishing](how-to-test-application-publishing.md) - -[How to Test URL Redirection](how-to-test-url-redirection.md) - - - - - - - - - diff --git a/mdop/medv-v2/how-to-deploy-a-med-v-workspace-in-a-windows-7-image.md b/mdop/medv-v2/how-to-deploy-a-med-v-workspace-in-a-windows-7-image.md deleted file mode 100644 index c7f27598d2..0000000000 --- a/mdop/medv-v2/how-to-deploy-a-med-v-workspace-in-a-windows-7-image.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -title: How to Deploy a MED-V Workspace in a Windows 7 Image -description: How to Deploy a MED-V Workspace in a Windows 7 Image -author: dansimp -ms.assetid: a83aba4e-8681-4906-9872-f431c0bb15f9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Deploy a MED-V Workspace in a Windows 7 Image - - -You can install all the MED-V components into a Windows 7 image that you distribute throughout your enterprise just as you would any new installation of Windows 7. The end user then finishes the installation of the MED-V workspace by clicking a **Start** menu shortcut that you configure to start MED-V. First time setup starts and the end user follows the instructions to complete the configuration. - -The following section provides information and instructions to help you deploy the MED-V workspace throughout your enterprise by using a Windows 7 image. - -**To deploy a MED-V workspace in a Windows 7 image** - -1. Create a standard image of Windows 7. For more information, see [Building a Standard Image of Windows 7: Step-by-Step Guide](https://go.microsoft.com/fwlink/?LinkId=204843) (https://go.microsoft.com/fwlink/?LinkId=204843). - -2. In the Windows 7 image, install Windows Virtual PC and the Windows Virtual PC updates. For more information, see [Configure Installation Prerequisites](configure-installation-prerequisites.md). - -3. Install the MED-V Host Agent by using the MED-V\_HostAgent\_Setup installation file. For more information, see [How to Manually Install the MED-V Host Agent](how-to-manually-install-the-med-v-host-agent.md). - - **Warning**   - Internet Explorer must be closed before you install the MED-V Host Agent, otherwise conflicts can occur later with URL redirection. You can also do this by specifying a computer restart during a distribution. - - - -4. Copy the MED-V workspace package files to the Windows 7 image. The MED-V workspace package files are the MED-V workspace installer, .medv file, and setup.exe file that you created by using the **MED-V Workspace Packager**. - - **Important**   - The .medv and setup.exe file must be in the same folder as the MED-V workspace installer. Then, install the MED-V workspace by running setup.exe. - - - -5. Configure a shortcut on the **Start** menu to open the MED-V workspace package installation. - - Create a **Start** menu shortcut to the setup.exe file that lets the end user start a MED-V installation as required. - -6. By using your company’s standard image deployment process, distribute the Windows 7 image to computers in your enterprise that require MED-V. - -When the end user has to access an application published in the MED-V workspace, they can click the **Start** menu shortcut to install the MED-V workspace. This automatically starts first time setup and completes the configuration of MED-V. After first time setup is complete, the end user can access the MED-V applications on the **Start** menu. - -## Related topics - - -[MED-V 2.0 Deployment Overview](med-v-20-deployment-overview.md) - -[How to Deploy a MED-V Workspace Through an Electronic Software Distribution System](how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md) - - - - - - - - - diff --git a/mdop/medv-v2/how-to-deploy-a-med-v-workspace-manually.md b/mdop/medv-v2/how-to-deploy-a-med-v-workspace-manually.md deleted file mode 100644 index 71bc439a8b..0000000000 --- a/mdop/medv-v2/how-to-deploy-a-med-v-workspace-manually.md +++ /dev/null @@ -1,87 +0,0 @@ ---- -title: How to Deploy a MED-V Workspace Manually -description: How to Deploy a MED-V Workspace Manually -author: dansimp -ms.assetid: 94bfb209-2230-49b6-bb40-9c6ab088dbf4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Deploy a MED-V Workspace Manually - - -In some instances, you might want to deploy your MED-V workspace manually, for example, if your company does not use an electronic software distribution system to deploy applications. - -This section provides instruction about how to manually deploy a MED-V workspace. - -**To deploy a MED-V workspace manually** - -1. Copy all prerequisite applications and the MED-V workspace package files to a shared drive or to a DVD. The following is a list of the required applications and files. - - - **Windows Virtual PC**. For more information, see [Configure Installation Prerequisites](configure-installation-prerequisites.md). - - - **Windows Virtual PC Additions and Updates**. For more information, see [Configure Installation Prerequisites](configure-installation-prerequisites.md). - - - **MED-V Host Agent Installation File** – installs the Host Agent (MED-V\_HostAgent\_Setup installation file). - - **Warning** - Close Internet Explorer before you install the MED-V Host Agent, otherwise conflicts can occur later with URL redirection. You can also do this by specifying a computer restart during a distribution. - - - -~~~ -- **MED-V Workspace Installer, VHD, and Setup Executable** – created with the **MED-V Workspace Packager**. For more information, see [Create a MED-V Workspace Package](create-a-med-v-workspace-package.md). - - **Important** - The compressed VHD file (.medv) and the Setup executable program (setup.exe) must be in the same folder as the MED-V workspace installer. -~~~ - - - -2. Install the following in the order listed. The end user can perform this task manually or you can create a script to install the following: - - - Windows Virtual PC and the Windows Virtual PC additions and updates. A computer restart is required. - - - The MED-V Host Agent. - - **Note** - If it is running, Internet Explorer must be restarted before the installation of the MED-V Host Agent can finish. - - - -~~~ -- The MED-V workspace package. - - Install the MED-V workspace by running the setup.exe program that is included in the MED-V workspace package files. -~~~ - -3. Complete first time setup. - - After the MED-V workspace is installed, you have the option of starting MED-V. This starts the MED-V Host Agent. You can either start MED-V at that time, or start the MED-V Host Agent later to complete first time setup. - - To start the MED-V Host Agent, click **Start**, click **All Programs**, click **Microsoft Enterprise Desktop Virtualization**, and then click **MED-V Host Agent**. - -## Related topics - - -[How to Deploy a MED-V Workspace Through an Electronic Software Distribution System](how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md) - -[How to Deploy a MED-V Workspace in a Windows 7 Image](how-to-deploy-a-med-v-workspace-in-a-windows-7-image.md) - -[Deploying the MED-V Workspace Package](deploying-the-med-v-workspace-package.md) - - - - - - - - - diff --git a/mdop/medv-v2/how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md b/mdop/medv-v2/how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md deleted file mode 100644 index e2ebe0a01f..0000000000 --- a/mdop/medv-v2/how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md +++ /dev/null @@ -1,189 +0,0 @@ ---- -title: How to Deploy a MED-V Workspace Through an Electronic Software Distribution System -description: How to Deploy a MED-V Workspace Through an Electronic Software Distribution System -author: dansimp -ms.assetid: b5134c35-e1de-470c-93f8-ead6218d9dce -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Deploy a MED-V Workspace Through an Electronic Software Distribution System - - -An electronic software distribution system is designed to efficiently move software to many different computers over slow or fast network connections. The following section provides information and instructions to help you deploy your MED-V workspace throughout your enterprise by using a software distribution system. - -**Note** -Whichever software distribution solution that you use, you must be familiar with the requirements of your particular solution. If you are using System Center Configuration Manager 2007 R2 or a later version, see the [Configuration Manager Documentation Library](https://go.microsoft.com/fwlink/?LinkId=66999) in the Microsoft Technical Library (https://go.microsoft.com/fwlink/?LinkId=66999). - - - -**Important** -If you are using System Center Configuration Manager 2007 SP2 and your MED-V workspaces are configured to operate in **NAT** mode, the virtual machines are classified as Internet-based clients and cannot find the closest distribution points from which to download content. - -The [hotfix to improve the functionality for VMs that are managed by MED-V](https://go.microsoft.com/fwlink/?LinkId=201088) (https://go.microsoft.com/fwlink/?LinkId=201088) adds new functionality to virtual machines that are managed by MED-V and that are configured to operate in **NAT** mode. The new functionality lets virtual machines access the closest distribution points. Therefore, the administrator can manage the virtual machine and the host computer in the same manner. This hotfix must be installed first on the site server and then on the client. - -The update is publicly available. However, you might be prompted to accept an agreement for Microsoft Services. Follow the prompts on the successive webpages to retrieve this hotfix. - - - -You can also deploy the MED-V components together by using a batch file, but this requires a restart after the installation of Windows Virtual PC. To bypass this requirement, you can specify a single restart after all of the components are installed. The single restart also automatically starts MED-V because the MED-V workspace installation places an entry in the RUNKEY. - -**To deploy a MED-V workspace by using a software distribution system** - -1. Define a group of computers and users in the electronic software distribution system as the target set of computers/users. - -2. Create packages for each Microsoft installation file that needs to be distributed. The following are the required files and the order in which they must be installed: - - 1. **Windows Virtual PC** – if not already installed (a computer restart is required). For more information, see [Configure Installation Prerequisites](configure-installation-prerequisites.md). - - 2. **Windows Virtual PC Additions and Updates** – if not already installed. For more information, see [Configure Installation Prerequisites](configure-installation-prerequisites.md). - - 3. **MED-V Host Agent Installation File** – installs the Host Agent (MED-V\_HostAgent\_Setup installation file). For more information, see [How to Manually Install the MED-V Host Agent](how-to-manually-install-the-med-v-host-agent.md). - - **Warning** - Close Internet Explorer before you install the MED-V Host Agent, otherwise conflicts can occur later with URL redirection. You can also do this by specifying a computer restart during a distribution. - - - - 4. **MED-V Workspace Installer, VHD, and Setup Executable** – created in the **MED-V Workspace Packager**. For more information, see [Create a MED-V Workspace Package](create-a-med-v-workspace-package.md). - - **Important** - The compressed virtual hard disk file (.medv) and the Setup executable program (setup.exe) must be in the same folder as the MED-V workspace installer. Then, install the MED-V workspace installer by running setup.exe. - - - -~~~ - **Tip** - Because problems can occur when you install MED-V from a network location, we recommend that you copy the MED-V workspace setup files locally and then run setup.exe. -~~~ - - - -3. Configure the packages to run in silent mode (no user interaction is required). - - Running in silent mode eliminates the prompt to close Internet Explorer if it is running and the prompt to start the MED-V Host Agent. Both actions are performed when the computer is restarted. - - **Note** - Installation of Windows Virtual PC requires you to restart the computer. You can create a single installation process and install all the components at the same time if you suppress the restart and ignore the prerequisites necessary for MED-V to install. You can also do this by using command-line arguments. For an example of these arguments, see [How to Deploy the MED-V Components Through an Electronic Software Distribution System](how-to-deploy-the-med-v-components-through-an-electronic-software-distribution-system.md#bkmk-batch). MED-V automatically starts when the computer is restarted. - - - -4. Install MED-V and its components before installing Windows Virtual PC. See the example batch file later in this topic. - - **Important** - Select the **IGNORE\_PREREQUISITES** option as shown in the example batch file so that the MED-V components can be installed prior to the required VPC components. Install the MED-V components in this order to allow for the single restart. - - - -5. Identify any other requirements necessary for the installation and for your software distribution system, such as target platforms and the free disk space. - -6. Assign the packages to the target set of computers/users. - - As computers are running, the software distribution system client recognizes that new packages are available and begins to install the packages per the definition and requirements. The installations should run sequentially in silent. We recommend that this is performed as a single process that does not require a restart until all the packages are installed. - -7. After the installations are complete, restart the updated computers. - - Depending on the software distribution system, you can schedule a restart of the computer or the end users can restart the computers manually during their regular work. After the computer is restarted, MED-V automatically starts after an end user logs on. When MED-V starts for the first time, it runs first time setup. - -First time setup starts and might take several minutes to finish, depending on the size of the virtual hard disk that you specified and the number of policies applied to the MED-V workspace on startup. The end user can track the progress by watching the MED-V icon in the notification area. For more information about first time setup, see [MED-V 2.0 Deployment Overview](med-v-20-deployment-overview.md). - -**To install the MED-V workspace by using a batch file** - -1. Run the installation at a command prompt with administrative credentials. - -2. Deploy each component to a single directory. If run from a network share, a longer time is required to decompress the .medv file. - -3. As a best practice, specify that Windows Virtual PC and the Windows Virtual PC hotfix are installed after the MED-V Host Agent and the MED-V workspace package files. This means that Windows Update will not cause any interference with the installation process by requiring a restart. - -4. Restart the computer after the batch file is finished. - -After the restart, the user is prompted to run first time setup and complete the configuration of MED-V. - -The following example, with the specified arguments, shows how to install 64-bit MED-V components in a single process: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ArgumentDescription

/norestart

Prevents the installation of Windows Virtual PC and the Windows Virtual PC update from restarting the host computer.

/quiet

Installs the MED-V components in quiet mode without user interaction.

/qn

Installs the MED-V components without a user interface.

IGNORE_PREREQUISITES

Installs without checking for Windows Virtual PC.

-
-Note

Only specify this argument if you are installing Windows Virtual PC as part of this installation.

-
-
- -

OVERWRITEVHD

Forces the installation of the MED-V workspace and prevents any prompts that it might generate.

- - - -## Example - - -``` syntax -:: Install MED-V and the Pre-requisites - -:: Install the MED-V Host Agent: install in quiet mode, ignore that Windows Virtual PC is not installed completely, and log results -start /WAIT .\MED-V_HostAgent_Setup.exe /qn IGNORE_PREREQUISITES=1 /l* %TEMP%\MEDVhost.log - -:: Install the MED-V Workspace: install in quiet mode, Overwrite the VHD if it already exists, and log results -start /WAIT .\setup.exe /qn OVERWRITEVHD=1 /l* %TEMP%\MEDVworkspace.log - -:: Install Windows Virtual PC: install in quiet mode and do not reboot -start /WAIT wusa.exe Windows6.1-KB958559-x64.msu /norestart /quiet - -:: Install Windows Virtual PC patch to support non-HAV: install in quiet mode and do not reboot -wusa.exe Windows6.1-KB977206-x64.msu /norestart /quiet - -:: After successful installation of the above components, a reboot of the host computer is required to complete installation. -``` - -## Related topics - - -[MED-V 2.0 Deployment Overview](med-v-20-deployment-overview.md) - -[How to Deploy a MED-V Workspace in a Windows 7 Image](how-to-deploy-a-med-v-workspace-in-a-windows-7-image.md) - - - - - - - - - diff --git a/mdop/medv-v2/how-to-deploy-the-med-v-components-through-an-electronic-software-distribution-system.md b/mdop/medv-v2/how-to-deploy-the-med-v-components-through-an-electronic-software-distribution-system.md deleted file mode 100644 index 5dfe7451d7..0000000000 --- a/mdop/medv-v2/how-to-deploy-the-med-v-components-through-an-electronic-software-distribution-system.md +++ /dev/null @@ -1,180 +0,0 @@ ---- -title: How to Deploy the MED-V Components Through an Electronic Software Distribution System -description: How to Deploy the MED-V Components Through an Electronic Software Distribution System -author: dansimp -ms.assetid: 8a800bdf-6fa4-47b4-b417-df053289d4e8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 11/01/2016 ---- - - -# How to Deploy the MED-V Components Through an Electronic Software Distribution System - - -An electronic software distribution system can help you efficiently move software to many computers over slow or fast network connections. The following section provides information and instructions to help you deploy the Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 components throughout your enterprise by using a software distribution system. - -**Note** -Whichever software distribution solution that you use, you must be familiar with the requirements of your particular solution. If you are using System Center Configuration Manager 2007 R2 or a later version, see the [Configuration Manager Documentation Library](https://go.microsoft.com/fwlink/?LinkId=66999) in the Microsoft Technical Library (https://go.microsoft.com/fwlink/?LinkId=66999). - - - -**Important** -If you are using System Center Configuration Manager 2007 SP2 and your MED-V workspaces are configured to operate in **NAT** mode, the virtual machines are classified as Internet-based clients and cannot find the closest distribution points from which to download content. - -The [hotfix to improve the functionality for VMs that are managed by MED-V](https://go.microsoft.com/fwlink/?LinkId=201088) (https://go.microsoft.com/fwlink/?LinkId=201088) adds new functionality to virtual machines that are managed by MED-V and that are configured to operate in **NAT** mode. The new functionality lets virtual machines access the closest distribution points. Therefore, the administrator can manage the virtual machine and the host computer in the same manner. This hotfix must be installed first on the site server and then on the client. - -The update is publicly available. However, you might be prompted to accept an agreement for Microsoft Services. Follow the prompts on the successive webpages to retrieve this hotfix. - - - -**Note** -You must install the MED-V workspace packager and build your MED-V workspaces before you can deploy the MED-V components through your software distribution system. For more information about how to prepare an image and to build your MED-V workspaces, see [Operations for MED-V](operations-for-med-v.md). - - - -**To deploy the MED-V components by using a software distribution system** - -1. Define a group of computers and users in the electronic software distribution system as the target set of computers/users. - -2. Create packages for each Microsoft installation file that needs to be distributed. The following are the required files and the order in which they must be installed: - - 1. **Windows Virtual PC** – if not already installed (a computer restart is required). For more information, see [Configure Installation Prerequisites](configure-installation-prerequisites.md). - - 2. **Windows Virtual PC Additions and Updates** – if not already installed. For more information, see [Configure Installation Prerequisites](configure-installation-prerequisites.md). - - 3. **MED-V Host Agent Installation File** – installs the Host Agent (MED-V\_HostAgent\_Setup installation file). For more information, see [How to Manually Install the MED-V Host Agent](how-to-manually-install-the-med-v-host-agent.md). - - **Warning** - Close Internet Explorer before you install the MED-V Host Agent, otherwise conflicts can occur later with URL redirection. You can also do this by specifying a computer restart during a distribution. - - 4. **MED-V Workspace Installer, VHD, and Setup Executable** – created in the **MED-V Workspace Packager**. For more information, see [Create a MED-V Workspace Package](create-a-med-v-workspace-package.md). - - **Important** - The compressed virtual hard disk file (.medv) and the Setup executable program (setup.exe) must be in the same folder as the MED-V workspace installer. Then, install the MED-V workspace installer by running setup.exe. - - **Tip** - Because problems that can occur when you install MED-V from a network location, we recommend that you copy the MED-V workspace setup files locally and then run setup.exe. - -3. Configure the packages to run in silent mode (no user interaction is required). - - Running in silent mode eliminates the prompt to close Internet Explorer if it is running and the prompt to start the MED-V Host Agent. Both actions are performed when the computer is restarted. - - **Note** - Installation of Windows Virtual PC requires you to restart the computer. You can create a single installation process and install all the components at the same time if you suppress the restart and ignore the prerequisites necessary for MED-V to install. You can also do this by using command-line arguments. For an example of these arguments, see [To install the MED-V components by using a batch file](#bkmk-batch). MED-V automatically starts when the computer is restarted. - -4. Install MED-V and its components before installing Windows Virtual PC. See the example batch file later in this topic. - - **Important** - Select the **IGNORE\_PREREQUISITES** option as shown in the example batch file so that the MED-V components can be installed prior to the required VPC components. Install the MED-V components in this order to allow for the single restart. - -5. Identify any other requirements necessary for the installation and for your software distribution system, such as target platforms and the free disk space. - -6. Assign the packages to the target set of computers/users. - - As computers are running, the software distribution system client recognizes that new packages are available and begins to install the packages per the definition and requirements. The installations should run sequentially in silent mode. We recommend that this is performed as a single process that does not require a restart until all the packages are installed. - -7. After the installations are complete, restart the updated computers. - - Depending on the software distribution system, you can schedule a restart of the computer or the end users can restart the computers manually during their regular work. After the computer is restarted, MED-V automatically starts after an end user logs on. When MED-V starts for the first time, it runs first time setup. - -First time setup starts and might take several minutes to finish, depending on the size of the virtual hard disk that you specified and the number of policies applied to the MED-V workspace on startup. The end user can track the progress by watching the MED-V icon in the notification area. For more information about first time setup, see [MED-V 2.0 Deployment Overview](med-v-20-deployment-overview.md). - -**To install the MED-V components by using a batch file** - -1. Run the installation at a command prompt with administrative credentials. - -2. Deploy each component to a single directory. If run from a network share, a longer time is required to decompress the .medv file. - -3. As a best practice, specify that Windows Virtual PC and the Windows Virtual PC hotfix are installed after the MED-V Host Agent and the MED-V workspace package files. This means that Windows Update will not cause any interference with the installation process by requiring a restart. - -4. Restart the computer after the batch file is finished. - -After the restart, the user is prompted to run first time setup and complete the configuration of MED-V. - -The following example, with the specified arguments, shows how to install 64-bit MED-V components in a single process: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ArgumentDescription

/norestart

Prevents the installation of Windows Virtual PC and the Windows Virtual PC update from restarting the host computer.

/quiet

Installs the MED-V components in quiet mode without user interaction.

/qn

Installs the MED-V components without a user interface.

IGNORE_PREREQUISITES

Installs without checking for Windows Virtual PC.

-
-Note

Only specify this argument if you are installing Windows Virtual PC as part of this installation.

-
-
- -

OVERWRITEVHD

Forces the installation of the MED-V workspace and prevents any prompts that it might generate.

- - - -## Example - - -``` syntax -:: Install MED-V and the Pre-requisites - -:: Install the MED-V Host Agent: install in quiet mode, ignore that Windows Virtual PC is not installed completely, and log results -start /WAIT .\MED-V_HostAgent_Setup.exe /qn IGNORE_PREREQUISITES=1 /l* %TEMP%\MEDVhost.log - -:: Install the MED-V Workspace: install in quiet mode, Overwrite the VHD if it already exists, and log results -start /WAIT .\setup.exe /qn OVERWRITEVHD=1 /l* %TEMP%\MEDVworkspace.log - -:: Install Windows Virtual PC: install in quiet mode and do not reboot -start /WAIT wusa.exe Windows6.1-KB958559-x64.msu /norestart /quiet - -:: Install Windows Virtual PC patch to support non-HAV: install in quiet mode and do not reboot -wusa.exe Windows6.1-KB977206-x64.msu /norestart /quiet - -:: After successful installation of the above components, a reboot of the host computer is required to complete installation. -``` - -## Related topics - - -[MED-V 2.0 Deployment Overview](med-v-20-deployment-overview.md) - -[Deploy the MED-V Components](deploy-the-med-v-components.md) - - - - - - - - - diff --git a/mdop/medv-v2/how-to-install-the-med-v-workspace-packager.md b/mdop/medv-v2/how-to-install-the-med-v-workspace-packager.md deleted file mode 100644 index 3411624601..0000000000 --- a/mdop/medv-v2/how-to-install-the-med-v-workspace-packager.md +++ /dev/null @@ -1,79 +0,0 @@ ---- -title: How to Install the MED-V Workspace Packager -description: How to Install the MED-V Workspace Packager -author: dansimp -ms.assetid: 627478e9-6798-4b32-9a50-7a1b72bea295 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Install the MED-V Workspace Packager - - -Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 includes a **MED-V Workspace Packager**, which the desktop administrator uses to create the MED-V workspace deployment packages that are distributed to the end users. The packager provides step-by-step guidance on how to create MED-V workspaces and contains wizards that help in the process. - -**Important**   -Before you start to run the wizards, make sure that you have a prepared VHD ready to install. For more information, see [Prepare a MED-V Image](prepare-a-med-v-image.md). - - - -This section provides step-by-step instructions for installing or repairing the **MED-V Workspace Packager**. - -**To install the MED-V Workspace Packager** - -1. Locate the MED-V installation files that you received as part of your software download. - -2. Double-click the MED-V\_WorkspacePackager\_Setup installation file. - - The **Microsoft Enterprise Desktop Virtualization (MED-V) Workspace Packager Setup** wizard opens. Click **Next** to continue. - -3. Accept the Microsoft Software License Terms, and then click **Next**. - -4. Select the destination folder for installing the MED-V Workspace Packager, and then click **Next**. - -5. To begin the installation, click **Install**. - -6. After the installation is completed successfully, click **Finish** to close the wizard. - - To verify that the installation of the packager was successful, click **Start**, click **All Programs**, click **Microsoft Enterprise Desktop Virtualization**, and then click **MED-V Workspace Packager.** - - For information about how to use the **MED-V Workspace Packager**, see [Create a MED-V Workspace Package](create-a-med-v-workspace-package.md). - -If the packager does not open as expected, you can try to repair the installation. - -**To repair the MED-V Workspace Packager installation** - -1. Double-click the MED-V\_WorkspacePackager\_Setup installation file. - - The **Microsoft Enterprise Desktop Virtualization (MED-V) Workspace Packager Setup** wizard opens. Click **Next** to continue. - -2. To repair errors that might have occurred in the installation, click **Repair**. - -3. To begin the repair process, click **Repair** again. - -4. After the repair is completed successfully, click **Finish** to close the wizard. - - To verify that the repair of the packager was successful, click **Start**, click **All Programs**, click **Microsoft Enterprise Desktop Virtualization**, and then click **MED-V Workspace Packager.** - -## Related topics - - -[How to Manually Install the MED-V Host Agent](how-to-manually-install-the-med-v-host-agent.md) - -[How to Uninstall the MED-V Components](how-to-uninstall-the-med-v-components.md) - - - - - - - - - diff --git a/mdop/medv-v2/how-to-manage-url-redirection-by-using-the-med-v-workspace-packager.md b/mdop/medv-v2/how-to-manage-url-redirection-by-using-the-med-v-workspace-packager.md deleted file mode 100644 index 017ed271d8..0000000000 --- a/mdop/medv-v2/how-to-manage-url-redirection-by-using-the-med-v-workspace-packager.md +++ /dev/null @@ -1,70 +0,0 @@ ---- -title: How to Manage URL Redirection by Using the MED-V Workspace Packager -description: How to Manage URL Redirection by Using the MED-V Workspace Packager -author: dansimp -ms.assetid: 1a8d25af-479f-42d3-bf5f-c7fd974bbf8c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# How to Manage URL Redirection by Using the MED-V Workspace Packager - - -You can use the MED-V Workspace Packager to manage URL redirection in the MED-V workspace. - -**To manage web address redirection in a MED-V workspace** - -1. To open the **MED-V Workspace Packager**, click **Start**, click **All Programs**, click **Microsoft Enterprise Desktop Virtualization**, and then click **MED-V Workspace Packager**. - -2. On the **MED-V Workspace Packager** main panel, click **Manage Web Redirection**. - -3. In the **Manage Web Redirection** window, you can type, paste, or import a list of the URLs that are redirected to Internet Explorer in the MED-V workspace. - - **Note** - URL redirection in MED-V only supports the protocols HTTP and HTTPS. MED-V does not provide support for FTP or any other protocols. - - - -~~~ -Enter each web address on a single line, for example: - -http://www.contoso.com/webapps/webapp1 - -http://www.contoso.com/webapps/webapp2 - -http://\*.contoso.com - -http://www.contoso.com/webapps/\* - -**Important** -If you import a text file that includes a URL that uses special characters (such as ~ ! @ \# and so on), make sure that you specify UTF-8 encoding when you save the text file. Special characters do not import correctly into the MED-V Workspace Packager if the text file was saved using the default ANSI encoding. -~~~ - - - -4. Click **Save as…** to save the updated URL redirection files in the specified folder. MED-V creates a registry file that contains the updated URL redirection information. Deploy the updated registry key by using Group Policy. For more information about how to use Group Policy, see [Group Policy Software Installation](https://go.microsoft.com/fwlink/?LinkId=195931) (https://go.microsoft.com/fwlink/?LinkId=195931). - - MED-V also creates a Windows PowerShell script in the specified folder that you can use to re-create the updated MED-V workspace package. - -## Related topics - - -[How to Add or Remove URL Redirection Information in a Deployed MED-V Workspace](how-to-add-or-remove-url-redirection-information-in-a-deployed-med-v-workspace.md) - -[Manage MED-V URL Redirection](manage-med-v-url-redirection.md) - - - - - - - - - diff --git a/mdop/medv-v2/how-to-manually-install-the-med-v-host-agent.md b/mdop/medv-v2/how-to-manually-install-the-med-v-host-agent.md deleted file mode 100644 index 7f5beda9c6..0000000000 --- a/mdop/medv-v2/how-to-manually-install-the-med-v-host-agent.md +++ /dev/null @@ -1,73 +0,0 @@ ---- -title: How to Manually Install the MED-V Host Agent -description: How to Manually Install the MED-V Host Agent -author: dansimp -ms.assetid: 4becc90b-6481-4e1f-a4d3-aec74c8821ec -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Manually Install the MED-V Host Agent - - -There are two separate but related components to the Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 solution: the MED-V Host Agent and Guest Agent. The Host Agent resides on the host computer (a user’s computer that is running Windows 7) and provides a channel to communicate with the MED-V guest (the MED-V virtual machine running in the host computer). It also provides certain MED-V related functionality, such as application publishing. - -Typically, you deploy and install the MED-V Host Agent by using your company’s preferred method of provisioning software. However, before deploying MED-V across your enterprise, you might prefer to install the Host Agent locally for testing. This section provides step-by-step instructions for manually installing the MED-V Host Agent. - -**Note**   -The MED-V Guest Agent is installed automatically during first time setup. - - - -**Important**   -Close Internet Explorer before you install the MED-V Host Agent, otherwise conflicts can occur later with URL redirection. You can also do this by specifying a computer restart during a distribution. - - - -**To install the MED-V Host Agent** - -1. Locate the MED-V installation files that you received as part of your software download. - -2. Double-click the MED-V\_HostAgent\_Setup installation file. - - The **Microsoft Enterprise Desktop Virtualization (MED-V) Host Agent Setup** wizard opens. Click **Next** to continue. - -3. Accept the Microsoft Software License Terms, and then click **Next**. - -4. Select the destination folder for installing the MED-V Host Agent. Click **Next**. - -5. To begin the Host Agent installation, click **Install**. - -6. After the installation is completed successfully, click **Finish** to close the wizard. - - To verify that the installation of the Host Agent was successful, click **Start**, click **All Programs**, click **Microsoft Enterprise Desktop Virtualization**, and then click **MED-V Host Agent**. - -**Note**   -Until a MED-V workspace is installed, the MED-V Host Agent can be started and runs, but provides no functionality. - - - -## Related topics - - -[How to Deploy the MED-V Components Through an Electronic Software Distribution System](how-to-deploy-the-med-v-components-through-an-electronic-software-distribution-system.md) - -[How to Install the MED-V Workspace Packager](how-to-install-the-med-v-workspace-packager.md) - -[How to Uninstall the MED-V Components](how-to-uninstall-the-med-v-components.md) - - - - - - - - - diff --git a/mdop/medv-v2/how-to-publish-and-unpublish-an-application-on-the-med-v-workspace.md b/mdop/medv-v2/how-to-publish-and-unpublish-an-application-on-the-med-v-workspace.md deleted file mode 100644 index 828340b98c..0000000000 --- a/mdop/medv-v2/how-to-publish-and-unpublish-an-application-on-the-med-v-workspace.md +++ /dev/null @@ -1,111 +0,0 @@ ---- -title: How to Publish and Unpublish an Application on the MED-V Workspace -description: How to Publish and Unpublish an Application on the MED-V Workspace -author: dansimp -ms.assetid: fd5a62e9-0577-44d2-ae17-61c0aef78ce8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Publish and Unpublish an Application on the MED-V Workspace - - -Even though an application is installed in a MED-V workspace, you might also have to publish the application before it becomes available to the end user. By default, most applications are published at the time that they are installed and shortcuts are created and enabled. - -In some cases, you might want to install applications on the MED-V workspace without making them available to the end user, for example, virus-scanning software. Similarly, there are occasions in which you want to publish an application that is installed on the MED-V workspace that was previously unavailable to the end user. For example, you might have to publish an installed application if the installation did not automatically create a shortcut on the **Start** menu. - -**Important**   -If you publish an application that does not support UNC paths, we recommend that you map the application to a drive. - - - -You can publish or unpublish applications to a deployed MED-V workspace by performing one of the following tasks: - -**To publish or unpublish an installed application** - -1. To publish an application on a deployed MED-V workspace, copy a shortcut for that application to the following folder on the virtual machine: - - C:\\Documents and Settings\\All Users\\Start Menu - - If it is necessary, use Group Policy or an ESD system to deploy a script that copies the shortcut for that application to the All Users\\Start Menu folder. - -2. To unpublish an application on a deployed MED-V workspace, delete the shortcut for that application from the following folder on the virtual machine: - - C:\\Documents and Settings\\All Users\\Start Menu - - If it is necessary, use Group Policy or an ESD system to deploy a script that deletes the shortcut for that application from the All Users\\Start Menu folder. - - **Note**   - Frequently, the shortcut is automatically deleted from the host computer **Start** menu when you uninstall the application. However, in some cases, such as for a MED-V workspace that is configured for all users of a shared computer, you might have to manually delete the shortcut on the **Start** menu after the application is uninstalled. The end-user can do this by right-clicking the shortcut and selecting **Delete**. - - - -To test that the application was published or unpublished, verify on the MED-V workspace whether the corresponding shortcut is available or not. - -**Note**   -Applications that are included in Windows XP SP3 and are located in the virtual machine Start Menu folder are not automatically published to the host. They are controlled by registry settings that block automatic publishing. For more information, see [Windows Virtual PC Application Exclude List](windows-virtual-pc-application-exclude-list.md). - - - -**To publish Control Panel items** - -1. Create a shortcut on the virtual machine where the target is the name of the item, such as C:\\WINDOWS\\system32\\appwiz.cpl. - - The shortcut must be either created in or moved to the "%ALLUSERSPROFILE%\\Start Menu\\" folder or one of its subfolders. - - The item will be published to the host computer in the corresponding location in the host Start Menu folder. - -2. Start the shortcut for the item in the host. - -**Caution**   -When you create the shortcut, do not specify %SystemRoot%\\control.exe. This application will not be published because it is contained in the registry settings that block automatic publishing. - - - -**How MED-V handles automatic application publishing** - -1. During application publishing, MED-V copies the shortcuts from the guest virtual machine to the host computer by trying to match the folder hierarchy that exists in the guest. By doing this, MED-V copies shortcuts from the guest to the host by following these steps: - - 1. MED-V tries to locate a folder under Start Menu\\Programs in the host computer that is named the same as the folder in the guest where the shortcut resides. - - 2. If there is no matching folder, MED-V then tries to locate a folder in the host Start Menu folder that is named the same as the folder in the guest where the shortcut resides. - - 3. If there is no matching folder, MED-V copies the shortcut to the default folder on the host, the Start Menu\\Programs folder. - -2. Example of application publishing process: - - 1. If an application shortcut is published to the Start Menu\\Programs\\AppShortcuts folder in the guest, then MED-V looks in the host computer for a Start Menu\\Programs\\ AppShortcuts folder and if found, copies the shortcut to that folder. - - 2. If the folder is not found, then MED-V looks in the host computer for a Start Menu\\AppShortcuts folder and if found, copies the shortcut to that folder. - - 3. If the folder is not found, then MED-V copies the shortcut to the Start Menu\\Programs folder. - -**Note**   -A folder must already exist in the host computer Start Menu folder for MED-V to copy the shortcut there. MED-V does not create the folder if it does not already exist. - - - -## Related topics - - -[Installing and Removing an Application on the MED-V Workspace](installing-and-removing-an-application-on-the-med-v-workspace.md) - -[Managing Software Updates for MED-V Workspaces](managing-software-updates-for-med-v-workspaces.md) - -[Windows Virtual PC Application Exclude List](windows-virtual-pc-application-exclude-list.md) - - - - - - - - - diff --git a/mdop/medv-v2/how-to-test-application-publishing.md b/mdop/medv-v2/how-to-test-application-publishing.md deleted file mode 100644 index 2270008b6e..0000000000 --- a/mdop/medv-v2/how-to-test-application-publishing.md +++ /dev/null @@ -1,75 +0,0 @@ ---- -title: How to Test Application Publishing -description: How to Test Application Publishing -author: dansimp -ms.assetid: 17ba2e12-50a0-4f41-8300-f61f09db9f6c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 11/01/2016 ---- - - -# How to Test Application Publishing - - -After your test of first time setup finishes, you can verify that the application publishing functionality is working as expected by performing the following tasks. - -**To test application publishing** - -1. Verify that the applications that you specified for publishing are visible. - - Click **Start** and then click **All Programs** and search for the specified applications. - - In some cases, you might have the same application installed two times, one time on the host computer and one time on the guest. If a published application that has the same name is published to the same location on the host **Start** menu, it is distinguished from the host application shortcut by adding the virtual machine name to the shortcut name. For example, for a virtual machine named “MEDVHost1”, a host application might be "Notepad" and a published application might be "Notepad (MEDVHost1)". - -2. Verify that the applications function as intended. - - On the host computer, start the applications that you published and verify that they open in Windows XP SP3 on the guest. The application must appear in a Windows XP-style window on the host computer desktop. - -3. If applicable, verify that document redirection functions as intended. - - If a published application on the guest has to open a folder on the host system drive, ensure that it can open the specified folder. - - **Important**   - Because Windows Virtual PC does not support creating a share from a folder that is already shared, redirection does not occur for any documents that open from a shared folder, such as a My Documents folder that is located on the network. For more information, see [Operations Troubleshooting](operations-troubleshooting-medv2.md). - -After you have verified that published applications are installed and functioning correctly, you can test whether applications can be added or removed from the MED-V workspace. - -**To test that an application can be added or removed** - -1. Add or remove an application from the MED-V workspace. - - For information about how to add and remove applications from a MED-V workspace, see [Managing Applications Deployed to MED-V Workspaces](managing-applications-deployed-to-med-v-workspaces.md). - -2. If you added an application, repeat the steps in [To Test Application Publishing](#bkmk-apppub) to verify that the new application functions as intended. - -3. If you removed an application, click **Start** and then click **All Programs** and verify that any applications that you removed are no longer listed. - -**Note**   -If you encounter any problems when verifying your application publication settings, see [Operations Troubleshooting](operations-troubleshooting-medv2.md). - -After you have completed testing application publishing, you can test other MED-V workspace configurations to verify that they function as intended. - -After you have completed testing your MED-V workspace package and have verified that it is functioning as intended, you can deploy the MED-V workspace to your enterprise. - -## Related topics - -[How to Test URL Redirection](how-to-test-url-redirection.md) - -[How to Verify First Time Setup Settings](how-to-verify-first-time-setup-settings.md) - -[Deploying the MED-V Workspace Package](deploying-the-med-v-workspace-package.md) - - - - - - - - - diff --git a/mdop/medv-v2/how-to-test-url-redirection.md b/mdop/medv-v2/how-to-test-url-redirection.md deleted file mode 100644 index 3a46ee7100..0000000000 --- a/mdop/medv-v2/how-to-test-url-redirection.md +++ /dev/null @@ -1,72 +0,0 @@ ---- -title: How to Test URL Redirection -description: How to Test URL Redirection -author: dansimp -ms.assetid: 38d80088-da1d-4098-b27e-76f9e78f81dc -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 11/01/2016 ---- - - -# How to Test URL Redirection - - -After your test of first time setup finishes, you can verify that the URL redirection functionality is working as expected by performing the following tasks. - -**Important**   -The MED-V Host Agent must be running for URL redirection to function correctly. - -**To test URL Redirection** - -1. Open an Internet Explorer browser in the host computer and enter a URL that you specified for redirection. - -2. Verify that the webpage is opened in Internet Explorer on the guest virtual machine. - -3. Repeat this process for each URL that you want to test. - -**To test that a URL can be added or removed** - -1. Add or remove a URL from the MED-V workspace. - - For information about how to add and remove URLs for redirection on a MED-V workspace, see [Manage MED-V URL Redirection](manage-med-v-url-redirection.md). - -2. If you added a URL to the redirection list, repeat the steps in [To Test URL Redirection](#bkmk-urlredir) to verify that the new URL redirects as intended. - -3. If you removed a URL from the redirection list, verify that it is removed by following these steps: - - 1. Open an Internet Explorer browser in the host computer and enter the URL that you removed from the redirection list. - - 2. Verify that the webpage is opened in Internet Explorer on the host computer instead of on the guest virtual machine. - - **Note**   - It can take several seconds for the URL redirection changes to take place. - -**Note**   -If you encounter any problems when verifying your URL redirection settings, see [Operations Troubleshooting](operations-troubleshooting-medv2.md). - -After you have completed testing URL redirection in your MED-V workspace, you can test other configurations to verify that they function as intended. - -After you have completed testing your MED-V workspace package and have verified that it is functioning as intended, you can deploy the MED-V workspace to your enterprise. - -## Related topics - -[How to Test Application Publishing](how-to-test-application-publishing.md) - -[How to Verify First Time Setup Settings](how-to-verify-first-time-setup-settings.md) - -[Deploying the MED-V Workspace Package](deploying-the-med-v-workspace-package.md) - - - - - - - - - diff --git a/mdop/medv-v2/how-to-uninstall-the-med-v-components.md b/mdop/medv-v2/how-to-uninstall-the-med-v-components.md deleted file mode 100644 index f1eeaa5b43..0000000000 --- a/mdop/medv-v2/how-to-uninstall-the-med-v-components.md +++ /dev/null @@ -1,96 +0,0 @@ ---- -title: How to Uninstall the MED-V Components -description: How to Uninstall the MED-V Components -author: dansimp -ms.assetid: c121dd27-6b2f-4d41-a21a-c6e8608c5c41 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Uninstall the MED-V Components - - -Under certain circumstances, you might want to uninstall all or part of the Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 components from your enterprise. For example, you have resolved all application operating system compatibility issues, or you want to deploy a different MED-V workspace in your enterprise. - -Typically, you can configure your electronic software distribution (ESD) system to uninstall the MED-V components by using a Windows-based Installer. Alternately, you can uninstall all or some MED-V components manually. - -**Important**   -Before you can uninstall the MED-V Host Agent, you must first uninstall any installed MED-V workspace. - - - -Use the following procedures to uninstall the MED-V components from your enterprise. - -**To uninstall MED-V using an electronic software distribution System** - -1. Use your ESD system to distribute a script that invokes the uninstall.exe executable program for every MED-V workspace that you want to uninstall. The file is located at C:\\ProgramData\\Microsoft\\Medv\\Workspace. You can set a flag to run the uninstall executable program silently so that end users are unaware of the uninstallation. - -2. Create a package to distribute the MED-V Host Agent installation file to each computer on which a MED-V workspace was uninstalled. Configure the package to run the uninstallation in silent mode. - -The ESD client recognizes when the new packages are available and starts to uninstall the packages per the definition and requirements. - -**To manually uninstall a MED-V workspace** - -1. On the host computer, click **Start**, click **Control Panel**, and then click **Programs and Features**. - -2. In the **Programs and Features** window, select the MED-V workspace that you want to remove, and then click **Uninstall**. (The MED-V workspace is named "MED-V Workspace - <*workspace\_name*>"). The <*workspace\_name*> **Setup Wizard** opens. - -3. On the **Setup Wizard**, click **Next**, and then click **Remove**. - -4. If you prefer, select the check box to delete the master VHD disk and differencing disks created by MED-V. This is not required, but frees disk space after the uninstallation finishes. - -5. Click **Remove**. - - **Note**   - If MED-V is currently running, a dialog box appears and prompts you whether you want to shut it down. Click **Yes** to continue with the uninstallation. Click **No** to cancel the uninstallation. - - - -Alternately, you can remove a MED-V workspace by running the `uninstall.exe` file, typically located at C:\\ProgramData\\Microsoft\\Medv\\Workspace. - -**To manually uninstall the MED-V Host Agent** - -1. On the Windows 7 host computer, click **Start**, click **Control Panel**, and then click **Programs and Features**. - -2. In the **Programs and Features** window, select **MED-V Host Agent**, and then click **Uninstall**. - - The Windows Installer removes the MED-V Host Agent. - - **Note**   - If you try to uninstall the MED-V Host Agent before you uninstall the MED-V workspace, a dialog box appears that states that you must first uninstall the MED-V workspace. Click **OK** to continue. - - - -**To manually uninstall the MED-V Workspace Packager** - -1. On the host computer, click **Start**, click **Control Panel**, and then click **Programs and Features**. - -2. In the **Programs and Features** window, select **MED-V Workspace Packager**, and then click **Uninstall**. - - The Windows Installer removes the MED-V Workspace Packager. - - **Note**   - You can uninstall the MED-V Workspace Packager at any time without affecting any deployed MED-V workspaces. - - - -## Related topics - - -[Deploy the MED-V Components](deploy-the-med-v-components.md) - - - - - - - - - diff --git a/mdop/medv-v2/how-to-verify-first-time-setup-settings.md b/mdop/medv-v2/how-to-verify-first-time-setup-settings.md deleted file mode 100644 index 4be201579a..0000000000 --- a/mdop/medv-v2/how-to-verify-first-time-setup-settings.md +++ /dev/null @@ -1,111 +0,0 @@ ---- -title: How to Verify First Time Setup Settings -description: How to Verify First Time Setup Settings -author: dansimp -ms.assetid: e8a07d4c-5786-4455-ac43-2deac4042efd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# How to Verify First Time Setup Settings - - -While your test of first time setup is running or after it finishes, you can verify the settings that you configured in your MED-V workspace by performing the following tasks. - -**Note**   -For information about how to monitor the successful completion of first time setup throughout your enterprise after deployment, see [Monitoring MED-V Workspace Deployments](monitoring-med-v-workspace-deployments.md). - - - -**To verify settings during first time setup** - -1. While first time setup is running, verify the following: - - If you specified **Unattended** mode, verify that the virtual machine does not appear when first time setup is running. - - If you specified attended mode, verify that the virtual machine appears and that all fields that require user input are displayed. - -2. You can also monitor the complete first time setup process by viewing the virtual machine when first time setup is running. To do this, follow these steps: - - 1. Open the Windows Virtual PC Console. - - Click **Start**, click **All Programs**, click **Windows Virtual PC**, and then click **Windows Virtual PC**. - - 2. Start MED-V if it is not already running. - - If not already present, in a short time, a virtual machine with the name of the deployed MED-V workspace appears in the list of virtual machines. - - 3. Double-click the MED-V virtual machine to open it. - - You can observe the MED-V virtual machine when it is being set up, and you can troubleshoot the Mini-Setup procedure. Verify the information in the different screens as they go by, such as configuring networking settings, computer domain join information, configuring of the Guest Agent, set up of personal settings, and shutdown. - - 4. The virtual machine closes automatically when first time setup finishes. - - **Note**   - You can close the virtual machine window at any time and first time setup continues. - - - -**To verify settings after first time setup finishes** - -1. Ensure that first time setup finished successfully. - -2. Verify that the MED-V workspace is set up correctly. - - 1. Open the Windows Virtual PC Console. - - Click **Start**, click **All Programs**, click **Windows Virtual PC**, and then click **Windows Virtual PC**. - - 2. Double-click your installed MED-V workspace. - - If the MED-V workspace is already running a virtual application, you might be prompted to close the application before you can open the virtual machine. - - 3. In the MED-V workspace, right-click **My Computer**, and then click **Properties**. - - 4. Verify that the MED-V workspace joined the correct domain. If applicable to your organization, test domain joining by specifying two different domains to verify that the guest domain is overridden by the host domain. - - 5. Verify that the MED-V workspace joined the domain organizational unit that you specified. - - 6. If you specified the computer name mask, verify that the new computer name matches what was specified. - -3. Verify that the locale settings that you specified are correct. - - 1. In the MED-V workspace, click **Start** and then click **Control Panel**. - - 2. Verify your specified configuration settings, for example, **Date and Time** and **Regional and Language**. - -**Note**   -If you encounter any problems when verifying your first time setup settings, see [Operations Troubleshooting](operations-troubleshooting-medv2.md). - - - -After you have verified that your first time setup settings are correct, you can test other MED-V workspace configurations to verify that they function as intended, such as application publishing and URL redirection. - -After you have completed all testing of your MED-V workspace package and have verified that it is functioning as intended, you can deploy the MED-V workspace to your enterprise. - -## Related topics - - -[How to Test Application Publishing](how-to-test-application-publishing.md) - -[How to Test URL Redirection](how-to-test-url-redirection.md) - -[Deploying the MED-V Workspace Package](deploying-the-med-v-workspace-package.md) - -[Manage MED-V Workspace Settings](manage-med-v-workspace-settings.md) - - - - - - - - - diff --git a/mdop/medv-v2/identifying-the-number-and-types-of-med-v-workspaces.md b/mdop/medv-v2/identifying-the-number-and-types-of-med-v-workspaces.md deleted file mode 100644 index 0b5b8bf849..0000000000 --- a/mdop/medv-v2/identifying-the-number-and-types-of-med-v-workspaces.md +++ /dev/null @@ -1,123 +0,0 @@ ---- -title: Identifying the Number and Types of MED-V Workspaces -description: Identifying the Number and Types of MED-V Workspaces -author: dansimp -ms.assetid: 11642253-6b1f-4c4a-a11e-48d8a360e1ea -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Identifying the Number and Types of MED-V Workspaces - - -MED-V creates a virtual environment for running applications that require Windows XP or that require a version of Internet Explorer that differs from the version on the host computer. This virtual environment is known as a MED-V workspace. - -Depending on the application compatibility requirements faced by your organization as you migrate to Windows 7, only certain users or departments might require MED-V workspaces. As you plan your deployment, you have to determine the number of MED-V workspaces required in your enterprise. You also have to define the requirements of each MED-V workspace. - -## Identify the Number and Types of MED-V Workspaces - - -Identify the computers and groups in your enterprise for which you will be creating MED-V workspaces. Typically, these are the users who require access to those applications that cannot be migrated to Windows 7. Identify those applications that cannot be migrated and the users who require a MED-V workspace to run these applications. - -You might also have intranet addresses that have not yet been optimized for Windows 7. The MED-V workspace provides an Internet Explorer browser through which end users can better access those web addresses that are not yet ready for the migration to Windows 7. As you are preparing and planning your MED-V deployment, you will have to identify and compile a list of the URL addresses to redirect from Internet Explorer on the host computer to Internet Explorer in the MED-V workspace. - -Finally, you have to evaluate your disk space requirements. Most MED-V workspaces are 2 gigabytes (GB) or larger. The available disk space on a system can be consumed quickly, depending on the number of users and the configuration of MED-V. Also, your company’s preferred method of distribution can require additional space. Generally, you should free a minimum of 10 GB of disk space for a MED-V workspace, but this varies greatly, depending on the size of the image. - -### Calculate the Disk Space Requirements for MED-V Workspaces - -A MED-V workspace requires memory and disk space from the host computer on which it is installed. At a minimum, 2 GB of disk space are required on the host. Disk space is variable and depends on the number of applications and the data in a user’s MED-V workspace. - -We recommend a minimum of 10 GB of disk space for MED-V. This amount allows for a basic Windows XP workspace and some basic installed applications and web redirection. It also provides available space for the host swap drive. In a basic configuration, MED-V and a single deployed MED-V workspace consume as much as 6 to 8 GB. If you include lots of applications on the MED-V workspace or have more than one user per computer, then you can use the following calculation to more accurately determine the disk space your MED-V workspace requires: - -*Base VHD + (User per computer x (Difference Disk + Saved State))* - -To calculate the required disk space, determine the following: - -- **Size of the base VHD** – the virtual hard disk that was used to create the MED-V workspace. - - **Important**   - Do not use the .medv file size for your calculation because the .medv file is compressed. - - - -- **Users per computer** – MED-V creates a MED-V workspace for each user on a computer; the MED-V workspace consumes disk space as each user logs on and the MED-V workspace is created. - -- **Size of the differencing disk** – used to track the difference from the base VHD. This size varies as you add applications and software updates to the virtual hard disk. A differencing disk is created for each MED-V user when they start MED-V for the first time. - -- **Size of the Saved State file** – used to maintain state in the virtual machine. Typically, this is just a bit larger than the allocated RAM for the virtual machine. For example, 1 GB of RAM allocated creates a file about 1,081,000 KB. - -The following example shows a calculation based on three users of a MED-V workspace that has a 2.6 GB virtual hard disk: - -*2.6gb + (3 x (1.5gb + 1gb)) = 10.1gb* - -**Note**   -A MED-V best practice is to calculate the required space by using a lab deployment to validate the requirements. - - - -### Locate the Files to Determine File Size - -The following locations contain the files for the computer and user settings: - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
TypeLocationFiles

Base VHD

%ProgramData%\Microsoft\Medv\Workspace

InternalName.vhd - Where InternalName is the name of the virtual hard disk that you selected in the MED-V Workspace Packager.

Differencing Disk

%LocalAppData%\Microsoft\MEDV\v2\Virtual Machines

WorkspaceName.vhd

Saved State File

%LocalAppData%\Microsoft\MEDV\v2\Virtual Machines

WorkspaceName.vsv

- - - -### Calculate the Disk Space Requirements for Shared MED-V Workspaces - -If you are calculating for a shared MED-V workspace deployment on a single computer, then the number of users per computer in your calculation is always “1” because MED-V only configures a single differencing disk for all users. - -You can find the differencing disk and the saved state file for shared MED-V workspaces in %ProgramData%\\Microsoft\\Medv\\AllUsers. - -## Related topics - - -[Define and Plan your MED-V Deployment](define-and-plan-your-med-v-deployment.md) - -[Planning for MED-V](planning-for-med-v.md) - - - - - - - - - diff --git a/mdop/medv-v2/images/med-v2logo.gif b/mdop/medv-v2/images/med-v2logo.gif deleted file mode 100644 index 4334fde270..0000000000 Binary files a/mdop/medv-v2/images/med-v2logo.gif and /dev/null differ diff --git a/mdop/medv-v2/index.md b/mdop/medv-v2/index.md deleted file mode 100644 index aa6fcbf448..0000000000 --- a/mdop/medv-v2/index.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -title: Microsoft Enterprise Desktop Virtualization 2.0 -description: Microsoft Enterprise Desktop Virtualization 2.0 -author: dansimp -ms.assetid: 84109be0-4613-42e9-85fc-fcda8de6e4c4 -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Microsoft Enterprise Desktop Virtualization 2.0 - - -![med-v logotype](images/med-v2logo.gif) - -Welcome to Microsoft Enterprise Desktop Virtualization (MED-V) 2.0. MED-V 2.0 uses Windows Virtual PC to provide an enterprise solution for desktop virtualization. By using MED-V, you can easily create, deliver, and manage corporate Windows Virtual PC images on any Windows-based desktop running Windows 7 Professional, Enterprise, or Windows 7 Ultimate. - -MED-V is an integral component of the Microsoft Desktop Optimization Pack, a dynamic solution available to Software Assurance customers, which helps reduce software installation costs, enables delivery of applications as services, and helps manage and control enterprise desktop environments. - -For more information about how to perform MED-V tasks, use the following sections. - -## In This Section - - -[Getting Started with MED-V](getting-started-with-med-vmedv2.md) - -[Planning for MED-V](planning-for-med-v.md) - -[Deployment of MED-V](deployment-of-med-v.md) - -[Operations for MED-V](operations-for-med-v.md) - -[Troubleshooting MED-V](troubleshooting-med-vmedv2.md) - -[Security and Protection for MED-V](security-and-protection-for-med-v.md) - -[Technical Reference for MED-V](technical-reference-for-med-v.md) - -## Reference - - -For more information about MED-V, see - -[Microsoft Windows Enterprise: Improving Virtual PCs with MED-V](https://go.microsoft.com/fwlink/?LinkId=195917) (https://go.microsoft.com/fwlink/?LinkId=195917). - -  - -  - - - - - diff --git a/mdop/medv-v2/installing-and-removing-an-application-on-the-med-v-workspace.md b/mdop/medv-v2/installing-and-removing-an-application-on-the-med-v-workspace.md deleted file mode 100644 index 211567c714..0000000000 --- a/mdop/medv-v2/installing-and-removing-an-application-on-the-med-v-workspace.md +++ /dev/null @@ -1,105 +0,0 @@ ---- -title: Installing and Removing an Application on the MED-V Workspace -description: Installing and Removing an Application on the MED-V Workspace -author: dansimp -ms.assetid: 24f32720-51ab-4385-adfe-4f5a65e45fdf -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Installing and Removing an Application on the MED-V Workspace - - -Applications that are incompatible with the host operating system can be run in the MED-V workspace and opened in the MED-V workspace in the same manner in which they are opened from the host computer, on the **Start** menu or by using a localhost shortcut. - -After you have deployed a MED-V workspace, you have several different options available to you for installing and removing applications in the MED-V workspace. These options include the following: - -- [Using Group Policy](#bkmk-grouppolicy) - -- [Using an Electronic Software Distribution System](#bkmk-esd) - -- [Using Application Virtualization (APP-V)](#bkmk-appv) - -- [Updating the Core Image](#bkmk-coreimage) - -**Important**   -To make sure that an installed application is automatically published to the host, install the application on the virtual machine for **All Users**. For more information about application publishing, see [How to Publish and Unpublish an Application on the MED-V Workspace](how-to-publish-and-unpublish-an-application-on-the-med-v-workspace.md). - - - -**Tip**   -MED-V does not support guest-to-host redirection for content handling, such as double-clicking a Microsoft Word document in Internet Explorer in the MED-V workspace. Therefore, the required applications, such as Microsoft Word, must be installed in MED-V workspace to provide the default content handling functionality that an end user might expect. - - - -## Adding and Removing Applications by Using Group Policy - - -You can use Group Policy and Group Policy objects to assign or publish applications to all or some MED-V workspaces in your enterprise. For assigned applications, when an end user logs on to their computer, the application appears on the **Start** menu. When they select the new application for the first time, the application installs and is ready for use. For published applications, the application does not appear on the **Start** menu. It is only available for the end user to install by using **Add or Remove Programs** in **Control Panel** or by opening a file that is associated with the application. - -You can also use Group Policy and Group Policy objects in the same manner to remove applications from the MED-V workspace. - -For more information about how to add and remove applications by using Group Policy, see [Group Policy Software Installation](https://go.microsoft.com/fwlink/?LinkId=195931) (https://go.microsoft.com/fwlink/?LinkId=195931). - -## Adding and Removing Applications by Using an ESD System - - -An electronic software distribution (ESD) system is designed to efficiently deploy software and other information to many different computers over network connections. If your organization uses an ESD system to deploy software, you can use it to add and remove applications on MED-V workspaces just as you add and remove applications on physical computers. - -## Adding and Removing Applications by Using APP-V - - -Microsoft Application Virtualization (App-V) provides the administrative capability to make applications available to end-user computers without having to install the applications directly on those computers. You might want to use MED-V and App-V together if, for example, your organization has applications that you sequenced with App-V in Windows XP, and re-sequencing them would delay your migration to Windows 7. - -You can use MED-V together with App-V to add and remove virtual applications on a deployed MED-V workspace. To manage applications in this manner, you must first install the App-V agent on the MED-V guest operating system. You can then use App-V in the MED-V workspace to add and remove the virtual applications. - -For information about how to install and use App-V, see [Application Virtualization](https://go.microsoft.com/fwlink/?LinkId=122939) (https://go.microsoft.com/fwlink/?LinkId=122939). - -**Important**   -App-V applications that you publish to the MED-V workspace have file-type associations that cannot redirect from the host computer to the guest virtual machine. However, the end user can still access these file types by clicking **File**, and then by clicking **Open** on the published App-V application. - -To force redirection of those file-type associations, query App-V for mapped file type associations by typing the following at a command prompt in the guest virtual machine: **sftmime /QUERY OBJ:TYPE**. Then, map those file type associations in the host computer. - - - -## Adding and Removing Applications on the Core Image - - -Although not considered a MED-V best practice, you can add and remove applications directly on the core image. After you have added or removed an application, you can redeploy the MED-V workspace back out to your enterprise just as you deployed it originally. - -For more information about how to add or remove applications on the core image, see [Installing Applications on a Windows Virtual PC Image](installing-applications-on-a-windows-virtual-pc-image.md). - -**Important**   -We do not recommend this method of managing applications. If you add or remove applications on the core image and redeploy the MED-V workspace back out to your enterprise, first time setup must run again, and any data saved on the virtual machine is lost. - - - -**Note**   -Even though an application is installed into a MED-V workspace, you might also have to publish the application before it becomes available to the end user. For example, you might have to publish an installed application if the installation did not automatically create a shortcut on the **Start** menu. Likewise, to unpublish an application, you might have to manually remove a shortcut from the **Start** menu. - -By default, most applications are published at the time that they are installed, when shortcuts are automatically created and enabled. - - - -## Related topics - - -[How to Test Application Publishing](how-to-test-application-publishing.md) - -[How to Publish and Unpublish an Application on the MED-V Workspace](how-to-publish-and-unpublish-an-application-on-the-med-v-workspace.md) - - - - - - - - - diff --git a/mdop/medv-v2/installing-applications-on-a-windows-virtual-pc-image.md b/mdop/medv-v2/installing-applications-on-a-windows-virtual-pc-image.md deleted file mode 100644 index 79b0dac9fd..0000000000 --- a/mdop/medv-v2/installing-applications-on-a-windows-virtual-pc-image.md +++ /dev/null @@ -1,70 +0,0 @@ ---- -title: Installing Applications on a Windows Virtual PC Image -description: Installing Applications on a Windows Virtual PC Image -author: dansimp -ms.assetid: 32651eff-e3c6-4ef4-947d-2beddc695eac -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Installing Applications on a Windows Virtual PC Image - - -After you have created a Windows Virtual PC image for use with Microsoft Enterprise Desktop Virtualization (MED-V) 2.0, you can install other components that are helpful when running MED-V, such as an electronic software distribution (ESD) system and antivirus software. - -The following section provides information to help you install software on the MED-V image. - -**Caution**   -For ease of MED-V workspace management after deployment, we recommend that you limit the number of components that you install on the MED-V image to those components that are required or that are helpful when using MED-V. For example, although they are not required to run MED-V, you can install an ESD system to use later for installing applications to a MED-V workspace and antivirus software for security on the image. - - - -**Installing Software on a MED-V Image** - -1. If it is not currently running, open your MED-V virtual machine. - - 1. Click **Start**, click **All Programs**, click **Windows Virtual PC** and then click **Windows Virtual PC**. - - 2. Double-click your MED-V virtual machine. - -2. From inside the virtual machine operating system, locate the installation files for the software that you want to install. - -3. Follow the installation instructions that are provided by the software vendor. - - **Note**   - After installation is complete, you might have to close and then restart the virtual machine. - - - -Repeat these steps for any software or application that you want to install on the MED-V image. We recommend that you limit the number of applications that you preinstall on the image. The recommended process for installing applications and other software on the image is to preinstall an ESD system now and to use it later to deploy software to the image. Alternately, you can also use Group Policy or App-V to add or remove applications on a MED-V workspace. For more information, see [Managing Applications Deployed to MED-V Workspaces](managing-applications-deployed-to-med-v-workspaces.md). - -For more information about how to install software on a virtual image, see the following articles: - -- [Publish and Use Virtual Applications](https://go.microsoft.com/fwlink/?LinkId=195926) (https://go.microsoft.com/fwlink/?LinkId=195926). - -- [Windows Virtual PC Help](https://go.microsoft.com/fwlink/?LinkId=182378) (https://go.microsoft.com/fwlink/?LinkId=182378). - -After you have installed all of the software that you want on the MED-V image, your image is ready to be packaged. - -## Related topics - - -[Configuring a Windows Virtual PC Image for MED-V](configuring-a-windows-virtual-pc-image-for-med-v.md) - -[Prepare a MED-V Image](prepare-a-med-v-image.md) - - - - - - - - - diff --git a/mdop/medv-v2/manage-med-v-url-redirection.md b/mdop/medv-v2/manage-med-v-url-redirection.md deleted file mode 100644 index e96d3304dc..0000000000 --- a/mdop/medv-v2/manage-med-v-url-redirection.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: Manage MED-V URL Redirection -description: Manage MED-V URL Redirection -author: dansimp -ms.assetid: 274161c0-b54a-4364-bb63-89996afccd04 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Manage MED-V URL Redirection - - -After you deploy your MED-V workspace, you can select from different methods to add or remove URL redirection information in the MED-V workspaces. - -Included in this section are both information and instructions to help you manage URL redirection information on assigned MED-V workspaces. - -## In This Section - - -[How to Add or Remove URL Redirection Information in a Deployed MED-V Workspace](how-to-add-or-remove-url-redirection-information-in-a-deployed-med-v-workspace.md) -Provides assistance in adding and removing URL redirection information on MED-V workspaces. - -[How to Manage URL Redirection by Using the MED-V Workspace Packager](how-to-manage-url-redirection-by-using-the-med-v-workspace-packager.md) -Provides assistance in managing URL redirection information through the MED-V Workspace Packager. - -## Related topics - - -[How to Test URL Redirection](how-to-test-url-redirection.md) - -[Create a MED-V Workspace Package](create-a-med-v-workspace-package.md) - -[Manage MED-V Workspace Applications](manage-med-v-workspace-applications.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/manage-med-v-workspace-applications.md b/mdop/medv-v2/manage-med-v-workspace-applications.md deleted file mode 100644 index 99114c8379..0000000000 --- a/mdop/medv-v2/manage-med-v-workspace-applications.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: Manage MED-V Workspace Applications -description: Manage MED-V Workspace Applications -author: dansimp -ms.assetid: f58c7504-a77a-41a8-ac38-7e618da131fb -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Manage MED-V Workspace Applications - - -This section provides information about how to manage MED-V workspace applications. - -## In This Section - - -[Managing Applications Deployed to MED-V Workspaces](managing-applications-deployed-to-med-v-workspaces.md) -Describes how to install and remove applications on the VHD and how to publish existing applications. - -[Managing Software Updates for MED-V Workspaces](managing-software-updates-for-med-v-workspaces.md) -Describes how to manage software updates for MED-V workspaces. - -[Managing Automatic Updates for MED-V Workspaces](managing-automatic-updates-for-med-v-workspaces.md) -Describes how to manage automatic software updates for MED-V workspaces. - -## Related topics - - -[Manage MED-V Workspace Settings](manage-med-v-workspace-settings.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/manage-med-v-workspace-settings.md b/mdop/medv-v2/manage-med-v-workspace-settings.md deleted file mode 100644 index 4710c68f25..0000000000 --- a/mdop/medv-v2/manage-med-v-workspace-settings.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Manage MED-V Workspace Settings -description: Manage MED-V Workspace Settings -author: dansimp -ms.assetid: 35ebd16e-31c7-4996-81be-af1d56346803 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Manage MED-V Workspace Settings - - -The information provided here can help administrators manage MED-V workspace settings. - -## In This Section - - -[Managing MED-V Workspace Settings by Using the MED-V Workspace Packager](managing-med-v-workspace-settings-by-using-the-med-v-workspace-packager.md) -Describes how to use the MED-V Workspace Packager to manage certain MED-V workspace settings. - -[Managing MED-V Workspace Settings by Using a WMI](managing-med-v-workspace-settings-by-using-a-wmi.md) -Describes how to use Windows Management Instrumentation to manage MED-V workspace settings. - -[Managing MED-V Workspace Configuration Settings](managing-med-v-workspace-configuration-settings.md) -Describes how to manage MED-V workspace configuration settings. - -[Managing Printers on a MED-V Workspace](managing-printers-on-a-med-v-workspace.md) -Describes how MED-V manages printer redirection in a MED-V workspace. - -## Related topics - - -[Monitor MED-V Workspaces](monitor-med-v-workspaces.md) - -[Operations for MED-V](operations-for-med-v.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/managing-applications-deployed-to-med-v-workspaces.md b/mdop/medv-v2/managing-applications-deployed-to-med-v-workspaces.md deleted file mode 100644 index 4b652b29fc..0000000000 --- a/mdop/medv-v2/managing-applications-deployed-to-med-v-workspaces.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Managing Applications Deployed to MED-V Workspaces -description: Managing Applications Deployed to MED-V Workspaces -author: dansimp -ms.assetid: 9a9bcdf5-0aa7-42a3-b6f0-6065adb01bcb -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Managing Applications Deployed to MED-V Workspaces - - -After you deploy your MED-V workspace, you have several different methods to select from to install, remove, publish, and unpublish applications on the MED-V workspaces. - -This section provides information and instructions to help you manage applications after you have deployed the MED-V workspace. - -## In This Section - - -[Installing and Removing an Application on the MED-V Workspace](installing-and-removing-an-application-on-the-med-v-workspace.md) -Provides assistance in installing and removing applications on MED-V workspaces. - -[How to Publish and Unpublish an Application on the MED-V Workspace](how-to-publish-and-unpublish-an-application-on-the-med-v-workspace.md) -Provides assistance in publishing and unpublishing applications on MED-V workspaces. - -## Related topics - - -[How to Test Application Publishing](how-to-test-application-publishing.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/managing-automatic-updates-for-med-v-workspaces.md b/mdop/medv-v2/managing-automatic-updates-for-med-v-workspaces.md deleted file mode 100644 index 9cd51b0d7b..0000000000 --- a/mdop/medv-v2/managing-automatic-updates-for-med-v-workspaces.md +++ /dev/null @@ -1,107 +0,0 @@ ---- -title: Managing Automatic Updates for MED-V Workspaces -description: Managing Automatic Updates for MED-V Workspaces -author: dansimp -ms.assetid: 306f28a2-d653-480d-b737-4b8b3132de5d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Managing Automatic Updates for MED-V Workspaces - - -The MED-V workspace is a virtual machine that contains a separate operating system, whose automatic software update process must be managed just like the physical computers in your enterprise. Because the guest operating system is not always necessarily running when the host operating system is running, you must ensure that the MED-V virtual machine is configured in such a way that software updates can be applied to the guest operating system as required. The Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 solution provides the functionality that lets you determine how automatic software updates are processed in a MED-V workspace. - -## Managing MED-V Workspace Wake-Up Policy - - -The MED-V workspace wake-up policy guarantees that the MED-V virtual machine is made available for updates for the time that you specify in your MED-V configuration settings. This applies to both updates that are published from Microsoft through Windows Update and updates deployed and controlled by non-Microsoft solutions, such as antivirus applications. - -**Important**   -The MED-V workspace wake-up policy is optimized for the Microsoft Update infrastructure. If you are using Microsoft System Center Configuration Manager to deploy non-Microsoft updates, we recommend that you also use the System Center Updates Publisher, which takes advantage of the same infrastructure as Microsoft Update and therefore benefits from the MED-V workspace wake-up policy. For more information, see [System Center Updates Publisher](https://go.microsoft.com/fwlink/?LinkId=200035) (https://go.microsoft.com/fwlink/?LinkId=200035). - - - -When you created your MED-V workspace package, you configured when and how it starts, either when the end user logs on (**Fast Start**) or when the end user first opens a published application (**Normal Start**). Or you set the option to let the end user control this setting. - -Either way, whenever the **Fast Start** option is selected, the virtual machine continues to run as long as the MED-V host is logged on as User. In this configuration, because MED-V is active when the host is active, automatic updates are applied without requiring any extra processing from MED-V. - -However, for those cases in which **Fast Start** is not specified or the virtual machine hibernates or stops, MED-V guarantees through its MED-V workspace wake-up policy that the guest operating system is being regularly updated even when MED-V is not used regularly. MED-V performs this function by regularly waking up the virtual machine based on the configuration settings that you specify. This enables the automatic update clients in the virtual machine to execute based on their configurations. After the time period defined by the MED-V configuration setting elapses, MED-V returns the virtual machine to its previous state. - -**Note**   -If the end user opens a published application during the update period, the required updates are applied, but MED-V is not automatically hibernated or shut down after the update period ends. Instead, MED-V continues running. - - - -The MED-V workspace wake-up policy includes three main components: - -**Guest Update Manager** - -Residing on the MED-V host, this stand-alone executable program is responsible for waking up the virtual machine according to a predefined, configurable schedule. Specify the configuration settings to indicate at what time the update manager should wake up the virtual machine every day, and how long the virtual machine should be kept awake (in minutes) to allow for updates to be applied. After the number of minutes specified has been reached, the guest update manager puts the virtual machine into hibernation, prepared for the next use. You can schedule the execution of this executable program through the Windows Task Manager. - -**Guest Restart Management Service** - -Residing on the MED-V host, this service has three primary responsibilities. Along with the Guest Update Manager, it manages the restart of the virtual machine at user logon, if it is required. It detects when virtual machine restarts are required caused by updates being installed. And it ensures that the task for the Guest Update Manager is always scheduled according to configuration. - -**Guest Update Service** - -Residing on the MED-V virtual machine, this Windows service has the responsibility of monitoring when installed updates require a restart. After the service becomes aware of the need for a restart, it notifies the guest restart management service on the host. - -### Configuration Settings for MED-V Workspace Wake-Up Policy - -You control when and for how long the virtual machine awakens to receive automatic updates by defining the following two configuration values in the registry. Both of these values are located under the HKLM\\Software\\Microsoft\\MEDV\\v2\\VM key. - -**GuestUpdateTime** – Configures the hour and minute each day when MED-V must wake up the virtual machine for updating, based on the 24-hour clock standard. Specify the time in the format HH:MM. The default value is 00:00 (midnight). - -**GuestUpdateDuration** – Configures the number of minutes that MED-V must keep the virtual machine awake for updating, starting at the time specified in the GuestUpdateTime configuration setting. The default value is 240 (4 hours). Setting this value to zero (0) disables the MED-V workspace wake-up policy. - -For more information about how to define your MED-V configuration values, see [Managing MED-V Workspace Configuration Settings](managing-med-v-workspace-configuration-settings.md). - -**Note**   -A MED-V best practice is to set your wake up interval to match the time when MED-V virtual machines are planned to be updated regularly. In addition, we recommend that you configure these settings to resemble the host computer’s behavior. - - - -### Reboot Notification Using your ESD System - -You can configure your ESD system to notify MED-V whenever a restart is required for the MED-V workspace after automatic updates have been applied. When you apply automatic updates through your ESD system that you know require a restart, you should write a script to signal the following global event on the MED-V workspace: - -**Important**   -You must open the event with Modify Only rights and then signal it. If you do not open it with the correct permissions, it does not work. - - - -``` syntax -///

-/// The guest is required to be restarted due to an ESD update. -/// -public const string MedvGuestRebootRequiredEventName = @"Global\MedvGuestRebootRequiredEvent"; -using (EventWaitHandle notificationEvent = -EventWaitHandle.OpenExisting(eventName, EventWaitHandleRights.Modify)) -{ -notificationEvent.Set(); -} -``` - -When you signal this event, MED-V captures it and informs the virtual machine that a restart is required. - -## Related topics - - -[Managing Software Updates for MED-V Workspaces](managing-software-updates-for-med-v-workspaces.md) - - - - - - - - - diff --git a/mdop/medv-v2/managing-med-v-workspace-configuration-settings.md b/mdop/medv-v2/managing-med-v-workspace-configuration-settings.md deleted file mode 100644 index fb482d47b6..0000000000 --- a/mdop/medv-v2/managing-med-v-workspace-configuration-settings.md +++ /dev/null @@ -1,779 +0,0 @@ ---- -title: Managing MED-V Workspace Configuration Settings -description: Managing MED-V Workspace Configuration Settings -author: dansimp -ms.assetid: 517d04de-c31f-4b50-b2b3-5f8c312ed37b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Managing MED-V Workspace Configuration Settings - - -Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 stores its configuration settings in the registry. The information we include here about the registry may help you better manage your MED-V services. - -MED-V uses the following search path when looking for the resultant settings values: - -MED-V first looks in the machine policy. - -If the value is not found, MED-V looks in the user policy. - -If the value is not found, MED-V looks in the HKEY\_LOCAL\_MACHINE\\System hive. - -If the value is not found, MED-V looks in the HKEY\_CURRENT USER registry hive. - -If the value is still not found, MED-V uses the default. - -A general best practice is to set the value in the HKEY\_LOCAL\_MACHINE\\System hive or in the machine policy. But if you want the end user to be able to configure a particular setting, then you should leave it out. - -**Note** -Before you deploy your MED-V workspaces, you can use a script editor to change the Windows PowerShell script (.ps1 file) that the MED-V workspace packager created. For more information, see [Configuring Advanced Settings by Using Windows PowerShell](configuring-advanced-settings-by-using-windows-powershell.md). - -After you have deployed your MED-V workspaces, you can change certain MED-V configuration settings by editing the registry entries. - - - -This section lists all the configurable MED-V registry keys and explains their uses. - -## Diagnostics Key - - -The following table provides information about the registry values associated with the HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Medv\\v2\\Diagnostics key. - - ------ - - - - - - - - - - - - - - - - -
Name Type Data/Default Description

EventLogLevel

DWORD

Default=3

The type of information that is logged in the event log. Levels include the following: 0 (None), 1 (Error), 2 (Warning), 3 (Information), 4 (Debug).

- - - -## Fts Key - - -The following table provides information about the registry values associated with the HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Medv\\v2\\Fts key. - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeData/DefaultDescription

AddUserToAdminGroupEnabled

DWORD

Default=0

Configures whether first time setup automatically adds the end user to the administrator's group. 0 = false; 1 = true.

0 = false: First time setup does not automatically add the end user to the administrator's group.

1 = true: First time setup automatically adds the end user to the administrator's group.

ComputerNameMask

SZ

MEDV*

The computer name mask that is used to create the guest virtual machine's computer name.

The mask can contain a %username% tag to insert the username as part of the computer name. Likewise, the %hostname% tag inserts the name of the host computer.

-

Every "#" character in the mask is replaced by a random digit. An asterisk (*) character at the end of the mask is replaced by random alphanumeric characters.

-

A specific number of characters from %hostname% and %username% can be captured by using square brackets. For example, "%username%[3]" would use the first three characters of the username.

DeleteVMStateTimeout

DWORD

Default=90

The time-out value, in seconds, when first time setup tries to delete the virtual machine. Range = 0 to 2147483647.

DetachVfdTimeout

DWORD

Default=120

The time-out value, in seconds, when first time setup tries to detach the virtual floppy disk from the virtual machine. Range = 0 to 2147483647.

DialogUrl

SZ

Customizable URL that links to internal webpage and is displayed by first time setup dialog messages.

ExplorerTimeout

DWORD

Default=900

The time-out value, in seconds, that first time setup waits for Windows Explorer. Range = 0 to 2147483647.

FailureDialogMsg

MULTI_SZ

Message is found in resource file

Customizable message that is displayed to the end user when first time setup cannot be completed.

GiveUserGroupRightsMaxRetryCount

DWORD

Default=3

The maximum number of times that MED-V tries to give an end user group rights. Exceeding the specified retry value without being able to successfully give an end user group rights most likely causes a virtual machine preparation failure that is then subject to the MaxRetryCount value. Range = 0 to 2147483647.

GiveUserGroupRightsTimeout

DWORD

Default=300

The time-out value, in seconds, when giving a user group rights. Range = 0 to 2147483647.

LogFilePaths

MULTI_SZ

A list of the log file paths that MED-V collects during first time setup.

MaxPostponeTime

DWORD

Default=120

The maximum number of hours that first time setup can be postponed by the end user. Range = 0 to 2147483647.

MaxRetryCount

DWORD

Default=3

The maximum number of times that MED-V tries to prepare a virtual machine if each attempt ends in a failure other than a software error. When virtual machine preparation fails and the number of first time setup retries is exceeded, then MED-V informs the end user about the failure and does not give the option to retry. The count is re-set every time that MED-V is started. Range = 0 to 2147483647.

Mode

SZ

Default=Unattended

Configures how first time setup interacts with the user. Possible values are as follows:

Attended. The end user must enter information during first time setup.

-
-Note

If you created the Sysprep.inf file so that Mini-Setup requires user input to complete, then you must select Attended mode or problems might occur during first time setup.

-
-
- -

Unattended. The virtual machine is not shown to the end user during first time setup, but the end user is prompted before first time setup starts.

Silent. The virtual machine is not shown to the end user at all during first time setup.

NonInteractiveRetryTimeoutInc

DWORD

Default=15

The time-out value, in minutes, that first time setup must be completed in first time setup interactive mode when re-attempting setup. Range = 0 to 2147483647.

NonInteractiveTimeout

DWORD

Default=45

The time-out value, in minutes, that first time setup must be completed in first time setup interactive mode. Range = 0 to 2147483647.

PostponeUtcDateTimeLimit

SZ

The date and time, in UTC DateTime format, that first time setup can be postponed. Enter in the format "yyyy-MM-dd hh:mm" with hours specified by using the 24-hour clock standard.

RetryDialogMsg

MULTI_SZ

Message is found in resource file

Customizable message that is displayed to the end user when first time setup must re-attempt setup.

SetComputerNameEnabled

DWORD

Default=0

Configures whether the ComputerName entry under the [UserData] section of the Sysprep.inf file in the guest should be updated according to the specified ComputerNameMask. 0 = false; 1 = true.

0 = false: The ComputerName entry in the Sysprep.inf file is not updated according to the ComputerNameMask.

1 = true: The ComputerName entry in the Sysprep.inf file is updated according to the ComputerNameMask.

SetJoinDomainEnabled

DWORD

Default=0

Configures whether the JoinDomain setting under the [Identification] section of the Sysprep.inf file in the guest should be updated to match the settings on the host. 0 = false; 1 = true.

0 = false: The JoinDomain setting in the Sysprep.inf file is not updated to match the settings on the host.

1 = true: The JoinDomain setting in the Sysprep.inf file is updated to match the settings on the host.

SetMachineObjectOUEnabled

DWORD

Default=0

Configures whether the MachineObjectOU setting under the [Identification] section of the Sysprep.inf file in the guest is updated to match the host. 0 = false; 1 = true.

0 = false: The MachineObjectOU setting in the Sysprep.inf file is not updated to match the settings on the host.

1 = true: The MachineObjectOU setting in the Sysprep.inf file is updated to match the settings on the host.

SetRegionalSettingsEnabled

DWORD

Default=0

Configures whether the settings under the [RegionalSettings] section of the Sysprep.inf file in the guest are updated to match the host. 0 = false; 1 = true.

-
-Note

By default, the setting for TimeZone in the guest is always synchronized with the TimeZone setting in the host.

-
-
- -

0 = false: The settings under the [RegionalSettings] section of the Sysprep.inf file in the guest are not updated to match the host.

1 = true: The settings under the [RegionalSettings] section of the Sysprep.inf file in the guest are updated to match the host.

SetUserDataEnabled

DWORD

Default=0

Configures whether the FullName and the OrgName settings under the [UserData] section of the Sysprep.inf file in the guest are updated to match the settings on the host. 0 = false; 1 = true.

0 = false: The FullName and OrgName settings in the Sysprep.inf file are not updated to match the settings on the host.

1 = true: The FullName and OrgName settings in the Sysprep.inf file are updated to match the settings on the host.

StartDialogMsg

MULTI_SZ

Message is found in resource file

Customizable message that is displayed to the end user when first time setup is ready to start.

TaskCancelTimeout

DWORD

Default=30

The time-out value, in seconds, that first time setup waits for a response from the virtual machine for a Cancel operation. Range = 0 to 2147483647.

TaskVMTurnOffTimeout

DWORD

Default=60

The time-out value, in seconds, that first time setup waits for the virtual machine to shut down. Range = 0 to 2147483647.

UpgradeTimeout

DWORD

Default=600

The time, in seconds, before an attempted upgrade of the MED-V Guest Agent software times out. Range = 0 to 2147483647.

- - - -## UserExperience Key - - -The following table provides information about the registry values associated with the HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Medv\\v2\\UserExperience key and the HKEY\_CURRENT\_USER\\Software\\Microsoft\\Medv\\v2\\UserExperience key. - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeData/DefaultDescription

AppPublishingEnabled

DWORD

Default=1

Configures whether application publication from the guest to the host is enabled. 0 = false; 1 = true.

0 = false: Disables application publishing from the guest to the host.

1 = true: Enables application publishing from the guest to the host.

AudioSharingEnabled

DWORD

Default=1

Configures whether the sharing of the audio I/O device between the guest and the host is enabled. 0 = false; 1 = true.

0 = false: Disables the sharing of the audio I/O device between the guest and the host.

1 = true: Enables the sharing of the audio I/O device between the guest and the host.

ClipboardSharingEnabled

DWORD

Default=1

Configures whether the sharing of the Clipboard between the guest and the host is enabled. 0 = false; 1 = true.

0 = false: Disables the sharing of the Clipboard between the guest and the host.

1 = true: Enables the sharing of the Clipboard between the guest and the host.

DialogTimeout

DWORD

Default=300

The time, in seconds, before the first time setup Start Dialog times out. Range = 0 to 2147483647.

HideVmTimeout

DWORD

Default=30

The time-out value, in minutes, that the full-screen virtual machine window is hidden from the end user during a long logon attempt.

LogonStartEnabled

DWORD

Default=1

Configures whether the guest should be started when the end user logs on to the desktop or when the first guest application is started. 0 = false; 1 = true.

0 = false: The guest is started when the first guest application is started.

1 = true: The guest is started when the end user logs on to the desktop.

PrinterSharingEnabled

DWORD

Default=1

Configures whether the sharing of printers between the guest and the host is enabled. 0 = false; 1 = true.

0 = false: Disables the sharing of printers between the guest and the host.

1 = true: Enables the sharing of printers between the guest and the host.

RebootAbsoluteDelayTimeout

DWORD

Default=1440

The time-out value, in minutes, that first time setup waits for a restart. Range = 0 to 2147483647.

RedirectUrls

MULTI_SZ

Specified URL list

Specifies a list of URLs to be redirected from the host to the guest.

SmartCardLogonEnabled

DWORD

Default=0

Configures whether smart cards can be used to authenticate users to MED-V. 0 = false; 1 = true.

0 = false: Does not let Smart Cards authenticate end users to MED-V.

1 = true: Lets Smart Cards authenticate end users to MED-V.

-
-Important

If SmartCardLogonEnabled and CredentialCacheEnabled are both enabled, SmartCardLogonEnabled overrides CredentialCacheEnabled.

-
-
- -

SmartCardSharingEnabled

DWORD

Default=1

Configures whether the sharing of Smart Cards between the guest and the host is enabled. 0 = false; 1 = true.

0 = false: Disables the sharing of Smart Cards between the guest and the host.

1 = true: Enables the sharing of Smart Cards between the guest and the host.

USBDeviceSharingEnabled

DWORD

Default=1

Configures whether the sharing of USB devices between the guest and the host is enabled. 0 = false; 1 = true.

0 = false: Disables the sharing of USB devices between the guest and the host.

1 = true: Enables the sharing of USB devices between the guest and the host.

- - - -## VM Key - - -The following table provides information about the registry values associated with the HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Medv\\v2\\VM key and the HKEY\_CURRENT\_USER\\Software\\Microsoft\\Medv\\v2\\VM key. - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeData/DefaultDescription

CloseAction

SZ

Default=HIBERNATE

The action that the virtual machine performs after the last application that is running is closed. This setting is ignored if the LogonStartEnabled value is enabled. Possible options are as follows:

HIBERNATE . This option releases all physical resources that the virtual machine is using, such as memory and CPU, and saves the state of all running applications and operations.

SHUTDOWN . This option shuts down the guest operating system safely and then releases all physical resources that the virtual machine is using, such as memory and CPU.

TURN-OFF. This option can cause data loss because it is the same as turning off the power button or pulling out the power cord on a physical computer. Use this option only if you cannot use one of the other two options.

GuestMemFromHostMem

MULTI_SZ

378, 512, 1024, 1536, 2048

A list of memory (MB) values for the guest. This value is used to determine how much RAM is available to the guest. Combined with HostMemToGuestMem, a lookup table is created to determine how much RAM to allocate on the guest virtual machine. Possible values can be from 128 to 3712.

GuestUpdateDuration

DWORD

Default=240

The number of minutes that MED-V should keep the guest awake for automatic updating, starting at the time specified in the GuestUpdateTime value. Range = 0 to 1440. Setting this value to zero (0) disables the guest patching functionality.

-

For more information about guest patching for automatic updating, see Managing Automatic Updates for MED-V Workspaces.

GuestUpdateTime

SZ

Default=00:00

The hour and minute each day when MED-V should wake up the guest for automatic updating, by using the 24-hour clock standard. Specify the time in the format HH:MM

-

For more information about guest patching for automatic updating, see Managing Automatic Updates for MED-V Workspaces.

HostMemToGuestMem

MULTI_SZ

1024, 2048, 4096, 8192, 16384

A list of memory (MB) values for the guest, determined by the RAM available on the host. Combined with GuestMemFromHostMem, a lookup table is created to determine how much RAM to allocate on the guest virtual machine. Possible values can be from 1024 to 16384.

HostMemToGuestMemCalcEnabled

DWORD

Default=1

Configures whether the memory allocated for the guest is calculated from the memory present on the host. 0 = false; 1 = true.

0 = false: The memory allocated for the guest is not calculated from the memory present on the host.

1 = true: The memory allocated for the guest is calculated from the memory present on the host.

Memory

DWORD

Default=512

The RAM (MB) that should be allocated for the guest virtual machine. This setting is ignored if the HostMemToGuestMemEnabled setting is enabled. Range=128 to 2048.

MultiUserEnabled

DWORD

Default=0

Configures whether multiple users share the same MED-V workspace. 0 = false; 1 = true.

0 = false: Multiple users do not share the same MED-V workspace.

1 = true: Multiple users share the same MED-V workspace.

NetworkingMode

SZ

Default=NAT

The kind of network connection used on the guest. Possible values are as follows:

Bridged. MED-V has its own network address, typically obtained through DHCP.

NAT. MED-V uses Network Address Translation (NAT) to share the host's IP for outgoing traffic.

TaskTimeout

DWORD

Default=600

A general time-out value, in seconds, that MED-V waits for a task to be completed, such as restarting and shutting down. Range = 0 to 2147483647.

- - - -## Guest Registry Settings - - -This section lists the configurable MED-V guest registry keys and explains their uses. - -### v2 - -The following table provides information about the guest registry value associated with the HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Medv\\v2\\ key. - - ------ - - - - - - - - - - - - - - - - - - - - - - -
Name Type Data/Default Description

EnableGPWorkarounds

DWORD

Default=1

Configures how MED-V handles the keys BufferPolicyReads and GroupPolicyMinTransferRate.

By default, MED-V sets these keys as follows:

-

BufferPolicyReads=1 and GroupPolicyMinTransferRate=0.

-

Create the EnableGPWorkarounds key, if it is necessary, and set the key to zero if you do not want MED-V to change the default settings of BufferPolicyReads and GroupPolicyMinTransferRate.

-
-Note

If your MED-V workspace is running in NAT mode, EnableGPWorkarounds affects the registry keys BufferPolicyReads and GroupPolicyMinTransferRate. If your MED-V workspace is running in BRIDGED mode, EnableGPWorkarounds only affects the registry key BufferPolicyReads.

-
-
- -
-

1=true: MED-V sets the keys BufferPolicyReads=1 and GroupPolicyMinTransferRate=0 (if running in NAT mode) or just BufferPolicyReads=1 (if running in BRIDGED mode).

-

0=false: MED-V does not make any changes to the keys BufferPolicyReads and GroupPolicyMinTransferRate.

- - - -## Related topics - - -[Manage MED-V Workspace Applications](manage-med-v-workspace-applications.md) - -[Manage MED-V URL Redirection](manage-med-v-url-redirection.md) - -[Manage MED-V Workspace Settings](manage-med-v-workspace-settings.md) - - - - - - - - - diff --git a/mdop/medv-v2/managing-med-v-workspace-settings-by-using-a-wmi.md b/mdop/medv-v2/managing-med-v-workspace-settings-by-using-a-wmi.md deleted file mode 100644 index b27daa2e6f..0000000000 --- a/mdop/medv-v2/managing-med-v-workspace-settings-by-using-a-wmi.md +++ /dev/null @@ -1,145 +0,0 @@ ---- -title: Managing MED-V Workspace Settings by Using a WMI -description: Managing MED-V Workspace Settings by Using a WMI -author: dansimp -ms.assetid: 05a665a3-2309-46c1-babb-a3e3bbb0b1f9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Managing MED-V Workspace Settings by Using a WMI - - -You can use Windows Management Instrumentation (WMI) in Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 to manage your current configuration settings. - -## To manage MED-V workspace settings with a WMI - - -A WMI browsing tool lets you view and edit the settings in a MED-V workspace. The WMI provider is implemented by using the WMI Provider Extension framework from the Microsoft .Net Framework 3.5. - -The WMI provider is implemented in the **root\\microsoft\\medv** namespace and implements the class **Setting**. The class **Setting** contains properties that correspond to the settings in the system registry under the HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Medv registry key. - -**Caution**   -WMI browsing tools can be used to delete or modify classes and instances. Deleting or modifying certain classes and instances can result in the loss of valuable data and cause MED-V to function unpredictably. - - - -You can use your preferred WMI browsing tool to view and edit MED-V configuration settings by following these steps. - -1. Open your preferred WMI browsing tool with administrator permissions. - -2. Connect to the namespace **root\\microsoft\\medv**. - -3. Enumerate the instances to connect to the running instance. You want to connect to the instance of the class **Setting**. - - An **Object Editor** window opens. The MED-V configuration settings are listed as **Properties**. - -Perform the following steps to edit a MED-V configuration setting in the WMI. - -1. In the list of **Properties** on the **Object Editor** window, double-click the name of the configuration setting you want to edit. For example, to edit MED-V URL redirection information, double-click the property **UxRedirectUrls**. - - A **Property Editor** window opens. - -2. Edit the value to update the configuration information. For example, to edit MED-V URL redirection information, add or remove a web address in the list. - -3. Save the updated property settings. - -After you have finished viewing or editing MED-V configuration settings, close the WMI browsing tool. - -**Important**   -In some cases, a restart of the MED-V workspace is required for changes to MED-V configuration settings to take effect. - - - -The following code shows the Managed Object Format (MOF) file that defines the **Setting** class. - -``` syntax -[dynamic: ToInstance, provider("TroubleShooting, Version=2.0.392.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"), singleton: DisableOverride ToInstance ToSubClass] -class Setting : ConfigValueProvider -{ - boolean UxSmartCardLogonEnabled = TRUE; - [read] string User; - [implemented] void Clear([in] string propertyName); -}; -``` - -The **Setting** class inherits from the **ConfigValueProvider** class. The following code shows the Managed Object Format (MOF) file that defines the **ConfigValueProvider** class. - -``` syntax -[abstract] -class ConfigValueProvider -{ - [write] string DiagEventLogLevel; - [write] boolean FtsAddUserToAdminGroupEnabled; - [write] string FtsComputerNameMask; - [write] sint32 FtsDeleteVMStateTimeout; - [write] sint32 FtsDetachVfdTimeout; - [write] string FtsDialogUrl; - [write] sint32 FtsExplorerTimeout; - [write] string FtsFailureDialogMsg; - [write] string FtsLogFilePaths[]; - [write] sint32 FtsMaxPostponeTime; - [write] sint32 FtsMaxRetryCount; - [write] string FtsMode; - [write] sint32 FtsNonInteractiveRetryTimeoutInc; - [write] sint32 FtsNonInteractiveTimeout; - [write] string FtsPostponeUtcDateTimeLimit; - [write] string FtsRetryDialogMsg; - [write] boolean FtsSetComputerNameEnabled; - [write] boolean FtsSetJoinDomainEnabled; - [write] boolean FtsSetMachineObjectOUEnabled; - [write] boolean FtsSetRegionalSettingsEnabled; - [write] boolean FtsSetUserDataEnabled; - [write] string FtsStartDialogMsg; - [write] sint32 FtsTaskCancelTimeout; - [write] sint32 FtsTaskVMTurnOffTimeout; - [write] sint32 FtsUpgradeTimeout; - [write] boolean UxAppPublishingEnabled; - [write] boolean UxAudioSharingEnabled; - [write] boolean UxClipboardSharingEnabled; - [write] boolean UxCredentialCacheEnabled; - [write] sint32 UxDialogTimeout; - [write] sint32 UxHideVmTimeout; - [write] boolean UxLogonStartEnabled; - [write] boolean UxPrinterSharingEnabled; - [write] sint32 UxRebootAbsoluteDelayTimeout; - [write] string UxRedirectUrls[]; - [write] boolean UxShowExit; - [write] boolean UxSmartCardLogonEnabled; - [write] boolean UxSmartCardSharingEnabled; - [write] boolean UxUSBDeviceSharingEnabled; - [write] string VmCloseAction; - [write] sint32 VmGuestMemFromHostMem[]; - [write] sint32 VmGuestUpdateDuration; - [write] string VmGuestUpdateTime; - [write] sint32 VmHostMemToGuestMem[]; - [write] boolean VmHostMemToGuestMemCalcEnabled; - [write] sint32 VmMemory; - [write] boolean VmMultiUserEnabled; - [write] string VmNetworkingMode; - [write] sint32 VmTaskTimeout; -}; -``` - -## Related topics - - -[Managing MED-V Workspace Configuration Settings](managing-med-v-workspace-configuration-settings.md) - -[Manage MED-V Workspace Settings](manage-med-v-workspace-settings.md) - - - - - - - - - diff --git a/mdop/medv-v2/managing-med-v-workspace-settings-by-using-the-med-v-workspace-packager.md b/mdop/medv-v2/managing-med-v-workspace-settings-by-using-the-med-v-workspace-packager.md deleted file mode 100644 index 335fa404ed..0000000000 --- a/mdop/medv-v2/managing-med-v-workspace-settings-by-using-the-med-v-workspace-packager.md +++ /dev/null @@ -1,98 +0,0 @@ ---- -title: Managing MED-V Workspace Settings by Using the MED-V Workspace Packager -description: Managing MED-V Workspace Settings by Using the MED-V Workspace Packager -author: dansimp -ms.assetid: e4b2c516-b9f8-44f9-9eae-caac6c2af3e7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Managing MED-V Workspace Settings by Using the MED-V Workspace Packager - - -You can use the MED-V Workspace Packager to manage certain settings in the MED-V workspace. - -**To manage settings in a MED-V workspace** - -1. To open the **MED-V Workspace Packager**, click **Start**, click **All Programs**, click **Microsoft Enterprise Desktop Virtualization**, and then click **MED-V Workspace Packager**. - -2. On the **MED-V Workspace Packager** main panel, click **Manage Settings**. - -3. In the **Manage Settings** window, you can configure the following MED-V workspace settings: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Start MED-V workspace

Choose whether to start the MED-V workspace at user logon, at first use, or to let the end user decide when the MED-V workspace starts.

The MED-V workspace starts in one of two ways: either when the end user logs on or when they first perform an action that requires MED-V, such as opening a published application or entering a URL that requires redirection.

-

You can either define this setting for the end user or let the end user control how MED-V starts.

-
- Note

If you specify that the end user decides, the default behavior they experience is that the MED-V workspace starts when they log on. They can change the default by right-clicking the MED-V icon in the notification area and selecting MED-V User Settings. If you define this setting for the end user, they cannot change the way in which MED-V starts.

-
-
- -

Networking

Select Shared or Bridged for your networking setting. The default is Shared.

Shared - The MED-V workspace uses Network Address Translation (NAT) to share the host's IP for outgoing traffic.

-

Bridged - The MED-V workspace has its own network address, typically obtained through DHCP.

Store credentials

Choose whether you want to store the end user credentials.

The default behavior is that credential storing is disabled so that the end user must be authenticated every time that they log on.

-
- Important

Even though caching the end user’s credentials provides the best user experience, you should be aware of the risks involved.

-

The end user’s domain credential is stored in a reversible format in the Windows Credential Manager. An attacker could write a program that retrieves the password and thus gain access to the user’s credentials. You can only lessen this risk by disabling the storing of end user credentials.

-
-
- -
- - - -4. Click **Save as…** to save the updated configuration settings in the specified folder. MED-V creates a registry file that contains the updated settings. Deploy the updated registry file by using Group Policy. For more information about how to use Group Policy, see [Group Policy Software Installation](https://go.microsoft.com/fwlink/?LinkId=195931) (https://go.microsoft.com/fwlink/?LinkId=195931). - - MED-V also creates a Windows PowerShell script in the specified folder that you can use to re-create this updated registry file. - -## Related topics - - -[Managing MED-V Workspace Configuration Settings](managing-med-v-workspace-configuration-settings.md) - -[Manage MED-V Workspace Settings](manage-med-v-workspace-settings.md) - - - - - - - - - diff --git a/mdop/medv-v2/managing-printers-on-a-med-v-workspace.md b/mdop/medv-v2/managing-printers-on-a-med-v-workspace.md deleted file mode 100644 index 16d9be517a..0000000000 --- a/mdop/medv-v2/managing-printers-on-a-med-v-workspace.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: Managing Printers on a MED-V Workspace -description: Managing Printers on a MED-V Workspace -author: dansimp -ms.assetid: ba0a65ad-444f-4d18-95eb-8b9fa1a3ffba -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Managing Printers on a MED-V Workspace - - -In Microsoft Enterprise Desktop Virtualization (MED-V) 2.0, printer redirection provides end users with a consistent printing experience between the MED-V virtual machine and the host computer. - -This topic provides information about how to manage printing in a MED-V workspace. - -## Managing Printers in MED-V Workspaces - - -In most cases, MED-V handles printer redirection automatically. After first time setup finishes, MED-V identifies all network printers installed on the host, retrieves the corresponding drivers from the network print server, and if found, installs the relevant drivers in the MED-V workspace. After all drivers are found and installed, MED-V reboots the MED-V workspace. Only after the MED-V workspace restarts, the host printers are present and available on the guest, typically in a few minutes. - -**Note**   -If applications are running on the MED-V workspace, the end user is prompted to let the restart continue or postpone it until later. If no applications are running, the restart is automatic and not shown to the end user. - - - -Every time MED-V is re-started, it checks whether any new printers are installed on the host and, if found, retrieves the corresponding drivers from the network print server and installs them on the guest. MED-V then restarts the MED-V workspace just as when first time setup was completed. - -**Important**   -After the relevant drivers are installed on the guest, the printers only become visible on the guest after the restart occurs. - - - -If at any time a driver cannot be located or installed, it must be manually installed on the guest for the network printer to be available to the end user. - -The following list offers some additional guidance: - -**MED-V only manages network printers**. Drivers for printers that are installed locally on the host are not automatically installed on the guest. - -**MED-V only installs printer drivers if found on the print server**. If not found, printer drivers must be manually installed. - -**Printers manually installed on the guest are not accessible to the host**. By default, MED-V only supports printer redirection from the guest to the host. - -**Warning**   -If a printer is manually installed on the guest, and the same printer is later installed on the host, the result is that the printer is installed two times in the guest. To avoid this situation, a MED-V best practice is to manage printer redirection in one manner only: either disable redirection and install printers manually on the guest, or enable redirection and do not install printers manually on the guest. - - - -## Related topics - - -[Manage MED-V Workspace Settings](manage-med-v-workspace-settings.md) - - - - - - - - - diff --git a/mdop/medv-v2/managing-software-updates-for-med-v-workspaces.md b/mdop/medv-v2/managing-software-updates-for-med-v-workspaces.md deleted file mode 100644 index adef226385..0000000000 --- a/mdop/medv-v2/managing-software-updates-for-med-v-workspaces.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -title: Managing Software Updates for MED-V Workspaces -description: Managing Software Updates for MED-V Workspaces -author: dansimp -ms.assetid: a28d6dcd-cb9f-46ba-8dac-1d990837a3a3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Managing Software Updates for MED-V Workspaces - - -You have several different options available to you for providing software updates for the applications in the deployed MED-V workspace. - -**Note**   -For information about how to specify the configuration settings that define how MED-V receives automatic updates, see [Managing Automatic Updates for MED-V Workspaces](managing-automatic-updates-for-med-v-workspaces.md). - - - -**Updating Software in a MED-V Workspace** - -1. **Using an Electronic Software Distribution System** - - If your organization uses an Electronic Software Distribution System (ESD) system to deploy software, you can use it to provide software updates for applications on MED-V workspaces just as you provide updates for applications on physical computers. - -2. **Using Group Policy** - - If your organization deploys software by using Group Policy, you can use it to provide software updates for applications on MED-V workspaces just as you provide updates for applications on physical computers. - -3. **Using Application Virtualization (APP-V)** - - If you use MED-V together with App-V, you can provide software updates to applications in the MED-V workspace by following the steps that are required by App-V for updating software. For more information, see [Application Virtualization](https://go.microsoft.com/fwlink/?LinkId=122939) (https://go.microsoft.com/fwlink/?LinkId=122939). - -4. **Updating Software in the Core Image** - - Although not considered a MED-V best practice, you can install software updates to applications on the core image. After you have installed the updates, you can then redeploy the MED-V workspace back out to your enterprise just as you deployed it originally. - - **Important**   - We do not recommend this method of managing software updates. In addition, if you update software in the core image and redeploy the MED-V workspace back out to your enterprise, first time setup must run again, and any data saved in the virtual machine is lost. - - - -## Related topics - - -[Managing Automatic Updates for MED-V Workspaces](managing-automatic-updates-for-med-v-workspaces.md) - -[How to Test Application Publishing](how-to-test-application-publishing.md) - -[How to Publish and Unpublish an Application on the MED-V Workspace](how-to-publish-and-unpublish-an-application-on-the-med-v-workspace.md) - - - - - - - - - diff --git a/mdop/medv-v2/med-v-20-best-practices.md b/mdop/medv-v2/med-v-20-best-practices.md deleted file mode 100644 index f9b4db8492..0000000000 --- a/mdop/medv-v2/med-v-20-best-practices.md +++ /dev/null @@ -1,111 +0,0 @@ ---- -title: MED-V 2.0 Best Practices -description: MED-V 2.0 Best Practices -author: dansimp -ms.assetid: 47ba2dd1-6c6e-4d6e-8e18-b42291f8e02a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# MED-V 2.0 Best Practices - - -When you are planning, deploying, and managing MED-V in your enterprise, you may find the best practice recommendations to be useful. - -### Configure first time setup to run unattended - -Although you can specify any settings that you prefer, a MED-V best practice is that you create the Sysprep.inf file so that first time setup can be run in **Unattended** mode. This requires you to provide all the required settings information as you continue through the **Setup Manager** wizard. For more information about how to configure the MED-V image, see [Configuring a Windows Virtual PC Image for MED-V](configuring-a-windows-virtual-pc-image-for-med-v.md). - -### Disable restore points on the virtual machine - -Before you create the MED-V workspace package, we recommend that you disable restore points on the virtual machine to prevent the differencing disk from growing unbounded. For more information, see [How to turn off and turn on System Restore in Windows XP](https://go.microsoft.com/fwlink/?LinkId=195927) (https://go.microsoft.com/fwlink/?LinkId=195927). - -### Configure MED-V image to use local profiles - -We recommend that you apply only those policies that make sense in an application compatibility environment for Windows XP. For example, desktop customization policies do not typically have to be applied and should be disabled. For more information about how to allow only local profiles, see [Group Policy Settings for Roaming User Profiles](https://go.microsoft.com/fwlink/?LinkId=205072) (https://go.microsoft.com/fwlink/?LinkId=205072). - -### Configure a Group Policy performance update - -By default, Group Policy is downloaded to a computer one byte at a time. This causes delays when MED-V is being joined to the domain. To increase the performance of Group Policy, we recommend that you set the following registry key value to the registry: - -Registry subkey: HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon - -Entry: BufferPolicyReads - -Type: DWORD - -Value: 1 - -### Distribute legal notice through Group Policy instead of in the MED-V image - -If you want end users to see a service level agreement (SLA) before they access MED-V, we recommend that you enforce the SLA through Group Policy later so that the SLA is displayed to the end user after the first time setup is finished. - -**Caution**   -Even though a best practice is to run first time setup in **Unattended** mode, if you decide to set the local policy or registry entry to include an SLA in your image (virtual hard disk), you must also specify that first time setup is run in **Attended** mode, or first time setup can fail. - - - -### Compact the virtual hard disk - -We recommend that you compact your virtual hard disk to reclaim empty disk space and reduce the size of the virtual hard disk. For more information about how to compact your virtual hard disk, see [Compacting the MED-V Virtual Hard Disk](compacting-the-med-v-virtual-hard-disk.md). - -### Configure virtual machine to restart on blue screen crash - -We recommend that you configure the MED-V workspace virtual machine to automatically restart when it encounters a blue screen crash. To configure this setting in the guest, set the AutoReboot value in the HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\CrashControl key to “1”. - -You can also configure this setting by clicking **Start**, clicking **Control Panel**, and then clicking **System**. Then, in the **Startup and Recovery** area of the **Advanced** tab, click **Settings**. Select the **Automatically restart** check box and click **OK**. - -### Back up MED-V image before sealing it - -We recommend that you create a backup copy of the MED-V image before you seal it. For more information about sealing your MED-V image, see [Configuring a Windows Virtual PC Image for MED-V](configuring-a-windows-virtual-pc-image-for-med-v.md). - -### Install Windows Virtual PC last when installing from a batch file - -When you install the MED-V components by using a batch file, specify that Windows Virtual PC and the Windows Virtual PC hotfix are installed after the MED-V Host Agent and the MED-V workspace package files. This ensures that Windows Update will not cause any interference with the installation process by requiring a restart. - -### Install MED-V workspace from local folder - -Because of problems that can occur when you install MED-V from a network location, we recommend that you copy the MED-V workspace setup files locally and then run setup.exe. - -### Manage printer redirection in one manner only - -If a printer is manually installed on the MED-V guest virtual machine, and the same printer is later installed on the host computer, the result is that it is installed two times in the guest. To avoid this situation, we recommend as MED-V best practice that you manage printer redirection in one manner only: either disable redirection and install printers manually on the guest, or enable redirection and do not install printers manually on the guest. - -### Configure settings for MED-V guest patching - -You can control when and for how long the MED-V virtual machine awakens to receive automatic updates by defining the relevant configuration values in the registry. A MED-V best practice is to set your wake-up interval to match the time when you have scheduled regular updates for MED-V virtual machines. In addition, we recommend that you configure these settings to resemble the host computer’s behavior. - -For more information about how to configure settings for MED-V guest patching, see [Managing Automatic Updates for MED-V Workspaces](managing-automatic-updates-for-med-v-workspaces.md). - -### Configure antivirus/backup software - -To prevent antivirus activity from affecting the performance of the virtual desktop, we recommend that when you can, you exclude the following virtual machine file types from any antivirus or backup process that is running on the MED-V host computer: - -- \*.VMC - -- \*.VUD - -- \*.VSV - -- \*.VHD - -## Related topics - - -[Security and Protection for MED-V](security-and-protection-for-med-v.md) - - - - - - - - - diff --git a/mdop/medv-v2/med-v-20-deployment-overview.md b/mdop/medv-v2/med-v-20-deployment-overview.md deleted file mode 100644 index fc6e77f812..0000000000 --- a/mdop/medv-v2/med-v-20-deployment-overview.md +++ /dev/null @@ -1,166 +0,0 @@ ---- -title: MED-V 2.0 Deployment Overview -description: MED-V 2.0 Deployment Overview -author: dansimp -ms.assetid: 0b8998ea-c46f-4c81-a304-f380b2ed7cf8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# MED-V 2.0 Deployment Overview - - -This section provides general information and instructions about how to install and deploy Microsoft Enterprise Desktop Virtualization (MED-V) 2.0. - -## Overview - - -MED-V 2.0 is based on an application model, where the same methods that you use to deploy applications can be used to deploy and manage MED-V. A deployed MED-V solution includes two components: the MED-V Host Agent and Guest Agent. The MED-V Host Agent is installed on the Windows 7 desktop and the MED-V Guest Agent is installed on Windows XP inside the MED-V workspace. MED-V also includes a MED-V Workspace Packager that provides the information and tools necessary for creating and configuring MED-V workspaces. - -**Important** -MED-V only supports the installation of the MED-V Workspace Packager, the MED-V Host Agent, and the MED-V workspace for all users. Installing MED-V for the current user only by selecting **ALLUSERS=””** causes failures in the installation of the components and in the setup of the MED-V workspace. - - - -### The MED-V Installation Files - -MED-V includes the following installation files, required for running MED-V: - -**The MED-V Host Agent Installation File** - -The Host Agent installation file is named MED-V\_HostAgent\_Setup.exe. This file is distributed and installed on each relevant end-user computer as part of your enterprise-wide deployment of MED-V. - -**The MED-V Workspace Packager Installation File** - -The MED-V Workspace Packager installation file is named MED-V\_WorkspacePackager\_Setup.exe. Use this file to install the MED-V Workspace Packager on a computer where you have administrator rights and permissions. The desktop administrator uses the MED-V Workspace Packager to create and manage MED-V workspaces. - -**Note** -The MED-V Guest Agent is installed automatically during first time setup. - - - -### The MED-V Deployment Process - -The following is a high-level overview of the MED-V installation and deployment process: - -1. Install the MED-V Workspace Packager on the computer where you have administrative credentials and that you will be using to build the MED-V workspace packages. For more information, see [How to Install the MED-V Workspace Packager](how-to-install-the-med-v-workspace-packager.md). - -2. Prepare your MED-V image and create your MED-V workspace packages by using the MED-V Workspace Packager. For more information, see [Operations for MED-V](operations-for-med-v.md). - -3. Deploy the required MED-V components throughout your enterprise. The required components of MED-V are Windows Virtual PC, the MED-V Host Agent, and the MED-V workspace. - -**Important** -Installation of the MED-V components requires administrative credentials. If an end user is installing MED-V, they are prompted to enter administrative credentials. Alternately, administrative credentials can be provided in context if you are installing by using an electronic software distribution (ESD) system. - - - -### The MED-V Components - -The MED-V components that you deploy throughout your enterprise consist of the following: - -**Windows Virtual PC** - -MED-V functions inside Windows Virtual PC images for its compatibility solution. Windows Virtual PC and the update for Windows 7 (KB977206) are required. For more information, see [Configure Installation Prerequisites](configure-installation-prerequisites.md). - -**The MED-V Host Agent Installation File** - -MED-V\_HostAgent\_Setup.exe. - -**The MED-V Workspace Installation Files** - -The MED-V workspace installation files are created when you build your MED-V workspace package that consists of the following: - -A setup.exe executable program that executes the MED-V workspace installation - -A <MED-V\_workspace\_name>.msi installer - -A <VHD\_filename>.medv file, which is the compressed virtual hard disk - -The files for configuration settings (<workspace\_name>.reg and <workspace\_name>.ps1) - -To deploy MED-V, copy all the required installation files to the host computer or to a share that can be accessed by the host computer. Run the component installation files for Windows Virtual PC, the MED-V Host Agent, and the MED-V workspace. Then start the MED-V Host Agent to complete the first time setup of MED-V. - -You can perform the installation manually. However, we recommend that you use an electronic software distribution method to automate the deployment of the components. For more information, see [How to Deploy a MED-V Workspace Through an Electronic Software Distribution System](how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md). - -**Note** -For information about available command-line arguments to control install options, see [Command-Line Options for MED-V Installation Files](command-line-options-for-med-v-installation-files.md). - - - -## Deployment Steps - - -When you deploy MED-V throughout your enterprise, there are two main considerations: installation and first time setup. - -### Installation - -1. **Windows Virtual PC** - During installation, MED-V checks for Windows Virtual PC and its required update for Windows 7 (KB977206). For more information, see [Configure Installation Prerequisites](configure-installation-prerequisites.md). - - You can install these as part of the Windows 7 installations before you install MED-V, or you can install them as part of the MED-V distribution. However, MED-V does not include a mechanism for their deployment; they must be deployed by using an electronic software distribution (ESD) system or as part of the Windows 7 image. - - **Important** - When you install the MED-V components by using a batch file, a best practice is to specify that Windows Virtual PC and the Windows Virtual PC hotfix are installed after the MED-V Host Agent and the MED-V workspace package files. This means that Windows Update will not cause any interference with the installation process by requiring a restart. - - - -~~~ -**Note** -After you install Windows Virtual PC, the computer must be restarted. -~~~ - - - -2. **MED-V Host Agent** – Install the MED-V Host Agent on the Windows 7 computer where MED-V will be run. This must be installed before installing the MED-V workspace and checks to make sure that Windows Virtual PC is installed. - -3. **MED-V workspace** – You create the files that are required in this installation by using the MED-V Workspace Packager: the setup.exe, .medv, and .msi files. To install the MED-V workspace, run setup.exe; this triggers the other files as required. The installation places an entry in the registry under the local machine run key to start the MED-V Host Agent, which always runs MED-V when Windows is started. - - **Important** - The installation of the MED-V workspace can be run interactively by the end user or silently through an electronic software distribution system. Installation of the MED-V workspace requires administrative credentials, so end users must be administrators of their computers to install the MED-V workspace. Alternately, an electronic software distribution system typically runs in the system context and has sufficient permissions. - - - -~~~ -**Tip** -Because of problems that can occur when you install MED-V from a network location, we recommend that you copy the MED-V workspace setup files locally and then run setup.exe. -~~~ - - - -### First Time Setup - -After MED-V and its required components are installed, MED-V must be configured. The configuration of MED-V is known as first time setup. By using the **MED-V Workspace Packager**, you can configure first time setup to run silently or interactively. First time setup of MED-V requires end users to enter their password to authenticate to the MED-V workspace, but otherwise can be almost invisible to the user. Notifications are shown in the notification area, such as when first time setup is complete and applications are ready. The following are the actions that occur during first time setup of MED-V: - -1. The virtual hard disk must be configured. Mini-Setup runs and expands the Windows XP image. Typically, this occurs in a hidden window, but MED-V can be configured to display during this configuration. - -2. After Mini-Setup finishes, you can run commands that you must have for additional configuration, such as installing ESD software or other applications, or configuring the image. These can be called in the Sysprep.inf file, but are not required there. For more information, see [Configuring a Windows Virtual PC Image for MED-V](configuring-a-windows-virtual-pc-image-for-med-v.md). - -3. Ftscompletion.exe is run as the last step in configuration. This process completes the MED-V configuration, adds the user to the RDP group to let them access the MED-V workspace, copies logs, signals MED-V that the MED-V workspace is ready, and then restarts the MED-V workspace. This process can also add the user as an administrator of the MED-V workspace if this was configured when the MED-V workspace was created. Ftscompletion.exe is typically called through the Sysprep,inf file but can also be run through another method, such as a script. However, Ftscompletion.exe must be the last action that is performed when the workstation is configured. For more information, see [Configuring a Windows Virtual PC Image for MED-V](configuring-a-windows-virtual-pc-image-for-med-v.md). - -4. After the MED-V workspace is restarted by Ftscompletion.exe, the end user is logged on. If they did not save their password during first time setup, they are prompted for it again. The MED-V workspace is then started and configured for the user. Configuration includes applying Group Policy. - - We recommend that you apply only those policies that make sense in an application compatibility environment for Windows XP. For example, desktop personalization policies do not typically need to be applied and should be disabled. For more information about how to allow only local profiles, see [Group Policy Settings for Roaming User Profiles](https://go.microsoft.com/fwlink/?LinkId=205072) (https://go.microsoft.com/fwlink/?LinkId=205072). - -After first time setup is complete, the end user is notified that the published applications are ready. They are then able to access the applications installed in the MED-V workspace from their **Start** menu. - -## Related topics - - -[Prepare the Deployment Environment for MED-V](prepare-the-deployment-environment-for-med-v.md) - -[Deployment of MED-V](deployment-of-med-v.md) - - - - - - - - - diff --git a/mdop/medv-v2/med-v-20-release-notes.md b/mdop/medv-v2/med-v-20-release-notes.md deleted file mode 100644 index e4db87aed9..0000000000 --- a/mdop/medv-v2/med-v-20-release-notes.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: MED-V 2.0 Release Notes -description: MED-V 2.0 Release Notes -author: dansimp -ms.assetid: b8f7d938-566e-434c-b4b8-28b67cdfd0b1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# MED-V 2.0 Release Notes - - -Updated: March 10, 2011 - -**To search these release notes, press CTRL+F.** - -Read these release notes thoroughly before you install the Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 platform. These release notes contain information that is required to successfully install MED-V 2.0 and contain information that is not available in the product documentation. If there is a difference between these release notes and other MED-V platform documentation, the latest change should be considered authoritative. These release notes supersede the content included with this product. - -## About the Product Documentation - - -Documentation for Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 is distributed with the product and is also located at [Microsoft Enterprise Desktop Virtualization 2.0](https://go.microsoft.com/fwlink/?LinkID=207065) (https://go.microsoft.com/fwlink/?LinkId=207065). - -## Protect Against Security Vulnerabilities and Viruses - - -To help protect against security vulnerabilities and viruses, we recommend that you install the latest available security updates for any new software being installed. For more information, see [Microsoft Security](https://go.microsoft.com/fwlink/?LinkId=3482) (https://go.microsoft.com/fwlink/?LinkId=3482). - -## Known Issues with MED-V 2.0 - - -This section provides the most up-to-date information about issues with the Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 platform. These issues do not appear in the product documentation and in some cases might contradict existing product documentation. When it is possible, these issues will be addressed in later releases. - -**Note**   -There are currently no known issues with MED-V 2.0. - - - -## Release Notes Copyright Information - - -This document is provided “as-is”. Information and views expressed in this document, including URL and other Internet website references, may change without notice. You bear the risk of using it. - -Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should be inferred. - -This document does not provide you with any legal rights to any intellectual property in any Microsoft product. This document is confidential and proprietary to Microsoft. It is disclosed and can be used only pursuant to a nondisclosure agreement. - - - -Microsoft, Active Directory, ActiveSync, MS-DOS, Windows, Windows Server, and Windows Vista are trademarks of the Microsoft group of companies. - -All other trademarks are property of their respective owners. - - - - - - - - - diff --git a/mdop/medv-v2/med-v-20-supported-configurations.md b/mdop/medv-v2/med-v-20-supported-configurations.md deleted file mode 100644 index 0f1b6b5b06..0000000000 --- a/mdop/medv-v2/med-v-20-supported-configurations.md +++ /dev/null @@ -1,242 +0,0 @@ ---- -title: MED-V 2.0 Supported Configurations -description: MED-V 2.0 Supported Configurations -author: dansimp -ms.assetid: 88f1d232-aa01-45ab-8da7-d086269250b5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# MED-V 2.0 Supported Configurations - - -Your environment may already meet the configuration requirements provided here so that you can install and run Microsoft Enterprise Desktop Virtualization (MED-V) 2.0. We have included requirements including host operating system, disk space, and MED-V workspace requirements. - -## MED-V 2.0 Host Computer Requirements - - -### MED-V 2.0 Host Operating System Requirements - -The following table lists the operating systems that are supported for MED-V 2.0 installation on the host computer. - - ------ - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackSystem Architecture

Windows 7

Professional, Enterprise, or Ultimate

None or SP1

x86 or x64

- -  - -The following table lists the minimal RAM required for each operating system supported in MED-V 2.0. - - ---- - - - - - - - - - - - - - - - - -
Operating SystemMinimum Required RAM

Windows 7 x86

2GB

Windows 7 x64

2GB

- -  - -### Minimum Recommended Disk Space - -We recommend a minimum of 10GB of available storage. However, the disk space that is required varies greatly and depends on the number of applications published in the MED-V workspace. - -### MED-V 2.0 Host Configuration - -**.NET Framework Version** - -The .NET Framework 3.5 SP1 version of the Microsoft .NET Framework is required for MED-V 2.0. However, you can install the .NET Framework 4 or later version if the .NET Framework 3.5 is already installed. - -**Virtualization Engine** - -Windows Virtual PC with the hotfix that is described in Microsoft Knowledge Base article 977206 is supported for MED-V 2.0. - -**Internet Browser** - -Windows Internet Explorer 8 and Windows Internet Explorer 9 are supported for MED-V 2.0. - -**Microsoft Server Environments** - -The MED-V Host Agent and the MED-V Workspace Packager are not supported in any server environment. - -## MED-V 2.0 Workspace Requirements - - -### MED-V 2.0 Workspace Operating System Requirements - -The following table lists the operating systems supported for MED-V 2.0 workspaces. - - ------ - - - - - - - - - - - - - - - - -
Operating SystemEditionService PackSystem Architecture

Windows XP

Professional Edition

SP3

x86

- -  - -### MED-V 2.0 Workspace Configuration - -**.NET Framework Version** - -Only the .NET Framework 3.5 SP1 version of the Microsoft .NET Framework is supported for MED-V 2.0 workspace installation. - -**Internet Browser** - -Windows Internet Explorer 6, Windows Internet Explorer 7, Windows Internet Explorer 8, and Windows Internet Explorer 9 are supported for the MED-V 2.0 workspace installation. - -### MED-V 2.0 Workspace Creation - -The virtual hard disk used to build a MED-V 2.0 workspace package must be created by using Windows Virtual PC. - -## MED-V 2.0 Globalization Information - - -### MED-V 2.0 Host Agent Globalization Information - -The following Windows operating system language versions are supported for the MED-V 2.0 Host Agent: - -- French - -- Italian - -- German - -- Spanish - -- Korean - -- Japanese - -- Brazilian Portuguese - -- Russian - -- Chinese Traditional - -- Chinese Simplified - -- Dutch - -- Swedish - -- Danish - -- Finnish - -- Portuguese - -- Norwegian - -- Polish - -- Turkish - -- Hungarian - -- Czech - -- Greek - -- Slovak - -- Slovenian - -### MED-V 2.0 Workspace Packager Globalization Information - -The following Windows operating system language versions are supported for the MED-V 2.0 Workspace Packager: - -- French - -- Italian - -- German - -- Spanish - -- Korean - -- Japanese - -- Brazilian Portuguese - -- Russian - -- Chinese Traditional - -- Chinese Simplified - -## Related topics - - -[Deployment of MED-V](deployment-of-med-v.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/med-v-event-log-messages.md b/mdop/medv-v2/med-v-event-log-messages.md deleted file mode 100644 index 1dac7a402f..0000000000 --- a/mdop/medv-v2/med-v-event-log-messages.md +++ /dev/null @@ -1,485 +0,0 @@ ---- -title: MED-V Event Log Messages -description: MED-V Event Log Messages -author: dansimp -ms.assetid: 7ba7344d-153b-4cc4-a00a-5d42aee9986b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# MED-V Event Log Messages - - -The log files for Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 provide detailed information about how to deploy and manage MED-V in your enterprise and help verify functionality or help troubleshoot issues. - -## Event IDs - - -The following are a list of MED-V event IDs to help troubleshoot issues that you might encounter when you deploy or manage MED-V. - -### Fts - -Shows the event IDs for first time setup. - -### Event ID 3066 - -Start virtual machine operation failed. - -**Description** -A potential problem exists with the virtual hard disk (VHD) that you are using to create a MED-V workspace. - -**Solution** -Verify that you can create a virtual machine with the VHD for MED-V and that it can be started. - -### Event ID 3071 - -Virtual machine preparation failed. - -**Description** -A problem occurred with first time setup that might have been caused by many different issues. These include problems with network connectivity. - -**Solution** -Restart the MED-V Host Agent to rerun first time setup. - -### Event ID 3078 - -Virtual machine preparation failed. - -**Description** -A potential problem exists with the VHD that you are using to create a MED-V workspace. - -**Solution** -Verify that you can create a virtual machine with the VHD for MED-V and that it can be started. - -### Event ID 3079 - -Retrying virtual machine preparation. - -**Description** -MED-V is trying to prepare the virtual machine. - -**Solution** -No action is required. Let first time setup finish. - -### Event ID 3080 - -The client was stopped when preparing the virtual machine. - -**Description** -MED-V stops unexpectedly when it tries to prepare the virtual machine. - -**Solution** -Start the MED-V Host Agent and let first time setup complete - -### Event ID 3084 - -Virtual machine is not valid. First time setup needs to be re-run. - -**Description** -The MED-V Host Agent detected a problem with the virtual machine. - -**Solution** -No action is required. Let first time setup finish. - -### Event ID 3099 - -Call to start virtual machine failed. - -**Description** -A potential problem exists with the VHD you are using to create a MED-V workspace. - -**Solution** -Verify that you can create a virtual machine with the VHD for MED-V and that it can be opened. - -### VM Management - -### Event ID 4022 - -VMManagerException Fatal error while issuing command to VM. - -**Description** -The end user tried to exit MED-V by logging off or by shutting down the MED-V host, and the VMTaskTimeout configuration setting was exceeded. - -**Solution** -Restart MED-V. - -### Event ID 4028 - -VM Operation timed out. - -**Description** -The end user tried to exit MED-V by logging off or by shutting down the host, and the VMTaskTimeout configuration setting was exceeded. - -**Solution** -Restart MED-V. - -### Event ID 4038 - -Vmsal posted an error message to the user. - -**Description** -An error message is displayed to the end user stating that MED-V could not start the virtual application. - -**Solution** -If the error is logged two or more times in a row, stop MED-V and connect to the virtual machine by using Windows Virtual PC console and attempt to start the application in Full Screen. - -### Event ID 4040 - -Recycling Additions because TerminalServices is not initialized in the guest. - -**Description** -MED-V rebooted the virtual machine because Remote Desktop Services was not initialized on the virtual machine. - -**Solution** -If the error is logged two or more times in a row, stop MED-V and connect to the virtual machine by using Windows Virtual PC console. - -### Event ID 4042 - -Failed to recycle additions in the guest. - -**Description** -MED-V failed to recycle virtual machine additions on the virtual machine. - -**Solution** -If the error is logged two or more times in a row, stop MED-V and connect to the virtual machine by using Windows Virtual PC console. - -### Event ID 4043 - -Failed to reset expired password in the virtual machine. - -**Description** -The end user did not reset the password in the virtual machine before it expired. As a result, the user might not be able to access network resources or save work. - -**Solution** -Shut down the MED-V guest and restart it. - -### URL Redirection - -### Event ID 5005 - -Couldn’t get VM name from configuration; can’t launch guest browser. - -**Description** -URL Redirection could not obtain the MED-V workspace name from the configuration. As a result, it cannot inform Windows Virtual PC to open the redirected URL in the MED-V workspace browser. - -**Solution** -Ensure that the MED-V workspace name is set and that it matches a virtual machine name in the C:\\Users\\<*user*>\\Virtual Machines directory. The MED-V workspace name is located at HKLM\\SOFTWARE\\Microsoft\\Medv\\v2\\VM\\Name. - -For example, if the user is "Matt" and the workspace name is "mattsworkspace", the value of HKLM\\SOFTWARE\\Microsoft\\Medv\\v2\\VM\\Name should be "mattsworkspace", and there should be a file that is named C:\\Users\\Matt\\Virtual Machines\\mattsworkspace.vcmx. - -### Event ID 5006 - -Failed to create pipe server. - -**Description** -The URL Redirection service could not create the pipe server to communicate with Internet Explorer. - -**Solution** -Check system event logs for attempts to create a file or resource whose path begins similar to the following: "\\\\.\\pipe\\MEDVUrlRedirectionPipe\_" and ends with the user’s user name and domain name. If this is not present in the event log, restart the computer. - -### ConfigMgr (Guest) - -### Event ID 7001 - -The host network configuration data is not properly formatted. - -**Description** -Either the network configuration received from the host is an incorrectly formatted XML string, or the network information returned from the host cannot be written to an XML document. - -**Solution** -Restart the host computer and the virtual machine. - -### Event ID 7005 - -A change to the host network configuration was detected, but was not able to be applied because the host network configuration data was not properly formatted. - -**Description** -A change to the host network configuration was communicated to the virtual machine, but could not be processed in the virtual machine because of an error. This error could be caused by incorrectly formatted data or the inability to set the information into the Windows Management Instrumentation (WMI) CCMNetworkAdapter instance. - -**Solution** -Restart the host and virtual machine. - -### ConfigMgr (Host) - -### Event ID 8006 - -The virtual machine cannot be found. - -**Description** -Windows Virtual PC 7 cannot locate the virtual machine. The virtual machine might have been deleted, moved, removed, or access was denied. - -**Solution** -Reinstall the virtual machine. - -### Event ID 8008 - -The workstation's network configuration information could not be retrieved. - -**Description** -Network configuration information could not be collected from the MED-V host, most likely because of a system call failure in the .NET Framework. This failure can also occur if the network information returned from the MED-V host cannot be written to an XML document. - -**Solution** -Restart the host workstation. - -### Event ID 8010 - -The network configuration data could not be set in the virtual machine. - -**Description** -The MED-V host network address translation (NAT) could not be communicated to the virtual machine, most likely because the virtual machine is in a bad state or the Windows Virtual PC Additions were not installed or enabled. - -**Solution** -Shut down and restart the virtual machine. In addition, you might have to reinstall the virtual machine. - -### Event ID 8011 - -The network configuration data could not be reset in the virtual machine. - -**Description** -The MED-V host network configuration (BRIDGED) could not be communicated to the virtual machine, most likely because the virtual machine is in a bad state or the Windows Virtual PC Additions were not installed or enabled. - -**Solution** -Shut down and restart the virtual machine. In addition, you might have to reinstall the virtual machine. - -### Printer Redirection - -### Event ID 9001 - -File Permission Error. - -**Description** -The end user is not authorized to access the folder required to open or create the MED-V printer file for reading. - -**Solution** -Verify that the User\\AppData\\ path can be accessed and that the user has permission to read and write to it. For example, if the user is "Matt", the path C:\\Users\\Matt\\AppData\\, and all files therein should have Read and Write permissions. And if it exists, the path C:\\Users\\Matt\\AppData\\Local\\Microsoft\\MEDV\\v2\\ and all files therein should have Read and Write permissions. - -### Event ID 9002 - -File Permission Error. - -**Description** -The end user is not authorized to access the folder required to open or create the MED-V printer file for writing. - -**Solution** -Ensure that the User\\AppData\\ path can be accessed, and that the user has permission to read and write to it. For example, if the user is "Matt", the path C:\\Users\\Matt\\AppData\\ and all files therein should have Read and Write permissions. And if it exists, the path C:\\Users\\Matt\\AppData\\Local\\Microsoft\\MEDV\\v2\\ and all files therein should have Read and Write permissions. - -### Event ID 9004 - -Could not create path for storing MEDV printer files. - -**Description** -The printer redirection service could not access files or create directories required for storing the printer information. - -**Solution** -Verify that the User\\AppData\\ path can be accessed and that the user has permission to read and write to it. For example, if the user is "Matt", the path C:\\Users\\Matt\\AppData\\ and all files therein should have Read and Write permissions. And if it exists, the path C:\\Users\\Matt\\AppData\\Local\\Microsoft\\MEDV\\v2\\ and all files therein should have Read and Write permissions. - -### Event ID 9005 - -Couldn’t get VM name from configuration; cannot launch guest installer. Cannot update MED-V – No host network detected. - -**Description** -The printer redirection service was not able to obtain the MED-V workspace name from the MED-V configuration and cannot inform Windows Virtual PC to start the installer on the MED-V guest. - -**Solution** -Ensure that the MED-V workspace name is set and that it matches a virtual machine name in the C:\\Users\\<*user*>\\Virtual Machines directory. The MED-V workspace name is located at HKLM\\SOFTWARE\\Microsoft\\Medv\\v2\\VM\\Name. - -For example, if the user is "Matt" and the workspace name is "mattsworkspace", the value of HKLM\\SOFTWARE\\Microsoft\\Medv\\v2\\VM\\Name should be "mattsworkspace" and there should be a file that is named C:\\Users\\Matt\\Virtual Machines\\mattsworkspace.vcmx. - -### Application Publishing - -### Event ID 10015 - -A file system error occurred during the reconcile process. The reconcile process will not process the file <*filename*> but will continue to process any other changes. - -**Description** -An unauthorized access or I/O error occurred when a shortcut was being created or deleted. - -**Solution** -Check that the file path can be accessed and that the user has permissions to create or delete the specified file. - -### Event ID 10021 - -Error <*error\_information*> for file operation <*operation\_name*> on file <*filename*>. - -**Description** -An unauthorized access or I/O error occurred when a shortcut was being created or deleted. - -**Solution** -Check that the file path can be accessed and that the user has permissions to create or delete the specified file. - -### Guest Patching - -### Event ID 11001 - -Guest wakeup task usage message. - -**Description** -MedvHost.exe with the /GuestWakeup option was executed incorrectly, or the command is formatted incorrectly. - -**Solution** -Ensure that the command is executed with the following format: - -Medvhost.exe /GuestWakeup /d:< *duration\_in\_minutes*> /v:”< *workspace\_name*>” where - -<*duration\_in\_minutes*> is the number of minutes that the virtual machine should stay awake (default is 240) and - -<*workspace\_name*> is the name of the virtual machine that should be awakened. - -### Event ID 11002 - -Cannot update MED-V – No host network detected. - -**Description** -Guest patching could not finish because no host network connection was detected. - -**Solution** -Connect the MED-V host to an active network connection before you run guest patching. - -### Event ID 11003 - -Cannot update MED-V – Host not running on A/C powerFailed to create pipe server. - -**Description** -Guest patching could not finish because the host appears to be running on battery power instead of from a power cord. - -**Solution** -Connect the host computer to a power cord before you run guest patching. - -### Client UX - -### Event ID 14003 - -The following tray status message was too long and could not be displayed: <*tray\_status\_message*> - -**Description** -MED-V created an unanticipated string that was too long for the tray tooltip or balloon message. As a result, the displayed message was truncated. - -**Solution** -This is a rare error that can occur when MED-V is randomly creating the tooltip text. There is no solution. - -### Event ID 14004 - -MED-V stopped due to an unhandled exception. - -**Description** -An unhandled exception caused MED-V to stop unexpectedly. - -**Solution** -Restart MED-V. - -### Event ID 14005 - -Server attempted to create mutex but it already existed. - -**Description** -A second instance of MedvHost.exe is stuck in memory. - -**Solution** -Open TaskManager and end all MedvHost.exe processes. - -### Event ID 14006 - -Error modifying or deleting registry value <*registry\_value*>. - -**Description** -MED-V is unable to modify the specified entry in the registry. - -**Solution** -Ensure that you install or uninstall MED-V with administrative credentials. - -### Event ID 14007 - -The file specified (<*filename*>) is not valid. - -**Description** -During install or uninstall, a corrupted temp file was passed to MED-V host. - -**Solution** -Delete all files in the Temp folder and reinstall or uninstall MED-V. - -### Event ID 14008 - -File not found: <*filename*>. - -**Description** -During install or uninstall, a path of a required temp file was not found. - -**Solution** -Delete all files in the Temp folder and reinstall or uninstall MED-V. - -### Event ID 14009 - -Unable to read parameter file <*filename*>. - -**Description** -During the install or uninstall process, MED-V was unable to read a temp file. - -**Solution** -Delete all files in the Temp folder and reinstall or uninstall MED-V. In addition, verify that the user has the necessary rights and permissions to the Temp folder. - -### Event ID 14010 - -Error deserializing parameter file <*filename*>. - -**Description** -During the install or uninstall process, MED-V encountered a corrupted temp file. - -**Solution** -Delete all files in the Temp folder and reinstall or uninstall MED-V. In addition, verify that the user has the necessary rights and permissions to the Temp folder. - -### Event ID 14011 - -Unexpected error deserializing parameter file <*filename*>. - -**Description** -During the install or uninstall process, MED-V encountered a corrupted temp file. - -**Solution** -Delete all files in the Temp folder and reinstall or uninstall MED-V. In addition, verify that the user has the necessary rights and permissions to the Temp folder. - -### Event ID 14012 - -Unexpected error when settings rights on folder <*folder\_name*> for user <*username*>. - -**Description** -An error occurs when MED-V is unable to set rights and permissions on certain folders during installation. - -**Solution** -Check the administrator rights to the following folders: - -@"%ProgramData%\\Microsoft\\Medv\\AllUsers" - -@"%ProgramData%\\Microsoft\\Medv\\MedvLock" - -@"%ProgramData%\\Microsoft\\Medv\\Monitoring" - -### Event ID 14013 - -Unexpected error when creating lock file. - -**Description** -An error occurs when MED-V is unable to create a file in the @"%ProgramData%\\Microsoft\\Medv\\MedvLock" folder during installation. - -**Solution** -Check the administrator rights to the MedvLock folder. - -## Related topics - - -[Troubleshooting MED-V](troubleshooting-med-vmedv2.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/monitor-med-v-workspaces.md b/mdop/medv-v2/monitor-med-v-workspaces.md deleted file mode 100644 index 9d0f3f1006..0000000000 --- a/mdop/medv-v2/monitor-med-v-workspaces.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Monitor MED-V Workspaces -description: Monitor MED-V Workspaces -author: dansimp -ms.assetid: f514afe2-8add-4105-9520-1a491733fa79 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Monitor MED-V Workspaces - - -This section provides information and contains procedures to help administrators monitor MED-V workspaces. - -## In This Section - - -[Monitoring MED-V Workspace Deployments](monitoring-med-v-workspace-deployments.md) -Describes how to monitor the deployment of MED-V workspaces to determine whether first time setup finished. - -[Detecting Network Changes that Affect MED-V](detecting-network-changes-that-affect-med-v.md) -Describes how to set up your environment to detect those network changes that can affect MED-V. - -## Related topics - - -[Manage MED-V Workspace Settings](manage-med-v-workspace-settings.md) - -[Operations for MED-V](operations-for-med-v.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/monitoring-med-v-workspace-deployments.md b/mdop/medv-v2/monitoring-med-v-workspace-deployments.md deleted file mode 100644 index dcdb458c8a..0000000000 --- a/mdop/medv-v2/monitoring-med-v-workspace-deployments.md +++ /dev/null @@ -1,104 +0,0 @@ ---- -title: Monitoring MED-V Workspace Deployments -description: Monitoring MED-V Workspace Deployments -author: dansimp -ms.assetid: 5de0cb06-b8a9-48a5-b8b3-836954295765 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Monitoring MED-V Workspace Deployments - - -The monitoring feature in Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 lets you run queries on individual MED-V workspaces to determine whether first time setup succeeded throughout your enterprise after the MED-V workspaces are deployed. Monitoring the success of first time setup is important because MED-V is not in a usable state until first time setup has been completed successfully. - -This section provides information and instruction to assist you in monitoring the success or failure of first time setup. - -## To monitor MED-V workspace deployments - - -The monitoring feature consists of a coupled in-process Windows Management Instrumentation (WMI) provider that you can query using WMI Query Language to discover the status of first time setup for all end users on a MED-V workspace. - -The WMI provider is implemented by using the WMI Provider Extension framework from the Microsoft .Net Framework 3.5. The WMI provider executes in the context of LocalService and stores the first time setup state securely under \\ProgramData. - -The WMI provider is implemented in the **root\\microsoft\\medv** namespace and implements the class **FTS\_Status**, which exposes the method **SetFtsState**. MED-V uses **SetFtsState** to set the first time setup state. - -The class contains the following properties. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
PropertyDescription

Machine

Read Only property that contains the name of the guest virtual machine provisioned by first time setup. This key contains the name that the guest would have had on first time setup failure.

StatusCode

Read Only property that contains zero if first time setup succeeded. Any other value returned equals the event ID for the error that is logged.

Time

The UTC time that first time setup completed.

User

The user for which first time setup was run.

- -  - -The following code shows the Managed Object Format (MOF) file that defines the **FTS\_Status** class. - -``` syntax -[dynamic: ToInstance, provider("MedvWmi, Version=2.0.258.0, Culture=neutral, PublicKeyToken=14986c3f172d1c2c")] -class FTS_Status -{ -[read, key] string User; -[read] string Machine; -[read] sint32 StatusCode; -[read] datetime Time; -[static, implemented] void SetFtsState([in] sint32 statusCode, [in] string machine); -}; -``` - -Because your main concern is most likely those MED-V workspaces for which first time setup was not completed successfully, you can write your query to only return those that failed first time setup, for example: - -``` syntax -Select * from FTS_Status where StatusCode != 0 -``` - -In this case, the monitoring feature returns a list of those MED-V workspaces that failed first time setup, which you can use to take the appropriate actions to resolve the failure. - -## Related topics - - -[Monitor MED-V Workspaces](monitor-med-v-workspaces.md) - -[How to Verify First Time Setup Settings](how-to-verify-first-time-setup-settings.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/operations-for-med-v.md b/mdop/medv-v2/operations-for-med-v.md deleted file mode 100644 index 700f62afaa..0000000000 --- a/mdop/medv-v2/operations-for-med-v.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: Operations for MED-V -description: Operations for MED-V -author: dansimp -ms.assetid: 8f3f367d-fa9d-4468-814a-f0495adfaea4 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Operations for MED-V - - -The topics in this section provide step-by-step instructions and help you deploy and manage the Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 environment and its components. - -## In This Section - - -[End-to-End Operations Scenario for MED-V 2.0](end-to-end-operations-scenario-for-med-v-20.md) -Describes an end-to-end operations scenario for MED-V 2.0. - -[Prepare a MED-V Image](prepare-a-med-v-image.md) -Describes how to create, install, configure, package, and test a Windows Virtual PC image for MED-V 2.0. - -[Create a MED-V Workspace Package](create-a-med-v-workspace-package.md) -Describes how to use the MED-V Workspace Packager to create or modify a MED-V workspace deployment package. - -[Test And Deploy the MED-V Workspace Package](test-and-deploy-the-med-v-workspace-package.md) -Describes how to test and deploy a MED-V workspace deployment package. - -[Monitor MED-V Workspaces](monitor-med-v-workspaces.md) -Describes how to monitor successful MED-V workspace deployments. - -[Manage MED-V Workspace Applications](manage-med-v-workspace-applications.md) -Describes how to manage the applications that are deployed to a MED-V workspace. - -[Manage MED-V URL Redirection](manage-med-v-url-redirection.md) -Describes how to manage URL redirection in a MED-V workspace. - -[Manage MED-V Workspace Settings](manage-med-v-workspace-settings.md) -Describes how to manage configuration settings and printers in a MED-V workspace. - -## Related topics - - -[Microsoft Enterprise Desktop Virtualization 2.0](index.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/operations-troubleshooting-medv2.md b/mdop/medv-v2/operations-troubleshooting-medv2.md deleted file mode 100644 index dca90ef2ec..0000000000 --- a/mdop/medv-v2/operations-troubleshooting-medv2.md +++ /dev/null @@ -1,141 +0,0 @@ ---- -title: Operations Troubleshooting -description: Operations Troubleshooting -author: dansimp -ms.assetid: 948d7869-accd-44da-974f-93409234dee7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Operations Troubleshooting - - -This topic includes information that you can use to help troubleshoot general operational issues in Microsoft Enterprise Desktop Virtualization (MED-V) 2.0. - -## Troubleshooting Issues in MED-V Operations - - -The following are some issues end users might encounter when they run MED-V and solutions to help troubleshoot these issues: - -**Documentation Redirection Fails**. This issue typically occurs when an end user’s My Documents folder points to a network location. Windows does not support creating a share from another shared folder. When a drive or folder is redirected to the guest, RDP\\Windows Virtual PC creates a share for that folder. Therefore, if the My Documents folder on the host is already pointing to a share, RDP\\Windows Virtual PC cannot create a share of a share. - -Another possible cause of this issue is that the credentials that are required to connect to the network resource might differ from the user’s domain credentials. MED-V might be detecting that documents are redirected on the host, send that information to the guest, and then try to reconnect the network resource. If the user’s credentials do not authenticate, MED-V might stop trying to authenticate. - -**Solution** - -Try one of the following to resolve this issue: - -- Set the user’s root directory inside Active Directory. The guest and host should then connect to the same network resource. - -- Instead of redirecting the My Documents folder to a UNC path, map it to a drive letter (on the host, map a drive that points to the network resource). The My Documents folder can then be set to use the drive letter instead of the UNC path. The guest will then redirect to that same mapped drive as expected. - -- Create a startup script in the guest that redirects the My Documents folder to the network resource and provides additional credentials as needed. - -**URL Redirection Fails**. A URL that you have specified for redirection from the host to the guest is not redirecting as intended or is returning an error message that indicates that the website does not exist. - -**Solution** - -This error can occur when there is a misspelling or incorrect use of characters, such as asterisk (\*), in the URL redirection information. Check the registry value for URL redirection and correct any mistakes. - -The registry key is called `RedirectUrls` and is typically located at: - -Computer\\HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\MEDV\\v2\\UserExperience - -**Icon in Taskbar Misleading**. By default, the icon that appears in an end user’s taskbar for published applications and redirected URLs is the icon for Windows Virtual PC. If an end user is not aware of this default behavior, they can become confused when looking at the taskbar to locate their application. - -**Solution** - -The only way to avoid this default behavior is to change the user settings for the taskbar properties as follows: - -1. Right-click the taskbar and then click **Properties**. - -2. In the **Taskbar and Start Menu Properties** dialog box, click the **Taskbar** tab. - -3. In the drop-down bar for the **Taskbar buttons** box, select **Never combine**. - -4. Click **OK**. - -The expected icons for published applications and redirected URLs are displayed. - -**Warning Issued if Second User Attempts Log on or if Virtual Machine is in Use**. A warning message is issued when a second user logs on to a MED-V workspace while a first user is still running MED-V. The warning is also issued if MED-V is started while the virtual machine is being used, for example, if the virtual machine was started through Windows Virtual PC on the **Start** menu. When the end user accepts the warning message, MED-V shuts down. - -**Solution** - -An end user must verify that all other users are logged off MED-V before they try to log on. This ensures that no other instance of MED-V is running and that Windows Virtual PC is not in control of the virtual machine. - -**Beeps Heard During First Time Setup**. Occasionally, beeps are heard while MED-V is running first time setup. This can be confusing to an end user. The beeps are originating from the virtual machine when it performs certain actions, such as shutting down. - -**Solution** - -You can stop the beep service by specifying the "net stop beep" command at the beginning of each virtual machine start sequence. Or you can disable the beep service by specifying the “sc config beep start= disabled" command. You can specify these commands either before you seal the image or as part of Sysprep. - -**Multiple Network Connections Created for MED-V Workspaces in BRIDGED Mode**. If first time setup is creating a MED-V workspace that is configured for NAT mode, it only creates a single network connection in Windows Virtual PC. However, if first time setup is creating a MED-V workspace that is configured for BRIDGED mode, it creates a separate network connection for each network adapter that is installed in the computer, because MED-V cannot determine which network adapter is active. This also ensures that roaming users always have a network adapter available for wired and wireless connections. - -**Solution** - -None. - -**MED-V Application is Unresponsive for Too Long when Closing**. In some instances, a MED-V application stops responding when it is trying to close. - -**Solution** - -You can specify the length of time that MED-V waits to close unresponsive applications by setting the WaitToKillAppTimeout registry key in the guest virtual machine. For more information, see [How To Increase Shutdown Time So That Processes Can Quit Properly in Windows XP](https://go.microsoft.com/fwlink/?LinkId=206819) (https://go.microsoft.com/fwlink/?LinkId=206819). - -**Renaming a Published Application Shortcut in the Guest Virtual Machine does not Change the Published Name in the Host**. When you publish an application by creating a shortcut and then rename the shortcut in the guest virtual machine, the original application name remains in the host **Start** menu. The program continues to run as expected, however the program will always retain the original name. - -**Solution** - -None. This is a known behavior of Windows Virtual PC. - -**Moving a Shortcut in the Guest Virtual Machine does not Update the Location on the Host Computer Start Menu**. MED-V application shortcuts that are published to the host computer **Start** menu are cataloged in the registry. If you move an application shortcut into a subfolder, the registry is not updated to reflect the change. - -**Solution** - -Follow these steps to change the location of a MED-V application shortcut: - -1. When MED-V is running, open up Windows Explorer on the MED-V guest virtual machine. - -2. Browse to the "%ALLUSERSPROFILE%\\Start Menu\\Programs" directory. - -3. Move the application shortcuts out of the startmenu or programs folders. - -4. After about 30 seconds, validate that the shortcuts are removed from the host computer **Start** menu. - -5. Move the application shortcuts back in to the new program folders under the Start Menu\\Programs directory. - -6. After about 30 seconds, validate that the shortcuts are updated in the host computer **Start** Menu. - -**Published Applications can Time Out after Sitting Idle**. In some cases, published applications will time out if they have sat idle for some time. This situation only occurs if IPsec is enabled and the MED-V workspace is configured for NAT mode. This situation does not occur if running in BRIDGED mode. - -**Solution** - -Disable IPsec when you are running the MED-V workspace in NAT mode. - -**Pinning a Published Application to the Taskbar Bypasses MED-V**. If an end user pins a published application to the taskbar and then closes the application, MED-V is bypassed the next time that the application is opened from the taskbar icon. Instead, the application opens directly in a VMSAL window. - -**Solution** - -Do not pin the applications published in MED-V to the taskbar. - -## Related topics - - -[Security Best Practices for MED-V Operations](security-best-practices-for-med-v-operations.md) - -[Deployment Troubleshooting](deployment-troubleshooting.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/overview-of-med-vmedv2.md b/mdop/medv-v2/overview-of-med-vmedv2.md deleted file mode 100644 index 325b6c6151..0000000000 --- a/mdop/medv-v2/overview-of-med-vmedv2.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: Overview of MED-V -description: Overview of MED-V -author: dansimp -ms.assetid: 393daa9b-2d76-43e1-861a-9d8c00f68cf6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Overview of MED-V - - -Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 enables the deployment and management of Windows Virtual PC images throughout an enterprise. By providing large-scale deployments of desktops running Windows XP Professional SP3 that are hosted through Windows Virtual PC, MED-V lets businesses upgrade to Windows 7, even though some of their applications might not yet be fully functional or supported. - -This guide helps you understand, deploy, and manage your MED-V environment. By using the information provided in this guide, you can plan for and prepare your MED-V deployment, learn how to monitor and manage MED-V workspaces, and understand how to use MED-V to benefit your IT organization. - -## Key Scenarios for Using MED-V - - -Incompatibility of legacy applications together with new versions of Windows can often delay enterprise upgrades to the latest version of Windows. Testing and migrating applications takes time, and users cannot take advantage of the new capabilities and enhancements offered by the newest operating system. - -By delivering applications in a Windows Virtual PC that is running Windows XP SP3, MED-V removes the barriers to operating system upgrades and lets administrators complete testing and address incompatible applications after the upgrade. - -From the user's perspective, these applications can be accessed from the standard desktop **Start** menu and appear side-by-side with native applications, so there is minimal change to the user experience. - -## Related topics - - -[Planning for Application Operating System Compatibility](planning-for-application-operating-system-compatibility.md) - -[MED-V 2.0 Supported Configurations](med-v-20-supported-configurations.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/planning-for-application-operating-system-compatibility.md b/mdop/medv-v2/planning-for-application-operating-system-compatibility.md deleted file mode 100644 index 459c9b83f8..0000000000 --- a/mdop/medv-v2/planning-for-application-operating-system-compatibility.md +++ /dev/null @@ -1,119 +0,0 @@ ---- -title: Planning for Application Operating System Compatibility -description: Planning for Application Operating System Compatibility -author: dansimp -ms.assetid: cdb0a7f0-9da4-4562-8277-12972eb0fea8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning for Application Operating System Compatibility - - -This topic helps determine how to resolve application operating system compatibility issues, and discusses how Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 works as a solution for your organization. - -This topic discusses the business requirements for MED-V and compares MED-V to Windows XP Mode and Microsoft Application Virtualization (App-V): - -- [Business Requirements for MED-V](#bkmk-whenmedv) - -- [Benefits of MED-V versus Windows XP Mode](#bkmk-medvvsxp) - -- [Benefits of MED-V versus App-V](#bkmk-medvvsappv) - -## Business Requirements for MED-V - - -When your company’s IT department is determining whether to upgrade to Windows 7, it must pay attention to its line-of-business applications and web-based line-of-business applications to make certain that these can run on the new operating system. Often, these applications and URLs were created to work specifically with an older version of Windows or Internet Explorer, and problems can occur when trying to use them in the new operating system. Microsoft offers many different methods for handling the various compatibility issues that can occur when you upgrade, such as the Application Compatibility Toolkit (ACT) and the Windows 7 Program Compatibility Assistant. But even after all applications have been tested for compatibility and fixes have been determined, some applications still do not work correctly on Windows 7 or are too costly to resolve. - -By using MED-V, you can run these legacy applications through a Windows Virtual PC environment that is running Windows XP. Because you no longer have to test and validate these problem applications on the new operating system before upgrading, your migration to Windows 7 is much smoother and quicker. - -### Using MED-V Checklist - -Consider MED-V if any of the following scenarios apply to you: - -- You are a large organization (for example, 500 users and more), have an Enterprise Agreement with Microsoft, and plan to upgrade to Windows 7. - -- You have tested your line-of-business applications and have found some that are incompatible with Windows 7. - -- You have resolved the compatibility issues for some of these problem applications by upgrading the application or by using a Microsoft-provided shim, such as the Application Compatibility Toolkit (ACT), but compatibility issues remain for some applications. - -- You have considered App-V as an option for delivering the incompatible applications and have concluded that even after you implement App-V, you still have application operating system compatibility issues that you must address. - -- You have considered Windows XP Mode as a solution and have determined that it is not an efficient option because: - - - You want to be able to deploy virtual images that contain the problem applications to all end users at the same time, instead of individually, and have the virtual images automatically joined to the domain. - - - You have decided it is much more cost effective to manage these legacy applications (that are delivered virtually) and control the Windows Virtual PC settings from a centralized location instead of on each end user’s desktop. - - - You want to be able to update and support the virtual machines in scale instead of per desktop. - - - You want the ability to redirect URLs that run better on an older version of Internet Explorer to the virtual machines and to easily manage URL redirection later. - -- You have determined that it would be more cost effective and helpful to upgrade to Windows 7 as soon as possible and have decided to postpone resolving your remaining application compatibility issues until a later date, knowing that you have a solution available in MED-V. - -## Benefits of MED-V versus Windows XP Mode - - -Windows Virtual PC for Windows 7 lets you run different versions of an operating system at the same time on a single device and is included in Windows 7 Professional Edition and higher. - -Windows XP Mode functionality takes advantage of Windows Virtual PC by providing a preconfigured Windows XP image that lets you create a virtual Windows XP environment. In this virtual environment, you can manually install applications that are incompatible with Windows 7 and that run seamlessly from your desktop through Windows Virtual PC. - -**By using Windows XP Mode, you can do the following:** - -- Run applications that are compatible with Windows XP inside a virtual machine that runs in Windows Virtual PC. - -- Publish these applications to the host’s desktop or Program menu. - -When you want to deliver these virtual machines on a large scale as part of an enterprise migration to Windows 7, you must be able to deploy the virtual machines quickly, provision, and customize them efficiently, control their settings, and support them easily. - -MED-V builds upon Windows XP Mode to deliver enterprise-wide application compatibility. Whereas Windows XP mode is limited to providing virtual application functionality to individuals and small businesses, MED-V allows for large-scale deployments of preconfigured Windows XP images throughout your corporate network. It gives you an enterprise-ready management solution for the configuration, deployment, and maintenance of these virtual MED-V workspaces. MED-V also gives enterprise administrators a set of policies to control image use. This includes which users will have access to which specific applications within these images. - -**By using MED-V, you can do the following:** - -- Upgrade to your new operating system without having to test and resolve every incompatible application and URL. - -- Deploy virtual Windows XP images that are automatically domain-joined and customized per user. - -- Provision applications and URL redirection information to users. - -- Control the Windows Virtual PC settings. - -- Maintain and support endpoints through monitoring and troubleshooting. - -- Ensure that guest computers are patched, even if in a suspended state. - -- Automate per-user virtual machine creation and sysprep initialization. - -- Easily diagnose issues on the host and guest computers. - -- Seamlessly manage guest computers that are connected through Windows Virtual PC NAT mode. - -## Benefits of MED-V versus App-V - - -MED-V and App-V are two very different technologies that can easily work together to solve your application operating system compatibility issues. By using App-V, you create an individualized package for each application, each of which is then kept separate from the others. Each virtual application can then be immediately delivered to the end user, which is very useful for a Windows 7 deployment strategy. - -MED-V does not handle applications individually. Instead, it creates an additional instance of Windows XP on the same desktop that is running Windows 7. You can install as many applications as necessary into this virtual image and manage the image just as you would any other desktop in your organization. - -In addition, you can use MED-V together with App-V so that virtual applications that are sequenced through App-V are installed, published, and managed by using MED-V. - -## Related topics - - -[Define and Plan your MED-V Deployment](define-and-plan-your-med-v-deployment.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/planning-for-med-v.md b/mdop/medv-v2/planning-for-med-v.md deleted file mode 100644 index 98c665b7e8..0000000000 --- a/mdop/medv-v2/planning-for-med-v.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: Planning for MED-V -description: Planning for MED-V -author: dansimp -ms.assetid: 8124b765-6930-4607-8bd9-93068403c7a2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning for MED-V - - -The topics in this section help you plan and design your Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 deployment. - -## In This Section - - -[End-to-End Planning Scenario for MED-V 2.0](end-to-end-planning-scenario-for-med-v-20.md) -Provides planning guidance for end-to-end deployment scenarios. - -[Define and Plan your MED-V Deployment](define-and-plan-your-med-v-deployment.md) -Describes how to define the project scope by defining the end users, determining the MED-V images to be managed, and determining the organization’s service level expectations. - -[MED-V 2.0 Best Practices](med-v-20-best-practices.md) -Provides guidance for planning your deployment following MED-V 2.0 best practices. - -## Related topics - - -[Microsoft Enterprise Desktop Virtualization 2.0](index.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/prepare-a-med-v-image.md b/mdop/medv-v2/prepare-a-med-v-image.md deleted file mode 100644 index 2746ab886a..0000000000 --- a/mdop/medv-v2/prepare-a-med-v-image.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: Prepare a MED-V Image -description: Prepare a MED-V Image -author: dansimp -ms.assetid: 1bc757e5-8aef-4163-8542-1bdccc028961 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Prepare a MED-V Image - - -To deploy a Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 image to multiple computers, you must first prepare the image for deployment. - -This section provides information about the steps that are required to prepare a MED-V image for deployment. - -## In This Section - - -[Creating a Windows Virtual PC Image for MED-V](creating-a-windows-virtual-pc-image-for-med-v.md) -Describes how to create and configure a Windows Virtual PC image for MED-V. This includes installing Windows XP on the image with the required updates and integration components. - -[Installing Applications on a Windows Virtual PC Image](installing-applications-on-a-windows-virtual-pc-image.md) -Describes the process of installing applications on your MED-V image. - -[Configuring a Windows Virtual PC Image for MED-V](configuring-a-windows-virtual-pc-image-for-med-v.md) -Describes how to configure and package a Windows Virtual PC image for MED-V by using Sysprep. - -## Related topics - - -[Operations for MED-V](operations-for-med-v.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/prepare-the-deployment-environment-for-med-v.md b/mdop/medv-v2/prepare-the-deployment-environment-for-med-v.md deleted file mode 100644 index 73bc76772a..0000000000 --- a/mdop/medv-v2/prepare-the-deployment-environment-for-med-v.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Prepare the Deployment Environment for MED-V -description: Prepare the Deployment Environment for MED-V -author: dansimp -ms.assetid: d15ea370-7fdb-4852-a1ba-730ec7568e3e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Prepare the Deployment Environment for MED-V - - -This section provides information about preparing your Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 deployment environment. - -## In This Section - - -[Configure Environment Prerequisites](configure-environment-prerequisites.md) -Describes the prerequisites that are required as part of the MED-V 2.0 environment. - -[Configure Installation Prerequisites](configure-installation-prerequisites.md) -Describes the prerequisites that are required before you install MED-V 2.0. - -## Related topics - - -[Example MED-V System Installation Checklist](example-med-v-system-installation-checklist.md) - -[Deploy the MED-V Components](deploy-the-med-v-components.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/restarting-and-resetting-a-med-v-workspace.md b/mdop/medv-v2/restarting-and-resetting-a-med-v-workspace.md deleted file mode 100644 index a97672a4dc..0000000000 --- a/mdop/medv-v2/restarting-and-resetting-a-med-v-workspace.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: Restarting and Resetting a MED-V Workspace -description: Restarting and Resetting a MED-V Workspace -author: dansimp -ms.assetid: a959cdb3-a727-47c7-967e-e58f224e74de -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Restarting and Resetting a MED-V Workspace - - -During troubleshooting, you may sometimes find it necessary to restart or reset the MED-V workspace. Restarting the MED-V workspace is basically the same as restarting a physical computer. Resetting the MED-V workspace reruns first time setup and deletes all data that is stored in the virtual machine. Because all stored data is deleted, you typically should only reset the MED-V workspace to resolve the most serious troubleshooting issues, or to restore a previously working MED-V workspace back to a working state. - -For information about how to open the MED-V Administration Toolkit, see [Troubleshooting MED-V by Using the Administration Toolkit](troubleshooting-med-v-by-using-the-administration-toolkit.md). - -**Restarting a MED-V Workspace** - -1. On the **MED-V Administration Toolkit** window, click **Restart MED-V Workspace**. A dialog window opens in which you must confirm that you want to restart the MED-V workspace. - -2. Click **Restart**. - - Any published applications that are running or redirected web sites that are open will be closed when the MED-V workspace restarts. - -**Resetting a MED-V Workspace** - -1. On the **MED-V Administration Toolkit** window, click **Reset MED-V Workspace**. A dialog window opens in which you must confirm that you want to reset the MED-V workspace. - - **Warning**   - Resetting the MED-V workspace causes first time setup to run again, and thus reloads the original virtual hard disk. All data that is stored in the MED-V workspace since first time setup was originally run will be deleted. - - - -2. Click **Reset**. - - Any published applications that are running or redirected web sites that are open will be closed when the MED-V workspace resets. - -## Related topics - - -[Viewing and Configuring MED-V Logs](viewing-and-configuring-med-v-logs.md) - -[Viewing MED-V Workspace Configurations](viewing-med-v-workspace-configurations.md) - - - - - - - - - diff --git a/mdop/medv-v2/security-and-protection-for-med-v.md b/mdop/medv-v2/security-and-protection-for-med-v.md deleted file mode 100644 index 5424443a54..0000000000 --- a/mdop/medv-v2/security-and-protection-for-med-v.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: Security and Protection for MED-V -description: Security and Protection for MED-V -author: dansimp -ms.assetid: 5db66d56-eb65-4bff-a9e4-3d52de4256bd -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Security and Protection for MED-V - - -The following section contains best practices that we recommend for running Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 in a secure configuration. - -## In This Section - - -[Security Best Practices for MED-V Operations](security-best-practices-for-med-v-operations.md) -Describes best practices to follow to help maintain security when preparing, building, testing, deploying, and managing MED-V workspaces. - -[Authentication of MED-V End Users](authentication-of-med-v-end-users.md) -Describes best practices to follow to help maintain security when verifying the identity of MED-V end users. - -## Related topics - - -[Microsoft Enterprise Desktop Virtualization 2.0](index.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/security-best-practices-for-med-v-operations.md b/mdop/medv-v2/security-best-practices-for-med-v-operations.md deleted file mode 100644 index 26401fc3ba..0000000000 --- a/mdop/medv-v2/security-best-practices-for-med-v-operations.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -title: Security Best Practices for MED-V Operations -description: Security Best Practices for MED-V Operations -author: dansimp -ms.assetid: 231e2b9a-8b49-42fe-93b5-2ef12fe17bac -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Security Best Practices for MED-V Operations - - -As an authorized administrator, you are responsible to protect the information of the users and maintain security of your organization during and after the deployment of MED-V workspaces. In particular, consider the following issues. - -**Customizing Internet Explorer in the MED-V workspace**. Earlier versions of the Windows operating system and of Internet Explorer are not as secure as current versions. Therefore, Internet Explorer in the MED-V workspace is configured to prevent browsing and other activities that can pose security risks. In addition, the Internet security zone setting for Internet Explorer in the MED-V workspace is set to the highest level. By default, both of these configurations are set in the MED-V Workspace Packager when you create your MED-V workspace package. - -By using Internet Explorer Administration Kit (IEAK) or by changing the defaults in the MED-V Workspace Packager, you can customize Internet Explorer in the MED-V workspace. However, realize that if you customize Internet Explorer in the MED-V workspace in such a way as to make it less secure, you can expose your organization to those security risks that are present in older versions of Internet Explorer. - -From a security perspective, best practices for managing Internet Explorer in the MED-V workspace are as follows: - -- When creating your MED-V workspace package, leave the defaults set so that Internet Explorer in the MED-V workspace is configured to prevent browsing and other activities that can pose security risks. - -- When creating your MED-V workspace package, leave the defaults set so that the security setting for the Internet security zone remains at the highest level. - -- Configure your enterprise proxy or Internet Explorer Content Advisor to block domains that are outside your company’s intranet. - -**Configuring a MED-V workspace for all users on a shared computer.** When configuring a MED-V workspace so that it can be accessed by all users on a shared computer, realize that the guest virtual machine (VHD) is put in a location that gives Read and Write access to all users on that system. - -**Configuring a proxy account for domain joining.** When configuring a proxy account for joining virtual machines to the domain, you must know that it is possible for an end user to obtain the proxy account credentials. Thus, necessary precautions must be taken, such as limiting account user rights, to prevent an end user from using the credentials for causing harm. - -**Sysprep Configuration.** Although the Sysprep.inf file is encrypted by default, its contents can be decrypted and read by any determined end user who can successfully log on to the virtual machine. This raises security concerns because the Sysprep.inf file can contain credentials in addition to a Windows product key. - -You can lessen this risk by setting up a limited account for joining virtual machines to the domain and specifying the credentials for that account when configuring Sysprep. Alternately, you can also configure Sysprep and first time setup to run in **Attended** mode and require end users to provide their credentials for joining the virtual machine to the domain. - -A MED-V best practice is to specify that FtsCompletion.exe is run under an account that gives the end user rights to connect to the guest through the Remote Desktop Connection (RDC) Client. - -**End-user authentication.** Enabling the caching of end-user credentials provides the best user experience of MED-V, but creates the potential that someone could gain access to the end user’s credentials. The only way to lessen this risk is by specifying on the **MED-V Workspace Packager** that end-user credentials are not stored. For more information about authentication of end users, see [Authentication of MED-V End Users](authentication-of-med-v-end-users.md). - -## Related topics - - -[Operations Troubleshooting](operations-troubleshooting-medv2.md) - -[Microsoft Enterprise Desktop Virtualization 2.0](index.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/technical-reference-for-med-v.md b/mdop/medv-v2/technical-reference-for-med-v.md deleted file mode 100644 index 3b1d052a9b..0000000000 --- a/mdop/medv-v2/technical-reference-for-med-v.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: Technical Reference for MED-V -description: Technical Reference for MED-V -author: dansimp -ms.assetid: 52aa15ae-6ca8-4494-8660-313c7b723406 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Technical Reference for MED-V - - -The technical reference information we provide here includes example checklists for planning, deployment, and operations for Microsoft Enterprise Desktop Virtualization (MED-V) 2.0. - -## In This Section - - -[Command-Line Options for MED-V Installation Files](command-line-options-for-med-v-installation-files.md) -Provides a list and description of the options that you can specify when you install or uninstall MED-V at the command prompt. - -[Compacting the MED-V Virtual Hard Disk](compacting-the-med-v-virtual-hard-disk.md) -Describes the steps to follow to compact your virtual hard disk before you configure your Windows XP image for use with MED-V. - -[MED-V Event Log Messages](med-v-event-log-messages.md) -Describes how to use the event logs in MED-V to troubleshoot deployment and operations issues. - -[Updating MED-V 2.0](updating-med-v-20.md) -Provides information about how to upgrade your MED-V installation. - -[Windows Virtual PC Application Exclude List](windows-virtual-pc-application-exclude-list.md) -Describes how to specify certain installed applications that you do not want published to the host computer. - -[MED-V 2 Configuration Cmdlets](https://go.microsoft.com/fwlink/?LinkId=213301) -Provides information about cmdlets you can use to perform various MED-V configuration tasks from the command line. - -[MED-V 2 Workspace Cmdlets](https://go.microsoft.com/fwlink/?LinkId=213302) -Provides information about cmdlets you can use to perform various MED-V workspace configuration tasks from the command line. - -[Example MED-V Checklists](example-med-v-checklists.md) -Provides several checklist examples that you can reference when planning, deploying, or managing MED-V. - -## Related topics - - -[Microsoft Enterprise Desktop Virtualization 2.0](index.md) - -[Security and Protection for MED-V](security-and-protection-for-med-v.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/test-and-deploy-the-med-v-workspace-package.md b/mdop/medv-v2/test-and-deploy-the-med-v-workspace-package.md deleted file mode 100644 index df04230dd8..0000000000 --- a/mdop/medv-v2/test-and-deploy-the-med-v-workspace-package.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -title: Test And Deploy the MED-V Workspace Package -description: Test And Deploy the MED-V Workspace Package -author: dansimp -ms.assetid: 0238dea7-a08c-4859-b8b1-2b52bc63fda6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Test And Deploy the MED-V Workspace Package - - -This section provides information and instructions for testing and deploying your Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 image. - -## In This Section - - -[Testing the MED-V Workspace Package](testing-the-med-v-workspace-package.md) -Provides instructions and guidance for testing the MED-V workspace installer package. - -[Deploying the MED-V Workspace Package](deploying-the-med-v-workspace-package.md) -Provides general information about how to deploy MED-V workspaces. - -  - -  - - - - - diff --git a/mdop/medv-v2/testing-the-med-v-workspace-package.md b/mdop/medv-v2/testing-the-med-v-workspace-package.md deleted file mode 100644 index c854d25c0e..0000000000 --- a/mdop/medv-v2/testing-the-med-v-workspace-package.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: Testing the MED-V Workspace Package -description: Testing the MED-V Workspace Package -author: dansimp -ms.assetid: 83edcb6e-9615-4d18-96b8-f085a647294e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Testing the MED-V Workspace Package - - -After you have created your MED-V workspace deployment package, you can test the package locally before deploying it throughout your enterprise. The topics in this section provide some steps and instructions to help you test your MED-V workspace deployment package. - -## In This Section - - -[How to Create a Test Environment](how-to-create-a-test-environment.md) -Provides information about how to create a test environment, either manually or by using an electronic software distribution (ESD) system. - -[How to Verify First Time Setup Settings](how-to-verify-first-time-setup-settings.md) -Provides information and guidance for testing your first time setup settings. - -[How to Test URL Redirection](how-to-test-url-redirection.md) -Provides information and guidance for testing your URL redirection settings. - -[How to Test Application Publishing](how-to-test-application-publishing.md) -Provides information and guidance for testing application publishing. - -  - -  - - - - - diff --git a/mdop/medv-v2/troubleshooting-med-v-by-using-the-administration-toolkit.md b/mdop/medv-v2/troubleshooting-med-v-by-using-the-administration-toolkit.md deleted file mode 100644 index 202763a51f..0000000000 --- a/mdop/medv-v2/troubleshooting-med-v-by-using-the-administration-toolkit.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: Troubleshooting MED-V by Using the Administration Toolkit -description: Troubleshooting MED-V by Using the Administration Toolkit -author: dansimp -ms.assetid: 6c096a1c-b9ce-4ec7-8dfd-5286e3b9a617 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Troubleshooting MED-V by Using the Administration Toolkit - - -Use the MED-V Administration Toolkit to troubleshoot certain problems in a MED-V workspace. The MED-V Administration Toolkit lets you access and configure event logs, restart or reset the MED-V workspace, and view the published applications and redirected web addresses in the MED-V workspace. You can also use the MED-V Administration Toolkit to open the MED-V workspace virtual machine in full-screen mode. - -## To Open the MED-V Administration Toolkit - - -Perform the following steps to open the MED-V Administration Toolkit: - -1. On the host computer that contains the MED-V workspace you are troubleshooting, open a Command Prompt window. - -2. Browse to %systemdrive%\\Program Files\\Microsoft Enterprise Desktop Virtualization. - -3. At the command prompt, type **MedvHost /toolkit**. - -After the MED-V Administration Toolkit opens, you can use the toolkit to help resolve issues in the MED-V workspace found during troubleshooting. - -## In this Section - - -[Viewing and Configuring MED-V Logs](viewing-and-configuring-med-v-logs.md) -Describes how to use the MED-V Administration Toolkit to collect and manage MED-V event logs in the host computer and the guest virtual machine. - -[Restarting and Resetting a MED-V Workspace](restarting-and-resetting-a-med-v-workspace.md) -Describes how to restart and reset MED-V workspaces by using the MED-V Administration Toolkit. - -[Viewing MED-V Workspace Configurations](viewing-med-v-workspace-configurations.md) -Describes how to use the MED-V Administration Toolkit to view the published applications and redirected web addresses in a MED-V workspace and how to open the MED-V workspace virtual machine in full-screen mode. - -## Related topics - - -[MED-V Event Log Messages](med-v-event-log-messages.md) - -[Troubleshooting MED-V](troubleshooting-med-vmedv2.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/troubleshooting-med-vmedv2.md b/mdop/medv-v2/troubleshooting-med-vmedv2.md deleted file mode 100644 index 64042f1f8f..0000000000 --- a/mdop/medv-v2/troubleshooting-med-vmedv2.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: Troubleshooting MED-V -description: Troubleshooting MED-V -author: dansimp -ms.assetid: 4502d62b-a7db-4f83-81e2-23fd8b0820e1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Troubleshooting MED-V - - -You can use the information provided here to help you troubleshoot issues in Microsoft Enterprise Desktop Virtualization (MED-V) 2.0. - -## In This Section - - -[Deployment Troubleshooting](deployment-troubleshooting.md) -Describes how to troubleshoot deployment issues in your MED-V environment. - -[Operations Troubleshooting](operations-troubleshooting-medv2.md) -Describes how to troubleshoot common issues that can occur during the operation of MED-V. - -[Troubleshooting MED-V by Using the Administration Toolkit](troubleshooting-med-v-by-using-the-administration-toolkit.md) -Describes how to access and use the MED-V Administration Toolkit to troubleshoot deployment and operations issues. - -## Related topics - - -[Microsoft Enterprise Desktop Virtualization 2.0](index.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/updating-med-v-20.md b/mdop/medv-v2/updating-med-v-20.md deleted file mode 100644 index 0d1f80a70b..0000000000 --- a/mdop/medv-v2/updating-med-v-20.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: Updating MED-V 2.0 -description: Updating MED-V 2.0 -author: dansimp -ms.assetid: beea2f54-42d7-4a17-98e0-d243a8562265 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Updating MED-V 2.0 - - -Help secure your system by applying the appropriate security updates for Microsoft Enterprise Desktop Virtualization (MED-V) 2.0. - -## Updating MED-V - - -You can update MED-V interactively, by the end user, or silently by using an electronic software distribution system. Installation of the MED-V Host Agent upgrades the MED-V Host Agent and then updates the MED-V workspace if required. The MED-V Host Agent and Guest Agent keep in sync. If applications are running from the MED-V workspace while the MED-V Host Agent is being updated, a restart of the host computer is required to complete the update. If no applications are running, MED-V is restarted automatically and the upgrade is completed without a restart of the host computer. - -If you are updating MED-V by using an electronic software distribution system, you can control the restart behavior. To do this, suppress the restart by typing **REBOOT=”ReallySuppress”** at the command prompt when installing MED-V\_HostAgent\_Setup.exe. Then, configure the electronic software distribution system to capture the 3010 return code (which signals that a restart is required) and perform the set restart behavior. - -## Related topics - - -[Technical Reference for MED-V](technical-reference-for-med-v.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/viewing-and-configuring-med-v-logs.md b/mdop/medv-v2/viewing-and-configuring-med-v-logs.md deleted file mode 100644 index 35d8f398a0..0000000000 --- a/mdop/medv-v2/viewing-and-configuring-med-v-logs.md +++ /dev/null @@ -1,70 +0,0 @@ ---- -title: Viewing and Configuring MED-V Logs -description: Viewing and Configuring MED-V Logs -author: dansimp -ms.assetid: a15537ce-981d-4f55-9c3c-e7fbf94b8fe5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Viewing and Configuring MED-V Logs - - -When you are troubleshooting MED-V issues and problems, you may find it helpful or necessary to access the MED-V event logs. You can open Event Viewer for the host computer and the guest virtual machine by using the MED-V Administration Toolkit. You can also use the MED-V Administration Toolkit to set the logging level at which the MED-V event logs report MED-V events. - -For information about how to open the MED-V Administration Toolkit, see [Troubleshooting MED-V by Using the Administration Toolkit](troubleshooting-med-v-by-using-the-administration-toolkit.md). - -## Viewing MED-V Event Logs - - -On the **MED-V Administration Toolkit** window, click **Host Events** to open the event viewer for the host computer. Or, click **Guest Events** to open Event Viewer for the guest virtual machine. - -Event Viewer opens and displays the corresponding event logs that you can use to troubleshoot the issues that you might encounter when you deploy or manage MED-V. By default, only errors and warnings are displayed. For more information about specific event IDs and messages, see [MED-V Event Log Messages](med-v-event-log-messages.md). - -**Note**   -End users can only save event log files in the guest if they have administrative permissions. - - - -### To manually open the Event Viewer in the host computer - -1. Click **Start**, click **Control Panel**, and then click **Administrative Tools**. - -2. Double-click **Event Viewer**, and then click **Applications and Services Logs**. - -3. Double-click **MEDV**. - -## Configuring MED-V Event Logs - - -You can specify the MED-V event logging level by selecting the corresponding option button on the MED-V Administration Toolkit. You can decide whether event logging includes errors only, errors and warnings, or errors, warnings and informational messages. The event logging level specified is set for both the host computer and the guest virtual machine. - -You can also specify the event logging level by editing the EventLogLevel registry value. For more information, see [Managing MED-V Workspace Configuration Settings](managing-med-v-workspace-configuration-settings.md). - -**Note**   -The level you specify on the **MED-V Administration Toolkit** window applies to future MED-V event logging. If you set the level to capture all errors, warnings, and informational messages, then the event logs fill more quickly and older events are removed. - - - -## Related topics - - -[Restarting and Resetting a MED-V Workspace](restarting-and-resetting-a-med-v-workspace.md) - -[Viewing MED-V Workspace Configurations](viewing-med-v-workspace-configurations.md) - - - - - - - - - diff --git a/mdop/medv-v2/viewing-med-v-workspace-configurations.md b/mdop/medv-v2/viewing-med-v-workspace-configurations.md deleted file mode 100644 index c009bcb559..0000000000 --- a/mdop/medv-v2/viewing-med-v-workspace-configurations.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: Viewing MED-V Workspace Configurations -description: Viewing MED-V Workspace Configurations -author: dansimp -ms.assetid: 5de6cf04-6beb-4ac9-ad52-26ac8c0c8ce6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Viewing MED-V Workspace Configurations - - -When you are troubleshooting MED-V issues and problems, you can use the MED-V Administration Toolkit to view the published applications and redirected web addresses in the MED-V workspace. You can also use the MED-V Administration Toolkit to open the MED-V workspace in full-screen mode. - -For information about how to open the MED-V Administration Toolkit, see [Troubleshooting MED-V by Using the Administration Toolkit](troubleshooting-med-v-by-using-the-administration-toolkit.md). - -## Viewing MED-V Published Applications - - -On the **MED-V Administration Toolkit** window, click **View Published Applications**. - -The **MED-V Workspace Published Applications** window opens and displays a list of the applications that were published in the MED-V workspace. You can use this information to troubleshoot certain issues, such as determining whether an application was published as expected. - -For information about how to publish applications to the MED-V workspace, see [How to Publish and Unpublish an Application on the MED-V Workspace](how-to-publish-and-unpublish-an-application-on-the-med-v-workspace.md). - -## Viewing MED-V Redirected Web Addresses - - -On the **MED-V Administration Toolkit** window, click **View Redirected Web Addresses**. - -The **Web Addresses Redirected to the MED-V Workspace** window opens and displays a list of the redirected web addresses specified for the MED-V workspace. You can use this information to troubleshoot certain issues, such as determining whether a web address was specified correctly for redirection. - -For information about how to manage web addresses redirection in the MED-V workspace, see [How to Add or Remove URL Redirection Information in a Deployed MED-V Workspace](how-to-add-or-remove-url-redirection-information-in-a-deployed-med-v-workspace.md). - -## Opening the MED-V Workspace Virtual Machine - - -On the **MED-V Administration Toolkit** window, click **View MED-V Workspace Full Screen**. - -MED-V closes if it was running, and the MED-V workspace virtual machine opens in full-screen mode. You can use this full-screen window to easily access all the components of the virtual machine that might be helpful in troubleshooting, such as its hard disk and settings files. - -## Related topics - - -[Viewing and Configuring MED-V Logs](viewing-and-configuring-med-v-logs.md) - -[Restarting and Resetting a MED-V Workspace](restarting-and-resetting-a-med-v-workspace.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/whats-new-in-med-v-20.md b/mdop/medv-v2/whats-new-in-med-v-20.md deleted file mode 100644 index 0024381a3d..0000000000 --- a/mdop/medv-v2/whats-new-in-med-v-20.md +++ /dev/null @@ -1,96 +0,0 @@ ---- -title: What's New in MED-V 2.0 -description: What's New in MED-V 2.0 -author: dansimp -ms.assetid: 53b10bff-2b6f-463b-bdc2-5edc56526792 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# What's New in MED-V 2.0 - - -Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 has evolved the application compatibility support for Windows 7 and removed functionality that is not required for this scenario. For example, features such as encryption of the MED-V workspace, the centralized MED-V server, and MED-V workspace trim transfer have been removed. - -## Changes in Standard Functionality - - -This section discusses the key areas where MED-V 2.0 functionality has changed. - -### MED-V Workspace Creation - -The virtual hard disk used for the MED-V workspace is now created in Windows Virtual PC. The methods that are used to create the MED-V workspace include installing Windows XP SP3, updating the operating system, and preparing it to be managed through software management infrastructure. - -The offline management and trim transfer functionality were removed, in addition to the proprietary MED-V workspace encryption and compression functionality. When you create a MED-V workspace, an administrator should prepare and configure appropriate applications and management tools in the image instead of using the virtual machine preparation tool that is provided in MED-V 1.0. - -Running Sysprep on the MED-V image is now required and validated during the packaging of the MED-V workspace. The MED-V Workspace Packager provides a graphical user interface (GUI) that guides the administrator through the packaging process. The console from MED-V 1.0 was removed together with the functionality of managing images, managing MED-V workspace profiles, and the requirement to stage and encrypt MED-V workspaces. - -### MED-V Workspace Deployment - -To deploy a MED-V workspace, an administrator is now able to take advantage of their electronic software distribution tools. The client-pull method available in MED-V 1.0 was removed and the MED-V workspace is now delivered by using methods outside MED-V. Administrators can treat MED-V workspaces as they would any other application package and can schedule deployments and installations of MED-V by using their existing tools and processes. MED-V installations can be deployed silently and can easily be managed inside an existing software distribution infrastructure. - -### MED-V Workspace Management - -The MED-V workspace in MED-V 2.0 is based on a Windows Virtual PC virtual hard disk. MED-V has extended the capabilities that Windows Virtual PC provides by improving the seamless experience without requiring encryption or special tools to access the MED-V workspace. - -After MED-V is deployed to a workstation, the MED-V workspace can be opened in full-screen mode by using Windows Virtual PC. This new functionality removed the requirement for policies that set a preference for seamless or full-screen modes and also removed the need to force full-screen for diagnostics and troubleshooting. - -Publishing applications to the MED-V workspace is no longer performed with profiles and by manually entering the path to applications. Instead, it occurs automatically as applications are installed on the guest. The central image repository that included versions of the images that were delivered through trim transfer is removed. Instead, MED-V enables administrators to manage the MED-V workspace as they would a physical computer, by letting applications and updates be distributed without the complexity of a dedicated MED-V infrastructure. - -## Changes in MED-V Features - - -Several key areas of MED-V 2.0 reflect improvements or additions to the following features. - -### MED-V Workspace Creation - -MED-V workspaces must be created by using Windows Virtual PC. Existing Virtual PC 2007 images must be migrated. The virtual machine Prep tool is not included in MED-V 2.0 and administrators should configure, update, and optimize their images according to the MED-V 2.0 Help file. Running Sysprep on the MED-V image is a required step and must be performed before packaging. - -### MED-V Workspace Packaging - -Windows PowerShell is the foundation of the MED-V Workspace Packager. This functionality replaces some former console abilities and functionality that managed centralized functions of MED-V. The MED-V Workspace Packager merely packages the virtual hard disk with the appropriate settings and image so that it can be easily deployed by administrators. Advanced features are provided by using Windows PowerShell. - -### MED-V Workspace Distribution - -Dedicated server infrastructure is no longer required for MED-V 2.0 and the client pull method to deploy MED-V workspaces was removed. MED-V workspaces are now deployed using your electronic software distribution infrastructure and can be stored on common shares that are used for other installation packages. - -### First Time Setup - -The first time setup process is now integrated with the standard imaging convention of Sysprep. The MED-V workspace first time setup process can dynamically apply settings specified in the MED-V Workspace Packager to the image as it begins Mini-Setup. The scripting tool in the console was removed and the first time setup process is now based on options that are configured in the MED-V Workspace Packager by the administrator. - -### Application Publishing - -Administrators can install applications on the MED-V image either before packaging, after the MED-V workspace is deployed, or by using a combination of both. MED-V no longer examines MED-V workspace policy to publish applications, but instead refers to what is actually installed on the guest. As applications are installed on the guest, they are automatically detected and published to the host **Start** menu and are ready to be started by the end user. - -### URL Redirection - -MED-V 2.0 provides seamless host-to-guest web address redirection based on the policies configured and managed by the administrator. After a URL is redirected to the guest browser, the default experience is to attempt to limit the user to that redirected site. This minimizes the browsing activities that a user can perform that are not intended by the administrator. Guest-to-host browser redirection was removed. - -### Troubleshooting - -MED-V now takes advantage of standard host-based processes for troubleshooting. Because the MED-V workspace is no longer encrypted, it can be opened in full-screen mode within the Windows Virtual PC console, where it can be viewed and worked with as a standard workstation. In addition, the logs are no longer encrypted locally and logged centrally. MED-V now makes extensive use of the local event logs, and the logging level of the output, from informational to debug levels, can be easily configured. Finally, a troubleshooting toolkit is now provided so administrators and helpdesk personnel can have a graphical, aggregated view of all the troubleshooting options, and they can effortlessly select the activities that most suit their needs. - -MED-V is no longer run as a system service. Instead, it is run as user-owned processes, and it only runs when a user is logged on. Functionality that was formerly provided by the system-owned service is now provided in the user-side processes. - -## Related topics - - -[Deployment of MED-V](deployment-of-med-v.md) - -[Operations for MED-V](operations-for-med-v.md) - -  - -  - - - - - diff --git a/mdop/medv-v2/windows-virtual-pc-application-exclude-list.md b/mdop/medv-v2/windows-virtual-pc-application-exclude-list.md deleted file mode 100644 index 34ca784d07..0000000000 --- a/mdop/medv-v2/windows-virtual-pc-application-exclude-list.md +++ /dev/null @@ -1,76 +0,0 @@ ---- -title: Windows Virtual PC Application Exclude List -description: Windows Virtual PC Application Exclude List -author: dansimp -ms.assetid: 7715f198-f5ed-421e-8740-0cec2ca4ece3 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 04/28/2017 ---- - - -# Windows Virtual PC Application Exclude List - - -In some instances, you might not want applications that are installed in the MED-V workspace to be published to the host computer **Start** menu. You can unpublish these applications by following the instructions at [How to Publish and Unpublish an Application on the MED-V Workspace](how-to-publish-and-unpublish-an-application-on-the-med-v-workspace.md). However, if the program ever automatically updates, it might also be automatically republished. This causes you to have to unpublish the application again. - -Windows Virtual PC includes a feature known as the "Exclude List" that lets you specify certain installed applications that you do not want published to the host **Start** menu. The "Exclude List" is located in the guest registry in the HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Virtual Machine\\VPCVAppExcludeList key and lists those applications that are not published to the host **Start** menu. You can think of the “Exclude List” as permanently unpublishing the specified applications because any automatic updates to the applications that are listed will not cause them to be automatically republished. - -## Managing Applications by Using the Exclude List in Windows Virtual PC - - -**** - -1. Open the MED-V workspace in full screen. - - For information about opening the MED-V workspace in full-screen mode by using the MED-V Administration Toolkit, see [Viewing MED-V Workspace Configurations](viewing-med-v-workspace-configurations.md#bkmk-fullscreen). Or you can manually open it in full screen by clicking **Start**, click **All Programs**, click **Windows Virtual PC**, click **Windows Virtual PC**, and then double-click the MED-V workspace. - -2. In the MED-V workspace Windows Virtual PC window, open Registry Editor. - - Click **Start**, click **Run**, and then type regedit. Then click **OK**. - -3. In Registry Editor, locate the HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Virtual Machine\\VPCVAppExcludeList registry key. - -4. Create a new registry value for the installed application that you do not want published to the host computer **Start** menu. For example, if you want to unpublish the automatically published program Microsoft Silverlight, follow these steps: - - 1. With the VPCVAppExcludeList registry key highlighted, click **Edit**, click **New**, and then click **String Value**. - - 2. Enter the name for the new registry value. For example, for Microsoft Silverlight, you might enter sllauncher.exe. - - 3. Double-click the new registry value and enter the value data. - - The value data is the full path for the command that you want to unpublish. You can find the full path by right-clicking on the shortcut on the **Start** menu for the application that you do not want published and then clicking **Properties**. The full path is listed in the **Shortcut** tab under **Target**. - - For example, for the program Microsoft Silverlight, the full path might be "C:\\Program Files\\Microsoft Silverlight\\4.0.50917.0\\Silverlight.Configuration.exe." - - **Important**   - If applicable, remove the quotation marks from the full path when you enter it into the value data field. - - - -5. Close Registry Editor and restart the MED-V workspace virtual machine. - - The application is still installed in the MED-V workspace but is now removed from the host computer **Start** menu. - -You can also republish an excluded application to the host **Start** menu by deleting the corresponding value from the VPCVAppExcludeList key. For example, to republish Microsoft Silverlight, right-click the registry value sllauncher.exe and select **Delete**. - -## Related topics - - -[Technical Reference for MED-V](technical-reference-for-med-v.md) - -[How to Publish and Unpublish an Application on the MED-V Workspace](how-to-publish-and-unpublish-an-application-on-the-med-v-workspace.md) - - - - - - - - - diff --git a/mdop/softgrid-application-virtualization.md b/mdop/softgrid-application-virtualization.md deleted file mode 100644 index 9951bcd5f1..0000000000 --- a/mdop/softgrid-application-virtualization.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -title: SoftGrid Application Virtualization -description: SoftGrid Application Virtualization -author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: manage -ms.sitesec: library -ms.prod: w10 -ms.date: 04/19/2017 -ms.reviewer: -manager: dansimp -ms.author: dansimp ---- - -# SoftGrid Application Virtualization - -Selecting the link for [SoftGrid Application Virtualization documentation](https://technet.microsoft.com/library/bb906040.aspx) will take you to another website. Use your browser's **Back** button to return to this page. diff --git a/mdop/solutions/TOC.md b/mdop/solutions/TOC.md deleted file mode 100644 index dcd2d78a28..0000000000 --- a/mdop/solutions/TOC.md +++ /dev/null @@ -1,7 +0,0 @@ -# [MDOP Solutions and Scenarios](index.md) -## [Virtualizing Microsoft Office 2013 for Application Virtualization (App-V) 5.0](virtualizing-microsoft-office-2013-for-application-virtualization--app-v--50-solutions.md) -## [Virtualizing Microsoft Office 2010 for Application Virtualization (App-V) 5.0](virtualizing-microsoft-office-2010-for-application-virtualization--app-v--50-solutions.md) -## [Creating App-V 4.5 Databases Using SQL Scripting](creating-app-v-45-databases-using-sql-scripting.md) -## [Application Publishing and Client Interaction for App-V 5](application-publishing-and-client-interaction-for-app-v-5-solutions.md) -## [How to Download and Deploy MDOP Group Policy (.admx) Templates](how-to-download-and-deploy-mdop-group-policy--admx--templates.md) - diff --git a/mdop/solutions/application-publishing-and-client-interaction-for-app-v-5-solutions.md b/mdop/solutions/application-publishing-and-client-interaction-for-app-v-5-solutions.md deleted file mode 100644 index 93e2506108..0000000000 --- a/mdop/solutions/application-publishing-and-client-interaction-for-app-v-5-solutions.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: Application Publishing and Client Interaction for App-V 5 -description: Application Publishing and Client Interaction for App-V 5 -author: dansimp -ms.assetid: 9854afdc-00f9-40ec-8275-d168e5151286 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Publishing and Client Interaction for App-V 5 - - -This article has been moved to [Application Publishing and Client Interaction](../appv-v5/application-publishing-and-client-interaction.md) in the App-V 5.0 library. - -The article describes how the following App-V client operations affect the local operating system: - -- App-V Files and Data Storage Locations - -- Package Registry - -- App-V Package Store Behavior - -- Roaming Registry and Data - -- App -V Client Application Lifecycle Management - -- Integration of App-V Packages - -- Dynamic Configuration - -- Side by Side Assemblies - -- Client Logging - -  - -  - - - - - diff --git a/mdop/solutions/creating-app-v-45-databases-using-sql-scripting.md b/mdop/solutions/creating-app-v-45-databases-using-sql-scripting.md deleted file mode 100644 index 860cc5c118..0000000000 --- a/mdop/solutions/creating-app-v-45-databases-using-sql-scripting.md +++ /dev/null @@ -1,258 +0,0 @@ ---- -title: Creating App-V 4.5 Databases Using SQL Scripting -description: Creating App-V 4.5 Databases Using SQL Scripting -author: dansimp -ms.assetid: 6cd0b180-163e-463f-a658-939ab9a7cfa1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Creating App-V 4.5 Databases Using SQL Scripting - - -**Who is this solution intended for?** Information technology professionals who manage Application Virtualization (App-V) 4.5 databases. - -**How can this guide help you?** This solution explains and documents the procedure to install the Microsoft Application Virtualization Server when the administrator installing does not have “sysadmin” privileges to the SQL Server. - -## Overview - - -One of the challenges of installing Microsoft Application Virtualization 4.5 (App-V) is that the install program assumes that the user installing the server features will not only be a local computer administrator, but also have SQL administrator privileges on the SQL server that will host the Data Store. This requirement is based on the fact that the database, as well as the appropriate roles and permissions, are created as part of the install. However, in most enterprises, SQL servers are managed separately from the infrastructure team who will be installing App-V. These security requirements will make it difficult to get SQL administrators to give the infrastructure administrator installing App-V adequate rights; similarly, the SQL administrators will not have the required privileges to install the product for the infrastructure team. - -Currently, an administrator attempting the installation of App-V must have SQL “sysadmin” privileges. In previous versions of the product the setup allowed for the SQL administrators to either create a temporary “sysadmin” account or be present during installation to provide credentials with “sysadmin” privileges. In this release, scripts are provided in the released product for all administrators to use when implementing their infrastructure. - -This whitepaper discusses the scenario in which the install will need to be divided into two separate tasks: creating the SQL database, and installing the App-V server features. The SQL administrators would be able to review the SQL scripts and make modifications to resolve any conflicts with other databases, or to support integration with other tools. The result of the scripts is to allow SQL administrators to prepare the database so that the infrastructure administrators do not have to be granted any advanced rights on the SQL server. This is important in environments where security policies would prohibit this. - -### SQL Database Creation Process - -The SQL scripts allow for SQL administrators to create the required database and also set up the privileges for the App-V administrators to successfully install and manage the environment. The steps for completing these tasks are listed later in this document. - -This process separates the database creation and configuration actions from the actual App-V installation. - -**Information to be provided to SQL administrators** - -- Name of AD group that is going to be the App-V admin’s - -- Name of the server where App-V Management Server will be installed - -**Information to be returned to the Infrastructure administrators** - -- Name of the database server or instance and the name of the App-V database - -Once the database has been prepared, the App-V administrators can run the App-V installation without SQL administrator privileges. - -### Using the SQL Setup Scripts - -**Requirements** - -The following is a list of requirements for using the scripts which are located in the support\\createdb folder at the root of the selected extract location. - -- Scripts must be copied to a writeable location on the computer where they will be run (be sure to remove the read only attribute from these scripts after they have been copied) and SQL client tools must be loaded on that computer (osql is only required for running the sample batch files on the local computer). - -- The SQL Server must support Windows Authentication. - -- Ensure that the SQL Server Instance and SQL Agent Service are running. - -- Log on with a domain account that is a SQL administrator (sysadmin) on the computer where the scripts will be done. - -The scripts runs under the logged-on user’s domain credentials. - -**Database Creation Using SQL Scripts** - -**Tasks to be performed by SQL administrators:** - -1. Copy the scripts contained in the support\\createdb folder from the root of the selected extract location to the computer where the scripts will be run. The following files are required for the scripts to run properly and must be called in the order presented below. - - - database.sql - - - roles.sql - - - table\_CODES.sql - - - functions\_before\_tables.sql - - - tables.sql - - - functions.sql - - - views.sql - - - procedures.sql - - - triggers.sql - - - data\_codes.sql - - - data\_messages.sql - - - data\_defaults.sql - - - alerts\_jobs.sql - - - dbversion.sql - -2. Review and modify, if necessary, the `database.sql` file. The default settings will name the database “APPVIRTDB.” - - - If necessary replace instances of `APPVIRTDB` with the `database name` that will be used. - - - Modify the `FILENAME` property in the script with the appropriate path for the SQL Server where the database will be created. - -3. Review and modify, if necessary, the `database name [APPVIRTDB]` in the `roles.sql` file that was used in the database.sql file. - -**** - -### Example of how to automate the process using batch files - -If used, the two sample batch files provided run the SQL scripts in the following manner: - -1. **Create\_schema.bat (1)** - - - database.sql - - - roles.sql - -2. **Create\_tables.bat (2)** - - - table\_CODES.sql - - - functions\_before\_tables.sql - - - tables.sql - - - functions.sql - - - views.sql - - - procedures.sql - - - triggers.sql - - - data\_codes.sql - - - data\_messages.sql - - - data\_defaults.sql - - - alerts\_jobs.sql - - - dbversion.sql - -**Note** -Careful consideration when modifying the scripts must be taken and should only be done by someone with the appropriate knowledge. Also, of the sample files presented only the following should be changed: **create\_schema.bat**, **create\_tables.bat**, **database.sql**, and **roles.sql**. All other files should not be modified in any way as this could cause the database to be created incorrectly, which will lead to the failure of App-V services to be installed. - - - -The two sample batch files must be placed in the same directory where the rest of the SQL scripts were copied to on the computer. - -1. Run the sample **create\_schema.bat** file to create the database. This script will take several seconds to complete and should not be interrupted. - - - Run the create schema.bat file from the directory where it was copied to. Syntax is: “Create\_schema.bat `SQLSERVERNAME`” - - ![AppV46SQLcreatebat](images/appv46sqlcreatebat.bmp) - - - If this script fails during the creation of the new “APPVIRTDB” database, check the log as indicated to correct the issue. It will be necessary to delete the database that was created with a partial running of the scripts in order to ensure that subsequent attempts will work properly. - -2. Run the `create_tables.bat` file to create the tables in the database. This script will take several seconds to complete and should not be interrupted. - - - Run the create\_tables.bat file from the directory where it was copied. Syntax is: “create\_tables.bat `SQLSERVERNAME DBNAME`” - - ![app-v 4.6 sql create\-table.bat](images/appv46sqlcreate-tablebat.gif) - - If the script fails during the creation of the tables, check the log as indicated to correct the issue. It will be necessary to delete the database and run create\_schema.bat before attempting to run the create\_tables.bat file on all subsequent attempts. - -### Setting permissions on the App-V database - -The following accounts will need to be created on the SQL server with specific permissions and roles to the new database for the installation, deployment and ongoing administration of the App-V environment. - -- Create a login for the App-V administrators group on the SQL Server and the APPVIRTDB database for the “domain\\App-V Admins” (where “domain” and “App-V Admins” will be changed to reflect your own environment) and add them to the SFTAdmin and SFTEveryone database role. - - ![app-v 4.6 sql script set permissions and roles](images/appv46sqlscriptsetpermsroles.gif) - -- Grant this group “VIEW ANY DEFINITION” permission at the global level (This allows the Microsoft Application Virtualization Management Server setup process to verify that the Management Server login already exists). Under MS-SQL 2005 and above access restrictions to the metadata contained in master.db were added. The user created in the previous step will by default not have the rights needed by the server installation. Open the properties of the previously created login, Login Properties->Securables. Add the Database instance and enable “GRANT” for “View any definition” as shown in the screenshot below. - - ![app-v 4.6 sql script grant perm for view any def](images/appv46sqlscriptviewanydef.gif) - -- Add a role to the ROLE\_ASSIGNMENTS table for the login created in the previous step to allow App-V administrators access to the Application Virtualization Management Console, with role = “ADMIN” and group\_ref = “domain\\App-V Admins” (where “domain” and “App-V Admins” will be changed to reflect your own environment). - - ![app-v 4.6 sql script role assignment](images/appv46sqlscriptroleassign.gif) - -- Create login for SQL Server and App-V database for the Management Server. This account is used by the Microsoft Application Virtualization Management Server to connect to the data store and is responsible for servicing client requests for streamed applications. There are two options, depending on where the SQL Server and Management Server are to be installed: - - 1. If Management Server and SQL Server are going to be installed on the same computer, add a login for NT AUTHORITY\\NETWORK SERVICE and add it to the SFTUser and SFTEveryone database roles. - - 2. If the Management Server and SQL Server are to be installed on different computers, add a login for “domain\\App-V Server Name$” (where “App-V Server Name” is the name of the server where the App-V Management Server will be installed) and add it to the SFTUser and SFTEveryone database roles. - -- Open the query window on the SQL window and run the following SQL: - - ``` syntax - USE APPVIRTDB - GRANT ALTER ON ROLE::SFTuser TO “domain\App-V Admins” - ``` - - Where the APPVIRTDB is the name of the App-V Database created on the SQL Server in the previous step, and the user who is going to do the install of the App-v server needs to be a member of “domain\\App-V Admins” (where “domain” and “App-V Admins” will be changed to reflect your own environment). - -### Tasks to be performed by the Infrastructure administrators - -1. Administrator in the “App-V Admins” group should install App-V. - - Use information from the SQL administrators for selecting the SQL Server and database created in the previous steps. - -2. Administrator in the “App-V Admins” group logs in to Application Virtualization Management Console and deletes the following objects from the Management Console. - - **Warning** - This is required as the traditional setup populates certain records in the database that are not populated if you run the install against an already existing database. Delete the following objects: - - - Under “Server Groups,” “Default Server Group,” delete “Application Virtualization Management Server” - - - Under “Server Groups,” delete “Default Server Group” - - - Under “Provider Policies,” delete “Default Provider” - - - -3. Administrator in the App-V admins group should then create: - - - Under “Provider Policies,” create a New Provider Policy - - - Create a “Default Server Group” - - **Note** - You must create a “Default Server” group even if you will not be used. The server installer only looks for the "Default Server Group" when trying to add the server. If there is no "Default Server Group" then the installation will fail. If you plan on using server groups other than the default that is fine, it’s just necessary to retain the "Default Server Group" if you plan on adding subsequent App-V Management Servers to your infrastructure. - - - -~~~ -- Assign the App-V Users Group to the New Provider Policy created above - -- Under “Server Groups,” create a New Server Group, specifying the New Provider Policy - -- Under the New Server group, create a New Application Virtualization Management Server - - **Important** - Do not restart the service before completing all of the above steps! - - - -- Administrator restarts the Application Virtualization Management Server service. -~~~ - -## Conclusion - - -In conclusion, the information in this document allows an administrator to work with the SQL administrators to develop a deployment path that works for the security and administrative divisions in an organization. After reading this document and testing the tasks documented, an administrator should be ready to implement their App-V infrastructure in this type of environment. - - - - - - - - - diff --git a/mdop/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates.md b/mdop/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates.md deleted file mode 100644 index 5be26f09e4..0000000000 --- a/mdop/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates.md +++ /dev/null @@ -1,153 +0,0 @@ ---- -title: How to Download and Deploy MDOP Group Policy (.admx) Templates -description: How to Download and Deploy MDOP Group Policy (.admx) Templates -author: dansimp -ms.assetid: fdb64505-6c66-4fdf-ad74-a6a161191e3f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/15/2018 ---- - - -# How to Download and Deploy MDOP Group Policy (.admx) Templates - - -You can manage the feature settings of certain Microsoft Desktop Optimization Pack (MDOP) technologies (for example, App-V, UE-V, or MBAM) by using Group Policy templates, the .admx and .adml files. MDOP Group Policy templates are available for download in a self-extracting, compressed file, grouped by technology and version. - -## MDOP Group Policy templates - -**How to download and deploy the MDOP Group Policy templates** - -1. Download the latest [MDOP Group Policy templates](https://www.microsoft.com/download/details.aspx?id=55531) - -2. Expand the downloaded .cab file by running `expand \MDOP_ADMX_Templates.cab -F:* ` - - **Warning** - Do not extract the templates directly to the Group Policy deployment directory. Multiple technologies and versions are bundled in this file. - -3. In the extracted folder, locate the technology-version .admx file. Certain MDOP technologies have multiple sets of Group Policy Objects (GPOs). For example, MBAM includes MBAM Management settings and MBAM User settings. - -4. Locate the appropriate .adml file by language-culture (that is, *en-us* for English-United States). - -5. Copy the .admx and .adml files to a policy definition folder. Depending on where you store the templates, you can configure Group Policy settings from the local device or from any computer on the domain. - - - **Local files:** To configure Group Policy settings from the local device, copy template files to the following locations: - - - - - - - - - - - - - - - - - - - - - - -
File typeFile location

Group Policy template (.admx)

%systemroot%<strong>policyDefinitions

Group Policy language file (.adml)

%systemroot%<strong>policyDefinitions[MUIculture]

- - - **Domain central store:** To enable Group Policy settings configuration by a Group Policy administrator from any computer on the domain, copy files to the following locations on the domain controller: - - - - - - - - - - - - - - - - - - - - - - -
File typeFile location

Group Policy template (.admx)

%systemroot%<strong>sysvol\domain\policies\PolicyDefinitions

Group Policy language file (.adml)

%systemroot%<strong>sysvol\domain\policies\PolicyDefinitions[MUIculture][MUIculture]

-

For example, the U.S. English ADML language-specific file will be stored in %systemroot%\sysvol\domain\policies\PolicyDefinitions\en-us.

- -6. Edit the Group Policy settings using Group Policy Management Console (GPMC) or Advanced Group Policy Management (AGPM) to configure Group Policy settings for the MDOP technology. - -### MDOP Group Policy by technology - -For more information about supported MDOP Group Policy, see the specific documentation for the technology. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
MDOP TechnologyVersion bundlesNotes

Application Virtualization (App-V)

App-V 5.0 and App-V 5.0 Service Packs

How to Modify App-V 5.0 Client Configuration Using the ADMX Template and Group Policy

User Experience Virtualization (UE-V)

UE-V 2.0 and UE-V 2.1

Configuring UE-V 2.x with Group Policy Objects

UE-V 1.0 including 1.0 SP1

Configuring UE-V with Group Policy Objects

Microsoft BitLocker Administration and Monitoring (MBAM)

MBAM 2.5

Planning for MBAM 2.5 Group Policy Requirements

MBAM 2.0 including 2.0 SP1

Planning for MBAM 2.0 Group Policy Requirements

-

Deploying MBAM 2.0 Group Policy Objects

MBAM 1.0

How to Edit MBAM 1.0 GPO Settings

- - - - - - - - - - - diff --git a/mdop/solutions/images/appv46sqlcreate-tablebat.gif b/mdop/solutions/images/appv46sqlcreate-tablebat.gif deleted file mode 100644 index da105aa8ee..0000000000 Binary files a/mdop/solutions/images/appv46sqlcreate-tablebat.gif and /dev/null differ diff --git a/mdop/solutions/images/appv46sqlcreatebat.bmp b/mdop/solutions/images/appv46sqlcreatebat.bmp deleted file mode 100644 index 4c71e8ab17..0000000000 Binary files a/mdop/solutions/images/appv46sqlcreatebat.bmp and /dev/null differ diff --git a/mdop/solutions/images/appv46sqlscriptroleassign.gif b/mdop/solutions/images/appv46sqlscriptroleassign.gif deleted file mode 100644 index 58d3090997..0000000000 Binary files a/mdop/solutions/images/appv46sqlscriptroleassign.gif and /dev/null differ diff --git a/mdop/solutions/images/appv46sqlscriptsetpermsroles.gif b/mdop/solutions/images/appv46sqlscriptsetpermsroles.gif deleted file mode 100644 index 18dc004aed..0000000000 Binary files a/mdop/solutions/images/appv46sqlscriptsetpermsroles.gif and /dev/null differ diff --git a/mdop/solutions/images/appv46sqlscriptviewanydef.gif b/mdop/solutions/images/appv46sqlscriptviewanydef.gif deleted file mode 100644 index 682cd43de0..0000000000 Binary files a/mdop/solutions/images/appv46sqlscriptviewanydef.gif and /dev/null differ diff --git a/mdop/solutions/index.md b/mdop/solutions/index.md deleted file mode 100644 index 20c7e2da8e..0000000000 --- a/mdop/solutions/index.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: MDOP Solutions and Scenarios -description: MDOP Solutions and Scenarios -author: dansimp -ms.assetid: 1cb18bef-fbae-4e96-a4f1-90cf111c3b5f -ms.pagetype: mdop -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# MDOP Solutions and Scenarios - - -The Solutions for Microsoft Desktop Optimization Pack (MDOP) guide provides documentation that presents example customer scenarios that are solved by using technologies that are part of the MDOP suite. - -## Application Virtualization Solutions - - -- [Deploying Microsoft Office 2013 by Using App-V](../appv-v5/deploying-microsoft-office-2013-by-using-app-v.md) - - This solution explains how to deploy Office 2013 by using App-V 5.0 and includes procedures for customization, upgrading, and licensing for deployment in the enterprise. - -- [Deploying Microsoft Office 2010 by Using App-V](../appv-v5/deploying-microsoft-office-2010-by-using-app-v.md) - - This solution explains how to deploy Office 2010 by using App-V 5.0. - -- [Creating App-V 4.5 Databases Using SQL Scripting](creating-app-v-45-databases-using-sql-scripting.md) - - This solution explains and documents the procedure to install the Microsoft Application Virtualization Server when the administrator installing does not have “sysadmin” privileges to the SQL Server. - -- [Application Publishing and Client Interaction](../appv-v5/application-publishing-and-client-interaction.md) - - This solution explains and how the App-V Client processes packages and presents them to users. It includes typical client operations with important locations for data storage, how the publishing refresh process works, and the available integration points with the local operating system. - -- [How to Download and Deploy MDOP Group Policy (.admx) Templates](how-to-download-and-deploy-mdop-group-policy--admx--templates.md) - - You can manage the feature settings of certain Microsoft Desktop Optimization Pack (MDOP) technologies (for example, App-V, UE-V, or MBAM) by using Group Policy templates, the .admx and .adml files. MDOP Group Policy templates are available for download in a self-extracting, compressed file, grouped by technology and version. - -  - -  - - - - - diff --git a/mdop/solutions/virtualizing-microsoft-office-2010-for-application-virtualization--app-v--50-solutions.md b/mdop/solutions/virtualizing-microsoft-office-2010-for-application-virtualization--app-v--50-solutions.md deleted file mode 100644 index ac39025c59..0000000000 --- a/mdop/solutions/virtualizing-microsoft-office-2010-for-application-virtualization--app-v--50-solutions.md +++ /dev/null @@ -1,31 +0,0 @@ ---- -title: Virtualizing Microsoft Office 2010 for Application Virtualization (App-V) 5.0 -description: Virtualizing Microsoft Office 2010 for Application Virtualization (App-V) 5.0 -author: dansimp -ms.assetid: bd16c20f-cc47-4172-ae16-47b23c9b7f5c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Virtualizing Microsoft Office 2010 for Application Virtualization (App-V) 5.0 - - -This article has been moved to the TechNet Application Virtualization (App-V) 5.0 library and renamed to: - -[Deploying Microsoft Office 2010 by Using App-V](../appv-v5/deploying-microsoft-office-2010-by-using-app-v.md) - -  - -  - - - - - diff --git a/mdop/solutions/virtualizing-microsoft-office-2013-for-application-virtualization--app-v--50-solutions.md b/mdop/solutions/virtualizing-microsoft-office-2013-for-application-virtualization--app-v--50-solutions.md deleted file mode 100644 index 83c7defae3..0000000000 --- a/mdop/solutions/virtualizing-microsoft-office-2013-for-application-virtualization--app-v--50-solutions.md +++ /dev/null @@ -1,31 +0,0 @@ ---- -title: Virtualizing Microsoft Office 2013 for Application Virtualization (App-V) 5.0 -description: Virtualizing Microsoft Office 2013 for Application Virtualization (App-V) 5.0 -author: dansimp -ms.assetid: 742e64de-6ace-4eb4-901a-7a282ca7ae85 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Virtualizing Microsoft Office 2013 for Application Virtualization (App-V) 5.0 - - -This article has been moved to the TechNet Application Virtualization (App-V) 5.0 library and renamed to: - -[Deploying Microsoft Office 2013 by Using App-V](../appv-v5/deploying-microsoft-office-2013-by-using-app-v.md) - -  - -  - - - - - diff --git a/mdop/uev-v1/TOC.md b/mdop/uev-v1/TOC.md deleted file mode 100644 index d52629378d..0000000000 --- a/mdop/uev-v1/TOC.md +++ /dev/null @@ -1,43 +0,0 @@ -# [Microsoft User Experience Virtualization (UE-V) 1.0](index.md) -## [Getting Started With User Experience Virtualization 1.0](getting-started-with-user-experience-virtualization-10.md) -### [About User Experience Virtualization 1.0](about-user-experience-virtualization-10.md) -#### [Microsoft User Experience Virtualization (UE-V) 1.0 Release Notes](microsoft-user-experience-virtualization--ue-v--10-release-notes.md) -### [About User Experience Virtualization 1.0 SP1](about-user-experience-virtualization-10-sp1.md) -#### [Microsoft User Experience Virtualization (UE-V) 1.0 SP1 Release Notes](microsoft-user-experience-virtualization--ue-v--10-sp1-release-notes.md) -### [High-Level Architecture for UE-V 1.0](high-level-architecture-for-ue-v-10.md) -### [Accessibility for UE-V](accessibility-for-ue-v.md) -## [Planning for UE-V 1.0](planning-for-ue-v-10.md) -### [Preparing Your Environment for UE-V](preparing-your-environment-for-ue-v.md) -#### [Supported Configurations for UE-V 1.0](supported-configurations-for-ue-v-10.md) -### [Planning for UE-V Configuration](planning-for-ue-v-configuration.md) -#### [Planning Which Applications to Synchronize with UE-V 1.0](planning-which-applications-to-synchronize-with-ue-v-10.md) -#### [Checklist for Evaluating Line-of-Business Applications for UE-V 1.0](checklist-for-evaluating-line-of-business-applications-for-ue-v-10.md) -#### [Planning for Custom Template Deployment for UE-V 1.0](planning-for-custom-template-deployment-for-ue-v-10.md) -#### [Planning for UE-V Configuration Methods](planning-for-ue-v-configuration-methods.md) -### [UE-V Checklist](ue-v-checklist.md) -## [Deploying UE-V 1.0](deploying-ue-v-10.md) -### [Deploying the Settings Storage Location for UE-V 1.0](deploying-the-settings-storage-location-for-ue-v-10.md) -### [Deploying the UE-V Agent](deploying-the-ue-v-agent.md) -### [Installing the UE-V Group Policy ADMX Templates](installing-the-ue-v-group-policy-admx-templates.md) -### [Installing the UE-V Generator](installing-the-ue-v-generator.md) -### [Deploying the Settings Template Catalog for UE-V 1.0](deploying-the-settings-template-catalog-for-ue-v-10.md) -### [Deploying UE-V Settings Location Templates for UE-V 1.0](deploying-ue-v-settings-location-templates-for-ue-v-10.md) -## [Operations for UE-V 1.0](operations-for-ue-v-10.md) -### [Administering UE-V 1.0](administering-ue-v-10.md) -#### [Changing the Frequency of UE-V Scheduled Tasks](changing-the-frequency-of-ue-v-scheduled-tasks.md) -#### [Sharing Settings Location Templates with the UE-V Template Gallery](sharing-settings-location-templates-with-the-ue-v-template-gallery.md) -#### [Restoring Application and Windows Settings Synchronized with UE-V 1.0](restoring-application-and-windows-settings-synchronized-with-ue-v-10.md) -#### [Configuring UE-V with Group Policy Objects](configuring-ue-v-with-group-policy-objects.md) -#### [Migrating UE-V Settings Packages](migrating-ue-v-settings-packages.md) -### [Working with Custom UE-V Templates and the UE-V Generator](working-with-custom-ue-v-templates-and-the-ue-v-generator.md) -#### [Create UE-V Settings Location Templates with the UE-V Generator](create-ue-v-settings-location-templates-with-the-ue-v-generator.md) -#### [Edit UE-V Settings Location Templates with the UE-V Generator](edit-ue-v-settings-location-templates-with-the-ue-v-generator.md) -#### [Validate UE-V Settings Location Templates with UE-V Generator](validate-ue-v-settings-location-templates-with-ue-v-generator.md) -### [Administering UE-V with PowerShell and WMI](administering-ue-v-with-powershell-and-wmi.md) -#### [Managing the UE-V 1.0 Agent and Packages with PowerShell and WMI](managing-the-ue-v-10-agent-and-packages-with-powershell-and-wmi.md) -#### [Managing UE-V 1.0 Settings Location Templates Using PowerShell and WMI](managing-ue-v-10-settings-location-templates-using-powershell-and-wmi.md) -### [Security and Privacy for UE-V 1.0](security-and-privacy-for-ue-v-10.md) -#### [UE-V 1.0 Security Considerations](ue-v-10-security-considerations.md) -#### [User Experience Virtualization Privacy Statement](user-experience-virtualization-privacy-statement.md) -## [Troubleshooting UE-V 1.0](troubleshooting-ue-v-10.md) - diff --git a/mdop/uev-v1/about-user-experience-virtualization-10-sp1.md b/mdop/uev-v1/about-user-experience-virtualization-10-sp1.md deleted file mode 100644 index dbed7e3471..0000000000 --- a/mdop/uev-v1/about-user-experience-virtualization-10-sp1.md +++ /dev/null @@ -1,273 +0,0 @@ ---- -title: About User Experience Virtualization 1.0 SP1 -description: About User Experience Virtualization 1.0 SP1 -author: dansimp -ms.assetid: 0212d3fb-e882-476c-9496-9eb52301703d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About User Experience Virtualization 1.0 SP1 - - -Microsoft User Experience Virtualization (UE-V) 1.0 Service Pack 1 changes the version from 1.0.414 to 1.0.520. When the UE-V Agent setup.exe or UE-V Generator setup.exe is launched it will detect the need for an upgrade and will upgrade the UE-V Agent or Generator. - -## Additional Languages Now Supported - - -UE-V 1.0 Service Pack 1 provides updates for both the UE-V Agent and the UE-V Generator supporting additional languages. All supported languages are installed when the setup program runs. The following languages are included in UE-V 1 SP1: - - ---- - - - - - - - - - - - - -
UE-V AgentUE-V Generator
    -

  • Chinese Simplified (PRC) zh-CN

    • -
-
    -

  • Chinese Traditional - Taiwan zh-TW

    • -
-
    -

  • Czech (Czech Republic) cs-CZ

    • -
-
    -

  • Danish (Denmark) da-DK

    • -
-
    -

  • Dutch (Netherlands) nl-NL

    • -
-
    -

  • Finnish (Finland) fi-FI

    • -
-
    -

  • French (France) fr-FR

    • -
-
    -

  • German (Germany) de-DE

    • -
-
    -

  • Greek (Greece) el-GR

    • -
-
    -

  • Hungarian (Hungary) hu-HU

    • -
-
    -

  • Italian (Italy) it-IT

    • -
-
    -

  • Japanese (Japan) ja-JP

    • -
-
    -

  • Korean (Korea) ko-KR

    • -
-
    -

  • Norwegian - Norway Bokmal nb-NO

    • -
-
    -

  • Polish (Poland) pl-PL

    • -
-
    -

  • Portuguese (Brazil) pt-BR

    • -
-
    -

  • Portuguese (Portugal) pt-PT

    • -
-
    -

  • Russian (Russia) ru-RU

    • -
-
    -

  • Slovak (Slovakia) sk-SK

    • -
-
    -

  • Slovenian (Slovenia) sl-SL

    • -
-
    -

  • Spanish, International Sort (Spain) es-ES

    • -
-
    -

  • Swedish (Sweden) sv-SE

    • -
-
    -

  • Turkish (Turkey) tr-TR

    • -
-

    -

  • Chinese Simplified (PRC) zh-CN

    • -
-
    -

  • Chinese Traditional - Taiwan zh-TW

    • -
-
    -

  • French (France) fr-FR

    • -
-
    -

  • German (Germany) de-DE

    • -
-
    -

  • Italian (Italy) it-IT

    • -
-
    -

  • Japanese (Japan) ja-JP

    • -
-
    -

  • Korean (Korea) ko-KR

    • -
-
    -

  • Portuguese (Brazil) pt-BR

    • -
-
    -

  • Russian (Russia) ru-RU

    • -
-
    -

  • Spanish, International Sort (Spain) es-ES

    • -
- - - -**Important**   -While the UE-V Agent installation program (AgentSetup.exe) and UE-V Generator installation program (ToolSetup.exe) are translated into the languages above, the Windows Installer (.msi) files are only available in English. - - - -## Office 2007 Settings Location Templates - - -The UE-V Agent installation software installs the agent and registers a default group of settings location templates for common Microsoft applications. Microsoft Office 2007 is now part of these applications. There are two Office 2007 templates: MicrosoftOffice2007.xml and MicrosoftCommunicator2007.xml. These settings location templates capture settings in Microsoft Office 2007 for the following applications: - -- Microsoft Access 2007 - -- Microsoft Communicator 2007 - -- Microsoft Excel 2007 - -- Microsoft InfoPath 2007 - -- Microsoft OneNote 2007 - -- Microsoft Outlook 2007 - -- Microsoft PowerPoint 2007 - -- Microsoft Project 2007 - -- Microsoft Publisher 2007 - -- Microsoft SharePoint Designer 2007 - -- Microsoft Visio 2007 - -- Microsoft Word 2007 - -### Office 2010 Settings Location Templates Updates - -An update to the Settings Location Templates has also been made. Those changes include: - -- Added support for Microsoft SharePoint Designer 2010 by adding a new template to the Office 2010 templates (MicrosoftOffice2010Win32.xml and MicrosoftOffice2010Win64.xml) - -- Minor bug fixes, including Customize Status Bar – Word, Excel, and PowerPoint - -## Scheduled Task for Catalog Updates is now randomized - - -The Template Auto Update task checks the settings template catalog for new, updated, or removed templates. This task only runs if the SettingsTemplateCatalog is configured. The Template Auto Update task runs the ApplySettingsCatalog.exe file, which is located in the UE-V Agent install directory and with UE-V SP1 has been changed to randomize the update over a one hour period. - -## Support for Citrix EdgeSight - - -There was a conflict discovered with UE-V running on a server with Citrix EdgeSight. UE-V 1.0 SP1 resolves this issue. - -## Indexing of Internet Explorer favorites - - -When UE-V roams Internet Explorer favorites from one computer to another computer, the indexing of favorite addresses in the address bar on the synced computer is now updated. When a user types in the address bar, the roamed favorites now appear as available search result on synced computers. - -## New setup.exe command line parameters for UE-V Agent and UE-V Generator - - -With the release of UE-V 1.0 SP1, the setup.exe for both the UE-V Agent and the UE-V Generator have been updated to allow the following additional command line parameters: - -1. `CEIPENABLED` – Allows setup to accept the option to be included in the Microsoft Customer Experience Improvement Program. - -2. `INSTALLFOLDER` – Allows a different installation folder to be set for the Agent or Generator. - -3. `MUENABLED` – Allows setup to accept the option to be included in the Microsoft Update program. - -## New error codes for setup - - -When running the UE-V setup for UE-V Agent (AgentSetup.exe), the following return codes can be viewed in the install log “/log <log.txt>.” - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

0

Setup completed successfully.

2

An older version of UE-V was used in attempting to uninstall. To uninstall UE-V, use the same version of UE-V that was used to install.

3

A newer version of UE-V was used to uninstall. To uninstall UE-V, use the same version of UE-V that was used to install.

4

Unexpected error from the setup program.

5

The Full version of UE-V cannot be installed on top of the Trial (Evaluation) version. Uninstall the Trial version and try again.

6

Unexpected error during installation.

7

The .NET 3.5 Framework was not found on Windows 7 or Windows Server2008 R2 computer.

8

The Offline Files feature is not enabled.

9

The UE-V setup program cannot determine whether UE-V is already installed or there was an error in the setup file.

- - - - - - - - - - - diff --git a/mdop/uev-v1/about-user-experience-virtualization-10.md b/mdop/uev-v1/about-user-experience-virtualization-10.md deleted file mode 100644 index 30ca82aab4..0000000000 --- a/mdop/uev-v1/about-user-experience-virtualization-10.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: About User Experience Virtualization 1.0 -description: About User Experience Virtualization 1.0 -author: dansimp -ms.assetid: 3758b100-35a8-4e10-ac08-f583fb8ddbd9 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# About User Experience Virtualization 1.0 - - -Microsoft User Experience Virtualization (UE-V) monitors the changes that are made by users to application settings and Windows operating system settings. The user settings are captured and centralized to a settings storage location. These settings can then be applied to the different computers that are accessed by the user, including desktop computers, laptop computers, and virtual desktop infrastructure (VDI) sessions. - -User Experience Virtualization uses settings location templates to specify what applications and Windows settings on the user computers are monitored and centralized. The settings location template is an XML file that specifies which file and registry locations are associated with each application or operating system setting. The template does not contain values for the settings; it contains only the locations of the settings that are to be monitored. - -The application settings and Windows settings are monitored by UE-V when users are working on their computers. The values for the application settings are stored on the settings storage server when the user closes the application. The values for the Windows settings are stored when the user logs off, when the computer is locked, or when they disconnect remotely from a computer. - -An administrator can create a UE-V settings location template to specify which enterprise application settings will roam. UE-V includes a set of settings location templates for some Microsoft applications and Windows settings. For a list of default applications and settings in UE-V, see [Planning Which Applications to Synchronize with UE-V 1.0](planning-which-applications-to-synchronize-with-ue-v-10.md). - -## UEV 1.0 Release Notes - - -For more information, and for late-breaking news that did not make it into the documentation, see [Microsoft User Experience Virtualization (UE-V) 1.0 Release Notes](microsoft-user-experience-virtualization--ue-v--10-release-notes.md). - -## Related topics - - -[Getting Started With User Experience Virtualization 1.0](getting-started-with-user-experience-virtualization-10.md) - -[Microsoft User Experience Virtualization (UE-V) 1.0](index.md) - -[High-Level Architecture for UE-V 1.0](high-level-architecture-for-ue-v-10.md) - -  - -  - - - - - diff --git a/mdop/uev-v1/accessibility-for-ue-v.md b/mdop/uev-v1/accessibility-for-ue-v.md deleted file mode 100644 index 25be013a5c..0000000000 --- a/mdop/uev-v1/accessibility-for-ue-v.md +++ /dev/null @@ -1,104 +0,0 @@ ---- -title: Accessibility for UE-V -description: Accessibility for UE-V -author: dansimp -ms.assetid: 059a76e5-bcf0-4459-b5d2-8b71ff2ef433 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Accessibility for UE-V - - -Microsoft is committed to making its products and services easier for everyone to use. This section provides information about features and services that make this product and its corresponding documentation more accessible for people with disabilities. - -## Access any command with a few keystrokes - - -You can access most commands by using two keystrokes. To use an access key: - -1. Press ALT. - - The keyboard shortcuts are displayed over each feature that is available in the current view. - -2. Press the letter shown in the keyboard shortcut over the feature that you want to use. - -**Note**   -To cancel the action that you are taking and hide the keyboard shortcuts, press ALT. - - - -### Documentation in alternative formats - -If you have difficulty reading or handling printed materials, you can obtain the documentation for many Microsoft products in more accessible formats. You can view an index of accessible product documentation on the Microsoft Accessibility website. In addition, you can obtain additional Microsoft publications from Learning Ally, formerly known as Recording for the Blind & Dyslexic, Inc. Learning Ally distributes these documents to registered, eligible members of their distribution service. - -For information about the availability of Microsoft product documentation and books from Microsoft Press, contact: - - ---- - - - - - - - - - - - - - - - - - - - - - - -

Learning Ally (formerly Recording for the Blind & Dyslexic, Inc.)

-

20 Roszel Road

-

Princeton, NJ 08540

Telephone number from within the United States:

(800) 221-4792

Telephone number from outside the United States and Canada:

(609) 452-0606

Fax:

(609) 987-8116

http://www.learningally.org/

Web addresses can change, so you might be unable to connect to the website or sites that are mentioned here.

- - - -### Customer service for people with hearing impairments - -If you are deaf or hard-of-hearing, complete access to Microsoft product and customer services is available through a text telephone (TTY/TDD) service: - -- For customer service, contact Microsoft Sales Information Center at (800) 892-5234 between 6:30 AM and 5:30 PM Pacific Time, Monday through Friday, excluding holidays. - -- For technical assistance in the United States, contact Microsoft Product Support Services at (800) 892-5234 between 6:00 AM and 6:00 PM Pacific Time, Monday through Friday, excluding holidays. In Canada, dial (905) 568-9641 between 8:00 AM and 8:00 PM Eastern Time, Monday through Friday, excluding holidays. - -Microsoft Support Services are subject to the prices, terms, and conditions in place at the time that the service is used. - -## For more information - - -For more information about how accessible technology for computers can help to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/p/?linkid=8431). - -## Related topics - - -[Getting Started With User Experience Virtualization 1.0](getting-started-with-user-experience-virtualization-10.md) - - - - - - - - - diff --git a/mdop/uev-v1/administering-ue-v-10.md b/mdop/uev-v1/administering-ue-v-10.md deleted file mode 100644 index d0cfef26e9..0000000000 --- a/mdop/uev-v1/administering-ue-v-10.md +++ /dev/null @@ -1,75 +0,0 @@ ---- -title: Administering UE-V 1.0 -description: Administering UE-V 1.0 -author: dansimp -ms.assetid: c399ae8d-c839-4f84-9bfc-adacd8f89f34 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Administering UE-V 1.0 - - -After you have deployed Microsoft User Experience Virtualization (UE-V), you must be able to perform various ongoing administrative tasks. These post-installation tasks are described in the following sections. - -## Managing UE-V resources - - -In the course of the UE-V lifecycle, you will need to manage the configuration of the UE-V agent and also manage storage locations for resources such as settings packages. You might need to perform other tasks such as to restore a user’s settings to their original state from before UE-V was installed in order to recover lost settings. The following topics provide guidance for managing UE-V resources. - -### Changing the Frequency of UE-V Scheduled Tasks - -You can configure the scheduled tasks that manage when UE-V checks for new, updated, or removed custom settings location templates in the settings template catalog. - -[Changing the Frequency of UE-V Scheduled Tasks](changing-the-frequency-of-ue-v-scheduled-tasks.md) - -### Sharing Settings Location Templates with the UE-V Template Gallery - -The UE-V template gallery facilitates the sharing of UE-V settings location templates. The gallery enables you to upload your settings location templates to share with other people and to download templates that other people have created. - -[Sharing Settings Location Templates with the UE-V Template Gallery](sharing-settings-location-templates-with-the-ue-v-template-gallery.md) - -### Restoring application and Windows settings synchronized with UE-V 1.0 - -WMI and PowerShell features of UE-V provide the ability to restore settings packages. WMI and PowerShell commands allow you to restore application settings and Windows settings to the settings values that were on the computer the first time the application was started after the UE-V agent was launched. - -[Restoring Application and Windows Settings Synchronized with UE-V 1.0](restoring-application-and-windows-settings-synchronized-with-ue-v-10.md) - -### Configuring UE-V with Group Policy Objects - -You can use Group Policy to modify the settings that define how UE-V synchronizes settings on computers. - -[Configuring UE-V with Group Policy Objects](configuring-ue-v-with-group-policy-objects.md) - -### Administering UE-V with PowerShell and WMI - -You can use PowerShell and WMI to modify the settings that define how UE-V synchronizes settings on computers. - -[Managing the UE-V 1.0 Agent and Packages with PowerShell and WMI](managing-the-ue-v-10-agent-and-packages-with-powershell-and-wmi.md) - -### Migrating UE-V Settings Packages - -You can relocate the user settings packages either when migrating to a new server or for backup purposes. - -[Migrating UE-V Settings Packages](migrating-ue-v-settings-packages.md) - -## Other resources for this product - - -[Operations for UE-V 1.0](operations-for-ue-v-10.md) - -  - -  - - - - - diff --git a/mdop/uev-v1/administering-ue-v-with-powershell-and-wmi.md b/mdop/uev-v1/administering-ue-v-with-powershell-and-wmi.md deleted file mode 100644 index 1c64c98eb7..0000000000 --- a/mdop/uev-v1/administering-ue-v-with-powershell-and-wmi.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: Administering UE-V with PowerShell and WMI -description: Administering UE-V with PowerShell and WMI -author: dansimp -ms.assetid: 26cc864f-c628-4c04-a18c-dd60fce8187c -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Administering UE-V with PowerShell and WMI - - -Microsoft User Experience Virtualization (UE-V) provides Windows PowerShell cmdlets which can help administrators perform various UE-V tasks. The following sections provide more information about using PowerShell with UE-V. - -## Managing the UE-V 1.0 Agent and Packages with PowerShell and WMI - - -You can use PowerShell and WMI to manage Microsoft User Experience Virtualization (UE-V) Agent configuration and synchronization behavior. - -[Managing the UE-V 1.0 Agent and Packages with PowerShell and WMI](managing-the-ue-v-10-agent-and-packages-with-powershell-and-wmi.md) - -## Managing UE-V 1.0 Settings Location Templates with PowerShell and WMI - - -After you create and deploy UE-V settings location templates you can manage those templates using PowerShell or WMI. - -[Managing UE-V 1.0 Settings Location Templates Using PowerShell and WMI](managing-ue-v-10-settings-location-templates-using-powershell-and-wmi.md) - -## Other resources for this product - - -[Operations for UE-V 1.0](operations-for-ue-v-10.md) - -  - -  - - - - - diff --git a/mdop/uev-v1/changing-the-frequency-of-ue-v-scheduled-tasks.md b/mdop/uev-v1/changing-the-frequency-of-ue-v-scheduled-tasks.md deleted file mode 100644 index d063140038..0000000000 --- a/mdop/uev-v1/changing-the-frequency-of-ue-v-scheduled-tasks.md +++ /dev/null @@ -1,114 +0,0 @@ ---- -title: Changing the Frequency of UE-V Scheduled Tasks -description: Changing the Frequency of UE-V Scheduled Tasks -author: dansimp -ms.assetid: 33c2674e-0df4-4717-9c3d-820a90b16e19 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Changing the Frequency of UE-V Scheduled Tasks - - -The Microsoft User Experience Virtualization (UE-V) Agent installer, AgentSetup.exe, creates two scheduled tasks during the UE-V Agent installation. The two tasks are the **Template Auto Update** task and the **Setting Storage Location Status** task. These scheduled tasks are not configurable with the UE-V tools. Administrators who wish to change the scheduled task for these items can create a script that uses the Schtasks.exe command-line options. - -For more information about Schtasks.exe, see [How to use Schtasks,exe to Schedule Tasks in Windows Server 2003](https://go.microsoft.com/fwlink/?LinkID=264854). - -## Template Auto-Update - - -The **Template Auto Update** task checks the settings template catalog for new, updated, or removed templates. This task only runs if the SettingsTemplateCatalog is configured. The **Template Auto Update** task runs the ApplySettingsCatalog.exe file, which is located in the UE-V Agent install directory. - - ---- - - - - - - - - - - - - -
Task nameDefault trigger

\Microsoft\UE-V\Template Auto Update

3:30 AM every day

- -  - -**Example:** The following command configures the agent to check the settings template catalog store every hour. - -``` syntax -schtasks /change /tn "Microsoft\UE-V\Template Auto Update" /ri 60 -``` - -## Settings Storage Location Status - - -The **Setting Storage Location Status** task performs the following actions: - -1. Checks to make sure the UE-V folders are still pinned or registered with the offline files feature. - -2. Checks whether the settings storage location is offline or online. - -3. Forces a synchronization on the specified interval instead of the default interval for offline files. - -4. Synchronizes any settings packages that are configured to be pre-fetched. - -5. Checks if the Active Directory home directory path has changed. - -6. Writes the current settings storage configuration under the following location - - - - - - - - - - - - - - - - - - -
Task nameDefault trigger

\Microsoft\UE-V\Settings Storage Location Status

At logon of any user – After triggered, repeat every 30 minutes indefinitely.

- -   - -**Example:** The following command configures the agent to run the action above every hour. - -``` syntax -schtasks /change /tn "\Microsoft\UE-V\Settings Storage Location Status" /ri 60 -``` - -## Related topics - - -[Administering UE-V 1.0](administering-ue-v-10.md) - -[Operations for UE-V 1.0](operations-for-ue-v-10.md) - -  - -  - - - - - diff --git a/mdop/uev-v1/checklist-for-evaluating-line-of-business-applications-for-ue-v-10.md b/mdop/uev-v1/checklist-for-evaluating-line-of-business-applications-for-ue-v-10.md deleted file mode 100644 index 350d61d863..0000000000 --- a/mdop/uev-v1/checklist-for-evaluating-line-of-business-applications-for-ue-v-10.md +++ /dev/null @@ -1,81 +0,0 @@ ---- -title: Checklist for Evaluating Line-of-Business Applications for UE-V 1.0 -description: Checklist for Evaluating Line-of-Business Applications for UE-V 1.0 -author: dansimp -ms.assetid: 3bfaab30-59f7-4099-abb1-d248ce0086b8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Checklist for Evaluating Line-of-Business Applications for UE-V 1.0 - - -To evaluate which line-of-business applications should be included in your UE-V deployment, consider the following: - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Description
Checklist box

Does this application contain settings that the user can customize?

Checklist box

Is it important for the user that these settings roam?

Checklist box

Are these user settings already managed by an application management or settings policy solution? UE-V applies application settings at application launch and Windows settings at logon, unlock, or remote connect events. If you use UE-V with other settings policy solutions, users might experience inconsistency across roamed settings.

Checklist box

Are the application settings specific to the computer? Application preferences and customizations that are associated with hardware or specific computer configurations do not consistently roam across sessions and can cause a poor application experience.

Checklist box

Does the application store settings in the Program Files directory or in the file directory that is located in the Users \ [User name] \ AppData \ LocalLow directory? Application data that is stored in either of these locations usually should not roam with the user, because this data is specific to the computer or because the data is too large to roam.

Checklist box

Does the application store any settings in a file that contains other application data that should not roam? UE-V synchronizes files as a single unit. If settings are stored in files that include application data other than settings, then synchronizing this additional data may cause a poor application experience.

Checklist box

How large are the files that contain the settings? The performance of the settings synchronization can be affected by large files. Including large files can impact the performance of settings synchronization.

- -  - -## Related topics - - -[Planning for UE-V Configuration Methods](planning-for-ue-v-configuration-methods.md) - -[Planning for UE-V 1.0](planning-for-ue-v-10.md) - -  - -  - - - - - diff --git a/mdop/uev-v1/configuring-ue-v-with-group-policy-objects.md b/mdop/uev-v1/configuring-ue-v-with-group-policy-objects.md deleted file mode 100644 index 37690af84f..0000000000 --- a/mdop/uev-v1/configuring-ue-v-with-group-policy-objects.md +++ /dev/null @@ -1,138 +0,0 @@ ---- -title: Configuring UE-V with Group Policy Objects -description: Configuring UE-V with Group Policy Objects -author: dansimp -ms.assetid: 5c9be706-a05f-4397-9a38-e6b73ebff1e5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configuring UE-V with Group Policy Objects - - -Some Microsoft User Experience Virtualization (UE-V) Group Policy settings can be defined for computers and others can be defined for users. UE-V agent configuration policy settings can be defined for computers or users. For information about how to install UE-V Group Policy ADMX files, see [Installing the UE-V Group Policy ADMX Templates](installing-the-ue-v-group-policy-admx-templates.md). - -The following policy settings can be configured for UE-V: - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Policy setting name

Target

Policy setting description

Configuration options

Use User Experience Virtualization (UE-V)

Computers and Users

This policy setting allows you to enable or disable User Experience Virtualization (UE-V).

Enable or disable this policy setting.

Settings storage path

Computers and Users

This policy setting configures where the user settings will be stored.

Provide a Universal Naming Convention (UNC) path and variables such as \Server\SettingsShare%username%.

Settings template catalog path

Computers Only

This policy setting configures where custom settings location templates are stored. This policy setting also configures whether the catalog will be used to replace the default Microsoft templates that are installed with the UE-V agent.

Provide a Universal Naming Convention (UNC) path such as \Server\TemplateShare or a folder location on the computer.

-

-

Select the check box to replace the default Microsoft templates.

Do not use Offline Files

Computers and Users

This policy setting allows you to configure whether UE-V will use the Windows Offline Files feature. This policy setting also allows you to enable notification to occur when the import of user settings is delayed.

To configure the UE-V Agent to not use offline files, enable this setting.

-

-

Specify if notifications should be given when settings import is delayed.

-

-

Specify the length of time in seconds to wait before the notification appears.

Synchronization timeout

Computers and Users

This policy setting configures the number of milliseconds that the computer waits before a timeout when retrieving user settings from the remote settings location. If the remote storage location is unavailable, the application launch is delayed by this many milliseconds.

Specify the preferred synchronization timeout in milliseconds. The default value of 2000 milliseconds.

Package size warning threshold

Computers and Users

This policy setting allows you to configure the UE-V agent to report when a settings package file size reaches a defined threshold.

Specified the preferred threshold for settings package sizes in kilobytes.

-

By default, the UE-V agent does not have a package file size threshold.

Roaming Application settings

Users Only

This policy setting configures the roaming of user settings of applications.

Select which Windows settings will roam between computers.

-

By default, the user settings of applications with settings template provided by UE-V are roamed between computers.

Roaming Windows settings

Users Only

This policy setting configures the roaming of Windows settings.

Select which applications will roam between computers.

-

By default, Windows themes are roamed between computers of the same operating system version. Windows desktop settings and Ease of Access settings are not roamed.

- - - -**To configure computer-targeted policies** - -1. Use the Group Policy Management Console (GPMC) or the Advanced Group Policy Management (AGPM) on the domain controller computer that manages Group Policy for UE-V computers. Navigate to **Computer configuration**, select **Policies**, select **Administrative Templates**, click **Windows Components**, and then select **Microsoft User Experience Virtualization**. - -2. Select the policy setting to be edited. - -**To configure user-targeted policies** - -1. Use the Group Policy Management Console (GPMC) or the Advanced Group Policy Management (AGPM) tool in Microsoft Desktop Optimization Pack (MDOP) on the domain controller computer that manages Group Policy for UE-V. Navigate to **User configuration**, select **Policies**, select **Administrative Templates**, click **Windows Components**, and then select **Microsoft User Experience Virtualization**. - -2. Select the policy setting edited. - -The UE-V agent uses the following order of precedence to determine synchronization. - -**Order of precedence for UE-V settings** - -1. User-targeted settings managed by Group Policy - These configuration settings are stored in the registry key by Group Policy under `HKEY_CURRENT_USER\Software\Policies\Microsoft\Uev\Agent\Configuration`. - -2. Computer-targeted settings managed by Group Policy - These configuration settings are stored in the registry key by Group Policy under `HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Uev\Agent\Configuration`. - -3. Configuration settings defined by the current user using PowerShell or WMI - These configuration settings are stored by the UE-V agent under this registry location: `HKEY_CURRENT_USER\Software\Microsoft\Uev\Agent\Configuration`. - -4. Configuration settings defined for the computer using PowerShell or WMI. These configuration settings are stored by the UE-V agent under the `HKEY_LOCAL_MACHINE \Software\Microsoft\Uev\Agent\Configuration`. - -## Related topics - - -[Administering UE-V 1.0](administering-ue-v-10.md) - -[Operations for UE-V 1.0](operations-for-ue-v-10.md) - - - - - - - - - diff --git a/mdop/uev-v1/create-ue-v-settings-location-templates-with-the-ue-v-generator.md b/mdop/uev-v1/create-ue-v-settings-location-templates-with-the-ue-v-generator.md deleted file mode 100644 index 7c342a42af..0000000000 --- a/mdop/uev-v1/create-ue-v-settings-location-templates-with-the-ue-v-generator.md +++ /dev/null @@ -1,125 +0,0 @@ ---- -title: Create UE-V Settings Location Templates with the UE-V Generator -description: Create UE-V Settings Location Templates with the UE-V Generator -author: dansimp -ms.assetid: b8e50e2f-0cc6-4f74-bb48-c471fefdc7d8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Create UE-V Settings Location Templates with the UE-V Generator - - -Microsoft User Experience Virtualization (UE-V) uses *settings location templates* to roam application settings between user computers. Some standard settings location templates are included with User Experience Virtualization. You can also create, edit, or validate custom settings location templates with the UE-V Generator. - -The UE-V Generator monitors an application to discover and capture the locations where the application stores its settings. The application that is being monitored must be a traditional application. The UE-V Generator cannot create a settings location template from the following application types: - -- Virtualized applications - -- Application offered through terminal services - -- Java applications - -- Windows 8 applications - -**Note**   -UE-V templates cannot be created from virtualized applications or terminal services applications. However, settings synchronized using the templates can be applied to those applications. To create templates that support Virtual Desktop Infrastructure (VDI) and terminal services applications, open a Windows Installer File (.msi) version of the application with UE-V Generator. - - - -**Excluded Locations** - -The discovery process excludes locations which commonly store application software files that do not roam well between user computers or environments. The following are excluded: - -- HKEY\_CURRENT\_USER registry keys and files to which the logged-on user cannot write values - -- HKEY\_CURRENT\_USER registry keys and files associated with the core functionality of the Windows operating system - -- All registry keys located in the HKEY\_LOCAL\_MACHINE hive - -- Files located in Program Files directories - -- Files located in Users \\ \[User name\] \\ AppData \\ LocalLow - -- Windows operating system files located in %systemroot% - -If registry keys and files stored in these excluded locations are required in order to roam application settings, administrators can manually add the locations to the settings location template during the template creation process. - -## Create UE-V templates - - -Use the UE-V Generator to create settings location templates for line-of-business applications or other applications. After the template for an application is created, you can deploy the template to computers so users can roam the settings for that application. - -**To create a UE-V settings location template with the UE-V Generator** - -1. Click **Start**, click **All Programs**, click **Microsoft User Experience Virtualization**, and then click **Microsoft User Experience Virtualization Generator**. - -2. Click **Create a settings location template**. - -3. Specify the application. Browse to the file path of the application (.exe) or the application shortcut (.lnk) for which you want to create a settings location template. Specify the command line arguments, if any, and working directory, if any. Click **Next** to continue. - - **Note**   - Before the application is started, the system displays a prompt for **User Account Control**. Permission is required to monitor the registry and file locations that the application uses to store settings. - - - -4. After the application starts, close the application. The UE-V Generator records the locations where the application stores its settings. - -5. After the process is complete, click **Next** to continue. - -6. Review and select the check boxes next to the appropriate registry settings locations and settings file locations to roam for this application. The list includes the following two categories for settings locations: - - - **Standard**: Application settings that are stored in the registry under the HKEY\_CURRENT\_USER keys or in the file folders under \\ **Users** \\ \[User name\] \\ **AppData** \\ **Roaming**. The UE-V Generator includes these settings by default. - - - **Nonstandard**: Application settings that are stored outside the locations specified in the best practices for settings data storage (optional). These include files and folders under **Users** \\ \[User name\] \\ **AppData** \\ **Local**. Review these locations to determine whether to include them in the settings location template. Select the locations check boxes to include them. - - Click **Next** to continue. - -7. Review and edit any **Properties**, **Registry** locations, and **Files** locations for the settings location template. - - - Edit the following properties on the **Properties** tab: - - - **Application Name**: The application name written in the description of the program files properties. - - - **Program name**: The name of the program taken from the program file properties. This name usually has the .exe extension. - - - **Product version**: The product version number of the .exe file of the application. This property, in conjunction with the File version, helps determine which applications are targeted by the settings location template. This property accepts a major version number. If this property is empty, the settings location template will apply to all versions of the product. - - - **File version**: The file version number of the.exe file of the application. This property, in conjunction with the Product version, helps determine which applications are targeted by the settings location template. This property accepts a major version number. If this property is empty, the settings location template will apply to all versions of the program. - - - **Template author name** (optional): The name of the settings location template author. - - - **Template author email** (optional): The email address of the settings location template author. - - - The **Registry** tab lists the **Key** and **Scope** of the registry locations that are included in the settings location template. Edit the registry locations by use of the **Tasks** drop-down menu. Tasks include adding new keys, editing the name or scope of existing keys, deleting keys, and browsing the registry where the keys are located. Use the **All Settings** scope to include all the registry settings under the specified key. Use the **All Settings and Subkeys** to include all the registry settings under the specified key, subkeys, and subkey settings. - - - The **Files** tab lists the file path and file mask of the file locations included in the settings location template. Edit the file locations by use of the **Tasks** drop-down menu. Tasks for file locations include adding new files or folder locations, editing the scope of existing files or folders, deleting files or folders, and opening the selected location in Windows Explorer. Leave the file mask empty to include all files in the specified folder. - -8. Click **Create** and save the settings location template on the computer. - -9. Click **Close** to close the Settings Template Wizard. Exit the UE-V Generator application. - - After you have created the settings location template for an application, you should test the template. Deploy the template in a lab environment before putting it into production in the enterprise. - -## Related topics - - -[Working with Custom UE-V Templates and the UE-V Generator](working-with-custom-ue-v-templates-and-the-ue-v-generator.md) - -[Operations for UE-V 1.0](operations-for-ue-v-10.md) - - - - - - - - - diff --git a/mdop/uev-v1/deploying-the-settings-storage-location-for-ue-v-10.md b/mdop/uev-v1/deploying-the-settings-storage-location-for-ue-v-10.md deleted file mode 100644 index 485a0704eb..0000000000 --- a/mdop/uev-v1/deploying-the-settings-storage-location-for-ue-v-10.md +++ /dev/null @@ -1,127 +0,0 @@ ---- -title: Deploying the Settings Storage Location for UE-V 1.0 -description: Deploying the Settings Storage Location for UE-V 1.0 -author: dansimp -ms.assetid: b187d44d-649b-487e-98d3-a61ee2be8c2f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploying the Settings Storage Location for UE-V 1.0 - - -Microsoft User Experience Virtualization (UE-V) deployment requires a settings storage location where the user settings are stored in a settings package file. The settings storage location can be configured in one of the following two ways: - -- **Active Directory home directory** – if a home directory is defined for the user in Active Directory, the UE-V agent will use this location to store settings location packages. The UE-V agent dynamically creates the user-specific storage folder below the root of the home directory. The agent only uses the home directory of the Active Directory if a settings storage location is not defined. - -- **Create a settings storage share** – the settings storage share is a standard network share that is accessible by UE-V users. - -## Deploy a UE-V settings storage share - - -When you create the settings storage share, you should limit access only to users that need access. The necessary permissions are shown in the tables below. - -**To deploy the UE-V network share** - -1. Create a new security group for UE-V users. - -2. Create a new folder on the centrally located computer that will store the UE-V settings packages, and then grant the UE-V users with group permissions to the folder. The administrator supporting UE-V will need permissions to this shared folder. - -3. Set the following share-level (SMB) permissions for the setting storage location folder: - - - - - - - - - - - - - - - - - - - - - - -
User accountRecommended permissions

Everyone

No Permissions

Security group of UE-V users

Full Control

- - - -4. Set the following NTFS permissions for the settings storage location folder: - - - - - - - - - - - - - - - - - - - - - - - - - - -
User accountRecommended permissionsFolder

Creator/Owner

Full Control

Subfolders and Files Only

Security group of UE-V users

List Folder/Read Data, Create Folders/Append Data

This Folder Only

- - - -5. Click **OK** to close the dialog boxes. - -This permission configuration allows users to create folders for settings storage. The UE-V agent creates and secures a `settingspackage` folder while running in the context of the user. The user receives full control to their `settingspackage` folder. Other users do not inherit access to this folder. You do not need to create and secure individual user directories, because this will be done automatically by the agent that runs in the context of the user. - -**Note**   -Additional security can be configured when a Windows server is utilized for the settings storage share. UE-V can be configured to verify that either the local administrator's group or the current user is the owner of the folder where settings packages are stored. To enable additional security complete the following: - -1. Add a **REG\_DWORD** registry key named "RepositoryOwnerCheckEnabled" to **HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\UEV\\Agent\\Configuration.** - -2. Set registry key value to 1. - - - -## Related topics - - -[Deploying UE-V 1.0](deploying-ue-v-10.md) - -[Supported Configurations for UE-V 1.0](supported-configurations-for-ue-v-10.md) - -Deploy the Central Storage for User Experience Virtualization Settings Templates and Settings Packages -[Installing the UE-V Generator](installing-the-ue-v-generator.md) - -[Deploying the UE-V Agent](deploying-the-ue-v-agent.md) - - - - - - - - - diff --git a/mdop/uev-v1/deploying-the-settings-template-catalog-for-ue-v-10.md b/mdop/uev-v1/deploying-the-settings-template-catalog-for-ue-v-10.md deleted file mode 100644 index c178943956..0000000000 --- a/mdop/uev-v1/deploying-the-settings-template-catalog-for-ue-v-10.md +++ /dev/null @@ -1,114 +0,0 @@ ---- -title: Deploying the Settings Template Catalog for UE-V 1.0 -description: Deploying the Settings Template Catalog for UE-V 1.0 -author: dansimp -ms.assetid: 0e6ab5ef-8eeb-40b4-be7b-a841bd83be96 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploying the Settings Template Catalog for UE-V 1.0 - - -Custom settings location templates can be stored on a folder path on Microsoft User Experience Virtualization (UE-V) computers or on a Server Message Block (SMB) network share. A scheduled task on the computer checks for new or updated templates from this location. The task checks this location once each day and updates its synchronization behavior based on the templates in this folder. Templates that are added or updated in this folder since the last check are registered by the UE-V agent. The UE-V agent deregisters templates that were removed from this folder. The scheduled task runs as SYSTEM. At a minimum, the network share must grant permissions for the Domain Computers group. In addition, grant access permissions for the network share folder to administrators who will manage the stored templates. For more information about custom setting location templates, see [Planning for Custom Template Deployment for UE-V 1.0](planning-for-custom-template-deployment-for-ue-v-10.md). - -**To configure the settings template catalog for UE-V** - -1. Create a new folder on the computer that will store the UE-V settings template catalog. - -2. Set the following share-level (SMB) permissions for the settings template catalog folder. - - - - - - - - - - - - - - - - - - - - - - - - - - -
User accountRecommend permissions

Everyone

No Permissions

Domain Computers

Read Permission Levels

Administrators

Read/Write Permission Levels

- -   - -3. Set the following NTFS permissions for the settings template catalog folder. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
User AccountRecommended PermissionsApply To

Creator/Owner

Full Control

This Folder, Subfolders and Files

Domain Computers

List Folder Contents and Read

This Folder, Subfolders and Files

Everyone

No Permissions

No Permissions

Administrators

Full Control

This Folder, Subfolders and Files

- -   - -4. Click **OK** to close the dialog boxes. - -## Related topics - - -[Deploying UE-V 1.0](deploying-ue-v-10.md) - -[Planning for Custom Template Deployment for UE-V 1.0](planning-for-custom-template-deployment-for-ue-v-10.md) - -  - -  - - - - - diff --git a/mdop/uev-v1/deploying-the-ue-v-agent.md b/mdop/uev-v1/deploying-the-ue-v-agent.md deleted file mode 100644 index ced4f1d88b..0000000000 --- a/mdop/uev-v1/deploying-the-ue-v-agent.md +++ /dev/null @@ -1,204 +0,0 @@ ---- -title: Deploying the UE-V Agent -description: Deploying the UE-V Agent -author: dansimp -ms.assetid: ec1c16c4-4be0-41ff-93bc-3e2b1afb5832 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploying the UE-V Agent - - -The Microsoft User Experience Virtualization (UE-V) agent must run on each computer that uses UE-V to roam application and Windows settings. A single installer file, AgentSetup.exe, installs the UE-V agent on both 32-bit and 64-bit operating systems. The command-line parameters of the UE-V Agent are the following: - -**AgentSetup.exe command-line parameters** - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Command-line parameterDefinitionNotes

/help or /h or /?

Displays the AgentSetup.exe usage dialog.

SettingsStoragePath

Indicates the Universal Naming Convention (UNC) path that defines where settings are stored.

%username% or %computername% environment variables are accepted. Scripting may require escaped variables.

-

Default: <none> (Active Directory user home)

SettingsTemplateCatalogPath

Indicates the Universal Naming Convention (UNC) path that defines the location that was checked for new settings location templates.

Only required for custom settings location templates

RegisterMSTemplates

Specifies whether the default Microsoft templates should be registered during installation.

True | False

-

Default: True

SyncMethod

Specifies which synchronization method should be used.

OfflineFiles | None

-

Default: OfflineFiles

SyncTimeoutInMilliseconds

Specifies the number of milliseconds that the computer waits before timeout when it retrieves user settings from the settings storage location.

Default: 2000 milliseconds

-

(wait up to 2 seconds)

SyncEnabled

Specifies whether UE-V synchronization is enabled or disabled.

True | False

-

Default: True

MaxPackageSizeInBytes

Specifies a settings package file size in bytes when the UE-V agent reports that files exceed the threshold.

<size>

-

Default: none (no warning threshold)

CEIPEnabled

Specifies the setting for participation in the Customer Experience Improvement program. If set to true, then installer information is uploaded to the Microsoft Customer Experience Improvement Program site. If set to false, then no information is uploaded.

True | False

-

Default: False

-

On Windows 7: True

- - - -During installation, the SettingsStoragePath command-line parameter specifies the settings storage location for the settings values. A settings storage location can be defined before deploying the UE-V Agent. If no settings storage location is defined, then UE-V uses the Active Directory user Home Directory as the settings storage location. When you specify the SettingsStoragePath configuration during setup and use the %username% as part of the value, this will roam the same user settings experience on all computers or sessions that a user logs into. If you specify the %username%\\%computername% variables as part of the SettingsStoragePath value, this will preserve the settings experience for each computer. - -Architecture-specific Windows Installer (.msi) files are provided for the UE-V agent installation in addition to the combined 32-bit and 64-bit installer. The AgentSetupx86.msi or AgentSetupx64.msi install files are smaller than the AgentSetup.exe file and might streamline the agent deployments. The command-line parameters for the AgentSetup.exe installer are supported for the Windows Installer (.msi) installation. - -**Note**   -During UE-V agent installation or uninstallation you can either use the AgentSetup.exe file or the AgentSetup<arch>.msi file, but not both. The same file must be used to uninstall the UE-V Agent as it was used to install the UE-V Agent. - - - -Be sure to use the correct variable format when you install the UE-V agent. The following table provides examples of deployment options for using the AgentSetup.exe or the Windows Installer (.msi) installation files. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Deployment typeDeployment descriptionExample

Command prompt

When you install the UE-V agent from a command prompt, use the %^username% variable format. If quotation marks are needed because of spaces in the settings storage path, use a batch script file for deployment.

-

AgentSetup.exe /quiet /norestart /log "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\server\settingsshare%^username%

-

-

msiexec.exe /i "<path to msi file>" /quiet /norestart /lv "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\server\settingsshare%^username%

Batch script

When you install the UE-V Agent from a batch script file, use the %%username%% variable format. If you use this install method, you must escape the variable with the %% characters. Without this character, the script expands the username variable at install time, rather than at run time, causing UE-V to use a single settings storage location for all users.

AgentSetup.exe /quiet /norestart /log "%temp%\UE-VAgentInstaller.log" SettingsStoragePath="\server\settingsshare%%username%%"

-

-

msiexec.exe /i "<path to msi file>" /quiet /norestart /lv "%temp%\UE-VAgentInstaller.log" SettingsStoragePath="\server\settingsshare%%username%%"

-

PowerShell

When you install the UE-V agent from a PowerShell prompt or PowerShell script, use the %username% variable format.

& AgentSetup.exe /quiet /norestart /log "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\server\settingsshare%username%

-

-

& msiexec.exe /i "<path to msi file>" /quiet /norestart /lv "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\server\settingsshare%username%

-

Electronic software distribution, such as deployment of Configuration Manager Software Deployment)

When you install the UE-V Agent with Configuration Manager, use the ^%username^% variable format.

AgentSetup.exe /quiet /norestart /log "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\server\settingsshare^%username^%

-

-

msiexec.exe /i "<path to msi file>" /quiet /norestart /lv "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\server\settingsshare^%username^%

- - - -**Note**   -The installation of the U-EV Agent requires Administrator rights and the computer will require a restart before the UE-V agent can run. - - - -## UE-V Agent deployment methods from a network share - - -You can use the following methods to deploy the UE-V agent: - -- An electronic software distribution (ESD) solution that can install a Windows Installer (.msi) file. - -- An installation script that references the Windows Installer (.msi) file that is stored centrally on a share. - -- Manually running the installation program on the computer. - -To deploy the UE-V agent from a network share, use the following steps: - -**To install and configure the UE-V Agent from a network share** - -1. Stage the UE-V agent installation file (AgentSetup.exe) on a network share to which users have “read” permission. - -2. Deploy a script to user computers that installs the UE-V agent. The script should specify the settings storage location. - -**Update the UE-V Agent** - -Updates for the UE-V agent software will be provided through Microsoft Update. During a UE-V agent upgrade, the default group of settings location templates for common Microsoft applications and Windows settings may be updated. UE-V agent updates can be deployed by using Enterprise Software Distribution (ESD) infrastructure. - -## Related topics - - -[Deploying UE-V 1.0](deploying-ue-v-10.md) - -[Supported Configurations for UE-V 1.0](supported-configurations-for-ue-v-10.md) - -[Deploying the Settings Storage Location for UE-V 1.0](deploying-the-settings-storage-location-for-ue-v-10.md) - -[Installing the UE-V Generator](installing-the-ue-v-generator.md) - -Deploy the User Experience Virtualization Agent - - - - - - - - diff --git a/mdop/uev-v1/deploying-ue-v-10.md b/mdop/uev-v1/deploying-ue-v-10.md deleted file mode 100644 index 27e673050d..0000000000 --- a/mdop/uev-v1/deploying-ue-v-10.md +++ /dev/null @@ -1,81 +0,0 @@ ---- -title: Deploying UE-V 1.0 -description: Deploying UE-V 1.0 -author: dansimp -ms.assetid: 519598bb-8c81-4af7-bee7-357696bff880 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploying UE-V 1.0 - - -There are a number of different deployment configurations that Microsoft User Experience Virtualization (UE-V) supports. This section includes general information and step-by-step procedures to help you successfully perform the tasks that you must complete at different stages of your deployment. - -## Deployment information for UE-V - - -A UE-V deployment requires a settings storage location on a network share and a UE-V agent installed on every computer that synchronizes settings. The UE-V Group Policy templates can be used to manage UE-V settings. The following topics describe how to deploy these features. - -[Deploying the Settings Storage Location for UE-V 1.0](deploying-the-settings-storage-location-for-ue-v-10.md) - -All UE-V deployments require a settings storage location where the settings packages that contain the synchronized setting values are located. - -[Deploying the UE-V Agent](deploying-the-ue-v-agent.md) - -To synchronize settings by using UE-V, a computer must have the UE-V Agent installed and running. - -[Installing the UE-V Group Policy ADMX Templates](installing-the-ue-v-group-policy-admx-templates.md) - -You can use Group Policy to preconfigure UE-V settings before you deploy the UE-V Agent as well as standard UE-V configuration. - -## Deployment information for custom template deployment - - -If you plan to create custom settings location templates for applications other than the Microsoft applications that are included in UE-V, such as line-of-business applications, then you can deploy a settings template catalog and you must install the UE-V Generator to create those templates. For more information, see [Planning for Custom Template Deployment for UE-V 1.0](planning-for-custom-template-deployment-for-ue-v-10.md). - -[Installing the UE-V Generator](installing-the-ue-v-generator.md) - -Use the UE-V Generator to create, edit, and validate custom settings location templates that help synchronize settings of applications other than the default applications. - -[Deploying the Settings Template Catalog for UE-V 1.0](deploying-the-settings-template-catalog-for-ue-v-10.md) - -If you need to deploy custom settings location templates to support applications other than the default applications in the UE-V Agent, you must configure a settings template catalog to store them. - -[Deploying UE-V Settings Location Templates for UE-V 1.0](deploying-ue-v-settings-location-templates-for-ue-v-10.md) - -If you need to synchronize applications other than the default applications in the UE-V Agent, the custom setting location templates that are created with UE-V Generator can be distributed to the UE-V settings template catalog. - -**Note**   -Deploying custom templates requires a settings template catalog. The default Microsoft application templates are deployed with the UE-V Agent. - - - -## Topics for this product - - -[Microsoft User Experience Virtualization (UE-V) 1.0](index.md) - -[Getting Started With User Experience Virtualization 1.0](getting-started-with-user-experience-virtualization-10.md) - -[Planning for UE-V 1.0](planning-for-ue-v-10.md) - -[Operations for UE-V 1.0](operations-for-ue-v-10.md) - -[Troubleshooting UE-V 1.0](troubleshooting-ue-v-10.md) - - - - - - - - - diff --git a/mdop/uev-v1/deploying-ue-v-settings-location-templates-for-ue-v-10.md b/mdop/uev-v1/deploying-ue-v-settings-location-templates-for-ue-v-10.md deleted file mode 100644 index b0afb56983..0000000000 --- a/mdop/uev-v1/deploying-ue-v-settings-location-templates-for-ue-v-10.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: Deploying UE-V Settings Location Templates for UE-V 1.0 -description: Deploying UE-V Settings Location Templates for UE-V 1.0 -author: dansimp -ms.assetid: 7e0cc553-14f7-40fa-828a-281c8d2d1934 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploying UE-V Settings Location Templates for UE-V 1.0 - - -Microsoft User Experience Virtualization (UE-V) uses settings location templates (XML files) that define the settings that are captured and applied by User Experience Virtualization. UE-V includes a set of standard templates, as well as a tool, the UE-V Generator, which allows you to create custom settings location templates. After you create a settings location template, you should test it to ensure that the application settings roam correctly in a test environment. You can then safely deploy the settings location template to computers in the enterprise. - -Settings location templates can be deployed by using enterprise software distribution (ESD), Group Policy preferences, or by configuring a UE-V settings template catalog. Templates that are deployed by using an ESD or Group Policy must be registered through UE-V WMI or PowerShell. Templates that are stored in the settings template catalog location are automatically registered by the UE-V agent. - -## Deploy the settings location templates with a settings template catalog path - - -The UE-V settings location template catalog path can be defined by using the following methods: Group Policy, the agent install command-line parameters, WMI, or PowerShell. After the template catalog path has been defined, the UE-V agent retrieves the new or updated templates from this location. The UE-V agent checks this location once each day and updates its synchronization behavior based on the templates found in this folder. Templates that have been added or updated in this folder since the last check are registered by the UE-V agent. The UE-V agent also unregisters templates that have been removed from this folder. Templates are registered and unregistered one time per day by the task scheduler. - -**To use settings template catalog path to deploy UE-V settings location templates** - -1. Navigate to the network share folder that is defined as the settings template catalog. - -2. Add, remove, or update settings location templates in the settings template catalog to reflect the desired UE-V agent template configuration for UE-V computers. - -3. Templates on computers are updated daily based on changes to the settings template catalog. - -4. Open an elevated command prompt and navigate to **%program files%\\Microsoft user Experience Virtualization \\ Agent \\ <x86 or x64 >**, and then run **ApplySettingsTemplateCatalog.exe** to manually update templates on a computer that runs the UE-V agent. - -## Related topics - - -[Microsoft User Experience Virtualization (UE-V) 1.0](index.md) - -[Deploying UE-V 1.0](deploying-ue-v-10.md) - -[Planning Which Applications to Synchronize with UE-V 1.0](planning-which-applications-to-synchronize-with-ue-v-10.md) - -  - -  - - - - - diff --git a/mdop/uev-v1/edit-ue-v-settings-location-templates-with-the-ue-v-generator.md b/mdop/uev-v1/edit-ue-v-settings-location-templates-with-the-ue-v-generator.md deleted file mode 100644 index 3b8b828a43..0000000000 --- a/mdop/uev-v1/edit-ue-v-settings-location-templates-with-the-ue-v-generator.md +++ /dev/null @@ -1,82 +0,0 @@ ---- -title: Edit UE-V Settings Location Templates with the UE-V Generator -description: Edit UE-V Settings Location Templates with the UE-V Generator -author: dansimp -ms.assetid: da78f9c8-1624-4111-8c96-79db7224bd0b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Edit UE-V Settings Location Templates with the UE-V Generator - - -Use the Microsoft User Experience Virtualization (UE-V) Generator to edit settings location templates. When the revised settings are added to the templates using the UE-V Generator, the version information within the template is automatically updated to ensure that any existing templates deployed in the enterprise are updated correctly. - -**How to edit a UE-V settings location template with the UE-V Generator** - -1. Click **Start**, click **All Programs**, click **Microsoft User Experience Virtualization**, and then click **Microsoft User Experience Virtualization Generator**. - -2. Click **Edit a settings location template**. - -3. In the list of recently used templates, select the template to be edited. Alternatively, **Browse** to the settings template file. Click **Next** to continue. - -4. Review the **Properties**, **Registry** locations, and **Files** locations for the settings template. Edit as needed. - - - The **Properties** tab allows you to view and edit the following properties: - - - **Application name**: The application name written in the description of the program file properties. - - - **Program name**: The name of the program taken from the program file properties. This name usually has the .exe extension. - - - **Product version**: The product version number of the .exe file of the application. This property, together with the **File version**, helps determine which applications are targeted by the settings location template. This property accepts a major version number. If this property is empty, then the settings location template will apply to all versions of the product. - - - **File version**: The file version number of the.exe file of the application. This property, along with the **Product version**, helps determine which applications are targeted by the settings location template. This property accepts a major version number. If this property is empty, the settings location template will apply to all versions of the program. - - - **Template author name** (optional): The name of the settings template author. - - - **Template author email** (optional): The email address of the settings location template author. - - - The **Registry** tab lists the **Key** and **Scope** of the registry locations that are included in the settings location template. You can edit the registry locations by use of the **Tasks** drop-down menu. Tasks include adding new keys, editing the name or scope of existing keys, deleting keys, and browsing the registry in which the keys are located. When you define the scope for the registry, you can use the **All Settings** scope to include all the registry settings under the specified key. Use **All Settings** and **Subkeys** to include all the registry settings under the specified key, subkeys, and subkey settings. - - - The **Files** tab lists the file path and file mask of the file locations included in the settings location template. You can edit the file locations by use of the **Tasks** drop-down menu. Tasks for file locations include adding new files or folder locations, editing the scope of existing files or folders, deleting files or folders, and opening the selected location in Windows Explorer. To include all files in the specified folder, leave the file mask empty. - -5. Click **Save** to save the changes to the settings location template. - -6. Click **Close** to close the Settings Template Wizard. Exit the UE-V Generator application. - - After editing the settings location template for an application, you should test the template. Deploy the revised settings location template in a lab environment before putting it into production in the enterprise. - -**How to manually edit a settings location template** - -1. Create a local copy of the settings location template (.xml file). UE-V settings location templates are .xml files identifying the locations where application store settings values. - -2. Open the settings location template file with an XML editor. - -3. Edit the settings location template file. All changes must conform to the UE-V schema file defined in SettingsLocationTempate.xsd. A copy of the .xsd file is located in `\ProgramData\Microsoft\UEV\Templates` by default. - -4. Save the settings location template file and close the XML editor. - -5. Validate the modified settings location template file with the UE-V Generator. For more information about validating with the UE-V Generator, see [Validate UE-V Settings Location Templates with UE-V Generator](validate-ue-v-settings-location-templates-with-ue-v-generator.md). - -## Related topics - - -[Working with Custom UE-V Templates and the UE-V Generator](working-with-custom-ue-v-templates-and-the-ue-v-generator.md) - -[Operations for UE-V 1.0](operations-for-ue-v-10.md) - -  - -  - - - - - diff --git a/mdop/uev-v1/getting-started-with-user-experience-virtualization-10.md b/mdop/uev-v1/getting-started-with-user-experience-virtualization-10.md deleted file mode 100644 index f7d00db09e..0000000000 --- a/mdop/uev-v1/getting-started-with-user-experience-virtualization-10.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: Getting Started With User Experience Virtualization 1.0 -description: Getting Started With User Experience Virtualization 1.0 -author: dansimp -ms.assetid: 74a068dc-4f87-4cb4-b114-8ca2a37149f7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Getting Started With User Experience Virtualization 1.0 - - -Microsoft User Experience Virtualization (UE-V) captures and centralizes application settings and Windows operating system settings for the user. These settings are then applied to the different computers that are accessed by the user, including desktop computers, laptop computers, and virtual desktop infrastructure (VDI) sessions. - -UE-V offers settings synchronization for common Microsoft applications and Windows settings. It also delivers user settings at any time to wherever users work throughout the enterprise. UE-V allows administrators to specify which application settings and Windows settings roam. UE-V helps administrators to create custom settings location templates for third-party or line-of-business applications that are used in the enterprise. - -User Experience Virtualization delivers an enhanced user state virtualization experience. It provides consistent personalization of the user’s settings in the following scenarios: - -- Roaming user application and Windows settings between computers. - -- Roaming user settings between the instances of an application that are deployed by using different methods: - - - Installed applications - - - Application Virtualization (App-V) sequenced applications - - - RemoteApp (Remote Desktop Virtualization) applications - -- Recovering settings for a computer after replacement, hardware upgrade, or reimage. - -This product requires thorough planning before you deploy it or use its features. Because this product can affect every computer in your organization, you might disrupt your entire network if you do not plan your deployment carefully. However, if you plan your deployment carefully and manage it so that it meets your business needs, this product can help reduce your administrative overhead and total cost of ownership. - -If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at . - -**Note**   -A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at (https://go.microsoft.com/fwlink/?LinkId=272497). - - - -## Getting started with Microsoft User Experience Virtualization topics - - -- [About User Experience Virtualization 1.0](about-user-experience-virtualization-10.md) - - Describes the functionality and features of User Experience Virtualization. - -- [High-Level Architecture for UE-V 1.0](high-level-architecture-for-ue-v-10.md) - - Explains the features of User Experience Virtualization. - -- [Microsoft User Experience Virtualization (UE-V) 1.0 Release Notes](microsoft-user-experience-virtualization--ue-v--10-release-notes.md) - - Describes the known issues for UE-V. - -- [Accessibility for UE-V](accessibility-for-ue-v.md) - - Describes the keyboard shortcuts and accessibility information for UE-V. - -## Other resources for this product - - -- [Microsoft User Experience Virtualization (UE-V) 1.0](index.md) - -- [Planning for UE-V 1.0](planning-for-ue-v-10.md) - -- [Deploying UE-V 1.0](deploying-ue-v-10.md) - -- [Operations for UE-V 1.0](operations-for-ue-v-10.md) - -- [Troubleshooting UE-V 1.0](troubleshooting-ue-v-10.md) - - - - - - - - - diff --git a/mdop/uev-v1/high-level-architecture-for-ue-v-10.md b/mdop/uev-v1/high-level-architecture-for-ue-v-10.md deleted file mode 100644 index fc68a953dd..0000000000 --- a/mdop/uev-v1/high-level-architecture-for-ue-v-10.md +++ /dev/null @@ -1,90 +0,0 @@ ---- -title: High-Level Architecture for UE-V 1.0 -description: High-Level Architecture for UE-V 1.0 -author: dansimp -ms.assetid: d54f9f10-1a4d-4e56-802d-22d51646e1cc -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# High-Level Architecture for UE-V 1.0 - - -This topic describes high-level architectural elements of the Microsoft User Experience Virtualization (UE-V) settings roaming solution. The following elements are part of a standard UE-V deployment. - -![ue-v agent architectural diagram](images/ue-vagentarchitecturaldiagram.gif) - -The UE-V Agent monitors the applications and the operating system processes as they are identified in the UE-V settings location templates. When the application or operating system starts, the settings are read from the settings package and applied to the computer. When the application closes or when the operating system is locked or shut down, settings are saved in a UE-V settings package in the settings storage location. - -## Settings storage location - - -The settings storage location is a file share that the User Experience Virtualization agent accesses to read and write settings. This location is either the Active Directory home directory or defined during the UE-V installation. You can set the location during the installation of the UE-V agent, or you can set it later with Group Policy, WMI, or PowerShell. The location can be on any common file share that users can access. If no setting storage location is set during installation then UE-V will use the home directory in Active Directory. The UE-V agent verifies the location and creates a system folder that is hidden from the user in which to store and access the user settings. For more information about settings storage, see [Preparing Your Environment for UE-V](preparing-your-environment-for-ue-v.md). - -## UE-V Agent - - -The UE-V agent is installed on each computer with settings that are synchronized by User Experience Virtualization. The agent monitors the registered applications and the operating system for any changes to that are made to settings, and it synchronizes those settings between computers. Settings are applied from the settings storage location to the application when the application is started. The settings are then saved back to the settings storage location when the application closes. The operating system settings are applied when the user logs on, when the computer is unlocked, or when the user connects remotely to the computer by using remote desktop protocol (RDP). The agent saves settings when the user logs off, when the computer is locked, or when a remote connection is disconnected. For more information about the UE-V Agent, see [Preparing Your Environment for UE-V](preparing-your-environment-for-ue-v.md). - -## Settings location templates - - -The settings location template is an XML file that defines the settings locations to be monitored by User Experience Virtualization. Only the settings locations defined in these settings templates are captured or applied on computers running the UE-V Agent. The settings location template does not contain settings values, only the locations where values are stored on the computer. - -UE-V includes a set of settings location templates that specify settings locations for some Microsoft applications and Windows settings. An administrator can create custom settings location templates by using the UE-V Generator. - -[Planning Which Applications to Synchronize with UE-V 1.0](planning-which-applications-to-synchronize-with-ue-v-10.md) - -[Planning for Custom Template Deployment for UE-V 1.0](planning-for-custom-template-deployment-for-ue-v-10.md) - -[Working with Custom UE-V Templates and the UE-V Generator](working-with-custom-ue-v-templates-and-the-ue-v-generator.md) - -## Settings packages - - -Application settings and Windows settings are stored in settings packages, which are created by the UE-V Agent. A settings package is a collection of the settings that are represented in the settings location templates. These settings packages are built, locally stored, and then copied to the settings storage location. “Last write wins” determines which settings are preserved when a single user synchronizes the more than one computer to a storage location. The agent that runs on one computer reads and writes to the settings location independent of agents that run on other computers. The most recently written settings and values are applied when the next agent reads from the settings storage location. - -![ue-v generator process](images/ue-vgeneratorprocess.gif) - -## Settings template catalog - - -The settings template catalog is a folder path on UE-V computers or a Server Message Block (SMB) network share that stores all the custom settings location templates. The UE-V agent retrieves new or updated templates from this location. The UE-V agent checks this location once each day and it updates its synchronization behavior based on the templates in this folder. The templates that were added or updated in this folder since the last check are registered by the UE-V agent. The UE-V agent deregisters the templates that were removed from this folder. Templates are registered and unregistered one time per day by the task scheduler. If you will use only the default settings location templates that are included with UE-V, then a settings template catalog is unnecessary. For more information about settings deployment catalogs, see [Planning for Custom Template Deployment for UE-V 1.0](planning-for-custom-template-deployment-for-ue-v-10.md). - -## User Experience Virtualization Generator - - -The User Experience Virtualization Generator enables you to create custom settings location templates which will store the settings locations of the applications that are used in the enterprise and that you want to include in the roaming settings solution. The UE-V Generator will seek to discover the locations of registry values and the settings files for applications and then it will record those locations in a settings location template XML file. You can then distribute these settings location templates to the user computers. The UE-V Generator also allows an administrator to edit an existing template or validate a template that was created with another XML editor. - -The UE-V Generator monitors an application to discover and record where it stores its settings. To do this, it monitors where the application reads or writes in the HKEY\_CURRENT\_USER registry or in the file folders under **Users** \\ \[User name\] \\ **AppData** \\ **Roaming and Users** \\ \[User name\] \\ **AppData** \\ **Local**. - -The discovery process excludes registry keys and files to which the logged-in user cannot write values. None of these will be included in the XML file. The discovery process also excludes registry keys and files that are associated with the core functionality of the Windows operating system. - -For more information about the UE-V Generator, see [Installing the UE-V Generator](installing-the-ue-v-generator.md). - -## Related topics - - -[Microsoft User Experience Virtualization (UE-V) 1.0](index.md) - -[Getting Started With User Experience Virtualization 1.0](getting-started-with-user-experience-virtualization-10.md) - -[About User Experience Virtualization 1.0](about-user-experience-virtualization-10.md) - -[Working with Custom UE-V Templates and the UE-V Generator](working-with-custom-ue-v-templates-and-the-ue-v-generator.md) - -  - -  - - - - - diff --git a/mdop/uev-v1/images/checklistbox.gif b/mdop/uev-v1/images/checklistbox.gif deleted file mode 100644 index 8af13c51d1..0000000000 Binary files a/mdop/uev-v1/images/checklistbox.gif and /dev/null differ diff --git a/mdop/uev-v1/images/ue-vagentarchitecturaldiagram.gif b/mdop/uev-v1/images/ue-vagentarchitecturaldiagram.gif deleted file mode 100644 index a09e120130..0000000000 Binary files a/mdop/uev-v1/images/ue-vagentarchitecturaldiagram.gif and /dev/null differ diff --git a/mdop/uev-v1/images/ue-vgeneratorprocess.gif b/mdop/uev-v1/images/ue-vgeneratorprocess.gif deleted file mode 100644 index 1c1ef4331d..0000000000 Binary files a/mdop/uev-v1/images/ue-vgeneratorprocess.gif and /dev/null differ diff --git a/mdop/uev-v1/index.md b/mdop/uev-v1/index.md deleted file mode 100644 index 3fe3f036fa..0000000000 --- a/mdop/uev-v1/index.md +++ /dev/null @@ -1,58 +0,0 @@ ---- -title: Microsoft User Experience Virtualization (UE-V) 1.0 -description: Microsoft User Experience Virtualization (UE-V) 1.0 -author: dansimp -ms.assetid: 7c2b59f6-bbe9-4373-8b08-c1738665a37b -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 04/19/2017 ---- - - -# Microsoft User Experience Virtualization (UE-V) 1.0 - ->[!NOTE] ->This documentation is a for version of UE-V that was included in the Microsoft Desktop Optimization Pack (MDOP). For information about the latest version of UE-V which is included in Windows 10 Enterprise, see [Get Started with UE-V](https://docs.microsoft.com/windows/configuration/ue-v/uev-getting-started). - - -Microsoft User Experience Virtualization (UE-V) captures and centralizes application settings and Windows operating system settings for the user. These settings are then applied to the different computers that are accessed by the user, including desktop computers, laptop computers, and virtual desktop infrastructure (VDI) sessions. - -[Getting Started With User Experience Virtualization 1.0](getting-started-with-user-experience-virtualization-10.md) - -[About User Experience Virtualization 1.0 SP1](about-user-experience-virtualization-10-sp1.md)  **|**  [Microsoft User Experience Virtualization (UE-V) 1.0 SP1 Release Notes](microsoft-user-experience-virtualization--ue-v--10-sp1-release-notes.md)  **|**  [About User Experience Virtualization 1.0](about-user-experience-virtualization-10.md)  **|**  [Microsoft User Experience Virtualization (UE-V) 1.0 Release Notes](microsoft-user-experience-virtualization--ue-v--10-release-notes.md)  **|**  [High-Level Architecture for UE-V 1.0](high-level-architecture-for-ue-v-10.md)  **|**  [Accessibility for UE-V](accessibility-for-ue-v.md) - -[Planning for UE-V 1.0](planning-for-ue-v-10.md) - -[Preparing Your Environment for UE-V](preparing-your-environment-for-ue-v.md)  **|**  [Supported Configurations for UE-V 1.0](supported-configurations-for-ue-v-10.md)  **|**  [Planning Which Applications to Synchronize with UE-V 1.0](planning-which-applications-to-synchronize-with-ue-v-10.md)  **|**  [Planning for UE-V Configuration Methods](planning-for-ue-v-configuration-methods.md)  **|**  [UE-V Checklist](ue-v-checklist.md) - -[Deploying UE-V 1.0](deploying-ue-v-10.md) - -[Deploying the Settings Storage Location for UE-V 1.0](deploying-the-settings-storage-location-for-ue-v-10.md)  **|**  [Configuring UE-V with Group Policy Objects](configuring-ue-v-with-group-policy-objects.md)  **|**  [Deploying the Settings Template Catalog for UE-V 1.0](deploying-the-settings-template-catalog-for-ue-v-10.md)  **|**  [Deploying UE-V Settings Location Templates for UE-V 1.0](deploying-ue-v-settings-location-templates-for-ue-v-10.md)  **|**  [Deploying the UE-V Agent](deploying-the-ue-v-agent.md)  **|**  [Installing the UE-V Generator](installing-the-ue-v-generator.md) - -[Operations for UE-V 1.0](operations-for-ue-v-10.md) - -[Administering UE-V 1.0](administering-ue-v-10.md)  **|**  [Working with Custom UE-V Templates and the UE-V Generator](working-with-custom-ue-v-templates-and-the-ue-v-generator.md)  **|**  [Administering UE-V with PowerShell and WMI](administering-ue-v-with-powershell-and-wmi.md)  |  [Security and Privacy for UE-V 1.0](security-and-privacy-for-ue-v-10.md) - -[Troubleshooting UE-V 1.0](troubleshooting-ue-v-10.md) - -### More information - -[Microsoft User Experience Virtualization (UE-V) 1.0 Release Notes](microsoft-user-experience-virtualization--ue-v--10-release-notes.md) -View updated product information and known issues for UE-V 1.0. - -[MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286) -Learn about the latest MDOP information and resources. - -[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) -Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447). - -  - -  - - - - - diff --git a/mdop/uev-v1/installing-the-ue-v-generator.md b/mdop/uev-v1/installing-the-ue-v-generator.md deleted file mode 100644 index 90bba89eb5..0000000000 --- a/mdop/uev-v1/installing-the-ue-v-generator.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: Installing the UE-V Generator -description: Installing the UE-V Generator -author: dansimp -ms.assetid: 198b9a5f-3dfc-46be-9005-d33451914f87 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Installing the UE-V Generator - - -The Microsoft User Experience Virtualization (UE-V) generator can be installed on a computer and used to create a custom settings location template. This computer should have the applications installed for which custom settings location templates will be generated. To install the UE-V Generator, run **ToolsSetup.exe**. If the architecture of the computer is known, then you can run the appropriate Windows Installer (.msi) file, **ToolsSetupx64.msi** or **ToolsSetupx86.msi**. - -**To install the UE-V Generator** - -1. As a user with local computer administrator rights, locate the UE-V Generator installation file (ToolSetup.exe) provided with the User Experience Virtualization software. - -2. Double-click the installation file. The User Experience Virtualization Generator Setup wizard opens. Click **Next** to continue. - -3. Accept the Microsoft Software License Terms, and then click **Next**. - -4. Specify the options for Microsoft Updates and the Customer Experience Improvement Program. - -5. Select the destination folder in which the UE-V Generator will be installed, and then click **Next**. - -6. Click **Install** to begin the installation. - - **Note**   - A prompt for User Account Control appears before the application is installed. Permission is required to install the UE-V generator. - - - -7. Click **Finish** to close the wizard after the installation is complete. You will need to restart your computer before you can run the UE-V Generator. - - To verify that the installation was successful, click **Start**, click **All Programs**, click **Microsoft User Experience Virtualization**, and then click **Microsoft User Experience Virtualization Generator**. - -## Related topics - - -[Deploying UE-V 1.0](deploying-ue-v-10.md) - -[Working with Custom UE-V Templates and the UE-V Generator](working-with-custom-ue-v-templates-and-the-ue-v-generator.md) - -[Planning for Custom Template Deployment for UE-V 1.0](planning-for-custom-template-deployment-for-ue-v-10.md) - - - - - - - - - diff --git a/mdop/uev-v1/installing-the-ue-v-group-policy-admx-templates.md b/mdop/uev-v1/installing-the-ue-v-group-policy-admx-templates.md deleted file mode 100644 index 81dc8f85cc..0000000000 --- a/mdop/uev-v1/installing-the-ue-v-group-policy-admx-templates.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -title: Installing the UE-V Group Policy ADMX Templates -description: Installing the UE-V Group Policy ADMX Templates -author: dansimp -ms.assetid: 7bd1f12e-7ba6-49f9-af9c-22c496b13b39 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 07/12/2017 ---- - - -# Installing the UE-V Group Policy ADMX Templates - - -The Microsoft User Experience Virtualization (UE-V) agent can be managed by using the existing Group Policy infrastructure. The UE-V ADMX template configures the synchronization settings for the UE-V agent. The ADMX template enables the central management of common UE-V Agent configuration settings by using an existing Group Policy infrastructure. - -**System requirements** - -Supported operating systems for the Domain Controller that deploys the Group Policy Objects include the following: - -- Windows Server 2008 R2 - -- Windows Server 2012 - -ADMX files can be installed and tested locally on any computer that runs the Windows operating system. - -**To download the UE-V ADMX templates** - -1. Download the UE-V ADMX template files: . - -2. For more information about how to deploy the Group Policy templates, see . - -## Related topics - - -[Deploying UE-V 1.0](deploying-ue-v-10.md) - -[Configuring UE-V with Group Policy Objects](configuring-ue-v-with-group-policy-objects.md) - -  - -  - - - - - diff --git a/mdop/uev-v1/managing-the-ue-v-10-agent-and-packages-with-powershell-and-wmi.md b/mdop/uev-v1/managing-the-ue-v-10-agent-and-packages-with-powershell-and-wmi.md deleted file mode 100644 index 317975228c..0000000000 --- a/mdop/uev-v1/managing-the-ue-v-10-agent-and-packages-with-powershell-and-wmi.md +++ /dev/null @@ -1,292 +0,0 @@ ---- -title: Managing the UE-V 1.0 Agent and Packages with PowerShell and WMI -description: Managing the UE-V 1.0 Agent and Packages with PowerShell and WMI -author: dansimp -ms.assetid: c8989b01-1769-4e69-82b1-4aadb261d2d5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Managing the UE-V 1.0 Agent and Packages with PowerShell and WMI - - -You can use WMI and PowerShell to manage Microsoft User Experience Virtualization (UE-V) Agent configuration and synchronization behavior. - -**How to deploy the UE-V agent with PowerShell** - -1. Stage the UE-V installer file in an accessible network share. - - **Note** - Use AgentSetup.exe to deploy both 32-bit and 64-bit versions of the UE-V Agent. Windows Installer Files versions, AgentSetupx86.msi and AgentSetupx64.msi, are available for each architecture. To uninstall the UE-V Agent at a later time using the installation file, you must use the same file type. - - - -2. Use one of the following PowerShell commands to install the agent. - - `& AgentSetup.exe /quiet /norestart /log "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\\server\settingsshare\%username%` - - `& msiexec.exe /i "" /quiet /norestart /l*v "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\\server\settingsshare\%username%` - -**How to configure the UE-V Agent with PowerShell** - -1. Use an account with administrator rights to open a PowerShell window. Import the UE-V PowerShell module by using the following command. - - ``` syntax - Import-module UEV - ``` - -2. Use the following PowerShell commands to configure the agent. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

PowerShell command

Description

Get-UevConfiguration

-

View the effective UE-V agent settings. User-specific settings have precedence over the computer settings.

Get-UevConfiguration - CurrentComputerUser

-

View the UE-V agent settings values for the current user only.

Get-UevConfiguration -Computer

View the UE-V agent configuration settings values for all users on the computer.

Set-UevConfiguration -Computer -SettingsStoragePath <path to _settings_storage_location>

Define a per-computer settings storage location.

Set-UevConfiguration -CurrentComputerUser -SettingsStoragePath <path to _settings_storage_location>

Define a per-user settings storage location.

Set-UevConfiguration -Computer -SyncTimeoutInMilliseconds <timeout in milliseconds>

Set the synchronization timeout in milliseconds

Set-UevConfiguration -CurrentComputerUser -SyncTimeoutInMilliseconds <timeout in milliseconds>

Set the synchronization timeout for the current user.

Set-UevConfiguration -Computer -MaxPackageSizeInBytes <size in bytes>

Configure the UE-V agent to report when a settings package file size reaches a defined threshold. Set the threshold package size in bytes.

Set-UevConfiguration -CurrentComputerUser -MaxPackageSizeInBytes <size in bytes>

Set the package size warning threshold for the current user.

Set-UevConfiguration –Computer –SettingsTemplateCatalogPath <path to catalog>

Set the settings template catalog path.

Set-UevConfiguration -Computer -SyncMethod <sync method>

Set the synchronization method: OfflineFiles or None.

Set-UevConfiguration -CurrentComputerUser -SyncMethod <sync method>

Set the synchronization method for the current user: OfflineFiles or None.

Set-UEVConfiguration -Computer –EnableSettingsImportNotify

Enable notification to occur when the import of user settings is delayed.

-

Use –DisableSettingsImportNotify to disable notification.

Set-UEVConfiguration - CurrentComputerUser -EnableSettingsImportNotify

Enable notification for the current user when the import of user settings is delayed.

-

Use –DisableSettingsImportNotify to disable notification.

Set-UEVConfiguration -Computer -SettingsImportNotifyDelayInSeconds

Specify the time in seconds before the user is notified

Set-UEVConfiguration - CurrentComputerUser -SettingsImportNotifyDelayInSeconds

Specify the time in seconds before notification for the current user.

Set-UevConfiguration –Computer –DisableSync

Disable UE-V for all the users on the computer.

-

Use –EnableSync to enable or re-enable.

Set-UevConfiguration –CurrentComputerUser -DisableSync

Disable UE-V for the current user on the computer.

-

Use –EnableSync to enable or re-enable.

Clear-UevConfiguration –Computer -<setting name>

Clear a specific setting for all users on the computer.

Clear-UevConfiguration –CurrentComputerUser -<setting name>

Clear a specific setting for the current user only.

Export-UevConfiguration <settings migration file>

Export the UE-V computer configuration to a settings migration file. The extension of the file must be “.uev”.

-

The export cmdlet exports all UE-V agent settings that are configurable with the -computer parameter.

Import-UevConfiguration <settings migration file>

Import the UE-V computer configuration from a settings migration file (.uev file).

- - - -**How to export UE-V package settings and repair UE-V templates with PowerShell** - -1. Open a PowerShell window as an Administrator. Import the UE-V PowerShell module with the following command. - - ``` syntax - Import-module UEV - ``` - -2. Use the following PowerShell commands to configure the agent. - - - - - - - - - - - - - - - - - - - - -

PowerShell command

Description

Export-UevPackage MicrosoftCalculator6.pkgx

Extracts the settings from a Microsoft Calculator package file and converts them into a human-readable format in XML.

Repair-UevTemplateIndex

Repairs the index of the UE-V settings location templates.

- - - -**How to configure the UE-V Agent with WMI** - -1. User Experience Virtualization provides the following set of WMI commands. Administrators can use this interface to configure the UE-V agent from the command line and automate typical configuration tasks. - - Use an account with administrator rights to open a PowerShell window. - -2. Use the following WMI commands to configure the agent. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PowerShell commandDescription

Get-WmiObject -Namespace root\Microsoft\UEV Configuration

-

View the active UE-V agent settings. User-specific settings have precedence over the computer settings.

Get-WmiObject -Namespace root\Microsoft\UEV UserConfiguration

View the UE-V agent configuration that is defined for user.

Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration

View the UE-V agent configuration that is defined for computer.

$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration

-

$config.SettingsStoragePath = <path_to_settings_storage_location>

-

$config.Put()

Define a per-computer settings storage location.

$config = Get-WmiObject -Namespace root\Microsoft\UEV UserConfiguration

-

$config.SettingsStoragePath = <path_to_settings_storage_location>

-

$config.Put()

Define a per-user settings storage location.

$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration

-

$config.SyncTimeoutInMilliseconds = <timeout_in_milliseconds>

-

$config.Put()

Set the synchronization timeout in milliseconds.

$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration

-

$config.MaxPackageSizeInBytes = <size_in_bytes>

-

$config.Put()

Configure the UE-V agent to report when a settings package file size reaches a defined threshold. Set the threshold package file size in bytes.

$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration

-

$config.SyncMethod = <sync_method>

-

$config.Put()

Set the synchronization method: OfflineFiles or None.

$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration

-

$config.<setting name> = <setting value>

-

$config.Put()

Update a specific per-computer setting. To clear the setting, use $null as the setting value.

$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration

-

$config.<setting name> = <setting value>

-

$config.Put()

Update a specific per-user setting. To clear the setting, use $null as the setting value.

- - - -~~~ -Upon configuration of the UE-V Agent with WMI and PowerShell, the defined configuration is stored in the registry in the following locations: - -`\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UEV\Agent\Configuration` - -`\HKEY_CURRENT_USER\SOFTWARE\Microsoft\UEV\Agent\Configuration` -~~~ - -## Related topics - - -[Administering UE-V 1.0](administering-ue-v-10.md) - -[Operations for UE-V 1.0](operations-for-ue-v-10.md) - - - - - - - - - diff --git a/mdop/uev-v1/managing-ue-v-10-settings-location-templates-using-powershell-and-wmi.md b/mdop/uev-v1/managing-ue-v-10-settings-location-templates-using-powershell-and-wmi.md deleted file mode 100644 index be26ce0c20..0000000000 --- a/mdop/uev-v1/managing-ue-v-10-settings-location-templates-using-powershell-and-wmi.md +++ /dev/null @@ -1,198 +0,0 @@ ---- -title: Managing UE-V 1.0 Settings Location Templates Using PowerShell and WMI -description: Managing UE-V 1.0 Settings Location Templates Using PowerShell and WMI -author: dansimp -ms.assetid: 4b911c78-a5e9-4199-bfeb-72ab764d47c1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Managing UE-V 1.0 Settings Location Templates Using PowerShell and WMI - - -Microsoft User Experience Virtualization (UE-V) uses settings location templates (XML files) that define the settings captured and applied by User Experience Virtualization. UE-V includes a set of standard settings location templates. It also includes the UE-V Generator tool that enables you to create custom settings location templates. After you create and deploy settings location templates you can manage those templates using PowerShell or WMI. - -## Manage settings location templates with WMI and PowerShell - - -The WMI and PowerShell features of UE-V include the ability to enable, disable, register, update, and unregister settings location templates. By using these features, you can automate the process of registering, updating, or unregistering templates with the UE-V agent. You can also manually register templates using WMI and PowerShell commands. By using these features in conjunction with an electronic software distribution solution, Group Policy, or another automated deployment method such as a script, you can further automate that process. - -You must have administrator permissions to update, register, or unregister a settings location template. Administrator permissions are not required to enable or disable templates. - -**To manage settings location templates with PowerShell** - -1. Use an account with administrator rights to open a Windows PowerShell window. To import the **Microsoft UE-V PowerShell** module, type the following command at the PowerShell command prompt. - - ``` syntax - Import-module UEV - ``` - -2. Use the following PowerShell cmdlets to register and manage the UE-V settings location templates. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PowerShell commandDescription

Get-UevTemplate

Lists all the settings location templates registered on the computer.

Register-UevTemplate

Registers a settings location template with UE-V. Once a template is registered, UE-V will synchronize the settings that are defined in the template between computers that have the template registered.

Unregister-UevTemplate

Unregisters a settings location template with UE-V. As soon as a template is unregistered, UE-V will no longer synchronize the settings that are defined in the template between computers.

Update-UevTemplate

Updates a settings location template with a more recent version of the template. The new template should have a version that is later than the existing one.

Disable-UevTemplate

Disables a settings location template for the current user of the computer.

Enable-UevTemplate

Enables a settings location template for the current user of the computer.

Test-UevTemplate

Determines whether a given settings location template complies with its XML schema.

- - - -The UE-V PowerShell features allow you to manage a group of settings templates deployed in your enterprise. To manage a group of templates using PowerShell, do the following. - -**To manage a group of settings location templates with PowerShell** - -1. Modify or update the desired settings location templates. - -2. Deploy the desired settings location templates to a folder accessible to the local computer. - -3. On the local computer, open a Windows PowerShell window with administrator rights. - -4. Import the Microsoft UE-V PowerShell module, by typing the following command. - - ``` syntax - Import-module UEV - ``` - -5. Unregister all the previously registered versions of the templates by typing the following command. - - ``` syntax - Get-UevTemplate | Unregister-UevTemplate - ``` - - This will unregister all active templates on the computer. - -6. Register the updated templates by typing the following command. - - ``` syntax - Register-UevTemplate \*.xml - ``` - - This will register all of the settings location templates located in the specified template folder. - -User Experience Virtualization provides the following set of WMI commands. Administrators can use these interfaces to manage settings location templates from Windows PowerShell and automate template administrative tasks. - -**To manage settings location templates with WMI** - -1. Use an account with administrator rights to open a Windows PowerShell window. - -2. Use the following WMI commands to register and manage the UE-V settings location templates. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

PowerShell command

Description

Get-WmiObject -Namespace root\Microsoft\UEV SettingsLocationTemplate | Select-Object TemplateId,TemplateName, TemplateVersion,Enabled | Format-Table -Autosize

Lists all the settings location templates registered for the computer.

Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name Register -ArgumentList <template path >

Registers a settings location template with UE-V.

Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name UnregisterByTemplateId -ArgumentList <template ID>

Unregisters a settings location template with UE-V. As soon as a template is unregistered, UE-V will no longer synchronize the settings that are defined in the template between computers.

Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name EnableByTemplateId -ArgumentList <template ID>

Enables a settings location template with UE-V

Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name DisableByTemplateId -ArgumentList <template ID>

Disables a settings location template with UE-V

Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name Update -ArgumentList <template path>

Updates a settings location template with UE-V. The new template should have a version that is higher than the existing one.

Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name Validate -ArgumentList <template path>

Determines whether a given settings location template complies with its XML schema.

- - - -**How to deploy the UE-V agent with PowerShell** - -1. Stage the UE-V installer file in an accessible network share. - - **Note**   - Use AgentSetup.exe to deploy both 32-bit and 64-bit versions of the UE-V Agent. Windows Installer Files versions, AgentSetupx86.msi and AgentSetupx64.msi, are available for each architecture. To uninstall the UE-V Agent at a later time using the installation file, you must use the same file type. - - - -2. Use one of the following PowerShell commands to install the agent. - - `& AgentSetup.exe /quiet /norestart /log "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\\server\settingsshare\%username%` - - `& msiexec.exe /i "" /quiet /norestart /l*v "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\\server\settingsshare\%username%` - -## Related topics - - -[Managing the UE-V 1.0 Agent and Packages with PowerShell and WMI](managing-the-ue-v-10-agent-and-packages-with-powershell-and-wmi.md) - -[Administering UE-V 1.0](administering-ue-v-10.md) - -[Operations for UE-V 1.0](operations-for-ue-v-10.md) - - - - - - - - - diff --git a/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-release-notes.md b/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-release-notes.md deleted file mode 100644 index b16ae11350..0000000000 --- a/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-release-notes.md +++ /dev/null @@ -1,131 +0,0 @@ ---- -title: Microsoft User Experience Virtualization (UE-V) 1.0 Release Notes -description: Microsoft User Experience Virtualization (UE-V) 1.0 Release Notes -author: dansimp -ms.assetid: 920f3fae-e9b5-4b94-beda-32c19d31e94b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Microsoft User Experience Virtualization (UE-V) 1.0 Release Notes - - -To search Microsoft User Experience Virtualization (UE-V) release notes, press Ctrl+F. - -You should read these release notes thoroughly before you install UE-V. The release notes contain information that is required to successfully install User Experience Virtualization, and contain additional information that is not available in the product documentation. If there are differences between these release notes and other UE-V documentation, the latest change should be considered authoritative. These release notes supersede the content that is included with this product. - -## Providing feedback - - -Tell us what you think about our documentation for MDOP by giving us your feedback and comments. Send your documentation feedback to [mdopdocs@microsoft.com](mailto:mdopdocs@microsoft.com?subject=UE-V%20Documentation). - -## UE-V known issues - - -This section contains release notes for User Experience Virtualization. - -### Registry settings fail to synchronize between App-V and native applications on the same computer - -When a computer has an application that is available through both the Application Virtualization (App-V) application and a native installation application (installed with an .msi file), the registry-based settings do not synchronize between the technologies. - -WORKAROUND: To resolve this problem, run the application by selecting one of the two technologies, but not both. - -### Windows 8 setting synchronization fails with error: "boost::filesystem::exists::Incorrect user name or password" - -The Windows® 8 operating system settings synchronization fails with the following error message: **boost::filesystem::exists::Incorrect user name or password**. To check for operational log events, open the **Event Viewer** and navigate to **Applications and Services Logs** / **Microsoft** / **User Experience Virtualization** / **Logging** / **Operational**. Network shares that are used for UE-V settings storage locations should reside in the same Active Directory domain as the user. Otherwise, the following error might occur: "Incorrect user name or password". - -WORKAROUND: Use network shares from the same Active Directory domain as the user. . - -### Email signature roaming for Outlook 2010 - -UE-V will roam the Outlook 2010 signature files between devices. However, the default signature options for new messages and replies/forwards are not.  These two settings are stored in the Outlook profile, which UE-Vdoes not roam. - -WORKAROUND: None. - -### Synchronization settings do not synchronize on expected interval when running in slow-link mode - -Under normal conditions, settings storage locations should be available over a fast link network connection. In slow-link mode, synchronization will only occur on a periodic basis. By default, the slow-link mode synchronization schedule is set to every 360 minutes. - -WORKAROUND: To change the frequency of the background synchronization for computers in slow-link mode, you can configure the Group Policy for Background Sync policy for **Offline files**. - -### Special characters do not synchronize - -Certain characters, such as currency symbols, do not synchronize between Windows 7 and Windows 8 computers that run the UE-V agent. - -WORKAROUND: None. - -### UE-V does not support roaming settings between 32-bit and 64-bit versions of Microsoft Office - -We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here. ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](https://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office. - -WORKAROUND: None - -### Other folders on the share with the setting storage location are unavailable in slow-connection mode - -Settings store shares should not be located on a network share that is used for other folders that must always be available. When the network share that hosts the setting storage location goes into slow-connection mode, the only available folder is the settings storage location folder. Other folders on the Share are not available in slow-connection mode. - -Workaround: None - -### Favicons that are associated with Internet Explorer 9 favorites do not roam - -The favicons that are associated with Internet Explorer 9 favorites are not roamed by User Experience Virtualization and do not appear when the favorites first appear on a new computer. - -WORKAROUND: Favicons will appear with their associated favorites once the bookmark is used and cached in the Internet Explorer 9 browser. - -### File settings paths are stored in registry - -Some application settings store the paths of their configuration and settings files as values in the registry. The files that are referenced as paths in the registry must be synchronized when settings are roamed between computers. - -WORKAROUND: Use folder redirection or some other technology to ensure that any files that are referenced as file settings paths are present and placed in the same location on all computers where settings roam. - -### Paths longer than 260 characters are not supported - -Settings storage paths that are longer than 260 characters are not supported. Copying the UE-V settings packages to settings storage paths that are longer than 260 characters will fail and generate the following exception message in the UE-V operational event log: **\[boost::filesystem::copy\_file: The system cannot find the path specified\]**. To check for operational log events, open the **Event Viewer** and navigate to **Applications and Services Logs** / **Microsoft** / **User Experience Virtualization** / **Logging** / **Operational**. - -File settings paths that are longer than 260 characters are not currently supported. File settings that are referenced in UE-V settings location templates cannot be located in a directory path that is longer than 260 characters. - -WORKAROUND: None. - -### UE-V agent delays upon logout or login - -If a logon or logout occurs before Offline Files has determined that a slow link is in place, logout or login might be delayed. The Offline Files feature may take up to three minutes to detect the current network state. If the logon or shutdown occurs before Offline Files has determined that the computer is connected to a slow link, the UE-V settings package will be sent to the server instead of the local cache. - -WORKAROUND: None. - -### Settings conflict when trying to roam operating system settings on Windows 8 - -On Windows 8 if Microsoft Account Sync is enabled along with UE-V for operating system settings, the settings that are applied may be inconsistent. - -WORKAROUND: Do one of the following: - -- Disable Microsoft Account Sync if you are using UE-V to roam operating system settings - -- Disable UE-V for operating system settings - -### Some operating system settings only roam between like operating system versions - -Operating system settings for Narrator and currency characters specific to the locale will only roam across like operating system versions of Windows. For example currency characters will only roam from Windows 7 to Windows 7. - -WORKAROUND: None - -### Internet Explorer bookmarks do not appear in the Internet Explorer smartbar - -When Internet Explorer bookmarks roam from one computer to another computer, the index on the second computer cannot update, so when typing in the address bar, the favorite will not appear as a possible search result on computer 2. - -WORKAROUND: None - - - - - - - - - diff --git a/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-sp1-release-notes.md b/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-sp1-release-notes.md deleted file mode 100644 index e95de8309a..0000000000 --- a/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-sp1-release-notes.md +++ /dev/null @@ -1,128 +0,0 @@ ---- -title: Microsoft User Experience Virtualization (UE-V) 1.0 SP1 Release Notes -description: Microsoft User Experience Virtualization (UE-V) 1.0 SP1 Release Notes -author: dansimp -ms.assetid: 447fae0c-fe87-4d1c-b616-6f92fbdaf6d5 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Microsoft User Experience Virtualization (UE-V) 1.0 SP1 Release Notes - - -To search Microsoft User Experience Virtualization (UE-V) 1.0 Service Pack 1 release notes, press Ctrl+F. - -You should read these release notes thoroughly before you install UE-V. The release notes contain information that is required to successfully install User Experience Virtualization, and contain additional information that is not available in the product documentation. If there are differences between these release notes and other UE-V documentation, the latest change should be considered authoritative. These release notes supersede the content that is included with this product. - -## UE-V known issues - - -This section contains release notes for User Experience Virtualization 1.0 SP1. - -### Registry settings fail to synchronize between App-V and native applications on the same computer - -When a computer has an application that is available through both the Application Virtualization (App-V) application and a native installation application installed with a Windows Installer (.msi file), the registry-based settings do not synchronize between the technologies. - -WORKAROUND: To resolve this problem, run the application by selecting one of the two technologies, but not both. - -### Windows 8 setting synchronization fails when network share is outside user’s domain - -When Windows® 8 attempts operating system settings synchronization, the synchrnization fails with the following error message: **boost::filesystem::exists::Incorrect user name or password**. This error can indicate that the network share is outside the user’s domain. To check for operational log events, open the **Event Viewer** and navigate to **Applications and Services Logs** / **Microsoft** / **User Experience Virtualization** / **Logging** / **Operational**. Network shares that are used for UE-V settings storage locations should reside in the same Active Directory domain as the user. - -WORKAROUND: Use network shares from the same Active Directory domain as the user. . - -### Email signature roaming for Outlook 2010 - -UE-V will roam the Outlook 2010 signature files between devices. However, the default signature options for new messages and replies/forwards are not roamed. These two settings are stored in the Outlook profile, which UE-V does not roam. - -WORKAROUND: None. - -### Synchronization settings do not synchronize on expected interval when running in slow-link mode - -Under normal conditions, settings storage locations should be available over a fast link network connection. In slow-link mode, synchronization will only occur on a periodic basis. By default, the slow-link mode synchronization schedule is set to every 360 minutes. - -WORKAROUND: To change the frequency of the background synchronization for computers in slow-link mode, you can configure the Group Policy for Background Sync policy for **Offline files**. - -### Special characters do not synchronize - -Certain characters, such as currency symbols, do not synchronize between Windows 7 and Windows 8 computers that run the UE-V agent. - -WORKAROUND: None. - -### UE-V does not support roaming settings between 32-bit and 64-bit versions of Microsoft Office - -We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](https://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office. - -WORKAROUND: None - -### MSI’s are not localized - -UE-V 1.0 SP1 includes a localized setup program for both the UE-V Agent and UE-V generator. These MSI files are still available but the user interface is minimized and the MSI’s only display in English. Despite the file being in English, the setup program installs all supported languages during the installation. - -WORKAROUND: None - -### Other folders on the share with the setting storage location are unavailable in slow-connection mode - -Settings store shares should not be located on a network share that is used for other folders that must always be available. When the network share that hosts the setting storage location goes into slow-connection mode, the only available folder is the settings storage location folder. Other folders on the Share are not available in slow-connection mode. - -Workaround: None - -### Favicons that are associated with Internet Explorer 9 favorites do not roam - -The favicons that are associated with Internet Explorer 9 favorites are not roamed by User Experience Virtualization and do not appear when the favorites first appear on a new computer. - -WORKAROUND: Favicons will appear with their associated favorites once the bookmark is used and cached in the Internet Explorer 9 browser. - -### File settings paths are stored in registry - -Some application settings store the paths of their configuration and settings files as values in the registry. The files that are referenced as paths in the registry must be synchronized when settings are roamed between computers. - -WORKAROUND: Use folder redirection or some other technology to ensure that any files that are referenced as file settings paths are present and placed in the same location on all computers where settings roam. - -### Long Settings Storage Paths could cause an error - -Keep settings storage paths as short as possible. Long paths could prevent resolution or synchronization. UE-V uses the Settings storage path as part of the calculated path to store settings. That path is calculated in the following way: settings storage path + “settingspackages” + package dir (template ID) + package name (template ID). If that calculated path exceeds 260 characters, package storage will fail and generate the following error message in the UE-V operational event log: - -`[boost::filesystem::copy_file: The system cannot find the path specified]` - -To check the operational log events, open the Event Viewer and navigate to Applications and Services Logs / Microsoft / User Experience Virtualization / Logging / Operational. - -WORKAROUND: None. - -### UE-V agent delays upon logout or login - -If a logon or logout occurs before Offline Files has determined that a slow link is in place, logout or login might be delayed. The Offline Files feature may take up to three minutes to detect the current network state. If the logon or shutdown occurs before Offline Files has determined that the computer is connected to a slow link, the UE-V settings package will be sent to the server instead of the local cache. - -WORKAROUND: None. - -### Settings conflict when trying to roam operating system settings on Windows 8 - -On Windows 8 if Microsoft Account Sync is enabled along with UE-V for operating system settings, the settings that are applied may be inconsistent. - -WORKAROUND: Do one of the following: - -- Disable Microsoft Account Sync if you are using UE-V to roam operating system settings - -- Disable UE-V for operating system settings - -### Some operating system settings only roam between like operating system versions - -Operating system settings for Narrator and currency characters specific to the locale will only roam across like operating system versions of Windows. For example currency characters will only roam from Windows 7 to Windows 7. - -WORKAROUND: None - -  - -  - - - - - diff --git a/mdop/uev-v1/migrating-ue-v-settings-packages.md b/mdop/uev-v1/migrating-ue-v-settings-packages.md deleted file mode 100644 index 0b4de51c02..0000000000 --- a/mdop/uev-v1/migrating-ue-v-settings-packages.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: Migrating UE-V Settings Packages -description: Migrating UE-V Settings Packages -author: dansimp -ms.assetid: 93d99254-3e17-4e96-92ad-87059d8554a7 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Migrating UE-V Settings Packages - - -In the lifecycle of a Microsoft User Experience Virtualization (UE-V) deployment, you might need to relocate the user settings packages either when migrating to a new server or for backup purposes. Migration of settings packages might be needed in the following scenarios: - -- Upgrade of existing server hardware to a more modern server. - -- Migration of a settings storage location share from a lab to a production server. - -Simply copying the files and folders will not preserve the security settings and permissions. The following described steps will properly copy the settings package files with their NTFS permissions to a new share. - -**How to preserve UE-V settings packages when migrating to a new server** - -1. In a new location on a different server, create a new folder; for example, MySettings. - -2. Disable sharing for the old folder share on the old server. - -3. Move the existing settings packages to the new server with Robocopy from the command line. For example: - - ``` syntax - c:\start robocopy "\\servername\E$\MySettings" "\\servername\E$\MySettings" /b /sec /secfix /e /LOG:D:\Robocopylogs\MySettings.txt - ``` - - **Note**   - To monitor the copy progress, open MySettings.txt with a log file reader such as Trace32. - - - -4. Grant share-level permissions to the new share. Leave the NTFS permissions as they were set by Robocopy. - - On computers that run the UE-V agent, update the SettingsStoragePath configuration setting to the UNC path of the new share. - -## Related topics - - -[Administering UE-V 1.0](administering-ue-v-10.md) - -[Operations for UE-V 1.0](operations-for-ue-v-10.md) - - - - - - - - - diff --git a/mdop/uev-v1/operations-for-ue-v-10.md b/mdop/uev-v1/operations-for-ue-v-10.md deleted file mode 100644 index 9026d54de9..0000000000 --- a/mdop/uev-v1/operations-for-ue-v-10.md +++ /dev/null @@ -1,61 +0,0 @@ ---- -title: Operations for UE-V 1.0 -description: Operations for UE-V 1.0 -author: dansimp -ms.assetid: 5b4a82fd-3145-49e8-ac06-f9cc583abe5f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Operations for UE-V 1.0 - - -This operations section includes information about the various types of Microsoft User Experience Virtualization (UE-V) administration and operating tasks that are typically performed by an administrator. This section also includes step-by-step procedures to help you successfully perform these tasks. - -## Operations information - - -- [Administering UE-V 1.0](administering-ue-v-10.md) - - This topic provides instructions for how to restore user settings, change synchronization frequency, and configure UE-V settings. - -- [Working with Custom UE-V Templates and the UE-V Generator](working-with-custom-ue-v-templates-and-the-ue-v-generator.md) - - This topic provides instructions for how to use the UE-V Generator and manage custom settings location templates. - -- [Administering UE-V with PowerShell and WMI](administering-ue-v-with-powershell-and-wmi.md) - - Microsoft User Experience Virtualization (UE-V) provides Windows PowerShell cmdlets which can help administrators perform various UE-V tasks. - -- [Security and Privacy for UE-V 1.0](security-and-privacy-for-ue-v-10.md) - - This topic covers general security considerations for UE-V and the UE-V privacy statement. - -## Other resources for this product - - -[Microsoft User Experience Virtualization (UE-V) 1.0](index.md) - -[Getting Started With User Experience Virtualization 1.0](getting-started-with-user-experience-virtualization-10.md) - -[Planning for UE-V 1.0](planning-for-ue-v-10.md) - -[Deploying UE-V 1.0](deploying-ue-v-10.md) - -[Troubleshooting UE-V 1.0](troubleshooting-ue-v-10.md) - -  - -  - - - - - diff --git a/mdop/uev-v1/planning-for-custom-template-deployment-for-ue-v-10.md b/mdop/uev-v1/planning-for-custom-template-deployment-for-ue-v-10.md deleted file mode 100644 index a6a104caaa..0000000000 --- a/mdop/uev-v1/planning-for-custom-template-deployment-for-ue-v-10.md +++ /dev/null @@ -1,71 +0,0 @@ ---- -title: Planning for Custom Template Deployment for UE-V 1.0 -description: Planning for Custom Template Deployment for UE-V 1.0 -author: dansimp -ms.assetid: be76fc9a-31ca-4290-af11-7640dcb87d50 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning for Custom Template Deployment for UE-V 1.0 - - -Microsoft User Experience Virtualization (UE-V) uses settings location templates (XML files) that define the settings that are captured and applied by UE-V. You can use the UE-V Generator to create custom settings location templates that let users roam the settings of applications other than those that are included in the default UE-V templates. After you test the custom template to ensure that the application settings roam correctly in a test environment, you can deploy these settings location templates to computers in the enterprise. - -You can deploy your custom settings location templates with an existing deployment infrastructure, such as Enterprise Software Distribution (ESD), with Group Policy preferences, or by configuring a UE-V settings template catalog. Templates that are deployed by using ESD or Group Policy must be registered with UE-V WMI or PowerShell. - -## Settings template catalog - - -The User Experience Virtualization settings template catalog is a folder path on UE-V computers or a Server Message Block (SMB) network share that stores all the custom settings location templates. The UE-V agent retrieves new or updated templates from this location. The UE-V agent checks this location once each day and updates its synchronization behavior based on the templates in this folder. Templates that were added or updated in this folder since the last time that the folder was checked are registered by the UE-V agent. The UE-V agent deregisters templates that are removed from this folder. By default, templates are registered and unregistered one time per day at 3:30 A.M. local time by the task scheduler. For more information about the UE-V tasks, see [Changing the Frequency of UE-V Scheduled Tasks](changing-the-frequency-of-ue-v-scheduled-tasks.md). - -You can configure the settings template catalog path by using the install command-line options, Group Policy, WMI, or PowerShell. Templates that are stored at the settings template catalog path are automatically registered and unregistered by a scheduled task. You can customize this scheduled task as needed. - -## Replace the default Microsoft templates - - -The UE-V agent installs a default group of settings location templates for common Microsoft applications and Windows settings. If your enterprise needs customized versions of these templates, the UE-V agent can be configured to use a settings template catalog and you should then replace the default Microsoft templates. - -During the installation of the UE-V agent, the command-line parameter, `RegisterMSTemplates`, can be used to disable the registration of the default Microsoft templates. For more information about how to set the UE-V parameters, see [Planning for UE-V Configuration Methods](planning-for-ue-v-configuration-methods.md). - -When you use Group Policy to configure the settings template catalog path, you can choose to replace the default Microsoft templates. If you configure the policy settings to replace the default Microsoft templates, all of the default Microsoft templates that are installed by the UE-V agent will be deleted from the computer, and only the templates that are located in the settings template catalog will be used. The UE-V Agent configuration setting `RegisterMSTemplates` must be set to true in order to override the default Microsoft template. - -**Note**   -If you disable this policy setting after it has been enabled, the UE-V agent will not restore the default Microsoft templates. - - - -If there are customized templates in the settings template catalog that use the same ID as the default Microsoft templates, and the UE-V agent is not configured to replace the default Microsoft templates, the Microsoft templates in the catalog will be ignored. - -You can also replace the default templates by using the UE-V PowerShell features. To replace the default Microsoft Template with PowerShell, unregister all of the default Microsoft templates, and then register the customized templates. - -**Note**   -Old settings packages remain in the settings storage location even if new settings templates are deployed for an application. These packages are not read by the agent, but neither are they automatically deleted. - - - -## Related topics - - -[Planning for UE-V 1.0](planning-for-ue-v-10.md) - -[Planning Which Applications to Synchronize with UE-V 1.0](planning-which-applications-to-synchronize-with-ue-v-10.md) - -[Planning for UE-V Configuration Methods](planning-for-ue-v-configuration-methods.md) - -Planning for Custom Template Deployment - - - - - - - - diff --git a/mdop/uev-v1/planning-for-ue-v-10.md b/mdop/uev-v1/planning-for-ue-v-10.md deleted file mode 100644 index 5f62386c65..0000000000 --- a/mdop/uev-v1/planning-for-ue-v-10.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: Planning for UE-V 1.0 -description: Planning for UE-V 1.0 -author: dansimp -ms.assetid: fc44aa5f-1d4f-4c03-b326-37ecd6bd913f -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning for UE-V 1.0 - - -The goal of deployment planning is to help you successfully and efficiently deploy Microsoft User Experience Virtualization (UE-V) so that it does not disrupt the user experience or the network. There are a number of different deployment configurations and prerequisites that you must consider before you create your deployment plan. This section includes information that can help you gather the necessary information to formulate a deployment plan that best meets your business requirements. - -## Planning information - - -[Preparing Your Environment for UE-V](preparing-your-environment-for-ue-v.md) - -Provides prerequisites and recommended network configurations for UE-V. - -[Supported Configurations for UE-V 1.0](supported-configurations-for-ue-v-10.md) - -Lists the operating systems and computer configurations that are required for UE-V. - -[Planning for UE-V Configuration](planning-for-ue-v-configuration.md) - -Includes the following topics which provide specific guidance on UE-V configuration: - -- [Planning Which Applications to Synchronize with UE-V 1.0](planning-which-applications-to-synchronize-with-ue-v-10.md) – specifies whether to use the default Microsoft settings location templates or to deploy custom templates that are created with the UE-V Generator. - -- [Planning for Custom Template Deployment for UE-V 1.0](planning-for-custom-template-deployment-for-ue-v-10.md) – provides options for creation and deployment of custom settings location templates. - -- [Planning for UE-V Configuration Methods](planning-for-ue-v-configuration-methods.md) – helps you decide how to configure the UE-V Agent and manage settings synchronization. - -[UE-V Checklist](ue-v-checklist.md) - -Provides a list of steps to plan, deploy, and manage UE-V. - -## Other resources for this product - - -[Microsoft User Experience Virtualization (UE-V) 1.0](index.md) - -[Getting Started With User Experience Virtualization 1.0](getting-started-with-user-experience-virtualization-10.md) - -[Deploying UE-V 1.0](deploying-ue-v-10.md) - -[Operations for UE-V 1.0](operations-for-ue-v-10.md) - -[Troubleshooting UE-V 1.0](troubleshooting-ue-v-10.md) - -  - -  - - - - - diff --git a/mdop/uev-v1/planning-for-ue-v-configuration-methods.md b/mdop/uev-v1/planning-for-ue-v-configuration-methods.md deleted file mode 100644 index 52a0686c4c..0000000000 --- a/mdop/uev-v1/planning-for-ue-v-configuration-methods.md +++ /dev/null @@ -1,76 +0,0 @@ ---- -title: Planning for UE-V Configuration Methods -description: Planning for UE-V Configuration Methods -author: dansimp -ms.assetid: 57bce7ab-1be5-434b-9ee5-c96026bbe010 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning for UE-V Configuration Methods - - -Microsoft User Experience Virtualization (UE-V) configurations determine how settings are synchronized throughout the enterprise. This topic describes how UE-V configurations are created to help you formulate a configuration plan that best meets your business requirements. - -## Configuration methods for UE-V - - -You can configure UE-V before, during, or after agent installation, depending on the configuration method that you use. - -**Group Policy:** existing Group Policy infrastructure can be used to configure UE-V before or after UE-V Agent deployment. The UE-V ADMX template enables the central management of common UE-V Agent configuration options, and it includes settings to configure UE-V synchronization. Network environments that use Group Policy can preconfigure UE-V in anticipation of agent deployment. - -[Configuring UE-V with Group Policy Objects](configuring-ue-v-with-group-policy-objects.md) - -[Installing the UE-V Group Policy ADMX Templates](installing-the-ue-v-group-policy-admx-templates.md) - -**Command-line or Batch Script Installation:** parameters that are used with the deployment of the UE-V Agent allow the configuration of many UE-V settings. Electronic software distribution systems, such as System Center Configuration Manager, use these parameters to configure their clients when deploying and installing the UE-V Agent software. For a list of installation parameters and sample installation scripts, see [Deploying the UE-V Agent](deploying-the-ue-v-agent.md). - -**PowerShell and WMI:** scripted commands using PowerShell or WMI can be used to modify configurations after the UE-V Agent has been installed. For a list of PowerShell and WMI commands, see [Managing the UE-V 1.0 Agent and Packages with PowerShell and WMI](managing-the-ue-v-10-agent-and-packages-with-powershell-and-wmi.md). - -**Edit Registry Settings:** UE-V settings are stored in the registry and can be modified by using any tool that can modify registry settings, such as RegEdit. - -**Note**   -Registry modification can result in data loss or the computer becoming unresponsive. We recommend that you use other configuration methods. - - - -### UE-V configuration settings - -The following are examples of UE-V configuration settings: - -- **Setting Storage Path:** specifies the location of the file share that stores the UE-V settings. - -- **Settings Template Catalog Path:** specifies the Universal Naming Convention (UNC) path that defines the location that was checked for new settings location templates. - -- **Register Microsoft Templates:** specifies whether the default Microsoft templates should be registered during installation. - -- **Synchronization Method:** specifies whether the Windows Offline Files feature is used for offline support. - -- **Synchronization Timeout:** specifies the number of milliseconds that the computer waits before timeout when retrieving the user settings from the settings storage location. - -- **Synchronization Enable:** specifies whether the UE-V settings synchronization is enabled or disabled. - -- **Maximum Package Size:** specifies a settings package file threshold size in bytes at which the UE-V Agent reports a warning. - -## Related topics - - -[Planning for UE-V 1.0](planning-for-ue-v-10.md) - -[Planning for UE-V Configuration](planning-for-ue-v-configuration.md) - - - - - - - - - diff --git a/mdop/uev-v1/planning-for-ue-v-configuration.md b/mdop/uev-v1/planning-for-ue-v-configuration.md deleted file mode 100644 index f30fd8a640..0000000000 --- a/mdop/uev-v1/planning-for-ue-v-configuration.md +++ /dev/null @@ -1,62 +0,0 @@ ---- -title: Planning for UE-V Configuration -description: Planning for UE-V Configuration -author: dansimp -ms.assetid: db78dad4-78e0-45d6-a235-8b7345cb79f8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning for UE-V Configuration - - -You can configure Microsoft User Experience Virtualization (UE-V) to meet the specific needs of your enterprise by defining which applications are deployed and which configurations define the UE-V behavior. - -## Plan which applications to synchronize with UE-V - - -UE-V includes a set of predefined settings location templates. UE-V also allows administrators to create custom settings location templates for other applications, including third-party or line-of-business applications that are used in the enterprise. This topic includes a list of applications that are included with the UE-V client and guidance on how to include custom settings location templates. - -[Planning Which Applications to Synchronize with UE-V 1.0](planning-which-applications-to-synchronize-with-ue-v-10.md) - -## Checklist for Evaluating Line-of-Business Applications for UE-V - - -Guidance on whether a line-of-business application should be synchronized. - -[Checklist for Evaluating Line-of-Business Applications for UE-V 1.0](checklist-for-evaluating-line-of-business-applications-for-ue-v-10.md) - -## Plan custom template deployment - - -In order to support other applications, including third-party applications, you must create custom settings location templates by using the UE-V Generator, and deploy them to a settings template catalog. - -[Planning for Custom Template Deployment for UE-V 1.0](planning-for-custom-template-deployment-for-ue-v-10.md) - -## Plan for UE-V configuration - - -UE-V configurations determine how settings are synchronized throughout the enterprise. These configurations can be made before, during, or after the UE-V Agent is deployed. UE-V provides a variety of configuration methods - -[Planning for UE-V Configuration Methods](planning-for-ue-v-configuration-methods.md) - -## Related topics - - -[Planning for UE-V 1.0](planning-for-ue-v-10.md) - -  - -  - - - - - diff --git a/mdop/uev-v1/planning-which-applications-to-synchronize-with-ue-v-10.md b/mdop/uev-v1/planning-which-applications-to-synchronize-with-ue-v-10.md deleted file mode 100644 index d666e1873b..0000000000 --- a/mdop/uev-v1/planning-which-applications-to-synchronize-with-ue-v-10.md +++ /dev/null @@ -1,175 +0,0 @@ ---- -title: Planning Which Applications to Synchronize with UE-V 1.0 -description: Planning Which Applications to Synchronize with UE-V 1.0 -author: dansimp -ms.assetid: c718274f-87b4-47f3-8ef7-5e1bd5557a9d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Planning Which Applications to Synchronize with UE-V 1.0 - - -Microsoft User Experience Virtualization (UE-V) uses settings location templates (XML files) that define the settings that are captured and applied by UE-V. UE-V includes a set of predefined settings location templates and also allows administrators to create custom settings location templates for third-party or line-of-business applications that are used in the enterprise. - -As an administrator, when you consider which applications to include in your UE-V solution, consider which settings can be customized by users, and how and where the application stores its settings. Not all applications have settings that can be customized or that are routinely customized by users. In addition, not all applications settings can safely roam across multiple computers or environments. Synchronize settings that meet the following criteria: - -- Settings that are stored in user-accessible locations. For example, do not synchronize settings that are stored in system32 or outside HKCU section of the registry. - -- Settings that are not specific to the particular computer. For example, exclude network or hardware configurations. - -- Settings that can be synchronized between computers without risk of corrupted data. For example, do not use settings that are stored in a database file. - -## Settings location templates that are included in UE-V - - -**UE-V application settings location templates** - -The UE-V agent installation software installs the agent and registers a default group of settings location templates for common Microsoft applications. These settings location templates capture settings values for the following applications: - - ---- - - - - - - - - - - - - - - - - - - - - -
Application categoryDescription

Microsoft Office 2010 applications

Microsoft Word 2010

-

Microsoft Excel 2010

-

Microsoft Outlook 2010

-

Microsoft Access 2010

-

Microsoft Project 2010

-

Microsoft PowerPoint 2010

-

Microsoft Publisher 2010

-

Microsoft Visio 2010

-

Microsoft SharePoint Workspace 2010

-

Microsoft InfoPath 2010

-

Microsoft Lync 2010

-

Microsoft OneNote 2010

Browser options (Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10)

Favorites, home page, tabs, and toolbars.

Windows accessories

Calculator, Notepad, WordPad.

- - - -Application settings are applied to the application when the application is started. They are saved when the application closes. - -**UE-V Windows settings location templates** - -User Experience Virtualization includes settings location templates that capture settings values for the following Windows settings: - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows settingsDescriptionApply onDefault state

Desktop background

Currently active desktop background.

Logon, unlock, remote connect.

Enabled

Ease of Access

Accessibility and input settings, magnifier, Narrator, and on-Screen keyboard.

Logon, unlock, remote connect.

Disabled

Desktop settings

Start menu and Taskbar settings, Folder options, default desktop icons, additional clocks, and region and Language settings.

Logon only.

Disabled

- - - -The Windows desktop background and Ease of Access settings are applied when the user logs on, when the computer is unlocked, or upon remote connection to another computer. The agent saves these settings when the user logs off, when the computer is locked, or when a remote connection is disconnected. By default, Windows desktop background settings are roamed between computers of the same operating system version. - -Windows desktop and Ease of Access settings are applied at logon before the desktop is presented to the user. To optimize the logon experience, these settings are not roamed by default. Desktop and Ease of Access settings can be enabled by using Group Policy, PowerShell, and WMI. - -UE-V does not support the roaming of settings between operating systems with different languages. For example, synchronization between English and German is not supported. The language of all computers to which UE-V roams the user settings must match. - -**Note**   -If you change the settings location templates that are provided by Microsoft, User Experience Virtualization might not work properly for the designated application or Windows settings group. - - - -## Prevent unintentional user Settings configuration - - -User Experience Virtualization checks for new user settings information, and downloads that information accordingly from a settings storage location. Then, it applies the settings to the local computer in the following cases: - -- Every time an application is launched that has a registered UE-V template. - -- When a user logs on to their computer. - -- When a user unlocks their computer. - -- When a connection is made to a remote desktop computer that has UE-V installed. - -If UE-V is installed on computer A and computer B, and the desired settings for the application are on computer A, then computer A must open and close the application first. If an application is opened and closed on computer B first, then the application settings on computer A will be configured to be the same as the application settings on computer B. - -This scenario also applies to Windows settings. If the Windows settings on computer B should be the same as the Windows settings on computer A, then the user should logon and logoff computer A first. - -If the desired user settings are applied in the wrong order, they can be recovered by performing a restore operation for the specific application or Windows configuration on the computer on which the settings were overwritten. For more information, see [Restoring Application and Windows Settings Synchronized with UE-V 1.0](restoring-application-and-windows-settings-synchronized-with-ue-v-10.md). - -## Custom UE-V settings location templates - - -You can create custom settings location templates by using the UE-V Generator. After you create and test a custom settings location template in a test environment, you can deploy the settings location templates to computers in the enterprise. Custom settings location templates must be deployed with an existing deployment infrastructure, such as enterprise software distribution (ESD) method, with preferences, or by configuring an UE-V settings template catalog. Templates that are deployed with ESD or Group Policy must be registered by using UE-V WMI or PowerShell. For more information about custom settings location templates, see [Planning for Custom Template Deployment for UE-V 1.0](planning-for-custom-template-deployment-for-ue-v-10.md). - -For guidance on whether a line-of-business application should be synchronized, see [Checklist for Evaluating Line-of-Business Applications for UE-V 1.0](checklist-for-evaluating-line-of-business-applications-for-ue-v-10.md). - -## Related topics - - -[Planning for UE-V 1.0](planning-for-ue-v-10.md) - -[Planning for Custom Template Deployment for UE-V 1.0](planning-for-custom-template-deployment-for-ue-v-10.md) - -[Deploying UE-V 1.0](deploying-ue-v-10.md) - - - - - - - - - diff --git a/mdop/uev-v1/preparing-your-environment-for-ue-v.md b/mdop/uev-v1/preparing-your-environment-for-ue-v.md deleted file mode 100644 index d6c66d49ac..0000000000 --- a/mdop/uev-v1/preparing-your-environment-for-ue-v.md +++ /dev/null @@ -1,105 +0,0 @@ ---- -title: Preparing Your Environment for UE-V -description: Preparing Your Environment for UE-V -author: dansimp -ms.assetid: c93d3b33-e032-451a-9e1b-8534e1625396 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Preparing Your Environment for UE-V - - -Microsoft User Experience Virtualization (UE-V) roams settings between computers by the use of a settings storage location. The settings storage location is a file share and should be configured during the UE-V Agent deployment. It must be defined either as a settings storage location or as an Active Directory home directory. In addition, the administrator should configure a time server to support consistent synchronization. To prepare your environment for UE-V, you should consider the following: - -- [UE-V Settings Storage](#bkmk-uevsettingsstorage): - - - [Defining a Settings Storage Location](#bkmk-definingsettingsstoragelocation) - - - [Using Active Directory Home Directory with UE-V](#bkmk-usingactivedirectoryhomedirectory) - -- [Synchronize Computer Clocks for UE-V Settings Synchronization](#bkmk-synchronizecomputerclocks) - -- [Performance and Capacity Planning](#bkmk-performancecapacityplanning) - -For more information about operating system and computer requirements, see [Supported Configurations for UE-V 1.0](supported-configurations-for-ue-v-10.md). - -## UE-V settings storage - - -You can define the User Experience Virtualization settings storage in one of two configurations: a settings storage location or an Active Directory home directory. - -### Define a settings storage location - -The UE-V settings storage location is a standard network share that is accessible by UE-V users. Before you define the settings storage location, you must create a root directory. Users who will store settings on the share must have read/write permissions to the storage location. The UE-V Agent will create user-specific folders under this root directory. The settings storage location is defined by setting the **SettingsStoragePath** configuration option. This option can be configured in the following ways: - -- During the installation of the UE-V agent through a command-line parameter or in a batch script. - -- Using Group Policy. - -- After installation, by using PowerShell or WMI. - -The path must be in a universal naming convention (UNC) path of the server and share. For example, **\\\\server\\settingsshare\\**. This configuration option supports the use of variables to enable specific roaming scenarios. - -You can use the `%username%` variable with the UNC path of the server and share. This will provide the same settings experience on all computers or sessions that a user logs into. Consider this configuration for the following scenarios: - -1. Users in the enterprise have multiple, similarly configured physical computers and each user’s settings should be the same across all computers. - -2. Users in the enterprise use virtual desktop infrastructure (VDI) pools where settings should be retained across each user’s VDI sessions. - -3. Users in the enterprise have one physical computer and additionally use a VDI. Each user’s settings experience should be the same whether using the physical computer or VDI session. - -4. Multiple enterprise computers are used by multiple users. Each user’s settings experience should be the same across all computers. - -You can use the **%username%\\%computername%** variables with the UNC path of the server and share. This will preserve the settings experience for each computer. Consider this configuration for the following scenarios: - -1. Users in the enterprise have multiple physical computers and you want to preserve the settings experience for each computer. - -2. The enterprise computers are used by multiple users. The settings experience should be preserved for each computer that the user logs into. - -The UE-V agent dynamically creates the user-specific settings storage path based on a UE-V `SettingsStoragePath` configuration setting and the variables that are defined. - -The UE-V agent dynamically creates a hidden system folder named `SettingsPackages` within each user-specific storage location. The UE-V agent reads and writes settings to this location as defined by registered UE-V settings location templates. - -If the settings storage location is the same for a set of managed computers of a user, the applicable UE-V settings are determined by a “Last write wins” rule. The agent that runs on one computer reads and writes to the settings location independently of agents that run on other computers. The last settings and values written are the settings that are applied when the next agent reads from the settings storage location. For more information, see [Deploying the Settings Storage Location for UE-V 1.0](deploying-the-settings-storage-location-for-ue-v-10.md). - -### Use Active Directory home directory with UE-V - -If no settings storage location is configured for UE-V when the agent is deployed, then the user’s Active Directory (AD) home directory is used to store settings location packages. The UE-V agent dynamically creates the settings storage folder below the root of the AD home directory of each user. The agent only uses the Active Directory home directory if a settings storage location (SettingsStoragePath) is not otherwise defined. - -## Synchronize computer clocks for UE-V settings synchronization - - -Computers that run the UE-V agent to synchronize settings must use a time server. Time stamps are used to determine if settings need to be synchronized from the settings storage location. If the computer clock is inaccurate, older settings can overwrite newer settings, or the new settings might not be saved to the settings storage location. The use of a time server enables UE-V to maintain a consistent settings experience. - -## Performance and capacity planning - - -Capacity requirements for UE-V can be determined by use of standard disk capacity and network health monitoring. UE-V uses a Server Message Block (SMB) share for the storage of settings packages. The size of settings packages varies depending on the settings information for a specific application. While most settings packages are small, the synchronization of potentially large files, such as desktop images, can result in poor performance, particularly on slower networks. To minimize problems with network latency, you should create settings storage locations on the same local networks where the users’ computers reside. - -By default, the UE-V synchronization will time out after 2 seconds if the network is slow or the settings package is large. You can configure the timeout with Group Policy. For more information about how to set the timeout, see [Configuring UE-V with Group Policy Objects](configuring-ue-v-with-group-policy-objects.md). - -## Related topics - - -[Microsoft User Experience Virtualization (UE-V) 1.0](index.md) - -[Planning for UE-V 1.0](planning-for-ue-v-10.md) - -[Supported Configurations for UE-V 1.0](supported-configurations-for-ue-v-10.md) - -  - -  - - - - - diff --git a/mdop/uev-v1/restoring-application-and-windows-settings-synchronized-with-ue-v-10.md b/mdop/uev-v1/restoring-application-and-windows-settings-synchronized-with-ue-v-10.md deleted file mode 100644 index 411cb7cc83..0000000000 --- a/mdop/uev-v1/restoring-application-and-windows-settings-synchronized-with-ue-v-10.md +++ /dev/null @@ -1,94 +0,0 @@ ---- -title: Restoring Application and Windows Settings Synchronized with UE-V 1.0 -description: Restoring Application and Windows Settings Synchronized with UE-V 1.0 -author: dansimp -ms.assetid: 254a16b1-f186-44a4-8e22-49a4ee87c734 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Restoring Application and Windows Settings Synchronized with UE-V 1.0 - - -WMI and PowerShell features of Microsoft User Experience Virtualization (UE-V) provide the ability to restore settings packages. WMI and PowerShell commands allow you to restore application and Windows settings to the settings values that were on the computer the first time the application launched after the UE-V Agent was installed. This restoring action is performed on a per-application or Windows settings basis. The settings are restored the next time that the application is run or when the user logs on to the operating system. - -**To restore application settings and Windows settings with PowerShell** - -1. Open the Windows PowerShell window. To import the Microsoft UE-V PowerShell module, enter the following command: - - ``` syntax - Import-module UEV - ``` - -2. Enter the following PowerShell cmdlet to restore the application settings and Windows settings. - - - - - - - - - - - - - - - - - - -
PowerShell cmdletDescription

Restore-UevUserSetting

Restores the user settings for an application or restores a group of Windows settings

- -   - -**To restore application settings and Windows settings with WMI** - -1. Open a PowerShell window. - -2. Enter the following WMI command to restore application settings and Windows settings. - - - - - - - - - - - - - - - - - - -
WMI commandDescription

Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserSettings -Name RestoreByTemplateId -ArgumentList <template_ID>

Restores the user settings for an application or restores a group of Windows settings

- -   - -## Related topics - - -[Administering UE-V 1.0](administering-ue-v-10.md) - -[Operations for UE-V 1.0](operations-for-ue-v-10.md) - -  - -  - - - - - diff --git a/mdop/uev-v1/security-and-privacy-for-ue-v-10.md b/mdop/uev-v1/security-and-privacy-for-ue-v-10.md deleted file mode 100644 index aadcb96e82..0000000000 --- a/mdop/uev-v1/security-and-privacy-for-ue-v-10.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: Security and Privacy for UE-V 1.0 -description: Security and Privacy for UE-V 1.0 -author: dansimp -ms.assetid: c23d867d-7991-4c78-a123-a8a92758e5ba -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Security and Privacy for UE-V 1.0 - - -The following listed topics can help you plan for security and privacy considerations in Microsoft User Experience Virtualization (UE-V). - -## Security considerations for UE-V 1.0 - - -There are many security-related considerations that you should plan for when you deploy and use UE-V. The Security Considerations topic provides an overview of Active Directory Domain Services user accounts and groups, log files, and other security-related considerations for UE-V. - -[UE-V 1.0 Security Considerations](ue-v-10-security-considerations.md) - -## Privacy for UE-V 1.0 - - -The information in this section explains many of the data collection and use practices of UE-V. - -[User Experience Virtualization Privacy Statement](user-experience-virtualization-privacy-statement.md) - -## Other resources for this product - - -[Operations for UE-V 1.0](operations-for-ue-v-10.md) - -[Administering UE-V 1.0](administering-ue-v-10.md) - -  - -  - - - - - diff --git a/mdop/uev-v1/sharing-settings-location-templates-with-the-ue-v-template-gallery.md b/mdop/uev-v1/sharing-settings-location-templates-with-the-ue-v-template-gallery.md deleted file mode 100644 index ebf7bc2cac..0000000000 --- a/mdop/uev-v1/sharing-settings-location-templates-with-the-ue-v-template-gallery.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: Sharing Settings Location Templates with the UE-V Template Gallery -description: Sharing Settings Location Templates with the UE-V Template Gallery -author: dansimp -ms.assetid: 3830ae0c-96dd-4a8d-96a2-df87aea81b27 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Sharing Settings Location Templates with the UE-V Template Gallery - - -## Share location templates with the template gallery - - -The Microsoft User Experience Virtualization (UE-V) template gallery allows administrators to share their UE-V settings location templates. In the gallery, you can upload your settings location templates for other people to use, and you can download templates that other people have created. The UE-V template gallery is located on Microsoft TechNet here: . - -Before you share a settings location template on the UE-V template gallery, make sure it does not contain any personal or company information. You can use any XML viewer to open and view the contents of a settings location template file. The following template values should be reviewed before you share it with anyone outside your company. - -- Template Author Name – Specify a general, non-identifying name for the template author name or exclude this data from the template. - -- Template Author Email – Specify a general, non-identifying template author email or exclude this data from the template. - -Before you deploy any settings location template that you have downloaded from the UE-V gallery, you should first test the template to ensure that the application settings roam correctly in a test environment. - -## Related topics - - -[Administering UE-V 1.0](administering-ue-v-10.md) - -[Operations for UE-V 1.0](operations-for-ue-v-10.md) - -  - -  - - - - - diff --git a/mdop/uev-v1/supported-configurations-for-ue-v-10.md b/mdop/uev-v1/supported-configurations-for-ue-v-10.md deleted file mode 100644 index b03acac6d8..0000000000 --- a/mdop/uev-v1/supported-configurations-for-ue-v-10.md +++ /dev/null @@ -1,181 +0,0 @@ ---- -title: Supported Configurations for UE-V 1.0 -description: Supported Configurations for UE-V 1.0 -author: dansimp -ms.assetid: d90ab83e-741f-48eb-b1d8-a64cb9259f7a -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Supported Configurations for UE-V 1.0 - - -Microsoft User Experience Virtualization (UE-V) supports the following described configurations. - -**Note**   -Microsoft provides support for the current service pack, and in some cases, the preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For more information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976). - - - -## Supported configurations for UE-V Agent and UE-V Generator - - -The following table lists the operating systems that support the User Experience Virtualization Generator and the User Experience Virtualization agent. - - ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating systemEditionService packSystem architectureMicrosoft .NET Framework

Windows 7

Ultimate, Enterprise, or Professional Edition

SP1

32-bit or 64-bit

.NET Framework 3.5 SP1

-

.NET Framework 4 (Generator)

Windows Server 2008 R2

Standard, Enterprise, Data Center, or Web Server

SP1

64-bit

.NET Framework 3.5 SP1

-

.NET Framework 4 (Generator)

Windows 8

Enterprise or Professional Edition

None

32-bit or 64-bit

.NET Framework 4 or .NET Framework 3.5 SP1 (Agent)

-

.NET Framework 4 (Generator)

Windows Server 2012

Standard or Datacenter

None

64-bit

.NET Framework 4 or .NET Framework 3.5 SP1 (Agent)

-

.NET Framework 4 (Generator)

- - - -There are no special RAM requirements that are specific to UE-V. - -The installation of the UE-V agent requires administrative rights and will require a restart the computer before the UE-V agent can run. - -**Important**   -The Sync Your Settings feature in Windows 8 must be disabled to allow UE-V to function properly. Synchronization of settings with both Windows 8 and UE-V will result in unpredictable synchronization behavior. - - - -### Requirements for the Offline Files feature - -The UE-V agent can synchronize user settings for computers that are not always connected to the enterprise network, such as a laptop computer or computers that are located at remote offices, as well as computers that are always connected to the enterprise network, such as Windows Servers that host virtual desktop interface (VDI) sessions. - -The UE-V default configuration uses the Windows Offline File feature to synchronize settings. Offline Files ensures that the user’s settings are available even when the computer leaves the enterprise network. Any changes that are made to settings are automatically synchronized with the settings storage location when the connection to the enterprise network is reestablished. Offline Files also ensures that the user’s settings are available for computers that are located in a remote office with a slow or limited connection. - -To synchronize settings for computers that occasionally leave the enterprise network, the Offline Files feature must be enabled and started before the UE-V agent deployment begins. The Offline Files feature is enabled by default on Windows 7. The feature is disabled by default on Windows Server 2008 R2, Windows Server 2012, and Windows 8. If the Offline Files feature is not enabled, then UE-V settings synchronization will fail. - -- **Windows 7** - - The Offline Files feature is enabled by default on Windows 7. If necessary, Offline Files can be enabled by using the following command at an elevated command prompt: - - ``` syntax - sc config CscService start=auto - ``` - -- **Windows 8** - - The Offline Files feature is disabled by default on Windows 8 version. Offline Files can be enabled on Windows 8 by using the following command at an elevated command prompt: - - ``` syntax - sc config CscService start=auto - ``` - -- **Windows Server 2008 R2, and Windows Server 2012** - - The Offline Files feature is not installed by default on Windows Server 2008 R2 or Windows Server 2012. In order to enable the Offline Files feature, the Desktop Experience pack must be installed. This is an optional server component that includes the Offline Files feature. Once it is installed, start the Offline Files feature with the following commands at an elevated command prompt: - - ``` syntax - sc config csc start= system - ``` - - ``` syntax - sc config cscservice start= auto - ``` - -The computer must be rebooted before the settings will start to synchronize. - -### Synchronization for computers with always-available connections - -When you use UE-V on computers that are always connected to the enterprise network, such as a Windows Server computer that hosts VDI sessions, then Offline Files should be disabled. - -When the UE-V agent is configured to synchronize settings without using Offline Files, the settings storage server is treated as a standard network share. Settings are synchronized when the network is available. In this configuration the UE-V agent can be configured to give a notification if the import of the application settings is delayed. - -If the Offline Files feature will not be used, you must disable the UE-V default behavior before or during the UE-V agent deployment. To disable Offline Files for UE-V, do one of the following: - -- Before you deploy the UE-V agent, mark the “Do not use Offline Files” checkbox in the UE-V Group Policy setting. - -- During UE-V installation, set the AgentSetup.exe parameter `SyncMethod = None` at the command prompt or in a batch file. For more information about how to deploy the agent, see [Deploying the UE-V Agent](deploying-the-ue-v-agent.md). - -If you disable the Offline Files setting for UE-V and you do not specify the **SyncMethod** parameter at the installation time, the UE-V agent installation will fail. You can also disable the Offline Files with PowerShell or WMI. For more information about WMI and PowerShell commands, see [Managing the UE-V 1.0 Agent and Packages with PowerShell and WMI](managing-the-ue-v-10-agent-and-packages-with-powershell-and-wmi.md). - -The computer must be rebooted before the settings will start to synchronize. - -### Prerequisites for the UE-V PowerShell feature - -The UE-V PowerShell feature of the agent requires .NET Framework version 3.5 SP1 to be enabled and PowerShell version 2.0 or higher. - -### Prerequisites for UE-V Generator support - -Install the UE-V Generator on the computer that is used to create custom settings location templates. This computer should have those applications installed whose settings will roam. You must be a member of the Administrators group on the computer that runs the UE-V Generator software. Additionally, the UE-V Generator must be installed on a computer that uses an NTFS file system. The UE-V Generator software requires .NET Framework version 4. For more information, see [Planning for Custom Template Deployment for UE-V 1.0](planning-for-custom-template-deployment-for-ue-v-10.md). - -## Related topics - - -[Planning for UE-V 1.0](planning-for-ue-v-10.md) - -[Preparing Your Environment for UE-V](preparing-your-environment-for-ue-v.md) - -[Deploying UE-V 1.0](deploying-ue-v-10.md) - -Supported Configurations for User Experience Virtualization -[Deploying the Settings Storage Location for UE-V 1.0](deploying-the-settings-storage-location-for-ue-v-10.md) - -[Installing the UE-V Generator](installing-the-ue-v-generator.md) - -[Deploying the UE-V Agent](deploying-the-ue-v-agent.md) - - - - - - - - - diff --git a/mdop/uev-v1/troubleshooting-ue-v-10.md b/mdop/uev-v1/troubleshooting-ue-v-10.md deleted file mode 100644 index 2efd5fe123..0000000000 --- a/mdop/uev-v1/troubleshooting-ue-v-10.md +++ /dev/null @@ -1,90 +0,0 @@ ---- -title: Troubleshooting UE-V 1.0 -description: Troubleshooting UE-V 1.0 -author: dansimp -ms.assetid: e40f46a9-34f6-40ee-801b-9bf91f65c0e1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Troubleshooting UE-V 1.0 - - -Troubleshooting content is not included in the Administrator's Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905). - -## Find troubleshooting information - - -You can use the following information to find troubleshooting content or additional technical content for this product. - -### Search the MDOP documentation - -The first step to find help content in the Administrator’s Guide is to search the MDOP documentation on TechNet. After you search the MDOP documentation, you can search the troubleshooting information for the product in the TechNet Wiki. These search methods are described in the following sections. - -**To search the MDOP product documentation** - -1. Open a web browser and navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) home page on TechNet. - -2. Locate the **Search TechNet with Bing** search box and enter your search term. - -3. Review the search results for assistance. - -**To search the TechNet Wiki** - -1. Open a web browser and navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page. - -2. Locate the **Search TechNet Wiki** search box and enter your search term. - -3. Review the search results for assistance. - -## Create a troubleshooting article - - -If you have a troubleshooting tip or a best practice to share that is not already included in the MDOP Online Help or TechNet Wiki, you can create your own TechNet Wiki article. - -**To create a TechNet Wiki troubleshooting or best practices article** - -1. Open a web browser and navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page. - -2. Log on with your Windows Live ID. - -3. Review the **Getting Started** section to learn the basics of the TechNet Wiki and its articles. - -4. Select **Post an article** in the **Getting Started** section. - -5. On the Wiki article **Add Page** page, select **Insert Template** from the toolbar, select the troubleshooting article template (**Troubleshooting.html**), and then click **Insert**. - -6. Give the article a descriptive title and then overwrite the template information as needed to create your article. - -7. After you review your article, add a tag that is named **Troubleshooting** and another tag for the product name. This helps others to find your content. - -8. Click **Save** to publish the article to the TechNet Wiki. - -## Other resources for this product - - -[Microsoft User Experience Virtualization (UE-V) 1.0](index.md) - -[Getting Started With User Experience Virtualization 1.0](getting-started-with-user-experience-virtualization-10.md) - -[Planning for UE-V 1.0](planning-for-ue-v-10.md) - -[Deploying UE-V 1.0](deploying-ue-v-10.md) - -[Operations for UE-V 1.0](operations-for-ue-v-10.md) - -  - -  - - - - - diff --git a/mdop/uev-v1/ue-v-10-security-considerations.md b/mdop/uev-v1/ue-v-10-security-considerations.md deleted file mode 100644 index ce833afd9f..0000000000 --- a/mdop/uev-v1/ue-v-10-security-considerations.md +++ /dev/null @@ -1,256 +0,0 @@ ---- -title: UE-V 1.0 Security Considerations -description: UE-V 1.0 Security Considerations -author: dansimp -ms.assetid: c5cdf9ff-dc96-4491-98e9-0eada898ffe0 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# UE-V 1.0 Security Considerations - - -This topic contains a brief overview of accounts and groups, log files, and other security-related considerations for Microsoft User Experience Virtualization (UE-V). For more information, follow the links that are provided here. - -## Security considerations for UE-V configuration - - -**When you create the settings storage share, limit the share access to users that need access.** - -Because settings packages may contain personal information, you should take care to protect them as well as possible. In general, do the following: - -- Restrict the share to only the users that need access. Create a security group for users that have redirected folders on a particular share, and limit access to only those users. - -- When you create the share, hide the share by putting a $ after the share name. This will hide the share from casual browsers, and the share will not be visible in My Network Places. - -- Only give users the minimum amount of permissions needed. The permissions needed are shown in the tables below. - - 1. Set the following share-level (SMB) permissions for the setting storage location folder: - - - - - - - - - - - - - - - - - - - - - - -
User accountRecommended permissions

Everyone

No Permissions

Security group of UE-V

Full Control

- - - -~~~ -2. Set the following NTFS permissions for the settings storage location folder: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
User accountRecommended permissionsFolder

Creator/Owner

No Permissions

No Permissions

Domain Admins

Full Control

This Folder, Subfolders and Files

Security group of UE-V users

List Folder/Read Data, Create Folders/Append Data

This Folder Only

Everyone

Remove all Permissions

No Permissions

- - - -3. Set the following share-level (SMB) permissions for the settings template catalog folder. - - - - - - - - - - - - - - - - - - - - - - - - - - -
User accountRecommend permissions

Everyone

No Permissions

Domain Computers

Read Permission Levels

Administrators

Read/Write Permission Levels

- - - -4. Set the following NTFS permissions for the settings template catalog folder. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
User accountRecommended permissionsApply to

Creator/Owner

Full Control

This Folder, Subfolders and Files

Domain Computers

List Folder Contents and Read

This Folder, Subfolders and Files

Everyone

No Permissions

No Permissions

Administrators

Full Control

This Folder, Subfolders and Files

-~~~ - - - -### Use Windows Server 2003 or later servers to host redirected file shares - -User settings package files contain personal information that is transferred between the client computer and the server that stores the settings packages. Because of this, you should ensure that the data is protected while it travels over the network. - -User settings data is vulnerable to these potential threats: interception of the data as it passes over the network; tampering with the data as it passes over the network; and spoofing of the server that hosts the data. - -Several features of Windows Server 2003 and above can help to secure user data: - -- **Kerberos** - Kerberos is standard on all versions of Windows 2000 and Windows Server 2003 and later. Kerberos ensures the highest level of security to network resources. NTLM authenticates the client only; Kerberos authenticates the server and the client. When NTLM is used, the client does not know whether the server is valid. This is particularly important if the client is exchanging personal files with the server, as is the case with Roaming Profiles. Kerberos provides better security than NTLM. Kerberos is not available on Windows NT version 4.0 or earlier operating systems. - -- **IPsec** - The IP Security Protocol (IPsec) provides network-level authentication, data integrity, and encryption. IPsec ensures the following: - - - Roamed data is safe from data modification while en route. - - - Roamed data is safe from interception, viewing, or copying. - - - Roamed data is safe from being accessed by unauthenticated parties. - -- **SMB Signing** - The Server Message Block (SMB) authentication protocol supports message authentication which prevents active message and "man-in-the-middle" attacks. SMB signing provides this authentication by placing a digital signature into each SMB. The digital signature is then verified by both the client and the server. In order to use SMB signing, you must first either enable it or require it on both the SMB client and the SMB server. Note that the SMB signing imposes a performance penalty. It does not consume any more network bandwidth, but it uses more CPU cycles on the client and server side. - -### Always use the NTFS File system for volumes holding users data - -For the most secure configuration, configure servers that host the UE-V settings files to use the NTFS File System. Unlike FAT, NTFS supports Discretionary access control lists (DACLs) and system access control lists (SACLs). DACLs and SACLs control who can perform operations on a file and what events will trigger the logging of actions performed on a file. - -### Do not rely on EFS to encrypt users’ files when transmitted over the network - -When you use Encrypting File System (EFS) to encrypt files on a remote server, the encrypted data is not encrypted during transit over the network; It only becomes encrypted when stored on disk. - -The exceptions to this are when your system includes Internet Protocol security (IPsec) or Web Distributed Authoring and Versioning (WebDAV). IPsec encrypts data while it is transported over a TCP/IP network. If the file is encrypted before being copied or moved to a WebDAV folder on a server, it will remain encrypted during the transmission and while it is stored on the server. - -### Encrypt the Offline Files cache - -By default, the Offline Files cache is protected on NTFS partitions by ACLs, but encrypting the cache further enhances security on a local computer. By default, the cache on the local computer is not encrypted, so any encrypted files cached from the network will not be encrypted on the local computer. This may pose a security risk in some environments. - -When encryption is enabled, all files in the Offline Files cache are encrypted. This includes encrypting existing files as well as files that are added later. The cached copy on the local computer is affected, but the associated network copy is not. - -The cache can be encrypted in one of two ways: - -1. Via Group Policy. - Enable the **Encrypt the Offline Files Cache** setting, located at Computer Configuration\\Administrative Templates\\Network\\Offline Files, in the Group Policy editor. - -2. Manually. - Select Tools and then Folder Options in the command menu of Windows Explorer. Select the Offline Files tab, and then select the **Encrypt offline files to secure data** check box. - -### Let the UE-V Agent create folders for each user - -To ensure that UE-V works optimally, create only the root share on the server, and let the UE-V Agent create the folders for each user. UE-V will create these user folders with the appropriate security. - -This permission configuration allows users to create folders for settings storage. The UE-V agent creates and secures a settingspackage folder while running in the context of the user. The user receives full control to their settingspackage folder. Other users do not inherit access to this folder. You do not need to create and secure individual user directories. This will be done automatically by the agent that runs in the context of the user. - -**Note** -Additional security can be configured when a Windows server is utilized for the settings storage share. UE-V can be configured to verify that either the local administrator's group or the current user is the owner of the folder where settings packages are stored. To enable additional security use the following command: - -1. Add a REG\_DWORD registry key named "RepositoryOwnerCheckEnabled" to `HKEY_LOCAL_MACHINE\Software\Microsoft\UEV\Agent\Configuration`. - -2. Set registry key value to 1. - -When this configuration setting is in place, the UE-V agent verifies that the local administrator’s group or current user is the owner of the settingspackage folder. If not, then the UE-V agent will not allow access to the folder. - - - -If you must create folders for the users and ensure that you have the correct permissions set. - -We strongly recommend that you do not precreate folders and that instead, you allow the UE-V agent to create the folder for the user. - -### Ensure that correct permissions are set when storing UE-V settings in a user’s home directory - -If you redirect UE-V settings to a user’s home directory, be sure that the permissions on the user's home directory are set appropriately for your organization. - -## Related topics - - -[Security and Privacy for UE-V 1.0](security-and-privacy-for-ue-v-10.md) - - - - - - - - - diff --git a/mdop/uev-v1/ue-v-checklist.md b/mdop/uev-v1/ue-v-checklist.md deleted file mode 100644 index 6cba1a8c57..0000000000 --- a/mdop/uev-v1/ue-v-checklist.md +++ /dev/null @@ -1,87 +0,0 @@ ---- -title: UE-V Checklist -description: UE-V Checklist -author: dansimp -ms.assetid: 0e4b9bd5-4e60-4673-b698-90612008fc2b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# UE-V Checklist - - -Use this checklist to plan for preparing your computing environment for Microsoft User Experience Virtualization (UE-V) deployment. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
TaskReferences

Review the Getting Started information about UE-V to gain a basic understanding of the product before you begin the deployment planning.

Getting Started With User Experience Virtualization 1.0

Prepare your environment for UE-V 1.0 deployment.

Preparing Your Environment for UE-V

Plan which applications end users can synchronize with UE-V 1.0.

Planning Which Applications to Synchronize with UE-V 1.0

Custom settings templates only - create custom settings location templates and then define a setting template catalog.

Deploying the Settings Template Catalog for UE-V 1.0

-

Create UE-V Settings Location Templates with the UE-V Generator

Decide which method of configuration (Group Policy, PowerShell, ESD-command line, or batch file) works best for your environment and plan how to configure UE-V 1.0.

Planning for UE-V Configuration Methods

Deploy the network share to store settings packages.

Deploying the Settings Storage Location for UE-V 1.0

Custom settings templates only – deploy the features that are required to create and store applications other than the UE-V default applications.

Deploying the Settings Template Catalog for UE-V 1.0

-

Installing the UE-V Generator

Familiarize yourself with the administration and management tasks for UE-V.

Administering UE-V 1.0

- - - -## Related topics - - -[Planning for UE-V 1.0](planning-for-ue-v-10.md) - -[Deploying UE-V 1.0](deploying-ue-v-10.md) - - - - - - - - - diff --git a/mdop/uev-v1/user-experience-virtualization-privacy-statement.md b/mdop/uev-v1/user-experience-virtualization-privacy-statement.md deleted file mode 100644 index 32718bfa04..0000000000 --- a/mdop/uev-v1/user-experience-virtualization-privacy-statement.md +++ /dev/null @@ -1,173 +0,0 @@ ---- -title: User Experience Virtualization Privacy Statement -description: User Experience Virtualization Privacy Statement -author: dansimp -ms.assetid: c2919034-f2cf-48d6-b18e-4dd318252426 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# User Experience Virtualization Privacy Statement - - -Microsoft is committed to protecting your privacy, while delivering software that brings you the performance, power, and convenience you desire in your personal computing. This privacy statement explains many of the data collection and use practices of Microsoft User Experience Virtualization (“UE-V”). This is a preliminary disclosure that focuses on features that communicate with the Internet and is not intended to be an exhaustive list. - -Microsoft User Experience Virtualization allows the separation of settings from an application or operating system. Those settings can then be transferred to a remote storage location, eliminating the constraints of local storage and giving users the ability to have their settings follow them to other computers. - -## Collection and Use of Your Information - - -The information we collect from you will be used by Microsoft and its controlled subsidiaries and affiliates to enable the features you are using and provide the service(s) or carry out the transaction(s) you have requested or authorized. It may also be used to analyze and improve Microsoft products and services. - -We may send certain mandatory service communications such as welcome letters, billing reminders, information on technical service issues, and security announcements. Some Microsoft services may send periodic member letters that are considered part of the service. We may occasionally request your feedback, invite you to participate in surveys, or send you promotional mailings to inform you of other products or services available from Microsoft and its affiliates. - -In order to offer you a more consistent and personalized experience in your interactions with Microsoft, information collected through one Microsoft service may be combined with information obtained through other Microsoft services. We may also supplement the information we collect with information obtained from other companies. For example, we may use services from other companies that enable us to derive a general geographic area based on your IP address in order to customize certain services to your geographic area. - -Except as described in this statement, personal information you provide will not be transferred to third parties without your consent. We occasionally hire other companies to provide limited services on our behalf, such as packaging, sending and delivering purchases and other mailings, answering customer questions about products or services, processing event registration, or performing statistical analysis of our services. We will only provide those companies the personal information they need to deliver the service, and they are prohibited from using that information for any other purpose. - -Microsoft may access or disclose information about you, including the content of your communications, in order to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft or our customers, including the enforcement of our agreements or policies governing your use of the services; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers, or the public. We may also disclose personal information as part of a corporate transaction such as a merger or sale of assets. - -Information that is collected by or sent to Microsoft by UE-V may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries, or service providers maintain facilities. Microsoft abides by the safe harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union, the European Economic Area, and Switzerland. - -## Collection and Use of Information about Your Computer - - -When you use software with Internet-enabled features, information about your computer ("standard computer information") is sent to the Web sites you visit and online services you use. Microsoft uses standard computer information to provide you Internet-enabled services, to help improve our products and services, and for statistical analysis. Standard computer information typically includes information such as your IP address, operating system version, browser version, and regional and language settings. In some cases, standard computer information may also include hardware ID, which indicates the device manufacturer, device name, and version. If a particular feature or service sends information to Microsoft, standard computer information will be sent as well. - -The privacy details for each UE-V feature, software or service listed in this privacy statement describe what additional information is collected and how it is used. - -## Security of Your Information - - -Microsoft is committed to helping protect the security of your information. We use a variety of security technologies and procedures to help protect your information from unauthorized access, use, or disclosure. For example, we store the information you provide on computer systems with limited access, which are located in controlled facilities. - -## Changes to This Privacy Statement - - -We will occasionally update this privacy statement to reflect changes in our products, services, and customer feedback. When we post changes, we will revise the "last updated" date at the top of this statement. If there are material changes to this statement or in how Microsoft will use your personal information, we will notify you either by posting a notice of such changes prior to implementing the change or by directly sending you a notification. We encourage you to periodically review this statement to be informed of how Microsoft is protecting your information. - -## For More Information - - -Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement or believe that we have not adhered to it, please contact us [MSUEVPrivacy@microsoft.com](mailto:%20MSUEVPrivacy@microsoft.com). - -## Specific features - - -The remainder of this document will address the following specific features: - -### UE-V Generator - -**What This Feature Does**: - -The UE-V generator is used to create settings location templates. These templates allow users to roam the settings for their applications. - -**Information Collected, Processed, or Transmitted**: - -When creating a settings location template the UE-V generator uses a Lightweight Directory Access Protocol (LDAP) query to get username and email address of the current logged in user. This information is stored in the template as the template author name and template author email. None of this information is sent to Microsoft. - -If you plan to share settings location templates with anyone outside your organization you should review all the settings locations and ensure the settings location template do not contain any personal or company information. You can view the contents by opening the settings location template files using any XML viewer. The following are ways you can view and remove any personal or company information from the settings location template files before sharing with anyone outside your company: - -- **Template Author Name** – Specify a general, non-identifying name for the template author name or exclude this data from the template. - -- **Template Author Email** – Specify a general, non-identifying template author email or exclude this data from the template. - -**Use of Information**: - -The template author name and template author email can be used to identify the author of settings location template. If you share the template, the author name and email is viewable to all who use the template. No information is sent to Microsoft. - -**Choice/Control**:  - -To remove the template author name or template author email, start the UE-V generator application. Select **Edit a Settings Location Template**. Select the settings location template to edit from the recently used templates or Browse to the settings template file. Select **Next** to continue. On the Properties page, remove the data from the Template author name or Template author email text fields. Save the settings location template. - -## Customer Experience Improvement Program - - -**What This Feature Does:** - -The Customer Experience Improvement Program (“CEIP”) collects basic information about your hardware configuration and how you use our software and services in order to identify trends and usage patterns. CEIP also collects the type and number of errors you encounter, software and hardware performance, and the speed of services. We will not collect your name, address, or other contact information. - -**Information Collected, Processed, or Transmitted:** - -For more information about the information collected, processed, or transmitted by CEIP, see the CEIP privacy statement at . - -**Use of Information:** - -We use this information to improve the quality, reliability, and performance of Microsoft software and services. - -**Choice/Control:** - -You are offered the opportunity to participate in CEIP during setup of the UE-V Agent. If you choose to participate and later change your mind, you can turn off CEIP at any time by:Re-running the UE-V agent setup and opting out of CEIP or by setting the following registry key either manually or via Group Policy: - -``` syntax -Key = HKEY_LOCAL_MACHINE\Software\Microsoft\UEV\Agent -RegEntry name = CustomerExperienceImprovementProgram -Entry type REG_DWORD (Hexadecimal): -0 is off -1 is on -``` - -## Microsoft Error Reporting - - -**What This Feature Does:** - -Microsoft Error Reporting provides a service that allows you to report problems you may be having with UE-V or other enabled applications to Microsoft and to receive information that may help you avoid or solve such problems. - -**Information Collected, Processed, or Transmitted:** - -For information about the information collected, processed, or transmitted by Microsoft Error Reporting, see the Microsoft Error Reporting privacy statement at . - -**Use of Information:** - -We use the error reporting data to solve customer problems and improve our software and services. - -**Choice/Control:** - -If you choose the recommended settings during Windows setup, you turn on automatic checking for solutions, which will send basic error reports and look for solutions to the problems reported. If you use automatic checking, you are not typically prompted to send basic information about errors to Microsoft. If a more detailed error report is required, you will be prompted to review it. You can change this setting at any time by going to Action Center in Control Panel. - -**Important Information:** - -Enterprise customers can use Group Policy to configure how Microsoft Error Reporting behaves on their computers. Configuration options include the ability to turn off Microsoft Error Reporting. If you are an administrator and wish to configure Group Policy for Microsoft Error Reporting, technical details are available at . - -UE-V will not modify the Microsoft Error Reporting preference and will honor the system setting in the Control Panel and/or the setting enforced via Group Policy. - -## Microsoft Update - - -**What This Feature Does:** - -Microsoft Update is a service that provides Windows updates as well as updates for other Microsoft software. - -**Information Collected, Processed, or Transmitted:** - -For details about what information is collected and how it is used, see the Update Services Privacy Statement at - -**Use of Information:** - -- For details about what information is collected and how it is used, see the Update Services Privacy Statement at . - -- Choice/Control: - - For details about controlling this feature, see the Update Services Privacy Statement at . - -## Related topics - - -[Security and Privacy for UE-V 1.0](security-and-privacy-for-ue-v-10.md) - - - - - - - - - diff --git a/mdop/uev-v1/validate-ue-v-settings-location-templates-with-ue-v-generator.md b/mdop/uev-v1/validate-ue-v-settings-location-templates-with-ue-v-generator.md deleted file mode 100644 index c94f45ff95..0000000000 --- a/mdop/uev-v1/validate-ue-v-settings-location-templates-with-ue-v-generator.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: Validate UE-V Settings Location Templates with UE-V Generator -description: Validate UE-V Settings Location Templates with UE-V Generator -author: dansimp -ms.assetid: 131c636c-173a-4b41-af5d-9a75b453b9d8 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Validate UE-V Settings Location Templates with UE-V Generator - - -It is possible to create or edit settings locations templates in an XML editor without using the UE-V Generator. If you do so, you can use the UE-V Generator to validate that the new or revised XML matches the schema that has been defined for the template. - -**To validate a UE-V settings location template with the UE-V Generator** - -1. Click **Start**, and then point to **All Programs**. Point to **Microsoft User Experience Virtualization**, and then click **Microsoft User Experience Virtualization Generator**. - -2. Click **Validate a settings location template**. - -3. In the list of recently used templates, select the template to be edited. Alternatively, you can **Browse** to the settings template file. Click **Next** to continue. - -4. Click **Validate** to continue. - -5. Click **Close** to close the Settings Template Wizard. Exit the UE-V Generator application. - - After you validate the settings location template for an application, you should test the template. Deploy the template in a lab environment before you put it into production in the enterprise. - -## Related topics - - -[Working with Custom UE-V Templates and the UE-V Generator](working-with-custom-ue-v-templates-and-the-ue-v-generator.md) - -[Operations for UE-V 1.0](operations-for-ue-v-10.md) - -  - -  - - - - - diff --git a/mdop/uev-v1/working-with-custom-ue-v-templates-and-the-ue-v-generator.md b/mdop/uev-v1/working-with-custom-ue-v-templates-and-the-ue-v-generator.md deleted file mode 100644 index 4447b5f189..0000000000 --- a/mdop/uev-v1/working-with-custom-ue-v-templates-and-the-ue-v-generator.md +++ /dev/null @@ -1,92 +0,0 @@ ---- -title: Working with Custom UE-V Templates and the UE-V Generator -description: Working with Custom UE-V Templates and the UE-V Generator -author: dansimp -ms.assetid: 7bb2583a-b032-4800-9bf9-eb33528e1d0d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Working with Custom UE-V Templates and the UE-V Generator - - -In order to roam applications between user computers, Microsoft User Experience Virtualization (UE-V) uses *settings location templates*. Some settings location templates are included with User Experience Virtualization. You can also create, edit, or validate custom settings location templates with the UE-V Generator. - -The UE-V Generator monitors an application to discover and capture the locations where the application stores its settings. The application being monitored must be a traditional application. The UE-V Generator cannot create a settings location template for the following application types: - -- Virtualized applications - -- Application offered through terminal services - -- Java applications - -- Windows 8 applications - -## Create UE-V Settings Location Templates with the UE-V Generator - - -How to use the UE-V Generator to create settings location templates. - -[Create UE-V Settings Location Templates with the UE-V Generator](create-ue-v-settings-location-templates-with-the-ue-v-generator.md) - -## Edit UE-V Settings Location Templates with the UE-V Generator - - -How to use the UE-V Generator to edit settings location templates. - -[Edit UE-V Settings Location Templates with the UE-V Generator](edit-ue-v-settings-location-templates-with-the-ue-v-generator.md) - -## Validate UE-V Settings Location Templates with UE-V Generator - - -How to use the UE-V Generator to validate settings location templates modified outside the UE-V Generator. - -[Validate UE-V Settings Location Templates with UE-V Generator](validate-ue-v-settings-location-templates-with-ue-v-generator.md) - -## Standard and Nonstandard settings locations - - -The UE-V Generator helps you identify where applications look for settings files and registry settings that applications use to store settings information. You can use the UE-V Generator to open the application as part of the discovery process to capture settings in standard locations. Standard locations include the following: - -- **Registry Settings** – Registry locations under **HKEY\_CURRENT\_USER** - -- **Application Settings Files** – Files stored under \\ **Users** \\ \[User name\] \\ **AppData** \\ **Roaming** - -The UE-V Generator excludes locations which commonly store application software files do not roam well between user computers or environments. The UE-V Generator excludes these locations. Excluded locations are as follows: - -- HKEY\_CURRENT\_USER registry keys and files to which the logged-on user cannot write values - -- HKEY\_CURRENT\_USER registry keys and files that are associated with the core functionality of the Windows operating system - -- All registry keys that are located in the HKEY\_LOCAL\_MACHINE hive (Requires Administrator rights and might require UAC agreement to set) - -- Files that are located in Program Files directories (Requires Administrator rights and might require UAC agreement to set) - -- Files located in Users \\ \[User name\] \\ AppData \\ LocalLow - -- Windows operating system files that are located in %systemroot% (Requires Administrator rights and might require UAC agreement to set) - -If registry keys and files stored in these locations are required in order to roam application settings, you can manually add the excluded locations to the settings location template during the template creation process. - -## Other resources for this product - - -[Operations for UE-V 1.0](operations-for-ue-v-10.md) - -[Administering UE-V 1.0](administering-ue-v-10.md) - -  - -  - - - - - diff --git a/mdop/uev-v2/TOC.md b/mdop/uev-v2/TOC.md deleted file mode 100644 index 3b2e1f1d06..0000000000 --- a/mdop/uev-v2/TOC.md +++ /dev/null @@ -1,33 +0,0 @@ -# [User Experience Virtualization 2.x](index.md) -## [Get Started with UE-V 2.x](get-started-with-ue-v-2x-new-uevv2.md) -### [What's New in UE-V 2.1 SP1](whats-new-in-ue-v-21-sp1uevv21-sp1.md) -#### [Microsoft User Experience Virtualization (UE-V) 2.1 SP1 Release Notes](microsoft-user-experience-virtualization--ue-v--21-sp1-release-notes.md) -### [What's New in UE-V 2.1](whats-new-in-ue-v-21-new-uevv2.md) -#### [Microsoft User Experience Virtualization (UE-V) 2.1 Release Notes](microsoft-user-experience-virtualization--ue-v--21-release-notesuevv21.md) -### [What's New in UE-V 2.0](whats-new-in-ue-v-20-new-uevv2.md) -#### [Microsoft User Experience Virtualization (UE-V) 2.0 Release Notes](microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md) -## [Prepare and Deploy UE-V 2.x](prepare-a-ue-v-2x-deployment-new-uevv2.md) -### [Deploy Required Features for UE-V 2.x](deploy-required-features-for-ue-v-2x-new-uevv2.md) -### [Custom Application Deployment for UE-V 2.x](deploy-ue-v-2x-for-custom-applications-new-uevv2.md) -## [Administer UE-V 2.x](administering-ue-v-2x-new-uevv2.md) -### [Manage Configurations for UE-V 2.x](manage-configurations-for-ue-v-2x-new-uevv2.md) -#### [Configure UE-V 2.x with Group Policy](configuring-ue-v-2x-with-group-policy-objects-both-uevv2.md) -#### [Configure UE-V 2.x with Configuration Manager](configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md) -#### [Administer UE-V 2.x with PowerShell and WMI](administering-ue-v-2x-with-windows-powershell-and-wmi-both-uevv2.md) -##### [Manage UE-V 2.x Agent and Packages](managing-the-ue-v-2x-agent-and-packages-with-windows-powershell-and-wmi-both-uevv2.md) -##### [Manage UE-V 2.x Templates](managing-ue-v-2x-settings-location-templates-using-windows-powershell-and-wmi-both-uevv2.md) -#### [Configure the Company Settings Center for UE-V 2.x](configuring-the-company-settings-center-for-ue-v-2x-both-uevv2.md) -### [Custom UE-V 2.x Templates and the UE-V 2.x Generator](working-with-custom-ue-v-2x-templates-and-the-ue-v-2x-generator-new-uevv2.md) -### [Backup and Restore in UE-V 2.x](manage-administrative-backup-and-restore-in-ue-v-2x-new-topic-for-21.md) -### [UE-V 2.x Scheduled Tasks](changing-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md) -### [Migrate UE-V 2.x Settings Packages](migrating-ue-v-2x-settings-packages-both-uevv2.md) -### [UE-V 2.x and App-V](using-ue-v-2x-with-application-virtualization-applications-both-uevv2.md) -## [Troubleshoot UE-V 2.x](troubleshooting-ue-v-2x-both-uevv2.md) -## [Technical Reference for UE-V 2.x](technical-reference-for-ue-v-2x-both-uevv2.md) -### [Sync Methods for UE-V 2.x](sync-methods-for-ue-v-2x-both-uevv2.md) -### [Sync Trigger Events for UE-V 2.x](sync-trigger-events-for-ue-v-2x-both-uevv2.md) -### [Sync Office 2013 with UE-V 2.0](synchronizing-office-2013-with-ue-v-20-both-uevv2.md) -### [Schema Reference for UE-V 2.x](application-template-schema-reference-for-ue-v-2x-both-uevv2.md) -### [Accessibility for UE-V 2.x](accessibility-for-ue-v-2x-both-uevv2.md) -### [Security Considerations for UE-V 2.x](security-considerations-for-ue-v-2x-both-uevv2.md) - diff --git a/mdop/uev-v2/accessibility-for-ue-v-2x-both-uevv2.md b/mdop/uev-v2/accessibility-for-ue-v-2x-both-uevv2.md deleted file mode 100644 index e27695620c..0000000000 --- a/mdop/uev-v2/accessibility-for-ue-v-2x-both-uevv2.md +++ /dev/null @@ -1,104 +0,0 @@ ---- -title: Accessibility for UE-V 2.x -description: Accessibility for UE-V 2.x -author: dansimp -ms.assetid: ec05da5f-4558-4d4d-9b58-3b8ed68cf2fe -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Accessibility for UE-V 2.x - - -Microsoft is committed to making its products and services easier for everyone to use. This section provides information about features and services that make this product and its corresponding documentation more accessible for people with disabilities. - -## Access any command with a few keystrokes - - -You can access most commands by using two keystrokes. To use an access key: - -1. Press Alt. - - The keyboard shortcuts are displayed over each feature that is available in the current view. - -2. Press the letter that is shown in the keyboard shortcut over the feature that you want to use. - -### Documentation in alternative formats - -If you have difficulty reading or handling printed materials, you can obtain the documentation for many Microsoft products in more accessible formats. You can view an index of accessible product documentation on the Microsoft Accessibility website. In addition, you can obtain additional Microsoft publications from Learning Ally, formerly known as Recording for the Blind & Dyslexic, Inc. Learning Ally distributes these documents to registered, eligible members of their distribution service. - -For information about the availability of Microsoft product documentation and books from Microsoft Press, use the following contact. - - ---- - - - - - - - - - - - - - - - - - - - - - - -

Learning Ally (formerly Recording for the Blind & Dyslexic, Inc.)

-

20 Roszel Road

-

Princeton, NJ 08540

Telephone number from within the United States:

(800) 221-4792

Telephone number from outside the United States and Canada:

(609) 452-0606

Fax:

(609) 987-8116

http://www.learningally.org/

Web addresses can change, so you might be unable to connect to the website or sites that are mentioned here.

- - - -### Customer service for people with hearing impairments - -If you are deaf or hard-of-hearing, complete access to Microsoft product and customer services is available through a text telephone (TTY/TDD) service: - -- For customer service, contact Microsoft Sales Information Center at (800) 892-5234 between 6:30 AM and 5:30 PM Pacific Time, Monday through Friday, excluding holidays. - -- For technical assistance in the United States, contact Microsoft Product Support Services at (800) 892-5234 between 6:00 AM and 6:00 PM Pacific Time, Monday through Friday, excluding holidays. In Canada, dial (905) 568-9641 between 8:00 AM and 8:00 PM Eastern Time, Monday through Friday, excluding holidays. - -Microsoft Support Services are subject to the prices, terms, and conditions in place at the time that the service is used. - -## For more information - - -For more information about how accessible technology for computers can help to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/p/?linkid=8431). - - - - - - -## Related topics - - -[Technical Reference for UE-V 2.x](technical-reference-for-ue-v-2x-both-uevv2.md) - - - - - - - - - diff --git a/mdop/uev-v2/administering-ue-v-2x-new-uevv2.md b/mdop/uev-v2/administering-ue-v-2x-new-uevv2.md deleted file mode 100644 index 67f7c914ec..0000000000 --- a/mdop/uev-v2/administering-ue-v-2x-new-uevv2.md +++ /dev/null @@ -1,89 +0,0 @@ ---- -title: Administering UE-V 2.x -description: Administering UE-V 2.x -author: dansimp -ms.assetid: 996e4797-8383-4627-b714-24a84c907798 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Administering UE-V 2.x - - -After you have deployed Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, or 2.1 SP1, you must be able to perform various ongoing administrative tasks, such as managing the configuration of the UE-V Agent and recovering lost settings. These post-installation tasks are described in the following sections. - -## Managing UE-V 2.x configurations - - -In the course of the UE-V lifecycle, you have to manage the configuration of the UE-V Agent and also manage storage locations for resources such as settings package files. - -[Manage Configurations for UE-V 2.x](manage-configurations-for-ue-v-2x-new-uevv2.md) - -## Working with custom UE-V templates and the UE-V 2.x Generator - - -This topic provides instructions for how to use the UE-V Generator and manage custom settings location templates. - -[Working with Custom UE-V 2.x Templates and the UE-V 2.x Generator](working-with-custom-ue-v-2x-templates-and-the-ue-v-2x-generator-new-uevv2.md) - -## Backup and restore application and Windows settings that are synchronized with UE-V 2.x - - -Windows Management Instrumentation (WMI) and Windows PowerShell features of UE-V provide the ability to restore settings packages. By using WMI and Windows PowerShell commands, you can restore application and Windows settings to their original state and restore additional settings when a user adopts a new device. - -[Manage Administrative Backup and Restore in UE-V 2.x](manage-administrative-backup-and-restore-in-ue-v-2x-new-topic-for-21.md) - -## Changing the frequency of UE-V 2.x scheduled tasks - - -You can configure the scheduled tasks that manage when UE-V checks for new or updated settings or for updated custom settings location templates in the settings template catalog. - -[Changing the Frequency of UE-V 2.x Scheduled Tasks](changing-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md) - -## Migrating UE-V 2.x settings packages - - -You can relocate the user settings packages either when they migrate to a new server or for backup purposes. - -[Migrating UE-V 2.x Settings Packages](migrating-ue-v-2x-settings-packages-both-uevv2.md) - -## Using UE-V 2.x with Application Virtualization applications - - -You can use UE-V with Microsoft Application Virtualization (App-V) to share settings between virtual applications and installed applications across multiple computers. - -[Using UE-V 2.x with Application Virtualization Applications](using-ue-v-2x-with-application-virtualization-applications-both-uevv2.md) - -## Other resources for this product - - -- [Microsoft User Experience Virtualization (UE-V) 2.x](index.md) - -- [Get Started with UE-V 2.x](get-started-with-ue-v-2x-new-uevv2.md) - -- [Prepare a UE-V 2.x Deployment](prepare-a-ue-v-2x-deployment-new-uevv2.md) - -- [Troubleshooting UE-V 2.x](troubleshooting-ue-v-2x-both-uevv2.md) - -- [Technical Reference for UE-V 2.x](technical-reference-for-ue-v-2x-both-uevv2.md) - - - - - - -  - -  - - - - - diff --git a/mdop/uev-v2/administering-ue-v-2x-with-windows-powershell-and-wmi-both-uevv2.md b/mdop/uev-v2/administering-ue-v-2x-with-windows-powershell-and-wmi-both-uevv2.md deleted file mode 100644 index a34f4ed131..0000000000 --- a/mdop/uev-v2/administering-ue-v-2x-with-windows-powershell-and-wmi-both-uevv2.md +++ /dev/null @@ -1,58 +0,0 @@ ---- -title: Administering UE-V 2.x with Windows PowerShell and WMI -description: Administering UE-V 2.x with Windows PowerShell and WMI -author: dansimp -ms.assetid: e749ac03-0adf-475a-a4f2-5cc023549b12 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Administering UE-V 2.x with Windows PowerShell and WMI - - -Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1 provide Windows PowerShell cmdlets, which can help administrators perform various UE-V tasks. The following sections provide more information about using Windows PowerShell in UE-V. - -**Note**   -Administering UE-V 2 with Windows PowerShell requires Windows PowerShell 3.0 or higher. For a complete list of UE-V PowerShell cmdlets, see [UE-V 2 Cmdlet Reference](https://go.microsoft.com/fwlink/p/?LinkId=393495). - - - -## Managing the UE-V 2.x Agent and packages by using Windows PowerShell and WMI - - -You can use Windows PowerShell and Windows Management Instrumentation (WMI) to manage UE-V Agent configuration and synchronization behavior. The following topic describes how to manage configuration and synchronization. The following topic describes how to manage configuration and synchronization. - -[Managing the UE-V 2.x Agent and Packages with Windows PowerShell and WMI](managing-the-ue-v-2x-agent-and-packages-with-windows-powershell-and-wmi-both-uevv2.md) - -## Managing UE-V 2.x settings location templates by using Windows PowerShell and WMI - - -After you create and deploy UE-V settings location templates, you can manage those templates by using Windows PowerShell or WMI. The following topic describes how to manage the settings location templates by using Windows PowerShell and WMI. - -[Managing UE-V 2.x Settings Location Templates Using Windows PowerShell and WMI](managing-ue-v-2x-settings-location-templates-using-windows-powershell-and-wmi-both-uevv2.md) - - - - - - -## Related topics - - -[Administering UE-V 2.x](administering-ue-v-2x-new-uevv2.md) - - - - - - - - - diff --git a/mdop/uev-v2/application-template-schema-reference-for-ue-v-2x-both-uevv2.md b/mdop/uev-v2/application-template-schema-reference-for-ue-v-2x-both-uevv2.md deleted file mode 100644 index f230087d93..0000000000 --- a/mdop/uev-v2/application-template-schema-reference-for-ue-v-2x-both-uevv2.md +++ /dev/null @@ -1,1888 +0,0 @@ ---- -title: Application Template Schema Reference for UE-V 2.x -description: Application Template Schema Reference for UE-V 2.x -author: dansimp -ms.assetid: be8735a5-6a3e-4b1f-ba14-2a3bc3e5a8b6 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Application Template Schema Reference for UE-V 2.x - - -Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1 use XML settings location templates to define the desktop application settings and Windows settings that are captured and applied by UE-V. UE-V includes a set of default settings location templates. You can also create custom settings location templates with the UE-V Generator. - -An advanced user can customize the XML file for a settings location template. This topic details the XML structure of the UE-V 2.1 (SP1) and 2.0 settings location templates and provides guidance for editing these files. - -## UE-V 2.1 and 2.1 SP1 Application Template Schema Reference - - -This section details the XML structure of the UE-V 2.1 and 2.1 SP1 settings location template and provides guidance for editing this file. - -### In This Section - -- [XML Declaration and Encoding Attribute](#xml21) - -- [Namespace and Root Element](#namespace21) - -- [Data types](#data21) - -- [Name Element](#name21) - -- [ID Element](#id21) - -- [Version Element](#version21) - -- [Author Element](#author21) - -- [Processes and Process Element](#processes21) - -- [Application Element](#application21) - -- [Common Element](#common21) - -- [SettingsLocationTemplate Element](#settingslocationtemplate21) - -- [Appendix: SettingsLocationTemplate.xsd](#appendix21) - -### XML Declaration and Encoding Attribute - -**Mandatory: True** - -**Type: String** - -The XML declaration must specify the XML version 1.0 attribute (<?xml version="1.0">). Settings location templates created by the UE-V Generator are saved in UTF-8 encoding, although the encoding is not explicitly specified. We recommend that you include the encoding="UTF-8" attribute in this element as a best practice. All templates included with the product specify this tag as well (see the documents in %ProgramFiles%\\Microsoft User Experience Virtualization\\Templates for reference). For example: - -`` - -### Namespace and Root Element - -**Mandatory: True** - -**Type: String** - -UE-V uses the https://schemas.microsoft.com/UserExperienceVirtualization/2012/SettingsLocationTemplate namespace for all applications. SettingsLocationTemplate is the root element and contains all other elements. Reference SettingsLocationTemplate in all templates using this tag: - -`` - -### Data types - -These are the data types for the UE-V application template schema. - -**GUID** -GUID describes a standard globally unique identifier regular expression in the form "\\{\[a-fA-F0-9\]{8}-\[a-fA-F0-9\]{4}-\[a-fA-F0-9\]{4}-\[a-fA-F0-9\]{4}-\[a-fA-F0-9\]{12}\\}". This is used in the Filesetting\\Root\\KnownFolder element to verify the formatting of well-known folders. - -**FilenameString** -FilenameString refers to the file name of a process to be monitored. Its values are restricted by the regex \[^\\\\\\?\\\*\\|<>/:\]+, (that is, they may not contain backslash characters, asterisk or question mark wild-card characters, the pipe character, the greater than or less than sign, forward slash, or colon characters). - -**IDString** -IDString refers to the ID value of Application elements, SettingsLocationTemplate, and Common elements (used to describe application suites that share common settings). It is restricted by the same regex as FilenameString (\[^\\\\\\?\\\*\\|<>/:\]+). - -**TemplateVersion** -TemplateVersion is an integer value used to describe the revision of the settings location template. Its value may range from 0 to 2147483647. - -**Empty** -Empty refers to a null value. This is used in Process\\ShellProcess to indicate that there is no process to monitor. This value should not be used in any application templates. - -**Author** -The Author data type is a complex type that identifies the author of a template. It contains two child elements: **Name** and **Email**. Within the Author data type, the Name element is mandatory while the Email element is optional. This type is described in more detail under the SettingsLocationTemplate element. - -**Range** -Range defines an integer class consisting of two child elements: **Minimum** and **Maximum**. This data type is implemented in the ProcessVersion data type. If specified, both Minimum and Maximum values must be included. - -**ProcessVersion** -ProcessVersion defines a type with four child elements: **Major**, **Minor**, **Build**, and **Patch**. This data type is used by the Process element to populate its ProductVersion and FileVersion values. The data for this type is a Range value. The Major child element is mandatory and the others are optional. - -**Architecture** -Architecture enumerates two possible values: **Win32** and **Win64**. These values are used to specify process architecture. - -**Process** -The Process data type is a container used to describe processes to be monitored by UE-V. It contains six child elements: **Filename**, **Architecture**, **ProductName**, **FileDescription**, **ProductVersion**, and **FileVersion**. This table details each element’s respective data type: - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Element

Data Type

Mandatory

Filename

FilenameString

True

Architecture

Architecture

False

ProductName

String

False

FileDescription

String

False

ProductVersion

ProcessVersion

False

FileVersion

ProcessVersion

False

- - - -**Processes** -The Processes data type represents a container for a collection of one or more Process elements. Two child elements are supported in the Processes sequence type: **Process** and **ShellProcess**. Process is an element of type Process and ShellProcess is of data type Empty. At least one item must be identified in the sequence. - -**Path** -Path is consumed by RegistrySetting and FileSetting to refer to registry and file paths. This element supports two optional attributes: **Recursive** and **DeleteIfNotFound**. Both values are set to default=”False”. - -Recursive indicates that the path and all subfolders are included for file settings or that all child registry keys are included for registry settings. In both cases, all items at the current level are included in the data captured. For a FileSettings object, all files within the specified folder are included in the data captured by UE-V but folders are not included. For registry paths, all values in the current path are captured but child registry keys are not captured. In both cases, care should be taken to avoid capturing large data sets or large numbers of items. - -The DeleteIfNotFound attribute removes the setting from the user’s settings storage path data. This may be desirable in cases where removing these settings from the package will save a large amount of disk space on the settings storage path file server. - -**FileMask** -FileMask specifies only certain file types for the folder that is defined by Path. For example, Path might be `C:\users\username\files` and FileMask could be `*.txt` to include only text files. - -**RegistrySetting** -RegistrySetting represents a container for registry keys and values and the associated desired behavior on the part of the UE-V Agent. Four child elements are defined within this type: **Path**, **Name**, **Exclude**, and a sequence of the values **Path** and **Name**. - -**FileSetting** -FileSetting contains parameters associated with files and files paths. Four child elements are defined: **Root**, **Path**, **FileMask**, and **Exclude**. Root is mandatory and the others are optional. - -**Settings** -Settings is a container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings described earlier. In addition, it can also contain the following child elements with behaviors described: - - ---- - - - - - - - - - - - - - - - - - - -

Element

Description

Asynchronous

Asynchronous settings packages are applied without blocking the application startup so that the application start proceeds while the settings are still being applied. This is useful for settings that can be applied asynchronously, such as those get/set through an API, like SystemParameterSetting.

PreventOverlappingSynchronization

By default, UE-V only saves settings for an application when the last instance of an application using the template is closed. When this element is set to ‘false’, UE-V exports the settings even if other instances of an application are running. Suited templates – those that include a Common element section– that are shipped with UE-V use this flag to enable shared settings to always export on application close, while preventing application-specific settings from exporting until the last instance is closed.

AlwaysApplySettings

(introduced in 2.1)

-

This parameter forces an imported settings package to be applied even if there are no differences between the package and the current state of the application. This parameter should be used only in special cases since it can slow down settings import.

- - - -### Name Element - -**Mandatory: True** - -**Type: String** - -Name specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. In general, avoid referencing version information, as this can be objected from the ProductVersion element. For example, specify `My Application` rather than `My Application 1.1`. - -**Note**   -UE-V does not reference external DTDs, so it is not possible to use named entities in a settings location template. For example, do not use ® to refer to the registered trade mark sign ®. Instead, use canonical numbered references to include these types of special characters, for example, &\#174 for the ® character. This rule applies to all string values in this document. - -See for a complete list of character entities. UTF-8-encoded documents may include the Unicode characters directly. Saving templates through the UE-V Generator converts character entities to their Unicode representations automatically. - - - -### ID Element - -**Mandatory: True** - -**Type: String** - -ID populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V Agent uses to reference the template at runtime (for example, see the output of the Get-UevTemplate and Get-UevTemplateProgram PowerShell cmdlets). By convention, this tag should not contain any spaces, which simplifies scripting. Version numbers of applications should be specified in this element to allow for easy identification of the template, such as `MicrosoftCalculator6` or `MicrosoftOffice2010Win64`. - -### Version Element - -**Mandatory: True** - -**Type: Integer** - -**Minimum Value: 0** - -**Maximum Value: 2147483647** - -Version identifies the version of the settings location template for administrative tracking of changes. The UE-V Generator automatically increments this number by one each time the template is saved. Notice that this field must be a whole number integer; fractional values, such as `2.5` are not allowed. - -**Hint:** You can save notes about version changes using XML comment tags ``, for example: - -```xml - - 4 -``` - -**Important**   -This value is queried to determine if a new version of a template should be applied to an existing template in these instances: - -- When the scheduled Template Auto Update task executes - -- When the Update-UevTemplate PowerShell cmdlet is executed - -- When the microsoft\\uev:SettingsLocationTemplate Update method is called through WMI - - - -### Author Element - -**Mandatory: False** - -**Type: String** - -Author identifies the creator of the settings location template. Two optional child elements are supported: **Name** and **Email**. Both attributes are optional, but, if the Email child element is specified, it must be accompanied by the Name element. Author refers to the full name of the contact for the settings location template, and email should refer to an email address for the author. We recommend that you include this information in templates published publicly, for example, on the [UE-V Template Gallery](https://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=UE-V). - -### Processes and Process Element - -**Mandatory: True** - -**Type: Element** - -Processes contains at least one `` element, which in turn contains the following child elements: **Filename**, **Architecture**, **ProductName**, **FileDescription**, **ProductVersion**, and **FileVersion**. The Filename child element is mandatory and the others are optional. A fully populated element contains tags similar to this example: - -```xml - - MyApplication.exe - Win64 - MyApplication - MyApplication.exe - - - - - - - - - - - - - -``` - -### Filename - -**Mandatory: True** - -**Type: String** - -Filename refers to the actual file name of the executable as it appears in the file system. This element specifies the primary criterion that UE-V uses to evaluate whether a template applies to a process or not. This element must be specified in the settings location template XML. - -Valid filenames must not match the regular expression \[^\\\\\\?\\\*\\|<>/:\]+, that is, they may not contain backslash characters, asterisk or question mark wild-card characters, the pipe character, the greater than or less than sign, forward slash, or colon (the \\ ? \* | < > / or : characters.). - -**Hint:** To test a string against this regex, use a PowerShell command window and substitute your executable’s name for **YourFileName**: - -`"YourFileName.exe" -match "[\\\?\*\|<>/:]+"` - -A value of **True** indicates that the string contains illegal characters. Here are some examples of illegal values: - -- \\\\server\\share\\program.exe - -- Program\*.exe - -- Pro?ram.exe - -- Program<1>.exe - -**Note**   -The UE-V Generator encodes the greater than and less than characters as > and < respectively. - - - -In rare circumstances, the FileName value will not necessarily include the .exe extension, but it should be specified as part of the value. For example, `MyApplictication.exe` should be specified instead of `MyApplictication`. The second example will not apply the template to the process if the actual name of the executable file is “MyApplication.exe”. - -### Architecture - -**Mandatory: False** - -**Type: Architecture (String)** - -Architecture refers to the processor architecture for which the target executable was compiled. Valid values are Win32 for 32-bit applications or Win64 for 64-bit applications. If present, this tag limits the applicability of the settings location template to a particular application architecture. For an example of this, compare the %ProgramFiles%\\Microsoft User Experience Virtualization\\templates\\ MicrosoftOffice2010Win32.xml and MicrosoftOffice2010Win64.xml files included with UE-V. This is useful when relative paths change between different versions of an executable or if settings have been added or removed when moving from one processor architecture to another. - -If this element is absent, the settings location template ignores the process’ architecture and applies to both 32 and 64-bit processes if the file name and other attributes apply. - -**Note**   -UE-V does not support ARM processors in this version. - - - -### ProductName - -**Mandatory: False** - -**Type: String** - -ProductName is an optional element used to identify a product for administrative purposes or reporting. ProductName differs from Filename in that there are no regular expression restrictions on its value. This allows for more easily understood descriptions of a process where the executable name may not be obvious. For example: - -```xml - - MyApplication.exe - My Application 6.x by Contoso.com - - - - -``` - -### FileDescription - -**Mandatory: False** - -**Type: String** - -FileDescription is an optional tag that allows for an administrative description of the executable file. This is a free text field and can be useful in distinguishing multiple executables within a software package where there is a need to identify the function of the executable. - -For example, in a suited application, it might be useful to provide reminders about the function of two executables (MyApplication.exe and MyApplicationHelper.exe), as shown here: - -```xml - - - MyApplication.exe - My Application Main Engine - - - - - - MyApplicationHelper.exe - My Application Background Process Executable - - - - - -``` - -### ProductVersion - -**Mandatory: False** - -**Type: String** - -ProductVersion refers to the major and minor product versions of a file, as well as a build and patch level. ProductVersion is an optional element, but if specified, it must contain at least the Major child element. The value must express a range in the form Minimum="X" Maximum="Y" where X and Y are integers. The Minimum and Maximum values can be identical. - -The product and file version elements may be left unspecified. Doing so makes the template “version agnostic”, meaning that the template will apply to all versions of the specified executable. - -**Example 1:** - -Product version: 1.0 specified in the UE-V Generator produces the following XML: - -```xml - - - - -``` - -**Example 2:** - -File version: 5.0.2.1000 specified in the UE-V Generator produces the following XML: - -```xml - - - - - - -``` - -**Incorrect Example 1 – incomplete range:** - -Only the Minimum attribute is present. Maximum must be included in a range as well. - -```xml - - - -``` - -**Incorrect Example 2 – Minor specified without Major element:** - -Only the Minor element is present. Major must be included as well. - -```xml - - - -``` - -### FileVersion - -**Mandatory: False** - -**Type: String** - -FileVersion differentiates between the release version of a published application and the internal build details of a component executable. For the majority of commercial applications, these numbers are identical. Where they vary, the product version of a file indicates a generic version identification of a file, while file version indicates a specific build of a file (as in the case of a hotfix or update). This uniquely identifies files without breaking detection logic. - -To determine the product version and file version of a particular executable, right-click on the file in Windows Explorer, select Properties, then click on the Details tab. - -Including a FileVersion element for an application allows for more granular fine-tuning detection logic, but is not necessary for most applications. The ProductVersion element settings are checked first, and then FileVersion is checked. The more restrictive setting will apply. - -The child elements and syntax rules for FileVersion are identical to those of ProductVersion. - -```xml - - MSACCESS.EXE - Win32 - - - - - - - - - -``` - -### Application Element - -Application is a container for settings that apply to a particular application. It is a collection of the following fields/types. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Field/Type

Description

Name

Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see Name.

ID

Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V Agent uses to reference the template at runtime. For more information, see ID.

Description

An optional description of the template.

LocalizedNames

An optional name displayed in the UI, localized by a language locale.

LocalizedDescriptions

An optional template description localized by a language locale.

Version

Identifies the version of the settings location template for administrative tracking of changes. For more information, see Version.

DeferToMSAccount

Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.

DeferToOffice365

Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.

FixedProfile (Introduced in 2.1)

Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell.

Processes

A container for a collection of one or more Process elements. For more information, see Processes.

Settings

A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see Settings in Data types.

- - - -### Common Element - -Common is similar to an Application element, but it is always associated with two or more Application elements. The Common section represents the set of settings that are shared between those Application instances. It is a collection of the following fields/types. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Field/Type

Description

Name

Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see Name.

ID

Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V Agent uses to reference the template at runtime. For more information, see ID.

Description

An optional description of the template.

LocalizedNames

An optional name displayed in the UI, localized by a language locale.

LocalizedDescriptions

An optional template description localized by a language locale.

Version

Identifies the version of the settings location template for administrative tracking of changes. For more information, see Version.

DeferToMSAccount

Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.

DeferToOffice365

Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.

FixedProfile (Introduced in 2.1)

Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell.

Settings

A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see Settings in Data types.

- - - -### SettingsLocationTemplate Element - -This element defines the settings for a single application or a suite of applications. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - -

Field/Type

Description

Name

Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see Name.

ID

Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V Agent uses to reference the template at runtime. For more information, see ID.

Description

An optional description of the template.

LocalizedNames

An optional name displayed in the UI, localized by a language locale.

LocalizedDescriptions

An optional template description localized by a language locale.

- - - -### Appendix: SettingsLocationTemplate.xsd - -Here is the SettingsLocationTemplate.xsd file showing its elements, child elements, attributes, and parameters: - -```xml - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -``` - -## UE-V 2.0 Application Template Schema Reference - - -This section details the XML structure of the UE-V 2.0 settings location template and provides guidance for editing this file. - -### In This Section - -- [XML Declaration and Encoding Attribute](#xml) - -- [Namespace and Root Element](#namespace) - -- [Data types](#data) - -- [Name Element](#name) - -- [ID Element](#id) - -- [Version Element](#version) - -- [Author Element](#author) - -- [Processes and Process Element](#processes) - -- [Application Element](#application) - -- [Common Element](#common) - -- [SettingsLocationTemplate Element](#settingslocationtemplate) - -- [Appendix: SettingsLocationTemplate.xsd](#appendix) - -### XML Declaration and Encoding Attribute - -**Mandatory: True** - -**Type: String** - -The XML declaration must specify the XML version 1.0 attribute (<?xml version="1.0">). Settings location templates created by the UE-V Generator are saved in UTF-8 encoding, although the encoding is not explicitly specified. We recommend that you include the encoding="UTF-8" attribute in this element as a best practice. All templates included with the product specify this tag as well (see the documents in %ProgramFiles%\\Microsoft User Experience Virtualization\\Templates for reference). For example: - -`` - -### Namespace and Root Element - -**Mandatory: True** - -**Type: String** - -UE-V uses the https://schemas.microsoft.com/UserExperienceVirtualization/2012/SettingsLocationTemplate namespace for all applications. SettingsLocationTemplate is the root element and contains all other elements. Reference SettingsLocationTemplate in all templates using this tag: - -`` - -### Data types - -These are the data types for the UE-V application template schema. - -**GUID** -GUID describes a standard globally unique identifier regular expression in the form "\\{\[a-fA-F0-9\]{8}-\[a-fA-F0-9\]{4}-\[a-fA-F0-9\]{4}-\[a-fA-F0-9\]{4}-\[a-fA-F0-9\]{12}\\}". This is used in the Filesetting\\Root\\KnownFolder element to verify the formatting of well-known folders. - -**FilenameString** -FilenameString refers to the file name of a process to be monitored. Its values are restricted by the regex \[^\\\\\\?\\\*\\|<>/:\]+, (that is, they may not contain backslash characters, asterisk or question mark wild-card characters, the pipe character, the greater than or less than sign, forward slash, or colon characters). - -**IDString** -IDString refers to the ID value of Application elements, SettingsLocationTemplate, and Common elements (used to describe application suites that share common settings). It is restricted by the same regex as FilenameString (\[^\\\\\\?\\\*\\|<>/:\]+). - -**TemplateVersion** -TemplateVersion is an integer value used to describe the revision of the settings location template. Its value may range from 0 to 2147483647. - -**Empty** -Empty refers to a null value. This is used in Process\\ShellProcess to indicate that there is no process to monitor. This value should not be used in any application templates. - -**Author** -The Author data type is a complex type that identifies the author of a template. It contains two child elements: **Name** and **Email**. Within the Author data type, the Name element is mandatory while the Email element is optional. This type is described in more detail under the SettingsLocationTemplate element. - -**Range** -Range defines an integer class consisting of two child elements: **Minimum** and **Maximum**. This data type is implemented in the ProcessVersion data type. If specified, both Minimum and Maximum values must be included. - -**ProcessVersion** -ProcessVersion defines a type with four child elements: **Major**, **Minor**, **Build**, and **Patch**. This data type is used by the Process element to populate its ProductVersion and FileVersion values. The data for this type is a Range value. The Major child element is mandatory and the others are optional. - -**Architecture** -Architecture enumerates two possible values: **Win32** and **Win64**. These values are used to specify process architecture. - -**Process** -The Process data type is a container used to describe processes to be monitored by UE-V. It contains six child elements: **Filename**, **Architecture**, **ProductName**, **FileDescription**, **ProductVersion**, and **FileVersion**. This table details each element’s respective data type: - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ElementData TypeMandatory

Filename

FilenameString

True

Architecture

Architecture

False

ProductName

String

False

FileDescription

String

False

ProductVersion

ProcessVersion

False

FileVersion

ProcessVersion

False

- - - -**Processes** -The Processes data type represents a container for a collection of one or more Process elements. Two child elements are supported in the Processes sequence type: **Process** and **ShellProcess**. Process is an element of type Process and ShellProcess is of data type Empty. At least one item must be identified in the sequence. - -**Path** -Path is consumed by RegistrySetting and FileSetting to refer to registry and file paths. This element supports two optional attributes: **Recursive** and **DeleteIfNotFound**. Both values are set to default=”False”. - -Recursive indicates that the path and all subfolders are included for file settings or that all child registry keys are included for registry settings. In both cases, all items at the current level are included in the data captured. For a FileSettings object, all files within the specified folder are included in the data captured by UE-V but folders are not included. For registry paths, all values in the current path are captured but child registry keys are not captured. In both cases, care should be taken to avoid capturing large data sets or large numbers of items. - -The DeleteIfNotFound attribute removes the setting from the user’s settings storage path data. This may be desirable in cases where removing these settings from the package will save a large amount of disk space on the settings storage path file server. - -**FileMask** -FileMask specifies only certain file types for the folder that is defined by Path. For example, Path might be `C:\users\username\files` and FileMask could be `*.txt` to include only text files. - -**RegistrySetting** -RegistrySetting represents a container for registry keys and values and the associated desired behavior on the part of the UE-V Agent. Four child elements are defined within this type: **Path**, **Name**, **Exclude**, and a sequence of the values **Path** and **Name**. - -**FileSetting** -FileSetting contains parameters associated with files and files paths. Four child elements are defined: **Root**, **Path**, **FileMask**, and **Exclude**. Root is mandatory and the others are optional. - -**Settings** -Settings is a container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings described earlier. In addition, it can also contain the following child elements with behaviors described: - - ---- - - - - - - - - - - - - - - - - -
ElementDescription

Asynchronous

Asynchronous settings packages are applied without blocking the application startup so that the application start proceeds while the settings are still being applied. This is useful for settings that can be applied asynchronously, such as those get/set through an API, like SystemParameterSetting.

PreventOverlappingSynchronization

By default, UE-V only saves settings for an application when the last instance of an application using the template is closed. When this element is set to ‘false’, UE-V exports the settings even if other instances of an application are running. Suited templates – those that include a Common element section– that are shipped with UE-V use this flag to enable shared settings to always export on application close, while preventing application-specific settings from exporting until the last instance is closed.

- - - -### Name Element - -**Mandatory: True** - -**Type: String** - -Name specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. In general, avoid referencing version information, as this can be objected from the ProductVersion element. For example, specify `My Application` rather than `My Application 1.1`. - -**Note**   -UE-V does not reference external DTDs, so it is not possible to use named entities in a settings location template. For example, do not use ® to refer to the registered trade mark sign ®. Instead, use canonical numbered references to include these types of special characters, for example, &\#174 for the ® character. This rule applies to all string values in this document. - -See for a complete list of character entities. UTF-8-encoded documents may include the Unicode characters directly. Saving templates through the UE-V Generator converts character entities to their Unicode representations automatically. - - - -### ID Element - -**Mandatory: True** - -**Type: String** - -ID populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V Agent uses to reference the template at runtime (for example, see the output of the Get-UevTemplate and Get-UevTemplateProgram PowerShell cmdlets). By convention, this tag should not contain any spaces, which simplifies scripting. Version numbers of applications should be specified in this element to allow for easy identification of the template, such as `MicrosoftCalculator6` or `MicrosoftOffice2010Win64`. - -### Version Element - -**Mandatory: True** - -**Type: Integer** - -**Minimum Value: 0** - -**Maximum Value: 2147483647** - -Version identifies the version of the settings location template for administrative tracking of changes. The UE-V Generator automatically increments this number by one each time the template is saved. Notice that this field must be a whole number integer; fractional values, such as `2.5` are not allowed. - -**Hint:** You can save notes about version changes using XML comment tags ``, for example: - -```xml - -4 -``` - -**Important**   -This value is queried to determine if a new version of a template should be applied to an existing template in these instances: - -- When the scheduled Template Auto Update task executes - -- When the Update-UevTemplate PowerShell cmdlet is executed - -- When the microsoft\\uev:SettingsLocationTemplate Update method is called through WMI - - - -### Author Element - -**Mandatory: False** - -**Type: String** - -Author identifies the creator of the settings location template. Two optional child elements are supported: **Name** and **Email**. Both attributes are optional, but, if the Email child element is specified, it must be accompanied by the Name element. Author refers to the full name of the contact for the settings location template, and email should refer to an email address for the author. We recommend that you include this information in templates published publicly, for example, on the [UE-V Template Gallery](https://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=UE-V). - -### Processes and Process Element - -**Mandatory: True** - -**Type: Element** - -Processes contains at least one `` element, which in turn contains the following child elements: **Filename**, **Architecture**, **ProductName**, **FileDescription**, **ProductVersion**, and **FileVersion**. The Filename child element is mandatory and the others are optional. A fully populated element contains tags similar to this example: - -```xml - - MyApplication.exe - Win64 - MyApplication - MyApplication.exe - - - - - - - - - - - - - -``` - -### Filename - -**Mandatory: True** - -**Type: String** - -Filename refers to the actual file name of the executable as it appears in the file system. This element specifies the primary criterion that UE-V uses to evaluate whether a template applies to a process or not. This element must be specified in the settings location template XML. - -Valid filenames must not match the regular expression \[^\\\\\\?\\\*\\|<>/:\]+, that is, they may not contain backslash characters, asterisk or question mark wild-card characters, the pipe character, the greater than or less than sign, forward slash, or colon (the \\ ? \* | < > / or : characters.). - -**Hint:** To test a string against this regex, use a PowerShell command window and substitute your executable’s name for **YourFileName**: - -`"YourFileName.exe" -match "[\\\?\*\|<>/:]+"` - -A value of **True** indicates that the string contains illegal characters. Here are some examples of illegal values: - -- \\\\server\\share\\program.exe - -- Program\*.exe - -- Pro?ram.exe - -- Program<1>.exe - -**Note**   -The UE-V Generator encodes the greater than and less than characters as > and < respectively. - - - -In rare circumstances, the FileName value will not necessarily include the .exe extension, but it should be specified as part of the value. For example, `MyApplictication.exe` should be specified instead of `MyApplictication`. The second example will not apply the template to the process if the actual name of the executable file is “MyApplication.exe”. - -### Architecture - -**Mandatory: False** - -**Type: Architecture (String)** - -Architecture refers to the processor architecture for which the target executable was compiled. Valid values are Win32 for 32-bit applications or Win64 for 64-bit applications. If present, this tag limits the applicability of the settings location template to a particular application architecture. For an example of this, compare the %ProgramFiles%\\Microsoft User Experience Virtualization\\templates\\ MicrosoftOffice2010Win32.xml and MicrosoftOffice2010Win64.xml files included with UE-V. This is useful when relative paths change between different versions of an executable or if settings have been added or removed when moving from one processor architecture to another. - -If this element is absent, the settings location template ignores the process’ architecture and applies to both 32 and 64-bit processes if the file name and other attributes apply. - -**Note**   -UE-V does not support ARM processors in this version. - - - -### ProductName - -**Mandatory: False** - -**Type: String** - -ProductName is an optional element used to identify a product for administrative purposes or reporting. ProductName differs from Filename in that there are no regular expression restrictions on its value. This allows for more easily understood descriptions of a process where the executable name may not be obvious. For example: - -```xml - - MyApplication.exe - My Application 6.x by Contoso.com - - - - -``` - -### FileDescription - -**Mandatory: False** - -**Type: String** - -FileDescription is an optional tag that allows for an administrative description of the executable file. This is a free text field and can be useful in distinguishing multiple executables within a software package where there is a need to identify the function of the executable. - -For example, in a suited application, it might be useful to provide reminders about the function of two executables (MyApplication.exe and MyApplicationHelper.exe), as shown here: - -```xml - - - MyApplication.exe - My Application Main Engine - - - - - - MyApplicationHelper.exe - My Application Background Process Executable - - - - - -``` - -### ProductVersion - -**Mandatory: False** - -**Type: String** - -ProductVersion refers to the major and minor product versions of a file, as well as a build and patch level. ProductVersion is an optional element, but if specified, it must contain at least the Major child element. The value must express a range in the form Minimum="X" Maximum="Y" where X and Y are integers. The Minimum and Maximum values can be identical. - -The product and file version elements may be left unspecified. Doing so makes the template “version agnostic”, meaning that the template will apply to all versions of the specified executable. - -**Example 1:** - -Product version: 1.0 specified in the UE-V Generator produces the following XML: - -```xml - - - - -``` - -**Example 2:** - -File version: 5.0.2.1000 specified in the UE-V Generator produces the following XML: - -```xml - - - - - - -``` - -**Incorrect Example 1 – incomplete range:** - -Only the Minimum attribute is present. Maximum must be included in a range as well. - -```xml - - - -``` - -**Incorrect Example 2 – Minor specified without Major element:** - -Only the Minor element is present. Major must be included as well. - -```xml - - - -``` - -### FileVersion - -**Mandatory: False** - -**Type: String** - -FileVersion differentiates between the release version of a published application and the internal build details of a component executable. For the majority of commercial applications, these numbers are identical. Where they vary, the product version of a file indicates a generic version identification of a file, while file version indicates a specific build of a file (as in the case of a hotfix or update). This uniquely identifies files without breaking detection logic. - -To determine the product version and file version of a particular executable, right-click on the file in Windows Explorer, select Properties, then click on the Details tab. - -Including a FileVersion element for an application allows for more granular fine-tuning detection logic, but is not necessary for most applications. The ProductVersion element settings are checked first, and then FileVersion is checked. The more restrictive setting will apply. - -The child elements and syntax rules for FileVersion are identical to those of ProductVersion. - -```xml - - MSACCESS.EXE - Win32 - - - - - - - - - -``` - -### Application Element - -Application is a container for settings that apply to a particular application. It is a collection of the following fields/types. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Field/TypeDescription

Name

Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see Name.

ID

Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V Agent uses to reference the template at runtime. For more information, see ID.

Description

An optional description of the template.

LocalizedNames

An optional name displayed in the UI, localized by a language locale.

LocalizedDescriptions

An optional template description localized by a language locale.

Version

Identifies the version of the settings location template for administrative tracking of changes. For more information, see Version.

DeferToMSAccount

Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.

DeferToOffice365

Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.

Processes

A container for a collection of one or more Process elements. For more information, see Processes.

Settings

A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see Settings in Data types.

- - - -### Common Element - -Common is similar to an Application element, but it is always associated with two or more Application elements. The Common section represents the set of settings that are shared between those Application instances. It is a collection of the following fields/types. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Field/TypeDescription

Name

Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see Name.

ID

Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V Agent uses to reference the template at runtime. For more information, see ID.

Description

An optional description of the template.

LocalizedNames

An optional name displayed in the UI, localized by a language locale.

LocalizedDescriptions

An optional template description localized by a language locale.

Version

Identifies the version of the settings location template for administrative tracking of changes. For more information, see Version.

DeferToMSAccount

Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.

DeferToOffice365

Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.

Settings

A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see Settings in Data types.

- - - -### SettingsLocationTemplate Element - -This element defines the settings for a single application or a suite of applications. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Field/TypeDescription

Name

Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see Name.

ID

Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V Agent uses to reference the template at runtime. For more information, see ID.

Description

An optional description of the template.

LocalizedNames

An optional name displayed in the UI, localized by a language locale.

LocalizedDescriptions

An optional template description localized by a language locale.

- - - -### Appendix: SettingsLocationTemplate.xsd - -Here is the SettingsLocationTemplate.xsd file showing its elements, child elements, attributes, and parameters: - -```xml - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -``` - - - - - - -## Related topics - - -[Working with Custom UE-V 2.x Templates and the UE-V 2.x Generator](working-with-custom-ue-v-2x-templates-and-the-ue-v-2x-generator-new-uevv2.md) - -[Technical Reference for UE-V 2.x](technical-reference-for-ue-v-2x-both-uevv2.md) - - - - - - - - - diff --git a/mdop/uev-v2/changing-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md b/mdop/uev-v2/changing-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md deleted file mode 100644 index f5e5b49ddb..0000000000 --- a/mdop/uev-v2/changing-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md +++ /dev/null @@ -1,337 +0,0 @@ ---- -title: Changing the Frequency of UE-V 2.x Scheduled Tasks -description: Changing the Frequency of UE-V 2.x Scheduled Tasks -author: dansimp -ms.assetid: ee486570-c6cf-4fd9-ba48-0059ba877c10 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 09/29/2016 ---- - - -# Changing the Frequency of UE-V 2.x Scheduled Tasks - - -The Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, or 2.1 SP1 Agent installer, AgentSetup.exe, creates the following scheduled tasks during the UE-V Agent installation: - -- **Monitor Application Settings** - -- **Sync Controller Application** - -- **Synchronize Settings at Logoff** - -- **Template Auto Update** - -- **Collect CEIP data** - -- **Upload CEIP Data** - -**Note**   -With the exception of Collect CEIP Data, these tasks must remain enabled as UE-V cannot function without them. - - - -These scheduled tasks are not configurable with the UE-V tools. Administrators who want to change the scheduled task for these items can create a script that uses the Schtasks.exe command-line options. - -For more information about Schtasks.exe, see [How to use Schtasks,exe to Schedule Tasks in Windows Server 2003](https://go.microsoft.com/fwlink/?LinkID=264854). - -For more information about - -## UE-V Scheduled Tasks - - -The following scheduled tasks are included in UE-V 2 with sample scheduled task configuration commands. - -### Collect CEIP Data - -If upon installation the user or administrator choses to participate in the Customer Experience Improvement Program (CEIP), UE-V collects data to help improve the product in future releases. This scheduled task only runs at logon. The **Collect CEIP Data** task runs the UevSqmSession.exe, which is located in the UE-V Agent installation directory. - - ---- - - - - - - - - - - - - -
Task nameDefault event

\Microsoft\UE-V\Collect CEIP data

Logon

- - - -### Monitor Application Settings - -The **Monitor Application Settings** task is used to synchronize settings for Windows apps. It is run at logon but is delayed by 30 seconds to not affect the logon detrimentally. The Monitor Application Status task runs the UevAppMonitor.exe file, which is located in the UE-V Agent installation directory. - - ---- - - - - - - - - - - - - -
Task nameDefault event

\Microsoft\UE-V\Monitor Application Status

Logon

- - - -### Sync Controller Application - -The **Sync Controller Application** task is used to start the Sync Controller to synchronize settings from the computer to the settings storage location. By default, the task runs every 30 minutes. At that time, local settings are synchronized to the settings storage location, and updated settings on the settings storage location are synchronized to the computer. The Sync Controller application runs the Microsoft.Uev.SyncController.exe, which is located in the UE-V Agent installation directory. -**Note:** As per the **Monitor Application Settings** task, this task is run at logon but is delayed by 30 seconds to not affect the logon detrimentally. - ---- - - - - - - - - - - - - -
Task nameDefault event

\Microsoft\UE-V\Sync Controller Application

Logon, and every 30 minutes thereafter

- - - -For example, the following command configures the agent to synchronize settings every 15 minutes instead of the default 30 minutes. - -``` syntax -Schtasks /change /tn “Microsoft\UE-V\Sync Controller Application” /ri 15 -``` - -### Synchronize Settings at Logoff - -The **Synchronize Settings at Logoff** task is used to start an application at logon that controls the synchronization of applications at logoff for UE-V. The Synchronize Settings at Logoff task runs the Microsoft.Uev.SyncController.exe file, which is located in the UE-V Agent installation directory. - - ---- - - - - - - - - - - - - -
Task nameDefault event

\Microsoft\UE-V\Synchronize Settings at Logoff

Logon

- - - -### Template Auto Update - -The **Template Auto Update** task checks the settings template catalog for new, updated, or removed templates. This task only runs if the SettingsTemplateCatalog is configured. The **Template Auto Update** task runs the ApplySettingsCatalog.exe file, which is located in the UE-V Agent installation directory. - - ---- - - - - - - - - - - - - -
Task nameDefault event

\Microsoft\UE-V\Template Auto Update

System startup and at 3:30 AM every day, at a random time within a 1-hour window

- - - -**Example:** The following command configures the UE-V Agent to check the settings template catalog store every hour. - -``` syntax -schtasks /change /tn "Microsoft\UE-V\Template Auto Update" /ri 60 -``` - -### Upload CEIP Data - -The **Upload CEIP Data** task runs during the installation if the user or the administrator chose to participate in the Customer Experience Improvement Program (CEIP). This task uploads the data to the CEIP servers where the data is used to help improve the product for future releases of UE-V. This scheduled task runs at logon and every 4 hours afterwards. The **Upload CEIP data** task runs the UevSqmUploader.exe file, which is located in the UE-V Agent installation directory. - - ---- - - - - - - - - - - - - -
Task nameDefault event

\Microsoft\UE-V\Upload CEIP data

At logon and every 4 hours

- - - -## UE-V 2 Scheduled Task Details - - -The following chart provides additional information about scheduled tasks for UE-V 2: - - -------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Task Name (file name)

Default Frequency

Power Toggle

Idle Only

Network Connection

Description

Monitor Application Settings (UevAppMonitor.exe)

Starts 30 seconds after logon and continues until logoff.

No

Yes

N/A

Synchronizes settings for Windows (AppX) apps.

Sync Controller Application (Microsoft.Uev.SyncController.exe)

At logon and every 30 min thereafter.

Yes

Yes

Only if Network is connected

Starts the Sync Controller which synchronizes local settings with the settings storage location.

Synchronize Settings at Logoff (Microsoft.Uev.SyncController.exe)

Runs at logon and then waits for Logoff to Synchronize settings.

No

Yes

N/A

Start an application at logon that controls the synchronization of applications at logoff.

Template Auto Update (ApplySettingsCatalog.exe)

Runs at initial logon and at 3:30 AM every day thereafter.

Yes

No

N/A

Checks the settings template catalog for new, updated, or removed templates. This task only runs if SettingsTemplateCatalog is configured.

Collect CEIP data (UevSqmSession.exe)

At logon launches service

No

Yes

N/A

If the user or administrator opts in to the Customer Experience Improvement Program (CEIP), this task collects data that helps improve UE-V future releases.

Upload CEIP Data (UevSqmUploader.exe)

Runs at logon and at 4:00 AM every day thereafter.

No

Yes

Only if Network is connected

If the user or administrator opts in to the Customer Experience Improvement Program (CEIP), this task uploads the data to the CEIP servers.

- - - -**Legend** - -- **Power Toggle** – Task Scheduler will optimize power consumption when not connected to AC power. The task might stop running if the computer switches to battery power. - -- **Idle Only** – The task will stop running if the computer ceases to be idle. By default the task will not restart when the computer is idle again. Instead the task will begin again on the next task trigger. - -- **Network Connection** – Tasks marked “Yes” only run if the computer has a network connection available. Tasks marked “N/A” run regardless of network connectivity. - -### How to Manage Scheduled Tasks - -To find Scheduled Tasks, perform the following: - -1. Open “Schedule Tasks” on the user computer. - -2. Navigate to: Task Scheduler -> Task Scheduler Library -> Microsoft -> UE-V - -3. Select the scheduled task you wish to manage and configure in the details pane. - -### Additional information - -The following additional information applies to UE-V scheduled tasks: - -- ll task sequence programs are located in the UE-V Agent installation folder, `%programFiles%\Microsoft User Experience Virtualization\Agent\[architecture]\`, by default. - -- The Sync Controller Application Scheduled task is the crucial component when the UE-V SyncMethod is set to “SyncProvider” (UE-V 2 default configuration). This scheduled task keeps the SettingsSToragePath synchronized with the locally cached versions of the settings package files. If users complain that settings do not synchronize often enough, then you can reduce the scheduled task setting to as little as 1 minute.  You can also increase the 30 min default to a higher amount if necessary. If users complain that settings do not synchronize fast enough on logon, then you can remove the delay setting for the scheduled task. (You can find the delay setting in the **Edit Trigger** dialogue box) - -- You do not need to disable the Template Auto Update scheduled task if you use another method to keep the clients’ templates in sync (i.e. Group Policy or Configuration Manager Baselines). Leaving the SettingsTemplateCatalog property value blank prevents UE-V from checking the settings catalog for custom templates. This scheduled task runs ApplySettingsCatalog.exe and will essentially return immediately. - -- The Monitor Application Settings scheduled task will update Windows app (AppX) settings in real time, based on Windows app program setting triggers built into each app. - - - - - - -## Related topics - - -[Administering UE-V 2.x](administering-ue-v-2x-new-uevv2.md) - -[Deploy UE-V 2.x for Custom Applications](deploy-ue-v-2x-for-custom-applications-new-uevv2.md#deploycatalogue) - - - - - - - - - diff --git a/mdop/uev-v2/configuring-the-company-settings-center-for-ue-v-2x-both-uevv2.md b/mdop/uev-v2/configuring-the-company-settings-center-for-ue-v-2x-both-uevv2.md deleted file mode 100644 index ae34b00c58..0000000000 --- a/mdop/uev-v2/configuring-the-company-settings-center-for-ue-v-2x-both-uevv2.md +++ /dev/null @@ -1,93 +0,0 @@ ---- -title: Configuring the Company Settings Center for UE-V 2.x -description: Configuring the Company Settings Center for UE-V 2.x -author: dansimp -ms.assetid: 48fadb0a-c0dc-4287-9474-f94ce1417003 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Configuring the Company Settings Center for UE-V 2.x - - -Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1 include a new application, the Company Settings Center, which helps users manage settings to synchronize. The Company Settings Center is installed by using the UE-V Agent. Users access the Company Settings Center in Control Panel, in the **Start** menu or on the **Start** screen, and via the UE-V notification area icon. Company Settings Center displays which settings are synchronized and helps users see the synchronization status of UE-V. Users can use the Company Settings Center to select which applications or Windows features synchronize their settings between computers. They can also click the **Sync Now** button to synchronize all settings immediately. The administrator can also include a link for support in the Company Settings Center. - -## About the Company Settings Center - - -The Company Settings Center desktop application provides users with information about UE-V settings synchronization. The Company Settings Center is accessible in several different ways: - -- Notification area icon – With the **Tray Icon** Group Policy setting or Windows PowerShell configuration enabled, the UE-V icon appears in the notification area. Click the UE-V icon to open the Company Settings Center. - - **Note**   - The notification area icon can be disabled by using the following settings: - - - Group Policy setting: `Policy Tray Icon` - - - Windows PowerShell cmdlet: `TrayIconEnabled` - - - Configuration item in the UE-V Configuration Pack for System Center 2012 Configuration Manager: `Tray icon enabled` - - - -- Control Panel application – In Control Panel, browse to **Appearance and Personalization**, and then click **Company Settings Center**. - -- First use notification – Unless disabled, the UE-V Agent alerts the user that settings are now synchronized when the UE-V agent runs for the first time on a computer. Click the notification dialog box to open the Company Settings Center. - -- The **Start** screen or **Start** menu includes a link to the Company Settings Center. A search for Company Settings Center finds the application. - -## Configuring the support link in the Company Settings Center - - -The Company Settings Center can include a hyperlink that users can click to get support with UE-V settings synchronization problems. This link can open any valid URL protocol, such as http:// for a webpage or mailto:// for an email. The support link can be configured by using Group Policy, Windows PowerShell, or the System Center 2012 Configuration Manager UE-V Configuration Pack. - -**How to configure the Company Settings Center support link** - -1. Open your preferred management tool: - - - **Group Policy** - If you have not already done so, download the ADMX template for UE-V 2 from [MDOP Administrative Templates](https://go.microsoft.com/fwlink/p/?LinkId=393941). - - - **Windows PowerShell** – On a computer with the UE-V Agent installed, open **Windows PowerShell**. For more information about administering UE-V by using Windows PowerShell, see [Administering UE-V 2.x with Windows PowerShell and WMI](administering-ue-v-2x-with-windows-powershell-and-wmi-both-uevv2.md). - - - **System Center 2012 Configuration Pack for Microsoft User Experience Virtualization (UE-V)** – Import the UE-V Configuration Pack and follow the Configuration Pack documentation to create configuration items. For more information about the UE-V Configuration Pack, see [Configuring UE-V 2.x with System Center Configuration Manager 2012](configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md). - -2. Edit the settings for the following policies: - - - **Contact IT Link Text** - This setting specifies the text of the Contact IT URL hyperlink in the Company Settings Center. If you enable this setting, the Company Settings Center displays the specified text in the link to the Contact IT URL. - - - Group Policy settings: `Contact IT Link Text` - - - Windows PowerShell cmdlet: `ContactITDescription` - - - Configuration Pack configuration item: `IT contact descriptive text` - - - **Contact IT URL** - This setting specifies the URL for the Contact IT link in the Company Settings Center in a valid URL protocol, such as http:// for a webpage or mailto:// for an email. - - - Group Policy settings: `Contact IT URL` - - - Windows PowerShell cmdlet: `ContactITUrl` - - - Configuration Pack configuration item: `IT contact URL` - -3. Deploy settings to users’ computers by using the management tool. - - - - - - - - - - - - - - diff --git a/mdop/uev-v2/configuring-ue-v-2x-with-group-policy-objects-both-uevv2.md b/mdop/uev-v2/configuring-ue-v-2x-with-group-policy-objects-both-uevv2.md deleted file mode 100644 index b55e44d53b..0000000000 --- a/mdop/uev-v2/configuring-ue-v-2x-with-group-policy-objects-both-uevv2.md +++ /dev/null @@ -1,217 +0,0 @@ ---- -title: Configuring UE-V 2.x with Group Policy Objects -description: Configuring UE-V 2.x with Group Policy Objects -author: dansimp -ms.assetid: 2bb55834-26ee-4f19-9860-dfdf3c797143 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Configuring UE-V 2.x with Group Policy Objects - - -Some Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1 Group Policy settings can be defined for computers, and other Group Policy settings can be defined for users. For information about how to install UE-V Group Policy ADMX files, see [Installing the UE-V 2 Group Policy ADMX Templates](https://technet.microsoft.com/library/dn458891.aspx#admx). - -The following policy settings can be configured for UE-V. - -**Group Policy settings** - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Group Policy setting nameTargetGroup Policy setting descriptionConfiguration options

Contact IT Link Text

Computers Only

This Group Policy setting specifies the text of the Contact IT URL hyperlink in the Company Settings Center.

If you enable this Group Policy setting, the Company Settings Center displays the specified text in the link to the Contact IT URL.

Contact IT URL

Computers Only

This Group Policy setting specifies the URL for the Contact IT link in the Company Settings Center.

If you enable this setting, the Company Settings Center Contact IT text links to the specified URL. The link can be of any standard protocol, such as HTTP or mailto.

Do not use the sync provider

Computers and Users

By using this Group Policy setting, you can configure whether UE-V uses the sync provider feature. This policy setting also lets you enable notification to appear when the import of user settings is delayed.

Enable this setting to configure the UE-V Agent not to use the sync provider.

First Use Notification

Computers Only

This Group Policy setting enables a notification in the notification area that appears when the UE-V

-

agent runs for the first time.

The default is enabled.

Roam Windows settings

Computers and Users

This Group Policy setting configures the synchronization of Windows settings.

Select which Windows settings synchronize between computers.

-

By default, Windows themes, desktop settings, and Ease of Access settings synchronize settings between computers of the same operating system version.

Settings package size warning threshold

Computers and Users

This Group Policy setting lets you configure the UE-V Agent to report when a settings package file size reaches a defined threshold.

Specify the preferred threshold for settings package sizes in kilobytes (KB).

-

By default, the UE-V Agent does not have a package file size threshold.

Settings storage path

Computers and Users

This Group Policy setting configures where the user settings are to be stored.

Enter a Universal Naming Convention (UNC) path and variables such as \Server\SettingsShare%username%.

Settings template catalog path

Computers Only

This Group Policy setting configures where custom settings location templates are stored. This policy setting also configures whether the catalog is to be used to replace the default Microsoft templates that are installed with the UE-V Agent.

Enter a Universal Naming Convention (UNC) path such as \Server\TemplateShare or a folder location on the computer.

-

Select the check box to replace the default Microsoft templates.

Sync settings over metered connections

Computers and Users

This Group Policy setting defines whether UE-V synchronizes settings over metered connections.

By default, the UE-V Agent does not synchronize settings over a metered connection.

Sync settings over metered connections even when roaming

Computers and Users

This Group Policy setting defines whether UE-V synchronizes settings over metered connections outside of the home provider network, for example, when the data connection is in roaming mode.

By default, UE-V does not synchronize settings over a metered connection when it is in roaming mode.

Synchronization timeout

Computers and Users

This Group Policy setting configures the number of milliseconds that the computer waits before a time-out when it retrieves user settings from the remote settings location. If the remote storage location is unavailable, and the user does not use the sync provider, the application start is delayed by this many milliseconds.

Specify the preferred synchronization time-out in milliseconds. The default value is 2000 milliseconds.

Tray Icon

Computers Only

This Group Policy setting enables the User Experience Virtualization (UE-V) tray icon.

The default is enabled.

Use User Experience Virtualization (UE-V)

Computers and Users

This Group Policy setting lets you enable or disable User Experience Virtualization (UE-V).

Enable or disable this Group Policy setting.

- - - -**Note**   -In addition, Group Policy settings are available for many desktop applications and Windows apps. You can use these settings to enable or disable settings synchronization for specific applications. - - - -**Windows App Group Policy settings** - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Group Policy setting nameTargetGroup Policy setting descriptionConfiguration options

Do not synchronize Windows Apps

Computers and Users

This Group Policy setting defines whether the UE-V Agent synchronizes settings for Windows apps.

The default is to synchronize Windows apps.

Windows App List

Computer and User

This setting lists the family package names of the Windows apps and states expressly whether UE-V synchronizes that app’s settings.

You can use this setting to specify that settings of an app are never synchronized by UE-V, even if the settings of all other Windows apps are synchronized.

Sync Unlisted Windows Apps

Computer and User

This Group Policy setting defines the default settings sync behavior of the UE-V Agent for Windows apps that are not explicitly listed in the Windows app list.

By default, the UE-V Agent only synchronizes settings of those Windows apps that are included in the Windows app list.

- - - -For more information about synchronizing Windows apps, see [Windows App List](https://technet.microsoft.com/library/dn458925.aspx#win8applist). - -**To configure computer-targeted Group Policy settings** - -1. Use the Group Policy Management Console (GPMC) or the Advanced Group Policy Management (AGPM) on the computer that acts as a domain controller to manage Group Policy settings for UE-V computers. Navigate to **Computer configuration**, select **Policies**, select **Administrative Templates**, click **Windows Components**, and then select **Microsoft User Experience Virtualization**. - -2. Select the Group Policy setting to be edited. - -**To configure user-targeted Group Policy settings** - -1. Use the Group Policy Management Console (GPMC) or the Advanced Group Policy Management (AGPM) tool in Microsoft Desktop Optimization Pack (MDOP) on the domain controller computer to manage Group Policy settings for UE-V. Navigate to **User configuration**, select **Policies**, select **Administrative Templates**, click **Windows Components**, and then select **Microsoft User Experience Virtualization**. - -2. Select the edited Group Policy setting. - -The UE-V Agent uses the following order of precedence to determine synchronization. - -**Order of precedence for UE-V settings** - -1. User-targeted settings that are managed by Group Policy settings - These configuration settings are stored in the registry key by Group Policy under `HKEY_CURRENT_USER\Software\Policies\Microsoft\Uev\Agent\Configuration`. - -2. Computer-targeted settings that are managed by Group Policy settings - These configuration settings are stored in the registry key by Group Policy under `HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Uev\Agent\Configuration`. - -3. Configuration settings that are defined by the current user by using Windows PowerShell or Windows management Instrumentation (WMI) - These configuration settings are stored by the UE-V Agent under this registry location: `HKEY_CURRENT_USER\Software\Microsoft\Uev\Agent\Configuration`. - -4. Configuration settings that are defined for the computer by using Windows PowerShell or WMI. These configuration settings are stored by the UE-V Agent under this registry location: `HKEY_LOCAL_MACHINE\Software\Microsoft\Uev\Agent\Configuration`. - - **Got a suggestion for UE-V**? Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). **Got a UE-V issue**? Use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopuev). - -## Related topics - - -[Administering UE-V 2.x](administering-ue-v-2x-new-uevv2.md) - -[Manage Configurations for UE-V 2.x](manage-configurations-for-ue-v-2x-new-uevv2.md) - - - - - - - - - diff --git a/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md b/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md deleted file mode 100644 index 713779f789..0000000000 --- a/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md +++ /dev/null @@ -1,248 +0,0 @@ ---- -title: Configuring UE-V 2.x with System Center Configuration Manager 2012 -description: Configuring UE-V 2.x with System Center Configuration Manager 2012 -author: dansimp -ms.assetid: 9a4e2a74-7646-4a77-b58f-2b4456487295 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 11/02/2016 ---- - - -# Configuring UE-V 2.x with System Center Configuration Manager 2012 - - -After you install Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, or 2.1 SP1 and their required features, UE-V must be configured. The UE-V Configuration Pack provides a way for administrators to use the Compliance Settings feature of System Center Configuration Manager 2012 SP1 or later to apply consistent configurations across sites where UE-V and Configuration Manager are installed. - -## UE-V Configuration Pack supported features - - -The UE-V Configuration Pack includes tools to perform the following tasks: - -- Create or update UE-V settings location template distribution baselines. - - - Define UE-V templates to be registered or unregistered - - - Update UE-V template configuration items and baselines as templates are added or updated - - - Distribute and register UE-V templates using standard Configuration Item remediation - -- Create or update a UE-V Agent policy configuration item to set or clear these settings. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Max package size

Enable/disable Windows app sync

Wait for sync on application start

Setting import delay

Sync unlisted Windows apps

Wait for sync on logon

Settings import notification

IT contact URL

Wait for sync timeout

Settings storage path

IT contact descriptive text

Settings template catalog path

Sync enablement

Tray icon enabled

Start/Stop UE-V agent service

Sync method

First use notification

Define which Windows apps will roam settings

Sync timeout

- - - -- Verify compliance by confirming that UE-V is running. - -## Generate a UE-V Agent Policy Configuration Item - - -All UE-V Agent policy and configuration is distributed through a single configuration item that is generated using the UevAgentPolicyGenerator.exe tool. This tool reads the desired configuration from an XML configuration file and creates a CI containing the discovery and remediation settings needed to bring the machine into compliance. - -The UE-V Agent policy configuration item CAB file is created using the UevTemplateBaselineGenerator.exe command line tool, which has these parameters: - -- Site <site code> - -- PolicyName <name> Optional: Defaults to “UE-V Agent Policy” if not present - -- PolicyDescription <description> Optional: A description is provided if not present - -- CabFilePath <full path to configuration item .CAB file> - -- ConfigurationFile <full path to agent configuration XML file> - -**Note**   -It might be necessary to change the PowerShell execution policy to allow these scripts to run in your environment. Perform these steps in the Configuration Manager console: - -1. Select **Administration > Client Settings > Properties** - -2. In the **User Agent** tab, set the **PowerShell Execution Policy** to **Bypass** - -**Create the First UE-V Policy Configuration Item** - -1. Copy the default settings configuration file from the UE-V Config Pack installation directory to a location visible to your ConfigMgr Admin Console: - - ``` syntax - C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\AgentConfiguration.xml c:\ - ``` - - The default configuration file contains five sections: - - **Computer Policy** - All UE-V machine level settings. The DesiredState attribute can be - - - **Set** to have the value assigned in the registry - - - **Clear** to remove the setting - - - **Unmanaged** to have the configuration item left at its current state - - Do not remove lines from this section. Instead, set the DesiredState to ‘Unmanaged’ if you do not want Configuration Manager to alter current or default values. - - **CurrentComputerUserPolicy** - All UE-V user level settings. These entries override the machine settings for a user. The DesiredState attribute can be - - - **Set** to have the value assigned in the registry - - - **Clear** to remove the setting - - - **Unmanaged** to have the configuration item left at its current state - - Do not remove lines from this section. Instead, set the DesiredState to ‘Unmanaged’ if you do not want Configuration Manager to alter current or default values. - - **Services** - Entries in this section control service operation. The default configuration file contains a single entry for the UevAgentService. The DesiredState attribute can be set to **Running** or **Stopped**. - - **Windows8AppsComputerPolicy** - All machine level Windows app synchronization settings. Each PackageFamilyName listed in this section can be assigned a DesiredState of - - - **Enabled** to have settings roam - - - **Disabled** to prevent settings from roaming - - - **Cleared** to have the entry removed from UE-V control - - Additional lines can be added to this section based on the list of installed Windows apps that can be viewed using the PowerShell cmdlet GetAppxPackage. - - **Windows8AppsCurrentComputerUserPolicy** - Identical to the Windows8AppsComputerPolicy with settings that override machine settings for an individual user. - -2. Edit the configuration file by changing the desired state and value fields. - -3. Run this command on a machine running the ConfigMgr Admin Console: - - ``` syntax - C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevAgentPolicyGenerator.exe –Site ABC –CabFilePath "C:\MyCabFiles\UevPolicyItem.cab" –ConfigurationFile "c:\AgentConfiguration.xml" - ``` - -4. Import the CAB file using ConfigMgr console or PowerShell Import-CMConfigurationItem - -**Update a UE-V Policy Configuration Item** - -1. Edit the configuration file by changing the desired state and value fields. - -2. Run the command from Step 3 in [Create the First UE-V Policy Configuration Item](#create). If you changed the name with the PolicyName parameter, make sure you enter the same name. - -3. Reimport the CAB file. The version in ConfigMgr will be updated. - -## Generate a UE-V Template Baseline -UE-V templates are distributed using a baseline containing multiple configuration items. Each configuration item contains the discovery and remediation scripts needed to install one UE-V template. The actual UE-V template is embedded within the remediation script for distribution using standard Configuration Item functionality. - -The UE-V template baseline is created using the UevTemplateBaselineGenerator.exe command line tool, which has these parameters: - -- Site <site code> - -- BaselineName <name> (Optional: defaults to “UE-V Template Distribution Baseline” if not present) - -- BaselineDescription <description> (Optional: a description is provided if not present) - -- TemplateFolder <UE-V template folder> - -- Register <comma separated template file list> - -- Unregister <comma separated template list> - -- CabFilePath <Full path to baseline CAB file to generate> - -The result is a baseline CAB file that is ready for import into Configuration Manager. If at a future date, you update or add a template, you can rerun the command using the same baseline name. Importing the CAB results in CI version updates on the changed templates. - -### Create the First UE-V Template Baseline - -1. Create a “master” set of UE-V templates in a stable folder location visible to the machine running your ConfigMgr Admin Console. As templates are added or updated, this folder is where they are pulled for distribution. The initial list of templates can be copied from a machine with UE-V installed. The default template location is C:\\Program Files\\Microsoft User Experience Virtualization\\Templates. - -2. Create a text.bat file where you can add the template generator command. This is optional, but will make regeneration simpler if you save the command parameters. - -3. Add the command and parameters to the .bat file that will generate the baseline. The following example creates a baseline that distributes Notepad and Calculator: - - ``` syntax - C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevTemplateBaselineGenerator.exe –Site "ABC" –TemplateFolder "C:\ProductionUevTemplates" –Register "MicrosoftNotepad.xml, MicrosoftCalculator.xml" –CabFilePath "C:\MyCabFiles\UevTemplateBaseline.cab" - ``` - -4. Run the .bat file to create UevTemplateBaseline.cab ready for import into Configuration Manager. - -### Update a UE-V Template Baseline - -The template generator uses the template version to determine if a template should be updated. If you make a template change and update the version, the baseline generator compares the template in your master folder with the template contained in the CI on the ConfigMgr server. If a difference is found, the generated baseline and modified CI versions are updated. - -To distribute a new Notepad template, you would perform these steps: - -1. Update the template and template version located in the <Version> element of the template. - -2. Copy the template to your master template directory. - -3. Run the command in the .bat file that you created in Step 3 in [Create the First UE-V Template Baseline](#create2). - -4. Import the generated CAB file into ConfigMgr using the console or PowerShell Import-CMBaseline. - -## Get the UE-V Configuration Pack - - -The UE-V Configuration Pack for Configuration Manager 2012 SP1 or later can be downloaded [here](https://go.microsoft.com/fwlink/?LinkId=317263). - - - - - - -## Related topics - - -[Manage Configurations for UE-V 2.x](manage-configurations-for-ue-v-2x-new-uevv2.md) - - - - - - - - - diff --git a/mdop/uev-v2/deploy-required-features-for-ue-v-2x-new-uevv2.md b/mdop/uev-v2/deploy-required-features-for-ue-v-2x-new-uevv2.md deleted file mode 100644 index ba9af1726e..0000000000 --- a/mdop/uev-v2/deploy-required-features-for-ue-v-2x-new-uevv2.md +++ /dev/null @@ -1,459 +0,0 @@ ---- -title: Deploy Required Features for UE-V 2.x -description: Deploy Required Features for UE-V 2.x -author: dansimp -ms.assetid: 10399bb3-cc7b-4578-bc0c-2f6b597abe4d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Deploy Required Features for UE-V 2.x - - -All Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1 deployments require these features - -- [Deploy a Settings Storage Location](#ssl) that is accessible to end users. - - This is a standard network share that stores and retrieves user settings. - -- [Choose the Configuration Method for UE-V](#config) - - UE-V can be deployed and configured using common management tools including group policy, Configuration Manager, or Windows Management Infrastructure and Powershell. - -- [Deploy a UE-V Agent](#agent) to be installed on every computer that synchronizes settings. - - This monitors registered applications and the operating system for any settings changes and synchronizes those settings between computers. - -The topics in this section describe how to deploy these features. - -## Deploy a UE-V Settings Storage Location - - -UE-V requires a location in which to store user settings in settings package files. You can configure this settings storage location in one of these ways: - -- Create your own settings storage location - -- Use existing Active Directory for your settings storage location - -If you don’t create a settings storage location, the UE-V Agent will use Active Directory (AD) by default. - -**Note** -As a matter of [performance and capacity planning](https://technet.microsoft.com/library/dn458932.aspx#capacity) and to reduce problems with network latency, create settings storage locations on the same local networks where the users’ computers reside. We recommend 20 MB of disk space per user for the settings storage location. - - - -### Create a UE-V Settings Storage Location - -Before you define the settings storage location, you must create a root directory with read/write permissions for users who store settings on the share. The UE-V Agent creates user-specific folders under this root directory. - -The settings storage location is defined by setting the SettingsStoragePath configuration option, which you can configure by using one of these methods: - -- When you [Deploy the UE-V Agent](#agent) through a command-line parameter or in a batch script - -- Through [Group Policy](https://technet.microsoft.com/library/dn458893.aspx) settings - -- With the [System Center Configuration Pack](https://technet.microsoft.com/library/dn458917.aspx) for UE-V - -- After installation of the UE-V Agent, by using [Windows PowerShell or Windows Management Instrumentation (WMI)](https://technet.microsoft.com/library/dn458937.aspx) - -The path must be in a universal naming convention (UNC) path of the server and share. For example, **\\\\Server\\Settingsshare\\**. This configuration option supports the use of variables to enable specific synchronization scenarios. For example, you can use the `%username%\%computername%` variables to preserve the end user settings experience in these scenarios: - -- End users that use multiple physical computers in your enterprise - -- Enterprise computers that are used by multiple end users - -The UE-V Agent dynamically creates a user-specific settings storage path, with a hidden system folder named `SettingsPackages`, based on the configuration setting of **SettingsStoragePath**. The agent reads and writes settings to this location as defined by the registered UE-V settings location templates. - -**UE-V settings are determined by a "Last write wins" rule:** If the settings storage location is the same for user with multiple managed computers, one UE-V Agent reads and writes to the settings location independently of agents running on other computers. The last written settings and values are the ones applied when the next agent reads from the settings storage location. - -**Deploy the settings storage location:** Follow these steps to define the settings storage location rather than using your existing Active Directory service. You should limit access to the settings storage share to those users that require it, as shown in the tables below. - -**To deploy the UE-V network share** - -1. Create a new security group for UE-V users. - -2. Create a new folder on the centrally located computer that stores the UE-V settings packages, and then grant the UE-V users access with group permissions to the folder. The administrator who supports UE-V must have permissions to this shared folder. - -3. Set the following share-level Server Message Block (SMB) permissions for the settings storage location folder. - - - - - - - - - - - - - - - - - - - - - - -
User accountRecommended permissions

Everyone

No permissions

Security group of UE-V users

Full control

- - - -4. Set the following NTFS file system permissions for the settings storage location folder. - - - - - - - - - - - - - - - - - - - - - - - - - - -
User accountRecommended permissionsFolder

Creator/owner

Full control

Subfolders and files only

Security group of UE-V users

List folder/read data, create folders/append data

This folder only

- - - -With this configuration, the UE-V Agent creates and secures a Settingspackage folder while it runs in the context of the user, and grants each user permission to create folders for settings storage. Users receive full control to their Settingspackage folder while other users cannot access it. - -**Note** -If you create the settings storage share on a computer running a Windows Server operating system, configure UE-V to verify that either the local Administrators group or the current user is the owner of the folder where settings packages are stored. To enable this additional security, specify this setting in the Windows Server Registry Editor: - -1. Add a **REG\_DWORD** registry key named **"RepositoryOwnerCheckEnabled"** to **HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\UEV\\Agent\\Configuration**. - -2. Set the registry key value to *1*. - - - -### Use Active Directory with UE-V 2.x - -The UE-V Agent uses Active Directory (AD) by default if a settings storage location is not otherwise defined. In these cases, the UE-V Agent dynamically creates the settings storage folder under the root of the AD home directory of each user. But, if a custom directory setting is configured in AD, then that directory is used instead. - -## Choose the Configuration Method for UE-V 2.x - - -You want to figure out which configuration method you'll use to manage UE-V after deployment since this will be the configuration method you use to deploy the UE-V Agent. Typically, this is the configuration method that you already use in your environment, such as Windows PowerShell or Configuration Manager. - -You can configure UE-V before, during, or after UE-V Agent installation, depending on the configuration method that you use. - -- [Group Policy](https://technet.microsoft.com/library/dn458893.aspx)**:** You can use your existing Group Policy infrastructure to configure UE-V before or after UE-V Agent deployment. The UE-V Group Policy ADMX template enables the central management of common UE-V Agent configuration options, and it includes settings to configure UE-V synchronization. - - **Installing the UE-V Group Policy ADMX Templates:** Group Policy ADMX templates for UE-V configure the synchronization settings for the UE-V Agent and enable the central management of common UE-V Agent configuration settings by using an existing Group Policy infrastructure. - - Supported operating systems for the domain controller that deploys the Group Policy Objects include the following: - - Windows Server 2008 R2 - - Windows Server 2012 and Windows Server 2012 R2 - -- [Configuration Manager](https://technet.microsoft.com/library/dn458917.aspx)**:** The UE-V Configuration Pack lets you use the Compliance Settings feature of System Center Configuration Manager 2012 SP1 or later to apply consistent configurations across sites where UE-V and Configuration Manager are installed. - -- [Windows PowerShell and WMI](https://technet.microsoft.com/library/dn458937.aspx)**:** You can use scripted commands for Windows PowerShell and Windows Management Instrumentation (WMI) to modify configurations after you install the UE-V Agent. - - **Note** - Registry modification can result in data loss, or the computer becomes unresponsive. We recommend that you use other configuration methods. - - - -- **Command-line or Batch Script Installation:** Parameters that are used when you [Deploy the UE-V Agent](#agent) configure many UE-V settings. Electronic software distribution systems, such as System Center 2012 Configuration Manager, use these parameters to configure their clients when they deploy and install the UE-V Agent software. - -## Deploy the UE-V 2.x Agent - - -The UE-V Agent is the core of a UE-V deployment and must run on each computer that uses UE-V to synchronize application and Windows settings. - -**UE-V Agent Installation Files:** A single installation file, AgentSetup.exe, installs the UE-V Agent on both 32-bit and 64-bit operating systems. In addition, AgentSetupx86.msi or AgentSetupx64.msi architecture-specific Windows Installer files are provided, and since they are smaller, they might streamline the agent deployments. The [command-line parameters for the AgentSetup.exe installer](#params) are supported for the Windows Installer installation as well. - -**Important** -During UE-V Agent installation or uninstallation, you can either use the AgentSetup.exe file or the AgentSetup<arch>.msi file, but not both. The same file must be used to uninstall the UE-V Agent that was used to install the UE-V Agent. - - - -### To Deploy the UE-V Agent - -You can use the following methods to deploy the UE-V Agent: - -- An electronic software distribution (ESD) solution system, such as Configuration Manager, that can install a Windows Installer (.msi) file. - -- An installation script that references the Windows Installer (.msi) file that is stored centrally on a share. - -- An installation program that you run manually on the computer. - -Use the following procedure to deploy the UE-V Agent from a network share. - -**To install and configure the UE-V Agent from a network share** - -1. Stage the UE-V Agent installation file AgentSetup.exe on a network share to which users have Read permission. - -2. Deploy a script to user computers that installs the UE-V Agent. The script should specify the settings storage location. - -**Deployment options:** Be sure to use the correct variable format when you install the UE-V Agent. The following table provides examples of deployment options for using the AgentSetup.exe or the Windows Installer (.msi) files. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Deployment typeDeployment descriptionExample

Command prompt

When you install the UE-V Agent at a command prompt, use the %^username% variable format. If quotation marks are required because of spaces in the settings storage path, use a batch script file for deployment.

-

AgentSetup.exe /quiet /norestart /log "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\server\settingsshare%^username%

-

-

msiexec.exe /i "<path to msi file>" /quiet /norestart /lv "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\server\settingsshare%^username%

Batch script

When you install the UE-V Agent from a batch script file, use the %%username%% variable format. If you use this installation method, you must escape the variable with the %% characters. Without this character, the script expands the username variable at installation time, rather than at run time, which causes UE-V to use a single settings storage location for all users.

AgentSetup.exe /quiet /norestart /log "%temp%\UE-VAgentInstaller.log" SettingsStoragePath="\server\settingsshare%%username%%"

-

-

msiexec.exe /i "<path to msi file>" /quiet /norestart /lv "%temp%\UE-VAgentInstaller.log" SettingsStoragePath="\server\settingsshare%%username%%"

-

Windows PowerShell

When you install the UE-V Agent from a Windows PowerShell prompt or a Windows PowerShell script, use the %username% variable format.

& AgentSetup.exe /quiet /norestart /log "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\server\settingsshare%username%

-

-

& msiexec.exe /i "<path to msi file>" /quiet /norestart /lv "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\server\settingsshare%username%

-

Electronic software distribution, such as deployment of Configuration Manager Software Deployment

When you install the UE-V Agent by using Configuration Manager, use the ^%username^% variable format.

AgentSetup.exe /quiet /norestart /log "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\server\settingsshare^%username^%

-

-

msiexec.exe /i "<path to msi file>" /quiet /norestart /lv "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\server\settingsshare^%username^%

- - - -**Note** -The installation of the UE-V Agent requires administrator rights, and the computer requires a restart before the UE-V Agent can run. - - - -### Command-line parameters for UE-V Agent deployment - -The command-line parameters of the UE-V Agent are as follows. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Command-line parameterDefinitionNotes

/help or /h or /?

Displays the AgentSetup.exe usage dialog box.

SettingsStoragePath

Indicates the Universal Naming Convention (UNC) path that defines where settings are stored.

-Important

You must specify a SettingsStoragePath in UE-V 2.1 and UE-V 2.1 SP1. You can set the AdHomePath string to specify that the user's Active Directory home path is used. For example, SettingsStoragePath = \share\path|AdHomePath.

-

In UE-V 2.0, you can leave SettingsStoragePath blank to use the Active Directory home path instead.

-
-
- -
-

%username% or %computername% environment variables are accepted. Scripting can require escaped variables.

-

Default: <none>

SettingsStoragePathReg

Gets the SettingsStoragePath value from the registry during installation.

At the command prompt, type the following example to force UE-V to use the Active Directory home path instead of a specific UNC.

-

msiexec.exe /i AgentSetupx64.msi acceptlicenseterms=true SettingsStoragePathReg=TRUE /quiet /norestart

SettingsTemplateCatalogPath

Indicates the Universal Naming Convention (UNC) path that defines the location that was checked for new settings location templates.

Only required for custom settings location templates

RegisterMSTemplates

Specifies whether the default Microsoft templates should be registered during installation.

True | False

-

Default: True

SyncMethod

Specifies which synchronization method should be used.

SyncProvider | None

-

Default: SyncProvider

SyncTimeoutInMilliseconds

Specifies the number of milliseconds that the computer waits before time-out when it retrieves user settings from the settings storage location.

Default: 2000 milliseconds

-

(wait up to 2 seconds)

SyncEnabled

Specifies whether UE-V synchronization is enabled or disabled.

True | False

-

Default: True

MaxPackageSizeInBytes

Specifies a settings package file size in bytes when the UE-V Agent reports that files exceed the threshold.

<size>

-

Default: none (no warning threshold)

CEIPEnabled

Specifies the setting for participation in the Customer Experience Improvement program. If set to True, installer information is uploaded to the Microsoft Customer Experience Improvement Program site. If set to False, no information is uploaded.

True | False

-

Default: False

NoRestart

Supports deferral of the restart of the computer after the UE-V Agent is installed.

INSTALLFOLDER

Enables a different installation folder to be set for the UE-V Agent or UE-V Generator.

MUENABLED

Enables Setup to accept the option to be included in the Microsoft Update program.

ACCEPTLICENSETERMS

Lets UE-V be installed silently. This must be set to True to install UE-V silently and bypass the requirement that the user accepts the UE-V license terms. If set to False or left empty, the user receives an error message and UE-V is not installed.

-Important

This parameter is required to install UE-V silently.

-
-
- -

NORESTART

Prevents a mandatory restart after the UE-V Agent is installed.

- - - -### Update the UE-V Agent - -Updates for the UE-V Agent software are provided through Microsoft Update. You can deploy UE-V Agent updates by using Enterprise Software Distribution (ESD) infrastructure systems. - -During a UE-V Agent upgrade, the default group of settings location templates for common Microsoft applications and Windows settings can be updated. - -### Upgrade the UE-V 2.x Agent - -The UE-V 2.x Agent introduces many new features and modifies how and when the agent uploads content to the settings storage share. The upgrade process automates these changes. To upgrade the UE-V Agent, run the UE-V Agent install package (AgentSetup.exe, AgentSetupx86.msi, or AgentSetupx64.msi) on users’ computers. - -**Note** -When you upgrade the UE-V Agent, you must use the same installer type (.exe file or .msi packet) that installed the previous UE-V Agent. For example, use the UE-V 2 AgentSetup.exe to upgrade UE-V 1.0 Agents that were installed by using AgentSetup.exe. - - - -The following configurations are preserved when the Agent Setup program runs: - -- Settings storage path - -- Registry settings - -- Scheduled tasks (Interval settings are reset to their defaults) - -**Note** -A computer with UE-V 2.x settings location templates that are registered in the UE-V 1.0 Agent register errors in the Windows Event Log. - - - -You can use Microsoft System Center 2012 Configuration Manager or another enterprise software distribution tool to automate and distribute the UE-V Agent upgrade. - -**Recommendations:** We recommend that you upgrade all of the UE-V 1.0 Agents in a computing environment, but it is not required. UE-V 2.x settings location templates can interact with a UE-V 1.0 Agent because they only share the settings from the settings storage path. We recommend, however, that you move the deployments to a single agent version to simplify management and to support UE-V. - -### Repair the UE-V Agent after an unsuccessful upgrade - -You might experience errors after you attempt one of the following operations: - -- Upgrade from UE-V 1.0 to UE-V 2 - -- Upgrade to a newer version of Windows, for example, from Windows 7 to Windows 8 or from Windows 8 to Windows 8.1. - -- Uninstall the agent after upgrading the UE-V Agent - -To resolve any issues, attempt to repair the UE-V Agent by entering this command at a command prompt on the computer where the agent is installed. - -``` syntax -msiexec.exe /f "" /quiet /norestart /l*v "%temp%\UE-VAgentInstaller.log -``` - -You can then retry the uninstall process or upgrade by installing the newer version of the UE-V Agent. - - - - - - -## Related topics - - -[Prepare a UE-V 2.x Deployment](prepare-a-ue-v-2x-deployment-new-uevv2.md) - -[Deploy UE-V 2.x for Custom Applications](deploy-ue-v-2x-for-custom-applications-new-uevv2.md) - - - - - - - - - diff --git a/mdop/uev-v2/deploy-ue-v-2x-for-custom-applications-new-uevv2.md b/mdop/uev-v2/deploy-ue-v-2x-for-custom-applications-new-uevv2.md deleted file mode 100644 index 8362ffa04c..0000000000 --- a/mdop/uev-v2/deploy-ue-v-2x-for-custom-applications-new-uevv2.md +++ /dev/null @@ -1,344 +0,0 @@ ---- -title: Deploy UE-V 2.x for Custom Applications -description: Deploy UE-V 2.x for Custom Applications -author: dansimp -ms.assetid: f7cb089f-d764-4a93-82b6-926fe0385a23 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 07/19/2016 ---- - - -# Deploy UE-V 2.x for Custom Applications - - -Microsoft User Experience Virtualization (UE-V) 2.0. 2.1, and 2.1 SP1 use XML files called **settings location templates** to monitor and synchronize desktop application settings and Windows desktop settings between user computers. By default, some settings location templates are included in UE-V. But if you want to synchronize settings for desktop applications other than those included in the default templates, you can create your own custom settings location templates by using the UE-V Generator. - -Once you have read through the planning material in [Prepare a UE-V 2.x Deployment](prepare-a-ue-v-2x-deployment-new-uevv2.md) and have decided that you want to synchronize settings for custom applications (third-party, line-of-business, etc.), you will deploy the features of UE-V as described in this topic. To start, here are the main steps required to synchronize settings for custom applications: - -- [Install the UEV Generator](#uevgen) - - Use the UEV Generator to create custom XML settings location templates. - -- [Configure a UE-V settings template catalog](#deploycatalogue) - - You can define this path where custom settings location templates are stored. - -- [Create custom settings location templates](#createcustomtemplates) - - These custom templates let users sync settings for custom applications. - -- [Deploy the custom settings location templates](#deploycustomtemplates) - - After you test the custom template to ensure that settings are synced correctly, you can deploy these templates in one of these ways: - - - Through your existing deployment infrastructure, such as Configuration Manager - - - By using Group Policy preferences - - - [Deploy a UE-V settings template catalog](#deploycatalogue) - - **Note**   - Templates that are deployed by using ESD or Group Policy must be registered with UE-V Windows Management Instrumentation (WMI) or Windows PowerShell. - - - -## Prepare to Deploy UE-V 2.x for Custom Applications - - -Before you start deploying the UE-V features that handle custom applications, there are just a couple things to review. - -### The UE-V Generator - -The UE-V Generator monitors an application to discover and capture the locations where the application stores its settings. The application that is monitored must be a traditional application. You use the UE-V Generator to create settings location templates, but it cannot create a settings location template from these application types: - -- Virtualized applications - -- Applications that are offered through Terminal Services - -- Java applications - -- Windows apps - -**Note**   -UE-V settings location templates cannot be created from virtualized applications or Terminal Services applications. However, settings that are synchronized by using the templates can be applied to those applications. To create templates that support Virtual Desktop Infrastructure (VDI) and Terminal Services applications, open a version of the Windows Installer (.msi) package of the application by using the UE-V Generator. For more information about synchronizing settings for virtual applications, see [Using UE-V 2.x with Application Virtualization Applications](using-ue-v-2x-with-application-virtualization-applications-both-uevv2.md). - - - -**Excluded Locations:** The discovery process excludes locations that commonly store application software files that do not synchronize settings well between user computers or computing environments. By default, these are excluded: - -- HKEY\_CURRENT\_USER registry keys and files to which the logged-on user cannot write values - -- HKEY\_CURRENT\_USER registry keys and files that are associated with the core functionality of the Windows operating system - -- All registry keys that are located in the HKEY\_LOCAL\_MACHINE hive - -- Files that are located in Program Files directories - -- Files that are located in Users \\ \[User name\] \\ AppData \\ LocalLow - -- Windows operating system files that are located in %Systemroot% - -If registry keys and files that are stored in excluded locations are required to synchronize application settings, you can manually add the locations to the settings location template during the template creation process. -However, only changes to the HKEY\_CURRENT\_USER hive will be sync-ed. - -### Replace the default Microsoft templates - -The UE-V Agent installs a default group of settings location templates for common Microsoft applications and Windows settings. If you customize these templates, or create settings location templates to synchronize settings for custom applications, the UE-V Agent can be configured to use a settings template catalog to store the templates. In this case, you will need to include the default templates along with the custom templates in the settings template catalog. - -When you [Deploy a UE-V Agent](https://technet.microsoft.com/library/dn458891.aspx#agent), you can use the command-line parameter `RegisterMSTemplates` to disable the registration of the default Microsoft templates. - -When you use Group Policy to configure the settings template catalog path, you can choose to replace the default Microsoft templates. If you configure the policy settings to replace the default Microsoft templates, all of the default Microsoft templates that are installed by the UE-V Agent are deleted and only the templates that are located in the settings template catalog are used. The UE-V Agent configuration setting parameter `RegisterMSTemplates` must be set to *true* in order to override the default Microsoft template. - -**Note**   -If you disable this policy setting after it has been enabled, the UE-V Agent does not restore the default Microsoft templates. - - - -If there are customized templates in the settings template catalog that use the same ID as the default Microsoft templates, and the UE-V Agent is not configured to replace the default Microsoft templates, the Microsoft templates are ignored. - -You can also replace the default templates by using the UE-V Windows PowerShell features. To replace the default Microsoft template with Windows PowerShell, unregister all of the default Microsoft templates, and then register the customized templates. - -**Note**   -Old settings packages remain in the settings storage location even if you deploy new settings location templates for an application. These packages are not read by the agent, but neither are they automatically deleted. - - - -## Install the UEV 2.x Generator - - -Install the Microsoft User Experience Virtualization (UE-V) 2.0 Generator on a computer that you can then use to create a custom settings location template. This computer should have the applications installed for which custom settings location templates are to be generated. - -**To install the UE-V Generator** - -1. As a user with local administrator rights, locate the UE-V Generator installation file **ToolSetup.exe** provided with the UE-V software. Or, if you know the computer architecture, you can run the appropriate Windows Installer (.msi) file, **ToolsSetupx64.msi** or **ToolsSetupx86.msi**. - -2. Double-click the installation file. The User Experience Virtualization Generator Setup wizard opens. Click **Next** to continue. - -3. Accept the Microsoft Software License Terms, and then click **Next**. - -4. Click the options for Microsoft Updates and the Customer Experience Improvement Program. - -5. Select the destination folder in which to install the UE-V Generator, and then click **Next**. - -6. Click **Install** to begin the installation. - - **Note**   - A prompt for **User Account Control** appears before the application is installed. Permission is required to install the UE-V Generator. - - - -7. Click **Finish** to close the wizard after the installation is finished. You must restart your computer before you can run the UE-V Generator. - - To verify that the installation was successful, click **Start**, click **All Programs**, click **Microsoft User Experience Virtualization**, and then click **Microsoft User Experience Virtualization Generator**. - - **Note**   - The UE-V 2 Generator can only be used to create templates for UE-V 2 Agents. In a mixed deployment of UE-V 1.0 Agents and UE-V 2 Agents, you should continue to use the UE-V 1.0 Generator until you have upgraded all UE-V Agents. - - - -## Deploy a Settings Template Catalog - - -The User Experience Virtualization settings template catalog is a folder path on UE-V computers or a Server Message Block (SMB) network share that stores all the custom settings location templates. A scheduled task in the UE-V Agent checks this location one time each day and updates its synchronization behavior, based on the templates in this folder. - -The UE-V Agent registers templates that were added or updated in this folder after the last time that the folder was checked and unregisters templates that are removed. By default, templates are registered and unregistered one time per day at 3:30 A.M. local time by the Task Scheduler and at system startup. To customize the frequency of this scheduled task, see [Changing the Frequency of UE-V 2.x Scheduled Tasks](changing-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md). - -You can configure the settings template catalog path by using the installation command-line options, Group Policy, WMI, or Windows PowerShell. Templates that are stored at the settings template catalog path are automatically registered and unregistered by a scheduled task. - -**To configure the settings template catalog for UE-V 2.x** - -1. Create a new folder on the computer that stores the UE-V settings template catalog. - -2. Set the following share-level (SMB) permissions for the settings template catalog folder. - - - - - - - - - - - - - - - - - - - - - - - - - - -
User accountRecommended permissions

Everyone

No Permissions

Domain Computers

Read Permission Levels

Administrators

Read/Write Permission Levels

- - - -3. Set the following NTFS file system permissions for the settings template catalog folder. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
User accountRecommended permissionsApply to

Creator/Owner

Full Control

This Folder, Subfolders and Files

Domain Computers

List Folder Contents and Read

This Folder, Subfolders and Files

Everyone

No Permissions

No Permissions

Administrators

Full Control

This Folder, Subfolders and Files

- - - -4. Click **OK** to close the dialog boxes. - -At a minimum, the network share must grant permissions for the Domain Computers group. In addition, grant access permissions for the network share folder to administrators who are to manage the stored templates. - -## Create Custom Settings Location Templates - - -Use the UE-V Generator to create settings location templates for line-of-business applications or other custom applications. After the template for an application is created, you can deploy it to computers so that settings are synchronized for that application. - -**To create a UE-V settings location template with the UE-V Generator** - -1. Click **Start**, click **All Programs**, click **Microsoft User Experience Virtualization**, and then click **Microsoft User Experience Virtualization Generator**. - -2. Click **Create a settings location template**. - -3. Specify the application. Browse to the file path of the application (.exe) or the application shortcut (.lnk) for which you want to create a settings location template. Specify the command-line arguments, if any, and working directory, if any. Click **Next** to continue. - - **Note**   - Before the application is started, the system displays a prompt for **User Account Control**. Permission is required to monitor the registry and file locations that the application uses to store settings. - - - -4. After the application starts, close the application. The UE-V Generator records the locations where the application stores its settings. - -5. After the process is completed, click **Next** to continue. - -6. Review and select the check boxes that are next to the appropriate registry settings locations and settings file locations to synchronize for this application. The list includes the following two categories for settings locations: - - - **Standard**: Application settings that are stored in the registry under the HKEY\_CURRENT\_USER keys or in the file folders under \\ **Users** \\ \[User name\] \\ **AppData** \\ **Roaming**. The UE-V Generator includes these settings by default. - - - **Nonstandard**: Application settings that are stored outside the locations are specified in the best practices for settings data storage (optional). These include files and folders under **Users** \\ \[User name\] \\ **AppData** \\ **Local**. Review these locations to determine whether to include them in the settings location template. Select the locations check boxes to include them. - - Click **Next** to continue. - -7. Review and edit any **Properties**, **Registry** locations, and **Files** locations for the settings location template. - - - Edit the following properties on the **Properties** tab: - - - **Application Name**: The application name that is written in the description of the program files properties. - - - **Program name**: The name of the program that is taken from the program file properties. This name usually has the .exe file name extension. - - - **Product version**: The product version number of the .exe file of the application. This property, in conjunction with the **File version**, helps determine which applications are targeted by the settings location template. This property accepts a major version number. If this property is empty, the settings location template applies to all versions of the product. - - - **File version**: The file version number of the .exe file of the application. This property, in conjunction with the **Product version**, helps determine which applications are targeted by the settings location template. This property accepts a major version number. If this property is empty, the settings location template applies to all versions of the program. - - - **Template author name** (optional): The name of the settings location template author. - - - **Template author email** (optional): The email address of the settings location template author. - - - The **Registry** tab lists the **Key** and **Scope** of the registry locations that are included in the settings location template. Edit the registry locations by using the **Tasks** drop-down menu. Tasks enable you to add new keys, edit the name or scope of existing keys, delete keys, and browse the registry where the keys are located. Use the **All Settings** scope to include all the registry settings under the specified key. Use the **All Settings and Subkeys** to include all the registry settings under the specified key, subkeys, and subkey settings. - - - The **Files** tab lists the file path and file mask of the file locations that are included in the settings location template. Edit the file locations by use of the **Tasks** drop-down menu. Tasks for file locations enable you to add new files or folder locations, edit the scope of existing files or folders, delete files or folders, and open the selected location in Windows Explorer. Leave the file mask empty to include all files in the specified folder. - -8. Click **Create**, and then click **Save** to save the settings location template on the computer. - -9. Click **Close** to close the Settings Template Wizard. Exit the UE-V Generator application. - - After you have created the settings location template for an application, you should test the template. Deploy the template in a lab environment before you put it into production in the enterprise. - -[Application Template Schema Reference for UE-V](https://technet.microsoft.com/library/dn763947.aspx) details the XML structure of the UE-V settings location template and provides guidance for editing these files. - -## Deploy the Custom Settings Location Templates - - -After you create a settings location template with the UE-V Generator, you should test it to ensure that the application settings are synchronized correctly. You can then safely deploy the settings location template to computers in the enterprise. - -Settings location templates can be deployed by using one of these methods: - -- An enterprise software distribution (ESD) system such as System Center Configuration Manager - -- Group Policy preferences - -- A UE-V settings template catalog - -Templates that are deployed by using an ESD system or Group Policy Objects must be registered through UE-V Windows Management Instrumentation (WMI) or Windows PowerShell. Templates that are stored in the settings template catalog location are automatically registered by the UE-V Agent. - -**To use the settings template catalog path to deploy UE-V settings location templates** - -1. Browse to the network share folder that is defined as the settings template catalog. - -2. Add, remove, or update settings location templates in the settings template catalog to reflect the UE-V Agent template configuration that you want for UE-V computers. - - **Note**   - Templates on computers are updated daily. The update is based on changes to the settings template catalog. - - - -3. To manually update templates on a computer that runs the UE-V Agent, open an elevated command prompt, and browse to **%Program Files%\\Microsoft User Experience Virtualization \\ Agent \\ <x86 or x64 >**, and then run **ApplySettingsTemplateCatalog.exe**. - - **Note**   - This program runs automatically during computer startup and daily at 3:30 A. M. to gather any new templates that were recently added to the catalog. - - - - - - - - -## Related topics - - -[Prepare a UE-V 2.x Deployment](prepare-a-ue-v-2x-deployment-new-uevv2.md) - -[Deploy Required Features for UE-V 2.x](deploy-required-features-for-ue-v-2x-new-uevv2.md) - - - - - - - - - diff --git a/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md b/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md deleted file mode 100644 index 70de32e73b..0000000000 --- a/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md +++ /dev/null @@ -1,269 +0,0 @@ ---- -title: Get Started with UE-V 2.x -description: Get Started with UE-V 2.x -author: dansimp -ms.assetid: 526ecbf0-0dee-4f0b-b017-8f8d25357b14 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 02/13/2017 ---- - - -# Get Started with UE-V 2.x - - -Follow the steps in this guide to quickly deploy Microsoft User Experience Virtualization (UE-V) 2.0 or 2.1 in a small test environment. This helps you determine whether UE-V is the right solution to manage user settings across multiple devices within your enterprise. - -**Note**   -The information in this section is repeated in greater detail throughout the rest of the documentation. So if you already know that UE-V 2 is the right solution and you don’t need to evaluate it, you can just go right to [Prepare a UE-V 2.x Deployment](prepare-a-ue-v-2x-deployment-new-uevv2.md). - - - -The standard installation of UE-V synchronizes the default Microsoft Windows and Office settings and many Windows app settings. Make sure your test environment includes two or more user computers that share network access and you’ll be evaluating UE-V in just a short time. - -- [Step 1: Confirm Prerequisites](#step1): Make sure your environment is able to run UE-V, including details about supported configurations. - -- [Step 2: Deploy the Settings Storage Location for UE-V 2](#step2): All UE-V deployments require a location for settings packages that contain the synchronized setting values. - -- [Step 3: Deploy the UE-V 2 Agent](#step3): To synchronize settings using UE-V, devices must have the UE-V Agent installed and running. - -- [Step 4: Test Your UE-V 2 Evaluation Deployment](#step4): Run a few tests on two computers that have the UE-V Agent installed and see how UE-V works. - -That’s it! Once you follow the steps, you’ll be able to evaluate how UE-V can work in your enterprise. - -**Further evaluation:** You can also perform additional steps to configure some third-party and line-of-business applications to synchronize their settings using UE-V as detailed in [Deploy UE-V 2.x for Custom Applications](deploy-ue-v-2x-for-custom-applications-new-uevv2.md). - -## Step 1: Confirm Prerequisites - - -Before you proceed, make sure your environment includes these requirements for running UE-V. - - -------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating systemEditionService packSystem architectureWindows PowerShellMicrosoft .NET Framework

Windows 7

Ultimate, Enterprise, or Professional Edition

SP1

32-bit or 64-bit

Windows PowerShell 3.0 or higher

.NET Framework 4 or higher

Windows Server 2008 R2

Standard, Enterprise, Datacenter, or Web Server

SP1

64-bit

Windows PowerShell 3.0 or higher

.NET Framework 4 or higher

Windows 8.1

Enterprise or Pro

None

32-bit or 64-bit

Windows PowerShell 3.0 or higher

.NET Framework 4.5

Windows Server 2012 or Windows Server 2012 R2

Standard or Datacenter

None

64-bit

Windows PowerShell 3.0 or higher

.NET Framework 4.5

Windows 10, pre-1607 verison

Enterprise or Pro

32-bit or 64-bit

Windows PowerShell 3.0 or higher

.NET Framework 4.5

Windows Server 2016

Standard or Datacenter

None

64-bit

Windows PowerShell 3.0 or higher

.NET Framework 4.5

- -**Note:** Starting with Windows 10, version 1607, UE-V is included with [Windows 10 for Enterprise](https://www.microsoft.com/WindowsForBusiness/windows-for-enterprise) and is no longer part of the Microsoft Desktop Optimization Pack - -Also… - -- **MDOP License:** This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Enterprise customers can get MDOP with Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see How Do I Get MDOP (https://go.microsoft.com/fwlink/p/?LinkId=322049). - -- **Administrative Credentials** for any computer on which you’ll be installing - -## Step 2: Deploy the Settings Storage Location for UE-V 2 - - -You’ll need to deploy a settings storage location, a standard network share where user settings are stored in a settings package file. When you create the settings storage share, you should limit access to users that require it. [Deploy a Settings Storage Location](https://technet.microsoft.com/library/dn458891.aspx#ssl) provides more detailed information. - -**Create a network share** - -1. Create a new security group and add UE-V users to it. - -2. Create a new folder on the centrally located computer that stores the UE-V settings packages, and then grant the UE-V users access with group permissions to the folder. The administrator who supports UE-V must have permissions to this shared folder. - -3. Assign UE-V users permission to create a directory when they connect. Grant full permission to all subdirectories of that directory, but block access to anything above. - - 1. Set the following share-level Server Message Block (SMB) permissions for the settings storage location folder. - - - - - - - - - - - - - - - - - - - - - - -
User accountRecommended permissions

Everyone

No permissions

Security group of UE-V users

Full control

- - - - 2. Set the following NTFS file system permissions for the settings storage location folder. - - - - - - - - - - - - - - - - - - - - - - - - - - -
User accountRecommended permissionsFolder

Creator/owner

Full control

Subfolders and files only

Security group of UE-V users

List folder/read data, create folders/append data

This folder only

- - - -**Security Note:** - -If you create the settings storage share on a computer running a Windows Server operating system, configure UE-V to verify that either the local Administrators group or the current user is the owner of the folder where settings packages are stored. To enable this additional security, specify this setting in the Windows Server Registry Editor: - -1. Add a **REG\_DWORD** registry key named **"RepositoryOwnerCheckEnabled"** to **HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\UEV\\Agent\\Configuration**. - -2. Set the registry key value to *1*. - -## Step 3: Deploy the UE-V 2 Agent - - -The UE-V Agent synchronizes application and Windows settings between users’ computers and devices. For evaluation purposes, install the agent on at least two computers in your test environment that belong to the same user. - -Run the AgentSetup.exe file from the command line to install the UE-V Agent. It installs on both 32-bit and 64-bit operating systems. - -``` syntax -AgentSetup.exe SettingsStoragePath=\\server\settingsshare\%username% -``` - -You must specify the SettingsStoragePath command line parameter as the network share from Step 2. [Deploy a UE-V Agent](https://technet.microsoft.com/library/dn458891.aspx#agent) provides more detailed information. - -## Step 4: Test Your UE-V 2 Evaluation Deployment - - -You can now run a few tests on your UE-V evaluation deployment to see how UE-V works. - -**** - -1. On the first computer (Computer A), make one or more of these changes: - - 1. Open to Windows Desktop and move the taskbar to a different location in the window. - - 2. Change the default fonts. - - 3. Open Calculator and set to **scientific**. - - 4. Change the behavior of any Windows app, as detailed in [Managing UE-V 2.x Settings Location Templates Using Windows PowerShell and WMI](managing-ue-v-2x-settings-location-templates-using-windows-powershell-and-wmi-both-uevv2.md). - - 5. Disable Microsoft Account settings synchronization and Roaming Profiles. - -2. Log off Computer A. Settings are saved in a UE-V settings package when users lock, logoff, exit an application, or when the sync provider runs (every 30 minutes by default). - -3. Log in to the second computer (Computer B) as the same user as Computer A. - -4. Open to Windows Desktop and verify that the taskbar location matches that of Computer A. Verify that the default fonts match and that Calculator is set to **scientific**. Also verify the change you made to any Windows app. - -You can change the settings in Computer B back to the original Computer A settings. Then log off Computer B and log in to Computer A to verify the changes. - -## Other resources for this product - - -- [Microsoft User Experience Virtualization (UE-V) 2.x](index.md) - -- [Prepare a UE-V 2.x Deployment](prepare-a-ue-v-2x-deployment-new-uevv2.md) - -- [Administering UE-V 2.x](administering-ue-v-2x-new-uevv2.md) - -- [Troubleshooting UE-V 2.x](troubleshooting-ue-v-2x-both-uevv2.md) - -- [Technical Reference for UE-V 2.x](technical-reference-for-ue-v-2x-both-uevv2.md) - - - - - - - - - - - - - - diff --git a/mdop/uev-v2/images/checklistbox.gif b/mdop/uev-v2/images/checklistbox.gif deleted file mode 100644 index 8af13c51d1..0000000000 Binary files a/mdop/uev-v2/images/checklistbox.gif and /dev/null differ diff --git a/mdop/uev-v2/images/deploymentworkflow.png b/mdop/uev-v2/images/deploymentworkflow.png deleted file mode 100644 index b665a0bfea..0000000000 Binary files a/mdop/uev-v2/images/deploymentworkflow.png and /dev/null differ diff --git a/mdop/uev-v2/images/ue-vgeneratorprocess.gif b/mdop/uev-v2/images/ue-vgeneratorprocess.gif deleted file mode 100644 index 1c1ef4331d..0000000000 Binary files a/mdop/uev-v2/images/ue-vgeneratorprocess.gif and /dev/null differ diff --git a/mdop/uev-v2/images/uev2archdiagram.gif b/mdop/uev-v2/images/uev2archdiagram.gif deleted file mode 100644 index 8b1647b48c..0000000000 Binary files a/mdop/uev-v2/images/uev2archdiagram.gif and /dev/null differ diff --git a/mdop/uev-v2/index.md b/mdop/uev-v2/index.md deleted file mode 100644 index b0a92410ba..0000000000 --- a/mdop/uev-v2/index.md +++ /dev/null @@ -1,324 +0,0 @@ ---- -title: Microsoft User Experience Virtualization (UE-V) 2.x -description: Microsoft User Experience Virtualization (UE-V) 2.x -author: dansimp -ms.assetid: b860fed0-b846-415d-bdd6-ba60231a64be -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 04/19/2017 ---- - - -# Microsoft User Experience Virtualization (UE-V) 2.x - ->[!NOTE] ->This documentation is a for version of UE-V that was included in the Microsoft Desktop Optimization Pack (MDOP). For information about the latest version of UE-V which is included in Windows 10 Enterprise, see [Get Started with UE-V](https://docs.microsoft.com/windows/configuration/ue-v/uev-getting-started). - - -Capture and centralize your users’ application settings and Windows OS settings by implementing Microsoft User Experience Virtualization (UE-V) 2.0 or 2.1. Then, apply these settings to the devices users access in your enterprise, like desktop computers, laptops, or virtual desktop infrastructure (VDI) sessions. - -**With UE-V you can…** - -- Specify which application and desktop settings synchronize - -- Deliver the settings anytime and anywhere users work throughout the enterprise - -- Create custom templates for your third-party or line-of-business applications - -- Recover settings after hardware replacement or upgrade, or after reimaging a virtual machine to its initial state - -## Components of UE-V 2.x - - -This diagram shows how deployed UE-V components work together to synchronize settings. - -![uev2 architectural diagram](images/uev2archdiagram.gif) - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ComponentFunction

UE-V Agent

Installed on every computer that needs to synchronize settings, the UE-V Agent monitors registered applications and the operating system for any settings changes, then synchronizes those settings between computers.

Settings packages

Application settings and Windows settings are stored in settings packages created by the UE-V Agent. Settings packages are built, locally stored, and copied to the settings storage location.

-
    -

  • The setting values for desktop applications are stored when the user closes the application.

    • -

  • Values for Windows settings are stored when the user logs off, when the computer is locked, or when the user disconnects remotely from a computer.

    • -
-

The sync provider determines when the application or operating system settings are read from the Settings Packages and synchronized.

Settings storage location

This is a standard network share that your users can access. The UE-V Agent verifies the location and creates a hidden system folder in which to store and retrieve user settings.

Settings location templates

UE-V uses XML files as settings location templates to monitor and synchronize desktop application settings and Windows desktop settings between user computers. By default, some settings location templates are included in UE-V . You can also create, edit, or validate custom settings location templates by managing settings synchronization for custom applications.

-
-Note

Settings location templates are not required for Windows apps.

-
-
- -

Windows app list

Settings for Windows apps are captured and applied dynamically. The app developer specifies the settings that are synchronized for each app. UE-V determines which Windows apps are enabled for settings synchronization using a managed list of apps. By default, this list includes most Windows apps.

-

You can add or remove applications in the Windows app list by following the procedures shown here.

- - - -### Managing Settings Synchronization for Custom Applications - -Use these UE-V components to create and manage custom templates for your third-party or line-of-business applications. - - ---- - - - - - - - - - - -

UE-V Generator

Use the UE-V Generator to create custom settings location templates that you can then distribute to user computers. The UE-V Generator also lets you edit an existing template or validate a template that was created by using another XML editor.

Settings template catalog

The settings template catalog is a folder path on UE-V computers or a Server Message Block (SMB) network share that stores the custom settings location templates. The UE-V Agent checks this location once a day, retrieves new or updated templates, and updates its synchronization behavior.

-

If you use only the UE-V default settings location templates, then a settings template catalog is unnecessary. For more information about settings deployment catalogs, see Configure a UE-V settings template catalog.

- - - -![ue-v generator process](images/ue-vgeneratorprocess.gif) - -## Settings Synchronized by Default - - -UE-V synchronizes settings for these applications by default. For a complete list and more detailed information, see [Settings that are automatically synchronized in a UE-V deployment](https://technet.microsoft.com/library/dn458932.aspx#autosyncsettings). - -Microsoft Office 2013 applications (UE-V 2.1 SP1 and 2.1) - -Microsoft Office 2010 applications (UE-V 2.1 SP1, 2.1, and 2.0) - -Microsoft Office 2007 applications (UE-V 2.0 only) - -Internet Explorer 8, 9, and 10 - -Internet Explorer 11 in UE-V 2.1 SP1 and 2.1 - -Many Windows applications, such as Xbox - -Many Windows desktop applications, such as Notepad - -Many Windows settings, such as desktop background or wallpaper - -**Note** -You can also [customize UE-V to synchronize settings](https://technet.microsoft.com/library/dn458942.aspx) for applications other than those synchronized by default. - - - -## Compare UE-V to other Microsoft products - - -Use this table to compare UE-V to Synchronize Profiles in Windows 7, Synchronize Profiles in Windows 8, and the Sync PC Settings feature of Microsoft account. - - --------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FeatureSynchronize Profiles using Windows 7Synchronize Profiles using Windows 8Synchronize Profiles using Windows 10Microsoft accountUE-V 2.0UE-V 2.1 and 2.1 SP1

Synchronize settings between multiple computers

Synchronize settings between physical and virtual apps

Synchronize Windows app settings

Manage via WMI

Synchronize settings changes on a regular basis

Minimal configuration for Setup

Supported on non-domain joined computers

Supports Primary Computer Active Directory attribute

Synchronizes settings between virtual desktop infrastructure (VDI)/Remote Desktop Services (RDS) and rich desktops

Unlimited setting storage space

Choice in which app settings to synchronize

Backup/Restore for IT Pro

Partial

- - - -## UE-V 2.x Release Notes - - -For more information, and for late-breaking news that did not make it into the documentation, see - -- [Microsoft User Experience Virtualization (UE-V) 2.1 SP1 Release Notes](microsoft-user-experience-virtualization--ue-v--21-sp1-release-notes.md) - -- [Microsoft User Experience Virtualization (UE-V) 2.1 Release Notes](microsoft-user-experience-virtualization--ue-v--21-release-notesuevv21.md) - -- [Microsoft User Experience Virtualization (UE-V) 2.0 Release Notes](microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md) - -## Other resources for this product - - -- [Get Started with UE-V 2.x](get-started-with-ue-v-2x-new-uevv2.md) - -- [Prepare a UE-V 2.x Deployment](prepare-a-ue-v-2x-deployment-new-uevv2.md) - -- [Administering UE-V 2.x](administering-ue-v-2x-new-uevv2.md) - -- [Troubleshooting UE-V 2.x](troubleshooting-ue-v-2x-both-uevv2.md) - -- [Technical Reference for UE-V 2.x](technical-reference-for-ue-v-2x-both-uevv2.md) - -### More information - -[MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286) -Learn about the latest MDOP information and resources. - -[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) -Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447). - - - - - - - - - - - - - - diff --git a/mdop/uev-v2/manage-administrative-backup-and-restore-in-ue-v-2x-new-topic-for-21.md b/mdop/uev-v2/manage-administrative-backup-and-restore-in-ue-v-2x-new-topic-for-21.md deleted file mode 100644 index 2bee981420..0000000000 --- a/mdop/uev-v2/manage-administrative-backup-and-restore-in-ue-v-2x-new-topic-for-21.md +++ /dev/null @@ -1,187 +0,0 @@ ---- -title: Manage Administrative Backup and Restore in UE-V 2.x -description: Manage Administrative Backup and Restore in UE-V 2.x -author: dansimp -ms.assetid: 2eb5ae75-65e5-4afc-adb6-4e83cf4364ae -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Manage Administrative Backup and Restore in UE-V 2.x - - -As an administrator of Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, or 2.1 SP1, you can restore application and Windows settings to their original state. And new in UE-V 2.1, you can also restore additional settings when a user adopts a new device. - -## Restore Settings in UE-V 2.1 or UE-V 2.1 SP1 when a User Adopts a New Device - - -To restore settings when a user adopts a new device, you can put a settings location template in **backup** or **roam (default)** profile using the Set-UevTemplateProfile PowerShell cmdlet. This lets computer settings sync to the new computer, in addition to user settings. Templates assigned to the backup profile are backed up for that device and configured on a per-device basis. To backup settings for a template, use the following cmdlet in Windows PowerShell: - -``` syntax -Set-UevTemplateProfile -ID -Profile -``` - -- <TemplateID> is the UE-V Template ID - -- <backup> can either be Backup or Roaming - -When replacing a user’s device UE-V automatically restores settings if the user’s domain, username, and device name all match. All synchronized and any backup data is restored on the device automatically. - -You can also use the new PowerShell cmdlet, Restore-UevBackup, to restore settings from a different device. To clone the settings packages for the new device, use the following cmdlet in Windows PowerShell: - -``` syntax -Restore-UevBackup –Machine -``` - -where <MachineName> is the computer name of the device. - -Templates such as the Office 2013 template that include many applications can either all be included in the roamed (default) or backed up profile. Individual apps in a template suite follow the group. Office 2013 in-box templates include both roaming and backup-only settings. Backup-only settings cannot be included in a roaming profile. - -As part of the Backup/Restore feature, UE-V added **last known good (LKG)** to the options for rolling back to settings. In this release, you can roll back to either the original settings or LKG settings. The LKG settings let users roll back to an intermediate and stable point ahead of the pre-UE-V state of the settings. - -### How to Backup/Restore Templates with UE-V - -These are the key backup and restore components of UE-V: - -- Template profiles - -- Settings packages location within the Settings Storage Location template - -- Backup trigger - -- How settings are restored - -**Template Profiles** - -A UE-V template profile is defined when the template is registered on the device or post registration through the PowerShell/WMI configuration utility. The profile types include: - -- Roaming (default) - -- Backup - -- BackupOnly - -All templates are included in the roaming profile when registered unless otherwise specified. These templates synchronize settings to all UE-V enabled devices with the corresponding template enabled. - -Templates can be added to the Backup Profile with PowerShell or WMI using the Set-UevTemplateProfile cmdlet. Templates in the Backup Profile back up these settings to the Settings Storage Location in a special Device name directory. Specified settings are backed up to this location. - -Templates designated BackupOnly include settings specific to that device that should not be synchronized unless explicitly restored. These settings are stored in the same device-specific settings package location on the settings storage location as the Backedup Settings. These templates have a special identifier embedded in the template that specifies they should be part of this profile. - -**Settings packages location within the Settings Storage Location template** - -Roaming Profile settings are stored on the settings storage location. Templates assigned to the Backup or the BackupOnly profile store their settings to the Settings Storage Location in a special Device name directory. Each device with templates in these profiles has its own device name. UE-V does not clean up these directories. - -**Backup trigger** - -Backup is triggered by the same events that trigger a UE-V synchronization. - -**How settings are restored** - -Restoring a user’s device restores the currently registered Template’s settings from another device’s backup folder and all synchronized settings to the current machine. Settings are restored in these two ways: - -- **Automatic restore** - - If the user’s UE-V settings storage path, domain, and Computer name match the current user then all of the settings for that user are synchronized, with only the latest settings applied. If a user logs on to a new device for the first time and these criteria are met, the settings data is applied to that device. - - **Note** - Accessibility and Windows Desktop settings require the user to re-logon to Windows to be applied. - - - -- **Manual Restore** - - If you want to assist users by restoring a device during a refresh, you can choose to use the Restore-UevBackup cmdlet. This command causes the user’s settings to be downloaded from the Settings Storage Location. - -## Restore Application and Windows Settings to Original State - - -WMI and Windows PowerShell commands let you restore application and Windows settings to the settings values that were on the computer the first time that the application started after the UE-V Agent was installed. This restoring action is performed on a per-application or Windows settings basis. The settings are restored the next time that the application runs, or the settings are restored when the user logs on to the operating system. - -**To restore application settings and Windows settings with Windows PowerShell for UE-V 2.x** - -1. Open the Windows PowerShell window. - -2. Enter the following Windows PowerShell cmdlet to restore the application settings and Windows settings. - - - - - - - - - - - - - - - - - - -
Windows PowerShell cmdletDescription

Restore-UevUserSetting -<TemplateID>

Restores the user settings for an application or restores a group of Windows settings.

- - - -**To restore application settings and Windows settings with WMI** - -1. Open a Windows PowerShell window. - -2. Enter the following WMI command to restore application settings and Windows settings. - - - - - - - - - - - - - - - - - - -
WMI commandDescription

Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserSettings -Name RestoreByTemplateId -ArgumentList <template_ID>

Restores the user settings for an application or restores a group of Windows settings.

- - - -~~~ -**Note** -UE-V does not provide a settings rollback for Windows apps. -~~~ - - - - - - - - -## Related topics - - -[Administering UE-V 2.x with Windows PowerShell and WMI](administering-ue-v-2x-with-windows-powershell-and-wmi-both-uevv2.md) - -[Administering UE-V 2.x](administering-ue-v-2x-new-uevv2.md) - - - - - - - - - diff --git a/mdop/uev-v2/manage-configurations-for-ue-v-2x-new-uevv2.md b/mdop/uev-v2/manage-configurations-for-ue-v-2x-new-uevv2.md deleted file mode 100644 index 0a0c3a72bf..0000000000 --- a/mdop/uev-v2/manage-configurations-for-ue-v-2x-new-uevv2.md +++ /dev/null @@ -1,98 +0,0 @@ ---- -title: Manage Configurations for UE-V 2.x -description: Manage Configurations for UE-V 2.x -author: dansimp -ms.assetid: e2332eca-a9cd-4446-8f7c-d17058b03466 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Manage Configurations for UE-V 2.x - - -In the course of the Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, or 2.1 SP1 lifecycle, you have to manage the configuration of the UE-V Agent and also manage storage locations for resources such as settings package files. You might have to perform other tasks, for example, configuring the Company Settings Center to define how users interact with UE-V. The following topics provide guidance for managing these UE-V resources. - -## Configuring UE-V 2.x by using Group Policy Objects - - -You can use Group Policy Objects to modify the settings that define how UE-V synchronizes settings on computers. - -[Configuring UE-V 2.x with Group Policy Objects](configuring-ue-v-2x-with-group-policy-objects-both-uevv2.md) - -## Configuring UE-V 2.x with System Center Configuration Manager 2012 - - -You can use System Center 2012 Configuration Manager to manage the UE-V Agent by using the UE-V 2 Configuration Pack. - -[Configuring UE-V 2.x with System Center Configuration Manager 2012](configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md) - -## Administering UE-V 2.x with PowerShell and WMI - - -UE-V provides Windows PowerShell cmdlets, which can help administrators perform various UE-V tasks. - -[Administering UE-V 2.x with Windows PowerShell and WMI](administering-ue-v-2x-with-windows-powershell-and-wmi-both-uevv2.md) - -## Configuring the Company Settings Center for UE-V 2.x - - -You can configure the Company Settings Center that is installed by using the UE-V Agent to define how users interact with UE-V. - -[Configuring the Company Settings Center for UE-V 2.x](configuring-the-company-settings-center-for-ue-v-2x-both-uevv2.md) - -## Examples of configuration settings for UE-V 2.x - - -Here are some examples of UE-V configuration settings: - -- **Settings Storage Path:** Specifies the location of the file share that stores the UE-V settings. - -- **Settings Template Catalog Path:** Specifies the Universal Naming Convention (UNC) path that defines the location that was checked for new settings location templates. - -- **Register Microsoft Templates:** Specifies whether the default Microsoft templates should be registered during installation. - -- **Synchronization Method:** Specifies whether UE-V uses the sync provider or "none". The "SyncProvider" supports computers that are disconnected from the network. "None" applies when the computer is always connected to the network. For more information about the Sync Method, see [Sync Methods for UE-V 2.x](sync-methods-for-ue-v-2x-both-uevv2.md). - -- **Synchronization Timeout:** Specifies the number of milliseconds that the computer waits before time-out when it retrieves the user settings from the settings storage location. - -- **Synchronization Enable:** Specifies whether the UE-V settings synchronization is enabled or disabled. - -- **Maximum Package Size:** Specifies a settings package file threshold size in bytes at which the UE-V Agent reports a warning. - -- **Don’t Sync Windows App Settings:** Specifies that UE-V should not synchronize Windows apps. - -- **Enable/Disable First Use Notification:** Specifies whether UE-V displays a dialog box the first time that the UE-V Agent runs on a user’s computer. - -- **Enable/Disable Tray Icon:** Specifies whether UE-V displays an icon in the notification area and any notifications associated with it. The icon provides a link to the Company Settings Center. - -- **Custom Contact IT Hyperlink:** Defines the path, text, and description for the **Contact IT** hyperlink in the Company Settings Center. - - - - - - -## Related topics - - -[Administering UE-V 2.x](administering-ue-v-2x-new-uevv2.md) - -[Deploy Required Features for UE-V 2.x](deploy-required-features-for-ue-v-2x-new-uevv2.md) - -[Deploy UE-V 2.x for Custom Applications](deploy-ue-v-2x-for-custom-applications-new-uevv2.md) - -  - -  - - - - - diff --git a/mdop/uev-v2/managing-the-ue-v-2x-agent-and-packages-with-windows-powershell-and-wmi-both-uevv2.md b/mdop/uev-v2/managing-the-ue-v-2x-agent-and-packages-with-windows-powershell-and-wmi-both-uevv2.md deleted file mode 100644 index 1b9749d6ca..0000000000 --- a/mdop/uev-v2/managing-the-ue-v-2x-agent-and-packages-with-windows-powershell-and-wmi-both-uevv2.md +++ /dev/null @@ -1,380 +0,0 @@ ---- -title: Managing the UE-V 2.x Agent and Packages with Windows PowerShell and WMI -description: Managing the UE-V 2.x Agent and Packages with Windows PowerShell and WMI -author: dansimp -ms.assetid: 56e6780b-8b2c-4717-91c8-2af63062ab75 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Managing the UE-V 2.x Agent and Packages with Windows PowerShell and WMI - - -You can use Windows Management Instrumentation (WMI) and Windows PowerShell to manage Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1 Agent configuration and synchronization behavior. For a complete list of UE-V PowerShell cmdlets, see [UE-V 2 Cmdlet Reference](https://go.microsoft.com/fwlink/?LinkId=393495) (https://go.microsoft.com/fwlink/?LinkId=393495). - -**To deploy the UE-V Agent by using Windows PowerShell** - -1. Stage the UE-V installer file in an accessible network share. - - **Note** - Use AgentSetup.exe to deploy both 32-bit and 64-bit versions of the UE-V Agent. Windows Installer packages, AgentSetupx86.msi and AgentSetupx64.msi, are available for each architecture. To uninstall the UE-V Agent at a later time by using the installation file, you must use the same file type. - - - -2. Use one of the following Windows PowerShell commands to install the UE-V Agent. - - - `& AgentSetup.exe /quiet /norestart /log "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\\server\settingsshare\%username%` - - - `& msiexec.exe /i "" /quiet /norestart /l*v "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\\server\settingsshare\%username%` - -**To configure the UE-V Agent by using Windows PowerShell** - -1. Open a Windows PowerShell window. To manage computer settings that affect all users of the computer by using the *Computer* parameter, open the window with an account that has administrator rights. - -2. Use the following Windows PowerShell commands to configure the agent. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows PowerShell commandDescription

Get-UevConfiguration

-

Gets the effective UE-V Agent settings. User-specific settings have precedence over the computer settings.

Get-UevConfiguration - CurrentComputerUser

-

Gets the UE-V Agent settings values for the current user only.

Get-UevConfiguration -Computer

Gets the UE-V Agent configuration settings values for all users on the computer.

Get-UevConfiguration -Details

Gets the details for each configuration setting. Displays where the setting is configured or if it uses the default value. Is displayed if the current setting is valid.

Set-UevConfiguration -Computer –ContactITDescription <IT description>

Sets the text that is displayed in the Company Settings Center for the help link.

Set-UevConfiguration -Computer -ContactITUrl <string>

Sets the URL of the link in the Company Settings Center for the help link. Any URL protocol can be used.

Set-UevConfiguration -Computer –EnableDontSyncWindows8AppSettings

Configures the UE-V Agent to not synchronize any Windows apps for all users on the computer.

Set-UevConfiguration -CurrentComputerUser – EnableDontSyncWindows8AppSettings

Configures the UE-V Agent to not synchronize any Windows apps for the current computer user.

Set-UevConfiguration -Computer –EnableFirstUseNotification

Configures the UE-V Agent to display notification the first time the agent runs for all users on the computer.

Set-UevConfiguration -Computer –DisableFirstUseNotification

Configures the UE-V Agent to not display notification the first time that the agent runs for all users on the computer.

Set-UevConfiguration -Computer –EnableSettingsImportNotify

Configures the UE-V Agent to notify all users on the computer when settings synchronization is delayed.

-

Use the DisableSettingsImportNotify parameter to disable notification.

Set-UevConfiguration - CurrentComputerUser -EnableSettingsImportNotify

Configures the UE-V Agent to notify the current user when settings synchronization is delayed.

-

Use the DisableSettingsImportNotify parameter to disable notification.

Set-UevConfiguration -Computer –EnableSyncUnlistedWindows8Apps

Configures the UE-V Agent to synchronize all Windows apps that are not explicitly disabled by the Windows app list for all users of the computer. For more information, see "Get-UevAppxPackage" in Managing UE-V 2.x Settings Location Templates Using Windows PowerShell and WMI.

-

Use the DisableSyncUnlistedWindows8Apps parameter to configure the UE-V Agent to synchronize only Windows apps that are explicitly enabled by the Windows App List.

Set-UevConfiguration - CurrentComputerUser - EnableSyncUnlistedWindows8Apps

Configures the UE-V Agent to synchronize all Windows apps that are not explicitly disabled by the Windows app list for the current user on the computer. For more information, see "Get-UevAppxPackage" in Managing UE-V 2.x Settings Location Templates Using Windows PowerShell and WMI.

-

Use the DisableSyncUnlistedWindows8Apps parameter to configure the UE-V Agent to synchronize only Windows apps that are explicitly enabled by the Windows App List.

Set-UevConfiguration –Computer –DisableSync

Disables UE-V for all the users on the computer.

-

Use the EnableSync parameter to enable or re-enable.

Set-UevConfiguration –CurrentComputerUser -DisableSync

Disables UE-V for the current user on the computer.

-

Use the EnableSync parameter to enable or re-enable.

Set-UevConfiguration -Computer –EnableTrayIcon

Enables the UE-V icon in the notification area for all users of the computer.

-

Use the DisableTrayIcon parameter to disable the icon.

Set-UevConfiguration -Computer -MaxPackageSizeInBytes <size in bytes>

Configures the UE-V agent to report when a settings package file size reaches the defined threshold for all users on the computer. Sets the threshold package size in bytes.

Set-UevConfiguration -CurrentComputerUser -MaxPackageSizeInBytes <size in bytes>

Configures the UE-V agent to report when a settings package file size reaches the defined threshold. Sets the package size warning threshold for the current user.

Set-UevConfiguration -Computer -SettingsImportNotifyDelayInSeconds

Specifies the time in seconds before the user is notified for all users of the computer

Set-UevConfiguration - CurrentComputerUser -SettingsImportNotifyDelayInSeconds

Specifies the time in seconds before notification for the current user is sent.

Set-UevConfiguration -Computer -SettingsStoragePath <path to _settings_storage_location>

Defines a per-computer settings storage location for all users of the computer.

Set-UevConfiguration -CurrentComputerUser -SettingsStoragePath <path to _settings_storage_location>

Defines a per-user settings storage location.

Set-UevConfiguration –Computer –SettingsTemplateCatalogPath <path to catalog>

Sets the settings template catalog path for all users of the computer.

Set-UevConfiguration -Computer -SyncMethod <sync method>

Sets the synchronization method for all users of the computer: SyncProvider or None.

Set-UevConfiguration -CurrentComputerUser -SyncMethod <sync method>

Sets the synchronization method for the current user: SyncProvider or None.

Set-UevConfiguration -Computer -SyncTimeoutInMilliseconds <timeout in milliseconds>

Sets the synchronization time-out in milliseconds for all users of the computer

Set- UevConfiguration -CurrentComputerUser -SyncTimeoutInMilliseconds <timeout in milliseconds>

Set the synchronization time-out for the current user.

Clear-UevConfiguration –Computer -<setting name>

Clears the specified setting for all users on the computer.

Clear-UevConfiguration –CurrentComputerUser -<setting name>

Clears the specified setting for the current user only.

Export-UevConfiguration <settings migration file>

Exports the UE-V computer configuration to a settings migration file. The file name extension must be .uev.

-

The Export cmdlet exports all UE-V Agent settings that are configurable with the Computer parameter.

Import-UevConfiguration <settings migration file>

Imports the UE-V computer configuration from a settings migration file. The file name extension must be .uev.

- - - -**To export UE-V package settings and repair UE-V templates by using Windows PowerShell** - -1. Open a Windows PowerShell window as an administrator. - -2. Use the following Windows PowerShell commands to configure the agent. - - - - - - - - - - - - - - - - - - - - -

Windows PowerShell command

Description

Export-UevPackage MicrosoftCalculator6.pkgx

Extracts the settings from a Microsoft Calculator package file and converts them into a human-readable format in XML.

Repair-UevTemplateIndex

Repairs the index of the UE-V settings location templates.

- - - -**To configure the UE-V Agent by using WMI** - -1. User Experience Virtualization provides the following set of WMI commands. Administrators can use this interface to configure the UE-V agent at the command line and automate typical configuration tasks. - - Use an account with administrator rights to open a Windows PowerShell window. - -2. Use the following WMI commands to configure the agent. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows PowerShell commandDescription

Get-WmiObject -Namespace root\Microsoft\UEV Configuration

-

Displays the active UE-V Agent settings. User-specific settings have precedence over the computer settings.

Get-WmiObject -Namespace root\Microsoft\UEV UserConfiguration

Displays the UE-V Agent configuration that is defined for a user.

Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration

Displays the UE-V Agent configuration that is defined for a computer.

Get-WmiObject –Namespace root\Microsoft\Uev ConfigurationItem

Displays the details for each configuration item.

$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration

-

$config.SettingsStoragePath = <path_to_settings_storage_location>

-

$config.Put()

Defines a per-computer settings storage location.

$config = Get-WmiObject -Namespace root\Microsoft\UEV UserConfiguration

-

$config.SettingsStoragePath = <path_to_settings_storage_location>

-

$config.Put()

Defines a per-user settings storage location.

$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration

-

$config.SyncTimeoutInMilliseconds = <timeout_in_milliseconds>

-

$config.Put()

Sets the synchronization time-out in milliseconds for all users of the computer.

$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration

-

$config.MaxPackageSizeInBytes = <size_in_bytes>

-

$config.Put()

Configures the UE-V Agent to report when a settings package file size reaches a defined threshold. Set the threshold package file size in bytes for all users of the computer.

$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration

-

$config.SyncMethod = <sync_method>

-

$config.Put()

Sets the synchronization method for all users of the computer: SyncProvider or None.

$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration

-

$config.<setting name> = $true

-

$config.Put()

To enable a specific per-computer setting, clear the setting, and use $null as the setting value. Use UserConfiguration for per-user settings.

$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration

-

$config.<setting name> = $false

-

$config.Put()

To disable a specific per-computer setting, clear the setting, and use $null as the setting value. Use User Configuration for per-user settings.

$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration

-

$config.<setting name> = <setting value>

-

$config.Put()

Updates a specific per-computer setting. To clear the setting, use $null as the setting value.

$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration

-

$config.<setting name> = <setting value>

-

$config.Put()

Updates a specific per-user setting for all users of the computer. To clear the setting, use $null as the setting value.

- - - -~~~ -Upon configuration of the UE-V Agent with WMI and Windows PowerShell, the defined configuration is stored in the registry in the following locations. - -`\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UEV\Agent\Configuration` - -`\HKEY_CURRENT_USER\SOFTWARE\Microsoft\UEV\Agent\Configuration` -~~~ - -**To export UE-V package settings and repair UE-V templates by using WMI** - -1. UE-V provides the following set of WMI commands. Administrators can use this interface to export a package or repair UE-V templates. - -2. Use the following WMI commands. - - - - - - - - - - - - - - - - - - - - - - -
WMI commandDescription

Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserSettings -Name ExportPackage -ArgumentList <package name>

Extracts the settings from a package file and converts them into a human-readable format in XML.

Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name RebuildIndex

Repairs the index of the UE-V settings location templates. Must be run as administrator.

- - - -~~~ -**Got a suggestion for UE-V**? Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). **Got a UE-V issue**? Use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopuev). -~~~ - -## Related topics - - -[Administering UE-V 2.x with Windows PowerShell and WMI](administering-ue-v-2x-with-windows-powershell-and-wmi-both-uevv2.md) - -[Administering UE-V 2.x](administering-ue-v-2x-new-uevv2.md) - - - - - - - - - diff --git a/mdop/uev-v2/managing-ue-v-2x-settings-location-templates-using-windows-powershell-and-wmi-both-uevv2.md b/mdop/uev-v2/managing-ue-v-2x-settings-location-templates-using-windows-powershell-and-wmi-both-uevv2.md deleted file mode 100644 index d1c3e2c0aa..0000000000 --- a/mdop/uev-v2/managing-ue-v-2x-settings-location-templates-using-windows-powershell-and-wmi-both-uevv2.md +++ /dev/null @@ -1,379 +0,0 @@ ---- -title: Managing UE-V 2.x Settings Location Templates Using Windows PowerShell and WMI -description: Managing UE-V 2.x Settings Location Templates Using Windows PowerShell and WMI -author: dansimp -ms.assetid: b5253050-acc3-4274-90d0-1fa4c480331d -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Managing UE-V 2.x Settings Location Templates Using Windows PowerShell and WMI - - -Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1 use XML settings location templates to define the settings that User Experience Virtualization captures and applies. UE-V includes a set of standard settings location templates. It also includes the UE-V Generator tool that enables you to create custom settings location templates. After you create and deploy settings location templates, you can manage those templates by using Windows PowerShell and the Windows Management Instrumentation (WMI). For a complete list of UE-V PowerShell cmdlets, see [UE-V 2 Cmdlet Reference](https://go.microsoft.com/fwlink/p/?LinkId=393495) (https://go.microsoft.com/fwlink/p/?LinkId=393495). - -## Manage UE-V 2 settings location templates by using Windows PowerShell - - -The WMI and Windows PowerShell features of UE-V include the ability to enable, disable, register, update, and unregister settings location templates. By using these features, you can automate the process of registering, updating, or unregistering templates with the UE-V Agent. You can also manually register templates by using WMI and Windows PowerShell commands. By using these features in conjunction with an electronic software distribution solution, Group Policy, or another automated deployment method such as a script, you can further automate that process. - -You must have administrator permissions to update, register, or unregister a settings location template. Administrator permissions are not required to enable, disable, or list templates. - -***To manage settings location templates by using Windows PowerShell*** - -1. Use an account with administrator rights to open a Windows PowerShell command prompt. - -2. Use the following Windows PowerShell cmdlets to register and manage the UE-V settings location templates. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows PowerShell commandDescription

Get-UevTemplate

Lists all the settings location templates that are registered on the computer.

Get-UevTemplate –Application <string>

Lists all the settings location templates that are registered on the computer where the application name or template name contains <string>.

Get-UevTemplate –TemplateID <string>

Lists all the settings location templates that are registered on the computer where the template ID contains <string>.

Get-UevTemplate [-ApplicationOrTemplateID] <string>

Lists all the settings location templates that are registered on the computer where the application or template name, or template ID contains <string>.

Get-UevTemplateProgram [-ID] <template ID>

Gets the name of the program and version information, which depend on the template ID.

Get-UevAppXPackage

Gets the effective list of Windows apps.

Get-UevAppXPackage -Computer

Gets the list of Windows apps that are configured for the computer.

Get-UevAppXPackage -CurrentComputerUser

Gets the list of Windows apps that are configured for the current user.

Register-UevTemplate [-Path] <template file path>[,<template file path>]

Registers one or more settings location template with UE-V by using relative paths and/or wildcard characters in file paths. After a template is registered, UE-V synchronizes the settings that are defined in the template between computers that have the template registered.

Register-UevTemplate –LiteralPath <template file path>[,<template file path>]

Registers one or more settings location template with UE-V by using literal paths, where no characters can be interpreted as wildcard characters. After a template is registered, UE-V synchronizes the settings that are defined in the template between computers that have the template registered.

Unregister-UevTemplate [-ID] <template ID>

Unregisters a settings location template with UE-V. When a template is unregistered, UE-V no longer synchronizes the settings that are defined in the template between computers.

Unregister-UevTemplate -All

Unregisters all settings location templates with UE-V. When a template is unregistered, UE-V no longer synchronizes the settings that are defined in the template between computers.

Update-UevTemplate [-Path] <template file path>[,<template file path>]

Updates one or more settings location templates with a more recent version of the template. Use relative paths and/or wildcard characters in the file paths. The new template should be a newer version than the existing template.

Update-UevTemplate –LiteralPath <template file path>[,<template file path>]

Updates one or more settings location templates with a more recent version of the template. Use full paths to template files, where no characters can be interpreted as wildcard characters. The new template should be a newer version than the existing template.

Clear-UevAppXPackage –Computer [-PackageFamilyName] <package family name>[,<package family name>]

Removes one or more Windows apps from the computer Windows app list.

Clear-UevAppXPackage -CurrentComputerUser

Removes Windows app from the current user Windows app list.

Clear-UevAppXPackage –Computer -All

Removes all Windows apps from the computer Windows app list.

Clear-UevAppXPackage [–CurrentComputerUser] [-PackageFamilyName] <package family name>[,<package family name>]

Removes one or more Windows apps from the current user Windows app list.

Clear-UevAppXPackage [–CurrentComputerUser] -All

Removes all Windows apps from the current user Windows app list.

Disable-UevTemplate [-ID] <template ID>

Disables a settings location template for the current user of the computer.

Disable-UevAppXPackage –Computer [-PackageFamilyName] <package family name>[,<package family name>]

Disables one or more Windows apps in the computer Windows app list.

Disable-UevAppXPackage [–CurrentComputerUser] [-PackageFamilyName] <package family name>[,<package family name>]

Disables one or more Windows apps in the current user Windows app list.

Enable-UevTemplate [-ID] <template ID>

Enables a settings location template for the current user of the computer.

Enable-UevAppXPackage –Computer [-PackageFamilyName] <package family name>[,<package family name>]

Enables one or more Windows apps in the computer Windows app list.

Enable-UevAppXPackage [–CurrentComputerUser] [-PackageFamilyName] <package family name>[,<package family name>]

Enables one or more Windows apps in the current user Windows app list.

Test-UevTemplate [-Path] <template file path>[,<template file path>]

Determines whether one or more settings location templates comply with its XML schema. Can use relative paths and wildcard characters.

Test-UevTemplate –LiteralPath <template file path>[,<template file path>]

Determines whether one or more settings location templates comply with its XML schema. The path must be a full path to the template file, but does not include wildcard characters.

- - - -The UE-V Windows PowerShell features enable you to manage a group of settings templates that are deployed in your enterprise. Use the following procedure to manage a group of templates by using Windows PowerShell. - -**To manage a group of settings location templates by using Windows PowerShell** - -1. Modify or update the desired settings location templates. - -2. If you want to modify or update the settings location templates, deploy those settings location templates to a folder that is accessible to the local computer. - -3. On the local computer, open a Windows PowerShell window with administrator rights. - -4. Unregister all the previously registered versions of the templates by typing the following command. - - ``` syntax - Unregister-UevTemplate -All - ``` - - This command unregisters all active templates on the computer. - -5. Register the updated templates by typing the following command. - - ``` syntax - Register-UevTemplate \*.xml - ``` - - This command registers all of the settings location templates that are located in the specified template folder. - -### Windows app list - -By listing a Windows app in the Windows app list, you specify whether that app is enabled or disabled for settings synchronization. Apps are identified in the list by their Package Family name and whether settings synchronization should be enabled or disabled for that app. When you use these settings along with the Unlisted Default Sync Behavior setting, you can control whether Windows apps are synchronized. - -To display the Package Family Name of installed Windows apps, at a Windows PowerShell command prompt, enter: - -``` syntax -Get-AppxPackage | Sort-Object PackageFamilyName | Format-Table PackageFamilyName -``` - -To display a list of Windows apps that can synchronize settings on a computer with their package family name, enabled status, and enabled source, at a Windows PowerShell command prompt, enter: `Get-UevAppxPackage` - -**Definitions of Get-UevAppxPackage properties** - -**DisplayName** -The name that is displayed to the user in the Company Settings Center application. The `DisplayName` property is derived from the `PackageFamilyName` property. - -**PackageFamilyName** -The name of the package that is installed for the current user. - -**Enabled** -Defines whether the settings for the app are configured to synchronize. - -**EnabledSource** -The location where the configuration that enables or disables the app is set. Possible values are: *NotSet*, *LocalMachine*, *LocalUser*, *PolicyMachine*, and *PolicyUser*. - -**NotSet** -The policy is not configured to synchronize this app. - -**LocalMachine** -The enabled state is set in the local computer section of the registry. - -**LocalUser** -The enabled state is set in the current user section of the registry. - -**PolicyMachine** -The enabled state is set in the policy section of the local computer section of the registry. - -To get the user-configured list of Windows apps, at the Windows PowerShell command prompt, enter: `Get-UevAppxPackage –CurrentComputerUser` - -To get the computer-configured list of Windows apps, at the Windows PowerShell command prompt, enter: `Get-UevAppxPackage –Computer` - -For either parameter, CurrentComputerUser or Computer, the cmdlet returns a list of the Windows apps that are configured at the user or at the computer level. - -**Definitions of properties** - -**DisplayName** -The name that is displayed to the user in the Company Settings Center application. The `DisplayName` property is derived from the `PackageFamilyName` property. - -**PackageFamilyName** -The name of the package that is installed for the current user. - -**Enabled** -Defines whether the settings for the app are configured to synchronize for the specified switch, that is, **user** or **computer**. - -**Installed** -True if the app, that is, the PackageFamilyName is installed for the current user. - -### Manage UE-V 2 settings location templates by using WMI - -User Experience Virtualization provides the following set of WMI commands. Administrators can use these interfaces to manage settings location templates from Windows PowerShell and automate template administrative tasks. - -**To manage settings location templates by using WMI** - -1. Use an account with administrator rights to open a Windows PowerShell window. - -2. Use the following WMI commands to register and manage the UE-V settings location templates. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows PowerShell commandDescription

Get-WmiObject -Namespace root\Microsoft\UEV SettingsLocationTemplate | Select-Object TemplateId,TemplateName, TemplateVersion,Enabled | Format-Table -Autosize

Lists all the settings location templates that are registered for the computer.

Invoke-WmiMethod –Namespace root\Microsoft\UEV –Class SettingsLocationTemplate –Name GetProcessInfoByTemplateId <template Id>

Gets the name of the program and version information, which depends on the template name.

Get-WmiObject -Namespace root\Microsoft\UEV EffectiveWindows8App

Gets the effective list of Windows apps.

Get-WmiObject -Namespace root\Microsoft\UEV MachineConfiguredWindows8App

Gets the list of Windows apps that are configured for the computer.

Get-WmiObject -Namespace root\Microsoft\UEV UserConfiguredWindows8App

Gets the list of Windows apps that are configured for the current user.

Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name Register -ArgumentList <template path >

Registers a settings location template with UE-V.

Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name UnregisterByTemplateId -ArgumentList <template ID>

Unregisters a settings location template with UE-V. As soon as a template is unregistered, UE-V no longer synchronizes the settings that are defined in the template between computers.

Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name Update -ArgumentList <template path>

Updates a settings location template with UE-V. The new template should be a newer version than the existing one.

Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class MachineConfiguredWindows8App -Name RemoveApp -ArgumentList <package family name | package family name>

Removes one or more Windows apps from the computer Windows app list.

Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserConfiguredWindows8App -Name RemoveApp -ArgumentList <package family name | package family name>

Removes one or more Windows apps from the current user Windows app list.

Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name DisableByTemplateId -ArgumentList <template ID>

Disables one or more settings location templates with UE-V.

Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class MachineConfiguredWindows8App -Name DisableApp -ArgumentList <package family name | package family name>

Disables one or more Windows apps in the computer Windows app list.

Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserConfiguredWindows8App -Name DisableApp -ArgumentList <package family name | package family name>

Disables one or more Windows apps in the current user Windows app list.

Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name EnableByTemplateId -ArgumentList <template ID>

Enables a settings location template with UE-V.

Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class MachineConfiguredWindows8App -Name EnableApp -ArgumentList <package family name | package family name>

Enables Windows apps in the computer Windows app list.

Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserConfiguredWindows8App -Name EnableApp -ArgumentList <package family name | package family name>

Enables Windows apps in the current user Windows app list.

Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name Validate -ArgumentList <template path>

Determines whether a given settings location template complies with its XML schema.

- - - -~~~ -**Note** -Where a list of Package Family Names is called by the WMI command, the list must be in quotes and separated by a pipe symbol, for example, `""`. -~~~ - - - -### Deploying the UE-V Agent using Windows PowerShell - -**How to deploy the UE-V Agent by using Windows PowerShell** - -1. Stage the UE-V Agent installation package in an accessible network share. - - **Note** - Use AgentSetup.exe to deploy both 32-bit and 64-bit versions of the UE-V Agent. The Windows Installer packages, AgentSetupx86.msi and AgentSetupx64.msi, are available for each architecture. To uninstall the UE-V Agent at a later time by using the installation file, you must use the same file type. - - - -2. Use one of the following Windows PowerShell commands to install the UE-V Agent. - - - `& AgentSetup.exe /quiet /norestart /log "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\\server\settingsshare\%username%` - - - `& msiexec.exe /i "" /quiet /norestart /l*v "%temp%\UE-VAgentInstaller.log" SettingsStoragePath=\\server\settingsshare\%username%` - -**Got a suggestion for UE-V**? Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). **Got a UE-V issue**? Use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopuev). - -## Related topics - - -[Administering UE-V 2.x with Windows PowerShell and WMI](administering-ue-v-2x-with-windows-powershell-and-wmi-both-uevv2.md) - -[Administering UE-V 2.x](administering-ue-v-2x-new-uevv2.md) - - - - - - - - - diff --git a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md deleted file mode 100644 index 66a3f0adb8..0000000000 --- a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md +++ /dev/null @@ -1,217 +0,0 @@ ---- -title: Microsoft User Experience Virtualization (UE-V) 2.0 Release Notes -description: Microsoft User Experience Virtualization (UE-V) 2.0 Release Notes -author: dansimp -ms.assetid: 5ef66cd1-ba2b-4383-9f45-e7cde41f1ba1 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Microsoft User Experience Virtualization (UE-V) 2.0 Release Notes - - -To search Microsoft User Experience Virtualization (UE-V) 2.0 release notes, press Ctrl+F. - -You should read these release notes thoroughly before you install UE-V. The release notes contain information that is required to successfully install User Experience Virtualization, and contain additional information that is not available in the product documentation. If there are differences between these release notes and other UE-V documentation, the latest change should be considered authoritative. These release notes supersede the content that is included with this product. - -## Providing feedback - - -Tell us what you think about our documentation for MDOP by giving us your feedback and comments. Send your documentation feedback to [mdopdocs@microsoft.com](mailto:mdopdocs@microsoft.com?subject=UE-V%20Documentation). - -## UE-V known issues - - -This section contains release notes for User Experience Virtualization. - -### Registry settings do not synchronize between App-V and native applications on the same computer - -When a computer has an application that is installed through both Application Virtualization (App-V) and a locally with a Windows Installer (.msi) file, the registry-based settings do not synchronize between the technologies. - -**WORKAROUND:** To resolve this problem, run the application by selecting one of the two technologies, but not both. - -### Settings do not synchronization when network share is outside user’s domain - -When Windows® 8 attempts operating system settings synchronization, the synchronization fails with the following error message: **boost::filesystem::exists::Incorrect user name or password**. This error can indicate that the network share is outside the user’s domain or a domain with a trust relationship to that domain. To check for operational log events, open the **Event Viewer** and navigate to **Applications and Services Logs** / **Microsoft** / **User Experience Virtualization** / **Logging** / **Operational**. Network shares that are used for UE-V settings storage locations should reside in the same Active Directory domain as the user or a trusted domain of the user’s domain. - -**WORKAROUND:** Use network shares from the same Active Directory domain as the user. - -### Unpredictable results with both Office 2010 and Office 2013 installed - -When a user has both Office 2010 and Office 2013 installed, any common settings between the two versions of Office are roamed by UE-V. This could cause the Office 2010 package size to be quite large or result in unpredictable conflicts with 2013, particularly if Office 365 is used. - -**WORKAROUND:** Install only one version of Office or limit which settings are synchronized by UE-V. - -### Uninstall and re-install of Windows 8 app reverts settings to initial state - -While using UE-V settings synchronization for a Windows 8 app, if the user uninstalls the app and then reinstalls the app, the app’s settings revert to their default values.  This happens because the uninstall removes the local (cached) copy of the app’s settings but does not remove the local UE-V settings package.  When the app is reinstalled and launched, UE-V gather the app settings that were reset to the app defaults and then uploads the default settings to the central storage location.  Other computers running the app then download the default settings.  This behavior is identical to the behavior of desktop applications. - -**WORKAROUND:** None. - -### Email signature roaming for Outlook 2010 - -UE-V will roam the Outlook 2010 signature files between devices. However, the default signature options for new messages and replies or forwards are not synchronized. These two settings are stored in the Outlook profile, which UE-V does not roam. - -**WORKAROUND:** None. - -### UE-V does not support roaming settings between 32-bit and 64-bit versions of Microsoft Office - -We recommend that you install the 64-bit version of Microsoft Office for modern computers. To determine which version you need, [click here](https://support.office.com/article/choose-between-the-64-bit-or-32-bit-version-of-office-2dee7807-8f95-4d0c-b5fe-6c6f49b8d261?ui=en-US&rs=en-US&ad=US#32or64Bit=Newer_Versions). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office. - -**WORKAROUND:** None - -### MSI’s are not localized - -UE-V 2.0 includes a localized setup program for both the UE-V Agent and UE-V generator. These MSI files are still available but the user interface is minimized and the MSI’s only display in English. Despite the file being in English, the setup program installs all supported languages during the installation. - -**WORKAROUND:** None - -### Favicons that are associated with Internet Explorer 9 favorites do not roam - -The favicons that are associated with Internet Explorer 9 favorites are not roamed by User Experience Virtualization and do not appear when the favorites first appear on a new computer. - -**WORKAROUND:** Favicons will appear with their associated favorites once the bookmark is used and cached in the Internet Explorer 9 browser. - -### File settings paths are stored in registry - -Some application settings store the paths of their configuration and settings files as values in the registry. The files that are referenced as paths in the registry must be synchronized when settings are roamed between computers. - -**WORKAROUND:** Use folder redirection or some other technology to ensure that any files that are referenced as file settings paths are present and placed in the same location on all computers where settings roam. - -### Long Settings Storage Paths could cause an error - -Keep settings storage paths as short as possible. Long paths could prevent resolution or synchronization. UE-V uses the Settings storage path as part of the calculated path to store settings. That path is calculated in the following way: settings storage path + “settingspackages” + package dir (template ID) + package name (template ID) + .pkgx. If that calculated path exceeds 260 characters, package storage will fail and generate the following error message in the UE-V operational event log: - -`[boost::filesystem::copy_file: The system cannot find the path specified]` - -To check the operational log events, open the Event Viewer and navigate to Applications and Services Logs / Microsoft / User Experience Virtualization / Logging / Operational. - -**WORKAROUND:** None. - -### Some operating system settings only roam between like operating system versions - -Operating system settings for Narrator and currency characters specific to the locale (i.e. language and regional settings) will only roam across like operating system versions of Windows. For example, currency characters will not roam between Windows 7 and Windows 8. - -**WORKAROUND:** None - -### Windows 8 apps do not sync settings when the app restarts after closing unexpectedly - -If a Windows 8 app closes unexpectedly soon after startup, settings for the application may not be synchronized when the application is restarted. - -**WORKAROUND:** Close the Windows 8 app, close and restart the UevAppMonitor.exe application (can use TaskManager), and then restart the Windows 8 app. - -### UE-V 1 agent generates errors when running UE-V 2 templates - -If a UE-V 2 settings location template is distributed to a computer installed with a UE-V 1 agent, some settings fail to synchronize between computers and the agent reports errors in the event log. - -**WORKAROUND:** When migrating from UE-V 1 to UE-V 2 and it is likely you’ll have computers running the previous version of the agent, create a separate UE-V 2.0 catalog to support the UE-V 2.0 Agent and templates. - -## Hotfixes and Knowledge Base articles for UE-V 2.0 - - -This section contains hotfixes and KB articles for UE-V 2.0. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
KB ArticleTitleLink

2927019

Hotfix Package 1 for Microsoft User Experience Virtualization 2.0

support.microsoft.com/kb/2927019

2903501

UE-V: User Experience Virtualization (UE-V) compatibility with user profiles

support.microsoft.com/kb/2903501/EN-US

2770042

UE-V Registry Settings

support.microsoft.com/kb/2770042/EN-US

2847017

UE-V settings replicated by Internet Explorer

support.microsoft.com/kb/2847017/EN-US

2930271

Understanding the limitations of roaming Outlook signatures in Microsoft UE-V

support.microsoft.com/kb/2930271/EN-US

2769631

How to repair a corrupted UE-V install

support.microsoft.com/kb/2769631/EN-US

2850989

Migrating MAPI profiles with Microsoft UE-V is not supported

support.microsoft.com/kb/2850989/EN-US

2769586

UE-V roams empty folders and registry keys

support.microsoft.com/kb/2769586/EN-US

2782997

How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V)

support.microsoft.com/kb/2782997/EN-US

2769570

UE-V does not update the theme on RDS or VDI sessions

support.microsoft.com/kb/2769570/EN-US

2901856

Application settings do not sync after you force a restart on a UE-V-enabled computer

support.microsoft.com/kb/2901856/EN-US

2850582

How To Use Microsoft User Experience Virtualization With App-V Applications

support.microsoft.com/kb/2850582/EN-US

3041879

Current file versions for Microsoft User Experience Virtualization

support.microsoft.com/kb/3041879/EN-US

2843592

Information on User Experience Virtualization and High Availability

support.microsoft.com/kb/2843592/EN-US

- - - - - - - - - - - diff --git a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-release-notesuevv21.md b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-release-notesuevv21.md deleted file mode 100644 index 4da60e1c20..0000000000 --- a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-release-notesuevv21.md +++ /dev/null @@ -1,233 +0,0 @@ ---- -title: Microsoft User Experience Virtualization (UE-V) 2.1 Release Notes -description: Microsoft User Experience Virtualization (UE-V) 2.1 Release Notes -author: dansimp -ms.assetid: 79a36c77-fa0c-4651-8028-4a79763a2fd2 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Microsoft User Experience Virtualization (UE-V) 2.1 Release Notes - - -To search Microsoft User Experience Virtualization (UE-V) 2.0 release notes, press Ctrl+F. - -You should read these release notes thoroughly before you install UE-V. The release notes contain information that is required to successfully install User Experience Virtualization, and contain additional information that is not available in the product documentation. If there are differences between these release notes and other UE-V documentation, the latest change should be considered authoritative. These release notes supersede the content that is included with this product. - -## Providing feedback - - -Tell us what you think about our documentation for MDOP by giving us your feedback and comments. Send your documentation feedback to [mdopdocs@microsoft.com](mailto:mdopdocs@microsoft.com?subject=UE-V%20Documentation). - -## UE-V known issues - - -This section contains release notes for User Experience Virtualization. - -### UE-V settings location templates for Skype cause Skype to crash - -When a user generates a valid settings location template for the Skype desktop application, registers it, and then launches the Skype desktop application, Skype crashes. An ACCESS\_VIOLATION is recorded in the Application Event Log. - -WORKAROUND: Remove or unregister the Skype template to allow Skype to work again. - -### Existing scripts for silent installations of UE-V may fail - -Two changes made to the UE-V installer can cause silent installation scripts that worked for previous versions of UE-V to fail when installing UE-V 2.1. The first is a new requirement that users must accept the license terms and agree to or decline participation in the Customer Experience Improvement Program (CEIP), even during a silent installation. Using the /q parameter is no longer sufficient to indicate acceptance of the license terms and agreement to participate in CEIP. - -Second, the installer now forces a computer restart after installing the UE-V Agent. This can cause an install script to fail if it is not expecting the restart (for example, it installs the UE-V Agent first and then immediately installs the generator). - -WORKAROUND: The UE-V installer (.msi) has two new command-line parameters that support silent installations. - - ---- - - - - - - - - - - - - - - - - -
ParameterDescription

/ACCEPTLICENSETERMS=True

Set this parameter to True to install UE-V silently. Adding this parameter implies that the user accepts the UE-V license terms, which are found (by default) here: %ProgramFiles%\Microsoft User Experience Virtualization\Agent

/NORESTART

This parameter prevents the mandatory restart after the UE-V agent is installed. A return code of 3010 indicates that a restart is required prior to using UE-V.

- - - -### Registry settings do not synchronize between App-V and native applications on the same computer - -When a computer has an application that is installed through both Application Virtualization (App-V) and locally with a Windows Installer (.msi) file, the registry-based settings do not synchronize between the technologies. - -WORKAROUND: To resolve this problem, run the application by selecting one of the two technologies, but not both. - -### Unpredictable results with both Office 2010 and Office 2013 installed - -When a user has both Office 2010 and Office 2013 installed, any common settings between the two versions of Office are roamed by UE-V. This could cause the Office 2010 package size to be quite large or result in unpredictable conflicts with 2013, particularly if Office 365 is used. - -WORKAROUND: Install only one version of Office or limit which settings are synchronized by UE-V. - -### Uninstall and re-install of Windows 8 app reverts settings to initial state - -While using UE-V settings synchronization for a Windows 8 app, if the user uninstalls the app and then reinstalls the app, the app’s settings revert to their default values.  This happens because the uninstall removes the local (cached) copy of the app’s settings but does not remove the local UE-V settings package.  When the app is reinstalled and launched, UE-V gather the app settings that were reset to the app defaults and then uploads the default settings to the central storage location.  Other computers running the app then download the default settings.  This behavior is identical to the behavior of desktop applications. - -WORKAROUND: None. - -### UE-V does not support roaming settings between 32-bit and 64-bit versions of Microsoft Office - -We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here. ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](https://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office. - -WORKAROUND: None - -### MSI’s are not localized - -UE-V 2.0 includes a localized setup program for both the UE-V Agent and UE-V generator. These MSI files are still available but the user interface is minimized and the MSI’s only display in English. Despite the file being in English, the setup program installs all supported languages during the installation. - -WORKAROUND: None - -### Favicons that are associated with Internet Explorer 9 favorites do not roam - -The favicons that are associated with Internet Explorer 9 favorites are not roamed by User Experience Virtualization and do not appear when the favorites first appear on a new computer. - -WORKAROUND: Favicons will appear with their associated favorites once the bookmark is used and cached in the Internet Explorer 9 browser. - -### File settings paths are stored in registry - -Some application settings store the paths of their configuration and settings files as values in the registry. The files that are referenced as paths in the registry must be synchronized when settings are roamed between computers. - -WORKAROUND: Use folder redirection or some other technology to ensure that any files that are referenced as file settings paths are present and placed in the same location on all computers where settings roam. - -### Long Settings Storage Paths could cause an error - -Keep settings storage paths as short as possible. Long paths could prevent resolution or synchronization. UE-V uses the Settings storage path as part of the calculated path to store settings. That path is calculated in the following way: settings storage path + “settingspackages” + package dir (template ID) + package name (template ID) + .pkgx. If that calculated path exceeds 260 characters, package storage will fail and generate the following error message in the UE-V operational event log: - -`[boost::filesystem::copy_file: The system cannot find the path specified]` - -To check the operational log events, open the Event Viewer and navigate to Applications and Services Logs / Microsoft / User Experience Virtualization / Logging / Operational. - -WORKAROUND: None. - -### Some operating system settings only roam between like operating system versions - -Operating system settings for Narrator and currency characters specific to the locale (i.e. language and regional settings) will only roam across like operating system versions of Windows. For example, currency characters will not roam between Windows 7 and Windows 8. - -WORKAROUND: None - -### UE-V 1 agent generates errors when running UE-V 2 templates - -If a UE-V 2 settings location template is distributed to a computer installed with a UE-V 1 agent, some settings fail to synchronize between computers and the agent reports errors in the event log. - -WORKAROUND: When migrating from UE-V 1 to UE-V 2 and it is likely you’ll have computers running the previous version of the agent, create a separate UE-V 2.0 catalog to support the UE-V 2.0 Agent and templates. - -## Hotfixes and Knowledge Base articles for UE-V 2.1 - - -This section contains hotfixes and KB articles for UE-V 2.1. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
KB ArticleTitleLink

3018608

UE-V 2.1 - TemplateConsole.exe crashes when UE-V WMI classes are missing

support.microsoft.com/kb/3018608/EN-US

2903501

UE-V: User Experience Virtualization (UE-V) compatibility with user profiles

support.microsoft.com/kb/2903501/EN-US

2770042

UE-V Registry Settings

support.microsoft.com/kb/2770042/EN-US

2847017

UE-V settings replicated by Internet Explorer

support.microsoft.com/kb/2847017/EN-US

2769631

How to repair a corrupted UE-V install

support.microsoft.com/kb/2769631/EN-US

2850989

Migrating MAPI profiles with Microsoft UE-V is not supported

support.microsoft.com/kb/2850989/EN-US

2769586

UE-V roams empty folders and registry keys

support.microsoft.com/kb/2769586/EN-US

2782997

How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V)

support.microsoft.com/kb/2782997/EN-US

2769570

UE-V does not update the theme on RDS or VDI sessions

support.microsoft.com/kb/2769570/EN-US

2850582

How To Use Microsoft User Experience Virtualization With App-V Applications

support.microsoft.com/kb/2850582/EN-US

3041879

Current file versions for Microsoft User Experience Virtualization

support.microsoft.com/kb/3041879/EN-US

2843592

Information on User Experience Virtualization and High Availability

support.microsoft.com/kb/2843592/EN-US

- - - - - - - - - - - - - - - - diff --git a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-sp1-release-notes.md b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-sp1-release-notes.md deleted file mode 100644 index 0a0b7124ef..0000000000 --- a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-sp1-release-notes.md +++ /dev/null @@ -1,244 +0,0 @@ ---- -title: Microsoft User Experience Virtualization (UE-V) 2.1 SP1 Release Notes -description: Microsoft User Experience Virtualization (UE-V) 2.1 SP1 Release Notes -author: dansimp -ms.assetid: 561988c4-cc5c-4e15-970b-16e942c8f2ef -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 03/30/2017 ---- - - -# Microsoft User Experience Virtualization (UE-V) 2.1 SP1 Release Notes - - -To search Microsoft User Experience Virtualization 2.1 SP1 release notes, press Ctrl+F. - -You should read these release notes thoroughly before you install UE-V. The release notes contain information that is required to successfully install User Experience Virtualization, and contain additional information that is not available in the product documentation. If there are differences between these release notes and other UE-V documentation, the latest change should be considered authoritative. These release notes supersede the content that is included with this product. - -## Providing feedback - - -Tell us what you think about our documentation for MDOP by giving us your feedback and comments. Send your documentation feedback to [mdopdocs@microsoft.com](mailto:mdopdocs@microsoft.com?subject=UE-V%20Documentation). - -## UE-V known issues - - -This section contains release notes for User Experience Virtualization 2.1 SP1. - -### UE-V settings location templates for Skype cause Skype to crash - -When a user generates a valid settings location template for the Skype desktop application, registers it, and then launches the Skype desktop application, Skype crashes. An ACCESS\_VIOLATION is recorded in the Application Event Log. - -WORKAROUND: Remove or unregister the Skype template to allow Skype to work again. - -### Existing scripts for silent installations of UE-V may fail - -Two changes made to the UE-V installer can cause silent installation scripts that worked for previous versions of UE-V to fail when installing UE-V 2.1 SP1. The first is a new requirement that users must accept the license terms and agree to or decline participation in the Customer Experience Improvement Program (CEIP), even during a silent installation. Using the /q parameter is no longer sufficient to indicate acceptance of the license terms and agreement to participate in CEIP. - -Second, the installer now forces a computer restart after installing the UE-V Agent. This can cause an install script to fail if it is not expecting the restart (for example, it installs the UE-V Agent first and then immediately installs the generator). - -WORKAROUND: The UE-V installer (.msi) has two new command-line parameters that support silent installations. - - ---- - - - - - - - - - - - - - - - - -
ParameterDescription

/ACCEPTLICENSETERMS=True

Set this parameter to True to install UE-V silently. Adding this parameter implies that the user accepts the UE-V license terms, which are found (by default) here: %ProgramFiles%\Microsoft User Experience Virtualization\Agent

/NORESTART

This parameter prevents the mandatory restart after the UE-V agent is installed. A return code of 3010 indicates that a restart is required prior to using UE-V.

- - - -### Registry settings do not synchronize between App-V and native applications on the same computer - -When a computer has an application that is installed through both Application Virtualization (App-V) and locally with a Windows Installer (.msi) file, the registry-based settings do not synchronize between the technologies. - -WORKAROUND: To resolve this problem, run the application by selecting one of the two technologies, but not both. - -### Unpredictable results with both Office 2010 and Office 2013 installed - -When a user has both Office 2010 and Office 2013 installed, any common settings between the two versions of Office are roamed by UE-V. This could cause the Office 2010 package size to be quite large or result in unpredictable conflicts with 2013, particularly if Office 365 is used. - -WORKAROUND: Install only one version of Office or limit which settings are synchronized by UE-V. - -### Uninstall and re-install of Windows 8 app reverts settings to initial state - -While using UE-V settings synchronization for a Windows 8 app, if the user uninstalls the app and then reinstalls the app, the app’s settings revert to their default values.  This happens because the uninstall removes the local (cached) copy of the app’s settings but does not remove the local UE-V settings package.  When the app is reinstalled and launched, UE-V gather the app settings that were reset to the app defaults and then uploads the default settings to the central storage location.  Other computers running the app then download the default settings.  This behavior is identical to the behavior of desktop applications. - -WORKAROUND: None. - -### UE-V does not support roaming settings between 32-bit and 64-bit versions of Microsoft Office - -We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here. ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](https://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office. - -WORKAROUND: None - -### MSI’s are not localized - -UE-V includes a localized setup program for both the UE-V Agent and UE-V generator. These MSI files are still available but the user interface is minimized and the MSI’s only display in English. Despite the file being in English, the setup program installs all supported languages during the installation. - -WORKAROUND: None - -### Favicons that are associated with Internet Explorer 9 favorites do not roam - -The favicons that are associated with Internet Explorer 9 favorites are not roamed by User Experience Virtualization and do not appear when the favorites first appear on a new computer. - -WORKAROUND: Favicons will appear with their associated favorites once the bookmark is used and cached in the Internet Explorer 9 browser. - -### File settings paths are stored in registry - -Some application settings store the paths of their configuration and settings files as values in the registry. The files that are referenced as paths in the registry must be synchronized when settings are roamed between computers. - -WORKAROUND: Use folder redirection or some other technology to ensure that any files that are referenced as file settings paths are present and placed in the same location on all computers where settings roam. - -### Long Settings Storage Paths could cause an error - -Keep settings storage paths as short as possible. Long paths could prevent resolution or synchronization. UE-V uses the Settings storage path as part of the calculated path to store settings. That path is calculated in the following way: settings storage path + “settingspackages” + package dir (template ID) + package name (template ID) + .pkgx. If that calculated path exceeds 260 characters, package storage will fail and generate the following error message in the UE-V operational event log: - -`[boost::filesystem::copy_file: The system cannot find the path specified]` - -To check the operational log events, open the Event Viewer and navigate to Applications and Services Logs / Microsoft / User Experience Virtualization / Logging / Operational. - -WORKAROUND: None. - -### Some operating system settings only roam between like operating system versions - -Operating system settings for Narrator and currency characters specific to the locale (i.e. language and regional settings) will only roam across like operating system versions of Windows. For example, currency characters will not roam between Windows 7 and Windows 8. - -WORKAROUND: None - -### UE-V 1 agent generates errors when running UE-V 2 templates - -If a UE-V 2 settings location template is distributed to a computer installed with a UE-V 1 agent, some settings fail to synchronize between computers and the agent reports errors in the event log. - -WORKAROUND: When migrating from UE-V 1 to UE-V 2 and it is likely you’ll have computers running the previous version of the agent, create a separate UE-V 2.x catalog to support the UE-V 2.x Agent and templates. - -### UE-V logoff delay - -Occasionally on logoff, UE-V takes a long time to sync settings. Typically, this is due to a high latency network or incorrect use of Distrubuted File System (DFS). -For DFS support, see [Microsoft’s Support Statement Around Replicated User Profile Data](https://support.microsoft.com/kb/2533009) for further details. - -WORKAROUND: Starting with HF03, a new registry key has been introduced -The following registry key provides a mechanism by which the maximum logoff delay can be specified -\\Software\\Microsoft\\UEV\\Agent\\Configuration\\LogOffWaitInterval - -See [UE-V registry settings](https://support.microsoft.com/kb/2770042) for further details - -## Hotfixes and Knowledge Base articles for UE-V 2.1 SP1 - - -This section contains hotfixes and KB articles for UE-V 2.1 SP1. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
KB ArticleTitleLink

3018608

UE-V 2.1 - TemplateConsole.exe crashes when UE-V WMI classes are missing

support.microsoft.com/kb/3018608/EN-US

2903501

UE-V: User Experience Virtualization (UE-V) compatibility with user profiles

support.microsoft.com/kb/2903501/EN-US

2770042

UE-V Registry Settings

support.microsoft.com/kb/2770042/EN-US

2847017

UE-V settings replicated by Internet Explorer

support.microsoft.com/kb/2847017/EN-US

2769631

How to repair a corrupted UE-V install

support.microsoft.com/kb/2769631/EN-US

2850989

Migrating MAPI profiles with Microsoft UE-V is not supported

support.microsoft.com/kb/2850989/EN-US

2769586

UE-V roams empty folders and registry keys

support.microsoft.com/kb/2769586/EN-US

2782997

How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V)

support.microsoft.com/kb/2782997/EN-US

2769570

UE-V does not update the theme on RDS or VDI sessions

support.microsoft.com/kb/2769570/EN-US

2850582

How To Use Microsoft User Experience Virtualization With App-V Applications

support.microsoft.com/kb/2850582/EN-US

3041879

Current file versions for Microsoft User Experience Virtualization

support.microsoft.com/kb/3041879/EN-US

2843592

Information on User Experience Virtualization and High Availability

support.microsoft.com/kb/2843592/EN-US

- - - - - - - - - - - - - - - - diff --git a/mdop/uev-v2/migrating-ue-v-2x-settings-packages-both-uevv2.md b/mdop/uev-v2/migrating-ue-v-2x-settings-packages-both-uevv2.md deleted file mode 100644 index d87870c3ad..0000000000 --- a/mdop/uev-v2/migrating-ue-v-2x-settings-packages-both-uevv2.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -title: Migrating UE-V 2.x Settings Packages -description: Migrating UE-V 2.x Settings Packages -author: dansimp -ms.assetid: f79381f4-e142-405c-b728-5c048502aa70 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Migrating UE-V 2.x Settings Packages - - -In the lifecycle of a Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, or 2.1 SP1 deployment, you might have to relocate the user settings packages either when you migrate to a new server or when you perform backups. Settings packages might have to be migrated in the following scenarios: - -- Upgrade of existing server hardware to a more modern server. - -- Migration of a settings storage location share from a test server to a production server. - -Simply copying the files and folders does not preserve the security settings and permissions. The following steps describe how to correctly copy the settings package along with their NTFS file system permissions to a new share. - -**To preserve UE-V 2 settings packages when you migrate to a new server** - -1. In a new location on a different server, create a new folder, for example, MySettings. - -2. Disable sharing for the old folder share on the old server. - -3. To copy the existing settings packages to the new server with Robocopy - - ``` syntax - C:\start robocopy "\\servername\E$\MySettings" "\\servername\E$\MySettings" /b /sec /secfix /e /LOG:D:\Robocopylogs\MySettings.txt - ``` - - **Note**   - To monitor the copy progress, open MySettings.txt with a log viewer such as Trace32. - - - -4. Grant share-level permissions to the new share. Leave the NTFS file system permissions as they were set by Robocopy. - - On computers that run the UE-V Agent, update the **SettingsStoragePath** configuration setting to the Universal Naming Convention (UNC) path of the new share. - - **Got a suggestion for UE-V**? Add or vote on suggestions [here](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization). **Got a UE-V issue**? Use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopuev). - -## Related topics - - -[Administering UE-V 2.x](administering-ue-v-2x-new-uevv2.md) - - - - - - - - - diff --git a/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md b/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md deleted file mode 100644 index 80cc0caffa..0000000000 --- a/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md +++ /dev/null @@ -1,804 +0,0 @@ ---- -title: Prepare a UE-V 2.x Deployment -description: Prepare a UE-V 2.x Deployment -author: dansimp -ms.assetid: c429fd06-13ff-48c5-b9c9-fa1ec01ab800 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 04/19/2017 ---- - - -# Prepare a UE-V 2.x Deployment - - -There is some planning and preparation to do before you deploy Microsoft User Experience Virtualization (UE-V) 2.0 or 2.1 as a solution for synchronizing settings between devices that users access in your enterprise. This topic helps you determine what type of deployment you'll be doing and what preparation you can make beforehand so that your deployment is successful. - -First, let’s look at the tasks you’ll do to deploy UE-V: - -- Plan your UE-V Deployment - - Before you deploy anything, a good first step is to do a little bit of planning so that you can determine which UE-V features you’ll deploy. So if you leave this page, make sure you come back and read through the planning information below. - -- [Deploy Required Features for UE-V 2.x](deploy-required-features-for-ue-v-2x-new-uevv2.md) - - Every UE-V deployment requires these activities: - - - [Define a settings storage location](https://technet.microsoft.com/library/dn458891.aspx#ssl) - - - [Decide how to deploy the UE-V Agent and manage UE-V configurations](https://technet.microsoft.com/library/dn458891.aspx#config) - - - [Install the UE-V Agent](https://technet.microsoft.com/library/dn458891.aspx#agent) on every user computer that needs settings synchronized - -- Optionally, you can [Deploy UE-V 2.x for Custom Applications](deploy-ue-v-2x-for-custom-applications-new-uevv2.md) - - Planning will help you figure out whether you want UE-V to support the synchronization of settings for custom applications (third-party or line-of-business), which requires these UE-V features: - - - [Install the UEV Generator](https://technet.microsoft.com/library/dn458942.aspx#uevgen) so you can create, edit, and validate the custom settings location templates required to synchronize custom application settings - - - [Create custom settings location templates](https://technet.microsoft.com/library/dn458942.aspx#createcustomtemplates) by using the UE-V Generator - - - [Deploy a UE-V settings template catalog](https://technet.microsoft.com/library/dn458942.aspx#deploycatalogue) that you use to store your custom settings location templates - -This workflow diagram provides a high-level understanding of a UE-V deployment and the decisions that determine how you deploy UE-V in your enterprise. - -![deploymentworkflow](images/deploymentworkflow.png) - -**Planning a UE-V deployment:** First, you want to do a little bit of planning so that you can determine which UE-V components you’ll be deploying. Planning a UE-V deployment involves these things: - -- [Decide whether to synchronize settings for custom applications](#deciding) - - This determines whether you will install the UE-V Generator during deployment, which lets you create custom settings location templates. It involves the following: - - Review the [settings that are synchronized automatically in a UE-V deployment](#autosyncsettings). - - [Determine whether you need settings synchronized for other applications](#determinesettingssync). - -- Review [other considerations for deploying UE-V](#considerations), such as high availability and capacity planning. - -- [Confirm prerequisites and supported configurations for UE-V](#prereqs) - -## Decide Whether to Synchronize Settings for Custom Applications - - -In a UE-V deployment, many settings are automatically synchronized. But you can also customize UE-V to synchronize settings for other applications, such as line-of-business and third-party apps. - -Deciding if you want UE-V to synchronize settings for custom applications is probably the most important part of planning your UE-V deployment. The topics in this section will help you make that decision. - -### Settings that are automatically synchronized in a UE-V deployment - -This section provides information about the settings that are synchronized by default in UE-V, including the following: - -Desktop applications whose settings are synchronized by default - -Windows desktop settings that are synchronized by default - -A statement of support for Windows app setting synchronization - -See [User Experience Virtualization (UE-V) settings templates for Microsoft Office](https://www.microsoft.com/download/details.aspx?id=46367) to download a complete list of the specific Microsoft Office 2013, Microsoft Office 2010, and Microsoft Office 2007 settings that are synchronized by UE-V. - -### Desktop applications synchronized by default in UE-V 2.1 and UE-V 2.1 SP1 - -When you install the UE-V 2.1 or 2.1 SP1 Agent, it registers a default group of settings location templates that capture settings values for these common Microsoft applications. - -**Tip** -**Microsoft Office 2007 Settings Synchronization** – In UE-V 2.1 and 2.1 SP1, a settings location template is no longer included by default for Office 2007 applications. However, you can still use Office 2007 templates from UE-V 2.0 or earlier and can get the templates from the [UE-V template gallery](https://go.microsoft.com/fwlink/p/?LinkID=246589). - - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
Application categoryDescription

Microsoft Office 2010 applications

-

(Download a list of all settings synced)

Microsoft Word 2010

-

Microsoft Excel 2010

-

Microsoft Outlook 2010

-

Microsoft Access 2010

-

Microsoft Project 2010

-

Microsoft PowerPoint 2010

-

Microsoft Publisher 2010

-

Microsoft Visio 2010

-

Microsoft SharePoint Workspace 2010

-

Microsoft InfoPath 2010

-

Microsoft Lync 2010

-

Microsoft OneNote 2010

-

Microsoft SharePoint Designer 2010

Microsoft Office 2013 applications

-

(Download a list of all settings synced)

Microsoft Word 2013

-

Microsoft Excel 2013

-

Microsoft Outlook 2013

-

Microsoft Access 2013

-

Microsoft Project 2013

-

Microsoft PowerPoint 2013

-

Microsoft Publisher 2013

-

Microsoft Visio 2013

-

Microsoft InfoPath 2013

-

Microsoft Lync 2013

-

Microsoft OneNote 2013

-

Microsoft SharePoint Designer 2013

-

Microsoft Office 2013 Upload Center

-

Microsoft OneDrive for Business 2013

-

The UE-V 2.1 and 2.1 SP1 Microsoft Office 2013 settings location templates include improved Outlook signature support. We’ve added synchronization of default signature settings for new, reply, and forwarded emails.

-
-Note

An Outlook profile must be created for any device on which a user wants to sync their Outlook signature. If the profile is not already created, the user can create one and then restart Outlook on that device to enable signature synchronization.

-
-
- -

Browser options: Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11

Favorites, home page, tabs, and toolbars.

-
-Note

UE-V does not roam settings for Internet Explorer cookies.

-
-
- -

Windows accessories

Microsoft Calculator, Notepad, WordPad.

- - - -**Note** -UE-V 2.1 SP1 does not synchronize settings between the Microsoft Calculator in Windows 10 and the Microsoft Calculator in previous operating systems. - - - -### Desktop applications synchronized by default in UE-V 2.0 - -When you install the UE-V 2.0 Agent, it registers a default group of settings location templates that capture settings values for these common Microsoft applications. - -**Tip** -**Microsoft Office 2013 Settings Synchronization** – In UE-V 2.0, a settings location template is not included by default for Office 2013 applications, but is available for download from the [UE-V template gallery](https://go.microsoft.com/fwlink/p/?LinkID=246589). [Synchronizing Office 2013 with UE-V 2.0](synchronizing-office-2013-with-ue-v-20-both-uevv2.md) provides details about the supported templates that synchronize Office 2013 settings. - - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
Application categoryDescription

Microsoft Office 2007 applications

-

(Download a list of all settings synced)

Microsoft Access 2007

-

Microsoft Communicator 2007

-

Microsoft Excel 2007

-

Microsoft InfoPath 2007

-

Microsoft OneNote 2007

-

Microsoft Outlook 2007

-

Microsoft PowerPoint 2007

-

Microsoft Project 2007

-

Microsoft Publisher 2007

-

Microsoft SharePoint Designer 2007

-

Microsoft Visio 2007

-

Microsoft Word 2007

Microsoft Office 2010 applications

-

(Download a list of all settings synced)

Microsoft Word 2010

-

Microsoft Excel 2010

-

Microsoft Outlook 2010

-

Microsoft Access 2010

-

Microsoft Project 2010

-

Microsoft PowerPoint 2010

-

Microsoft Publisher 2010

-

Microsoft Visio 2010

-

Microsoft SharePoint Workspace 2010

-

Microsoft InfoPath 2010

-

Microsoft Lync 2010

-

Microsoft OneNote 2010

-

Microsoft SharePoint Designer 2010

Browser options: Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10

Favorites, home page, tabs, and toolbars.

-
-Note

UE-V does not roam settings for Internet Explorer cookies.

-
-
- -

Windows accessories

Microsoft Calculator, Notepad, WordPad.

- - - -### Windows settings synchronized by default - -UE-V includes settings location templates that capture settings values for these Windows settings. - - ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Windows settingsDescriptionApply onExport onDefault state

Desktop background

Currently active desktop background or wallpaper.

Logon, unlock, remote connect, Scheduled Task events.

Logoff, lock, remote disconnect, user clicking Sync Now in Company Settings Center, or scheduled task interval

Enabled

Ease of Access

Accessibility and input settings, Microsoft Magnifier, Narrator, and on-Screen Keyboard.

Logon only.

Logoff, user clicking Sync Now in Company Settings Center, or scheduled task interval

Enabled

Desktop settings

Start menu and Taskbar settings, Folder options, Default desktop icons, Additional clocks, and Region and Language settings.

Logon only.

Logoff, user clicking Sync Now in Company Settings Center, or scheduled task

Enabled

- - - -**Note** -Starting in Windows 8, UE-V does not roam settings related to the Start screen, such as items and locations. In addition, UE-V does not support synchronization of pinned taskbar items or Windows file shortcuts. - - - -**Important** -UE-V 2.1 SP1 roams taskbar settings between Windows 10 devices. However, UE-V does not synchronize taskbar settings between Windows 10 devices and devices running previous operating systems. - - - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Settings groupCategoryCaptureApply

Application Settings

Windows apps

Close app

-

Windows app settings change event

Start the UE-V App Monitor at startup

-

Open app

-

Windows App Settings change event

-

Arrival of a settings package

Desktop applications

Application closes

Application opens and closes

Desktop settings

Desktop background

Lock or logoff

Logon, unlock, remote connect, notification of new package arrival, user clicks Sync Now in Company Settings Center, or scheduled task runs.

Ease of Access (Common – Accessibility, Narrator, Magnifier, On-Screen-Keyboard)

Lock or Logoff

Logon

Ease of Access (Shell - Audio, Accessibility, Keyboard, Mouse)

Lock or logoff

Logon, unlock, remote connect, notification of new package arrival, user clicks Sync Now in Company Settings Center, or scheduled task runs

Desktop settings

Lock or logoff

Logon

- - - -### UE-V-support for Windows Apps - -For Windows apps, the app developer specifies the settings that are synchronized. You can specify which Windows apps are enabled for settings synchronization. - -To display a list of Windows apps that can synchronize settings on a computer with their package family name, enabled status, and enabled source, at a Windows PowerShell command prompt, enter: `Get-UevAppxPackage` - -**Note** -As of Windows 8, UE-V does not synchronize Windows app settings if the domain user links their sign-in credentials to their Microsoft Account. This linking synchronizes settings to Microsoft OneDrive so UE-V, which disables synchronization of Windows app settings. - - - -### UE-V-support for Roaming Printers - -UE-V 2.1 SP1 lets network printers roam between devices so that a user has access to their network printers when logged on to any device on the network. This includes roaming the printer that they set as the default. - -Printer roaming in UE-V requires one of these scenarios: - -- The print server can download the required driver when it roams to a new device. - -- The driver for the roaming network printer is pre-installed on any device that needs to access that network printer. - -- The printer driver can be obtained from Windows Update. - -**Note** -The UE-V printer roaming feature does **not** roam printer settings or preferences, such as printing double-sided. - - - -### Determine whether you need settings synchronized for other applications - -After you have reviewed the settings that are synchronized automatically in a UE-V deployment, you want to decide whether you will synchronize settings for other applications since this determines how you deploy UE-V throughout your enterprise. - -As an administrator, when you consider which desktop applications to include in your UE-V solution, consider which settings can be customized by users, and how and where the application stores its settings. Not all desktop applications have settings that can be customized or that are routinely customized by users. In addition, not all desktop applications settings can safely be synchronized across multiple computers or environments. - -In general, you can synchronize settings that meet the following criteria: - -- Settings that are stored in user-accessible locations. For example, do not synchronize settings that are stored in System32 or outside the HKEY\_CURRENT\_USER (HKCU) section of the registry. - -- Settings that are not specific to the particular computer. For example, exclude network or hardware configurations. - -- Settings that can be synchronized between computers without risk of corrupted data. For example, do not use settings that are stored in a database file. - -### Checklist for evaluating custom applications - -If you’ve decided that you need settings synchronized for other applications, you can use this checklist to help figure out which applications you’ll include. - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Description
Checklist box

Does this application contain settings that the user can customize?

Checklist box

Is it important for the user that these settings are synchronized?

Checklist box

Are these user settings already managed by an application management or settings policy solution? UE-V applies application settings at application startup and Windows settings at logon, unlock, or remote connect events. If you use UE-V with other settings sharing solutions, users might experience inconsistency across synchronized settings.

Checklist box

Are the application settings specific to the computer? Application preferences and customizations that are associated with hardware or specific computer configurations do not consistently synchronize across sessions and can cause a poor application experience.

Checklist box

Does the application store settings in the Program Files directory or in the file directory that is located in the Users[User name]<strong>AppData<strong>LocalLow directory? Application data that is stored in either of these locations usually should not synchronize with the user, because this data is specific to the computer or because the data is too large to synchronize.

Checklist box

Does the application store any settings in a file that contains other application data that should not synchronize? UE-V synchronizes files as a single unit. If settings are stored in files that include application data other than settings, then synchronizing this additional data can cause a poor application experience.

Checklist box

How large are the files that contain the settings? The performance of the settings synchronization can be affected by large files. Including large files can affect the performance of settings synchronization.

- - - -## Other Considerations when Preparing a UE-V Deployment - - -You should also consider these things when you are preparing to deploy UE-V: - -- [Managing credentials synchronization](#creds) - -- [Windows app settings synchronization](#appxsettings) - -- [Custom UE-V settings location templates](#custom) - -- [Unintentional user settings configurations](#prevent) - -- [Performance and capacity](#capacity) - -- [High availability](#high) - -- [Computer clock synchronization](#clocksync) - -### Managing credentials synchronization in UE-V 2.1 and UE-V 2.1 SP1 - -Many enterprise applications, including Microsoft Outlook and Lync, prompt users for their domain credentials at login. Users have the option of saving their credentials to disk to prevent having to enter them every time they open these applications. Enabling roaming credentials synchronization lets users save their credentials on one computer and avoid re-entering them on every computer they use in their environment. Users can synchronize some domain credentials with UE-V 2.1 and 2.1 SP1. - -**Important** -Credentials synchronization is disabled by default. You must explicitly enable credentials synchronization during deployment to implement this feature. - - - -UE-V 2.1 and 2.1 SP1 can synchronize enterprise credentials, but do not roam credentials intended only for use on the local computer. - -Credentials are synchronous settings, meaning they are applied to your profile the first time you log in to your computer after UE-V synchronizes. - -Credentials synchronization is managed by its own settings location template, which is disabled by default. You can enable or disable this template through the same methods used for other templates. The template identifier for this feature is RoamingCredentialSettings. - -**Important** -If you are using Active Directory Credential Roaming in your environment, we recommend that you don’t enable the UE-V credential roaming template. - - - -Use one of these methods to enable credentials synchronization: - -- Company Settings Center - -- PowerShell - -- Group Policy - -**Note** -Credentials are encrypted during synchronization. - - - -[Company Settings Center](https://technet.microsoft.com/library/dn458903.aspx)**:** Check the Roaming Credential Settings check box under Windows Settings to enable credential synchronization. Uncheck the box to disable it. This check box only appears in Company Settings Center if your account is not configured to synchronize settings using a Microsoft Account. - -[PowerShell](https://technet.microsoft.com/library/dn458937.aspx)**:** This PowerShell cmdlet enables credential synchronization: - -``` syntax -Enable-UevTemplate RoamingCredentialSettings -``` - -This PowerShell cmdlet disables credential synchronization: - -``` syntax -Disable-UevTemplate RoamingCredentialSettings -``` - -[Group Policy](https://technet.microsoft.com/library/dn458893.aspx)**:** You must [deploy the latest MDOP ADMX template](https://go.microsoft.com/fwlink/p/?LinkId=393944) to enable credential synchronization through group policy. Credentials synchronization is managed with the Windows settings. To manage this feature with Group Policy, enable the Synchronize Windows settings policy. - -1. Open Group Policy Editor and navigate to **User Configuration – Administrative Templates – Windows Components – Microsoft User Experience Virtualization**. - -2. Double-click on **Synchronize Windows settings**. - -3. If this policy is enabled, you can enable credentials synchronization by checking the **Roaming Credentials** check box, or disable credentials synchronization by unchecking it. - -4. Click **OK**. - -### Credential locations synchronized by UE-V - -Credential files saved by applications into the following locations are synchronized: - -- %UserProfile%\\AppData\\Roaming\\Microsoft\\Credentials\\ - -- %UserProfile%\\AppData\\Roaming\\Microsoft\\Crypto\\ - -- %UserProfile%\\AppData\\Roaming\\Microsoft\\Protect\\ - -- %UserProfile%\\AppData\\Roaming\\Microsoft\\SystemCertificates\\ - -Credentials saved to other locations are not synchronized by UE-V. - -### Windows app settings synchronization - -UE-V manages Windows app settings synchronization in three ways: - -- **Sync Windows Apps:** Allow or deny any Windows app synchronization - -- **Windows App List:** Synchronize a list of Windows apps - -- **Unlisted Default Sync Behavior:** Determine the synchronization behavior of Windows apps that are not in the Windows app list. - -For more information, see the [Windows App List](https://technet.microsoft.com/library/dn458925.aspx#win8applist). - -### Custom UE-V settings location templates - -If you are deploying UE-V to synchronize settings for custom applications, you will use the UE-V Generator to create custom settings location templates for those desktop applications. After you create and test a custom settings location template in a test environment, you can deploy the settings location templates to computers in the enterprise. - -Custom settings location templates must be deployed with an existing deployment infrastructure, like an enterprise software distribution (ESD) method such as System Center Configuration Manager, with preferences, or by configuring an UE-V settings template catalog. Templates that are deployed with Configuration Manager or Group Policy must be registered by using UE-V WMI or Windows PowerShell. - -For more information about custom settings location templates, see [Deploy UE-V 2.x for Custom Applications](deploy-ue-v-2x-for-custom-applications-new-uevv2.md). For more information about using UE-V with Configuration Manager, see [Configuring UE-V 2.x with System Center Configuration Manager 2012](configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md). - -### Prevent unintentional user settings configuration - -UE-V downloads new user settings information from a settings storage location and applies the settings to the local computer in these instances: - -- Every time an application is started that has a registered UE-V template. - -- When a user logs on to a computer. - -- When a user unlocks a computer. - -- When a connection is made to a remote desktop computer that has UE-V installed. - -- When the Sync Controller Application scheduled task is run. - -If UE-V is installed on computer A and computer B, and the settings that you want for the application are on computer A, then computer A should open and close the application first. If the application is opened and closed on computer B first, then the application settings on computer A are configured to the application settings on computer B. Settings are synchronized between computers on per-application basis. Over time, settings become consistent between computers as they are opened and closed with preferred settings. - -This scenario also applies to Windows settings. If the Windows settings on computer B should be the same as the Windows settings on computer A, then the user should log on and log off computer A first. - -If the user settings that the user wants are applied in the wrong order, they can be recovered by performing a restore operation for the specific application or Windows configuration on the computer on which the settings were overwritten. For more information, see [Manage Administrative Backup and Restore in UE-V 2.x](manage-administrative-backup-and-restore-in-ue-v-2x-new-topic-for-21.md). - -### Performance and capacity planning - -Specify your requirements for UE-V with standard disk capacity and network health monitoring. - -UE-V uses a Server Message Block (SMB) share for the storage of settings packages. The size of settings packages varies depending on the settings information for each application. While most settings packages are small, the synchronization of potentially large files, such as desktop images, can result in poor performance, particularly on slower networks. - -To reduce problems with network latency, create settings storage locations on the same local networks where the users’ computers reside. We recommend 20 MB of disk space per user for the settings storage location. - -By default, UE-V synchronization times out after 2 seconds to prevent excessive lag due to a large settings package. You can configure the SyncMethod=SyncProvider setting by using [Group Policy Objects](https://technet.microsoft.com/library/dn458893.aspx). - -### High Availability for UE-V - -The UE-V settings storage location and settings template catalog support storing user data on any writable share. To ensure high availability, follow these criteria: - -- Format the storage volume with an NTFS file system. - -- The share can use Distributed File System (DFS) but there are restrictions. -Specifically, Distributed File System Replication (DFS-R) single target configuration with or without a Distributed File System Namespace (DFS-N) is supported. -Likewise, only single target configuration is supported with DFS-N. -For detailed information, see [Microsoft’s Support Statement Around Replicated User Profile Data](https://go.microsoft.com/fwlink/p/?LinkId=313991) -and also [Information about Microsoft support policy for a DFS-R and DFS-N deployment scenario](https://support.microsoft.com/kb/2533009). - - In addition, because SYSVOL uses DFS-R for replication, SYSVOL cannot be used for UE-V data file replication. - -- Configure the share permissions and NTFS access control lists (ACLs) as specified in [Deploying the Settings Storage Location for UE-V 2.x](https://technet.microsoft.com/library/dn458891.aspx#ssl). - -- Use file server clustering along with the UE-V Agent to provide access to copies of user state data in the event of communications failures. - -- You can store the settings storage path data (user data) and settings template catalog templates on clustered shares, on DFS-N shares, or on both. - -### Synchronize computer clocks for UE-V settings synchronization - -Computers that run the UE-V Agent must use a time server to maintain a consistent settings experience. UE-V uses time stamps to determine if settings must be synchronized from the settings storage location. If the computer clock is inaccurate, older settings can overwrite newer settings, or the new settings might not be saved to the settings storage location. - -## Confirm Prerequisites and Supported Configurations for UE-V - - -Before you proceed, make sure your environment includes these requirements for running UE-V. - - -------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating systemEditionService packSystem architectureWindows PowerShellMicrosoft .NET Framework

Windows 7

Ultimate, Enterprise, or Professional Edition

SP1

32-bit or 64-bit

Windows PowerShell 3.0 or higher

.NET Framework 4.5 or higher for UE-V 2.1.

-

.NET Framework 4 or higher for UE-V 2.0.

Windows Server 2008 R2

Standard, Enterprise, Datacenter, or Web Server

SP1

64-bit

Windows PowerShell 3.0 or higher

.NET Framework 4.5 or higher for UE-V 2.1.

-

.NET Framework 4 or higher for UE-V 2.0.

Windows 8 and Windows 8.1

Enterprise or Pro

None

32-bit or 64-bit

Windows PowerShell 3.0 or higher

.NET Framework 4.5 or higher

Windows 10, pre-1607 version

-
-Note

Only UE-V 2.1 SP1 supports Windows 10, pre-1607 version

-
-
- -

Enterprise or Pro

None

32-bit or 64-bit

Windows PowerShell 3.0 or higher

.NET Framework 4.6

Windows Server 2012 and Windows Server 2012 R2

Standard or Datacenter

None

64-bit

Windows PowerShell 3.0 or higher

.NET Framework 4.5 or higher

Windows Server 2016

Standard or Datacenter

None

64-bit

Windows PowerShell 3.0 or higher

.NET Framework 4.6 or higher

- - - -Also… - -- **MDOP License:** This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Enterprise customers can get MDOP with Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see How Do I Get MDOP (https://go.microsoft.com/fwlink/p/?LinkId=322049). - -- **Administrative Credentials** for any computer on which you’ll be installing - -**Note** - -- Starting with WIndows 10, version 1607, UE-V is included with [Windows 10 for Enterprise](https://www.microsoft.com/WindowsForBusiness/windows-for-enterprise) and is no longer part of the Microsoft Desktop Optimization Pack. - -- The UE-V Windows PowerShell feature of the UE-V Agent requires .NET Framework 4 or higher and Windows PowerShell 3.0 or higher to be enabled. Download Windows PowerShell 3.0 [here](https://go.microsoft.com/fwlink/?LinkId=309609). - -- Install .NET Framework 4 or .NET Framework 4.5 on computers that run the Windows 7 or the Windows Server 2008 R2 operating system. The Windows 8, Windows 8.1, and Windows Server 2012 operating systems come with .NET Framework 4.5 installed. The Windows 10 operating system comes with .NET Framework 4.6 installed. -- The “Delete Roaming Cache” policy for Mandatory profiles is not supported with UE-V and should not be used. - - - -There are no special random access memory (RAM) requirements specific to UE-V. - -### Synchronization of Settings through the Sync Provider - -Sync Provider is the default setting for users, which synchronizes a local cache with the settings storage location in these instances: - -- Logon/logoff - -- Lock/unlock - -- Remote desktop connect/disconnect - -- Application open/close - -A scheduled task manages this synchronization of settings every 30 minutes or through certain trigger events for certain applications. For more information, see [Changing the Frequency of UE-V 2.x Scheduled Tasks](changing-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md). - -The UE-V Agent synchronizes user settings for computers that are not always connected to the enterprise network (remote computers and laptops) and computers that are always connected to the network (computers that run Windows Server and host virtual desktop interface (VDI) sessions). - -**Synchronization for computers with always-available connections:** When you use UE-V on computers that are always connected to the network, you must configure the UE-V Agent to synchronize settings by using the *SyncMethod=None* parameter, which treats the settings storage server as a standard network share. In this configuration, the UE-V Agent can be configured to notify if the import of the application settings is delayed. - -Enable this configuration through one of these methods: - -- During UE-V installation, at the command prompt or in a batch file, set the AgentSetup.exe parameter *SyncMethod = None*. [Deploying the UE-V 2.x Agent](https://technet.microsoft.com/library/dn458891.aspx#agent) provides more information. - -- After the UE-V installation, use the Settings Management feature in System Center 2012 Configuration Manager or the MDOP ADMX templates to push the *SyncMethod = None* configuration. - -- Use Windows PowerShell or Windows Management Instrumentation (WMI) to set the *SyncMethod = None* configuration. - - **Note** - These last two methods do not work for pooled virtual desktop infrastructure (VDI) environments. - - - -You must restart the computer before the settings start to synchronize. - -**Note** -If you set *SyncMethod = None*, any settings changes are saved directly to the server. If the network connection to the settings storage path is not found, then the settings changes are cached on the device and are synchronized the next time that the sync provider runs. If the settings storage path is not found and the user profile is removed from a pooled VDI environment on logoff, settings changes are lost and the user must reapply the change when the computer is reconnected to the settings storage path. - - - -**Synchronization for external sync engines:** The *SyncMethod=External* parameter specifies that if UE-V settings are written to a local folder on the user computer, then any external sync engine (such as OneDrive for Business, Work Folders, Sharepoint, or Dropbox) can be used to apply these settings to the different computers that users access. - -**Support for shared VDI sessions:** UE-V 2.1 and 2.1 SP1 provide support for VDI sessions that are shared among end users. You can register and configure a special VDI template, which ensures that UE-V keeps all of its functionality intact for non-persistent VDI sessions. - -**Note** -If you do not enable VDI mode for non-persistent VDI sessions, certain features do not work, such as [back-up/restore and last known good (LKG)](https://technet.microsoft.com/library/dn878331.aspx). - - - -The VDI template is provided with UE-V 2.1 and 2.1 SP1 and is typically available here after installation: C:\\Program Files\\Microsoft User Experience Virtualization\\Templates\\VdiState.xml - -### Prerequisites for UE-V Generator support - -Install the UE-V Generator on the computer that is used to create custom settings location templates. This computer should be able to run the applications whose settings are synchronized. You must be a member of the Administrators group on the computer that runs the UE-V Generator software. - -The UE-V Generator must be installed on a computer that uses an NTFS file system. The UE-V Generator software requires .NET Framework 4. For more information, see [Deploy UE-V 2.x for Custom Applications](deploy-ue-v-2x-for-custom-applications-new-uevv2.md). - -## Other resources for this product - - -- [Microsoft User Experience Virtualization (UE-V) 2.x](index.md) - -- [Get Started with UE-V 2.x](get-started-with-ue-v-2x-new-uevv2.md) - -- [Administering UE-V 2.x](administering-ue-v-2x-new-uevv2.md) - -- [Troubleshooting UE-V 2.x](troubleshooting-ue-v-2x-both-uevv2.md) - -- [Technical Reference for UE-V 2.x](technical-reference-for-ue-v-2x-both-uevv2.md) - - - - - - - - - - - - - - diff --git a/mdop/uev-v2/security-considerations-for-ue-v-2x-both-uevv2.md b/mdop/uev-v2/security-considerations-for-ue-v-2x-both-uevv2.md deleted file mode 100644 index f9c72070dc..0000000000 --- a/mdop/uev-v2/security-considerations-for-ue-v-2x-both-uevv2.md +++ /dev/null @@ -1,143 +0,0 @@ ---- -title: Security Considerations for UE-V 2.x -description: Security Considerations for UE-V 2.x -author: dansimp -ms.assetid: 9d5c3cae-9fcb-4dea-bd67-741b3dea63be -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Security Considerations for UE-V 2.x - - -This topic contains a brief overview of accounts and groups, log files, and other security-related considerations for Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1. For more information, follow the links that are provided here. - -## Security considerations for UE-V configuration - - -**Important**   -When you create the settings storage share, limit the share access to users who require access. - - - -Because settings packages might contain personal information, you should take care to protect them as well as possible. In general, do the following: - -- Restrict the share to only those users who require access. Create a security group for users who have redirected folders on a particular share and limit access to only those users. - -- When you create the share, hide the share by putting a $ after the share name. This addition hides the share from casual browsers, and the share is not visible in My Network Places. - -- Only give users the minimum amount of permissions that they must have. The following tables show the required permissions. - - 1. Set the following share-level SMB permissions for the setting storage location folder. - - | User account | Recommended permissions | - | - | - | - | Everyone | No permissions | - |Security group of UE-V | Full control | - - 2. Set the following NTFS file system permissions for the settings storage location folder. - - | User account | Recommended permissions | Folder | - | - | - | - | - | Creator/Owner | Full control | Subfolders and files only| - | Domain Admins | Full control | This folder, subfolders, and files | - | Security group of UE-V users | List folder/read data, create folders/append data | This folder only | - | Everyone | Remove all permissions | No permissions | - - 3. Set the following share-level SMB permissions for the settings template catalog folder. - - | User account | Recommend permissions | - | - | - | - | Everyone | No permissions | - | Domain computers | Read permission Levels | - | Administrators | Read/write permission levels | - - 4. Set the following NTFS permissions for the settings template catalog folder. - - | User account | Recommended permissions | Apply to | - | - | - | - | - | Creator/Owner | Full control | This folder, subfolders, and files | - | Domain Computers | List folder contents and Read permissions | This folder, subfolders, and files| - | Everyone| No permissions| No permissions| - | Administrators| Full Control| This folder, subfolders, and files| - -### Use Windows Server as of Windows Server 2003 to host redirected file shares - -User settings package files contain personal information that is transferred between the client computer and the server that stores the settings packages. Because of this process, you should ensure that the data is protected while it travels over the network. - -User settings data is vulnerable to these potential threats: interception of the data as it passes over the network, tampering with the data as it passes over the network, and spoofing of the server that hosts the data. - -As of Windows Server 2003, several features of the Windows Server operating system can help secure user data: - -- **Kerberos** - Kerberos is standard on all versions of Microsoft Windows 2000 Server and Windows Server beginning with Windows Server 2003. Kerberos ensures the highest level of security to network resources. NTLM authenticates the client only; Kerberos authenticates the server and the client. When NTLM is used, the client does not know whether the server is valid. This difference is particularly important if the client exchanges personal files with the server, as is the case with Roaming User Profiles. Kerberos provides better security than NTLM. Kerberos is not available on the Microsoft Windows NT Server 4.0 or earlier operating systems. - -- **IPsec** - The IP Security Protocol (IPsec) provides network-level authentication, data integrity, and encryption. IPsec ensures the following: - - - Roamed data is safe from data modification while data is en route. - - - Roamed data is safe from interception, viewing, or copying. - - - Roamed data is safe from access by unauthenticated parties. - -- **SMB Signing** - The Server Message Block (SMB) authentication protocol supports message authentication, which prevents active message and "man-in-the-middle" attacks. SMB signing provides this authentication by placing a digital signature into each SMB. The digital signature is then verified by both the client and the server. In order to use SMB signing, you must first either enable it, or you must require it on both the SMB client and the SMB server. Note that the SMB signing imposes a performance penalty. It does not consume any more network bandwidth, but it uses more CPU cycles on the client and server side. - -### Always use the NTFS file system for volumes that hold user data - -For the most secure configuration, configure servers that host the UE-V settings files to use the NTFS file system. Unlike the FAT file system, NTFS supports Discretionary access control lists (DACLs) and system access control lists (SACLs). DACLs and SACLs control who can perform operations on a file and what events trigger the logging of actions that is performed on a file. - -### Do not rely on EFS to encrypt user files when they are transmitted over the network - -When you use the Encrypting File System (EFS) to encrypt files on a remote server, the encrypted data is not encrypted during transit over the network; it only becomes encrypted when it is stored on disk. - -This encryption process does not apply when your system includes Internet Protocol security (IPsec) or Web Distributed Authoring and Versioning (WebDAV). IPsec encrypts data while it is transported over a TCP/IP network. If the file is encrypted before it is copied or moved to a WebDAV folder on a server, it remains encrypted during the transmission and while it is stored on the server. - -### Let the UE-V Agent create folders for each user - -To ensure that UE-V works optimally, create only the root share on the server, and let the UE-V Agent create the folders for each user. UE-V creates these user folders with the appropriate security. - -This permission configuration enables users to create folders for settings storage. The UE-V Agent creates and secures a settings package folder while it runs in the context of the user. Users receive full control to their settings package folder. Other users do not inherit access to this folder. You do not have to create and secure individual user directories. The agent that runs in the context of the user does it automatically. - -**Note**   -Additional security can be configured when a Windows Server is used for the settings storage share. UE-V can be configured to verify that either the local Administrators group or the current user is the owner of the folder where settings packages are stored. To enable additional security, use the following command: - -1. Add the REG\_DWORD registry key RepositoryOwnerCheckEnabled to `HKEY_LOCAL_MACHINE\Software\Microsoft\UEV\Agent\Configuration`. - -2. Set the registry key value to *1*. - -When this configuration setting is in place, the UE-V Agent verifies that the local Administrators group or current user is the owner of the settings package folder. If not, then the UE-V Agent does not grant access to the folder. - - - -If you must create folders for the users, ensure that you have the correct permissions set. - -We strongly recommend that you do not pre-create folders. Instead, let the UE-V Agent create the folder for the user. - -### Ensure correct permissions to store UE-V 2 settings in a home directory or custom directory - -If you redirect UE-V settings to a user’s home directory or a custom Active Directory (AD) directory, ensure that the permissions on the directory are set appropriately for your organization. - - - - - - -## Related topics - - -[Technical Reference for UE-V 2.x](technical-reference-for-ue-v-2x-both-uevv2.md) - - - - - - - - - diff --git a/mdop/uev-v2/sync-methods-for-ue-v-2x-both-uevv2.md b/mdop/uev-v2/sync-methods-for-ue-v-2x-both-uevv2.md deleted file mode 100644 index b18eef56fe..0000000000 --- a/mdop/uev-v2/sync-methods-for-ue-v-2x-both-uevv2.md +++ /dev/null @@ -1,114 +0,0 @@ ---- -title: Sync Methods for UE-V 2.x -description: Sync Methods for UE-V 2.x -author: dansimp -ms.assetid: af0ae894-dfdc-41d2-927b-c2ab1b355ffe -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Sync Methods for UE-V 2.x - - -The Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1 Agent lets you synchronize users’ application and Windows settings with the settings storage location. The *Sync Method* configuration defines how the UE-V Agent uploads and downloads those settings to the settings storage location. UE-V 2.x introduces a new SyncMethod called the *SyncProvider*. For more information about trigger events that start the synchronization of application and Windows settings, see [Sync Trigger Events for UE-V 2.x](sync-trigger-events-for-ue-v-2x-both-uevv2.md). - -## SyncMethod Configuration - - -This table explains the changes to SyncMethod from UE-V v1.0 to v2.0 to v2.1, as well as the settings for each configuration: - - ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

SyncMethod Configuration

V1.0

V2.0

V2.1 and V2.1 SP1

Description

SyncProvider

n/a

Default

Default

Settings changes for a specific application or for global Windows desktop settings are saved locally to a cache folder. These changes are then synchronized with the settings storage location when a synchronization trigger event takes place. Pushing out changes will save the local changes to the settings storage path.

-

This default setting is the gold standard for computers. This option attempts to synchronize the setting and times out after a short delay to ensure that the application or operating system startup isn’t delayed for a long period of time.

-

This functionality is also tied to the Scheduled task – Sync Controller Application. The administrator controls the frequency of the Scheduled task. By default, computers synchronize their settings every 30 min after logging on.

OfflineFiles

Default

Deprecated

Deprecated

Behaves the same as SyncProvider in V2.0.

-

If Offline files are enabled and the folder is pinned then UE-V will unpin this folder and sync directly to the central SMB directory.

-

NOTE: In V1.0 if you wanted to use UE-V in a CorpNet disconnected manner (aka traveling with a Laptop), then the guidance is to use Offline Files to ensure that your settings roamed.  We received sufficient customer feedback that turning on Offline files is a non-trivial enterprise blocker. So in UE-V 2, we created a tightly coupled synchronization engine to cache your data locally and synchronize the settings to the central server. This feature area does not replace Offline Files or Folder Redirection.

-

UE-V 2 does not work well with Offline folders so the guidance is not to set the settings storage path to a pinned Offline or CSC folder.

External

n/a

n/a

Supported

New in UE-V 2.1, this configuration method specifies that if UE-V settings are written to a local folder on the user computer, then any external sync engine (such as OneDrive for Business, Work Folders, Sharepoint, or Dropbox) can be used to apply these settings to the different computers that users access.

None

Yes

Yes

Yes

This configuration setting is designed for the Virtual Desktop Infrastructure (VDI) and Streamed Application experience primarily. This setting should be used on Windows Server boxes used in a datacenter, where the connection will always be available.

-

Any settings changes are saved directly to the server. If the network connection to the settings storage path is not available, then the settings changes are cached on the device and are synchronized the next time that the Sync Provider runs. If the settings storage path is not found and the user profile is removed from a pooled VDI environment on logoff, then these settings changes are lost, and the user must reapply the change when the computer can again reach the settings storage path.

-

Apps and OS will wait indefinitely for the location to be present. This could cause App load or OS logon time to dramatically increase if the location is not found.

- -  - -You can configure the sync method in these ways: - -- When you [Deploy the UE-V Agent](https://technet.microsoft.com/library/dn458891.aspx#agent) through a command-line parameter or in a batch script - -- Through [Group Policy](https://technet.microsoft.com/library/dn458893.aspx) settings - -- With the [System Center Configuration Pack](https://technet.microsoft.com/library/dn458917.aspx) for UE-V - -- After installation of the UE-V Agent, by using [Windows PowerShell or Windows Management Instrumentation (WMI)](https://technet.microsoft.com/library/dn458937.aspx) - - - - - - -## Related topics - - -[Deploy Required Features for UE-V 2.x](deploy-required-features-for-ue-v-2x-new-uevv2.md#ssl) - -[Deploy Required Features for UE-V 2.x](deploy-required-features-for-ue-v-2x-new-uevv2.md#config) - -[Technical Reference for UE-V 2.x](technical-reference-for-ue-v-2x-both-uevv2.md) - -  - -  - - - - - diff --git a/mdop/uev-v2/sync-trigger-events-for-ue-v-2x-both-uevv2.md b/mdop/uev-v2/sync-trigger-events-for-ue-v-2x-both-uevv2.md deleted file mode 100644 index acfdf37a3e..0000000000 --- a/mdop/uev-v2/sync-trigger-events-for-ue-v-2x-both-uevv2.md +++ /dev/null @@ -1,131 +0,0 @@ ---- -title: Sync Trigger Events for UE-V 2.x -description: Sync Trigger Events for UE-V 2.x -author: dansimp -ms.assetid: 4ed71a13-6a4f-4376-996f-74b126536bbc -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Sync Trigger Events for UE-V 2.x - - -Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1 lets you synchronize your application and Windows settings across all your domain-joined devices. *Sync trigger events* define when the UE-V Agent synchronizes those settings with the settings storage location. UE-V 2 introduces a new *Sync Method* called the *SyncProvider*. For more information about Sync Method configuration, see [Sync Methods for UE-V 2.x](sync-methods-for-ue-v-2x-both-uevv2.md). - -## UE-V 2 Sync Trigger Events - - -The following table explains the trigger events for classic applications and Windows settings. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

UE-V 2 Trigger Event

SyncMethod=SyncProvider

SyncMethod=None

Windows Logon

    -

  • Application and Windows settings are imported to the local cache from the settings storage location.

    • -

  • Asynchronous Windows settings are applied.

    • -

  • Synchronous Windows settings will be applied during the next Windows logon.

    • -

  • Application settings will be applied when the application starts.

    • -
    -

  • Application and Windows settings are read directly from the settings storage location.

    • -

  • Asynchronous and synchronous Windows settings are applied.

    • -

  • Application settings will be applied when the application starts.

    • -

Windows Logoff

Store changes locally and cache and copy asynchronous and synchronous Windows settings to the settings storage location server, if available

Store changes to asynchronous and synchronous Windows settings storage location

Windows Connect (RDP) / Unlock

Synchronize any asynchronous Windows settings from settings storage location to local cache, if available.

-

Apply cached Windows settings

Download and apply asynchronous windows settings from settings storage location

Windows Disconnect (RDP) / Lock

Store asynchronous Windows settings changes to the local cache.

-

Synchronize any asynchronous Windows settings from the local cache to settings storage location, if available

Store asynchronous Windows settings changes to the settings storage location

Application start

Apply application settings from local cache as the application starts

Apply application settings from settings storage location as the application starts

Application closes

Store any application settings changes to the local cache and copy settings to settings storage location, if available

Store any application settings changes to settings storage location

Sync Controller Scheduled Task or “Sync Now” is run from the Company Settings Center

-

Application and Windows settings are synchronized between the settings storage location and the local cache.

-
-Note

Settings changes are not cached locally until an application closes. This trigger will not export changes made to a currently running application.

-

For Windows settings, this means that any changes will not be cached locally and exported until the next Lock (Asynchronous) or Logoff (Asynchronous and Synchronous).

-
-
- -
-

Settings are applied in these cases:

-
    -

  • Asynchronous Windows settings are applied directly.

    • -

  • Application settings are applied when the application starts.

    • -

  • Both asynchronous and synchronous Windows settings are applied during the next Windows logon.

    • -

  • Windows app (AppX) settings are applied during the next refresh. See Monitor Application Settings for more information.

    • -

NA

Asynchronous Settings updated on remote store*

Load and apply new asynchronous settings from the cache.

Load and apply settings from central server

- - - - - - - - -## Related topics - - -[Technical Reference for UE-V 2.x](technical-reference-for-ue-v-2x-both-uevv2.md) - -[Changing the Frequency of UE-V 2.x Scheduled Tasks](changing-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md) - -[Choose the Configuration Method for UE-V 2.x](https://technet.microsoft.com/library/dn458891.aspx#config) - - - - - - - - - diff --git a/mdop/uev-v2/synchronizing-office-2013-with-ue-v-20-both-uevv2.md b/mdop/uev-v2/synchronizing-office-2013-with-ue-v-20-both-uevv2.md deleted file mode 100644 index 880b23d11f..0000000000 --- a/mdop/uev-v2/synchronizing-office-2013-with-ue-v-20-both-uevv2.md +++ /dev/null @@ -1,133 +0,0 @@ ---- -title: Synchronizing Office 2013 with UE-V 2.0 -description: Synchronizing Office 2013 with UE-V 2.0 -author: dansimp -ms.assetid: c46feb6d-28a8-4799-888d-053531dc5842 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Synchronizing Office 2013 with UE-V 2.0 - - -Microsoft User Experience Virtualization (UE-V) 2.0 supports the synchronization of Microsoft Office 2013 application setting using a template available from the UE-V template gallery. The combination of UE-V 2 and App-V 5.0 SP2 support of Office 2013 Professional Plus enables the same experience on virtualized instance of Office 2013 from any UE-V-enabled device or virtualized desktop. - -To activate UE-V application settings support of Office 2013, you can download official UE-V Office 2013 templates from the [Microsoft User Experience Virtualization (UE-V) 2 Template Gallery](https://go.microsoft.com/fwlink/p/?LinkId=246589). This resource provides Microsoft-authored UE-V settings location templates as well as community-developed settings location templates. - -## Microsoft Office support in UE-V - - -UE-V 1.0 and UE-V 2 include settings location templates for Microsoft Office 2010. These templates are distributed and registered as part of the UE-V Agent installation process. These templates help synchronize users’ Office experience between devices. The UE-V templates for Office 2013 provide a very similar settings experience to the templates for Office 2010. Microsoft Office 2013 settings roamed by Office 365 experience are not included in these settings. For a list of Office 365-specific settings, see [Overview of user and roaming settings for Office 2013](https://go.microsoft.com/fwlink/p/?LinkId=391220). - -## Synchronized Office 2013 Settings - - -The following tables contain the details for Office 2013 support in UE-V: - -### Supported UE-V templates for Microsoft Office - - ---- - - - - - - - - - - - - -
Office 2013 templates (UE-V 2.0, available on UE-V gallery):Office 2010 templates (UE-V 1.0 & 1.0 SP1):

MicrosoftOffice2013Win32.xml

-

MicrosoftOffice2013Win64.xml

-

MicrosoftLync2013Win32.xml

-

MicrosoftLync2013Win64.xml

MicrosoftOffice2010Win32.xml

-

MicrosoftOffice2010Win64.xml

-

MicrosoftLync2010.xml

-

- -  - -### Microsoft Office Applications supported by the UE-V templates - - ---- - - - - - - -

Microsoft Access 2013

-

Microsoft Lync 2013

-

Microsoft Excel 2013

-

Microsoft InfoPath 2013

-

Microsoft OneNote 2013

-

Microsoft Outlook 2013

-

Microsoft PowerPoint 2013

-

Microsoft Project 2013

-

Microsoft Publisher 2013

-

Microsoft SharePoint Designer 2013

-

Microsoft Visio 2013

-

Microsoft Word 2013

-

Microsoft Office Upload Manager

Microsoft Access 2010

-

Microsoft Lync 2010

-

Microsoft Excel 2010

-

Microsoft InfoPath 2010

-

Microsoft OneNote 2010

-

Microsoft Outlook 2010

-

Microsoft PowerPoint 2010

-

Microsoft Project 2010

-

Microsoft Publisher 2010

-

Microsoft SharePoint Designer 2010

-

Microsoft Visio 2010

-

Microsoft Word 2010

-

- -  - -## Deploying the Office 2013 templates - - -You can deploy UE-V settings location template with the following methods: - -- **Registering template via PowerShell**. If you use Windows PowerShell to manage computers, run the following Windows PowerShell command open as an administrator to register this settings location template: - - ``` syntax - Register-UevTemplate -Path - ``` - - For more information using UE-V and Windows PowerShell, see [Managing UE-V 2.x Settings Location Templates Using Windows PowerShell and WMI](managing-ue-v-2x-settings-location-templates-using-windows-powershell-and-wmi-both-uevv2.md). - -- **Registering template via Template Catalog Path**. If you use the Settings Template Catalog Path to manage templates on users’ computers, copy the Office 2013 template into the folder defined in the UE-V Agent. The next time the Template Auto Update (ApplySettingsCatalog.exe) scheduled task runs, the settings location template will be registered on the device. For more information, see [Deploying the Settings Template Catalog for UE-V 2](https://technet.microsoft.com/library/dn458942.aspx#deploycatalogue). - -- **Registering template via Configuration Manager**. If you use Configuration Manager to manage your UE-V settings storage templates, then recreate the Template Baseline CAB, import it into Configuration Manager, and then deploy the baseline to your clients. For more information, see the guidance provided in the documentation for the [System Center 2012 Configuration Pack for Microsoft User Experience Virtualization 2](https://go.microsoft.com/fwlink/?LinkId=317263). - - - - - - -  - -  - - - - - diff --git a/mdop/uev-v2/technical-reference-for-ue-v-2x-both-uevv2.md b/mdop/uev-v2/technical-reference-for-ue-v-2x-both-uevv2.md deleted file mode 100644 index 44d264f0d9..0000000000 --- a/mdop/uev-v2/technical-reference-for-ue-v-2x-both-uevv2.md +++ /dev/null @@ -1,74 +0,0 @@ ---- -title: Technical Reference for UE-V 2.x -description: Technical Reference for UE-V 2.x -author: dansimp -ms.assetid: 303cff9a-a96d-4e83-9e94-19b0d3744e1e -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Technical Reference for UE-V 2.x - - -This technical reference section includes additional technical documentation about the various features of Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1. This information is provided to help the administrator better understand UE-V. - -## Technical reference topics for UE-V 2.x - - -- [Sync Methods for UE-V 2.x](sync-methods-for-ue-v-2x-both-uevv2.md) - - Defines how UE-V synchronizes settings between computers and the settings storage location. Sync Provider is the default sync method for UE-V 2.0. This topic provides technical reference information for sync methods, including the Sync Provider. - -- [Sync Trigger Events for UE-V 2.x](sync-trigger-events-for-ue-v-2x-both-uevv2.md) - - Defines when the UE-V Agent synchronizes those settings with the settings storage location. This topic provides technical reference information about when synchronization takes place based upon the sync method deployed. - -- [Synchronizing Office 2013 with UE-V 2.0](synchronizing-office-2013-with-ue-v-20-both-uevv2.md) - - Provides guidance for downloading and enabling the Microsoft-authored UE-V 2.0 settings location template that supports Office 2013 settings synchronization. - -- [Application Template Schema Reference for UE-V 2.x](application-template-schema-reference-for-ue-v-2x-both-uevv2.md) - - Details the XML structure of UE-V settings location templates and provides guidance for editing these files. - -- [Accessibility for UE-V 2.x](accessibility-for-ue-v-2x-both-uevv2.md) - - Describes features and services that make UE-V more accessible for people with disabilities. - -- [Security Considerations for UE-V 2.x](security-considerations-for-ue-v-2x-both-uevv2.md) - - Provides a brief overview of accounts, groups, and other security-related considerations for UE-V. - -## Other resources for this product - - -- [Microsoft User Experience Virtualization (UE-V) 2.x](index.md) - -- [Get Started with UE-V 2.x](get-started-with-ue-v-2x-new-uevv2.md) - -- [Prepare a UE-V 2.x Deployment](prepare-a-ue-v-2x-deployment-new-uevv2.md) - -- [Administering UE-V 2.x](administering-ue-v-2x-new-uevv2.md) - -- [Troubleshooting UE-V 2.x](troubleshooting-ue-v-2x-both-uevv2.md) - - - - - - -  - -  - - - - - diff --git a/mdop/uev-v2/troubleshooting-ue-v-2x-both-uevv2.md b/mdop/uev-v2/troubleshooting-ue-v-2x-both-uevv2.md deleted file mode 100644 index a431995b0b..0000000000 --- a/mdop/uev-v2/troubleshooting-ue-v-2x-both-uevv2.md +++ /dev/null @@ -1,95 +0,0 @@ ---- -title: Troubleshooting UE-V 2.x -description: Troubleshooting UE-V 2.x -author: dansimp -ms.assetid: a02847f8-6986-4612-8307-ba1b72d7919b -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Troubleshooting UE-V 2.x - - -Troubleshooting content is not included in the Administrator's Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905). - -## Find troubleshooting information - - -You can use the following information to find troubleshooting content or additional technical content for this product. - -### Search the MDOP documentation - -The first step to find help content in the Administrator’s Guide is to search the MDOP documentation on TechNet. After you search the MDOP documentation, you can search the troubleshooting information for the product in the TechNet Wiki. These search methods are described in the following sections. - -**To search the MDOP product documentation** - -1. Open a web browser and browse to the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) home page on TechNet. - -2. Locate the **Search TechNet with Bing** search box and enter your search term. - -3. Review the search results for assistance. - -**To search the TechNet Wiki** - -1. Open a web browser and browse to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page. - -2. Locate the **Search TechNet Wiki** search box and enter your search term. - -3. Review the search results for assistance. - -## Create a troubleshooting article - - -If you have a troubleshooting tip or a best practice to share that is not already included in the MDOP Online Help or TechNet Wiki, you can create your own TechNet Wiki article. - -**To create a TechNet Wiki troubleshooting or best practices article** - -1. Open a web browser and browse to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page. - -2. Sign in with your Microsoft account. - -3. Review the **Getting Started** section to learn the basics of the TechNet Wiki and its articles. - -4. Select **Post an article** in the **Getting Started** section. - -5. On the Wiki article **Add Page** page, select **Insert Template** from the toolbar, select the troubleshooting article template, which is named **Troubleshooting.html**, and then click **Insert**. - -6. Give the article a descriptive title, and then overwrite the template information as needed to create your article. - -7. After you review your article, add a tag that is named **Troubleshooting** and another tag for the product name. To add tags help other users find your content. - -8. Click **Save** to publish the article to the TechNet Wiki. - -## Other resources for this product - - -- [Microsoft User Experience Virtualization (UE-V) 2.x](index.md) - -- [Get Started with UE-V 2.x](get-started-with-ue-v-2x-new-uevv2.md) - -- [Prepare a UE-V 2.x Deployment](prepare-a-ue-v-2x-deployment-new-uevv2.md) - -- [Administering UE-V 2.x](administering-ue-v-2x-new-uevv2.md) - -- [Technical Reference for UE-V 2.x](technical-reference-for-ue-v-2x-both-uevv2.md) - - - - - - -  - -  - - - - - diff --git a/mdop/uev-v2/using-ue-v-2x-with-application-virtualization-applications-both-uevv2.md b/mdop/uev-v2/using-ue-v-2x-with-application-virtualization-applications-both-uevv2.md deleted file mode 100644 index 9e9871e1c9..0000000000 --- a/mdop/uev-v2/using-ue-v-2x-with-application-virtualization-applications-both-uevv2.md +++ /dev/null @@ -1,59 +0,0 @@ ---- -title: Using UE-V 2.x with Application Virtualization Applications -description: Using UE-V 2.x with Application Virtualization Applications -author: dansimp -ms.assetid: 4644b810-fc48-4fd0-96e4-2fc6cd64d8ad -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# Using UE-V 2.x with Application Virtualization Applications - - -Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1 support Microsoft Application Virtualization (App-V) applications without any required modifications to either the App-V package or the UE-V template. However, an additional step is required because you cannot run the UE-V Generator directly on a virtualized App-V application. Instead, you must install the application locally, generate the template, and then apply the template to the virtualized application. UE-V supports App-V 4.5, App-V 4.6, and App-V 5.0 packages. - -## UE-V settings synchronization for App-V applications - - -UE-V monitors when an application opens by the program name and, optionally, by file version numbers and product version numbers, whether the application is installed locally or virtually by using App-V. When the application starts, UE-V monitors the App-V process, applies any settings that are stored in the user's settings storage path, and then enables the application to start normally. UE-V monitors App-V applications and automatically translates the relevant file and registry paths to the virtualized location as opposed to the physical location outside the App-V computing environment. - - **To implement settings synchronization for a virtualized application** - -1. Run the UE-V Generator to collect the settings of the locally installed application whose settings you want to synchronize between computers. This process creates a settings location template. If you use a built-in template such as the Microsoft Office 2010 template, skip this step. For more information about running the UE-V Generator, see [Deploy UE-V 2.x for Custom Applications](deploy-ue-v-2x-for-custom-applications-new-uevv2.md#createcustomtemplates). - -2. Install the App-V application package if you have not already done so. - -3. Publish the template to the location of your settings template catalog or manually install the template by using the `Register-UEVTemplate` Windows PowerShell cmdlet. - - **Note**   - If you publish the newly created template to the settings template catalog, the client does not receive the template until the sync provider updates the settings. To manually start this process, open **Task Scheduler**, expand **Task Scheduler Library**, expand **Microsoft**, and expand **UE-V**. In the results pane, right-click **Template Auto Update**, and then click **Run**. - - - -4. Start the App-V package. - - - - - - -## Related topics - - -[Administering UE-V 2.x](administering-ue-v-2x-new-uevv2.md) - - - - - - - - - diff --git a/mdop/uev-v2/whats-new-in-ue-v-20-new-uevv2.md b/mdop/uev-v2/whats-new-in-ue-v-20-new-uevv2.md deleted file mode 100644 index 873c05ac3b..0000000000 --- a/mdop/uev-v2/whats-new-in-ue-v-20-new-uevv2.md +++ /dev/null @@ -1,88 +0,0 @@ ---- -title: What's New in UE-V 2.0 -description: What's New in UE-V 2.0 -author: dansimp -ms.assetid: 5d852beb-f293-4e3a-a33b-c40df59a7515 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 06/16/2016 ---- - - -# What's New in UE-V 2.0 - - -Microsoft User Experience Virtualization (UE-V) 2.0 provides these new features and functionality compared to UE-V 1.0. The [Microsoft User Experience Virtualization (UE-V) 2.0 Release Notes](microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md) provide more information about the UE-V 2.0 release. - -## Client-side cache (CSC) no longer required - - -This version of UE-V introduces the **sync provider**, which replaces the requirement for the Windows Offline Files feature to support a client-side cache of settings. - -Whereas UE-V used to synchronize settings only when an application opened, closed, or when Windows locked or unlocked, or at logon or logoff, the sync provider also … - -- Synchronizes local application and Windows settings out-of-band using "**trigger events**" - -- Uses a **scheduled task** to sync the settings storage package in any interval you choose for your enterprise requirements (every 30 minutes by default) - -Certain conditions provide more frequent synchronization. - -- Settings synchronize when the user clicks the **Sync Now** button in the new Company Settings Center application. - -- The sync provider can also start for a single application without waiting for the scheduled synchronization task. For example, when an application is closed, any settings changes are written to the local cache, and the sync provider process runs asynchronously to move those new settings changes to the settings storage location. - -## Windows app synchronization - - -The developer of a Windows app can define which settings, if any, are to be synchronized, and these settings can now be captured and synchronized with UE-V. - -By default, UE-V synchronizes the settings of many of the Windows apps included in Windows 8 and Windows 8.1. You can modify the list of synchronized apps with Windows PowerShell, Windows Management Instrumentation (WMI), or Group Policy. - -**Note**   -UE-V does not synchronize Windows app settings if the domain users link their sign-in credentials to their Microsoft account. This linking synchronizes settings to Microsoft OneDrive so UE-V only synchronizes the desktop applications. - - - -## Microsoft account linking - - -Settings synchronization via OneDrive is new to Windows 8 when you are signed in with a Microsoft account or if you link your Microsoft account to your domain account. If a domain user uses UE-V and has signed in to a Microsoft account, then… - -- UE-V only synchronizes settings for desktop applications - -- Microsoft account handles Windows app settings and Windows desktop settings - -## Company Settings Center - - -You can provide your users with some control over which settings are synchronized through an application in UE-V 2 called Company Settings Center. Company Settings Center is installed along with the UE-V Agent, and users can access it from Control Panel, the **Start** menu or **Start** screen, and from the UE-V notification area icon. - -Company Settings Center displays which settings are synchronized and lets users see the synchronization status of UE-V. If you let them, users can use Company Settings Center to select which settings to synchronize. They can also click the **Sync Now** button to synchronize all settings immediately. - - - - - - -## Related topics - - -[Get Started with UE-V 2.x](get-started-with-ue-v-2x-new-uevv2.md) - -[Prepare a UE-V 2.x Deployment](prepare-a-ue-v-2x-deployment-new-uevv2.md) - -[Microsoft User Experience Virtualization (UE-V) 2.0 Release Notes](microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md) - - - - - - - - - diff --git a/mdop/uev-v2/whats-new-in-ue-v-21-new-uevv2.md b/mdop/uev-v2/whats-new-in-ue-v-21-new-uevv2.md deleted file mode 100644 index 3951f6c67a..0000000000 --- a/mdop/uev-v2/whats-new-in-ue-v-21-new-uevv2.md +++ /dev/null @@ -1,114 +0,0 @@ ---- -title: What's New in UE-V 2.1 -description: What's New in UE-V 2.1 -author: dansimp -ms.assetid: 7f385183-7d97-4602-b19a-baa710334ade -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# What's New in UE-V 2.1 - - -User Experience Virtualization 2.1 provides these new features and functionality compared to UE-V 2.0. The [Microsoft User Experience Virtualization (UE-V) 2.1 Release Notes](microsoft-user-experience-virtualization--ue-v--21-release-notesuevv21.md) provide more information about the UE-V 2.1 release. - -## Office 2013 Settings Location Template - - -UE-V 2.1 includes the Microsoft Office 2013 settings location template with improved Outlook signature support. In UE-V 2.1, the signature data synchronizes between user devices. We’ve added synchronization of default signature settings for new, reply, and forwarded emails. Customers no longer have to choose the default signature settings. - -**Note**   -An Outlook profile must be created for any device on which a user wants to sync their Outlook signature. If the profile is not already created, the user can create one and then restart Outlook on that device to enable signature synchronization. - - - -Previously UE-V included Microsoft Office 2010 settings location templates that were automatically distributed and registered with the UE-V Agent. UE-V 2.1 works with Office 365 to determine whether Office 2013 settings are roamed by Office 365. If settings are roamed by Office 365 they are not roamed by UE-V. [Overview of user and roaming settings for Office 2013](https://go.microsoft.com/fwlink/p/?LinkID=391220) provides more information. - -To enable settings synchronization using UE-V 2.1, do one of the following: - -- Use Group Policy to disable Office 365 synchronization - -- Do not enable the Office 365 synchronization experience during Office 2013 installation - -UE-V 2.1 ships [Office 2013 and Office 2010 templates](https://technet.microsoft.com/library/dn458932.aspx#autosyncsettings). This release removes the Office 2007 templates. Users can still use Office 2007 templates from UE-V 2.0 or earlier and can still get the templates from the UE-V template gallery located [here](https://go.microsoft.com/fwlink/p/?LinkID=246589). - -## Fix for Distributed File System Namespace Users - - -UE-V has improved Distributed File System Namespace (DFSN) support by adding a UE-V configuration called SyncProviderPingEnabled. Disabling this configuration using PowerShell or WMI allows users to disable the UE-V ping. The UE-V ping causes an error when using DFSN servers because these servers do not respond to pings. The non-response prevents UE-V from synchronizing settings. Disabling the UE-V ping allows UE-V synchronization to work normally. - -To disable UE-V ping, use this PowerShell cmdlet: - -``` syntax -Set-UevConfiguration -DisableSyncProviderPing -``` - -## Synchronization for Credentials - - -UE-V 2.1 gives customers the ability to synchronize credentials and certificates stored in the Windows Credential Manager. This component is disabled by default. Enabling this component lets users keep their domain credentials and certificates in sync. Users can sign in one time on a device, and these credentials will roam for that user across all of their UE-V enabled devices. [Manage Credentials with UE-V 2.1](https://technet.microsoft.com/library/dn458932.aspx#creds) provides more information. - -**Note**   -In Windows 8 and later, Credential Manager contains web credentials. These credentials are not synchronized between users’ devices. - - - -## UE-V and Microsoft Account Synchronization - - -UE-V detects if “Sync settings with OneDrive”, also known as Microsoft Account synchronization, is on. If the Microsoft Account is not configured to synchronize settings, UE-V synchronizes Windows apps, AppX packages, and Windows desktop settings between devices. This lets users access their Store apps, music, pictures and other Microsoft Account-enabled applications without syncing outside of the enterprise firewall. UE-V checks whether Group Policy will stop synchronizing settings with OneDrive or if the user disables **Sync your settings on this computer** in the user controls. - -## Support for the SyncMethod External - - -A new [SyncMethod configuration](https://technet.microsoft.com/library/dn554321.aspx) called **External** specifies that if UE-V settings are written to a local folder on the user computer, then any external sync engine (such as OneDrive for Business, Work Folders, Sharepoint, or Dropbox) can be used to apply these settings to the different computers that users access. - -## Enhanced Support for VDI Mode - - -UE-V 2.1 includes [support for VDI sessions](https://technet.microsoft.com/library/dn458932.aspx#vdi) that are shared among end users. As an administrator, you can register and configure a special VDI template, which ensures that UE-V keeps all of its functionality intact for non-persistent VDI sessions. - -**Note**   -If you do not enable VDI mode for non-persistent VDI sessions, certain features do not work, such as back-up/restore and LKG. - - - -## Administrative Backup and Restore - - -You can restore additional settings when a user adopts a new device by putting a settings location template in **backup** or **roam (default)** profile using the Set-UevTemplateProfile PowerShell cmdlet. This lets computer settings sync to the new computer, in addition to user settings. Templates assigned to the backup profile are backed up for that device and configured on a per-device basis. [Manage Administrative Backup and Restore in UE-V 2.x](manage-administrative-backup-and-restore-in-ue-v-2x-new-topic-for-21.md) provides more information. - -## Synchronization for Additional Windows Settings - - -UE-V now synchronizes touch keyboard personalization, the spelling dictionary, and enables the App Switching for recent apps and screen edge settings to synchronize between Windows 8 and Windows 8.1 devices. - - - - - - -## Related topics - - -[Get Started with UE-V 2.x](get-started-with-ue-v-2x-new-uevv2.md) - -[Prepare a UE-V 2.x Deployment](prepare-a-ue-v-2x-deployment-new-uevv2.md) - -[Microsoft User Experience Virtualization (UE-V) 2.1 Release Notes](microsoft-user-experience-virtualization--ue-v--21-release-notesuevv21.md) - - - - - - - - - diff --git a/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md b/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md deleted file mode 100644 index c58430ce8b..0000000000 --- a/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md +++ /dev/null @@ -1,102 +0,0 @@ ---- -title: What's New in UE-V 2.1 SP1 -description: What's New in UE-V 2.1 SP1 -author: dansimp -ms.assetid: 9a40c737-ad9a-4ec1-b42b-31bfabe0f170 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# What's New in UE-V 2.1 SP1 - - -User Experience Virtualization 2.1 SP1 provides these new features and functionality compared to UE-V 2.1. The [Microsoft User Experience Virtualization (UE-V) 2.1 SP1 Release Notes](microsoft-user-experience-virtualization--ue-v--21-sp1-release-notes.md) provide more information about the UE-V 2.1 SP1 release. - -## Support for Windows 10 - - -UE-V 2.1 SP1 adds support for Windows 10, in addition to the same software that is supported in earlier versions of UE-V. - -### Compatibility with Microsoft Azure - -Windows 10 lets enterprise users synchronize Windows app settings and Windows operating system settings to Azure instead of to OneDrive. You can use the Windows 10 enterprise sync functionality together with UE-V for on-premises domain-joined computers only. To enable coexistence between Windows 10 and UE-V, you must disable the following UE-V templates using either PowerShell on each client or Group Policy. - -In Group Policy, under the Microsoft User Experience Virtualization node, configure these policy settings: - -- Enable “Do Not Synchronize Windows Apps” - -- Disable “Sync Windows Settings” - -### Settings Synchronization Behavior Changed for Windows 10 Support - -UE-V 2.1 SP1 roams taskbar settings between Windows 10 devices. However, UE-V does not synchronize taskbar settings between Windows 10 devices and devices running previous operating systems. - -In addition, UE-V 2.1 SP1 does not synchronize settings between the Microsoft Calculator in Windows 10 and the Microsoft Calculator in previous operating systems. - -## Support Added for Roaming Network Printers - - -UE-V 2.1 SP1 lets network printers roam between devices so that a user has access to their network printers when logged on to any device on the network. This includes roaming the printer that they set as the default. - -Printer roaming in UE-V requires one of these scenarios: - -- The print server can download the required driver when it roams to a new device. - -- The driver for the roaming network printer is pre-installed on any device that needs to access that network printer. - -- The printer driver can be obtained from Windows Update. - -**Note**   -The UE-V printer roaming feature does **not** roam printer settings or preferences, such as printing double-sided. - - - -## Office 2013 Settings Location Template - - -UE-V 2.1 and 2.1 SP1 include the Microsoft Office 2013 settings location template with improved Outlook signature support. We’ve added synchronization of default signature settings for new, reply, and forwarded emails. Customers no longer have to choose the default signature settings. - -**Note**   -An Outlook profile must be created for any device on which a user wants to sync their Outlook signature. If the profile is not already created, the user can create one and then restart Outlook on that device to enable signature synchronization. - - - -Previously UE-V included Microsoft Office 2010 settings location templates that were automatically distributed and registered with the UE-V Agent. UE-V 2.1 works with Office 365 to determine whether Office 2013 settings are roamed by Office 365. If settings are roamed by Office 365 they are not roamed by UE-V. [Overview of user and roaming settings for Office 2013](https://go.microsoft.com/fwlink/p/?LinkID=391220) provides more information. - -To enable settings synchronization using UE-V 2.1, do one of the following: - -- Use Group Policy to disable Office 365 synchronization - -- Do not enable the Office 365 synchronization experience during Office 2013 installation - -UE-V 2.1 ships [Office 2013 and Office 2010 templates](https://technet.microsoft.com/library/dn458932.aspx#autosyncsettings). This release removes the Office 2007 templates. Users can still use Office 2007 templates from UE-V 2.0 or earlier and can still get the templates from the UE-V template gallery located [here](https://go.microsoft.com/fwlink/p/?LinkID=246589). - - - - - - -## Related topics - - -[Get Started with UE-V 2.x](get-started-with-ue-v-2x-new-uevv2.md) - -[Prepare a UE-V 2.x Deployment](prepare-a-ue-v-2x-deployment-new-uevv2.md) - -[Microsoft User Experience Virtualization (UE-V) 2.1 SP1 Release Notes](microsoft-user-experience-virtualization--ue-v--21-sp1-release-notes.md) - - - - - - - - - diff --git a/mdop/uev-v2/working-with-custom-ue-v-2x-templates-and-the-ue-v-2x-generator-new-uevv2.md b/mdop/uev-v2/working-with-custom-ue-v-2x-templates-and-the-ue-v-2x-generator-new-uevv2.md deleted file mode 100644 index d39f7e4f80..0000000000 --- a/mdop/uev-v2/working-with-custom-ue-v-2x-templates-and-the-ue-v-2x-generator-new-uevv2.md +++ /dev/null @@ -1,175 +0,0 @@ ---- -title: Working with Custom UE-V 2.x Templates and the UE-V 2.x Generator -description: Working with Custom UE-V 2.x Templates and the UE-V 2.x Generator -author: dansimp -ms.assetid: f0bb4920-0132-472c-a564-abf06a884275 -ms.reviewer: -manager: dansimp -ms.author: dansimp -ms.pagetype: mdop, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 08/30/2016 ---- - - -# Working with Custom UE-V 2.x Templates and the UE-V 2.x Generator - - -To synchronize application settings between user computers, Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1 use *settings location templates*. Some settings location templates are included in User Experience Virtualization. You can also create, edit, or validate custom settings location templates by using the UE-V Generator. - -The UE-V Generator monitors Windows desktop applications to discover and capture the locations where the application stores its settings. The application that is monitored must be a desktop application. The UE-V Generator cannot create a settings location template for the following application types: - -- Virtualized applications - -- Applications that are offered through Terminal Services - -- Java applications - -- Windows apps - -This topic - -**Standard and Nonstandard settings locations:** The UE-V Generator helps you identify where applications search for settings files and registry settings that applications use to store settings information. The generator only discovers settings in locations that are accessible to a standard user. Settings that are stored in other locations are excluded. Discovered settings are grouped into two categories: **Standard** and **Non-standard**. Standard settings are recommended for synchronization, and UE-V can readily capture and apply them. Non-standard settings can potentially synchronize settings but, because of the rules that UE-V uses, these settings might not consistently or dependably synchronize settings. These settings might depend on temporary files, result in unreliable synchronization, or might not be useful. These settings locations are presented in the UE-V Generator. You can choose to include or exclude them on a case-by-case basis. - -The UE-V Generator opens the application as part of the discovery process. The generator can capture settings in the following locations: - -- **Registry Settings** – Registry locations under **HKEY\_CURRENT\_USER** - -- **Application Settings Files** – Files that are stored under \\ **Users** \\ \[User name\] \\ **AppData** \\ **Roaming** - -The UE-V Generator excludes locations, which commonly store application software files, but do not synchronize well between user computers or environments. The UE-V Generator excludes these locations. Excluded locations are as follows: - -- HKEY\_CURRENT\_USER registry keys and files to which the logged-on user cannot write values - -- HKEY\_CURRENT\_USER registry keys and files that are associated with the core functionality of the Windows operating system - -- All registry keys that are located in the HKEY\_LOCAL\_MACHINE hive, which requires administrator rights and might require to set a User Account Control (UAC) agreement - -- Files that are located in Program Files directories, which requires administrator rights and might require to set a UAC agreement - -- Files that are located under Users \\ \[User name\] \\ AppData \\ LocalLow - -- Windows operating system files that are located in %Systemroot%, which requires administrator rights and might require to set a UAC agreement - -If registry keys and files that are stored in these locations are required to synchronize application settings, you can manually add the excluded locations to the settings location template during the template creation process - (except for registry entries in the HKEY\_LOCAL\_MACHINE hive). - -## Edit Settings Location Templates with the UE-V Generator - - -Use the UE-V Generator to edit settings location templates. When the revised settings are added to the templates by using the UE-V Generator, the version information within the template is automatically updated to ensure that any existing templates that are deployed in the enterprise are updated correctly. - -**Note**   -If you edit a UE-V 1.0 template by using the UE-V 2 Generator, the template is automatically converted to a UE-V 2 template. UE-V 1.0 Agents can no longer use the edited template. - - - -**To edit a UE-V settings location template with the UE-V Generator** - -1. Click **Start**, click **All Programs**, click **Microsoft User Experience Virtualization**, and then click **Microsoft User Experience Virtualization Generator**. - -2. Click **Edit a settings location template**. - -3. In the list of recently used templates, select the template to be edited. Alternatively, click **Browse** to search for the settings template file. Click **Next** to continue. - -4. Review the **Properties**, **Registry** locations, and **Files** locations for the settings template. Edit as required. - - - On the **Properties** tab, you can view and edit the following properties: - - - **Application name**: The application name that is written in the description of the program file properties. - - - **Program name**: The name of the program that is taken from the program file properties. This name usually has the .exe file name extension. - - - **Product version**: The product version number of the .exe file of the application. This property, together with the **File version**, helps determine which applications are targeted by the settings location template. This property accepts a major version number. If this property is empty, then the settings location template applies to all versions of the product. - - - **File version**: The file version number of the .exe file of the application. This property, along with the **Product version**, helps determine which applications are targeted by the settings location template. This property accepts a major version number. If this property is empty, the settings location template applies to all versions of the program. - - - **Template author name** (optional): The name of the settings template author. - - - **Template author email** (optional): The email address of the settings location template author. - - - The **Registry** tab lists the **Key** and **Scope** of the registry locations that are included in the settings location template. You can edit the registry locations by using the **Tasks** drop-down menu. In the Tasks menu, you can add new keys, edit the name or scope of existing keys, delete keys, and browse the registry in which the keys are located. When you define the scope for the registry, you can use the **All Settings** scope to include all the registry settings under the specified key. Use **All Settings** and **Subkeys** to include all the registry settings under the specified key, subkeys, and subkey settings. - - - The **Files** tab lists the file path and file mask of the file locations that are included in the settings location template. You can edit the file locations by using the **Tasks** drop-down menu. In the **Tasks** menu for file locations, you can add new files or folder locations, edit the scope of existing files or folders, delete files or folders, and open the selected location in Windows Explorer. To include all files in the specified folder, leave the file mask empty. - -5. Click **Save** to save the changes to the settings location template. - -6. Click **Close** to close the Settings Template Wizard. Exit the UE-V Generator application. - - After you edit the settings location template for an application, you should test the template. Deploy the revised settings location template in a lab environment before you put it into production in the enterprise. - -**How to manually edit a settings location template** - -1. Create a local copy of the settings location template .xml file. UE-V settings location templates are .xml files that identify the locations where application store settings values. - - **Note**   - A settings location template is unique because of the template **ID**. If you copy the template and rename the .xml file, template registration fails because UE-V reads the template **ID** tag in the .xml file to determine the name, not the file name of the .xml file. UE-V also reads the **Version** number to know if anything has changed. If the version number is higher, UE-V updates the template. - - - -2. Open the settings location template file with an XML editor. - -3. Edit the settings location template file. All changes must conform to the UE-V schema file that is defined in [SettingsLocationTempate.xsd](https://technet.microsoft.com/library/dn763947.aspx). By default, a copy of the .xsd file is located in \\ProgramData\\Microsoft\\UEV\\Templates. - -4. Increment the **Version** number for the settings location template. - -5. Save the settings location template file, and then close the XML editor. - -6. Validate the modified settings location template file by using the UE-V Generator. - -7. You must register the edited UE-V settings location template before it can synchronize settings between client computers. To register a template, open Windows PowerShell, and then run the following cmdlet: `update-uevtemplate [templatefilename]`. You can then copy the file to the settings storage catalog. The UE-V Agent on users’ computers should then update as scheduled in the scheduled task. - -## Validate Settings Location Templates with the UE-V Generator - - -It is possible to create or edit settings location templates in an XML editor without using the UE-V Generator. If you do, you can use the UE-V Generator to validate that the new or revised XML matches the schema that has been defined for the template. - -**To validate a UE-V settings location template with the UE-V Generator** - -1. Click **Start**, point to **All Programs**, click **Microsoft User Experience Virtualization**, and then click **Microsoft User Experience Virtualization Generator**. - -2. Click **Validate a settings location template**. - -3. In the list of recently used templates, select the template to be edited. Alternatively, you can **Browse** to the settings template file. Click **Next** to continue. - -4. Click **Validate** to continue. - -5. Click **Close** to close the Settings Template Wizard. Exit the UE-V Generator application. - - After you validate the settings location template for an application, you should test the template. Deploy the template in a lab environment before you put it into a production environment in enterprise. - -## Share Settings Location Templates with the Template Gallery - - -The Microsoft User Experience Virtualization (UE-V) 2.0 template gallery enables administrators to share their UE-V settings location templates. In the gallery, you can upload your settings location templates for other users to use, and you can download templates that other users have created. The UE-V template gallery is located on Microsoft TechNet [here](https://go.microsoft.com/fwlink/p/?LinkId=246589). - -Before you share a settings location template on the UE-V template gallery, ensure it does not contain any personal or company information. You can use any XML viewer to open and view the contents of a settings location template file. The following template values should be reviewed before you share a template with anyone outside your company. - -- Template Author Name – Specify a general, non-identifying name for the template author name or exclude this data from the template. - -- Template Author Email – Specify a general, non-identifying template author email or exclude this data from the template. - -Before you deploy any settings location template that you have downloaded from the UE-V gallery, you should first test the template to ensure that the application settings synchronize settings correctly in a test environment. - - - - - - -## Related topics - - -[Administering UE-V 2.x](administering-ue-v-2x-new-uevv2.md) - -[Deploy UE-V 2.x for Custom Applications](deploy-ue-v-2x-for-custom-applications-new-uevv2.md) - - - - - - - - -