deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 19:03:46 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

removing technical preview from Windows Server 2016

Browse Source
This commit is contained in:
Brian Lich
2016-08-01 14:56:46 -07:00
parent 22abc39c45
commit 72373ae593
7 changed files with 17 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/keep-secure/advanced-security-auditing-faq.md
View File

@ -125,7 +125,7 @@ Often it is not enough to know simply that an object such as a file or folder wa
## <a href="" id="bkmk-8"></a>How do I know when changes are made to access control settings, by whom, and what the changes were?
To track access control changes on computers running Windows Server 2016 Technical Preview, Windows Server 2012 R2, Windows Server 2012 Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008, you need to enable the following settings, which track changes to DACLs:
To track access control changes on computers running Windows Server 2016, Windows Server 2012 R2, Windows Server 2012 Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008, you need to enable the following settings, which track changes to DACLs:
- **Audit File System** subcategory: Enable for success, failure, or success and failure
- **Audit Authorization Policy Change** setting: Enable for success, failure, or success and failure
- A SACL with **Write** and **Take ownership** permissions: Apply to the object that you want to monitor

4
windows/keep-secure/change-history-for-keep-windows-10-secure.md
View File

@ -56,7 +56,7 @@ The topics in this library have been updated for Windows 10, version 1607 (also
| [Microsoft Passport errors during PIN creation](microsoft-passport-errors-during-pin-creation.md) | Added errors 0x80090029 and 0x80070057, and merged entries for error 0x801c03ed. |
| [Microsoft Passport guide](microsoft-passport-guide.md) | Updated Roadmap section content |
|[Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) |Updated info based on changes to the features and functionality.|
| [User Account Control Group Policy and registry key settings](user-account-control-group-policy-and-registry-key-settings.md) | Updated for Windows 10 and Windows Server 2016 Technical Preview |
| [User Account Control Group Policy and registry key settings](user-account-control-group-policy-and-registry-key-settings.md) | Updated for Windows 10 and Windows Server 2016 |
|[Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md) (mutiple topics) | New |
## April 2016
@ -70,7 +70,7 @@ The topics in this library have been updated for Windows 10, version 1607 (also
|New or changed topic | Description |
|----------------------|-------------|
|[Requirements to use AppLocker](requirements-to-use-applocker.md) |Added that MDM can be used to manage any edition of Windows 10. Windows 10 Enterprise or Windows Server 2016 Technical Preview is required to manage AppLocker by using Group Policy.|
|[Requirements to use AppLocker](requirements-to-use-applocker.md) |Added that MDM can be used to manage any edition of Windows 10. Windows 10 Enterprise or Windows Server 2016 is required to manage AppLocker by using Group Policy.|
|[Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) |Added pre-release content about how to set up and deploy Windows Information Protection (WIP) in an enterprise environment.|
## February 2016

6
windows/keep-secure/credential-guard.md
View File

@ -12,7 +12,7 @@ author: brianlic-msft
**Applies to**
- Windows 10
- Windows Server 2016 Technical Preview
- Windows Server 2016
Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Credential Guard prevents these attacks by protecting NTLM password hashes and Kerberos Ticket Granting Tickets.
@ -290,7 +290,7 @@ Some ways to store credentials are not protected by Credential Guard, including:
- Software that manages credentials outside of Windows feature protection
- Local accounts and Microsoft Accounts
- Credential Guard does not protect the Active Directory database running on Windows Server 2016 Technical Preview domain controllers. It also does not protect credential input pipelines, such as Windows Server 2016 Technical Preview servers running Remote Desktop Gateway. If you're using a Windows Server 2016 Technical Preview server as a client PC, it will get the same protection as it would be running Windows 10 Enterprise.
- Credential Guard does not protect the Active Directory database running on Windows Server 2016 domain controllers. It also does not protect credential input pipelines, such as Windows Server 2016 servers running Remote Desktop Gateway. If you're using a Windows Server 2016 server as a client PC, it will get the same protection as it would be running Windows 10 Enterprise.
- Key loggers
- Physical attacks
- Does not prevent an attacker with malware on the PC from using the privileges associated with any credential. We recommend using dedicated PCs for high value accounts, such as IT Pros and users with access high value assets in your organization.
@ -328,7 +328,7 @@ Enabling compound authentication also enables Kerberos armoring, which provides
### Deploying machine certificates
If the domain controllers in your organization are running Windows Server 2016 Technical Preview, devices running Windows 10 will automatically enroll a machine certificate when Credential Guard is enabled and the PC is joined to the domain.
If the domain controllers in your organization are running Windows Server 2016, devices running Windows 10 will automatically enroll a machine certificate when Credential Guard is enabled and the PC is joined to the domain.
If the domain controllers are running Windows Server 2012 R2, the machine certificates must be provisioned manually on each device. You can do this by creating a certificate template on the domain controller or certificate authority and deploying the machine certificates to each device.
The same security procedures used for issuing smart cards to users should be applied to machine certificates.

4
windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
View File

@ -216,7 +216,7 @@ The following Windows 10 services are protected with virtualization-based secur
- **Credential Guard** (LSA Credential Isolation): prevents pass-the-hash attacks and enterprise credential theft that happens by reading and dumping the content of lsass memory
- **Device Guard** (Hyper-V Code Integrity): Device Guard uses the new virtualization-based security in Windows 10 to isolate the Code Integrity service from the Windows kernel itself, which lets the service use signatures defined by your enterprise-controlled policy to help determine what is trustworthy. In effect, the Code Integrity service runs alongside the kernel in a Windows hypervisor-protected container.
- **Other isolated services**: for example, on Windows Server Technical Preview 2016, there is the vTPM feature that allows you to have encrypted virtual machines (VMs) on servers.
- **Other isolated services**: for example, on Windows Server 2016, there is the vTPM feature that allows you to have encrypted virtual machines (VMs) on servers.
>**Note:**  Virtualization-based security is only available with Windows 10 Enterprise. Virtualization-based security requires devices with UEFI (2.3.1 or higher) with Secure Boot enabled, x64 processor with Virtualization Extensions and SLAT enabled. IOMMU, TPM 2.0. and support for Secure Memory overwritten are optional, but recommended.
 
@ -747,7 +747,7 @@ For more information about conditional access, see [Azure Conditional Access Pre
For on-premises applications there are two options to enable conditional access control based on a device's compliance state:
- For on-premises applications that are published through the Azure AD Application Proxy, you can configure conditional access control policies as you would for cloud applications. For more details, see the [Azure AD Conditional Access preview updated: Now supports On-Premises and Custom LOB apps](http://go.microsoft.com/fwlink/p/?LinkId=691618) blog post.
- Additionally, Azure AD Connect will sync device compliance information from Azure AD to on-premises AD. ADFS on Windows Server Technical Preview 2016 will support conditional access control based on a device's compliance state. IT pros will configure conditional access control policies in ADFS that use the device's compliance state reported by a compatible MDM solution to secure on-premises applications.
- Additionally, Azure AD Connect will sync device compliance information from Azure AD to on-premises AD. ADFS on Windows Server 2016 will support conditional access control based on a device's compliance state. IT pros will configure conditional access control policies in ADFS that use the device's compliance state reported by a compatible MDM solution to secure on-premises applications.
![figure 13](images/hva-fig12-conditionalaccess12.png)

2
windows/keep-secure/requirements-to-use-applocker.md
View File

@ -32,7 +32,7 @@ The following table show the on which operating systems AppLocker features are s
| Version | Can be configured | Can be enforced | Available rules | Notes |
| - | - | - | - | - |
| Windows 10| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| You can use the [AppLocker CSP](http://msdn.microsoft.com/library/windows/hardware/dn920019.aspx) to configure AppLocker policies on any edition of Windows 10. You can only manage AppLocker with Group Policy on devices running Windows 10 Enterprise and Windows Server 2016 Technical Preview. |
| Windows 10| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| You can use the [AppLocker CSP](http://msdn.microsoft.com/library/windows/hardware/dn920019.aspx) to configure AppLocker policies on any edition of Windows 10. You can only manage AppLocker with Group Policy on devices running Windows 10 Enterprise and Windows Server 2016. |
| Windows Server 2012 R2| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| |
| Windows 8.1| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| Only the Enterprise edition supports AppLocker|
| Windows RT 8.1| No| No| N/A||

4
windows/keep-secure/tpm-recommendations.md
View File

@ -14,7 +14,7 @@ author: brianlic-msft
**Applies to**
- Windows 10
- Windows 10 Mobile
- Windows Server 2016 Technical Preview
- Windows Server 2016
- Windows 10 IoT Core (IoT Core)
This topic provides recommendations for Trusted Platform Module (TPM) technology for Windows 10.
@ -104,7 +104,7 @@ For end consumers, TPM is behind the scenes but still very relevant for Hello, P
- TPM is optional on IoT Core.
### Windows Server 2016 Technical Preview
### Windows Server 2016
- TPM is optional for Windows Server SKUs unless the SKU meets the additional qualification (AQ) criteria for the Host Guardian Services scenario in which case TPM 2.0 is required.