deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Paolo Matarazzo 2023-11-06 12:30:24 -05:00
parent e4d02b2871
commit 6f839514bf
3 changed files with 49 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
education/windows/autopilot-reset.md
View File

@ -22,7 +22,7 @@ To enable Autopilot Reset, you must:
## Enable Autopilot Reset ## Enable Autopilot Reset
To use Autopilot Reset, [Windows Recovery Environment (WinRE) must be enabled on the device](#winre). To use Autopilot Reset, Windows Recovery Environment (WinRE) must be enabled on the device.
**DisableAutomaticReDeploymentCredentials** is a policy that enables or disables the visibility of the credentials for Autopilot Reset. It's a policy node in the [Policy CSP](/windows/client-management/mdm/policy-csp-credentialproviders), **CredentialProviders/DisableAutomaticReDeploymentCredentials**. By default, this policy is set to 1 (Disable). This setting ensures that Autopilot Reset isn't triggered by accident. **DisableAutomaticReDeploymentCredentials** is a policy that enables or disables the visibility of the credentials for Autopilot Reset. It's a policy node in the [Policy CSP](/windows/client-management/mdm/policy-csp-credentialproviders), **CredentialProviders/DisableAutomaticReDeploymentCredentials**. By default, this policy is set to 1 (Disable). This setting ensures that Autopilot Reset isn't triggered by accident.
@ -58,9 +58,10 @@ You can set the policy using one of these methods:
![Configure student PC settings in Set up School PCs.](images/suspcs/suspc_configure_pc2.jpg) ![Configure student PC settings in Set up School PCs.](images/suspcs/suspc_configure_pc2.jpg)
## Trigger Autopilot Reset ## Trigger Autopilot Reset
Autopilot Reset is a two-step process: trigger it and then authenticate. Once you've done these two steps, you can let the process execute and once it's done, the device is again ready for use.
**To trigger Autopilot Reset** Autopilot Reset is a two-step process: trigger it and then authenticate. Once you've done these two steps, you can let the process execute and once it's done, the device is again ready for use.
]
To trigger Autopilot Reset:
1. From the Windows device lock screen, enter the keystroke: <kbd>CTRL</kbd> + <kbd>WIN</kbd> + <kbd>R</kbd>. 1. From the Windows device lock screen, enter the keystroke: <kbd>CTRL</kbd> + <kbd>WIN</kbd> + <kbd>R</kbd>.
@ -69,11 +70,11 @@ Autopilot Reset is a two-step process: trigger it and then authenticate. Once yo
This keystroke opens up a custom sign-in screen for Autopilot Reset. The screen serves two purposes: This keystroke opens up a custom sign-in screen for Autopilot Reset. The screen serves two purposes:
1. Confirm/verify that the end user has the right to trigger Autopilot Reset 1. Confirm/verify that the end user has the right to trigger Autopilot Reset
2. Notify the user in case a provisioning package, created using Windows Configuration Designer or Set up School PCs, will be used as part of the process. 1. Notify the user in case a provisioning package, created using Windows Configuration Designer or Set up School PCs, will be used as part of the process.
![Custom login screen for Autopilot Reset.](images/autopilot-reset-customlogin.png) ![Custom login screen for Autopilot Reset.](images/autopilot-reset-customlogin.png)
2. Sign in with the admin account credentials. If you created a provisioning package, plug in the USB drive and trigger Autopilot Reset. 1. Sign in with the admin account credentials. If you created a provisioning package, plug in the USB drive and trigger Autopilot Reset.
> [!IMPORTANT] > [!IMPORTANT]
> To reestablish Wi-Fi connectivity after reset, make sure the **Connect automatically** box is checked for the device's wireless network connection. > To reestablish Wi-Fi connectivity after reset, make sure the **Connect automatically** box is checked for the device's wireless network connection.

48
windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
View File

@ -28,7 +28,7 @@ For a complete description of Certutil including examples that show how to use i
### List certificates available on the smart card ### List certificates available on the smart card
To list certificates that are available on the smart card, type `certutil -scinfo`. To list certificates that are available on the smart card, type `certutil.exe -scinfo`.
> [!NOTE] > [!NOTE]
> Entering a PIN is not required for this operation. You can press ESC if you are prompted for a PIN. > Entering a PIN is not required for this operation. You can press ESC if you are prompted for a PIN.
@ -37,9 +37,9 @@ To list certificates that are available on the smart card, type `certutil -scinf
Each certificate is enclosed in a container. When you delete a certificate on the smart card, you're deleting the container for the certificate. Each certificate is enclosed in a container. When you delete a certificate on the smart card, you're deleting the container for the certificate.
To find the container value, type `certutil -scinfo`. To find the container value, type `certutil.exe -scinfo`.
To delete a container, type `certutil -delkey -csp "Microsoft Base Smart Card Crypto Provider" "<ContainerValue>"`. To delete a container, type `certutil.exe -delkey -csp "Microsoft Base Smart Card Crypto Provider" "<ContainerValue>"`.
## Debugging and tracing using WPP ## Debugging and tracing using WPP
@ -50,14 +50,14 @@ WPP simplifies tracing the operation of the trace provider. It provides a mechan
Using WPP, use one of the following commands to enable tracing: Using WPP, use one of the following commands to enable tracing:
```cmd ```cmd
tracelog.exe -kd -rt -start <FriendlyName> -guid \<GUID> -f .\\<LogFileName*>.etl -flags <flags> -ft 1 tracelog.exe -kd -rt -start <FriendlyName> -guid \<GUID> -f .\<LogFileName*>.etl -flags <flags> -ft 1
logman start <FriendlyName> -ets -p {<GUID>} -<Flags> -ft 1 -rt -o .\\<LogFileName><em>.etl -mode 0x00080000</em> logman start <FriendlyName> -ets -p {<GUID>} -<Flags> -ft 1 -rt -o .\<LogFileName><em>.etl -mode 0x00080000</em>
``` ```
You can use the parameters in the following table. You can use the parameters in the following table.
| Friendly name | GUID | Flags | | Friendly name | GUID | Flags |
|-------------------|--------------------------------------|-----------| |--|--|--|
| `scardsvr` | 13038e47-ffec-425d-bc69-5707708075fe | 0xffff | | `scardsvr` | 13038e47-ffec-425d-bc69-5707708075fe | 0xffff |
| `winscard` | 3fce7c5f-fb3b-4bce-a9d8-55cc0ce1cf01 | 0xffff | | `winscard` | 3fce7c5f-fb3b-4bce-a9d8-55cc0ce1cf01 | 0xffff |
| `basecsp` | 133a980d-035d-4e2d-b250-94577ad8fced | 0x7 | | `basecsp` | 133a980d-035d-4e2d-b250-94577ad8fced | 0x7 |
@ -73,14 +73,14 @@ You can use the parameters in the following table.
To enable tracing for the SCardSvr service: To enable tracing for the SCardSvr service:
```cmd ```cmd
tracelog.exe -kd -rt -start scardsvr -guid \#13038e47-ffec-425d-bc69-5707708075fe -f .\\scardsvr.etl -flags 0xffff -ft 1 tracelog.exe -kd -rt -start scardsvr -guid \#13038e47-ffec-425d-bc69-5707708075fe -f .\scardsvr.etl -flags 0xffff -ft 1
logman start scardsvr -ets -p {13038e47-ffec-425d-bc69-5707708075fe} 0xffff -ft 1 -rt -o .\\scardsvr.etl -mode 0x00080000 logman start scardsvr -ets -p {13038e47-ffec-425d-bc69-5707708075fe} 0xffff -ft 1 -rt -o .\scardsvr.etl -mode 0x00080000
``` ```
To enable tracing for `scfilter.sys`: To enable tracing for `scfilter.sys`:
```cmd ```cmd
tracelog.exe -kd -rt -start scfilter -guid \#eed7f3c9-62ba-400e-a001-658869df9a91 -f .\\scfilter.etl -flags 0xffff -ft 1 tracelog.exe -kd -rt -start scfilter -guid \#eed7f3c9-62ba-400e-a001-658869df9a91 -f .\scfilter.etl -flags 0xffff -ft 1
``` ```
### Stop the trace ### Stop the trace
@ -115,7 +115,7 @@ To begin tracing, you can use `Tracelog`. Different components use different con
To enable tracing for NTLM authentication, run the following command on the command line: To enable tracing for NTLM authentication, run the following command on the command line:
```cmd ```cmd
tracelog.exe -kd -rt -start ntlm -guid \#5BBB6C18-AA45-49b1-A15F-085F7ED0AA90 -f .\\ntlm.etl -flags 0x15003 -ft 1 tracelog.exe -kd -rt -start ntlm -guid \#5BBB6C18-AA45-49b1-A15F-085F7ED0AA90 -f .\ntlm.etl -flags 0x15003 -ft 1
``` ```
To stop tracing for NTLM authentication, run this command: To stop tracing for NTLM authentication, run this command:
@ -129,7 +129,7 @@ tracelog -stop ntlm
To enable tracing for Kerberos authentication, run this command: To enable tracing for Kerberos authentication, run this command:
```cmd ```cmd
tracelog.exe -kd -rt -start kerb -guid \#6B510852-3583-4e2d-AFFE-A67F9F223438 -f .\\kerb.etl -flags 0x43 -ft 1 tracelog.exe -kd -rt -start kerb -guid \#6B510852-3583-4e2d-AFFE-A67F9F223438 -f .\kerb.etl -flags 0x43 -ft 1
``` ```
To stop tracing for Kerberos authentication, run this command: To stop tracing for Kerberos authentication, run this command:
@ -143,7 +143,7 @@ tracelog.exe -stop kerb
To enable tracing for the KDC, run the following command on the command line: To enable tracing for the KDC, run the following command on the command line:
```cmd ```cmd
tracelog.exe -kd -rt -start kdc -guid \#1BBA8B19-7F31-43c0-9643-6E911F79A06B -f .\\kdc.etl -flags 0x803 -ft 1 tracelog.exe -kd -rt -start kdc -guid \#1BBA8B19-7F31-43c0-9643-6E911F79A06B -f .\kdc.etl -flags 0x803 -ft 1
``` ```
To stop tracing for the KDC, run the following command on the command line: To stop tracing for the KDC, run the following command on the command line:
@ -152,30 +152,34 @@ To stop tracing for the KDC, run the following command on the command line:
tracelog.exe -stop kdc tracelog.exe -stop kdc
``` ```
To stop tracing from a remote computer, run this command: logman.exe -s *<ComputerName>*. To stop tracing from a remote computer, run this command:
```cmd
logman.exe -s <ComputerName>
```
> [!NOTE] > [!NOTE]
> The default location for logman.exe is %systemroot%system32\\. Use the **-s** option to supply a computer name. > The default location for logman.exe is %systemroot%system32\. Use the **-s** option to supply a computer name.
### Configure tracing with the registry ### Configure tracing with the registry
You can also configure tracing by editing the Kerberos registry values shown in the following table. You can also configure tracing by editing the Kerberos registry values shown in the following table.
| Element | Registry Key Setting | | Element | Registry Key Setting |
|-------------|----------------------------------------------------| |--|--|
| NTLM | HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1\_0<br>Value name: NtLmInfoLevel<br>Value type: DWORD<br>Value data: c0015003 | | NTLM | HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\Lsa\MSV1_0<br>Value name: NtLmInfoLevel<br>Value type: DWORD<br>Value data: c0015003 |
| Kerberos | HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\Kerberos<br>Value name: LogToFile<br>Value type: DWORD<br>Value data: 00000001<br><br>HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\Kerberos\\Parameters<br>Value name: KerbDebugLevel<br>Value type: DWORD<br>Value data: c0000043<br><br>HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\Kerberos\\Parameters<br>Value name: LogToFile<br>Value type: DWORD<br>Value data: 00000001 | | Kerberos | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos<br>Value name: LogToFile<br>Value type: DWORD<br>Value data: 00000001<br><br>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters<br>Value name: KerbDebugLevel<br>Value type: DWORD<br>Value data: c0000043<br><br>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters<br>Value name: LogToFile<br>Value type: DWORD<br>Value data: 00000001 |
| KDC | HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Kdc<br>Value name: KdcDebugLevel<br>Value type: DWORD<br>Value data: c0000803 | | KDC | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kdc<br>Value name: KdcDebugLevel<br>Value type: DWORD<br>Value data: c0000803 |
If you used `Tracelog`, look for the following log file in your current directory: `kerb.etl/kdc.etl/ntlm.etl`. If you used `Tracelog`, look for the following log file in your current directory: `kerb.etl/kdc.etl/ntlm.etl`.
If you used the registry key settings shown in the previous table, look for the trace log files in the following locations: If you used the registry key settings shown in the previous table, look for the trace log files in the following locations:
- NTLM: %systemroot%\\tracing\\msv1\_0 - NTLM: `%systemroot%\tracing\msv1_0`
- Kerberos: %systemroot%\\tracing\\kerberos - Kerberos: `%systemroot%\tracing\kerberos`
- KDC: %systemroot%\\tracing\\kdcsvc - KDC: `%systemroot%\tracing\kdcsvc`
To decode event trace files, you can use `Tracefmt` (tracefmt.exe). `Tracefmt` is a command-line tool that formats and displays trace messages from an event trace log file (.etl) or a real-time trace session. `Tracefmt` can display the messages in the Command Prompt window or save them in a text file. It is located in the \\tools\\tracing subdirectory of the Windows Driver Kit (WDK). For more information, see [`Tracefmt`](/windows-hardware/drivers/devtest/tracefmt). To decode event trace files, you can use `Tracefmt` (tracefmt.exe). `Tracefmt` is a command-line tool that formats and displays trace messages from an event trace log file (.etl) or a real-time trace session. `Tracefmt` can display the messages in the Command Prompt window or save them in a text file. It is located in the \tools\tracing subdirectory of the Windows Driver Kit (WDK). For more information, see [`Tracefmt`](/windows-hardware/drivers/devtest/tracefmt).
## Smart Card service ## Smart Card service