deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-22 13:53:39 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

updated links

Browse Source
This commit is contained in:
Beth Levin
2020-02-07 13:20:54 -08:00
parent 71011a274e
commit 728d5d42f6
17 changed files with 29 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/auditing/event-4624.md
View File

@ -158,7 +158,7 @@ This event generates when a logon session is created (on destination machine). I
- **Restricted Admin Mode** \[Version 2\] \[Type = UnicodeString\]**:** Only populated for **RemoteInteractive** logon type sessions. This is a Yes/No flag indicating if the credentials provided were passed using Restricted Admin mode. Restricted Admin mode was added in Win8.1/2012R2 but this flag was added to the event in Win10.
Reference: <http://blogs.technet.com/b/kfalde/archive/2013/08/14/restricted-admin-mode-for-rdp-in-windows-8-1-2012-r2.aspx>.
Reference: <https://blogs.technet.com/b/kfalde/archive/2013/08/14/restricted-admin-mode-for-rdp-in-windows-8-1-2012-r2.aspx>.
If not a **RemoteInteractive** logon, then this will be "-" string.

2
windows/security/threat-protection/auditing/event-4793.md
View File

@ -30,7 +30,7 @@ This event generates each time the [Password Policy Checking API](https://msdn.m
The Password Policy Checking API allows an application to check password compliance against an application-provided account database or single account and verify that passwords meet the complexity, aging, minimum length, and history reuse requirements of a password policy.
This event, for example, generates during Directory Services Restore Mode ([DSRM](http://blogs.technet.com/b/askds/archive/2009/03/11/ds-restore-mode-password-maintenance.aspx)) account password reset procedure to check new DSRM password.
This event, for example, generates during Directory Services Restore Mode ([DSRM](https://blogs.technet.com/b/askds/archive/2009/03/11/ds-restore-mode-password-maintenance.aspx)) account password reset procedure to check new DSRM password.
This event generates on the computer where Password Policy Checking API was called.

2
windows/security/threat-protection/auditing/event-4908.md
View File

@ -34,7 +34,7 @@ This event is always logged regardless of the "Audit Policy Change" sub-category
More information about Special Groups auditing can be found here:
<http://blogs.technet.com/b/askds/archive/2008/03/11/special-groups-auditing-via-group-policy-preferences.aspx>
<https://blogs.technet.com/b/askds/archive/2008/03/11/special-groups-auditing-via-group-policy-preferences.aspx>
<https://support.microsoft.com/kb/947223>

2
windows/security/threat-protection/auditing/event-4911.md
View File

@ -26,7 +26,7 @@ ms.author: dansimp
***Event Description:***
This event generates when [resource attributes](http://blogs.technet.com/b/canitpro/archive/2013/05/07/step-by-step-protecting-your-information-with-dynamic-access-control.aspx) of the file system object were changed.
This event generates when [resource attributes](https://blogs.technet.com/b/canitpro/archive/2013/05/07/step-by-step-protecting-your-information-with-dynamic-access-control.aspx) of the file system object were changed.
Resource attributes for file or folder can be changed, for example, using Windows File Explorer (objects Properties-&gt;Classification tab).

4
windows/security/threat-protection/auditing/event-4964.md
View File

@ -26,7 +26,7 @@ ms.author: dansimp
***Event Description:***
This event occurs when an account that is a member of any defined [Special Group](http://blogs.technet.com/b/askds/archive/2008/03/11/special-groups-auditing-via-group-policy-preferences.aspx) logs in.
This event occurs when an account that is a member of any defined [Special Group](https://blogs.technet.com/b/askds/archive/2008/03/11/special-groups-auditing-via-group-policy-preferences.aspx) logs in.
> **Note**&nbsp;&nbsp;For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
@ -94,7 +94,7 @@ This event occurs when an account that is a member of any defined [Special Group
&gt; S-1-5-32-544;S-1-5-32-123-54-65
&gt; For more information see: <http://blogs.technet.com/b/askds/archive/2008/03/11/special-groups-auditing-via-group-policy-preferences.aspx>
&gt; For more information see: <https://blogs.technet.com/b/askds/archive/2008/03/11/special-groups-auditing-via-group-policy-preferences.aspx>
***Field Descriptions:***

4
windows/security/threat-protection/auditing/event-5056.md
View File

@ -28,9 +28,9 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
- <https://msdn.microsoft.com/library/windows/desktop/bb204775(v=vs.85).aspx>
- <http://www.microsoft.com/en-us/download/details.aspx?id=1251>
- <https://www.microsoft.com/download/details.aspx?id=1251>
- <http://www.microsoft.com/en-us/download/details.aspx?id=30688>
- <https://www.microsoft.com/download/details.aspx?id=30688>
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.

4
windows/security/threat-protection/auditing/event-5057.md
View File

@ -28,9 +28,9 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
- <https://msdn.microsoft.com/library/windows/desktop/bb204775(v=vs.85).aspx>
- <http://www.microsoft.com/en-us/download/details.aspx?id=1251>
- <https://www.microsoft.com/download/details.aspx?id=1251>
- <http://www.microsoft.com/en-us/download/details.aspx?id=30688>
- <https://www.microsoft.com/download/details.aspx?id=30688>
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.

4
windows/security/threat-protection/auditing/event-5060.md
View File

@ -28,9 +28,9 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
- <https://msdn.microsoft.com/library/windows/desktop/bb204775(v=vs.85).aspx>
- <http://www.microsoft.com/en-us/download/details.aspx?id=1251>
- <https://www.microsoft.com/download/details.aspx?id=1251>
- <http://www.microsoft.com/en-us/download/details.aspx?id=30688>
- <https://www.microsoft.com/download/details.aspx?id=30688>
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.

4
windows/security/threat-protection/auditing/event-5063.md
View File

@ -28,9 +28,9 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
- <https://msdn.microsoft.com/library/windows/desktop/aa376214(v=vs.85).aspx>
- <http://www.microsoft.com/en-us/download/details.aspx?id=1251>
- <https://www.microsoft.com/download/details.aspx?id=1251>
- <http://www.microsoft.com/en-us/download/details.aspx?id=30688>
- <https://www.microsoft.com/download/details.aspx?id=30688>
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.

4
windows/security/threat-protection/auditing/event-5064.md
View File

@ -28,9 +28,9 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
- <https://msdn.microsoft.com/library/windows/desktop/aa376214(v=vs.85).aspx>
- <http://www.microsoft.com/en-us/download/details.aspx?id=1251>
- <https://www.microsoft.com/download/details.aspx?id=1251>
- <http://www.microsoft.com/en-us/download/details.aspx?id=30688>
- <https://www.microsoft.com/download/details.aspx?id=30688>
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.

4
windows/security/threat-protection/auditing/event-5065.md
View File

@ -28,9 +28,9 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
- <https://msdn.microsoft.com/library/windows/desktop/aa376214(v=vs.85).aspx>
- <http://www.microsoft.com/en-us/download/details.aspx?id=1251>
- <https://www.microsoft.com/download/details.aspx?id=1251>
- <http://www.microsoft.com/en-us/download/details.aspx?id=30688>
- <https://www.microsoft.com/download/details.aspx?id=30688>
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.

4
windows/security/threat-protection/auditing/event-5066.md
View File

@ -28,9 +28,9 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
- <https://msdn.microsoft.com/library/windows/desktop/aa376214(v=vs.85).aspx>
- <http://www.microsoft.com/en-us/download/details.aspx?id=1251>
- <https://www.microsoft.com/download/details.aspx?id=1251>
- <http://www.microsoft.com/en-us/download/details.aspx?id=30688>
- <https://www.microsoft.com/download/details.aspx?id=30688>
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.

4
windows/security/threat-protection/auditing/event-5067.md
View File

@ -28,9 +28,9 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
- <https://msdn.microsoft.com/library/windows/desktop/aa376214(v=vs.85).aspx>
- <http://www.microsoft.com/en-us/download/details.aspx?id=1251>
- <https://www.microsoft.com/download/details.aspx?id=1251>
- <http://www.microsoft.com/en-us/download/details.aspx?id=30688>
- <https://www.microsoft.com/download/details.aspx?id=30688>
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.

4
windows/security/threat-protection/auditing/event-5068.md
View File

@ -26,9 +26,9 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
- <https://msdn.microsoft.com/library/windows/desktop/aa376214(v=vs.85).aspx>
- <http://www.microsoft.com/en-us/download/details.aspx?id=1251>
- <https://www.microsoft.com/download/details.aspx?id=1251>
- <http://www.microsoft.com/en-us/download/details.aspx?id=30688>
- <https://www.microsoft.com/download/details.aspx?id=30688>
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.

4
windows/security/threat-protection/auditing/event-5069.md
View File

@ -28,9 +28,9 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
- <https://msdn.microsoft.com/library/windows/desktop/aa376214(v=vs.85).aspx>
- <http://www.microsoft.com/en-us/download/details.aspx?id=1251>
- <https://www.microsoft.com/download/details.aspx?id=1251>
- <http://www.microsoft.com/en-us/download/details.aspx?id=30688>
- <https://www.microsoft.com/download/details.aspx?id=30688>
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.

4
windows/security/threat-protection/auditing/event-5070.md
View File

@ -28,9 +28,9 @@ For more information about Cryptographic Next Generation (CNG) visit these pages
- <https://msdn.microsoft.com/library/windows/desktop/aa376214(v=vs.85).aspx>
- <http://www.microsoft.com/en-us/download/details.aspx?id=1251>
- <https://www.microsoft.com/download/details.aspx?id=1251>
- <http://www.microsoft.com/en-us/download/details.aspx?id=30688>
- <https://www.microsoft.com/download/details.aspx?id=30688>
This event is mainly used for Cryptographic Next Generation (CNG) troubleshooting.

2
windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md
View File

@ -77,7 +77,7 @@ You can use existing System Center Configuration Manager functionality to create
>
> This can be accomplished by creating a detection rule checking if the "OnboardingState" registry value (of type REG_DWORD) = 1.
> This registry value is located under "HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status".
Refer to the following ConfigMgr article for more information: https://docs.microsoft.com/en-us/configmgr/apps/deploy-use/create-applications#bkmk_detect-rule
Refer to the following ConfigMgr article for more information: https://docs.microsoft.com/configmgr/apps/deploy-use/create-applications#bkmk_detect-rule
### Configure sample collection settings