deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-17 15:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into martyav-fips-acrolinx

Browse Source
This commit is contained in:
Marty Hernandez Avedon 2020-11-13 11:54:42 -05:00 committed by GitHub
commit 661cd3ed5e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 31 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/client-management/mdm/policy-csp-servicecontrolmanager.md
View File

@ -78,6 +78,9 @@ If you enable this policy setting, built-in system services hosted in svchost.ex
This includes a policy requiring all binaries loaded in these processes to be signed by Microsoft, as well as a policy disallowing dynamically-generated code.
> [!IMPORTANT]
> Enabling this policy could cause compatibility issues with third-party software that uses svchost.exe processes (for example, third-party antivirus software).
If you disable or do not configure this policy setting, the stricter security settings will not be applied.
<!--/Description-->
@ -122,4 +125,3 @@ Footnotes:
- 8 - Available in Windows 10, version 2004.
<!--/Policies-->

18
windows/client-management/mdm/surfacehub-csp.md
View File

@ -239,7 +239,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format
<p style="margin-left: 20px">The data type is boolean. Supported operation is Get and Replace.
<a href="" id="inboxapps-welcome-currentbackgroundpath"></a>**InBoxApps/Welcome/CurrentBackgroundPath**
<p style="margin-left: 20px">Background image for the welcome screen. To set this, specify a https URL to a PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, please ensure they are valid and installed on the Hub, otherwise it may not be able to load the image.
<p style="margin-left: 20px">Background image for the welcome screen. To set this, specify an https URL to a PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, please ensure they are valid and installed on the Hub, otherwise it may not be able to load the image.
<p style="margin-left: 20px">The data type is string. Supported operation is Get and Replace.
@ -333,7 +333,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format
<tbody>
<tr>
<td>0</td>
<td>Never timeout</td></tr>
<td>Never time out</td></tr>
<tr>
<td>1</td>
<td>1 minute</td>
@ -385,7 +385,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format
<tbody>
<tr>
<td>0</td>
<td>Never timeout</td></tr>
<td>Never time out</td></tr>
<tr>
<td>1</td>
<td>1 minute (default)</td>
@ -437,7 +437,7 @@ The following diagram shows the SurfaceHub CSP management objects in tree format
<tbody>
<tr>
<td>0</td>
<td>Never timeout</td></tr>
<td>Never time out</td></tr>
<tr>
<td>1</td>
<td>1 minute</td>
@ -474,6 +474,16 @@ The following diagram shows the SurfaceHub CSP management objects in tree format
<p style="margin-left: 20px">The data type is integer. Supported operation is Get and Replace.
<a href="" id="properties-sleepmode"></a>**Properties/SleepMode**
<p style="margin-left: 20px">Added in Windows 10, version 20H2. Specifies the type of sleep mode for the Surface Hub.
<p style="margin-left: 20px">Valid values:
- 0 - Connected Standby (default)
- 1 - Hibernate
<p style="margin-left: 20px">The data type is integer. Supported operation is Get and Replace.
<a href="" id="properties-allowsessionresume"></a>**Properties/AllowSessionResume**
<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether to allow the ability to resume a session when the session times out.

24
windows/client-management/mdm/vpnv2-csp.md
View File

@ -52,7 +52,7 @@ Supported operations include Get, Add, and Delete.
Optional node. List of applications set to trigger the VPN. If any of these apps are launched and the VPN profile is currently the active profile, this VPN profile will be triggered to connect.
<a href="" id="vpnv2-profilename-apptriggerlist-apptriggerrowid"></a>**VPNv2/**<em>ProfileName</em>**/AppTriggerList/**<em>appTriggerRowId</em>
A sequential integer identifier which allows the ability to specify multiple apps for App Trigger. Sequencing must start at 0 and you should not skip numbers.
A sequential integer identifier that allows the ability to specify multiple apps for App Trigger. Sequencing must start at 0 and you should not skip numbers.
Supported operations include Get, Add, Replace, and Delete.
@ -132,7 +132,7 @@ Returns the namespace type. This value can be one of the following:
Value type is chr. Supported operation is Get.
<a href="" id="vpnv2-profilename-domainnameinformationlist-dnirowid-dnsservers"></a>**VPNv2/**<em>ProfileName</em>**/DomainNameInformationList/**<em>dniRowId</em>**/DnsServers**
List of comma separated DNS Server IP addresses to use for the namespace.
List of comma-separated DNS Server IP addresses to use for the namespace.
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
@ -202,7 +202,7 @@ Numeric value from 0-255 representing the IP protocol to allow. For example, TCP
Value type is int. Supported operations include Get, Add, Replace, and Delete.
<a href="" id="vpnv2-profilename-trafficfilterlist-trafficfilterid-localportranges"></a>**VPNv2/**<em>ProfileName</em>**/TrafficFilterList/**<em>trafficFilterId</em>**/LocalPortRanges**
A list of comma separated values specifying local port ranges to allow. For example, `100-120, 200, 300-320`.
A list of comma-separated values specifying local port ranges to allow. For example, `100-120, 200, 300-320`.
> [!NOTE]
> Ports are only valid when the protocol is set to TCP=6 or UDP=17.
@ -210,7 +210,7 @@ A list of comma separated values specifying local port ranges to allow. For exam
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
<a href="" id="vpnv2-profilename-trafficfilterlist-trafficfilterid-remoteportranges"></a>**VPNv2/**<em>ProfileName</em>**/TrafficFilterList/**<em>trafficFilterId</em>**/RemotePortRanges**
A list of comma separated values specifying remote port ranges to allow. For example, `100-120, 200, 300-320`.
A list of comma-separated values specifying remote port ranges to allow. For example, `100-120, 200, 300-320`.
> [!NOTE]
> Ports are only valid when the protocol is set to TCP=6 or UDP=17.
@ -218,12 +218,12 @@ A list of comma separated values specifying remote port ranges to allow. For exa
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
<a href="" id="vpnv2-profilename-trafficfilterlist-trafficfilterid-localaddressranges"></a>**VPNv2/**<em>ProfileName</em>**/TrafficFilterList/**<em>trafficFilterId</em>**/LocalAddressRanges**
A list of comma separated values specifying local IP address ranges to allow.
A list of comma-separated values specifying local IP address ranges to allow.
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
<a href="" id="vpnv2-profilename-trafficfilterlist-trafficfilterid-remoteaddressranges"></a>**VPNv2/**<em>ProfileName</em>**/TrafficFilterList/**<em>trafficFilterId</em>**/RemoteAddressRanges**
A list of comma separated values specifying remote IP address ranges to allow.
A list of comma-separated values specifying remote IP address ranges to allow.
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
@ -243,7 +243,7 @@ Added in Windows 10, version 2004. Specifies the traffic direction to apply this
- Outbound - The rule applies to all outbound traffic
- Inbound - The rule applies to all inbound traffic
If no inbound filter is provided, then by default all unsolicated inbound traffic will be blocked.
If no inbound filter is provided, then by default all unsolicited inbound traffic will be blocked.
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
@ -327,7 +327,7 @@ Valid values:
- True = Register the connection's addresses in DNS.
<a href="" id="vpnv2-profilename-dnssuffix"></a>**VPNv2/**<em>ProfileName</em>**/DnsSuffix**
Optional. Specifies one or more comma separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList.
Optional. Specifies one or more comma-separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList.
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
@ -345,7 +345,10 @@ Added in Windows 10, version 1607. The XML schema for provisioning all the fiel
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
<a href="" id="vpnv2-profilename-proxy"></a>**VPNv2/**<em>ProfileName</em>**/Proxy**
A collection of configuration objects to enable a post-connect proxy support for VPN. The proxy defined for this profile is applied when this profile is active and connected.
A collection of configuration objects to enable a post-connect proxy support for VPN Force Tunnel connections. The proxy defined for this profile is applied when this profile is active and connected.
> [!NOTE]
> VPN proxy settings are used only on Force Tunnel connections. On Split Tunnel connections, the general proxy settings are used.
<a href="" id="vpnv2-profilename-proxy-manual"></a>**VPNv2/**<em>ProfileName</em>**/Proxy/Manual**
Optional node containing the manual server settings.
@ -436,7 +439,7 @@ Required for native profiles. Public or routable IP address or DNS name for the
The name can be a server name plus a friendly name separated with a semi-colon. For example, server2.example.com;server2FriendlyName. When you get the value, the return will include both the server name and the friendly name; if no friendly name had been supplied it will default to the server name.
You can make a list of server by making a list of server names (with optional friendly names) seperated by commas. For example, server1.example.com,server2.example.com.
You can make a list of server by making a list of server names (with optional friendly names) separated by commas. For example, server1.example.com,server2.example.com.
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
@ -1329,4 +1332,3 @@ Servers

2
windows/security/information-protection/bitlocker/bitlocker-overview.md
View File

@ -62,7 +62,7 @@ A computer with a TPM must also have a Trusted Computing Group (TCG)-compliant B
The system BIOS or UEFI firmware (for TPM and non-TPM computers) must support the USB mass storage device class, including reading small files on a USB flash drive in the pre-operating system environment.
> [!IMPORTANT]
> From Windows 7, you can encrypt an OS drive without a TPM and USB flash drive. For this procedure, see [Tip of the Day: Bitlocker without TPM or USB](https://blogs.technet.microsoft.com/tip_of_the_day/2014/01/22/tip-of-the-day-bitlocker-without-tpm-or-usb/).
> From Windows 7, you can encrypt an OS drive without a TPM and USB flash drive. For this procedure, see [Tip of the Day: Bitlocker without TPM or USB](https://social.technet.microsoft.com/Forums/en-US/eac2cc67-8442-42db-abad-2ed173879751/bitlocker-without-tpm?forum=win10itprosetup).
> [!NOTE]
> TPM 2.0 is not supported in Legacy and CSM Modes of the BIOS. Devices with TPM 2.0 must have their BIOS mode configured as Native UEFI only. The Legacy and Compatibility Support Module (CSM) options must be disabled. For added security Enable the Secure Boot feature.