mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-17 11:23:45 +00:00
removing technical preview from Windows Server 2016
This commit is contained in:
@ -125,7 +125,7 @@ Often it is not enough to know simply that an object such as a file or folder wa
|
||||
|
||||
## <a href="" id="bkmk-8"></a>How do I know when changes are made to access control settings, by whom, and what the changes were?
|
||||
|
||||
To track access control changes on computers running Windows Server 2016 Technical Preview, Windows Server 2012 R2, Windows Server 2012 Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008, you need to enable the following settings, which track changes to DACLs:
|
||||
To track access control changes on computers running Windows Server 2016, Windows Server 2012 R2, Windows Server 2012 Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008, you need to enable the following settings, which track changes to DACLs:
|
||||
- **Audit File System** subcategory: Enable for success, failure, or success and failure
|
||||
- **Audit Authorization Policy Change** setting: Enable for success, failure, or success and failure
|
||||
- A SACL with **Write** and **Take ownership** permissions: Apply to the object that you want to monitor
|
||||
|
@ -56,7 +56,7 @@ The topics in this library have been updated for Windows 10, version 1607 (also
|
||||
| [Microsoft Passport errors during PIN creation](microsoft-passport-errors-during-pin-creation.md) | Added errors 0x80090029 and 0x80070057, and merged entries for error 0x801c03ed. |
|
||||
| [Microsoft Passport guide](microsoft-passport-guide.md) | Updated Roadmap section content |
|
||||
|[Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) |Updated info based on changes to the features and functionality.|
|
||||
| [User Account Control Group Policy and registry key settings](user-account-control-group-policy-and-registry-key-settings.md) | Updated for Windows 10 and Windows Server 2016 Technical Preview |
|
||||
| [User Account Control Group Policy and registry key settings](user-account-control-group-policy-and-registry-key-settings.md) | Updated for Windows 10 and Windows Server 2016 |
|
||||
|[Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md) (mutiple topics) | New |
|
||||
|
||||
## April 2016
|
||||
@ -70,7 +70,7 @@ The topics in this library have been updated for Windows 10, version 1607 (also
|
||||
|
||||
|New or changed topic | Description |
|
||||
|----------------------|-------------|
|
||||
|[Requirements to use AppLocker](requirements-to-use-applocker.md) |Added that MDM can be used to manage any edition of Windows 10. Windows 10 Enterprise or Windows Server 2016 Technical Preview is required to manage AppLocker by using Group Policy.|
|
||||
|[Requirements to use AppLocker](requirements-to-use-applocker.md) |Added that MDM can be used to manage any edition of Windows 10. Windows 10 Enterprise or Windows Server 2016 is required to manage AppLocker by using Group Policy.|
|
||||
|[Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) |Added pre-release content about how to set up and deploy Windows Information Protection (WIP) in an enterprise environment.|
|
||||
|
||||
## February 2016
|
||||
|
@ -12,7 +12,7 @@ author: brianlic-msft
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016 Technical Preview
|
||||
- Windows Server 2016
|
||||
|
||||
Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Credential Guard prevents these attacks by protecting NTLM password hashes and Kerberos Ticket Granting Tickets.
|
||||
|
||||
@ -290,7 +290,7 @@ Some ways to store credentials are not protected by Credential Guard, including:
|
||||
|
||||
- Software that manages credentials outside of Windows feature protection
|
||||
- Local accounts and Microsoft Accounts
|
||||
- Credential Guard does not protect the Active Directory database running on Windows Server 2016 Technical Preview domain controllers. It also does not protect credential input pipelines, such as Windows Server 2016 Technical Preview servers running Remote Desktop Gateway. If you're using a Windows Server 2016 Technical Preview server as a client PC, it will get the same protection as it would be running Windows 10 Enterprise.
|
||||
- Credential Guard does not protect the Active Directory database running on Windows Server 2016 domain controllers. It also does not protect credential input pipelines, such as Windows Server 2016 servers running Remote Desktop Gateway. If you're using a Windows Server 2016 server as a client PC, it will get the same protection as it would be running Windows 10 Enterprise.
|
||||
- Key loggers
|
||||
- Physical attacks
|
||||
- Does not prevent an attacker with malware on the PC from using the privileges associated with any credential. We recommend using dedicated PCs for high value accounts, such as IT Pros and users with access high value assets in your organization.
|
||||
@ -328,7 +328,7 @@ Enabling compound authentication also enables Kerberos armoring, which provides
|
||||
|
||||
### Deploying machine certificates
|
||||
|
||||
If the domain controllers in your organization are running Windows Server 2016 Technical Preview, devices running Windows 10 will automatically enroll a machine certificate when Credential Guard is enabled and the PC is joined to the domain.
|
||||
If the domain controllers in your organization are running Windows Server 2016, devices running Windows 10 will automatically enroll a machine certificate when Credential Guard is enabled and the PC is joined to the domain.
|
||||
If the domain controllers are running Windows Server 2012 R2, the machine certificates must be provisioned manually on each device. You can do this by creating a certificate template on the domain controller or certificate authority and deploying the machine certificates to each device.
|
||||
The same security procedures used for issuing smart cards to users should be applied to machine certificates.
|
||||
|
||||
|
@ -216,7 +216,7 @@ The following Windows 10 services are protected with virtualization-based secur
|
||||
|
||||
- **Credential Guard** (LSA Credential Isolation): prevents pass-the-hash attacks and enterprise credential theft that happens by reading and dumping the content of lsass memory
|
||||
- **Device Guard** (Hyper-V Code Integrity): Device Guard uses the new virtualization-based security in Windows 10 to isolate the Code Integrity service from the Windows kernel itself, which lets the service use signatures defined by your enterprise-controlled policy to help determine what is trustworthy. In effect, the Code Integrity service runs alongside the kernel in a Windows hypervisor-protected container.
|
||||
- **Other isolated services**: for example, on Windows Server Technical Preview 2016, there is the vTPM feature that allows you to have encrypted virtual machines (VMs) on servers.
|
||||
- **Other isolated services**: for example, on Windows Server 2016, there is the vTPM feature that allows you to have encrypted virtual machines (VMs) on servers.
|
||||
|
||||
>**Note:** Virtualization-based security is only available with Windows 10 Enterprise. Virtualization-based security requires devices with UEFI (2.3.1 or higher) with Secure Boot enabled, x64 processor with Virtualization Extensions and SLAT enabled. IOMMU, TPM 2.0. and support for Secure Memory overwritten are optional, but recommended.
|
||||
|
||||
@ -747,7 +747,7 @@ For more information about conditional access, see [Azure Conditional Access Pre
|
||||
For on-premises applications there are two options to enable conditional access control based on a device's compliance state:
|
||||
|
||||
- For on-premises applications that are published through the Azure AD Application Proxy, you can configure conditional access control policies as you would for cloud applications. For more details, see the [Azure AD Conditional Access preview updated: Now supports On-Premises and Custom LOB apps](http://go.microsoft.com/fwlink/p/?LinkId=691618) blog post.
|
||||
- Additionally, Azure AD Connect will sync device compliance information from Azure AD to on-premises AD. ADFS on Windows Server Technical Preview 2016 will support conditional access control based on a device's compliance state. IT pros will configure conditional access control policies in ADFS that use the device's compliance state reported by a compatible MDM solution to secure on-premises applications.
|
||||
- Additionally, Azure AD Connect will sync device compliance information from Azure AD to on-premises AD. ADFS on Windows Server 2016 will support conditional access control based on a device's compliance state. IT pros will configure conditional access control policies in ADFS that use the device's compliance state reported by a compatible MDM solution to secure on-premises applications.
|
||||
|
||||

|
||||
|
||||
|
@ -32,7 +32,7 @@ The following table show the on which operating systems AppLocker features are s
|
||||
|
||||
| Version | Can be configured | Can be enforced | Available rules | Notes |
|
||||
| - | - | - | - | - |
|
||||
| Windows 10| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| You can use the [AppLocker CSP](http://msdn.microsoft.com/library/windows/hardware/dn920019.aspx) to configure AppLocker policies on any edition of Windows 10. You can only manage AppLocker with Group Policy on devices running Windows 10 Enterprise and Windows Server 2016 Technical Preview. |
|
||||
| Windows 10| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| You can use the [AppLocker CSP](http://msdn.microsoft.com/library/windows/hardware/dn920019.aspx) to configure AppLocker policies on any edition of Windows 10. You can only manage AppLocker with Group Policy on devices running Windows 10 Enterprise and Windows Server 2016. |
|
||||
| Windows Server 2012 R2| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| |
|
||||
| Windows 8.1| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| Only the Enterprise edition supports AppLocker|
|
||||
| Windows RT 8.1| No| No| N/A||
|
||||
|
@ -14,7 +14,7 @@ author: brianlic-msft
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows 10 Mobile
|
||||
- Windows Server 2016 Technical Preview
|
||||
- Windows Server 2016
|
||||
- Windows 10 IoT Core (IoT Core)
|
||||
|
||||
This topic provides recommendations for Trusted Platform Module (TPM) technology for Windows 10.
|
||||
@ -104,7 +104,7 @@ For end consumers, TPM is behind the scenes but still very relevant for Hello, P
|
||||
|
||||
- TPM is optional on IoT Core.
|
||||
|
||||
### Windows Server 2016 Technical Preview
|
||||
### Windows Server 2016
|
||||
|
||||
- TPM is optional for Windows Server SKUs unless the SKU meets the additional qualification (AQ) criteria for the Host Guardian Services scenario in which case TPM 2.0 is required.
|
||||
|
||||
|
@ -16,7 +16,7 @@ author: brianlic-msft
|
||||
|
||||
- Windows 10
|
||||
- Windows 10 Mobile
|
||||
- Windows Server 2016 Technical Preview
|
||||
- Windows Server 2016
|
||||
|
||||
At Microsoft, we use Windows telemetry to inform our decisions and focus our efforts in providing the most robust, most valuable platform for your business and the people who count on Windows to enable them to be as productive as possible. Telemetry gives users a voice in the operating system’s development. This guide describes the importance of Windows telemetry and how we protect that data. Additionally, it differentiates between telemetry and functional data. It also describes the telemetry levels that Windows supports. Of course, you can choose how much telemetry is shared with Microsoft, and this guide demonstrates how.
|
||||
|
||||
@ -36,7 +36,7 @@ Use this article to make informed decisions about how you might configure teleme
|
||||
|
||||
## Overview
|
||||
|
||||
In previous versions of Windows and Windows Server, Microsoft used telemetry to check for updated or new Windows Defender signatures, check whether Windows Update installations were successful, gather reliability information through the Reliability Analysis Component (RAC), and gather reliability information through the Windows Customer Experience Improvement Program (CEIP) on Windows. In Windows 10 and Windows Server 2016 Technical Preview, you can control telemetry streams by using the Privacy option in Settings, Group Policy, or MDM.
|
||||
In previous versions of Windows and Windows Server, Microsoft used telemetry to check for updated or new Windows Defender signatures, check whether Windows Update installations were successful, gather reliability information through the Reliability Analysis Component (RAC), and gather reliability information through the Windows Customer Experience Improvement Program (CEIP) on Windows. In Windows 10 and Windows Server 2016, you can control telemetry streams by using the Privacy option in Settings, Group Policy, or MDM.
|
||||
|
||||
For Windows 10, we invite IT pros to join the [Windows Insider Program](http://insider.windows.com) to give us feedback on what we can do to make Windows work better for your organization.
|
||||
|
||||
@ -159,7 +159,7 @@ Microsoft believes in and practices information minimization. We strive to gathe
|
||||
## Telemetry levels
|
||||
|
||||
|
||||
This section explains the different telemetry levels in Windows 10, Windows Server 2016 Technical Preview, and System Center. These levels are available on all desktop and mobile editions of Windows 10, with the exception of the **Security** level which is limited to Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core (IoT Core), and Windows Server 2016 Technical Preview.
|
||||
This section explains the different telemetry levels in Windows 10, Windows Server 2016, and System Center. These levels are available on all desktop and mobile editions of Windows 10, with the exception of the **Security** level which is limited to Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core (IoT Core), and Windows Server 2016.
|
||||
|
||||
The telemetry data is categorized into four levels:
|
||||
|
||||
@ -171,7 +171,7 @@ The telemetry data is categorized into four levels:
|
||||
|
||||
- **Full**. All data necessary to identify and help to fix problems, plus data from the **Security**, **Basic**, and **Enhanced** levels.
|
||||
|
||||
The levels are cumulative and are illustrated in the following diagram. Also, these levels apply to all editions of Windows Server 2016 Technical Preview.
|
||||
The levels are cumulative and are illustrated in the following diagram. Also, these levels apply to all editions of Windows Server 2016.
|
||||
|
||||

|
||||
|
||||
@ -216,7 +216,7 @@ The Basic level gathers a limited set of data that’s critical for understandin
|
||||
|
||||
The data gathered at this level includes:
|
||||
|
||||
- **Basic device data**. Helps provide an understanding about the types of Windows devices and the configurations and types of native and virtualized Windows Server 2016 Technical Preview in the ecosystem. Examples include:
|
||||
- **Basic device data**. Helps provide an understanding about the types of Windows devices and the configurations and types of native and virtualized Windows Server 2016 in the ecosystem. Examples include:
|
||||
|
||||
- Device attributes, such as camera resolution and display type
|
||||
|
||||
@ -306,7 +306,7 @@ We do not recommend that you turn off telemetry in your organization as valuable
|
||||
|
||||
You can turn on or turn off System Center telemetry gathering. The default is on and the data gathered at this level represents what is gathered by default when System Center telemetry is turned on. However, setting the operating system telemetry level to **Basic** will turn off System Center telemetry, even if the System Center telemetry switch is turned on.
|
||||
|
||||
The lowest telemetry setting level supported through management policies is **Security**. The lowest telemetry setting supported through the Settings UI is **Basic**. The default telemetry setting for Windows Server 2016 Technical Preview is **Enhanced**.
|
||||
The lowest telemetry setting level supported through management policies is **Security**. The lowest telemetry setting supported through the Settings UI is **Basic**. The default telemetry setting for Windows Server 2016 is **Enhanced**.
|
||||
|
||||
### Configure the operating system telemetry level
|
||||
|
||||
|
Reference in New Issue
Block a user